diff --git a/Dockerfile b/Dockerfile index e46974a..8c992c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,9 +3,9 @@ FROM kalilinux/kali-rolling:latest LABEL "project"="aegis" LABEL "author"="fr3d" -LABEL "version"="v1.4.0" +LABEL "version"="v1.4.1" -ENV DEBIAN_FRONTEND noninteractive +ENV DEBIAN_FRONTEND=noninteractive ENV TZ="America/New_York" RUN apt-get update && apt-get install sudo -y @@ -15,9 +15,9 @@ RUN groupadd --gid 1000 kali \ --gid 1000 --shell /bin/bash --skel /dev/null kali RUN chown -R kali:kali /home/kali/ \ - && echo kali:kali | chpasswd \ - && usermod -aG sudo kali \ - && echo 'kali ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/kali + && echo kali:kali | chpasswd \ + && usermod -aG sudo kali \ + && echo 'kali ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/kali WORKDIR /home/kali/ @@ -41,7 +41,7 @@ RUN sudo rm -rf /tmp/sources && sudo rm -rf /home/kali/resources USER kali -RUN pipx ensurepath && pipx install impacket certipy-ad git+https://github.com/Pennyw0rth/NetExec +RUN pipx ensurepath && pipx install impacket certipy-ad RUN sudo chsh $USER -s /bin/zsh diff --git a/README.md b/README.md index 80538c6..4ea90df 100644 --- a/README.md +++ b/README.md @@ -20,14 +20,6 @@ Aegis is a docker image designed for any engagement. Gone are the days of spinni - Tmux inside the container (my favorite feature) -## Tmux environment - - -![Logo](https://ka-tet.s3.amazonaws.com/arch.png) - - - - ### Custom aliases included: ``` diff --git a/bash/aegis b/bash/aegis deleted file mode 100755 index 0cceb5d..0000000 --- a/bash/aegis +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/bash - -# aegis is a simple bash wrapper integrated with gum for a clean interactive TUI experience. -# -#GUM variables - -export GUM_INPUT_CURSOR_FOREGROUND="#FF0" -export GUM_INPUT_PROMPT_FOREGROUND="#00FF00" -export GUM_INPUT_PLACEHOLDER="" -export GUM_INPUT_PROMPT="enter project name: " -export GUM_INPUT_WIDTH=80 -#export BORDER_BACKGROUND="212" -export BORDER_FOREGROUND="255" -export BORDER="rounded" -export BACKGROND="212" -export FOREGROUND="67" - -#starts a container with host networking, X11 and a shared volume -start_container() { - project=$(gum input --prompt "$GUM_INPUT_PROMPT" --placeholder "$GUM_INPUT_PLACEHOLDER") - image=$(gum choose "dev" "latest") - - mkdir -p $project/{recon,www,exploit,pivot,privesc,report} && - cd $project && - mkdir .aegis-logs && - docker run --name $project -it \ - --net=host --entrypoint=/bin/zsh \ - --cap-add=NET_ADMIN \ - --cap-add=CAP_SYS_TIME \ - -e DISPLAY=$DISPLAY -e DOMAIN=$DOMAIN \ - -e TARGET=$project -e IP=$IP -e TZ=$TIME_ZONE -e NAME=$project \ - -v $(pwd)/.aegis-logs:$HOME/.logs:rw -v $(pwd):/$project \ - -v $HOME/.Xauthority:$HOME/.Xauthority:ro \ - -v /tmp/.X11-unix:/tmp/.X11-unix \ - -w /$project fonalex45/aegis:$image /bin/zsh -} - -# starts the container if stopped and enters it -enter() { - project=$(gum input --prompt "$GUM_INPUT_PROMPT" --placeholder "$GUM_INPUT_PLACEHOLDER") - gum spin --spinner line \ - --title "Starting..." \ - -- sleep 3 - docker container start $project && - docker exec -it $project /bin/zsh -} - -#stops container -stop() { - project=$(gum input --prompt "$GUM_INPUT_PROMPT" --placeholder "$GUM_INPUT_PLACEHOLDER") - gum spin --spinner line \ - --title "Stopping..." \ - -- sleep 3 - - docker container stop $project -} - -#destroys contaienr and removes shared volume -destroy() { - project=$(gum input --prompt "$GUM_INPUT_PROMPT" --placeholder "$GUM_INPUT_PLACEHOLDER") - gum spin --spinner line \ - --title "POOF" \ - -- sleep 3 - gum style --align center --border $BORDER --width 10 --border-foreground $BORDER_FOREGROUND $(docker container rm $project && rm -r $project) -} - -#backs up shared volume and compresses it. useful for saving engagement artifacts -backup() { - project=$(gum input --prompt "$GUM_INPUT_PROMPT" --placeholder "$GUM_INPUT_PLACEHOLDER") - tar -zcvf "$(date '+%Y-%m-%d_%H-%M-%S%z(%Z)')_$project.tar.gz" $project -} - -#pulls latest or dev image -pull() { - - project=$(gum input --prompt "enter image tag: (dev, latest) " --placeholder " ") - gum spin --spinner meter --title "pulling $project" -- docker pull -q fonalex45/aegis:$project -} - -#help menu -show_help() { - echo 'aegis' | figlet -f shadow | lolcat && - gum style \ - --foreground $FOREGROUND --border-foreground $BORDER_FOREGROUND --border double \ - --align left --width 85 --margin "1 2" --bold --padding "1 2" \ - ' - aegis start - start a container - aegis stop - stop a container - aegis enter- enter running container - aegis destory - destory a container - aegis backup - backup shared volume - aegis pull - update to latest image (dev, latest) - aegis help - view this help menu' -} - -# Parse the command-line arguments -case "$1" in -"start") - start_container - ;; -"enter") - enter - ;; -"stop") - stop - ;; -"destroy") - destroy - ;; -"backup") - backup - ;; -"pull") - pull - ;; -"help") - show_help - ;; -*) - show_help - exit 1 - ;; -esac diff --git a/resources/smbserver.py b/resources/smbserver.py new file mode 100644 index 0000000..96ee989 --- /dev/null +++ b/resources/smbserver.py @@ -0,0 +1,105 @@ +#!/usr/bin/env python +# Impacket - Collection of Python classes for working with network protocols. +# +# Copyright (C) 2023 Fortra. All rights reserved. +# +# This software is provided under a slightly modified version +# of the Apache Software License. See the accompanying LICENSE file +# for more information. +# +# Description: +# Simple SMB Server example. +# +# Author: +# Alberto Solino (@agsolino) +# + +import sys +import argparse +import logging + +from impacket.examples import logger +from impacket import smbserver, version +from impacket.ntlm import compute_lmhash, compute_nthash + +if __name__ == '__main__': + + # Init the example's logger theme + print(version.BANNER) + + parser = argparse.ArgumentParser(add_help = True, description = "This script will launch a SMB Server and add a " + "share specified as an argument. You need to be root in order to bind to port 445. " + "For optional authentication, it is possible to specify username and password or the NTLM hash. " + "Example: smbserver.py -comment 'My share' TMP /tmp") + + parser.add_argument('shareName', action='store', help='name of the share to add') + parser.add_argument('sharePath', action='store', help='path of the share to add') + parser.add_argument('-comment', action='store', help='share\'s comment to display when asked for shares') + parser.add_argument('-username', action="store", help='Username to authenticate clients') + parser.add_argument('-password', action="store", help='Password for the Username') + parser.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes for the Username, format is LMHASH:NTHASH') + parser.add_argument('-ts', action='store_true', help='Adds timestamp to every logging output') + parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON') + parser.add_argument('-ip', '--interface-address', action='store', default='0.0.0.0', help='ip address of listening interface') + parser.add_argument('-port', action='store', default='445', help='TCP port for listening incoming connections (default 445)') + parser.add_argument('-smb2support', action='store_true', default=False, help='SMB2 Support (experimental!)') + + if len(sys.argv)==1: + parser.print_help() + sys.exit(1) + + try: + options = parser.parse_args() + except Exception as e: + logging.critical(str(e)) + sys.exit(1) + + logger.init(options.ts) + + if options.debug is True: + logging.getLogger().setLevel(logging.DEBUG) + # Print the Library's installation path + logging.debug(version.getInstallationPath()) + else: + logging.getLogger().setLevel(logging.INFO) + + if options.comment is None: + comment = '' + else: + comment = options.comment + + server = smbserver.SimpleSMBServer(listenAddress=options.interface_address, listenPort=int(options.port)) + + server.addShare(options.shareName.upper(), options.sharePath, comment) + server.setSMB2Support(options.smb2support) + + # If a user was specified, let's add it to the credentials for the SMBServer. If no user is specified, anonymous + # connections will be allowed + if options.username is not None: + # we either need a password or hashes, if not, ask + if options.password is None and options.hashes is None: + from getpass import getpass + password = getpass("Password:") + # Let's convert to hashes + lmhash = compute_lmhash(password) + nthash = compute_nthash(password) + elif options.password is not None: + lmhash = compute_lmhash(options.password) + nthash = compute_nthash(options.password) + else: + lmhash, nthash = options.hashes.split(':') + + server.addCredential(options.username, 0, lmhash, nthash) + + # Here you can set a custom SMB challenge in hex format + # If empty defaults to '4141414141414141' + # (remember: must be 16 hex bytes long) + # e.g. server.setSMBChallenge('12345678abcdef00') + server.setSMBChallenge('') + + # If you don't want log to stdout, comment the following line + # If you want log dumped to a file, enter the filename + server.setLogFile('') + + # Rock and roll + server.start() diff --git a/resources/starship.toml b/resources/starship.toml new file mode 100644 index 0000000..780d51b --- /dev/null +++ b/resources/starship.toml @@ -0,0 +1,107 @@ +# Get editor completions based on the config schema +"$schema" = 'https://starship.rs/config-schema.json' + +# Use custom format +#format = """ +#(bold white)$custom $directory $git_branch $git_commit $git_status $python $line_break +#$aws $azure $terraform $kubernetes $pulumi $line_break +# > +# """ + +#right_format = '$aws $terraform' + +# Wait 10 milliseconds for starship to check files under the current directory. +scan_timeout = 5 + +# Disable the blank line at the start of the prompt +add_newline = true + +[line_break] +disabled = false + +[custom.tztime] +command = 'date +"%a %b %d %Y %T"' +when = "true" +format = ' [\[🕙 $symbol($output)\]]($style)' +style= "italic white" + +[python] +symbol = "👾 " +pyenv_version_name = true + +[aws] +format = '[$symbol ($profile )(\($region\) )]($style)' +style = "#bf5700" +symbol = "☁️" +[aws.region_aliases] +us-east-1 = "us-east-1" +[aws.profile_aliases] +Admin = 'Administrator' + +[gcloud] +disabled = false +format = ' IAM: [$symbol$account(@$domain)(\($project\))]($style) ' +style = "#FEFB61" +symbol = "" + +[time] +disabled = true +style = "bold purple" +format = "🕙 $time($style) " +time_format = "%T" +utc_time_offset = "-5" + +[username] +style_user = "green bold" +style_root = "red bold" +format = " [$user]($style) " +disabled = true +show_always = true + +[directory] +read_only = " " +truncation_length = 3 +truncate_to_repo = true # truncates directory to root folder if in github repo +style = "bold italic blue" + +[git_branch] +format = " [$symbol $branch]($style) " +symbol = "🪵 " +style = "bold yellow" + +[git_status] +conflicted = "⚔️ " +ahead = "🏎️ 💨 ×${count}" +behind = "🐢 ×${count}" +diverged = "🔱 🏎️ 💨 ×${ahead_count} 🐢 ×${behind_count}" +untracked = "🛤️ ×${count}" +stashed = "📦 " +modified = "📜 ×${count} " +staged = "🗃️ ×${count} " +renamed = "📛 ×${count}" +deleted = "🗑️ ×${count}" +style = "bright-white" +format = "$all_status$ahead_behind" + +[git_commit] +commit_hash_length = 8 +style = "bold white" + +[pulumi] +symbol = "⚙️ " +format = " [$symbol $stack]($style)" +style = "bright-purple" +disabled = false + +[terraform] +format = " [🏎💨 $version $workspace]($style) " + +[kubernetes] +format = 'on [⛵ ($user on )($cluster in )$context \($namespace\)](dimmed green) ' +disabled = false + +[azure] +disabled = false +format = "on [$symbol($subscription)]($style) " +symbol = "ﴃ " +style = "blue bold" diff --git a/resources/zsh/.zshrc b/resources/zsh/.zshrc index d1e4209..7e20eec 100644 --- a/resources/zsh/.zshrc +++ b/resources/zsh/.zshrc @@ -12,7 +12,7 @@ unsetopt beep #vi key bindings bindkey -v -ZSH_THEME="robbyrussell" +ZSH_THEME="kali" zstyle ':omz:update' mode auto # update automatically without asking @@ -49,26 +49,4 @@ echo " #persistant ssh agent eval $(ssh-agent) &> /dev/null -#daily use -alias t='tmux new -f ~/.tmux.conf -s $1' -alias update='sudo apt get update' -alias upgrade='sudo apt get upgrade' -alias i='sudo apt get install -y' -alias :q='exit' -alias c='clear' -alias :r='. ~/.zshrc' -alias home='cd ~' -alias cme='nxc' -alias port-scan='sudo nmap -sC -sV -p- $IP > scan.txt' -alias udp-scan='sudo nmap -sU --top-ports 10 $IP -v > udp.scan.txt' -alias stealth-scan='sudo nmap --data-length 6 -T3 -A -ttl 64 -p- $IP > stealth-scan.txt' -alias public='curl wtfismyip.com/text' -alias proxy='proxychains' -alias serve='sudo python3 -m http.server 80' -alias webserver="miniserve -p 8001" -#python3 -alias py-virt='python3 -m venv .venv && source .venv/bin/activate' -alias freeze='pip freeze > requirements.txt' -alias py-install='pip install -r requirements.txt' -alias py-list='pipx list | grep package' - +eval "$(starship init zsh)" diff --git a/resources/zsh/aliases b/resources/zsh/aliases new file mode 100644 index 0000000..687e3d9 --- /dev/null +++ b/resources/zsh/aliases @@ -0,0 +1,24 @@ +#daily use +alias t='tmux new -f ~/.tmux.conf -s $1' +alias update='sudo apt get update' +alias upgrade='sudo apt get upgrade' +alias i='sudo apt get install -y' +alias :q='exit' +alias c='clear' +alias :r='. ~/.zshrc' +alias home='cd ~' +alias cme='nxc' +alias port-scan='sudo nmap -sC -sV -p- $IP > scan.txt' +alias udp-scan='sudo nmap -sU --top-ports 10 $IP -v > udp.scan.txt' +alias stealth-scan='sudo nmap --data-length 6 -T3 -A -ttl 64 -p- $IP > stealth-scan.txt' +alias public='curl wtfismyip.com/text' +alias proxy='proxychains' +alias serve='sudo python3 -m http.server 80' +alias webserver="miniserve -p 8001" +alias notepad='mousepad notes.md > /dev/null 2>&1 &' +#python3 +alias py-virt='python3 -m venv .venv && source .venv/bin/activate' +alias freeze='pip freeze > requirements.txt' +alias py-install='pip install -r requirements.txt' +alias py-list='pipx list | grep package' + diff --git a/resources/zsh/kali.zsh-theme b/resources/zsh/kali.zsh-theme new file mode 100644 index 0000000..eae3f34 --- /dev/null +++ b/resources/zsh/kali.zsh-theme @@ -0,0 +1,25 @@ +# A multiline prompt with username, hostname, full path, return status, git branch, git dirty status, git remote status +# This is a modified version of the intheloop theme, with date, time, and IP address added for penetration testing logging. +# This is configured to include the IP address of eth0 for Internal network pentests. +# For External network pentests, comment out lines 13 and 14, and uncomment lines 16 and 17 in include your Internet IP address in the prompt. + +local return_status="%{$fg[red]%}%(?..⏎)%{$reset_color%}" + +local host_color="white" +if [ -n "$SSH_CLIENT" ]; then + local host_color="red" +fi + +PROMPT="%{$fg_bold[grey]%}[%{$reset_color%}%{$fg_bold[${host_color}]%}%n@%m%{$reset_color%}%{$fg_bold[grey]%}]%{$reset_color%} %{$fg_bold[white]%}%10c %W %t $(ifconfig | grep -A 1 tun0 | grep inet | tr -s ' ' | cut -d ' ' -f 3) %{$reset_color%} $(git_prompt_info) $(git_remote_status) +%{$fg_bold[white]%}❯%{$reset_color%} " + +#PROMPT="%{$fg_bold[grey]%}[%{$reset_color%}%{$fg_bold[${host_color}]%}%n@%m%{$reset_color%}%{$fg_bold[grey]%}]%{$reset_color%} %{$fg_bold[blue]%}%10c %W %t $(curl -s http://ipecho.net/plain; echo) %{$reset_color%} $(git_prompt_info) $(git_remote_status) +#%{$fg_bold[cyan]%}❯%{$reset_color%} " + +ZSH_THEME_GIT_PROMPT_PREFIX="%{$fg[grey]%}(%{$fg[red]%}" +ZSH_THEME_GIT_PROMPT_SUFFIX="%{$reset_color%}" +ZSH_THEME_GIT_PROMPT_DIRTY="%{$fg[grey]%}) %{$fg[yellow]%}⚡%{$reset_color%}" +ZSH_THEME_GIT_PROMPT_CLEAN="%{$fg[grey]%})" +ZSH_THEME_GIT_PROMPT_BEHIND_REMOTE="%{$fg_bold[magenta]%}↓%{$reset_color%}" +ZSH_THEME_GIT_PROMPT_AHEAD_REMOTE="%{$fg_bold[magenta]%}↑%{$reset_color%}" +ZSH_THEME_GIT_PROMPT_DIVERGED_REMOTE="%{$fg_bold[magenta]%}↕%{$reset_color%}" diff --git a/script/aegis b/script/aegis new file mode 100755 index 0000000..c16ac97 --- /dev/null +++ b/script/aegis @@ -0,0 +1,123 @@ +#!/bin/bash + +# aegis is a simple bash wrapper integrated with gum for a clean interactive TUI experience. +# +#GUM variables + +export GUM_INPUT_CURSOR_FOREGROUND="#FF0" +export GUM_INPUT_PROMPT_FOREGROUND="#00FF00" +export GUM_INPUT_PLACEHOLDER="" +export GUM_INPUT_PROMPT="enter project name: " +export GUM_INPUT_WIDTH=80 +#export BORDER_BACKGROUND="212" +export BORDER_FOREGROUND="255" +export BORDER="rounded" +export BACKGROND="212" +export FOREGROUND="67" + +#starts a container with host networking, X11 and a shared volume +start_container() { + project=$(gum input --prompt "$GUM_INPUT_PROMPT" --placeholder "$GUM_INPUT_PLACEHOLDER") + image=$(gum choose "dev" "latest") + + mkdir -p $project/{recon,www,exploit,pivot,privesc,report} && + cd $project && + mkdir .aegis-logs && + docker run --name $project -it \ + --net=host --entrypoint=/bin/zsh \ + --cap-add=NET_ADMIN \ + --cap-add=CAP_SYS_TIME \ + -e DISPLAY=$DISPLAY -e DOMAIN=$DOMAIN \ + -e TARGET=$project -e IP=$IP -e TZ=$TIME_ZONE -e NAME=$project \ + -v $(pwd)/.aegis-logs:$HOME/.logs:rw -v $(pwd):/$project \ + -v $HOME/.Xauthority:$HOME/.Xauthority:ro \ + -v /tmp/.X11-unix:/tmp/.X11-unix \ + -w /$project fonalex45/aegis:$image +} + +# starts the container if stopped and enters it +enter() { + project=$(gum input --prompt "$GUM_INPUT_PROMPT" --placeholder "$GUM_INPUT_PLACEHOLDER") + gum spin --spinner line \ + --title "Starting..." \ + -- sleep 3 + docker container start $project && + docker exec -it $project /bin/zsh +} + +#stops container +stop() { + project=$(gum input --prompt "$GUM_INPUT_PROMPT" --placeholder "$GUM_INPUT_PLACEHOLDER") + gum spin --spinner line \ + --title "Stopping..." \ + -- sleep 3 + + docker container stop $project +} + +#destroys contaienr and removes shared volume +destroy() { + project=$(gum input --prompt "$GUM_INPUT_PROMPT" --placeholder "$GUM_INPUT_PLACEHOLDER") + gum spin --spinner line \ + --title "POOF" \ + -- sleep 3 + gum style --align center --border $BORDER --width 15 --border-foreground $BORDER_FOREGROUND $(docker container rm $project && rm -r $project) +} + +#backs up shared volume and compresses it. useful for saving engagement artifacts +backup() { + project=$(gum input --prompt "$GUM_INPUT_PROMPT" --placeholder "$GUM_INPUT_PLACEHOLDER") + tar -zcvf "$(date '+%Y-%m-%d_%H-%M-%S%z(%Z)')_$project.tar.gz" $project +} + +#pulls latest or dev image +pull() { + + project=$(gum input --prompt "enter image tag: (dev, latest) " --placeholder " ") + gum spin --spinner meter --title "pulling $project" -- docker pull -q fonalex45/aegis:$project +} + +#help menu +show_help() { + echo 'aegis' | figlet -f shadow | lolcat && + gum style \ + --foreground $FOREGROUND --border-foreground $BORDER_FOREGROUND --border double \ + --align left --width 85 --margin "1 2" --bold --padding "1 2" \ + ' + aegis start - start a container + aegis stop - stop a container + aegis enter- enter running container + aegis destory - destory a container + aegis backup - backup shared volume + aegis pull - update to latest image (dev, latest) + aegis help - view this help menu' +} + +# Parse the command-line arguments +case "$1" in +"start") + start_container + ;; +"enter") + enter + ;; +"stop") + stop + ;; +"destroy") + destroy + ;; +"backup") + backup + ;; +"pull") + pull + ;; +"help") + show_help + ;; +*) + show_help + exit 1 + ;; +esac diff --git a/bash/deploy.sh b/script/deploy.sh similarity index 100% rename from bash/deploy.sh rename to script/deploy.sh diff --git a/sources/0-base.sh b/sources/0-base.sh index 0937c89..bb5b52a 100644 --- a/sources/0-base.sh +++ b/sources/0-base.sh @@ -1,16 +1,17 @@ #!/bin/bash base() { - sudo apt-get install -y \ - wget curl man git lolcat \ - figlet tmux tree mousepad \ - hexcurse file ruby ruby-dev \ - vim nano p7zip-full kali-themes \ - djvulibre-bin python3-pip \ - python3-virtualenv libpcap-dev \ - jq xpdf pipx man-db exploitdb \ - rpcbind nfs-common feh cmake \ - ntp ntpdate bash-completion zsh firefox-esr + sudo apt-get install -y \ + wget curl man git lolcat \ + figlet tmux tree mousepad \ + hexcurse file ruby ruby-dev \ + vim nano p7zip-full kali-themes \ + djvulibre-bin python3-pip \ + python3-virtualenv libpcap-dev \ + jq xpdf pipx man-db exploitdb \ + rpcbind nfs-common feh cmake \ + ntp ntpdate bash-completion zsh + } # home_brew() { @@ -18,34 +19,35 @@ base() { # } network() { - sudo apt-get install -y \ - netcat-traditional socat \ - rlwrap nmap \ - netdiscover masscan \ - dnsutils onesixtyone \ - braa tcpdump \ - ftp telnet swaks \ - snmpcheck snmpcheck \ - snmp-mibs-downloader iputils-ping \ - iproute2 proxychains \ - sendmail ltrace \ - raven faketime mitmproxy + sudo apt-get install -y \ + netcat-traditional socat \ + rlwrap nmap \ + netdiscover masscan \ + dnsutils onesixtyone \ + braa tcpdump \ + ftp telnet swaks \ + snmpcheck snmpcheck \ + snmp-mibs-downloader iputils-ping \ + iproute2 proxychains \ + sendmail ltrace \ + raven faketime mitmproxy \ + netexec } active_directory() { - sudo apt-get install -y \ - smbclient evil-winrm \ - responder powershell \ - ldap-utils enum4linux-ng \ - bloodhound.py + sudo apt-get install -y \ + smbclient evil-winrm \ + responder powershell \ + ldap-utils enum4linux-ng \ + bloodhound.py } osint_tools() { - sudo apt-get install -y \ - csvtool vinetto \ - sqlitebrowser exiflooter \ - h8mail reconspider \ - sn0int cewl seclists + sudo apt-get install -y \ + csvtool vinetto \ + sqlitebrowser exiflooter \ + h8mail reconspider \ + sn0int cewl seclists sploitscan } base diff --git a/sources/1-tools.sh b/sources/1-tools.sh index a3df5ec..411b0e2 100644 --- a/sources/1-tools.sh +++ b/sources/1-tools.sh @@ -1,93 +1,79 @@ #!/bin/bash web() { - sudo apt-get install -y \ - whatweb ffuf \ - sqlmap exiftool \ - default-mysql-client \ - hurl postgresql \ - arjun sqsh burpsuite + sudo apt-get install -y \ + whatweb ffuf \ + sqlmap exiftool \ + default-mysql-client \ + hurl postgresql \ + arjun sqsh burpsuite } web_server() { - wget https://github.com/svenstaro/miniserve/releases/download/v0.26.0/miniserve-0.26.0-x86_64-unknown-linux-gnu -q \ - -O miniserve && chmod +x ./miniserve && mv ./miniserve $HOME/.local/bin/miniserve + wget "https://github.com/svenstaro/miniserve/releases/download/v0.26.0/miniserve-0.26.0-x86_64-unknown-linux-gnu" -q \ + -O miniserve && chmod +x ./miniserve && mv ./miniserve $HOME/.local/bin/miniserve } snyk-cli() { - curl --compressed "https://static.snyk.io/cli/latest/snyk-linux?_gl=1*1elhg4m*_ga*MTI5NzM0MzE4LjE3MTQ5MTg0NDY.*_ga_X9SH3KP7B4*MTcxNDkyOTE4Ni4yLjEuMTcxNDkyOTU5NC41Ni4wLjA." -o snyk && - chmod +x ./snyk && mv ./snyk $HOME/.local/bin/snyk + curl --compressed "https://static.snyk.io/cli/latest/snyk-linux?_gl=1*1elhg4m*_ga*MTI5NzM0MzE4LjE3MTQ5MTg0NDY.*_ga_X9SH3KP7B4*MTcxNDkyOTE4Ni4yLjEuMTcxNDkyOTU5NC41Ni4wLjA." -o snyk && + chmod +x ./snyk && mv ./snyk $HOME/.local/bin/snyk } password() { - sudo apt-get install -y crunch + sudo apt-get install -y crunch } -# install_go() { -# wget https://go.dev/dl/go1.22.0.linux-amd64.tar.gz && -# sudo rm -rf /usr/local/go && -# tar -C $HOME/.local/bin -xzf go1.22.0.linux-amd64.tar.gz && -# rm go1.22.0.linux-amd64.tar.gz -# } - payload() { - cd $HOME/tools/ && - wget -q -O nc.exe \ - "https://github.com/ShutdownRepo/Exegol-resources/raw/main/windows/nc.exe" && - wget -q -O nc \ - "https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/ncat" + cd $HOME/tools/ && + wget -q -O nc.exe \ + "https://github.com/ShutdownRepo/Exegol-resources/raw/main/windows/nc.exe" && + wget -q -O nc \ + "https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/ncat" } active_directory() { - cd $HOME/tools/ && - wget -q -O rubeus.exe \ - "https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/master/Rubeus.exe" && - wget -q -O certify.exe \ - "https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/master/Certify.exe" && - #wget "https://github.com/fortra/impacket/releases/download/impacket_0_11_0/impacket-0.11.0.tar.gz" && - #gunzip impacket-0.11.0.tar.gz && tar -xvf impacket-0.11.0.tar && - # mv impacket-0.11.0/ /home/kali/.local/ && rm impacket-0.11.0.tar && - wget -q -O sharp.ps1 \ - "https://github.com/BloodHoundAD/BloodHound/raw/master/Collectors/SharpHound.ps1" && - wget -q -O SharpHound.exe \ - "https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Collectors/SharpHound.exe" - #wget -q -O netexec \ - # "https://github.com/Pennyw0rth/NetExec/releases/download/v1.1.0/nxc" && - #chmod +x netexec && sudo mv netexec /home/kali/.local/bin/netexec + cd $HOME/tools/ && + wget -q -O rubeus.exe \ + "https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/master/Rubeus.exe" && + wget -q -O certify.exe \ + "https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/master/Certify.exe" && + wget -q -O sharp.ps1 \ + "https://github.com/BloodHoundAD/BloodHound/raw/master/Collectors/SharpHound.ps1" && + wget -q -O SharpHound.exe \ + "https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Collectors/SharpHound.exe" } pivot() { - cd $HOME/tools/ && - wget -q -O chisel.gz \ - "https://github.com/jpillora/chisel/releases/download/v1.9.1/chisel_1.9.1_linux_amd64.gz" && - gunzip chisel.gz && - wget -q -O win-chisel.gz \ - "https://github.com/jpillora/chisel/releases/download/v1.9.1/chisel_1.9.1_windows_amd64.gz" && - gunzip win-chisel.gz + cd $HOME/tools/ && + wget -q -O chisel.gz \ + "https://github.com/jpillora/chisel/releases/download/v1.9.1/chisel_1.9.1_linux_amd64.gz" && + gunzip chisel.gz && + wget -q -O win-chisel.gz \ + "https://github.com/jpillora/chisel/releases/download/v1.9.1/chisel_1.9.1_windows_amd64.gz" && + gunzip win-chisel.gz } privesc() { - cd $HOME/tools/ && - wget -q -O linpeas \ - "https://github.com/carlospolop/PEASS-ng/releases/download/20231029-83b8fbe1/linpeas_linux_amd64" && - wget -q -O winpeas.exe \ - "https://github.com/carlospolop/PEASS-ng/releases/download/20231029-83b8fbe1/winPEASany.exe" && - wget -q -O pspys \ - "https://github.com/DominicBreuker/pspy/releases/download/v1.2.1/pspy64s" && - wget -q -O pspy \ - "https://github.com/DominicBreuker/pspy/releases/download/v1.2.1/pspy64" + cd $HOME/tools/ && + wget -q -O linpeas \ + "https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh" && + wget -q -O winpeas.exe \ + "https://github.com/peass-ng/PEASS-ng/releases/download/20240602-829055f0/winPEASx64_ofs.exe" && + wget -q -O pspys \ + "https://github.com/DominicBreuker/pspy/releases/download/v1.2.1/pspy64s" && + wget -q -O pspy \ + "https://github.com/DominicBreuker/pspy/releases/download/v1.2.1/pspy64" } extra() { - cd $HOME/tools/ && - git clone https://github.com/samratashok/nishang.git nishang && - git clone https://github.com/gustanini/PowershellTools.git powershelltools && - git clone https://github.com/aniqfakhrul/powerview.py powerview + cd $HOME/tools/ && + git clone https://github.com/samratashok/nishang.git nishang && + git clone https://github.com/gustanini/PowershellTools.git powershelltools && + git clone https://github.com/aniqfakhrul/powerview.py powerview } web web_server -#install_go snyk-cli password payload @@ -97,4 +83,4 @@ privesc extra wget -q -O $HOME/.local/bin/busybox \ - "https://busybox.net/downloads/binaries/1.35.0-x86_64-linux-musl/busybox" + "https://busybox.net/downloads/binaries/1.35.0-x86_64-linux-musl/busybox" diff --git a/sources/4-home.sh b/sources/4-home.sh index 8ff1065..279b303 100644 --- a/sources/4-home.sh +++ b/sources/4-home.sh @@ -1,14 +1,14 @@ #!/bin/bash mkdir -p $HOME/.config && cp /home/kali/resources/tmux.conf /home/kali/.tmux.conf && - cp -r /home/kali/resources/shell-upgrade.sh /home/kali/tools/shell-upgrade.sh && - cp -r /home/kali/resources/recon.sh /home/kali/.local/bin/recon.sh && chmod +x /home/kali/.local/bin/recon.sh && - cp -r /home/kali/resources/proxychains.conf /home/kali/.proxychains/proxychains.conf && - cp -r /home/kali/resources/kerbrute /home/kali/.local/bin/kerbrute && chmod +x /home/kali/.local/bin/kerbrute && - cp /home/kali/resources/bash/history /home/kali/.history && - cp -r /home/kali/resources/ffuf /home/kali/.config/. && - cp -r /home/kali/resources/.Burpsuite /home/kali/. && - git clone https://github.com/tmux-plugins/tpm $HOME/.tmux/plugins/tpm + cp -r /home/kali/resources/shell-upgrade.sh /home/kali/tools/shell-upgrade.sh && + cp -r /home/kali/resources/recon.sh /home/kali/.local/bin/recon.sh && chmod +x /home/kali/.local/bin/recon.sh && + cp -r /home/kali/resources/proxychains.conf /home/kali/.proxychains/proxychains.conf && + cp -r /home/kali/resources/kerbrute /home/kali/.local/bin/kerbrute && chmod +x /home/kali/.local/bin/kerbrute && + cp -r /home/kali/resources/smbserver.py /home/kali/tools/smbserver.py && + cp -r /home/kali/resources/bash/history /home/kali/.history + +sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended @@ -18,10 +18,20 @@ git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM: cp /home/kali/resources/zsh/.zshrc $HOME/.zshrc +cp /home/kali/resources/zsh/kali.zsh-theme $HOME/.oh-my-zsh/custom/themes/kali.zsh-theme + cp /home/kali/resources/zsh/.zprofile $HOME/.zprofile cp /home/kali/resources/bash/history .commands mkdir .zsh -cp /home/kali/resources/bash/functions.sh $HOME/.zsh/functions.sh +cp /home/kali/resources/zsh/functions.sh $HOME/.zsh/functions.sh + +cp -r /home/kali/resources/zsh/aliases $HOME/.zsh/aliases + +cp /home/kali/resources/starship.toml $HOME/.config/starship.toml + +curl -O https://starship.rs/install.sh && + chmod +x install.sh && + ./install.sh --yes -b $HOME/.local/bin