一、软件介绍
文末提供程序和源码下载
LazyOwn RedTeam/APT 框架是第一个具有人工智能驱动的 C&C 的 RedTeam 框架,具有隐藏活动的 rootkit、与 Windows/Linux/Mac OSX 兼容的不可检测的可塑植入物,以及自配置后门。凭借其 Web 界面和强大的控制台客户端,它是您的 RedTeam/APT 活动的最佳组合。
二、LazyOwn:Cyber Redteam 界面管理环境网络 (CRIMEN)
在网络安全的阴暗领域,数字堡垒被无情的对手围攻,LazyOwn: CRIMEN 成为战略实力和技术掌握的灯塔。这个先进而全面的工具包是为专业红队、渗透测试人员和安全研究人员精心打造的,提供了超过 333 种精心设计的攻击,专为 Linux/*nix/bsd/osx 和 Windows 环境量身定制。此外,LazyOwn: CRIMEN 还集成了 Atomic RedTeam 框架的广泛攻击库,使其攻击能力呈指数级增长。
三、Core Architecture 核心架构
LazyOwn 是围绕模块化、命令驱动的架构构建的,该架构为安全测试工作流程提供了灵活性和可扩展性。
LazyOwn:CRIMEN 不仅仅是一个工具;它是网络战艺术的空灵表现,无缝集成了无数功能,以简化和提高安全评估的效率。这种交互式环境结合了多种工具和脚本,使网络安全专业人员能够以无与伦比的精度在安全评估生命周期的复杂迷宫中导航。
LazyOwn: CRIMEN 的核心是由 cmd2 提供支持的直观命令行界面 (CLI),并辅以在 Flask 中开发的基于 Web 的复杂图形用户界面 (GUI)。这种双界面允许用户配置特定参数、执行自定义脚本并获得实时结果,所有这些都来自一个统一的平台。该框架的高级对手模拟功能支持为红队作生成会话,并在 payload.json 文件中定义的范围内精心执行。这不仅扩展了其应用范围,还通过多个界面增强了可用性和可访问性。
LazyOwn: CRIMEN 的突出特点之一是它能够使用 cron 命令安排任务,从而促进持续和自动化的威胁模拟。此功能将 LazyOwn: CRIMEN 转变为强大的高级持续威胁 (APT) 框架,能够模仿复杂网络对手的无情和有条不紊的攻击。
四、Why CRIMEN? 为什么选择 CRIMEN?
CRIMEN 代表 Cyber Redteam Interface Management Environment Network,概括了这个强大框架的精髓。首字母缩略词中的每个字母都代表其功能的关键组成部分:
- Cyber : Emphasizes the digital battleground where LazyOwn: CRIMEN operates, encompassing all aspects of cybersecurity.
Cyber: 强调 LazyOwn: CRIMEN 运营的数字战场,涵盖网络安全的各个方面。 - Redteam : Highlights the framework's primary function as a tool for red team operations, simulating real-world cyber attacks to test and strengthen defenses.
Redteam:强调框架作为 Red Team作工具的主要功能,模拟真实世界的网络攻击以测试和加强防御。 - Interface : Refers to the intuitive and user-friendly interfaces, both CLI and GUI, that facilitate seamless interaction and control.
界面:指直观且用户友好的界面,包括 CLI 和 GUI,可促进无缝交互和控制。 - Management : Underscores the framework's ability to manage and orchestrate complex security assessments and adversary simulations.
Management:强调框架管理和编排复杂安全评估和对手模拟的能力。 - Environment : Denotes the comprehensive and immersive environment provided by LazyOwn: CRIMEN , integrating various tools and scripts for a holistic security assessment experience.
环境:表示 LazyOwn: CRIMEN 提供的全面沉浸式环境,集成了各种工具和脚本,可提供全面的安全评估体验。 - Network : Emphasizes the framework's network-centric approach, enabling persistent and automated threat simulations across diverse network environments.
网络:强调框架以网络为中心的方法,支持跨不同网络环境进行持续和自动化的威胁模拟。
五、Key Features of LazyOwn: CRIMENLazyOwn: CRIMEN 的主要特点
- Comprehensive Attack Library : Over 333 crafted attacks for various environments, each a testament to the framework's depth and versatility, augmented by the extensive attack library of the Atomic RedTeam Framework.
全面的攻击库:超过 333 种针对各种环境精心设计的攻击,每一种都证明了框架的深度和多功能性,并通过 Atomic RedTeam 框架的广泛攻击库进行了增强。 - Interactive CLI : Based on cmd2, offering an intuitive and efficient command-line experience.
交互式 CLI:基于 cmd2,提供直观高效的命令行体验。 - Web GUI : Developed in Flask, providing a user-friendly interface for seamless interaction.
Web GUI:在 Flask 中开发,提供用户友好的界面以实现无缝交互。 - Adversary Simulation : Advanced capabilities for generating red team operation sessions, ensuring meticulous and effective simulations.
对手模拟:生成红队作会话的高级功能,确保细致有效的模拟。 - Task Scheduling : Utilize the
croncommand to schedule and automate tasks, enabling persistent threat simulations.
任务调度:利用该cron命令安排和自动执行任务,从而实现持续的威胁模拟。 - Real-Time Results : Obtain immediate feedback and results from security assessments, ensuring timely and accurate insights.
实时结果:从安全评估中获得即时反馈和结果,确保及时准确的见解。 - RAT and Botnet Capabilities : Includes features for remote access and control, allowing for the management of botnets and persistent threats.
RAT 和僵尸网络功能:包括远程访问和控制功能,允许管理僵尸网络和持续威胁。 - C2 Framework : Acts as a command and control (C2) framework, enabling covert communication and control over compromised systems.
C2 框架:充当命令和控制 (C2) 框架,支持对受感染的系统进行隐蔽通信和控制。
六、Command Capabilities
LazyOwn: CRIMEN offers a rich set of commands that can be executed from both the CLI and the web interface, each designed to empower users with unparalleled control and flexibility:
- list : Enumerates all available LazyOwn Modules within the framework, providing a comprehensive overview of the toolkit's capabilities.
list:列举框架中所有可用的 LazyOwn 模块,提供工具包功能的全面概述。 - **assign **: Configures specific parameters for the operation, such as
assign rhost 192.168.1.1to define the target IP address, ensuring precise and tailored attacks.
assign :为作配置特定参数,例如assign rhost 192.168.1.1定义目标 IP 地址,确保攻击精准定制。 - show : Displays the current values of all configured parameters, offering a clear and concise view of the operational setup.
show:显示所有已配置参数的当前值,提供清晰简洁的作设置视图。 - **run : Executes specific scripts available in the framework, such as
run lazysniffto initiate packet sniffing, enabling dynamic and responsive security assessments.
**run:执行框架中可用的特定脚本,例如run lazysniff启动数据包嗅探,从而实现动态和响应式安全评估。 - cron : Schedules tasks to run at specified intervals, ensuring persistent and automated threat simulations that mimic the relentless nature of advanced cyber adversaries.
cron:安排任务以指定的时间间隔运行,确保持续和自动化的威胁模拟,以模拟高级网络对手的无情本质。 - exit : Gracefully exits the CLI, concluding the session with elegance and finality.
exit:优雅地退出 CLI,以优雅和最终的方式结束会话。
Originally designed to automate the search and analysis of binaries with special permissions on Linux and Windows systems, LazyOwn has evolved to encompass a broader range of functionalities. The project includes scripts that extract information from GTFOBins, analyze binaries on the system, and generate options based on the collected data.
LazyOwn 最初旨在在 Linux 和 Windows 系统上自动搜索和分析具有特殊权限的二进制文件,现在已经发展到包含更广泛的功能。该项目包括从 go awayBins 中提取信息、分析系统上的二进制文件并根据收集的数据生成选项的脚本。
Extending LazyOwnShell with Lua Plugins
使用 Lua 插件扩展 LazyOwnShell
This document explains how to use Lua scripting to extend the functionality of the LazyOwnShell application, which is built on top of the cmd2 framework in Python. Lua allows you to write custom plugins that can add new commands, modify existing behavior, or access application data.
本文档介绍了如何使用 Lua 脚本来扩展 LazyOwnShell 应用程序的功能,该应用程序构建在 Python cmd2 框架之上。Lua 允许您编写自定义插件,这些插件可以添加新命令、修改现有行为或访问应用程序数据。
1. Introduction 1. 引言
The LazyOwnShell application supports Lua scripting to allow users to extend its functionality without modifying the core Python code. Lua scripts (plugins) are stored in the plugins/ directory and are automatically loaded when the application starts.
该应用程序 LazyOwnShell 支持 Lua 脚本,允许用户在不修改核心 Python 代码的情况下扩展其功能。Lua 脚本(插件)存储在 plugins/ 目录中,并在应用程序启动时自动加载。
Lua plugins can: Lua 插件可以:
- Add new commands to the shell.
向 shell 添加新命令。 - Modify existing commands or behaviors.
修改现有命令或行为。 - Access and manipulate application data exposed by Python.
访问和作 Python 公开的应用程序数据。
2. Setting Up Lua Plugins
- 设置 Lua 插件
To use Lua plugins, ensure the following:
要使用 Lua 插件,请确保满足以下条件:
-
Install the
lupalibrary in your Python environment:在 Python 环境中安装
lupa库:pip install lupaplugins/ init_plugins.lua hello.lua goodbye.luaWhen the application starts, it will execute init_plugins.lua, which loads all other .lua files in the plugins/ directory.
当应用程序启动时,它将执行 init_plugins.lua,这将加载 plugins/ 目录中的所有其他 .lua 文件。
-
Writing Lua Plugins A Lua plugin is a script file with the .lua extension placed in the plugins/ directory. Each plugin can define functions and register them as commands in the shell.
Structure of a Lua Plugin
-- Define a function for the new command
function my_command(arg)
-- Your logic here
print("This is a new command: " .. (arg or "default"))
end
-- Register the function as a command
register_command("my_command", my_command)Key Functions 主要功能
- register_command(command_name, lua_function):
register_command(command_name, lua_function): - Registers a new command in the shell.
在 shell 中注册新命令。 - command_name: The name of the command (e.g., hello).
command_name:命令的名称(例如,hello)。 - lua_function: The Lua function to execute when the command is called.
lua_function:调用命令时要执行的 Lua 函数。
-
Registering New Commands
注册新命令
To add a new command to the shell, follow these steps:
要向 shell 添加新命令,请执行以下步骤:
-
Define a Lua function that implements the command logic.
定义一个实现命令逻辑的 Lua 函数。
-
Use register_command to register the function as a command.
使用 register_command 将函数注册为命令。
-
Example: Adding a hello Command
示例:添加 hello 命令
-
Create a file plugins/hello.lua with the following content:
创建一个文件 plugins/hello.lua,其中包含以下内容:
function hello(arg) local name = arg or "world" print("Hello, " .. name .. "!") end register_command("hello", hello)
Now, you can run the hello command in the shell: bash hello Lua Hello, Lua! 4. Best Practices
现在,您可以在 shell 中运行 hello 命令: bash hello Lua Hello, Lua! 4. 最佳实践
- Keep Plugins Modular : Each plugin should focus on a single feature or functionality.
保持插件模块化 :每个插件都应专注于单个特性或功能。 - Document Your Plugins : Provide clear documentation for each plugin, including usage examples.
记录您的插件 :为每个插件提供清晰的文档,包括使用示例。 - Test Thoroughly : Test your plugins in isolation before integrating them into the main application.
彻底测试 :在将插件集成到主应用程序之前,请单独测试这些插件。 - Handle Errors Gracefully : Use pcall to handle errors in Lua plugins and prevent crashes.
Handle Errors Gracefully :使用 pcall 处理 Lua 插件中的错误并防止崩溃。
By leveraging Lua scripting, you can extend the functionality of LazyOwnShell without modifying the core Python code. This allows for greater flexibility and customization, enabling users to write their own plugins to meet specific needs. Happy coding!
通过利用 Lua 脚本,您可以在不修改核心 Python 代码的情况下扩展 LazyOwnShell 的功能。这允许更大的灵活性和自定义,使用户能够编写自己的插件来满足特定需求。祝您编码愉快!
LazyAddons YAML System LazyAddons YAML 系统
Extending the LazyOwn RedTeam Framework's capabilities has never been so easy, even for non-programmers, thanks to the LazyAddons system that allows for extending functionalities using YAML files.
扩展 LazyOwn RedTeam Framework 的功能从未如此简单,即使对于非程序员也是如此,这要归功于允许使用 YAML 文件扩展功能的 LazyAddons 系统。
Declarative command creation through YAML configuration files.
通过 YAML 配置文件创建声明性命令。
📂 File Structure 📂 文件结构
lazyaddons/ ├── addon1.yaml ├── addon2.yaml └── example.yaml
🛠️ Addon Definition 🛠️ 插件定义
Minimal Example 最小示例
name: "shortname" # CLI command (do_shortname)
enabled: true
description: "Tool description for help system"
tool:
name: "Full Tool Name"
repo_url: "https://github.com/user/repo"
install_path: "tools/toolname"
execute_command: "python tool.py -u {url}"Advanced Configuration 高级配置
params:
- name: "url"
required: true
description: "Target URL"
default: "http://localhost"
- name: "threads"
required: false
default: 4✨ Features Auto-Installation Tools clone from Git when missing:
✨ 功能自动安装工具:缺少时从 Git 克隆:
git clone <repo_url> <install_path>Parameter Substitution Replaces {param} in commands with values from:
参数替换 将命令中的 {param} 替换为以下值:
-
Command arguments 命令参数
-
Default values 默认值
-
self.params self.params 文件
-
Help Integration 帮助集成
help displays the YAML description.
help 显示 YAML 描述。
🧩 Template 🧩 模板
name: ""
enabled: true
description: ""
tool:
name: ""
repo_url: ""
install_path: ""
install_command: "" # Optional
execute_command: ""
params:
- name: ""
required: true/false
default: ""
description: ""▶️ Usage Place YAML files in lazyaddons/
▶️ 用法 将 YAML 文件放在 lazyaddons/ 中
Start your CLI application
启动 CLI 应用程序
Execute registered commands:
执行已注册的命令:
(Cmd) help your_command
(Cmd) your_command -args🚨 Troubleshooting Missing parameters: Verify required fields in YAML
🚨 缺少参数的故障排除:验证 YAML 中的必填字段
Install failures: Check network/git access
安装失败:检查网络/git 访问权限
Command errors: Validate execute_command syntax
命令错误:验证 execute_command 语法
Key features: 主要特点:
- Clean GitHub-flavored markdown
清理 GitHub 风格的 markdown - Focused only on YAML addons
仅专注于 YAML 插件 - Includes ready-to-use templates
包括即用型模板 - Documents the parameter substitution system
记录参数替换系统 - Provides troubleshooting tips
提供故障排除提示
Would you like me to add any specific examples or usage scenarios?
是否希望我添加任何具体示例或使用场景?
软件下载