Skip to content

Latest commit

 

History

History
58 lines (35 loc) · 3.3 KB

README.md

File metadata and controls

58 lines (35 loc) · 3.3 KB

Assemble Toolkit logo

What?

This project create a archive with a collection of free and open source tools that are needed for different kinds of assessment.

Why?

The objective is faciliate the provisioning of an assessment environement by a client when usage of client workstation is required.

So, the client will download the archive on the provisioned machine and then the AppSec team have all the needed tools to work in non-Internet connected mode.

Where?

The toolkit is targeted to be used on Windows station only (most common client case).

How?

The toolkit archive is created via this PowerShell script in which, each tool, is added via its dedicated function named Add-xxx.

The script is tested on the following environments:

  • Windows 10 Pro with PowerShell 5.1
  • Windows Server 2019 with PowerShell 7.1.3

The script is developed using Visual Studio Code and a pre-configured workspace file is provided in order to project into it.

The files user_profile.(ps1|sh) are used to define profile in CMDER when a PowerShell / Bash shell is opened.

💬 See here for more information about usage of these 2 files by CMDER.

Distribution of the kit

A release can be downloaded here.

The file Hash.txt contains the SHA-256 digest of the kit ZIP archive.

💬 Once the ZIP is expanded, you can init a shell (Powershell/Bash) in the toolkit using the instance of CMDER installed and configured (launch the file Cmder.exe).

💬 The Firefox portable bundle was added, as an extra artefact, because it cannot be added to the toolkit archive due to a final file size constraint. See here for explanation.

Use the following set of PowerShell commands to grab and check the archive (copy and paste the block of commands in a PowerShell shell):

Start-BitsTransfer -Source "https://github.com/ExcelliumSA/AppSecToolkit/releases/download/latest/Toolkit.zip" -Destination ".\Toolkit.zip"
Start-BitsTransfer -Source "https://github.com/ExcelliumSA/AppSecToolkit/releases/download/latest/Hash.txt" -Destination ".\Hash-Toolkit.txt"
Start-BitsTransfer -Source "https://github.com/ExcelliumSA/AppSecToolkit/releases/download/firefox-portable/FirefoxPortable.zip" -Destination ".\FirefoxPortable.zip"
Start-BitsTransfer -Source "https://github.com/ExcelliumSA/AppSecToolkit/releases/download/firefox-portable/Hash.txt" -Destination ".\Hash-FirefoxPortable.txt"
Get-Content ".\Hash-Toolkit.txt"
Get-FileHash ".\Toolkit.zip" -Algorithm SHA256 | Format-List
Get-Content ".\Hash-FirefoxPortable.txt"
Get-FileHash ".\FirefoxPortable.zip" -Algorithm SHA256 | Format-List
# Check that that all hashes are equals

Next steps?

See here.