I will be ending support for this framework, and likely will start working on a new implementation for an exploit and recond framework for CI/CD. I was convinced that I had announced this already, but I guess I had not. I will remain public, so as not to break any existing implementations or integrations. Much love. spaceB0x
CIDER is a framework written in node js that aims to harness the functions necessary for exploiting Continuous Integration (CI) systems and their related infrastructure and build chain (eg. Travis-CI, Drone, Circle-CI). Most of the exploits in CIDER exploit CI build systems through open GitHub repositories via malicious Pull Requests. It is built modularly to encourage contributions, so more exploits, attack surfaces, and build chain services will be integrated in the future.
- Node JS version 8.2.1 Node is cross platform for both Windows, Linux, and OSX. NOTE: For OSX I highly recommend downloading npm and Node.js from the respective download links, instead of using brew. This can cause many frustrating problems. https://nodejs.org/en/
- Must also have the Node Package Manager installed (npm).
- A github account, with an Oauth application enabled.
- An ngrok account, which is free. You will need the authentication key from this. https://ngrok.com/
There has been effort put in to CIDER to make configuration as simple as possible. More convenience features may in future releases.
Once node has been installed traverse to the root directory of the repository. To download the necessary dependencies you must run:
npm install --save
Which should find all of the necessary dependencies listed in the package.json file. You should now be able to fire up CIDER by typing:
node index.js
You must have a GitHub account from which to launch these attacks. The idea being that your attacker account makes malicous pull requests against a target GitHub repository to test and exploit misconfigurations. Additionally you must have and OAuth application configured such that you can issue personal tokens from gitHub. CIDER will take care of generating a token for you, but the feature must be enabled in GitHub.
The login command takes two arguments. github
or ngrok
. It will then prompt you for your GitHub username and password, or your ngrok token respectively. It will store them in an encrypted manner locally and should retrieve them automatically from tha point on.
login github
NOTE: to login to gitHub after you already have a token will fail. This is because you already have a 'personal token' issued in gitHub for the CIDER service. You will have to delete that token in GitHub before running the login again. This is to prevent you from generating a billion freaking tokens by accident.
ANOTHER NOTE: There is currently a bug with the login feature. Once you enter your credentials they will only retain once you exit CIDER and open it back up again. So currently the workaround for say the ngrok login; is to first do 1.) login ngrok 2.) Enter Creds 3.) exit 4.) Reopen CIDER Working on a fix for this
This is the same as above, however you will simply be prompted for your Ngrok auth token which can be grabbed from your account.
login ngrok
Lists the help menu
Clears the screen
Lists the following items which it takes as arguments
- targets *Lists all repositories that are in the targets list. These are what the will attempt to be exploited when running and exploit.
- exploits *Lists all available exploits.
This addes a target. Takes arguments 'target' and then the target repo name. Ex add target <ownername>/<reponame>
This removes a target. Takes arguments 'target' and then the target repo name. Ex remove target <ownername>/<reponame>
Loads an exploit to be used. Ex. load <exploitname>
. Available exploits can be found by list exploits
Unloads the currently loaded exploit.
Lists info for the currently loaded exploits. Does not work if no exploit is loaded.
This takes you to the sessions menu for managing live callback sessions.
Once in the sessions menu there are only a handful of commands to run
Lists the available sessions.
This serves two purposes. If you are in the base SESSIONS menu it will return you to the CIDER menu. If you are currently in a running session, it will retrun you to the SESSIONS menu.
This selects a session shell to drop into. Takes the form select <sessionname>
.