Progress update on weaponized chatbot (2017-08-21)


(Full Snack Developer) #1

For those of you following Legobot’s progress, here’s a quick update:

Version 1.1.3 was released today. See changelog below.

@Nitrax and @zSec have jumped in and been a tremendous help lately. We’ve pushed through a few bugs, tightened up the core a bit, and the guys have started work on expanding my nmap lego into a full-blown net-tools package.

@pry0cc and friends have started a great discussion in an issue on the repo about how to even do chatops for attackers while @sprtn has provided good insight into how current tools work, what would be valuable to integrate, and how he does his work.

Roadmap (in no particular order):

  • Discord integration
  • Get to 0.1.0 on the nettools plugin
  • Brainstorm on additional offensive plugins, perhaps with things like sqlmap
  • Improve documentation and get docs hosted on ReadTheDocs
  • Build multi-protocol chat bridge

If you have ides or want to help, let me know!

(Command-Line Ninja) #2

I would suggest that a module capable of detecting web apps and their versions could be priceless. Something that is very basic to do from a human standpoint, but is fairly difficult to automate.

Being able to detect web apps and versions, you could automatically load up exploits for unpatched versions of the software. Passive shodan scans are possible as well.

I think it would be good to focus mostly on recon. Once we have a solid recon platform in chatops, we can move onto the next steps.


I just got little notice about this project during my absence the last few days. Awesome stuff!
Good job @ all the involved !

I’m in with what @pry0cc says.
If we just take the Intrusion kill chain as an example: Recon comes first. Always.
Weaponize is second :slight_smile:

I’d love to help but I ain’t much of a coder :smiley:


@ricksanchez I’m not a coder as well, but this is the reason why I started learning python. And already with 1 hour of python experience I was able to write a module.

Of course I couldn’t do it without the help of our extremely talented people like @fraq and @Nitrax (thanks again guys!), but I bet you will be able to create something awesome as well.

Just try it, you only can learn from this and this is a really terrific project! :slight_smile:

(Not a N00b, but still learning) #5

Idk if this still works, but it could be a start

(Full Snack Developer) #6

Good find! I’ll take a look at this and see if it’s something we can use. I think it will be.