Brosec – An interactive reference tool to help security professionals utilize useful payloads and commands.
Brosec – An interactive reference tool to help security professionals utilize useful payloads and commands.
Overview :
– Brosec is a RTFM-like utility to help Security Bros remember complex but useful payloads and commands
– Brosec utilizes saved variables (set by you) to create custom payloads on the fly. This config info is stored in a local db for your convenience
– Brosec outputs payloads and copies it to your clipboard in order to make your pentesting even more magical
– Your current config can be accessed by the config command at any time, or by entering the variable name
– Config values can be changed at any time by entering set <variable> <value>
– You can navigate to frequently used payloads by entering the menu sequence from the command line: bros <sequence>
Ex: bros 412 – This would automate entering 4 for the Web Menu, 1 for the XXE sub menu, and 3 for the XXE local file read payload
it work with :
– XXE Attacks
— Remote DTD File Parsing
— XXE (Local File Read)
— XXE (Local File Exfiltration using parameter entities)
– Linux Payload :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
Load({ payload: "last -a", desc: "Basic info about current users", category: "System Info"}) Load({ payload: "ps -ef", desc: "Process listing", category: "System Info"}) Load({ payload: "df -h", desc: "Disk usage (free)", category: "System Info"}) Load({ payload: "uname -a", desc: "Kernel version/CPU", category: "System Info"}) Load({ payload: "cat /etc/issue", desc: "Show OS Info", category: "System Info"}) Load({ payload: "cat /etc/*release*", desc: "Show OS version info", category: "System Info"}) Load({ payload: "cat /proc/version", desc: "Show kernel info", category: "System Info"}) Load({ payload: "rpm --query -all", desc: "Show installed packages (Redhat)", category: "System Info"}) Load({ payload: "rpm -vih *.rpm", desc: "Install RPM package (-e remove)", category: "System Info"}) Load({ payload: "dpkg -get-selections", desc: "Show installed packages (Ubuntu)", category: "System Info"}) Load({ payload: "dpkg -I *.deb", desc: "Install DEB package (-r remove)", category: "System Info"}) |
– Windows Common payload :
|
1 2 3 4 5 |
Load({ payload: "ver", desc: "Get OS version", category: "System Info"}) Load({ payload: "echo %USERNAME%", desc: "Get current user", category: "System Info"}) Load({ payload: "sc query state=all", desc: "Show services", category: "System Info"}) Load({ payload: "tasklist /svc", desc: "Show processes & services", category: "System Info"}) Load({ payload: "tasklist /m", desc: "Show processes & DLLs", category: "System Info"}) |
Payload Variables :
+ LHOST : Local IP or name
+ LPORT : Local IP or name
+ RHOST : Remote IP or name
+ RPORT : Remote IP or name
+ USER : Username (only used in a few payloads)
+ PROMPT : User Prompt (This isn’t a stored value. Instead, payloads with this variable will prompt for input.)
Usage :
|
1 2 |
$ bros $ bros 121 (Access a frequently used payload by entering the menu sequence) |
Installation
– git clone https://github.com/gabemarshall/Brosec.git
– cd into the directory and run npm install
– Linux users will need to install xclip
– Mac users may need to install netcat (via homebrew) for some payloads
Download : Master.zip | Clone Url
Source : https://github.com/gabemarshall