brosec-1.1

Brosec v1.1 – An interactive reference tool to help security professionals utilize useful payloads and commands.

Changelog v1.1:
++ Features
– Full Windows Support added
– Better documentation added to the new wiki
– Simplified install process. Once you have nodejs installed just run npm install -g Brosec
– bros encode module added (realtime encoder/decoder)
– bros ftp now supports auth via –username and –password parameters.
– New SQLi Polyglots added to bros 43
– New XSS payloads bros 42 (bros 424 Credit to @0xsobky)
++ Dependencies
– Removed kexec dependency that was used to run netcat listeners (replaced by modules/nc.js) — this greatly reduces the complexity of Brosec and makes it easier to install.
++ Bug fixes
– Lots and lots of bug fixes…and probably new bugs introduced ;p

Brosec binaries are created using enclosejs(http://enclosejs.com/)
The binaries are not fully supported and are available as a convenience only (for example, bros encode in the Windows binary isn’t working). The binaries are handy if you just want to quickly try out Brosec, or if you need to deploy a quick http/ftp server during an engagement.

brosec-1.1

brosec v1.1

Brosec – An interactive reference tool to help security professionals utilize useful payloads and commands.

Brosec - Console

Brosec – Console

Overview :
– Brosec is a RTFM-like utility to help Security Bros remember complex but useful payloads and commands
– Brosec utilizes saved variables (set by you) to create custom payloads on the fly. This config info is stored in a local db for your convenience
– Brosec outputs payloads and copies it to your clipboard in order to make your pentesting even more magical
– Your current config can be accessed by the config command at any time, or by entering the variable name
– Config values can be changed at any time by entering set <variable> <value>
– You can navigate to frequently used payloads by entering the menu sequence from the command line: bros <sequence>
Ex: bros 412 – This would automate entering 4 for the Web Menu, 1 for the XXE sub menu, and 3 for the XXE local file read payload

Installation
Mac
+ brew install node netcat – Install Nodejs and netcat (or nc, ncat, etc)
+ git clone https://github.com/gabemarshall/Brosec.git – Clone Brosec repo
+ cd Brosec && npm install – cd into the directory and install npm depdendencies

Linux
+ <package manager> install node build-essential g++ xsel netcat Install Nodejs and other dependencies
+ git clone https://github.com/gabemarshall/Brosec.git – Clone Brosec repo
+ cd Brosec && npm install – cd into the directory and install npm depdendencies

Windows (Unsupported)
+ Install nodejs
+ Install ncat
+ git clone https://github.com/gabemarshall/Brosec.git – Clone Brosec repo
Payloads that utilize netcat will not work due to the kexec library not being supported in Windows

Configuration:
Brosec stores configuration values in a local json db file. The default storage location is /var/tmp, but can be changed by editing settings.dbPath variable in the settings.js file. Brosec also uses netcat for several payloads. If needed, the path to netcat can be altered via the settings.netcat variable.
Payload Variables;
+ LHOST : Local IP or name
+ LPORT : Local IP or name
+ RHOST : Remote IP or name
+ RPORT : Remote IP or name
+ USER : Username (only used in a few payloads)
+ PROMPT : User Prompt (This isn’t a stored value. Instead, payloads with this variable will prompt for input.)

Download Using Git for Ubuntu/Debian/Kali:

Download stable version:
bros-1.1-darwin-x86_64.tar.gz
bros-1.1-linux-x86.tar.gz
bros-1.1-linux-x86_64.tar.gz
bros-1.1-Win-x86_64.zip
Source: https://github.com/gabemarshall | Our Post Before