├── .gitignore ├── group_vars └── all ├── roles ├── pentest │ ├── powershell │ │ └── tasks │ │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── vuln-analysis │ │ └── tasks │ │ │ └── main.yml │ ├── post-exploitation │ │ └── tasks │ │ │ └── main.yml │ ├── exploitation │ │ └── tasks │ │ │ └── main.yml │ ├── intel-gathering │ │ └── tasks │ │ │ └── main.yml │ ├── wireless │ │ └── tasks │ │ │ └── main.yaml │ └── scripts │ │ └── build_launchers.py ├── terminal │ ├── templates │ │ ├── vimrc.template │ │ ├── zshrc.template │ │ └── tmux.conf.template │ └── tasks │ │ └── main.yml ├── python │ └── tasks │ │ └── main.yml └── common │ └── tasks │ └── main.yml ├── site.yml ├── LICENSE └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | env/ 2 | .DS_Store 3 | hosts -------------------------------------------------------------------------------- /group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | ops_user: overwatch 3 | ops_pass: $6$kZHuzKpE$yNOcqqEWmo4/VYOjzIbALaqfGQddSLm4MQitpjWNnivTiHQD5x1lVCtHVBR0dsKvZ3eGai4IzzHB6ub2c4jbE1 -------------------------------------------------------------------------------- /roles/pentest/powershell/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: get empire 3 | git: 4 | repo: https://github.com/EmpireProject/Empire 5 | dest: /opt/empire 6 | update: yes 7 | -------------------------------------------------------------------------------- /roles/pentest/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: copy launcher build script 3 | copy: 4 | src: ../scripts/build_launchers.py 5 | dest: /tmp 6 | 7 | - name: build launchers 8 | shell: python build_launchers.py 9 | ignore_errors: yes 10 | args: 11 | chdir: /tmp -------------------------------------------------------------------------------- /roles/terminal/templates/vimrc.template: -------------------------------------------------------------------------------- 1 | set tabstop=4 2 | set shiftwidth=4 3 | set expandtab 4 | 5 | set incsearch 6 | set paste 7 | set autoindent 8 | set fileformats=unix,dos 9 | set number 10 | 11 | syntax on 12 | filetype on 13 | filetype plugin on 14 | 15 | if argc() == 2 16 | silent all 17 | endif -------------------------------------------------------------------------------- /roles/terminal/templates/zshrc.template: -------------------------------------------------------------------------------- 1 | export PATH=$PATH:/usr/local/go/bin 2 | export GOPATH=/opt/go 3 | export TERM="xterm-256color" 4 | export ZSH=/root/.oh-my-zsh 5 | 6 | POWERLEVEL9K_MODE='nerdfont-complete' 7 | POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=(context dir rbenv virtualenv vcs) 8 | ZSH_THEME="powerlevel9k/powerlevel9k" 9 | 10 | plugins=(git) 11 | 12 | source $ZSH/oh-my-zsh.sh 13 | 14 | alias ipsort="sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4" -------------------------------------------------------------------------------- /site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: pentest build playbook 3 | hosts: all 4 | remote_user: root 5 | roles: 6 | - common 7 | - { role: rvm_io.ruby, 8 | tags: ruby, 9 | rvm1_install_path: '/usr/local/rvm', 10 | rvm1_install_flags: '--auto-dotfiles', 11 | rvm1_rvm_version: 'stable', 12 | rvm1_rvm_check_for_updates: True, 13 | rvm1_rubies: ['ruby-2.3.0', 'ruby-2.3.3', 'ruby-2.4.1'], 14 | rvm1_user: 'root' 15 | } 16 | - { role: naftulikay.go-dev, 17 | go_user: root, 18 | go_version: 1.9 19 | } 20 | - terminal 21 | - python 22 | - pentest/exploitation 23 | - pentest/intel-gathering 24 | - pentest/post-exploitation 25 | - pentest/powershell 26 | - pentest/vuln-analysis 27 | - pentest/wireless 28 | - pentest -------------------------------------------------------------------------------- /roles/python/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install python-related packages 3 | apt: 4 | name: "{{ item }}" 5 | state: present 6 | with_items: 7 | - python-dev 8 | - python-psycopg2 9 | 10 | - name: get pip installer 11 | get_url: 12 | url: https://bootstrap.pypa.io/get-pip.py 13 | dest: /tmp/get-pip.py 14 | mode: 0644 15 | 16 | - name: install pip 17 | shell: python /tmp/get-pip.py 18 | 19 | - name: cleanup files 20 | file: 21 | path: /tmp/get-pip.py 22 | state: absent 23 | 24 | - name: install python2 packages 25 | pip: 26 | name: "{{ item }}" 27 | state: present 28 | with_items: 29 | - ldapdomaindump 30 | - pefile 31 | - pexpect 32 | - pluginbase 33 | - pyasn1 34 | - pycrypto 35 | - pyip 36 | - pymssql 37 | - pyopenssl 38 | - requests 39 | - virtualenv 40 | - python-magic 41 | 42 | - name: install python3 packages 43 | pip: 44 | name: py2exe 45 | executable: pip3 -------------------------------------------------------------------------------- /roles/pentest/vuln-analysis/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: get ike-scan 3 | git: 4 | repo: https://github.com/royhills/ike-scan 5 | dest: /opt/ike-scan 6 | update: yes 7 | 8 | - name: configure ike-scan 9 | shell: autoreconf --install; ./configure --with-openssl 10 | args: 11 | chdir: /opt/ike-scan 12 | 13 | - name: make ike-scan 14 | shell: make; make install 15 | args: 16 | chdir: /opt/ike-scan 17 | 18 | - name: get wpscan (requires `gem install bundler && bundle install`) 19 | git: 20 | repo: https://github.com/wpscanteam/wpscan 21 | dest: /opt/wpscan 22 | update: yes 23 | 24 | - name: get sslscan 25 | git: 26 | repo: https://github.com/rbsec/sslscan 27 | dest: /opt/sslscan 28 | update: yes 29 | 30 | - name: install sslscan 31 | shell: make static && make install 32 | args: 33 | chdir: /opt/sslscan 34 | 35 | - name: get burp 36 | get_url: 37 | url: https://goo.gl/NkTD9k 38 | dest: /opt/burp 39 | mode: 0755 -------------------------------------------------------------------------------- /roles/terminal/templates/tmux.conf.template: -------------------------------------------------------------------------------- 1 | # Start windows and panes at 1, not 0 2 | set -g base-index 1 3 | set -g pane-base-index 1 4 | 5 | set-option -g status-position top 6 | 7 | set-option -g repeat-time 0 8 | 9 | # Removes ESC delay 10 | set -sg escape-time 0 11 | 12 | # You probably already put this in 13 | set -g prefix C-a 14 | 15 | unbind-key C-b 16 | bind-key C-a send-prefix 17 | 18 | # List of plugins 19 | set -g @tpm_plugins ' \ 20 | caiogondim/maglev \ 21 | tmux-plugins/tpm \ 22 | tmux-plugins/tmux-sensible \ 23 | tmux-plugins/tmux-resurrect \ 24 | tmux-plugins/tmux-continuum \ 25 | tmux-plugins/tmux-yank \ 26 | tmux-plugins/tmux-pain-control \ 27 | tmux-plugins/tmux-copycat \ 28 | tmux-plugins/tmux-open \ 29 | tmux-plugins/tmux-cpu \ 30 | tmux-plugins/tmux-prefix-highlight \ 31 | ' 32 | 33 | # Initialize TMUX plugin manager 34 | run '~/.tmux/plugins/tpm/tpm' -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Steve Coward 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /roles/terminal/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: get oh-my-zsh 3 | shell: sh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)" 4 | 5 | - name: get powerline for zsh 6 | git: 7 | repo: https://github.com/bhilburn/powerlevel9k 8 | dest: ~/.oh-my-zsh/custom/themes/powerlevel9k 9 | update: yes 10 | 11 | - name: get fonts 12 | git: 13 | repo: https://github.com/ryanoasis/nerd-fonts 14 | dest: /tmp/nerd-fonts 15 | 16 | - name: install fonts 17 | shell: ./install.sh DroidSansMono 18 | ignore_errors: yes 19 | args: 20 | chdir: /tmp/nerd-fonts 21 | 22 | - name: cleanup font installer 23 | file: 24 | path: /tmp/nerd-fonts 25 | state: absent 26 | 27 | - name: get tmux plugin manager 28 | git: 29 | repo: https://github.com/tmux-plugins/tpm 30 | dest: ~/.tmux/plugins/tpm 31 | 32 | - name: configure tmux 33 | template: 34 | src: tmux.conf.template 35 | dest: ~/.tmux.conf 36 | 37 | - name: set .vimrc 38 | template: 39 | src: vimrc.template 40 | dest: ~/.vimrc 41 | 42 | - name: set .zshrc 43 | template: 44 | src: zshrc.template 45 | dest: ~/.zshrc -------------------------------------------------------------------------------- /roles/pentest/post-exploitation/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: get cme 3 | git: 4 | repo: https://github.com/byt3bl33d3r/CrackMapExec 5 | dest: /opt/cme 6 | update: yes 7 | track_submodules: yes 8 | recursive: yes 9 | 10 | - name: install cme 11 | shell: python setup.py install 12 | args: 13 | chdir: /opt/cme 14 | 15 | - name: get xfltreat 16 | git: 17 | repo: https://github.com/earthquake/XFLTReaT 18 | dest: /opt/xfltreat 19 | version: next-version 20 | update: yes 21 | 22 | - name: install python2 dependences for xfltreat 23 | pip: 24 | requirements: requirements.txt 25 | args: 26 | chdir: /opt/xfltreat 27 | 28 | - name: enable ip forwarding for xfltreat 29 | shell: echo 1 > /proc/sys/net/ipv4/ip_forward 30 | 31 | - name: configure iptables for xfltreat 32 | shell: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 33 | 34 | - name: get proxychains-ng 35 | git: 36 | repo: https://github.com/rofl0r/proxychains-ng 37 | dest: /opt/proxychains-ng 38 | update: yes 39 | 40 | - name: install proxychains-ng 41 | shell: ./configure --prefix=/usr --sysconfdir=/etc && make && make install && make install-config 42 | args: 43 | chdir: /opt/proxychains-ng 44 | -------------------------------------------------------------------------------- /roles/common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: upgrade packages 3 | apt: 4 | upgrade: dist 5 | 6 | - name: install base packages (common) 7 | apt: 8 | name: "{{ item }}" 9 | state: present 10 | update_cache: yes 11 | with_items: 12 | - apache2 13 | - build-essential 14 | - curl 15 | - fontconfig 16 | - git 17 | - imagemagick 18 | - libcurl4-openssl-dev 19 | - libffi-dev 20 | - libfontconfig 21 | - libfontconfig-dev 22 | - libncurses5-dev 23 | - libpq-dev 24 | - libssl-dev 25 | - netcat 26 | - perl 27 | - python3-dev 28 | - python3-pip 29 | - smbclient 30 | - tmux 31 | - winbind 32 | - wine 33 | - zlib1g-dev 34 | - zsh 35 | - sudo 36 | 37 | - name: install base packages (debian jessie) 38 | apt: 39 | name: "{{ item }}" 40 | state: present 41 | update_cache: yes 42 | with_items: 43 | - libapache2-mod-php5 44 | when: ansible_distribution == 'Debian' and ansible_distribution_release == 'jessie' 45 | 46 | - name: install base packages (debian stretch) 47 | apt: 48 | name: "{{ item }}" 49 | state: present 50 | update_cache: yes 51 | with_items: 52 | - libapache2-mod-php 53 | when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch' 54 | 55 | - name: touch path for gopath 56 | file: 57 | path: /opt/go 58 | state: directory 59 | 60 | - name: change shell for root user 61 | user: 62 | name: root 63 | shell: /bin/zsh 64 | 65 | - name: add ops user 66 | user: 67 | name: '{{ ops_user }}' 68 | password: '{{ ops_pass }}' 69 | groups: sudo 70 | shell: /bin/zsh 71 | generate_ssh_key: yes 72 | ssh_key_bits: 2048 73 | ssh_key_file: .ssh/id_rsa 74 | 75 | - name: add ops user to sudoers.d 76 | lineinfile: 77 | path: '/etc/sudoers.d/{{ ops_user }}' 78 | state: present 79 | create: yes 80 | regexp: '{{ ops_user }} .*' 81 | line: '{{ ops_user }} ALL=(ALL) NOPASSWD:ALL' 82 | -------------------------------------------------------------------------------- /roles/pentest/exploitation/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: get msf installer 3 | become: yes 4 | become_user: '{{ ops_user }}' 5 | get_url: 6 | url: https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb 7 | dest: /tmp/msfinstall 8 | mode: 0755 9 | 10 | - name: install metasploit framework 11 | become: yes 12 | become_user: '{{ ops_user }}' 13 | shell: ./msfinstall 14 | args: 15 | chdir: /tmp 16 | 17 | - name: initialize msf 18 | become: yes 19 | become_user: '{{ ops_user }}' 20 | shell: echo 'yes' | msfconsole 21 | 22 | - name: cleanup msf installer files 23 | file: 24 | path: /tmp/msfinstall 25 | state: absent 26 | 27 | - name: get beef (requires `gem install bundler && bundle install`) 28 | git: 29 | repo: https://github.com/beefproject/beef 30 | dest: /opt/beef 31 | update: yes 32 | 33 | - name: get ikeforce 34 | git: 35 | repo: https://github.com/SpiderLabs/ikeforce 36 | dest: /opt/ikeforce 37 | update: yes 38 | 39 | - name: get impacket 40 | git: 41 | repo: https://github.com/CoreSecurity/impacket 42 | dest: /opt/impacket 43 | update: yes 44 | 45 | - name: install impacket 46 | shell: python setup.py install 47 | args: 48 | chdir: /opt/impacket 49 | 50 | - name: get responder 51 | git: 52 | repo: https://github.com/lgandx/Responder 53 | dest: /opt/responder 54 | update: yes 55 | 56 | - name: get routersploit 57 | git: 58 | repo: https://github.com/reverse-shell/routersploit 59 | dest: /opt/routersploit 60 | update: yes 61 | 62 | - name: install routersploit 63 | pip: 64 | requirements: requirements.txt 65 | args: 66 | chdir: /opt/routersploit 67 | 68 | - name: get set 69 | git: 70 | repo: https://github.com/trustedsec/social-engineer-toolkit 71 | dest: /opt/set 72 | update: yes 73 | 74 | - name: install set 75 | shell: python setup.py install 76 | args: 77 | chdir: /opt/set 78 | 79 | - name: get sqlmap 80 | git: 81 | repo: https://github.com/sqlmapproject/sqlmap 82 | dest: /opt/sqlmap 83 | update: yes 84 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Pentest Tools Deployer with Ansible 2 | 3 | Using Ansible as an orchestrator, this project is another solution for testers looking to configure and deploy a new VM or VPS box with the tools that they need for penetration testing. 4 | 5 | Current solutions I've seen involve either a crazy amount of custom Bash/Shell scripting that is buggy or reliance on a home-grown deployment framework which is also buggy and not often updated. Ansible is an extremely flexible orchestration framework used for all kinds of devops projects. It's also an actively maintained project, which is critical when relying on it to deploy servers in many different environments. 6 | 7 | ### Assumptions 8 | 9 | A few assumptions are made with this particular iteration of the Ansible playbook: 10 | 11 | * The target systems are Debian 7.x or greater (support for multiple OSes to follow later) 12 | * Ansible is installed on the host deploying the Ansible playbook (see below for installation steps) 13 | * This assumes root + public key authentication access to the target host(s) is feasible 14 | * Python 2.x is installed on the target host(s) 15 | * `group_vars/all` is filled in with a username and linux password hash for the password value 16 | 17 | ### Installation and Usage 18 | 19 | On the deployment host, Ansible needs to be installed and two Ansible roles must be installed via `ansible-galaxy`: 20 | 21 | ``` 22 | > pip install ansible 23 | > ansible-galaxy install rvm_io.ruby naftulikay.go-dev 24 | ``` 25 | 26 | Designate a file to house one or many target host IP addresses, formatted like so: 27 | 28 | ``` 29 | [c2] 30 | 10.0.0.15 31 | 10.0.0.20 32 | ``` 33 | 34 | Run the Ansible playbook: 35 | 36 | ``` 37 | > ansible-playbook -i hosts site.yml 38 | ``` 39 | 40 | ### Releases 41 | 42 | [v1.0](https://github.com/stevecoward/ansible-pentest-deploy/releases/tag/v1.0 "Ansible Pentest Playbook") 43 | 44 | ### TODO 45 | 46 | There are quite a few things that can be done with the project at this initial stage. The main ideas I have are: 47 | 48 | * Support more tools 49 | * ~~Symlink installed tools to `/usr/bin` or `/usr/local/bin` so they can be called anywhere~~ 50 | * ~~Group tools into their own sub-roles within the current Ansible playbook structure~~ 51 | * A lot more 52 | 53 | -------------------------------------------------------------------------------- /roles/pentest/intel-gathering/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install gobuster 3 | shell: /usr/local/go/bin/go get github.com/OJ/gobuster 4 | environment: 5 | GOPATH: /opt/go 6 | args: 7 | chdir: /opt/go/ 8 | 9 | - name: get dnsrecon 10 | git: 11 | repo: https://github.com/darkoperator/dnsrecon 12 | dest: /opt/dnsrecon 13 | update: yes 14 | 15 | - name: install dnsrecon 16 | pip: 17 | requirements: requirements.txt 18 | args: 19 | chdir: 20 | /opt/dnsrecon 21 | 22 | - name: get enum4linux 23 | git: 24 | repo: https://github.com/portcullislabs/enum4linux 25 | dest: /opt/enum4linux 26 | update: yes 27 | 28 | - name: get eyewitness 29 | git: 30 | repo: https://github.com/ChrisTruncer/EyeWitness 31 | dest: /opt/eyewitness 32 | update: yes 33 | 34 | - name: install eyewitness 35 | shell: ./setup.sh 36 | args: 37 | chdir: /opt/eyewitness/setup 38 | 39 | - name: get goofile 40 | git: 41 | repo: https://github.com/crunchsec/goofile 42 | dest: /opt/goofile 43 | update: yes 44 | 45 | - name: get rawr 46 | git: 47 | repo: https://bitbucket.org/al14s/rawr 48 | dest: /opt/rawr 49 | update: yes 50 | 51 | - name: install rawr 52 | shell: ./install.sh y 53 | args: 54 | chdir: /opt/rawr 55 | 56 | - name: get theharvester 57 | git: 58 | repo: https://github.com/laramies/theHarvester 59 | dest: /opt/theharvester 60 | update: yes 61 | 62 | - name: get wafw00f 63 | git: 64 | repo: https://github.com/EnableSecurity/wafw00f 65 | dest: /opt/wafw00f 66 | update: yes 67 | 68 | - name: install wafw00f 69 | shell: python setup.py install 70 | args: 71 | chdir: /opt/wafw00f 72 | 73 | - name: get meterssh 74 | git: 75 | repo: https://github.com/trustedsec/meterssh 76 | dest: /opt/meterssh 77 | update: yes 78 | 79 | - name: get pre-req for enum4linux 80 | get_url: 81 | url: https://raw.githubusercontent.com/Wh1t3Fox/polenum/master/polenum.py 82 | dest: /usr/bin/polenum.py 83 | mode: 0755 84 | 85 | - name: get netdiscover 86 | git: 87 | repo: https://github.com/jdiazbb/netdiscover 88 | dest: /opt/netdiscover 89 | update: yes 90 | 91 | - name: install netdiscover 92 | shell: bash update-oui-database.sh && cmake . && make && make install 93 | args: 94 | chdir: /opt/netdiscover 95 | 96 | - name: get recon-ng 97 | git: 98 | repo: https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng 99 | dest: /opt/recon-ng 100 | update: yes 101 | 102 | - name: install recon-ng 103 | pip: 104 | requirements: /opt/recon-ng/REQUIREMENTS 105 | 106 | - name: install python3 fierce 107 | pip: 108 | name: fierce 109 | executable: pip3 110 | 111 | - name: get SIET 112 | git: 113 | repo: https://github.com/Sab0tag3d/SIET 114 | dest: /opt/siet 115 | update: yes -------------------------------------------------------------------------------- /roles/pentest/wireless/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install wireless tools from packages 3 | apt: 4 | name: "{{ item }}" 5 | state: present 6 | update_cache: yes 7 | with_items: 8 | - aircrack-ng 9 | - kismet 10 | - libnl-3-dev 11 | - libpcap-dev 12 | - libsqlite3-dev 13 | - libssl-dev 14 | - libssl1.0-dev 15 | - libnl-genl-3-dev 16 | - tshark 17 | - wireshark 18 | 19 | - name: add nonfree repo for wireless drivers (debian jessie) 20 | lineinfile: 21 | path: '/etc/apt/sources.list' 22 | state: present 23 | line: 'deb http://http.debian.net/debian/ jessie main contrib non-free' 24 | when: ansible_distribution == 'Debian' and ansible_distribution_release == 'jessie' 25 | 26 | - name: add nonfree repo for wireless drivers (debian stretch) 27 | lineinfile: 28 | path: '/etc/apt/sources.list' 29 | state: present 30 | line: 'deb http://http.debian.net/debian/ stretch main contrib non-free' 31 | when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch' 32 | 33 | - name: install platform-specific wireless drivers (debian jessie) 34 | apt: 35 | name: firmware-ralink 36 | state: present 37 | update_cache: yes 38 | when: ansible_distribution == 'Debian' and ansible_distribution_release == 'jessie' 39 | 40 | - name: install platform-specific wireless drivers (debian stretch) 41 | apt: 42 | name: firmware-misc-nonfree 43 | state: present 44 | update_cache: yes 45 | when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch' 46 | 47 | - name: install python2 packages for wireless tools 48 | pip: 49 | name: "{{ item }}" 50 | state: present 51 | with_items: 52 | - netifaces 53 | - psycopg2 54 | - psutil 55 | - scapy 56 | 57 | - name: get pixiewps 58 | git: 59 | repo: https://github.com/wiire/pixiewps 60 | dest: /opt/pixiewps 61 | update: yes 62 | 63 | - name: install pixiewps 64 | shell: make && make install 65 | args: 66 | chdir: /opt/pixiewps/src 67 | 68 | - name: get reaver 69 | git: 70 | repo: https://github.com/t6x/reaver-wps-fork-t6x 71 | dest: /opt/reaver 72 | update: yes 73 | 74 | - name: install reaver 75 | shell: ./configure && make && make install 76 | args: 77 | chdir: /opt/reaver/src 78 | 79 | - name: get pyrit 80 | git: 81 | repo: https://github.com/JPaulMora/Pyrit 82 | dest: /opt/pyrit 83 | update: yes 84 | 85 | - name: build pyrit 86 | shell: python setup.py clean && python setup.py build 87 | args: 88 | chdir: /opt/pyrit 89 | 90 | - name: install pyrit 91 | shell: python setup.py install 92 | args: 93 | chdir: /opt/pyrit 94 | 95 | - name: get cowpatty 96 | git: 97 | repo: https://github.com/roobixx/cowpatty 98 | dest: /opt/cowpatty 99 | update: yes 100 | 101 | - name: install cowpatty 102 | shell: make 103 | args: 104 | chdir: /opt/cowpatty 105 | 106 | - name: get wifite 107 | git: 108 | repo: https://github.com/derv82/wifite 109 | dest: /opt/wifite 110 | update: yes 111 | 112 | - name: get wifisuite 113 | git: 114 | repo: https://github.com/NickSanzotta/WiFiSuite 115 | dest: /opt/wifisuite 116 | update: yes 117 | 118 | - name: install wifisuite 119 | shell: python setup.py install --record install.log 120 | args: 121 | chdir: /opt/wifisuite 122 | 123 | - name: get hostapd-wpe 124 | git: 125 | repo: https://github.com/OpenSecurityResearch/hostapd-wpe 126 | dest: /var/lib/hostapd-wpe 127 | update: yes 128 | 129 | - name: get and extract hostapd 130 | unarchive: 131 | src: https://sources.voidlinux.eu/hostapd-2.6/hostapd-2.6.tar.gz 132 | dest: /var/lib 133 | remote_src: True 134 | 135 | - name: patch hostapd 136 | shell: patch -p1 < ../hostapd-wpe/hostapd-wpe.patch 137 | args: 138 | chdir: /var/lib/hostapd-2.6 139 | 140 | - name: build patched hostapd 141 | shell: make 142 | args: 143 | chdir: /var/lib/hostapd-2.6/hostapd 144 | 145 | - name: bootstrap hostapd-wpe certs 146 | shell: ./bootstrap 147 | args: 148 | chdir: /var/lib/hostapd-wpe/certs -------------------------------------------------------------------------------- /roles/pentest/scripts/build_launchers.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/env python 2 | import os 3 | import sys 4 | import magic 5 | import subprocess 6 | 7 | # customize these as needed. if a tool already builds a launcher, include that tool's name in the `existing_launchers` list 8 | launcher_path = '/usr/local/bin/' 9 | tool_path = '/opt' 10 | existing_launchers = ['metasploit-framework', 'msfpro', 'sslscan', 'pixiewps', 'reaver', 'hostapd-wpe'] 11 | 12 | # supported file types 13 | tool_file_types = ['ruby', 'python', 'perl', 'binary'] 14 | 15 | # launcher contents for each file type. perl launcher is identical to python 16 | python_launcher = """#!/bin/bash 17 | 18 | cd %(tool_path)s/%(tool_name)s; python %(tool_file)s "$@" 19 | 20 | """ 21 | perl_launcher = python_launcher.replace('python', 'perl') 22 | 23 | ruby_launcher = """#!/bin/bash 24 | 25 | source /etc/profile.d/rvm.sh 26 | 27 | [ -x %(tool_path)s/%(tool_name)s/%(tool_file)s ] || chmod +x %(tool_path)s/%(tool_name)s/%(tool_file)s 28 | 29 | cd %(tool_path)s/%(tool_name)s; ruby %(tool_file)s "$@" 30 | 31 | """ 32 | 33 | def identify_toolfile(files, tool_path, tool, tool_lang=None): 34 | """ Take in a list of files for a particular tool and semi-intelligently attempt to identify the tool's entry point along with the type of script it is.""" 35 | if not tool_lang: 36 | # if `tool_lang` is not provided, attempt to identify both the file type and tool entry point 37 | found_file_type = get_filetype( 38 | '%s/%s/%s' % (tool_path, tool, tool), mime=True) 39 | if tool in files and len(filter(None, [file_type in found_file_type for file_type in tool_file_types])): 40 | # if there is a file in files matching the tool name and its file type matches a known type of file (python, perl, etc.) 41 | # return that file type and tool name 42 | file_type = [ 43 | file_type for file_type in tool_file_types if file_type in found_file_type][0] 44 | return (file_type, tool) 45 | 46 | for file in files: 47 | file_type = get_filetype('%s/%s/%s' % 48 | (tool_path, tool, file), mime=True) 49 | if file.lower().startswith(tool.lower()): 50 | return (tool_lang, file) 51 | if file_type and tool_lang in file_type and file.startswith(tool.lower()): 52 | return (tool_lang, file) 53 | 54 | 55 | def check_existing(tool_name): 56 | """ Use `which` to see if a tool already exists or alternatively see if a launcher exists in `launcher_path`.""" 57 | if tool_name in existing_launchers: 58 | return True 59 | try: 60 | return True if subprocess.check_output('which %s' % tool_name, shell=True) else False 61 | except: 62 | return os.path.isfile('%s%s' % (launcher_path, tool_name)) 63 | 64 | 65 | def get_filetype(path, mime=True): 66 | """ A wrapper for magic.from_file() to get a file's type""" 67 | file_type = None 68 | try: 69 | file_type = magic.from_file(path, mime=mime) 70 | except: 71 | pass 72 | return file_type 73 | 74 | 75 | def build(tool_path, tool_name, tool_file, tool_lang): 76 | """ Take all params and build an executable launcher pointing to a tool's entry point""" 77 | launcher = '' 78 | if tool_lang == 'ruby': 79 | launcher = ruby_launcher % { 80 | 'tool_path': tool_path, 81 | 'tool_name': tool_name, 82 | 'tool_file': tool_file, 83 | } 84 | elif tool_lang == 'python': 85 | launcher = python_launcher % { 86 | 'tool_path': tool_path, 87 | 'tool_name': tool_name, 88 | 'tool_file': tool_file, 89 | } 90 | elif tool_lang == 'perl': 91 | launcher = perl_launcher % { 92 | 'tool_path': tool_path, 93 | 'tool_name': tool_name, 94 | 'tool_file': tool_file, 95 | } 96 | elif tool_lang == 'binary': 97 | # should probably todo this, but maybe check make options for compiled binaries 98 | # subprocess.check_output('ln -s %s/%s %s%s' % (tool_path, tool_name, launcher_path, tool_name), shell=True) 99 | pass 100 | 101 | try: 102 | with open('%s/%s' % (launcher_path, tool_name), 'wb') as fh: 103 | fh.write(launcher) 104 | subprocess.check_output('chmod +x %s%s' % 105 | (launcher_path, tool_name), shell=True) 106 | except Exception as e: 107 | print 'build failed: %s' % e 108 | 109 | 110 | def parse_tools(): 111 | for tool in os.listdir(tool_path): 112 | tool_lang = None 113 | tool_file = None 114 | 115 | print 'checking tool: %s' % tool 116 | if check_existing(tool): 117 | print 'launcher for tool: %s exists' % tool 118 | continue 119 | 120 | files = os.listdir('%s/%s' % (tool_path, tool)) 121 | 122 | # identify file types if possible 123 | if 'Gemfile' in files or len(filter(None, [file.endswith('rb') for file in files])): 124 | tool_lang = tool_file_types[0] 125 | elif len(filter(None, [file.endswith('py') for file in files])): 126 | tool_lang = tool_file_types[1] 127 | elif len(filter(None, [file.endswith('pl') for file in files])): 128 | tool_lang = tool_file_types[2] 129 | else: 130 | tool_lang = tool_file_types[3] 131 | 132 | tool_lang, tool_file = identify_toolfile( 133 | files, tool_path, tool, tool_lang) 134 | if tool_path and tool and tool_file: 135 | print 'building launcher for tool: %s' % tool 136 | build(tool_path, tool, tool_file, tool_lang) 137 | 138 | 139 | if __name__ == '__main__': 140 | parse_tools() 141 | sys.exit(0) 142 | --------------------------------------------------------------------------------