Skip to content

home

Jump to bottom
Sechorda edited this page Dec 21, 2024 · 5 revisions

secOS Wiki

Installation

Download .iso/.ova format from https://sec-os.com

  • Username: mist
  • Password: live

Core Stack

  • Base System: Debian-based Linux distribution using apt package manager
  • Window Manager: AwesomeWM with custom theme and configuration
  • Compositor: Picom
  • Terminal: Kitty
  • Installer: Calamares
  • Browser: Firefox with security-focused extensions
    • DOMLogger++
    • PwnFox
    • Wappalyzer

CLI Tools

Recon

Reconnaissance automation framework that integrates multiple tools for target enumeration.

~ λ recon <domain> [-full] [-aws]

Arguments:
  domain        Target domain to scan
  -full         Run full scan including Amass
  -aws          Use Fireprox for scanning (requires configured AWS credentials)

-aws - utilizes Fireprox to create an HTTP API Gateway that acts as a proxy tunnel, providing pseudo-infinite IP addresses for scanning. Requires aws-configure with valid AWS identity/profile.

BBOT - Subdomain enumeration later passed to upstream tools.

JSluice - used during scanning to parse JavaScript files passed from gospider for secrets and potentially insecure implementations.

DNSReaper - Scans for potential subdomain takeover from domains supplied from Knockpy/Amass

Wafw00f - Scans for WAF implementation and any anomalies (endpoints with no WAF / different WAF than apex domain)

Cloudbrute - Scans for exposed cloud resources (S3 buckets, Azure storage...)

FFUF - Used for directory brute-forcing/enumeration

Arjun - Attempts to find API parameters on any Endpoint discovered downstream that appears to be an API

Corsy - Scans for CORS implementation misconfigurations for downstream endpoints.

Results are organized in the Obsidian vault:

  • overview.md: Main findings including
    • WAF detections
    • Subdomain takeover opportunities
    • CORS misconfigurations
    • TXT records
    • Complete subdomain table with IP/HTTP status
  • Raw scan data can be found in the tool's file (No file means no output was generated)

Infra

Interactive AWS infrastructure management tool launched via:

~ λ infra

Provides a menu-driven interface for:

  • EC2 instance management (list, start, stop)
  • Route53 DNS configuration

Requires aws-configure with valid AWS identity/profile for all operations.

Clone this wiki locally