Welcome to CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming.
Installation (Install Script)
Requirements
- Windows 7 Service Pack 1 or Windows 10
- 60 GB Hard Drive
- 2 GB RAM
Instructions
- Create and configure a new Windows Virtual Machine
- Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain
- Take a snapshot of your machine!
- Download and copy
install.ps1
on your newly configured machine. - Open PowerShell as an Administrator
- Enable script execution by running the following command:
Set-ExecutionPolicy Unrestricted
- Finally, execute the installer script as follows:
.\install.ps1
- You can also pass your password as an argument:
.\install.ps1 -password <password>
Installing a new package
Commando VM uses the Chocolatey Windows package manager. It is easy to install a new package. For example, enter the following command as Administrator to deploy Github Desktop on your system:
cinst github
Staying up to date
Type the following command to update all of the packages to the most recent version:
cup all
Installed Tools
Active Directory Tools
- Remote Server Administration Tools (RSAT)
- SQL Server Command Line Utilities
- Sysinternals
Command & Control
- Covenant
- PoshC2
- WMImplant
- WMIOps
Developer Tools
- Dep
- Git
- Go
- Java
- Python 2
- Python 3 (default)
- Visual Studio 2017 Build Tools (Windows 10)
- Visual Studio Code
Evasion
- CheckPlease
- Demiguise
- DotNetToJScript
- Invoke-CradleCrafter
- Invoke-DOSfuscation
- Invoke-Obfuscation
- Invoke-Phant0m
- Not PowerShell (nps)
- PS>Attack
- PSAmsi
- Pafishmacro
- PowerLessShell
- PowerShdll
- StarFighters
Exploitation
- ADAPE-Script
- API Monitor
- CrackMapExec
- CrackMapExecWin
- DAMP
- Exchange-AD-Privesc
- FuzzySec's PowerShell-Suite
- FuzzySec's Sharp-Suite
- Generate-Macro
- GhostPack
- Rubeus
- SafetyKatz
- Seatbelt
- SharpDPAPI
- SharpDump
- SharpRoast
- SharpUp
- SharpWMI
- GoFetch
- Impacket
- Invoke-ACLPwn
- Invoke-DCOM
- Invoke-PSImage
- Invoke-PowerThIEf
- Kali Binaries for Windows
- LuckyStrike
- MetaTwin
- Metasploit
- Mr. Unikod3r's RedTeamPowershellScripts
- NetshHelperBeacon
- Nishang
- Orca
- PSReflect
- PowerLurk
- PowerPriv
- PowerSploit
- PowerUpSQL
- PrivExchange
- Ruler
- SharpExchangePriv
- SpoolSample
- UACME
- impacket-examples-windows
- vssown
Information Gathering
- ADACLScanner
- ADExplorer
- ADOffline
- ADRecon
- BloodHound
- Get-ReconInfo
- GoWitness
- Nmap
- PowerView
- Dev branch included
- SharpHound
- SharpView
- SpoolerScanner
Networking Tools
- Citrix Receiver
- OpenVPN
- Proxycap
- PuTTY
- Telnet
- VMWare Horizon Client
- VMWare vSphere Client
- VNC-Viewer
- WinSCP
- Windump
- Wireshark
Password Attacks
- ASREPRoast
- CredNinja
- DSInternals
- Get-LAPSPasswords
- Hashcat
- Internal-Monologue
- Inveigh
- Invoke-TheHash
- KeeFarce
- KeeThief
- LAPSToolkit
- MailSniper
- Mimikatz
- Mimikittenz
- RiskySPN
- SessionGopher
Reverse Engineering
- DNSpy
- Flare-Floss
- ILSpy
- PEview
- Windbg
- x64dbg
Utilities
- 7zip
- Adobe Reader
- AutoIT
- Cmder
- CyberChef
- Gimp
- Greenshot
- Hashcheck
- Hexchat
- HxD
- Keepass
- MobaXterm
- Mozilla Thunderbird
- Neo4j Community Edition
- Pidgin
- Process Hacker 2
- SQLite DB Browser
- Screentogif
- Shellcode Launcher
- Sublime Text 3
- TortoiseSVN
- VLC Media Player
- Winrar
- yEd Graph Tool
Vulnerability Analysis
- Egress-Assess
- Grouper2
- zBang
Web Applications
- Burp Suite
- Fiddler
- Firefox
- OWASP Zap
Wordlists
- FuzzDB
- PayloadsAllTheThings
- SecLists