PenTest Aliases and Setup

I like to setup a few things when I’m building an image for a pentest.  They’re helpers that keep me honest, because without them I’d likely forget something or miss some detail, and by establishing consistent patterns I reduce that risk.  To start with, I make a consistent directory structure.  For the sake of this article, let’s call it:

/engagement

Next up, I generate some subfolders which are critical to my process:

/engagement/targets
/engagement/quick-notes
/engagement/commandlogs
/engagement/helpers
/engagement/tool-outputs
/engagement/daily-narrative

And to help further, I create a few standard helper scripts. First up, something to log all the commands, details, and outputs:

user@ptbox:~ cat /engagement/helpers/runptcommand.sh
#!/bin/bash
TODAY=`date +%F`
RUNTIME=`date +%H.%M.%S`
LOGFILE="/engagement/commandlogs/command-log.${TODAY}"
CMDTORUN=$@

echo "[[ Command Start ]] ${RUNTIME}" >> ${LOGFILE}
echo "[[ Command Text ]] ${CMDTORUN}" >> ${LOGFILE}
echo >> ${LOGFILE}
echo "[[ OUTPUT ]]" >> ${LOGFILE }
$CMDTORUN 2>&1 | tee -a ${LOGFILE}
ENDTIME=`date +%H.%M.%S`
echo "[[ Command Ended ]] ${ENDTIME}" >> ${LOGFILE}
echo >> ${LOGFILE}
echo "###############################################" >> ${LOGFILE}
echo >> ${LOGFILE}

Then a helper to take quick notes…

user@ptbox:~ cat /engagement/helpers/takenote.sh
#!/bin/bash
LOGFILE="/engagement/quick-notes/notes.txt"
DATETIME=`date +%F.%H.%M.%S`
NOTETEXT=$@
echo "${DATETIME}: ${NOTETEXT}" >> ${LOGFILE}
echo "###############################################" >> ${LOGFILE}

And finally a quick and dirty nmap target parser…

user@ptbox:~ cat /engagement/helpers/find-nmap-targets.sh
#!/bin/bash
NMAPFILE=$1
grep "Discovered open port" ${NMAPFILE} | awk '{ print $6":"$4 }' | sed -e "s/\//:/" | sort -u

Then from there it’s on to setting up some aliases:

user@ptbox:~ cat ~/.bash_aliases
alias cdptlogs='cd /engagement/commandlogs'
alias runptc='/engagement/helpers/runptcommand.sh'
alias nms='/engagement/helpers/find-nmap-targets.sh'
alias tn='/engagement/helpers/takenote.sh'

This way I have a few quick ways to consistently and easily organize.  If I’m going to run a command as part of the pentest I just preface it with “runptc”, which causes a copy of the start and end times, as well as the command line itself and output, to all get logged to a daily archive.  If I want to take a note I just type “tn” and the note content, which is then automatically logged with a quick date/time stamp.  And for all of those standard nmap scan results I can just type “nms” and the file name to quickly extract a list of hosts and ports I should take a look at.

None of this is groundbreaking by any means, but it’s served me well and I thought I’d share.  Good hunting!