├── Windows_Setup ├── wallpaper.jpg ├── Old │ ├── bginfo.bgi │ ├── windows.choco.old │ └── windows-attackvm.ps1 ├── choco_windows.ps1 └── modern-attackvm.ps1 ├── README.md └── Kali_Setup └── C2andToolsSetupKali.sh /Windows_Setup/wallpaper.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/a7t0fwa7/Attacker_Infrastructure_Setup/HEAD/Windows_Setup/wallpaper.jpg -------------------------------------------------------------------------------- /Windows_Setup/Old/bginfo.bgi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/a7t0fwa7/Attacker_Infrastructure_Setup/HEAD/Windows_Setup/Old/bginfo.bgi -------------------------------------------------------------------------------- /Windows_Setup/Old/windows.choco.old: -------------------------------------------------------------------------------- 1 | New-Item -Path C:\ -Name Temp -ItemType Directory -ErrorAction SilentlyContinue 2 | New-Item -Path C:\ -Name payloads -ItemType Directory -ErrorAction SilentlyContinue 3 | 4 | $env:TEMP = "C:\Temp" 5 | $env:TMP = "C:\Temp" 6 | 7 | # Defender 8 | $Downloads = Get-ItemPropertyValue 'HKCU:\software\microsoft\windows\currentversion\explorer\shell folders\' -Name '{374DE290-123F-4565-9164-39C4925E467B}' 9 | #Add-MpPreference -ExclusionPath $Downloads 10 | #Add-MpPreference -ExclusionPath "C:\payloads\" 11 | Add-MpPreference -ExclusionPath "C:\tools\" 12 | #Add-MpPreference -ExclusionPath "C:\Users\a7t0fwa7" 13 | #Add-MpPreference -ExclusionPath "P:\" 14 | Set-MpPreference -MAPSReporting Disabled 15 | Set-MpPreference -SubmitSamplesConsent NeverSend 16 | 17 | # Packages 18 | choco install cutter 19 | choco install reshack 20 | choco install winapioverride 21 | choco install apimonitor 22 | choco install jregexanalyser 23 | choco install regshot 24 | choco install fakenet 25 | choco install pestudio 26 | choco install openjdk 27 | choco install graphviz 28 | choco install github-desktop 29 | choco install termius 30 | choco install hollowshunter 31 | choco install pebear 32 | choco install radare2 33 | choco feature enable -n allowGlobalConfirmation 34 | choco install 7zip 35 | choco install git 36 | choco install googlechrome 37 | #choco install brave 38 | choco install heidisql 39 | choco install openjdk 40 | choco install putty 41 | choco install sysinternals --params "/InstallDir:C:\\tools\\sysinternals" 42 | choco install vscode 43 | choco install foxitreader 44 | choco install python 45 | choco install pesieve 46 | choco install procexp 47 | choco install nmap 48 | choco install wget 49 | choco install curl 50 | choco install awscli 51 | choco install wireshark 52 | choco install golang 53 | choco install azure-cli 54 | choco install postman 55 | choco install calibre 56 | choco install kubernetes-cli 57 | choco install terraform 58 | choco install cmder 59 | choco install mingw 60 | choco install tor-browser 61 | choco install pip 62 | choco install procmon 63 | choco install psexec 64 | choco install signal 65 | choco install cherrytree 66 | choco install joplin 67 | choco install obsidian 68 | choco install nugetpackagemanager 69 | choco install vscode-cloud-code 70 | choco install vscode-ansible 71 | choco install mingw 72 | choco install codeblocks 73 | choco install notepadplusplus 74 | choco install ghidra 75 | choco install hxd 76 | choco install x64dbg.portable 77 | choco install github-desktop 78 | choco install visualstudio2022community 79 | choco install visualstudio2022-workload-manageddesktop 80 | choco install visualstudio2022-workload-vctools 81 | choco install vcredist140 82 | choco install anaconda3 83 | choco install visualstudio2022community 84 | choco install visualstudio2022buildtools 85 | choco install sysinternals 86 | # Misc 87 | $DesktopPath = [Environment]::GetFolderPath("Desktop") 88 | Remove-Item -Path "C:\Users\Public\Desktop\Boxstarter Shell.lnk" 89 | Remove-Item -Path C:\Temp\ -Recurse -Force 90 | -------------------------------------------------------------------------------- /Windows_Setup/choco_windows.ps1: -------------------------------------------------------------------------------- 1 | # setup_lab.ps1 2 | 3 | # --- Configuration --- 4 | $ToolsDrive = "C:" # Or change to another drive like "D:" if preferred 5 | $ToolsDir = Join-Path $ToolsDrive "tools" 6 | $PayloadsDir = Join-Path $ToolsDrive "payloads" 7 | $TempDir = Join-Path $ToolsDrive "Temp" 8 | 9 | # --- Helper Functions --- 10 | function Test-IsAdmin { 11 | $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent()) 12 | return $currentUser.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) 13 | } 14 | 15 | # --- Script Start --- 16 | 17 | # 1. Check for Administrator Privileges 18 | if (-not (Test-IsAdmin)) { 19 | Write-Error "This script must be run as Administrator." 20 | # Optional: Attempt to relaunch as Admin 21 | # Start-Process powershell.exe -Verb RunAs -ArgumentList "-File `"$PSCommandPath`"" 22 | exit 1 23 | } 24 | Write-Host "Running with Administrator privileges." 25 | 26 | # 2. Check and Install Chocolatey 27 | $chocoCheck = Get-Command choco -ErrorAction SilentlyContinue 28 | if (-not $chocoCheck) { 29 | Write-Host "Chocolatey not found. Attempting installation..." 30 | Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) 31 | if (-not (Get-Command choco -ErrorAction SilentlyContinue)) { 32 | Write-Error "Chocolatey installation failed. Please install manually and re-run." 33 | exit 1 34 | } 35 | Write-Host "Chocolatey installed successfully." 36 | } else { 37 | Write-Host "Chocolatey is already installed." 38 | } 39 | 40 | # 3. Create Directories 41 | Write-Host "Creating directories..." 42 | New-Item -Path $ToolsDrive -Name ($TempDir.Split('\')[-1]) -ItemType Directory -ErrorAction SilentlyContinue | Out-Null 43 | New-Item -Path $ToolsDrive -Name ($PayloadsDir.Split('\')[-1]) -ItemType Directory -ErrorAction SilentlyContinue | Out-Null 44 | New-Item -Path $ToolsDrive -Name ($ToolsDir.Split('\')[-1]) -ItemType Directory -ErrorAction SilentlyContinue | Out-Null 45 | 46 | # 4. Set Temporary Environment Variables for this session 47 | Write-Host "Setting TEMP/TMP environment variables for this session..." 48 | $env:TEMP = $TempDir 49 | $env:TMP = $TempDir 50 | # For persistent system-wide change (requires elevation, uncomment if needed): 51 | # [Environment]::SetEnvironmentVariable('TEMP', $TempDir, 'Machine') 52 | # [Environment]::SetEnvironmentVariable('TMP', $TempDir, 'Machine') 53 | # Write-Host "System TEMP/TMP variables set to $TempDir. A restart/re-login might be needed for full effect." 54 | 55 | # 5. Configure Windows Defender Exclusions and Settings 56 | Write-Host "Configuring Windows Defender settings..." 57 | try { 58 | # Get User's Downloads folder path 59 | $Downloads = Get-ItemPropertyValue 'HKCU:\software\microsoft\windows\currentversion\explorer\shell folders\' -Name '{374DE290-123F-4565-9164-39C4925E467B}' -ErrorAction Stop 60 | 61 | # Add Path Exclusions (Uncomment Downloads if desired) 62 | Write-Host " Adding path exclusions..." 63 | # Add-MpPreference -ExclusionPath $Downloads -ErrorAction Stop 64 | Add-MpPreference -ExclusionPath $PayloadsDir -ErrorAction Stop 65 | Add-MpPreference -ExclusionPath $ToolsDir -ErrorAction Stop 66 | # Add-MpPreference -ExclusionPath "P:\" # Uncomment if needed 67 | 68 | # Disable Cloud/Reporting Features 69 | Write-Host " Disabling cloud reporting and sample submission..." 70 | Set-MpPreference -MAPSReporting Disabled -ErrorAction Stop 71 | Set-MpPreference -SubmitSamplesConsent NeverSend -ErrorAction Stop 72 | 73 | # Disable Common Interference Points for RE/Offsec 74 | Write-Host " Disabling behavior monitoring, script scanning, IOAV, and NIS..." 75 | Set-MpPreference -DisableBehaviorMonitoring $true -ErrorAction Stop 76 | Set-MpPreference -DisableScriptScanning $true -ErrorAction Stop 77 | Set-MpPreference -DisableIOAVProtection $true -ErrorAction Stop # Downloads/Attachments scan 78 | Set-MpPreference -DisableIntrusionPreventionSystem $true -ErrorAction Stop # Network Inspection 79 | 80 | # Optional: Add Process Exclusions if specific tools are consistently flagged 81 | # Example: Add-MpPreference -ExclusionProcess "mydebugger.exe" -ErrorAction Stop 82 | 83 | # --- Use with extreme caution in controlled environments ONLY --- 84 | # Write-Host " WARNING: Disabling Real-time Monitoring!" 85 | # Set-MpPreference -DisableRealtimeMonitoring $true -ErrorAction Stop 86 | # --- End Caution --- 87 | 88 | Write-Host "Defender settings applied." 89 | } catch { 90 | Write-Warning "Failed to configure Windows Defender settings. Error: $($_.Exception.Message)" 91 | # Optionally, you could choose to exit the script here if Defender config is critical 92 | # exit 1 93 | } 94 | 95 | # 6. Configure Chocolatey 96 | Write-Host "Enabling Chocolatey global confirmation..." 97 | choco feature enable -n allowGlobalConfirmation 98 | 99 | # 7. Install Packages 100 | Write-Host "Installing Chocolatey packages..." 101 | 102 | # Core Dev & System Tools 103 | Write-Host " Installing Core Dev & System Tools..." 104 | choco install -y 7zip git chromium brave firefox curl wget putty cmder mingw notepadplusplus sysinternals --params "'/InstallDir:$([System.IO.Path]::Combine($ToolsDir, 'sysinternals'))'" winmerge microsoft-windows-terminal 105 | 106 | # Reverse Engineering & Analysis 107 | Write-Host " Installing Reverse Engineering & Analysis Tools..." 108 | choco install -y cutter reshack winapioverride apimonitor jregexanalyser regshot fakenet pestudio hollowshunter pebear radare2 ghidra hxd x64dbg.portable pesieve die 109 | 110 | # Development Environments & Tools 111 | Write-Host " Installing Development Environments & Tools..." 112 | choco install -y openjdk graphviz python anaconda3 golang visualstudio2022community visualstudio2022buildtools visualstudio2022-workload-manageddesktop visualstudio2022-workload-vctools vcredist140 codeblocks 113 | 114 | # Cloud & Infra 115 | Write-Host " Installing Cloud & Infra Tools..." 116 | choco install -y awscli azure-cli kubernetes-cli terraform pulumi 117 | 118 | # IDEs & Editors 119 | Write-Host " Installing IDEs & Editors..." 120 | choco install -y vscode vscode-cloud-code vscode-ansible 121 | 122 | # Networking & Security 123 | Write-Host " Installing Networking & Security Tools..." 124 | choco install -y nmap wireshark tor-browser netcat mobaexterm processhacker 125 | 126 | # Password Cracking 127 | Write-Host " Installing Password Cracking Tools..." 128 | choco install -y hashcat john-the-ripper 129 | 130 | # Forensics 131 | Write-Host " Installing Forensics Tools..." 132 | choco install -y volatility ftkimager 133 | # Note: For Volatility 3, run manually after Python install: python -m pip install volatility3 134 | 135 | # Databases & Productivity 136 | Write-Host " Installing Databases & Productivity Tools..." 137 | choco install -y heidisql postman calibre termius signal cherrytree joplin obsidian github-desktop foxitreader 138 | 139 | # Package Management (NuGet for VS) 140 | Write-Host " Installing Package Management Tools..." 141 | choco install -y nugetpackagemanager 142 | 143 | Write-Host "Chocolatey package installation process finished." 144 | 145 | # 8. Final Cleanup (Review this section) 146 | # The original script had an item 'B' here. Verify if this is needed or remove. 147 | # Example: Remove Edge shortcut if it exists 148 | # $publicDesktop = [Environment]::GetFolderPath("CommonDesktopDirectory") 149 | # $edgeShortcut = Join-Path $publicDesktop "Microsoft Edge.lnk" 150 | # if (Test-Path $edgeShortcut) { 151 | # Write-Host "Removing Microsoft Edge shortcut from Public Desktop..." 152 | # Remove-Item -Path $edgeShortcut -Force -ErrorAction SilentlyContinue 153 | # } 154 | 155 | Write-Host "Lab setup script finished." 156 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Attack Infrastructure Setup 2 | 3 | This repository contains setup scripts for configuring Kali Linux and Windows environments for penetration testing and development purposes. 4 | 5 | # Kali Linux Setup 6 | 7 | The `Kali_Setup/C2andToolsSetupKali.sh` script automates the configuration of a Kali Linux machine. 8 | 9 | ## Script Overview 10 | 11 | The script performs the following actions: 12 | 1. **System Update:** Updates package lists and installs essential build tools and utilities (`curl`, `wget`, `git`, etc.). 13 | 2. **Network Configuration (Optional):** Includes commented-out code to configure a static IP address on `eth1`, disable NetworkManager, enable IP forwarding, and set up basic `iptables` NAT rules (useful for C2 redirection). *This section is disabled by default.* 14 | 3. **SSH Service:** Enables and starts the `sshd` service. 15 | 4. **Development Tools:** Installs Go, Rust (via `rustup`), .NET SDK, Mingw-w64, Vlang, and Python3 (`pip`, `venv`, `dev`). Configures `GOPATH`. 16 | 5. **Docker:** Installs Docker and adds the current user to the `docker` group. 17 | 6. **Core Security Tools:** Installs VS Code, Evil-WinRM, CrackMapExec, BloodHound (with custom queries), and `smap`. *Note: A step to download an Obfuscated Mimikatz script is included but commented out for safety.* 18 | 7. **Tool Directory Structure:** Creates categorized directories under `/opt` (e.g., `Intel-Tools`, `Command-and-Control`, `AV-Evasion-Tools`). 19 | 8. **Git Repositories:** Clones a large number of security tools from GitHub into the relevant `/opt` directories. Handles updates if directories already exist. Includes special handling for non-Git downloads (e.g., Sub3Suite, Namemash). 20 | 9. **C2 Frameworks:** Clones repositories for Sliver, Mythic, Havoc, and Shad0w C2 frameworks into `/opt/Command-and-Control/`. Installs Havoc dependencies. Includes a custom setup for Covenant that applies extensive modifications ("Venom" theme) and attempts to build it. 21 | 10. **MOTD:** Sets a custom message of the day. 22 | 23 | ## Installation Steps 24 | 25 | 1. **Change Kali Password:** Open a terminal and change the default user's password: 26 | ```bash 27 | passwd 28 | ``` 29 | 2. **Set Root Password (Optional but recommended):** Gain root privileges and set a password for the root account: 30 | ```bash 31 | sudo -i 32 | passwd 33 | ``` 34 | Log out and log back in as your regular user. 35 | 3. **Run the Setup Script:** Download and execute the script using `curl` and `bash`. It will prompt for your `sudo` password as needed. 36 | ```bash 37 | curl -sS https://raw.githubusercontent.com/a7t0fwa7/Attack_Infra_Setup/main/Kali_Setup/C2andToolsSetupKali.sh | sudo bash - 38 | ``` 39 | 4. **Allow Root SSH Login (Optional - Security Risk):** If you need to SSH directly as root: 40 | * Edit the SSH config: `sudo nano /etc/ssh/sshd_config` 41 | * Find the `#PermitRootLogin prohibit-password` line (or similar) and change it to `PermitRootLogin yes`. 42 | * Save the file (Ctrl+O, Enter) and exit (Ctrl+X). 43 | * Restart the SSH service: `sudo systemctl restart sshd` 44 | * **Warning:** Allowing direct root login via SSH is generally discouraged for security reasons. Use key-based authentication if possible. 45 | 46 | 5. **Post-Installation:** 47 | * **Log out and log back in** or **restart your shell** (`source ~/.profile`, `source ~/.zshrc`, or reboot) for `PATH` changes (Go, Rust) and Docker group membership to take effect. 48 | * **C2 Framework Setup:** Most C2 frameworks (Mythic, Havoc, Sliver, Shad0w) require additional manual configuration, building, or setup steps. Refer to their respective documentation. 49 | * **Network Config:** If you need the static IP/NAT configuration, uncomment the `setup_network` line near the bottom of the `C2andToolsSetupKali.sh` script before running it, or manually configure your network as needed. 50 | 51 | ## Alternative Kali Install (PimpmyKali) 52 | 53 | Alternatively, you can use PimpmyKali: 54 | 1. Download: `git clone https://github.com/Dewalt-arch/pimpmykali.git` 55 | 2. Follow instructions in the PimpmyKali repository. 56 | 3. Launch: `cd pimpmykali && sudo bash pimpmykali.sh` 57 | 58 | --- 59 | 60 | # Windows Setup 61 | 62 | There are two options for setting up a Windows environment for pentesting and red team operations: 63 | 64 | 1. **Standard Setup** using the `Windows_Setup/choco_windows.ps1` script 65 | 2. **Modern Attack VM Setup** using the new `Windows_Setup/modern-attackvm.ps1` script (recommended) 66 | 67 | ## Standard Setup Script Overview 68 | 69 | The `Windows_Setup/choco_windows.ps1` script performs the following actions: 70 | 1. **Admin Check:** Verifies it's running with Administrator privileges. 71 | 2. **Chocolatey Install:** Installs Chocolatey if it's not already present. 72 | 3. **Directory Creation:** Creates `C:\tools`, `C:\payloads`, and `C:\Temp`. 73 | 4. **Environment Variables:** Sets the current session's `TEMP` and `TMP` variables to `C:\Temp`. 74 | 5. **Windows Defender Configuration:** 75 | * Adds path exclusions for `C:\tools`, `C:\payloads`. 76 | * Disables MAPS reporting, sample submission, behavior monitoring, script scanning, IOAV protection (scan on download), and the Network Inspection System (NIS). 77 | * *Note: Disabling Real-time Monitoring is commented out for safety.* 78 | 6. **Chocolatey Configuration:** Enables global confirmations (`-y` equivalent). 79 | 7. **Package Installation:** Installs a wide variety of tools using `choco install -y`, including: 80 | * **Core Dev & System:** 7zip, Git, browsers (Chromium, Brave, Firefox), curl, wget, Putty, Cmder, Mingw, Notepad++, Sysinternals, WinMerge, Windows Terminal. 81 | * **Reverse Engineering & Analysis:** Cutter, Resource Hacker, WinAPIOverride, API Monitor, RegShot, FakeNet-NG, PEStudio, HollowsHunter, PE-bear, Radare2, Ghidra, HxD, x64Dbg, PESieve, Detect It Easy (DIE). 82 | * **Development:** OpenJDK, Graphviz, Python, Anaconda3, Go, Visual Studio 2022 (Community, Build Tools, Managed Desktop & C++ workloads), vcredist, Code::Blocks. 83 | * **Cloud & Infra:** AWS CLI, Azure CLI, Kubectl, Terraform, Pulumi. 84 | * **IDEs & Editors:** VS Code (with Cloud Code, Ansible extensions). 85 | * **Networking & Security:** Nmap, Wireshark, Tor Browser, Netcat (ncat), MobaXterm. 86 | * **Password Cracking:** Hashcat, John the Ripper. 87 | * **Forensics:** Volatility, FTK Imager. 88 | * **Databases & Productivity:** HeidiSQL, Postman, Calibre, Termius, Signal, CherryTree, Joplin, GitHub Desktop, Foxit Reader. 89 | * **Package Management:** NuGet Package Manager. 90 | 91 | ## Modern Attack VM Setup (Recommended) 92 | 93 | The new `Windows_Setup/modern-attackvm.ps1` script is a modernized and enhanced version that combines the best features of both `windows-attackvm.ps1` and `choco_windows.ps1`. 94 | 95 | ### Key Features and Improvements 96 | 97 | 1. **Modular Design:** Organized into functions for better maintainability and clarity 98 | 2. **Enhanced Configurability:** Settings are in a configuration hash table 99 | 3. **Robust Error Handling:** Try-catch blocks with detailed error reporting 100 | 4. **Comprehensive Logging:** Logs to both console and file 101 | 5. **Categorized Tool Installation:** Tools are organized by purpose and function 102 | 6. **Optimized Tool Management:** 103 | * Uses Chocolatey for packages with official repositories 104 | * Uses Git for specialized/bleeding-edge tools 105 | 7. **Improved Networking Configuration:** More robust network setup 106 | 8. **Better UI Configuration:** More reliable configuration of Windows Explorer and desktop 107 | 108 | ### Script Structure 109 | 110 | The script is organized into the following main sections: 111 | 112 | 1. **Configuration:** All settings are stored in a centralized configuration hash 113 | 2. **Helper Functions:** Functions for logging, admin checks, etc. 114 | 3. **Core Functions:** 115 | * `Initialize-Environment`: Creates directories, sets variables 116 | * `Install-Chocolatey`: Installs and configures Chocolatey 117 | * `Configure-WindowsDefender`: Sets exclusions and disables monitoring features 118 | * `Install-ChocolateyTools`: Installs tools via Chocolatey by category 119 | * `Install-GitTools`: Clones repositories by category 120 | * `Install-SpecialTools`: Handles special cases like BloodHound, Neo4j 121 | * `Configure-Networking`: Sets up IP, routes, and hosts 122 | * `Configure-UI`: Sets Windows Explorer options, shortcuts, BGInfo 123 | 4. **Main Execution:** Orchestrates all operations with proper timing and dependency handling 124 | 125 | ## Installation Steps 126 | 127 | ### Option 1: Modern Attack VM Setup (Recommended) 128 | 129 | 1. **Clone Repository:** Ensure you have this repository cloned or downloaded to your Windows machine. 130 | 2. **Open PowerShell as Administrator:** Right-click the Start button and select "Windows PowerShell (Admin)" or "Windows Terminal (Admin)". 131 | 3. **Navigate to Script Directory:** Change directory to where you cloned/downloaded this repository, then into the `Windows_Setup` folder. 132 | ```powershell 133 | # Example: Adjust path as needed 134 | cd C:\Users\YourUser\Downloads\Attack_Infra_Setup\Windows_Setup 135 | ``` 136 | 4. **Set Execution Policy (If Required):** If you haven't run PowerShell scripts before, you might need to bypass the execution policy for this session: 137 | ```powershell 138 | Set-ExecutionPolicy Bypass -Scope Process -Force 139 | ``` 140 | 5. **Run the Modern Setup Script:** Execute the modern script. 141 | ```powershell 142 | .\modern-attackvm.ps1 143 | ``` 144 | 6. **Monitor Progress:** The script provides detailed logging of its progress and any errors encountered. 145 | 7. **Reboot:** After the script finishes, it's recommended to perform a manual reboot to ensure all environment variables, services, and system changes are fully applied. 146 | 147 | ### Option 2: Standard Setup 148 | 149 | 1. **Follow steps 1-4 from Option 1** 150 | 2. **Run the Standard Setup Script:** Execute the original script. 151 | ```powershell 152 | .\choco_windows.ps1 153 | ``` 154 | 3. **Wait:** The script will install Chocolatey (if needed) and then proceed to install all the packages. This can take a significant amount of time depending on your internet connection and system speed. 155 | 4. **Reboot:** After the script finishes. 156 | 157 | ## Post-Installation Notes 158 | 159 | * Both scripts must be run with **Administrator privileges**. 160 | * Windows Defender settings are modified to prevent interference with security tools. Be aware of the security implications in your environment. 161 | * The modern script creates a log file (default: C:\setup_log.txt) that can be examined if issues occur. 162 | * You can customize the modern script by editing the configuration section at the top of the script. 163 | * Some tools require additional configuration after installation - refer to their documentation for details. 164 | -------------------------------------------------------------------------------- /Windows_Setup/Old/windows-attackvm.ps1: -------------------------------------------------------------------------------- 1 | New-Item -Path C:\ -Name Temp -ItemType Directory -ErrorAction SilentlyContinue 2 | New-Item -Path C:\ -Name payloads -ItemType Directory -ErrorAction SilentlyContinue 3 | 4 | $env:TEMP = "C:\Temp" 5 | $env:TMP = "C:\Temp" 6 | 7 | # Defender 8 | $Downloads = Get-ItemPropertyValue 'HKCU:\software\microsoft\windows\currentversion\explorer\shell folders\' -Name '{374DE290-123F-4565-9164-39C4925E467B}' 9 | Add-MpPreference -ExclusionPath $Downloads 10 | Add-MpPreference -ExclusionPath "C:\payloads\" 11 | Add-MpPreference -ExclusionPath "C:\tools\" 12 | Add-MpPreference -ExclusionPath "C:\Users\a7t0fwa7" 13 | Add-MpPreference -ExclusionPath "P:\" 14 | Set-MpPreference -MAPSReporting Disabled 15 | Set-MpPreference -SubmitSamplesConsent NeverSend 16 | 17 | 18 | # GitHub 19 | Invoke-WebRequest -Uri https://github.com/dnSpy/dnSpy/releases/latest/download/dnSpy-netframework.zip -OutFile "$env:TEMP\dnSpy-netframework.zip" 20 | Expand-Archive -Path "$env:TEMP\dnSpy-netframework.zip" -DestinationPath C:\tools\dnSpy 21 | 22 | git clone https://github.com/lengjibo/RedTeamTools.git C:\tools\RedTeamTools 23 | git clone https://github.com/aaaddress1/xlsKami.git C:\tools\ShenHaoMaXlsKami 24 | git clone https://github.com/aaaddress1/Windows-APT-Warfare.git C:\tools\Windows-APT-Warfare 25 | git clone https://github.com/aaaddress1/PR0CESS.git C:\tools\ShenHaoMaPR0CESS 26 | git clone https://github.com/aaaddress1/Skrull.git C:\tools\ShenHaoMaSkrull 27 | git clone https://github.com/timwhitez/Doge-RecycledGate.git C:\tools\Doge-RecycledGate 28 | git clone https://github.com/cube0x0/SyscallPack.git C:\tools\SyscallPack 29 | git clone https://github.com/klezVirus/SysWhispers3.git C:\tools\SysWhispers3 30 | git clone https://github.com/DarkCoderSc/PowerRunAsAttached.git C:\tools\DarkCoderPowerRunAsAttached 31 | git clone https://github.com/DarkCoderSc/PowerRemoteDesktop.git C:\tools\DarkCoderPowerRemoteDesktop 32 | git clone https://github.com/DarkCoderSc/PowerRunAsSystem.git C:\tools\DarkCoderPowerRunAsSystem 33 | git clone https://github.com/ly4k/SpoolFool.git C:\tools\SpoolFool 34 | git clone https://github.com/wavestone-cdt/Invoke-CleverSpray.git C:\tools\Invoke-CleverSpray 35 | git clone https://github.com/Inf0secRabbit/BadAssMacros.git C:\tools\BadAssMacros 36 | git clone https://github.com/sbasu7241/HellsGate.git C:\tools\HellsGate 37 | git clone https://github.com/Ignitetechnologies/Credential-Dumping.git C:\tools\Credential-Dumping 38 | git clone https://github.com/Idov31/FunctionStomping.git C:\tools\FunctionStomping 39 | git clone https://github.com/safe6Sec/GolangBypassAV.git C:\tools\GolangBypassAV 40 | git clone https://github.com/last-byte/DefenderSwitch.git C:\tools\DefenderSwitch 41 | git clone https://github.com/mitchmoser/LACheck.git C:\tools\LocalAdminPrivEscChecker 42 | git clone https://github.com/mgeeky/o365enum.git C:\tools\MGeekys_o365enum 43 | git clone https://github.com/mgeeky/polonium.git C:\tools\MGeekys_map_out_AVs_EDRs_detection_surface_to_identify_their_gaps. 44 | git clone https://github.com/mgeeky/VisualBasicObfuscator.git C:\tools\MGeekys_VB_Obfuscator_unmaintained 45 | git clone https://github.com/mgeeky/Stracciatella.git C:\tools\MGeekys_Strcciatella 46 | git clone https://github.com/mgeeky/ProtectMyTooling.git C:\tools\MGeekys_ProtectMyTooling 47 | git clone https://github.com/mgeeky/mgeeky-gists.git C:\tools\MGeekys_Gists 48 | git clone https://github.com/mgeeky/Penetration-Testing-Tools.git C:\tools\MGeekys_Pentest_Tools 49 | git clone https://github.com/MrTuxx/SocialPwned.git C:\tools\SocialPwned 50 | git clone https://github.com/cmars/onionpipe.git C:\tools\tunneling_onionpipe 51 | git clone https://github.com/irsdl/IIS-ShortName-Scanner.git C:\tools\IIS-ShortName-Scanner 52 | git clone https://github.com/v4d1/Dome.git C:\tools\SubDomainEnum_Dome 53 | git clone https://github.com/whydee86/ComPP.git C:\tools\Password_Gen_ComPP 54 | git clone https://github.com/Taonn/EmailAll.git C:\tools\EmailAll 55 | git clone https://github.com/fox-it/aclpwn.py.git C:\tools\aclpwn 56 | git clone https://github.com/fox-it/Invoke-CredentialPhisher.git C:\tools\Invoke-CredentialPhisher 57 | git clone https://github.com/xforcered/InlineExecute-Assembly.git C:\tools\InlineExecute-Assembly 58 | git clone https://github.com/ORCA666/EVA2.git C:\tools\EVA2 59 | git clone https://github.com/N4kedTurtle/HellsGatePoC.git C:\tools\HellsGatePoC 60 | git clone https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer.git C:\tools\Invoke-BuildAnonymousSMBServer 61 | git clone https://github.com/BC-SECURITY/Offensive-VBA-and-XLS-Entanglement.git C:\tools\Offensive-VBA-and-XLS-Entanglement 62 | git clone https://github.com/fox-it/aclpwn.py.git C:\tools\aclpwn 63 | git clone https://github.com/fox-it/Invoke-CredentialPhisher.git C:\tools\Invoke-CredentialPhisher 64 | git clone https://github.com/xforcered/InlineExecute-Assembly.git C:\tools\InlineExecute-Assembly 65 | git clone https://github.com/ORCA666/EVA2.git C:\tools\EVA2 66 | git clone https://github.com/N4kedTurtle/HellsGatePoC.git C:\tools\HellsGatePoC 67 | git clone https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer.git C:\tools\Invoke-BuildAnonymousSMBServer 68 | git clone https://github.com/BC-SECURITY/Offensive-VBA-and-XLS-Entanglement.git C:\tools\Offensive-VBA-and-XLS-Entanglement 69 | git clone https://github.com/AnErrupTion/LoGiC.NET.git C:\tools\LoGIC.NET 70 | git clone https://github.com/r00t-3xp10it/meterpeter.git C:\tools\Powershell-Meterpreter 71 | git clone https://github.com/GossiTheDog/HiveNightmare.git C:\tools\HiveNightmare 72 | git clone https://github.com/Inf0secRabbit/BadAssMacros.git C:\tools\BadAssMacros 73 | git clone https://github.com/d35ha/CallObfuscator.git C:\tools\CallObfuscator 74 | git clone https://github.com/bats3c/ADCSPwn.git C:\tools\ADCSPwn 75 | git clone https://github.com/ShutdownRepo/targetedKerberoast.git C:\tools\targetedKerberoast 76 | git clone https://github.com/topotam/PetitPotam.git C:\tools\PetitPotam 77 | git clone https://github.com/Flangvik/DeployPrinterNightmare.git C:\tools\DeployPrintNightMare 78 | git clone https://github.com/two06/Inception.git C:\tools\Inception 79 | git clone https://github.com/cube0x0/MiniDump.git C:\tools\MiniDump 80 | git clone https://github.com/xp4xbox/Python-Backdoor.git C:\tools\Python-Backdoor 81 | git clone https://github.com/xp4xbox/PyEvade.git C:\tools\PyEvade 82 | git clone https://github.com/sevagas/macro_pack.git C:\tools\Macro_Pack 83 | git clone https://github.com/ropnop/kerbrute.git C:\tools\kerbrute 84 | git clone https://github.com/Flangvik/SharpCollection.git C:\tools\SharpCollection 85 | git clone https://github.com/sevagas/macro_pack.git C:\tools\Macro_Pack 86 | git clone https://github.com/ZeroPointSecurity/PhishingTemplates.git C:\tools\PhishingTemplates 87 | git clone https://github.com/dafthack/MailSniper.git C:\tools\MailSniper 88 | git clone https://github.com/GhostPack/Seatbelt.git C:\tools\Seatbelt 89 | git clone --branch dev https://github.com/PowerShellMafia/PowerSploit.git C:\tools\PowerSploit 90 | git clone https://github.com/tevora-threat/SharpView.git C:\tools\SharpView 91 | git clone https://github.com/rasta-mouse/Sherlock.git C:\tools\Sherlock 92 | git clone https://github.com/rasta-mouse/Watson.git C:\tools\Watson 93 | git clone https://github.com/hfiref0x/UACME.git C:\tools\UACME 94 | git clone https://github.com/BloodHoundAD/SharpHound3.git C:\tools\SharpHound3 95 | git clone https://github.com/TheWover/donut.git C:\tools\donut 96 | git clone https://github.com/rasta-mouse/MiscTools.git C:\tools\MiscTools 97 | git clone https://github.com/djhohnstein/SharpChrome.git C:\tools\SharpChrome 98 | git clone https://github.com/FSecureLABS/SharpGPOAbuse.git C:\tools\SharpGPOAbuse 99 | git clone https://github.com/NetSPI/PowerUpSQL.git C:\tools\PowerUpSQL 100 | git clone https://github.com/decoder-it/juicy-potato.git C:\tools\juicy-potato 101 | git clone https://github.com/HarmJ0y/DAMP.git C:\tools\DAMP 102 | git clone https://github.com/gentilkiwi/mimikatz.git C:\tools\mimikatz 103 | git clone https://github.com/p3nt4/PowerShdll.git C:\tools\PowerShdll 104 | git clone https://github.com/FortyNorthSecurity/Egress-Assess.git C:\tools\Egress-Assess 105 | #git clone --recursive https://github.com/0xd4d/dnSpy.git C:\tools\dnSpy 106 | git clone https://github.com/leechristensen/SpoolSample.git C:\tools\SpoolSample 107 | git clone https://github.com/itm4n/PrivescCheck.git C:\tools\PrivescCheck 108 | git clone https://github.com/aloksaurabh/OffenPowerSh.git C:\tools\OffenPowerSh 109 | git clone https://github.com/artofwar2306/Invoke-Recon.git C:\tools\Invoke-Recon 110 | git clone https://github.com/danielbohannon/Invoke-Obfuscation.git C:\tools\Invoke-Obfuscation 111 | git clone https://github.com/CBHue/PyFuscation.git C:\tools\PyFuscation 112 | git clone https://github.com/tokyoneon/Chimera.git C:\tools\Chimera 113 | git clone https://github.com/S3cur3Th1sSh1t/WinPwn.git C:\tools\WinPWn 114 | git clone https://github.com/S3cur3Th1sSh1t/PowerSharpPack.git C:\tools\PowerSharpPack 115 | git clone https://github.com/S3cur3Th1sSh1t/MailSniper.git C:\tools\MailSniper 116 | git clone https://github.com/S3cur3Th1sSh1t/Creds.git C:\tools\Creds 117 | git clone https://github.com/S3cur3Th1sSh1t/Invoke-PrintDemon.git C:\tools\Invoke-PrintDemon 118 | git clone https://github.com/S3cur3Th1sSh1t/Invoke-SharpLoader.git C:\tools\Invoke-SharpLoader 119 | git clone https://github.com/S3cur3Th1sSh1t/Invoke-Sharpcradle.git C:\tools\Invoke-SharpCradle 120 | git clone https://github.com/S3cur3Th1sSh1t/Get-System-Techniques.git C:\tools\Get-System-Techniques 121 | git clone https://github.com/S3cur3Th1sSh1t/SharpLocker.git C:\tools\SharpLocker 122 | git clone https://github.com/S3cur3Th1sSh1t/xencrypt.git C:\tools\xencrypt 123 | git clone https://github.com/Flangvik/SimpleSourceProtector.git C:\tools\SimpleSourceProtector 124 | git clone https://github.com/SnaffCon/Snaffler.git C:\tools\Snaffler 125 | git clone https://github.com/Soledge/BlockEtw.git C:\tools\BlockEtw 126 | git clone https://github.com/jxy-s/herpaderping.git C:\tools\herpaderping 127 | git clone https://github.com/bytecod3r/Cobaltstrike-Aggressor-Scripts-Collection.git C:\tools\CobaltStrike-Agressor-Scripts-Collection 128 | git clone https://github.com/bats3c/darkarmour.git C:\tools\darkarmour 129 | git clone https://github.com/RythmStick/AMSITrigger.git C:\tools\AMSITrigger 130 | git clone https://github.com/rasta-mouse/ThreatCheck.git C:tools\ThreatCheck 131 | git clone https://github.com/mkaring/ConfuserEx.git C:\tools\ConfuserEx 132 | git clone https://github.com/whitehat-zero/PowEnum.git C:\tools\PowEnum 133 | git clone https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git C:\tools\WinAndLinPEAS 134 | git clone https://github.com/GhostPack/Seatbelt.git C:\tools\Seatbelt 135 | git clone https://github.com/GhostPack/Rubeus.git C:\tools\Rubeus 136 | git clone https://github.com/GhostPack/SharpDPAPI.git C:\tools\SharpDPAPI 137 | git clone https://github.com/GhostPack/SharpWMI.git C:\tools\SharpWMI 138 | git clone https://github.com/GhostPack/SharpDump.git C:\tools\SharpDump 139 | git clone https://github.com/GhostPack/SafetyKatz.git C:tools\SafetyKatz 140 | git clone https://github.com/7Ragnarok7/Windows-Exploit-Suggester.git C:\tools\Windows-Exploit-Suggestor 141 | git clone https://github.com/bitsadmin/wesng.git C:\tools\Windows-Exploit-Suggester-New-Generation 142 | git clone https://github.com/rasta-mouse/ThreatCheck.git C:\tools\ThreatCheck 143 | 144 | # IE first run 145 | New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer" 146 | New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" 147 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" -Name DisableFirstRunCustomize -Value 1 148 | 149 | # Download DLL Export Viewer 150 | Invoke-WebRequest -Uri 'https://www.nirsoft.net/utils/dllexp-x64.zip' -OutFile "$env:TEMP\dllexp.zip" 151 | Expand-Archive -Path "$env:TEMP\dllexp.zip" -DestinationPath C:\tools\dllExportViewer 152 | 153 | # BloodHound 154 | Invoke-WebRequest -Uri 'https://github.com/BloodHoundAD/BloodHound/releases/latest/download/BloodHound-win32-x64.zip' -OutFile "$env:TEMP\BloodHound.zip" 155 | Expand-Archive -Path "$env:TEMP\BloodHound.zip" -DestinationPath C:\tools\ 156 | Rename-Item -Path C:\tools\BloodHound-win32-x64\ -NewName BloodHound 157 | 158 | # Install BloodHound-CustomQueries 159 | #Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/ZephrFish/Bloodhound-CustomQueries/73be20557538b870d886492ba137e20bcdd8c183/customqueries.json' -OutFile "C:\Users\$user\AppData\Roaming\bloodhound\customqueries.json" 160 | 161 | # Install Neo4j 162 | Invoke-WebRequest -Uri 'https://neo4j.com/artifact.php?name=neo4j-community-4.0.0-windows.zip' -OutFile "$env:TEMP\neo4j.zip" 163 | Expand-Archive -Path "$env:TEMP\neo4j.zip" -DestinationPath C:\tools\ 164 | Rename-Item -Path C:\tools\neo4j-community-4.0.0\ -NewName Neo4j 165 | 166 | # Install Adalanche 167 | git clone https://github.com/lkarlslund/adalanche C:\tools\adalanche 168 | cd C:\tools\adalanche\adalanche 169 | build.cmd 170 | 171 | ## Visual Studio 172 | #Invoke-WebRequest -Uri 'https://marketplace.visualstudio.com/_apis/public/gallery/publishers/VisualStudioClient/vsextensions/MicrosoftVisualStudio2017InstallerProjects/0.9.9/vspackage' -OutFile "$Downloads\InstallerProjects.vsix" 173 | #Invoke-WebRequest -Uri 'https://download.microsoft.com/download/E/E/D/EEDF18A8-4AED-4CE0-BEBE-70A83094FC5A/BuildTools_Full.exe' -OutFile "$Downloads\BuildTools.exe" 174 | #Enable-WindowsOptionalFeature -FeatureName NetFx3 -Online 175 | 176 | ## Visual Studio 177 | #Invoke-WebRequest -Uri 'https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&channel=Release&version=VS2022&source=VSLandingPage&cid=2030&passive=false' -OutFile "$Downloads\VStudio.exe" 178 | 179 | #Invoke-WebRequest -Uri 'https://visualstudioclient.gallerycdn.vsassets.io/extensions/visualstudioclient/microsoftvisualstudio2017installerprojects/1.0.0/1620063166533/InstallerProjects.vsix' -OutFile "$Downloads\InstallerProjects.vsix" 180 | #Invoke-WebRequest -Uri 'https://download.microsoft.com/download/E/E/D/EEDF18A8-4AED-4CE0-BEBE-70A83094FC5A/BuildTools_Full.exe' -OutFile "$Downloads\BuildTools.exe" 181 | Enable-WindowsOptionalFeature -FeatureName NetFx3 -Online 182 | 183 | # GPRegistryPolicy 184 | Install-Module GPRegistryPolicy -Force 185 | 186 | # Networking 187 | ## VMware 188 | netsh interface ip set address "Ethernet1" static 192.168.152.101 255.255.255.0 192.168.152.100 189 | 190 | ## VBox 191 | netsh interface ip set address "Ethernet 2" static 192.168.152.101 255.255.255.0 192.168.152.100 192 | 193 | route add -p 10.8.0.0 mask 255.255.255.0 192.168.152.100 194 | route add -p 10.9.0.0 mask 255.255.255.0 192.168.152.100 195 | route add -p 10.10.110.0 mask 255.255.255.0 192.168.152.100 196 | Add-Content C:\Windows\System32\drivers\etc\hosts "192.168.152.100 kali" 197 | 198 | # UI 199 | Import-Module "$env:ChocolateyInstall\helpers\chocolateyInstaller.psm1" -Force 200 | Set-WindowsExplorerOptions -EnableShowFileExtensions -EnableShowFullPathInTitleBar -EnableExpandToOpenFolder -EnableShowRibbon 201 | Install-ChocolateyShortcut -shortcutFilePath "C:\Users\Public\Desktop\tools.lnk" -targetPath C:\tools\ 202 | Install-ChocolateyShortcut -shortcutFilePath "C:\Users\Public\Desktop\Neo4j.lnk" -targetPath "C:\tools\Neo4j\bin\neo4j.bat" -arguments "console" -runAsAdmin 203 | 204 | New-Item -Path C:\ -Name BGInfo -ItemType Directory -ErrorAction SilentlyContinue 205 | Invoke-WebRequest -Uri 'https://github.com/a7t0fwa7/Attack_Infra_Setup/raw/master/wallpaper.jpg' -OutFile "C:\BGInfo\wallpaper.jpg" 206 | Invoke-WebRequest -Uri 'https://github.com/a7t0fwa7/Attack_Infra_Setup/raw/master/bginfo.bgi' -OutFile "C:\BGInfo\bginfo.bgi" 207 | New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ -Name BGInfo -Value "C:\tools\sysinternals\Bginfo64.exe /accepteula /iC:\BGInfo\bginfo.bgi /timer:0" 208 | 209 | # Misc 210 | #$DesktopPath = [Environment]::GetFolderPath("Desktop") 211 | #Remove-Item -Path "C:\Users\Public\Desktop\Boxstarter Shell.lnk" 212 | #Remove-Item -Path C:\Temp\ -Recurse -Force 213 | -------------------------------------------------------------------------------- /Windows_Setup/modern-attackvm.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Modern Attack VM Setup Script for Windows 4 | .DESCRIPTION 5 | Sets up a Windows-based attack/pentesting VM with a comprehensive set of tools 6 | Combines the best elements of windows-attackvm.ps1 and choco_windows.ps1 7 | .NOTES 8 | Version: 1.0 9 | Creation Date: 2023-10-19 10 | #> 11 | 12 | # --- Configuration --- 13 | $Config = @{ 14 | ToolsDrive = "C:" # Drive for tools installation 15 | ToolsDir = "C:\tools" # Directory for tools 16 | PayloadsDir = "C:\payloads" # Directory for payloads 17 | TempDir = "C:\Temp" # Temporary directory 18 | SetupNetworking = $true # Configure networking 19 | DisableDefender = $true # Configure Windows Defender 20 | InstallChocolateyTools = $true # Install tools via Chocolatey 21 | InstallGitTools = $true # Install tools via Git 22 | ConfigureUI = $true # Configure UI settings (BGInfo, etc.) 23 | VMType = "VMware" # VMware or VBox 24 | NetworkConfig = @{ 25 | IPAddress = "192.168.152.101" 26 | SubnetMask = "255.255.255.0" 27 | Gateway = "192.168.152.100" 28 | Routes = @( 29 | @{ Network = "10.8.0.0"; Mask = "255.255.255.0"; Gateway = "192.168.152.100" }, 30 | @{ Network = "10.9.0.0"; Mask = "255.255.255.0"; Gateway = "192.168.152.100" }, 31 | @{ Network = "10.10.110.0"; Mask = "255.255.255.0"; Gateway = "192.168.152.100" } 32 | ) 33 | HostEntries = @( 34 | @{ IP = "192.168.152.100"; Hostname = "kali" } 35 | ) 36 | } 37 | LogFile = "C:\setup_log.txt" # Log file location 38 | } 39 | 40 | # --- Helper Functions --- 41 | function Write-Log { 42 | param ( 43 | [string]$Message, 44 | [string]$Level = "INFO" 45 | ) 46 | 47 | $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" 48 | $logMessage = "[$timestamp] [$Level] $Message" 49 | 50 | # Write to console with color based on level 51 | switch ($Level) { 52 | "ERROR" { Write-Host $logMessage -ForegroundColor Red } 53 | "WARNING" { Write-Host $logMessage -ForegroundColor Yellow } 54 | "SUCCESS" { Write-Host $logMessage -ForegroundColor Green } 55 | default { Write-Host $logMessage } 56 | } 57 | 58 | # Write to log file 59 | Add-Content -Path $Config.LogFile -Value $logMessage 60 | } 61 | 62 | function Test-Administrator { 63 | $currentUser = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()) 64 | return $currentUser.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) 65 | } 66 | 67 | function Initialize-Environment { 68 | # Create necessary directories 69 | Write-Log "Creating directories..." 70 | 71 | foreach ($dir in @($Config.ToolsDir, $Config.PayloadsDir, $Config.TempDir)) { 72 | if (-not (Test-Path $dir)) { 73 | New-Item -Path $dir -ItemType Directory -Force | Out-Null 74 | Write-Log "Created directory: $dir" -Level "SUCCESS" 75 | } else { 76 | Write-Log "Directory already exists: $dir" 77 | } 78 | } 79 | 80 | # Set temporary environment variables 81 | $env:TEMP = $Config.TempDir 82 | $env:TMP = $Config.TempDir 83 | Write-Log "Set temporary environment variables to: $($Config.TempDir)" 84 | } 85 | 86 | function Install-Chocolatey { 87 | if (-not (Get-Command choco -ErrorAction SilentlyContinue)) { 88 | Write-Log "Installing Chocolatey..." 89 | try { 90 | Set-ExecutionPolicy Bypass -Scope Process -Force 91 | [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072 92 | Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) 93 | 94 | # Verify installation 95 | if (Get-Command choco -ErrorAction SilentlyContinue) { 96 | Write-Log "Chocolatey installed successfully" -Level "SUCCESS" 97 | 98 | # Configure Chocolatey 99 | choco feature enable -n allowGlobalConfirmation 100 | Write-Log "Enabled Chocolatey global confirmation" 101 | } else { 102 | Write-Log "Chocolatey installation failed" -Level "ERROR" 103 | return $false 104 | } 105 | } catch { 106 | Write-Log "Error installing Chocolatey: $_" -Level "ERROR" 107 | return $false 108 | } 109 | } else { 110 | Write-Log "Chocolatey is already installed" 111 | } 112 | return $true 113 | } 114 | 115 | function Configure-WindowsDefender { 116 | if (-not $Config.DisableDefender) { 117 | Write-Log "Skipping Windows Defender configuration as per configuration" 118 | return 119 | } 120 | 121 | Write-Log "Configuring Windows Defender..." 122 | try { 123 | # Get Downloads folder path 124 | $Downloads = Get-ItemPropertyValue 'HKCU:\software\microsoft\windows\currentversion\explorer\shell folders\' -Name '{374DE290-123F-4565-9164-39C4925E467B}' 125 | 126 | # Add exclusions 127 | Add-MpPreference -ExclusionPath $Downloads 128 | Add-MpPreference -ExclusionPath $Config.PayloadsDir 129 | Add-MpPreference -ExclusionPath $Config.ToolsDir 130 | Add-MpPreference -ExclusionPath $env:USERPROFILE 131 | 132 | # Disable cloud features 133 | Set-MpPreference -MAPSReporting Disabled 134 | Set-MpPreference -SubmitSamplesConsent NeverSend 135 | 136 | # Disable monitoring features for better performance with security tools 137 | Set-MpPreference -DisableBehaviorMonitoring $true 138 | Set-MpPreference -DisableScriptScanning $true 139 | Set-MpPreference -DisableIOAVProtection $true 140 | Set-MpPreference -DisableIntrusionPreventionSystem $true 141 | 142 | Write-Log "Windows Defender configured successfully" -Level "SUCCESS" 143 | } catch { 144 | Write-Log "Error configuring Windows Defender: $_" -Level "ERROR" 145 | } 146 | } 147 | 148 | function Configure-IEFirstRun { 149 | Write-Log "Configuring Internet Explorer first run..." 150 | try { 151 | if (-not (Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main")) { 152 | New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer" -Force | Out-Null 153 | New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" -Force | Out-Null 154 | } 155 | New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" -Name DisableFirstRunCustomize -Value 1 -PropertyType DWORD -Force | Out-Null 156 | Write-Log "Internet Explorer first run configured" -Level "SUCCESS" 157 | } catch { 158 | Write-Log "Error configuring Internet Explorer: $_" -Level "ERROR" 159 | } 160 | } 161 | 162 | function Install-ChocolateyTools { 163 | if (-not $Config.InstallChocolateyTools) { 164 | Write-Log "Skipping Chocolatey tools installation as per configuration" 165 | return 166 | } 167 | 168 | Write-Log "Installing tools via Chocolatey..." 169 | 170 | $packageGroups = @{ 171 | "Core System Tools" = @( 172 | "7zip", "sysinternals", "notepadplusplus", "microsoft-windows-terminal", 173 | "curl", "wget", "grep", "nmap", "wireshark", "putty", "cmder", "hxd" 174 | ) 175 | "Development Tools" = @( 176 | "git", "python", "golang", "visualstudio2022community", "visualstudio2022buildtools", 177 | "visualstudio2022-workload-vctools", "vscode", "dotnet-sdk", "cmake" 178 | ) 179 | "Security Tools" = @( 180 | "ghidra", "cutter", "wireshark", "nmap", "hashcat", "tor-browser", 181 | "netcat", "putty", "burp-suite-free-edition", "openssl" 182 | ) 183 | "Reverse Engineering" = @( 184 | "pestudio", "ida-free", "x64dbg.portable", "radare2", "dnspy", "ilspy", 185 | "cutter", "ghidra", "dnspy" 186 | ) 187 | "Browsers" = @( 188 | "googlechrome", "firefox", "brave" 189 | ) 190 | "Editors & Documentation" = @( 191 | "notepadplusplus", "vscode", "typora", "cherrytree", "obsidian" 192 | ) 193 | "Utilities" = @( 194 | "procexp", "procmon", "autoruns", "networkmonitor", "tcpview", "regshot" 195 | ) 196 | } 197 | 198 | foreach ($group in $packageGroups.Keys) { 199 | Write-Log "Installing $group..." 200 | $packages = $packageGroups[$group] 201 | 202 | foreach ($package in $packages) { 203 | try { 204 | Write-Log " Installing $package..." 205 | choco install $package -y 206 | Write-Log " Installed $package" -Level "SUCCESS" 207 | } catch { 208 | Write-Log " Error installing $($package): $_" -Level "ERROR" 209 | } 210 | } 211 | } 212 | 213 | Write-Log "Chocolatey tools installation completed" -Level "SUCCESS" 214 | } 215 | 216 | function Install-GitTools { 217 | if (-not $Config.InstallGitTools) { 218 | Write-Log "Skipping Git tools installation as per configuration" 219 | return 220 | } 221 | 222 | # Make sure Git is installed 223 | if (-not (Get-Command git -ErrorAction SilentlyContinue)) { 224 | Write-Log "Git not found. Installing via Chocolatey..." 225 | choco install git -y 226 | } 227 | 228 | Write-Log "Installing tools via Git..." 229 | 230 | # Define repository categories 231 | $repoCategories = @{ 232 | "Credential Access" = @( 233 | "https://github.com/GhostPack/Rubeus.git", 234 | "https://github.com/GhostPack/SharpDPAPI.git", 235 | "https://github.com/gentilkiwi/mimikatz.git", 236 | "https://github.com/dafthack/MailSniper.git", 237 | "https://github.com/S3cur3Th1sSh1t/Creds.git" 238 | ) 239 | "Lateral Movement" = @( 240 | "https://github.com/ShutdownRepo/targetedKerberoast.git", 241 | "https://github.com/fox-it/Invoke-CredentialPhisher.git", 242 | "https://github.com/leechristensen/SpoolSample.git", 243 | "https://github.com/topotam/PetitPotam.git" 244 | ) 245 | "Privilege Escalation" = @( 246 | "https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git", 247 | "https://github.com/itm4n/PrivescCheck.git", 248 | "https://github.com/GhostPack/Seatbelt.git", 249 | "https://github.com/GossiTheDog/HiveNightmare.git", 250 | "https://github.com/bats3c/ADCSPwn.git" 251 | ) 252 | "Code Execution & Evasion" = @( 253 | "https://github.com/ORCA666/EVA2.git", 254 | "https://github.com/d35ha/CallObfuscator.git", 255 | "https://github.com/danielbohannon/Invoke-Obfuscation.git", 256 | "https://github.com/mgeeky/VisualBasicObfuscator.git", 257 | "https://github.com/mgeeky/ProtectMyTooling.git", 258 | "https://github.com/tokyoneon/Chimera.git", 259 | "https://github.com/S3cur3Th1sSh1t/PowerSharpPack.git" 260 | ) 261 | "Reconnaissance" = @( 262 | "https://github.com/BloodHoundAD/SharpHound3.git", 263 | "https://github.com/SnaffCon/Snaffler.git", 264 | "https://github.com/GhostPack/SharpWMI.git", 265 | "https://github.com/PowerShellMafia/PowerSploit.git", 266 | "https://github.com/tevora-threat/SharpView.git" 267 | ) 268 | "Post Exploitation" = @( 269 | "https://github.com/TheWover/donut.git", 270 | "https://github.com/FSecureLABS/SharpGPOAbuse.git", 271 | "https://github.com/NetSPI/PowerUpSQL.git", 272 | "https://github.com/djhohnstein/SharpChrome.git" 273 | ) 274 | "Defense Evasion" = @( 275 | "https://github.com/bats3c/darkarmour.git", 276 | "https://github.com/Soledge/BlockEtw.git", 277 | "https://github.com/jxy-s/herpaderping.git", 278 | "https://github.com/RythmStick/AMSITrigger.git" 279 | ) 280 | "Vulnerability Assessment" = @( 281 | "https://github.com/bitsadmin/wesng.git", 282 | "https://github.com/rasta-mouse/Watson.git", 283 | "https://github.com/7Ragnarok7/Windows-Exploit-Suggester.git" 284 | ) 285 | "Other Useful Tools" = @( 286 | "https://github.com/S3cur3Th1sSh1t/WinPwn.git", 287 | "https://github.com/ZeroPointSecurity/PhishingTemplates.git" 288 | ) 289 | } 290 | 291 | # Clone repositories 292 | foreach ($category in $repoCategories.Keys) { 293 | Write-Log "Cloning $category tools..." 294 | $repos = $repoCategories[$category] 295 | 296 | foreach ($repo in $repos) { 297 | try { 298 | $repoName = ($repo -split "/")[-1].Replace(".git", "") 299 | $destination = Join-Path $Config.ToolsDir $repoName 300 | 301 | if (-not (Test-Path $destination)) { 302 | Write-Log " Cloning $repoName..." 303 | git clone $repo $destination 304 | Write-Log " Cloned $repoName" -Level "SUCCESS" 305 | } else { 306 | Write-Log " Repository already exists: $repoName" 307 | } 308 | } catch { 309 | Write-Log " Error cloning $($repo): $_" -Level "ERROR" 310 | } 311 | } 312 | } 313 | 314 | Write-Log "Git tools installation completed" -Level "SUCCESS" 315 | } 316 | 317 | function Install-SpecialTools { 318 | Write-Log "Installing special tools..." 319 | 320 | # Install BloodHound 321 | try { 322 | Write-Log " Installing BloodHound..." 323 | $bloodhoundZip = Join-Path $Config.TempDir "BloodHound.zip" 324 | Invoke-WebRequest -Uri 'https://github.com/BloodHoundAD/BloodHound/releases/latest/download/BloodHound-win32-x64.zip' -OutFile $bloodhoundZip 325 | Expand-Archive -Path $bloodhoundZip -DestinationPath $Config.ToolsDir -Force 326 | Rename-Item -Path (Join-Path $Config.ToolsDir "BloodHound-win32-x64") -NewName "BloodHound" -Force -ErrorAction SilentlyContinue 327 | Write-Log " BloodHound installed" -Level "SUCCESS" 328 | } catch { 329 | Write-Log " Error installing BloodHound: $_" -Level "ERROR" 330 | } 331 | 332 | # Install Neo4j 333 | try { 334 | Write-Log " Installing Neo4j..." 335 | $neo4jZip = Join-Path $Config.TempDir "neo4j.zip" 336 | # Using a more recent version of Neo4j 337 | Invoke-WebRequest -Uri 'https://neo4j.com/artifact.php?name=neo4j-community-5.11.0-windows.zip' -OutFile $neo4jZip 338 | Expand-Archive -Path $neo4jZip -DestinationPath $Config.ToolsDir -Force 339 | 340 | # Find the exact folder name (version might change) 341 | $neo4jFolder = Get-ChildItem -Path $Config.ToolsDir -Directory -Filter "neo4j-community*" | Select-Object -First 1 342 | if ($neo4jFolder) { 343 | Rename-Item -Path $neo4jFolder.FullName -NewName "Neo4j" -Force -ErrorAction SilentlyContinue 344 | } 345 | 346 | Write-Log " Neo4j installed" -Level "SUCCESS" 347 | } catch { 348 | Write-Log " Error installing Neo4j: $_" -Level "ERROR" 349 | } 350 | 351 | # Install DLL Export Viewer 352 | try { 353 | Write-Log " Installing DLL Export Viewer..." 354 | $dllExpZip = Join-Path $Config.TempDir "dllexp.zip" 355 | Invoke-WebRequest -Uri 'https://www.nirsoft.net/utils/dllexp-x64.zip' -OutFile $dllExpZip 356 | Expand-Archive -Path $dllExpZip -DestinationPath (Join-Path $Config.ToolsDir "dllExportViewer") -Force 357 | Write-Log " DLL Export Viewer installed" -Level "SUCCESS" 358 | } catch { 359 | Write-Log " Error installing DLL Export Viewer: $_" -Level "ERROR" 360 | } 361 | 362 | # Enable .NET Framework 3.5 (needed for various tools) 363 | try { 364 | Write-Log " Enabling .NET Framework 3.5..." 365 | Enable-WindowsOptionalFeature -FeatureName NetFx3 -Online -NoRestart 366 | Write-Log " .NET Framework 3.5 enabled" -Level "SUCCESS" 367 | } catch { 368 | Write-Log " Error enabling .NET Framework 3.5: $_" -Level "ERROR" 369 | } 370 | 371 | Write-Log "Special tools installation completed" -Level "SUCCESS" 372 | } 373 | 374 | function Configure-Networking { 375 | if (-not $Config.SetupNetworking) { 376 | Write-Log "Skipping network configuration as per configuration" 377 | return 378 | } 379 | 380 | Write-Log "Configuring networking..." 381 | 382 | # Configure network adapter 383 | try { 384 | if ($Config.VMType -eq "VMware") { 385 | $interfaceName = "Ethernet1" # Common VMware interface name 386 | Write-Log " Configuring VMware network adapter..." 387 | } else { 388 | $interfaceName = "Ethernet 2" # Common VirtualBox interface name 389 | Write-Log " Configuring VirtualBox network adapter..." 390 | } 391 | 392 | # Set static IP 393 | $networkConfig = $Config.NetworkConfig 394 | netsh interface ip set address $interfaceName static $networkConfig.IPAddress $networkConfig.SubnetMask $networkConfig.Gateway 395 | Write-Log " Set static IP to $($networkConfig.IPAddress)" -Level "SUCCESS" 396 | 397 | # Add static routes 398 | foreach ($route in $networkConfig.Routes) { 399 | route add -p $route.Network mask $route.Mask $route.Gateway 400 | Write-Log " Added route for $($route.Network)" -Level "SUCCESS" 401 | } 402 | 403 | # Add host entries 404 | foreach ($hostEntry in $networkConfig.HostEntries) { 405 | $hostsFile = "$env:windir\System32\drivers\etc\hosts" 406 | $hostLine = "$($hostEntry.IP) $($hostEntry.Hostname)" 407 | 408 | if (-not (Select-String -Path $hostsFile -Pattern $hostLine -SimpleMatch -Quiet)) { 409 | Add-Content -Path $hostsFile -Value $hostLine 410 | Write-Log " Added host entry: $hostLine" -Level "SUCCESS" 411 | } 412 | } 413 | } catch { 414 | Write-Log "Error configuring networking: $_" -Level "ERROR" 415 | } 416 | 417 | Write-Log "Network configuration completed" -Level "SUCCESS" 418 | } 419 | 420 | function Configure-UI { 421 | if (-not $Config.ConfigureUI) { 422 | Write-Log "Skipping UI configuration as per configuration" 423 | return 424 | } 425 | 426 | Write-Log "Configuring UI settings..." 427 | 428 | # Configure Windows Explorer options 429 | try { 430 | Write-Log " Configuring Windows Explorer options..." 431 | 432 | # Import module from Chocolatey if available 433 | if (Test-Path "$env:ChocolateyInstall\helpers\chocolateyInstaller.psm1") { 434 | Import-Module "$env:ChocolateyInstall\helpers\chocolateyInstaller.psm1" -Force 435 | 436 | # Set explorer options 437 | Set-WindowsExplorerOptions -EnableShowFileExtensions -EnableShowFullPathInTitleBar -EnableExpandToOpenFolder -EnableShowRibbon 438 | Write-Log " Windows Explorer options set" -Level "SUCCESS" 439 | 440 | # Create shortcuts 441 | Install-ChocolateyShortcut -shortcutFilePath "C:\Users\Public\Desktop\tools.lnk" -targetPath $Config.ToolsDir 442 | Install-ChocolateyShortcut -shortcutFilePath "C:\Users\Public\Desktop\Neo4j.lnk" -targetPath (Join-Path $Config.ToolsDir "Neo4j\bin\neo4j.bat") -arguments "console" -runAsAdmin 443 | Write-Log " Desktop shortcuts created" -Level "SUCCESS" 444 | } else { 445 | Write-Log " Chocolatey installer module not found" -Level "WARNING" 446 | } 447 | } catch { 448 | Write-Log " Error configuring Windows Explorer: $_" -Level "ERROR" 449 | } 450 | 451 | # Set up BGInfo 452 | try { 453 | Write-Log " Setting up BGInfo..." 454 | $bgInfoDir = "C:\BGInfo" 455 | 456 | if (-not (Test-Path $bgInfoDir)) { 457 | New-Item -Path $bgInfoDir -ItemType Directory -Force | Out-Null 458 | } 459 | 460 | # Download BGInfo files 461 | Invoke-WebRequest -Uri 'https://github.com/a7t0fwa7/Attack_Infra_Setup/raw/master/wallpaper.jpg' -OutFile "$bgInfoDir\wallpaper.jpg" 462 | Invoke-WebRequest -Uri 'https://github.com/a7t0fwa7/Attack_Infra_Setup/raw/master/bginfo.bgi' -OutFile "$bgInfoDir\bginfo.bgi" 463 | 464 | # Add BGInfo to startup 465 | New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" -Name BGInfo -Value "$Config.ToolsDir\sysinternals\Bginfo64.exe /accepteula /i$bgInfoDir\bginfo.bgi /timer:0" -PropertyType String -Force | Out-Null 466 | 467 | Write-Log " BGInfo configured" -Level "SUCCESS" 468 | } catch { 469 | Write-Log " Error setting up BGInfo: $_" -Level "ERROR" 470 | } 471 | 472 | Write-Log "UI configuration completed" -Level "SUCCESS" 473 | } 474 | 475 | function Main { 476 | # Start timestamp for overall execution time 477 | $startTime = Get-Date 478 | 479 | # Create log file directory if it doesn't exist 480 | $logDir = Split-Path -Parent $Config.LogFile 481 | if (-not (Test-Path $logDir)) { 482 | New-Item -Path $logDir -ItemType Directory -Force | Out-Null 483 | } 484 | 485 | Write-Log "======= Starting Attack VM Setup =======" -Level "SUCCESS" 486 | 487 | # Check for admin privileges 488 | if (-not (Test-Administrator)) { 489 | Write-Log "This script requires administrator privileges. Please run as administrator." -Level "ERROR" 490 | exit 1 491 | } 492 | 493 | # Initialize environment (create directories, set environment variables) 494 | Initialize-Environment 495 | 496 | # Install and configure Chocolatey 497 | if (-not (Install-Chocolatey)) { 498 | Write-Log "Failed to install Chocolatey. Some functions may not work properly." -Level "WARNING" 499 | } 500 | 501 | # Configure Windows Defender 502 | Configure-WindowsDefender 503 | 504 | # Configure IE First Run 505 | Configure-IEFirstRun 506 | 507 | # Install tools via Chocolatey 508 | Install-ChocolateyTools 509 | 510 | # Install tools via Git 511 | Install-GitTools 512 | 513 | # Install special tools 514 | Install-SpecialTools 515 | 516 | # Configure networking 517 | Configure-Networking 518 | 519 | # Configure UI 520 | Configure-UI 521 | 522 | # Calculate and display execution time 523 | $endTime = Get-Date 524 | $executionTime = $endTime - $startTime 525 | 526 | Write-Log "======= Attack VM Setup Completed =======" -Level "SUCCESS" 527 | Write-Log "Total execution time: $($executionTime.TotalMinutes.ToString("0.00")) minutes" -Level "SUCCESS" 528 | } 529 | 530 | # Execute main function 531 | Main 532 | -------------------------------------------------------------------------------- /Kali_Setup/C2andToolsSetupKali.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Exit immediately if a command exits with a non-zero status. 4 | # Treat unset variables as an error when substituting. 5 | # Exit if any command in a pipeline fails, not just the last one. 6 | set -euo pipefail 7 | 8 | # --- Configuration --- 9 | STATIC_IP_INTERFACE="eth1" 10 | STATIC_IP_ADDRESS="192.168.152.100/24" # Address/CIDR notation 11 | VPN_INTERFACE="tun0" 12 | TOOL_BASE_DIR="/opt" 13 | CURRENT_USER=$(logname) # Get the actual logged-in user, safer than $USER in some contexts 14 | CURRENT_HOME=$(eval echo ~$CURRENT_USER) 15 | 16 | # --- Helper Functions --- 17 | 18 | log_info() { 19 | echo "[+] INFO: $1" 20 | } 21 | 22 | log_warn() { 23 | echo "[!] WARN: $1" 24 | } 25 | 26 | log_error() { 27 | echo "[X] ERROR: $1" >&2 28 | } 29 | 30 | run_cmd() { 31 | log_info "Executing: $@" 32 | "$@" 33 | } 34 | 35 | run_cmd_sudo() { 36 | log_info "Executing with sudo: $@" 37 | sudo "$@" 38 | } 39 | 40 | check_command() { 41 | command -v "$1" &> /dev/null 42 | } 43 | 44 | # --- Setup Functions --- 45 | 46 | update_system() { 47 | log_info "Updating package lists and upgrading system..." 48 | run_cmd_sudo apt-get update 49 | # Consider uncommenting the upgrade if desired, but it can take time 50 | # run_cmd_sudo apt-get -y upgrade 51 | run_cmd_sudo apt-get -y install curl wget git apt-transport-https dirmngr gpg build-essential 52 | } 53 | 54 | setup_network() { 55 | log_info "Configuring network interfaces and IP forwarding..." 56 | 57 | # Install necessary packages 58 | run_cmd_sudo apt-get -y install iptables-persistent netfilter-persistent 59 | 60 | # Configure static IP (using interfaces.d for better organization) 61 | # Warning: Disabling NetworkManager can break networking in Desktop Environments 62 | # Consider if this is truly necessary or if NetworkManager can be configured instead. 63 | log_warn "Disabling NetworkManager. Ensure this is intended." 64 | run_cmd_sudo systemctl stop NetworkManager.service 65 | run_cmd_sudo systemctl disable NetworkManager.service 66 | 67 | local interfaces_d_file="/etc/network/interfaces.d/${STATIC_IP_INTERFACE}-static" 68 | log_info "Creating static IP config at ${interfaces_d_file}" 69 | echo "auto ${STATIC_IP_INTERFACE}" | sudo tee "${interfaces_d_file}" > /dev/null 70 | echo "iface ${STATIC_IP_INTERFACE} inet static" | sudo tee -a "${interfaces_d_file}" > /dev/null 71 | echo " address ${STATIC_IP_ADDRESS%/*}" | sudo tee -a "${interfaces_d_file}" > /dev/null 72 | # Calculate netmask from CIDR if needed, assuming /24 for simplicity here based on original 73 | if [[ "${STATIC_IP_ADDRESS}" == *"/"* ]]; then 74 | # Basic netmask for common CIDRs, needs improvement for arbitrary CIDRs 75 | case "${STATIC_IP_ADDRESS##*/}" in 76 | 24) echo " netmask 255.255.255.0" | sudo tee -a "${interfaces_d_file}" > /dev/null ;; 77 | 16) echo " netmask 255.255.0.0" | sudo tee -a "${interfaces_d_file}" > /dev/null ;; 78 | 8) echo " netmask 255.0.0.0" | sudo tee -a "${interfaces_d_file}" > /dev/null ;; 79 | *) log_warn "Netmask calculation for CIDR /${STATIC_IP_ADDRESS##*/} not implemented, defaulting to 255.255.255.0" 80 | echo " netmask 255.255.255.0" | sudo tee -a "${interfaces_d_file}" > /dev/null ;; 81 | esac 82 | else 83 | log_warn "Static IP address should be in CIDR notation (e.g., 192.168.152.100/24). Assuming /24." 84 | echo " address ${STATIC_IP_ADDRESS}" | sudo tee -a "${interfaces_d_file}" > /dev/null 85 | echo " netmask 255.255.255.0" | sudo tee -a "${interfaces_d_file}" > /dev/null 86 | fi 87 | 88 | # Restart networking service (consider 'ifup eth1' if less disruptive) 89 | log_info "Restarting networking service..." 90 | run_cmd_sudo systemctl restart networking 91 | 92 | # Enable IP forwarding using sysctl.d 93 | log_info "Enabling IP forwarding..." 94 | echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/99-ip_forward.conf > /dev/null 95 | run_cmd_sudo sysctl -p /etc/sysctl.d/99-ip_forward.conf 96 | 97 | # Configure iptables rules 98 | log_info "Configuring iptables rules to forward traffic through ${VPN_INTERFACE}..." 99 | run_cmd_sudo iptables -t nat -A POSTROUTING -o "${VPN_INTERFACE}" -j MASQUERADE 100 | run_cmd_sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 101 | run_cmd_sudo iptables -A FORWARD -i "${STATIC_IP_INTERFACE}" -o "${VPN_INTERFACE}" -j ACCEPT 102 | # These might be too broad depending on exact needs 103 | # run_cmd_sudo iptables -A FORWARD -i "${VPN_INTERFACE}" -o "${STATIC_IP_INTERFACE}" -j ACCEPT 104 | # run_cmd_sudo iptables -A FORWARD -i "${VPN_INTERFACE}" -o eth0 -j ACCEPT # Assuming eth0 is WAN? Be specific. 105 | # run_cmd_sudo iptables -A FORWARD -i eth0 -o "${VPN_INTERFACE}" -j ACCEPT 106 | 107 | # Save iptables rules 108 | log_info "Saving iptables rules..." 109 | run_cmd_sudo netfilter-persistent save 110 | run_cmd_sudo systemctl enable netfilter-persistent.service 111 | } 112 | 113 | enable_ssh() { 114 | log_info "Enabling SSH service..." 115 | run_cmd_sudo systemctl enable ssh.service 116 | run_cmd_sudo systemctl start ssh.service 117 | } 118 | 119 | install_dev_tools() { 120 | log_info "Installing core development tools (Go, Rust, .NET, Mingw)..." 121 | 122 | # Install Go (from apt) 123 | if ! check_command go; then 124 | log_info "Installing Go..." 125 | run_cmd_sudo apt-get update 126 | run_cmd_sudo apt-get -y install golang-go 127 | # Setup GOPATH if needed (apt package might handle this) 128 | if ! grep -q 'export GOPATH=' "${CURRENT_HOME}/.profile"; then 129 | log_info "Adding GOPATH to ${CURRENT_HOME}/.profile" 130 | echo '' >> "${CURRENT_HOME}/.profile" 131 | echo '# GoLang Path' >> "${CURRENT_HOME}/.profile" 132 | echo 'export GOPATH="$HOME/go"' >> "${CURRENT_HOME}/.profile" 133 | echo 'export PATH="$PATH:$GOPATH/bin:/usr/local/go/bin"' >> "${CURRENT_HOME}/.profile" # Add /usr/local/go/bin just in case 134 | fi 135 | if [[ -f "${CURRENT_HOME}/.zshrc" ]] && ! grep -q 'export GOPATH=' "${CURRENT_HOME}/.zshrc"; then 136 | log_info "Adding GOPATH to ${CURRENT_HOME}/.zshrc" 137 | echo '' >> "${CURRENT_HOME}/.zshrc" 138 | echo '# GoLang Path' >> "${CURRENT_HOME}/.zshrc" 139 | echo 'export GOPATH="$HOME/go"' >> "${CURRENT_HOME}/.zshrc" 140 | echo 'export PATH="$PATH:$GOPATH/bin:/usr/local/go/bin"' >> "${CURRENT_HOME}/.zshrc" 141 | fi 142 | # Create go directory if it doesn't exist 143 | mkdir -p "${CURRENT_HOME}/go" 144 | chown "${CURRENT_USER}:${CURRENT_USER}" "${CURRENT_HOME}/go" -R 145 | else 146 | log_info "Go is already installed." 147 | fi 148 | # Ensure Go env vars are available for the rest of the script 149 | export GOPATH="$CURRENT_HOME/go" 150 | export PATH="$PATH:$GOPATH/bin:/usr/local/go/bin" 151 | 152 | 153 | # Install Rust (using rustup - preferred method) 154 | if ! check_command rustc; then 155 | log_info "Installing Rust..." 156 | # The official installer requires user interaction, run non-interactively 157 | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path 158 | # Add cargo to the current script's PATH 159 | export PATH="${CURRENT_HOME}/.cargo/bin:${PATH}" 160 | # Note: User will need to source ~/.profile or ~/.zshrc or restart shell later 161 | log_warn "Rust installed. Please source ${CURRENT_HOME}/.cargo/env or restart your shell for changes to take effect." 162 | else 163 | log_info "Rust is already installed." 164 | fi 165 | 166 | # Install .NET SDK (using Microsoft's feed) 167 | if ! check_command dotnet; then 168 | log_info "Installing .NET SDK..." 169 | local dotnet_version="7.0" # Or choose "6.0" (LTS) or "8.0" (latest) 170 | local debian_version=$(lsb_release -sr | cut -d'.' -f1) # Get major Debian version (e.g., 11, 12) 171 | wget "https://packages.microsoft.com/config/debian/${debian_version}/packages-microsoft-prod.deb" -O packages-microsoft-prod.deb 172 | run_cmd_sudo dpkg -i packages-microsoft-prod.deb 173 | rm packages-microsoft-prod.deb 174 | run_cmd_sudo apt-get update 175 | run_cmd_sudo apt-get install -y "dotnet-sdk-${dotnet_version}" 176 | else 177 | log_info ".NET SDK is already installed." 178 | fi 179 | 180 | # Install Mingw-w64 181 | log_info "Installing Mingw-w64..." 182 | run_cmd_sudo apt-get -y install mingw-w64 183 | 184 | # Install Vlang (Cloning and building - check if apt package exists) 185 | if ! check_command v; then 186 | log_info "Installing Vlang..." 187 | local vlang_dir="${CURRENT_HOME}/git-tools/vlang" 188 | if [ ! -d "${vlang_dir}" ]; then 189 | run_cmd git clone https://github.com/vlang/v "${vlang_dir}" 190 | else 191 | log_info "Vlang source directory already exists. Skipping clone." 192 | # Optional: Add 'git pull' here if update is desired 193 | fi 194 | ( 195 | cd "${vlang_dir}" 196 | log_info "Building Vlang..." 197 | run_cmd make 198 | run_cmd_sudo ./v symlink # Creates symlink in /usr/local/bin 199 | ) 200 | else 201 | log_info "Vlang is already installed." 202 | fi 203 | 204 | # Install Python pip and common tools 205 | log_info "Installing Python3 pip and common libraries..." 206 | run_cmd_sudo apt-get -y install python3-pip python3-venv python3-dev 207 | } 208 | 209 | install_docker() { 210 | log_info "Installing Docker..." 211 | if ! check_command docker; then 212 | # Use Kali's docker.io package 213 | run_cmd_sudo apt-get update 214 | run_cmd_sudo apt-get -y install docker.io 215 | run_cmd_sudo systemctl enable docker --now 216 | log_info "Adding user ${CURRENT_USER} to the docker group..." 217 | run_cmd_sudo usermod -aG docker "${CURRENT_USER}" 218 | log_warn "You may need to log out and log back in for docker group changes to take effect." 219 | else 220 | log_info "Docker is already installed." 221 | fi 222 | } 223 | 224 | install_extra_tools() { 225 | log_info "Installing additional tools (VS Code, Evil-WinRM, CME, BloodHound)..." 226 | 227 | # Install VS Code (using Microsoft repo) 228 | if ! check_command code; then 229 | log_info "Installing VS Code..." 230 | run_cmd_sudo apt-get install -y wget gpg 231 | wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg 232 | run_cmd_sudo install -D -o root -g root -m 644 packages.microsoft.gpg /etc/apt/keyrings/packages.microsoft.gpg 233 | echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" | sudo tee /etc/apt/sources.list.d/vscode.list > /dev/null 234 | rm -f packages.microsoft.gpg 235 | run_cmd_sudo apt-get update 236 | run_cmd_sudo apt-get install -y code 237 | else 238 | log_info "VS Code is already installed." 239 | fi 240 | 241 | # Install Evil-WinRM (Ruby gem) 242 | if ! check_command evil-winrm; then 243 | log_info "Installing Evil-WinRM..." 244 | run_cmd_sudo apt-get -y install ruby ruby-dev # Ensure Ruby is installed 245 | run_cmd_sudo gem install evil-winrm 246 | else 247 | log_info "Evil-WinRM is already installed." 248 | fi 249 | 250 | # Install CrackMapExec (from apt) 251 | if ! check_command crackmapexec; then 252 | log_info "Installing CrackMapExec..." 253 | run_cmd_sudo apt-get update 254 | run_cmd_sudo apt-get -y install crackmapexec 255 | else 256 | log_info "CrackMapExec is already installed." 257 | fi 258 | 259 | # Install BloodHound (from apt) 260 | if ! check_command bloodhound; then 261 | log_info "Installing BloodHound..." 262 | run_cmd_sudo apt-get update 263 | run_cmd_sudo apt-get -y install bloodhound 264 | log_info "Downloading BloodHound custom queries..." 265 | local bloodhound_config_dir="${CURRENT_HOME}/.config/bloodhound" 266 | mkdir -p "${bloodhound_config_dir}" 267 | # Choose one query set or merge them manually 268 | curl -o "${bloodhound_config_dir}/customqueries.json" "https://raw.githubusercontent.com/ZephrFish/Bloodhound-CustomQueries/main/customqueries.json" 269 | chown -R "${CURRENT_USER}:${CURRENT_USER}" "${bloodhound_config_dir}" 270 | else 271 | log_info "BloodHound is already installed." 272 | fi 273 | 274 | # Install smap (Go tool) 275 | if ! check_command smap; then 276 | log_info "Installing smap..." 277 | if check_command go; then 278 | run_cmd go install -v github.com/s0md3v/smap/cmd/smap@latest 279 | else 280 | log_warn "Go is not installed, cannot install smap." 281 | fi 282 | else 283 | log_info "smap is already installed." 284 | fi 285 | 286 | # Install Obfuscated Mimikatz (Warning: Security Risk) 287 | log_warn "Downloading and executing Obfuscated Mimikatz script from gist. Review the script first!" 288 | # Consider downloading manually or hosting the script yourself 289 | # curl -s https://gist.githubusercontent.com/a7t0fwa7/94591fe57d330cafbc89a349dc05c0e2/raw/dafbd32d1307c4ebb512e4eb7c43c7e1292bcac9/ObfuscateMimi_First.sh | bash 290 | log_warn "Skipping automatic execution of Obfuscated Mimikatz script for security reasons." 291 | log_info "To install manually, run: curl -s https://gist.githubusercontent.com/a7t0fwa7/94591fe57d330cafbc89a349dc05c0e2/raw/dafbd32d1307c4ebb512e4eb7c43c7e1292bcac9/ObfuscateMimi_First.sh | bash" 292 | 293 | } 294 | 295 | create_tool_dirs() { 296 | log_info "Creating tool directories in ${TOOL_BASE_DIR}..." 297 | local dirs=( 298 | "Intel-Tools" "Command-and-Control" "Reverse-Engineering" "Obfuscation-Tools" 299 | "Offensive-Tools" "AV-Evasion-Tools" "Useful-Lists" "Cloud" "CheatSheets" 300 | "Egress-Assess" # Added from git clone list 301 | ) 302 | for dir in "${dirs[@]}"; do 303 | run_cmd_sudo mkdir -p "${TOOL_BASE_DIR}/${dir}" 304 | run_cmd_sudo chown "${CURRENT_USER}:${CURRENT_USER}" "${TOOL_BASE_DIR}/${dir}" 305 | done 306 | } 307 | 308 | # Function to safely clone or update a git repository 309 | # Usage: git_clone_or_update [sudo_chown] 310 | git_clone_or_update() { 311 | local repo_url="$1" 312 | local dest_dir="$2" 313 | local sudo_chown_flag="${3:-false}" # Default to false 314 | 315 | log_info "Cloning/Updating ${repo_url} into ${dest_dir}" 316 | 317 | if [ -d "${dest_dir}/.git" ]; then 318 | log_info "Directory ${dest_dir} exists, attempting git pull..." 319 | ( # Run in subshell to avoid cd side effects 320 | cd "${dest_dir}" 321 | git pull || log_warn "git pull failed for ${dest_dir}. Manual check needed." 322 | ) 323 | elif [ -d "${dest_dir}" ]; then 324 | log_warn "Directory ${dest_dir} exists but is not a git repository. Skipping." 325 | else 326 | # Clone into user's home first to avoid sudo git clone if possible 327 | local tmp_clone_dir="${CURRENT_HOME}/git-clones/$(basename ${dest_dir})" 328 | mkdir -p "$(dirname ${tmp_clone_dir})" 329 | if git clone "${repo_url}" "${tmp_clone_dir}"; then 330 | # Move to final destination 331 | if [ "${sudo_chown_flag}" = true ]; then 332 | run_cmd_sudo mv "${tmp_clone_dir}" "${dest_dir}" 333 | run_cmd_sudo chown -R "${CURRENT_USER}:${CURRENT_USER}" "${dest_dir}" 334 | else 335 | # If destination is in user home, no sudo needed 336 | if [[ "${dest_dir}" == ${CURRENT_HOME}* ]]; then 337 | mv "${tmp_clone_dir}" "${dest_dir}" 338 | else 339 | # Destination requires sudo mv, but not chown 340 | run_cmd_sudo mv "${tmp_clone_dir}" "${dest_dir}" 341 | fi 342 | fi 343 | rmdir -p "$(dirname ${tmp_clone_dir})" 2>/dev/null || true # Clean up parent dirs if empty 344 | else 345 | log_error "Failed to clone ${repo_url}" 346 | rm -rf "${tmp_clone_dir}" # Clean up failed clone attempt 347 | fi 348 | fi 349 | } 350 | 351 | 352 | clone_security_tools() { 353 | log_info "Cloning security tools..." 354 | mkdir -p "${CURRENT_HOME}/git-clones" # Temp location for clones 355 | 356 | # --- Intel Tools --- 357 | git_clone_or_update https://github.com/evilsocket/legba.git "${TOOL_BASE_DIR}/Intel-Tools/LegbaBruteForcer" true 358 | # sub3suite release is a tar.gz, not a git repo - handle separately 359 | # git_clone_or_update https://github.com/3nock/sub3suite/releases/download/v0.0.3/sub3suite-v0.0.3-linux.tar.gz "${TOOL_BASE_DIR}/Intel-Tools/sub3suite" true 360 | git_clone_or_update https://github.com/MrTuxx/SocialPwned.git "${TOOL_BASE_DIR}/Intel-Tools/SocialPwned" true 361 | git_clone_or_update https://github.com/irsdl/IIS-ShortName-Scanner.git "${TOOL_BASE_DIR}/Intel-Tools/IIS-ShortName-Scanner" true 362 | git_clone_or_update https://github.com/v4d1/Dome.git "${TOOL_BASE_DIR}/Intel-Tools/SubDomainEnum_Dome" true 363 | git_clone_or_update https://github.com/whydee86/ComPP.git "${TOOL_BASE_DIR}/Intel-Tools/Password_Gen_ComPP" true 364 | git_clone_or_update https://github.com/Taonn/EmailAll.git "${TOOL_BASE_DIR}/Intel-Tools/EmailAll" true 365 | git_clone_or_update https://github.com/ropnop/kerbrute.git "${TOOL_BASE_DIR}/Intel-Tools/kerbrute" true 366 | git_clone_or_update https://github.com/rbsec/dnscan.git "${TOOL_BASE_DIR}/Intel-Tools/dnscan" true 367 | git_clone_or_update https://github.com/chinarulezzz/spoofcheck "${TOOL_BASE_DIR}/Intel-Tools/spoofcheck" true 368 | # Install spoofcheck deps 369 | if [ -f "${TOOL_BASE_DIR}/Intel-Tools/spoofcheck/requirements.txt" ]; then 370 | log_info "Installing dependencies for spoofcheck..." 371 | run_cmd_sudo pip3 install -r "${TOOL_BASE_DIR}/Intel-Tools/spoofcheck/requirements.txt" 372 | fi 373 | # Namemash is a gist, handle separately 374 | # git_clone_or_update https://gist.github.com/superkojiman/11076951 "${TOOL_BASE_DIR}/namemash" true 375 | git_clone_or_update https://github.com/byt3bl33d3r/SprayingToolkit.git "${TOOL_BASE_DIR}/Intel-Tools/SprayingToolkit" true 376 | if [ -f "${TOOL_BASE_DIR}/Intel-Tools/SprayingToolkit/requirements.txt" ]; then 377 | log_info "Installing dependencies for SprayingToolkit..." 378 | run_cmd_sudo pip3 install -r "${TOOL_BASE_DIR}/Intel-Tools/SprayingToolkit/requirements.txt" 379 | fi 380 | git_clone_or_update https://github.com/itm4n/PrivescCheck.git "${TOOL_BASE_DIR}/Intel-Tools/PrivescCheck" true # Also in Offensive-Tools? Keep one? 381 | git_clone_or_update https://github.com/artofwar2306/Invoke-Recon.git "${TOOL_BASE_DIR}/Intel-Tools/Invoke-Recon" true 382 | git_clone_or_update https://github.com/S3cur3Th1sSh1t/MailSniper.git "${TOOL_BASE_DIR}/Intel-Tools/MailSniper" true 383 | git_clone_or_update https://github.com/SnaffCon/Snaffler.git "${TOOL_BASE_DIR}/Intel-Tools/Snaffler" true 384 | git_clone_or_update https://github.com/lkarlslund/adalanche.git "${TOOL_BASE_DIR}/Intel-Tools/ActiveDirectoryAdalanche" true 385 | # Build ADalanche 386 | if [ -f "${TOOL_BASE_DIR}/Intel-Tools/ActiveDirectoryAdalanche/build.sh" ]; then 387 | log_info "Building ADalanche..." 388 | ( cd "${TOOL_BASE_DIR}/Intel-Tools/ActiveDirectoryAdalanche" && sudo bash build.sh ) 389 | fi 390 | 391 | # --- Offensive Tools --- 392 | git_clone_or_update https://github.com/dafthack/GraphRunner.git "${TOOL_BASE_DIR}/Offensive-Tools/GraphRunner" true 393 | git_clone_or_update https://github.com/The-Viper-One/PsMapExec.git "${TOOL_BASE_DIR}/Offensive-Tools/PsMapExec-Enum" true 394 | git_clone_or_update https://github.com/itm4n/PrivescCheck.git "${TOOL_BASE_DIR}/Offensive-Tools/PrivEscChecker" true # Duplicate? 395 | git_clone_or_update https://github.com/lengjibo/RedTeamTools.git "${TOOL_BASE_DIR}/Offensive-Tools/RedTeamTools" true 396 | git_clone_or_update https://github.com/timwhitez/Doge-RecycledGate.git "${TOOL_BASE_DIR}/Offensive-Tools/Doge-RecycledGate" true 397 | git_clone_or_update https://github.com/DarkCoderSc/PowerRunAsAttached.git "${TOOL_BASE_DIR}/Offensive-Tools/DarkCoderPowerRunAsAttached" true 398 | git_clone_or_update https://github.com/DarkCoderSc/PowerRemoteDesktop.git "${TOOL_BASE_DIR}/Offensive-Tools/DarkCoderPowerRemoteDesktop" true 399 | git_clone_or_update https://github.com/DarkCoderSc/PowerRunAsSystem.git "${TOOL_BASE_DIR}/Offensive-Tools/DarkCoderPowerRunAsSystem" true 400 | git_clone_or_update https://github.com/ly4k/SpoolFool.git "${TOOL_BASE_DIR}/Offensive-Tools/SpoolFool" true 401 | git_clone_or_update https://github.com/wavestone-cdt/Invoke-CleverSpray.git "${TOOL_BASE_DIR}/Offensive-Tools/Invoke-CleverSpray" true 402 | git_clone_or_update https://github.com/mitchmoser/LACheck.git "${TOOL_BASE_DIR}/Offensive-Tools/LocalAdminPrivEscChecker" true 403 | # Mgeeky tools commented out in original, keep commented 404 | # git_clone_or_update https://github.com/mgeeky/mgeeky-gists.git "${TOOL_BASE_DIR}/Offensive-Tools/MGeekys_Gists" true 405 | # git_clone_or_update https://github.com/mgeeky/Penetration-Testing-Tools.git "${TOOL_BASE_DIR}/Offensive-Tools/MGeekys_Pentest_Tools" true 406 | git_clone_or_update https://github.com/cmars/onionpipe.git "${TOOL_BASE_DIR}/Offensive-Tools/tunneling_onionpipe" true 407 | git_clone_or_update https://github.com/fox-it/aclpwn.py.git "${TOOL_BASE_DIR}/Offensive-Tools/aclpwn" true 408 | git_clone_or_update https://github.com/fox-it/Invoke-CredentialPhisher.git "${TOOL_BASE_DIR}/Offensive-Tools/Invoke-CredentialPhisher" true # Typo in original path fixed 409 | git_clone_or_update https://github.com/xforcered/InlineExecute-Assembly.git "${TOOL_BASE_DIR}/Offensive-Tools/InlineExecute-Assembly" true 410 | git_clone_or_update https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer.git "${TOOL_BASE_DIR}/Offensive-Tools/Invoke-BuildAnonymousSMBServer" true 411 | git_clone_or_update https://github.com/BC-SECURITY/Offensive-VBA-and-XLS-Entanglement.git "${TOOL_BASE_DIR}/Offensive-Tools/Offensive-VBA-and-XLS-Entanglement" true 412 | git_clone_or_update https://github.com/GossiTheDog/HiveNightmare.git "${TOOL_BASE_DIR}/Offensive-Tools/HiveNightmare" true 413 | git_clone_or_update https://github.com/Inf0secRabbit/BadAssMacros.git "${TOOL_BASE_DIR}/Offensive-Tools/BadAssMacros" true # Duplicate? 414 | git_clone_or_update https://github.com/bats3c/ADCSPwn.git "${TOOL_BASE_DIR}/Offensive-Tools/ADCSPwn" true 415 | git_clone_or_update https://github.com/ShutdownRepo/targetedKerberoast.git "${TOOL_BASE_DIR}/Offensive-Tools/targetedKerberoast" true 416 | git_clone_or_update https://github.com/topotam/PetitPotam.git "${TOOL_BASE_DIR}/Offensive-Tools/PetitPotam" true 417 | git_clone_or_update https://github.com/Flangvik/DeployPrinterNightmare.git "${TOOL_BASE_DIR}/Offensive-Tools/DeployPrintNightMare" true 418 | git_clone_or_update https://github.com/cube0x0/MiniDump.git "${TOOL_BASE_DIR}/Offensive-Tools/MiniDump" true 419 | git_clone_or_update https://github.com/sevagas/macro_pack.git "${TOOL_BASE_DIR}/Offensive-Tools/Macro_Pack" true 420 | git_clone_or_update https://github.com/aloksaurabh/OffenPowerSh.git "${TOOL_BASE_DIR}/Offensive-Tools/OffenPowerSh" true 421 | git_clone_or_update https://github.com/S3cur3Th1sSh1t/WinPwn.git "${TOOL_BASE_DIR}/Offensive-Tools/WinPWn" true 422 | git_clone_or_update https://github.com/S3cur3Th1sSh1t/PowerSharpPack.git "${TOOL_BASE_DIR}/Offensive-Tools/PowerSharpPack" true 423 | git_clone_or_update https://github.com/S3cur3Th1sSh1t/Creds.git "${TOOL_BASE_DIR}/Offensive-Tools/Creds" true 424 | git_clone_or_update https://github.com/S3cur3Th1sSh1t/Invoke-PrintDemon.git "${TOOL_BASE_DIR}/Offensive-Tools/Invoke-PrintDemon" true 425 | git_clone_or_update https://github.com/S3cur3Th1sSh1t/Invoke-SharpLoader.git "${TOOL_BASE_DIR}/Offensive-Tools/Invoke-SharpLoader" true 426 | git_clone_or_update https://github.com/S3cur3Th1sSh1t/Invoke-Sharpcradle.git "${TOOL_BASE_DIR}/Offensive-Tools/Invoke-SharpCradle" true 427 | git_clone_or_update https://github.com/S3cur3Th1sSh1t/Get-System-Techniques.git "${TOOL_BASE_DIR}/Offensive-Tools/Get-System-Techniques" true 428 | git_clone_or_update https://github.com/S3cur3Th1sSh1t/SharpLocker.git "${TOOL_BASE_DIR}/Offensive-Tools/SharpLocker" true 429 | git_clone_or_update https://github.com/jxy-s/herpaderping.git "${TOOL_BASE_DIR}/Offensive-Tools/herpaderping" true 430 | git_clone_or_update https://github.com/bytecod3r/Cobaltstrike-Aggressor-Scripts-Collection.git "${TOOL_BASE_DIR}/Offensive-Tools/CobaltStrike-Agressor-Scripts-Collection" true 431 | git_clone_or_update https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git "${TOOL_BASE_DIR}/Offensive-Tools/WinAndLinPEAS" true 432 | git_clone_or_update https://github.com/bitsadmin/wesng.git "${TOOL_BASE_DIR}/Offensive-Tools/WinExploitSuggestorNextGen" true 433 | git_clone_or_update https://github.com/samratashok/ADModule.git "${TOOL_BASE_DIR}/Offensive-Tools/ADModule" true 434 | git_clone_or_update https://github.com/Ignitetechnologies/Credential-Dumping.git "${TOOL_BASE_DIR}/Offensive-Tools/CredDump" true # Duplicate? 435 | 436 | # --- AV Evasion Tools --- 437 | git_clone_or_update https://github.com/h0ru/AMSI-Reaper.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/AMSI-Reaper" true 438 | git_clone_or_update https://github.com/aaaddress1/xlsKami.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/ShenHaoMaXlsKami" true 439 | git_clone_or_update https://github.com/aaaddress1/PR0CESS.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/ShenHaoMaPR0CESS" true 440 | git_clone_or_update https://github.com/aaaddress1/Skrull.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/ShenHaoMaSkrull" true 441 | git_clone_or_update https://github.com/cube0x0/SyscallPack.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/SyscallPack" true 442 | git_clone_or_update https://github.com/klezVirus/SysWhispers3.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/SysWhispers3" true 443 | git_clone_or_update https://github.com/Inf0secRabbit/BadAssMacros.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/BadAssMacros" true # Duplicate? 444 | git_clone_or_update https://github.com/sbasu7241/HellsGate.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/HellsGate" true 445 | git_clone_or_update https://github.com/Idov31/FunctionStomping.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/FunctionStomping" true 446 | git_clone_or_update https://github.com/safe6Sec/GolangBypassAV.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/GolangBypassAV" true 447 | git_clone_or_update https://github.com/last-byte/DefenderSwitch.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/DefenderSwitch" true 448 | # Mgeeky tools commented out in original 449 | # git_clone_or_update https://github.com/mgeeky/polonium.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/MGeekys_map_out_AVs_EDRs_detection_surface_to_identify_their_gaps." true 450 | # git_clone_or_update https://github.com/mgeeky/VisualBasicObfuscator.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/MGeekys_VB_Obfuscator_unmaintained" true 451 | # git_clone_or_update https://github.com/mgeeky/Stracciatella.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/MGeekys_Strcciatella" true 452 | git_clone_or_update https://github.com/ORCA666/EVA2.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/EVA2" true 453 | git_clone_or_update https://github.com/N4kedTurtle/HellsGatePoC.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/HellsGatePoC" true 454 | git_clone_or_update https://github.com/two06/Inception.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/Inception" true 455 | git_clone_or_update https://github.com/Soledge/BlockEtw.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/BlockEtw" true 456 | git_clone_or_update https://github.com/bats3c/darkarmour.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/darkarmour" true 457 | git_clone_or_update https://github.com/dosxuz/DefenderStop.git "${TOOL_BASE_DIR}/AV-Evasion-Tools/DefenderStop" true 458 | 459 | # --- Obfuscation Tools --- 460 | # git_clone_or_update https://github.com/mgeeky/ProtectMyTooling.git "${TOOL_BASE_DIR}/Obfuscation-Tools/MGeekys_ProtectMyTooling" true # Commented out 461 | git_clone_or_update https://github.com/AnErrupTion/LoGiC.NET.git "${TOOL_BASE_DIR}/Obfuscation-Tools/LoGIC.NET" true 462 | git_clone_or_update https://github.com/d35ha/CallObfuscator.git "${TOOL_BASE_DIR}/Obfuscation-Tools/CallObfuscator" true 463 | git_clone_or_update https://github.com/xp4xbox/PyEvade.git "${TOOL_BASE_DIR}/Obfuscation-Tools/PyEvade" true 464 | git_clone_or_update https://github.com/danielbohannon/Invoke-Obfuscation.git "${TOOL_BASE_DIR}/Obfuscation-Tools/Invoke-Obfuscation" true 465 | git_clone_or_update https://github.com/CBHue/PyFuscation.git "${TOOL_BASE_DIR}/Obfuscation-Tools/PyFuscation" true 466 | git_clone_or_update https://github.com/tokyoneon/Chimera.git "${TOOL_BASE_DIR}/Obfuscation-Tools/Chimera" true 467 | git_clone_or_update https://github.com/S3cur3Th1sSh1t/xencrypt.git "${TOOL_BASE_DIR}/Obfuscation-Tools/xencrypt" true 468 | git_clone_or_update https://github.com/Flangvik/SimpleSourceProtector.git "${TOOL_BASE_DIR}/Obfuscation-Tools/SimpleSourceProtector" true 469 | 470 | # --- Useful Lists --- 471 | git_clone_or_update https://github.com/danielmiessler/SecLists.git "${TOOL_BASE_DIR}/Useful-Lists/SecLists" true 472 | git_clone_or_update https://github.com/swisskyrepo/PayloadsAllTheThings.git "${TOOL_BASE_DIR}/Useful-Lists/PayloadsAllTheThings" true 473 | 474 | # --- Cheat Sheets --- 475 | git_clone_or_update https://github.com/a7t0fwa7/Windows-Local-Privilege-Escalation-CheatSheet.git "${TOOL_BASE_DIR}/CheatSheets/WinPrivEsc" true 476 | git_clone_or_update https://github.com/aaaddress1/Windows-APT-Warfare.git "${TOOL_BASE_DIR}/CheatSheets/Windows-APT-Warfare" true 477 | git_clone_or_update https://github.com/Ignitetechnologies/Credential-Dumping.git "${TOOL_BASE_DIR}/CheatSheets/Credential-Dumping" true # Duplicate? 478 | 479 | # --- Cloud Tools --- 480 | git_clone_or_update https://github.com/lutzenfried/Delegate.git "${TOOL_BASE_DIR}/Cloud/GCP_Domain_Delegation_Abuse" true # Typo 'suod' fixed 481 | git_clone_or_update https://github.com/initstring/cloud_enum.git "${TOOL_BASE_DIR}/Cloud/Multi_Cloud_Enum_tool" true 482 | git_clone_or_update https://github.com/RhinoSecurityLabs/GCP-IAM-Privilege-Escalation.git "${TOOL_BASE_DIR}/Cloud/GCP-IAM-Priv-Esc" true 483 | git_clone_or_update https://github.com/RhinoSecurityLabs/CloudScraper.git "${TOOL_BASE_DIR}/Cloud/CloudScraper" true 484 | git_clone_or_update https://github.com/RhinoSecurityLabs/GCPBucketBrute.git "${TOOL_BASE_DIR}/Cloud/GCPBucketBrute" true 485 | git_clone_or_update https://github.com/ZarvisD/Azure-AD.git "${TOOL_BASE_DIR}/Cloud/Azure-AD" true 486 | git_clone_or_update https://github.com/nccgroup/PMapper.git "${TOOL_BASE_DIR}/Cloud/AWS_PMapper" true 487 | git_clone_or_update https://github.com/nccgroup/ScoutSuite.git "${TOOL_BASE_DIR}/Cloud/MultiCloud_ScoutSuite" true 488 | git_clone_or_update https://github.com/NetSPI/MicroBurst.git "${TOOL_BASE_DIR}/Cloud/Azure_MicroBurst" true 489 | git_clone_or_update https://github.com/sa7mon/S3Scanner.git "${TOOL_BASE_DIR}/Cloud/AWS_S3Scanner" true 490 | git_clone_or_update https://github.com/aquasecurity/cloudsploit.git "${TOOL_BASE_DIR}/Cloud/MultiCloud_CloudSploit" true 491 | git_clone_or_update https://github.com/darkquasar/AzureHunter.git "${TOOL_BASE_DIR}/Cloud/Azure_Forensics_AzureHunter" true 492 | git_clone_or_update https://github.com/TROUBLE-1/Vajra.git "${TOOL_BASE_DIR}/Cloud/Azure_Vajra_Attack_Framework" true 493 | git_clone_or_update https://github.com/rkemery/bash-gcp-buckets-public.git "${TOOL_BASE_DIR}/Cloud/GCP_Enum_Buckets" true 494 | git_clone_or_update https://github.com/RhinoSecurityLabs/pacu.git "${TOOL_BASE_DIR}/Cloud/AWS_Exploitation_Framework_Pacu" true 495 | git_clone_or_update https://github.com/BishopFox/smogcloud.git "${TOOL_BASE_DIR}/Cloud/AWS_SmogCloud" true 496 | git_clone_or_update https://github.com/accurics/terrascan.git "${TOOL_BASE_DIR}/Cloud/IaaC_TerraScan" true 497 | git_clone_or_update https://github.com/FSecureLABS/leonidas.git "${TOOL_BASE_DIR}/Cloud/AWS_AttackSim_Framework_Leonidas" true 498 | 499 | # --- Egress Assess --- 500 | git_clone_or_update https://github.com/FortyNorthSecurity/Egress-Assess.git "${TOOL_BASE_DIR}/Egress-Assess" true 501 | 502 | # --- Special Handling --- 503 | # Sub3Suite (Download Tarball) 504 | local sub3suite_url="https://github.com/3nock/sub3suite/releases/download/v0.0.3/sub3suite-v0.0.3-linux.tar.gz" 505 | local sub3suite_dest="${TOOL_BASE_DIR}/Intel-Tools/sub3suite" 506 | if [ ! -d "${sub3suite_dest}" ]; then 507 | log_info "Downloading and extracting Sub3Suite..." 508 | run_cmd_sudo mkdir -p "${sub3suite_dest}" 509 | wget -qO- "${sub3suite_url}" | sudo tar -xz -C "${sub3suite_dest}" --strip-components=1 # Adjust strip-components if needed 510 | run_cmd_sudo chown -R "${CURRENT_USER}:${CURRENT_USER}" "${sub3suite_dest}" 511 | else 512 | log_info "Sub3Suite directory already exists. Skipping download." 513 | fi 514 | 515 | # Namemash (Download Gist) 516 | local namemash_url="https://gist.githubusercontent.com/superkojiman/11076951/raw/namemash.py" # Raw URL 517 | local namemash_dest="${TOOL_BASE_DIR}/Intel-Tools/namemash" # Changed location to Intel-Tools 518 | if [ ! -f "${namemash_dest}/namemash.py" ]; then 519 | log_info "Downloading Namemash..." 520 | run_cmd_sudo mkdir -p "${namemash_dest}" 521 | sudo wget -qO "${namemash_dest}/namemash.py" "${namemash_url}" 522 | run_cmd_sudo chmod +x "${namemash_dest}/namemash.py" 523 | run_cmd_sudo chown -R "${CURRENT_USER}:${CURRENT_USER}" "${namemash_dest}" 524 | else 525 | log_info "Namemash script already exists. Skipping download." 526 | fi 527 | 528 | log_info "Finished cloning tools." 529 | # Clean up empty clone dir 530 | rmdir "${CURRENT_HOME}/git-clones" 2>/dev/null || true 531 | } 532 | 533 | 534 | install_c2_frameworks() { 535 | log_info "Installing C2 Frameworks (Sliver, Mythic, Havoc, Covenant, Shad0w)..." 536 | local c2_dir="${TOOL_BASE_DIR}/Command-and-Control" 537 | 538 | # Sliver C2 539 | git_clone_or_update https://github.com/BishopFox/sliver.git "${c2_dir}/Sliver" true 540 | # Note: Sliver often requires manual steps or has its own install script. Check docs. 541 | 542 | # Mythic C2 543 | git_clone_or_update https://github.com/its-a-feature/Mythic "${c2_dir}/Mythic" true # Fixed double 'git clone' 544 | # Note: Mythic installation is complex (Docker). User needs to run './mythic-cli install github ' etc. 545 | log_warn "Mythic cloned. Refer to Mythic documentation for installation and setup." 546 | 547 | # Havoc C2 548 | git_clone_or_update https://github.com/HavocFramework/Havoc.git "${c2_dir}/Havoc" true # Renamed H4voc -> Havoc 549 | # Install Havoc dependencies (ensure these cover everything needed) 550 | log_info "Installing Havoc dependencies..." 551 | run_cmd_sudo apt-get update 552 | run_cmd_sudo apt-get install -y git build-essential apt-utils cmake libfontconfig1 libglu1-mesa-dev \ 553 | libgtest-dev libspdlog-dev libboost-all-dev libncurses5-dev libgdbm-dev libssl-dev \ 554 | libreadline-dev libffi-dev libsqlite3-dev libbz2-dev mesa-common-dev qtbase5-dev \ 555 | qtchooser qt5-qmake qtbase5-dev-tools libqt5websockets5 libqt5websockets5-dev \ 556 | qtdeclarative5-dev golang-go python3-dev mingw-w64 nasm 557 | # Build Havoc (Refer to Havoc docs for exact build steps) 558 | log_warn "Havoc cloned and dependencies installed. Refer to Havoc documentation for build instructions (usually involves building Teamserver and Client)." 559 | # Example build steps (might need adjustment): 560 | # ( cd "${c2_dir}/Havoc/teamserver" && make ) 561 | # ( cd "${c2_dir}/Havoc/client" && make ) 562 | 563 | 564 | # Custom Covenant (Venom Mod) 565 | install_modified_covenant "${c2_dir}/Venom" # Use function 566 | 567 | # Shadow C2 568 | git_clone_or_update https://github.com/bats3c/shad0w.git "${c2_dir}/shad0w" true 569 | if [ -f "${c2_dir}/shad0w/install.sh" ]; then # Check if install script exists 570 | log_info "Running Shad0w install script..." 571 | ( cd "${c2_dir}/shad0w" && sudo ./install.sh ) # Check if sudo is needed by the script 572 | else 573 | log_warn "Shad0w install script not found. Refer to Shad0w documentation." 574 | fi 575 | } 576 | 577 | # Encapsulated Covenant modification logic 578 | install_modified_covenant() { 579 | local dest_dir="$1" 580 | local source_repo="https://github.com/cobbr/Covenant.git" # Using original repo 581 | 582 | log_info "Setting up modified Covenant in ${dest_dir}..." 583 | 584 | if [ -d "${dest_dir}" ]; then 585 | log_warn "Destination directory ${dest_dir} already exists. Skipping Covenant setup." 586 | log_warn "Delete it manually if you want to reinstall." 587 | return 588 | fi 589 | 590 | log_info "Cloning original Covenant repository..." 591 | # Clone directly to final location with sudo, then chown 592 | run_cmd_sudo git clone --recurse-submodules "${source_repo}" "${dest_dir}" 593 | run_cmd_sudo chown -R "${CURRENT_USER}:${CURRENT_USER}" "${dest_dir}" 594 | 595 | local covenant_work_dir="${dest_dir}/Covenant" 596 | if [ ! -d "${covenant_work_dir}" ]; then 597 | log_error "Covenant checkout failed or directory structure unexpected at ${dest_dir}." 598 | return 599 | fi 600 | 601 | log_info "Applying 'Venom' modifications to Covenant..." 602 | ( # Run modifications in a subshell within the correct directory 603 | cd "${covenant_work_dir}" 604 | 605 | log_info "Moving directories..." 606 | # Use temporary names to avoid clashes if dirs exist 607 | mv ./Data/AssemblyReferences/ ../AssemblyReferences_temp || log_warn "Failed to move AssemblyReferences" 608 | mv ./Data/ReferenceSourceLibraries/ ../ReferenceSourceLibraries_temp || log_warn "Failed to move ReferenceSourceLibraries" 609 | mv ./Data/EmbeddedResources/ ../EmbeddedResources_temp || log_warn "Failed to move EmbeddedResources" 610 | 611 | mv ./Models/Covenant/ ./Models/Venom/ || log_warn "Failed to rename Models/Covenant" 612 | mv ./Components/CovenantUsers/ ./Components/VenomUsers/ || log_warn "Failed to rename Components/CovenantUsers" 613 | mv ./Components/Grunts/ ./Components/Nagas/ || log_warn "Failed to rename Components/Grunts" 614 | mv ./Models/Grunts/ ./Models/Nagas/ || log_warn "Failed to rename Models/Grunts" 615 | mv ./Data/Grunt/GruntBridge/ ./Data/Naga/NagaBridge/ || log_warn "Failed to rename GruntBridge" # Adjusted target 616 | mv ./Data/Grunt/GruntHTTP/ ./Data/Naga/NagaHTTP/ || log_warn "Failed to rename GruntHTTP" # Adjusted target 617 | mv ./Data/Grunt/GruntSMB/ ./Data/Naga/NagaSMB/ || log_warn "Failed to rename GruntSMB" # Adjusted target 618 | mv ./Components/GruntTaskings/ ./Components/NagaTaskings/ || log_warn "Failed to rename GruntTaskings" 619 | mv ./Components/GruntTasks/ ./Components/NagaTasks/ || log_warn "Failed to rename GruntTasks" 620 | mv ./Data/Grunt/ ./Data/Naga/ || log_warn "Failed to rename Data/Grunt" # Should be done after subdirs 621 | 622 | log_info "Applying sed replacements (this may take a while)..." 623 | # Combine sed commands for efficiency where possible, be careful with order 624 | find ./ -type f -print0 | xargs -0 sed -i \ 625 | -e "s/Grunt/Naga/g" \ 626 | -e "s/GRUNT/NAGA/g" \ 627 | -e "s/grunt/naga/g" \ 628 | -e "s/Covenant/Venom/g" \ 629 | -e "s/COVENANT/VENOM/g" \ 630 | -e "s/ExecuteStager/ExecNiveau/g" \ 631 | -e "s/SetupAES/InstallerAES/g" \ 632 | -e "s/SessionKey/CleSession/g" \ 633 | -e "s/EncryptedChallenge/CryptageChallEnge/g" \ 634 | -e "s/DecryptedChallenges/DecryptageDesChallenges/g" \ 635 | -e "s/Stage0Body/PremierBody/g" \ 636 | -e "s/Stage0Response/PremierResponse/g" \ 637 | -e "s/Stage0Bytes/PremierBytes/g" \ 638 | -e "s/Stage1Body/DeuxiemeBody/g" \ 639 | -e "s/Stage1Response/DeuxiemeResponse/g" \ 640 | -e "s/Stage1Bytes/DeuxiemeBytes/g" \ 641 | -e "s/Stage2Body/TroisiemeBody/g" \ 642 | -e "s/Stage2Response/TroisiemeResponse/g" \ 643 | -e "s/Stage2Bytes/TroisiemeBytes/g" \ 644 | -e "s/message64str/MeSSaGe64str/g" \ 645 | -e "s/messageBytes/MeSSaGebytes/g" \ 646 | -e "s/totalReadBytes/ToTalReaDBytes/g" \ 647 | -e "s/deflateStream/deFlatEstream/g" \ 648 | -e "s/memoryStream/memOrYstream/g" \ 649 | -e "s/compressedBytes/comprimebytes/g" \ 650 | -e "s/CookieWebClient/NagasWebClient/g" \ 651 | -e "s/Jitter/JItTer/g" \ 652 | -e "s/ConnectAttempts/ConneCTAttEmpTs/g" \ 653 | -e "s/RegisterBody/RegistreBody/g" \ 654 | -e "s/Hello World/Its me, nobody/g" \ 655 | -e "s/ValidateCert/ValiderLeCerTif/g" \ 656 | -e "s/UseCertPinning/UtiliseCertPin/g" \ 657 | -e "s/EncryptedMessage/MessageCrypte/g" \ 658 | -e "s/cookieWebClient/nagaWebClient/g" \ 659 | -e "s/ProfileHttp/ProfilageHTTP/g" \ 660 | -e "s/baseMessenger/bAsemEsSenGer/g" \ 661 | -e "s/PartiallyDecrypted/decryptagePartiel/g" \ 662 | -e "s/FullyDecrypted/decryptageComplet/g" 663 | 664 | log_info "Applying sed replacements specific to .cs files..." 665 | find ./ -type f -name "*.cs" -print0 | xargs -0 sed -i \ 666 | -e "s/REPLACE_/REMPLACE_/g" \ 667 | -e "s/_PROFILE_/_PROFILAGE_/g" \ 668 | -e "s/_VALIDATE_/_VALIDER_/g" \ 669 | -e "s/GUID/AUTREID/g" \ 670 | -e "s/guid/autreid/g" \ 671 | -e "s/messenger/MeSsenGer/g" \ 672 | -e "s/aes/cryptvar/g" \ 673 | -e "s/aes2/cryptvar2/g" \ 674 | -e "s/array5/arr5/g" \ 675 | -e "s/array6/arr6/g" \ 676 | -e "s/array4/arr4/g" \ 677 | -e "s/array7/arr7/g" \ 678 | -e "s/array1/arr1/g" \ 679 | -e "s/array2/arr2/g" \ 680 | -e "s/array3/arr3/g" \ 681 | -e "s/list1/li1/g" \ 682 | -e "s/list2/li2/g" \ 683 | -e "s/list3/li3/g" \ 684 | -e "s/list4/li4/g" \ 685 | -e "s/list5/li5/g" \ 686 | -e "s/group0/grp0/g" \ 687 | -e "s/group1/grp1/g" \ 688 | -e "s/group2/grp2/g" \ 689 | -e "s/group3/grp3/g" \ 690 | -e "s/group4/grp4/g" \ 691 | -e "s/group5/grp5/g" \ 692 | -e "s/group6/grp6/g" \ 693 | -e "s/group7/grp7/g" \ 694 | -e "s/group8/grp8/g" 695 | 696 | log_info "Applying sed replacements specific to .razor, .json, .yaml files..." 697 | find ./ -type f \( -name "*.razor" -o -name "*.json" -o -name "*.yaml" \) -print0 | xargs -0 sed -i \ 698 | -e "s/GUID/AUTREID/g" \ 699 | -e "s/guid/autreid/g" 700 | 701 | log_info "Renaming files containing 'Grunt' or 'Covenant'..." 702 | # Rename Grunt -> Naga 703 | find ./ -depth -name '*Grunt*' -exec bash -c 'mv "$0" "$(echo "$0" | sed -e "s/Grunt/Naga/g")"' {} \; 704 | find ./ -depth -name '*GRUNT*' -exec bash -c 'mv "$0" "$(echo "$0" | sed -e "s/GRUNT/NAGA/g")"' {} \; 705 | find ./ -depth -name '*grunt*' -exec bash -c 'mv "$0" "$(echo "$0" | sed -e "s/grunt/naga/g")"' {} \; 706 | # Rename Covenant -> Venom 707 | find ./ -depth -name '*Covenant*' -exec bash -c 'mv "$0" "$(echo "$0" | sed -e "s/Covenant/Venom/g")"' {} \; 708 | find ./ -depth -name '*COVENANT*' -exec bash -c 'mv "$0" "$(echo "$0" | sed -e "s/COVENANT/VENOM/g")"' {} \; 709 | 710 | log_info "Moving back directories..." 711 | mv ../AssemblyReferences_temp/ ./Data/AssemblyReferences || log_warn "Failed to move back AssemblyReferences" 712 | mv ../ReferenceSourceLibraries_temp/ ./Data/ReferenceSourceLibraries || log_warn "Failed to move back ReferenceSourceLibraries" 713 | mv ../EmbeddedResources_temp/ ./Data/EmbeddedResources || log_warn "Failed to move back EmbeddedResources" 714 | 715 | log_info "Building modified Covenant (Venom)..." 716 | if check_command dotnet; then 717 | dotnet build || log_error "Covenant build failed." 718 | else 719 | log_error "dotnet command not found. Cannot build Covenant." 720 | fi 721 | ) # End subshell 722 | log_info "Finished Covenant modification and build attempt." 723 | } 724 | 725 | set_motd() { 726 | log_info "Setting custom MOTD..." 727 | local motd_content="\nDark Ops || Field-Operations\nred-team-ops\n\n" 728 | echo -e "${motd_content}" | sudo tee /etc/motd > /dev/null 729 | } 730 | 731 | # --- Main Execution --- 732 | 733 | main() { 734 | log_info "Starting Kali C2 and Tools Setup Script..." 735 | log_info "Running as user: ${CURRENT_USER} in home: ${CURRENT_HOME}" 736 | log_info "Tools will be installed in: ${TOOL_BASE_DIR}" 737 | 738 | update_system 739 | # setup_network # Uncomment if network configuration is needed 740 | enable_ssh 741 | install_dev_tools 742 | install_docker 743 | install_extra_tools 744 | create_tool_dirs 745 | clone_security_tools 746 | install_c2_frameworks 747 | set_motd 748 | 749 | log_info "-----------------------------------------------------" 750 | log_info "Setup script completed!" 751 | log_warn "Please review any warnings or errors above." 752 | log_warn "Remember to source ${CURRENT_HOME}/.profile or ${CURRENT_HOME}/.zshrc or restart your shell for PATH changes to take effect." 753 | log_warn "Docker group membership requires logout/login." 754 | log_warn "C2 frameworks (Mythic, Havoc, Sliver, Shad0w) require additional manual setup/build steps. Refer to their documentation." 755 | log_warn "The network setup section was commented out by default. Uncomment 'setup_network' in the script if needed." 756 | # log_warn "A reboot was previously included but is now commented out." 757 | # read -p "Press Enter to reboot, or Ctrl+C to cancel..." 758 | # sudo reboot 759 | log_info "-----------------------------------------------------" 760 | } 761 | 762 | # Run the main function 763 | main 764 | 765 | exit 0 766 | --------------------------------------------------------------------------------