Skip to content

FEATURE: Tools Overhaul v1 #88

New issue
New issue
Open
Open
FEATURE: Tools Overhaul v1#88
Labels
discussionDiscussion about toolingenhancementNew feature or request
@thereisnotime

Description

@thereisnotime
thereisnotime
opened on Aug 3, 2019

Proposal

My current observation is that Commando VM is missing a lot of tools that a penetration testing OS should come with. I have curated a list of improvements that include changes, new tools and configurations. I would like to request comments on this list and perhaps improve and implement it in Commando VM. Most penetration testing environments neglect clouds and containers, which is really unfortunate as they are the future.
I have separated my suggestions in three categories - Add - software to be added in the installation script, Remove - remove software from the installation script and Configure - Windows or some other software configuration deployment.

1. Remove: WinRAR

Why:

  • WinRAR is trialware so it opens annoying pop-ups which are distracting.
  • There are a lot of public exploits for WinRAR.
  • The compression rate of 7-Zip is almost the same as WinRAR.

2. Add: Crunch

Why:

  • One of the most useful tools for wordlist generation.
  • High performance tool.

URL:

3. Add: RBTray

Why

  • Gives the ability to minimize to tray most of the programs.
  • Reduces window cluttering and distractions.

URL:

4. Config: Browser Bookmarks

Why:

  • Having a pre-configured bookmark bar will save time. My suggestion is to have one on all of the installed browsers with the most helpful tools sorted in folders for easy access. I came up with this small list in about a hour or so.

URL:

5. Add: NirLauncher with NirSoft Tools

Why:

  • Great collection of over 200 tools that provide all sorts of features.
  • Come with a nice launcher for easy access.

URL:

6. Add: Pupy

Why:

  • A classic tool with good cross-platform support.
  • Remote administration and post-exploitation tool.
  • Supports Docker.

URL:

7. Add: Empire

Why:

  • Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework.
  • Has a big community and support.
  • Modular design.

URL:

8. Add: SDRSharp

Why:

  • Adds new vectors for attack in the RF spectrum.
  • The best free SDR software for Airspy and RTL-SDR dongles.
  • Has a lot of plugins and big community.

URL:

9. Add: VirusTotal Uploader

Why:

  • Users can upload files for multi vendor antivirus scan and sandbox.
  • Files can be uploaded from the right click context menu in Explorer.

URL:

10. Add: Social Engineer Toolkit

Why:

  • With over two million downloads, it is the standard for social-engineering penetration tests and supported heavily within the security community.
  • Runs on Python and it is open source.
  • Modular design.
  • Adds a lot of attack vectors to Commando VM.

URL:

11. Add: SimpleDNSCrypt

Why:

  • Simple DNSCrypt is a simple management tool to configure dnscrypt-proxy on windows based systems.
  • Provides DNS over HTTPS and DNSSEC/DNSCrypt options.
  • More defensive than offensive but still useful during attacks.

URL:

12. Add: Browser Extensions

Why:

  • In Commando VM Chrome and Firefox by default come with no addons or whatsover. Having a pre-installed and configured extensions will save users a lot of time.
  • Some users might learn about new extensons that they've never heard of before.
  • Most of the extensions are security/privacy/anonymity oriented, but some can be used offensively.

URL:

13. Add: TorBrowser

Why:

  • Anonimity/privacy/security.
  • A whole hidden network of sites/services.
  • This is Tor.

URL:

14. Add: I2PBrowser

Why:

  • Anonimity/privacy/security.
  • A whole hidden network of sites/services.
  • This is I2P

URL:

15. Add: qBitTorrent

Why:

  • Sometimes before or after a reconnaissance mission, pentesters will need to download a torrent or create/share one.
  • Lightweight and FOSS.

URL:

16. Add: NodeVersionManager

Why:

  • As there are many useful tools written in Node it will be a big advantage to have Node + NPM. The best way to have it in Windows is with nvm-windows so users can easily change versions of Node and NPM.

URL:

17. Configure: Random MAC

Why:

  • Better privacy and untraceability.
  • Best option - randomisation on every boot(and every interface) and on network connection.

18. Add: Killswitch

Why:

  • There should be a way to nuke the whole system by randomising all MACs, randomising hostname/usernames, writing random values to the discs and wiping the memory.
  • Good for anti-forensics.

URL:

  • Can't find a tool for that.

19. Add: Notepad++ Plugins

Why:

  • Plugins can greatly extend Npp's functionality. This list will vastly improve every programmer/scripter's work.

URL:

20. Add: iPerf

Why:

  • Test the limits of your network + Internet neutrality test.

URL:

21. Add: Session Manager

Why:

  • Currently there is not RDP/SSH or other session manager and if users perform penetration tests and network pivoting, there is no easy way to organize yor sessions. I suggest that Commando VM comes with MobaXTerm or mRemote. Bonus - MobaXTerm offers macros so you can optimize and automate your work.

URL:

22. Add: Cloud CLI Tools

Why:

  • There is no tool to help you with Cloud post-exploitation. I suggest adding all the main clouds CLI/PowerShell modules for AWS, Azure, GCP, BB, AliBaba Cloud so pentesters could benefit.

URL:

23. Add: Universal Database Client

Why:

  • Currently Commando VM offers clients only for SQL Server and SQLite. This is really limiting as there are a lot of other SQL and NoSQL types out there and pentesters will benefit post-exploitation from a client that adds more like MySQL, Oracle, DB2, PostgreSQL, Firebird, Vertica, Infomix, WMI, MongoDB and Cassandra.

URL:

24. Add: Filesystem Explorers

Why:

  • If users want to mount and read from a flash drive, external disk or some other source, they can only use NTFS, exFAT and FAT. Ext2 Volume Manager and HFSExplorer combined will add the ability to operate with HFS, HFS+, HFSX, Ext2, Ext3, Ext4 (also .dmg and .sparsebundle packages).

URL:

25. Add: SQLMap

Why:

  • SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
  • Modular design and great community.

URL:

26. Add: Scapy

Why:

  • Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.
  • Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery.

URL:

27. Add: Docker

Why:

  • Docker is essential to every Windows/Linux power user toolbelt. Having the WSL and Docker pentesters can run isolated tools with just few commands.

URL:

28. Add: Bettercap

Why:

  • Bettercap is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.

URL:

29. Add: WPScan

Why:

  • Deffinately a required tool that can automatically detect a many low to medium severity vulnerabilities on WordPress websites.

URL:

30. Add: Arachni Scanner

Why:

  • Arachni is a highly customisable scanner that is a must have for penetration testers.
  • Modular by design and free/public source.

URL:

31. Config: Disable input devices

Why:

  • All microphone and camera devices should be disabled in the install script.
  • Increases privacy.

32. Add: Cloud Nuke

Why:

  • Ability to delete every resource from AWS/Azure/GCP account.
  • Easy cleanup after doing dummy penetration tests.

URL:

33. Add: Clipboard Manager

Why:

  • Every pentester sometime in their life had a moment where a bunch of text editors were open just for the purpose of copy-paste management. Ditto saves you this trouble.
  • Server and save to file should be disabled.

URL:

34. Add: Snort

Why:

  • Useful when doing network automation.
  • Can be used for HIDS/HIPS for deffense.
  • Lightweight and portable.

URL:

35. Add: THC-Hydra

Why:

  • One of the best tools for brute forcing many different protocols.

URL:

36. Add: Freenet

Why:

  • Just like Tor and I2P, Freenet is one of the biggest self-contained networks.

URL:

37. Add: Lockhunter

Why:

  • This tool is purely for usability improvements.
  • Helps with the deletion/moving of locked files.

URL:

38. Add: DBATools

Why:

  • This tool gives enables you to do magic on SQL Servers from PowerShell.
  • Very useful when dumping databases or making backdoors.

URL:

39. Configure: Autoupdate Windows

Why:

  • A lot of time will be saved if the installation script updates Windows to the latest version before doing all other steps. This can be done with PowerShell or Batch.

URL:

Metadata

Metadata

Assignees

No one assigned

    Labels

    discussionDiscussion about toolingenhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions