# Pentesting Machine ### Operating System I either use Kali Linux or ParrotOS. Usually cloning the seclists in the home directory and installing any tool I feel needed. ### Tools The following list is a list of must-have tools I add on top of the already available ones in the distros. This list will be expanded with time * exploitdb * **Oracle-Tools-setup.sh** * [Impacket MSSQL client and tools](https://github.com/fortra/impacket/tree/master?tab=readme-ov-file#setup) * [Nuclei](https://github.com/projectdiscovery/nuclei) * crowbar * sqsh ### Folder structure ```shell-session Projects/ └── Acme Company ├── EPT │ ├── evidence │ │ ├── credentials │ │ ├── data │ │ └── screenshots │ ├── logs │ ├── scans │ ├── scope │ └── tools └── IPT ├── evidence │ ├── credentials │ ├── data │ └── screenshots ├── logs ├── scans ├── scope └── tools ``` EPT and IPT stand for External/Internal Penetration Testing ### Note taking app There are multiple available. I will note here which one I'll stick to using after I have a definitive answer Possibilities include | [Cherrytree](https://www.giuspen.com/cherrytree) | [Visual Studio Code](https://code.visualstudio.com) | [Evernote](https://evernote.com) | | ---------------------------------------------------- | --------------------------------------------------- | ------------------------------------------- | | [Notion](https://www.notion.so) | [GitBook](https://www.gitbook.com) | [Sublime Text](https://www.sublimetext.com) | | [Notepad++](https://notepad-plus-plus.org/downloads) | [LogSeq](https://logseq.com/) | | ## Oracle-Tools-setup.sh ```bash #!/bin/bash sudo apt-get install libaio1 python3-dev alien -y git clone https://github.com/quentinhardy/odat.git cd odat/ git submodule init git submodule update wget https://download.oracle.com/otn_software/linux/instantclient/2112000/instantclient-basic-linux.x64-21.12.0.0.0dbru.zip unzip instantclient-basic-linux.x64-21.12.0.0.0dbru.zip wget https://download.oracle.com/otn_software/linux/instantclient/2112000/instantclient-sqlplus-linux.x64-21.12.0.0.0dbru.zip unzip instantclient-sqlplus-linux.x64-21.12.0.0.0dbru.zip export LD_LIBRARY_PATH=instantclient_21_12:$LD_LIBRARY_PATH export PATH=$LD_LIBRARY_PATH:$PATH pip3 install cx_Oracle sudo apt-get install python3-scapy -y sudo pip3 install colorlog termcolor passlib python-libnmap sudo apt-get install build-essential libgmp-dev -y pip3 install pycryptodome ``` Test with `./odat.py -h` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.rtlcopymemory.com/pentesting-machine.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.