Red team tools

Apache-known extensions

When web application allows for file upload, look for "rare" extensions that might not have been blacklisted. Examples: phtml, xht, svgz, rss, …
This text file contains all extensions that my Apache setup recognized, and here is a ZIP file containing scripts to generate and test such list.

Properly prepare the report

Log commands

Always use | tee ... to keep track of you command results, or use script -fB pentest.log to record all inputs and outputs.

Take screenshots

Take regular screenshots during labs/CTF/assessment so it can be directly used in the report. Don't worry: all screens won't be useful, but you never know which ones will!

Escalate reverse-shell

TTY/PTY spawn

NetSec list for spawning TTY


pwncat-cs: pip3 install pwncat-cs or python3 -m pip install pwncat-cs and run python3 -m pwncat :8080
See Vulnversity lessons learned


searchsploit -x {{exploit ID 50512 or path or whatever}} for examining the exploit
searchsploit -m {{ID;path;etc}} for copying the exploit to current directory
python3 $(locate args args for running the exploit (or cat $(locate, etc)