Preparing for the next release

sources/assets/zsh/aliases.d/burpsuite

@@ -1 +1,2 @@
 alias BurpSuiteCommunity='java -jar -Xmx4g /opt/tools/BurpSuiteCommunity/BurpSuiteCommunity.jar'
+alias burpsuite=BurpSuiteCommunity

sources/assets/zsh/aliases.d/ysoserial

@@ -1 +1 @@
-alias ysoserial='java -jar /opt/tools/ysoserial/ysoserial.jar'
+alias ysoserial='JAVA_HOME=/usr/lib/jvm/java-11-openjdk java -jar /opt/tools/ysoserial/ysoserial.jar'

sources/assets/zsh/history.d/gf

@@ -0,0 +1,2 @@
+gf php-sources
+gf -save php-serialized -HnrE '(a:[0-9]+:{|O:[0-9]+:"|s:[0-9]+:")'

sources/assets/zsh/zshrc

@@ -14,6 +14,8 @@ plugins=(docker docker-compose zsh-syntax-highlighting zsh-completions zsh-autos
 
 source $ZSH/oh-my-zsh.sh
 
+source /usr/local/rvm/scripts/rvm
+
 function prompt_char {
   if [ $UID -eq 0 ]; then echo "#"; else echo $; fi
 }

sources/install/common.sh

@@ -78,11 +78,17 @@ function fapt-history-aliases() {
 }
 
 function set_go_env() {
-    colorecho "Setting environment variables for installation"
+    colorecho "Setting golang environment variables for installation"
     export GO111MODULE=on
     export PATH=$PATH:/usr/local/go/bin:/root/.local/bin
 }
 
+function set_ruby_env() {
+    colorecho "Setting ruby environment variables for installation"
+    source /usr/local/rvm/scripts/rvm
+    rvm --default use 3.0.0
+}
+
 function install_pipx_git_tool() {
     colorecho "Installing $2 with pipx"
     python3 -m pipx install $1

sources/install/package_ad.sh

@@ -862,7 +862,7 @@ function install_bqm() {
     gem install bqm --no-wrapper
     add-history bqm
     add-test-command "bqm --help"
-    add-to-list "bqm,https://github.com/Acceis/bqm"
+    add-to-list "bqm,https://github.com/Acceis/bqm,Tool to deduplicate custom BloudHound queries from different datasets and merge them in one file."
 }
 
 function install_neo4j() {
@@ -896,6 +896,7 @@ function install_noPac() {
 function package_ad() {
     install_ad_apt_tools
     set_go_env
+    set_ruby_env
     install_responder               # LLMNR, NBT-NS and MDNS poisoner
     install_ldapdomaindump
     install_crackmapexec            # Network scanner

sources/install/package_base.sh

@@ -111,6 +111,15 @@ function install_firefox() {
     add-history firefox
     add-test-command "file /root/.mozilla/firefox/*.Exegol"
     add-test-command "firefox --version"
+    add-to-list "firefox,https://www.mozilla.org,A web browser"
+}
+
+function install_rvm() {
+    gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
+    curl -sSL https://get.rvm.io | bash -s stable --ruby
+    source /usr/local/rvm/scripts/rvm
+    gem update
+    add-test-command "rvm --help"
 }
 
 function install_ohmyzsh() {
@@ -159,7 +168,9 @@ function install_mdcat() {
     colorecho "Installing mdcat"
     cargo install mdcat
     source "$HOME/.cargo/env"
+    add-history mdcat
     add-test-command "mdcat --version"
+    add-to-list "mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown"
 }
 
 function install_gf() {
@@ -173,8 +184,10 @@ function install_gf() {
     cp -r /opt/tools/Gf-Patterns/*.json ~/.gf
     # Remove repo to save space
     rm -r /opt/tools/Gf-Patterns
+    add-history gf
     add-test-command "gf --list"
     add-test-command "ls ~/.gf | grep 'redirect.json'"
+    add-to-list "gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns"
 }
 
 function post_install() {
@@ -207,14 +220,15 @@ function package_base() {
     python-setuptools python3-setuptools npm gem automake autoconf make cmake time gcc g++ file lsof \
     less x11-apps net-tools vim nano jq iputils-ping iproute2 tidy mlocate libtool \
     dos2unix ftp sshpass telnet nfs-common ncat netcat-traditional socat rdate putty \
-    screen p7zip-full p7zip-rar unrar xz-utils xsltproc parallel tree ruby ruby-dev bundler \
+    screen p7zip-full p7zip-rar unrar xz-utils xsltproc parallel tree ruby ruby-dev ruby-full bundler \
     nim perl openjdk-17-jre openjdk-11-jre openjdk-11-jdk-headless openjdk-17-jdk-headless openjdk-11-jdk openjdk-17-jdk openvpn openresolv logrotate tmux tldr bat python3-pyftpdlib libxml2-utils \
     virtualenv chromium libsasl2-dev python-dev libldap2-dev libssl-dev isc-dhcp-client sqlite3
 
     fapt-history dnsutils samba ssh snmp faketime
     fapt-aliases php python3 grc emacs-nox xsel fzf
 
     install_rust_cargo
+    install_rvm                                         # Ruby Version Manager
 
     ln -s -v /usr/lib/jvm/java-11-openjdk-* /usr/lib/jvm/java-11-openjdk    # To avoid determining the correct path based on the architecture
     ln -s -v /usr/lib/jvm/java-17-openjdk-* /usr/lib/jvm/java-17-openjdk    # To avoid determining the correct path based on the architecture

sources/install/package_c2.sh

@@ -21,6 +21,10 @@ function install_metasploit() {
     ./msfinstall
     cd /tmp
     rm -rf /tmp/metasploit_install
+    gem list
+    echo "gem 'mini_portile2', '~> 2.8', '>= 2.8.4'" >> /opt/metasploit-framework/embedded/framework/Gemfile
+    ln -s /bin/mkdir /usr/bin/mkdir
+    bundle install --gemfile /opt/metasploit-framework/embedded/framework/Gemfile
     add-aliases msfconsole
     add-history msfconsole
     add-test-command "msfconsole --help"
@@ -52,11 +56,13 @@ function install_sliver() {
     add-history sliver
     add-test-command "sliver-server help"
     add-test-command "sliver-client help"
+    add-to-list "sliver,https://github.com/BishopFox/sliver.git,Open source / cross-platform and extensible C2 framework"
 }
 
 # Package dedicated to command & control frameworks
 function package_c2() {
     set_go_env
+    set_ruby_env
     # install_empire                # Exploit framework FIXME
     # install_starkiller            # GUI for Empire, commenting while Empire install is not fixed
     install_pwncat                  # netcat and rlwrap on steroids to handle revshells, automates a few things too
@@ -66,5 +72,6 @@ function package_c2() {
 }
 
 function package_c2_configure() {
-    configure_metasploit
+    echo "Package C2 configure"
+    # configure_metasploit
 }

sources/install/package_cloud.sh

@@ -94,6 +94,7 @@ function install_cloudmapper() {
 
 # Package dedicated to cloud tools
 function package_cloud() {
+    set_ruby_env
     install_kubectl
     install_awscli
     install_scout       # Multi-Cloud Security Auditing Tool

sources/install/package_code_analysis.sh

@@ -31,6 +31,7 @@ function install_semgrep() {
 
 # Package dedicated to SAST and DAST tools
 function package_code_analysis() {
+    set_ruby_env
     install_vulny-code-static-analysis
     install_brakeman		            # Checks Ruby on Rails applications for security vulnerabilities
     install_semgrep                     # Static analysis engine for finding bugs and vulnerabilities

sources/install/package_cracking.sh

@@ -50,7 +50,7 @@ function install_haiti() {
     gem install haiti-hash
     add-history haiti
     add-test-command "haiti --help"
-    add-to-list "haiti,https://github.com/noraj/haiti is a A CLI tool (and library) to identify hash types (hash type identifier)."
+    add-to-list "haiti,https://github.com/noraj/haiti,haiti is a A CLI tool (and library) to identify hash types (hash type identifier)."
 }
 
 function install_geowordlists() {
@@ -63,6 +63,7 @@ function install_geowordlists() {
 
 # Package dedicated to offline cracking/bruteforcing tools
 function package_cracking() {
+    set_ruby_env
     install_cracking_apt_tools
     install_john                    # Password cracker
     install_name-that-hash          # Name-That-Hash, the hash identifier tool

sources/install/package_crypto.sh

@@ -28,6 +28,7 @@ function install_rsactftool() {
 
 # Package dedicated to attack crypto
 function package_crypto() {
+    set_ruby_env
     install_rsactftool              # attack rsa
     install_tls-map                 # CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL, GnuTLS, NSS
 }

sources/install/package_forensic.sh

@@ -97,6 +97,7 @@ function install_jadx() {
 
 # Package dedicated to forensic tools
 function package_forensic() {
+    set_ruby_env
     install_forensic_apt_tools
     install_volatility2             # Memory analysis tool
     install_volatility3             # Memory analysis tool v2

sources/install/package_iot.sh

@@ -18,5 +18,6 @@ function install_iot_apt_tools() {
 
 # Package dedicated to IoT tools
 function package_iot() {
+    set_ruby_env
     install_iot_apt_tools
 }

sources/install/package_misc.sh

@@ -131,6 +131,7 @@ function install_objectwalker() {
 # Package dedicated to offensive miscellaneous tools
 function package_misc() {
     set_go_env
+    set_ruby_env
     install_misc_apt_tools
     install_goshs           # Web uploader/downloader page
     install_searchsploit    # Exploitdb local search engine

sources/install/package_mobile.sh

@@ -72,6 +72,7 @@ function install_androguard() {
 
 # Package dedicated to mobile apps pentest tools
 function package_mobile() {
+    set_ruby_env
     install_mobile_apt_tools
     install_smali
     install_dex2jar

sources/install/package_most_used.sh

@@ -54,6 +54,7 @@ function install_most_used_apt_tools() {
 # Package dedicated to most used offensive tools
 function package_most_used() {
     set_go_env
+    set_ruby_env
     install_most_used_apt_tools
     install_searchsploit            # Exploitdb local search engine
     install_metasploit              # Offensive framework

sources/install/package_network.sh

@@ -7,6 +7,7 @@ function install_network_apt_tools() {
     export DEBIAN_FRONTEND=noninteractive
     fapt wireshark tshark hping3 masscan netdiscover tcpdump iptables traceroute dns2tcp freerdp2-x11 \
     rdesktop xtightvncviewer ssh-audit hydra mariadb-client redis-tools
+    fapt remmina remmina-plugin-rdp remmina-plugin-secret remmina-plugin-spice
 
     add-history wireshark
     add-history tshark
@@ -36,12 +37,13 @@ function install_network_apt_tools() {
     add-test-command "hydra -h |& grep 'more command line options'" # Login scanner
     add-test-command "mariadb --version"                            # Mariadb client
     add-test-command "redis-cli --version"                          # Redis protocol
+    add-test-command "remmina --help"                          # Redis protocol
 
     add-to-list "wireshark,https://github.com/wireshark/wireshark,Wireshark is a network protocol analyzer that lets you see what’s happening on your network at a microscopic level."
     add-to-list "tshark,https://github.com/wireshark/wireshark,TShark is a terminal version of Wireshark."
     add-to-list "hping3,https://github.com/antirez/hping,A network tool able to send custom TCP/IP packets"
     add-to-list "masscan,https://github.com/robertdavidgraham/masscan,Masscan is an Internet-scale port scanner"
-    add-to-list "netdiscover,https://github.com/netdiscover-scanner/netdiscover is an active/passive address reconnaissance tool"
+    add-to-list "netdiscover,https://github.com/netdiscover-scanner/netdiscover,netdiscover is an active/passive address reconnaissance tool"
     add-to-list "tcpdump,https://github.com/the-tcpdump-group/tcpdump,a powerful command-line packet analyzer for Unix-like systems"
     add-to-list "iptables,https://linux.die.net/man/8/iptables,Userspace command line tool for configuring kernel firewall"
     add-to-list "traceroute,https://github.com/iputils/iputils,Traceroute is a command which can show you the path a packet of information takes from your computer to one you specify."
@@ -53,6 +55,7 @@ function install_network_apt_tools() {
     add-to-list "hydra,https://github.com/vanhauser-thc/thc-hydra,Hydra is a parallelized login cracker which supports numerous protocols to attack."
     add-to-list "mariadb-client,https://github.com/MariaDB/server,MariaDB is a community-developed fork of the MySQL relational database management system. The mariadb-client package includes command-line utilities for interacting with a MariaDB server."
     add-to-list "redis-tools,https://github.com/antirez/redis-tools,redis-tools is a collection of Redis client utilities including redis-cli and redis-benchmark."
+    add-to-list "remmina,https://github.com/FreeRDP/Remmina,Remote desktop client."
 }
 
 function install_proxychains() {
@@ -192,10 +195,10 @@ function install_ligolo-ng() {
     mkdir /tmp/ligolo
     if [[ $(uname -m) = 'x86_64' ]]
     then
-        wget -O /tmp/ligolo/proxy.tar.gz "https://github.com/nicocha30/ligolo-ng/releases/latest/download/ligolo-ng_proxy_0.4.3_Linux_64bit.tar.gz"
+        wget -O /tmp/ligolo/proxy.tar.gz "https://github.com/nicocha30/ligolo-ng/releases/download/v0.4.4/ligolo-ng_proxy_0.4.4_linux_amd64.tar.gz"
     elif [[ $(uname -m) = 'aarch64' ]]
     then
-        wget -O /tmp/ligolo/proxy.tar.gz "https://github.com/nicocha30/ligolo-ng/releases/latest/download/ligolo-ng_proxy_0.4.3_Linux_ARM64.tar.gz"
+        wget -O /tmp/ligolo/proxy.tar.gz "https://github.com/nicocha30/ligolo-ng/releases/download/v0.4.4/ligolo-ng_proxy_0.4.4_linux_arm64.tar.gz"
     else
         criticalecho-noexit "This installation function doesn't support architecture $(uname -m)" && return
     fi
@@ -210,6 +213,7 @@ function install_ligolo-ng() {
 # Package dedicated to network pentest tools
 function package_network() {
     set_go_env
+    set_ruby_env
     install_network_apt_tools
     install_proxychains             # Network tool
     install_nmap                    # Port scanner
@@ -225,4 +229,4 @@ function package_network() {
     install_shuffledns              # Wrapper around massdns to enumerate valid subdomains
     install_tailscale               # Zero config VPN for building secure networks
     install_ligolo-ng               # Tunneling tool that uses a TUN interface
-}
+}

sources/install/package_osint.sh

@@ -379,6 +379,7 @@ function install_trevorspray() {
 # Package dedicated to osint, recon and passive tools
 function package_osint() {
     set_go_env
+    set_ruby_env
     install_osint_apt_tools
     install_youtubedl               # Command-line program to download videos from YouTube.com and other video sites
     install_sublist3r               # Fast subdomains enumeration tool

sources/install/package_reverse.sh

@@ -129,6 +129,7 @@ function install_pwninit() {
 
 # Package dedicated to reverse engineering tools
 function package_reverse() {
+    set_ruby_env
     install_reverse_apt_tools
     install_pwntools                # CTF framework and exploit development library
     install_pwndbg                  # Advanced Gnu Debugger

sources/install/package_rfid.sh

@@ -84,6 +84,7 @@ function install_proxmark3() {
 
 # Package dedicated to RFID/NCF pentest tools
 function package_rfid() {
+    set_ruby_env
     install_rfid_apt_tools
     install_mfoc                    # Tool for nested attack on Mifare Classic
     install_libnfc-crypto1-crack    # tool for hardnested attack on Mifare Classic

sources/install/package_sdr.sh

@@ -47,6 +47,7 @@ function install_jackit() {
 
 # Package dedicated to SDR
 function package_sdr() {
+    set_ruby_env
     install_sdr_apt_tools
     install_mousejack               # tools for mousejacking
     install_jackit                  # tools for mousejacking

sources/install/package_steganography.sh

@@ -45,6 +45,7 @@ function install_stegolsb() {
 
 # Package dedicated to steganography tools
 function package_steganography() {
+    set_ruby_env
     install_steganography_apt_tools
     install_zsteg                   # Detect stegano-hidden data in PNG & BMP
     install_stegolsb                # (including wavsteg)

sources/install/package_voip.sh

@@ -13,5 +13,6 @@ function install_sipvicious() {
 
 # Package dedicated to VOIP/SIP pentest tools
 function package_voip() {
+    set_ruby_env
     install_sipvicious              # Set of tools for auditing SIP based VOIP systems
 }

sources/install/package_web.sh

@@ -72,7 +72,12 @@ function install_amass(){
 
 function install_ffuf() {
     colorecho "Installing ffuf"
-    go install -v github.com/ffuf/ffuf@latest
+    git -C /opt/tools clone --depth 1 https://github.com/ffuf/ffuf.git
+    cd /opt/tools/ffuf
+    go build .
+    mv ./ffuf /opt/tools/bin/
+    # https://github.com/ffuf/ffuf/issues/681
+    # go install github.com/ffuf/ffuf/v2@latest
     add-history ffuf
     add-test-command "ffuf --help"
     add-to-list "ffuf,https://github.com/ffuf/ffuf,Fast web fuzzer written in Go."
@@ -175,7 +180,7 @@ function install_bolt() {
     add-aliases bolt
     add-history bolt
     add-test-command "bolt --help"
-    add-to-list "bolt,https://github.com/s0md3v/bolt,TODO"
+    add-to-list "bolt,https://github.com/s0md3v/bolt,Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing."
 }
 
 function install_kadimus() {
@@ -647,9 +652,9 @@ function install_burpsuite() {
     # FIXME: set up the dark theme right away?
     # FIXME: add burp certificate to embedded firefox and chrome?
     # TODO: change Burp config to allow built-in browser to run
-    # TODO: Add test command
     add-aliases burpsuite
     add-history burpsuite
+    add-test-command "which burpsuite"
     add-to-list "burpsuite,https://portswigger.net/burp,Web application security testing tool."
 }
 
@@ -670,7 +675,7 @@ function install_php_filter_chain_generator() {
     add-aliases php_filter_chain_generator
     add-history php_filter_chain_generator
     add-test-command "php_filter_chain_generator --help"
-    add-to-list "PHP filter chain generator,https://github.com/synacktiv/php_filter_chain_generator,TODO"
+    add-to-list "PHP filter chain generator,https://github.com/synacktiv/php_filter_chain_generator,A CLI to generate PHP filters chain / get your RCE without uploading a file if you control entirely the parameter passed to a require or an include in PHP!"
 }
 
 function install_kraken() {
@@ -769,6 +774,7 @@ function package_web() {
 
 function package_web_configure() {
     set_go_env
+    set_ruby_env
     configure_nuclei
     configure_moodlescan
     configure_clusterd

sources/install/package_wifi.sh

@@ -109,6 +109,7 @@ function install_hcxdumptool() {
 # Package dedicated to wifi pentest tools
 function package_wifi() {
     set_go_env
+    set_ruby_env
     install_wifi_apt_tools
     install_pyrit                   # Databases of pre-computed WPA/WPA2-PSK authentication phase
     install_wifite2                 # Retrieving password of a wireless access point (router)