Arsenal - Just A Quick Inventory And Launcher For Hacking Programs

Arsenal is just a quick inventory, reminder and launcher for pentest commands.
This project written by pentesters for pentesters simplify the use of all the hard-to-remember commands

In arsenal you can search for a command, select one and it's prefilled directly in your terminal. This functionality is independent of the shell used. Indeed arsenal emulates real user input (with TTY arguments and IOCTL) so arsenal works with all shells and your commands will be in the history.

You have to enter arguments if needed, but arsenal supports global variables.
For example, during a pentest we can set the variable ip to prefill all commands using an ip with the right one.

To do that you just have to enter the following command in arsenal:

Authors:

Guillaume Muh mayfly

This project is inspired by navi (https://github.com/denisidoro/navi) because the original version was in bash and too hard to understand to add features

Arsenal new features

New colors Add tmux new pane support (with -t) Add default values in cheatsheets commands with <argument|default_value> Support description inside cheatsheets New categories and Tags New cheatsheets Add yml support (thx @0xswitch ) Add fzf support with ctrl+t (thx @mgp25)

Install & Launch

with pip :

python3 -m pip install arsenal-cli

run (we also advice you to add this alias : alias a='arsenal') manually:

git clone https://github.com/Orange-Cyberdefense/arsenal.git
cd arsenal
python3 -m pip install -r requirements.txt
./run

Inside your .bashrc or .zshrc add the path to run to help you do that you could launch the addalias.sh script

Also if you are an Arch user you can install from the AUR:

git clone https://aur.archlinux.org/arsenal.git
cd arsenal
makepkg -si

Or with an AUR helper like yay:

Launch in tmux mode

./run -t # if you launch arsenal in a tmux window with one pane, it will split the window and send the command to the otherpane without quitting arsenal
# if the window is already splited the command will be send to the other pane without quitting arsenal
./run -t -e # just like the -t mode but with direct execution in the other pane without quitting arsenal

Add external cheatsheets

You could add your own cheatsheets insode the my_cheats folder or in the ~/.cheats folder.

You could also add additional paths to the file <arsenal_home>/arsenal/modules/config.py, arsenal reads .md (MarkDown) and .rst (RestructuredText).

Cheatsheets examples are in <arsenal_home>/cheats: README.md and README.rst

Troubleshooting

If you got on error on color init try :

export TERM='xterm-256color'

If you have the following exception when running Arsenal:

ImportError: cannot import name 'FullLoader'

First, check that requirements are installed:

pip install -r requirements.txt

If the exception is still there:

Mindmap

Active directory mindmap Due to csp on github when you open the svg, we moved the AD mindmap and the source to this repository : https://github.com/Orange-Cyberdefense/ocd-mindmaps

https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg

AD mindmap black version

Exchange Mindmap (thx to @snovvcrash)

Active directory ACE mindmap

TODO cheatsheets

reverse shell

msfvenom php python perl powershell java ruby

whitebox analysis grep regex

php nodejs hash

Tools

smb

enum4linux smbmap smbget rpcclient rpcinfo nbtscan impacket

kerberos & AD

impacket bloodhound rubeus powerview shadow credentials attack samaccountname attack

MITM

mitm6 responder

Unserialize

ysoserial ysoserial.net

bruteforce & pass cracking

hydra hashcat john

scan

nmap eyewitness gowitness

fuzz

gobuster ffuf wfuzz

DNS

dig dnsrecon dnsenum sublist3r

rpc

rpcbind

netbios-ssn

snmpwalk snmp-check onesixtyone

sql

sqlmap

oracle

oscanner sqlplus tnscmd10g

mysql

nfs

showmount

rdp

xfreerdp rdesktop ncrack

mssql

sqsh

winrm

evilwinrm

redis

redis-cli

postgres

psql pgdump

vnc

vncviewer

x11

xspy xwd xwininfo

ldap

ldapsearch

https

sslscan

web

burp nikto tplmap

app web

drupwn wpscan nuclei

Arsenal - Just A Quick Inventory And Launcher For Hacking Programs

Reviewed by Zion3R on 5:02 PM Rating: 5

LEFT SIDEBAR AD

Arsenal - Just A Quick Inventory And Launcher For Hacking Programs

BOOK THIS SPACE FOR AD

Arsenal new features

Install & Launch

Launch in tmux mode

Add external cheatsheets

Troubleshooting

Mindmap

TODO cheatsheets

reverse shell

whitebox analysis grep regex

Tools

smb

kerberos & AD

MITM

Unserialize

bruteforce & pass cracking

scan

fuzz

DNS

rpc

netbios-ssn

sql

oracle

mysql

nfs

rdp

mssql

winrm

redis

postgres

vnc

x11

ldap

https

web

app web

Related

File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add

Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests

Psobf - PowerShell Obfuscator

DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More

Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife

VulnNodeApp - A Vulnerable Node.Js Application

Trending

Popular

Install waybackurls on Kali Linux

1-click RCE in Electron Applications

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD