├── README.md ├── cert_validator.py ├── lets_encrypt_apache.sh ├── reverse-proxy.txt ├── setup_jre8.sh ├── validate.py └── wordpress_setup_16_04.sh /README.md: -------------------------------------------------------------------------------- 1 | # Red-Team-Scripts -------------------------------------------------------------------------------- /cert_validator.py: -------------------------------------------------------------------------------- 1 | # python 3.x script 2 | # validates nessus certificate issues 3 | # basically a wrapper around sslscan because laziness ¯\_(ツ)_/¯ 4 | # stores all sslscan output in the "output" directory (created if not already present) 5 | # disclaimer: wrote in a few hours - should probably qa a bit more 6 | 7 | import argparse 8 | import csv 9 | import os 10 | import subprocess 11 | 12 | medium_ciphers = [] # medium cipher suites supported list 13 | rc4_ciphers = [] # rc4 cipher suites supported list 14 | self_signed = [] # self-signed certificate list 15 | expired = [] # expired certificate list 16 | weak_rsa_keys = [] # rsa keys less than 2048 bits list 17 | drown = [] # sslv2 drown list 18 | poodle = [] # sslv3 poodle list 19 | logjam = [] # logjam list 20 | signed_weak_alg = [] # signed using weak hashing algorithm list 21 | 22 | # validated lists 23 | v_medium_ciphers = [] 24 | v_rc4_ciphers = [] 25 | v_self_signed = [] 26 | v_expired = [] 27 | v_weak_rsa_keys = [] 28 | v_drown = [] 29 | v_poodle = [] 30 | v_logjam = [] 31 | v_signed_weak_alg = [] 32 | 33 | if __name__ == '__main__': 34 | # parses arguments 35 | parser = argparse.ArgumentParser() 36 | parser.add_argument('file') 37 | args = parser.parse_args() 38 | 39 | # opens specified csv file as read-only 40 | with open(args.file, 'r') as f: 41 | reader = csv.DictReader(f) 42 | 43 | # loops through each line in the csv file 44 | for row in reader: 45 | # removes none risks 46 | if row['Risk'] != "None": 47 | # medium strength cipher suites supported 48 | if row['Plugin ID'] == '42873': 49 | medium_ciphers.append(row['Host'] + ':' + row['Port']) 50 | 51 | # rc4 cipher suites supported 52 | if row['Plugin ID'] == '65821': 53 | rc4_ciphers.append(row['Host'] + ':' + row['Port']) 54 | 55 | # self-signed certificate 56 | if row['Plugin ID'] == '57582': 57 | self_signed.append(row['Host'] + ':' + row['Port']) 58 | 59 | # expired certificate 60 | if row['Plugin ID'] == '15901': 61 | expired.append(row['Host'] + ':' + row['Port']) 62 | 63 | # rsa keys less than 2048 bits 64 | if row['Plugin ID'] == '69551': 65 | weak_rsa_keys.append(row['Host'] + ':' + row['Port']) 66 | 67 | # sslv2 drown 68 | if row['Plugin ID'] == '89058': 69 | drown.append(row['Host'] + ':' + row['Port']) 70 | 71 | # sslv3 poodle 72 | if row['Plugin ID'] == '78479': 73 | poodle.append(row['Host'] + ':' + row['Port']) 74 | 75 | # logjam 76 | if row['Plugin ID'] == '83875': 77 | logjam.append(row['Host'] + ':' + row['Port']) 78 | 79 | # signed using weak hashing algorithm 80 | if row['Plugin ID'] == '35291': 81 | signed_weak_alg.append(row['Host'] + ':' + row['Port']) 82 | 83 | # combines all lists and de-dupes 84 | all_systems = list(set(medium_ciphers + 85 | rc4_ciphers + 86 | self_signed + 87 | expired + 88 | weak_rsa_keys + 89 | drown + 90 | poodle + 91 | logjam + 92 | signed_weak_alg)) 93 | 94 | # creates output directory to store sslscan output 95 | if os.path.exists('output') == False: 96 | os.makedirs('output') 97 | 98 | # runs sslscan on each de-duped system 99 | for system in all_systems: 100 | # creates file if it does not exist 101 | log = open('output/' + system + '.txt', 'w') 102 | 103 | print('validating ' + system) 104 | 105 | # rdp - runs sslscan with --rdp option 106 | if system.endswith(':3389'): 107 | p = subprocess.Popen('sslscan --show-certificate --rdp ' + system, 108 | stdout=log, 109 | stderr=log, 110 | shell=True) 111 | p.wait() 112 | 113 | # ftp - runs sslscan with the --starttls-ftp option 114 | elif system.endswith(':21'): 115 | p = subprocess.Popen('sslscan --show-certificate --starttls-ftp ' + system, 116 | stdout=log, 117 | stderr=log, 118 | shell=True) 119 | p.wait() 120 | 121 | # ftps - runs sslscan with the --starttls-ftp option 122 | elif system.endswith(':990'): 123 | p = subprocess.Popen('sslscan --show-certificate --starttls-ftp ' + system, 124 | stdout=log, 125 | stderr=log, 126 | shell=True) 127 | p.wait() 128 | 129 | # else https 130 | else: 131 | p = subprocess.Popen('sslscan --show-certificate ' + system, 132 | stdout=log, 133 | stderr=log, 134 | shell=True) 135 | p.wait() 136 | 137 | # opens new file handle as read-only 138 | # not sure why this can't be done in the previous open statement 139 | with open('output/' + system + '.txt', 'r') as f: 140 | for line in f: 141 | if '112' in line: 142 | print(line) 143 | 144 | if 'RC4' in line: 145 | print(line) 146 | 147 | # TO DO: append validated systems to new list here 148 | 149 | print('validation complete - full sslscan output saved in "output" directory') 150 | -------------------------------------------------------------------------------- /lets_encrypt_apache.sh: -------------------------------------------------------------------------------- 1 | # Description: Installs Let's Encrypt for Apache 2 | # Run sudo certbot --apache -d example.com after running this script 3 | # Source: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04 4 | 5 | sudo add-apt-repository ppa:certbot/certbot 6 | sudo apt-get update 7 | sudo apt-get install python-certbot-apache 8 | -------------------------------------------------------------------------------- /reverse-proxy.txt: -------------------------------------------------------------------------------- 1 | # creates reverse proxy to https://www.google.com (domain should be changed) 2 | # useful for domain categorization 3 | 4 | pip3 install mitmproxy 5 | mitmproxy -R https://www.google.com -p 443 6 | -------------------------------------------------------------------------------- /setup_jre8.sh: -------------------------------------------------------------------------------- 1 | # This script will install Java Runtime Environment (JRE) 8 Update 162 on x64 Linux systems 2 | # Tested and verified working on Ubuntu 16.04 3 | 4 | wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http://www.oracle.com; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u162-b12/0da788060d494f5095bf8624735fa2f1/jre-8u162-linux-x64.tar.gz" 5 | tar -xvf jre-8u162-linux-x64.tar.gz 6 | 7 | rm -rf jre-8u162-linux-x64.tar.gz 8 | 9 | sudo mv jre1.8.0_162 /usr/local 10 | 11 | sudo rm -rf /usr/local/bin/java 12 | 13 | sudo ln -s /usr/local/jre1.8.0_162/bin/java /usr/local/bin/java 14 | sudo ln -s /usr/local/jre1.8.0_162/bin/javaws /usr/local/bin/javaws 15 | sudo ln -s /usr/local/jre1.8.0_162/bin/jcontrol /usr/local/bin/jcontrol 16 | sudo ln -s /usr/local/jre1.8.0_162/bin/jjs /usr/local/bin/jjs 17 | sudo ln -s /usr/local/jre1.8.0_162/bin/keytool /usr/local/bin/keytool 18 | sudo ln -s /usr/local/jre1.8.0_162/bin/orbd /usr/local/bin/orbd 19 | sudo ln -s /usr/local/jre1.8.0_162/bin/pack200 /usr/local/bin/pack200 20 | sudo ln -s /usr/local/jre1.8.0_162/bin/policytool /usr/local/bin/policytool 21 | sudo ln -s /usr/local/jre1.8.0_162/bin/rmid /usr/local/bin/rmid 22 | sudo ln -s /usr/local/jre1.8.0_162/bin/rmiregistry /usr/local/bin/rmiregistry 23 | sudo ln -s /usr/local/jre1.8.0_162/bin/servertool /usr/local/bin/servertool 24 | sudo ln -s /usr/local/jre1.8.0_162/bin/tnameserv /usr/local/bin/tnameserv 25 | sudo ln -s /usr/local/jre1.8.0_162/bin/unpack200 /usr/local/bin/unpack200 26 | -------------------------------------------------------------------------------- /validate.py: -------------------------------------------------------------------------------- 1 | import argparse 2 | import csv 3 | import os 4 | import subprocess 5 | import sys 6 | from datetime import datetime 7 | 8 | rc4_ciphers = [] # "RC4 Cipher Suites Supported" (65821) 9 | medium_strength_ciphers = [] # "Medium Strength Cipher Suites" (42873) 10 | self_signed_cert = [] # "Self-Signed Certificate" (57582) 11 | expired_cert = [] # "Expired Certificate" (15901) 12 | weak_rsa_keys = [] # "RSA Keys Less Than 2048 Bits" (69551) 13 | ssl_drown = [] # "SSLv2 DROWN" (83733) 14 | ssl_poodle = [] # "SSLv3 POODLE" (70574) 15 | signed_weak_algorithm = [] # "Signed Using Weak Hashing Algorithm" (35291) 16 | logjam = [] # "Logjam" (83875) 17 | 18 | 19 | # gets certificate expiration date in datetime format 20 | def parse_expiration_date(log): 21 | with open(log, 'r') as f: 22 | lines = f.readlines() 23 | 24 | for line in lines: 25 | if 'Not valid after:' in line: 26 | exp = line.replace('Not valid after:', '') 27 | exp = exp.replace(' GMT', '') 28 | exp = exp.strip() # strips out whitespace 29 | exp = datetime.strptime(exp, '%b %d %X %Y') 30 | return exp 31 | 32 | 33 | # determines if certificate is expired 34 | def is_expired(expiration_date): 35 | current_date = datetime.now() 36 | 37 | if current_date > expiration_date: 38 | return True 39 | 40 | else: 41 | return False 42 | 43 | 44 | # parses csv file and adds to associated lists 45 | def parse_csv(file): 46 | # opens specified csv file as read-only 47 | with open(file, 'r') as f: 48 | reader = csv.DictReader(f) 49 | 50 | # loops through each line in the csv file 51 | for row in reader: 52 | if row['Plugin ID'] == '42873': 53 | medium_strength_ciphers.append(row['Host'] + ':' + row['Port']) 54 | 55 | if row['Plugin ID'] == '65821': 56 | rc4_ciphers.append(row['Host'] + ':' + row['Port']) 57 | 58 | if row['Plugin ID'] == '57582': 59 | self_signed_cert.append(row['Host'] + ':' + row['Port']) 60 | 61 | if row['Plugin ID'] == '15901': 62 | expired_cert.append(row['Host'] + ':' + row['Port']) 63 | 64 | if row['Plugin ID'] == '69551': 65 | weak_rsa_keys.append(row['Host'] + ':' + row['Port']) 66 | 67 | if row['Plugin ID'] == '89058': 68 | ssl_drown.append(row['Host'] + ':' + row['Port']) 69 | 70 | if row['Plugin ID'] == '78479': 71 | ssl_poodle.append(row['Host'] + ':' + row['Port']) 72 | 73 | if row['Plugin ID'] == '35291': 74 | signed_weak_algorithm.append(row['Host'] + ':' + row['Port']) 75 | 76 | if row['Plugin ID'] == '83875': 77 | logjam.append(row['Host'] + ':' + row['Port']) 78 | 79 | # main 80 | if __name__ == '__main__': 81 | # parses arguments 82 | parser = argparse.ArgumentParser() 83 | parser.add_argument('file') 84 | args = parser.parse_args() 85 | 86 | # parses specified csv file and adds each finding to their associated list 87 | parse_csv(args.file) 88 | 89 | # creates output directory to store sslscan output 90 | if os.path.exists('output') is False: 91 | os.makedirs('output') 92 | 93 | # combines all lists and de-dupes 94 | all_systems = list(set(medium_strength_ciphers + 95 | rc4_ciphers + 96 | self_signed_cert + 97 | expired_cert + 98 | weak_rsa_keys + 99 | ssl_drown + 100 | ssl_poodle + 101 | logjam + 102 | signed_weak_algorithm)) 103 | 104 | # runs sslscan on each de-duped system 105 | for system in all_systems: 106 | print("Running sslscan on: ", system) 107 | 108 | # creates sslscan log file if it does not exist 109 | log = open('output/' + system + '.txt', 'w') 110 | 111 | # rdp - runs sslscan with --rdp option 112 | if system.endswith(':3389'): 113 | p = subprocess.Popen('sslscan --show-certificate --rdp ' + system, 114 | stdout=log, 115 | stderr=log, 116 | shell=True) 117 | p.wait() 118 | 119 | # ftp - runs sslscan with the --starttls-ftp option 120 | elif system.endswith(':21'): 121 | command = 'sslscan --show-certificate --starttls-ftp ' + system 122 | 123 | p = subprocess.Popen(command, 124 | stdout=log, 125 | stderr=log, 126 | shell=True) 127 | p.wait() 128 | 129 | # ftps - runs sslscan with the --starttls-ftp option 130 | elif system.endswith(':990'): 131 | command = 'sslscan --show-certificate --starttls-ftp ' + system 132 | 133 | p = subprocess.Popen(command, 134 | stdout=log, 135 | stderr=log, 136 | shell=True) 137 | p.wait() 138 | 139 | # else https 140 | else: 141 | p = subprocess.Popen('sslscan --show-certificate ' + system, 142 | stdout=log, 143 | stderr=log, 144 | shell=True) 145 | p.wait() 146 | 147 | log.close() # closes initial write file handle 148 | 149 | # opens read-only file handle 150 | f = open('output/' + system + '.txt', 'r') 151 | log = f.read() 152 | 153 | # TO DO: do regex checks of sslscan output here 154 | 155 | f.close() # closes read-only file handle 156 | -------------------------------------------------------------------------------- /wordpress_setup_16_04.sh: -------------------------------------------------------------------------------- 1 | # Shell script to setup a WordPress instance on Ubuntu 16.04 systems 2 | # Author: Hunter Hardman @t3ntman 3 | apt-get update 4 | apt-get -y upgrade 5 | apt-get install -y apache2 6 | apt-get install -y mysql-server 7 | apt-get install -y php libapache2-mod-php php-mcrypt php-mysql php-gd 8 | wget https://wordpress.org/latest.tar.gz 9 | tar -xvf latest.tar.gz 10 | mv wordpress/* /var/www/html 11 | rm -rf wordpress 12 | chown -R www-data:www-data /var/www/html 13 | rm -rf latest.tar.gz 14 | rm -rf /var/www/html/index.html 15 | mysql -u root -e "create database wordpress;" -p 16 | service apache2 restart 17 | --------------------------------------------------------------------------------