As a Security Engineer and prolific user of
git clone, I - like many of my peers - regularly end up in this situation:
Aka ton of cloned and created projects and no real idea whether any of them are out of date or stale. Some of these projects I clone to test one thing, then don’t use again. Others are projects I start, then never finish. And a few are projects I actually work on daily and use extensively.
This is a problem for me, especially when it comes to tracking my Red Team toolkit; red team tools come and go very quickly. That being the case, we decide to take a stab a solving this problem in Operator, since it’s designed to be a platform for simplifying and making OffSec more accessible.
Our approach to solving this problem is what we call the Toolbox plugin. If you navigate to the Plugins section, you will see an option to download Toolbox. Once you download it, it will automatically install and present you with this UI:
From here, you can simply paste in the git URL of the repositories you want to track inside of Operator. In my case, I clicked on the Install our starter kit which automatically clones in a selection of repos that we find useful:
The start kit includes:
Each repo will have a small block that lets you view various information about the repo:
Clicking on About will pop open the README for the selected repo:
Clicking on Log will pull up the commit log for the repository so you can track when the last commits were made:
But wait, how does any of this help solve the problem of out-of-date or stale repos?
The magic is “under the hood” - any time you open up the Toolbox plugin, it will automatically attempt to pull the latest commits from the current branch!
For tools that haven’t been updated recently, we will automatically append a Stale badge so you can visually see repositories as they go un-updated over time:
Our hope is that Toolbox can simplify workflows and help Red and Purple Teamers keep their preferred projects organized.
In a future version of Operator, the Toolbox plugin will actually allow you to directly host payloads from a cloned repository via the built-in API. That will simplify payload management and let users clone and host payloads rapidly, all without having