The Demon Pentest Shell

The Demon Pentest Shell project started out of necessity. See, when you are doing a penetration test, or red/purple/blue team engagement, your logs need to be very precise. In these engagements, your goal is to test the effectiveness of the security controls that the client has put into place. If any gaps are discovered, you client will often need exact timestamps, host information, and the commands used to ensure that the security controls (or, at least, monitoring) are tweaked or updated appropriately.

Figure 0x0: The log stats.

This is where DPS comes into the picture. The logs of my shell are incredibly informative. A CSV file is generated for each new day the shell is used in the ~/.dps directory. These CSV log files have the following fields,

  • When;
  • Host;
  • Network;
  • Who;
  • Where; and
  • What

The shell is far from perfect when compared to today’s standard shells. For instance, it does have a lot of auto-complete bugs. But it also has a lot of cool unique features, such as built-in custom commands, custom themes, etc.