Skip to content

Pentesting framework with shell integrations designed for workflow automation

License

Notifications You must be signed in to change notification settings

Twilight4/nobility

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Table of Contents

Nobility

Nobility is an organized colletion of shell modules designed to streamline your pentesting workflow by leveraging shell integrations such as autocompletion and prefilling, optimizing the productivity of your work and liberatating you from the hassle of juggling notes, endless copying and pasting, and tedious command editing.

This tool is tailored for security consultants. Unlike other pentesting frameworks like Metasploit, which primarily focuses on post-exploitation, Nobility provides a customizable arsenal of 50 modules and over 500 commands, fully written in Zsh for comprehensive workflow automation which you can call directly from the shell prompt, allowing for seamless adaptation to your specific needs and enhancing red-teaming and network pentesting activities.

Nobility helps you remember how to use every tool in your arsenal and doesn't hide them behind scripting that can be cumbersome to maintain or update. Each Nobility module is interactive, sparing the need to memorize the syntax. Simply execute the module like so: nb-recon-subs-ffuf, and Nobility will prompt you for all required options. Utilize Nobility to build a composable, on-the-fly workflow for every scenario.

Key Features

  • Prefilled Commands: Streamlines terminal integrations by automatically prefilling commands
  • Organized Commands: Well-organized commands with tab auto-completion
  • Seamless Integration: Zsh/Oh-My-Zsh shell plugin ensures easy integration into your environment
  • Customizable Settings: Tailor Nobility to your preferences with customizable settings and global variables
  • Recon Phase: Access OSINT commands for efficient information gathering
  • Enumeration Phase: Assistance in enumerating common services, saving time in penetration testing
  • Exploit Phase: Assistance in compiling exploits for simplified vulnerability exploitation
  • AD Phase: Assistance in Active Directory exploitation, enumeration and attacks
  • Reverse Shell Handlers: Manage reverse shell handlers easily, enhancing network-pentesting capabilities
  • Content Serving Commands: Serve content effortlessly, making file sharing and testing straightforward
  • Linux System Management: Optimized for Linux management, simplifying system tasks
  • Dependency Installers: Includes installers for dependencies, ensuring a smooth and hassle-free setup process

Distributions Compatibility

Although Nobility only requires zsh shell to run successfully, the compatibility with system-specific commands like nb-install may vary depending on your linux distribution.

  • Arch Linux: Very supported and thoroughly tested for all features.
  • Debian: Mostly supported; while most functionalities work well, the nb-install-* commands have not been specifically tested on this platform and their compatibility may vary.
  • macOS: Partially supported; the nb-install-* commands will not work and it's recommended to avoid using them on this platform.

Installation

Nobility only requires Zsh shell.

Installation Method #1: Manually

# Clone the repo to your zsh directory
git clone https://github.com/Twilight4/nobility.git ~/.config/nobility

# Source the plugin in `~/.zshrc`
echo 'source ~/.config/nobility/nobility.plugin.zsh' >> ~/.zshrc

# Source `~/.zshrc` to load the plugin
source ~/.zshrc

Installation Method #2: Oh-my-zsh

# Clone the repo to your oh-my-zsh custom plugins directory
git clone https://github.com/Twilight4/nobility.git ~/.oh-my-zsh/custom/plugins/nobility

# Edit `~/.zshrc` to load the plugin
plugins=(git nobility)

# Source `~/.zshrc` to load the plugin
source ~/.zshrc

Updating

Simply run the nb-update command. If you did not modify any of the content in the nobility directory, this will pull the latest code from this GitHub repository, after which you can run nobility modules as usual.

Tip: Zsh completion menu

For enhanced completion selection menu I recommend fzf-tab plugin.

screenshot

Getting Started

Nobility categorizes commands into namespaces, denoted by the nb- prefix, exemplified by commands like nb-enum-web or nb-recon-domains. To see an overview of all namespaces simply use nb-help command.

Each namespace features its own dedicated help command, such as nb-enum-web-help which provides a listing of available web enumeration commands. All commands support tab completion and search.

Installing Dependencies

To set up the necessary dependencies for each namespace, execute the nb-<NAMESPACE>-install command. This command ensures the installation of all tools relevant to the specified namespace. For installation of tools across all namespaces, use the nb-install-all command.

Workflow Design

Nobility is designed to offer a sophisticated and flexible workflow. It eliminates the conventional, tedious process of manually navigating through notes, searching for commands, copying, pasting, and adjusting values before execution.

In contrast to heavily automated scripts or frameworks that execute entire workflows, often obfuscating the underlying tools and techniques which are cumbersome to modify, Nobility strikes a balance. Embracing the principles of the KISS principle (Keep It Simple, Stupid), each module within Nobility is deliberately small and distinct, minimizing unnecessary complications. This design allows you to quickly execute individual commands, providing well-organized output.

This approach enables you to compose your workflow dynamically, adapting to specific targets and contextual requirements. This flexibility is achieved without the brittleness and complexity associated with fully automated solutions.

Example Workflow

Variables

Namespaces take care of managing the variable commands for you by default e.g. commands such as nb-vars-save are used to persist the vars in other terminal sessions and nb-vars-load to load the previously saved vars in new terminal sessions, one useful command is nb-vars-clear used to clear all the saved variables.

It's recommended to set the nb-vars-load command in the .zshrc file to run load the vars on startup:

# Load nobility variables quietly
if [ -d ~/.config/zsh/plugins/nobility ]; then
    nb-vars-load &>/dev/null
fi

Pre-Engagement

# Create a project structure
nb-project-start

# Set target IP to /etc/hosts
nb-project-host

# Set some session variables for the target 
nb-vars-set-domain
nb-vars-set-network
nb-vars-set-user
nb-vars-set-pass

# Save variables for other terminal sessions
nb-vars-save

# Generate scope files from the target url
nb-project-rescope

Web Recon

# Scan the network all ports with TCP syn using rustscan
nb-enum-network-rustscan-all

# Identifying technologies
nb-enum-web-whatweb

# Download out robots.txt
nb-enum-web-dirs-robots

# Subdomain enumeration
nb-enum-web-vhosts-gobuster
nb-recon-subs-ffuf
nb-recon-subs-subfinder

# Resolve and parse subdomains
nb-recon-subs-resolve-massdns
nb-recon-subs-resolve-parse

# Directory brute force
nb-enum-web-dirs-gobuster 
nb-enum-web-dirs-ffuf

# Web vuln scanners
nb-enum-web-vuln-nikto

# Enumerate wordpress website
nb-enum-web-wordpress

# Brute force web auth password for post request
nb-enum-web-fuzz-password-hydra-form-post

# Brute force auth login with post request
nb-enum-web-fuzz-login-hydra-form-post

# ID a WAF if present
nb-enum-web-waf

# Parse SSL certs
nb-enum-web-ssl-certs

# Spider the site
nb-enum-web-gospider

Organization OSINT

# Search for target files
nb-recon-org-files

# Search downloaded files for URLs
nb-recon-org-files-urls

# Mine github repos for secrets
nb-recon-github-gitrob

# Check DNS records
nb-enum-dns-dnsrecon

# Mine data about a target domain
nb-recon-org-theharvester

Active Directory

# SMB Relay
nb-ad-smb-relay-enum
nb-ad-smb-responder
nb-ad-smb-relay-ntlmrelay

# IPv6 Attack
nb-ad-ipv6

# Domain Enumeration
nb-ad-enum-ldapdomaindump

# Kerberoasting
nb-ad-kerb-kerberoast

# Hash Dump
nb-ad-dump-secrets

# GPP Attack
nb-ad-gpp

# Dump NTDS database
nb-ad-dump-ntds

About

Pentesting framework with shell integrations designed for workflow automation

Topics

Resources

License

Stars

Watchers

Forks

Languages