Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FEATURE: Tools Overhaul v1 #88

Open
thereisnotime opened this issue Aug 3, 2019 · 6 comments
Open

FEATURE: Tools Overhaul v1 #88

thereisnotime opened this issue Aug 3, 2019 · 6 comments
Labels
discussion Discussion about tooling enhancement New feature or request

Comments

@thereisnotime
Copy link

Proposal

My current observation is that Commando VM is missing a lot of tools that a penetration testing OS should come with. I have curated a list of improvements that include changes, new tools and configurations. I would like to request comments on this list and perhaps improve and implement it in Commando VM. Most penetration testing environments neglect clouds and containers, which is really unfortunate as they are the future.
I have separated my suggestions in three categories - Add - software to be added in the installation script, Remove - remove software from the installation script and Configure - Windows or some other software configuration deployment.

1. Remove: WinRAR

Why:

  • WinRAR is trialware so it opens annoying pop-ups which are distracting.
  • There are a lot of public exploits for WinRAR.
  • The compression rate of 7-Zip is almost the same as WinRAR.

2. Add: Crunch

Why:

  • One of the most useful tools for wordlist generation.
  • High performance tool.

URL:

3. Add: RBTray

Why

  • Gives the ability to minimize to tray most of the programs.
  • Reduces window cluttering and distractions.

URL:

4. Config: Browser Bookmarks

Why:

  • Having a pre-configured bookmark bar will save time. My suggestion is to have one on all of the installed browsers with the most helpful tools sorted in folders for easy access. I came up with this small list in about a hour or so.

URL:

5. Add: NirLauncher with NirSoft Tools

Why:

  • Great collection of over 200 tools that provide all sorts of features.
  • Come with a nice launcher for easy access.

URL:

6. Add: Pupy

Why:

  • A classic tool with good cross-platform support.
  • Remote administration and post-exploitation tool.
  • Supports Docker.

URL:

7. Add: Empire

Why:

  • Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework.
  • Has a big community and support.
  • Modular design.

URL:

8. Add: SDRSharp

Why:

  • Adds new vectors for attack in the RF spectrum.
  • The best free SDR software for Airspy and RTL-SDR dongles.
  • Has a lot of plugins and big community.

URL:

9. Add: VirusTotal Uploader

Why:

  • Users can upload files for multi vendor antivirus scan and sandbox.
  • Files can be uploaded from the right click context menu in Explorer.

URL:

10. Add: Social Engineer Toolkit

Why:

  • With over two million downloads, it is the standard for social-engineering penetration tests and supported heavily within the security community.
  • Runs on Python and it is open source.
  • Modular design.
  • Adds a lot of attack vectors to Commando VM.

URL:

11. Add: SimpleDNSCrypt

Why:

  • Simple DNSCrypt is a simple management tool to configure dnscrypt-proxy on windows based systems.
  • Provides DNS over HTTPS and DNSSEC/DNSCrypt options.
  • More defensive than offensive but still useful during attacks.

URL:

12. Add: Browser Extensions

Why:

  • In Commando VM Chrome and Firefox by default come with no addons or whatsover. Having a pre-installed and configured extensions will save users a lot of time.
  • Some users might learn about new extensons that they've never heard of before.
  • Most of the extensions are security/privacy/anonymity oriented, but some can be used offensively.

URL:

13. Add: TorBrowser

Why:

  • Anonimity/privacy/security.
  • A whole hidden network of sites/services.
  • This is Tor.

URL:

14. Add: I2PBrowser

Why:

  • Anonimity/privacy/security.
  • A whole hidden network of sites/services.
  • This is I2P

URL:

15. Add: qBitTorrent

Why:

  • Sometimes before or after a reconnaissance mission, pentesters will need to download a torrent or create/share one.
  • Lightweight and FOSS.

URL:

16. Add: NodeVersionManager

Why:

  • As there are many useful tools written in Node it will be a big advantage to have Node + NPM. The best way to have it in Windows is with nvm-windows so users can easily change versions of Node and NPM.

URL:

17. Configure: Random MAC

Why:

  • Better privacy and untraceability.
  • Best option - randomisation on every boot(and every interface) and on network connection.

18. Add: Killswitch

Why:

  • There should be a way to nuke the whole system by randomising all MACs, randomising hostname/usernames, writing random values to the discs and wiping the memory.
  • Good for anti-forensics.

URL:

  • Can't find a tool for that.

19. Add: Notepad++ Plugins

Why:

  • Plugins can greatly extend Npp's functionality. This list will vastly improve every programmer/scripter's work.

URL:

20. Add: iPerf

Why:

  • Test the limits of your network + Internet neutrality test.

URL:

21. Add: Session Manager

Why:

  • Currently there is not RDP/SSH or other session manager and if users perform penetration tests and network pivoting, there is no easy way to organize yor sessions. I suggest that Commando VM comes with MobaXTerm or mRemote. Bonus - MobaXTerm offers macros so you can optimize and automate your work.

URL:

22. Add: Cloud CLI Tools

Why:

  • There is no tool to help you with Cloud post-exploitation. I suggest adding all the main clouds CLI/PowerShell modules for AWS, Azure, GCP, BB, AliBaba Cloud so pentesters could benefit.

URL:

23. Add: Universal Database Client

Why:

  • Currently Commando VM offers clients only for SQL Server and SQLite. This is really limiting as there are a lot of other SQL and NoSQL types out there and pentesters will benefit post-exploitation from a client that adds more like MySQL, Oracle, DB2, PostgreSQL, Firebird, Vertica, Infomix, WMI, MongoDB and Cassandra.

URL:

24. Add: Filesystem Explorers

Why:

  • If users want to mount and read from a flash drive, external disk or some other source, they can only use NTFS, exFAT and FAT. Ext2 Volume Manager and HFSExplorer combined will add the ability to operate with HFS, HFS+, HFSX, Ext2, Ext3, Ext4 (also .dmg and .sparsebundle packages).

URL:

25. Add: SQLMap

Why:

  • SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
  • Modular design and great community.

URL:

26. Add: Scapy

Why:

  • Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.
  • Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery.

URL:

27. Add: Docker

Why:

  • Docker is essential to every Windows/Linux power user toolbelt. Having the WSL and Docker pentesters can run isolated tools with just few commands.

URL:

28. Add: Bettercap

Why:

  • Bettercap is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.

URL:

29. Add: WPScan

Why:

  • Deffinately a required tool that can automatically detect a many low to medium severity vulnerabilities on WordPress websites.

URL:

30. Add: Arachni Scanner

Why:

  • Arachni is a highly customisable scanner that is a must have for penetration testers.
  • Modular by design and free/public source.

URL:

31. Config: Disable input devices

Why:

  • All microphone and camera devices should be disabled in the install script.
  • Increases privacy.

32. Add: Cloud Nuke

Why:

  • Ability to delete every resource from AWS/Azure/GCP account.
  • Easy cleanup after doing dummy penetration tests.

URL:

33. Add: Clipboard Manager

Why:

  • Every pentester sometime in their life had a moment where a bunch of text editors were open just for the purpose of copy-paste management. Ditto saves you this trouble.
  • Server and save to file should be disabled.

URL:

34. Add: Snort

Why:

  • Useful when doing network automation.
  • Can be used for HIDS/HIPS for deffense.
  • Lightweight and portable.

URL:

35. Add: THC-Hydra

Why:

  • One of the best tools for brute forcing many different protocols.

URL:

36. Add: Freenet

Why:

  • Just like Tor and I2P, Freenet is one of the biggest self-contained networks.

URL:

37. Add: Lockhunter

Why:

  • This tool is purely for usability improvements.
  • Helps with the deletion/moving of locked files.

URL:

38. Add: DBATools

Why:

  • This tool gives enables you to do magic on SQL Servers from PowerShell.
  • Very useful when dumping databases or making backdoors.

URL:

39. Configure: Autoupdate Windows

Why:

  • A lot of time will be saved if the installation script updates Windows to the latest version before doing all other steps. This can be done with PowerShell or Batch.

URL:
@day1player
Copy link
Collaborator

Thank you very much for the detailed notes! We will work to implement as much of this as we can.

@geo-lit geo-lit added enhancement New feature or request discussion Discussion about tooling labels Aug 21, 2023
@day1player
Copy link
Collaborator

day1player commented Aug 28, 2023
edited

Proposal

My current observation is that Commando VM is missing a lot of tools that a penetration testing OS should come with. I have curated a list of improvements that include changes, new tools and configurations. I would like to request comments on this list and perhaps improve and implement it in Commando VM. Most penetration testing environments neglect clouds and containers, which is really unfortunate as they are the future.
I have separated my suggestions in three categories - Add - software to be added in the installation script, Remove - remove software from the installation script and Configure - Windows or some other software configuration deployment.

1. Remove: WinRAR

2. Add: Crunch

3. Add: RBTray

4. Config: Browser Bookmarks

5. Add: NirLauncher with NirSoft Tools

6. Add: Pupy

7. Add: Empire

Will not be adding

8. Add: SDRSharp

9. Add: VirusTotal Uploader

Users can add this package manually with the new Add Package feature in the install GUI

10. Add: Social Engineer Toolkit

11. Add: SimpleDNSCrypt

Users can add this package manually with the new Add Package feature in the install GUI

12. Add: Browser Extensions

13. Add: TorBrowser

Users can add this package manually with the new Add Package feature in the install GUI

14. Add: I2PBrowser

15. Add: qBitTorrent

Users can add this package manually with the new Add Package feature in the install GUI

16. Add: NodeVersionManager

Users can add this package manually with the new Add Package feature in the install GUI

17. Configure: Random MAC

18. Add: Killswitch

This is probably too much of a project for us. Happy to take suggestions or PRs :)

19. Add: Notepad++ Plugins

I believe the new hotness now is Obsidian or VS Code, which we have moved to for Commando 3.0

20. Add: iPerf

Users can add this package manually with the new Add Package feature in the install GUI

21. Add: Session Manager

Users can add this package manually with the new Add Package feature in the install GUI

22. Add: Cloud CLI Tools

Completed.

23. Add: Universal Database Client

Users can add this package manually with the new Add Package feature in the install GUI

24. Add: Filesystem Explorers

Users can add this package manually with the new Add Package feature in the install GUI

25. Add: SQLMap

26. Add: Scapy

27. Add: Docker

Tracking at mandiant/VM-Packages#635

28. Add: Bettercap

29. Add: WPScan

30. Add: Arachni Scanner

31. Config: Disable input devices

32. Add: Cloud Nuke

33. Add: Clipboard Manager

Users can add this package manually with the new Add Package feature in the install GUI

34. Add: Snort

35. Add: THC-Hydra

36. Add: Freenet

Users can add this package manually with the new Add Package feature in the install GUI

37. Add: Lockhunter

Users can add this package manually with the new Add Package feature in the install GUI

38. Add: DBATools

39. Configure: Autoupdate Windows

@fstelte
Copy link

fstelte commented Oct 19, 2023

If possible could autospy be added also?

@day1player
Copy link
Collaborator

@fstelte https://github.com/sleuthkit/autopsy ?

@fstelte
Copy link

fstelte commented Oct 19, 2023

@day1player yes that one

@day1player
Copy link
Collaborator

@fstelte tool requests are tracked in the mandiant/vm-packages repo. I have created the request for tracking here, please feel free to add more context :)
mandiant/VM-Packages#709

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion Discussion about tooling enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@geo-lit @fstelte @day1player @thereisnotime