This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls.
Black Hat Arsenal Video Demo Video - https://youtu.be/8YTYScLn7pA
hideNsneak provides a simple interface that allows penetration testers to build ephemeral infrastructure -- one that requires minimal overhead. hideNsneak can:
deploy
,destroy
, andlist
- Cloud instances via EC2 and Digital Ocean (Google Cloud, Azure, and Alibaba Cloud coming soon)
- API Gateway (AWS)
- Domain fronts via AWS Cloudfront and Google Cloud Functions (Azure CDN coming soon)
- Proxy through infrastructure
- Deploy C2 redirectors
- Send and receive files
- Port scanning via NMAP
- Remote installations of Burp Collab, Cobalt Strike, Socat, LetsEncrypt, GoPhish, and SQLMAP
- work with teams teams
Running locally
A few disclosures for V 1.0:
- At this time, all hosts are assumed
Ubuntu 16.04 Linux
. - Setup is done on your local system (Linux and Mac Only). In the future, we're hoping to add on a docker container to decrease initial setup time
- The only vps providers currently setup are AWS and Digital Ocean
- You need to make sure that go is installed. Instructions can be found here
- the GOPATH environment variable MUST be set
- Create a new AWS S3 bucket in
us-east-1
- Ensure this is not public as it will hold your terraform state
go get github.com/rmikehodges/hideNsneak
cd $GOPATH/src/github.com/rmikehodges/hideNsneak
./setup.sh
cp config/example-config.json config/config.json
- fill in the values
- aws_access_id, aws_secret_key, aws_bucket_name, public_key, private_key, ec2_user, and do_user are required at minimum
- all operators working on the same state must have config values filled in all the same fields
- private and public keys must be the same for each operator
- now you can use the program by running
./hidensneak [command]
Commands
hidensneak help
--> run this anytime to get available commandshidensneak instance deploy
hidensneak instance destroy
hidensneak instance list
hidensneak api deploy
hidensneak api destroy
hidensneak api list
hidensneak domainfront enable
hidensneak domainfront disable
hidensneak domainfront deploy
hidensneak domainfront destroy
hidensneak domainfront list
hidensneak firewall add
hidensneak firewall list
hidensneak firewall delete
hidensneak exec command -c
hidensneak exec nmap
hidensneak exec socat-redirect
hidensneak exec cobaltstrike-run
hidensneak exec collaborator-run
hidensneak socks deploy
hidensneak socks list
hidensneak socks destroy
hidensneak socks proxychains
hidensneak socks socksd
hidensneak install burp
hidensneak install cobaltstrike
hidensneak install socat
hidensneak install letsencrypt
hidensneak install gophish
hidensneak install nmap
hidensneak install sqlmap
hidensneak file push
hidensneak file pull
--help
after any of them to get guidance on what flags to use.Organization
_terraform
--> terraform modules_ansible
--> ansible roles and playbooks_assets
--> random assets for the beauty of this project_cmd
--> frontend interface package_deployer
--> backend commands and structsmain.go
--> where the magic happens
IAM Permissions
Google Domain Fronting
- App Engine API Enabled
- Cloud Functions API Enabled
- Project editor or higher permissions
Miscellaneous
A default security group
hideNsneak
is made in all AWS regions that is full-open. All instances are configured with iptables
to only allow port 22/tcp upon provisioning.If your program starts throwing terraform errors indicating a resource is not found, then you may need to remove the problematic terraform resources. You can do this by running the following:
cd $GOPATH/src/github.com/rmikehodges/hideNsneak/terraform
terraform state rm <name of problem resource>
This resource will need to be cleaned up manually if it still exists.
Troubleshooting
Error: configuration for
module name here
is not present; a provider configuration block is required for all operationsThis is usually due to artifacts being left in the state from old deployments. Below are instructions on how to remove those artifacts from your state. If they are live resources, they will need to be manually destroyed via the cloud provider's administration panel.
cd $GOPATH/src/github.com/rmikehodges/hideNsneak/terraform
terraform state rm <module or resource name>
If this does not go away after another user has finished deploying then it is usually due to to Terraform not automatically unlocking your state in the face of errors. This can be fixed by running the following:
terraform force-unlock <ID> $GOPATH/src/github.com/rmikehodges/hideNsneak/terraform