/nixos

Pentest focused NixOS config

Primary LanguageHTMLGNU General Public License v3.0GPL-3.0

How?

I have added some flakes to get others up and running with this amazing config.

Please install NixOS with the ISO installer (Graphical or Minimal[Expert ONLY])

To use setup out of the box when installing system use (change when your system is up and running or edit the config.nix files beforehand to reflect what your user name and passwords are):

user name = user

user password = user

Then place the MaxOS zip folder onto your system (unzip it).

Open your console or Command Line program of choice.

Change Directory(cd) to the maxos file location.

You have many flakes to choose from. The ones I have modified for generic use and exploration are:

  • nixos (NixOS with Gnome and some premade customizations)
  • maxos (NixOS with Gnome and the majority of the original customizations and programs)
  • maxos_lite (NixOS with Gnome and the majority of the original customizations, many programs omitted)

From the above list choose which is best for you (there are more configurations in flake.nix if you'd like to see the original authors configurations).

Copy your hardware-configuration.nix from /etc/nixos folder to the coresponding folder of either nixos or maxos (depending on your flake selection) into the maxos/hosts/(maxos or nixos)/.

In the console type: "sudo nixos-rebuild switch --flake .#(flake of choice) --impure"

Replace "(flake of choice)" with one of the options above. Do not use quotes, parentheses, or brackets. EX .#nixos, .#maxos_lite, .#maxos, ...

Most of the system configurations are within the ./flake.nix, ./config/shared.nix, and ./hosts/(folder of flake name)/(configuration.nix and home.nix).

Original Doc

Give me six hours to chop down a tree and I will spend the first four sharpening the ax.

Abraham Lincoln

What?

NixOS config geared towards pentesters and security researchers.

Why?

TL;DR - This VM / build will probably be useful for pentesting exams and people interested in security research.

The goal of this NixOS config is to bundle as many bookmarks / shell aliases / docker images / Firefox extensions / git repos / tools as possible to make my pentesting life easier. I didn't invest the time to customise my base installation before because these customisations were not easily or consistently portable.

I didn't want to invest the time customising a machine, getting used to the customisations, and then having to tweak a new build to get to the same place. This all changed when I discovered NixOS. Now I can customise to my heart's content (almost, with the exception of Firefox extension settings) and deploy these customisations on any device.

My quest to divorce the data from the tin continues..

Where?

The easiest way to get up and running is via the nightly OVA image available here (9.8GB). The VM comes with KDE rather than i3wm by default because I appreciate that you probably don't want to learn all of my i3wm shortcuts. You can of course build your own VM using the build_vm_virtualbox.sh script and by customising the VirtualBox VM "host" file.

Security warning

I have made a conscious effort to ensure that docker images and tools which run on this build are only accessible on your machine, but I don't have a build pipeline which checks this, nor do I scan this repo for security issues. You have been warned.

Highlights

This NixOS config comes with a few things to make my life easier while pentesting (some of these resources are available after running the resources.sh script).

  • Over 521 software packages
  • 329 zsh aliases
  • Over 450 security-focused bookmarks:
    • 63 podcasts
    • 65 YouTube channels / playlists
    • 47 online labs
    • 34 news resources
    • 29 search engines
    • 24 newsletters
    • 17 Telegram channels
  • 304 git repos
  • 173 docker images
  • 36 web applications
  • 28 Firefox extensions
  • Text-only offline Wikipedia
  • Jupyter Notebooks for pentesting

Security-focused Firefox bookmarks

Here are some security-focused Firefox bookmarks.

Some Firefox bookmarks

ZSH aliases

All available here (and more).

localhost.run filebrowser

Deploy externally accessible, web-based file browser in one command.

a-localhostrun-filebrowser

localhost.run nginx

Deploy externally accessible nginx instance in one command.

a-localhostrun-filebrowser

Vulnerable labs

Deploy a vulnerable lab in one command.

d-lab-start

Ubuntu docker image and port

Deploy an Ubuntu docker image with an arbitrary port exposed in one command.

d-shellhereport

One line SMB server in CWD

Deploy an SMB share in the current working directory in one command.

d-smbservehere

Tor array

Deploy a Tor array (a arbitrary number of docker instances which all connect to the Tor network individually and expose incrementing ports) in one command.

d-tor-array

resources.sh

This script it pretty important to the build. I haven't got it building on top of the VM image yet, but it's responsible for pulling git repos, docker images, and other resources. I recommend you run this if you install maxos.

resources.sh

Install

Build VM

docker build . -t maxos-vm-builder
docker run --privileged -v `pwd`:/mnt maxos-vm-builder

Base Install

Use unstable ISO (https://www.google.com/search?q=nixos+iso+unstable) for flake support.

Get repo

# Set SSH key for GitHub
nix-env -i git
git clone git@github.com:rascal999/maxos.git
cd maxos/

OR

curl -L https://bit.ly/3yCeldM -o master.zip
unzip master.zip
cd maxos-master/

Install

./scripts/init.sh