CommandoVM : Complete Mandiant Offensive VM (Commando VM), The First Full Windows-Based Penetration Testing Virtual Machine Distribution

Welcome to CommandoVM – a fully customized, Windows-based security distribution for penetration testing and red teaming.

Installation (Install Script)

Requirements

Windows 7 Service Pack 1 or Windows 10
60 GB Hard Drive
2 GB RAM

Recommended

Windows 10
80+ GB Hard Drive
4+ GB RAM
2 network adapters
Enable Virtualization support for VM

Instructions

Create and configure a new Windows Virtual Machine

Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain
Take a snapshot of your machine!
Download and copy install.ps1 on your newly configured machine.
Open PowerShell as an Administrator
Enable script execution by running the following command:
- Set-ExecutionPolicy Unrestricted
Finally, execute the installer script as follows:
- .\install.ps1
- You can also pass your password as an argument: .\install.ps1 -password <password>

The script will set up the Boxstarter environment and proceed to download and install the Commando VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.

Installing a new package

Commando VM uses the Chocolatey Windows package manager. It is easy to install a new package. For example, enter the following command as Administrator to deploy Github Desktop on your system:

cinst github

Staying up to date

Type the following command to update all of the packages to the most recent version:

cup all

Also Read – Whonix : Privacy Protection, Anonymity Online, Anonymous Operating System

Installed Tools

Active Directory Tools

Remote Server Administration Tools (RSAT)
SQL Server Command Line Utilities
Sysinternals

Command & Control

Covenant
PoshC2
WMImplant
WMIOps

Developer Tools

Dep
Git
Go
Java
Python 2
Python 3 (default)
Ruby
Ruby Devkit
Visual Studio 2017 Build Tools (Windows 10)
Visual Studio Code

Evasion

CheckPlease
Demiguise
DefenderCheck
DotNetToJScript
Invoke-CradleCrafter
Invoke-DOSfuscation
Invoke-Obfuscation
Invoke-Phant0m
Not PowerShell (nps)
PS>Attack
PSAmsi
Pafishmacro
PowerLessShell
PowerShdll
StarFighters

Exploitation

ADAPE-Script
API Monitor
CrackMapExec
CrackMapExecWin
DAMP
EvilClippy
Exchange-AD-Privesc
FuzzySec’s PowerShell-Suite
FuzzySec’s Sharp-Suite
Generate-Macro
GhostPack
- Rubeus
- SafetyKatz
- Seatbelt
- SharpDPAPI
- SharpDump
- SharpRoast
- SharpUp
- SharpWMI
GoFetch
Impacket
Invoke-ACLPwn
Invoke-DCOM
Invoke-PSImage
Invoke-PowerThIEf
Juicy Potato
Kali Binaries for Windows
LuckyStrike
MetaTwin
Metasploit
Mr. Unikod3r’s RedTeamPowershellScripts
NetshHelperBeacon
Nishang
Orca
PSReflect
PowerLurk
PowerPriv
PowerSploit
PowerUpSQL
PrivExchange
RottenPotatoNG
Ruler
SharpClipHistory
SharpExchangePriv
SharpExec
SpoolSample
SharpSploit
UACME
impacket-examples-windows
vssown
Vulcan