Skip to content

Commit

Permalink
Merge branch 'main' of https://github.com/SpecterOps/Nemesis
Browse files Browse the repository at this point in the history
  • Loading branch information
t94j0 committed Apr 26, 2024
2 parents b792691 + 0563ef6 commit 13dae03
Show file tree
Hide file tree
Showing 9 changed files with 183 additions and 148 deletions.
35 changes: 35 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Changelog
All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).


## [1.0.0] - 2024-04-25

### Added

- Proper host and temporal modeling
- Helm charts for deployment and publishing of images to [Dockerhub](https://hub.docker.com/u/specterops)
- Hasura API endpoint
- Additional documentation, including (finally) a usage guide
- Hosting of documentation on [GitHub Pages](https://specterops.github.io/Nemesis/)
- `monitor` command to submit_to_nemesis.sh for continual file submission
- Jupyter notebooks back into the stack
- Processing for Chromium JSON cookie dumps
- Automatic expunging of expired data via the `data_expunge` task

### Changed

- Dropped Docker/Minikube support, replaced with k3s
- Drastically simplified/streamlined setup process
- Any compatible file is now handled by Apache Tika instead of a subset
- Removed the Tensorflow model hosting and DeepPass as the model just wasn't accurate enough to be useful
- Streamlined NLP indexing to prevent choking and exposed a /nlp/ route for search
- Streamlined hash cracking and added in deduplication so hashes aren’t cracked twice
- Revamped text search to use fuzzy search fused with semantic search
- Countless Dashboard changes

### Fixed

- Too many bugs to count
6 changes: 4 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<hr />

<p align="center">
<img src="https://img.shields.io/badge/version-0.1.0a-blue" alt="version 0.1.0a"/>
<img src="https://img.shields.io/badge/version-1.0.0-blue" alt="version 1.0.0"/>
<a href="https://join.slack.com/t/bloodhoundhq/shared_invite/zt-1tgq6ojd2-ixpx5nz9Wjtbhc3i8AVAWw">
<img src="https://img.shields.io/badge/Slack-%23nemesis—chat-blueviolet?logo=slack" alt="Slack"/>
</a>
Expand Down Expand Up @@ -48,6 +48,8 @@ See [development.md](./docs/development.md)

| Post Name | Publication Date | Link |
|---------------------------------------------|------------------|------------------------------------------------------------------------------------|
| *Nemesis 1.0.0* | Apr 25, 2024 | https://posts.specterops.io/nemesis-1-0-0-8c6b745dc7c5 |
| *Summoning RAGnarok With Your Nemesis* | Mar 13, 2024 | https://posts.specterops.io/summoning-ragnarok-with-your-nemesis-7c4f0577c93b |
| *Shadow Wizard Registry Gang: Structured Registry Querying* | Sep 5, 2023 | https://posts.specterops.io/shadow-wizard-registry-gang-structured-registry-querying-9a2fab62a26f |
| *Hacking With Your Nemesis* | Aug 9, 2023 | https://posts.specterops.io/hacking-with-your-nemesis-7861f75fcab4 |
| *Challenges In Post-Exploitation Workflows* | Aug 2, 2023 | https://posts.specterops.io/challenges-in-post-exploitation-workflows-2b3469810fe9 |
Expand All @@ -58,4 +60,4 @@ See [development.md](./docs/development.md)

Nemesis is built on large chunk of other people's work. Throughout the codebase we've provided citations, references, and applicable licenses for anything used or adapted from public sources. If we're forgotten proper credit anywhere, please let us know or submit a pull request!

We also want to acknowledge Evan McBroom, Hope Walker, and Carlo Alcantara from SpecterOps for their help with the initial Nemesis concept and amazing feedback throughout the development process.
We also want to acknowledge Evan McBroom, Hope Walker, and Carlo Alcantara from [SpecterOps](https://specterops.io/) for their help with the initial Nemesis concept and amazing feedback throughout the development process. Also thanks to [Matt Ehrnschwender](https://twitter.com/M_alphaaa) for tons of k3s and GitHub workflow help!
37 changes: 37 additions & 0 deletions debian_k3s_prereqs_only.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#!/bin/bash

sudo pwd &> /dev/null

if ! command -v curl &> /dev/null; then
echo -e "[*] curl could not be found, attempting to install...\n"
sudo apt-get update
sudo apt-get install curl -y
fi

clear -x

# Step 1: Install k3s
echo -e "\n[*] Installing k3s...\n"
curl -sfL https://get.k3s.io | sh -
mkdir -p ~/.kube && sudo k3s kubectl config view --raw > ~/.kube/config
chmod 600 ~/.kube/config
export KUBECONFIG=~/.kube/config

# Step 2: Install Helm
echo -e "\n[*] Installing Helm...\n"
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
sudo apt-get install apt-transport-https --yes
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sleep 10
sudo apt-get install helm

# Step 3: Install Dependencies with Helm
echo -e "\n[*] Installing Dependencies with Helm...\n"
helm install elastic-operator eck-operator --repo https://helm.elastic.co --namespace elastic-system --create-namespace --set managedNamespaces='{default}'

clear -x
echo -e "\n[*] Nemesis k3s prereqs installed."
echo -e "[*] Install Nemesis with:\n"
echo -e "\thelm install --repo https://specterops.github.io/Nemesis/ nemesis-quickstart quickstart"
echo -e "\thelm install --repo https://specterops.github.io/Nemesis/ nemesis nemesis --timeout '45m' --set operation.nemesisHttpServer="https://\<IP\>:443/"\n"
98 changes: 98 additions & 0 deletions debian_k3s_setup.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
#!/bin/bash

sudo pwd &> /dev/null

if ! command -v curl &> /dev/null; then
echo -e "[*] curl could not be found, attempting to install...\n"
sudo apt-get update
sudo apt-get install curl -y
fi

validate_ip() {
if [[ $1 =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
IFS='.' read -r -a octets <<< "$1"
for octet in "${octets[@]}"; do
if (( octet > 255 )); then
return 1
fi
done
return 0
else
return 1
fi
}

clear -x

if [ -z "$1" ]; then
while true; do
read -p "No IP address provided. Would you like to use the default IP 127.0.0.1 or enter another? (y/n): " answer
answer=$(echo "$answer" | tr '[:upper:]' '[:lower:]')

if [[ "$answer" == "y" ]]; then
read -p "Enter an IP address or press enter to use 127.0.0.1: " user_ip
if [ -z "$user_ip" ]; then
IP="127.0.0.1"
elif validate_ip "$user_ip"; then
IP="$user_ip"
else
echo "Invalid IP address format. Please enter a valid IPv4 address."
continue
fi
break
elif [[ "$answer" == "n" ]]; then
echo "No IP set, exiting script."
exit 1
else
echo "Please answer 'y' or 'n'."
fi
done
else
# IP was provided as argument, validate it
if validate_ip "$1"; then
IP="$1"
else
echo "Invalid IP address provided."
exit 1
fi
fi

echo "[*] Using IP: $IP"

# Step 1: Install k3s
echo -e "\n[*] Installing k3s...\n"
curl -sfL https://get.k3s.io | sh -
mkdir -p ~/.kube && sudo k3s kubectl config view --raw > ~/.kube/config
chmod 600 ~/.kube/config
export KUBECONFIG=~/.kube/config

# Step 2: Install Helm
echo -e "\n[*] Installing Helm...\n"
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
sudo apt-get install apt-transport-https --yes
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sleep 10
sudo apt-get install helm

# Step 3: Install Dependencies with Helm
echo -e "\n[*] Installing Dependencies with Helm...\n"
helm install elastic-operator eck-operator --repo https://helm.elastic.co --namespace elastic-system --create-namespace --set managedNamespaces='{default}'

# Step 4: Install the quickstart Chart
sleep 30
echo -e "\n[*] Installing Quickstart chart...\n"
helm install --repo https://specterops.github.io/Nemesis/ nemesis-quickstart quickstart

# Step 5: Install Nemesis chart
sleep 30
echo -e "\n[*] Installing Nemesis chart...\n"
helm install --repo https://specterops.github.io/Nemesis/ nemesis nemesis --timeout '45m' --set operation.nemesisHttpServer="https://$IP:443/"

export NEMESIS_BASIC_AUTH_USER=$(sudo kubectl get secret --namespace "default" basic-auth -o jsonpath="{.data.username}" | base64 -d)
export NEMESIS_BASIC_AUTH_PASSWORD=$(sudo kubectl get secret --namespace "default" basic-auth -o jsonpath="{.data.password}" | base64 -d)

clear -x
echo -e "\n[*] Nemesis installed, but some pods may still be standing up for the next 5-10 minutes."
echo -e "[*] You can check pod deployment status with 'sudo kubectl get pods -A'"
echo -e "[*] Once all pods are up, browse to https://$IP:443/ and log in with '$NEMESIS_BASIC_AUTH_USER:$NEMESIS_BASIC_AUTH_PASSWORD'\n"
60 changes: 0 additions & 60 deletions debian_minikube_prereqs_only.sh

This file was deleted.

81 changes: 0 additions & 81 deletions debian_minikube_setup.sh

This file was deleted.

10 changes: 7 additions & 3 deletions docs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<hr />

<p align="center">
<img src="https://img.shields.io/badge/version-0.1.0a-blue" alt="version 0.1.0a"/>
<img src="https://img.shields.io/badge/version-1.0.0-blue" alt="version 1.0.0"/>
<a href="https://join.slack.com/t/bloodhoundhq/shared_invite/zt-1tgq6ojd2-ixpx5nz9Wjtbhc3i8AVAWw">
<img src="https://img.shields.io/badge/Slack-%23nemesis—chat-blueviolet?logo=slack" alt="Slack"/>
</a>
Expand Down Expand Up @@ -34,7 +34,9 @@ Built on Kubernetes with scale in mind, our goal with Nemesis was to create a ce
Nemesis aims to automate a number of repetitive tasks operators encounter on engagements, empower operators’ analytic capabilities and collective knowledge, and create structured and unstructured data stores of as much operational data as possible to help guide future research and facilitate offensive data analysis.

## Setup / Installation
See the [setup instructions](setup.md).
Follow the [quickstart guide](quickstart.md)

Or see the full [setup instructions](setup.md)

## Usage
See the [Nemesis Usage Guide](usage_guide.md).
Expand All @@ -46,6 +48,8 @@ See [development.md](development.md)

| Post Name | Publication Date | Link |
|---------------------------------------------|------------------|------------------------------------------------------------------------------------|
| *Nemesis 1.0.0* | Apr 25, 2024 | https://posts.specterops.io/nemesis-1-0-0-8c6b745dc7c5 |
| *Summoning RAGnarok With Your Nemesis* | Mar 13, 2024 | https://posts.specterops.io/summoning-ragnarok-with-your-nemesis-7c4f0577c93b |
| *Shadow Wizard Registry Gang: Structured Registry Querying* | Sep 5, 2023 | https://posts.specterops.io/shadow-wizard-registry-gang-structured-registry-querying-9a2fab62a26f |
| *Hacking With Your Nemesis* | Aug 9, 2023 | https://posts.specterops.io/hacking-with-your-nemesis-7861f75fcab4 |
| *Challenges In Post-Exploitation Workflows* | Aug 2, 2023 | https://posts.specterops.io/challenges-in-post-exploitation-workflows-2b3469810fe9 |
Expand All @@ -56,4 +60,4 @@ See [development.md](development.md)

Nemesis is built on large chunk of other people's work. Throughout the codebase we've provided citations, references, and applicable licenses for anything used or adapted from public sources. If we're forgotten proper credit anywhere, please let us know or submit a pull request!

We also want to acknowledge Evan McBroom, Hope Walker, and Carlo Alcantara from SpecterOps for their help with the initial Nemesis concept and amazing feedback throughout the development process.
We also want to acknowledge Evan McBroom, Hope Walker, and Carlo Alcantara from [SpecterOps](https://specterops.io/) for their help with the initial Nemesis concept and amazing feedback throughout the development process. Also thanks to [Matt Ehrnschwender](https://twitter.com/M_alphaaa) for tons of k3s and GitHub workflow help!
2 changes: 1 addition & 1 deletion docs/new_connector.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ r = requests.request("POST", f"{NEMESIS_URL}/data", auth=basic, data=data, heade

## Other Structured Data

For other types of structured data, only a single message needs to be posted to the `http://<NEMESIS_URL>/api/data` API route, e.g. Step 2 in the downloading processing example. The `metadata["data_type"]` field should be one of the types defined in the [ODR](odr/references/). The appropriate ODR document will also define the fields and structure needed for the datatype.
For other types of structured data, only a single message needs to be posted to the `http://<NEMESIS_URL>/api/data` API route, e.g. Step 2 in the downloading processing example. The `metadata["data_type"]` field should be one of the types defined in the [ODR](https://github.com/SpecterOps/Nemesis/tree/main/docs/odr). The appropriate ODR document will also define the fields and structure needed for the datatype.

Note that the "data" section of the message is an array of dictionaries, i.e., multiple instances of a datatype can be posted in a single message. For example, multiple process messages can exist in the single post.

Expand Down
Loading

0 comments on commit 13dae03

Please sign in to comment.