Merge branch 'dev' into main

sources/assets/bloodhound/customqueries.json

@@ -1039,7 +1039,7 @@
 			"queryList": [
 				{
 					"final": true,
-					"query": "MATCH p=(u:User {enabled, TRUE, plaintext: TRUE})-[:MemberOf*1..]->(g:Group {highvalue: TRUE}) RETURN p",
+					"query": "MATCH p=(u:User {enabled: TRUE, plaintext: TRUE})-[:MemberOf*1..]->(g:Group {highvalue: TRUE}) RETURN p",
 					"allowCollapse": true
 				}
 			]

sources/assets/shells/aliases.d/_init

@@ -3,9 +3,12 @@ alias l='ls -alh'
 alias ip='grc ip'
 alias ipa='ip --brief --color a'
 alias ipr='ip --brief --color r'
-alias urlencode='python -c "import sys, urllib as ul; print ul.quote_plus(sys.argv[1])"'
-alias urldecode='python -c "import sys, urllib as ul; print ul.unquote_plus(sys.argv[1])"'
-alias sed-empty-line='sed /^$/d'
+alias ncvz="nc -vzw2"
+alias urlencode='python3 -c "import sys; from urllib.parse import quote; print(quote(sys.argv[1], safe=\"\"))"'
+alias urldecode='python3 -c "import sys; from urllib.parse import unquote; print(unquote(sys.argv[1]))"'
+alias sed-empty-line='sed "/^\s*$/d"'
+alias sed-comment-line='sed -E "/^\s*([#;]|\/\/).*$/d"'
 alias http-put-server='python3 /opt/resources/linux/http-put-server.py --bind 0.0.0.0'
 alias ws='cd /workspace'
-alias systemctl="echo 'Systemctl cannot be used inside the container. Please use the \"service\" command instead.' && false"
+alias systemctl="echo 'Systemctl cannot be used inside the container. Please use the \"service\" command instead.' && false"
+alias history-dump='history -E | tail -n +$(($(history | grep "# -=-=-=-=-=-=-=- YOUR COMMANDS BELOW -=-=-=-=-=-=-=- #" | grep -v "grep" | tail -n1 | cut -d "#" -f1 | tr -d " ") + 1))'

sources/assets/shells/aliases.d/binwalk

@@ -0,0 +1 @@
+alias binwalk='binwalk --run-as=root'

sources/assets/shells/aliases.d/proxychains

@@ -1,2 +1,3 @@
 alias proxychains4='proxychains4 '
 alias proxychains='proxychains4 '
+alias pc="proxychains"

sources/assets/shells/aliases.d/spiderfoot

@@ -1,4 +1,4 @@
 alias sfcli.py='/opt/tools/spiderfoot/venv/bin/python3 /opt/tools/spiderfoot/sfcli.py'
-alias sf.py='/opt/tools/spiderfoot/venv/bin/python3 /opt/tools/spiderfoot/sf.py'
+function sf.py { (cd /opt/tools/spiderfoot && ./venv/bin/python3 ./sf.py "$@") }
 alias spiderfoot='sf.py'
 alias spiderfoot-cli='sfcli.py'

sources/assets/shells/aliases.d/uploader

@@ -0,0 +1 @@
+alias uploader='/opt/tools/uploader/venv/bin/python3 /opt/tools/uploader/uploader.py'

sources/assets/shells/history.d/conpass

@@ -0,0 +1 @@
+conpass -d "$DOMAIN" -u "$USER" -p "$PASSWORD" -P /tmp/passwords.txt

sources/assets/shells/history.d/faketime

@@ -1 +1,2 @@
 faketime '2022-01-31 22:05:35' zsh
+faketime "$(date +'%Y-%m-%d') $(net time -S $DC_IP | awk '{print $4}')"

sources/assets/shells/history.d/jsluice

@@ -0,0 +1,3 @@
+jsluice urls https://$TARGET
+jsluice secrets https://$TARGET
+jsluice tree https://$TARGET

sources/assets/shells/history.d/katana

@@ -0,0 +1,4 @@
+katana -u https://$TARGET
+katana -u https://$TARGET,https://$TARGET
+katana -list url_list.txt
+katana -u https://$TARGET -headless -no-incognito

sources/assets/shells/history.d/uberfile

@@ -1 +1 @@
-uberfile --lhost $TARGET --lport $PORT --target-os linux --downloader python --input-file LinEnum.sh --output-file /tmp/linenum.sh
+uberfile --lhost $TARGET --lport $PORT --target-os linux --command python --input-file LinEnum.sh --output-file /tmp/linenum.sh

sources/assets/shells/history.d/uploader

@@ -0,0 +1,2 @@
+uploader --port 8081 -f /opt/resources/linux/linPEAS/linpeas.sh --os linux -p 8080 --payload Wget
+uploader --port 8081 -f /opt/resources/windows/mimikatz/x64/mimikatz.exe --os windows -p 8080 --payload Iwr -o imfile.exe

sources/install/package_ad.sh

@@ -440,14 +440,11 @@ function install_pypykatz() {
     colorecho "Installing pypykatz"
     # without following fix, tool raises "oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto"
     # see https://github.com/wbond/oscrypto/issues/78 and https://github.com/wbond/oscrypto/issues/75
-    local temp_fix_limit="2024-05-20"
+    local temp_fix_limit="2024-06-20"
     if [[ "$(date +%Y%m%d)" -gt "$(date -d $temp_fix_limit +%Y%m%d)" ]]; then
       criticalecho "Temp fix expired. Exiting."
     else
-      # git -C /opt/tools/ clone --depth 1 https://github.com/skelsec/pypykatz
-      git -C /opt/tools/ clone https://github.com/skelsec/pypykatz
-      # https://github.com/skelsec/pypykatz/issues/153
-      git -C /opt/tools/pypykatz checkout c91dcdc09289ad2e93c475e7c640d0f90906a7c0
+       git -C /opt/tools/ clone --depth 1 https://github.com/skelsec/pypykatz
       cd /opt/tools/pypykatz || exit
       python3 -m venv --system-site-packages ./venv
       source ./venv/bin/activate
@@ -682,7 +679,7 @@ function install_pygpoabuse() {
     pip3 install -r requirements.txt
     # without following fix, tool raises "oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto"
     # see https://github.com/wbond/oscrypto/issues/78 and https://github.com/wbond/oscrypto/issues/75
-    local temp_fix_limit="2024-05-20"
+    local temp_fix_limit="2024-06-20"
     if [[ "$(date +%Y%m%d)" -gt "$(date -d $temp_fix_limit +%Y%m%d)" ]]; then
       criticalecho "Temp fix expired. Exiting."
     else
@@ -785,7 +782,7 @@ function install_pkinittools() {
     pip3 install -r requirements.txt
     # without following fix, tool raises "oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto"
     # see https://github.com/wbond/oscrypto/issues/78 and https://github.com/wbond/oscrypto/issues/75
-    local temp_fix_limit="2024-05-20"
+    local temp_fix_limit="2024-06-20"
     if [[ "$(date +%Y%m%d)" -gt "$(date -d $temp_fix_limit +%Y%m%d)" ]]; then
       criticalecho "Temp fix expired. Exiting."
     else
@@ -967,7 +964,7 @@ function install_ldaprelayscan() {
     pip3 install -r requirements.txt
     # without following fix, tool raises "oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto"
     # see https://github.com/wbond/oscrypto/issues/78 and https://github.com/wbond/oscrypto/issues/75
-    local temp_fix_limit="2024-05-20"
+    local temp_fix_limit="2024-06-20"
     if [[ "$(date +%Y%m%d)" -gt "$(date -d $temp_fix_limit +%Y%m%d)" ]]; then
       criticalecho "Temp fix expired. Exiting."
     else
@@ -1366,6 +1363,15 @@ function install_sccmwtf() {
     add-to-list "sccmwtf,https://github.com/xpn/sccmwtf,This code is designed for exploring SCCM in a lab."
 }
 
+function install_conpass() {
+    # CODE-CHECK-WHITELIST=add-aliases
+    colorecho "Installing conpass"
+    pipx install --system-site-packages git+https://github.com/login-securite/conpass
+    add-history conpass
+    add-test-command "conpass --help"
+    add-to-list "conpass,https://github.com/login-securite/conpass,Python tool for continuous password spraying taking into account the password policy."
+}
+
 # Package dedicated to internal Active Directory tools
 function package_ad() {
     set_env
@@ -1469,6 +1475,7 @@ function package_ad() {
     install_sccmhunter             # SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.
     install_sccmwtf                # This code is designed for exploring SCCM in a lab.
     install_asrepcatcher           # Active Directory ASREP roasting tool that catches ASREP for users in the same VLAN whether they require pre-authentication or not
+    install_conpass                # Python tool for continuous password spraying taking into account the password policy.
     end_time=$(date +%s)
     local elapsed_time=$((end_time - start_time))
     colorecho "Package ad completed in $elapsed_time seconds."

sources/install/package_forensic.sh

@@ -6,28 +6,34 @@ source common.sh
 function install_forensic_apt_tools() {
     # CODE-CHECK-WHITELIST=add-aliases
     colorecho "Installing forensic apt tools"
-    fapt pst-utils binwalk foremost testdisk fdisk sleuthkit
+    fapt pst-utils foremost testdisk fdisk sleuthkit
 
-    add-history binwalk
     add-history foremost
     add-history testdisk
     add-history fdisk
 
     add-test-command "pst2ldif -V"      # Reads a PST and prints the tree structure to the console
-    add-test-command "binwalk --help"   # Tool to find embedded files
     add-test-command "foremost -V"      # Alternative to binwalk
     add-test-command "testdisk --help"  # Recover lost partitions
     add-test-command "fdisk --help"     # Creating and manipulating disk partition table
     add-test-command "blkcalc -V"       # Collection of command line tools that allow you to investigate disk images
 
     add-to-list "pst-utils,https://manpages.debian.org/jessie/pst-utils/readpst.1,pst-utils is a set of tools for working with Outlook PST files."
-    add-to-list "binwalk,https://github.com/ReFirmLabs/binwalk,Binwalk is a tool for analyzing / reverse engineering / and extracting firmware images."
     add-to-list "foremost,https://doc.ubuntu-fr.org/foremost,Foremost is a forensic tool for recovering files based on their headers / footers / and internal data structures."
     add-to-list "testdisk,https://github.com/cgsecurity/testdisk,Partition recovery and file undelete utility"
     add-to-list "fdisk,https://github.com/karelzak/util-linux,Collection of basic system utilities / including fdisk partitioning tool"
     add-to-list "sleuthkit,https://github.com/sleuthkit/sleuthkit,Forensic toolkit to analyze volume and file system data"
 }
 
+function install_binwalk() {
+    colorecho "Installing binwalk"
+    fapt squashfs-tools binwalk
+    add-aliases binwalk
+    add-history binwalk
+    add-test-command "binwalk --help"
+    add-to-list "binwalk,https://github.com/ReFirmLabs/binwalk,Binwalk is a tool for analyzing / reverse engineering / and extracting firmware images."
+}
+
 function install_volatility2() {
     colorecho "Installing volatility"
     fapt pcregrep yara libjpeg-dev zlib1g-dev
@@ -119,6 +125,7 @@ function package_forensic() {
     local end_time
     start_time=$(date +%s)
     install_forensic_apt_tools
+    install_binwalk                 # Tool to find embedded files
     install_volatility2             # Memory analysis tool
     install_volatility3             # Memory analysis tool v2
     install_trid                    # filetype detection tool

sources/install/package_misc.sh

@@ -185,6 +185,20 @@ function install_creds() {
     add-to-list "creds,https://github.com/ihebski/DefaultCreds-cheat-sheet,One place for all the default credentials to assist pentesters during an engagement. This document has several products default login/password gathered from multiple sources."
 }
 
+function install_uploader() {
+    colorecho "Installing Uploader"
+    git -C /opt/tools/ clone --depth 1 https://github.com/Frozenka/uploader.git 
+    cd /opt/tools/uploader || exit
+    python3 -m venv --system-site-package ./venv
+    source ./venv/bin/activate
+    pip install -r requirements.txt
+    deactivate
+    add-aliases uploader
+    add-history uploader
+    add-test-command "uploader --help"
+    add-to-list "uploader,https://github.com/Frozenka/uploader,Tool for quickly downloading files to a remote machine based on the target operating system"
+}
+
 # Package dedicated to offensive miscellaneous tools
 function package_misc() {
     set_env
@@ -205,6 +219,7 @@ function package_misc() {
     install_yt-dlp          # A youtube-dl fork with additional features and fixes
     install_cyberchef       # A web based toolbox
     install_creds           # A default credentials vault
+    install_uploader        # uploader for fast file upload
     end_time=$(date +%s)
     local elapsed_time=$((end_time - start_time))
     colorecho "Package misc completed in $elapsed_time seconds."

sources/install/package_mobile.sh

@@ -86,20 +86,18 @@ function install_objection() {
 function install_androguard() {
     # CODE-CHECK-WHITELIST=add-aliases
     colorecho "Installing androguard"
-    # androguard not installing on ARM64 (https://github.com/androguard/androguard/issues/1027), skipping temporarily
-    local temp_fix_limit="2024-05-20"
+    pipx install --system-site-packages androguard
+    # https://github.com/androguard/androguard/issues/1060
+    local temp_fix_limit="2024-07-07"
     if [[ "$(date +%Y%m%d)" -gt "$(date -d $temp_fix_limit +%Y%m%d)" ]]; then
-      criticalecho "Temp fix expired. Exiting." # check if issue was resolved by androguard team
-    fi
-    if [[ $(uname -m) = 'x86_64' ]]
-    then
-        pipx install --system-site-packages androguard
-        add-history androguard
-        add-test-command "androguard --version"
-        add-to-list "androguard,https://github.com/androguard/androguard,Reverse engineering and analysis of Android applications"
+      criticalecho "Temp fix expired. Exiting."
     else
-        criticalecho-noexit "This installation function doesn't support architecture $(uname -m)" && return
+      rm -rf /root/.local/share/pipx/venvs/androguard/lib/python3.*/site-packages/oscrypto*
+      pipx inject androguard git+https://github.com/wbond/oscrypto@master
     fi
+    add-history androguard
+    add-test-command "androguard --version"
+    add-to-list "androguard,https://github.com/androguard/androguard,Reverse engineering and analysis of Android applications"
 }
 
 function install_mobsf() {
@@ -110,7 +108,7 @@ function install_mobsf() {
     cd /opt/tools/MobSF || exit
     # pipx --preinstall git+https://github.com/MobSF/yara-python-dex.git /opt/tools/MobSF would be needed for ARM64
     #  in the mean time, switching to manual venv and an alias for mobsf
-    local temp_fix_limit="2024-05-20"
+    local temp_fix_limit="2024-06-20"
     if [[ "$(date +%Y%m%d)" -gt "$(date -d $temp_fix_limit +%Y%m%d)" ]]; then
       criticalecho "Temp fix expired. Exiting." # check if pipx supports preinstall now
     else

sources/install/package_osint.sh

@@ -364,6 +364,7 @@ function install_pwndb() {
     python3 -m venv --system-site-packages ./venv
     source ./venv/bin/activate
     pip3 install -r requirements.txt
+    pip3 install -U pysocks
     deactivate
     add-aliases pwndb
     add-history pwndb

sources/install/package_reverse.sh

@@ -69,7 +69,6 @@ function install_checksec-py() {
     python3 -m venv --system-site-packages ./venv
     source ./venv/bin/activate
     pip install .
-    pip install --upgrade lief==0.13.2
     deactivate
     add-aliases checksec
     add-history checksec

sources/install/package_web.sh

@@ -402,7 +402,7 @@ function install_oneforall() {
     git -C /opt/tools/ clone --depth 1 https://github.com/shmilylty/OneForAll.git
     cd /opt/tools/OneForAll || exit
     # https://github.com/shmilylty/OneForAll/pull/340
-    local temp_fix_limit="2024-05-20"
+    local temp_fix_limit="2024-06-20"
     if [[ "$(date +%Y%m%d)" -gt "$(date -d $temp_fix_limit +%Y%m%d)" ]]; then
       criticalecho "Temp fix expired. Exiting."
     else
@@ -846,6 +846,47 @@ function install_sslscan() {
     add-to-list "sslscan,https://github.com/rbsec/sslscan,a tool for testing SSL/TLS encryption on servers"
 }
 
+function install_jsluice() {
+    # CODE-CHECK-WHITELIST=add-aliases
+    colorecho "Installing jsluice"
+    go install -v github.com/BishopFox/jsluice/cmd/jsluice@latest
+    asdf reshim golang
+    add-history jsluice
+    add-test-command "jsluice --help"
+    add-to-list "jsluice,https://github.com/BishopFox/jsluice,Extract URLs / paths / secrets and other interesting data from JavaScript source code."
+}
+
+function install_katana() {
+    # CODE-CHECK-WHITELIST=add-aliases
+    colorecho "Installing katana"
+    go install -v github.com/projectdiscovery/katana/cmd/katana@latest
+    asdf reshim golang
+    add-history katana
+    add-test-command "katana --help"
+    add-to-list "katana,https://github.com/projectdiscovery/katana,A next-generation crawling and spidering framework."
+}
+
+function install_postman() {
+    # CODE-CHECK-WHITELIST=add-aliases
+    colorecho "Installing Postman"
+    local archive_name
+    if [[ $(uname -m) = 'x86_64' ]]; then
+        archive_name="linux_64"
+    elif [[ $(uname -m) = 'aarch64' ]]; then
+        archive_name="linux_arm64"
+    fi
+    curl -L "https://dl.pstmn.io/download/latest/${archive_name}" -o /tmp/postman.tar.gz
+    tar -xf /tmp/postman.tar.gz --directory /tmp
+    rm /tmp/postman.tar.gz
+    mv /tmp/Postman /tmp/postman
+    mv /tmp/postman /opt/tools/postman
+    ln -s /opt/tools/postman/app/Postman /opt/tools/bin/postman
+    fapt libsecret-1-0
+    add-history postman
+    add-test-command "which postman"
+    add-to-list "postman,https://www.postman.com/,API platform for testing APIs"
+}
+
 # Package dedicated to applicative and active web pentest tools
 function package_web() {
     set_env
@@ -922,29 +963,10 @@ function package_web() {
     install_soapui                  # SoapUI is an open-source web service testing application for SOAP and REST
     install_sqlmap                  # SQL injection scanner
     install_sslscan                 # SSL/TLS scanner
+    install_jsluice                 # Extract URLs, paths, secrets, and other interesting data from JavaScript source code
+    install_katana                  # A next-generation crawling and spidering framework
     install_postman                 # Postman - API platform for testing APIs
     end_time=$(date +%s)
     local elapsed_time=$((end_time - start_time))
     colorecho "Package web completed in $elapsed_time seconds."
 }
-
-function install_postman() {
-    # CODE-CHECK-WHITELIST=add-aliases
-    colorecho "Installing Postman"
-    local archive_name
-    if [[ $(uname -m) = 'x86_64' ]]; then
-        archive_name="linux_64"
-    elif [[ $(uname -m) = 'aarch64' ]]; then
-        archive_name="linux_arm64"
-    fi
-    curl -L "https://dl.pstmn.io/download/latest/${archive_name}" -o /tmp/postman.tar.gz
-    tar -xf /tmp/postman.tar.gz --directory /tmp
-    rm /tmp/postman.tar.gz
-    mv /tmp/Postman /tmp/postman
-    mv /tmp/postman /opt/tools/postman
-    ln -s /opt/tools/postman/app/Postman /opt/tools/bin/postman
-    fapt libsecret-1-0
-    add-history postman
-    add-test-command "which postman"
-    add-to-list "postman,https://www.postman.com/,API platform for testing APIs"
-}

sources/install/package_wifi.sh

@@ -26,12 +26,13 @@ function install_wifi_apt_tools() {
 }
 
 function install_pyrit() {
+    # CODE-CHECK-WHITELIST=add-aliases
     colorecho "Installing pyrit"
     # can't install with python3/python2 with latest changes.
     # steps to remove temp fix:
     #  1. try to install pyrit with git clone + venv + setup.py install with python2 or 3 (without the git patch)
     #  2. if it works, remove the temp fix (and probably the patch as well)
-    local temp_fix_limit="2024-05-20"
+    local temp_fix_limit="2024-06-20"
     if [ "$(date +%Y%m%d)" -gt "$(date -d $temp_fix_limit +%Y%m%d)" ]; then
       criticalecho "Temp fix expired. Exiting."
     else
@@ -53,7 +54,8 @@ function install_pyrit() {
     python2 setup.py build
     python2 setup.py install
     deactivate
-    add-aliases pyrit
+    # Copy the binary because Wifite can't find it with a symlink - https://github.com/ThePorgs/Development/issues/183
+    cp ./venv/bin/pyrit /opt/tools/bin/
     add-history pyrit
     add-test-command "pyrit help"
     add-to-list "pyrit,https://github.com/JPaulMora/Pyrit,Python-based WPA/WPA2-PSK attack tool."

sources/install/package_wordlists.sh

@@ -36,7 +36,7 @@ function install_cewler() {
     colorecho "Installing cewler"
     pipx install --system-site-packages cewler
     # https://github.com/roys/cewler/pull/5
-    local temp_fix_limit="2024-06-01"
+    local temp_fix_limit="2024-06-20"
     if [[ "$(date +%Y%m%d)" -gt "$(date -d $temp_fix_limit +%Y%m%d)" ]]; then
       criticalecho "Temp fix expired. Exiting."
     else