Each WAD Command is defined in a file in the
_wadcoms/ folder named as
<tool name>.md, such file consists only of a YAML front matter which describes the command and its attributes.
The full syntax is the following:
--- description: Description of what the command does. Command Reference: Target IP: 10.10.10.1 Domain: test.local Username: john Password: password123 command: | put command here items: - ITEM - ITEM ... services: - SERVICE ... OS: - OS ... attack_types: - ATTACK TYPE references: - LINK - LINK ... ---
ITEM is one of the values described in the
SERVICE is one of the values described in the
OS is one of the values described in the
ATTACK_TYPE is one of the values described in the
_data/attack_types.yml file, and
LINK is a link to download the related tool for that command as well as links to any other relevant information about what the command is doing.
Feel free to use any file in the
_wadcoms/ folder as an example.
I accept commands that run on either Linux or Windows, just as long as they target Windows machines (this is a Windows/AD cheat sheet after all).
Before sending a pull request of a new command, ensure the following:
Pull requests adding new items in
_data/items.yml, services in
_data/services.yml, OS in
_data/OS.yml, or attack types in
_data/attack_types.yml are allowed and subjected to project maintainers vetting.