NVAToolkit
Star

A Network Penetration Testing Toolkit is an interactive cheat sheet, containing a curated list of tools, commands, and payloads specifically for network security assessments and penetration testing engagements.

If you often find yourself searching for the right command to use against network devices, servers, or infrastructure, this project aims to simplify your workflow. Just select the information you have about the target environment (such as credentials, services, or open ports), and NVAToolkit will display relevant tools and template commands for quick reference and easy copy/pasting. See the full list of items and filters.

This project was created by Gnanaraj Mauviel aka 0xm3m and was inspired by GTFOBins, and LOLBAS. The WADComs’ site template was heavily used in building this toolkit.

NVAToolkit is intended as a collaborative project, so contributions of new commands and tools are welcome. Please feel free to contribute!

Command
nmap -Pn -p 22 --script="ssh-auth-methods,ssh-brute,ssh-hostkey,ssh-publickey-acceptance,ssh-run,ssh2-enum-algos,sshv1" -sV 10.10.10.1 Enumeration No Creds SSH Linux Windows Mac
nmap -Pn -p 22 -sV 10.10.10.1 Enumeration No Creds SSH Linux Windows Mac
python3 smbmap.py --host-file smb-hosts.txt -u john -p 'password123' -d test.local -L Enumeration Username Password Linux Windows
python3 smbmap.py --host-file smb-hosts.txt -d test.local -L Enumeration No Creds Linux Windows
python3 smbmap.py --host-file smb-hosts.txt -u john -p 'password123' -d test.local -F password Enumeration Username Password Linux Windows
smbclient -L \\test.local -I 10.10.10.1 -U john password123 Enumeration Username Password Linux
smbclient -L \\test.local -I 10.10.10.1 -N Enumeration No Creds Linux
smbclient -L \\10.10.10.1 -U test.local/john --pw-nt-hash XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Enumeration Username Hash Linux
smbclient \\\\test.local\\C$ -I 10.10.10.1 -U john password123 Enumeration Username Password Linux
smbclient \\\\test.local\\public -I 10.10.10.1 -N Enumeration No Creds Linux
nmap -Pn -p 21 --script="ftp-anon,ftp-bounce,ftp-brute,ftp-libopie,ftp-proftpd-backdoor,ftp-syst,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221" -sV 10.10.10.1 Enumeration No Creds FTP Linux Windows Mac
wget -m ftp://anonymous:anonymous@10.10.10.98 Enumeration Username Password FTP Linux Windows Mac
ftp://anonymous:anonymous@10.10.10.98 Enumeration Username Password FTP Linux Windows Mac
nmap -Pn -p 21 --script ftp-bounce -sV 10.10.10.1 Enumeration Username Password FTP Linux Windows Mac
nmap -Pn -p 21 -sV 10.10.10.1 Enumeration No Creds FTP Linux Windows Mac
Couldn't find the command you're looking for? Contribute your own!

Command

nmap -Pn -p 22 --script="ssh-auth-methods,ssh-brute,ssh-hostkey,ssh-publickey-acceptance,ssh-run,ssh2-enum-algos,sshv1" -sV 10.10.10.1