-
Notifications
You must be signed in to change notification settings - Fork 0
/
websploit.sh
executable file
·180 lines (135 loc) · 6.16 KB
/
websploit.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#!/usr/bin/env bash
# HACK cmm - This script installs requisite software and tools for the WebSploit labs
# Things are copied into /provision/websploit and cloud-init is meant to copy this directory
# to the user's home directory or root to make everything available.
# WebSploit installation script
# Author: Omar Ωr Santos
# Web: https://websploit.org
# Twitter: @santosomar
# Version: 3.4
set -x
set -e
#clear
echo "
██╗ ██╗███████╗██████╗ ███████╗██████╗ ██╗ ██████╗ ██╗████████╗
██║ ██║██╔════╝██╔══██╗██╔════╝██╔══██╗██║ ██╔═══██╗██║╚══██╔══╝
██║ █╗ ██║█████╗ ██████╔╝███████╗██████╔╝██║ ██║ ██║██║ ██║
██║███╗██║██╔══╝ ██╔══██╗╚════██║██╔═══╝ ██║ ██║ ██║██║ ██║
╚███╔███╔╝███████╗██████╔╝███████║██║ ███████╗╚██████╔╝██║ ██║
╚══╝╚══╝ ╚══════╝╚═════╝ ╚══════╝╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝
L A B S B Y O M A R S A N T O S
https://websploit.org
Author: Omar Ωr Santos
Twitter: @santosomar
Version: 3.2
A collection of tools, tutorials, resources, and intentionally vulnerable
applications running in Docker containers. WebSploit Labs include
over 500 exercises to learn and practice ethical hacking (penetration testing) skills.
--------------------------------------------------------------------------------------
"
#read -n 1 -s -r -p "Press any key to continue the setup..."
echo " "
# Setting Up vim with Python Jedi to be used in several training courses
apt update
apt install -y wget vim vim-python-jedi curl exuberant-ctags git ack-grep python3-pip
pip3 install pep8 flake8 pyflakes isort yapf Flask
# HACK cmm - We already have docker installed
#curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
#echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' | sudo tee /etc/apt/sources.list.d/docker.list
#apt update
#apt remove -P -y docker docker-engine docker.io
#apt install -y docker-ce
#echo "Installing Updating Docker-Compose!"
#sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
#sudo chmod +x /usr/local/bin/docker-compose
#
#echo "getting docker-compose.yml from WebSploit.org"
#wget https://websploit.org/docker-compose.yml
#
#
# instantiate the containers with docker-compose, but do not start them
echo "Setting up the containers and internal bridge network"
cd /provision/websploit
docker compose -f docker-compose.yml up -d --no-start
# Cloning the GitHub repos
# cloning H4cker github
git clone https://github.com/The-Art-of-Hacking/h4cker.git
#cloning SecLists
git clone https://github.com/danielmiessler/SecLists.git
#cloning GitTools
git clone https://github.com/internetwache/GitTools.git
#cloning Payloads All The Things - A list of useful payloads and bypasses for Web Application Security.
git clone https://github.com/swisskyrepo/PayloadsAllTheThings.git
# Getting IoTGoat and other IoT firmware for different exercises
mkdir iot_exercises
cd iot_exercises
wget https://github.com/OWASP/IoTGoat/releases/download/v1.0/IoTGoat-raspberry-pi2.img
mv IoTGoat-raspberry-pi2.img firmware1.img
wget https://github.com/santosomar/DVRF/releases/download/v3/DVRF_v03.bin
mv DVRF_v03.bin firmware2.bin
# installing hostapd
apt install hostapd
#getting test ssl script
#curl -L https://testssl.sh --output testssl.sh
#chmod +x testssl.sh
#Installing ffuf
apt install -y ffuf
#Installing tor
apt install -y tor
#Installing certspy
pip3 install certspy
#Installing Jupyter Notebooks
apt install -y jupyter-notebook
#Installing radamnsa
git clone https://gitlab.com/akihe/radamsa.git && cd radamsa && make && sudo make install
#Installing EDB
apt install -y edb-debugger
#Installing gobuster
apt install -y gobuster
#Installing Sublist3r
cd /provision/websploit
git clone https://github.com/aboul3la/Sublist3r.git
cd Sublist3r
pip3 install -r requirements.txt
# installing enum4linux-ng
cd /provision/websploit
git clone https://github.com/cddmp/enum4linux-ng && cd enum4linux-ng
#Installing searchsploit in Parrot
# Parrot does not come with searchsploit. This will install it if the user opts to use Parrot vs Kali.
distribution=$(lsb_release -i | awk '{print $(NF)}')
if [[ "$distribution" == "Parrot" ]];
then
git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb
ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
fi
# Installing NodeGoat
# cloning the NodeGoat repo
cd /provision/websploit
git clone https://github.com/OWASP/NodeGoat.git
# replacing the docker-compose.yml file with my second bridge network (10.7.7.0/24)
curl -sSL https://websploit.org/nodegoat-docker-compose.yml > /provision/websploit/NodeGoat/docker-compose.yml
# downloading the nodegoat.sh script from websploit
# this will be used manually to setup the NodeGoat environment
cd /provision/websploit/NodeGoat
wget https://websploit.org/nodegoat.sh
chmod 744 nodegoat.sh
# Installing Gorilla-CLI to be used in AI-related training
pip3 install gorilla-cli
#Installing Knock
cd /provision/websploit
git clone https://github.com/guelfoweb/knock.git
cd knock
python3 setup.py install
#Installing OWASP ZAP
apt install -y zaproxy
#Getting the container info script
cd /provision/websploit
curl -sSL https://websploit.org/containers.sh > /provision/websploit/containers.sh
chmod +x /provision/websploit/containers.sh
mv /provision/websploit/containers.sh /usr/local/bin/containers
#Final confirmation
sudo /usr/local/bin/containers
echo "
All set! All tools, apps, and containers have been installed and setup.
Have fun hacking! - Ωr
"