Ptf V2.3 - The Penetration Testers Framework Is A Mode For Modular Back Upwardly For Up-To-Date Tools
The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar as well as familiar distribution for Penetration Testing. As pentesters, we've been accustom to the /pentest/ directories or our ain toolsets that nosotros desire to transcend away along up-to-date all of the time. We direct maintain those "go to" tools that nosotros usage on a regular basis, as well as using the latest as well as greatest is important.
PTF attempts to install all of your penetration testing tools (latest as well as greatest), compile them, create them, as well as larn inwards thence that you lot tin install/update your distribution on whatsoever machine. Everything is organized inwards a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) as well as eliminates a lot of things that are hardly used. PTF simplifies installation as well as packaging as well as creates an entire pentest framework for you. Since this is a framework, you lot tin configure as well as add together every bit you lot meet fit. We commonly meet internally developed repos that you lot tin usage every bit good every bit purpose of this framework. It's all upwards to you.
The ultimate goal is for community back upwards on this project. We desire novel tools added to the github repository. Submit your modules. It's super unproblematic to configure as well as add together them as well as exclusively takes a few minute.
Instructions:
First banking enterprise check out the config/ptf.config file which contains the base of operations place of where to install everything. By default this volition install inwards the /pentest directory. Once you lot direct maintain that configured, motion to running PTF yesteryear typing
./ptf
(or python ptf).This volition seat you lot inwards a Metasploitesque type trounce which has a similar hold off as well as experience for consistency. Show modules, usage
, etc. are all accepted commands. First things first, ever type tending or ?
to meet a sum listing of commands.For a video tutorial on how to usage PTF, banking enterprise check out our Vimeo page here: https://vimeo.com/137133837
Update EVERYTHING!
If you lot desire to install and/or update everything, precisely produce the following:
./ptf usage modules/install_update_all yes
This volition install all of the tools within of PTF. If they are already installed, this volition iterate through as well as update everything for you lot automatically.You tin also individually install each module, as well as thence usage the usage modules/update_installed which volition exclusively update what you've previously installed.
For example:
./ptf usage modules/update_installed
This volition exclusively update previous ones you've installed.You tin also exhibit options to modify information close the modules.
If you lot exclusively desire to install exclusively for instance exploitation tools, you lot tin run:
./ptf usage modules/exploitation/install_update_all
This volition exclusively install the exploitation modules. You tin produce this for whatsoever module category.Customize your ain installed tools
You tin exclusively install the tools you lot desire to yesteryear going to the modules/custom_list/list.py section. Modify the list.py file as well as add together the tools you lot exclusively desire to install or update.
Then when inwards PTF:
./ptf usage modules/custom_list/list yes
This allows you lot to deport your module configuration over as well as exclusively install the tools that you lot desire as well as transcend away along them updated.Modules:
First, caput over to the modules/ directory, within of at that spot are sub directories based on the Penetration Testing Execution Standard (PTES) phases. Go into those phases as well as hold off at the dissimilar modules. As presently every bit you lot add together a novel one, for instance testing.py, it volition automatically last imported side yesteryear side fourth dimension you lot launch PTF. There are a few substitution components when looking at a module that must last completed.
Below is a sample module
AUTHOR="David Kennedy (ReL1K)" DESCRIPTION="This module volition install/update the Browser Exploitation Framework (BeEF)" INSTALL_TYPE="GIT" REPOSITORY_LOCATION="https://github.com/beefproject/beef" X64_LOCATION="https://github.com/something_thats_x64_instead_of_x86 INSTALL_LOCATION="beef" DEBIAN="ruby1.9.3,sqlite3,ruby-sqlite3" ARCHLINUX = "arch-module,etc" BYPASS_UPDATE="NO" AFTER_COMMANDS="cd {INSTALL_LOCATION},ruby install-beef" LAUNCHER="beef" TOOL_DEPEND="modules/exploitation/metasploit"
Module Development:
All of the fields are pretty easy, on the repository locations, you lot tin usage GIT, SVN or FILE. Fill inwards the depends, as well as where you lot desire the install place to be. PTF volition bring where the python file is located (for instance exploitation) as well as motion it to what you lot specify inwards the PTF config (located nether config). By default it installs all your tools to
/pentest/PTES_PHASE/TOOL_FOLDER
Note inwards modules, you lot tin specify after commands
{INSTALL_LOCATION}
. This volition append where you lot desire the install place to larn when using after commands.You tin also specify
{PTF_LOCATION}
which volition trace the base of operations path for your PTF installation.You also direct maintain the mightiness for repository locations to specify both a 32 fight as well as 64 fight location. Repository place should ever last the x86 download path. To add together a 64 fight path for a tool, specify X64_LOCATION as well as give it a URL. When PTF launches it volition automatically notice the architecture as well as get to usage the x64 link instead of the x86.
Note that ArchLinux packages are also supported, it needs to last specified for both DEBIAN as well as ARCH inwards fellowship for it to last properly installed on either platform inwards the module
GITLAB Support
You tin create your ain modules as well as also supports gitlab access. Instead of specify git, wget, etc., precisely specify gitlab as well as indicate to your ain internal gitlab tools for modules.
BYPASS UPDATES:
When using traditional git or svn every bit a principal method, what volition locomote on after a module is installed is it volition precisely larn as well as watch the latest version of the tool. With after commands, commonly when installing, you lot may necessitate to run the after commands after each fourth dimension you lot update. If you lot specify bypass updates to YES (
BYPASS_UPDATE="YES"
), each fourth dimension the tool is run, it volition banking enterprise check out the latest version as well as silent run after commands. If this is marked to no, it volition exclusively git trace the latest version of the system. For FILE
options, it is recommended to ever usage BYPASS_UPDATE="YES"
thence that it volition overwrite the files each time.After Commands:
After commands are commands that you lot tin insert after an installation. This could last switching to a directory as well as kicking off additional commands to goal the installation. For instance inwards the BEEF scenario, you lot necessitate to run ruby install-beef afterwards. Below is an instance of after commands using the
{INSTALL_LOCATION}
flag.AFTER_COMMANDS="cp config/dict/rockyou.txt {INSTALL_LOCATION}"
For AFTER_COMMANDS
that produce self install (don't necessitate user interaction).Automatic Launchers
The flag LAUNCHER= inwards modules is optional. If you lot add together
LAUNCHER="setoolkit"
for example, PTF volition automatically create a launcher for the tool nether /usr/local/bin/
. In the setoolkit example, when run - PTF volition automatically create a file nether /usr/local/bin/setoolkit
thence you lot tin launch SET from anywhere yesteryear precisely typing setoolkit. All files volition silent last installed nether the appropriate categories, for instance /pentest/exploitation/setoolkit
nevertheless an automatic launcher volition last created.You tin direct maintain multiple launchers for an application. For example, for Metasploit you lot may desire msfconsole, msfvenom, etc. In fellowship to add together multiple launchers, precisely seat a
,
betwixt them. For instance LAUNCHER="msfconsole,msfvenom"
. This would create launchers for both.Automatic Command Line
You tin also precisely run
./ptf --update-all
as well as it volition automatically update everything for you lot without having to larn into the framework.Running Unattended
If you're running
ptf
inwards an automatic build, you lot tin usage a heredoc thence you lot don't direct maintain to interactively type the modules you lot wishing to install. Example:./ptf <
TOOL DEPENDS
Some tools such every bit Veil, SET, etc. require tools such every bit the Metasploit Framework. You tin add together inwards the module
TOOL_DEPEND="modules/exploitation/metasploit,module/exploitation/set"
as well as multiple other tools if at that spot is a tool required to last installed prior to installing the tool. This volition forcefulness PTF to install the required tool first, as well as thence install the module that requires it. Example:TOOL_DEPEND="modules/exploitation/metasploit"
This volition install Metasploit commencement or ensured its installed commencement prior to installing the application.
IGNORE Modules or Categories
The
IGNORE_THESE_MODULES=
config selection tin last institute nether config/ptf.config inwards the PTF root directory. This volition ignore modules as well as non install them - everything is comma separated as well as based on mention - example: modules/exploitation/metasploit,modules/exploitation/set
or entire module categories, similar /modules/code-audit/*,/modules/reporting/*
IGNORE Modules from Update/Install All
The
IGNORE_UPDATE_ALL_MODULES=
config selection tin last institute nether config/ptf.config inwards the PTF root directory. This volition ignore modules exclusively when doing install_update_all which are used when you lot desire to install all tools. This could last for large applications that bring substantial time, ones that require user interaction, or opened upwards up a release of ports as well as protocols on the system. This industrial plant really similar inwards the IGNORE_THESE_MODULES, except that they tin last manually installed as well as updated through the modules/update_installed. These are comma deliminated, thence for instance modules/exploitation/tool1,modules/exploitation/tool2, when running install_update_all, this would non install the tools unless you lot went to usage modules/exploitation/tool1 as well as installed via that method.INCLUDE_ONLY_THESE_MODULES
The
INCLUDE_ONLY_THESE_MODULES
inwards the config selection nether config/ptf.config volition exclusively install as well as include specific modules that is specified here. This is practiced for baselining your tools that you lot desire as well as exclusively install them.Written by: David Kennedy (@HackingDave)
https://www.trustedsec.com