Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

pentesting

Browse Source
This commit is contained in:
Jeepler 2016-06-13 19:24:23 -05:00
parent 4fadbec0c9
commit b4b3d282b9
6 changed files with 483 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
customization/dark-theme.md Normal file
View File

@ -0,0 +1,12 @@
---
layout: doc
title: Qubes OS Dark Theme
permalink: /doc/dark-theme/
---
Dark KDE in dom0
----------------
Dark Qube (VM)
--------------

60
managing-os/kali.md
View File

@ -1,60 +0,0 @@
---
layout: doc
title: How to create a Kali Linux VM
permalink: /doc/kali/
---
How to Create a Kali Linux VM
=============================
This guide is being created to give guidance on ways in which you could implement Kali Pen-Testing distrubution within Qubes-OS.
There are multiple ways in which this can be achieved, for example you could create a HVM and use the ISO to install the system straight to that virtual machine.
Build Based on Debian Template
---
1 - Install debian-8 template (if not already installed)
2 - Clone debian-8 template
3 - Add kali repo to /etc/apt/sources.list:
* deb http://http.kali.org/kali kali-rolling main non-free contrib
4 - Find and add kali signing keys:
* gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 (this is the key ID I found on Kali web site)
* gpg --list-keys --with-fingerprint 7D8D0BF6
* gpg --export --armor 7D8D0BF6 > kali.asc
* sudo apt-key add kali.asc
* sudo apt-key list
5 - sudo apt-get update
6 - sudo halt
7 - backup template (cloned...)
8 - sudo apt-get apt-get install kali-*** (or similar) --> installs fine but break the template X settings. As mentioned, X packaged need to be masked prior to this, I did not take the time to look-up how to do that...
9 - Create a appvm from the kali template and attach necessary devices.
Note:
If you do not want to modify the sources.list file and add the signing keys yourself, alternatively you can use KATOOLIN after cloning the Debian Template. Guide on how to use KATOOLIN - http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/
Alternative Options to Kali
---
PenTester Framework (PTF)

19
managing-os/pentesting.md Normal file
View File

@ -0,0 +1,19 @@
---
layout: doc
title: Penetration Testing
permalink: /doc/pentesting/
---
Penetration Testing
===================
"A penetration test, informally pen test, is an attack on a computer system that looks for security weaknesses, potentially gaining access to the computer's features and data." (source [Penetration test](https://en.wikipedia.org/wiki/Penetration_test)).
Penetration Testing Distributions:
----------------------------------
The following install instructions explain how to setup a penetration testing distribution within Qubes OS.
- [BlackArch](/doc/blackarch/)
- [Kali](/doc/kali/)
- [PenTester Framework (PTF)](/doc/ptf/)

96
managing-os/pentesting/blackarch.md Normal file
View File

@ -0,0 +1,96 @@
---
layout: doc
title: How to Create a BlackArch VM
permalink: /doc/blackarch/
---
How to Create a BlackArch VM
============================
[BlackArch](http://www.blackarch.org) Linux is an [Arch Linux](http://www.archlinux.org/)-based distribution for penetration testers and security researchers. The repository contains [1434](http://www.blackarch.org/tools.html) tools.
- List of [tools](http://www.blackarch.org/tools.html)
- [Installation Instructions](http://www.blackarch.org/downloads.html)
Create ArchLinux Based BlackArch Template
-----------------------------------------
0 - Create ArchlLinux Template
- Follow the [Archlinux Template instructions](/doc/templates/archlinux/)
1 - Update Template
~~~
sudo pacman -Syyu
~~~
2 - Clone template
1. Via Qubes VM Manager
2. Via command line
~~~
qvm-clone archlinux blackarch
~~~
3 - Install BlackArch repository
~~~
$ curl -O https://blackarch.org/strap.sh
# The SHA1 sum should match: 86eb4efb68918dbfdd1e22862a48fda20a8145ff
$ sha1sum strap.sh
# Set execute bit
$ chmod +x strap.sh
# Run strap.sh
$ sudo ./strap.sh
~~~
4 - Install tools
- install all tools
~~~
sudo pacman -S blackarch
~~~
- or by category:
~~~
# list available categories
pacman -Sg | grep blackarch
# install category
sudo pacman -S blackarch-<category>
# example
sudo pacman -S blackarch-forensic
~~~
- or specific tool
~~~
# Search for tool
pacman -Ss <tool-name>
# Install tool
sudo pacman -S <tool-name>
# Example
pacman -Ss burpsuite
sudo pacman -S burpsuite
~~~
5 - Create a AppVMs based on the `ptf` template
- (Optional) Attach necessary devices
Alternative Options to BlackArch
--------------------------------
- [Kali](/doc/kali/)
- [PenTester Framework (PTF)](/doc/ptf/)

230
managing-os/pentesting/kali.md Normal file
View File

@ -0,0 +1,230 @@
---
layout: doc
title: How to create a Kali Linux VM
permalink: /doc/kali/
---
How to Create a Kali Linux VM
=============================
This guide is being created to give guidance on ways in which you could create a [Kali Linux](https://www.kali.org/) penetration testing VM (Qube) in Qubes OS.
Kali Linux is the most widely used penetration testing Linux distribution.
There are multiple ways to create a Kali Linux VM. One way is to create a HVM and use the offical ISO to install the system or convert a [Virtual Image](https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/). Another way is to clone the Qubes OS Debian image and turn it into a Kali Linux distribution.
Kali Linux HVM
--------------
0 - Download the Kali installation DVD
1 - Create a new HVM
2 - Start the HVM with attached CD/DVD
~~~
qvm-start <hvm-name> --cdrom <vm-name>:/home/user/Downloads/<iso-name>.iso
~~~
Create Debian Based Kali Template
---------------------------------
0 - (Optional) Install `debian-8` template (if not already installed)
1 - Update your `debian-8` template
~~~
sudo apt-get update
sudo apt-get dist-upgrade
~~~
2 - Clone `debian-8` template (two options)
1. Via Qubes VM Manager
![Clone Debian Template](/attachment/wiki/Pentesting/Kali/clone-kali.png)
2. Via command line
~~~
qvm-clone debian-8 kali
~~~
3 - Start and upgrade the `kali` Template from Debian 8 to Debian 9
~~~
user@kali:~$ sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list
user@kali:~$ sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list.d/qubes-r3.list
user@kali:~$ sudo apt-get update
user@kali:~$ sudo apt-get dist-upgrade
user@kali:~$ sudo apt-get autoremove
~~~
NOTICE: From now on there are two possible ways either doing everything manually or automatically with [Katoolin](https://github.com/LionSec/katoolin).
Katoolin is a script (written in Python) which helps you to install Kali tools.
4 *manually* - Add Kali Linux repositories
1. Add Kali Linux repositories to `/etc/apt/sources.list`
~~~
deb http://http.kali.org/kali kali-rolling main contrib non-free
deb http://repo.kali.org/kali kali-bleeding-edge main
~~~
2. Add kali signing key
- The signing key can be found here [Download Kali Linux Images Securely](https://www.kali.org/downloads/)
~~~
sudo apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6
sudo apt-get update
~~~
4 *katoolin* - Install Katoolin and add Kali Linux repositories
1. Install Katoolin
~~~
sudo apt-get install git
git clone https://github.com/LionSec/katoolin.git
sudo cp katoolin/katoolin.py /usr/bin/katoolin
sudo chmod +x /usr/bin/katoolin
rm -rf katoolin
~~~
2. Add Kali Linux repositories
- start katoolin
~~~
sudo katoolin
~~~
- select 'Add Kali repositories & Update'
~~~
1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 1
~~~
![Add Kali repositories and Update menu](/attachment/wiki/Pentesting/Kali/katoolin-add-update-repo-menu.png)
- select 'Add kali linux repositories'
~~~
1) Add kali linux repositories
2) Update
3) Remove all kali linux repositories
4) View the contents of sources.list file
What do you want to do ?> 1
~~~
![Add Kali repositories](/attachment/wiki/Pentesting/Kali/katoolin-add-repos-menu.png)
- update Kali repositories
~~~
1) Add kali linux repositories
2) Update
3) Remove all kali linux repositories
4) View the contents of sources.list file
What do you want to do ?> 2
~~~
- quit katoolin by pressing `CRTL` + `c` keys
~~~
What do you want to do ?> ^CShutdown requested...Goodbye...
~~~
5 - Cleanup and update `kali` template
~~~
sudo apt-get dist-upgrade
sudo apt-get autoremove
~~~
6 - Shutdown and trim `kali` template
- Shutdown `kali` template
~~~
sudo shutdown -h now
~~~
- In `dom0` console:
~~~
qvm-trim-template kali
~~~
7 - Start image
8 *manually* - Install tools
1. List available packages
~~~
sudo apt-cache search kali-linux
~~~
2. Select and install tools
- install base system
~~~
sudo apt-get install kali-linux
~~~
- or install all tools
~~~
sudo apt-get install kali-linux-full
~~~
- or select specific (example):
~~~
sudo apt-get install kali-linux-top10 kali-linux-web
~~~
8 *katoolin* - Install tools
1. View Categories
- start katoolin
~~~
sudo katoolin
~~~
- select `2) View Categories`
2. Select the categories/tools you want to install
- For more information on how to use Katoolin see [How to Auto Install All Kali Linux Tools Using “Katoolin” on Debian/Ubuntu](http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/)
- **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`.
9 - Create a AppVMs based on the `kali` template
- (Optional) Attach necessary devices
Alternative Options to Kali
---------------------------
- [BlackArch](/doc/blackarch/)
- [PenTester Framework (PTF)](/doc/ptf/)

126
managing-os/pentesting/ptf.md Normal file
View File

@ -0,0 +1,126 @@
---
layout: doc
title: How to create Penetration Testers Framework (PTF) VM
permalink: /doc/ptf/
---
How to create Penetration Testers Framework (PTF) VM
====================================================
"The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing.
PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine." (source [PTF Readme](https://github.com/trustedsec/ptf/blob/master/README.md))
1 - Create PTF template
1. Follow the [Create Debian Based Kali Template](/doc/kali/) till step 7.
2. (Optional) Rename the cloned template to `ptf`
2 - Download PTF
~~~
sudo apt-get install git
cd /opt
sudo git clone https://github.com/trustedsec/ptf.git
~~~
- (Optional) Configure PTF
1. Go to configuration directory
~~~
cd /opt/ptf/config
~~~
2. Edit the configuration file
for example by using vim:
~~~
sudo vim ptf.config
~~~
The configuration options are described in the `ptf.config` file
4 - Install PTF
~~~
cd /opt/ptf
sudo ./ptf
~~~
**Note:** the config file has to be in the same directory as the executable. It is not
possible to do sudo ptf/ptf
PTF will put itself into `/usr/local/bin/ptf`. You can use `ptf` from now on.
5 - Install/Update modules (tools)
1. Start PTF
~~~
sudo ptf
~~~
2. Show available modules (tools)
~~~
ptf> show modules
~~~
3. Install/Update modules (all/)
- Install/Update all tools
~~~
ptf> use modules/install_update_all
~~~
- or by category Install/Update
~~~
ptf> use modules/code-audit/install_update_all
~~~
- or individually (example Metasploit)
1. Search for module
~~~
ptf> search metasploit
[*] Search results below:
modules/exploitation/metasploit
~~~
2. Use module
~~~
ptf> use modules/exploitation/metasploit
ptf:(modules/exploitation/metasploit)>
~~~
3. Install module
~~~
ptf:(modules/exploitation/metasploit)>install
~~~
4. Run Metasploit
~~~
ptf:(modules/exploitation/metasploit)>exit
ptf> quit
[*] Exiting PTF - the easy pentest platform creation framework.
~$ sudo msfconsole
~~~
6 - Create a AppVMs based on the `ptf` template
- (Optional) Attach necessary devices
Alternative Options to PTF
--------------------------
- [BlackArch](/doc/blackarch/)
- [Kali](/doc/kali/)