-
Notifications
You must be signed in to change notification settings - Fork 1
/
payload-kali.sh
97 lines (71 loc) · 3.3 KB
/
payload-kali.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#! /bin/bash
apt-get update
# install pip
apt-get install python3-pip -y
# install docker
#curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
#echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' | tee /etc/apt/sources.list.d/docker.list
#apt install -y docker.io
#systemctl enable docker --now
#sudo usermod -aG docker kali
# install scoutsuite
#pip install ScoutSuite
# install pacu
#git clone https://github.com/RhinoSecurityLabs/pacu && mv ./pacu/ /home/kali/
#pip install -r /home/kali/pacu/requirements.txt
# install cloudsplaining - cloudsplaining.readthedocs.io/
# Cloudsplaining is an AWS IAM Security Assessment tool
# that identifies violations of least privilege and generates
# a risk-prioritized report.
#disabled# pip3 install cloudsplaining
# Wireguard VPN Install & Set-Up
apt-get install iptables -y
apt-get install wireguard -y
sysctl -w net.ipv4.ip_forward=1 # Turn on IP forwarding
sysctl -w net.ipv6.conf.all.forwarding=1 # Turn on IP forwarding
# key generation server
wg genkey | tee /etc/wireguard/server-privatekey | wg pubkey | tee /etc/wireguard/server-publickey
# key generation clients
wg genkey | tee /etc/wireguard/client-privatekey | wg pubkey | tee /etc/wireguard/client-publickey
#ip link add dev wg0 type wireguard # create interface
#ip address add dev wg0 10.0.0.10 peer 10.0.0.11
#wg set wg0 listen-port 51820 private-key ./server-privatekey
#wg set wg0 peer $(cat /etc/wireguard/client-publickey) allowed-ips 10.0.0.0/16,10.0.1.5/32 endpoint 10.0.0.11:21841
#ip link set up dev wg0 # activate interface
# Set routing for wg-eth0
#iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;iptables -A FORWARD -o %i -j ACCEPT
# Create server config file
cat << WG0__EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.10.1/24
ListenPort = 51820
PrivateKey = $(cat /etc/wireguard/server-privatekey)
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;iptables -A FORWARD -o %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;iptables -D FORWARD -o %i -j ACCEPT
[Peer]
PublicKey = $(cat /etc/wireguard/client-publickey)
AllowedIPs = 10.0.10.0/24
WG0__EOF
chmod 600 /etc/wireguard/{server-privatekey,wg0.conf}
wg-quick up wg0 # start server
# Create client file
cat << EOF_CLIENT > /home/kali/client_vpn.wg
[Interface]
PrivateKey = $(cat /etc/wireguard/client-privatekey)
ListenPort = 21841
Address = 10.0.10.2/32
[Peer]
PublicKey = $(cat /etc/wireguard/server-publickey)
AllowedIPs = 10.0.10.0/24,10.0.0.0/24,10.0.1.0/24
Endpoint = $(curl http://169.254.169.254/latest/meta-data/public-ipv4):51820
# This is for if you're behind a NAT and
# want the connection to be kept alive.
PersistentKeepalive = 25
EOF_CLIENT
chown kali:kali /home/kali/client_vpn.wg # chg owner
# ToDO: instalar xrdp (tal vez con maquinas t2 no sea una solucion viable.)
# Possible Update: IDS/IPS
# apt-get install suricata -y
# setup https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Basic_Setup
# https://suricata.readthedocs.io/en/latest/quickstart.html#running-suricata
# ubnt setup https://kifarunix.com/install-and-setup-suricata-on-ubuntu-18-04/