We are excited to announce ogaboga, a cli framework to develop cli tools for Parrot OS. Right now we are doing reverse shell generator framework based on this and exploit payload generator is on the todo list.
- Why this framework?
- We want to provide our native pentest tools to community
- I personally don’t happy with some reverse shell generators on github. I want a tool that can handle more options from users without making the whole code be so complex.
- Easy to add new modules and easy to custom.
Example1: php module is having ReverseTCP shell which supports generate different shells on Linux and different execution method. In 1 different project, it is “php1, php2, php3” modules. Any different function can be added with help of argparse
Example 2: We use the classes in a module to create different type of reverse shells. It is very easy to use and maintain
- Further work
- Support more modules of reverse shell, bind shell
- Add “escape” modules which has get pty shell on client
- Add a “search” function for painless usage
- Add payload generator framework for common exploitation types (os command injection, code injection…)
- We expect convert some exploits on exploitdb to framework.
- Development process
- For now there are 2 developers are developing this project. We are using PayloadAllTheThings and pentest monkey - reverse shell cheatsheet for our modules. We hope we can get more suggestions from users in this topic.
- The project will be released and installed by default in Parrot in 4.12
Project URL: https://nest.parrotsec.org/packages/tools/ogabog
Modules of reverse shell generator: https://nest.parrotsec.org/packages/tools/ogabog/-/tree/master/shellgen/modules