Published on August 2nd, 2016 📆 | 4798 Views ⚑
0Brosec — terminal based reference utility
An interactive reference tool to help security professionals utilize useful payloads and commands
Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful (yet sometimes complex) payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec’s most popular use cases is the ability to generate on the fly reverse shells (python, perl, powershell, etc) that get copied to the clipboard.
Installation
Mac
brew install node netcat
– Install Nodejs and netcat (or nc, ncat, etc)git clone https://github.com/gabemarshall/Brosec.git
– Clone Brosec repocd Brosec && npm install
– cd into the directory and install npm depdendencies
Linux
<package manager> install node build-essential g++ xsel netcat
Install Nodejs and other dependenciesgit clone https://github.com/gabemarshall/Brosec.git
– Clone Brosec repocd Brosec && npm install
– cd into the directory and install npm depdendencies
Windows (Unsupported)
- Install nodejs
- Install ncat
git clone https://github.com/gabemarshall/Brosec.git
– Clone Brosec repo
Payloads that utilize netcat will not work due to the kexec library not being supported in Windows
Optional
Add bros directory path to your PATH env variable, create a symlink for the bros file, etc
Brosec v1.1 Released
Configuration
Brosec stores configuration values in a local json db file. The default storage location is /var/tmp, but can be changed by editing settings.dbPath variable in the settings.js file. Brosec also uses netcat for several payloads. If needed, the path to netcat can be altered via the settings.netcat variable.
Payload Variables
- LHOST : Local IP or name
- LPORT : Local IP or name
- RHOST : Remote IP or name
- RPORT : Remote IP or name
- USER : Username (only used in a few payloads)
- PROMPT : User Prompt (This isn’t a stored value. Instead, payloads with this variable will prompt for input.)
[adsense size='1']
Additional Features
Brosec comes with several auxiliary modules that were designed to make your day life a little bit easier. The following are the currently available modules. All auxiliary modules must be used from the command line — not the main terminal menu system.
Bros http(s)
Need a quick web server? Forget python SimpleHTTPServer, bros has your back with bros http
when entered via the command line. An SSL server? bros https
has you covered.
Bros FTP
Need to exfiltrate some data via ftp? Bros comes with a handy bros ftp
when entered via the command line. The ftp server accepts anonymous downloads/uploads from the CWD (so be careful when running).
Bros Encode
A realtime encoder/decoder utility designed with web pentesters in mind that often find the need to encode and decode various payloads.
https://github.com/gabemarshall/Brosec
Gloss