Disclamer:
I'm not responsible for any harm caused by this tool. The provided docker image is part of my curiosity and used for CTFs and education only. Use these powers wisely and stay on the light side!
Tighten the strings and have some fun with your puppets
This Docker image is build on top of a minimal base install of the latest version of the Kali Linux Rolling Distribution and enriched with additional capabilities to transform it into a C2 Server to aid during Pentesting engagements, CTFs or for other sakes.
Get a pre-build image
docker pull ghcr.io/benjitrapp/puppet-master:main
Wanna build your own image?
For a Kickstart use the Makefile: make all
and watch the magic of the puppet master by browsing to http://localhost:9020/vnc.html
Not ready to get mesmerized yet?
Build the image: docker build -t puppet-master .
or run make build
Run the docker image and open port 6080:
docker run --rm -it -p 9020:8080 -p 9021:5900 --name puppet-master puppet-master
or make run
VNC and play with the puppets
First at all: Browse to http://localhost:9020/vnc.html
Forward VNC service port 5900 to host by
docker run -it --rm -p 6080:80 -p 5900:5900 puppet-master
Now, open the vnc viewer and connect to port 5900. If you would like to protect the VNC service by password, set environment variable VNC_PASSWORD.
For example:
docker run --rm -it -p 9020:8080 -p 9021:5900 --name puppet-master puppet-master -e VNC_PASSWORD=mypassword puppet-master
A prompt will ask password either in the browser or vnc viewer.
To get into bash of the running container
sudo docker exec -i -t puppet-master /bin/bash
Content
Kali metapackages [https://tools.kali.org/kali-metapackages]:
- kali-tools-top10
- kali-desktop-gnome
- kali-tools-fuzzing
- kali-tools-passwords
- kali-tools-post-exploitation
- kali-tools-information-gathering
- kali-tools-sniffing-spoofing
- kali-tools-social-engineering
C2 Capabilities:
- Covenant
- SilentTrinity
- Empire
- StarKiller
- PoshC2
- Merlin
- BabyShark
- Sliver
Protection Capabilities:
- fail2ban
- tor
- proxychains
- nginx
- supervisord
- (will be soon added) > tripwire and auditd
Recon and Wordlist Capabilities:
- Cewl
- GoBuster
- Bloodhound
- dirb
- sslscan
AWS/Cloud Attack Capabilities:
- awscli
- pacu
- endgame
Misc Attack Capabilities:
- Metasploit
- Powershell-Empire
- Hydra
- ncrack
- kerberoast
Online Resources
Articles
- A comparisson of C2 frameworks
- Flying a False Flag
- MacShellSwift: PoC MacOS post exploitation tool in Swift
- Throwback Thursday – A Guide to Configuring Throwback
- Voodoo CE Quickstart
- A first look at today’s Command and Control frameworks
Videos
- RedViper
- Command & Control tools course, in Pt-Br language.
- How Hackers Use Discord To Control Victim PC’s