forked from mandiant/commando-vm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
profile.json
240 lines (239 loc) · 8.97 KB
/
profile.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
{
"env": {
"VM_COMMON_DIR": "%ProgramData%\\FEVM",
"TOOL_LIST_DIR": "%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Tools",
"TOOL_LIST_SHORTCUT": "%UserProfile%\\Desktop\\Tools.lnk",
"RAW_TOOLS_DIR": "%SystemDrive%\\Tools",
"TEMPLATE_DIR": "commandovm.win10.installer.fireeye",
"FEVM_PROFILE": "Commando_Custom"
},
"packages": [
{"name": "dotnet4.6.2"},
{"name": "dotnet4.7.2"},
{"name": "cmder.fireeye"},
{
"name": "git",
"args": "--params \'/GitOnlyOnPath /NoShellIntegration\'"
},
{"name": "adobereader.fireeye"},
{"name": "jre8"},
{"name": "wireshark.fireeye"},
{"name": "cyberchef.flare"},
{"name": "firefox.fireeye"},
{"name": "vscode.fireeye", "args":"--parameters /NoDesktopIcon --paramsglobal"},
{"name": "vcpython27"},
{
"name": "python2.x86.nopath.flare",
"x64Only": true,
"args": "--package-parameters \'/InstallDir:C:\\Python27.x86\'"
},
{"name": "python2"},
{"name": "python3"},
{"name": "golang"},
{"name": "dep"},
{"name": "ruby"},
{"name": "ruby2.devkit"},
{"name": "adexplorer.fireeye"},
{"name": "rsat.fireeye"},
{"name": "tortoisesvn"},
{"name": "sysinternals.fireeye"},
{"name": "nmap.fireeye"},
{"name": "SublimeText3.fireeye"},
{"name": "ilspy.flare"},
{"name": "dnspy.flare"},
{"name": "autoit.fireeye"},
{"name": "ScreenToGif.fireeye"},
{"name": "telnet.fireeye"},
{"name": "citrix-receiver.fireeye"},
{"name": "sqlitebrowser.fireeye"},
{"name": "putty.fireeye"},
{"name": "vmwarevsphereclient.fireeye"},
{"name": "vmware-horizon-client.fireeye"},
{"name": "mobaxterm.fireeye"},
{"name": "processhacker.flare"},
{"name": "vlc.fireeye"},
{"name": "yed.fireeye"},
{"name": "hashcat.fireeye"},
{"name": "7zip"},
{"name": "Greenshot.fireeye"},
{"name": "winscp.fireeye"},
{"name": "keepass.fireeye"},
{"name": "zap.fireeye"},
{"name": "vnc-viewer.fireeye"},
{"name": "hashcat.fireeye"},
{"name": "hashcheck"},
{"name": "qbittorrent"},
{"name": "dbeaver"},
{"name": "hfsexplorer"},
{"name": "lockhunter"},
{"name": "simplednscrypt.fireeye"},
{"name": "heidisql.fireeye"},
{"name": "hfs.fireeye"},
{
"name": "neo4j-community.fireeye",
"x64Only": true
},
{"name": "sqlserver-cmdlineutils.fireeye"},
{"name": "peview.flare"},
{"name": "shellcode_launcher.flare"},
{"name": "x64dbg.fireeye"},
{"name": "windbg.fireeye"},
{"name": "windbg.kenstheme.flare"},
{"name": "proxycap.fireeye"},
{"name": "windump.fireeye"},
{"name": "hexchat.fireeye"},
{"name": "pidgin.fireeye"},
{"name": "thunderbird.fireeye"},
{"name": "gimp.fireeye"},
{"name": "apimonitor.fireeye"},
{"name": "orca.fireeye"},
{"name": "fiddler.fireeye"},
{
"name": "notepadplusplus",
"args": "--x86"
},
{"name": "notepadplusplus-textfx.fireeye"},
{"name": "hxd.fireeye"},
{
"name": "metasploit.flare",
"x64Only": true
},
{"name": "burp.free.fireeye"},
{"name": "kali.fireeye", "args": "--timeout 7200"},
{"name": "kali_windowsbinaries.fireeye"},
{"name": "nirlauncher.fireeye"},
{"name": "unxUtils"},
{"name": "virustotaluploader"},
{"name": "tor-browser.fireeye"},
{"name": "ADACLScanner.fireeye"},
{"name": "ADAPE-Script.fireeye"},
{"name": "ADOffline.fireeye"},
{"name": "ADRecon.fireeye"},
{"name": "amass.docker.fireeye"},
{"name": "ASREPRoast.fireeye"},
{"name": "BloodHound.fireeye"},
{"name": "BeRoot.fireeye"},
{"name": "Bloodhound-Custom-Queries.fireeye"},
{"name": "CheckPlease.fireeye"},
{"name": "CredNinja.fireeye"},
{"name": "DAMP.fireeye"},
{"name": "Dumpert.fireeye"},
{"name": "contextmenu.fireeye"},
{"name": "CrackMapExec.fireeye"},
{"name": "CrackMapExecWin.fireeye"},
{"name": "demiguise.fireeye"},
{"name": "docker.fireeye"},
{"name": "DotNetToJScript.fireeye"},
{"name": "DomainPasswordSpray.fireeye"},
{"name": "DSInternals.fireeye"},
{"name": "Egress-Assess.fireeye"},
{"name": "explorersuite.flare"},
{"name": "Exchange-AD-Privesc.fireeye"},
{"name": "flare-floss.fireeye"},
{"name": "fuzzdb.fireeye"},
{"name": "GadgetToJScript.fireeye"},
{"name": "Generate-Macro.fireeye"},
{"name": "Get-LAPSPasswords.fireeye"},
{"name": "Get-ReconInfo.fireeye"},
{"name": "GoBuster.fireeye"},
{"name": "GoFetch.fireeye"},
{
"name": "gowitness.fireeye",
"x64Only": true
},
{"name": "Grouper2.fireeye"},
{"name": "impacket.fireeye"},
{"name": "impacket-examples-windows.fireeye"},
{"name": "Internal-Monologue.fireeye"},
{"name": "Inveigh.fireeye"},
{"name": "Seclists.fireeye"},
{"name": "Invoke-ACLPwn.fireeye"},
{"name": "Invoke-CradleCrafter.fireeye"},
{"name": "Invoke-DCOM.fireeye"},
{"name": "Invoke-DOSfuscation.fireeye"},
{"name": "Invoke-Obfuscation.fireeye"},
{"name": "Invoke-Phant0m.fireeye"},
{"name": "Invoke-PowerThIEf.fireeye"},
{"name": "Invoke-PSImage.fireeye"},
{"name": "Invoke-TheHash.fireeye"},
{"name": "KeeFarce.fireeye"},
{"name": "KeeThief.fireeye"},
{"name": "LAPSToolkit.fireeye"},
{"name": "luckystrike.fireeye"},
{"name": "MailSniper.fireeye"},
{"name": "metatwin.fireeye"},
{"name": "Mimikatz.fireeye"},
{"name": "mimikittenz.fireeye"},
{"name": "Net-GPPPassword.fireeye"},
{"name": "NetshHelperBeacon.fireeye"},
{"name": "nishang.fireeye"},
{"name": "nps.fireeye"},
{"name": "OffensiveCSharp.fireeye"},
{"name": "pafishmacro.fireeye"},
{"name": "PayloadsAllTheThings.fireeye"},
{"name": "powercat.fireeye"},
{"name": "PowerLessShell.fireeye"},
{"name": "PowerLurk.fireeye"},
{"name": "PowerPriv.fireeye"},
{"name": "PowerShdll.fireeye"},
{"name": "PowerShell-Suite.fireeye"},
{"name": "PowerSploit.fireeye"},
{"name": "PowerUpSQL.fireeye"},
{"name": "PowerView.fireeye"},
{"name": "Privesc.fireeye"},
{"name": "PrivExchange.fireeye"},
{"name": "PSAmsi.fireeye"},
{"name": "PSAttack.fireeye"},
{"name": "PSBits.fireeye"},
{"name": "PSReflect.fireeye"},
{"name": "Recon-AD.fireeye"},
{"name": "RedTeamPowershellScripts.fireeye"},
{"name": "RiskySPN.fireeye"},
{"name": "Rubeus.fireeye"},
{"name": "ruler.fireeye"},
{"name": "SafetyKatz.fireeye"},
{"name": "Seatbelt.fireeye"},
{"name": "SessionGopher.fireeye"},
{"name": "Sharp-Suite.fireeye"},
{"name": "SharpDPAPI.fireeye"},
{"name": "SharpDump.fireeye"},
{"name": "SharpExchangePriv.fireeye"},
{"name": "SharpHound.fireeye"},
{"name": "SharpRoast.fireeye"},
{"name": "SharpUp.fireeye"},
{"name": "SharpView.fireeye"},
{"name": "SharpWMI.fireeye"},
{"name": "spiderfoot.docker.fireeye"},
{"name": "SpoolerScanner.fireeye"},
{"name": "StarFighters.fireeye"},
{"name": "SpoolSample.fireeye"},
{"name": "SysWhispers.fireeye"},
{"name": "ThreadContinue.fireeye"},
{"name": "TikiTorch.fireeye"},
{"name": "UACME.fireeye"},
{"name": "vssown.fireeye"},
{"name": "WMImplant.fireeye"},
{"name": "WMIOps.fireeye"},
{"name": "zBang.fireeye"},
{"name": "ad-control-paths.fireeye"},
{"name": "defendercheck.fireeye"},
{"name": "dnsrecon.fireeye"},
{"name": "EvilClippy.fireeye"},
{"name": "NtdsAudit.fireeye"},
{"name": "SharpExec.fireeye"},
{"name": "subdomain-bruteforce.fireeye"},
{"name": "wfuzz.fireeye"},
{"name": "FOCA.fireeye"},
{"name": "juicy-potato.fireeye"},
{"name": "NetRipper.fireeye"},
{"name": "Watson.fireeye"},
{"name": "vulcan.fireeye"},
{"name": "RobotsDisallowed.fireeye"},
{"name": "Probable-Wordlists.fireeye"},
{"name": "PwnedPasswordsNTLM.fireeye"},
{"name": "RottenPotatoNG.fireeye"},
{"name": "SharpClipHistory.fireeye"},
{"name": "SharpSploit.fireeye"},
{"name": "openvpn.fireeye", "args":"--parameters \'/SELECT_SHORTCUTS=0 /SELECT_LAUNCH=0\'"}
]
}