commando-vm icon indicating copy to clipboard operation
commando-vm copied to clipboard

Published 20 hours ago verified publisher icon mandiant

FEATURE: Tools Overhaul v1

Open thereisnotime opened this issue 4 years ago • 6 comments

Proposal

My current observation is that Commando VM is missing a lot of tools that a penetration testing OS should come with. I have curated a list of improvements that include changes, new tools and configurations. I would like to request comments on this list and perhaps improve and implement it in Commando VM. Most penetration testing environments neglect clouds and containers, which is really unfortunate as they are the future. I have separated my suggestions in three categories - Add - software to be added in the installation script, Remove - remove software from the installation script and Configure - Windows or some other software configuration deployment.

1. Remove: WinRAR

Why:

  • WinRAR is trialware so it opens annoying pop-ups which are distracting.
  • There are a lot of public exploits for WinRAR.
  • The compression rate of 7-Zip is almost the same as WinRAR.

2. Add: Crunch

Why:

  • One of the most useful tools for wordlist generation.
  • High performance tool.

URL:

  • https://sourceforge.net/projects/crunch-wordlist/

3. Add: RBTray

Why

  • Gives the ability to minimize to tray most of the programs.
  • Reduces window cluttering and distractions.

URL:

  • https://chocolatey.org/packages/rbtray
  • http://rbtray.sourceforge.net/

4. Config: Browser Bookmarks

Why:

  • Having a pre-configured bookmark bar will save time. My suggestion is to have one on all of the installed browsers with the most helpful tools sorted in folders for easy access. I came up with this small list in about a hour or so.

URL:

  • Databases
    • Exploit Databases
      • https://www.exploit-db.com
      • https://www.rapid7.com/db/
      • https://www.cvedetails.com/
      • https://vuldb.com/?search
      • https://cve.circl.lu/
      • https://0day.today/
      • https://nvd.nist.gov/vuln/search
      • https://packetstormsecurity.com/files/tags/exploit/
      • https://cve.mitre.org/cve/search_cve_list.html
      • https://vulners.com/search?query=order:published%20type:cve
    • Breach Databases
      • https://haveibeenpwned.com/
      • http://databases.today/
      • https://nuclearleaks.com/
      • https://leaked.site/
      • https://vigilante.pw/
      • http://weleakinfo.com/
      • https://rslookup.com/terms
      • https://snusbase.com/
      • https://dehashed.com/
  • Tools
    • General Usage
      • https://www.justbeamit.com/
    • Network/Domain Tools
      • http://ping.pe/
      • https://mxtoolbox.com/dnscheck.aspx
      • https://ipduh.com/
      • http://jodies.de/ipcalc
      • http://www.subnet-calculator.com/
      • https://dnschecker.org/all-tools.php
      • https://domainbigdata.com/
      • https://www.ultratools.com/tools/spamDBLookup
      • https://dnschecker.org/ip-blacklist-checker.php
    • Text Manipulation
      • https://mytexttools.com/
      • https://textmechanic.com
    • Reconnaissance
      • https://www.shodan.io/
      • https://builtwith.com/
    • Password Cracking
      • https://gpuhash.me/
      • https://www.onlinehashcrack.com/wifi-wpa-rsna-psk-crack.php
      • https://hashc.co.uk/
      • https://wpa-sec.stanev.org/
      • https://hashkiller.co.uk/
      • http://www.md5this.com/tools/wpa-wpa2-password-crack.html
      • https://www.md5online.org/
      • https://md5decrypt.net/en/
      • https://crackstation.net

5. Add: NirLauncher with NirSoft Tools

Why:

  • Great collection of over 200 tools that provide all sorts of features.
  • Come with a nice launcher for easy access.

URL:

  • https://chocolatey.org/packages/nirlauncher
  • https://launcher.nirsoft.net/

6. Add: Pupy

Why:

  • A classic tool with good cross-platform support.
  • Remote administration and post-exploitation tool.
  • Supports Docker.

URL:

  • https://github.com/n1nj4sec/pupy

7. Add: Empire

Why:

  • Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework.
  • Has a big community and support.
  • Modular design.

URL:

  • http://www.powershellempire.com/

8. Add: SDRSharp

Why:

  • Adds new vectors for attack in the RF spectrum.
  • The best free SDR software for Airspy and RTL-SDR dongles.
  • Has a lot of plugins and big community.

URL:

  • https://airspy.com/download/
  • https://chocolatey.org/packages/sdrsharp

9. Add: VirusTotal Uploader

Why:

  • Users can upload files for multi vendor antivirus scan and sandbox.
  • Files can be uploaded from the right click context menu in Explorer.

URL:

  • https://chocolatey.org/packages/virustotaluploader

10. Add: Social Engineer Toolkit

Why:

  • With over two million downloads, it is the standard for social-engineering penetration tests and supported heavily within the security community.
  • Runs on Python and it is open source.
  • Modular design.
  • Adds a lot of attack vectors to Commando VM.

URL:

  • https://www.trustedsec.com/social-engineer-toolkit-set/
  • https://github.com/trustedsec/social-engineer-toolkit/
  • https://securityonline.info/install-social-engineering-toolkit-set-windows/

11. Add: SimpleDNSCrypt

Why:

  • Simple DNSCrypt is a simple management tool to configure dnscrypt-proxy on windows based systems.
  • Provides DNS over HTTPS and DNSSEC/DNSCrypt options.
  • More defensive than offensive but still useful during attacks.

URL:

  • https://github.com/bitbeans/SimpleDnsCrypt

12. Add: Browser Extensions

Why:

  • In Commando VM Chrome and Firefox by default come with no addons or whatsover. Having a pre-installed and configured extensions will save users a lot of time.
  • Some users might learn about new extensons that they've never heard of before.
  • Most of the extensions are security/privacy/anonymity oriented, but some can be used offensively.

URL:

  • HTTPSEverywhere https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp
  • AdNauseum https://adnauseam.io/
  • Go Back In Time https://chrome.google.com/webstore/detail/go-back-in-time/hgdahcpipmgehmaaankiglanlgljlakj
  • User Agent Switcher https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg
  • NoScript https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm
  • DuckDuckGo Privacy Essentials https://chrome.google.com/webstore/detail/duckduckgo-privacy-essent/bkdgflcldnnnapblkhphbgpggdiikppg
  • TamperMonkey https://chrome.google.com/webstore/detail/tampermonkey/dhdgffkkebhmkfjojejmpbldmpobfkfo
  • uMatrix https://chrome.google.com/webstore/detail/umatrix/ogfcmafjalglgifnmanfmnieipoejdcf?hl=en
  • EditThisCookie https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en
  • Decentraleyes https://chrome.google.com/webstore/detail/decentraleyes/ldpochfccmkkmhdbclfhpagapcfdljkj

13. Add: TorBrowser

Why:

  • Anonimity/privacy/security.
  • A whole hidden network of sites/services.
  • This is Tor.

URL:

  • https://www.torproject.org/

14. Add: I2PBrowser

Why:

  • Anonimity/privacy/security.
  • A whole hidden network of sites/services.
  • This is I2P

URL:

  • https://geti2p.net/en/download
  • https://github.com/PurpleI2P/i2pdbrowser/tree/master/windows

15. Add: qBitTorrent

Why:

  • Sometimes before or after a reconnaissance mission, pentesters will need to download a torrent or create/share one.
  • Lightweight and FOSS.

URL:

  • https://chocolatey.org/packages/qbittorrent

16. Add: NodeVersionManager

Why:

  • As there are many useful tools written in Node it will be a big advantage to have Node + NPM. The best way to have it in Windows is with nvm-windows so users can easily change versions of Node and NPM.

URL:

  • https://github.com/coreybutler/nvm-windows
  • https://chocolatey.org/packages/nvm

17. Configure: Random MAC

Why:

  • Better privacy and untraceability.
  • Best option - randomisation on every boot(and every interface) and on network connection.

18. Add: Killswitch

Why:

  • There should be a way to nuke the whole system by randomising all MACs, randomising hostname/usernames, writing random values to the discs and wiping the memory.
  • Good for anti-forensics.

URL:

  • Can't find a tool for that.

19. Add: Notepad++ Plugins

Why:

  • Plugins can greatly extend Npp's functionality. This list will vastly improve every programmer/scripter's work.

URL:

  • MarkdownViewerPlusPlus https://github.com/nea/MarkdownViewerPlusPlus
  • JSONViewer https://github.com/kapilratnani/JSON-Viewer
  • Snippets https://www.fesevur.com/nppsnippets/

20. Add: iPerf

Why:

  • Test the limits of your network + Internet neutrality test.

URL:

  • https://iperf.fr/iperf-download.php

21. Add: Session Manager

Why:

  • Currently there is not RDP/SSH or other session manager and if users perform penetration tests and network pivoting, there is no easy way to organize yor sessions. I suggest that Commando VM comes with MobaXTerm or mRemote. Bonus - MobaXTerm offers macros so you can optimize and automate your work.

URL:

  • https://mobaxterm.mobatek.net/download.html
  • https://mremoteng.org/download

22. Add: Cloud CLI Tools

Why:

  • There is no tool to help you with Cloud post-exploitation. I suggest adding all the main clouds CLI/PowerShell modules for AWS, Azure, GCP, BB, AliBaba Cloud so pentesters could benefit.

URL:

  • https://www.backblaze.com/b2/docs/quick_command_line.html
  • https://aws.amazon.com/cli/
  • https://docs.microsoft.com/bs-latn-ba/cli/azure/install-azure-cli-windows?view=azure-cli-latest
  • https://cloud.google.com/sdk/install#windows
  • https://www.alibabacloud.com/help/doc-detail/121510.htm?spm=a2c63.l28256.a3.8.7b52a893kWSfts

23. Add: Universal Database Client

Why:

  • Currently Commando VM offers clients only for SQL Server and SQLite. This is really limiting as there are a lot of other SQL and NoSQL types out there and pentesters will benefit post-exploitation from a client that adds more like MySQL, Oracle, DB2, PostgreSQL, Firebird, Vertica, Infomix, WMI, MongoDB and Cassandra.

URL:

  • https://dbeaver.io/
  • https://chocolatey.org/packages/dbeaver
  • https://www.heidisql.com/
  • https://chocolatey.org/packages/HeidiSQL

24. Add: Filesystem Explorers

Why:

  • If users want to mount and read from a flash drive, external disk or some other source, they can only use NTFS, exFAT and FAT. Ext2 Volume Manager and HFSExplorer combined will add the ability to operate with HFS, HFS+, HFSX, Ext2, Ext3, Ext4 (also .dmg and .sparsebundle packages).

URL:

  • https://ext2-volume-manager.en.lo4d.com/windows
  • https://chocolatey.org/packages/hfsexplorere

25. Add: SQLMap

Why:

  • SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
  • Modular design and great community.

URL:

  • http://sqlmap.org/

26. Add: Scapy

Why:

  • Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.
  • Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery.

URL:

  • https://scapy.net
  • https://github.com/secdev/scapy

27. Add: Docker

Why:

  • Docker is essential to every Windows/Linux power user toolbelt. Having the WSL and Docker pentesters can run isolated tools with just few commands.

URL:

  • https://chocolatey.org/packages/docker-desktop
  • https://hub.docker.com/search?q=pentest&type=image

28. Add: Bettercap

Why:

  • Bettercap is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.

URL:

  • https://www.bettercap.org/installation/

29. Add: WPScan

Why:

  • Deffinately a required tool that can automatically detect a many low to medium severity vulnerabilities on WordPress websites.

URL:

  • https://wpscan.org/

30. Add: Arachni Scanner

Why:

  • Arachni is a highly customisable scanner that is a must have for penetration testers.
  • Modular by design and free/public source.

URL:

  • https://www.arachni-scanner.com/download/

31. Config: Disable input devices

Why:

  • All microphone and camera devices should be disabled in the install script.
  • Increases privacy.

32. Add: Cloud Nuke

Why:

  • Ability to delete every resource from AWS/Azure/GCP account.
  • Easy cleanup after doing dummy penetration tests.

URL:

  • https://github.com/gruntwork-io/cloud-nuke

33. Add: Clipboard Manager

Why:

  • Every pentester sometime in their life had a moment where a bunch of text editors were open just for the purpose of copy-paste management. Ditto saves you this trouble.
  • Server and save to file should be disabled.

URL:

  • https://ditto-cp.sourceforge.io/

34. Add: Snort

Why:

  • Useful when doing network automation.
  • Can be used for HIDS/HIPS for deffense.
  • Lightweight and portable.

URL:

  • https://www.snort.org/downloads

35. Add: THC-Hydra

Why:

  • One of the best tools for brute forcing many different protocols.

URL:

  • https://github.com/vanhauser-thc/thc-hydra
  • https://github.com/maaaaz/thc-hydra-windows

36. Add: Freenet

Why:

  • Just like Tor and I2P, Freenet is one of the biggest self-contained networks.

URL:

  • https://freenetproject.org/
  • https://chocolatey.org/packages/freenet

37. Add: Lockhunter

Why:

  • This tool is purely for usability improvements.
  • Helps with the deletion/moving of locked files.

URL:

  • https://chocolatey.org/packages/lockhunter
  • https://lockhunter.com/

38. Add: DBATools

Why:

  • This tool gives enables you to do magic on SQL Servers from PowerShell.
  • Very useful when dumping databases or making backdoors.

URL:

  • https://dbatools.io/
  • https://www.powershellgallery.com/packages/dbatools/1.0.29

39. Configure: Autoupdate Windows

Why:

  • A lot of time will be saved if the installation script updates Windows to the latest version before doing all other steps. This can be done with PowerShell or Batch.

URL:

  • https://www.itechtics.com/run-windows-update-cmd/

thereisnotime avatar Aug 03 '19 17:08 thereisnotime

Thank you very much for the detailed notes! We will work to implement as much of this as we can.

day1player avatar Aug 05 '19 16:08 day1player

Proposal

My current observation is that Commando VM is missing a lot of tools that a penetration testing OS should come with. I have curated a list of improvements that include changes, new tools and configurations. I would like to request comments on this list and perhaps improve and implement it in Commando VM. Most penetration testing environments neglect clouds and containers, which is really unfortunate as they are the future. I have separated my suggestions in three categories - Add - software to be added in the installation script, Remove - remove software from the installation script and Configure - Windows or some other software configuration deployment.

~1. Remove: WinRAR~

2. Add: Crunch

3. Add: RBTray

4. Config: Browser Bookmarks

5. Add: NirLauncher with NirSoft Tools

6. Add: Pupy

~7. Add: Empire~

Will not be adding

8. Add: SDRSharp

~9. Add: VirusTotal Uploader~

Users can add this package manually with the new Add Package feature in the install GUI

10. Add: Social Engineer Toolkit

~11. Add: SimpleDNSCrypt~

Users can add this package manually with the new Add Package feature in the install GUI

12. Add: Browser Extensions

~13. Add: TorBrowser~

Users can add this package manually with the new Add Package feature in the install GUI

14. Add: I2PBrowser

~15. Add: qBitTorrent~

Users can add this package manually with the new Add Package feature in the install GUI

~16. Add: NodeVersionManager~

Users can add this package manually with the new Add Package feature in the install GUI

17. Configure: Random MAC

~18. Add: Killswitch~

This is probably too much of a project for us. Happy to take suggestions or PRs :)

~19. Add: Notepad++ Plugins~

I believe the new hotness now is Obsidian or VS Code, which we have moved to for Commando 3.0

~20. Add: iPerf~

Users can add this package manually with the new Add Package feature in the install GUI

~21. Add: Session Manager~

Users can add this package manually with the new Add Package feature in the install GUI

~22. Add: Cloud CLI Tools~

Completed.

~23. Add: Universal Database Client~

Users can add this package manually with the new Add Package feature in the install GUI

~24. Add: Filesystem Explorers~

Users can add this package manually with the new Add Package feature in the install GUI

25. Add: SQLMap

26. Add: Scapy

27. Add: Docker

Tracking at https://github.com/mandiant/VM-Packages/issues/635

28. Add: Bettercap

29. Add: WPScan

30. Add: Arachni Scanner

31. Config: Disable input devices

32. Add: Cloud Nuke

33. ~Add: Clipboard Manager~

Users can add this package manually with the new Add Package feature in the install GUI

34. Add: Snort

35. Add: THC-Hydra

~36. Add: Freenet~

Users can add this package manually with the new Add Package feature in the install GUI

~37. Add: Lockhunter~

Users can add this package manually with the new Add Package feature in the install GUI

38. Add: DBATools

39. Configure: Autoupdate Windows

day1player avatar Aug 28 '23 15:08 day1player

If possible could autospy be added also?

fstelte avatar Oct 19 '23 06:10 fstelte

@fstelte https://github.com/sleuthkit/autopsy ?

day1player avatar Oct 19 '23 15:10 day1player

@day1player yes that one

fstelte avatar Oct 19 '23 15:10 fstelte

@fstelte tool requests are tracked in the mandiant/vm-packages repo. I have created the request for tracking here, please feel free to add more context :) https://github.com/mandiant/VM-Packages/issues/709

day1player avatar Oct 19 '23 15:10 day1player