FireBuster - Egress testing with PowerShell

Just behind auto-gpppassword.ps1, I wrote a standalone PowerShell script for egress testing. I know there are similar tools out there. For example,

However, the scripts I have identified thus far rely on a programming language that may not exist by default within a Windows environment. Yes, Dave’s egressbuster comes with a executable version of the python script. But, what if there is a restriction on running .exe?

These were the main reasons why I thought I will write something in PowerShell, and of course I it will only help me better understand PowerShell more.

Introducing..

FireBuster

Firebuster is a small PowerShell script that will try and connect to the listening server of your choice through the port range you have provided.

Usage:

.\FireBuster.ps1 <ipaddress-of-listening-server> <port-range> 1
.\FireBuster.ps1 <ipaddress-of-listening-server> <port-range>

Example:

.\FireBuster.ps1 192.168.193.130 3000-3010 1
.\FireBuster.ps1 192.168.193.130 3000-3010

Supported Protocols

  • TCP – Supported in v1.0
  • UDP (TBA)
  • HTTP (TBA)

Download Link (Github): https://github.com/roo7break/PowerShell-Scripts/

FireListener

Since, I wrote FireBuster in PowerShell it would only make sense to try and implement a listening server using PowerShell. To be honest, I was gonna just rely on Dave’s egresslistening script. But after having a conversation with Nikhil Mittal (@nikhilmitt) he suggested I write the listener in PowerShell too.

Unlike FireBuster, the listening wasn’t easy as PowerShell isnt that flexible with multi threading (or to put it in another way, I found very hard). So, I would say FireListener is not stable, but works.

I would also urge you not to run more than 10 ports at the same time. For some reason I am not aware of, the memory consumption shoots up with each background process (each port is a separate process).

Changelog:

  • 0.2 Improvements
    • Ctrl+C supported
    • Hides job info when starting

Thanks to Nikhil Mittal (@nikhil_mitt) for sorting out some of the issues encountered in v0.1.

  • 0.1 First release

Usage: .\FireListener.ps1 <port-range-to-listen-on> 1
.\FireListener.ps1 <port-range-to-listen-on>

By default FireListener will bind to 0.0.0.0.

Example .\FireListener.ps1 3000-3010 1
.\FireListener.ps1 3000-3010

Supported Protocols

  • TCP – Supported in v0.1
  • UDP (TBA)
  • HTTP (TBA)

Issues that need to be resolved

  • Once client data is received over a port, the open socket closes.
  • Start-Job information that is being displayed needs to be hidden
  • Memory consumption to be reduced.

I am also including a Python based listener that you can run on your listening server.

pyfirelistener

This is a python implementation of FireListener.

Usage: python pyfirelistener.py 4000 4010 1 python pyfirelistener.py 4000 4010

Supported Protocols

  • TCP – Supported in v1.0
  • UDP (TBA)
  • HTTP (TBA)

Credits

Kudos to the following people who inspired me to get into PowerShell and provided information which helped me during scripting:

Other resources