i am a pentester and these are my profiles. i use them constantly and am constantly adding and updating them.
+v indicates its pasting from your clipboard, useful for pasting in a hostname for nmap or testssl. im not entirely consistant with the naming.
if you are unsure of what a duckypad is or would like to buy one (non-affiliated):
https://www.tindie.com/products/dekunukem/duckypad-do-it-all-mechanical-macropad/
the following previews were generated using this script: https://github.com/jayrox/duckypad_profile_preview_gen
i am starting to add some documentation to the keys using a comment format of REM DOC: in the individual keys that will be parsed out by the generator code.
Key descriptions:
|
|
|
| $${\textsf{\color{#00ffff} Windows }}$$ |
$${\textsf{\color{#80ff00} NumPad }}$$ |
Help |
| $${\textsf{\color{#0080ff} Squiddy }}$$ |
---- |
$${\textsf{\color{#ff0d86} SetVars }}$$ |
| $${\textsf{\color{#00ff00} HTB }}$$ |
$${\textsf{\color{#c993ff} TestSSL }}$$ |
$${\textsf{\color{#0f0fff} NMap }}$$ |
| $${\textsf{\color{#80ffff} PS }}$$ |
$${\textsf{\color{#ffff00} Witness }}$$ |
$${\textsf{\color{#ffff00} NetExec }}$$ |
| curl |
$${\textsf{\color{#c0c0c0} Nikto }}$$ |
$${\textsf{\color{#ff8040} GoBustr }}$$ |
Key descriptions:
|
|
|
| $${\textsf{\color{#ff0d86} Skpfish }}$$ |
$${\textsf{\color{#0080c0} ffuf }}$$ |
$${\textsf{\color{#46c2ff} OpenSSL }}$$ |
| $${\textsf{\color{#ff8484} Bludhnd }}$$ |
ADSI |
$${\textsf{\color{#ee82ee} OneLine }}$$ |
| $${\textsf{\color{#00ff00} Python }}$$ |
$${\textsf{\color{#00ffff} Dig }}$$ |
$${\textsf{\color{#ff8000} SMBCli }}$$ |
| $${\textsf{\color{#8080ff} MSSQL }}$$ |
Respond |
$${\textsf{\color{#800040} EvilWin }}$$ |
| $${\textsf{\color{#80ffff} SMBMAP }}$$ |
$${\textsf{\color{#8af493} SQLMap }}$$ |
$${\textsf{\color{#ff0080} WFuzz }}$$ |
Key descriptions:
- CME: CrackMapExec
- John: Password cracker John
- PGo: Little automation to run the CalcyIV/PokeGenie scanners
|
|
|
| $${\textsf{\color{#ffff00} CME }}$$ |
$${\textsf{\color{#00ff40} GAU }}$$ |
$${\textsf{\color{#ff8040} MySQL }}$$ |
| $${\textsf{\color{#00ff00} Hashcat }}$$ |
VS |
$${\textsf{\color{#00ff00} John }}$$ |
| Waymore |
- |
- |
| - |
- |
- |
| Ansible |
- |
$${\textsf{\color{#8000ff} PGo }}$$ |
|
|
|
| $${\textsf{\color{#a000ff} vol- }}$$ |
$${\textsf{\color{#a000ff} mute }}$$ |
$${\textsf{\color{#a000ff} vol+ }}$$ |
| $${\textsf{\color{#a000ff} << }}$$ |
$${\textsf{\color{#a000ff} || }}$$ |
$${\textsf{\color{#a000ff} >> }}$$ |
| intro |
hide |
dev |
| taskMgr |
files |
sysInfo |
| diskMgr |
- |
taskViw |
|
|
|
| $${\textsf{\color{#00ffff} x }}$$ |
$${\textsf{\color{#00ffff} - }}$$ |
$${\textsf{\color{#00ffff} + }}$$ |
| 7 |
8 |
9 |
| 4 |
5 |
6 |
| 1 |
2 |
3 |
| 0 |
. |
$${\textsf{\color{#00ffff} enter }}$$ |
Key descriptions:
|
|
|
| Explain |
WADComs |
LOLBAS |
| tldr |
GTFOBin |
Payload |
| $${\textsf{\color{#8000ff} Kali }}$$ |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
- |
Key descriptions:
- Bash: Adds a few aliases to the .bashrc file to help set env variables that can be used in other profiles
- ZSH: Adds a few aliases to the .zshrc file to help set env variables that can be used in other profiles
- Fish: Adds a few aliases to the ~/.config/fish/config.fish file to help set env variables that can be used in other profiles
- SetVars: Go to the SetVars profile.
|
|
|
| $${\textsf{\color{#ffff00} Bash }}$$ |
$${\textsf{\color{#80ff00} ZSH }}$$ |
$${\textsf{\color{#80ffff} Fish }}$$ |
| - |
- |
- |
| - |
- |
- |
| - |
- |
- |
| $${\textsf{\color{#ff0000} SetVars }}$$ |
$${\textsf{\color{#ff8000} Help }}$$ |
- |
Key descriptions:
- ECHO: Print out env variables used in the various scripts.
|
|
|
| Host(s) |
Port(s) |
- |
| Domain |
DC IP |
- |
| User |
Pass |
- |
| $${\textsf{\color{#80ffff} LHOST }}$$ |
$${\textsf{\color{#80ffff} LPORT }}$$ |
- |
| $${\textsf{\color{#80ff00} ECHO }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
- |
Key descriptions:
- CU Enc: Uses certurl to base64 encode a file
- CU Dec: Uses certurl to base64 decode a file
- CU DL: Uses certurl to download a remote file
|
|
|
| $${\textsf{\color{#00ff00} CU Enc }}$$ |
$${\textsf{\color{#ee82ee} CU Dec }}$$ |
$${\textsf{\color{#ff00ff} CU Hash }}$$ |
| $${\textsf{\color{#00ffff} Whois }}$$ |
$${\textsf{\color{#13cbec} FndFile }}$$ |
$${\textsf{\color{#0080ff} CU DL }}$$ |
| - |
- |
- |
| test |
test2 |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
- |
Key descriptions:
- Squiddy: Launch Squiddy, my personal pentest tracking and report generation tool
|
|
|
| Squiddy |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
- |
|
|
|
| Setup |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
- |
Key descriptions:
- Procs: Get running processes
- Upgrade: Upgrade reverse shell
|
|
|
| Sudo-l |
FndRoot |
ls -la |
| GetCap |
AppArmo |
Procs |
| ------- |
$${\textsf{\color{#00ff00} Upgrade }}$$ |
------- |
| Hosts |
NC 4444 |
Srv80 |
| $${\textsf{\color{#80ffff} Page 2 }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#80ffff} Windows }}$$ |
Key descriptions:
|
|
|
| $${\textsf{\color{#ee82ee} +Hosts }}$$ |
Py2SH |
Py3SH |
| GetMail |
- |
$${\textsf{\color{#00ff00} BashRev }}$$ |
| - |
- |
- |
| - |
FixVPN |
$${\textsf{\color{#ff0000} DelRout }}$$ |
| $${\textsf{\color{#80ffff} Page 1 }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#80ffff} Windows }}$$ |
Key descriptions:
|
|
|
| Whoami |
- |
- |
| $${\textsf{\color{#80ffff} Certify }}$$ |
- |
- |
| Dir A |
Set |
- |
| - |
- |
- |
| $${\textsf{\color{#80ffff} Linux }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
Key descriptions:
- TLS12: Enable TLS 1.2
- Proxy: Setup PowerShell to use the corporate proxy authenticated
- Daren: Some PowerShell functions from Daren
|
|
|
| $${\textsf{\color{#81e8fe} TLS12 }}$$ |
$${\textsf{\color{#00ff00} Proxy }}$$ |
$${\textsf{\color{#ff8040} PSv2 }}$$ |
| $${\textsf{\color{#a000ff} AMSI-S }}$$ |
$${\textsf{\color{#0000ff} AMSI-PS }}$$ |
AMSI3 |
| PwrCat |
$${\textsf{\color{#9cced3} Daren }}$$ |
$${\textsf{\color{#ff0000} NoAV }}$$ |
| $${\textsf{\color{#00ff00} PSVer }}$$ |
LngMode |
$${\textsf{\color{#ffff80} IP }}$$ |
| $${\textsf{\color{#80ffff} Page 2 }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
|
|
|
| $${\textsf{\color{#0080ff} ChgRCPW }}$$ |
MpPref |
$${\textsf{\color{#ff0080} CvtTime }}$$ |
| GetC_DN |
Priv |
Obj SID |
| GetU_Pr |
- |
S- SID |
| ExecPol |
U GUID |
C GUID |
| $${\textsf{\color{#80ffff} Page 1 }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#80ffff} Page 3 }}$$ |
|
|
|
| IEX |
- |
- |
| DL |
- |
- |
| - |
- |
- |
| - |
- |
- |
| $${\textsf{\color{#80ffff} Page 1 }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#80ffff} Page 2 }}$$ |
Key descriptions:
- Mass+v: Runs TestSSL against hosts in the clipboard. One host per line, saves output as JSON
|
|
|
| Full |
Short |
Mass+v |
| $${\textsf{\color{#0080ff} Full+v }}$$ |
$${\textsf{\color{#0080ff} Short+v }}$$ |
$${\textsf{\color{#0080ff} Protos }}$$ |
| $${\textsf{\color{#0080ff} SMTP }}$$ |
$${\textsf{\color{#0080ff} Server }}$$ |
$${\textsf{\color{#0080ff} Vulners }}$$ |
| $${\textsf{\color{#0080ff} SCIR }}$$ |
$${\textsf{\color{#0080ff} Headers }}$$ |
$${\textsf{\color{#0080ff} Ciphers }}$$ |
| $${\textsf{\color{#ff80ff} Color3 }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
|
|
|
| Full |
Fast |
$${\textsf{\color{#ff00ff} Mods }}$$ |
| $${\textsf{\color{#0080ff} Full+v }}$$ |
$${\textsf{\color{#0080ff} Fast+v }}$$ |
Mass+v |
| $${\textsf{\color{#008000} SSH22 }}$$ |
$${\textsf{\color{#0080ff} SSH22+v }}$$ |
- |
| $${\textsf{\color{#00ff00} Scripts }}$$ |
- |
Paste |
| $${\textsf{\color{#80ff80} Grep }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
Key descriptions:
- SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, and DP_HOSTS env variables be set. Go to the SetVars profile to set.
|
|
|
| Simple |
- |
$${\textsf{\color{#00ff00} Verify }}$$ |
| $${\textsf{\color{#03effc} AuthSMB }}$$ |
$${\textsf{\color{#ff8000} Spider }}$$ |
$${\textsf{\color{#80ffff} FileOut }}$$ |
| $${\textsf{\color{#03effc} AuthWRM }}$$ |
LDAP |
- |
| RidBrut |
$${\textsf{\color{#00ff00} Run }}$$ |
$${\textsf{\color{#ff0000} Redact }}$$ |
| $${\textsf{\color{#ff0000} SetVars }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
Key descriptions:
- RIDBrut: Enumerate usernames
- Shares: Enumerate SMB shares.
- Users: Enumerate SMB shares.
- Spider: Enumerate SMB shares.
- Basic: Test connection
- Help: Try username as blank, 'anonymous', 'guest', or pass a file of users
|
|
|
| ZeroLog |
$${\textsf{\color{#808080} PetitPo }}$$ |
$${\textsf{\color{#ff0080} RIDBrut }}$$ |
| $${\textsf{\color{#00ff00} Shares }}$$ |
$${\textsf{\color{#0080ff} Users }}$$ |
$${\textsf{\color{#ff80ff} Spider }}$$ |
| Basic |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
|
|
|
| BasicSS |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
- |
|
|
|
| Basic |
$${\textsf{\color{#00ffff} Basic+v }}$$ |
- |
| - |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
Key descriptions:
- ikL: Include response headers in output, allow insecure connections and follow redirects
- ikL+v: Include response headers in output, allow insecure connections and follow redirects. Pastes URL from clipboard
|
|
|
| ikL |
dl_file |
- |
| $${\textsf{\color{#0080ff} ikL+v }}$$ |
dl_file |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
|
|
|
| Basic |
- |
- |
| 80,443 |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
|
|
|
| Dir |
- |
$${\textsf{\color{#ee82ee} ExLen }}$$ |
| - |
- |
Follow |
| - |
- |
Output |
| - |
- |
K Cert |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
|
|
|
| FuzzSub |
Size |
- |
| - |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
Key descriptions:
- Size: Filter on size
- Words: Filter on words
|
|
|
| Dir |
- |
- |
| Sub DNS |
Size |
$${\textsf{\color{#00ffff} Words }}$$ |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
|
|
|
| SCIR |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
- |
Key descriptions:
- SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, and DP_DC_IP env variables be set. Go to the SetVars profile to set.
|
|
|
| Neo4j |
Start |
- |
| PyBlood |
- |
- |
| - |
- |
- |
| - |
CrtiVln |
- |
| $${\textsf{\color{#ff0000} SetVars }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
- |
|
|
|
| Display |
SAM |
Title |
| Admin |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
- |
|
|
|
| venv+r |
$${\textsf{\color{#00ff00} venv+a }}$$ |
- |
| - |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
- |
Key descriptions:
- Server: Use a specific dns server
|
|
|
| dig |
- |
Types |
| Server |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
- |
Key descriptions:
- SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, and DP_HOSTS env variables be set. Go to the SetVars profile to set.
|
|
|
| Base |
$${\textsf{\color{#ff0080} Anon }}$$ |
- |
| Recurse |
Grep |
Find |
| - |
- |
- |
| - |
- |
- |
| $${\textsf{\color{#ff0000} SetVars }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
Key descriptions:
|
|
|
| Connect |
- |
$${\textsf{\color{#80ffff} NoPW }}$$ |
| $${\textsf{\color{#0ff06f} LS }}$$ |
- |
- |
| $${\textsf{\color{#ff0080} Get }}$$ |
- |
$${\textsf{\color{#ee82ee} Get All }}$$ |
| - |
- |
- |
| $${\textsf{\color{#ff0000} SetVars }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
|
|
|
| Start |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
Key descriptions:
- SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, and DP_DOMAIN env variables be set. Go to the SetVars profile to set.
|
|
|
| $${\textsf{\color{#80ff00} Connect }}$$ |
- |
$${\textsf{\color{#80ffff} Menu }}$$ |
| - |
- |
- |
| $${\textsf{\color{#0080ff} DL }}$$ |
$${\textsf{\color{#ff0080} UL }}$$ |
- |
| - |
- |
- |
| $${\textsf{\color{#ff0000} SetVars }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
Key descriptions:
- Crawl: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
- FSCode: Ignore certain HTTP status codes
- Proxy: Set proxy, Burp is default
|
|
|
| Crawl |
- |
Out |
| FSCode |
Timeout |
Threads |
| - |
- |
- |
| Proxy |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
Key descriptions:
- SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, DP_PORTS, and DP_HOSTS env variables be set. Go to the SetVars profile to set.
|
|
|
| $${\textsf{\color{#00ff00} Connect }}$$ |
- |
ConVars |
| $${\textsf{\color{#0423fb} Roles }}$$ |
- |
$${\textsf{\color{#ff8040} Info }}$$ |
| $${\textsf{\color{#f10edb} Linked }}$$ |
$${\textsf{\color{#0080ff} QLinked }}$$ |
Tables |
| $${\textsf{\color{#fc0347} Version }}$$ |
DBs |
$${\textsf{\color{#00ff00} USE }}$$ |
| $${\textsf{\color{#ff0000} SetVars }}$$ |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
|
|
|
| $${\textsf{\color{#00ff00} Base }}$$ |
Host |
File |
| dbms |
DBs |
Tables |
| Data |
DB |
Table |
| $${\textsf{\color{#80ffff} Dump }}$$ |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
|
|
|
| Connect |
- |
- |
| DBs |
Use DB |
- |
| Tables |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
Key descriptions:
- Detect: Use hashcat to detect hashing algorithm
- Crack: Use hashcat to crack hashes in file
- Show: Show cracked password from hashcat
|
|
|
| Detect |
- |
- |
| Crack |
- |
Show |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
Key descriptions:
- Compile: Compile a .cs file
|
|
|
| Compile |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
- |
Key descriptions:
|
|
|
| $${\textsf{\color{#00ff00} Crack }}$$ |
Show |
- |
| $${\textsf{\color{#00ffff} SSH2Joh }}$$ |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
|
|
|
| URLs +v |
$${\textsf{\color{#00ff40} Resp +v }}$$ |
$${\textsf{\color{#ff0080} Both +v }}$$ |
| - |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
$${\textsf{\color{#ffff00} Help }}$$ |
Key descriptions:
- Scan: Does not currently work
|
|
|
| Scan |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
- |
- |
| - |
$${\textsf{\color{#ff8000} Home }}$$ |
- |