new file: lib/resources/linelists/top_50_sudo_commands

new file: lib/resources/linelists/top_90_linux_commands modified: modules/generators/content/bash_history/secgen_local/local.rb modified: modules/generators/content/bash_history/secgen_metadata.xml Sudo commands are now randomly inputted and password is taken in from a parameter new file: lib/resources/linelists/top_50_sudo_commands new file: lib/resources/linelists/top_90_linux_commands modified: modules/generators/content/bash_history/secgen_local/local.rb modified: modules/generators/content/bash_history/secgen_metadata.xml Sudo commands are now randomly entered into the commands array and the password is taken in as an input
2026-02-21 11:18:06 +00:00 · 2023-04-16 14:15:31 +01:00
parent 9d4d3a39bc
commit 94e341585f
5 changed files with 162 additions and 8 deletions
--- a/lib/objects/local_string_generator.rb
+++ b/lib/objects/local_string_generator.rb
@@ -114,7 +114,7 @@ class StringGenerator
    end

    enforce_utf8(self.outputs)
-    print_outputs if has_base64_inputs
+    print_outputs
  end

  def enforce_utf8(values)
--- a/lib/resources/linelists/top_50_sudo_commands
+++ b/lib/resources/linelists/top_50_sudo_commands
@@ -0,0 +1,50 @@
+sudo apt-get update
+sudo apt-get install packagename
+sudo apt-get remove packagename
+sudo systemctl restart servicename
+sudo systemctl stop servicename
+sudo systemctl start servicename
+sudo ufw enable/disable
+sudo ufw allow/deny port-number
+sudo useradd -m -s /bin/bash username
+sudo usermod -aG groupname username
+sudo groupadd groupname
+sudo userdel username
+sudo chown -R username:groupname /path/to/folder
+sudo chmod -R 755 /path/to/folder
+sudo systemctl enable/disable servicename
+sudo systemctl status servicename
+sudo apt-get upgrade
+sudo apt-get dist-upgrade
+sudo apt-get autoremove
+sudo apt-get clean
+sudo add-apt-repository ppa:repositoryname
+sudo sed -i 's/oldstring/newstring/g' /path/to/file
+sudo find /path/to/search/ -type f -exec rm {} ;
+sudo tar -xvf archive.tar -C /path/to/extract/
+sudo tail -f /var/log/messages
+sudo chmod 700 /path/to/file
+sudo chgrp groupname /path/to/file
+sudo passwd username
+sudo chsh -s /bin/bash username
+sudo ln -s /path/to/file /path/to/link
+sudo mount /dev/sdb1 /mnt/usb
+sudo umount /mnt/usb
+sudo chattr +i /path/to/file
+sudo crontab -e
+sudo dpkg -i packagename.deb
+sudo dpkg --configure -a
+sudo service ssh restart
+sudo service apache2 restart
+sudo service mysql restart
+sudo service postfix restart
+sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys keynumber
+sudo apt-get install -y packagename
+sudo apt-get install -f
+sudo apt-get install build-essential
+sudo apt-get install python3-pip
+sudo usermod -L username
+sudo usermod -U username
+sudo systemctl reload servicename
+sudo systemctl mask/unmask servicename
+sudo visudo
--- a/lib/resources/linelists/top_90_linux_commands
+++ b/lib/resources/linelists/top_90_linux_commands
@@ -0,0 +1,88 @@
+locate filename
+chgrp groupname filename
+chroot /path/to/chroot/
+scp /path/to/source user@destination:/path/to/destination/
+service servicename start/stop/restart
+curl -I http://example.com
+useradd username
+usermod -aG groupname username
+groupadd groupname
+passwd username
+whoami
+which commandname
+uptime
+touch filename
+tail -n 100 /var/log/messages
+su username
+stat filename
+sed -n '10,20p' file.txt
+sed -i '1d' file.txt
+tar -cvf archive.tar /path/to/folder/
+tar -xvf archive.tar -C /path/to/extract/
+traceroute google.com
+uname -a
+uptime -p
+userdel username
+wc -l file.txt
+watch -n 1 command
+wget http://example.com/file
+who
+zip -r archive.zip /path/to/folder/
+unzip archive.zip -d /path/to/extract/
+rsync -avz /path/to/source/ user@destination:/path/to/destination/
+ps -ef | grep "process name"
+netstat -antp | grep "port number"
+ifconfig -a
+hostnamectl set-hostname newhostname
+find /path/to/search/ -type d -exec chmod 755 {} ;
+dig example.com
+curl -o filename http://example.com/file
+cat /proc/cpuinfo
+awk '{print $2}' /proc/meminfo
+adduser username groupname
+apt-get update
+apt-get install packagename
+apt-get remove packagename
+df -h
+du -sh *
+free -m
+head -n 10 file.txt
+tail -n 10 file.txt
+grep -i "search term" file.txt
+lsof -i tcp:port-number
+killall processname
+hostname -i
+mount -t cifs //192.168.1.100/share /mnt/cifs -o username=user,password=password
+nc -l port-number
+nl file.txt
+passwd root
+ping -c 5 8.8.8.8
+ps -aux | grep "process name"
+rmdir dirname
+sed -i '/search term/d' file.txt
+ssh-keygen -t rsa -b 4096
+ssh-copy-id user@hostname
+systemctl status servicename
+systemctl start/stop/restart servicename
+tar -czvf archive.tar.gz /path/to/folder
+tar -xzvf archive.tar.gz -C /path/to/extract/
+touch -d "1 day ago" file.txt
+uptime -s
+uname -r
+uniq file.txt
+usermod -L username
+usermod -U username
+visudo
+whois example.com
+xargs -I {} mv {} /path/to/destination/ < filelist.txt
+zip -r archive.zip /path
+locate filename
+chgrp groupname filename
+chroot /path/to/chroot/
+scp /path/to/source user@destination:/path/to/destination/
+service servicename start/stop/restart
+curl -I http://example.com
+useradd username
+usermod -aG groupname username
+groupadd groupname
+passwd username
--- a/modules/generators/content/bash_history/secgen_local/local.rb
+++ b/modules/generators/content/bash_history/secgen_local/local.rb
@@ -9,21 +9,37 @@ class BashHistoryGenerator < StringGenerator
  LOCAL_DIR = File.expand_path('../../',__FILE__)
  TEMPLATE_PATH = "#{LOCAL_DIR}/templates/bash_history.md.erb"

+  def initialize
+    super
+    self.password_sample = ''
+  end
+
+  def get_options_array
+    super + [['--password', GetoptLong::OPTIONAL_ARGUMENT]]
+  end
+  
+  def proccess_options(opt, arg)
+    super
+    case opt
+    when '--password'
+      self.password_sample << arg;
+    end
+  end
+
  def generate

+    puts "Password = #{self.password_sample}"
    sudo_array = File.readlines('../../../../../lib/resources/linelists/top_50_sudo_commands')
    self.sudo_sample = sudo_array.sample(5)
-    password_array = File.readlines('../../../../../lib/resources/wordlists/10_million_password_list_top_100')
-    self.password_sample = password_array.sample(1)
    command_array = File.readlines('../../../../../lib/resources/linelists/top_90_linux_commands')
    self.command_sample = command_array.sample(20)
-    command_array.insert(4, sudo_array)
    counter = 4
    sudo_count = 0
    while counter != 20
-      command_sample.insert(counter, sudo_sample[sudo_count])
+      randInt = rand(sudo_sample.length)
+      command_sample.insert(randInt, sudo_sample[randInt])
      if sudo_count == 0
-        command_sample.insert(5, password_sample[0])
+        command_sample.insert(5, self.password_sample)
        sudo_count += 1
      end
      counter += 4
--- a/modules/generators/content/bash_history/secgen_metadata.xml
+++ b/modules/generators/content/bash_history/secgen_metadata.xml
@@ -12,8 +12,8 @@
  <type>string_generator</type>
  <type>local_calculation</type>
  <platform>linux</platform>
-  

-  <!-- END: proxy_pass input -->
+  <read_fact>password</read_fact>
+
  <output_type>generated_strings</output_type>
 </generator>