CLI For Ephemeral Pentesting – hideNsneak

Last Commit: 04/04/2019

CLI For Ephemeral Pentesting – hideNsneak

Introduction

hideNsneak is an app that assists in managing attack infrastructure for penetration testers. It provides an interface which allows you to rapidly deploy, manage, and take down various cloud services, including:

  • VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls.

hideNsneak: A CLI For Ephemeral Penetration Testing

hideNseek provides a simple interface that allows penetration testers and system administrators to build ephemeral infrastructure with minimal overhead.

Features:

  • deploydestroy, and list:
    1. Cloud instances via EC2 and Digital Ocean (Google Cloud, Azure, and Alibaba Cloud coming soon)
    2. API Gateway (AWS)
    3. Domain fronts via AWS Cloudfront and Google Cloud Functions (Azure CDN coming soon)
  • Proxy through infrastructure
  • Deploys C2 redirectors
  • Sends and receives files
  • Port scanning via Nmap
  • Remote installations of Burp Collab, Cobalt Strike, Socat, LetsEncrypt, GoPhish, and SQLMap
  • Works with teams teams

hideNsneak Install/Setup (running locally)

Current Limitations and Requirements:

  • Hosts: Ubuntu 16.04 Linux.
  • Setup on your local system: Linux and Mac only.
  • VPS Providers: AWS and Digital Ocean only.
  • Make sure that go is installed, the GOPATH environment variable must be set.

Create a new AWS S3 bucket in us-east-1 and ensure this is not public as it will hold your terraform state. Then go get hideNsneak and run the installation, as follows:

$ go get github.com/rmikehodges/hideNsneak
$ cd $GOPATH/src/github.com/rmikehodges/hideNsneak
$ ./setup.sh
$ cp config/example-config.json config/config.json

Fill in the values:

  • aws_access_id, aws_secret_key, aws_bucket_name, public_key, private_key, ec2_user, and do_user are required at minimum
  • all operators working on the same state must have config values filled in all the same fields
  • private and public keys must be the same for each operator

Now you can use the program by running:

$ ./hidensneak [command]

Commands

To list all available commands, run help. You can also run help after any command to get guidance on what flags to use.

hidensneak instance deploy
hidensneak instance destroy
hidensneak instance list
hidensneak api deploy
hidensneak api destroy
hidensneak api list
hidensneak domainfront enable
hidensneak domainfront disable
hidensneak domainfront deploy
hidensneak domainfront destroy
hidensneak domainfront list
hidensneak firewall add
hidensneak firewall list
hidensneak firewall delete
hidensneak exec command -c
hidensneak exec nmap
hidensneak exec cobaltstrike-run
hidensneak exec collaborator-run
hidensneak socks deploy
hidensneak socks list
hidensneak socks destroy
hidensneak socks proxychains
hidensneak socks socksd
hidensneak install burp
hidensneak install cobaltstrike
hidensneak install socat
hidensneak install letsencrypt
hidensneak install gophish
hidensneak install nmap
hidensneak install sqlmap
hidensneak file push
hidensneak file pull

Organization:

  • _terraform – terraform modules
  • _ansible – ansible roles and playbooks
  • _assets – random assets for the beauty of this project
  • _cmd – frontend interface package
  • _deployer – backend commands and structs
  • main.go – where the magic happens

Possible Problems/Solutions

A default security group hideNsneak is made in all AWS regions that is full-open. All instances are configured with iptables to only allow port 22/tcp upon provisioning.

You may encounter some terraform errors indicating a resource is not found. In that case you may need to remove the problematic terraform resources, as follows:

$ cd $GOPATH/src/github.com/rmikehodges/hideNsneak/terraform
$ terraform state rm <name of problem resource>

You may also encounter the following error:

Error: configuration for module name here is not present; a provider configuration block is required for all operations

This is usually due to artifacts being left in the state from old deployments. You can remove those artifacts from your state, as follows:

$ cd $GOPATH/src/github.com/rmikehodges/hideNsneak/terraform
$ terraform state rm <module or resource name>
Error: Error locking state: Error acquiring the state lock: ConditionalCheckFailedException: The conditional request failed status code: 400, request id: P7BUM7NA56LQEJQC20A3SE2SOVVV4KQNSO5AEMVJF66Q9ASUAAJG Lock Info: ID: 4919d588-6b29-4aa7-d917-2bcb67c14ab4

If above error doesn’t go away after another user has finished deploying, then it is usually due to to terraform not automatically unlocking your state in the face of errors. You can fix by running the following:

$ terraform force-unlock <ID> $GOPATH/src/github.com/rmikehodges/hideNsneak/terraform
Note: Unlocking the state may have an adverse affect on any other weiters happening in the state. Make sure other users (if there are any) aren’t actively deploying/destroying anything when you run this.
Download Box