Zsh Pentest

Aliases and functions for the lazy penetration tester

37 stars
6 forks

oh-my-zsh pentest plugin

Aliases and functions for the lazy penetration tester


git clone https://github.com/jhwohlgemuth/zsh-pentest.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-pentest


  • Add zsh-pentest to the plugins array in your .zshrc file:
plugins=(... zsh-pentest)
  • Open a new terminal or execute source ~/.zshrc

Tip: For epic synergy and awesome productivity, use the [zsh-handy-helpers]() plugin too!

plugins=(... zsh-pentest zsh-handy-helpers)


Hint: The nmap oh-my-zsh plugin has several great aliases for nmap

Alias Command
me echo $(ifconfig eth0 | grep "inet " | cut -b 9- | cut -d" " -f2)
cme crackmapexec
e4l enum4linux -a
h2t html2text -style pretty
oso onesixtyone


Name Command Tested
create_scan_directory Create directory for saving results yes
enum_snmp $IP [WORDLIST] [NETWORK] Create host list and scan IP with WORDLIST yes
enum_web $IP [PORT] [WORDLIST] Enumerate IP with whatweb and nikto yes
flush_iptables You guessed it…this flushes iptables yes
focus [IP] [PORT] Set RHOST=IP and RPORT=PORT yes
get_gateway Get router IP address yes
get_hosts [PORT] Get list of host IP addresses found via nmap yes
get_hostnames $IP Get list of host names using nmap and the IP of a known DNS server yes
htm [IP] Download IP and print with html2text yes
monitor_traffic [$IP] Monitor bytes over the line with iptables yes
scan_tcp $IP Scan IP with ~~onetwopunch~~ masscan yes
serve [PORT] Start Python server in current directory on PORT [default: 80] yes
sort_ips ADDRESSES Sort list of IP addresses yes

Example Usage

This plugin pairs well with the [zsh-handy-helpers]() plugin iter function:

# Scan all SMB servers for vulnerabilities with nmap scripts
scan() {nmap $1 --script "smb-vuln-*"}
get_hosts 139 | iter scan