Merge pull request #239 from JBiggs610/bashhistory

Bash History File Generator

lib/objects/local_string_generator.rb

@@ -114,7 +114,7 @@ class StringGenerator
     end
 
     enforce_utf8(self.outputs)
-    print_outputs if has_base64_inputs
+    print_outputs
   end
 
   def enforce_utf8(values)

lib/resources/linelists/top_50_sudo_commands

@@ -0,0 +1,50 @@
+sudo apt-get update
+sudo apt-get install packagename
+sudo apt-get remove packagename
+sudo systemctl restart servicename
+sudo systemctl stop servicename
+sudo systemctl start servicename
+sudo ufw enable/disable
+sudo ufw allow/deny port-number
+sudo useradd -m -s /bin/bash username
+sudo usermod -aG groupname username
+sudo groupadd groupname
+sudo userdel username
+sudo chown -R username:groupname /path/to/folder
+sudo chmod -R 755 /path/to/folder
+sudo systemctl enable/disable servicename
+sudo systemctl status servicename
+sudo apt-get upgrade
+sudo apt-get dist-upgrade
+sudo apt-get autoremove
+sudo apt-get clean
+sudo add-apt-repository ppa:repositoryname
+sudo sed -i 's/oldstring/newstring/g' /path/to/file
+sudo find /path/to/search/ -type f -exec rm {} ;
+sudo tar -xvf archive.tar -C /path/to/extract/
+sudo tail -f /var/log/messages
+sudo chmod 700 /path/to/file
+sudo chgrp groupname /path/to/file
+sudo passwd username
+sudo chsh -s /bin/bash username
+sudo ln -s /path/to/file /path/to/link
+sudo mount /dev/sdb1 /mnt/usb
+sudo umount /mnt/usb
+sudo chattr +i /path/to/file
+sudo crontab -e
+sudo dpkg -i packagename.deb
+sudo dpkg --configure -a
+sudo service ssh restart
+sudo service apache2 restart
+sudo service mysql restart
+sudo service postfix restart
+sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys keynumber
+sudo apt-get install -y packagename
+sudo apt-get install -f
+sudo apt-get install build-essential
+sudo apt-get install python3-pip
+sudo usermod -L username
+sudo usermod -U username
+sudo systemctl reload servicename
+sudo systemctl mask/unmask servicename
+sudo visudo

lib/resources/linelists/top_90_linux_commands

@@ -0,0 +1,88 @@
+locate filename
+chgrp groupname filename
+chroot /path/to/chroot/
+scp /path/to/source user@destination:/path/to/destination/
+service servicename start/stop/restart
+curl -I http://example.com
+useradd username
+usermod -aG groupname username
+groupadd groupname
+passwd username
+whoami
+which commandname
+uptime
+touch filename
+tail -n 100 /var/log/messages
+su username
+stat filename
+sed -n '10,20p' file.txt
+sed -i '1d' file.txt
+tar -cvf archive.tar /path/to/folder/
+tar -xvf archive.tar -C /path/to/extract/
+traceroute google.com
+uname -a
+uptime -p
+userdel username
+wc -l file.txt
+watch -n 1 command
+wget http://example.com/file
+who
+zip -r archive.zip /path/to/folder/
+unzip archive.zip -d /path/to/extract/
+rsync -avz /path/to/source/ user@destination:/path/to/destination/
+ps -ef | grep "process name"
+netstat -antp | grep "port number"
+ifconfig -a
+hostnamectl set-hostname newhostname
+find /path/to/search/ -type d -exec chmod 755 {} ;
+dig example.com
+curl -o filename http://example.com/file
+cat /proc/cpuinfo
+awk '{print $2}' /proc/meminfo
+adduser username groupname
+apt-get update
+apt-get install packagename
+apt-get remove packagename
+df -h
+du -sh *
+free -m
+head -n 10 file.txt
+tail -n 10 file.txt
+grep -i "search term" file.txt
+lsof -i tcp:port-number
+killall processname
+hostname -i
+mount -t cifs //192.168.1.100/share /mnt/cifs -o username=user,password=password
+nc -l port-number
+nl file.txt
+passwd root
+ping -c 5 8.8.8.8
+ps -aux | grep "process name"
+rmdir dirname
+sed -i '/search term/d' file.txt
+ssh-keygen -t rsa -b 4096
+ssh-copy-id user@hostname
+systemctl status servicename
+systemctl start/stop/restart servicename
+tar -czvf archive.tar.gz /path/to/folder
+tar -xzvf archive.tar.gz -C /path/to/extract/
+touch -d "1 day ago" file.txt
+uptime -s
+uname -r
+uniq file.txt
+usermod -L username
+usermod -U username
+visudo
+whois example.com
+xargs -I {} mv {} /path/to/destination/ < filelist.txt
+zip -r archive.zip /path
+locate filename
+chgrp groupname filename
+chroot /path/to/chroot/
+scp /path/to/source user@destination:/path/to/destination/
+service servicename start/stop/restart
+curl -I http://example.com
+useradd username
+usermod -aG groupname username
+groupadd groupname
+passwd username

modules/generators/content/bash_history/secgen_local/local.rb

@@ -0,0 +1,61 @@
+#!/usr/bin/ruby
+require_relative '../../../../../lib/objects/local_string_generator.rb'
+require 'erb'
+require 'fileutils'
+class BashHistoryGenerator < StringGenerator
+  attr_accessor :command_sample
+  attr_accessor :sudo_sample
+  attr_accessor :password_sample
+  LOCAL_DIR = File.expand_path('../../',__FILE__)
+  TEMPLATE_PATH = "#{LOCAL_DIR}/templates/bash_history.md.erb"
+
+  def initialize
+    super
+    self.password_sample = ''
+  end
+
+  def get_options_array
+    super + [['--password', GetoptLong::OPTIONAL_ARGUMENT]]
+  end
+  
+  def process_options(opt, arg)
+    super
+    case opt
+    when '--password'
+      self.password_sample << arg;
+    end
+  end
+
+  def generate
+    sudo_array = File.readlines('../../../../../lib/resources/linelists/top_50_sudo_commands')
+    command_array = File.readlines('../../../../../lib/resources/linelists/top_90_linux_commands')
+    if self.password_sample != ''
+    self.sudo_sample = sudo_array.sample(5)
+    self.command_sample = command_array.sample(20)
+    counter = 4
+    sudo_count = 0
+    while counter != 20 
+      randInt = rand(sudo_sample.length)
+      command_sample.insert(randInt, sudo_sample[randInt])
+      if sudo_count == 0
+        command_sample.insert(5, self.password_sample)
+        sudo_count += 1
+      end
+      counter += 4
+    end
+    else
+      self.command_sample = command_array.sample(30)
+    end
+    template_out = ERB.new(File.read(TEMPLATE_PATH), 0, '<>-')
+    self.outputs << template_out.result(self.get_binding)
+  end
+
+  # Returns binding for erb files (access to variables in this classes scope)
+  # @return binding
+  def get_binding
+    binding
+  end
+end
+
+BashHistoryGenerator.new.run
+

modules/generators/content/bash_history/secgen_metadata.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+
+<generator xmlns="http://www.github/cliffe/SecGen/generator"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
+
+  <name>Password List File Generator</name>
+  <author>Jack Biggs</author>
+  <module_license>MIT</module_license>
+  <description>Creates a bash history file in which sudo password is leaked.</description>
+
+  <type>string_generator</type>
+  <type>local_calculation</type>
+  <platform>linux</platform>
+
+  <read_fact>password</read_fact>
+
+  <output_type>generated_strings</output_type>
+</generator>

modules/generators/content/bash_history/templates/bash_history.md.erb

@@ -0,0 +1,8 @@
+<%
+    command_sample.each { |cmd|
+%>
+ <%= cmd %>
+    <%
+    }
+%>
+