Pwnboxes
Simple method to define and build security testing containers in Podman
I have been using Fedora Silverblue as my daily driver for a while now. Silverblue is an immutable or atomic desktop which, in essence, means I do everything in Podman. Silverblue also comes with "Toolbox"
"Toolbox which is a tool for Linux, which allows the use of interactive command line environments for software development and troubleshooting the host operating system, without having to install software on the host. It is built on top of Podman and other standard container technologies from OCI. Toolbx environments have seamless access to the user’s home directory, the Wayland and X11 sockets, networking (including Avahi), removable devices (like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev database, etc.."
Container images created by toolbox have two unique files (.containerenv, .toolboxenv) in the /run folder. These contain metadata about the container which we can use to determine when we are in a toolbox and therefore execute scripts accordingly.
By simply using .rc files in the users .bashrc.d directory (as the home directory is shared with the toolbox container) we can define and provision repeatable container environments for security testing.
Create the file "00-toolbox.rc" in "~/.bashrc.d/". This file contains all the logic to ensure containers are setup on first entering.
function expose(){ echo "Exposing - $@" [ -f "$1" ] || echo -e "#!/bin/sh\nexec /usr/bin/flatpak-spawn --host $(basename $1) \"\$@\"" | sudo tee "$1" 1>/dev/null && sudo chmod +x "$1" } function install_dependencies(){ if ! [ -f /.first_run ] ; then echo "Installing Dependencies - $@" sudo dnf -y install bash-color-prompt $@ fi } if [ -f "/run/.toolboxenv" ] then TOOLBOX_NAME=$( grep -oP "(?<=name=\")[^\";]+" /run/.containerenv ) if [ -f "$HOME/.bashrc.d/toolboxes/${TOOLBOX_NAME}.rc" ] then . "$HOME/.bashrc.d/toolboxes/${TOOLBOX_NAME}.rc" fi if ! [ -f /.first_run ] ; then [[ $(type -t setup) == function ]] && setup sudo touch /.first_run fi fi
Now define your toolbox in a separate rc file in "~/.bashrc.d/toolboxes/". For example "cloud.rc":
install_dependencies neovim.x86_64 golang jq.x86_64 setup() { # aws cli sudo curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/opt/awscliv2.zip" sudo unzip /opt/awscliv2.zip -d /opt/ sudo /opt/aws/install sudo rm -rf /opt/aws sudo rm /opt/awscliv2.zip # kubectl sudo curl -fsL "https://dl.k8s.io/release/$(curl -fsL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o "/opt/kubectl" sudo install -o root -g root -m 0755 /opt/kubectl /usr/local/bin/kubectl sudo rm /opt/kubectl }
building the container
Then just simply create the container, ensure the name of the container matches your definition rc file and enter it.
toolbox create cloud
toolbox enter cloud
Your script will now execute and setup your environment. As you are simply executing bash scripts this can be quiet powerful. Additionally to rebuild and therefore update the container just recreate it.
podman stop cloud
toolbox rm cloud
toolbox create cloud
toolbox enter cloud
Here is an example rc I use for cloud testing.
install_dependencies neovim.x86_64 golang jq.x86_64 setup() { # aws cli sudo curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/opt/awscliv2.zip" sudo unzip /opt/awscliv2.zip -d /opt/ sudo /opt/aws/install sudo rm -rf /opt/aws sudo rm /opt/awscliv2.zip # kubectl sudo curl -fsL "https://dl.k8s.io/release/$(curl -fsL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o "/opt/kubectl" sudo install -o root -g root -m 0755 /opt/kubectl /usr/local/bin/kubectl sudo rm /opt/kubectl # krew OS="$(uname | tr '[:upper:]' '[:lower:]')" ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')" KREW="krew-${OS}_${ARCH}" sudo curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz" -o "/opt/${KREW}.tar.gz" sudo tar zxvf "/opt/${KREW}.tar.gz" -C /opt/ /opt/"${KREW}" install krew export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH" # gitleaks sudo wget -q "https://github.com/gitleaks/gitleaks/releases/download/v8.18.4/gitleaks_8.18.4_linux_x64.tar.gz" -O "/opt/gitleaks_8.18.4_linux_x64.tar.gz" sudo gunzip /opt/gitleaks_8.18.4_linux_x64.tar.gz sudo tar -xf /opt/gitleaks_8.18.4_linux_x64.tar -C /opt/ sudo rm /opt/gitleaks_8.18.4_linux_x64.tar* sudo install -o root -g root -m 0755 /opt/gitleaks /usr/local/bin/gitleaks # trufflehog sudo wget -q "https://github.com/trufflesecurity/trufflehog/releases/download/v3.79.0/trufflehog_3.79.0_linux_amd64.tar.gz" -O "/opt/trufflehog_3.79.0_linux_amd64.tar.gz" sudo gunzip /opt/trufflehog_3.79.0_linux_amd64.tar.gz sudo tar -xf /opt/trufflehog_3.79.0_linux_amd64.tar -C /opt/ sudo rm /opt/trufflehog_3.79.0_linux_amd64.tar* sudo rm /opt/README.md sudo rm /opt/LICENCE sudo install -o root -g root -m 0755 /opt/trufflehog /usr/local/bin/trufflehog # checkov sudo python3 -m venv /opt/checkov/venv sudo /opt/checkov/venv/bin/pip install checkov sudo install -o root -g root -m 0755 /opt/checkov/venv/bin/checkov /usr/local/bin/checkov # roadtools sudo python3 -m venv /opt/ROADTools/venv sudo /opt/ROADTools/venv/bin/pip install roadlib sudo /opt/ROADTools/venv/bin/pip install roadrecon sudo install -o root -g root -m 0755 /opt/ROADTools/venv/bin/roadrecon /usr/local/bin/roadrecon sudo install -o root -g root -m 0755 /opt/ROADTools/venv/bin/roadrecon-gui /usr/local/bin/roadrecon-gui # pmapper sudo git clone "https://github.com/mosesrenegade/PMapper" /opt/PMapper sudo python3 -m venv /opt/PMapper/venv sudo /opt/PMapper/venv/bin/pip install /opt/PMapper/ sudo install -o root -g root -m 0755 /opt/PMapper/venv/bin/pmapper /usr/local/bin/pmapper # prowler sudo python3 -m venv /opt/prowler/venv sudo /opt/prowler/venv/bin/pip install prowler sudo install -o root -g root -m 0755 /opt/prowler/venv/bin/prowler /usr/local/bin/prowler # cloudsplaining sudo python3 -m venv /opt/cloudsplaining/venv sudo /opt/cloudsplaining/venv/bin/pip install cloudsplaining sudo install -o root -g root -m 0755 /opt/cloudsplaining/venv/bin/cloudsplaining /usr/local/bin/cloudsplaining # pacu sudo python3 -m venv /opt/pacu/venv sudo /opt/pacu/venv/bin/pip install pacu sudo install -o root -g root -m 0755 /opt/pacu/venv/bin/pacu /usr/local/bin/pacu # s3-account-search sudo python3 -m venv /opt/s3-account-search/venv sudo /opt/s3-account-search/venv/bin/pip install s3-account-search sudo install -o root -g root -m 0755 /opt/s3-account-search/venv/bin/s3-account-search /usr/local/bin/s3-account-search # iamactionhunter sudo git clone "https://github.com/RhinoSecurityLabs/IAMActionHunter" /opt/IAMActionHunter sudo python3 -m venv /opt/IAMActionHunter/venv sudo /opt/IAMActionHunter/venv/bin/pip install -r /opt/IAMActionHunter/requirements.txt sudo /opt/IAMActionHunter/venv/bin/pip install /opt/IAMActionHunter/ sudo install -o root -g root -m 0755 /opt/IAMActionHunter/venv/bin/iamactionhunter /usr/local/bin/iamactionhunter # az powershell sudo dnf install -y "https://github.com/PowerShell/PowerShell/releases/download/v7.4.3/powershell-7.4.3-1.rh.x86_64.rpm" sudo pwsh -c "Install-Module -Name Az -Repository PSGallery -Force" # aws enumerator sudo GOPATH=/opt/aws-enumerator go install -v github.com/shabarkin/aws-enumerator@latest sudo ln -s /opt/aws-enumerator/bin/aws-enumerator /usr/bin/aws-enumerator # kubernetes-rbac-audit sudo git clone "https://github.com/cyberark/kubernetes-rbac-audit" /opt/kubernetes-rbac-audit sudo python3 -m venv /opt/kubernetes-rbac-audit/venv sudo /opt/kubernetes-rbac-audit/venv/bin/pip install colorama # azure cli sudo python3 -m venv /opt/az-cli/venv sudo /opt/az-cli/venv/bin/pip install setuptools az-cli sudo install -o root -g root -m 0755 /opt/az-cli/venv/bin/az /usr/local/bin/az # kubenumerate sudo git clone "https://github.com/0x5ubt13/kubenumerate" /opt/kubenumerate sudo python3 -m venv /opt/kubenumerate/venv sudo /opt/kubenumerate/venv/bin/pip install -r /opt/kubenumerate/requirements.txt # cloud_enum sudo git clone "https://github.com/initstring/cloud_enum" /opt/cloud_enum sudo python3 -m venv /opt/cloud_enum/venv sudo /opt/cloud_enum/venv/bin/pip install -r /opt/cloud_enum/requirements.txt # scoutsuite sudo git clone "https://github.com/nccgroup/ScoutSuite" /opt/ScoutSuite sudo python3 -m venv /opt/ScoutSuite/venv sudo /opt/ScoutSuite/venv/bin/pip install -r /opt/ScoutSuite/requirements.txt # kubernetes-rbac-audit sudo git clone "https://github.com/cyberark/kubernetes-rbac-audit" /opt/kubernetes-rbac-audit sudo python3 -m venv /opt/kubernetes-rbac-audit/venv sudo /opt/kubernetes-rbac-audit/venv/bin/pip install colorama } # aliases for venvs alias kubenumerate="/opt/kubenumerate/venv/bin/python /opt/kubenumerate/kubenumerate.py" alias cloud_enum="/opt/cloud_enum/venv/bin/python /opt/cloud_enum/cloud_enum.py" alias scoutsuite="/opt/ScoutSuite/venv/bin/python /opt/ScoutSuite/scout.py" alias extensiverolecheck="/opt/kubernetes-rbac-audit/venv/bin/python /opt/kubernetes-rbac-audit/ExtensiveRoleCheck.py" aws-role-assumer() { # get role information read -p 'enter role arn: ' role_arn read -p 'enter role session name: ' role_session_name read -p 'enter profile to use: ' profile_name # call role assumption temp_role=$(aws sts assume-role --role-arn $role_arn --role-session-name $role_session_name --profile $profile_name) # update aws configuration # export variables export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq -r .Credentials.AccessKeyId) export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq -r .Credentials.SecretAccessKey) export AWS_SESSION_TOKEN=$(echo $temp_role | jq -r .Credentials.SessionToken) # create new profile in config aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID --profile $role_session_name aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY --profile $role_session_name aws configure set aws_session_token $AWS_SESSION_TOKEN --profile $role_session_name } aws-role-assumer-with-external-id() { # get role information read -p 'enter role arn: ' role_arn read -p 'enter role session name: ' role_session_name read -p 'enter external id: ' external_id read -p 'enter profile to use: ' profile_name # call role assumption temp_role=$(aws sts assume-role --role-arn $role_arn --role-session-name $role_session_name --profile $profile_name --external-id $external_id) # update aws configuration # export variables export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq -r .Credentials.AccessKeyId) export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq -r .Credentials.SecretAccessKey) export AWS_SESSION_TOKEN=$(echo $temp_role | jq -r .Credentials.SessionToken) # create new profile in config aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID --profile $role_session_name aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY --profile $role_session_name aws configure set aws_session_token $AWS_SESSION_TOKEN --profile $role_session_name } aws-mfa-session() { # get role information read -p 'Enter MFA ARN: ' mfa_arn read -p 'Enter MFA Token: ' token read -p 'Enter Profile to use: ' profile_name # call role assumption session=$(aws sts get-session-token --serial-number $mfa_arn --token-code $token --profile $profile_name) # update aws configuration # export variables export AWS_ACCESS_KEY_ID=$(echo $session | jq -r .Credentials.AccessKeyId) export AWS_SECRET_ACCESS_KEY=$(echo $session | jq -r .Credentials.SecretAccessKey) export AWS_SESSION_TOKEN=$(echo $session | jq -r .Credentials.SessionToken) # create new profile in config aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID --profile mfa aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY --profile mfa aws configure set aws_session_token $AWS_SESSION_TOKEN --profile mfa }