#!/usr/bin/env python3 """ Script to download and set up various security tools. Download and install one-liner: curl -sSL https://raw.githubusercontent.com/Root-Down-Digital/pentesting-resources/main/scripts/foothold-to-escalation/escalateMyTools.py | python3 Usage: python3 escalateTools.py python3 escalateTools.py --cleanup python3 escalateTools.py --install-pspy (build it from source) python3 escalateTools.py --install-netexec python3 escalateTools.py --install-impacket python3 escalateTools.py --install-all python3 escalateTools.py --interactive Description: - Checks and installs required tools if they are not already present. - Creates a 'transfers' folder if it doesn't exist. - Downloads and sets up various security tools into the 'transfers' folder. - Cleans up all temporary installations and files if the '--cleanup' flag is provided. Note: This script requires some sudo permissions to install required tools and pipx packages. """ import os import subprocess import tempfile import shutil import sys import argparse import tty import termios # Check if the script is running in an interactive shell def is_interactive(): return sys.stdin.isatty() # Check if 'wget', 'tar', 'go', 'git', 'curl' are installed def check_required_tools(): required_tools = ["wget", "tar", "go", "git", "curl"] for tool in required_tools: if ( subprocess.call( ["which", tool], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL ) != 0 ): print(f"{tool} is not installed. Installing now...") subprocess.run(["sudo", "apt", "install", "-y", tool], check=True) # Create the 'transfers' folder if it doesn't exist def create_transfers_folder(): if not os.path.exists("transfers"): os.makedirs("transfers") print("Created 'transfers' folder.") # Download and setup tools def download_and_setup_tools(): tools = [ # Linux tools { "name": "LinEnum.sh", "url": "https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "subfolder": "LinEnum", "target_system": "linux" }, { "name": "linpeas.sh", "url": "https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh", "subfolder": "LinPEAS", "target_system": "linux" }, { "name": "linux-exploit-suggester.sh", "url": "https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh", "subfolder": "LinuxExploitSuggester", "target_system": "linux" }, { "name": "log4j-scan.py", "url": "https://raw.githubusercontent.com/fullhunt/log4j-scan/master/log4j-scan.py", "subfolder": "Log4jScan", "target_system": "linux" }, { "name": "pentestmonkey-php-reverse-shell.php", "url": "https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php", "subfolder": "PentestMonkey", "target_system": "linux" }, { "name": "cve-2016-5195-dirtycow.c", "url": "https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c", "subfolder": "CVE-2016-5195", "target_system": "linux" }, { "name": "cve-2019-13272-exploit.sh", "url": "https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2019-13272/poc.c", "subfolder": "CVE-2019-13272", "target_system": "linux" }, { "name": "cve-2020-3452-exploit.py", "url": "https://raw.githubusercontent.com/grim3/CVE-2020-3452/main/CVE-2020-3452.py", "subfolder": "CVE-2020-3452", "target_system": "linux" }, { "name": "cve-2021-3156-exploit.c", "url": "https://raw.githubusercontent.com/CptGibbon/CVE-2021-3156/main/exploit.c", "subfolder": "CVE-2021-3156", "target_system": "linux" }, { "name": "pspy64", "url": "https://github.com/DominicBreuker/pspy/releases/download/v1.2.1/pspy64", "subfolder": "pspy", "target_system": "linux" }, { "name": "walkingpath.py", "url": "https://raw.githubusercontent.com/adhikara13/CVE-2022-4510-WalkingPath/main/walkingpath.py", "subfolder": "WalkingPath", "target_system": "linux" }, # Windows tools { "name": "CVE-2017-0213.cpp", "url": "https://github.com/SecWiki/windows-kernel-exploits/blob/master/CVE-2017-0213/CVE-2017-0213.cpp", "subfolder": "CVE-2017-0213", "target_system": "windows" }, { "name": "Invoke-PowerShellTcp.ps1", "url": "https://raw.githubusercontent.com/samratashok/nishang/master/Shells/Invoke-PowerShellTcp.ps1", "subfolder": "Invoke-PowerShellTcp", "target_system": "windows" }, { "name": "mcafee_sitelist_pwd_decrypt.py", "url": "https://raw.githubusercontent.com/funoverip/mcafee-sitelist-pwd-decryption/master/mcafee_sitelist_pwd_decrypt.py", "subfolder": "McafeeDecrypt", "target_system": "windows" }, { "name": "Windows-Exploit-Suggester.py", "url": "https://raw.githubusercontent.com/AonCyberLabs/Windows-Exploit-Suggester/master/windows-exploit-suggester.py", "subfolder": "WindowsExploitSuggester", "target_system": "windows" }, { "name": "PowerUp.ps1", "url": "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1", "subfolder": "PowerUp", "target_system": "windows" }, { "name": "Seatbelt.ps1", "url": "https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/master/Seatbelt.exe", "subfolder": "Seatbelt", "target_system": "windows" }, { "name": "Invoke-SharpUp.ps1", "url": "https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-SharpUp.ps1", "subfolder": "SharpUp", "target_system": "windows" }, { "name": "ScriptSentry.ps1", "url": "https://raw.githubusercontent.com/techspence/ScriptSentry/main/Invoke-ScriptSentry.ps1", "subfolder": "ScriptSentry", "target_system": "windows" }, { "name": "winPEAS.ps1", "url": "https://raw.githubusercontent.com/peass-ng/PEASS-ng/master/winPEAS/winPEASps1/winPEAS.ps1", "subfolder": "WinPEAS", "target_system": "windows" }, { "name": "cve-2020-1472-exploit.py", "url": "https://raw.githubusercontent.com/thatonesecguy/zerologon-CVE-2020-1472/master/zero-logon-exploit.py", "subfolder": "CVE-2020-1472", "target_system": "windows" }, { "name": "cve-2021-1675-exploit.py", "url": "https://raw.githubusercontent.com/cube0x0/CVE-2021-1675/main/CVE-2021-1675.py", "subfolder": "CVE-2021-1675", "target_system": "windows" }, { "name": "LaZagne.exe", "url": "https://github.com/AlessandroZ/LaZagne/releases/latest/download/LaZagne.exe", "subfolder": "LaZagne", "target_system": "windows" } ] for tool in tools: subfolder_path = os.path.join("transfers", tool["target_system"], tool["subfolder"]) os.makedirs(subfolder_path, exist_ok=True) file_path = os.path.join(subfolder_path, tool["name"]) url = tool["url"] print(f"Downloading {file_path}...") result = subprocess.run(["wget", "-O", file_path, url], check=True) # Check if the download was successful if os.path.exists(file_path): print(f"{file_path} downloaded successfully.") if tool["name"].endswith((".sh", ".py", ".ps1", ".c")): print(f"Setting up {file_path}...") subprocess.run(["chmod", "+x", file_path], check=True) print(f"{file_path} is set up and ready to use.") else: print(f"Error downloading {file_path}. Please check the URL and try again.") # Build pspy64 from source def build_pspy64(): print("Building pspy64 from source...") subprocess.run(["git", "clone", "https://github.com/DominicBreuker/pspy.git"], check=True) os.chdir("pspy") subprocess.run(["go", "build"], check=True) print("pspy64 has been built from source.") # Install NetExec def install_netexec(): with tempfile.TemporaryDirectory() as tmpdirname: print(f"Installing NetExec in temporary directory {tmpdirname}...") try: subprocess.run(["sudo", "apt", "install", "-y", "pipx", "git"], check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) subprocess.run(["pipx", "ensurepath"], cwd=tmpdirname, check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) subprocess.run(["pipx", "install", "git+https://github.com/Pennyw0rth/NetExec"], cwd=tmpdirname, check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) print("NetExec installation completed.") except subprocess.CalledProcessError as e: print(f"Error installing NetExec: {e}") def install_impacket(): print("Installing Impacket...") try: subprocess.run(["python3", "-m", "pipx", "install", "impacket"], check=True) print("Impacket installation completed.") except subprocess.CalledProcessError as e: print(f"Error installing Impacket: {e}") # Cleanup function to remove all temporary installations and files def cleanup(): directories_to_remove = ['transfers', 'pspy'] for directory in directories_to_remove: if os.path.exists(directory): shutil.rmtree(directory) print(f"Removed {directory} directory.") # Remove pipx installed packages and cache subprocess.run(["pipx", "uninstall", "NetExec"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) subprocess.run(["pipx", "uninstall-all"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) subprocess.run(["rm", "-rf", os.path.expanduser("~/.local/pipx")], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) print("Removed all pipx installations and cache.") # Main function to run all the tasks def main(): parser = argparse.ArgumentParser(description='Script to download and set up various security tools.') parser.add_argument('--cleanup', action='store_true', help='Cleanup all temporary installations and files.') parser.add_argument('--install-pspy', action='store_true', help='Install pspy from source.') parser.add_argument('--install-netexec', action='store_true', help='Install NetExec.') parser.add_argument('--install-impacket', action='store_true', help='Install Impacket.') parser.add_argument('--install-both', action='store_true', help='Install both pspy and NetExec.') parser.add_argument('--interactive', action='store_true', help='Ask user for input interactively.') args = parser.parse_args() if args.interactive and is_interactive(): try: print("Do you want to run the script with any of the following flags?") print("1. --cleanup") print("2. --install-pspy") print("3. --install-netexec") print("4. --install-impacket") print("5. --install-all (pspy, Impacket and NetExec)") print("6. No flags") choice = input("Enter the number corresponding to your choice: ").strip() args.cleanup = choice == "1" args.install_pspy = choice == "2" args.install_netexec = choice == "3" args.install_impacket = choice == "4" args.install_all = choice == "5" except EOFError: print("No input received, exiting.") return # Exit to avoid proceeding without valid choices elif args.interactive and not is_interactive(): print("Interactive mode not supported in this environment.") return # Exit if in non-interactive mode with --interactive flag check_required_tools() create_transfers_folder() # Only download tools if no cleanup flag is selected if not args.cleanup: download_and_setup_tools() if args.install_pspy or args.install_all: build_pspy64() if args.install_netexec or args.install_all: install_netexec() if args.install_impacket or args.install_all: install_impacket() # Cleanup if args.cleanup: cleanup() print("Cleanup completed.") if __name__ == "__main__": main()