qubes-doc/managing-os/pentesting/ptf.md

122 lines
3.9 KiB
Markdown
Raw Normal View History

2016-06-13 20:24:23 -04:00
---
layout: doc
title: How to create Penetration Testers Framework (PTF) VM
2016-06-27 14:57:54 -04:00
permalink: /doc/pentesting/ptf/
redirect_from:
- /doc/ptf/
2016-06-13 20:24:23 -04:00
---
2018-02-19 05:40:37 -05:00
**General reminder:**
2016-06-17 12:19:35 -04:00
- The installation scripts and provided tools may have bugs, be vulnerable to Man in the Middle (MitM) attacks or other vulnerabilities.
- Adding additional repositories or tools for installing software extends your trust to those tool providers.
2016-06-17 12:19:35 -04:00
Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended.
2016-06-13 20:24:23 -04:00
How to create Penetration Testers Framework (PTF) VM
====================================================
"The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing.
PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine." (source [PTF Readme](https://github.com/trustedsec/ptf/blob/master/README.md))
**Note** PTF works on Debian testing as well as on Debian 8. PTF itself works with Debian 8, but the software tools will have missing dependencies. Metasploit for example requires a newer Ruby version than Debian 8 has in the repositories. Therefore the best way to install PTF is by upgrading a Debian 8 into Debian testing with additional Kali repositories. Instead of installing the tools from Kali, PTF will install and update the newest tools.
2016-06-14 10:09:21 -04:00
Create Debian Based Penetration Testers Framework (PTF) Template
----------------------------------------------------------------
1. Create PTF template
2016-06-13 20:24:23 -04:00
1. Follow [Create Debian Based Kali Template](/doc/pentesting/kali/) till step 7.
2016-06-13 20:24:23 -04:00
2. (Optional) Rename the cloned template to `ptf`
2016-06-13 20:24:23 -04:00
2. Download PTF
2016-06-13 20:24:23 -04:00
sudo apt-get install git
cd /opt
sudo git clone https://github.com/trustedsec/ptf.git
2016-06-13 20:24:23 -04:00
- (Optional) Configure PTF
2016-06-13 20:24:23 -04:00
1. Go to configuration directory
2016-06-13 20:24:23 -04:00
cd /opt/ptf/config
2016-06-13 20:24:23 -04:00
2. Edit the configuration file
2016-06-13 20:24:23 -04:00
for example by using vim:
2016-06-13 20:24:23 -04:00
sudo vim ptf.config
2016-06-13 20:24:23 -04:00
the configuration options are described in the `ptf.config` file
2016-06-13 20:24:23 -04:00
3. Install PTF
2016-06-13 20:24:23 -04:00
cd /opt/ptf
sudo ./ptf
**Note:** the config file has to be in the same directory as the executable. It is not
2016-06-13 20:24:23 -04:00
possible to do sudo ptf/ptf
PTF will put itself into `/usr/local/bin/ptf`. You can use `ptf` from now on.
2016-06-13 20:24:23 -04:00
4. Install/Update modules (tools)
2016-06-13 20:24:23 -04:00
1. Start PTF
2016-06-13 20:24:23 -04:00
sudo ptf
2016-06-13 20:24:23 -04:00
![PTF start banner](/attachment/wiki/PTF/ptf-banner.png)
2016-06-14 10:09:21 -04:00
2. Show available modules (tools)
2016-06-13 20:24:23 -04:00
ptf> show modules
2016-06-13 20:24:23 -04:00
3. Install/Update modules (all/)
2016-06-13 20:24:23 -04:00
- Install/Update all tools
2016-06-13 20:24:23 -04:00
ptf> use modules/install_update_all
2016-06-13 20:24:23 -04:00
- or by category Install/Update
2016-06-13 20:24:23 -04:00
ptf> use modules/code-audit/install_update_all
2016-06-13 20:24:23 -04:00
- or individually (example Metasploit)
2016-06-13 20:24:23 -04:00
1. Search for module
2016-06-13 20:24:23 -04:00
ptf> search metasploit
[*] Search results below:
modules/exploitation/metasploit
2016-06-13 20:24:23 -04:00
2. Use module
2016-06-13 20:24:23 -04:00
ptf> use modules/exploitation/metasploit
ptf:(modules/exploitation/metasploit)>
2016-06-13 20:24:23 -04:00
3. Install module
2016-06-13 20:24:23 -04:00
ptf:(modules/exploitation/metasploit)>install
2016-06-13 20:24:23 -04:00
4. Run Metasploit
2016-06-13 20:24:23 -04:00
ptf:(modules/exploitation/metasploit)>exit
ptf> quit
[*] Exiting PTF - the easy pentest platform creation framework.
sudo msfconsole
2016-06-13 20:24:23 -04:00
5. Create an AppVM based on the `ptf` template
2016-06-13 20:24:23 -04:00
- (Optional) Attach necessary devices
2016-06-13 20:24:23 -04:00
Alternative Options to PTF
--------------------------
- [BlackArch](/doc/pentesting/blackarch/)
- [Kali](/doc/pentesting/kali/)
- [Pentesting](/doc/pentesting/)