changelog brosec v1.3.0.3 (June 30, 2017):
* Minor Fix & Enhancement
+ Added new payloads to wmic (bros 34)
+ Added netsh proxy command to bros 33
+ Added multiple COM Scriplet payloads (credit to @subTee and @enigma0x3) to bros 37
brosec v1.3.0.3
Brosec v1.3.0
brosec v1.2.3
bros encoding
Brosec – An interactive reference tool to help security professionals utilize useful payloads and commands.
Brosec – Console
Overview :
– Brosec is a RTFM-like utility to help Security Bros remember complex but useful payloads and commands
– Brosec utilizes saved variables (set by you) to create custom payloads on the fly. This config info is stored in a local db for your convenience
– Brosec outputs payloads and copies it to your clipboard in order to make your pentesting even more magical
– Your current config can be accessed by the config command at any time, or by entering the variable name
– Config values can be changed at any time by entering set <variable> <value>
– You can navigate to frequently used payloads by entering the menu sequence from the command line: bros <sequence>
Ex: bros 412 – This would automate entering 4 for the Web Menu, 1 for the XXE sub menu, and 3 for the XXE local file read payload
Installation
Mac
+ brew install node netcat – Install Nodejs and netcat (or nc, ncat, etc)
+ git clone https://github.com/gabemarshall/Brosec.git – Clone Brosec repo
+ cd Brosec && npm install – cd into the directory and install npm depdendencies
Linux
+ <package manager> install node build-essential g++ xsel netcat Install Nodejs and other dependencies
+ git clone https://github.com/gabemarshall/Brosec.git – Clone Brosec repo
+ cd Brosec && npm install – cd into the directory and install npm depdendencies
Windows (Unsupported)
+ Install nodejs
+ Install ncat
+ git clone https://github.com/gabemarshall/Brosec.git – Clone Brosec repo
Payloads that utilize netcat will not work due to the kexec library not being supported in Windows
Configuration:
Brosec stores configuration values in a local json db file. The default storage location is /var/tmp, but can be changed by editing settings.dbPath variable in the settings.js file. Brosec also uses netcat for several payloads. If needed, the path to netcat can be altered via the settings.netcat variable.
Payload Variables;
+ LHOST : Local IP or name
+ LPORT : Local IP or name
+ RHOST : Remote IP or name
+ RPORT : Remote IP or name
+ USER : Username (only used in a few payloads)
+ PROMPT : User Prompt (This isn’t a stored value. Instead, payloads with this variable will prompt for input.)
Download Using Git for Ubuntu/Debian/Kali:
git clone https://github.com/gabemarshall/Brosec && cd Brosec apt-get install npm build-essential g++ xsel npm install -g n npm install -g Brosec
Download stable version:
bros-1.1-darwin-x86_64.tar.gz
bros-1.1-linux-x86.tar.gz
bros-1.1-linux-x86_64.tar.gz
bros-1.1-Win-x86_64.zip
Source: https://github.com/gabemarshall | Our Post Before