├── README.md ├── ansible.cfg ├── bins ├── SimpleHTTPServerWithUpload.py ├── handler ├── myip ├── phphttp └── pythonhttp ├── deploy_kali.yml ├── deploy_locally.sh ├── group_vars └── kali.yml ├── hosts.ini ├── imgs └── 1.png ├── roles ├── change_wallpaper.yml ├── deploy_bins.yml ├── deploy_core.yml ├── deploy_design.yml ├── deploy_extra_scripts.yml ├── deploy_scripts.yml ├── deploy_social_engineering.yml ├── deploy_win_scripts.yml ├── deploy_wordlists.yml └── wrap-up.yml └── scripts ├── decorations.sh ├── install-BlackWidow.sh ├── install-EvilURL.sh ├── install-Goohak.sh ├── install-ansible.sh ├── install-aquatone.sh ├── install-dirsearch.sh ├── install-docker.sh ├── install-empire.sh ├── install-gophish.sh ├── install-pip.sh ├── install-powershell.sh ├── install-pycharm.sh ├── install-rpivot.sh ├── install-wfuzz.sh ├── setup-aliases.sh └── update.sh /README.md: -------------------------------------------------------------------------------- 1 | # Kali-TX 2 | 3 | 4 | ### Description 5 | Ansible playbook to deploy important tools that Kali Linux is missing. 6 | 7 | ### How to install locally 8 | ```sh 9 | git clone https://github.com/M507/Kali-TX.git 10 | cd Kali-TX 11 | sudo bash deploy_locally.sh 12 | ``` 13 | 14 | ### Deploys 15 | - Ansible 16 | - Docker 17 | - Empire 18 | - Dirsearch 19 | - Aquatone 20 | - Rpivot 21 | - Tree 22 | - Pycharm 23 | - BruteX 24 | - BlackWidow 25 | - Gophish 26 | - Powershell 27 | - PowerSploit 28 | - EvilWinrm 29 | - QSearchSploit 30 | - Findsploit 31 | - Crackmapexec 32 | - IntruderPayloads 33 | - Invoke-Obfuscation 34 | - PayloadsAllTheThings 35 | - Fuzzdb 36 | - Big-list-of-naughty-strings 37 | - RobotsDisallowed 38 | - SecLists 39 | - Bettercap 40 | - Unicorn 41 | - EvilURL 42 | 43 | 44 | ### Changelog 45 | ```sh 46 | root@kali:~# echo "Last test on:";lsb_release -a;date 47 | Last test on: 48 | No LSB modules are available. 49 | Distributor ID: Kali 50 | Description: Kali GNU/Linux Rolling 51 | Release: 2020.1 52 | Codename: kali-rolling 53 | Sat 13 Jun 2020 54 | root@kali:~# echo "Last test on:";lsb_release -a;date 55 | Last test on: 56 | No LSB modules are available. 57 | Distributor ID: Kali 58 | Description: Kali GNU/Linux Rolling 59 | Release: 2019.4 60 | Codename: kali-rolling 61 | Wed 11 Dec 2019 62 | root@kali:~# 63 | ``` 64 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | host_key_checking = False -------------------------------------------------------------------------------- /bins/SimpleHTTPServerWithUpload.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | """Simple HTTP Server With Upload. 4 | 5 | This module builds on BaseHTTPServer by implementing the standard GET 6 | and HEAD requests in a fairly straightforward manner. 7 | 8 | see: https://gist.github.com/UniIsland/3346170 9 | """ 10 | 11 | 12 | __version__ = "0.1" 13 | __all__ = ["SimpleHTTPRequestHandler"] 14 | __author__ = "bones7456" 15 | __home_page__ = "http://li2z.cn/" 16 | 17 | import os 18 | import posixpath 19 | import http.server 20 | import urllib.request, urllib.parse, urllib.error 21 | import html 22 | import shutil 23 | import mimetypes 24 | import re 25 | from io import BytesIO 26 | 27 | 28 | class SimpleHTTPRequestHandler(http.server.BaseHTTPRequestHandler): 29 | 30 | """Simple HTTP request handler with GET/HEAD/POST commands. 31 | 32 | This serves files from the current directory and any of its 33 | subdirectories. The MIME type for files is determined by 34 | calling the .guess_type() method. And can reveive file uploaded 35 | by client. 36 | 37 | The GET/HEAD/POST requests are identical except that the HEAD 38 | request omits the actual contents of the file. 39 | 40 | """ 41 | 42 | server_version = "SimpleHTTPWithUpload/" + __version__ 43 | 44 | def do_GET(self): 45 | """Serve a GET request.""" 46 | f = self.send_head() 47 | if f: 48 | self.copyfile(f, self.wfile) 49 | f.close() 50 | 51 | def do_HEAD(self): 52 | """Serve a HEAD request.""" 53 | f = self.send_head() 54 | if f: 55 | f.close() 56 | 57 | def do_POST(self): 58 | """Serve a POST request.""" 59 | r, info = self.deal_post_data() 60 | print((r, info, "by: ", self.client_address)) 61 | f = BytesIO() 62 | f.write(b'') 63 | f.write(b"\nUpload Result Page\n") 64 | f.write(b"\n

Upload Result Page

\n") 65 | f.write(b"
\n") 66 | if r: 67 | f.write(b"Success:") 68 | else: 69 | f.write(b"Failed:") 70 | f.write(info.encode()) 71 | f.write(("
back" % self.headers['referer']).encode()) 72 | f.write(b"
Powerd By: bones7456, check new version at ") 73 | f.write(b"") 74 | f.write(b"here.\n\n") 75 | length = f.tell() 76 | f.seek(0) 77 | self.send_response(200) 78 | self.send_header("Content-type", "text/html") 79 | self.send_header("Content-Length", str(length)) 80 | self.end_headers() 81 | if f: 82 | self.copyfile(f, self.wfile) 83 | f.close() 84 | 85 | def deal_post_data(self): 86 | content_type = self.headers['content-type'] 87 | if not content_type: 88 | return (False, "Content-Type header doesn't contain boundary") 89 | boundary = content_type.split("=")[1].encode() 90 | remainbytes = int(self.headers['content-length']) 91 | line = self.rfile.readline() 92 | remainbytes -= len(line) 93 | if not boundary in line: 94 | return (False, "Content NOT begin with boundary") 95 | line = self.rfile.readline() 96 | remainbytes -= len(line) 97 | fn = re.findall(r'Content-Disposition.*name="file"; filename="(.*)"', line.decode()) 98 | if not fn: 99 | return (False, "Can't find out file name...") 100 | path = self.translate_path(self.path) 101 | fn = os.path.join(path, fn[0]) 102 | line = self.rfile.readline() 103 | remainbytes -= len(line) 104 | line = self.rfile.readline() 105 | remainbytes -= len(line) 106 | try: 107 | out = open(fn, 'wb') 108 | except IOError: 109 | return (False, "Can't create file to write, do you have permission to write?") 110 | 111 | preline = self.rfile.readline() 112 | remainbytes -= len(preline) 113 | while remainbytes > 0: 114 | line = self.rfile.readline() 115 | remainbytes -= len(line) 116 | if boundary in line: 117 | preline = preline[0:-1] 118 | if preline.endswith(b'\r'): 119 | preline = preline[0:-1] 120 | out.write(preline) 121 | out.close() 122 | return (True, "File '%s' upload success!" % fn) 123 | else: 124 | out.write(preline) 125 | preline = line 126 | return (False, "Unexpect Ends of data.") 127 | 128 | def send_head(self): 129 | """Common code for GET and HEAD commands. 130 | 131 | This sends the response code and MIME headers. 132 | 133 | Return value is either a file object (which has to be copied 134 | to the outputfile by the caller unless the command was HEAD, 135 | and must be closed by the caller under all circumstances), or 136 | None, in which case the caller has nothing further to do. 137 | 138 | """ 139 | path = self.translate_path(self.path) 140 | f = None 141 | if os.path.isdir(path): 142 | if not self.path.endswith('/'): 143 | # redirect browser - doing basically what apache does 144 | self.send_response(301) 145 | self.send_header("Location", self.path + "/") 146 | self.end_headers() 147 | return None 148 | for index in "index.html", "index.htm": 149 | index = os.path.join(path, index) 150 | if os.path.exists(index): 151 | path = index 152 | break 153 | else: 154 | return self.list_directory(path) 155 | ctype = self.guess_type(path) 156 | try: 157 | # Always read in binary mode. Opening files in text mode may cause 158 | # newline translations, making the actual size of the content 159 | # transmitted *less* than the content-length! 160 | f = open(path, 'rb') 161 | except IOError: 162 | self.send_error(404, "File not found") 163 | return None 164 | self.send_response(200) 165 | self.send_header("Content-type", ctype) 166 | fs = os.fstat(f.fileno()) 167 | self.send_header("Content-Length", str(fs[6])) 168 | self.send_header("Last-Modified", self.date_time_string(fs.st_mtime)) 169 | self.end_headers() 170 | return f 171 | 172 | def list_directory(self, path): 173 | """Helper to produce a directory listing (absent index.html). 174 | 175 | Return value is either a file object, or None (indicating an 176 | error). In either case, the headers are sent, making the 177 | interface the same as for send_head(). 178 | 179 | """ 180 | try: 181 | list = os.listdir(path) 182 | except os.error: 183 | self.send_error(404, "No permission to list directory") 184 | return None 185 | list.sort(key=lambda a: a.lower()) 186 | f = BytesIO() 187 | displaypath = html.escape(urllib.parse.unquote(self.path)) 188 | f.write(b'') 189 | f.write(("\nDirectory listing for %s\n" % displaypath).encode()) 190 | f.write(("\n

Directory listing for %s

\n" % displaypath).encode()) 191 | f.write(b"
\n") 192 | f.write(b"
") 193 | f.write(b"") 194 | f.write(b"
\n") 195 | f.write(b"
\n\n
\n\n\n") 209 | length = f.tell() 210 | f.seek(0) 211 | self.send_response(200) 212 | self.send_header("Content-type", "text/html") 213 | self.send_header("Content-Length", str(length)) 214 | self.end_headers() 215 | return f 216 | 217 | def translate_path(self, path): 218 | """Translate a /-separated PATH to the local filename syntax. 219 | 220 | Components that mean special things to the local file system 221 | (e.g. drive or directory names) are ignored. (XXX They should 222 | probably be diagnosed.) 223 | 224 | """ 225 | # abandon query parameters 226 | path = path.split('?',1)[0] 227 | path = path.split('#',1)[0] 228 | path = posixpath.normpath(urllib.parse.unquote(path)) 229 | words = path.split('/') 230 | words = [_f for _f in words if _f] 231 | path = os.getcwd() 232 | for word in words: 233 | drive, word = os.path.splitdrive(word) 234 | head, word = os.path.split(word) 235 | if word in (os.curdir, os.pardir): continue 236 | path = os.path.join(path, word) 237 | return path 238 | 239 | def copyfile(self, source, outputfile): 240 | """Copy all data between two file objects. 241 | 242 | The SOURCE argument is a file object open for reading 243 | (or anything with a read() method) and the DESTINATION 244 | argument is a file object open for writing (or 245 | anything with a write() method). 246 | 247 | The only reason for overriding this would be to change 248 | the block size or perhaps to replace newlines by CRLF 249 | -- note however that this the default server uses this 250 | to copy binary data as well. 251 | 252 | """ 253 | shutil.copyfileobj(source, outputfile) 254 | 255 | def guess_type(self, path): 256 | """Guess the type of a file. 257 | 258 | Argument is a PATH (a filename). 259 | 260 | Return value is a string of the form type/subtype, 261 | usable for a MIME Content-type header. 262 | 263 | The default implementation looks the file's extension 264 | up in the table self.extensions_map, using application/octet-stream 265 | as a default; however it would be permissible (if 266 | slow) to look inside the data to make a better guess. 267 | 268 | """ 269 | 270 | base, ext = posixpath.splitext(path) 271 | if ext in self.extensions_map: 272 | return self.extensions_map[ext] 273 | ext = ext.lower() 274 | if ext in self.extensions_map: 275 | return self.extensions_map[ext] 276 | else: 277 | return self.extensions_map[''] 278 | 279 | if not mimetypes.inited: 280 | mimetypes.init() # try to read system mime.types 281 | extensions_map = mimetypes.types_map.copy() 282 | extensions_map.update({ 283 | '': 'application/octet-stream', # Default 284 | '.py': 'text/plain', 285 | '.c': 'text/plain', 286 | '.h': 'text/plain', 287 | }) 288 | 289 | 290 | def test(HandlerClass = SimpleHTTPRequestHandler, 291 | ServerClass = http.server.HTTPServer): 292 | http.server.test(HandlerClass, ServerClass) 293 | 294 | if __name__ == '__main__': 295 | test() 296 | -------------------------------------------------------------------------------- /bins/handler: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ $# -ne 3 ]; then 4 | echo "Enter arguments please :)" 5 | echo "handler windows/meterpreter/reverse_tcp 10.11.0.77 445 " 6 | exit 1 7 | fi 8 | 9 | msfconsole -x "use exploit/multi/handler;set PAYLOAD $1; set LHOST $2;set LPORT $3;set ExitOnSession false; run" 10 | 11 | -------------------------------------------------------------------------------- /bins/myip: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | curl http://httpbin.org/ip 3 | -------------------------------------------------------------------------------- /bins/phphttp: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ "$#" -eq "1" ] 3 | then 4 | php -S 0.0.0.0:$1 5 | else 6 | php -S 0.0.0.0:80 7 | fi 8 | -------------------------------------------------------------------------------- /bins/pythonhttp: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ "$#" -eq "1" ] 3 | then 4 | python -m SimpleHTTPServer $1 5 | else 6 | python -m SimpleHTTPServer 80 7 | fi 8 | -------------------------------------------------------------------------------- /deploy_kali.yml: -------------------------------------------------------------------------------- 1 | - hosts: kali 2 | tasks: 3 | # Wallpaper 4 | - import_tasks: roles/change_wallpaper.yml 5 | # Install the core packages 6 | - import_tasks: roles/deploy_core.yml 7 | # Scripts deploy - Each script is for a tool 8 | # Install scripts are in the dir Scripts 9 | - import_tasks: roles/deploy_scripts.yml 10 | # Windows Red Team tools 11 | - import_tasks: roles/deploy_win_scripts.yml 12 | # Extra good stuff :) 13 | - import_tasks: roles/deploy_extra_scripts.yml 14 | # Helpful tools before pentesting engagements 15 | #- import_tasks: roles/deploy_social_engineering.yml 16 | # Deploy leaked/SecList wordlists 17 | - import_tasks: roles/deploy_wordlists.yml 18 | # Deploy bins 19 | - import_tasks: roles/deploy_bins.yml 20 | - import_tasks: roles/wrap-up.yml 21 | 22 | -------------------------------------------------------------------------------- /deploy_locally.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo 'Do not forget to change the credentials in hosts.ini' 4 | echo "Kill this process if you haven't changed them" 5 | sleep 8 6 | 7 | # Run as root 8 | if [[ $EUID -ne 0 ]]; then 9 | echo "This script must be run as root" 10 | exit 1 11 | fi 12 | 13 | 14 | echo 'This might take over 15 minutes, so curl https://$( cat Starbucks.menu | grep coffee )' 15 | 16 | 17 | sshd='/etc/ssh/sshd_config' 18 | string1=$(cat $sshd | grep PermitRootLogin ) 19 | string2=$(cat hosts.ini | grep ansible_user=root) 20 | 21 | # If you are deplying it with the root user 22 | if [[ $string2 == *"root"* ]]; then 23 | echo "Checking "$sshd ".. " 24 | if [[ $string1 == *"yes"* ]]; then 25 | echo "SSH configuration is all set." 26 | else 27 | echo "PermitRootLogin is disabled" 28 | echo "Backing up "$sshd ".." 29 | cp $sshd $sshd.bk 30 | echo "Modifying "$sshd ".." 31 | sed 's/PermitRootLogin/PermitRootLogin yes#/' $sshd.bk > $sshd 32 | systemctl restart ssh 33 | fi 34 | fi 35 | 36 | # Fix the source repositories list 37 | echo " 38 | deb http://http.kali.org/kali kali-rolling main non-free contrib 39 | deb http://kali.cs.nctu.edu.tw/kali kali-rolling main contrib non-free 40 | deb-src http://http.kali.org/kali kali-rolling main non-free contrib 41 | " >> /etc/apt/sources.list 42 | 43 | 44 | # Deploy 45 | echo 'Updating..' 46 | bash scripts/update.sh 47 | # Install ansible 48 | echo 'Installing Ansible..' 49 | bash scripts/install-ansible.sh 50 | # Start SSH 51 | echo 'Starting SSH..' 52 | systemctl start ssh 53 | # Start deploying 54 | ansible-playbook deploy_kali.yml -i hosts.ini -e 'ansible_python_interpreter=/usr/bin/python3' 55 | 56 | 57 | # If you are deplying it with the root user 58 | if [[ $string2 == *"root"* ]]; then 59 | if [[ $string1 == *"yes"* ]]; then 60 | echo "All set. Hack the planet!" 61 | else 62 | echo "Recovering "$sshd ".." 63 | # Recover the old sshd_config file 64 | mv $sshd.bk $sshd 65 | fi 66 | fi 67 | -------------------------------------------------------------------------------- /group_vars/kali.yml: -------------------------------------------------------------------------------- 1 | ansible_user: root 2 | ansible_password: toor 3 | -------------------------------------------------------------------------------- /hosts.ini: -------------------------------------------------------------------------------- 1 | [kali:vars] 2 | ansible_connection=ssh 3 | ansible_user=kali 4 | ansible_password=kali 5 | 6 | [kali] 7 | 127.0.0.1 8 | -------------------------------------------------------------------------------- /imgs/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M507/Kali-TX/88dffbac130a3ca88676504c1242df5d6a3e4dc9/imgs/1.png -------------------------------------------------------------------------------- /roles/change_wallpaper.yml: -------------------------------------------------------------------------------- 1 | #################### Copy executables 2 | - name: Copying the picture 3 | copy: 4 | src: "{{ item }}" 5 | dest: '/root/Pictures' 6 | with_fileglob: 7 | - "imgs/1.png" 8 | 9 | #################### Set the picture 10 | - name: Set the background 11 | shell: gsettings set org.gnome.desktop.background picture-uri file:///root/Pictures/1.png 12 | -------------------------------------------------------------------------------- /roles/deploy_bins.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Copying executables 3 | copy: 4 | src: "{{ item }}" 5 | dest: '/usr/local/bin/' 6 | mode: u+rwx,g+x,o+x 7 | with_fileglob: 8 | - "bins/*" 9 | -------------------------------------------------------------------------------- /roles/deploy_core.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Update 3 | apt: 4 | update_cache: yes 5 | 6 | - name: Installing docker 7 | script: scripts/install-docker.sh 8 | 9 | - name: Install git 10 | apt: 11 | name: git 12 | state: present 13 | 14 | - name: Install pip 15 | script: scripts/install-pip.sh 16 | 17 | - name: Update the database 18 | shell: updatedb 19 | 20 | -------------------------------------------------------------------------------- /roles/deploy_design.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Updating 3 | shell: apt-get update 4 | sudo: true 5 | 6 | - name: Installing git 7 | shell: apt-get install git -y 8 | sudo: true 9 | 10 | - name: Installing tree 11 | shell: apt-get install tree -y 12 | sudo: true 13 | 14 | - name: Updating the database 15 | shell: updatedb 16 | sudo: true 17 | -------------------------------------------------------------------------------- /roles/deploy_extra_scripts.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Update 3 | shell: apt-get update 4 | ignore_errors: True 5 | 6 | - name: Clone Invoke-Obfuscation 7 | shell: git clone https://github.com/danielbohannon/Invoke-Obfuscation.git /opt/Invoke-Obfuscation 8 | ignore_errors: True 9 | 10 | - name: Clone QSearchSploit 11 | shell: git clone https://github.com/M507/QSearchSploit.git /opt/QSearchSploit; cd /opt/QSearchSploit; chmod +x setup.sh; bash setup.sh 12 | ignore_errors: True 13 | 14 | - name: Update the database 15 | shell: updatedb 16 | ignore_errors: True 17 | 18 | -------------------------------------------------------------------------------- /roles/deploy_scripts.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Updating 3 | shell: apt-get update 4 | 5 | - name: Installing dirsearch 6 | script: scripts/install-dirsearch.sh 7 | ignore_errors: True 8 | 9 | - name: Installing rpivot 10 | script: scripts/install-rpivot.sh 11 | ignore_errors: True 12 | 13 | - name: Installing wfuzz 14 | script: scripts/install-wfuzz.sh 15 | ignore_errors: True 16 | 17 | - name: Installing pycharm 18 | script: scripts/install-pycharm.sh 19 | ignore_errors: True 20 | 21 | - name: Installing gophish 22 | script: scripts/install-gophish.sh 23 | ignore_errors: True 24 | 25 | 26 | # PowerShell has some weird dependency, so if something broke, it's because of it. 27 | # It breaks the deployment, needs to be fixed! 28 | #- name: Installing PowerShell 29 | # script: scripts/install-powershell.sh 30 | # sudo: true 31 | 32 | # Git is required 33 | - name: Clone and install IntruderPayloads 34 | shell: git clone https://github.com/1N3/IntruderPayloads.git /opt/IntruderPayloads;cd /opt/IntruderPayloads; chmod +x install.sh; bash install.sh 35 | ignore_errors: True 36 | 37 | # Git is required 38 | #- name: Clone and install Findsploit 39 | # shell: git clone https://github.com/1N3/Findsploit.git /opt/Findsploit;cd /opt/Findsploit; chmod +x install.sh; bash install.sh 40 | # ignore_errors: True 41 | 42 | # Git is required 43 | - name: Clone and install BruteX 44 | shell: git clone https://github.com/1N3/BruteX.git /opt/BruteX; cd /opt/BruteX; chmod +x install.sh; bash install.sh 45 | ignore_errors: True 46 | 47 | # Git is required 48 | - name: Clone and install Goohak 49 | script: scripts/install-Goohak.sh 50 | ignore_errors: True 51 | 52 | # Git is required 53 | - name: Clone and install Aquatone 54 | script: scripts/install-aquatone.sh 55 | ignore_errors: True 56 | 57 | 58 | # Git is required 59 | - name: Clone and install BlackWidow 60 | script: scripts/install-BlackWidow.sh 61 | ignore_errors: True 62 | 63 | 64 | - name: Install bettercap 65 | apt: 66 | name: bettercap 67 | state: present 68 | 69 | - name: Update the database 70 | shell: updatedb 71 | 72 | -------------------------------------------------------------------------------- /roles/deploy_social_engineering.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Updating 3 | shell: apt-get update 4 | sudo: true 5 | 6 | # Generate unicode evil domains for IDN Homograph Attack and detect them. 7 | - name: Coning EvilURL 8 | script: scripts/install-EvilURL.sh 9 | sudo: true 10 | 11 | - name: Updating the database 12 | shell: updatedb 13 | sudo: true 14 | -------------------------------------------------------------------------------- /roles/deploy_win_scripts.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Update 3 | apt: 4 | update_cache: yes 5 | 6 | 7 | - name: Clone and install empire 8 | script: scripts/install-empire.sh 9 | ignore_errors: True 10 | 11 | # Git is required 12 | - name: Clone PowerSploit 13 | shell: git clone https://github.com/PowerShellMafia/PowerSploit.git /opt/PowerSploit 14 | ignore_errors: True 15 | 16 | # Git is required 17 | - name: Clone and install Unicorn 18 | shell: git clone https://github.com/trustedsec/unicorn.git /opt/unicorn ; cd /opt/unicorn; chmod +x unicorn.py 19 | ignore_errors: True 20 | 21 | # Git is required 22 | - name: Clone and install Evil Winrm 23 | shell: cd /opt/;git clone https://github.com/Hackplayers/evil-winrm.git; sudo gem install winrm winrm-fs colorize stringio 24 | ignore_errors: True 25 | 26 | #- name: Install CrackMapExec 27 | # apt: 28 | # name: crackmapexec 29 | # state: present 30 | 31 | - name: Update the database 32 | shell: updatedb 33 | -------------------------------------------------------------------------------- /roles/deploy_wordlists.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Download SecLists 3 | shell: cd /usr/share/wordlists/; git clone https://github.com/danielmiessler/SecLists.git 4 | ignore_errors: True 5 | 6 | - name: Download brutespray 7 | shell: cd /usr/share/wordlists/; git clone https://github.com/x90skysn3k/brutespray.git 8 | ignore_errors: True 9 | 10 | - name: Copying local wordlists 11 | copy: 12 | src: "{{ item }}" 13 | dest: '/usr/share/wordlists/' 14 | with_fileglob: 15 | - "wordlists/*" 16 | 17 | - name: Update the database 18 | shell: updatedb 19 | ignore_errors: True 20 | -------------------------------------------------------------------------------- /roles/wrap-up.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Update 3 | shell: updatedb 4 | ignore_errors: True 5 | 6 | # TODO: Find a better way to do this 7 | #- name: Cleaning 8 | # shell: apt-get autoremove -y && apt-get autoclean && apt-get clean 9 | # sudo: true 10 | -------------------------------------------------------------------------------- /scripts/decorations.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Decoration script 3 | 4 | -------------------------------------------------------------------------------- /scripts/install-BlackWidow.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | git clone https://github.com/1N3/BlackWidow.git /opt/BlackWidow 3 | cd /opt/BlackWidow 4 | cp blackwidow /usr/bin/blackwidow 5 | cp injectx.py /usr/bin/injectx.py 6 | pip install -r requirements.txt 7 | -------------------------------------------------------------------------------- /scripts/install-EvilURL.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | FILE=/opt/EvilURL/evilurl-cli.py 3 | 4 | if [ -f "$FILE" ]; then 5 | echo "Rpivot has been cloned" 6 | else 7 | git clone https://github.com/UndeadSec/EvilURL.git /opt/EvilURL 8 | fi 9 | -------------------------------------------------------------------------------- /scripts/install-Goohak.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | git clone https://github.com/1N3/Goohak.git /opt/Goohak 3 | ln -s /opt/Goohak/goohak /usr/sbin/goohak 4 | chmod +x /usr/sbin/goohak 5 | ln -s /opt/Goohak/hackgoo /usr/sbin/hackgoo 6 | chmod +x /usr/sbin/hackgoo 7 | -------------------------------------------------------------------------------- /scripts/install-ansible.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo rm /var/lib/apt/lists/lock 3 | sudo rm /var/cache/apt/archives/lock 4 | sudo rm /var/lib/dpkg/updates/* 5 | sudo apt-get update -y 6 | sudo apt install python3-pip -y 7 | sudo apt-get install ansible -y 8 | sudo pip3 install ansible 9 | sudo pip3 install pywinrm 10 | sudo apt-get install python3-winrm -y 11 | #SSH 12 | sudo apt-get -y install sshpass 13 | -------------------------------------------------------------------------------- /scripts/install-aquatone.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | cd /opt/ 3 | wget https://github.com/michenriksen/aquatone/releases/download/v1.7.0/aquatone_linux_amd64_1.7.0.zip 4 | mkdir Aquatone/ && unzip aquatone_linux_amd64_1.7.0.zip && mv LICENSE.txt README.md aquatone Aquatone/ 5 | rm aquatone_linux_amd64_1.7.0.zip 6 | ln -s /opt/Aquatone/aquatone /sbin/aquatone 7 | -------------------------------------------------------------------------------- /scripts/install-dirsearch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | FILE=/opt/dirsearch/dirsearch.py 3 | if [ -f "$FILE" ]; then 4 | echo "$FILE exist" 5 | else 6 | cd /opt 7 | git clone https://github.com/maurosoria/dirsearch.git 8 | cd dirsearch 9 | ln -s dirsearch.py /usr/bin/dirsearch.py 10 | fi 11 | -------------------------------------------------------------------------------- /scripts/install-docker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - 3 | echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' > /etc/apt/sources.list.d/docker.list 4 | apt-get update 5 | apt-get install docker-ce -y 6 | apt-get install docker -y 7 | apt-get install docker-compose -y 8 | -------------------------------------------------------------------------------- /scripts/install-empire.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | FILE=/opt/Empire/empire 3 | 4 | if [ -f "$FILE" ]; then 5 | echo "Empire has been installed" 6 | else 7 | cd /opt 8 | git clone https://github.com/EmpireProject/Empire.git 9 | cd Empire 10 | sed -i -e 's/choice = raw_input/choice="" #/g' setup/setup_database.py 11 | expect -c 'spawn ./setup/install.sh ; expect "server"; send "\r"; interact' 12 | ln -s empire /usr/bin/empire 13 | fi 14 | -------------------------------------------------------------------------------- /scripts/install-gophish.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | mkdir -p /opt/Gophish 3 | cd /opt/Gophish 4 | get https://github.com/gophish/gophish/releases/download/0.7.1/gophish-v0.7.1-linux-64bit.zip 5 | unzip gophish-v0.7.1-linux-64bit.zip 6 | rm gophish-v0.7.1-linux-64bit.zip 7 | ln -s gophish /usr/bin/gophish -------------------------------------------------------------------------------- /scripts/install-pip.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | apt-get update 3 | cd /tmp 4 | curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py 5 | python get-pip.py 6 | -------------------------------------------------------------------------------- /scripts/install-powershell.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | wget http://ftp.us.debian.org/debian/pool/main/i/icu/libicu57_57.1-6+deb9u2_amd64.deb 3 | wget http://ftp.us.debian.org/debian/pool/main/i/icu/icu-devtools_57.1-6+deb9u2_amd64.deb 4 | wget http://ftp.us.debian.org/debian/pool/main/u/ust/liblttng-ust0_2.9.0-2+deb9u1_amd64.deb 5 | wget http://ftp.us.debian.org/debian/pool/main/libu/liburcu/liburcu4_0.9.3-1_amd64.deb 6 | wget http://ftp.us.debian.org/debian/pool/main/u/ust/liblttng-ust-ctl2_2.9.0-2+deb9u1_amd64.deb 7 | 8 | dpkg -i liburcu4_0.9.3-1_amd64.deb 9 | dpkg -i liblttng-ust-ctl2_2.9.0-2+deb9u1_amd64.deb 10 | dpkg -i liblttng-ust0_2.9.0-2+deb9u1_amd64.deb 11 | dpkg -i libicu57_57.1-6+deb9u2_amd64.deb 12 | dpkg -i icu-devtools_57.1-6+deb9u2_amd64.deb 13 | # Install 14 | apt update && apt -y install curl gnupg apt-transport-https 15 | curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - 16 | echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-stretch-prod stretch main" > /etc/apt/sources.list.d/powershell.list 17 | apt update -y 18 | apt -y install powershell 19 | # In case 20 | apt --fix-broken install 21 | apt -y install powershell 22 | -------------------------------------------------------------------------------- /scripts/install-pycharm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | cd /opt 3 | wget https://download-cf.jetbrains.com/python/pycharm-community-2019.1.2.tar.gz 4 | tar xvzf pycharm-community-2019.1.2.tar.gz 5 | rm pycharm-community-2019.1.2.tar.gz 6 | ln -s /opt/pycharm-community-2019.1.2/bin/pycharm.sh /root/Desktop/pycharm.sh 7 | -------------------------------------------------------------------------------- /scripts/install-rpivot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | FILE=/opt/rpivot/server.py 3 | 4 | if [ -f "$FILE" ]; then 5 | echo "Rpivot has been cloned" 6 | else 7 | git clone https://github.com/klsecservices/rpivot.git 8 | fi 9 | -------------------------------------------------------------------------------- /scripts/install-wfuzz.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | pip install wfuzz -------------------------------------------------------------------------------- /scripts/setup-aliases.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo " 3 | alias sl='ls' 4 | 5 | ## grep aliases 6 | alias grep="grep --color=auto" 7 | alias ngrep="grep -n" 8 | alias egrep="egrep --color=auto" 9 | alias fgrep="fgrep --color=auto" 10 | 11 | ## List open ports 12 | alias ports="netstat -tulanp" 13 | 14 | ## Extract file, example. "ex package.tar.bz2" 15 | ex() { 16 | if [[ -f $1 ]]; then 17 | case $1 in 18 | *.tar.bz2) tar xjf $1 ;; 19 | *.tar.gz) tar xzf $1 ;; 20 | *.bz2) bunzip2 $1 ;; 21 | *.rar) rar x $1 ;; 22 | *.gz) gunzip $1 ;; 23 | *.tar) tar xf $1 ;; 24 | *.tbz2) tar xjf $1 ;; 25 | *.tgz) tar xzf $1 ;; 26 | *.zip) unzip $1 ;; 27 | *.Z) uncompress $1 ;; 28 | *.7z) 7z x $1 ;; 29 | *) echo $1 cannot be extracted ;; 30 | esac 31 | else 32 | echo $1 is not a valid file 33 | fi 34 | } 35 | 36 | # alias cd='cd ; ls -arthl' 37 | 38 | # ex() is copied from https://github.com/Raikia/Kali-Setup/blob/master/kali.py 39 | #Add here.. 40 | 41 | # Docker aliases 42 | alias dockerkillallimages='docker rmi $(docker images -a -q)' 43 | alias dockerkillall='docker kill $(docker ps -q)' 44 | 45 | # docker exec -it "$@" bash 46 | dockergoto () { 47 | docker exec -it "$@" /bin/sh 48 | } 49 | 50 | alias cls='clear' 51 | 52 | " >> /etc/bash.bashrc 53 | -------------------------------------------------------------------------------- /scripts/update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | apt-get update -y 3 | apt install python3-apt-dbg python-apt-doc python-apt-common python3-apt python3-apt-dbg -y 4 | #apt-get clean && apt-get update && apt-get dist-upgrade 5 | --------------------------------------------------------------------------------