# Infrax Setup
This notebook contains commands and procedures for setting up and configuring infrastructure.

v1.2.2

### Clear Cache and Outputs

In [None]:
# Clear Cache and Outputs (for development purposes)
import os, shutil

cache_dir = 'Cache'
loot_dir = 'Loot'
logs_dir = 'Logs'

def clear_directory_contents(path):
    if os.path.exists(path) and os.path.isdir(path):
        for filename in os.listdir(path):
            if os.path.isdir(f'Loot\{filename}'):
                for subdir_filename in os.listdir(f'Loot\{filename}'):
                    os.unlink(f'Loot\{filename}\{subdir_filename}')
            else:
                file_path = os.path.join(path, filename)
                try:
                    if os.path.isfile(file_path) or os.path.islink(file_path):
                        pass
                        os.unlink(file_path)
                except Exception as e:
                    print(f'Failed to delete {file_path}. Reason: {e}')


# Clear temporary project contents
clear_directory_contents(cache_dir)
clear_directory_contents(loot_dir)
clear_directory_contents(logs_dir)

print('Cache, Loot, and Logs have been cleared.')

### Action Template

In [None]:
# Action Template
#import templates
#force_run = False

#cmd_cache = ''
#cmd_syntax = ''
#cmd_os = ''

#output = templates.cache_command_output(cmd_cache, force_run, cmd_os, cmd_syntax)

#print(output)

## Environment Check


In [None]:
# Find External IP
import templates
force_run = False

cmd_cache = 'ext_ip'
cmd_os = 'vm'
cmd_syntax = 'curl ip.beer'

ext_ip = templates.cache_command_output(cmd_cache, force_run, cmd_os, cmd_syntax).strip()


print(ext_ip)

In [None]:
# Make VM Loot Dir
import templates
force_run = True

cmd_cache = 'create_vm_lootdir'
cmd_os = 'vm'
#TODO: Need to ensure all tool outputs are captured here
createdir_syntax = f'mkdir -p {templates.var_vm_lootdir}/nmap'

output = templates.cache_command_output(cmd_cache, force_run, cmd_os, createdir_syntax)

checkdir_syntax = f'find {templates.var_vm_lootdir}'
checkdir = templates.cache_command_output(cmd_cache, force_run, cmd_os, checkdir_syntax)

print(checkdir)

## Connectivity Check
The goal here is to ensure connectivity between established infrastructure and target and ensure infrastructure is advertising correct naming schema

In [None]:
# Connectivity Check
#TODO: This action should move and incorporate established infrax
import templates
force_run = False

cmd_cache = f'ping_{templates.var_target_ip}'
cmd_syntax = f'ping -n 4 {templates.var_target_ip}' 
cmd_os = 'win'

ping = templates.cache_command_output(cmd_cache, force_run, cmd_os, cmd_syntax)

print(ping)

In [None]:
# DNS Lookup
force_run = False
cmd_cache = f'nslookup_{ext_ip}'
cmd_syntax = f'nslookup {ext_ip}'
cmd_os = 'win'

dns = templates.cache_command_output(cmd_cache, force_run, cmd_os, cmd_syntax)

print(dns)

In [None]:
# Hostname from VM
force_run = False

cmd_cache = 'vmhostname'
cmd_syntax = f'hostname'
cmd_os = 'vm'

var_vm_hostname = templates.cache_command_output(cmd_cache, force_run, cmd_os, cmd_syntax)
print(var_vm_hostname)


## Cobalt Strike
[Cobalt Strike Malleable C2 Profile](https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/malleable-c2_main.htm?cshid=1062)

In [None]:
# Generate CS Malleable C2 Profile

#force_run = False

#cmd_cache = ''
#cmd_syntax = ''
#cmd_os = ''

#output = templates.cache_command_output(cmd_cache, force_run, cmd_run)

#print(output)

In [None]:
# Start CobaltStrike Server

#force_run = False

cmd_cache = 'cobaltstrike'
# Write a way to do this all in one command, or just use multiple
# Find cobalstrike teamserver file and run
#cmd_syntax = 'locate cobaltstrike | grep XXX | grep teamserver'
#cmd_syntax = 'teamserver {vm_ip} {cs_password} {cs_c2profilelocation}'

#cmd_syntax = 'iptables -A INPUT -p tcp --dport 443 ! -s {redir_IP} -j DROP && iptables -A INPUT -p tcp --dport 80 ! -s {redir_IP} -j DROP && iptables-save'
cmd_os = 'vm'

#output = templates.cache_command_output(cmd_cache, force_run, cmd_run)

#print(output)

## Establish Domain

### Types of Domain Names
- Phishing email domain
- Phishing website domain
- Payload hosting domain
- C2 domain
- Redirector domain

### Choosing Domain Name
- [JJonahNameson](https://github.com/blue-armory/JJonahNameson)

### Domain Hosting Services
- GoDaddy
- Namecheap

**NOTE: Purchase 'whois' guard protection to protect against information leakage**

### Domain Categorization
*TODO* Put sites in order of priority  
- [Symantec](https://sitereview.bluecoat.com/#/)
- [Zscaler](https://zulu.zscaler.com/)
- [Websense](https://www.websense.com/assets/html/ai-widget/base.html)
- [Trellix](https://trustedsource.org/en/feedback/url?action=checksingle)
- [Barracuda](https://www.barracudacentral.org/lookups)
- [Trend Micro](https://global.sitesafety.trendmicro.com/index.php)
- [Sophos](https://support.sophos.com/support/s/filesubmission?language=en_US)
- [Trustwave](https://support.trustwave.com/wfdbcheck.asp)
- [BrightCloud](https://www.brightcloud.com/tools/change-request.php) *Requires email address*
- [Check Point](https://urlcat.checkpoint.com/urlcat/)
- [Zvelo](https://tools.zvelo.com/)
- [Palo Alto](https://urlfiltering.paloaltonetworks.com/query/)
- [Fortiguard](https://www.fortiguard.com/webfilter)
- [IP Quality Score](https://www.ipqualityscore.com/user/registration/completed) *Free site, API option*
- [WhoisXMLAPI](https://website-categorization.whoisxmlapi.com/api/documentation/v3/making-requests) *Free site, API option, limited free requests*

**Also check recently [expired domains](https://expireddomains.net/backorder-expired-domains)**  


The point of this section is to ensure the externally facing resources that are established per engagement are categorized as not malicious

In [None]:
# Domain Categorization Check

force_run = 'skip'

#TODO Recreate Bluecoat HTTP traffic, pull JSESSIONID, XSRF-TOKEN, GCLB to store in cookie, POST request with saved 'key' and 'phrase'
## Funny enough, this is actually how CatMyFish works, just need to pull a little functionality out
## DomainCat does this most verbosely, and probably better, adding reference: https://github.com/l0gan/domainCat
if force_run == 'skip':
    print('[*] Skipping cell execution')
elif force_run == True:
    pass
else:
    #TODO Implement caching function for builtin python scripts
    print('[*] No caching for builtin Python yet, so here\'s nothing until you set \'force_run=True\'')
    

## Via CatMyFish
##TODO check if CatMyFish is installed, and pip install if not
#force_run = False

#cmd_cache = 'catmyfish'
# Write a way to do this all in one command, or just use multiple
#cmd_syntax = 'python CatMyFish {domain_name}'
#cmd_os = 'vm'

#output = templates.cache_command_output(cmd_cache, force_run, cmd_run)

#print(output)

## Redirector Setup

### Digital Ocean
*TODO*

### HTTPS/Apache
*TODO*

## Payload Hosting Setup
*TODO*