PenTest.WS Documentation
  • What is PenTest.WS?
    • Tier Comparison
  • Getting Started
    • Dashboard
    • Creating An Engagement
    • Main Window Layout
    • Engagement Console
    • Import Nmap & Masscan XML
    • Port Scan Templates
    • Adding Hosts Manually
    • Adding Ports to Hosts
    • Capturing Credentials
  • Hosts & Services
    • Host Page
    • Port Page
    • Global Service Notes
    • Service Command Library
    • Default Service Checklist
    • Scratchpad Editor
  • People & Events
    • People Hacking
    • Events Timeline
  • Views & Filtering
    • Boards
    • The Matrix
    • Subnetting
  • User Libraries
    • Shells Library
    • General Command Library
    • General Notes Library
    • Bookmark Library
  • Built-In Tools
    • Echo Up
    • CyberChef
    • Venom Builder
  • Search Capabilities
    • CVE DB
    • Exploit-DB
    • Nmap Scripts
    • Metasploit Modules
    • Keyword Search
  • Findings
    • Findings Admin
    • Findings Library
    • Engagement Findings
  • Clients & Reporting
    • Write-Ups
    • Clients Manager
    • Reporting Templates
    • Generating Deliverables
  • Collaboration
    • User Maintenance
    • Shared Engagements
    • Access Control List
  • Automation & Integration
    • API
    • SMTP
  • Authentication
    • Two-Factor Authentication
    • LDAP Authentication
  • Exporting & Importing
    • Export Account Items
    • Import Account Items
    • Export to CSV / JSON
  • Pro Tier
    • Admin Panel
    • Intranet Mode
    • Solo Mode
    • Large Engagement Support
Powered by GitBook
On this page
  • Service Commands - Port Page
  • Copy & Paste Functionality
  • Target & Additional Hostnames
  • Service Command Library Manager
  • Add / Edit Service Command Templates
  • Merge Services
  • Print All
  • Delete Service vs Delete Service Command
  • Tier Availability
  1. Hosts & Services

Service Command Library

PreviousGlobal Service NotesNextDefault Service Checklist

Last updated 2 years ago

The Service Command Library (SCL) contains command templates associated with a specific service such as HTTP, SMB, FTP, etc. When a service with a matching SCL entry is added to a Host, the Service Commands list is populated on the .

Service Commands - Port Page

Example URL: https://pentest.ws/e/{engagement.in}/host/{host.id}/port/{port.id}

The Service Commands listed on the Port Page display the command name, command content, and any attached notes.

Copy & Paste Functionality

SCL works by copy-and-pasting a command from SCL to your terminal. By using variables such as $ip and $port in your templates, the commands are customized for the current Host and Port.

Expert Example:

Run a dirsearch directory brute force attack against the current service ($service), host (ip) and port ($port) and output the results to a timestamped port specific file.

/opt/dirsearch/dirsearch.py -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 50 -e '',html,php,txt -f --plain-text-report=log.$port.dirsearch.$(date +%s) -u $service://$ip:$port

To add, edit and delete command templates from you SCL, click the SCL Manager in the upper right corner of the Service Commands section on the Port Page, or use the Service Command Library link from your User Menu.

Target & Additional Hostnames

target.local www.target.local app.target.local

to the hostnames field. These additional hostnames will be available to your Service Commands. Simply use the drop down list at the top of the Service Commands section to attack the host using different hostname values.

Service Command Library Manager

The Service Command Library Manager contains your repository of service command templates. Add, edit and delete command templates for existing service names, or add a new service name to pre-populate your list.

Add / Edit Service Command Templates

Click an existing command template to bring up the Edit Service Command screen or click the Add Command button to create new service command templates.

Service(s): enter the corresponding service name such as HTTP, SMB, FTP, etc. This is used to match your service when adding ports to your Host.

Level Up! - Service Aliases

Attach service command templates to multiple service names by using aliases. The Service(s) field can be a single service name, or a comma separated list of service names. If your command applies to more than one service, such as both HTTP and HTTPS, enter a value of "http, https".

Aliases are indicated in the service list with indented bullets.

Name: give you service command template a descriptive name to identify the command in your Service Commands list on the Port Page.

Command: create a command template using variables such as $ip and $port. Use the available buttons to insert variables at your cursor's current location.

Notes: these notes appear in the Service Commands list right below the mutated command

Merge Services

The result is a single Service Command Library entry with an alias of the second service containing both the original command templates and the templates of the second service.

Print All

Use the Print All button in the top right to generate an HTML report listing all of your services and associated service command templates. This is a great way to backup your command templates or share your list with fellow hackers.

Delete Service vs Delete Service Command

Be aware there are two different delete buttons in the Service Command Library Manager, the Delete Service button and the Delete Service Command button.

Tier Availability

Service Command Library is available on Hobby Tier and Pro Tier, and limited to two (2) command templates per service on Free Tier.

On the , you can add additional hostnames associated with the current target. For example, if you have specified an IP address as your main target for the current host, add:

URL:

Be sure to use the $service variable to attack the appropriate service.

Select a service and click the icon in the top right. You will be prompted to select a second service to merge the command templates with.

When viewing the list of command templates for a service, the trash can icon in the service header is the Delete Service button: . This will remove the current service from you SCL and delete all attached command templates.

When viewing an individual command, the Delete button will remove the current command template only:

❗
Host Page
https://pentest.ws/scl
Port Page
Service Commands on the Port Page
Service Command Library Manager
Merge Services
Delete Service
Delete Service Command Template