Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add support for high-level access of shells #158
When a shell is initiated, we should be able to access the shell in some sort of terminal multiplexer via SSH, perhaps we can even add a temporary ssh server as a Lego?
This is my idea of a perfect projects with a good workflow for chatops.
Everybody is in chat, we've just got the green light do an assessment on "company X", the bot is called "Gibson".
penteter> gibson: be verbose
pentester> company-x-001: install backdoor
We can incorporate tmux with this session as well, so anybody logging into view it can see what anybody is doing, thus incorporating the collaborative feel of a chatbot, but without sacrificing the ease of a real shell.
gibson will also be able to alert when new things have been achieved, such as getting data from mimikatz, installing a backdoor, or getting root on the system
company-x-001> Root achieved!
These alerts will appear automatically by watching the activity of the pentester, and of course his activity is recorded for later reports.
This is just the beginning of something potentially massive, this is a basic outline of how I think it should work.
This is a really great picture of where I want to go with the collection of offensive tools and legos we have planned.
What we need to do in order to get to this point is to figure out what tools would be used in the backend (MSF, recon-ng, etc) and then write lego wrappers for them. Then we would need to define workflows around those tools. This would definitely be a very high level abstraction, so we'd also need a way to step out of the "hacking on rails" workflow and into the data that the bot itself brings back.
I think starting with the recon bits is the most valuable and then moving into active attacks after the recon flows are worked out.
This is going to take more than a few legos. You should write a recon library, that uses relevant APIs. Take that library and be able to call it from legos. Maybe deal with JSON. As for SSH: that'd be the hardest bit. Also not very quiet to have a bot on a server. Tons of network activity.