GithubHelp home page GithubHelp logo

kcarretto / arsenal Goto Github PK

View Code? Open in Web Editor NEW
111.0 10.0 39.0 469 KB

Extensible Red Team Framework

License: GNU General Public License v3.0

Python 98.37% Shell 1.25% Dockerfile 0.37%
redteam framework threat-emulation api command-and-control botnet malware-development malware

arsenal's Introduction

Arsenal Build Status python 3.6

Extensible Red Team Framework

Overview

Arsenal is a framework designed to be a back-end for Red Team command and control operations. It allows many Agent-C2 models to be integrated into one system, with a great interface and many useful features. The goal is to limit the time Red Team spends on back-end development, and invest more resources into the malware that is distributed to target systems.

Feature Highlights

  • Integrates with custom implants and C2 servers with ease
  • Easily group target machines and interact with all of them at once
  • 3rd Party applications can integrate using outgoing webhooks (i.e. Slack Integration)
  • Register agents and prevent them from receiving unsupported commands
  • Protected by authentication and custom RBAC implementation to restrict what users have access to
  • Easy to use console with autocomplete, history searching, and more
  • Enable action attribution, know who on your team did what and when

Quick Start

Here are some quick deployment instructions to set up on Ubuntu 16.04 (The project will work across various distros however). It is recommended to loadbalance the teamserver for production use.

Fast install

Note: Fix permissions (i.e. not require sudo) at your leisure Optionally remove the new argument if you do not wish to populate the db with defaults.

sudo git clone https://github.com/kcarretto/arsenal /opt/arsenal
cd /opt/arsenal
sudo chmod +x install.sh
./install.sh new

Install dependencies

sudo apt-get update && sudo apt-get install docker.io git curl

Clone this repository

sudo git clone https://github.com/kcarretto/arsenal /opt/arsenal

Install docker compose

sudo curl -L https://github.com/docker/compose/releases/download/1.20.1/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose

Deploy with docker compose

mkdir -p /var/log/arsenal

cd /opt/arsenal; docker-compose up -d >> /var/log/arsenal/stdout.log 2>> /var/log/arsenal/stderr.log

Configure database defaults

docker exec -it arsenal_teamserver_1 /bin/sh -c "cd /opt/arsenal/bin; python3 setup.py" This will populate the database with default users and roles defined in bin/setup.py

Additional Information

The teamserver will now launch using docker-compose. To ensure that it is functioning properly, you may run curl 127.0.0.1/status and you should receive the teamserver's status back. You may also install the teamserver to the system without docker, please see /contrib for useful setup scripts, service files, and installation information.

arsenal's People

Contributors

cictrone avatar kcarretto avatar koalatea avatar nullmonk avatar scuzz3y avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

brianschanbacher flame0 orf53975 0xdezzy tim1512 sasqwatch hulto scuzz3y prodject johnnattakit madisettisunil pratyushraunak attackgithub izogain vartamt shaiful-systema ajgappmark morristech triplekill sh1nu11bi optionalg zoepahek red-infosec eragon226 5l1v3r1 oldsecureiqlab darksidesfear rodhakens pyking skybulk guliqbal87 croat79 l3aalteshuva psyrun 4p0c4l7pt0

arsenal's Issues

Add a "--quick" type to Actions

The --quick flag would specify that we want the output of the command as soon as possible, and so the teamserver should save the Action for the Target's lowest interval session.

ListGroups

  • Implement API Endpoint
  • Write Unit Test

Add exception raising & handling

Eliminate the TODO's that say to raise / handle exceptions. Ensure proper exceptions are raised, and that they are handled such that the proper error message is relayed to the user.

Add --verify for config action

Allow an optional flag that causes the teamserver to verify connection to c2 servers (via icmp) when updating a session's config to point to new servers. This would only work if the C2 were public, but it could potentially help to avoid catastrophic errors.

Potential Problem: Asset Management

Plan on using dynamic facts to identify targets, meaning that we can configure the teamserver to use different criteria to distinguish targets.

  1. Only use MAC Addresses (Default)
  2. Use a combination of facts (i.e. MAC Address, external_ip)
  3. Use a UUID file on the file system.

In the case that MAC Addresses are configured exactly the same for each team, and we cannot utilize a C2 on the internal network, we will be forced to resort to option 3. This will be enforced as follows:

  1. The agent's configuration will be set with a special reserved key "uuid_file", which has the value of a path.
  2. The agent checks to see if that file exists, if not, it will write the identifier from the "generated_uuid" field that will also be present in the config and write it to the file. If the file exists, it will read the identifier from the file.
  3. It will then reinitialize (i.e. respond with no session id) and include the "uuid" field in it's JSON beacon.

This will clearly distinguish Targets in a worst case scenario situation, however file identification will only be used as a last resort.

GetGroup

  • Implement API Endpoint
  • Write Unit Test

Group Model

  • Implement Model Structure
  • Implement relevant model functionality
  • Implement Model Unit Tests

Fix target API tests

target API tests were broken during the unit test refactor, and they need to be fixed immediately.

GroupAction Model

  • Implement Model Structure
  • Implement relevant model functionality
  • Develop model unit tests

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.