云渗透安全 - Nebula 自动化测试

git clone https://github.com/gl4ssesbo1/Nebuladocker pull gl4ssesbo1/nebula:latest

docker run -v Nebula:/app -ti gl4ssesbo1/nebula:latest main.py

git clone https://github.com/gl4ssesbo1/Nebuladocker build -t nebula

docker run -v Nebula:/app -ti nebula main.py

python3.8 -m pip install -r requirements.txt 

curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb"dpkg -i session-manager-plugin.deb

python3.8 ./main.py

python3.9.exe .main.py -b                -------------------------------------------------------------                50 aws          0 gcp           0 azure         0 office365                0 docker        0 kubernetes                -------------------------------------------------------------                50 modules      2 cleanup               0 detection                41 enum         6 exploit               0 persistence                0 listeners     0 lateral movement      0 detection bypass                0 privesc       1 reconnaissance        0 stager                -------------------------------------------------------------()()(AWS) >>>

()()(AWS) >>> help
    Help Command:               Description:    -------------               ------------
    help                        Show help for all the commands    help credentials            Show help for credentials    help module                 Show help for modules    help workspace              Show help for credentials    help user-agent             Show help for credentials


    Module Commands             Description    ---------------             -----------
    show modules                List all the modules    show enum                   List all Enumeration modules    show exploit                List all Exploit modules    show persistence            List all Persistence modules    show privesc                List all Privilege Escalation modules    show reconnaissance         List all Reconnaissance modules    show listener               List all Reconnaissance modules    show cleanup                List all Enumeration modules    show detection              List all Exploit modules    show detectionbypass        List all Persistence modules    show lateralmovement        List all Privilege Escalation modules    show stager                 List all Reconnaissance modules
    use module <module>         Use a module.    options                     Show options of a module you have selected.    run                         Run a module you have selected. Eg: 'run <module name>'    search                      Search for a module via pattern. Eg: 'search s3'    back                        Unselect a module    set <option>                Set option of a module. Need to have the module used first.    unset <option>              Unset option of a module. Need to have the module used first.

    User-Agent commands         Description    -------------------         -----------
    set user-agent windows      Set a windows client user agent    set user-agent linux        Set a linux client user agent    set user-agent custom       Set a custom client user agent    show user-agent             Show the current user-agent    unset user-agent            Use the user agent that boto3 produces

    Workspace Commands          Description    ------------------          -----------
    create workspace <wp>       Create a workspace    use workspace <wp>          Use one of the workspaces    remove workspace <wp>       Remove a workspace

()()(AWS) >>> show modules        cleanup/aws_iam_delete_access_key                                     Delete access key of a user by providing                                                                                it.
        cleanup/aws_iam_delete_login_profile                                  Delete access of a user to the Management                                                                                Console
        enum/aws_ec2_enum_elastic_ips                                         Lists User data of an Instance provided.                                                                                Requires Secret Key and Access Key of an IAM that has access                                                                                to it.
        enum/aws_ec2_enum_images                                              List all ec2 images. Needs credentials of an                                                                                IAM with DescribeImages right. Output is dumpled on a file.                                                                                It takes a sh*tload of time, unfortunately. And boy, is it a                                                                                huge output.
        enum/aws_ec2_enum_instances                                           Describes instances attribues: Instances, VCP,                                                                                Zones, Images, Security Groups, Snapshots, Subnets, Tags,                                                                                Volumes. Requires Secret Key and Access Key of an IAM that                                                                                has access to all or any of the API calls:                                                                                DescribeAvailabilityZones, DescribeImages,                                                                                DescribeInstances, DescribeKeyPairs, DescribeSecurityGroups,                                                                                DescribeSnapshots, DescribeSubnets, DescribeTags,                                                                                DescribeVolumes, DescribeVpcs