TAP is a remote penetration testing platform builder. For folks in the security industry, traveling often times becomes a burden and adds a ton of cost to the customer. TAP was designed to make the deployment of these boxes super simple and create a self-healing and stable platform to deploy remote penetration testing platforms. Essentially the concept is simple, you pre-configure a brand new box and run the TAP setup file. This will install a service on Linux that will be configured the way you want. What it will do is establish a reverse SSH tunnel back to a machine thats exposed on the Internet for you. From there you can access the box locally from the server it connects back to. TAP automatically detects when an SSH connection has gone stale and will automatically rebuild it for you.
It also has a number of other options, for example, in the event you lose SSH, it’ll connect out to a text file and execute commands for you. Also updates itself continiously as well as ensure that you are running the latest packages for Ubuntu Linux (if that is your OS).
Simple SSHUTTLE script written by Dave Kennedy @HackingDave:
import os import subprocess import time
if not os.path.isfile(“/usr/sbin/sshuttle”): print “[!] SSHUTTLE does not appear to be installed, installing now” subprocess.Popen(“apt-get install sshuttle -f”, shell=True).wait()
print “Welcome to the sshuttle wrapper for TAP.” print “Enter the address for the SSH server, i.e. box.sshserver.com” reverse1 = raw_input(“Enter SSH server (REMOTE server): “) reverse2 = raw_input(“Enter the remote SSH port for %s:: ” % (reverse1)) reverse3 = raw_input(“Enter the port to tunnel for the local TAP machine (i.e. TAP box localhost port): “) reverse4 = raw_input(“Enter the username to connect to REMOTE system: “) print “Triggering tunnel now…” time.sleep(2) subprocess.Popen(“ssh -f %s@%s -L %s:localhost:%s -N” % (reverse4, reverse1, reverse3, reverse2), shell=True).wait() subprocess.Popen(“sshuttle –dns -vr %s@localhost:%s 0/0” % (reverse4,reverse3), shell=True).wait()
Using Proxy Chains
TAP uses proxychains4 (proxychains-ng) to tunnel all of your http/https traffic through SSH to your remote box. This helps with content/egress filtering so you can ensure you always have everything up-to-date. In order to use proxychains, just type proxychains4 – TAP updates automatically use this.
TAP during the setup process will prompt you to see if you want to log all commands executed on the system. If you do, all commands that are entered on the system will be logged so that you can provide to the customer or keep records of what happened on the devices. All logs are saved under /var/log/messages.