├── nysm-cron ├── README.md ├── LICENSE ├── .gitignore ├── default.conf └── nysm-setup.sh /nysm-cron: -------------------------------------------------------------------------------- 1 | # /etc/cron.d/nysm: crontab entries for the certbot package 2 | # 3 | # Upstream recommends attempting renewal twice a day 4 | # 5 | # Eventually, this will be an opportunity to validate certificates 6 | # haven't been revoked, etc. Renewal will only occur if expiration 7 | # is within 30 days. 8 | #!/bin/sh 9 | 10 | 0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /opt/letsencrypt/certbot-auto renew && service nginx restart 11 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # now-you-see-me 2 | Pass-thru web server for traffic redirection 3 | 4 | ## Getting Started 5 | 6 | ```bash 7 | brownee $ git clone https://github.com/audrummer15/now-you-see-me.git 8 | brownee $ cd now-you-see-me 9 | brownee $ chmod +x nysm-setup.sh 10 | brownee $ sudo ./nysm-setup.sh 11 | 12 | 1) Setup Nginx Redirector 13 | 2) Check Status 14 | 3) Quit 15 | 16 | NYSM - Select an Option: 1 17 | 18 | ... 19 | 20 | 1) Setup Nginx Redirector 21 | 2) Check Status 22 | 3) Quit 23 | 24 | NYSM - Select an Option: 3 25 | 26 | brownee $ 27 | ``` 28 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Adam Brown 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | wheels/ 24 | *.egg-info/ 25 | .installed.cfg 26 | *.egg 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | 49 | # Translations 50 | *.mo 51 | *.pot 52 | 53 | # Django stuff: 54 | *.log 55 | local_settings.py 56 | 57 | # Flask stuff: 58 | instance/ 59 | .webassets-cache 60 | 61 | # Scrapy stuff: 62 | .scrapy 63 | 64 | # Sphinx documentation 65 | docs/_build/ 66 | 67 | # PyBuilder 68 | target/ 69 | 70 | # Jupyter Notebook 71 | .ipynb_checkpoints 72 | 73 | # pyenv 74 | .python-version 75 | 76 | # celery beat schedule file 77 | celerybeat-schedule 78 | 79 | # SageMath parsed files 80 | *.sage.py 81 | 82 | # dotenv 83 | .env 84 | 85 | # virtualenv 86 | .venv 87 | venv/ 88 | ENV/ 89 | 90 | # Spyder project settings 91 | .spyderproject 92 | .spyproject 93 | 94 | # Rope project settings 95 | .ropeproject 96 | 97 | # mkdocs documentation 98 | /site 99 | 100 | # mypy 101 | .mypy_cache/ 102 | -------------------------------------------------------------------------------- /default.conf: -------------------------------------------------------------------------------- 1 | ## 2 | # You should look at the following URL's in order to grasp a solid understanding 3 | # of Nginx configuration files in order to fully unleash the power of Nginx. 4 | # http://wiki.nginx.org/Pitfalls 5 | # http://wiki.nginx.org/QuickStart 6 | # http://wiki.nginx.org/Configuration 7 | # 8 | # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. 9 | ## 10 | 11 | server { 12 | listen 80 default_server; 13 | listen [::]:80 default_server; 14 | 15 | root /var/www/html; 16 | 17 | index index.php index.html index.htm index.nginx-debian.html; 18 | 19 | server_name ; 20 | 21 | location / { 22 | try_files $uri $uri/ @c2; 23 | } 24 | 25 | location ~ \.php$ { 26 | try_files $uri @c2; 27 | fastcgi_pass unix:/var/run/php5-fpm.sock; 28 | fastcgi_index index.php; 29 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 30 | include fastcgi_params; 31 | } 32 | 33 | location @c2 { 34 | proxy_pass http://; 35 | proxy_redirect off; 36 | proxy_set_header Host $host; 37 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 38 | } 39 | } 40 | 41 | #nysm#server { 42 | #nysm# listen 443 ssl default_server; 43 | #nysm# listen [::]:443 ssl default_server; 44 | #nysm# 45 | #nysm# ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot 46 | #nysm# ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot 47 | #nysm# ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot 48 | #nysm# ssl_session_timeout 1440m; # managed by Certbot 49 | #nysm# 50 | #nysm# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot 51 | #nysm# ssl_prefer_server_ciphers on; # managed by Certbot 52 | #nysm# 53 | #nysm# ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; # managed by Certbot 54 | #nysm# 55 | #nysm# root /var/www/html; 56 | #nysm# 57 | #nysm# index index.php index.html index.htm index.nginx-debian.html; 58 | #nysm# 59 | #nysm# server_name ; 60 | #nysm# 61 | #nysm# location / { 62 | #nysm# try_files $uri $uri/ @c2; 63 | #nysm# } 64 | #nysm# 65 | #nysm# location ~ \.php$ { 66 | #nysm# try_files $uri @c2; 67 | #nysm# fastcgi_pass unix:/var/run/php5-fpm.sock; 68 | #nysm# fastcgi_index index.php; 69 | #nysm# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 70 | #nysm# include fastcgi_params; 71 | #nysm# } 72 | #nysm# 73 | #nysm# location @c2 { 74 | #nysm# proxy_pass https://; 75 | #nysm# proxy_redirect off; 76 | #nysm# proxy_set_header Host $host; 77 | #nysm# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 78 | #nysm# } 79 | #nysm#} 80 | -------------------------------------------------------------------------------- /nysm-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Now You See Me 3 | # brownee 4 | 5 | NORMAL=`echo "\033[m"` 6 | BRED=`printf "\e[1;31m"` 7 | BGREEN=`printf "\e[1;32m"` 8 | BYELLOW=`printf "\e[1;33m"` 9 | COLUMNS=12 10 | 11 | nysm_action() { 12 | printf "\n${BGREEN}[+]${NORMAL} $1\n" 13 | } 14 | 15 | nysm_warning() { 16 | printf "\n${BYELLOW}[!]${NORMAL} $1\n" 17 | } 18 | 19 | nysm_error() { 20 | printf "\n${BRED}[!] $1${NORMAL}\n" 21 | } 22 | 23 | error_exit() { 24 | echo -e "\n$1\n" 1>&2 25 | exit 1 26 | } 27 | 28 | check_errors() { 29 | if [ $? -ne 0 ]; then 30 | nysm_error "An error occurred..." 31 | error_exit "Exiting..." 32 | fi 33 | } 34 | 35 | nysm_confirm() { 36 | read -r -p "$1 [y/N] " response 37 | case "$response" in 38 | [yY][eE][sS]|[yY]) 39 | return 0 40 | ;; 41 | *) 42 | return 1 43 | ;; 44 | esac 45 | } 46 | 47 | nysm_install() { 48 | CONF_DST="/etc/nginx/sites-enabled/default" 49 | 50 | nysm_action "Installing Dependencies..." 51 | apt-get install -y vim less 52 | 53 | nysm_action "Updating apt-get..." 54 | apt-get update 55 | check_errors 56 | 57 | nysm_action "Installing general net tools..." 58 | apt-get install -y inetutils-ping net-tools screen dnsutils curl 59 | check_errors 60 | 61 | nysm_action "Installing nginx git..." 62 | apt-get install -y nginx git 63 | 64 | nysm_action "Installing certbot..." 65 | git clone https://github.com/certbot/certbot.git /opt/letsencrypt > /dev/null 2>&1\ 66 | 67 | nysm_action "Adding cronjob..." 68 | cp nysm-cron /etc/cron.d/nysm 69 | check_errors 70 | 71 | nysm_action "Finished installing dependencies!" 72 | } 73 | 74 | nysm_initialize() { 75 | nysm_action "Modifying nginx configs..." 76 | if [ "$#" -ne 2 ]; then 77 | read -r -p "What is the sites domain name? (ex: google.com) " domain_name 78 | read -r -p "What is the C2 server address? (IP:Port) " c2_server 79 | else 80 | domain_name=$1 81 | c2_server=$2 82 | fi 83 | 84 | cp ./default.conf $CONF_DST 85 | 86 | sed -i.bak "s//$domain_name/" $CONF_DST 87 | rm $CONF_DST.bak 88 | 89 | sed -i.bak "s//$c2_server/" $CONF_DST 90 | rm $CONF_DST.bak 91 | check_errors 92 | 93 | SSL_SRC="/etc/letsencrypt/live/$domain_name" 94 | nysm_action "Obtaining Certificates..." 95 | /opt/letsencrypt/certbot-auto certonly --non-interactive --quiet --register-unsafely-without-email --agree-tos -a webroot --webroot-path=/var/www/html -d $domain_name 96 | check_errors 97 | 98 | nysm_action "Installing Certificates..." 99 | sed -i.bak "s/^#nysm#//g" $CONF_DST 100 | rm $CONF_DST.bak 101 | check_errors 102 | 103 | nysm_action "Restarting Nginx..." 104 | systemctl restart nginx.service 105 | check_errors 106 | 107 | nysm_action "Done!" 108 | } 109 | 110 | nysm_setup() { 111 | nysm_install 112 | nysm_initialize $1 $2 113 | } 114 | 115 | nysm_status() { 116 | printf "\n************************ Processes ************************\n" 117 | ps aux | grep -E 'nginx' | grep -v grep 118 | 119 | printf "\n************************* Network *************************\n" 120 | netstat -tulpn | grep -E 'nginx' 121 | } 122 | 123 | if [ "$#" -ne 2 ]; then 124 | PS3=" 125 | NYSM - Select an Option: " 126 | 127 | finshed=0 128 | while (( !finished )); do 129 | printf "\n" 130 | options=("Setup Nginx Redirector" "Check Status" "Quit") 131 | select opt in "${options[@]}" 132 | do 133 | case $opt in 134 | "Setup Nginx Redirector") 135 | nysm_setup 136 | break; 137 | ;; 138 | "Check Status") 139 | nysm_status 140 | break; 141 | ;; 142 | "Quit") 143 | finished=1 144 | break; 145 | ;; 146 | *) nysm_warning "invalid option" ;; 147 | esac 148 | done 149 | done 150 | else 151 | nysm_setup $1 $2 152 | fi 153 | --------------------------------------------------------------------------------