pwn 0.4.333

data/spec/spec_helper.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'pwn'

data/update_pwn.sh

@@ -0,0 +1,15 @@
+#!/bin/bash --login
+if [[ $PWN_ROOT == '' ]]; then
+  if [[ ! -d '/pwn' ]]; then
+    pwn_root=$(pwd)
+  else
+    pwn_root='/pwn'
+  fi
+else
+  pwn_root="${PWN_ROOT}"
+fi
+
+#sudo /bin/bash --login -c "cd ${pwn_root} && ./reinstall_pwn_gemset.sh"
+#sudo /bin/bash --login -c "cd ${pwn_root} && ./build_pwn_gem.sh"
+export rvmsudo_secure_path=1
+rvmsudo /bin/bash --login -c "cd ${pwn_root} && ./build_pwn_gem.sh"

data/upgrade_ruby.sh

@@ -0,0 +1,46 @@
+#!/bin/bash --login
+# USE THIS SCRIPT WHEN UPGRADING RUBY
+if [[ $PWN_ROOT == '' ]]; then
+  if [[ ! -d '/pwn' ]]; then
+    pwn_root=$(pwd)
+  else
+    pwn_root='/pwn'
+  fi
+else
+  pwn_root="${PWN_ROOT}"
+fi
+
+function usage() {
+  echo $"Usage: $0 <new ruby version e.g. 2.4.4> <optional bool running from build_pwn_gem.sh>"
+  exit 1
+}
+
+source /etc/profile.d/rvm.sh
+
+new_ruby_version=$1
+if [[ $2 != '' ]]; then
+  old_ruby_version=$2
+else
+  old_ruby_version=`cat ${pwn_root}/.ruby-version`
+fi
+
+ruby_gemset=`cat ${pwn_root}/.ruby-gemset`
+
+if [[ $# < 1 ]]; then
+  usage
+fi
+
+# Upgrade RVM
+#curl -sSL https://get.rvm.io | sudo bash -s latest
+curl -sSL https://rvm.io/mpapis.asc | sudo gpg2 --import -
+curl -sSL https://rvm.io/pkuczynski.asc | sudo gpg2 --import -
+export rvmsudo_secure_path=1
+rvmsudo rvm get latest
+rvm reload
+
+# Install New Version of RubyGems & Ruby
+cd $pwn_root && ./vagrant/provisioners/gem.sh
+rvmsudo rvm install ruby-$new_ruby_version
+echo $new_ruby_version > $pwn_root/.ruby-version
+
+cd $pwn_root && rvm use $new_ruby_version@$ruby_gemset && ./build_pwn_gem.sh

data/vagrant/provisioners/apache2.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+if [[ $PWN_ROOT == '' ]]; then
+  if [[ ! -d '/pwn' ]]; then
+    pwn_root=$(pwd)
+  else
+    pwn_root='/pwn'
+  fi
+else
+  pwn_root="${PWN_ROOT}"
+fi
+
+pwn_provider=`echo $PWN_PROVIDER`
+apache_userland_root="${pwn_root}/etc/userland/${pwn_provider}/apache2"
+apache_vagrant_yaml="${apache_userland_root}/vagrant.yaml"
+domain_name=$(hostname -d)
+sudo /bin/bash --login -c "echo -e '127.0.0.1\tjenkins.${domain_name}' >> /etc/hosts"
+sudo /bin/bash --login -c "echo -e '127.0.0.1\topenvas.${domain_name}' >> /etc/hosts"
+sudo /bin/bash --login -c "sed -i \"s/DOMAIN/${domain_name}/g\" /etc/apache2/sites-available/*.conf"
+sudo rm /etc/apache2/sites-enabled/*
+sudo ln -s /etc/apache2/sites-available/jenkins_80.conf /etc/apache2/sites-enabled/
+sudo ln -s /etc/apache2/sites-available/jenkins_443.conf /etc/apache2/sites-enabled/
+sudo ln -s /etc/apache2/sites-available/openvas_80.conf /etc/apache2/sites-enabled/
+sudo ln -s /etc/apache2/sites-available/openvas_443.conf /etc/apache2/sites-enabled/
+
+tls_deployment_type=`ruby -e "require 'yaml'; print YAML.load_file('${apache_userland_root}/vagrant.yaml')['tls_deployment_type']"`
+
+case $tls_deployment_type in
+  'letsencrypt')
+    # Public Facing
+    $pwn_root/vagrant/provisioners/letsencrypt.rb
+    ;;
+  'self_signed')
+    # Internally Hosted
+    sudo mkdir /etc/apache2/ssl
+
+    country_name=`ruby -e "require 'yaml'; print YAML.load_file('${apache_vagrant_yaml}')['country_name']"`
+    state_or_prov=`ruby -e "require 'yaml'; print YAML.load_file('${apache_vagrant_yaml}')['state_or_prov']"`
+    city_name=`ruby -e "require 'yaml'; print YAML.load_file('${apache_vagrant_yaml}')['city_name']"`
+    org_company_name=`ruby -e "require 'yaml'; print YAML.load_file('${apache_vagrant_yaml}')['org_company_name']"`
+    org_unit_name=`ruby -e "require 'yaml'; print YAML.load_file('${apache_vagrant_yaml}')['org_unit_name']"`
+    common_name_fqdn=`ruby -e "require 'yaml'; print YAML.load_file('${apache_vagrant_yaml}')['common_name_fqdn']"`
+    email_addr=`ruby -e "require 'yaml'; print YAML.load_file('${apache_vagrant_yaml}')['email_addr']"`
+
+    sudo openssl req \
+      -x509 -nodes -days 999 -newkey rsa:4096 \
+      -keyout /etc/apache2/ssl/jenkins.key \
+      -out /etc/apache2/ssl/jenkins.crt \
+      -subj "/C=${country_name}/ST=${state_or_prov}/L=${city_name}/O=${org_company_name}/OU=${org_unit_name}/CN=jenkins.${common_name_fqdn}/emailAddress=${email_addr}"
+
+    sudo openssl req \
+      -x509 -nodes -days 999 -newkey rsa:4096 \
+      -keyout /etc/apache2/ssl/openvas.key \
+      -out /etc/apache2/ssl/openvas.crt \
+      -subj "/C=${country_name}/ST=${state_or_prov}/L=${city_name}/O=${org_company_name}/OU=${org_unit_name}/CN=openvas.${common_name_fqdn}/emailAddress=${email_addr}"
+    
+    # Replace LetsEncrypt TLS Entries w/ Self-Signed for OpenVAS
+    sudo sed -i '12s/.*/SSLCertificateFile \/etc\/apache2\/ssl\/jenkins\.crt/' \
+      /etc/apache2/sites-available/jenkins_443.conf
+    sudo sed -i '13s/.*/SSLCertificateKeyFile \/etc\/apache2\/ssl\/jenkins\.key/' \
+      /etc/apache2/sites-available/jenkins_443.conf
+    sudo sed -i '14s/.*//' /etc/apache2/sites-available/jenkins_443.conf
+
+    # Replace LetsEncrypt TLS Entries w/ Self-Signed for OpenVAS
+    sudo sed -i '12s/.*/SSLCertificateFile \/etc\/apache2\/ssl\/openvas\.crt/' \
+      /etc/apache2/sites-available/openvas_443.conf
+    sudo sed -i '13s/.*/SSLCertificateKeyFile \/etc\/apache2\/ssl\/openvas\.key/' \
+      /etc/apache2/sites-available/openvas_443.conf
+    sudo sed -i '14s/.*//' /etc/apache2/sites-available/openvas_443.conf
+    ;;
+  *)
+    echo "No tls_deployment_type Specified in ${apache_vagrant_yaml} for Apache2 Virtual Hosting"
+    exit 1
+esac
+
+sudo systemctl enable apache2
+sudo systemctl restart apache2

data/vagrant/provisioners/beef.rb

@@ -0,0 +1,30 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+print 'Updating BeEF...'
+beef_root = '/opt/beef-dev/'
+puts `
+  sudo /bin/bash \
+    --login \
+    -c "\
+      cd #{beef_root} && \
+      rm Gemfile.lock && \
+      git pull
+    "
+`
+beef_ruby_version = File.readlines("#{beef_root}/.ruby-version")[0].to_s.scrub.strip.chomp
+beef_gemset = File.readlines("#{beef_root}/.ruby-gemset")[0].to_s.scrub.strip.chomp
+puts `
+  sudo bash \
+    --login \
+    -c "\
+      source /etc/profile.d/rvm.sh; \
+      rvm install ruby-#{beef_ruby_version}; \
+      rvm use ruby-#{beef_ruby_version}; \
+      rvm gemset create #{beef_gemset}; \
+      cd #{beef_root}; \
+      gem install bundler; \
+      bundle install
+    "
+`
+puts 'complete.'

data/vagrant/provisioners/burpsuite_pro.rb

@@ -0,0 +1,37 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'yaml'
+require 'digest'
+require 'fileutils'
+
+if ENV['PWN_ROOT']
+  pwn_root = ENV['PWN_ROOT']
+elsif Dir.exist?('/pwn')
+  pwn_root = '/pwn'
+else
+  pwn_root = Dir.pwd
+end
+
+pwn_provider = ENV['PWN_PROVIDER'] if ENV['PWN_PROVIDER']
+userland_config = "#{pwn_root}/etc/userland/#{pwn_provider}/burpsuite/vagrant.yaml"
+userland_burpsuite_pro_jar_path = "#{pwn_root}/third_party/burpsuite-pro.jar"
+burpsuite_pro_jar_dest_path = "/opt/burpsuite/#{File.basename(userland_burpsuite_pro_jar_path)}"
+if File.exist?(userland_burpsuite_pro_jar_path)
+  burpsuite_pro_yaml = YAML.load_file(userland_config)
+  burpsuite_pro_jar_sha256_sum = burpsuite_pro_yaml['burpsuite_pro_jar_sha256_sum']
+  # license_key = burpsuite_pro_yaml['license_key'].to_s.scrub.strip.chomp
+
+  this_sha256_sum = Digest::SHA256.file(userland_burpsuite_pro_jar_path).to_s
+
+  if this_sha256_sum == burpsuite_pro_jar_sha256_sum
+    print "Copying #{userland_burpsuite_pro_jar_path} to #{burpsuite_pro_jar_dest_path}..."
+    system("sudo cp #{userland_burpsuite_pro_jar_path} #{burpsuite_pro_jar_dest_path}")
+  else
+    puts "#{burpsuite_pro_jar_dest_path}: (SHA256 Sum #{this_sha256_sum})"
+    puts "!= #{userland_config} (SHA256 Sum: #{burpsuite_pro_jar_sha256_sum})"
+    print 'removing...'
+    system("sudo rm #{userland_burpsuite_pro_jar_path} #{burpsuite_pro_jar_dest_path}")
+  end
+  puts 'complete.'
+end

data/vagrant/provisioners/exploit-db.sh

@@ -0,0 +1,2 @@
+#!/bin/bash --login
+sudo searchsploit -u

data/vagrant/provisioners/gem.sh

@@ -0,0 +1,4 @@
+#!/bin/bash --login
+printf "Updating RubyGems (i.e. gem command)..."
+gem update --system
+echo "complete."

data/vagrant/provisioners/init_env.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+hostname=$1
+
+echo 'Updating /etc/sudoers'
+if [[ ! -e '/etc/sudoers.d/jenkins' ]]; then 
+  sudo /bin/bash --login -c 'echo "jenkins ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/jenkins'
+fi
+sudo sed -i -e 's/^Defaults.*requiretty/# Defaults requiretty/g' /etc/sudoers
+sudo /bin/bash --login -c 'echo "Defaults:admin !requiretty" >> /etc/sudoers'
+sudo sed -i -e 's/^%sudo.+ALL=(ALL:ALL) ALL/%sudo.+ALL=(ALL:ALL) NOPASSWD:ALL/g' /etc/sudoers
+echo "Updating FQDN: ${hostname}"
+cat /etc/hosts | grep "${hostname}" || sudo sed "s/127.0.0.1/127.0.0.1 ${hostname}/g" -i /etc/hosts
+hostname | grep "${hostname}" || sudo hostname "${hostname}"
+
+# Listens on TCP 80 & 443 by default which collides w/ Apache
+# TCP 80 Collision
+sudo systemctl disable nginx
+sudo systemctl stop nginx
+
+# TCP 443 Collision
+sudo systemctl disable inetsim
+sudo systemctl stop inetsim

data/vagrant/provisioners/jenkins.sh

@@ -0,0 +1,87 @@
+#!/bin/bash --login
+if [[ $PWN_ROOT == '' ]]; then
+  if [[ ! -d '/pwn' ]]; then
+    pwn_root=$(pwd)
+  else
+    pwn_root='/pwn'
+  fi
+else
+  pwn_root="${PWN_ROOT}"
+fi
+
+pwn_provider=`echo $PWN_PROVIDER`
+jenkins_userland_root="${pwn_root}/etc/userland/${pwn_provider}/jenkins"
+jenkins_vagrant_yaml="${jenkins_userland_root}/vagrant.yaml"
+
+# Make sure the pwn gemset has been loaded
+source /etc/profile.d/rvm.sh
+ruby_version=`cat ${pwn_root}/.ruby-version`
+rvm use ruby-$ruby_version@pwn
+
+initial_admin_pwd=$(sudo cat /var/lib/jenkins/secrets/initialAdminPassword)
+
+printf "Creating User *************************************************************************"
+new_user=`ruby -e "require 'yaml'; print YAML.load_file('${jenkins_vagrant_yaml}')['user']"`
+new_pass=`ruby -e "require 'yaml'; print YAML.load_file('${jenkins_vagrant_yaml}')['pass']"`
+new_fullname=`ruby -e "require 'yaml'; print YAML.load_file('${jenkins_vagrant_yaml}')['fullname']"`
+new_email=`ruby -e "require 'yaml'; print YAML.load_file('${jenkins_vagrant_yaml}')['email']"`
+
+pwn_jenkins_useradd -s 127.0.0.1 -d 8888 -u $new_user -p $new_pass -U admin -P $initial_admin_pwd -e $new_email
+
+# Begin Creating Self-Update Jobs in Jenkins and Template-Based Jobs to Describe how to Intgrate PWN into Jenkins
+printf "Creating Self-Update and PWN-Template Jobs ********************************************"
+ls $jenkins_userland_root/jobs/*.xml | while read jenkins_xml_config; do
+  file_name=`basename $jenkins_xml_config`
+  job_name=${file_name%.*}
+  pwn_jenkins_create_job --jenkins_ip 127.0.0.1 \
+    -d 8888 \
+    -U admin \
+    -P $initial_admin_pwd \
+    -j $job_name \
+    -c $jenkins_xml_config
+done
+
+# Create any jobs residing in $pwn_root/etc/userland/$pwn_provider/jenkins/jobs_userland
+ls $jenkins_userland_root/jobs_userland/*.xml 2> /dev/null
+if [[ $? == 0 ]]; then
+  printf "Creating User-Land Jobs ***************************************************************"
+  ls $jenkins_userland_root/jobs_userland/*.xml | while read jenkins_xml_config; do
+    file_name=`basename $jenkins_xml_config`
+    job_name=${file_name%.*}
+    pwn_jenkins_create_job --jenkins_ip 127.0.0.1 \
+      -d 8888 \
+      -U admin \
+      -P $initial_admin_pwd \
+      -j $job_name \
+      -c $jenkins_xml_config
+  done
+fi
+
+printf "Creating Jenkins Views ****************************************************************"
+pwn_jenkins_create_view --jenkins_ip 127.0.0.1 \
+  -d 8888 \
+  -U admin \
+  -P $initial_admin_pwd \
+  -v 'PWN-Templates' \
+  -r '^pwntemplate-.+$'
+
+pwn_jenkins_create_view --jenkins_ip 127.0.0.1 \
+  -d 8888 \
+  -U admin \
+  -P $initial_admin_pwd \
+  -v 'Self-Update' \
+  -r '^selfupdate-.+$'
+
+pwn_jenkins_create_view --jenkins_ip 127.0.0.1 \
+  -d 8888 \
+  -U admin \
+  -P $initial_admin_pwd \
+  -v 'Pipeline' \
+  -r '^pipeline-.+$'
+
+pwn_jenkins_create_view --jenkins_ip 127.0.0.1 \
+  -d 8888 \
+  -U admin \
+  -P $initial_admin_pwd \
+  -v 'User-Land' \
+  -r '^userland-.+$'

data/vagrant/provisioners/jenkins_ssh-keygen.rb

@@ -0,0 +1,86 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'yaml'
+require 'pwn'
+
+if ENV['PWN_ROOT']
+  pwn_root = ENV['PWN_ROOT']
+elsif Dir.exist?('/pwn')
+  pwn_root = '/pwn'
+else
+  pwn_root = Dir.pwd
+end
+
+pwn_provider = ENV['PWN_PROVIDER'] if ENV['PWN_PROVIDER']
+jenkins_userland_config = YAML.load_file("#{pwn_root}/etc/userland/#{pwn_provider}/jenkins/vagrant.yaml")
+private_key_path = '/var/lib/jenkins/.ssh/id_rsa-pwn_jenkins'
+userland_ssh_keygen_pass = jenkins_userland_config['ssh_keygen_pass']
+userland_user = jenkins_userland_config['user']
+userland_pass = jenkins_userland_config['pass']
+hostname = `hostname`.to_s.chomp.strip.scrub
+
+print 'Creating SSH Key for Userland Jenkins Jobs...'
+puts `
+  sudo \
+    -H \
+    -u jenkins \
+    /bin/bash \
+      --login \
+      -c "
+        echo y | \
+          ssh-keygen \
+            -t rsa \
+            -b 4096 \
+            -C 'jenkins@#{hostname}' \
+            -N '#{userland_ssh_keygen_pass}' \
+            -f '#{private_key_path}'
+      "
+`
+
+# TODO: Begin Potential Race Condition of Private SSH Key for Jenkins User
+`sudo -H -u jenkins /bin/bash --login -c 'chmod 777 #{File.dirname(private_key_path)} && chmod 644 #{private_key_path}'`
+
+# TODO: Create Jenkins SSH Credentials for all hosts referenced in vagrant.yaml (User-Land Config)
+jenkins_obj = PWN::Plugins::Jenkins.connect(
+  jenkins_ip: '127.0.0.1',
+  port: 8888,
+  username: userland_user,
+  password: userland_pass
+)
+
+if jenkins_userland_config.include?('jenkins_job_credentials') &&
+   jenkins_userland_config['jenkins_job_credentials'].any?
+
+  jenkins_userland_config['jenkins_job_credentials'].each do |j_creds_hash|
+    ssh_username = j_creds_hash['ssh_username']
+    description = j_creds_hash['description']
+    credential_id = j_creds_hash['credential_id'].to_s
+
+    if credential_id == ''
+      PWN::Plugins::Jenkins.create_ssh_credential(
+        jenkins_obj: jenkins_obj,
+        username: ssh_username,
+        private_key_path: private_key_path,
+        key_passphrase: userland_ssh_keygen_pass,
+        description: description
+      )
+    else
+      PWN::Plugins::Jenkins.create_ssh_credential(
+        jenkins_obj: jenkins_obj,
+        username: ssh_username,
+        private_key_path: private_key_path,
+        key_passphrase: userland_ssh_keygen_pass,
+        credential_id: credential_id,
+        description: description
+      )
+    end
+  end
+end
+
+puts 'The following is the public SSH key created for Jenkins:'
+puts `sudo cat /var/lib/jenkins/.ssh/id_rsa-pwn_jenkins.pub`
+puts 'If you intend on leveraging User-Land jobs that will connect to remote hosts via SSH'
+puts 'please ensure you add the aforementioned public key value to your respective ~/.ssh/authorized_keys file.'
+# TODO: End of Potential Race Condition
+`sudo -H -u jenkins /bin/bash --login -c 'chmod 600 #{private_key_path} && chmod 700 #{File.dirname(private_key_path)}'`

data/vagrant/provisioners/kali_customize.rb

@@ -0,0 +1,130 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+if ENV['PWN_ROOT']
+  pwn_root = ENV['PWN_ROOT']
+elsif Dir.exist?('/pwn')
+  pwn_root = '/pwn'
+else
+  pwn_root = Dir.pwd
+end
+
+# A list of these are available in /usr/share/applications/*.desktop
+panel_root = '/usr/share/applications'
+wallpaper = "#{pwn_root}/documentation/pwn_wallpaper.jpg"
+
+system("sudo chmod 777 #{panel_root}")
+
+File.open("#{panel_root}/pwn-prototyper.desktop", 'w') do |f|
+  f.puts '[Desktop Entry]'
+  f.puts 'Name=pwn'
+  f.puts 'Encoding=UTF-8'
+  f.puts 'Exec=/bin/bash --login -c pwn'
+  f.puts 'Icon=gksu-root-terminal'
+  f.puts 'StartupNotify=false'
+  f.puts 'Terminal=true'
+  f.puts 'Type=Application'
+end
+
+File.open("#{panel_root}/pwn-chromium-jenkins.desktop", 'w') do |f|
+  f.puts '[Desktop Entry]'
+  f.puts 'Name=Jenkins'
+  f.puts 'Encoding=UTF-8'
+  f.puts 'Exec=/bin/bash --login -c "/usr/bin/chromium https://jenkins.$(hostname -d)"'
+  f.puts 'Icon=dconf-editor'
+  f.puts 'Type=Application'
+  f.puts 'Categories=Network;WebBrowser;'
+  f.puts 'MimeType=text/html;text/xml;application/xhtml_xml;application/x-mimearchive;x-scheme-handler/http;x-scheme-handler/https;'
+  f.puts 'StartupWMClass=chromium'
+  f.puts 'StartupNotify=true'
+end
+
+File.open("#{panel_root}/pwn-chromium-openvas.desktop", 'w') do |f|
+  f.puts '[Desktop Entry]'
+  f.puts 'Name=OpenVAS'
+  f.puts 'Encoding=UTF-8'
+  f.puts 'Exec=/bin/bash --login -c "/usr/bin/chromium https://openvas.$(hostname -d)"'
+  f.puts 'Terminal=false'
+  f.puts 'X-MultipleArgs=false'
+  f.puts 'Type=Application'
+  f.puts 'Icon=kali-openvas.png'
+  f.puts 'Categories=Network;WebBrowser;'
+  f.puts 'MimeType=text/html;text/xml;application/xhtml_xml;application/x-mimearchive;x-scheme-handler/http;x-scheme-handler/https;'
+  f.puts 'StartupWMClass=chromium'
+  f.puts 'StartupNotify=true'
+end
+
+File.open("#{panel_root}/pwn-msfconsole.desktop", 'w') do |f|
+  f.puts '[Desktop Entry]'
+  f.puts 'Name=metasploit framework'
+  f.puts 'Encoding=UTF-8'
+  f.puts 'Exec=sudo /bin/bash --login -c "cd /opt/metasploit-framework-dev && ./msfconsole"'
+  f.puts 'Icon=kali-metasploit-framework.png'
+  f.puts 'StartupNotify=false'
+  f.puts 'Terminal=true'
+  f.puts 'Type=Application'
+end
+
+File.open("#{panel_root}/pwn-setoolkit.desktop", 'w') do |f|
+  f.puts '[Desktop Entry]'
+  f.puts 'Name=social engineering toolkit'
+  f.puts 'Encoding=UTF-8'
+  f.puts 'Exec=sudo /bin/bash --login -c "setoolkit"'
+  f.puts 'Icon=kali-set.png'
+  f.puts 'StartupNotify=false'
+  f.puts 'Terminal=true'
+  f.puts 'Type=Application'
+  f.puts 'Categories=08-exploitation-tools;13-social-engineering-tools;'
+  f.puts 'X-Kali-Package=set'
+end
+
+system("sudo chown root:root #{panel_root}/*.desktop")
+system("sudo chmod 755 #{panel_root}")
+
+panel_items = [
+  'pwn-prototyper.desktop',
+  'terminator.desktop',
+  'kali-recon-ng.desktop',
+  'pwn-chromium-jenkins.desktop',
+  'pwn-chromium-openvas.desktop',
+  'chromium.desktop',
+  'firefox-esr.desktop',
+  'kali-burpsuite.desktop',
+  'kali-zaproxy.desktop',
+  'pwn-msfconsole.desktop',
+  'kali-searchsploit.desktop',
+  'pwn-setoolkit.desktop'
+]
+
+# XFCE
+# Do not show icons on Desktop
+system('xfconf-query --channel xfce4-desktop --property /desktop-icons/file-icons/show-home --set false')
+system('xfconf-query --channel xfce4-desktop --property /desktop-icons/file-icons/show-trash --set false')
+system('xfconf-query --channel xfce4-desktop --property /desktop-icons/file-icons/show-removable --set false')
+system('xfconf-query --channel xfce4-desktop --property /desktop-icons/file-icons/show-filesystem --set false')
+
+# Create the Custom Kali Panel
+system('xfce4-clipman &')
+panel_items.each do |panel_item|
+  system("xfce4-panel --add=launcher #{panel_root}/#{panel_item}")
+end
+
+# Use the PWN Wallpaper for LightDm Greeter
+# Keep space between c\ background...
+system("sudo sed -i '/background/c\ background = #{wallpaper}' /etc/lightdm/lightdm-gtk-greeter.conf")
+# Use the PWN Wallpaper
+system(
+  "
+    xfconf-query \
+      --channel xfce4-desktop \
+      --list | \
+        grep image | \
+        grep -e path -e last | \
+        while read property; do \
+          xfconf-query \
+            --channel xfce4-desktop \
+            --property $property \
+            --set #{wallpaper}; \
+        done
+  "
+)

data/vagrant/provisioners/letsencrypt.rb

@@ -0,0 +1,35 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'yaml'
+
+print "Installing Let's Encrypt **************************************************************"
+if ENV['PWN_ROOT']
+  pwn_root = ENV['PWN_ROOT']
+elsif Dir.exist?('/pwn')
+  pwn_root = '/pwn'
+else
+  pwn_root = Dir.pwd
+end
+
+pwn_provider = ENV['PWN_PROVIDER'] if ENV['PWN_PROVIDER']
+letsencrypt_git = 'https://github.com/letsencrypt/letsencrypt'
+letsencrypt_root = '/opt/letsencrypt-git'
+letsencrypt_yaml = YAML.load_file("#{pwn_root}/etc/userland/#{pwn_provider}/letsencrypt/vagrant.yaml")
+letsencrypt_domains = letsencrypt_yaml['domains']
+letsencrypt_email = letsencrypt_yaml['email'].to_s.scrub.strip.chomp
+
+letsencrypt_flags = '--apache'
+letsencrypt_domains.each { |domain| letsencrypt_flags = "#{letsencrypt_flags} -d #{domain}" }
+letsencrypt_flags = "#{letsencrypt_flags} --non-interactive --agree-tos --text --email #{letsencrypt_email}"
+
+system(
+  "sudo -i /bin/bash \
+    --login \
+    -c \"
+      git clone #{letsencrypt_git} #{letsencrypt_root} && \
+      cd #{letsencrypt_root} && \
+      ./letsencrypt-auto-source/letsencrypt-auto #{letsencrypt_flags}
+    \"
+  "
+)

data/vagrant/provisioners/metasploit.rb

@@ -0,0 +1,25 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+print 'Updating Metasploit...'
+metasploit_root = '/opt/metasploit-framework-dev/'
+puts `sudo /bin/bash --login -c "cd #{metasploit_root} && rm Gemfile.lock && git pull"`
+metasploit_ruby_version = File.readlines("#{metasploit_root}/.ruby-version")[0].to_s.scrub.strip.chomp
+puts `
+  sudo bash \
+    --login \
+    -c "
+      source /etc/profile.d/rvm.sh; \
+      rvm install ruby-#{metasploit_ruby_version}; \
+      rvm use ruby-#{metasploit_ruby_version}; \
+      rvm gemset create metasploit-framework; \
+      cd #{metasploit_root}; \
+      gem install bundler && \
+      bundle install && \
+      systemctl restart msfrpcd.service; \
+      ls tools/exploit | while read util; do \
+        ln -sf ./tools/exploit/$util; \
+      done
+    "
+`
+puts 'complete.'

data/vagrant/provisioners/nmap_all_live_hosts.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+sudo /bin/bash --login -c 'cd /opt/nmap_all_live_hosts && git pull'

data/vagrant/provisioners/openvas.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+# Update user/pass based on UserLand Configs
+if [[ $PWN_ROOT == '' ]]; then
+  if [[ ! -d '/pwn' ]]; then
+    pwn_root=$(pwd)
+  else
+    pwn_root='/pwn'
+  fi
+else
+  pwn_root="${PWN_ROOT}"
+fi
+
+pwn_provider=`echo $PWN_PROVIDER`
+openvas_vagrant_yaml="${pwn_root}/etc/userland/${pwn_provider}/openvas/vagrant.yaml"
+apache_vagrant_yaml="${pwn_root}/etc/userland/${pwn_provider}/apache2/vagrant.yaml"
+user=`ruby -e "require 'yaml'; print YAML.load_file('${openvas_vagrant_yaml}')['user']"`
+pass=`ruby -e "require 'yaml'; print YAML.load_file('${openvas_vagrant_yaml}')['pass']"`
+fqdn=`ruby -e "require 'yaml'; print YAML.load_file('${apache_vagrant_yaml}')['common_name_fqdn']"`
+sudo /bin/bash --login -c "openvasmd --create-user ${user}"
+sudo /bin/bash --login -c "openvasmd --user=${user} --new-password=${pass}"
+sudo sed -i "9s/.*/ExecStart=\/usr\/sbin\/gsad --foreground --listen=127\.0\.0\.1 --port=9392 --mlisten=127\.0\.0\.1 --mport=9390 --http-only --no-redirect --allow-header-host openvas.${fqdn}/" /lib/systemd/system/greenbone-security-assistant.service
+sudo systemctl daemon-reload
+sudo systemctl restart greenbone-security-assistant

data/vagrant/provisioners/openvas_wrappers.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+sudo /bin/bash --login -c 'cd /opt/openvas_wrappers && git pull'

data/vagrant/provisioners/post_install.sh

@@ -0,0 +1,14 @@
+#!/bin/bash --login
+if [[ $pwn_provider != 'aws' ]]; then
+  sudo passwd --expire admin
+fi
+
+sudo userdel -r pwnadmin
+
+# Regenerate SSH Keys
+# RSA
+yes y | sudo ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 8192
+# DSA
+yes y | sudo ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa -b 1024
+# ECDSA
+yes y | sudo ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa -b 521