Arsenal – Simplifying Pentesting With Your Ultimate Command Inventory

Arsenal is just a quick inventory, reminder and launcher for pentest commands.
This project written by pentesters for pentesters simplify the use of all the hard-to-remember commands

In arsenal you can search for a command, select one and it’s prefilled directly in your terminal. This functionality is independent of the shell used.

Indeed arsenal emulates real user input (with TTY arguments and IOCTL) so arsenal works with all shells and your commands will be in the history.

You have to enter arguments if needed, but arsenal supports global variables.
For example, during a pentest we can set the variable ip to prefill all commands using an ip with the right one.

To do that you just have to enter the following command in arsenal:

>set ip=10.10.10.10

Authors:

Guillaume Muh
mayfly

This project is inspired by navi because the original version was in bash and too hard to understand to add features

Arsenal New Features

New colors
Add tmux new pane support (with -t)
Add default values in cheatsheets commands with <argument|default_value>
Support description inside cheatsheets
New categories and Tags
New cheatsheets
Add yml support (thx @0xswitch )
Add fzf support with ctrl+t (thx @mgp25)

Install And Launch

with pip :

python3 -m pip install arsenal-cli

run (we also advice you to add this alias : alias a='arsenal')

arsenal

manually:

git clone https://github.com/Orange-Cyberdefense/arsenal.git
cd arsenal
python3 -m pip install -r requirements.txt
./run

Inside your .bashrc or .zshrc add the path to run to help you do that you could launch the addalias.sh script

./addalias.sh

Also if you are an Arch user you can install from the AUR:

git clone https://aur.archlinux.org/arsenal.git
cd arsenal 
makepkg -si

Or with an AUR helper like yay:

yay -S arsenal

Launch In Tmux Mode

./run -t # if you launch arsenal in a tmux window with one pane, it will split the window and send the command to the otherpane without quitting arsenal
         # if the window is already splited the command will be send to the other pane without quitting arsenal
./run -t -e # just like the -t mode but with direct execution in the other pane without quitting arsenal

Add External Cheatsheets

You could add your own cheatsheets insode the my_cheats folder or in the ~/.cheats folder.

You could also add additional paths to the file <arsenal_home>/arsenal/modules/config.py, arsenal reads .md (MarkDown) and .rst (RestructuredText).

CHEATS_PATHS = [
    join(BASEPATH, "cheats"), # DEFAULT
    join(HOMEPATH, "docs/my_cheats")
]

Cheatsheets examples are in <arsenal_home>/cheats: README.md and README.rst

Troubleshooting

If you got on error on color init try :

export TERM='xterm-256color'

—

If you have the following exception when running Arsenal:

ImportError: cannot import name 'FullLoader'

First, check that requirements are installed:

pip install -r requirements.txt

If the exception is still there:

pip install -U PyYAML

—

If you encounter an exception similar to the following (contains TIOCSTI in strace) when running Arsenal:

[...]
    fcntl.ioctl(stdin, termios.TIOCSTI, c)
OSError: [Errno 5] Input/output error

Then you may need to re-enable TIOCSTI:

sudo sysctl -w dev.tty.legacy_tiocsti=1

Mindmap

Active directory mindmap

Due to csp on github when you open the svg, we moved the AD mindmap and the source to this repository

AD mindmap black version
Exchange Mindmap (thx to @snovvcrash)
Active directory ACE mindmap

TODO Cheatsheets

Reverse Shell

msfvenom
php
python
perl
powershell
java
ruby

Whitebox Analysis Grep Regex

php
nodejs
hash

Tools

smb

enum4linux
smbmap
smbget
rpcclient
rpcinfo
nbtscan
impacket

kerberos And AD

impacket
bloodhound
rubeus
powerview
shadow credentials attack
samaccountname attack

MITM

mitm6
responder

Unserialize

ysoserial
ysoserial.net

Bruteforce And Pass Cracking

hydra
hashcat
john

Scan

nmap
eyewitness
gowitness

Fuzz

gobuster
ffuf
wfuzz

DNS

dig
dnsrecon
dnsenum
sublist3r

Rpc

rpcbind

Netbios-ssn

snmpwalk
snmp-check
onesixtyone

Sql

sqlmap

Oracle

oscanner
sqlplus
tnscmd10g

Mysql

mysql

Nfs

showmount

Rdp

xfreerdp
rdesktop
ncrack

Mssql

sqsh

Winrm

evilwinrm

Redis

redis-cli

Postgres

psql
pgdump

Vnc

vncviewer

X11

xspy
xwd
xwininfo

Idap

ldapsearch

Https

sslscan

Web

burp
nikto
tplmap

App Web

drupwn
wpscan
nuclei

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.