This tool is intended to simplify the setup of various tools and configuration of a Kali machine after a fresh installation and save unnecessary time, so that a predefined list can be used in advance or you can also create your own.
The name Yggdrasil
comes from Norse mythology and is the tree of life or world tree, here the name is quite appropriate for the concept of the program, as it is geared for several pentetration test areas or even for digital forensics.
Upcoming changes for version 0.9b
:
- Logging fixes
- Hotfix for missing installation path while using the custom category
- Improved Git-Tool Downloader
- Improved rust updater
- Improved red teaming category
- Improved firewall settings
- New alias for important pentesting url opening
- Ability to configure your own setting
- Changing the default installation path to your own
- Custom config based on the provided template
- Include a custom path of your own scripts or dpkg packages
- Automation download of tools from the following categories
- APT
- Cargo
- Custom Websites (via wget)
- Docker (normal | specific branch | submodules)
- Gem
- Github
- Go
- pip
- Best Practice settings
- Automated cleaning tasks
- cleaning task to remove old container images
- shredding task to delete your penetration test results for privacy reasons after 90 days (default) or after a custom number of days
- Automated Updater via Crontab
- Cargo Tools
- Docker Images
- GIT Tools
- Important pip packages
- OS
- Rust
- Changing the default hostname
- Custom configuration
- BASHRC and ZSHRC
- Alias
- callable yggdrasil best practice information after the installation
- colorized grep
- human readable df & du commands
- manual microcode update
- manual git tools update
- manual rust updater
- nmap exclude for local ip addresses
- url opener divided by categories (education | forensic | infrastructure | osint | pentesting)
- Functions
- base64 function
- colorized file reader function
- vnc start function
- Alias
- Screenrc
- VIM
- BASHRC and ZSHRC
- Repository change from rolling-release (bleeding-edge) to last-snapshot
- Overview about some useful information after the install
- Automated cleaning tasks
- GUI automation
- accept licenses
- install firefox extensions
- Hardening
- Apache
- Firewall
- Kernel
- nginx
- SSH
- โ๏ธ Preparations
- โ How to download and install the tool
- โ Download and start the tool
- โ Using the help section to see which parameters do we have
- โ Choose one of the six category types
- โ Choose between the Pentesting categories
- โ Choose one of the two installation types
- โ Choose between the hardening options
- โ Configurate your SSH IP-Address
- โ Choose between the provided best practice settings
- โ Choose between one of the two vim configs
- โ Choose between one of the two task settings
- โ Installation Process
- ๐ง Using the automated variant
- โ๏ธ Useful provided functions
- ๐ Customize your installation
If you want to use the provided GUI automation, make sure that the scrot
tool is installed.
sudo apt install -y scrot
Notice: In some cases, you may need to restart the Kali machine once after the preparations.
sudo git clone https://github.com/Jarl-Bjoern/Yggdrasil/
cd Yggdrasil
sudo python3 yggdrasil.py
-------------------------------------------------------------------------------------
| Created by Rainer Christian Bjoern Herold |
| Copyright 2022-2023. All rights reserved. |
| |
| Please do not use the program for illegal activities. |
| |
| If you got any problems don't hesitate to contact me so I can try to fix them. |
-------------------------------------------------------------------------------------
optional arguments:
-aL [ACCEPT_LICENSES], --accept-licenses [ACCEPT_LICENSES]
This parameter is required to accept licenses and the popups
from firefox during the installation of extensions.
Extensions:
- Firefox
Licenses:
- Veracrypt
---------------------------------------------------------------
-aW ADD_WORKSPACE, --add-workspace ADD_WORKSPACE
This parameter specifies your default workspace location.
Default: /opt/workspace
---------------------------------------------------------------
-cD CUSTOM_DAYS, --custom-days CUSTOM_DAYS
This parameter specifies the max days for the shredding script.
Default:
- 90 Days
---------------------------------------------------------------
-cP CUSTOM_PATH, --custom-path CUSTOM_PATH
This parameter specifies the target path of your custom scripts
or tools.
Example:
- python3 yggdrasil.py -cP /opt/yggdrasil/Custom
---------------------------------------------------------------
-hN HOST_NAME, --host-name HOST_NAME
This parameter specifies the hostname of the kali machine.
Default:
- pentest-kali
- forensic-kali
---------------------------------------------------------------
-sC [SKIP_CONFIG], --skip-config [SKIP_CONFIG]
This parameter skips the configs part.
Best practice settings:
- Automated Updates (APT|Cargo|Docker|Git Packages|Pip|Rust)
- Custom Configs (alias|bashrc|zshrc)
- screenrc
- vim
- repo-change (rolling-release to last-snapshot)
- automated shredding task
---------------------------------------------------------------
-sH [SKIP_HARDENING], --skip-hardening [SKIP_HARDENING]
This parameter skips the hardening part.
Hardening:
- Firewall
- Operating System
- SSH
- Apache
- nginx
---------------------------------------------------------------
-sU [SKIP_URLS], --skip-urls [SKIP_URLS]
This parameter skips the url opening part after the
installation process.
---------------------------------------------------------------
-tP TOOL_PATH, --tool-path TOOL_PATH
This parameter specifies your default tools location.
Default:
- /opt/pentest_tools
- /opt/forensic_tools
---------------------------------------------------------------
-v [VERBOSE], --verbose [VERBOSE]
This parameter shows all interaction messages during the apt
package manager installation process.
---------------------------------------------------------------
After starting the program you should see the selection menu below, where you can now choose between several categories.
You can either use the full name
of the category or the number
.
Notice: Note that here you can only choose between one
of the six categories.
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
๐ ๐
๐ Yggdrasil ๐
๐ Version 0.9 ๐
๐ Rainer Christian Bjoern Herold ๐
๐ ๐
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
Please choose between one category
----------------------------------------------------------
| |
| [1] complete : installation of both toolkits |
| [2] custom : installation of custom tools |
| [3] forensic : installation of forensic tools |
| [4] pentest : installation of pentest tools |
| [5] hardening : installation of hardening tools |
| [6] training : installation of training tools |
| |
----------------------------------------------------------
Your Choice: pentest
In this chapter you have the possibility to choose between one
or multiple
pentesting areas.
Furthermore, you can take either the full name
of the category or the number
.
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
๐ ๐
๐ Yggdrasil ๐
๐ Version 0.9 ๐
๐ Rainer Christian Bjoern Herold ๐
๐ ๐
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
Please choose between one category
----------------------------------------------------------
| |
| [1] infrastructure : tools for infra pentesting |
| [2] iot : tools for iot pentesting |
| [3] mobile : tools for mobile pentesting |
| [4] red_teaming : tools for red teaming |
| [5] web : tools for web pentesting |
| [6] cloud : tools for cloud pentesting |
| |
----------------------------------------------------------
Your Choice: infrastructure
You can take multiple categories in number notation
as in the example below, use a ,
to separate them.
Notice: The same applies if you write out the name in full (e.g. infrastructure,web
.
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
๐ ๐
๐ Yggdrasil ๐
๐ Version 0.9 ๐
๐ Rainer Christian Bjoern Herold ๐
๐ ๐
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
Please choose between one category
----------------------------------------------------------
| |
| [1] infrastructure : tools for infra pentesting |
| [2] iot : tools for iot pentesting |
| [3] mobile : tools for mobile pentesting |
| [4] red_teaming : tools for red teaming |
| [5] web : tools for web pentesting |
| [6] cloud : tools for cloud pentesting |
| |
----------------------------------------------------------
Your Choice: 1,5
Notice: This selection area appears only if you have selected the Infrastructure
category or Forensic
before.
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
๐ ๐
๐ Yggdrasil ๐
๐ Version 0.7b ๐
๐ Rainer Christian Bjoern Herold ๐
๐ ๐
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
Please choose between one installation
----------------------------------------------------------
| |
| [1] full : full installation (GUI) |
| [2] minimal : minimal installation (CLI) |
| |
----------------------------------------------------------
Your Choice: full
In this chapter you can use the provided hardening measures, also here you have the possibility to choose either one or more settings.
Notice: If you want to skip this part in the future, use the parameter -sH
when starting Yggdrasil.
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
๐ ๐
๐ Yggdrasil ๐
๐ Version 0.8 ๐
๐ Rainer Christian Bjoern Herold ๐
๐ ๐
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
----------------------------------------------------------
| |
| [1] complete : complete configuration |
| [2] Firewall : firewall configuration |
| [3] Sysctl (OS) : sysctl hardening |
| [4] SSH : SSH hardening |
| [5] Apache : Apache hardening |
| [6] nginx : nginx hardening |
| |
----------------------------------------------------------
Your Choice: 1
If you selected SSH hardening
in the previous step, then you will be prompted to select one of the available local IP addresses.
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
๐ ๐
๐ Yggdrasil ๐
๐ Version 0.8 ๐
๐ Rainer Christian Bjoern Herold ๐
๐ ๐
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
Please select an IP address to be used
for SSH configuration
----------------------------------------------------------
eth0:
- 192.168.56.2 (IPv4)
- fe80::XXX:XXXX:XXXX:XXXX (IPv6)
----------------------------------------------------------
Your Choice: 192.168.56.2
Here you can use the best practice settings, also here it is possible that several can be selected.
Notice: If you want to skip this part in the future, use the parameter -sC
when starting Yggdrasil.
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
๐ ๐
๐ Yggdrasil ๐
๐ Version 0.9 ๐
๐ Rainer Christian Bjoern Herold ๐
๐ ๐
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
-----------------------------------------------------------
| |
| [1] complete : complete configuration |
| [2] updates : automated updates |
| (APT|Docker|Git Packages|Pip) |
| [3] alias : custom configs |
| (alias|.bashrc|.zshrc) |
| [4] screenrc : custom screenrc config |
| [5] vim : custom vim config |
| [6] repo : kali repository change |
| [7] shredder : workspace file shredding script |
| (after 90 days [default]) |
| |
-----------------------------------------------------------
Your Choice: 1
If you selected the vim
configuration in the previous step, you will now have the choice between two custom configurations.
Thanks here again to the people @HomeSen
and @nayaningaloo
.
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
๐ ๐
๐ Yggdrasil ๐
๐ Version 0.9 ๐
๐ Rainer Christian Bjoern Herold ๐
๐ ๐
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
-----------------------------------------------------------------
| |
| [1] homesen : custom vim config (@HomeSen) |
| [2] nayaningaloo : custom vim config (@nayaningaloo) |
| |
-----------------------------------------------------------------
Your Choice: 1
If you have selected either the Updater
or the Shredder
function, you will be redirected to the page below where you have the choice of creating the automated tasks as either a Cronjob
or Systemd Unit
.
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
๐ ๐
๐ Yggdrasil ๐
๐ Version 0.9 ๐
๐ Rainer Christian Bjoern Herold ๐
๐ ๐
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
-----------------------------------------------------------
| |
| [1] cronjob : cronjob configuration |
| [2] timer : systemd timer configuration |
| |
-----------------------------------------------------------
Your Choice: 1
In the next step, the script will go through all the configured steps and install the tools like in the example below.
If you are already familiar with the program, then you can also run it completely automatically using the cat <<EOF
command.
# Automated Variant text based without Hardening
cat <<EOF | sudo python3 /opt/Yggdrasil/yggdrasil.py -sH
pentest
infrastructure
full
complete
homesen
cronjob
EOF
# Automated Variant without Hardening with numbers
cat <<EOF | sudo python3 /opt/Yggdrasil/yggdrasil.py -sH
4
1
1
1
1
1
EOF
# Automated Variant with multiple pentesting categories without Hardening with numbers
cat <<EOF | sudo python3 /opt/Yggdrasil/yggdrasil.py -sH
4
1,5
1
1
1
EOF
Notice: Make sure that if you use the Complete installation from Hardening part, that you also specify the IP address for the SSH server, otherwise you will end up in an exception.
# Automated Variant with multiple pentesting categories text based
cat <<EOF | sudo python3 /opt/Yggdrasil/yggdrasil.py
pentest
infrastructure,web
complete
192.168.2.1
complete
homesen
cronjob
EOF
# Automated Variant with multiple pentesting categories with numbers
cat <<EOF | sudo python3 /opt/Yggdrasil/yggdrasil.py
4
1,5
1
192.168.2.1
1
1
1
EOF
If you have chosen the provided alias configuration
, you can use the aliases listed in the next chapter.
In some cases, you may end up on a Windows jumphost through a Citrix host and have no way to post-install tools unless you attempt unauthorized actions. The problem here is that either X11 forwarding is disabled for an SSH session or you have no way to install an X11 client on the jump host, however in some cases you may be able to reach your Kali instance from the jump host on any ports, you can use this to set up a VNC server to use applications like BURP Suite.
In advance, security aspects were also taken into account, since VNC natively acts unencrypted, here, for example, encrypted transmission via a proxy server was ensured and at the same time a password constraint was added to the alias, so that you should not use the same one every time. Furthermore, it is also possible that you accidentally set up the alias and forget to turn off the server again, which would be a vulnerability per se, to counteract this, an idle timeout was set to 900 seconds
.
So you can use the alias yggdrasil-vnc
to set up the instance, then open the browser on the jumphost and enter the URL https://your-kali-machine:8081
.
Notice: In some cases it can happen that the machine is not simply accessible, try here a SSH tunneling and bind the port in your browser, should this also not work, then the variant is omitted.
In some cases, for example, you may receive an entire network as a target, in which case your Kali machine may also be located. As a result, it would be possible that you discover yourself with multiple vulnerabilities, to avoid this, this feature was built.
Whenever nmap is called, all local addresses are automatically included as exclude parameters, so if you have a network (e.g. 192.168.30.0/24
) as target and your machine has the IP address 192.168.30.50
, this and also the local IPv6 addresses
will be ignored
.
# Nmap 7.93 scan initiated Thu Feb 16 06:28:47 2023 as:
nmap --exclude 127.0.0.1,::1,192.168.30.50,fe80::20c:29ff:fe69:66b3,172.17.0.1 192.168.30.1
Nmap scan report for 192.168.30.1
Host is up (0.00054s latency).
...
In many cases it can happen that sometimes tools were downloaded via Github, which may not have been fully operational at that time, for this purpose automated tasks were also built, but they always start after 5 hours
.
To speed up the process and manually pull updates from the repos, the alias git-tools-update
was created.
Furthermore, a manual updater for the package manager Cargo
has also been created, which can be called using cargo-tools-update
.
Important: Be careful not to remove the two files update.info
and update_cargo.info
from your installation directory, they contain the packages that will be updated.
Notice: Only the tools installed by Yggdrasil are affected by an update.
Last but not least, in some cases an annoying message may appear from the microcode
, which can be tried to be fixed using the provided alias microcode-update
.
In some cases, you may need certain URLs and lack the time to always set them up as home pages in the browser.
Alias | Description |
---|---|
yggdrasil-education | This alias is used to load pages into your default browser, which can be used for training purposes. |
yggdrasil-forensic | This alias is used to load web pages into your browser that are relevant for forensic purposes. |
yggdrasil-hardening | This alias is used to load web pages that are relevant for hardening purposes. |
yggdrasil-osint | This alias opens URLs that are relevant for OSINT. |
yggdrasil-pentesting | This alias is used to load web pages into your browser that are relevant for pentest purposes. (Available at Version 0.9b) |
In addition, I have developed another tool TYR, which also loads URLs automatically into the default browser. This is integrated by default in Yggdrasil if you have selected the Penetration Testing
category Web
during the installation.
After installing Yggdrasil you will get a colored output of minor information, sometimes it may be needed again, to ensure this, this feature was built.
With the alias yggdrasil-info
the output can be given up as often as you like.
In some cases, you may not be able to install various cargo packages due to an outdated version of Rust.
With the alias yggdrasil-rust-update
you can try to update the current Rust version.
Notice: Only available at version 0.9b
You can open up one of the configuration files and add your own tools to the list to customize it to your liking (Make sure that the heading must always begin with a #
).
In this example we take the configuration file for infrastructure penetration testing
, which can be found under the following path Config/Linux/Pentest/Infrastructure/minimal.txt
Notice: The minimal.txt
is set for special installation, e.g. if you are designing internal penetration tests remotely and can only connect to your target system via SSH and have no way to use GUI-based applications unless X11 forwarding is available.
After opening the file minimal.txt
with an editor of your choice, you will now see a number of tools that have already been defined for various package managers.
# APT
bloodhound
dhcpig
fcrackzip
...
In this example we add the tool Feroxbuster
under the header #APT
, now at the next start the added tool will be installed.
Notice: When inserting new tools, make sure that you add it to the correct section of the respective package manager.
# APT
bloodhound
dhcpig
fcrackzip
feroxbuster
.....
Now you can add more tools as you wish.
When you arrive at the Wget
section, you need to see that they follow the structure below.
URL Name Method
- Insert a
URL
in thefirst position
and make sure that the links can be called with a direct download and are not provided with a timer. - Note the
name
of the program to thesecond place
, this is necessary that the file is named with a simpler name during the download and thus it is also easier to filter. - In the
third place
now follows themethod
, what kind of format the file has and how the program should behave, for example to unpack an archive. A detailed list of the available methods follows in the next chapter.
With the Archive
argument you specify that you are downloading an archive, which is then loaded into the provided Python script and unpacked.
# Wget
https://dl.pstmn.io/download/latest/linux64 Postman Archive
The argument DPKG
is used to download a package, which will be imported/installed afterwards.
# Wget
https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb chrome DPKG
With Executeable
, you specify that you are downloading an executable file that is for example downloadable via Github like kerbrute.
# Wget
https://github.com/ropnop/kerbrute/releases/download/v1.0.3/kerbrute_linux_amd64 kerbrute Executeable
The Installer
argument specifies that you download an installation package like .msi, which is subsequently launched, as is done with the Soap UI ready, for example, if you use the template for web penetration testing.
# Wget
https://sh.rustup.rs rust Installer
With the Extension
argument you specify that a browser addon should be installed. This has already been implemented for the Web Penetration Testing Template, for example.
Notice: Currently this is only possible for Firefox.
# Wget
https://addons.mozilla.org/android/downloads/file/3616824/foxyproxy_standard-7.5.1.xpi foxyproxy Extension
You can also build the file from scratch. To do this, navigate to the directory Config/Linux/Custom
and edit the file install.txt
# APT
# Cargo
# Docker
# Gem
# Git
# Git_Branch
# Git_Submodules
# Go
# Python
# Wget
# Wordlists
After that, start the tool and select the Custom
category to use your self-created list.
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
๐ ๐
๐ Yggdrasil ๐
๐ Version 0.9 ๐
๐ Rainer Christian Bjoern Herold ๐
๐ ๐
๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐
Please choose between one category
----------------------------------------------------------
| |
| [1] complete : installation of both toolkits |
| [2] custom : installation of custom tools |
| [3] forensic : installation of forensic tools |
| [4] pentest : installation of pentest tools |
| [5] hardening : installation of hardening tools |
| [6] training : installation of training tools |
| |
----------------------------------------------------------
Your Choice: custom
In addition, it is also possible that you can place your own scripts or packages in the provided Custom
directory or your own directory and use them in the installation script.
For this, you must use the parameter -cP
in combination with the absolute path, as in the example below
Currently the following formats are available to install external scripts or packages:
- Bash/Shell
- DPKG
python3 /opt/Yggdrasil/yggdrasil.py -cP /mnt/MY_DIRECTORY
In the context of the development of the tool, I would like to thank the following people for their contribution:
- atreus92
- cddmp
- Explie
- GhostActive
- HomeSen
- ikstream
- janstarke
- julion-m
- nayaningaloo
- pyxon73
- SandySchoene
- SecMyth
But also the developer would like to thank the people who do not have a GitHub account and have helped the success of the tool in any way.
It should be said that the scripts are still under development, but already allow an easier start to perform as a penetration tester or digital forensics, certain pre-settings.