commando-vm
commando-vm copied to clipboard
FEATURE: Tools Overhaul v1
Proposal
My current observation is that Commando VM is missing a lot of tools that a penetration testing OS should come with. I have curated a list of improvements that include changes, new tools and configurations. I would like to request comments on this list and perhaps improve and implement it in Commando VM. Most penetration testing environments neglect clouds and containers, which is really unfortunate as they are the future. I have separated my suggestions in three categories - Add - software to be added in the installation script, Remove - remove software from the installation script and Configure - Windows or some other software configuration deployment.
1. Remove: WinRAR
Why:
- WinRAR is trialware so it opens annoying pop-ups which are distracting.
- There are a lot of public exploits for WinRAR.
- The compression rate of 7-Zip is almost the same as WinRAR.
2. Add: Crunch
Why:
- One of the most useful tools for wordlist generation.
- High performance tool.
URL:
- https://sourceforge.net/projects/crunch-wordlist/
3. Add: RBTray
Why
- Gives the ability to minimize to tray most of the programs.
- Reduces window cluttering and distractions.
URL:
- https://chocolatey.org/packages/rbtray
- http://rbtray.sourceforge.net/
4. Config: Browser Bookmarks
Why:
- Having a pre-configured bookmark bar will save time. My suggestion is to have one on all of the installed browsers with the most helpful tools sorted in folders for easy access. I came up with this small list in about a hour or so.
URL:
- Databases
- Exploit Databases
- https://www.exploit-db.com
- https://www.rapid7.com/db/
- https://www.cvedetails.com/
- https://vuldb.com/?search
- https://cve.circl.lu/
- https://0day.today/
- https://nvd.nist.gov/vuln/search
- https://packetstormsecurity.com/files/tags/exploit/
- https://cve.mitre.org/cve/search_cve_list.html
- https://vulners.com/search?query=order:published%20type:cve
- Breach Databases
- https://haveibeenpwned.com/
- http://databases.today/
- https://nuclearleaks.com/
- https://leaked.site/
- https://vigilante.pw/
- http://weleakinfo.com/
- https://rslookup.com/terms
- https://snusbase.com/
- https://dehashed.com/
- Exploit Databases
- Tools
- General Usage
- https://www.justbeamit.com/
- Network/Domain Tools
- http://ping.pe/
- https://mxtoolbox.com/dnscheck.aspx
- https://ipduh.com/
- http://jodies.de/ipcalc
- http://www.subnet-calculator.com/
- https://dnschecker.org/all-tools.php
- https://domainbigdata.com/
- https://www.ultratools.com/tools/spamDBLookup
- https://dnschecker.org/ip-blacklist-checker.php
- Text Manipulation
- https://mytexttools.com/
- https://textmechanic.com
- Reconnaissance
- https://www.shodan.io/
- https://builtwith.com/
- Password Cracking
- https://gpuhash.me/
- https://www.onlinehashcrack.com/wifi-wpa-rsna-psk-crack.php
- https://hashc.co.uk/
- https://wpa-sec.stanev.org/
- https://hashkiller.co.uk/
- http://www.md5this.com/tools/wpa-wpa2-password-crack.html
- https://www.md5online.org/
- https://md5decrypt.net/en/
- https://crackstation.net
- General Usage
5. Add: NirLauncher with NirSoft Tools
Why:
- Great collection of over 200 tools that provide all sorts of features.
- Come with a nice launcher for easy access.
URL:
- https://chocolatey.org/packages/nirlauncher
- https://launcher.nirsoft.net/
6. Add: Pupy
Why:
- A classic tool with good cross-platform support.
- Remote administration and post-exploitation tool.
- Supports Docker.
URL:
- https://github.com/n1nj4sec/pupy
7. Add: Empire
Why:
- Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework.
- Has a big community and support.
- Modular design.
URL:
- http://www.powershellempire.com/
8. Add: SDRSharp
Why:
- Adds new vectors for attack in the RF spectrum.
- The best free SDR software for Airspy and RTL-SDR dongles.
- Has a lot of plugins and big community.
URL:
- https://airspy.com/download/
- https://chocolatey.org/packages/sdrsharp
9. Add: VirusTotal Uploader
Why:
- Users can upload files for multi vendor antivirus scan and sandbox.
- Files can be uploaded from the right click context menu in Explorer.
URL:
- https://chocolatey.org/packages/virustotaluploader
10. Add: Social Engineer Toolkit
Why:
- With over two million downloads, it is the standard for social-engineering penetration tests and supported heavily within the security community.
- Runs on Python and it is open source.
- Modular design.
- Adds a lot of attack vectors to Commando VM.
URL:
- https://www.trustedsec.com/social-engineer-toolkit-set/
- https://github.com/trustedsec/social-engineer-toolkit/
- https://securityonline.info/install-social-engineering-toolkit-set-windows/
11. Add: SimpleDNSCrypt
Why:
- Simple DNSCrypt is a simple management tool to configure dnscrypt-proxy on windows based systems.
- Provides DNS over HTTPS and DNSSEC/DNSCrypt options.
- More defensive than offensive but still useful during attacks.
URL:
- https://github.com/bitbeans/SimpleDnsCrypt
12. Add: Browser Extensions
Why:
- In Commando VM Chrome and Firefox by default come with no addons or whatsover. Having a pre-installed and configured extensions will save users a lot of time.
- Some users might learn about new extensons that they've never heard of before.
- Most of the extensions are security/privacy/anonymity oriented, but some can be used offensively.
URL:
- HTTPSEverywhere https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp
- AdNauseum https://adnauseam.io/
- Go Back In Time https://chrome.google.com/webstore/detail/go-back-in-time/hgdahcpipmgehmaaankiglanlgljlakj
- User Agent Switcher https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg
- NoScript https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm
- DuckDuckGo Privacy Essentials https://chrome.google.com/webstore/detail/duckduckgo-privacy-essent/bkdgflcldnnnapblkhphbgpggdiikppg
- TamperMonkey https://chrome.google.com/webstore/detail/tampermonkey/dhdgffkkebhmkfjojejmpbldmpobfkfo
- uMatrix https://chrome.google.com/webstore/detail/umatrix/ogfcmafjalglgifnmanfmnieipoejdcf?hl=en
- EditThisCookie https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en
- Decentraleyes https://chrome.google.com/webstore/detail/decentraleyes/ldpochfccmkkmhdbclfhpagapcfdljkj
13. Add: TorBrowser
Why:
- Anonimity/privacy/security.
- A whole hidden network of sites/services.
- This is Tor.
URL:
- https://www.torproject.org/
14. Add: I2PBrowser
Why:
- Anonimity/privacy/security.
- A whole hidden network of sites/services.
- This is I2P
URL:
- https://geti2p.net/en/download
- https://github.com/PurpleI2P/i2pdbrowser/tree/master/windows
15. Add: qBitTorrent
Why:
- Sometimes before or after a reconnaissance mission, pentesters will need to download a torrent or create/share one.
- Lightweight and FOSS.
URL:
- https://chocolatey.org/packages/qbittorrent
16. Add: NodeVersionManager
Why:
- As there are many useful tools written in Node it will be a big advantage to have Node + NPM. The best way to have it in Windows is with nvm-windows so users can easily change versions of Node and NPM.
URL:
- https://github.com/coreybutler/nvm-windows
- https://chocolatey.org/packages/nvm
17. Configure: Random MAC
Why:
- Better privacy and untraceability.
- Best option - randomisation on every boot(and every interface) and on network connection.
18. Add: Killswitch
Why:
- There should be a way to nuke the whole system by randomising all MACs, randomising hostname/usernames, writing random values to the discs and wiping the memory.
- Good for anti-forensics.
URL:
- Can't find a tool for that.
19. Add: Notepad++ Plugins
Why:
- Plugins can greatly extend Npp's functionality. This list will vastly improve every programmer/scripter's work.
URL:
- MarkdownViewerPlusPlus https://github.com/nea/MarkdownViewerPlusPlus
- JSONViewer https://github.com/kapilratnani/JSON-Viewer
- Snippets https://www.fesevur.com/nppsnippets/
20. Add: iPerf
Why:
- Test the limits of your network + Internet neutrality test.
URL:
- https://iperf.fr/iperf-download.php
21. Add: Session Manager
Why:
- Currently there is not RDP/SSH or other session manager and if users perform penetration tests and network pivoting, there is no easy way to organize yor sessions. I suggest that Commando VM comes with MobaXTerm or mRemote. Bonus - MobaXTerm offers macros so you can optimize and automate your work.
URL:
- https://mobaxterm.mobatek.net/download.html
- https://mremoteng.org/download
22. Add: Cloud CLI Tools
Why:
- There is no tool to help you with Cloud post-exploitation. I suggest adding all the main clouds CLI/PowerShell modules for AWS, Azure, GCP, BB, AliBaba Cloud so pentesters could benefit.
URL:
- https://www.backblaze.com/b2/docs/quick_command_line.html
- https://aws.amazon.com/cli/
- https://docs.microsoft.com/bs-latn-ba/cli/azure/install-azure-cli-windows?view=azure-cli-latest
- https://cloud.google.com/sdk/install#windows
- https://www.alibabacloud.com/help/doc-detail/121510.htm?spm=a2c63.l28256.a3.8.7b52a893kWSfts
23. Add: Universal Database Client
Why:
- Currently Commando VM offers clients only for SQL Server and SQLite. This is really limiting as there are a lot of other SQL and NoSQL types out there and pentesters will benefit post-exploitation from a client that adds more like MySQL, Oracle, DB2, PostgreSQL, Firebird, Vertica, Infomix, WMI, MongoDB and Cassandra.
URL:
- https://dbeaver.io/
- https://chocolatey.org/packages/dbeaver
- https://www.heidisql.com/
- https://chocolatey.org/packages/HeidiSQL
24. Add: Filesystem Explorers
Why:
- If users want to mount and read from a flash drive, external disk or some other source, they can only use NTFS, exFAT and FAT. Ext2 Volume Manager and HFSExplorer combined will add the ability to operate with HFS, HFS+, HFSX, Ext2, Ext3, Ext4 (also .dmg and .sparsebundle packages).
URL:
- https://ext2-volume-manager.en.lo4d.com/windows
- https://chocolatey.org/packages/hfsexplorere
25. Add: SQLMap
Why:
- SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
- Modular design and great community.
URL:
- http://sqlmap.org/
26. Add: Scapy
Why:
- Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.
- Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery.
URL:
- https://scapy.net
- https://github.com/secdev/scapy
27. Add: Docker
Why:
- Docker is essential to every Windows/Linux power user toolbelt. Having the WSL and Docker pentesters can run isolated tools with just few commands.
URL:
- https://chocolatey.org/packages/docker-desktop
- https://hub.docker.com/search?q=pentest&type=image
28. Add: Bettercap
Why:
- Bettercap is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.
URL:
- https://www.bettercap.org/installation/
29. Add: WPScan
Why:
- Deffinately a required tool that can automatically detect a many low to medium severity vulnerabilities on WordPress websites.
URL:
- https://wpscan.org/
30. Add: Arachni Scanner
Why:
- Arachni is a highly customisable scanner that is a must have for penetration testers.
- Modular by design and free/public source.
URL:
- https://www.arachni-scanner.com/download/
31. Config: Disable input devices
Why:
- All microphone and camera devices should be disabled in the install script.
- Increases privacy.
32. Add: Cloud Nuke
Why:
- Ability to delete every resource from AWS/Azure/GCP account.
- Easy cleanup after doing dummy penetration tests.
URL:
- https://github.com/gruntwork-io/cloud-nuke
33. Add: Clipboard Manager
Why:
- Every pentester sometime in their life had a moment where a bunch of text editors were open just for the purpose of copy-paste management. Ditto saves you this trouble.
- Server and save to file should be disabled.
URL:
- https://ditto-cp.sourceforge.io/
34. Add: Snort
Why:
- Useful when doing network automation.
- Can be used for HIDS/HIPS for deffense.
- Lightweight and portable.
URL:
- https://www.snort.org/downloads
35. Add: THC-Hydra
Why:
- One of the best tools for brute forcing many different protocols.
URL:
- https://github.com/vanhauser-thc/thc-hydra
- https://github.com/maaaaz/thc-hydra-windows
36. Add: Freenet
Why:
- Just like Tor and I2P, Freenet is one of the biggest self-contained networks.
URL:
- https://freenetproject.org/
- https://chocolatey.org/packages/freenet
37. Add: Lockhunter
Why:
- This tool is purely for usability improvements.
- Helps with the deletion/moving of locked files.
URL:
- https://chocolatey.org/packages/lockhunter
- https://lockhunter.com/
38. Add: DBATools
Why:
- This tool gives enables you to do magic on SQL Servers from PowerShell.
- Very useful when dumping databases or making backdoors.
URL:
- https://dbatools.io/
- https://www.powershellgallery.com/packages/dbatools/1.0.29
39. Configure: Autoupdate Windows
Why:
- A lot of time will be saved if the installation script updates Windows to the latest version before doing all other steps. This can be done with PowerShell or Batch.
URL:
- https://www.itechtics.com/run-windows-update-cmd/
Thank you very much for the detailed notes! We will work to implement as much of this as we can.
Proposal
My current observation is that Commando VM is missing a lot of tools that a penetration testing OS should come with. I have curated a list of improvements that include changes, new tools and configurations. I would like to request comments on this list and perhaps improve and implement it in Commando VM. Most penetration testing environments neglect clouds and containers, which is really unfortunate as they are the future. I have separated my suggestions in three categories - Add - software to be added in the installation script, Remove - remove software from the installation script and Configure - Windows or some other software configuration deployment.
~1. Remove: WinRAR~
2. Add: Crunch
3. Add: RBTray
4. Config: Browser Bookmarks
5. Add: NirLauncher with NirSoft Tools
6. Add: Pupy
~7. Add: Empire~
Will not be adding
8. Add: SDRSharp
~9. Add: VirusTotal Uploader~
Users can add this package manually with the new Add Package
feature in the install GUI
10. Add: Social Engineer Toolkit
~11. Add: SimpleDNSCrypt~
Users can add this package manually with the new Add Package
feature in the install GUI
12. Add: Browser Extensions
~13. Add: TorBrowser~
Users can add this package manually with the new Add Package
feature in the install GUI
14. Add: I2PBrowser
~15. Add: qBitTorrent~
Users can add this package manually with the new Add Package
feature in the install GUI
~16. Add: NodeVersionManager~
Users can add this package manually with the new Add Package
feature in the install GUI
17. Configure: Random MAC
~18. Add: Killswitch~
This is probably too much of a project for us. Happy to take suggestions or PRs :)
~19. Add: Notepad++ Plugins~
I believe the new hotness now is Obsidian or VS Code, which we have moved to for Commando 3.0
~20. Add: iPerf~
Users can add this package manually with the new Add Package
feature in the install GUI
~21. Add: Session Manager~
Users can add this package manually with the new Add Package
feature in the install GUI
~22. Add: Cloud CLI Tools~
Completed.
~23. Add: Universal Database Client~
Users can add this package manually with the new Add Package
feature in the install GUI
~24. Add: Filesystem Explorers~
Users can add this package manually with the new Add Package
feature in the install GUI
25. Add: SQLMap
26. Add: Scapy
27. Add: Docker
Tracking at https://github.com/mandiant/VM-Packages/issues/635
28. Add: Bettercap
29. Add: WPScan
30. Add: Arachni Scanner
31. Config: Disable input devices
32. Add: Cloud Nuke
33. ~Add: Clipboard Manager~
Users can add this package manually with the new Add Package
feature in the install GUI
34. Add: Snort
35. Add: THC-Hydra
~36. Add: Freenet~
Users can add this package manually with the new Add Package
feature in the install GUI
~37. Add: Lockhunter~
Users can add this package manually with the new Add Package
feature in the install GUI
38. Add: DBATools
39. Configure: Autoupdate Windows
If possible could autospy be added also?
@fstelte https://github.com/sleuthkit/autopsy ?
@day1player yes that one
@fstelte tool requests are tracked in the mandiant/vm-packages repo. I have created the request for tracking here, please feel free to add more context :) https://github.com/mandiant/VM-Packages/issues/709