zsh profile

[Dr4s1l]

Is there any way to get this work like the faraday-terminal loading a zsh profile ? Would like to launch depth-armory in zsh environment populating faraday-server. Is there a maintained version of faraday-client ?

[aenima-x]

@Dr4s1l Hello, I'm don't know how depth-armory works to help you with that. The faraday-client is deprecated, if you explain a little more what you need maybe I can help you or even make a new feature in the faraday-cli

[Dr4s1l]

Hello, not really related to depth armory, i will eventually write a wrapper or plugin later, what i want to use is the powerful environment provided by faraday zsh profile existing in faraday-client and invoked by faraday-terminal. My actual use case is executing depth armory command inside faraday environment so it will aliases common commands like nmap and populate both databases for further investigation/representation. Introduction on what is depth-armory here : https://depthsecurity.com/blog/introducing-armory-external-pentesting-like-a-boss

[aenima-x]

@Dr4s1l I'm don't really know how faraday zsh works. But you could do a similar thing with faraday-cli (if I understand ok)

(faraday-cli) ➜  ~ alias nmap_x="faraday-cli nmap "
(faraday-cli) ➜  ~ nmap_x localhost
💻 Processing Nmap command
Starting Nmap 7.80 ( https://nmap.org ) at 2021-08-24 10:24 -03
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00092s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 499 closed ports, 492 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
88/tcp    open  kerberos-sec
443/tcp   open  https
445/tcp   open  microsoft-ds
5432/tcp  open  postgresql
5900/tcp  open  vnc
8088/tcp  open  radan-http
9000/tcp  open  cslistener
49152/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 3.07 seconds
⬆ Sending data to workspace: test

✔ Done
(faraday-cli) ➜  ~

[Dr4s1l]

So I'm using MITRE Caldera as a automation tool driving a gateway bridged to caldara through Sandcat agent(executing os command) and faraday-server on the other side. All of this executed by ansible playbooks. What was planned was to use zsh environment profile to automate report in faraday and depth-armory on the gateway. This approach need to load the zsh environment(adding some feature like zsh_pentest environment) to glue together caldera->command->depth-armory->nmap->faraday, with the zsh aliases between depth-armory and faraday. Is there any way to do such automation in faraday v3 ? will uses the deprecated client if feature is missing.

[aenima-x]

Let me check with some of the guys who know the old faraday-client better to understand if its possible to add a similar feature to the cli. You can use the old client but we are making changes in the api that in the future will make it not work any more.

[Dr4s1l]

If using current faraday-cli is it possible to do ?

(faraday-cli) ➜  ~ alias nmap="faraday-cli nmap "
(faraday-cli) ➜  ~ nmap localhost
💻 Processing Nmap command
Starting Nmap 7.80 ( https://nmap.org ) at 2021-08-24 10:24 -03
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00092s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 499 closed ports, 492 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
88/tcp    open  kerberos-sec
443/tcp   open  https
445/tcp   open  microsoft-ds
5432/tcp  open  postgresql
5900/tcp  open  vnc
8088/tcp  open  radan-http
9000/tcp  open  cslistener
49152/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 3.07 seconds
⬆ Sending data to workspace: test

✔ Done

[Dr4s1l]

Patching directly depth armory code it looks like it work as it should('s/nmap/faraday-cli nmap/g') :

➜  ~ armory -m Nmap                                  

       _
      dM.
     ,MMb
     d'YM.   ___  __ ___  __    __     _____  ___  __ ____    ___
    ,P `Mb   `MM 6MM `MM 6MMb  6MMb   6MMMMMb `MM 6MM `MM(    )M'
    d'  YM.   MM69 "  MM69 `MM69 `Mb 6M'   `Mb MM69 "  `Mb    d'
___,P____Mb___MM______MM____MM____MM_MM_____MM_MM_______YM.__,P___
   d'    YM.  MM      MM    MM    MM MM     MM MM        MM  M    \
__,MMMMMMMMb__MM______MM____MM____MM_MM_____MM_MM________`Mbd'_____\
  d'      YM. MM      MM    MM    MM YM.   ,M9 MM         YMP
_dM_     _dMM_MM_    _MM_  _MM_  _MM_ YMMMMM9 _MM_         M
                                                          d'
                                                      (8),P
                                                       YMM

        Originally By:
        Daniel Lawson @fang0654
        Cory Shay @ccsplit
        Brian Berg @xexzy

[ ] Executing command: faraday-cli nmap -oX ./output/Nmap/nmap-scan-2021.08.25-16.31.29.xml -iL /tmp/tmp7bykxnmb
💻 Processing Nmap command
Starting Nmap 7.70 ( https://nmap.org ) at 2021-08-25 16:31 CEST
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.02 seconds
⬆ Sending data to workspace: test

✔ Done
./output/Nmap/nmap-scan-2021.08.25-16.31.29.xml doesn't exist somehow...skipping

Looks like it work with nmap command but how should I use the faraday-cli sublist3r plugin?

[aenima-x]

@Dr4s1l Not all plugins support command line parsing. In the case of sublist3r we don't even have a plugin

you could write your own, configure it as a custom plugin in faraday-cli and use it in the same way