New framework announcement: ogabog

We are excited to announce ogaboga, a cli framework to develop cli tools for Parrot OS. Right now we are doing reverse shell generator framework based on this and exploit payload generator is on the todo list.

  1. Why this framework?
  • We want to provide our native pentest tools to community
  • I personally don’t happy with some reverse shell generators on github. I want a tool that can handle more options from users without making the whole code be so complex.
  • Easy to add new modules and easy to custom.
    Example1: php module is having ReverseTCP shell which supports generate different shells on Linux and different execution method. In 1 different project, it is “php1, php2, php3” modules. Any different function can be added with help of argparse

    Example 2: We use the classes in a module to create different type of reverse shells. It is very easy to use and maintain
  1. Further work
  • Support more modules of reverse shell, bind shell
  • Add “escape” modules which has get pty shell on client
  • Add a “search” function for painless usage
  • Add payload generator framework for common exploitation types (os command injection, code injection…)
  • We expect convert some exploits on exploitdb to framework.
  1. Development process
  • For now there are 2 developers are developing this project. We are using PayloadAllTheThings and pentest monkey - reverse shell cheatsheet for our modules. We hope we can get more suggestions from users in this topic.
  • The project will be released and installed by default in Parrot in 4.12

Project URL: https://nest.parrotsec.org/packages/tools/ogabog
Modules of reverse shell generator: https://nest.parrotsec.org/packages/tools/ogabog/-/tree/master/shellgen/modules

4 Likes