UnleashTheCode/pimp.sh

## pimp.sh
#!/bin/bash
# ==============================================================================
# Pentest Environment Setup Script
# ==============================================================================
set -eo pipefail

# ── ZSH: Backup & Go PATH ──────────────────────────────────────────────────────
cp ~/.zshrc ~/.zshrc_copy 2>/dev/null || true

# Use escaped variables so .zshrc expands them at shell startup, not script time
grep -q 'go/bin' ~/.zshrc || echo 'export PATH="$PATH:$HOME/go/bin"' >> ~/.zshrc
export PATH="$PATH:$HOME/go/bin"

# ── Helpers ────────────────────────────────────────────────────────────────────
install_if_needed() {
  local pkg="$1"
  if ! dpkg-query -W -f='${Status}' "$pkg" 2>/dev/null | grep -q "ok installed"; then
    echo "Installing $pkg..."
    if sudo apt install -y "$pkg" > /dev/null 2>&1; then
      echo "Successfully installed $pkg."
    else
      echo "Warning: Failed to install $pkg (may not be available in repos)."
    fi
  fi
}

# Append a line to ~/.zshrc only if not already present (literal match)
zshrc_append() { grep -qF "$1" ~/.zshrc || echo "$1" >> ~/.zshrc; }

# Append a line to ~/.zsh_aliases only if not already present
alias_append() { grep -qF "$1" ~/.zsh_aliases || echo "$1" >> ~/.zsh_aliases; }

# Install a Go tool only if the binary isn't already in PATH
go_install() {
  local name="$1" pkg="$2"
  if ! command -v "$name" &>/dev/null; then
    echo "Installing $name..."
    go install -v "$pkg" > /dev/null 2>&1 \
      && echo "Successfully installed $name." \
      || echo "Warning: Failed to install $name."
  fi
}

# ── System Update ──────────────────────────────────────────────────────────────
echo "Updating system..."
sudo apt update && echo "System update successful." \
  || { echo "System update failed."; exit 1; }

# ── APT Package Installation ───────────────────────────────────────────────────
# Note: docker-ce replaces docker.io since we added Docker's official repo
# Note: jd-gui and humble are not in apt repos — install manually if needed
# Note: autorecon moved to pipx (it's a Python tool, not an apt package)
packages=(
  thefuck filezilla fzf bat rlwrap grc tig ripgrep httpie
  lsd libpcap-dev golang-go hurl jq fd-find feroxbuster
  slowhttptest terminator xsltproc ansible flameshot copyq
  peass netexec pipx
  docker.io
  autorecon humble
)

for pkg in "${packages[@]}"; do
  install_if_needed "$pkg"
done

echo "Removing unnecessary packages..."
sudo apt -y autoremove > /dev/null 2>&1 && echo "Autoremove complete." || true

# ── Docker Group ───────────────────────────────────────────────────────────────
echo "Adding $USER to docker group (re-login required)..."
sudo usermod -aG docker "$USER"

# ── Toshy (Mac-like keyboard shortcuts) ───────────────────────────────────────
if ! command -v toshy-services-status &>/dev/null; then
  echo "Installing Toshy..."
  git clone -q https://github.com/RedBearAK/Toshy.git /tmp/toshy_setup

  # The installer asks "Have you updated your system recently? [y/N]"
  # We pipe 'y' because apt update/upgrade already ran earlier in this script.
  # 'yes' is piped (not just 'echo y') to safely answer any other prompts too.
  if [ "$(id -u)" -eq 0 ] && [ -n "${SUDO_USER:-}" ]; then
    sudo -u "$SUDO_USER" bash -c \
      'cd /tmp/toshy_setup && yes | python3 setup_toshy.py install'
  else
    ( cd /tmp/toshy_setup && yes | python3 setup_toshy.py install )
  fi
  rm -rf /tmp/toshy_setup
else
  echo "Toshy is already installed, skipping."
fi

# ── Go-Based Tools ─────────────────────────────────────────────────────────────
# GO111MODULE=on is deprecated since Go 1.16 — modules are enabled by default
go_install nuclei    github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go_install katana    github.com/projectdiscovery/katana/cmd/katana@latest
go_install unfurl    github.com/tomnomnom/unfurl@latest
go_install naabu     github.com/projectdiscovery/naabu/v2/cmd/naabu@latest
go_install anew      github.com/tomnomnom/anew@latest
go_install qsreplace github.com/tomnomnom/qsreplace@latest

# ProjectDiscovery httpx — remove any conflicting apt/pip package first,
# then clear bash's cached binary path before re-checking
echo "Managing httpx installation..."
sudo apt remove -y python3-httpx httpx 2>/dev/null || true
hash -r 2>/dev/null || true
go_install httpx github.com/projectdiscovery/httpx/cmd/httpx@latest

# ── Git-Cloned Tools ───────────────────────────────────────────────────────────

# Ligolo-ng
if [ ! -d /opt/ligolo-ng ]; then
  echo "Installing Ligolo-ng..."
  sudo git clone -q https://github.com/nicocha30/ligolo-ng.git /opt/ligolo-ng
  sudo mkdir -p /opt/ligolo-ng/bin /opt/ligolo-ng/agents
  # Build in a subshell to avoid changing the script's working directory
  ( cd /opt/ligolo-ng && \
    sudo go build -o bin/server cmd/proxy/main.go && \
    sudo go build -o bin/agent  cmd/agent/main.go )
  sudo ln -sf /opt/ligolo-ng/bin/server /usr/local/bin/ligolo

  # Download pre-built cross-compiled agents
  curl -s https://api.github.com/repos/nicocha30/ligolo-ng/releases/latest \
    | grep '"browser_download_url"' \
    | grep -v '\.sig\|source' \
    | cut -d'"' -f4 \
    | sudo wget -qP /opt/ligolo-ng/agents -i -

  # Rename agents to <os>_<arch>[.ext] format
  # Bug fixed: original find was missing -name flag and mv had no directory prefix
  find /opt/ligolo-ng/agents -maxdepth 1 -name 'ligolo-ng_agent_*' | while read -r f; do
    newname=$(basename "$f" | awk -F'_' '{print $(NF-1)"_"$NF}')
    sudo mv -- "$f" "/opt/ligolo-ng/agents/$newname"
  done
fi

# Reverse SSH
if [ ! -d /opt/reverse_ssh ]; then
  echo "Installing Reverse SSH..."
  sudo git clone -q https://github.com/NHAS/reverse_ssh.git /opt/reverse_ssh
  # Pass PATH so sudo can find the go binary
  ( cd /opt/reverse_ssh && sudo env "PATH=$PATH" make )
  sudo ln -sf /opt/reverse_ssh/bin/server /usr/local/bin/reverse_ssh
fi

# duplicut
if [ ! -d /opt/duplicut ] && ! command -v duplicut &>/dev/null; then
  echo "Installing duplicut..."
  sudo git clone -q https://github.com/nil0x42/duplicut /opt/duplicut
  ( cd /opt/duplicut && sudo make )
  sudo ln -sf /opt/duplicut/duplicut /usr/local/bin/duplicut
fi

# jwt_tool
if [ ! -d /opt/jwt_tool ]; then
  echo "Installing jwt_tool..."
  sudo git clone -q https://github.com/ticarpi/jwt_tool.git /opt/jwt_tool
  sudo chmod +x /opt/jwt_tool/jwt_tool.py
  sudo ln -sf /opt/jwt_tool/jwt_tool.py /usr/local/bin/jwt_tool.py
fi

# krbrelayx (was mislabelled "Install duplicut" in original)
if [ ! -d /opt/krbrelayx ]; then
  echo "Installing krbrelayx..."
  sudo git clone -q https://github.com/dirkjanm/krbrelayx.git /opt/krbrelayx
  sudo chmod +x /opt/krbrelayx/{addspn,dnstool,krbrelayx,printerbug}.py
  for script in addspn dnstool krbrelayx printerbug; do
    sudo ln -sf "/opt/krbrelayx/${script}.py" "/usr/local/bin/${script}.py"
  done
fi

# DNSrebinder
if ! command -v dnsrebinder &>/dev/null; then
  echo "Installing DNSrebinder..."
  sudo git clone -q https://github.com/mogwailabs/DNSrebinder.git /opt/DNSrebinder
  # --break-system-packages required on Debian 12+ (externally-managed Python)
  pip3 install dnslib --break-system-packages 2>/dev/null || pip3 install dnslib
  sudo chmod +x /opt/DNSrebinder/dnsrebinder.py
  sudo ln -sf /opt/DNSrebinder/dnsrebinder.py /usr/local/bin/dnsrebinder
fi

# SSTImap
if ! command -v sstimap &>/dev/null; then
  echo "Installing SSTImap..."
  sudo git clone -q https://github.com/vladko312/SSTImap.git /opt/SSTImap
  sudo chmod +x /opt/SSTImap/sstimap.py
  sudo ln -sf /opt/SSTImap/sstimap.py /usr/local/bin/sstimap
fi

# Penelope
if ! command -v penelope &>/dev/null; then
  echo "Installing Penelope..."
  sudo git clone https://github.com/brightio/penelope.git /opt/penelope
  sudo chmod +x /opt/penelope/penelope.py
  sudo ln -sf /opt/penelope/penelope.py /usr/local/bin/penelope
fi

# ── Windows & Linux Resources ──────────────────────────────────────────────────
echo "Installing Windows resources..."
[ -d /usr/share/windows-resources/PowerSharpPack ] || \
  sudo git clone -q https://github.com/S3cur3Th1sSh1t/PowerSharpPack.git \
    /usr/share/windows-resources/PowerSharpPack

[ -d /usr/share/windows-resources/binaries/GhostPack-Binaries ] || \
  sudo git clone -q https://github.com/r3motecontrol/Ghostpack-CompiledBinaries.git \
    /usr/share/windows-resources/binaries/GhostPack-Binaries

( cd /usr/share/windows-resources && \
  curl -s https://api.github.com/repos/AlessandroZ/LaZagne/releases/latest \
    | grep '"browser_download_url".*\.exe' \
    | cut -d'"' -f4 \
    | sudo wget -qi - && \
  sudo wget -q https://raw.githubusercontent.com/61106960/adPEAS/main/adPEAS.ps1 )

echo "Installing Linux resources..."
sudo mkdir -p /usr/share/linux-resources
sudo wget -qN https://raw.githubusercontent.com/CISOfy/lynis/master/lynis \
  -P /usr/share/linux-resources/
sudo wget -qN "https://raw.githubusercontent.com/UnleashTheCode/Teddybears_Picnic/master/Teddybears_Picnic_v2.0.sh" \
  -O /usr/share/linux-resources/teddy.sh
sudo wget -qN "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" \
  -O /usr/share/linux-resources/lse.sh

# ── Uploader Directory ─────────────────────────────────────────────────────────
echo "Setting up uploader directories..."
mkdir -p ~/uploader/{windows,linux}/exploits
ln -sfn /usr/share/windows-resources ~/uploader/windows/resources
ln -sfn /usr/share/peass/winpeas      ~/uploader/windows/winpeas
ln -sfn /usr/share/linux-resources    ~/uploader/linux/resources
ln -sfn /usr/share/peass/linpeas      ~/uploader/linux/linpeas
ln -sfn /opt/ligolo-ng/agents         ~/uploader/ligolo_agents   # fixed typo: lingolo→ligolo

# ── Zsh Completions ────────────────────────────────────────────────────────────
echo "Setting up Zsh completions..."
git clone -q https://github.com/zsh-users/zsh-completions.git /tmp/zsh-completions
sudo mv /tmp/zsh-completions/src/_* /usr/share/zsh/functions/Completion/Unix/
rm -rf /tmp/zsh-completions

git clone -q https://github.com/rsherstnev/zshcompletions.git /tmp/zshcompletions
sudo mv /tmp/zshcompletions/_* /usr/share/zsh/functions/Completion/Unix/
rm -rf /tmp/zshcompletions

# ── Tool Config ────────────────────────────────────────────────────────────────
# grc
zshrc_append '[[ -s "/etc/grc.zsh" ]] && source /etc/grc.zsh'

# cht.sh
echo "Installing cht.sh..."
sudo curl -s https://cht.sh/:cht.sh -o /usr/local/bin/cht.sh
sudo chmod +x /usr/local/bin/cht.sh

# thefuck — use $() form for POSIX compatibility
zshrc_append 'eval "$(thefuck --alias)"'

# nano syntax highlighting
curl -fsSL https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh | sh

# ── Environment Variables ──────────────────────────────────────────────────────
echo "Setting environment variables..."
# Bug fixed: missing `export` on all vars; FZF line had broken single-quote nesting
zshrc_append 'export EDITOR=nano'
zshrc_append 'export FZF_DEFAULT_COMMAND=fdfind'
zshrc_append 'export dir_small=/usr/share/wordlists/dirbuster/directory-list-2.3-small.txt'
zshrc_append 'export dir_medium=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt'
zshrc_append 'export rockyou=/usr/share/wordlists/rockyou.txt'

# ── Aliases ────────────────────────────────────────────────────────────────────
echo "Updating aliases..."
touch ~/.zsh_aliases
zshrc_append 'source $HOME/.zsh_aliases'

alias_append 'alias cat="/usr/bin/batcat"'
alias_append 'alias snano="sudo nano"'
alias_append 'alias ls="lsd --icon auto -F -lh"'
alias_append 'alias ll="lsd --icon auto -F -lha"'
alias_append 'alias find="fdfind"'
alias_append "alias aptupdate='sudo apt update && sudo apt upgrade -y && sudo apt full-upgrade -y && sudo apt dist-upgrade -y && sudo apt autoremove -y'"
alias_append 'alias hurl="hURL"'
alias_append 'alias uploader="cd ~/uploader"'
alias_append 'alias serve="updog -p 80"'
alias_append 'alias nhosts="sudo $EDITOR /etc/hosts"'
alias_append 'alias nz="$EDITOR ~/.zshrc"'
alias_append 'alias xcat="docker run -it tomforbes/xcat"'
alias_append 'alias rssh="cd /opt/reverse_ssh/bin; ./server --tls --webserver --datadir /home/kali/htb/academy/rev_sever/"'
alias_append 'alias rsa_sign2n="docker run -it rsa_sign2n /bin/bash"'

# ── pipx Tools ─────────────────────────────────────────────────────────────────
echo "Setting up pipx..."
pipx ensurepath

# Bug fixed: pipx install does NOT accept multiple packages — loop required
for tool in updog shcheck arsenal-cli smbclientng autorecon; do
  pipx install "$tool" || echo "Warning: Failed to install $tool via pipx."
done

# --break-system-packages required on Debian 12+ (PEP 668 externally-managed env)
pip3 install --break-system-packages parth uro arjun 2>/dev/null \
  || pip3 install parth uro arjun


if [ ! -f ~/.config/autostart/flameshot.desktop ]; then
  cat > ~/.config/autostart/flameshot.desktop <<'EOF'
[Desktop Entry]
Type=Application
Name=Flameshot
Comment=Powerful screenshot tool
Exec=flameshot
Icon=flameshot
Hidden=false
NoDisplay=false
X-GNOME-Autostart-enabled=true
EOF
  echo "Flameshot autostart entry created."
fi

# ── Autostart & Launch: CopyQ and Flameshot ───────────────────────────────────
echo "Configuring autostart for CopyQ and Flameshot..."
mkdir -p ~/.config/autostart

# CopyQ — clipboard manager, starts as a tray icon
if [ ! -f ~/.config/autostart/copyq.desktop ]; then
  cat > ~/.config/autostart/copyq.desktop <<'EOF'
[Desktop Entry]
Type=Application
Name=CopyQ
Comment=Clipboard manager with advanced features
Exec=copyq
Icon=copyq
Hidden=false
NoDisplay=false
X-GNOME-Autostart-enabled=true
EOF
  echo "CopyQ autostart entry created."
fi

# Flameshot — screenshot tool, starts as a tray icon
# Launch immediately if a graphical session is detected (safe no-op in headless)
if [ -n "${DISPLAY:-}${WAYLAND_DISPLAY:-}" ]; then
  echo "Launching CopyQ and Flameshot..."
  pgrep -x copyq     > /dev/null || (copyq &)
  pgrep -x flameshot > /dev/null || (flameshot &)
else
  echo "No display detected — CopyQ and Flameshot will autostart on next login."
fi

echo "Setup complete. Re-login to apply Docker group, PATH changes, and Toshy services."
echo "Setup complete. Re-login to apply Docker group and PATH changes."
	#!/bin/bash
	# ==============================================================================
	# Pentest Environment Setup Script
	# ==============================================================================
	set -eo pipefail

	# ── ZSH: Backup & Go PATH ──────────────────────────────────────────────────────
	cp ~/.zshrc ~/.zshrc_copy 2>/dev/null \|\| true

	# Use escaped variables so .zshrc expands them at shell startup, not script time
	grep -q 'go/bin' ~/.zshrc \|\| echo 'export PATH="$PATH:$HOME/go/bin"' >> ~/.zshrc
	export PATH="$PATH:$HOME/go/bin"

	# ── Helpers ────────────────────────────────────────────────────────────────────
	install_if_needed() {
	local pkg="$1"
	if ! dpkg-query -W -f='${Status}' "$pkg" 2>/dev/null \| grep -q "ok installed"; then
	echo "Installing $pkg..."
	if sudo apt install -y "$pkg" > /dev/null 2>&1; then
	echo "Successfully installed $pkg."
	else
	echo "Warning: Failed to install $pkg (may not be available in repos)."
	fi
	fi
	}

	# Append a line to ~/.zshrc only if not already present (literal match)
	zshrc_append() { grep -qF "$1" ~/.zshrc \|\| echo "$1" >> ~/.zshrc; }

	# Append a line to ~/.zsh_aliases only if not already present
	alias_append() { grep -qF "$1" ~/.zsh_aliases \|\| echo "$1" >> ~/.zsh_aliases; }

	# Install a Go tool only if the binary isn't already in PATH
	go_install() {
	local name="$1" pkg="$2"
	if ! command -v "$name" &>/dev/null; then
	echo "Installing $name..."
	go install -v "$pkg" > /dev/null 2>&1 \
	&& echo "Successfully installed $name." \
	\|\| echo "Warning: Failed to install $name."
	fi
	}

	# ── System Update ──────────────────────────────────────────────────────────────
	echo "Updating system..."
	sudo apt update && echo "System update successful." \
	\|\| { echo "System update failed."; exit 1; }

	# ── APT Package Installation ───────────────────────────────────────────────────
	# Note: docker-ce replaces docker.io since we added Docker's official repo
	# Note: jd-gui and humble are not in apt repos — install manually if needed
	# Note: autorecon moved to pipx (it's a Python tool, not an apt package)
	packages=(
	thefuck filezilla fzf bat rlwrap grc tig ripgrep httpie
	lsd libpcap-dev golang-go hurl jq fd-find feroxbuster
	slowhttptest terminator xsltproc ansible flameshot copyq
	peass netexec pipx
	docker.io
	autorecon humble
	)

	for pkg in "${packages[@]}"; do
	install_if_needed "$pkg"
	done

	echo "Removing unnecessary packages..."
	sudo apt -y autoremove > /dev/null 2>&1 && echo "Autoremove complete." \|\| true

	# ── Docker Group ───────────────────────────────────────────────────────────────
	echo "Adding $USER to docker group (re-login required)..."
	sudo usermod -aG docker "$USER"

	# ── Toshy (Mac-like keyboard shortcuts) ───────────────────────────────────────
	if ! command -v toshy-services-status &>/dev/null; then
	echo "Installing Toshy..."
	git clone -q https://github.com/RedBearAK/Toshy.git /tmp/toshy_setup

	# The installer asks "Have you updated your system recently? [y/N]"
	# We pipe 'y' because apt update/upgrade already ran earlier in this script.
	# 'yes' is piped (not just 'echo y') to safely answer any other prompts too.
	if [ "$(id -u)" -eq 0 ] && [ -n "${SUDO_USER:-}" ]; then
	sudo -u "$SUDO_USER" bash -c \
	'cd /tmp/toshy_setup && yes \| python3 setup_toshy.py install'
	else
	( cd /tmp/toshy_setup && yes \| python3 setup_toshy.py install )
	fi
	rm -rf /tmp/toshy_setup
	else
	echo "Toshy is already installed, skipping."
	fi

	# ── Go-Based Tools ─────────────────────────────────────────────────────────────
	# GO111MODULE=on is deprecated since Go 1.16 — modules are enabled by default
	go_install nuclei github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
	go_install katana github.com/projectdiscovery/katana/cmd/katana@latest
	go_install unfurl github.com/tomnomnom/unfurl@latest
	go_install naabu github.com/projectdiscovery/naabu/v2/cmd/naabu@latest
	go_install anew github.com/tomnomnom/anew@latest
	go_install qsreplace github.com/tomnomnom/qsreplace@latest

	# ProjectDiscovery httpx — remove any conflicting apt/pip package first,
	# then clear bash's cached binary path before re-checking
	echo "Managing httpx installation..."
	sudo apt remove -y python3-httpx httpx 2>/dev/null \|\| true
	hash -r 2>/dev/null \|\| true
	go_install httpx github.com/projectdiscovery/httpx/cmd/httpx@latest

	# ── Git-Cloned Tools ───────────────────────────────────────────────────────────

	# Ligolo-ng
	if [ ! -d /opt/ligolo-ng ]; then
	echo "Installing Ligolo-ng..."
	sudo git clone -q https://github.com/nicocha30/ligolo-ng.git /opt/ligolo-ng
	sudo mkdir -p /opt/ligolo-ng/bin /opt/ligolo-ng/agents
	# Build in a subshell to avoid changing the script's working directory
	( cd /opt/ligolo-ng && \
	sudo go build -o bin/server cmd/proxy/main.go && \
	sudo go build -o bin/agent cmd/agent/main.go )
	sudo ln -sf /opt/ligolo-ng/bin/server /usr/local/bin/ligolo

	# Download pre-built cross-compiled agents
	curl -s https://api.github.com/repos/nicocha30/ligolo-ng/releases/latest \
	\| grep '"browser_download_url"' \
	\| grep -v '\.sig\\|source' \
	\| cut -d'"' -f4 \
	\| sudo wget -qP /opt/ligolo-ng/agents -i -

	# Rename agents to <os>_<arch>[.ext] format
	# Bug fixed: original find was missing -name flag and mv had no directory prefix
	find /opt/ligolo-ng/agents -maxdepth 1 -name 'ligolo-ng_agent_*' \| while read -r f; do
	newname=$(basename "$f" \| awk -F'_' '{print $(NF-1)"_"$NF}')
	sudo mv -- "$f" "/opt/ligolo-ng/agents/$newname"
	done
	fi

	# Reverse SSH
	if [ ! -d /opt/reverse_ssh ]; then
	echo "Installing Reverse SSH..."
	sudo git clone -q https://github.com/NHAS/reverse_ssh.git /opt/reverse_ssh
	# Pass PATH so sudo can find the go binary
	( cd /opt/reverse_ssh && sudo env "PATH=$PATH" make )
	sudo ln -sf /opt/reverse_ssh/bin/server /usr/local/bin/reverse_ssh
	fi

	# duplicut
	if [ ! -d /opt/duplicut ] && ! command -v duplicut &>/dev/null; then
	echo "Installing duplicut..."
	sudo git clone -q https://github.com/nil0x42/duplicut /opt/duplicut
	( cd /opt/duplicut && sudo make )
	sudo ln -sf /opt/duplicut/duplicut /usr/local/bin/duplicut
	fi

	# jwt_tool
	if [ ! -d /opt/jwt_tool ]; then
	echo "Installing jwt_tool..."
	sudo git clone -q https://github.com/ticarpi/jwt_tool.git /opt/jwt_tool
	sudo chmod +x /opt/jwt_tool/jwt_tool.py
	sudo ln -sf /opt/jwt_tool/jwt_tool.py /usr/local/bin/jwt_tool.py
	fi

	# krbrelayx (was mislabelled "Install duplicut" in original)
	if [ ! -d /opt/krbrelayx ]; then
	echo "Installing krbrelayx..."
	sudo git clone -q https://github.com/dirkjanm/krbrelayx.git /opt/krbrelayx
	sudo chmod +x /opt/krbrelayx/{addspn,dnstool,krbrelayx,printerbug}.py
	for script in addspn dnstool krbrelayx printerbug; do
	sudo ln -sf "/opt/krbrelayx/${script}.py" "/usr/local/bin/${script}.py"
	done
	fi

	# DNSrebinder
	if ! command -v dnsrebinder &>/dev/null; then
	echo "Installing DNSrebinder..."
	sudo git clone -q https://github.com/mogwailabs/DNSrebinder.git /opt/DNSrebinder
	# --break-system-packages required on Debian 12+ (externally-managed Python)
	pip3 install dnslib --break-system-packages 2>/dev/null \|\| pip3 install dnslib
	sudo chmod +x /opt/DNSrebinder/dnsrebinder.py
	sudo ln -sf /opt/DNSrebinder/dnsrebinder.py /usr/local/bin/dnsrebinder
	fi

	# SSTImap
	if ! command -v sstimap &>/dev/null; then
	echo "Installing SSTImap..."
	sudo git clone -q https://github.com/vladko312/SSTImap.git /opt/SSTImap
	sudo chmod +x /opt/SSTImap/sstimap.py
	sudo ln -sf /opt/SSTImap/sstimap.py /usr/local/bin/sstimap
	fi

	# Penelope
	if ! command -v penelope &>/dev/null; then
	echo "Installing Penelope..."
	sudo git clone https://github.com/brightio/penelope.git /opt/penelope
	sudo chmod +x /opt/penelope/penelope.py
	sudo ln -sf /opt/penelope/penelope.py /usr/local/bin/penelope
	fi

	# ── Windows & Linux Resources ──────────────────────────────────────────────────
	echo "Installing Windows resources..."
	[ -d /usr/share/windows-resources/PowerSharpPack ] \|\| \
	sudo git clone -q https://github.com/S3cur3Th1sSh1t/PowerSharpPack.git \
	/usr/share/windows-resources/PowerSharpPack

	[ -d /usr/share/windows-resources/binaries/GhostPack-Binaries ] \|\| \
	sudo git clone -q https://github.com/r3motecontrol/Ghostpack-CompiledBinaries.git \
	/usr/share/windows-resources/binaries/GhostPack-Binaries

	( cd /usr/share/windows-resources && \
	curl -s https://api.github.com/repos/AlessandroZ/LaZagne/releases/latest \
	\| grep '"browser_download_url".*\.exe' \
	\| cut -d'"' -f4 \
	\| sudo wget -qi - && \
	sudo wget -q https://raw.githubusercontent.com/61106960/adPEAS/main/adPEAS.ps1 )

	echo "Installing Linux resources..."
	sudo mkdir -p /usr/share/linux-resources
	sudo wget -qN https://raw.githubusercontent.com/CISOfy/lynis/master/lynis \
	-P /usr/share/linux-resources/
	sudo wget -qN "https://raw.githubusercontent.com/UnleashTheCode/Teddybears_Picnic/master/Teddybears_Picnic_v2.0.sh" \
	-O /usr/share/linux-resources/teddy.sh
	sudo wget -qN "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" \
	-O /usr/share/linux-resources/lse.sh

	# ── Uploader Directory ─────────────────────────────────────────────────────────
	echo "Setting up uploader directories..."
	mkdir -p ~/uploader/{windows,linux}/exploits
	ln -sfn /usr/share/windows-resources ~/uploader/windows/resources
	ln -sfn /usr/share/peass/winpeas ~/uploader/windows/winpeas
	ln -sfn /usr/share/linux-resources ~/uploader/linux/resources
	ln -sfn /usr/share/peass/linpeas ~/uploader/linux/linpeas
	ln -sfn /opt/ligolo-ng/agents ~/uploader/ligolo_agents # fixed typo: lingolo→ligolo

	# ── Zsh Completions ────────────────────────────────────────────────────────────
	echo "Setting up Zsh completions..."
	git clone -q https://github.com/zsh-users/zsh-completions.git /tmp/zsh-completions
	sudo mv /tmp/zsh-completions/src/_* /usr/share/zsh/functions/Completion/Unix/
	rm -rf /tmp/zsh-completions

	git clone -q https://github.com/rsherstnev/zshcompletions.git /tmp/zshcompletions
	sudo mv /tmp/zshcompletions/_* /usr/share/zsh/functions/Completion/Unix/
	rm -rf /tmp/zshcompletions

	# ── Tool Config ────────────────────────────────────────────────────────────────
	# grc
	zshrc_append '[[ -s "/etc/grc.zsh" ]] && source /etc/grc.zsh'

	# cht.sh
	echo "Installing cht.sh..."
	sudo curl -s https://cht.sh/:cht.sh -o /usr/local/bin/cht.sh
	sudo chmod +x /usr/local/bin/cht.sh

	# thefuck — use $() form for POSIX compatibility
	zshrc_append 'eval "$(thefuck --alias)"'

	# nano syntax highlighting
	curl -fsSL https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh \| sh

	# ── Environment Variables ──────────────────────────────────────────────────────
	echo "Setting environment variables..."
	# Bug fixed: missing `export` on all vars; FZF line had broken single-quote nesting
	zshrc_append 'export EDITOR=nano'
	zshrc_append 'export FZF_DEFAULT_COMMAND=fdfind'
	zshrc_append 'export dir_small=/usr/share/wordlists/dirbuster/directory-list-2.3-small.txt'
	zshrc_append 'export dir_medium=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt'
	zshrc_append 'export rockyou=/usr/share/wordlists/rockyou.txt'

	# ── Aliases ────────────────────────────────────────────────────────────────────
	echo "Updating aliases..."
	touch ~/.zsh_aliases
	zshrc_append 'source $HOME/.zsh_aliases'

	alias_append 'alias cat="/usr/bin/batcat"'
	alias_append 'alias snano="sudo nano"'
	alias_append 'alias ls="lsd --icon auto -F -lh"'
	alias_append 'alias ll="lsd --icon auto -F -lha"'
	alias_append 'alias find="fdfind"'
	alias_append "alias aptupdate='sudo apt update && sudo apt upgrade -y && sudo apt full-upgrade -y && sudo apt dist-upgrade -y && sudo apt autoremove -y'"
	alias_append 'alias hurl="hURL"'
	alias_append 'alias uploader="cd ~/uploader"'
	alias_append 'alias serve="updog -p 80"'
	alias_append 'alias nhosts="sudo $EDITOR /etc/hosts"'
	alias_append 'alias nz="$EDITOR ~/.zshrc"'
	alias_append 'alias xcat="docker run -it tomforbes/xcat"'
	alias_append 'alias rssh="cd /opt/reverse_ssh/bin; ./server --tls --webserver --datadir /home/kali/htb/academy/rev_sever/"'
	alias_append 'alias rsa_sign2n="docker run -it rsa_sign2n /bin/bash"'

	# ── pipx Tools ─────────────────────────────────────────────────────────────────
	echo "Setting up pipx..."
	pipx ensurepath

	# Bug fixed: pipx install does NOT accept multiple packages — loop required
	for tool in updog shcheck arsenal-cli smbclientng autorecon; do
	pipx install "$tool" \|\| echo "Warning: Failed to install $tool via pipx."
	done

	# --break-system-packages required on Debian 12+ (PEP 668 externally-managed env)
	pip3 install --break-system-packages parth uro arjun 2>/dev/null \
	\|\| pip3 install parth uro arjun


	if [ ! -f ~/.config/autostart/flameshot.desktop ]; then
	cat > ~/.config/autostart/flameshot.desktop <<'EOF'
	[Desktop Entry]
	Type=Application
	Name=Flameshot
	Comment=Powerful screenshot tool
	Exec=flameshot
	Icon=flameshot
	Hidden=false
	NoDisplay=false
	X-GNOME-Autostart-enabled=true
	EOF
	echo "Flameshot autostart entry created."
	fi

	# ── Autostart & Launch: CopyQ and Flameshot ───────────────────────────────────
	echo "Configuring autostart for CopyQ and Flameshot..."
	mkdir -p ~/.config/autostart

	# CopyQ — clipboard manager, starts as a tray icon
	if [ ! -f ~/.config/autostart/copyq.desktop ]; then
	cat > ~/.config/autostart/copyq.desktop <<'EOF'
	[Desktop Entry]
	Type=Application
	Name=CopyQ
	Comment=Clipboard manager with advanced features
	Exec=copyq
	Icon=copyq
	Hidden=false
	NoDisplay=false
	X-GNOME-Autostart-enabled=true
	EOF
	echo "CopyQ autostart entry created."
	fi

	# Flameshot — screenshot tool, starts as a tray icon
	# Launch immediately if a graphical session is detected (safe no-op in headless)
	if [ -n "${DISPLAY:-}${WAYLAND_DISPLAY:-}" ]; then
	echo "Launching CopyQ and Flameshot..."
	pgrep -x copyq > /dev/null \|\| (copyq &)
	pgrep -x flameshot > /dev/null \|\| (flameshot &)
	else
	echo "No display detected — CopyQ and Flameshot will autostart on next login."
	fi

	echo "Setup complete. Re-login to apply Docker group, PATH changes, and Toshy services."
	echo "Setup complete. Re-login to apply Docker group and PATH changes."
No results found