├── .gitignore
├── README.md
├── prepkal.sh
└── scripts
    ├── backdoors_down.sh
    ├── forensic_down.sh
    ├── functions.sh
    ├── install_tools.sh
    ├── privesc_down.sh
    ├── ps1_down.sh
    └── wordlists_down.sh


/.gitignore:
--------------------------------------------------------------------------------
1 | ikeforce
2 | ikerforce/*
3 | odat
4 | odat/*
5 | sniper
6 | sniper/*
7 | udp-proto-scanner
8 | udp-proto-scanner/*
9 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Prepkal
 2 | 
 3 | Simple script to download some missing tools in Kali
 4 | 
 5 | ```
 6 |                              __           .__   
 7 | _____________   ____ ______ |  | _______  |  |  
 8 | \____ \_  __ \_/ __ \\____ \|  |/ /\__  \ |  |  
 9 | |  |_> >  | \/\  ___/|  |_> >    <  / __ \|  |__
10 | |   __/|__|    \___  >   __/|__|_ \(____  /____/
11 | |__|               \/|__|        \/     \/ since 2019
12 | 
13 | 
14 | Prepare a new Kali VM with some missing tools
15 | Valid options:
16 | 	all		--	Install all
17 | 	tools		--	Install main tools
18 | 	backdoors	--	Download some backdoors
19 | 	privesc		--	Download privesc tools
20 | 	wordlists	--	Download some wordlists
21 | 	forensics	--	Download some forensics tools
22 | 
23 | ./prepkal.sh all
24 | ```
25 | 
26 | ## Options
27 | 
28 | - Install all (**all**)
29 | - Install backdoors (**backdoors**)
30 | - Install privesc tools (**privesc**)
31 | - Install wordlists (**wordlists**)
32 | - Install forensics tools (**forensics**)
33 | 
34 | By Polop(TM)
35 | 


--------------------------------------------------------------------------------
/prepkal.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | . scripts/functions.sh
 4 | 
 5 | echo "ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBfXyAgICAgICAgICAgLl9fICAgCl9fX19fX19fX19fX18gICBfX19fIF9fX19fXyB8ICB8IF9fX19fX18gIHwgIHwgIApcX19fXyBcXyAgX18gXF8vIF9fIFxcX19fXyBcfCAgfC8gL1xfXyAgXCB8ICB8ICAKfCAgfF8+ID4gIHwgXC9cICBfX18vfCAgfF8+ID4gICAgPCAgLyBfXyBcfCAgfF9fCnwgICBfXy98X198ICAgIFxfX18gID4gICBfXy98X198XyBcKF9fX18gIC9fX19fLwp8X198ICAgICAgICAgICAgICAgXC98X198ICAgICAgICBcLyAgICAgXC8gc2luY2UgMjAxOQo=" | base64 -d
 6 | echo ""
 7 | echo ""
 8 | 
 9 | help="Prepare a new Kali VM with some missing tools\nValid options:\n\tall\t\t--\tInstall all\n\ttools\t\t--\tInstall main tools\n\tbackdoors\t--\tDownload some backdoors\n\tprivesc\t\t--\tDownload privesc tools\n\twordlists\t--\tDownload some wordlists\n\tforensics\t--\tDownload some forensics tools\n\tps1\t\t--\tDownload a new PS1\n\n$0 all"
10 | 
11 | if [[ $EUID -ne 0 ]]; then
12 |    echo -e "\e[31mThis script must be run as root\e[0m" 1>&2
13 |    exit 1
14 | fi
15 | 
16 | if [ "$#" -ne 1 ]; then
17 |     echo -e "$help"
18 |     exit 1
19 | fi
20 | 
21 | 
22 | chmod +x scripts/install_tools.sh
23 | chmod +x scripts/backdoors_down.sh
24 | chmod +x scripts/privesc_down.sh
25 | chmod +x scripts/wordlists_down.sh
26 | chmod +x scripts/forensic_down.sh
27 | chmod +x scripts/ps1_down.sh
28 | 
29 | if [ $1 == "all" ]; then
30 |     write_super_main "Good choice. Starting installing all the tools..."
31 |     scripts/install_tools.sh
32 |     scripts/backdoors_down.sh
33 |     scripts/privesc_down.sh
34 |     scripts/wordlists_down.sh
35 |     scripts/forensic_down.sh
36 |     scripts/ps1_down.sh
37 | 
38 | elif [ $1 == "tools" ]; then
39 |     write_super_main "Good choice. Starting installing only the main tools..."
40 |     scripts/install_tools.sh
41 | 
42 | elif [ $1 == "backdoors" ]; then
43 |     write_super_main "Good choice. Starting installing only the backdoors..."
44 |     scripts/backdoors_down.sh
45 | 
46 | elif [ $1 == "privesc" ]; then
47 |     write_super_main "Good choice. Starting installing only the privesc tools..."
48 |     scripts/privesc_down.sh
49 | 
50 | elif [ $1 == "wordlists" ]; then
51 |     write_super_main "Good choice. Starting installing only the wordlists tools..."
52 |     scripts/wordlists_down.sh
53 | 
54 | elif [ $1 == "forensics" ]; then
55 |     write_super_main "Good choice. Starting installing only the forensics tools..."
56 |     scripts/forensic_down.sh
57 | 
58 | elif [ $1 == "ps1" ]; then
59 |     write_super_main "Good choice. Downloading PS1..."
60 |     scripts/ps1_down.sh
61 | 
62 | else
63 |     echo -e "$help"
64 |     exit 1
65 | fi
66 | 
67 | echo ""
68 | write_super_main "All done. Bye!"
69 | 


--------------------------------------------------------------------------------
/scripts/backdoors_down.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | . scripts/functions.sh
 4 | 
 5 | rootDir=/opt/backdoors
 6 | phpDir=$rootDir/php
 7 | 
 8 | rm -rf $rootDir
 9 | 
10 | write_main "Creating $rootDir"
11 | mkdir $rootDir
12 | 
13 | back_git_tools=(
14 |     "https://github.com/EmpireProject/Empire.git"
15 |     "https://github.com/trustedsec/unicorn.git"
16 |     "https://github.com/n1nj4sec/pupy.git"
17 |     "https://github.com/samratashok/nishang.git"
18 |     "https://github.com/Ne0nd0g/merlin.git"
19 |     "https://github.com/Hackplayers/Salsa-tools.git"
20 |     "https://github.com/inquisb/icmpsh"
21 |     "https://github.com/besimorhino/powercat.git"
22 |     "https://github.com/zerosum0x0/koadic.git"
23 | )
24 | back_tools=(
25 |     "https://eternallybored.org/misc/netcat/netcat-win32-1.11.zip"
26 | )
27 | 
28 | for u in "${back_git_tools[@]}"; do download_git $u $rootDir; done
29 | for u in "${back_tools[@]}"; do direct_download $u $rootDir; done
30 | 


--------------------------------------------------------------------------------
/scripts/forensic_down.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | . scripts/functions.sh
 4 | 
 5 | write_main "Start installing some forensic tools"
 6 | 
 7 | write_main "Installing yara"
 8 | apt-get install -y yara
 9 | 
10 | write_main "Installing clamAV"
11 | apt-get install -y clamav
12 | 
13 | write_main "Installing suricata"
14 | apt-get install -y suricata
15 | apt-get install -y oinkmaster
16 | echo "url = http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz" >> /etc/oinkmaster.conf
17 | oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules
18 | 


--------------------------------------------------------------------------------
/scripts/functions.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | Y='\033[1;33m'
 4 | B='\033[0;34m'
 5 | G='\033[0;32m'
 6 | P='\033[1;35m'
 7 | NC='\033[0m'
 8 | 
 9 | function write_super_main(){
10 |     printf "${P}$1${NC}\n"
11 |     echo ""
12 | }
13 | 
14 | function write_main(){
15 |     printf "${G}[*]${Y} $1${NC}\n"
16 | }
17 | 
18 | function write_download(){
19 |     printf "${B}[+]${Y} Downloading $1${NC}\n"
20 | }
21 | 
22 | function download_git(){
23 |     URL=$1
24 |     FOLDER=$2
25 |     back=`pwd`
26 |     cd $FOLDER
27 |     write_download $URL
28 |     git clone $URL
29 |     cd $back
30 | }
31 | 
32 | function direct_download(){
33 |     URL=$1
34 |     FOLDER=$2
35 |     back=`pwd`
36 |     cd $FOLDER
37 |     write_download $URL
38 |     wget $URL
39 |     unzip *.zip 2>/dev/null
40 |     rm -rf *.zip 2>/dev/null
41 |     cd $back
42 | }


--------------------------------------------------------------------------------
/scripts/install_tools.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | . scripts/functions.sh
  4 | 
  5 | write_main "Updating..."
  6 | apt-get update
  7 | apt-get upgrade -y
  8 | 
  9 | write_main "Installing getsploit"
 10 | pip install getsploit
 11 | 
 12 | write_main "Installing dirb"
 13 | apt-get install dirb -y
 14 | 
 15 | write_main "Installing ltrace and strace"
 16 | apt-get install ltrace strace -y
 17 | 
 18 | write_main "Installing Snipper"
 19 | git clone https://github.com/1N3/Sn1per.git sniper
 20 | chmod +x sniper/install.sh
 21 | echo "Y" | ./sniper/install.sh
 22 | 
 23 | write_main "Installing Code"
 24 | curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
 25 | mv microsoft.gpg /etc/apt/trusted.gpg.d/microsoft.gpg
 26 | echo "deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main" > /etc/apt/sources.list.d/vscode.list
 27 | apt update && apt install code -y
 28 | 
 29 | write_main "Installing terminator"
 30 | apt install terminator -y
 31 | 
 32 | write_main "Installing libreoffice"
 33 | apt-get install libreoffice -y
 34 | 
 35 | write_main "Installing ftp"
 36 | apt-get install ftp -y
 37 | 
 38 | write_main "Installing powershell"
 39 | apt-get install -y powershell
 40 | 
 41 | write_main "Installing mingw-w64"
 42 | apt-get -y install mingw-w64
 43 | 
 44 | write_main "Installing 7z2john.pl"
 45 | wget https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/7z2john.pl -P /usr/bin
 46 | chmod +x /usr/bin/7z2john.pl
 47 | 
 48 | write_main "Installing pyftplib"
 49 | apt-get install python-pyftpdlib -y
 50 | 
 51 | write_main "Installing ptftpd"
 52 | pip install ptftpd
 53 | 
 54 | #write_main "Installing peda"
 55 | #git clone https://github.com/longld/peda.git ~/peda
 56 | #echo "source ~/peda/peda.py" >> ~/.gdbinit
 57 | 
 58 | write_main "Enabling postgresql"
 59 | systemctl enable postgresql
 60 | 
 61 | write_main "Intalling mingw-w64"
 62 | apt-get install mingw-w64 -y
 63 | 
 64 | write_main "Intalling crackmapexec"
 65 | apt-get install crackmapexec -y
 66 | 
 67 | write_main "Installing Docker"
 68 | #https://medium.com/@airman604/installing-docker-in-kali-linux-2017-1-fbaa4d1447fe
 69 | curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
 70 | echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' > /etc/apt/sources.list.d/docker.list
 71 | apt-get update
 72 | apt-get remove docker docker-engine docker.io -y
 73 | apt-get install docker-ce -y
 74 | 
 75 | write_main "Installing oracle dependencies for patator"
 76 | pip3 install cx_Oracle --upgrade
 77 | 
 78 | write_main "Installing grc"
 79 | apt-get install -y grc
 80 | 
 81 | write_main "Installing rlwrap"
 82 | apt-get install -y rlwrap
 83 | 
 84 | write_main "Installing gdbserver"
 85 | apt-get install -y gdbserver
 86 | 
 87 | write_main "Installing libcompress-raw for 7z2john-pl"
 88 | apt-get install libcompress-raw-lzma-perl -y
 89 | 
 90 | #Here are the dependencies for Legion
 91 | write_main "Installing odat"
 92 | git clone https://github.com/quentinhardy/odat.git odat
 93 | ln -s "$(pwd)/odat/odat.py" /usr/bin/odat.py
 94 | 
 95 | write_main "Installing ikeforce"
 96 | git clone https://github.com/SpiderLabs/ikeforce.git ikeforce
 97 | ln -s "$(pwd)/ikeforce/ikeforce.py" /usr/bin/ikeforce
 98 | pip2 install pyip pycrypto pyopenssl || pip install pyip pycrypto pyopenssl 
 99 | 
100 | write_main "Installing rpcbind"
101 | apt-get install -y rpcbind
102 | 
103 | write_main "Installing evil-winrm"
104 | gem install evil-winrm
105 | 
106 | write_main "Installing UDP-Proto-Scanner"
107 | git clone https://github.com/portcullislabs/udp-proto-scanner.git udp-proto-scanner
108 | cp udp-proto-scanner/udp-proto-scanner.pl udp-proto-scanner/udp-proto-scanner.conf /usr/local/bin
109 | 
110 | write_main "Installing snmp-mibs-downloader"
111 | apt-get install snmp-mibs-downloader -y
112 | sed -i 's/mibs :/#mibs :/g' /etc/snmp/snmp.conf
113 | 
114 | write_main "Creating symlink of /usr/share/doc/python-impacket/examples/samrdump.py"
115 | ln -s /usr/share/doc/python-impacket/examples/samrdump.py /usr/bin/samrdump.py
116 | 
117 | write_main "Creating symlink of /usr/share/doc/python-impacket/examples/rpcdump.py"
118 | ln -s /usr/share/doc/python-impacket/examples/rpcdump.py /usr/bin/rpcdump.py
119 | 
120 | write_main "Installing dirhunt"
121 | pip3 install dirhunt
122 | 


--------------------------------------------------------------------------------
/scripts/privesc_down.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | . scripts/functions.sh
  4 | 
  5 | rootDir=/opt/privesc
  6 | linuxDir=$rootDir/linux
  7 | winDir=$rootDir/windows
  8 | 
  9 | rm -rf $rootDir
 10 | 
 11 | write_main "Creating $rootDir"
 12 | mkdir $rootDir
 13 | write_main "Creating $linuxDir"
 14 | mkdir $linuxDir
 15 | write_main "Creating $winDir"
 16 | mkdir $winDir
 17 | 
 18 | 
 19 | ### LINUX
 20 | echo ""
 21 | write_main "Starting download of Scripts for Linux/Unix Privesc"
 22 | linux_privesc=(
 23 |     "https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh"
 24 |     "https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh"
 25 |     "https://raw.githubusercontent.com/jondonas/linux-exploit-suggester-2/master/linux-exploit-suggester-2.pl"
 26 |     "http://pentestmonkey.net/tools/unix-privesc-check/unix-privesc-check-1.4.tar.gz"
 27 |     "http://www.securitysift.com/download/linuxprivchecker.py"
 28 |     "https://github.com/AlessandroZ/BeRoot/archive/master.zip"
 29 |     "https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh"
 30 | )
 31 | linux_git_prives=(
 32 |     "https://github.com/spencerdodd/kernelpop.git"
 33 |     "https://github.com/jondonas/linux-exploit-suggester-2.git"
 34 | )
 35 | 
 36 | for link in "${linux_privesc[@]}"; do direct_download $link $linuxDir; done
 37 | for link in "${linux_privesc[@]}"; do download_git $link $linuxDir; done
 38 | 
 39 | write_main "Decompressing tar files..."
 40 | cd $linuxDir
 41 | tar xvzf *.tar.gz
 42 | rm -f *.tar.gz
 43 | 
 44 | 
 45 | ### WINDOWS
 46 | echo ""
 47 | write_main "Starting download Windows Privesc"
 48 | 
 49 | windows_ps_folder="$winDir/powershell"
 50 | mkdir $windows_ps_folder
 51 | windows_git_ps=(
 52 |     "https://github.com/PowerShellMafia/PowerSploit.git --branch dev"
 53 |     "https://github.com/Kevin-Robertson/Inveigh.git"
 54 | )
 55 | windows_ps=(
 56 |     "https://raw.githubusercontent.com/enjoiz/Privesc/master/privesc.ps1"
 57 |     "https://raw.githubusercontent.com/411Hall/JAWS/master/jaws-enum.ps1"
 58 |     "https://raw.githubusercontent.com/Arvanaghi/SessionGopher/master/SessionGopher.ps1"
 59 |     "https://raw.githubusercontent.com/peewpw/Invoke-WCMDump/master/Invoke-WCMDump.ps1"
 60 |     "https://raw.githubusercontent.com/dafthack/DomainPasswordSpray/master/DomainPasswordSpray.ps1"
 61 |     "https://raw.githubusercontent.com/rasta-mouse/Sherlock/master/Sherlock.ps1"
 62 | )
 63 | for u in "${windows_git_ps[@]}"; do download_git "$u" $windows_ps_folder; done
 64 | for u in "${windows_ps[@]}"; do direct_download "$u" $windows_ps_folder; done
 65 | 
 66 | 
 67 | windows_exe_folder="$winDir/exe"
 68 | mkdir $windows_exe_folder
 69 | windows_exe=(
 70 |     "https://github.com/AlessandroZ/LaZagne/releases/download/v2.4.2/lazagne.exe"
 71 |     "https://github.com/AlessandroZ/BeRoot/releases/download/1.0.1/beRoot.zip"
 72 |     "https://github.com/pentestmonkey/windows-privesc-check/raw/master/windows-privesc-check2.exe"
 73 |     "https://github.com/carlospolop/winPE/raw/master/binaries/accesschk/accesschk-2003-xp.exe"
 74 |     "https://github.com/ohpe/juicy-potato/releases/download/v0.1/JuicyPotato.exe"
 75 | )
 76 | windows_exe_git=(
 77 |     "https://github.com/ohpe/juicy-potato.git"
 78 |     "https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git"
 79 | )
 80 | for u in "${windows_exe[@]}"; do direct_download "$u" $windows_exe_folder; done
 81 | for u in "${windows_exe_git[@]}"; do download_git "$u" $windows_exe_folder; done
 82 | 
 83 | 
 84 | windows_watson="$windows_exe_folder/watson"
 85 | mkdir $windows_watson
 86 | windows_exe_watson=(
 87 |     "https://github.com/carlospolop/winPE/raw/master/binaries/watson/WatsonNet3.5AnyCPU.exe"
 88 |     "https://github.com/carlospolop/winPE/raw/master/binaries/watson/WatsonNet3.5x64.exe"
 89 |     "https://github.com/carlospolop/winPE/raw/master/binaries/watson/WatsonNet3.5x86.exe"
 90 |     "https://github.com/carlospolop/winPE/raw/master/binaries/watson/WatsonNet3AnyCPU.exe"
 91 |     "https://github.com/carlospolop/winPE/raw/master/binaries/watson/WatsonNet3x64.exe"
 92 |     "https://github.com/carlospolop/winPE/raw/master/binaries/watson/WatsonNet3x86.exe"
 93 |     "https://github.com/carlospolop/winPE/raw/master/binaries/watson/WatsonNet4AnyCPU.exe"
 94 |     "https://github.com/carlospolop/winPE/raw/master/binaries/watson/WatsonNet4x64.exe"
 95 |     "https://github.com/carlospolop/winPE/raw/master/binaries/watson/WatsonNet4x86.exe"
 96 | )
 97 | for u in "${windows_exe_watson[@]}"; do direct_download "$u" $windows_watson; done
 98 | 
 99 | 
100 | windows_seatbelt="$windows_exe_folder/seatbelt"
101 | mkdir $windows_seatbelt
102 | windows_exe_seatbelt=(
103 |     "https://github.com/carlospolop/winPE/raw/master/binaries/seatbelt/SeatbeltNet3.5AnyCPU.exe"
104 |     "https://github.com/carlospolop/winPE/raw/master/binaries/seatbelt/SeatbeltNet3.5x64.exe"
105 |     "https://github.com/carlospolop/winPE/raw/master/binaries/seatbelt/SeatbeltNet3.5x86.exe"
106 |     "https://github.com/carlospolop/winPE/raw/master/binaries/seatbelt/SeatbeltNet4AnyCPU.exe"
107 |     "https://github.com/carlospolop/winPE/raw/master/binaries/seatbelt/SeatbeltNet4x64.exe"
108 |     "https://github.com/carlospolop/winPE/raw/master/binaries/seatbelt/SeatbeltNet4x86.exe"
109 | )
110 | for u in "${windows_exe_seatbelt[@]}"; do direct_download "$u" $windows_seatbelt; done
111 | 
112 | 
113 | windows_bat_folder="$winDir/bat"
114 | mkdir $windows_bat_folder
115 | windows_bat=(
116 |     "https://raw.githubusercontent.com/carlospolop/winPE/master/winPE.bat"
117 |     "https://raw.githubusercontent.com/enjoiz/Privesc/master/privesc.bat"
118 | )
119 | for u in "${windows_bat[@]}"; do direct_download "$u" $windows_bat_folder; done
120 | 
121 | 
122 | windows_local_folder="$winDir/local"
123 | mkdir $windows_local_folder
124 | windows_local=(
125 |     "https://github.com/GDSSecurity/Windows-Exploit-Suggester.git"
126 |     "https://github.com/bitsadmin/wesng.git"
127 | )
128 | for u in "${windows_local[@]}"; do download_git "$u" $windows_local_folder; done
129 | 
130 | 
131 | pip install xlrd --upgrade #Needed for Windows-Exploit-Suggester
132 | 


--------------------------------------------------------------------------------
/scripts/ps1_down.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | . scripts/functions.sh
4 | 
5 | write_main "Downloading a new PS1"
6 | 
7 | curl https://gist.githubusercontent.com/carlospolop/43f7cd50f3deea972439af3222b68808/raw/d3a62d61e5feb6a61426d67ed9b75c85d75f84b5/ps1.bash >> /etc/bash.bashrc
8 | 


--------------------------------------------------------------------------------
/scripts/wordlists_down.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | . scripts/functions.sh
 4 | 
 5 | rootDir=/usr/share/wordlists/external
 6 | 
 7 | rm -rf $rootDir
 8 | 
 9 | write_main "Creating $rootDir"
10 | mkdir $rootDir
11 | 
12 | wordlists_git=(
13 |     "https://github.com/danielmiessler/SecLists.git"
14 |     "https://github.com/berzerk0/Probable-Wordlists.git"
15 |     "https://github.com/swisskyrepo/PayloadsAllTheThings.git"
16 |     "https://github.com/1N3/BruteX.git"
17 | )
18 | 
19 | for u in "${wordlists_git[@]}"; do download_git $u $rootDir; done
20 | 
21 | 


--------------------------------------------------------------------------------