SHURIKEN - Exploit throwing framework.

SHURIKEN – Exploit throwing framework.

A simple bash-based throwing framework. It’s stupid simple, and configuration is just done by flat files.shuriken
+ Adding an exploit
Each exploit belongs in its own directory under exploits. Symlinks work nicely if moving the files isn’t ideal.
Each exploit directory must contain a file named exploit. If this file is executable (chmod +x), it is invoked each round. It is not invoked with any arguments.
The arguments to the exploit are passed in the environment. The most important ones are:

All data from each invokation of the exploit is logged into the logs directory inside the exploit directory. It is automatically created if it does not exist.

+ Blacklists and Whitelists
By default, an exploit is thrown against all teams every round.
To modify this behavior, create a file named whitelist or blacklist in your exploit directory. Any IPs or team names in blacklist are skipped. If whitelist exists, any IPs or teams not contained in the file are skipped.

+ Logging
Exploitation Attempt Logs
All of the exploitation attempts are logged to stdout, as well as syslog.
See config/log for an extensible location to add to the logging.
To set up the syslog endpoint:

Per-Exploit Logs
Each exploit attempt gets its own log directory, in the logs directory. Each log directory is timestamped, and includes the team name and target IP. For example, it might look something like: exploits/example_slowpoke/logs/2015-07-01-02:37:58-samurai-104.236.67.106-94230.
Inside of the log directory are a handful of files:

To see the full list of environment variables, look at the run file generated for each execution.

+ Configuration
Shuriken does not require any command line arguments, all configuration comes from the files in the config/ directory. By default, no configuration should be necessary.
In addition to those documented above, there are also:

Listeners
Some example key listeners are included in listeners/. These are designed as testing tools in lieu of a full-blown Nodachi key listener.
– tcp receives flags via TCP
– fifo receives flags from a FIFO

Installation:

Source : https://github.com/samuraictf