hideNsneak - a CLI for ephemeral penetration testing | HACK4NET

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls.

hideNsneak provides a simple interface that allows penetration testers to build ephemeral infrastructure -- one that requires minimal overhead. hideNsneak can:

deploy, destroy, and list
1. Cloud instances via EC2 and Digital Ocean (Google Cloud, Azure, and Alibaba Cloud coming soon)
2. API Gateway (AWS)
3. Domain fronts via AWS Cloudfront and Google Cloud Functions (Azure CDN coming soon)
Proxy through infrastructure
Deploy C2 redirectors
Send and receive files
Port scanning via NMAP
Remote installations of Burp Collab, Cobalt Strike, Socat, LetsEncrypt, GoPhish, and SQLMAP
work with teams teams

Running locally

A few disclosures for V 1.0:

At this time, all hosts are assumed Ubuntu 16.04 Linux.
Setup is done on your local system (Linux and Mac Only). In the future, we're hoping to add on a docker container to decrease initial setup time
The only vps providers currently setup are AWS and Digital Ocean
You need to make sure that go is installed. Instructions can be found here
the GOPATH environment variable MUST be set

Create a new AWS S3 bucket in us-east-1
- Ensure this is not public as it will hold your terraform state
go get github.com/rmikehodges/hideNsneak
cd $GOPATH/src/github.com/rmikehodges/hideNsneak
./setup.sh
cp config/example-config.json config/config.json
- fill in the values
- aws_access_id, aws_secret_key, aws_bucket_name, public_key, private_key, ec2_user, and do_user are required at minimum
- all operators working on the same state must have config values filled in all the same fields
- private and public keys must be the same for each operator
now you can use the program by running ./hidensneak [command]

Github Project

Running locally

A few disclosures for V 1.0:

At this time, all hosts are assumed Ubuntu 16.04 Linux.

Setup is done on your local system (Linux and Mac Only). In the future, we're hoping to add on a docker container to decrease initial setup time

The only vps providers currently setup are AWS and Digital Ocean

You need to make sure that go is installed. Instructions can be found here

the GOPATH environment variable MUST be set

Create a new AWS S3 bucket in us-east-1

Ensure this is not public as it will hold your terraform state

go get github.com/rmikehodges/hideNsneak

cd $GOPATH/src/github.com/rmikehodges/hideNsneak

./setup.sh

cp config/example-config.json config/config.json

fill in the values
aws_access_id, aws_secret_key, aws_bucket_name, public_key, private_key, ec2_user, and do_user are required at minimum
all operators working on the same state must have config values filled in all the same fields
private and public keys must be the same for each operator

now you can use the program by running ./hidensneak [command]