Exegol is a fully configured docker with many useful additional tools, resources (scripts and binaries for privesc, credential theft etc.) and some configuration (oh-my-zsh, history, aliases, colorized output for some tools). It can be used in pentest engagements, bugbounty, CTF, HackTheBox, OSCP lab & exam and so on. Exegol's original fate was to be a ready-to-hack docker in case of emergencies during engagements.
The main features of Exegol are:
- Tools: many tools that are either installed manually or with apt, pip, go etc. Some of those tools are in kali, some are not. Exegol doesn't come with ultra-famous tools only. Some tools are pre-configured and/or customized (colored output, custom NtChallengeResponse in Reponder, ...)
- Resources: many resources can be useful during engagements. Those resources are not referred to as "tools" since they need to be run on a pwned target, and not on the attacker machine (e.g. mimikatz, rubeus, ...).
- History: a populated history file that allows exegol users to save time and brain space by not having to remember every tool option and argument or checking the "help" every time.
- Aliases: a file containing aliases that can be handful when using manually installed tools, or doing common operations.
TL;DR Exegol is a community-driven environment that can be used in day to day engagements.
The install process takes time. Install it before needing it.
- (optional) Set the following alias in you zshrc/bashrc/whateverrc :
alias exegol='make -s -C /PATH/TO/Exegol/' - Install :
exegol install - Update :
èxegol update
- Start :
exegol start - Get a shell :
exegol shell - Stop in a saved state :
exegol pause - Resume from the saved state :
exegol resume - Kill/reset the docker state :
exegol kill - Get help on advanced usage :
exegol help
You need docker 🐳, make, and 15GB of free storage (What did you expect? A fully featured pentesting environment for less than 2GB? If you've got ideas I'm all ears).
The tools installed in Exegol are mostly installed from sources in order to have the latest version when deploying Exegol. Some installs are made with go, pip, apt, gem etc. You will find most of the tools in /opt/tools.
- CrackMapExec (https://github.com/byt3bl33d3r/CrackMapExec)
- Impacket (https://github.com/SecureAuthCorp/impacket)
- BloodHound.py (https://github.com/fox-it/BloodHound.py)
- Powershell Empire (https://github.com/BC-SECURITY/Empire)
- ffuf (https://github.com/ffuf/ffuf)
- updog (https://github.com/sc0tfree/updog)
- shellerator (https://github.com/ShutdownRepo/shellerator)
- krbrelayx (https://github.com/dirkjanm/krbrelayx)
- and many others...
In addition to the many tools pre-installed and configured for some, you will find many useful pre-fetched resources like scripts and binaries in /opt/resources. There some pre-EoP enumeration scripts (EoP: Escalation of Privileges) and other useful binaries like Rubeus or mimikatz.
- Linux Smart Enumeration (lse.sh) (https://github.com/diego-treitos/linux-smart-enumeration)
- mimikatz (https://github.com/gentilkiwi/mimikatz)
- linPEAS & winPEAS (https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite)
- pspy (https://github.com/DominicBreuker/pspy)
- sysinternals (https://docs.microsoft.com/en-us/sysinternals/downloads/)
- PowerSploit (https://github.com/PowerShellMafia/PowerSploit)
- Rubeus (https://github.com/GhostPack/Rubeus) (pre-compiled binary)
- and many others...
When I hack, I often rely on my history. I don't have to remember command line options, syntax and such. This history is filled with commands that I used in engagements, bugbounties, ctf, oscp and so on. Of course, the values are placeholders that need to be changed with the appropriate ones in your context.
Since many tools are manually installed in /opt/tools/, aliases could be heplful to use these without having to change directory manually.
Other aliases are set to save time while hacking (http-server, php-server, urlencode,ipa, ...).
Here are some things to add/correct that I have in mind, I'll work on that asap
- is it possible to use Wifi and Bluetooth??
- issues when mounting stuff
- redo the ZeroLogon install part once clean exploits are out
- make a GIF and/or some visuals to present this ?
- find a way to log commands and outputs for engagements
- add an option in the Makefile to deploy multiple versions of Exegol, on for each engagement
Credits and thanks go to every infosec addicts that contribute and share but most specifically to @th1b4ud for the base "Kali Linux in 3 seconds with Docker".
