HOTWAX

Hotwax is a script to provision a set of extra pentesting tools onto a Kali Linux machine in a consistent manner.

Getting Started

These instructions will get you a copy of the project up and running on your local machine for deployment AND development purposes.

Prerequisites

Kali Linux 2019.4 or older. (Presently, will not work on Kali LInux 2020.1 or newer, due to change from default root account configuration to non-root user account configuration. To be fixed in near future.)
Git
Ansible

apt update -y
apt install -y git ansible

Installing

Clone the HOTWAX repository.

cd ~
git clone https://github.com/BrashEndeavours/hotwax

Run the playbook

cd hotwax
ansible-playbook playbook.yml

Tools updated:

Samba 4.10.8 (smbclient,rpcclient,nmblookup - Patched to fix issues with polenum, enum4linux, and restoring smbclient connection output.
enum4linux - Fix minor parsing issues. Updates temporarily included by BrashEndeavours fork, until PR is merged.

Tools installed:

Arjun - Arjun is an HTTP parameter discovery suite.
AutoRecon - AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
BloodHound - Six Degrees of Domain Admin.
chisel - A fast TCP tunnel over HTTP
evil-winrm - The ultimate WinRM shell for hacking/pentesting.
gobuster - Directory/File, DNS and VHost busting tool written in Go
LinEnum - Local Linux Enumeration & Privilege Escalation Script
nishang - Framework and collection of scripts and payloads which enables usage of PowerShell for penetration testing.
One-Lin3r - On demand one-liners that aid in penetration testing operations, privilege escalation and more
OSCP Exam Report Template - Modified template for the OSCP Exam
Powerless - A Windows privilege escalation (enumeration) script designed with OSCP labs (i.e. legacy Windows machines without Powershell) in mind.
PowerSploit - Collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project.
pspy - Monitor linux processes without root permissions.
SecLists - Collection of usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and more.
sherlock - Find usernames across social networks.
sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
webshell - This is a webshell open source project.
Windows PHP Reverse Shell - Simple php reverse shell implemented using bina- https://github.com/ucki/zauberfeder, based on an webshell.
XSStrike - Advanced XSS scanner
zauberfeder - A LaTex reporting template.
crackmapexec - A swiss army knife for pentesting networks.
windows-kernel-exploits - Precompiled Windows Exploits.
exiftool - ExifTool meta information reader/writer. Great for viewing and manipulating exif-data.
html2text - Convert HTML to clean, easy-to-read plain ASCII text.
mingw-w64 - GCC for Windows 64 & 32 bits.
msfpc - MSFvenom Payload Creator (MSFPC)
wce - A security tool to list logon sessions and add, change, list and delete associated credentials.
Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target.
pyftpdlib - Extremely fast and scalable Python FTP server library. Spin up FTP Server with a one-liner.
ssh-os - Nmap Script that identifies Debian, Ubuntu, FreeBSD version based on default SSH banner response.
empire - Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent.
medusa - Medusa is a speedy, parallel, modular login brute-forcer. Similar to ncrack and Hydra.

Contributing

Please read CONTRIBUTING.md for details on the code of conduct, and the process for submitting pull requests.

Authors

Blake Mackey (@BrashEndeavours) - Initial work - BrashEndeavours

Contributors

Want your name here? See CONTRIBUTING.md for details.
Alec Mather-Shapiro (whoisflynn) - Added AutoRecon, Windows PHP Reverse Shell, and OSCP Exam Template - whoisflynn
Richard Lam (richlamdev) - Added crackmapexec, windows-kernel-exploits, exiftool, html2text, mingw-w64, msfpc, wce, windows-exploit-suggester, pyftpdlib, ssh-os.nse, medusa - richhlamdev

Acknowledgements

Rebootuser (@rebootuser) - LinEnum
D4Vinci (@Seekurity) - One-Lin3r
PowerShellMafia - PowerSploit
Daniel Miessler - SecLists
Nikhil "SamratAshok" Mittal - nishang
Dominic Breuker - pspy
sherlock-project - sherlock
Tib3rius - AutoRecon
Dhayalanb - Windows PHP Reverse Shell
whoisflynn - OSCP Exam Report Template
jpillora - chisel
OJ Reeves - gobuster
rofl0r - proxychains-ng
Brian May - sshuttle
tennc - webshell
PortcullisLabs - enum4linux
M4ximuss - Powerless
Somdev Sangwan - Arjun
ucki - zauberfeder
BloodHoundAD - BloodHound
byt3bl33d3r - crackmapexec
abatchy17 - WindowsExploits
exiftol - exiftool
Alir3z4 - html2text
mingw-w64 - mingw-w64
g0tmi1k - msfpc
ampliasecurity.com - wce
AonCyberLabs - Windows-Exploit-Suggester
giampaolo - pyftpdlib
richlamdev - ssh-os
harmj0y - empire
foofus - foofus.net

License

This project is licensed under the MIT License - see the LICENSE.md file for details

b4ndit / hotwax