{ "info": { "author": "b0z", "author_email": "bastien@faure.io", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Information Technology", "License :: OSI Approved :: MIT License", "Operating System :: POSIX :: Linux", "Programming Language :: Python", "Programming Language :: Python :: 3.3", "Programming Language :: Python :: 3 :: Only", "Topic :: Software Development :: Libraries" ], "description": ".. These are the Travis-CI and Coveralls badges for your repository. Replace\n your *github_repository* and uncomment these lines by removing the leading\n two dots.\n\n.. .. image:: https://travis-ci.org/*github_repository*.svg?branch=master\n :target: https://travis-ci.org/*github_repository*\n\n.. .. image:: https://coveralls.io/repos/github/*github_repository*/badge.svg?branch=master\n :target: https://coveralls.io/github/*github_repository*?branch=master\n\n\n======\nJarvis\n======\n\nJarvis is a very simple pentest companion that provides the following features:\n\n* penetration tests results directory management\n* unified structure for all assessments\n* hooks for useful commands and automated output saving\n* unified command history file\n* easy way to take screenshots\n* creation of an easily reachable symlink that always point to your current pentest\n\nIt is fully written in Python and is designed to be easily extended.\n\n**This project is currently under development and many bugs may appear, do not hesitate to open issues or submit pull requests**\n\nCommand hooking\n===============\n\nAs a pentester, I often faced with difficulties related to output recording. Sometimes, a very looonnnng ``nmap`` scan launched without output options and cancelled may be very painful due to the lack of exploitable files. I'm not even talking about closed terminals containing juicy outputs that may lack in a security assessment report.\n\nFor these reasons, I decided to implement a command hooking feature that would automatically add output options to command lines and record outputs if such options would not exist.\n\nBasically, each command exposed by Jarvis is a specific method called on a Python class. This method retrieves the supplied command line, adds arguments and patches the command lines, and finally runs the built command in a patched environnement.\n\n\nInstallation\n============\n\nSee `install`_\n\n.. _install: INSTALL.rst\n\n\nUsage\n=====\n\nInitial configuration\n---------------------\n\nFor using Jarvis, you will have to fill a ``/etc/jarvis.conf`` file::\n\n\t[jarvis]\n\tpentests_history = /home/user/.pentests_history\n\tuser_directory = user\n\toutput_directory = records\n\timg_directory = img\n\tpentest_tree = [\n\t\t\"%(user_directory)s\",\n\t\t\"%(user_directory)s/img\",\n\t\t\"%(user_directory)s/scripts\",\n\t\t\"%(user_directory)s/records\"\n\t\t]\n\tnotesfiles = notes.txt\n\tinterface = eth0\n\teditor = vim\n\nHere is a quick description of available options (all of them are mandatory):\n\n* ``pentests_history`` : path to the file that will contain all the paths to performed pentests\n* ``user_directory`` : since a pentest is supposed to be performed by several persons, this is the name of your directory within the pentest's one\n* ``output_directory`` : the directory within your user's directory that will contain all records produced by available hooks\n* ``img_directory`` : the directory within your user's directory that will contain screenshots\n* ``pentest_tree`` : this is a very important configuration, it describes the structure of your pentest directory that will be created after a ``pentest init``. For the moment, I'm too lazy for creating directories according to previously described options so the directory tree must be fully described in this setting. This advanced feature should come soon. Note that some commands will obviously fail if you do not create ``user_directory`` or ``output_directory``\n* ``notesfiles`` : the file that will be used for taking notes\n* ``interface`` : the network interface through which test are going to be performed\n* ``editor`` : your preferred editor (``vim``, ``emacs``, whatever)\n\nPentest directory management\n----------------------------\n\nIf you want to start a new pentest, run the following commands::\n\n\t$ pentest start /path/to/pentest\n\t$ pentest init\n\nThe first command will append an entry inside the pentests history file. The second will create your pentest directory structure.\n\nAfter init, the pentest directory is created::\n\n\t$ tree /path/to/pentest\n\t/path/to/pentest\n\t\u2514\u2500\u2500 user\n\t \u251c\u2500\u2500 img\n\t \u251c\u2500\u2500 records\n\t \u2514\u2500\u2500 scripts\n\nNote that pentests are *stacked* in the ``pentests_history`` file::\n\n\t$ cat .pentests_history \n\t/tmp/pentest-1\n\t/tmp/pentest-2\n\t/tmp/pentest-3\n\nStopping a pentest with ``pentest stop`` will simply *pop* the last entry from the history file.\n\nYou can then define useful aliases. The most explicit example is *jumping* to the current pentest with a bash alias::\n\n\talias gopentest=\"cd $(tail -n 1 /path/to/.pentests_history)\"\n\n\nCommand hooking\n---------------\n\nJarvis is shipped with many commands hooks that can be listed::\n\n\t$ pentest hooks\n\tairodump\n\tarpscan\n\tcrackmapexec\n\tcurl\n\tdnsmap\n\tdnsrecon\n\thping3\n\thttp\n\thydra\n\tnikto\n\tnmap\n\tpatator\n\tsmbclient\n\tsmbmap\n\tsslyze\n\twfuzz\n\nPlease note that Jarvis **does not** ships packages providings hookable scripts or binaries. Jarvis also expects that each hooked command should runnable as-is. Basically, *wfuzz* should be callable without Jarvis installed.\n\n\tCurrently, Jarvis throws an exception with the underlying command does not exist on the installed system\n\nLet's try running an ``nmap`` scan, which is one of the currently available hooks::\n\n\t$ nmap 127.0.0.1\n\t Starting Nmap 7.60 ( https://nmap.org ) at 2018-09-15 11:08 CEST\n\t Nmap scan report for factory (127.0.0.1)\n\t [...]\n\nNow, the ``commands.log`` file is populated (noted that commands are also properly escape)::\n\n\t$ cat commands.log \n\t[192.168.1.19] 2018-09-15 11:08:13,978 :: nmap -oA /tmp/peni/b0z/records/nmap-127.0.0.1-2018-09-15-11-08-13 127.0.0.1\n\nYou can see that output options have been added, and output files created automatically::\n\n\t$ ls records/\n\tnmap-127.0.0.1-2018-09-15-11-08-13.gnmap nmap-127.0.0.1-2018-09-15-11-08-13.nmap\n\tnmap-127.0.0.1-2018-09-15-11-08-13.xml\n\nOutput files naming follows a basic format. Note that naming is really efficient when **targets** are placed at **regular** positions. For example, ``nmap`` will process the target independantly from its position within the command line. This is achieved through a huge parsing effort on the command line that I don't want to reimplement in Python and for each hook. Thus, it is recommend to put the target **at the end of the command line** when tools are agnostic about its position.\n\nFinally, it should be highlighted that some command line arguments automatically disable the hooking mechanism. Especially, when help is invoked (``-h`` or ``--help``), or when output options are passed (basically ``-oJ``, ``-oA`` or whatever in ``nmap``), hooking is not performed.\n\nSome commands don't provide output options, so recording is achieved by passing them to the ``script`` utility::\n\n\t$ curl -s https://google.fr\n\t$ cat records/curl-record-2018-09-15-11-13-23.txt\n\tcurl -s https://google.fr\n\tScript started on 2018-09-15 11:13:23+02:00\n\t\n\t301 Moved\n\t

301 Moved

\n\tThe document has moved\n\there.\n\t\n\n\tScript done on 2018-09-15 11:13:23+02:00\n\n\nDisable hooking at runtime\n--------------------------\n\nSometimes, many **many** commands are typed and recording is not especially needed. Jarvis allows users to circumvent the hooking mechanism by using the ``--nojarvis`` option. This option will be consumed by Jarvis witout consequences on subsequent commands.\n\nScreenshots\n-----------\n\nTaking screenshot is also made easy with ``pentest screenshot``. This command will run the Imagemagick ``import`` command with manual selection options. Once the screenshot is taken, you are prompted for a screenshot name (I used ``zenity`` for this purpose):\n\n.. image:: doc/screenshot.png\n\nI recommend associating this command to a keybinding :-)\n\nYou can then list your screenshots::\n\n\t$ pentest img\n\tscreen-1.png\n\tscreen-2.png\n\t\nAnd edit any screenshot with ``pinta``, which is one of the most convenient *quickwin* editor from my point of view::\n\n\t$ pentest edit screen-1.png\n\nAdding a new hook\n=================\n\nTODO\n\nExtending Jarvis\n================\n\nJarvis is mainly a python module that can be used for various purposes based on pentest needings. The `sharify`_ script was developed for saving files efficiently when crawling CIFS share. Usually you do::\n\n\t$ smbclient -U \"domain\\user%password\" //host/share\n\tcd directory\n\tget file\n\n``file`` is then stored in the same directory from which you ran ``smbclient``. ``sharify`` consumes the Jarvis setup to drop downloaded files in the ``files`` directory within your current pentest directory::\n\n\t$ sharify -u USERNAME -p PASSWORD -d DOMAIN //host/share\n\tcd directory\n\tget file\n\t\n\t$ tree /path/to/pentest//files\n\t/path/to/pentest//files\n\t\u2514\u2500\u2500 host\n\t \u251c\u2500\u2500 share1\n\t \u2502\u00a0\u00a0 \u251c\u2500\u2500 file-1\n\t \u2502\u00a0\u00a0 \u2514\u2500\u2500 file-2\n\t \u2514\u2500\u2500 share2\n\t\t\u251c\u2500\u2500 file-1\n\t\t\u2514\u2500\u2500 file-2\t\n\n.. _sharify: https://github.com/BastienFaure/jarvis/blob/master/tools/sharify", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/BastienFaure/jarvis", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "jarvis-pentest", "package_url": "https://pypi.org/project/jarvis-pentest/", "platform": "any", "project_url": "https://pypi.org/project/jarvis-pentest/", "project_urls": { "Homepage": "https://github.com/BastienFaure/jarvis" }, "release_url": "https://pypi.org/project/jarvis-pentest/1.0.0/", "requires_dist": null, "requires_python": ">=3.3", "summary": "The pentest companion", "version": "1.0.0" }, "last_serial": 4339453, "releases": { "0.0.1": [ { "comment_text": "", "digests": { "md5": "b46e770db312a0b91c1ca51babf78e1d", "sha256": "90410eeb3ef19b77b15a9249e8bd718935c9ab2eac2856fcb8347c390f60ef4d" }, "downloads": -1, "filename": "jarvis-pentest-0.0.1.tar.gz", "has_sig": false, "md5_digest": "b46e770db312a0b91c1ca51babf78e1d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10297, "upload_time": "2017-03-24T00:14:47", "url": "https://files.pythonhosted.org/packages/c9/b6/4cc324e9b42bb7f73d05768519e0b2de5c85873ce3a8696d827ba672a208/jarvis-pentest-0.0.1.tar.gz" } ], "0.0.2": [], "0.0.3": [ { "comment_text": "", "digests": { "md5": "9aafd80b7f0a0fdf7f117846c7edd689", "sha256": "c377ad3f9798ef8d6f0e2ccf4a86ddcd284f5c80da9a787131b87ef711742583" }, "downloads": -1, "filename": "jarvis-pentest-0.0.3.tar.gz", "has_sig": false, "md5_digest": "9aafd80b7f0a0fdf7f117846c7edd689", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11269, "upload_time": "2017-03-24T09:02:30", "url": "https://files.pythonhosted.org/packages/9f/53/9b4f4c77adbf8d65d1c5873a39a5d90eb9b3e97f4e4d1d22a4cf61a42e8c/jarvis-pentest-0.0.3.tar.gz" } ], "0.0.4": [ { "comment_text": "", "digests": { "md5": "f7e024ea7c562bbcd10bc2d77a3bce7e", "sha256": "4f362a64f788695f097385d928c632583f375ea7c393d027596cedc39d053492" }, "downloads": -1, "filename": "jarvis-pentest-0.0.4.tar.gz", "has_sig": false, "md5_digest": "f7e024ea7c562bbcd10bc2d77a3bce7e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14780, "upload_time": "2017-04-26T09:16:51", "url": "https://files.pythonhosted.org/packages/30/39/77c72e78693143cabbccf1bfa5423a73d35cee3998a815de537277821dad/jarvis-pentest-0.0.4.tar.gz" } ], "0.0.5": [ { "comment_text": "", "digests": { "md5": "e8bbd29dad8421ed3c051dcb5bbb2eac", "sha256": "e90957c13ce7477c9d10b0f7b877474e535ebf0990289e895610e377bc1bbdbb" }, "downloads": -1, "filename": "jarvis-pentest-0.0.5.tar.gz", "has_sig": false, "md5_digest": "e8bbd29dad8421ed3c051dcb5bbb2eac", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14785, "upload_time": "2017-04-26T16:01:46", "url": "https://files.pythonhosted.org/packages/b8/5f/faaa7c62972b2fb7ed139bdb391b37363847cf21f77dddd0f50c7f7d3cdd/jarvis-pentest-0.0.5.tar.gz" } ], "0.0.6": [ { "comment_text": "", "digests": { "md5": "51a455952491a70c8d6e7aeadbbb871f", "sha256": "a8c97fe266ddd39074825303629ea0d08a705956b5a0b448a07153473183ace7" }, "downloads": -1, "filename": "jarvis-pentest-0.0.6.tar.gz", "has_sig": false, "md5_digest": "51a455952491a70c8d6e7aeadbbb871f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18073, "upload_time": "2018-09-14T21:22:52", "url": "https://files.pythonhosted.org/packages/ff/aa/59668a2efce3e2d99b626ba6d270af1b623b18c77b8796be13cb322064e6/jarvis-pentest-0.0.6.tar.gz" } ], "0.0.7": [ { "comment_text": "", "digests": { "md5": "ebfc937c66614d1101380e2193cbfaa3", "sha256": "845f371627fbab03d97ebfcc11ec7d6616f0ce592a473925ff6f269f05e7ba6c" }, "downloads": -1, "filename": "jarvis-pentest-0.0.7.tar.gz", "has_sig": false, "md5_digest": "ebfc937c66614d1101380e2193cbfaa3", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.3", "size": 18085, "upload_time": "2018-09-14T21:29:03", "url": "https://files.pythonhosted.org/packages/83/d8/ee42e3dddb980bf7a64e9c5935213d2da847bd18683adbb21fc06454e5d4/jarvis-pentest-0.0.7.tar.gz" } ], "0.0.8": [ { "comment_text": "", "digests": { "md5": "0f129573a03bb785eaccbb6b07a20849", "sha256": "f10e8bf081368b533dcbf846a2eddf533aa08160f9bae16886f510185875ccad" }, "downloads": -1, "filename": "jarvis-pentest-0.0.8.tar.gz", "has_sig": false, "md5_digest": "0f129573a03bb785eaccbb6b07a20849", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.3", "size": 18712, "upload_time": "2018-09-15T09:17:54", "url": "https://files.pythonhosted.org/packages/91/9f/35c5cfda33153b30b993fff12568326a405ec85f5bb7c4e392c43261c2a2/jarvis-pentest-0.0.8.tar.gz" } ], "0.0.9": [ { "comment_text": "", "digests": { "md5": "b19a955cb5beabda1cf9f4ad2071c7dd", "sha256": "4a524a88157d1030acc18d371f6c85ca03c87bea9396f32de800bdfd76f2127d" }, "downloads": -1, "filename": "jarvis-pentest-0.0.9.tar.gz", "has_sig": false, "md5_digest": "b19a955cb5beabda1cf9f4ad2071c7dd", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.3", "size": 18727, "upload_time": "2018-09-17T15:28:10", "url": "https://files.pythonhosted.org/packages/d8/57/b26c48a0d93ddd7a4a425c30f916ff111eb4264992f248d46ce15239956e/jarvis-pentest-0.0.9.tar.gz" } ], "1.0.0": [ { "comment_text": "", "digests": { "md5": "a5d40354d0335cf518daf34fb8204d56", "sha256": "2e096083b35e977e0e56d0dbb52381e48d03ceb864e5a8a27e8ce3a5a018dab0" }, "downloads": -1, "filename": "jarvis-pentest-1.0.0.tar.gz", "has_sig": false, "md5_digest": "a5d40354d0335cf518daf34fb8204d56", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.3", "size": 20227, "upload_time": "2018-10-04T08:39:37", "url": "https://files.pythonhosted.org/packages/06/a6/4df6e387e6177709659f02c0e426adc9626cb53220d31f0799b81b2247a9/jarvis-pentest-1.0.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "a5d40354d0335cf518daf34fb8204d56", "sha256": "2e096083b35e977e0e56d0dbb52381e48d03ceb864e5a8a27e8ce3a5a018dab0" }, "downloads": -1, "filename": "jarvis-pentest-1.0.0.tar.gz", "has_sig": false, "md5_digest": "a5d40354d0335cf518daf34fb8204d56", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.3", "size": 20227, "upload_time": "2018-10-04T08:39:37", "url": "https://files.pythonhosted.org/packages/06/a6/4df6e387e6177709659f02c0e426adc9626cb53220d31f0799b81b2247a9/jarvis-pentest-1.0.0.tar.gz" } ] }