User Controls

So i've been working on a framework...

  1. #1
    Sophie Pedophile Tech Support
    Basically it started off as me wanting a single tool with which to perform and automate the majority of the stuff i do on a regular basis. Like gathering hosts and checking hosts against information obtained through OSINT, port scanning, cross referencing enumerated services with lists of known vulnerabilities and generating payloads based on those results, automated recon as far as it concerns organizations and individuals and because i have an interested in all things malware, i'm writing stuff like templates as well, to have an easy way to get started and have most of the important things in place, without having to write something entirely unique depending on the situation.

    However at some point i came to the realization that it would basically amount to a big ass wrapper for tools i often use including some of my own implementations. So that got me thinking, if i am basically automating my entire workflow wouldn't it be more justified to write a distro? However i don't think coming up with an entirely new distro would be justified either. A VM image would seem like the more reasonable choice. If i use LXC/QEMU-KVM as hypervisor through multipass combined with docker images running in there to support the tooling that's not usually supported on the Ubuntu Core versions i think i should be able to accomplish my goal.

    Not only that it would be a lot more secure than just running this stuff on the host machine directly, especially since i came up with a pretty cool way to do C2 through OnionShare. If i have for instance my hidden pastebin service running as a static site through onionshare, where the pastes would consist of encoded instructions, i don't have to go through the trouble of setting a hidden service up through Docker but still have it contained within my Multipass Guest. And then i got to thinking, that what if i has a sort of bootstrap script to get Multipass and subsequent VMs installed, and do the same within the VM for the docker images i may need, this would be a pretty easy way to deploy some serious firepower in a relatively safe and accessible manner.

    Relatively safe and accessible spells OSS Red Team capabilities for me personally. I could basically maintain the 'distro' through a sort of 'master copy' i host on a dedi and would commit updates to.

    That'd be pretty cool, any thoughts on this? I don't often work with Docker, so getting all those set up appropriately within the VM in a manner that it works might be somewhat of a challenge. Or are you of the opinion that i should ditch LXC/Multipass entirely and just run a docker image that basically would be doing the same thing?
  2. #2
    Bueno motherfucker
  3. #3
    livingelegy motherfucker [my polyoicous forward graciousness]
    You should automate your molestation of children next
    The following users say it would be alright if the author of this post didn't die in a fire!
  4. #4
    Sophie Pedophile Tech Support
    Originally posted by Bueno Sounds like docker is the way to go, have a core then use a dockerfile to set all your scripts and settings, deployment is relatively easy.
    Maintaining a distro sounds like a bitch, plus redeploying after every change sounds like a bitch too.

    TAKE THE LEAP OF FAITH INTO DICKER, it seems really complex at first, then you realize its just a headless box.


    BTW, for container sec/audits check out Aqua Security tools:
    https://github.com/aquasecurity

    I do like Docker and it seems like a more comprehensive solution opposed to running Multipass VMs, which are headless boxes also but then as VM with LXC, without the ability to make a cluster or a hive. The problem is, running a hidden service from a Docker container, or as a Docker container. Unless it's the same as running a container as a web app where i just redirect traffic to and make accessible the Hidden Service port instead of 80 and 445.

    In any case i have been meaning to make some docker containers/images.
Jump to Top