/
Kali_Linux_Extra_Tools2.sh
executable file
·422 lines (325 loc) · 13.9 KB
/
Kali_Linux_Extra_Tools2.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
#!/bin/bash
##
## Kali Linux: Extra tools and customizations script
## =================================================
## Created by Wh1t3Rh1n0
##
## This script adds a bunch of my favorite tools to Kali Linux.
##
## Usage:
## Install all tools: ./Kali_Linux_Extra_Tools2.sh install
## Non-GUI tools only: ./Kali_Linux_Extra_Tools2.sh install nogui
##
# Major changes
# * 2015-09-09: In the process of being updated for Kali 2 Light Edition.
# * 2015-11-25: More modifications. Still Kali 2 Light Edition centric.
# * 2015-12-08: Separated GUI and non-GUI tools into two sections.
# * 2016-07-14: Disabled automatic install of smbexec
# * 2016-09-17: Major changes all over
# * 2017-09-18: Added Empire, CME, Hashcat Legacy
# * 2017-10-06: Light review to make sure this script still mostly works
# * 2018-03-20: Added sublist3r
if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
if [ "$1" != "install" ]; then exit ; fi
# ====== Install Updates =====================================================
apt-get update && apt-get -y upgrade && apt-get -y dist-upgrade
# ====== Personal Preferences =================================================
echo -e "\nPATH=\$PATH:/opt/pentest-scripts" >> /root/.bashrc
cat <<EOF > /root/.screenrc
caption always
caption string "%{kw}%-w%{wr}%n %t%{-}%+w"
startup_message off
EOF
cat <<EOF >> /root/.bashrc
alias nano='nano -\\\$iET 4'
EOF
ln -sn /usr/share/metasploit-framework/tools/pattern_create.rb /usr/bin/pattern_create
ln -sn /usr/share/metasploit-framework/tools/pattern_offset.rb /usr/bin/pattern_offset
# Log when this script was run and with what arguments to a file
echo "$(date)> $0 $*" >> /var/log/extra-tools.log
# ====== Install GUI Tools ===================================================
if [ "$2" != "nogui" ]; then
# GUI Tools installed with apt-get
# --------------------------------
# Additions for Kali Linux 2 Light
export DEBIAN_FRONTEND=noninteractive
apt-get install -y -q kali-linux-all
# Tools based on personal preference
apt-get install -y mousepad icedove
apt-get install -y vinagre
# Other stuff that comes in handy
apt-get install -y xfce4-screenshooter
#apt-get install -y flashplugin-nonfree icedtea-plugin
apt-get install -y gimp
apt-get install -y libreoffice-gnome libreoffice-writer libreoffice-calc
# Fix so chromium will run as root
apt-get install -y chromium
#sed -Ei "s#CHROMIUM_FLAGS=.+#CHROMIUM_FLAGS=\"--password-store=detect --user-data-dir\"#" /etc/chromium/default
# Firefox/Iceweasel Add-ons
# -------------------------
mkdir -p /opt/firefox-addons
cd /opt/firefox-addons
#Controle de Scripts
curl -L "https://addons.mozilla.org/firefox/downloads/latest/1154/addon-1154-latest.xpi" -o controle-de-scripts.xpi
#https://addons.mozilla.org/en-US/firefox/addon/open-multiple-locations/
curl -L "https://addons.mozilla.org/firefox/downloads/latest/216803/addon-216803-latest.xpi" -o open-multiple-locations.xpi
#https://addons.mozilla.org/en-US/firefox/addon/restclient/?src=search
curl -L "https://addons.mozilla.org/firefox/downloads/latest/9780/addon-9780-latest.xpi" -o restclient.xpi
#https://addons.mozilla.org/en-US/firefox/addon/refcontrol/?src=search
curl -L "https://addons.mozilla.org/firefox/downloads/latest/953/addon-953-latest.xpi" -o refcontrol.xpi
#https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/?src=ss
curl -L "https://addons.mozilla.org/firefox/downloads/file/308568/foxyproxy_standard-4.5.4-sm+tb+fx.xpi" -o foxyproxy.xpi
#https://addons.mozilla.org/en-US/firefox/addon/firebug/?src=search
curl -L "https://addons.mozilla.org/firefox/downloads/latest/1843/addon-1843-latest.xpi" -o firebug.xpi
#https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/?src=ss
curl -L "https://addons.mozilla.org/firefox/downloads/latest/92079/addon-92079-latest.xpi" -o cookies-manager-plus.xpi
#https://addons.mozilla.org/en-US/firefox/addon/unhide-passwords/
curl -L "https://addons.mozilla.org/firefox/downloads/latest/462/addon-462-latest.xpi" -o unhide-passwords.xpi
#https://addons.mozilla.org/en-US/firefox/addon/hackbar/?src=search
curl -L "https://addons.mozilla.org/firefox/downloads/latest/3899/addon-3899-latest.xpi" -o hackbar.xpi
#https://addons.mozilla.org/en-US/firefox/addon/tamper-data/?src=search
curl -L "https://addons.mozilla.org/firefox/downloads/latest/966/addon-966-latest.xpi" -o tamper-data.xpi
#https://addons.mozilla.org/en-US/firefox/addon/quickjava/?src=search
curl -L "https://addons.mozilla.org/firefox/downloads/file/82987/quickjava-1.7.2-fx.xpi" -o quickjava.xpi
#https://addons.mozilla.org/en-US/firefox/addon/parent-folder/
curl -L "https://addons.mozilla.org/firefox/downloads/latest/1800/addon-1800-latest.xpi" -o parent-folder.xpi
#https://addons.mozilla.org/en-US/firefox/addon/user-agent-quick-switch
curl -L "https://addons.mozilla.org/firefox/downloads/latest/355807/addon-355807-latest.xpi" -o user-agent-quick-switch.xpi
# [Removed 2017-10]
# Sublime text editor
#cd /opt
#if [ "$(arch)" == "x86_64" ] ; then
# wget "http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.2%20x64.tar.bz2" -O sublime.tar.bz2
#else
# wget "http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.2.tar.bz2" -O sublime.tar.bz2
#fi
#tar -xjvf sublime.tar.bz2
#rm -fv sublime.tar.bz2
#ln -sn "/opt/Sublime Text 2/sublime_text" /usr/bin/sublime
# Old Firefox for accessing pages with weak SSL ciphers
mkdir -p /opt/firefox-old
cd /opt/firefox-old/
wget 'https://download-installer.cdn.mozilla.net/pub/firefox/releases/30.0/linux-x86_64/en-US/firefox-30.0.tar.bz2'
tar -xjvf firefox-30.0.tar.bz2
mv firefox firefox-30.0
# Removed 2017-10 -- Kali has switched to Firefox ESR now
# Firefox (not Iceweasel)
#/opt/pentest-scripts/update-firefox.sh
fi
# ====== Install Non-GUI Tools ===============================================
# Setup metasploit database
apt-get install -y metasploit-framework
systemctl enable postgresql
service postgresql start
msfdb init
# Fix sendemail
# -------------
# Replaces: m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))$}i
# With: m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))}i
sed -Ei 's#m\{\^\(\!\?\)\(\?:\(SSL\(\?:v2\|v3\|v23\|v2/3\)\)\|\(TLSv1\[12\]\?\)\)\$\}i#m\{\^\(\!\?\)\(\?:\(SSL\(\?:v2\|v3\|v23\|v2/3\)\)\|\(TLSv1\[12\]\?\)\)\}i#g' /usr/share/perl5/IO/Socket/SSL.pm
# Non-GUI Tools installed with apt-get
# ------------------------------------
apt-get install -y cifs-utils sshfs exif exiv2 exfat-fuse exfat-utils nfs-common
apt-get install -y metagoofil ufw
apt-get install -y vncsnapshot
apt-get install -y xdotool
apt-get install -y dnsutils passing-the-hash creddump
apt-get install -y bettercap
apt-get install -y ncftp
# Install tools for creating a wireless access point
apt-get install -y dnsmasq hostapd-wpe
systemctl disable dnsmasq
systemctl disable hostapd-wpe
# Default passwords list:
mkdir -p /usr/share/wordlists
cd /usr/share/wordlists
wget "http://www.phenoelit.org/dpl/dpl.html" -O /usr/share/wordlists/dpl.html
# Scripted, non-apt-get installs
# ------------------------------
# --- Coalfire --- #
# Coalfire private exploits (requires authenticating to github)
cd /opt
git clone https://github.com/coalfire/pentest-exploits.git
# --- X-Windows tools --- #
# xwatchwin
cd /opt
wget "http://www.ibiblio.org/pub/X11/contrib/utilities/xwatchwin.tar.gz"
tar -xzvf xwatchwin.tar.gz
rm xwatchwin.tar.gz
cd xwatchwin
apt-get -y install xutils-dev
xmkmf
make
# xwd
cd /opt
wget "http://xorg.freedesktop.org/archive/individual/app/xwd-1.0.5.tar.bz2"
tar -xjvf xwd-1.0.5.tar.bz2
rm xwd-1.0.5.tar.bz2
cd xwd-1.0.5
apt-get install -y libx11-dev libxt-dev pkgconf
./configure ; make ; make install
# --- Windows exploitation --- #
# Responder
cd /opt
git clone https://github.com/lgandx/Responder
# ntlmrelayx
mkdir -p /opt/ntlmrelayx
cd /opt/ntlmrelayx
apt-get install -y libssl-dev libffi-dev python-dev
pip install pyopenssl
pip install ldap3
pip install ldap3 --upgrade
git clone https://github.com/lgandx/Responder
git clone 'https://github.com/CoreSecurity/impacket'
cd impacket
python setup.py install
cd ../Responder
sed -Ei 's/HTTP = On/HTTP = Off/g' Responder.conf
sed -Ei 's/HTTPS = On/HTTPS = Off/g' Responder.conf
sed -Ei 's/SMB = On/SMB = Off/g' Responder.conf
# --- Linux kernel exploits --- #
# Linux Kernel Exploit Suggester
cd /opt
git clone https://github.com/PenturaLabs/Linux_Exploit_Suggester
# getroot.tgz from iKat
cd /opt
mkdir ikat
cd ikat
wget 'http://ikat.ha.cked.net/Linux/files/getroot.tgz'
# --- Password cracking --- #
# John The Ripper Jumbo with Tools
cd /opt
git clone https://github.com/magnumripper/JohnTheRipper
# Hashcat Legacy
cd /opt/
wget "https://hashcat.net/files_legacy/hashcat-2.00.7z" && 7z x hashcat-2.00.7z && rm hashcat-2.00.7z
mv /usr/bin/hashcat /usr/bin/hashcat3
ln -sn /opt/hashcat-2.00/hashcat-cli32.bin /usr/bin/hashcat
# PACK - Password Analysis and Cracking Kit
cd /opt
git clone https://github.com/tomato42/pack
ln -sn /opt/pack/rulegen.py /usr/bin/pack-rulegen
ln -sn /opt/pack/statsgen.py /usr/bin/pack-statsgen
ln -sn /opt/pack/policygen.py /usr/bin/pack-policygen
ln -sn /opt/pack/maskgen.py /usr/bin/pack-maskgen
# --- Password recovery --- #
# LaZagne - Password recovery for Windows and Linux
cd /opt
git clone https://github.com/AlessandroZ/LaZagne
LAZAGNE_CURRENT=$(curl -Is 'https://github.com/AlessandroZ/LaZagne/releases/latest' | grep -E '^Location:' | awk -F '/tag/' '{print $2}' | tr -d '\r' | tr -d '\n')
wget "https://github.com/AlessandroZ/LaZagne/releases/download/$LAZAGNE_CURRENT/Windows.zip"
# VNCpwd - VNC Password Decrypter
mkdir /opt/vncpwd
cd /opt/vncpwd
wget "http://aluigi.altervista.org/pwdrec/vncpwd.zip"
unzip vncpwd.zip
# PCredz - credentials/hash/credit card number sniffer
apt-get -y remove python-pypcap && apt-get -y install python-libpcap
cd /opt
git clone https://github.com/lgandx/PCredz
# --- Misc --- #
# clusterd.py
cd /opt
git clone https://github.com/hatRiot/clusterd.git
# Java Deserialization Exploits
cd /opt
git clone https://github.com/coalfire/java_deserialization_exploits
# CrackMapExec
cd /opt
git clone https://github.com/byt3bl33d3r/CrackMapExec
cd CrackMapExec && git submodule init && git submodule update --recursive
python setup.py install
# PowerShell Empire
cd /opt/
git clone 'https://github.com/EmpireProject/Empire'
cd Empire
./setup/install.sh
# Various extra Windows binaries
mkdir /opt/windows-extras
cd /opt/windows-extras
wget http://www.tightvnc.com/download/1.3.10/tightvnc-1.3.10_x86.zip
wget https://download.sysinternals.com/files/PSTools.zip
wget https://download.sysinternals.com/files/AccessChk.zip
wget https://the.earth.li/~sgtatham/putty/latest/w32/putty.zip
wget https://the.earth.li/~sgtatham/putty/latest/w32/putty.zip.gpg
wget https://download.sysinternals.com/files/Procdump.zip
# merger.py -> nessus-merger.py
wget "https://gist.githubusercontent.com/mastahyeti/2720173/raw" -O /tmp/merger.py
echo \#\!/usr/bin/env python > /usr/bin/nessus-merger.py
cat /tmp/merger.py >> /usr/bin/nessus-merger.py
chmod 755 /usr/bin/nessus-merger.py
rm /tmp/merger.py
# progress
cd /opt
git clone https://github.com/Xfennec/progress
cd progress/
apt-get -y install libncurses5-dev
make
make install
# Sublist3r
cd /opt
git clone https://github.com/aboul3la/Sublist3r
apt-get update
apt-get install -y python-requests python-dnspython python-argparse
# MS15-034 Check
mkdir /opt/ms15-034
cd /opt/ms15-034
ln -sn /usr/share/exploitdb/platforms/windows/dos/36773.c ms15-034.c
gcc ms15-034.c -o ms15-034
# MS14-066 Check
mkdir /opt/ms14-066
cd /opt/ms14-066
curl -L "https://raw.githubusercontent.com/anexia-it/winshock-test/master/winshock_test.sh" -o "winshock_test.sh"
cat winshock_test.sh | sed -E 's/REMOTE_VERSION=.+/REMOTE_VERSION=\$VERSION/g' | sed 's#cat <<IMP#cat <<WARN > /dev/null#g' | sed -E 's/read -p.+/REPLY=y/g' | sed 's#cat <<EOF#cat <<EOF > /dev/null#g' > winshock_test2.sh
# Removed 2017-10
# masscan - Mass IP port scanner
#cd /opt
#git clone https://github.com/robertdavidgraham/masscan
#cd masscan/
#apt-get -y install libpcap0.8-dev
#make -j
# TCP Ping
cd /usr/bin
wget "http://www.vdberg.org/~richard/tcpping"
chmod 755 tcpping
ln -sn /usr/bin/tcpping /usr/bin/tcping
# F5 BIG-IP Cookie decoder
mkdir /opt/BIG-IP
cd /opt/BIG-IP
wget http://www.taddong.com/tools/BIG-IP_cookie_decoder.zip
unzip BIG-IP_cookie_decoder.zip
echo -e "#\!/bin/bash\npython /opt/BIG-IP/BIG-IP_cookie_decoder.py \$(curl -i -k \$1 2>/dev/null | grep -i \"Set-Cookie: BIGip\" | cut -d ' ' -f 2 | tr -d ';' | cut -d '=' -f 2)" > /opt/BIG-IP/big-ip-url.sh
# Removed 2017-10
# smbexec - Download only. Install is manual.
#cd /opt
#git clone https://github.com/pentestgeek/smbexec
# Removed 2017-10
# Metasploit-Plugins from darkoperator - includes the pentest plugin
#cd /opt
#git clone https://github.com/darkoperator/Metasploit-Plugins
#ln -sn /opt/Metasploit-Plugins/*.rb /usr/share/metasploit-framework/plugins/
# Eyewitness
cd /opt
git clone 'https://github.com/ChrisTruncer/EyeWitness'
cd Eyewitness/setup
./setup.sh
# Sticky-Keys-Slayer
cd /opt/
apt-get -y install imagemagick xdotool parallel bc
git clone https://github.com/linuz/Sticky-Keys-Slayer
# ====== Clean up =============================================================
apt-get --purge -y autoremove
apt-get clean
# ====== Old stuff I've disabled but am keeping around for reference ==========
# # Setup limited user for running Firefox
# cd /opt/pentest-scripts
# script_name=firefox-nonroot iw_user=firefox-user program_description="Firefox (Non-Root)" command_line="/opt/firefox/firefox" icon="/opt/firefox/browser/icons/mozicon128.png" catagories="Network;" ./setup-x-limited.sh
# # Setup limited user for running Chromium
# cd /opt/pentest-scripts
# script_name=chromium-nonroot iw_user=chromium-user program_description="Chromium (Non-Root)" command_line="/usr/bin/chromium" icon="chromium" catagories="Network;" ./setup-x-limited.sh
# # Setup limited user for running Hexchat
# cd /opt/pentest-scripts
# script_name=hexchat-nonroot iw_user=hexchat-user program_description="Hexchat (Non-Root)" command_line=/usr/bin/hexchat icon="hexchat" catagories="Network;" ./setup-x-limited.sh