https://github.com/offsh/offsh

Xonsh-powered pentesting framework.
https://github.com/offsh/offsh

pentesting security wazuh xonsh xxh

Last synced: about 2 months ago
JSON representation

Xonsh-powered pentesting framework.

• Host: GitHub
• URL: https://github.com/offsh/offsh
• Owner: offsh
• License: gpl-3.0
• Created: 2020-11-29T10:21:34.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2021-07-11T16:47:48.000Z (over 3 years ago)
• Last Synced: 2024-07-30T21:06:33.331Z (5 months ago)
• Topics: pentesting, security, wazuh, xonsh, xxh
• Language: Shell
• Homepage:
• Size: 589 KB
• Stars: 6
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        






  

  ![](images/LOGO_LARGE.png)

  
OffShell


  


    A Xonsh-powered framework to build shells designed with pentesting in mind.

    


  

    ·

    Request Feature

  


  
Table of Contents

  


    


      About The Project

      


        
Built With

      

    

    


      Getting Started

      


        
Prerequisites

        
Installation

      

    

    
Usage

    
Roadmap

    
Build

    
Contributing

    
License

    
Contact

    
Acknowledgements

  


## About The Project

This project includes tools to build portable images of a Python shell (powered by xonsh and with xxh support) destinated to be used for pentesting and bug bounties (among others, ethical, hacking purposes).

It includes an easy way to build custom appimages with a portable shell (that could be run in Linux, Unix, Windows and others OS without any trouble) that supports Python sintax and may include additional toosl. 

This image is intended to be used along with xxh proyect so you could extend it's functionality through the network using ssh connections. For example: you could connect to an old Solaris machine using xxh and easily run your portable image with all your plugins, configurations and additionally installed tools.

### Built With

* [Xonsh](https://github.com/xonsh/xonsh) - Python-powered shell.

* [xxh](https://github.com/xxh/xxh) - Bring your favorite shell wherever you go through the ssh.

### Compatible with

* [Wazuh](https://github.com/wazuh/wazuh) - The Open Source Security Platform: Wazuh is a tool that can be used to gather, decode and analyze logs. Offshell can be integrated with Wazuh by sending the logs generated by our history backend plugin to Wazuh to be analyzed and indexed into a search engine such as Elasticsearch (or OpenSearch, soon). Also, Wazuh can analyze the received logs and generate alerts based on some pre-defined rules for interesting security events such as detected vulnerabilities or privilege escalations.

## Getting Started

### Installation of official images.

**Important: the appimage requires Git to properly work!**

We have some pre-built images available here at Github.

It is not required to install Xonsh, you only need to download the last built appimage and make it executable to run the shell.

Download Xonsh:

```

sudo wget -q https://github.com/offsh/offsh/releases/download/0.0.2/xonsh -O /bin/xonsh

sudo chmod a+x /bin/xonsh

```

The appimage includes the xxh package but not the configuration file. You should also download the configuration file for xonsh:

```

wget -q https://raw.githubusercontent.com/offsh/offshell/main/xonshrc -O ~/.xonshrc

mkdir -p ~/.config/xxh/

wget -q https://raw.githubusercontent.com/offsh/xxh/master/config.xxhc -O ~/.config/xxh/config.xxhc

```

### Make it default

Optionally, you could make this your default shell by running:

```

$ echo "/bin/xonsh" >> /etc/shells

# chsh -s /bin/xonsh

```

## Log data collection

After running the shell, the offshell syslog data collection plugin would be enabled, you just need to run the following command for more informatio-

```

history info

```

### Integration with Wazuh

To integrate this with Wazuh, you need a Wazuh Manager server running in another machine. Then, you have to install Wazuh agent in your server by following this guide: https://documentation.wazuh.com/4.0/installation-guide/wazuh-agent/

You would check (among other things) your syslog filename. You should mark it for being analyzed in Wazuh configuration using a block like this one:

```

  /home/*/.local/share/xonsh/syslog/shell_profiler.log

  syslog

```

After adding that block to your ossec.conf file, if you agent is correctly connected to a Wazuh manager it woud start sending information about exeuted commands to your server and it will index it to a Elasticsearch index.

Finally, you would need to add the rules and decoders from https://github.com/offsh/offshell/tree/main/ruleset to `/var/ossec/etc/rules` and `/var/ossec/etc/decoders/`

## Build

You can modify this proyect and build your own appimages using the tools included in the build_appimage directory.

For example, to include more python depedencies in the appimage you only need to modify the `pre-requirements.txt` file.

You could also modify the xonsh/xxh configuration file to add functionalities, plugins, aliases, etc..

## Roadmap

See the [open issues](https://github.com/offsh/offshell/issues) for a list of proposed features (and known issues).

## Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are **greatly appreciated**.

1. Fork the Project

2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)

3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)

4. Push to the Branch (`git push origin feature/AmazingFeature`)

5. Open a Pull Request

## License

Distributed under the GLP3 License. See `LICENSE` for more information.

## Contact

Francisco Navarro - [@SpotH0und](https://twitter.com/SpotH0und) - [email protected]

Project Link: [https://github.com/offsh/offshell](https://github.com/offsh/offshell)