Agent Installation

The RedOps agent is made in Python 3. Currently it uses supervisor as a daemon, so only Linux support for now.

1. First of all, clone the repository git clone https://github.com/Inno-SVQ/RedOps

2. Then create a symlink to the agent folder. Supervisor needs it to find the agent. ln -s RedOps/agent /opt/RedOpsAgent

3. Install supervisor, nginx, python3 and python3-pip apt install supervisor nginx python3 python3-pip python3-dateutil tor libcurl4-openssl-dev libssl-dev nmap libcap2-bin phantomjs

4. Edit file .agent_config.

MASTER_DOMAIN -> domain/IP of the RedOps master server
ONE_THREAD -> Enable/Disable multiprocess in agent
DISABLE_MASTER_SERVER -> Don't send results to master server
LOG_WHOLE_PETITIONS -> Log all traffic between master and agent
ROOT -> Enable disable ROOT detection (Checks if process is running as root)
WORDLISTS_PATH -> Directory with wordlists for bruteforcing
SECURITYTRAILS_APIKEY -> SecurityTrails API key for use in SearchSubdomainsModule (https://securitytrails.com/)
SHODAN_APIKEY -> Shodan API key for use in SearchServicesShodan (https://www.shodan.io)

5. Install Python modules pip3 install -r requirements

6. Clone the heimdall repo and install de module. It is needed for website screenshotting.

$ git clone https://github.com/DistilledLtd/heimdall && cd heimdall && python3 setup.py install

7. Copy supervisor conf

$ cp agent/conf/redops_agent.conf /etc/supervisor/conf.d/

8. Reread supervisor conf files

$ supervisorctl reread

9. Now the agent is running. Some useful commands and files

$ supervisorctl agent status # -> Show agent status
$ supervisorctl start agent # -> Starts the agent
$ supervisorctl stop agent # -> Stops the agent

$ /opt/RedOpsAgent/logs/stderr_agent.log # -> Errors and general logs go there by default.
$ /opt/RedOpsAgent/logs/stdout_agent.log # -> Gunicorn doesn't use it but is left for debugging purposes.

10. Configure Nginx to run the webpage. Inside /etc/nginx/sites-available you need to write a config file to enable access to the agent. Take care with the comments in the next example:

server {
	listen 80;
	listen [::]:80;

	server_name example.com; # Domain of agent

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                # There are no static files, redirect to app
                try_files $uri @proxy_to_app;
                return 404; # Return 404 if file not found
        }

	keepalive_timeout 5;

	location @proxy_to_app {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header Host $http_host;
		proxy_redirect off;
		proxy_pass http://127.0.0.1:8500;
	}

}

11. Finally create a symlink to enable the site and restart nginx

$ ln -s /etc/nginx/sites-available/<agent_config_file> /etc/nginx/sites-enabled/agent.redops
$ service nginx restart

12. (Optional) To enable SYN scans as an unprivileged user run the following command (THIS CAN BE DANGEROUS!) If not set remove the enviromental variable NMAP_PRIVILEGED on the supervisor configuration.

$ sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap

Troubleshooting

1. Sometimes after install the agent does not start and supervisorctl gives the following error when starting.

root@hackathon:/opt/RedOpsAgent# supervisorctl start agent
agent: ERROR (no such process)

It usually fixes reloading supervisor

$ supervisorctl reload

2. LeakedCredentialsModule does not work

Check if Tor is running or the site if down! You can also check agent logs for possible exceptions