Last active
January 5, 2022 10:18
-
-
Save 0xtavian/c8c168dc3b6e0615f15c7c41d2c680d0 to your computer and use it in GitHub Desktop.
axiom reconFTW provisioner
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "builders": [], | |
| "provisioners": [ | |
| { | |
| "type": "file", | |
| "source": "./configs", | |
| "destination":"/tmp/configs" | |
| }, | |
| { | |
| "execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'", | |
| "inline": [ | |
| "echo 'Waiting for cloud-init to finish, this can take a few minutes please be patient...'", | |
| "/usr/bin/cloud-init status --wait", | |
| "fallocate -l 2G /swap && chmod 600 /swap && mkswap /swap && swapon /swap", | |
| "echo '/swap none swap sw 0 0' | sudo tee -a /etc/fstab", | |
| "echo 'Running dist-uprade'", | |
| "sudo apt update -qq", | |
| "DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confnew dist-upgrade -qq", | |
| "echo 'Installing ufw fail2ban net-tools zsh jq build-essential python3-pip unzip git p7zip libpcap-dev rubygems ruby-dev grc'", | |
| "sudo apt install fail2ban ufw net-tools zsh zsh-syntax-highlighting zsh-autosuggestions jq build-essential python3-pip unzip git p7zip libpcap-dev rubygems ruby-dev grc -y -qq", | |
| "ufw allow 22", | |
| "ufw allow 2266", | |
| "ufw --force enable", | |
| "echo 'Creating OP user'", | |
| "useradd -G sudo -s /usr/bin/zsh -m op", | |
| "mkdir -p /home/op/.ssh /home/op/c2 /home/op/recon/ /home/op/lists /home/op/go /home/op/bin /home/op/.config/ /home/op/.cache /home/op/work/ /home/op/.config/amass", | |
| "rm -rf /etc/update-motd.d/*", | |
| "/bin/su -l op -c 'wget -q https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O - | sh'", | |
| "chown -R op:users /home/op", | |
| "touch /home/op/.sudo_as_admin_successful", | |
| "touch /home/op/.cache/motd.legal-displayed", | |
| "chown -R op:users /home/op", | |
| "echo 'op:{{ user `op_random_password` }}' | chpasswd", | |
| "echo 'root:{{ user `op_random_password` }}' | chpasswd", | |
| "echo 'Moving Config files'", | |
| "systemctl disable systemd-resolved.service", | |
| "systemctl stop systemd-resolved.service", | |
| "mv /tmp/configs/sudoers /etc/sudoers", | |
| "mv /tmp/configs/bashrc /home/op/.bashrc", | |
| "mv /tmp/configs/zshrc /home/op/.zshrc", | |
| "mv /tmp/configs/sshd_config /etc/ssh/sshd_config", | |
| "mv /tmp/configs/00-header /etc/update-motd.d/00-header", | |
| "mv /tmp/configs/authorized_keys /home/op/.ssh/authorized_keys", | |
| "mv /tmp/configs/resolv.conf /etc/resolv.conf", | |
| "mv /tmp/configs/config.ini /home/op/.config/amass/config.ini", | |
| "mv /tmp/configs/tmux-splash.sh /home/op/bin/tmux-splash.sh", | |
| "chown -R op:users /home/op", | |
| "chmod 644 /etc/resolv.conf", | |
| "chattr +i /etc/resolv.conf", | |
| "sudo service sshd restart", | |
| "chmod +x /etc/update-motd.d/00-header", | |
| "echo 'Optimizing SSH Connections'", | |
| "/bin/su -l root -c 'echo \"ClientAliveInterval 60\" | sudo tee -a /etc/ssh/sshd_config'", | |
| "/bin/su -l root -c 'echo \"ClientAliveCountMax 60\" | sudo tee -a /etc/ssh/sshd_config'", | |
| "/bin/su -l root -c 'echo \"MaxSessions 100\" | sudo tee -a /etc/ssh/sshd_config'", | |
| "/bin/su -l root -c 'echo \"net.ipv4.netfilter.ip_conntrack_max = 1048576\" | sudo tee -a /etc/sysctl.conf'", | |
| "/bin/su -l root -c 'echo \"net.nf_conntrack_max = 1048576\" | sudo tee -a /etc/sysctl.conf'", | |
| "/bin/su -l root -c 'echo \"net.core.somaxconn = 1048576\" | sudo tee -a /etc/sysctl.conf'", | |
| "/bin/su -l root -c 'echo \"net.ipv4.ip_local_port_range = 1024 65535\" | sudo tee -a /etc/sysctl.conf'", | |
| "/bin/su -l root -c 'echo \"1024 65535\" | sudo tee -a /proc/sys/net/ipv4/ip_local_port_range'", | |
| "echo 'Installing axiom'", | |
| "/bin/su -l op -c 'git clone https://github.com/pry0cc/axiom.git /home/op/.axiom && cd /home/op/.axiom/interact && ./axiom-configure --shell bash --unattended'", | |
| "echo 'Installing reconFTW'", | |
| "/bin/su -l op -c 'git clone https://github.com/six2dez/reconftw /home/op/reconFTW'", | |
| "/bin/su -l op -c 'cd /home/op/reconFTW && ./install.sh'", | |
| "/bin/su -l root -c 'apt-get clean'", | |
| "echo \"The password for user op is: {{ user `op_random_password` }}\"", | |
| "echo \"CgpDb25ncmF0dWxhdGlvbnMsIHlvdXIgYnVpbGQgaXMgYWxtb3N0IGRvbmUhCgogICAgICAgICAgICAgYXhpb20gaXMgc3BvbnNvcmVkIGJ5Li4uCl9fX18gICAgICAgICAgICAgICAgICAgICAgIF8gXyAgICAgICAgX19fX18uICAgICAgICAgXyBfCi8gX19ffCAgX19fICBfX18gXyAgIF8gXyBfXyhfKSB8XyBfICAgfF8gICBffCBfXyBfXyBfKF8pIHxfX18KXF9fXyBcIC8gXyBcLyBfX3wgfCB8IHwgJ19ffCB8IF9ffCB8IHwgfHwgfHwgJ19fLyBfYCB8IHwgLyBfX3wKIF9fXykgfCAgX18vIChfX3wgfF98IHwgfCAgfCB8IHxffCB8X3wgfHwgfHwgfCB8IChffCB8IHwgXF9fIFwKfF9fX18vIFxfX198XF9fX3xcX18sX3xffCAgfF98XF9ffFxfXywgfHxffHxffCAgXF9fLF98X3xffF9fXy8KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfX18vCgpSZWFkIHRoZXNlIHdoaWxlIHlvdSdyZSB3YWl0aW5nIHRvIGdldCBzdGFydGVkIDopCgogICAgLSBRdWlja3N0YXJ0IEd1aWRlOiBodHRwczovL2dpdGh1Yi5jb20vcHJ5MGNjL2F4aW9tL3dpa2kvQS1RdWlja3N0YXJ0LUd1aWRlCiAgICAtIENoZWF0c2hlZXQ6IGh0dHBzOi8vZ2l0aHViLmNvbS9wcnkwY2MvYXhpb20vd2lraS9DaGVhdHNoZWV0CiAgICAtIEZsZWV0czogaHR0cHM6Ly9naXRodWIuY29tL3ByeTBjYy9heGlvbS93aWtpL0ZsZWV0cyAgICAgCiAgICAtIFNjYW5zOiBodHRwczovL2dpdGh1Yi5jb20vcHJ5MGNjL2F4aW9tL3dpa2kvU2NhbnMKCgo=\" | base64 -d", | |
| "chown root:root /etc/sudoers /etc/sudoers.d -R" | |
| ], "inline_shebang": "/bin/sh -x", | |
| "type": "shell" | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment