mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-12-22 09:05:06 +01:00
Updated README on malleable_redirector and proxy2 submodules.
This commit is contained in:
parent
875e521922
commit
ce9ae70957
@ -24,8 +24,9 @@ Use wisely, stay safe.
|
||||
|
||||
### Example usage
|
||||
|
||||
All settings were moved to the external file:
|
||||
```
|
||||
$ python3 proxy2.py -P 80/http -P 443/https -p plugins/malleable_redirector.py --profile jquery-c2.3.14.profile --teamserver-url 1.2.3.4:8080 -v
|
||||
$ python3 proxy2.py --config example-config.yaml
|
||||
|
||||
[INFO] 19:21:42: Loading 1 plugin...
|
||||
[INFO] 19:21:42: Plugin "malleable_redirector" has been installed.
|
||||
@ -54,6 +55,26 @@ $ python3 proxy2.py -P 80/http -P 443/https -p plugins/malleable_redirector.py -
|
||||
[...]
|
||||
```
|
||||
|
||||
Where **example-config.yaml** contains:
|
||||
|
||||
```
|
||||
plugin: malleable_redirector
|
||||
verbose: True
|
||||
|
||||
port:
|
||||
- 80/http
|
||||
- 443/https
|
||||
|
||||
profile: jquery-c2.3.14.profile
|
||||
|
||||
# Let's Encrypt certificates
|
||||
ssl_cacert: /etc/letsencrypt/live/attacker.com/fullchain.pem
|
||||
ssl_cakey: /etc/letsencrypt/live/attacker.com/privkey.pem
|
||||
|
||||
teamserver_url:
|
||||
- 1.2.3.4:8080
|
||||
```
|
||||
|
||||
The above output contains a line pointing out that there has been an unauthorized, not compliant with our C2 profile inbound request, which got dropped due to incompatible User-Agent string presented:
|
||||
```
|
||||
[...]
|
||||
@ -61,6 +82,175 @@ The above output contains a line pointing out that there has been an unauthorize
|
||||
[...]
|
||||
```
|
||||
|
||||
|
||||
### Plugin options
|
||||
|
||||
Following options are supported:
|
||||
|
||||
```
|
||||
#
|
||||
# ====================================================
|
||||
# malleable_redirector plugin related settings
|
||||
# ====================================================
|
||||
#
|
||||
|
||||
#
|
||||
# (Required) Path to the Malleable C2 profile file.
|
||||
#
|
||||
profile: cs.example.profile
|
||||
|
||||
#
|
||||
# (Required) Address where to redirect legitimate inbound beacon requests.
|
||||
# A.k.a. TeamServer's Listener bind address, in a form of:
|
||||
# [inport:][http(s)://]host:port
|
||||
#
|
||||
# If proxy2 was configured to listen on more than one port, specifying "inport" will
|
||||
# help the plugin decide to which teamserver's listener redirect inbound request.
|
||||
#
|
||||
# If 'inport' values are not specified in the below option (teamserver_url) the script
|
||||
# will pick destination teamserver at random.
|
||||
#
|
||||
# Having proxy2 listening on only one port does not mandate to include the "inport" part.
|
||||
# This field can be either string or list of strings.
|
||||
#
|
||||
teamserver_url:
|
||||
- 1.2.3.4:5555
|
||||
|
||||
#
|
||||
# What to do with the request originating from anyone else than the beacon:
|
||||
# - redirect (HTTP 301),
|
||||
# - reset TCP connection
|
||||
# - proxy to act as a reverse-proxy (dangerous!)
|
||||
# Valid values: 'reset', 'redirect', 'proxy'.
|
||||
#
|
||||
# Defaults to: redirect
|
||||
#
|
||||
drop_action: redirect
|
||||
|
||||
#
|
||||
# If someone who is not a beacon hits the proxy, or the inbound proxy does not meet
|
||||
# malleable profile's requirements - where we should proxy/redirect his requests.
|
||||
#
|
||||
# Default: https://google.com
|
||||
#
|
||||
action_url: https://google.com
|
||||
|
||||
#
|
||||
# Log full bodies of dropped requests.
|
||||
#
|
||||
# Default: False
|
||||
#
|
||||
log_dropped: False
|
||||
|
||||
#
|
||||
# Ban peers based on their IPv4 address. The blacklist with IP address to check against is specified
|
||||
# in 'ip_addresses_blacklist_file' option.
|
||||
#
|
||||
# Default: True
|
||||
#
|
||||
ban_blacklisted_ip_addresses: True
|
||||
|
||||
#
|
||||
# Specifies external list of CIDRs with IPv4 addresses to ban. Each entry in that file
|
||||
# can contain a single IPv4, a CIDR or a line with commentary in following format:
|
||||
# 1.2.3.4/24 # Super Security System
|
||||
#
|
||||
# Default: plugins/malleable_banned_ips.txt
|
||||
#
|
||||
ip_addresses_blacklist_file: plugins/malleable_banned_ips.txt
|
||||
|
||||
#
|
||||
# Ban peers based on their IPv4 address' resolved ISP/Organization value or other details.
|
||||
# Whenever a peer connects to our proxy, we'll take its IPv4 address and use one of the specified
|
||||
# APIs to collect all the available details about the address. Whenever a banned word
|
||||
# (of a security product) is found in those details - peer will be banned.
|
||||
# List of API keys for supported platforms are specified in ''. If there are no keys specified,
|
||||
# only providers that don't require API keys will be used (e.g. ip-api.com, ipapi.co)
|
||||
#
|
||||
# Default: True
|
||||
#
|
||||
verify_peer_ip_details: True
|
||||
|
||||
#
|
||||
# Specifies a list of API keys for supported API details collection platforms.
|
||||
# If 'verify_peer_ip_details' is set to True and there is at least one API key given in this option, the
|
||||
# proxy will collect details of inbound peer's IPv4 address and verify them for occurences of banned words
|
||||
# known from various security vendors. Do take a note that various API details platforms have their own
|
||||
# thresholds for amount of lookups per month. By giving more than one API keys, the script will
|
||||
# utilize them in a random order.
|
||||
#
|
||||
# To minimize number of IP lookups against each platform, the script will cache performed lookups in an
|
||||
# external file named 'ip-lookups-cache.json'
|
||||
#
|
||||
# Supported IP Lookup providers:
|
||||
# - ip-api.com: No API key needed, free plan: 45 requests / minute
|
||||
# - ipapi.co: No API key needed, free plan: up to 30000 IP lookups/month and up to 1000/day.
|
||||
# - ipgeolocation.io: requires an API key, up to 30000 IP lookups/month and up to 1000/day.
|
||||
#
|
||||
# Default: empty dictionary
|
||||
#
|
||||
ip_details_api_keys:
|
||||
ipgeolocation_io:
|
||||
|
||||
|
||||
#
|
||||
# Restrict incoming peers based on their IP Geolocation information.
|
||||
# Available only if 'verify_peer_ip_details' was set to True.
|
||||
# IP Geolocation determination may happen based on the following supported characteristics:
|
||||
# - organization,
|
||||
# - continent,
|
||||
# - continent_code,
|
||||
# - country,
|
||||
# - country_code,
|
||||
# - city,
|
||||
# - timezone
|
||||
#
|
||||
# The Peer will be served if at least one geolocation condition holds true for him
|
||||
# (inclusive/alternative arithmetics).
|
||||
#
|
||||
# If no determinants are specified, IP Geolocation will not be taken into consideration while accepting peers.
|
||||
# If determinants are specified, only those peers whose IP address matched geolocation determinants will be accepted.
|
||||
#
|
||||
# Each of the requirement values may be regular expression. Matching is case-insensitive.
|
||||
#
|
||||
# Following (continents_code, continent) pairs are supported:
|
||||
# ('AF', 'Africa'),
|
||||
# ('AN', 'Antarctica'),
|
||||
# ('AS', 'Asia'),
|
||||
# ('EU', 'Europe'),
|
||||
# ('NA', 'North america'),
|
||||
# ('OC', 'Oceania'),
|
||||
# ('SA', 'South america)'
|
||||
#
|
||||
# Proper IP Lookup details values can be established by issuing one of the following API calls:
|
||||
# $ curl -s 'https://ipapi.co/TARGET-IP-ADDRESS/json/'
|
||||
# $ curl -s 'http://ip-api.com/json/TARGET-IP-ADDRESS'
|
||||
#
|
||||
# The organization/isp/as/asn/org fields will be merged into a common organization list of values.
|
||||
#
|
||||
ip_geolocation_requirements:
|
||||
organization:
|
||||
- Some\s+organization
|
||||
continent:
|
||||
continent_code:
|
||||
country:
|
||||
country_code:
|
||||
city:
|
||||
-
|
||||
timezone:
|
||||
|
||||
|
||||
#
|
||||
# List of whitelisted IP addresses/CIDR ranges.
|
||||
# Inbound packets from these IP address/ranges will always be passed towards specified TeamServer without
|
||||
# any sort of verification or validation.
|
||||
#
|
||||
whitelisted_ip_addresses:
|
||||
- 127.0.0.0/24
|
||||
|
||||
```
|
||||
|
||||
|
||||
### TODO:
|
||||
|
||||
- Add some unique beacons tracking logic to offer flexilibity of refusing staging and communication processes at the proxy's own discretion
|
||||
|
@ -1 +1 @@
|
||||
Subproject commit d367e28c4928544793580a5a381d49699f0752e6
|
||||
Subproject commit 088ae5c18ff8b9a86d2f9496dce6b14018d32897
|
@ -1 +1 @@
|
||||
Subproject commit d367e28c4928544793580a5a381d49699f0752e6
|
||||
Subproject commit 088ae5c18ff8b9a86d2f9496dce6b14018d32897
|
Loading…
Reference in New Issue
Block a user