A Xonsh-powered framework to build shells designed with pentesting in mind.
·
Request Feature
This project includes tools to build portable images of a Python shell (powered by xonsh and with xxh support) destinated to be used for pentesting and bug bounties (among others, ethical, hacking purposes).
It includes an easy way to build custom appimages with a portable shell (that could be run in Linux, Unix, Windows and others OS without any trouble) that supports Python sintax and may include additional toosl.
This image is intended to be used along with xxh proyect so you could extend it's functionality through the network using ssh connections. For example: you could connect to an old Solaris machine using xxh and easily run your portable image with all your plugins, configurations and additionally installed tools.
- Wazuh - The Open Source Security Platform: Wazuh is a tool that can be used to gather, decode and analyze logs. Offshell can be integrated with Wazuh by sending the logs generated by our history backend plugin to Wazuh to be analyzed and indexed into a search engine such as Elasticsearch (or OpenSearch, soon). Also, Wazuh can analyze the received logs and generate alerts based on some pre-defined rules for interesting security events such as detected vulnerabilities or privilege escalations.
Important: the appimage requires Git to properly work!
We have some pre-built images available here at Github.
It is not required to install Xonsh, you only need to download the last built appimage and make it executable to run the shell.
Download Xonsh:
sudo wget -q https://github.com/offsh/offsh/releases/download/0.0.2/xonsh -O /bin/xonsh
sudo chmod a+x /bin/xonsh
The appimage includes the xxh package but not the configuration file. You should also download the configuration file for xonsh:
wget -q https://raw.githubusercontent.com/offsh/offshell/main/xonshrc -O ~/.xonshrc
mkdir -p ~/.config/xxh/
wget -q https://raw.githubusercontent.com/offsh/xxh/master/config.xxhc -O ~/.config/xxh/config.xxhc
Optionally, you could make this your default shell by running:
$ echo "/bin/xonsh" >> /etc/shells
# chsh -s /bin/xonsh
After running the shell, the offshell syslog data collection plugin would be enabled, you just need to run the following command for more informatio-
history info
To integrate this with Wazuh, you need a Wazuh Manager server running in another machine. Then, you have to install Wazuh agent in your server by following this guide: https://documentation.wazuh.com/4.0/installation-guide/wazuh-agent/
You would check (among other things) your syslog filename. You should mark it for being analyzed in Wazuh configuration using a block like this one:
<localfile>
<location>/home/*/.local/share/xonsh/syslog/shell_profiler.log</location>
<log_format>syslog</log_format>
</localfile>
After adding that block to your ossec.conf file, if you agent is correctly connected to a Wazuh manager it woud start sending information about exeuted commands to your server and it will index it to a Elasticsearch index.
Finally, you would need to add the rules and decoders from https://github.com/offsh/offshell/tree/main/ruleset to /var/ossec/etc/rules and /var/ossec/etc/decoders/
You can modify this proyect and build your own appimages using the tools included in the build_appimage directory.
For example, to include more python depedencies in the appimage you only need to modify the pre-requirements.txt file.
You could also modify the xonsh/xxh configuration file to add functionalities, plugins, aliases, etc..
See the open issues for a list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the GLP3 License. See LICENSE for more information.
Francisco Navarro - @SpotH0und - [email protected]
Project Link: https://github.com/offsh/offshell