Python: Neat-Hacking.py for Structured Pentest Documentation Habits
Being about to embark on my pentest journey of PJPT > CPTS > OSCP, I have read in many Reddit forums and other online sources that one’s organisation of the attack stages and their findings are almost as important as the hacking itself.
If you are unable to recall the exploit chain, give clear and comprehensive evidence of recon, exploitation, post-exploitation, can’t clean up the client’s environment post-engagement, or struggle to recall what evidence and loot culminated from your efforts… the engagement’s value and your tranquillity will be seriously undermined.
That’s why I set out to, before diving into the PJPT AD Labs, just create a simple Python script to force me to work in a concise, organised and consistent manner, by utilising a predictable file structure for each target I engage, on my attacker machine.
Meet… neat-hacking.py.
Some Highlights
Able to choose what files and folders it creates within the script variables FILES and FOLDERS, no external config files necessary
# Config the script variables FILES = ["polished_notes.txt"] FOLDERS = ["recon", "exploit", "post-exploit", "screenshots", "loot", "rough-notes"]
Can use environment variable for BASE DIRECTORY for efficient usage of the script mid pentest
# See if a base directory for the tree creation is defined in environment variable BASE_DIR
BASE_DIR = os.getenv("BASEDIR")
if not BASE_DIR:
printMessage("WARNING", "Base directory for creation of file structure has not been specified by env var 'BASEDIR'.")
BASE_DIR = input("Please provide full filepath for where to create the tree: ")
printMessage("SUCCESS", f"Will create file structure in {BASE_DIR}")Prevents overwriting or duplicating a target by checking for folder existence already
# Create root of documentation file tree
ROOT_FOLDER = os.path.join(BASE_DIR, TARGET)
root_folder_path = Path(ROOT_FOLDER)
if root_folder_path.is_dir():
printMessage("ERROR", f"Folder already exists: {ROOT_FOLDER}")
sys.exit(1)
try:
os.mkdir(ROOT_FOLDER)
except:
printMessage("ERROR", f"Unable to create: {ROOT_FOLDER}")
sys.exit(1)
printMessage("SUCCESS", f"Creating file structure at {ROOT_FOLDER}")Simple code - just a few imports, native Python language
# Module imports import sys from termcolor import cprint import os from pathlib import Path
Cool colours for text output to shell, courtesy of a utility function I created - feel free to rip this for your own projects
Possibilities for Expansion
I did think to allow a file input eg. targets.txt and to iterate through each target, but I thought, it would probably be too messy for an engagement.
Perhaps better to just include CIDR ranges (eg. 10.0.0.0/24) as your target, and then can always dive into particular targets based on scan results (eg. 10.0.0.30).
