The Brutus Exploitation Framework

Brutus is a Python-powered educational toolkit which automates pre and post-connection network-based exploits, as well as web-based reconnaissance. As a light-weight framework, Brutus aims to minimize reliance on third-party dependencies. Optimized for Kali Linux, Brutus is also compatible with macOS and most Linux distributions, featuring a fully interactive command-line interface which dynamically applies OS-resolution for platform-contingent functions, and type-checking and data validation against user-input.

Brutus is designed to be an extensible framework to which new modules can easily be integrated.

Brutus: Features and Included Modules

Brutus includes several modules which can be generalized as belonging to three macro-categories: network-based, web-based, and payloads. The latter category is a library of compilers and accompanying payloads – payloads can be compiled via Brutus’ interactive command-line menu; compiled payloads can subsequently be loaded into any of Brutus’ applicable network-based modules.

There is one unique exception to this: Brutus ships with two complete botnets and accompanying client/bot compilers. One botnet architecture is socket-based and optimized for intra-network usage. Its Command and Control server is operated via the Brutus CLI.

The second architecture includes a fully web-based interface which is optionally launched from the CLI (presume you are running Brutus on a VPS). Else, Brutus can persist your server configurations and auto-compile new clients per said configurations, effectively making the server a detached entity which can be managed via the Brutus CLI (despite the server being installed remotely). Note: Botnet integrations into Brutus are still under development.

Follows are the included modules:

Network-based

• MAC Address Generator (set MAC address to user-specified or randomized OUI. Options for OUI vendor prefix, unicast/multicast, and UAA/LAA per IEEE specifications)
• Network Scanner (scans have given IP range to discover all (including hidden) devices on a given network)
• ARP Spoofer (establish MITM)
• DNS Spoofer
• Packet Sniffer
• File Surrogator (surrogate via REGEX matching)
• Javascript Injector
• Reverse-Shell Listener (a new Listener is instantiated and added to the UI whenever an accompanying payload has been compiled – under development)

Web-based

• Link Harvester (harvest all URL references on a given target)
• Subdomain Mapper (maps all subdomains as matched against a given wordlist)
• Vulnerability Scanner (renders sitemap, automates XSS and SQLi testing across several vectors)
• Credential Brute Force (under development)

Payloads Note: Remote Report payloads report to throwaway Gmail accounts

• Remote Report Credential Harvester (harvests all credentials and cleanup; two versions – OS-agnostic and Windows-specific)
• Injection (download any served file to target)
• Persistent Remote Report Keylogger
• Persistent Reverse Shell (an OS-agnostic socket-based reverse shell)
• Download + Execute (downloads executable, runs quietly, self-cleans under development)

Intra-Network Botnet

• Socket-based Command and Control server with multi-threaded concurrency. Payloads are OS-agnostic and are persistent across Windows, Linux, and MacOS.
• Features include:
  • Persistence on Windows, Linux, MacOS
  • En masse command-execution
  • Multiple concurrent reverse shell sessions
  • Auto-reconnect (at user-specified intervals)
  • Remote Dropper (download anything onto host)
  • Screenshot (OS-agnostic)
  • Keylogger
  • Compress files on a host machine
  • Return all host information
  • Direct download from the host
  • Automated sockets – hosts/slaves can reconnect even if the server goes down.

Inter-Network Botnet

• HTTPS-based botnet with optional SSL verification. Robust Command and Control server with full user-interface.
• Features include:
  • Persistence on Windows, Linux, MacOS
  • Web interface with console sessions.
  • En masse command-execution
  • Multiple concurrent reverse shell sessions
  • Auto-reconnect (at user-specified intervals)
  • Remote Dropper (download anything onto host)
  • Screenshot (OS-agnostic)
  • Keylogger
  • Compress files on a host machine
  • Return all host information
  • Self-destruct / Auto-clean
  • Execute shell code
  • Direct Download / Upload

Utilities/Scripts

• Flush IP Tables (maintains port-forwarding config)
• Refresh OUI Directory
• IP Tables, Reset All
• Downgrade HTTPS to HTTP
• Enable Monitor Mode
• Enable Port Forwarding
• Mock Import (allows user to simulate dependencies on unsupported systems e.g. Netlifyqueue)

User Interface

• Thanks to Python-Inquirer, Brutus is a fully interactive command-line interface.
• Brutus’ dynamic user-interface programmatically resolves the user’s OS and adapts system calls and module execution accordingly
• Launch modules in separate console windows as discrete processes
• Lightweight multi-processing platform: Brutus isolates failures by sandboxing module execution inside of disparate sessions.

Install && Use

Copyright (C) 2020 Matthew T Zito (Goldmund)