Overview (tl;dr)

Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful (yet sometimes complex) payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec's most popular use cases is the ability to generate on the fly reverse shells (python, perl, powershell, etc) that get copied to the clipboard.

Assuming the user has already set up the required variables (see the Getting Started section of the wiki) a reverse shell using the awk command can be generated as easy as...

Or maybe you need to remotely invoke a Powershell script? A download cradle can be generated like so.

Additional Features and Usage Examples

Bros http(s)

Need a quick web server? Forget python SimpleHTTPServer, bros has your back with bros http when entered via the command line. An SSL server? bros https has you covered.

Bros FTP

Need to exfiltrate some data via ftp? Bros comes with a handy bros ftp when entered via the command line. The ftp server accepts anonymous downloads/uploads from the CWD (so be careful when running).

Bros Encode

A encoder/decoder utility designed with penetration testers in mind that often find the need to encode and decode various payloads.

Learn about these features and more on the Brosec wiki.

Installation

The preferred method of installation (in order to get all of the latest updates) is to clone the source and install the dependencies manualy (git clone && npm install).

However, a stable build can be quickly installed via the following instructions.

Mac

Quick Installation

• Install Homebrew
• brew tap t94j0/security - Use t94j0's tap which contains the brosec formula
• brew install brosec - Installs the brosec package

Kali Linux

• apt-get install npm build-essential g++ xsel Install dependencies

• npm install -g n Install n (nodejs version manager)

  • If the above fails, try - npm config set registry http://registry.npmjs.org/

• n latest Install latest version of nodejs

• npm install -g Brosec - Install Brosec (may need sudo to symlink to /usr/local/bin)

Windows

• Install nodejs via official installer
• npm install -g Brosec - Install Brosec

If you have trouble installing, you can also try a compiled copy of Brosec. See Releases.

Swag

Want a free Brosec sticker?

Submit a pull request, create an issue, or just send feedback to [email protected] and I'll happily send you a sticker (supplies limited, free shipping to continental US only).

Otherwise you can order one from StickerMule

Credits

Brosec was heavily inspired by the Red Team Field Manual by Ben Clark. In addition, many payloads were referenced from other resources and deserve a shoutout.

• pentestmonkey reverse shells
• g0tmi1k linux privesc
• obsecuresecurity
• SecLists

Special thanks to @LuxCupitor