From b4b3d282b98cb5d7d644bd02a6a3963ee7f32ff4 Mon Sep 17 00:00:00 2001 From: Jeepler Date: Mon, 13 Jun 2016 19:24:23 -0500 Subject: [PATCH] pentesting --- customization/dark-theme.md | 12 ++ managing-os/kali.md | 60 -------- managing-os/pentesting.md | 19 +++ managing-os/pentesting/blackarch.md | 96 ++++++++++++ managing-os/pentesting/kali.md | 230 ++++++++++++++++++++++++++++ managing-os/pentesting/ptf.md | 126 +++++++++++++++ 6 files changed, 483 insertions(+), 60 deletions(-) create mode 100644 customization/dark-theme.md delete mode 100644 managing-os/kali.md create mode 100644 managing-os/pentesting.md create mode 100644 managing-os/pentesting/blackarch.md create mode 100644 managing-os/pentesting/kali.md create mode 100644 managing-os/pentesting/ptf.md diff --git a/customization/dark-theme.md b/customization/dark-theme.md new file mode 100644 index 00000000..4dada153 --- /dev/null +++ b/customization/dark-theme.md @@ -0,0 +1,12 @@ +--- +layout: doc +title: Qubes OS Dark Theme +permalink: /doc/dark-theme/ +--- + +Dark KDE in dom0 +---------------- + + +Dark Qube (VM) +-------------- diff --git a/managing-os/kali.md b/managing-os/kali.md deleted file mode 100644 index 466f4806..00000000 --- a/managing-os/kali.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -layout: doc -title: How to create a Kali Linux VM -permalink: /doc/kali/ ---- - -How to Create a Kali Linux VM -============================= - -This guide is being created to give guidance on ways in which you could implement Kali Pen-Testing distrubution within Qubes-OS. - -There are multiple ways in which this can be achieved, for example you could create a HVM and use the ISO to install the system straight to that virtual machine. - - -Build Based on Debian Template ---- - -1 - Install debian-8 template (if not already installed) - -2 - Clone debian-8 template - -3 - Add kali repo to /etc/apt/sources.list: - - * deb http://http.kali.org/kali kali-rolling main non-free contrib - -4 - Find and add kali signing keys: - - * gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 (this is the key ID I found on Kali web site) - - * gpg --list-keys --with-fingerprint 7D8D0BF6 - - * gpg --export --armor 7D8D0BF6 > kali.asc - - * sudo apt-key add kali.asc - - * sudo apt-key list - -5 - sudo apt-get update - -6 - sudo halt - -7 - backup template (cloned...) - -8 - sudo apt-get apt-get install kali-*** (or similar) --> installs fine but break the template X settings. As mentioned, X packaged need to be masked prior to this, I did not take the time to look-up how to do that... - -9 - Create a appvm from the kali template and attach necessary devices. - - -Note: - -If you do not want to modify the sources.list file and add the signing keys yourself, alternatively you can use KATOOLIN after cloning the Debian Template. Guide on how to use KATOOLIN - http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/ - - - -Alternative Options to Kali ---- - -PenTester Framework (PTF) - - diff --git a/managing-os/pentesting.md b/managing-os/pentesting.md new file mode 100644 index 00000000..291a7a90 --- /dev/null +++ b/managing-os/pentesting.md @@ -0,0 +1,19 @@ +--- +layout: doc +title: Penetration Testing +permalink: /doc/pentesting/ +--- + +Penetration Testing +=================== + +"A penetration test, informally pen test, is an attack on a computer system that looks for security weaknesses, potentially gaining access to the computer's features and data." (source [Penetration test](https://en.wikipedia.org/wiki/Penetration_test)). + +Penetration Testing Distributions: +---------------------------------- + +The following install instructions explain how to setup a penetration testing distribution within Qubes OS. + +- [BlackArch](/doc/blackarch/) +- [Kali](/doc/kali/) +- [PenTester Framework (PTF)](/doc/ptf/) diff --git a/managing-os/pentesting/blackarch.md b/managing-os/pentesting/blackarch.md new file mode 100644 index 00000000..2db1ebac --- /dev/null +++ b/managing-os/pentesting/blackarch.md @@ -0,0 +1,96 @@ +--- +layout: doc +title: How to Create a BlackArch VM +permalink: /doc/blackarch/ +--- + +How to Create a BlackArch VM +============================ + +[BlackArch](http://www.blackarch.org) Linux is an [Arch Linux](http://www.archlinux.org/)-based distribution for penetration testers and security researchers. The repository contains [1434](http://www.blackarch.org/tools.html) tools. + +- List of [tools](http://www.blackarch.org/tools.html) +- [Installation Instructions](http://www.blackarch.org/downloads.html) + +Create ArchLinux Based BlackArch Template +----------------------------------------- + +0 - Create ArchlLinux Template + + - Follow the [Archlinux Template instructions](/doc/templates/archlinux/) + +1 - Update Template + +~~~ +sudo pacman -Syyu +~~~ + +2 - Clone template + +1. Via Qubes VM Manager + +2. Via command line + + ~~~ + qvm-clone archlinux blackarch + ~~~ + +3 - Install BlackArch repository + +~~~ +$ curl -O https://blackarch.org/strap.sh + +# The SHA1 sum should match: 86eb4efb68918dbfdd1e22862a48fda20a8145ff +$ sha1sum strap.sh + +# Set execute bit +$ chmod +x strap.sh + +# Run strap.sh +$ sudo ./strap.sh +~~~ + +4 - Install tools + + - install all tools + + ~~~ + sudo pacman -S blackarch + ~~~ + + - or by category: + + ~~~ + # list available categories + pacman -Sg | grep blackarch + + # install category + sudo pacman -S blackarch- + + # example + sudo pacman -S blackarch-forensic + ~~~ + + - or specific tool + + ~~~ + # Search for tool + pacman -Ss + + # Install tool + sudo pacman -S + + # Example + pacman -Ss burpsuite + sudo pacman -S burpsuite + ~~~ + +5 - Create a AppVMs based on the `ptf` template + + - (Optional) Attach necessary devices + +Alternative Options to BlackArch +-------------------------------- + + - [Kali](/doc/kali/) + - [PenTester Framework (PTF)](/doc/ptf/) diff --git a/managing-os/pentesting/kali.md b/managing-os/pentesting/kali.md new file mode 100644 index 00000000..36c95ab1 --- /dev/null +++ b/managing-os/pentesting/kali.md @@ -0,0 +1,230 @@ +--- +layout: doc +title: How to create a Kali Linux VM +permalink: /doc/kali/ +--- + +How to Create a Kali Linux VM +============================= + +This guide is being created to give guidance on ways in which you could create a [Kali Linux](https://www.kali.org/) penetration testing VM (Qube) in Qubes OS. + +Kali Linux is the most widely used penetration testing Linux distribution. + +There are multiple ways to create a Kali Linux VM. One way is to create a HVM and use the offical ISO to install the system or convert a [Virtual Image](https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/). Another way is to clone the Qubes OS Debian image and turn it into a Kali Linux distribution. + +Kali Linux HVM +-------------- + +0 - Download the Kali installation DVD + +1 - Create a new HVM + +2 - Start the HVM with attached CD/DVD + +~~~ +qvm-start --cdrom :/home/user/Downloads/.iso +~~~ + +Create Debian Based Kali Template +--------------------------------- + +0 - (Optional) Install `debian-8` template (if not already installed) + +1 - Update your `debian-8` template + +~~~ +sudo apt-get update +sudo apt-get dist-upgrade +~~~ + +2 - Clone `debian-8` template (two options) + + 1. Via Qubes VM Manager + + ![Clone Debian Template](/attachment/wiki/Pentesting/Kali/clone-kali.png) + + 2. Via command line + + ~~~ + qvm-clone debian-8 kali + ~~~ + +3 - Start and upgrade the `kali` Template from Debian 8 to Debian 9 + +~~~ +user@kali:~$ sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list +user@kali:~$ sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list.d/qubes-r3.list +user@kali:~$ sudo apt-get update +user@kali:~$ sudo apt-get dist-upgrade +user@kali:~$ sudo apt-get autoremove +~~~ + +NOTICE: From now on there are two possible ways either doing everything manually or automatically with [Katoolin](https://github.com/LionSec/katoolin). + +Katoolin is a script (written in Python) which helps you to install Kali tools. + +4 *manually* - Add Kali Linux repositories + + 1. Add Kali Linux repositories to `/etc/apt/sources.list` + + ~~~ + deb http://http.kali.org/kali kali-rolling main contrib non-free + deb http://repo.kali.org/kali kali-bleeding-edge main + ~~~ + + 2. Add kali signing key + + - The signing key can be found here [Download Kali Linux Images Securely](https://www.kali.org/downloads/) + + ~~~ + sudo apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6 + sudo apt-get update + ~~~ + + + +4 *katoolin* - Install Katoolin and add Kali Linux repositories + + 1. Install Katoolin + + ~~~ + sudo apt-get install git + git clone https://github.com/LionSec/katoolin.git + sudo cp katoolin/katoolin.py /usr/bin/katoolin + sudo chmod +x /usr/bin/katoolin + rm -rf katoolin + ~~~ + + 2. Add Kali Linux repositories + + - start katoolin + + ~~~ + sudo katoolin + ~~~ + + - select 'Add Kali repositories & Update' + + ~~~ + 1) Add Kali repositories & Update + 2) View Categories + 3) Install classicmenu indicator + 4) Install Kali menu + 5) Help + + kat > 1 + ~~~ + + ![Add Kali repositories and Update menu](/attachment/wiki/Pentesting/Kali/katoolin-add-update-repo-menu.png) + + - select 'Add kali linux repositories' + + ~~~ + 1) Add kali linux repositories + 2) Update + 3) Remove all kali linux repositories + 4) View the contents of sources.list file + + What do you want to do ?> 1 + ~~~ + + ![Add Kali repositories](/attachment/wiki/Pentesting/Kali/katoolin-add-repos-menu.png) + + - update Kali repositories + + ~~~ + 1) Add kali linux repositories + 2) Update + 3) Remove all kali linux repositories + 4) View the contents of sources.list file + + What do you want to do ?> 2 + ~~~ + + - quit katoolin by pressing `CRTL` + `c` keys + + ~~~ + What do you want to do ?> ^CShutdown requested...Goodbye... + ~~~ + +5 - Cleanup and update `kali` template + +~~~ +sudo apt-get dist-upgrade +sudo apt-get autoremove +~~~ + + +6 - Shutdown and trim `kali` template + + - Shutdown `kali` template + + ~~~ + sudo shutdown -h now + ~~~ + + - In `dom0` console: + + ~~~ + qvm-trim-template kali + ~~~ + +7 - Start image + +8 *manually* - Install tools + + 1. List available packages + + ~~~ + sudo apt-cache search kali-linux + ~~~ + + 2. Select and install tools + + - install base system + + ~~~ + sudo apt-get install kali-linux + ~~~ + + - or install all tools + + ~~~ + sudo apt-get install kali-linux-full + ~~~ + + - or select specific (example): + + ~~~ + sudo apt-get install kali-linux-top10 kali-linux-web + ~~~ + +8 *katoolin* - Install tools + + 1. View Categories + + - start katoolin + + ~~~ + sudo katoolin + ~~~ + + - select `2) View Categories` + + 2. Select the categories/tools you want to install + + - For more information on how to use Katoolin see [How to Auto Install All Kali Linux Tools Using “Katoolin” on Debian/Ubuntu](http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/) + + - **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`. + +9 - Create a AppVMs based on the `kali` template + + - (Optional) Attach necessary devices + + +Alternative Options to Kali +--------------------------- + +- [BlackArch](/doc/blackarch/) +- [PenTester Framework (PTF)](/doc/ptf/) diff --git a/managing-os/pentesting/ptf.md b/managing-os/pentesting/ptf.md new file mode 100644 index 00000000..d1597f25 --- /dev/null +++ b/managing-os/pentesting/ptf.md @@ -0,0 +1,126 @@ +--- +layout: doc +title: How to create Penetration Testers Framework (PTF) VM +permalink: /doc/ptf/ +--- + +How to create Penetration Testers Framework (PTF) VM +==================================================== + +"The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. + +PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine." (source [PTF Readme](https://github.com/trustedsec/ptf/blob/master/README.md)) + +1 - Create PTF template + + 1. Follow the [Create Debian Based Kali Template](/doc/kali/) till step 7. + 2. (Optional) Rename the cloned template to `ptf` + +2 - Download PTF + +~~~ +sudo apt-get install git +cd /opt +sudo git clone https://github.com/trustedsec/ptf.git +~~~ + + - (Optional) Configure PTF + + 1. Go to configuration directory + + ~~~ + cd /opt/ptf/config + ~~~ + + 2. Edit the configuration file + + for example by using vim: + + ~~~ + sudo vim ptf.config + ~~~ + + The configuration options are described in the `ptf.config` file + +4 - Install PTF + +~~~ +cd /opt/ptf +sudo ./ptf +~~~ + +**Note:** the config file has to be in the same directory as the executable. It is not +possible to do sudo ptf/ptf + +PTF will put itself into `/usr/local/bin/ptf`. You can use `ptf` from now on. + +5 - Install/Update modules (tools) + + 1. Start PTF + + ~~~ + sudo ptf + ~~~ + + 2. Show available modules (tools) + + ~~~ + ptf> show modules + ~~~ + + 3. Install/Update modules (all/) + + - Install/Update all tools + + ~~~ + ptf> use modules/install_update_all + ~~~ + + - or by category Install/Update + + ~~~ + ptf> use modules/code-audit/install_update_all + ~~~ + + - or individually (example Metasploit) + + 1. Search for module + + ~~~ + ptf> search metasploit + [*] Search results below: + modules/exploitation/metasploit + ~~~ + + 2. Use module + + ~~~ + ptf> use modules/exploitation/metasploit + ptf:(modules/exploitation/metasploit)> + ~~~ + + 3. Install module + + ~~~ + ptf:(modules/exploitation/metasploit)>install + ~~~ + + 4. Run Metasploit + + ~~~ + ptf:(modules/exploitation/metasploit)>exit + ptf> quit + [*] Exiting PTF - the easy pentest platform creation framework. + ~$ sudo msfconsole + ~~~ + +6 - Create a AppVMs based on the `ptf` template + + - (Optional) Attach necessary devices + + +Alternative Options to PTF +-------------------------- + +- [BlackArch](/doc/blackarch/) +- [Kali](/doc/kali/)