PAKURI-THON
Pentest Achieve Knowledge Unite Rapid Interface – Python
PAKURI-THON is a tool that supports pentesters with various pentesting tools and a C4 server (command & control and chat & communication server). PAKURI-THON can perform most of the operations with intuitive web operations and commands to chatbots.
Why Develop this Tool?
PAKURI-THON is an upgraded version of PAKURI that was presented at the 2020 Blackhat Asia Arsenal. After the COVID-19 pandemic, the way we work has changed drastically, and working remotely from home instead of going to the office has become the norm. This change in the way we work has increased security risks, raised awareness of security, and increased the demand for pen-testing.
However, there is still a shortage of security personnel in Japan. As the workload increases, while the manpower does not, pen-testing becomes a monotonous and boring job, lowering the quality.
So, if we automate the boring and simple work, the machine will do the same work over and over again with accuracy, but is that really enough? Pen testing tools are also becoming more and more automated, but is that really enough?
I don’t think so. I don’t want to let machines take all the fun out of my life. But I don’t like boring work. So I decided to enjoy boring work together with machines. The answer is PAKURI-THON.
PAKURI-THON was rebuilt in Python to improve the usability of PAKURI. As a result, it implements a web interface, making it much more intuitive and stylish than before. Specifically, once PAKURI-THON is connected to the target network, it can be operated from a smartphone or tablet.
You can also use chat to share information with your team. Also, most operations can be solved by giving instructions to the bot. Therefore, there is no need to switch the method of information sharing when working with a team. Best of all, wouldn’t it be cool to be able to do a pen test just by talking to the machine using your smartphone, just like the hacker in the movie?
Features
- The web interface is implemented so that it can be operated intuitively on smartphones and tablets. We were able to fit all of the pentests into the palm of our hand.
- Since we have a terminal in the web interface, you can operate the Kali Linux terminal directly from your smartphone or tablet. If you are using a tablet, you can hold it horizontally to enable some keyboard operations.
- The use of chatbots. Just talk to the chatbot (give instructions) and it will execute the command, which increases convenience as there is no need to switch the means of information sharing within the team.
- PowerShell Empire, which is used in actual cyberattacks, can be controlled through a web interface and can easily be used for red team training.
Screenshot
Main menu
It is designed to be operable on smartphones and tablets. The honeycomb structure menu at the bottom right is a shortcut menu for one-handed operation. (Press the bottom right button to expand the menu as shown in the image. Normally, it is hidden.)
Target
When a scan is performed and a host is found, an icon will be displayed. Click on the icon to display detailed information about the host.
Recon
You can use Nmap and Nikto for reconnaissance activities. You can also use the terminal if you want to command other Kali tools.
Post-Exploit
You can operate PowerShell Empire, create Stagers, and manage Agents.
Terminal
By using WebSSH, you can operate the terminal console of PAKURI-THON directly on your web browser.
Chat: Nextcloud
You can use Nextcloud chat to facilitate communication within your team. You can execute various commands by simply commanding the bot in the chat.
Docker
Start and stop Docker.
Smartphone
If you use a smartphone, you can use the Nextcloud application.
Changelog v1.0.4
- Removed modules related to Nextcloud and replaced the chat function in general with Mattermost.
Install & Use
Copyright (C) 2022 01rabbit
