reave: post-exploitation framework tailored for hypervisor environments

REAVE

Reave is a post-exploitation framework tailored for hypervisor environments. It is currently under development.

Reave follows a traditional listener/agent model, where the user may set up multiple listeners of various flavors that accept any number of agents, each agent intended to be executed on a hypervisor host. The framework currently provides a Python agent and supports the following objectives:

• Automatic enumeration of hypervisor hosts, including:
  • What guest systems are installed
  • What network shares are mounted (NFS/iSCSI)
  • What local users are associated
  • What domain the hypervisor is a part of
  • What data stores exist on the physical system
• Modular payloads supporting capabilities such as:
  • Exfiltration: of datastores, files, virtual disks.
  • Persistence: Adding, modifying, deleting local users, installing SSH keys and reverse shells
  • Enumeration: Further network scanning, etc.

The goal of Reave is to provide a framework one can leverage to automate and expedite pentesting campaigns in environments that are either heavily virtualized or where target/critical infrastructure is hosted on hypervisor platforms such as ESXi and Proxmox.

Listener context

Payload context

Interactive agent session

Download

git clone https://github.com/Psmths/reave.git

Use

python main.py

Command Line Interface

The command line has three distinct contexts:

• Listener
• Payload
• Agent

Listener Context Commands

To enter the listener context, use the command listener. From there, several options are available:

Exit this context by using command back

Agent Context Commands

To enter the agent context, use the command agent. From there, several options are available:

Exit this context by using command back

Payload Context Commands

To enter the payload context, use the command payload. From there, several options are available:

Exit this context by using command back

Copyright (C) 2021 Psmths