Hotwax is a script to provision a set of extra pentesting tools onto a Kali Linux machine in a consistent manner.

These instructions will get you a copy of the project up and running on your local machine for deployment AND development purposes.

• Kali Linux 2019.4 or older. (Presently, will not work on Kali LInux 2020.1 or newer, due to change from default root account configuration to non-root user account configuration. To be fixed in near future.)

• UPDATE Modified to work on Kali Linux 2020.2a+ See below instructions. (However these changes have not been tested on 2019.4 or older versions and may not longer work)

• Git

• Ansible

apt update -y
apt install -y git ansible

Clone the HOTWAX repository.

cd ~
git clone https://github.com/BrashEndeavours/hotwax

Run the playbook

cd hotwax

#for Kali Linux 2019.4 or older:
ansible-playbook playbook.yml

#for Kali Linux 2020.2a and newer (executed with user part of sudo group, default for "kali" username):
ansible-playbook playbook.yml -K

• Samba 4.10.8 (smbclient,rpcclient,nmblookup - Patched to fix issues with polenum, enum4linux, and restoring smbclient connection output.

• Arjun - Arjun is an HTTP parameter discovery suite.
• AutoRecon - AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
• BloodHound - Six Degrees of Domain Admin.
• chisel - A fast TCP tunnel over HTTP.
• evil-winrm - The ultimate WinRM shell for hacking/pentesting.
• gobuster - Directory/File, DNS and VHost busting tool written in Go
• LinEnum - Local Linux Enumeration & Privilege Escalation Script
• nishang - Framework and collection of scripts and payloads which enables usage of PowerShell for penetration testing.
• One-Lin3r - On demand one-liners that aid in penetration testing operations, privilege escalation and more
• OSCP Exam Report Template - Modified template for the OSCP Exam
• Powerless - A Windows privilege escalation (enumeration) script designed with OSCP labs (i.e. legacy Windows machines without Powershell) in mind.
• PowerSploit - Collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
• proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project.
• pspy - Monitor linux processes without root permissions.
• SecLists - Collection of usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and more.
• sherlock - Find usernames across social networks.
• sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
• webshell - This is a webshell open source project.
• Windows PHP Reverse Shell - Simple php reverse shell implemented using bina- https://github.com/ucki/zauberfeder, based on an webshell.
• XSStrike - Advanced XSS scanner
• zauberfeder - A LaTex reporting template.
• crackmapexec - A swiss army knife for pentesting networks.
• windows-kernel-exploits - Precompiled Windows Exploits.
• exiftool - ExifTool meta information reader/writer. Great for viewing and manipulating exif-data.
• html2text - Convert HTML to clean, easy-to-read plain ASCII text.
• mingw-w64 - GCC for Windows 64 & 32 bits.
• msfpc - MSFvenom Payload Creator (MSFPC)
• wce - A security tool to list logon sessions and add, change, list and delete associated credentials.
• Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target.
• pyftpdlib - Extremely fast and scalable Python FTP server library. Spin up FTP Server with a one-liner.
• ssh-os - Nmap Script that identifies Debian, Ubuntu, FreeBSD version based on default SSH banner response.
• empire - Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent.
• medusa - Medusa is a speedy, parallel, modular login brute-forcer. Similar to ncrack and Hydra.
• PEASS - These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily.

Please read CONTRIBUTING.md for details on the code of conduct, and the process for submitting pull requests.

• Blake Mackey (@BrashEndeavours) - Initial work - BrashEndeavours

• Want your name here? See CONTRIBUTING.md for details.

• Alec Mather-Shapiro (whoisflynn) - Added AutoRecon, Windows PHP Reverse Shell, and OSCP Exam Template - whoisflynn

• Richard Lam (richlamdev) - Added crackmapexec, windows-kernel-exploits, exiftool, html2text, mingw-w64, msfpc, wce, windows-exploit-suggester, pyftpdlib, ssh-os.nse, medusa - richhlamdev

• Rebootuser (@rebootuser) - LinEnum
• D4Vinci (@Seekurity) - One-Lin3r
• PowerShellMafia - PowerSploit
• Daniel Miessler - SecLists
• Nikhil "SamratAshok" Mittal - nishang
• Dominic Breuker - pspy
• sherlock-project - sherlock
• Tib3rius - AutoRecon
• Dhayalanb - Windows PHP Reverse Shell
• whoisflynn - OSCP Exam Report Template
• jpillora - chisel
• OJ Reeves - gobuster
• rofl0r - proxychains-ng
• Brian May - sshuttle
• tennc - webshell
• PortcullisLabs - enum4linux
• M4ximuss - Powerless
• Somdev Sangwan - Arjun
• ucki - zauberfeder
• BloodHoundAD - BloodHound
• byt3bl33d3r - crackmapexec
• abatchy17 - WindowsExploits
• exiftol - exiftool
• Alir3z4 - html2text
• mingw-w64 - mingw-w64
• g0tmi1k - msfpc
• ampliasecurity.com - wce
• AonCyberLabs - Windows-Exploit-Suggester
• giampaolo - pyftpdlib
• richlamdev - ssh-os
• harmj0y - empire
• foofus - foofus.net
• 0v3rride - Enum4LinuxPy
• Carlos Polop - PEASS - These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily.

This project is licensed under the MIT License - see the LICENSE.md file for details