go to installation https://github.com/alphamystic
cli ask for target cli ask for multiple targets file
Enumerate target: Handlers If .com find ip and multiple Ips, Scan Ip,multiple IPs for services running Enumerate the services Return the potential vulnerabilities or An AD domain Can also take in a vulnerability and compromise a target
Attack the target: Skipper Use the specified vulnerabilities to try and get foothold into the network
Pivotting: Skipper Enumerate host and find potential priv escalation points Find a way to pivot through the network and infect other machines Store CnC incide brain: (AdminC2) This can be a particular forest
Initialize current sessions and connectors generate adminc2 generate implant as per the adminC2 interact with adminC2 or an implant
Automated Recon Add your own vulnerability scanners and load them as per your need or use the default minimal version CVE Checker (Still working on how to implement a CVE Database that will act as a reference point) IT Asset Management Keep track of APT's,threats and various viruses
Generation of bot c2 and implant Session Management for both c2 and implant (locally and db persistence) Multiple C2 administration Shellcode generation Run shellcode Generate a library (.dll or .so) as both minion and admin fro persistence Process injection Taking screenshots of multiple screens Encrypted commmunication over grpc's protobuf Add your Own dropper or C2 in form of a plugin Tunnelling over http,https/tcp or DNS Generate your own DNS server binary and run it anywhere then have your implant communicate to it. Generate a DNS implant or run a DNS Client by the default implant Personallly I would use a minimal implant that runs a shellcode of the DNS client Staged and Stageless payload
- .brain Stores all "brains" rather sessions connections and configurations
- lib A library of all functions helping to run odin
- payloads List of payloads to be used for brute-forcing or enumerations.
So I want to automate my hacking/pen-testing process. I have for some reason convinced myself that I can do it.
I'm using penguins of madagascar to sought of co-ordinate the attack
- Skiper: Get's a shell and pivots or escalate privs and so on.
- Kowalski: Create exploits from vulnerabilities
- Rico: Brute-force for vulnerabilities
- Private: Scans for vulnerabilities
Private and Rico generate Vulnerabilities and feed them into Kowalski to create exploits. They are created in plugin form exporting a function Scan(reconData) taking recon data to return vulnerabilities
Classified,Mort,KingJulien,Maurice
- Add a command line for all plugins
- Loot and persistence
- Pivoting
- AD Pentesting
- Syscall unhooking and EDR Detection and evasion techniques