WeaponizeKali.sh is a Bash script aimed at automating the process of downloading and installing extra tools for internal penetration tests on Kali Linux.
Basic principles behind this project are:
- Use bleeding-edge versions of offensive toolkits to possess their latest features and fixes.
- When installing 3rd party software, use isolated environments to minimize potential dependency hell.
- Keep Windows exploitation scripts and binaries on hand in case you find yourself in an "offline situation".
The script will create two directories within CWD: tools
and www
. The first one contains all the tools that will be installed on Kali. The second one contains all the scripts and binaries that may be transferred onto the victim host.
WeaponizeKali.sh heavily relies on Python virtual environments and uses pipx, poetry and pipenv to orchestra venvs.
In order to launch the bleeding-edge version of a tool installed with pipx and not the version that is already shipped with Kali, you should modify the PATH
variable:
- Modify
PATH
for a normal user with any method you want (.bashrc
/.profile
/.zshrc
/ etc.):export PATH="$HOME/.local/bin:$PATH"
. - Modify
PATH
for the superuser by modifyingsecure_path
within sudoers (sudo visudo
):
Now you can download WeaponizeKali.sh and run it from your home directory (pipenv may prompt for unlocking the keyring during the process). When it's done, you can check the results in ~/tools
and ~/www
:
~$ curl -L https://github.com/snovvcrash/WeaponizeKali.sh/raw/main/WeaponizeKali.sh | bash -s -- -idtw
~$ ls -la ~/tools ~/www
~/tools
and ~/www
directories, if they exist.
It's recommended to run WeaponizeKali.sh on a clean installation of Kali Linux.
~$ ./WeaponizeKali.sh -h
)
( ( ( /( ( )
)\))( ' ( ) ( ( )\()) ) )\ ( ( /(
((_)()\ ) ))\ ( /( ` ) ( ( )\ ( ))\ ((_)\ ( /( ((_))\ ( )\())
_(())\_)() /((_))(_)) /(/( )\ )\ )((_) )\ /((_) _ ((_))(_)) _ ((_) )\ ((_)\
\ \((_)/ /(_)) ((_)_ ((_)_\ ((_) _(_/( (_)((_)(_)) | |/ /((_)_ | | (_) ((_)| |(_)
\ \/\/ / / -_)/ _` || '_ \)/ _ \| ' \))| ||_ // -_) | ' < / _` || | | | _ (_-<| ' \
\_/\_/ \___|\__,_|| .__/ \___/|_||_| |_|/__|\___| |_|\_\\__,_||_| |_|(_)/__/|_||_|
|_|
"the more tools you install, the more you are able to PWN"
{ https://github.com/snovvcrash/WeaponizeKali.sh } { v0.2 }
usage: WeaponizeKali.sh [-h] [-i] [-d] [-t] [w]
optional arguments:
-h show this help message and exit
-i initialize filesystem (re-create ./tools and ./www directories)
-d resolve dependencies
-t call "tools" module
-w call "www" module
- BloodHound.py
- BloodHound
- CVE-2020-1472 (checker)
- CrackMapExec
- Ebowla
- Empire
- LDAPPER
- PrivExchange
- Responder
- TrustVisualizer
- Windows-Exploit-Suggester
- aclpwn.py
- adidnsdump
- aquatone
- bettercap
- chisel
- crowbar
- cve-2019-1040-scanner
- dementor.py
- dsniff
- enum4linux-ng
- evil-winrm
- gateway-finder-imp
- gitjacker
- gobuster
- htbenum
- impacket
- kerbrute
- krbrelayx
- ldapdomaindump
- mitm6
- nullinux
- odat
- pypykatz
- pywerview
- rbcd-attack
- rbcd_permissions
- rdp-tunnel
- updog
- Bypass-AMSI.ps1
- Bypass-UAC.ps1
- Discover-PSMSExchangeServers
- Discover-PSMSSQLServers
- DomainPasswordSpray.ps1
- Intercept-NG
- Inveigh.ps1
- InveighZero · Pre-Compiled · PowerSharpPack.ps1
- Invoke-ACLPwn.ps1
- Invoke-Kerberoast.ps1 (Empire)
- Invoke-Mimikatz.ps1 (Empire)
- Invoke-Portscan.ps1 (PowerSploit)
- Invoke-RunasCs.ps1
- Invoke-SMBClient.ps1
- Invoke-SMBEnum.ps1
- Invoke-SMBExec.ps1
- Invoke-WMIExec.ps1
- Out-EncryptedScript.ps1 (PowerSploit)
- PowerUp.ps1 (PowerSploit)
- PowerUpSQL.ps1
- PowerView2.ps1 (PowerSploit)
- PowerView3.ps1 (PowerSploit) (New-GPOImmediateTask)
- PowerView3.ps1 (PowerSploit)
- PowerView4.ps1 (ZeroDayLab)
- Powermad.ps1
- PrivescCheck.ps1
- ProcDump (Sysinternals)
- Rubeus · Pre-Compiled · Invoke-Rubeus.ps1 (Empire) · Invoke-Rubeus.ps1 (PowerSharpPack)
- Seatbelt · Pre-Compiled · Invoke-Seatbelt.ps1 (PowerSharpPack)
- SessionGopher.ps1
- Set-GpoStatus.ps1
- SharpGPOAbuse · Pre-Compiled · Invoke-SharpGPOAbuse.ps1 (PowerSharpPack)
- SharpHound.exe
- SharpHound.ps1
- Sherlock.ps1
- SpoolSample · Pre-Compiled · Invoke-Spoolsample.ps1 (PowerSharpPack)
- Watson · Pre-Compiled · Invoke-SharpWatson.ps1 (PowerSharpPack)
- WinPwn
- chisel
- htbenum.sh
- linux-exploit-suggester
- mimikatz
- netcat for Windows
- plink
- powercat.ps1
- pspy
- rdp2tcp.exe
- winPEAS.exe