A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a single linux VM (or bare metal) very capable in Digital Forensics, Incident Response, Reverse Engineering and Penetration Testing. Daily drivers can be InfoSec War Machines as well! At a minimum it is working towards reducing the number of VM's needed for folks doing Forensics, Threat Hunting, Web App Assessments and Penetration testing along the way.
- Written for Ubuntu 20.04. It should be easily modifiable for other versions and distributions.
- python3
- git
- root privileges
- Approx. 22 Gigs of free space
sudo apt install python3 git
- Review the script. No changes needed to get started.
- (optional) Check list of packages, add, or take away etc.
- Clone this repository
git clone https://github.com/ED-209-MK7/infosec-fortress.git
- Run the script as sudo/root.
sudo python3 ./infosec-fortress/build-fortress.py
- (semi-optional) Go make a sandwhich. It takes a long time.
- Be Prepared to answer some prompts along the way (not many)
This script will make /opt/infosec-fortress. This directory will contain build logs and an update script.
- REMnux Reverse Engineering platform
- SIFT Incident Response Platform
- Metasploit Framework
- Kali's Wordlists plus more
- Kali's Collection of Webshells
- Kali's Windows Binaries/Resources
- The latest bloodhound
- Enum4Linux and Enum4linux-ng
DFIR Tools
- Log2Timeline (Plaso)
- RegRipper
- msg converter
RE Tools
- Ghidra (Pronounced Ghee-druh (like geek wihtout the k + druh))
- radare2
- binwalk
- look and feel of REMnux (CLI Color Highlighting for filetype)
Network tools
- snort
- tcpdump
- wireshark
- tshark
- ngrep
Security Assessment (PenTest Tools)
- Metasploit Framework
- Burp Suite
- Zap
- nmap
- masscan
- Hashcat
- John
- Hydra
- Medusa
- smbclient /rpcclient
- sqlmap
- netcat-traditional
- air-crack-ng
- kismet
Other
- VS Code
- Powershell Core
And more...
- add Zeek
- add RITA
- add SiLK
- add a dir containing pre-made host enumeration scripts
- add DPAT (domain password auditing tool)?
- SRUM Dump.py (does it work on Ubuntu?)
- Responder symlink
- add secretsdump.py (might be there already)
- add bettercap
- add Empyre? or similar
- add spider foot community edition
- add Recon-NG
- add Maltego
- test Erik Zimmermans tools in wine
- add a folder in /usr/share/? packed with SANS Posters