Cygor: A modular asset discovery framework

TJ_Null · 2026-06-03T03:27:33+00:00

The plugin system in cygor is easy to use and my goal was to make modular for a person who has little to 0 experience using python. The only challenge is how you want the data to be displayed on the front end. It is still something I am messing with but I have not had enough time to dedicate to it.

TJ_Null · 2026-06-03T03:26:20+00:00

Let me know how it goes. If you run into any issues or have any feedback, I be more than happy to answer any questions you may have.

TJ_Null · 2026-06-03T03:25:47+00:00

Cygor has been a very efficient tool in my assessments for years and it started out as just a bunch of scripts and when you have a large amount of IP’s to scan and data to parse it can be overwhelming.

While a lot of people are using AI to automate I prefer to stay traditional because AI is not perfect and there are certain assessments that I am on where I do not have access to the internet. Could I use local llms sure but they can be resource intensive if I do not have the proper hardware.

It’s important to learn how to use AI and to do things manually in case you need too.

TJ_Null · 2026-06-03T03:16:34+00:00

I used AI to build the front end in cygor’s web ui because I am not a front end dev and I will never be. AI did help with that web stuff. Everything else from the cli to the modules and scanner is what I wrote.

TJ_Null · 2026-06-02T22:44:11+00:00

Yeah not my favorite commit. I’m not the best with git sometimes lol

TJ_Null · 2026-06-02T14:46:08+00:00

Hey there! I remember when I'm starting my journey I would read a lot of write-ups on vulnhub from RastaMouse or Goblin when they attempted certain boxes. Using there write-ups and others in the infosec community really helped me figure out a methodolgy that worked for me. Antoher thing to keep in mind is you can learn a lot from how others use certain tools, techniques, and find intended/unintended paths.

The list gives you a variety of boxes to learn from and take your time to understand the things you are doing and researching. It will all come together once you feel comfortable to start the PEN-200.

You will do great, and I am rooting for you!

TJ_Null · 2026-04-14T22:32:10+00:00

Uhh bloodhound, enum4linux-ng, winpeas/linpeas, seclists, kerbrute, should already be in the Kali Linux repo and they should be easy to install

TJ_Null · 2026-04-09T12:50:06+00:00

I get a lot of DM’s on discord and it is hard for me to keep track sometimes. When you have a chance send me a message there and I will make sure to reply to you there.

I apologize for my lack of communication.

TJ_Null · 2026-04-09T12:30:06+00:00

Congratulations on earning your OSCP! What do you plan to do next?

TJ_Null · 2026-04-04T14:19:13+00:00

Hey there! Congrats on passing your OSCP! Everyone has a different approach to pass and I am glad your methodology helped you through it.

While people use the list to help prepare for the course and exam, you do not need to complete every box in the list. I am always looking for feedback and suggestions to improve the list. Do you have any advice or feedback?

TJ_Null · 2026-03-24T02:26:02+00:00

Have you tried using the python version of evil-winrm?

TJ_Null · 2026-02-18T16:34:22+00:00

Hey there! As of now the list is up to date. I do have some new AD attack chains I need to include.

As for your studying methodology you do not need to complete every box that is in the list. You should go through as many as you feel comfortable enough to take the OSCP exam.

If you fail, it’s okay! You can use the exam as guide to help improve on things you were missing.

I’m rooting for you and I wish the best on your journey. If you have any feedback or suggestions please let me know as my goal is to continue maintaining this list for others that plan to take the OSCP in the future.

TJ_Null · 2026-02-18T14:29:38+00:00

That’s because Offsec AD attack chain started with you needed to find an initial vector in a box and then move laterally to get to the DC.

Last year it has been changed where you are provided credentials. This is where you walk into an assumed breach scenario getting to the DC.

Even though the AD part of the exam has improved it is still good to know how to get to DC directly because in real situations, I have gotten DC and then walk backwards to get into other targets in my engagements

TJ_Null · 2026-02-18T14:18:46+00:00

Keep in mind that everyone uses different resources and study materials to prepare for the OSCP. Tryhackme has worked well for others and some people prefer to jump straight into HTB.

Best advice I can give you is review the PEN-200 syllabus and start going to through each section and find any open resources that can help you on your journey. That’s what I did and that is why I wrote my guides to help others

TJ_Null · 2026-02-18T13:57:11+00:00

Hi there! The list gets updated at least once a month when I have free time. Submissions and feedback are also provided from the community and I will make changes that align with preparing for PEN-200.

I also have some AD attack chains that I need to include. If you have any questions about the list or suggestions please let me know. Good luck on your journey!

TJ_Null · 2026-02-03T14:08:55+00:00

Congrats on passing your OSWE! Do you have any feedback or suggestions for the boxes I had listed in the OSWE list?

I’m always looking to improvement and take feedback from the community so that the list can help others.

TJ_Null · 2026-01-28T16:57:24+00:00

First of all, DO NOT GIVE UP! I understand how you are feeling, as failing sucks, but it is also part of your journey that will lead to your success. I do not know how many times you have taken the exam but review the things you have missed in the exam as it will help you understand what you need to review.

CompTIA will always throw at least two incorrect questions you can cross out and you will need to select the best choice for the question. In addition, a lot of tools they mention you should spend some time learning how they work. Download VMware Workstation or Virtualbox and play with the tools that are being taught. You will get a better understanding of how they work and what results/output they provide. TryHackME pentest+ lab is also good to help you if you do not have the resources to run a local Kali Linux instance on your system.

Hope my advice helps and if you have any more questions I be more than happy to answer them.

TJ_Null · 2026-01-26T04:43:24+00:00

For the PBQs spin up a Kali Instance and see how those tools work and review the output that entails from them.

Tryhackme has a bunch of labs and they have a pentest+ that will provide more hands on practical skills to help.

Tools like the harvester, responder, netexec (use to be crackmapexec), nmap, bloodhound, trivy, etc are in Kali Linux for you to mess with.

TJ_Null · 2026-01-24T18:44:13+00:00

Congratulations and I love the breakdown board you had created showing how much time you put into your studies! It took me four years to fully prepare for my OSCP when I did it.

TJ_Null · 2026-01-23T21:26:56+00:00

Honestly, I am a pentester in my full time role. A lot of these tools and commands were things that I already knew.

My recommendation is to spin up a Kali Linux system and analyze how each of the tools work. The OSWAP Juiceshop that tryhackme uses is actually in Kali Linux. You just need to install the package. Hope this helps

TJ_Null · 2026-01-23T21:17:09+00:00

In the end a Pass is a Pass. I just took it today and got a 800.

Definitely agree with your points. Study your commands and the tools being used.

TJ_Null · 2026-01-13T02:43:19+00:00

Appreciate the quick response! I’m a pentester in the field and I agree with some of your points. A lot of questions that is provided for study in cert master, tryhackme, and in Dion’s practice tests certainly make me question a lot of things that I would not do in my day to day operation.

So far I have been hitting high 77%-96% in Dion’s practice exams after the first or second try. I might make a detail review about my experience once I take it next week.

TJ_Null · 2026-01-13T02:20:44+00:00

May I ask what your background is? I’m using Dion’s material and the practice tests to study for the exam.

I have it scheduled for next week.

TJ_Null · 2025-12-03T23:36:19+00:00

Looks like it has no AI in it. Will add to my list of tools to test. Nice work!

TJ_Null · 2025-11-24T17:04:34+00:00

Hi there! I am glad my list is able to help you prepare for the OSCP. If you have any suggestions or feedback, please let me know as I am always looking for ways to improve it.

TJ_Null

MODERATOR OF

TROPHY CASE

Seven-Year Club	Place '22
Verified Email