This blog describes a quick and simple BASH script I wrote when I started doing penetration testing with Synack's Red Team. I wanted to write an easy and straightforward script before starting to scan targets.
Once a project is selected, a VPN configuration is generated and used to VPN into the Launchpoint, which acts as a gateway for all traffic destined for the target's network. The VPN is stable and has not failed me yet, but what if it did? The VPN configuration pushes all Internet-bound traffic through the VPN, as along as it is up. If you kicked off a scan to run overnight and all of the sudden the VPN connection drops, that traffic will start leaving your home or office's network and head straight to the target network. I did not want to risk explaining myself to my ISP, the FBI, or the target organization.
To prevent this, I developed a quick BASH script, called srt_fw.sh, to run before starting a Synack Red Team project. It does three things:
- Prompts for any domains to block and does a DNS lookup on the IPs
- Prompts for any IP addresses to block
- Uses ufw or iptables (your choice) to loop through the IPs and create firewall rules to prevent direct communication with them on my primary Kali network interface
The domains and IP addresses are provided in the project details and can be copy/pasted. It also has optional commands to allow SSH and dnmap if you VPN into the Launchpoint from distributed servers. Another useful byproduct is the target_ips.txt file which can be used to feed into other tools, like nmap:
nmap -iL target_ips.txt
The code can be found here https://github.com/opsdisk/srt_fw. I plan on improving it in time and want to develop a simple batch script for the Windows OS as well.
Comments, suggestions, and improvements are always welcome. Be sure to follow @opsdisk on Twitter for the latest updates.