Service Command Library
The Service Command Library (SCL) contains command templates associated with a specific service such as HTTP, SMB, FTP, etc. When a service with a matching SCL entry is added to a Host, the Service Commands list is populated on the Port Page.
Service Commands - Port Page
Example URL: https://pentest.ws/e/{engagement.in}/host/{host.id}/port/{port.id}
The Service Commands listed on the Port Page display the command name, command content, and any attached notes.
Copy & Paste Functionality
SCL works by copy-and-pasting a command from SCL to your terminal. By using variables such as $ip and $port in your templates, the commands are customized for the current Host and Port.
Expert Example:
Run a dirsearch directory brute force attack against the current service ($service), host (ip) and port ($port) and output the results to a timestamped port specific file.
To add, edit and delete command templates from you SCL, click the SCL Manager in the upper right corner of the Service Commands section on the Port Page, or use the Service Command Library link from your User Menu.
Target & Additional Hostnames
On the Host Page, you can add additional hostnames associated with the current target. For example, if you have specified an IP address as your main target for the current host, add:
target.local www.target.local app.target.local
to the hostnames field. These additional hostnames will be available to your Service Commands. Simply use the drop down list at the top of the Service Commands section to attack the host using different hostname values.
Service Command Library Manager
The Service Command Library Manager contains your repository of service command templates. Add, edit and delete command templates for existing service names, or add a new service name to pre-populate your list.
Add / Edit Service Command Templates
Click an existing command template to bring up the Edit Service Command screen or click the Add Command button to create new service command templates.
Service(s): enter the corresponding service name such as HTTP, SMB, FTP, etc. This is used to match your service when adding ports to your Host.
Level Up! - Service Aliases
Attach service command templates to multiple service names by using aliases. The Service(s) field can be a single service name, or a comma separated list of service names. If your command applies to more than one service, such as both HTTP and HTTPS, enter a value of "http, https".
Aliases are indicated in the service list with indented bullets.
❗ Be sure to use the $service variable to attack the appropriate service.
Name: give you service command template a descriptive name to identify the command in your Service Commands list on the Port Page.
Command: create a command template using variables such as $ip and $port. Use the available buttons to insert variables at your cursor's current location.
Notes: these notes appear in the Service Commands list right below the mutated command
Merge Services
The result is a single Service Command Library entry with an alias of the second service containing both the original command templates and the templates of the second service.
Print All
Use the Print All button in the top right to generate an HTML report listing all of your services and associated service command templates. This is a great way to backup your command templates or share your list with fellow hackers.
Delete Service vs Delete Service Command
Be aware there are two different delete buttons in the Service Command Library Manager, the Delete Service button and the Delete Service Command button.
Tier Availability
Service Command Library is available on Hobby Tier and Pro Tier, and limited to two (2) command templates per service on Free Tier.
Last updated
