LootMarshal
LootMarshal is an API server used to manage storage of credentials and files. Pentesters and Red Teamers tend to organize credentials and files of interesting in a variety of ways and LootMarshal aims to help keep testers organized.
Getting Started
Prerequisites
- Python 3.8
Installing
LootMarshal is written in a Poetry environment. However, poetry is not required to install LootMarshal. You may use pip>=19.0 to install with the pyproject.toml
file. It is HIGHLY RECOMMENDED that you install this tool in a virtual environment.
Poetry: poetry install
Pipenv: pipenv install .
Pip: pip install .
Usage
LootMarshal is provided as two parts: Server and CLI. While the CLI provided will be kept up to parity with server functions, you are free to implement your own CLI to interact with the server in any manner you'd like.
Implement your backend handler
Currently, the available backends available for LootMarshal are:
- Azure
Azure
-
Create credentials for LootMarshal to use. LootMarshal can only be configured to run with a Service Principal client ID and secret (more credential types may be supported in the future). Maintain the credentials as a secret! https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
-
Create a Key Vault and Storage account. Provide appropriate permissions to the resources for the Service Principal. (Contributor access to the vault and storage account only is sufficient).
Key Vault: https://docs.microsoft.com/en-us/azure/key-vault/general/overview-security
Storage: https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-portal
Configure settings
Before running LootMarshal, you must configure the settings for the server to use. These settings can be found in the lootmarshal/settings/settings.env
file.
Launch the server
❯ py .\lm.py server
INFO: Uvicorn running on https://127.0.0.1:4008 (Press CTRL+C to quit)
2020-07-09 02:56:47.217 | INFO | uvicorn.main:serve:397 - Started server process [13976]
2020-07-09 02:56:47.232 | INFO | uvicorn.lifespan.on:startup:22 - Waiting for application startup.
2020-07-09 02:56:47.232 | INFO | uvicorn.lifespan.on:startup:34 - Application startup complete.
To see what endpoints are currently exposed, you can visit https://127.0.0.1:4008/docs or https://127.0.0.1:4008/redoc to view the API.
Using the LootMarshal CLI
The documentation for the LootMarshal CLI can be found here
Built With
- FastAPI - The web framework used
- Typer - The CLI Framework used
- Pypykatz - Used for credential parsing
- Azure SDK - Azure libraries
Notes
This project is being written as a project for Dakota State University's CSC-842 Security Tool Development course and may or may not be supported in the future!
License
This project is licensed under the MIT License - see the LICENSE.md file for details