[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

offsh/offsh

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
.github/workflows
.github/workflows
 
 
build_appimage
build_appimage
 
 
images
images
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
xonshrc
xonshrc
 
 

Repository files navigation


Logo

OffShell

A Xonsh-powered shell designed with pentesting in mind.
· Request Feature

Table of Contents
  1. About The Project
  2. Getting Started
  3. Usage
  4. Roadmap
  5. Contributing
  6. License
  7. Contact
  8. Acknowledgements

About The Project

Offshell is a project developed to investigate the viability of using Xonsh to record shell commands execution during a security auditory. We will combine this with Wazuh log data collection engine to analyze the generated logs and generate alerts according to the severity of the detected events.

Built With

Getting Started

TO DO

Prerequisites

You need to install Offsh Xonsh appimage and a Wazuh agent.

Installation

Install Wazuh agent in your server by following this guide: https://documentation.wazuh.com/4.0/installation-guide/wazuh-agent/

Download Xonsh:

sudo wget https://github.com/offsh/offshell/releases/download/0.0.2/xonsh -O /bin/xonsh
sudo chmod a+x /bin/xonsh

Add the Xonsh and XXH configuration:

curl -o ~/.xonshrc https://raw.githubusercontent.com/offsh/offshell/main/xonshrc
curl -o ~/.config/xxh/config.xxhc https://raw.githubusercontent.com/offsh/xxh/master/config.xxhc

Make it default

$ echo "/bin/xonsh" >> /etc/shells
# chsh -s /bin/xonsh

Usage

Then, open a shell and write xonsh to start using the offshell. If you execute

history info

You would check see (among other things) your syslog filename. You should mark it for being analyzed in Wazuh configuration using a block like this one:

<localfile>
  <location>/home/*/.local/share/xonsh/syslog/shell_profiler.log</location>
  <log_format>syslog</log_format>
</localfile>

After adding that block to your ossec.conf file, if you agent is correctly connected to a Wazuh manager it woud start sending information about exeuted commands to your server and it will index it to a Elasticsearch index.

Roadmap

See the open issues for a list of proposed features (and known issues).

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

License

Distributed under the GLP3 License. See LICENSE for more information.

Contact

Francisco Navarro - @twitter_handle - Navarromoralesdev@gmail.com

Project Link: https://github.com/offsh/offshell

About

Xonsh-powered pentesting framework.

Topics

security pentesting xonsh wazuh xxh

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

6 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 1

0.0.2 Latest
Jan 11, 2021

Packages

No packages published

Contributors 2

  •  
  •  

Languages