Giter Site home page Giter Site logo

shellbot's Introduction

ShellBot

ShellBot is a bot that will post a notification to Slack and/or Microsoft Teams whenever a new Empire or Meterpreter agent connection is received. A blog post on the bot can be found here: https://www.swordshield.com/2016/11/slackshellbot

alt text

Install

sudo pip -r requirements.txt OR sudo apt-get update && sudo apt-get install python-requests python-msgpack -y

ShellBot Usage

usage: shellbot.py [-h] [--debug] [-v]

optional arguments:
  -h, --help  show this help message and exit
  --debug     Enable debug output to console
  -v          Enable verbose output to console

ShellBot Configuration File

ShellBot uses a configuration file, shellbot.conf, that must be located in the same directory as shellbot.py. The Metasploit RPC interface must be available to check for Meterpreter Agents. The Empire database must be available to check for Empire Agents.

Example configuration:

[slack]
slackHook = https://hooks.slack.com/services/<randomstuff>
botName = ShellBot
channel = #shellbot
[teams]
teamsHook = https://outlook.office.com/webhook/<randomstuff>
[ShellBot]
sleepTime = 60
[empire]
db = /opt/Empire/data/empire.db
[msf]
msfRpcHost = 127.0.0.1
msfRpcPort = 55552
msfRpcUser = msf
msfRpcPass = SuperSecret

MSFRPC

https://help.rapid7.com/metasploit/Content/api-rpc/getting-started-api.html

You'll likely want to issue load msgrpc

msf > load msgrpc
[*] MSGRPC Service:  127.0.0.1:55552
[*] MSGRPC Username: msf
[*] MSGRPC Password: JZXiLwT4
[*] Successfully loaded plugin: msgrpc

You can use the msfrpc dameon msfrpcd -P BxunCyDD -U msf -a 127.0.0.1 -S -p 55552

Usage: msfrpcd <options>

OPTIONS:

    -P <opt>  Specify the password to access msfrpcd
    -S        Disable SSL on the RPC socket
    -U <opt>  Specify the username to access msfrpcd
    -a <opt>  Bind to this IP address
    -f        Run the daemon in the foreground
    -h        Help banner
    -n        Disable database
    -p <opt>  Bind to this port instead of 55553
    -t <opt>  Token Timeout (default 300 seconds
    -u <opt>  URI for Web server

Screenshots

Slack

Empire Agent Checkin on Slack

alt text

Meterpreter Agent Checkin on Slack

alt text

Microsoft Teams

Empire Agent Checkin on Microsoft Teams

alt text

Meterpreter Agent Checkin on Microsoft Teams

alt text

shellbot's People

Contributors

ne0nd0g avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.