Home
Post exploitation is large part of a red team engagement. While many organizations begin to mature and start to deploy a wide range of sophisticated Endpoint Detection & Response (EDR) solutions onto their networks, it requires us as attackers to also mature. We need to upgrade our arsenal to give us the capabilities to successfully operate on advanced networks. This is why shad0w was built.
shad0w is a post exploitation framework that is designed to operate covertly on advanced networks, providing the operator with much greater control over their engagements. In the future, I will be working on implementing a teamserver and GUI clients along with some cool new features.
If you want to help with the development, feel free to make pull requests or DM me on twitter @batsec or on Discord at the Porchetta Industries server on the shad0w channel.
shad0w is designed to be ran inside of Docker. This will make life easier for the operator as it has some very specific dependencies which are required for it to function correctly.
apt install -y docker.io
systemctl enable docker --now
docker
In order for certain modules and scripts to run, shad0w must be installed in the /root/ directory.
cd /root/
git clone --recurse-submodules https://github.com/bats3c/shad0w.git
cd shad0w
./shad0w install
It takes about 10 minutes to build the Docker container.
Once the build is finished, you will be able to use the shad0w command. This command should be used to launch shad0w rather than running it manually via Docker.
shad0w --help
usage: shad0w [-h] {listen,beacon,update} ...
positional arguments:
{listen,beacon,update}
shad0w C2 functions
listen Tell shad0w to listen for connections
beacon Tell shad0w to create a beacon
update Update shad0w
optional arguments:
-h, --help show this help message and exit