Red Team Server (RTS)
Deployable Nerve Center for Pentest Engagements
Overview:
How many times have you been on a pentest engagement and wished you had something (capability, software, tool)? How hard is it to constantly build new images, install all the tools, and have all the software you want at your finger tips? Especially when testing closed networks, standalone systems, etc.
What if you could bring along a small, portable server that had:
- Rich Text/Modern Collaboration Tools
- Unified Group & Team Communication (web based & client based)
- A web-enabled git repository containing curated tools you and your team needs on the regular
- Automated Reconnaissance, Scanning and Enumeration- Screenshots included
- Centralized C2 Infrastructure
- At your fingertips references, despite connectivity issues
- Centralized Vulnerability Management and Reporting
- Cloud based artifact storage and later retrieval
- Convienent “pastebin” functionality for working and collaborting on the fly
Welcome to RTS
At it’s heart RTS is just a culmination of others people hard work and ingenunity which has been curated, automated, and made easy to install. RTS is meant to be installed on a portable computing device that you can take with you to pentest engagements. The way we use this guy:
- ASUS Vivomini (https://www.asus.com/us/Displays-Desktops/Mini-PCs/VivoMini/)
- ESXI 6.5 installed (the ESXi 6.5 image actually needs to modified with proper LAN drivers to work)
- Kali as a virtual machine running inside ESXI 6.5
- Each service running a docker micro-service utilizing docker-compose and a master bash script for automation.
The culmination of the all four steps above results in something we call RTS.
When RTS is deployed this way, it provides a convienent, deployable nerve center for any pentest engagement.
Composition
- Kali Linux (https://www.kali.org/)
- Matrix Synapse HomeServer (https://github.com/matrix-org/synapse)
- Element Web Client (https://github.com/vector-im/element-web)
- IVRE Recon Framework (https://github.com/ivre/ivre)
- Reconmap Framework (https://github.com/reconmap)
- Convenant C2 Framework (https://github.com/cobbr/Covenant) (still in work)
- Nextcloud (https://github.com/nextcloud)
- Gitea (https://github.com/go-gitea/gitea)
- Hastebin (https://github.com/toptal/haste-server)
- LOLBins (https://lolbas-project.github.io/)
- GTFOBins (https://gtfobins.github.io/)
- Nginx (https://github.com/nginx)
- Nginx-proxy (https://github.com/nginx-proxy/nginx-proxy)
- Opensource Penetration Testing Standards
Get Started
While the above description of RTS is how it’s intended to deploy, you can also deploy it in a standard Virtual Machine as well. The one gotcha (for now) is that all the services domain names must be locally mapped into each accessing systems host file in order for the reverse proxy to function.
Other than that, you clone this repository into a blank kali linux install, chmod +x ./rts-setup and execute.
Using
As mentioned above, you’ll need to edit your testing system (defined as the the system you will be using to conduct penetration tests against a target) host file. The rts-setup.sh script will tell you all the relevant hostnames and IP’s so it should just be a simple copy + paste operation.
Once done, everything should be setup and installed. Just navigate to any of the URL’s and use as the author of that software intended.
Thanks / Credit
Thanks to all of the above authors of the software linked above. Without your outstanding hard work, ingenunity and selfless dedication to open source software none of this would be possible. With that being said, if you would like direct credit here, please reach out to me with your name, preferred contact method (if any), citations you may want to be included, and/or any other links to your work and I will put them here.
The Red Team is a github repository by James H Allphin
