Merge pull request trustedsec#2 from trustedsec/master

Update

Dockerfile

@@ -0,0 +1,7 @@
+FROM debian:sid
+LABEL version="1.1"
+LABEL description="Dockerized version of Trustedsec PTF - Penetration Testing Framework"
+LABEL author="Jacobo Avariento Gimeno"
+
+COPY bootstrap.sh /root/bootstrap.sh
+RUN bash -c /root/bootstrap.sh

README.docker.md

@@ -0,0 +1,25 @@
+# Docker support for PTF
+
+To be able to use the principle Security-in-a-box and run constantly penetration testing and vulnerability assessment against our applications and infrastructure, I developed a quick hack to be able to run PTF framework inside a Docker container.
+
+
+First of all, build and compile all the tools and the image itself (~2 hours).
+Inside this folder run the following:
+```
+docker build --rm -t spinfoo/ptf:1.1 .
+```
+
+
+After, you can run PTF anytime with:
+```
+docker run -it spinfoo/ptf:1.1 /bin/bash
+```
+
+
+# TODO
+* Run install checks after modules update/install (go through /usr/local/bin and check successful execution)
+* Check automatically for dependencies, improve efficiency
+
+
+# Credits
+David Kennedy/Trustedsec PTF project and Jacobo Avariento (spinfoo) for the docker support.

README.md

@@ -1,64 +1,69 @@
 
 The PenTesters Framework (PTF)
+===
 
-A TrustedSec Project - Copyright 2017
+#### A TrustedSec Project - Copyright 2018
 
-Written by: David Kennedy (@HackingDave)
+### Written by: David Kennedy (@HackingDave)
 
 https://www.trustedsec.com
 
-Twitter: @TrustedSec, @HackingDave
+### Twitter: @TrustedSec, @HackingDave
 
 The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.
 
 PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.
 
 The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It's super simple to configure and add them and only takes a few minute.
 
-#Instructions:
+### Instructions:
 
-First check out the config/ptf.config file which contains the base location of where to install everything. By default this will install in the /pentest directory. Once you have that configured, move to running PTF by typing ./ptf (or python ptf).
+First check out the config/ptf.config file which contains the base location of where to install everything. By default this will install in the /pentest directory. Once you have that configured, move to running PTF by typing `./ptf` (or python ptf).
 
-This will put you in a Metasploitesque type shell which has a similar look and feel for consistency. Show modules, use <modules>, etc. are all accepted commands. First things first, always type help or ? to see a full list of commands.
+This will put you in a Metasploitesque type shell which has a similar look and feel for consistency. Show modules, use `<modules>`, etc. are all accepted commands. First things first, always type help or `?` to see a full list of commands.
 
 For a video tutorial on how to use PTF, check out our Vimeo page here: https://vimeo.com/137133837
 
-###Update EVERYTHING!
+### Update EVERYTHING!
 
 If you want to install and/or update everything, simply do the following:
-
+```
 ./ptf
-
 use modules/install_update_all
-
 yes
+```
 
 This will install all of the tools inside of PTF. If they are already installed, this will iterate through and update everything for you automatically.
 
 You can also individually install each module, then use the  use modules/update_installed which will only update what you've previously installed.
 
 For example:
 
+```
 ./ptf
 use modules/update_installed
+```
 
 This will only update previous ones you've installed.
 
 You can also show options to change information about the modules.
 
 If you only want to install only for example exploitation tools, you can run:
 
+```
 ./ptf
 use modules/exploitation/install_update_all
+```
 
 This will only install the exploitation modules. You can do this for any module category.
 
-#Modules:
+### Modules:
 
 First, head over to the modules/ directory, inside of there are sub directories based on the Penetration Testing Execution Standard (PTES) phases. Go into those phases and look at the different modules. As soon as you add a new one, for example testing.py, it will automatically be imported next time you launch PTF. There are a few key components when looking at a module that must be completed.
 
 Below is a sample module
 
+```
 AUTHOR="David Kennedy (ReL1K)"
 
 DESCRIPTION="This module will install/update the Browser Exploitation Framework (BeEF)"
@@ -82,49 +87,73 @@ AFTER_COMMANDS="cd {INSTALL_LOCATION},ruby install-beef"
 LAUNCHER="beef"
 
 TOOL_DEPEND="modules/exploitation/metasploit"
+```
 
-###Module Development:
+### Module Development:
 
-All of the fields are pretty easy, on the repository locations, you can use GIT, SVN or FILE. Fill in the depends, and where you want the install location to be. PTF will take where the python file is located (for example exploitation) and move it to what you specify in the PTF config (located under config). By default it installs all your tools to /pentest/PTES_PHASE/TOOL_FOLDER
+All of the fields are pretty easy, on the repository locations, you can use GIT, SVN or FILE. Fill in the depends, and where you want the install location to be. PTF will take where the python file is located (for example exploitation) and move it to what you specify in the PTF config (located under config). By default it installs all your tools to `/pentest/PTES_PHASE/TOOL_FOLDER`
 
-Note in modules, you can specify after commands {INSTALL_LOCATION}. This will append where you want the install location to go when using after commands.
+Note in modules, you can specify after commands `{INSTALL_LOCATION}`. This will append where you want the install location to go when using after commands.
 
-You can also specify {PTF_LOCATION} which will pull the base path for your PTF installation.
+You can also specify `{PTF_LOCATION}` which will pull the base path for your PTF installation.
 
 You also have the ability for repository locations to specify both a 32 bit and 64 bit location. Repository location should always be the x86 download path. To add a 64 bit path for a tool, specify X64_LOCATION and give it a URL. When PTF launches it will automatically detect the architecture and attempt to use the x64 link instead of the x86.
 
 Note that ArchLinux packages are also supported, it needs to be specified for both DEBIAN and ARCH in order for it to be properly installed on either platform in the module
 
-###BYPASS UPDATES:
+### BYPASS UPDATES:
 
-When using traditional git or svn as a main method, what will happen after a module is installed is it will just go and grab the latest version of the tool. With after commands, normally when installing, you may need to run the after commands after each time you update. If you specify bypass updates to YES (BYPASS_UPDATE="YES"), each time the tool is run, it will check out the latest version and still run after commands. If this is marked to no, it will only git pull the latest version of the system. For "FILE" options, it is recommended to always use BYPASS_UPDATE="YES" so that it will overwrite the files each time.
+When using traditional git or svn as a main method, what will happen after a module is installed is it will just go and grab the latest version of the tool. With after commands, normally when installing, you may need to run the after commands after each time you update. If you specify bypass updates to YES (`BYPASS_UPDATE="YES"`), each time the tool is run, it will check out the latest version and still run after commands. If this is marked to no, it will only git pull the latest version of the system. For `FILE` options, it is recommended to always use `BYPASS_UPDATE="YES"` so that it will overwrite the files each time.
 
-###After Commands:
+### After Commands:
 
-After commands are commands that you can insert after an installation. This could be switching to a directory and kicking off additional commands to finish the installation. For example in the BEEF scenario, you need to run ruby install-beef afterwards.  Below is an example of after commands using the {INSTALL_LOCATION} flag.
- 
+After commands are commands that you can insert after an installation. This could be switching to a directory and kicking off additional commands to finish the installation. For example in the BEEF scenario, you need to run ruby install-beef afterwards. Below is an example of after commands using the `{INSTALL_LOCATION}` flag.
+```
 AFTER_COMMANDS="cp config/dict/rockyou.txt {INSTALL_LOCATION}"
+```
+For `AFTER_COMMANDS` that do self install (don't need user interaction).
 
-For AFTER_COMMANDS that do self install (don't need user interaction).
-
-###Automatic Launchers
+### Automatic Launchers
 
-The flag LAUNCHER= in modules is optional. If you add LAUNCHER="setoolkit" for example, PTF will automatically create a launcher for the tool under /usr/local/bin/. In the setoolkit example, when run - PTF will automatically create a file under /usr/local/bin/setoolkit so you can launch SET from anywhere by simply typing setoolkit. All files will still be installed under the appropriate categories, for example /pentest/exploitation/setoolkit however an automatic launcher will be created.
+The flag LAUNCHER= in modules is optional. If you add `LAUNCHER="setoolkit"` for example, PTF will automatically create a launcher for the tool under `/usr/local/bin/`. In the setoolkit example, when run - PTF will automatically create a file under `/usr/local/bin/setoolkit` so you can launch SET from anywhere by simply typing setoolkit. All files will still be installed under the appropriate categories, for example `/pentest/exploitation/setoolkit` however an automatic launcher will be created.
 
-You can have multiple launchers for an application. For example, for Metasploit you may want msfconsole, msfvenom, etc. In order to add multiple launchers, simply put a "," between them. For example LAUNCHER="msfconsole,msfvenom". This would create launchers for both.
+You can have multiple launchers for an application. For example, for Metasploit you may want msfconsole, msfvenom, etc. In order to add multiple launchers, simply put a `,` between them. For example `LAUNCHER="msfconsole,msfvenom"`. This would create launchers for both.
 
 ### Automatic Command Line
 
-You can also just run ./ptf --update-all and it will automatically update everything for you without having to go into the framework.
+You can also just run `./ptf --update-all` and it will automatically update everything for you without having to go into the framework.
 
-###TOOL DEPENDS
+### Running Unattended
 
-Some tools such as Veil, SET, etc. require tools such as the Metasploit Framework. You can add in the module TOOL_DEPEND="modules/exploitation/metasploit,module/exploitation/set" and multiple other tools if there is a tool required to be installed prior to installing the tool. This will force PTF to install the required tool first, then install the module that requires it. Example:
+If you're running `ptf` in an automatic build, you can use a [heredoc](http://tldp.org/LDP/abs/html/here-docs.html) so you don't have to interactively type the modules you wish to install. Example:
 
-TOOL_DEPEND="modules/exploitation/metasploit"
+```
+./ptf <<EOF
+use modules/exploitation/metasploit
+run
+use modules/password-recovery/johntheripper
+run
+EOF
+```
+
+### TOOL DEPENDS
+
+Some tools such as Veil, SET, etc. require tools such as the Metasploit Framework. You can add in the module `TOOL_DEPEND="modules/exploitation/metasploit,module/exploitation/set"` and multiple other tools if there is a tool required to be installed prior to installing the tool. This will force PTF to install the required tool first, then install the module that requires it. Example:
+
+`TOOL_DEPEND="modules/exploitation/metasploit"`
 
 This will install Metasploit first or ensured its installed first prior to installing the application.
 
 ### IGNORE Modules or Categories
 
-The "IGNORE_THESE_MODULES=" config option can be found under config/ptf.config in the PTF root directory. This will ignore modules and not install them - everything is comma separated and based on name - example: modules/exploitation/metasploit,modules/exploitation/set or entire module categories, like /modules/code-audit/*,/modules/reporting/*
+The `IGNORE_THESE_MODULES=` config option can be found under config/ptf.config in the PTF root directory. This will ignore modules and not install them - everything is comma separated and based on name - example: `modules/exploitation/metasploit,modules/exploitation/set` or entire module categories, like `/modules/code-audit/*,/modules/reporting/*`
+
+### IGNORE Modules from Update/Install All
+
+The `IGNORE_UPDATE_ALL_MODULES=` config option can be found under config/ptf.config in the PTF root directory. This will ignore modules only when doing install_update_all which are used when you want to install all tools. This could be for large applications that take substantial time, ones that require user interaction, or open up a number of ports and protocols on the system. This works very similar in the IGNORE_THESE_MODULES, except that they can be manually installed and updated through the modules/update_installed. These are comma deliminated, so for example modules/exploitation/tool1,modules/exploitation/tool2, when running install_update_all, this would not install the tools unless you went to use modules/exploitation/tool1 and installed via that method. 
+
+### INCLUDE_ONLY_THESE_MODULES
+
+The `INCLUDE_ONLY_THESE_MODULES` in the config option under config/ptf.config will only install and include specific modules that is specified here. This is good for baselining your tools that you want and only install them.
+
+

bootstrap.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# Commands run by Docker when building the docker container with PTF framework
+#
+#
+echo "docker-ptf" > /etc/hostname
+apt-get update
+apt-get upgrade -y
+apt-get install -y python git sudo locate vim #libgmp3-dev:i386
+cd /root
+git clone https://github.com/spinfoo/ptf.git
+cd ptf
+git checkout docker
+git pull origin docker
+echo -en "use modules/install_update_all\nyes\n" | python ptf
+echo
+echo
+echo "** DONE **"
+echo "PTF is built and ready to use."
+exit 0

config/ptf.config

@@ -5,6 +5,9 @@
 ### This is the base directory where PTF will install the files
 BASE_INSTALL_PATH="/pentest"
 
+### Place tools in organizational directories (e.g. exploitation, intelligence-gathering, etc). If set to "False", all tools will be installed in the BASE_INSTALL_PATH
+USE_DIRECTORY_ORGANIZATION="True"
+
 ### Specify the output log file
 LOG_PATH="src/logs/ptf.log"
 
@@ -13,3 +16,9 @@ AUTO_UPDATE="ON"
 
 ### This will ignore modules and not install them - everything is comma separated and based on name - example: modules/exploitation/metasploit,modules/exploitation/set or entire module categories, like /modules/code-audit/*,/modules/reporting/*
 IGNORE_THESE_MODULES=""
+
+### This will only install specific modules that are specified here - example: modules/exploitation/metasploit,modules/exploitation/set. You can also do entire directories by doing /modules/code-audit/*
+INCLUDE_ONLY_THESE_MODULES=""
+
+### Ignore these modules when installing install_update_all by default. These are usually applications that are either large in nature, open ports, or install things (like TOR). This will only be an issue when you run install_update_all, you can still install these manually.
+IGNORE_UPDATE_ALL_MODULES="modules/pivoting/iodine,modules/exploitation/kingphisher,modules/av-bypass/veil-framework,modules/av-bypass/shellter,modules/exploitation/fuzzbunch,modules/wireless/ghost-phisher,modules/exploitation/davtest,modules/exploitation/fuzzbunch.py,modules/exploitation/davtest"

modules/av-bypass/backdoorfactory.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 #####################################
-# Installation module for backdoo factory
+# Installation module for backdoor factory
 #####################################
 
 # AUTHOR OF MODULE NAME

modules/av-bypass/veil-framework.py

@@ -7,7 +7,7 @@
 AUTHOR="Nick Dyer"
 
 # DESCRIPTION OF THE MODULE
-DESCRIPTION="This module will install/update Veil-Framework"
+DESCRIPTION="This module will install/update Veil 3"
 
 # INSTALL TYPE GIT, SVN, FILE DOWNLOAD
 # OPTIONS = GIT, SVN, FILE
@@ -20,16 +20,13 @@
 INSTALL_LOCATION="veil-framework"
 
 # DEPENDS FOR DEBIAN INSTALLS
-DEBIAN="git python-pycryptopp python-capstone wine"
-
-# DEPENDS FOR FEDORA INSTALLS
-FEDORA="python-pycryptopp python-capstone"
+DEBIAN="git"
 
 # COMMANDS TO RUN AFTER
-AFTER_COMMANDS="cd {INSTALL_LOCATION}, ./Install.sh -c, ln -s {INSTALL_LOCATION}Veil-Evasion/Veil-Evasion.py /usr/local/bin/Veil-Evasion, ln -s {INSTALL_LOCATION}Veil-Catapult/Veil-Catapult.py /usr/local/bin/Veil-Catapult, ln -s {INSTALL_LOCATION}veil-framework/Veil-Pillage/Veil-Pillage.py /usr/local/bin/Veil-Pillage, ln -s {INSTALL_LOCATION}veil-framework/Veil-Ordnance/Veil-Ordnance.py /usr/local/bin/Veil-Ordnance"
+AFTER_COMMANDS="cd {INSTALL_LOCATION}config,./setup.sh -s, ln -s {INSTALL_LOCATION}Veil.py /usr/local/bin/veil "
 
 # THIS WILL CREATE AN AUTOMATIC LAUNCHER FOR THE TOOL
-LAUNCHER=""
+LAUNCHER="Veil.py"
 
 # PREREQ INSTALL MODULES NEEDED FOR THIS TOOL TO WORK PROPERLY
-TOOL_DEPEND="modules/exploitation/framework/metasploit"
+TOOL_DEPEND="modules/exploitation/metasploit"

modules/code-audit/splint.py

@@ -20,10 +20,10 @@
 INSTALL_LOCATION="splint"
 
 # DEPENDS FOR DEBIAN INSTALLS
-DEBIAN="gcc,make -j4,gzip,tar,automake,flex"
+DEBIAN="gcc,make,gzip,tar,automake,flex"
 
 # DEPENDS FOR FEDORA INSTALLS
-FEDORA="gcc,make -j4,gzip,tar,automake,flex-devel"
+FEDORA="gcc,make,gzip,tar,automake,flex-devel"
 
 # COMMANDS TO RUN AFTER
 AFTER_COMMANDS="cd {INSTALL_LOCATION},tar xzf splint-3.1.2.src.tgz -C {INSTALL_LOCATION},mv -f splint-3.1.2/* ./,rm *.tgz,rm -rf splint-3.1.2,cd {INSTALL_LOCATION},./configure,make -j4,make install"

modules/exploitation/autosploit.py

@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+#####################################
+# Installation module for AUTOSPLOIT
+#####################################
+
+# AUTHOR OF MODULE NAME
+AUTHOR="David Kennedy (ReL1K)"
+
+# DESCRIPTION OF THE MODULE
+DESCRIPTION="This module will install/update the AutoSploit - Automated Exploitation via Shodan and Metasploit"
+
+# INSTALL TYPE GIT, SVN, FILE DOWNLOAD
+# OPTIONS = GIT, SVN, FILE
+INSTALL_TYPE="GIT"
+
+# LOCATION OF THE FILE OR GIT/SVN REPOSITORY
+REPOSITORY_LOCATION="https://github.com/NullArray/AutoSploit"
+
+# WHERE DO YOU WANT TO INSTALL IT
+INSTALL_LOCATION="autosploit"
+
+# DEPENDS FOR DEBIAN INSTALLS
+DEBIAN="git,python-pip"
+
+# DEPENDS FOR FEDORA INSTALLS
+FEDORA="git,python-pip"
+
+# COMMANDS TO RUN AFTER
+AFTER_COMMANDS="pip install shodan blessing,pip install -r {INSTALL_LOCATION}requirements.txt,cd {INSTALL_LOCATION},./install.sh"
+
+# THIS WILL CREATE AN AUTOMATIC LAUNCHER FOR THE TOOL
+LAUNCHER="autosploit"
+
+# PREREQ INSTALL MODULES NEEDED FOR THIS TOOL TO WORK PROPERLY
+TOOL_DEPEND="modules/exploitation/metasploit"
+

modules/exploitation/burp.py

@@ -26,7 +26,7 @@
 FEDORA="java-1.8.0-openjdk"
 
 # COMMANDS TO RUN AFTER
-AFTER_COMMANDS="cd {INSTALL_LOCATION},echo #!/bin/sh > burp.sh,echo java -jar burp.jar >> burp.sh,chmod +x burp.sh,mv DownloadUpdate.ashx?Product=Free burp.jar"
+AFTER_COMMANDS="cd {INSTALL_LOCATION},echo #!/bin/sh > burp.sh,echo java -jar {INSTALL_LOCATION}burp.jar >> burp.sh,chmod +x burp.sh,mv DownloadUpdate.ashx?Product=Free burp.jar"
 
 # THIS WILL CREATE AN AUTOMATIC LAUNCHER FOR THE TOOL
 LAUNCHER="burp"