Introduction
In the fast-paced arena of cybersecurity, Exegol is rapidly making a name for itself. This tool, developed primarily by @nwodtuhs and @Dramelac, can be found on GitHub (https://github.com/ThePorgs/Exegol). It is a platform that sets itself apart with a Docker-based hacking environment, offering a sophisticated, yet user-friendly, solution for today’s cybersecurity challenges. As cyber threats become more complex, Exegol presents itself as an adaptable and efficient tool, perfectly suited for the ever-changing cybersecurity landscape. Cybersecurity is a field where threats and defences are in a constant state of flux. Exegol steps in to fill these gaps, offering comprehensive capabilities combined with the agility needed by offensive security professionals.
Exegol’s Distinctive Approach
Exegol sets itself apart in the cybersecurity landscape primarily through its innovative use of Docker technology. To do so, Exegol offers to ability to create isolated, and highly reproducible environments, tailored for an array of penetration testing and cybersecurity tasks. The significance of this lies in the consistency it offers – a cornerstone in effective security testing. By using Docker containers, Exegol ensures that each environment is a standalone ecosystem, free from the discrepancies that often plague different systems.
This uniformity provides a common testing ground that is predictable and reliable. This is a feature that is especially beneficial when comparing results across various platforms (with different OS, CPU architecture), or when multiple testers are involved.
For both testers and clients, the uniformity provided by Exegol translates into a shared platform of understanding. It enables replicating security scenarios in a controlled manner, ensuring consistent reproduction and examination of any identified vulnerabilities or security flaws. This aspect is particularly crucial in validating security measures and verifying the effectiveness of patches or updates.
Core Features and Advantages of Exegol
Simplified Operations and Versatile Tools
The Python wrapper is central to Exegol as it simplifies the Docker and git operations, streamlining the user experience. This interface streamlines the process by enabling easy setup, creation, usage, and management of client-specific containers. Users can customize this individual container with a multitude of options.
Figure 1 Starting an Exegol container for pentesting
The wrapper is coupled with Docker images that come pre-loaded with a broad range of tools, up to 368 at the time of writing (https://exegol.readthedocs.io/en/latest/exegol-image/tools.html#tools-list) and configurations, ready for immediate deployment in diverse cybersecurity scenarios. Exegol includes the following pre-existing Docker images: Web, OSINT, light, full, and Nightly, with each customized for a specific task.Exegol also supports tools with a user interface (UI) by using X11 sharing, which allows the use of applications such as BurpSuite, Bloodhound, Wireshark, among others. Although MacOS somewhat compromises this functionality, Exegol offers a workaround by implementing a remote desktop alternative using VNC.
Exegol is not just about powerful tools; it’s also about ease of use. In this regard, Exegol provides a suite of shortcuts to help professionals in their daily jobs:
| Shortcut | Description |
| ctrl+q | The shortcut can be used to save the half-typed command, look for another value, and then finish the first command. |
| ctrl + r | Look for something in the history |
| ctrl + t | Look for a file or directory with a fuzzy finder |
Figure 2 Quick search and select in the history of command
Customization
Customization sits at the core of Exegol design, catering to the specific needs of cybersecurity professionals who often require the integration of the latest or custom-built tools into their toolkit. Exegol addresses this need by offering a flexible customization framework. Users can easily tailor the platform’s pre-configured Docker images to fit their unique requirements. This streamlined and user-friendly customization process empowers professionals to modify the existing Docker and script files effortlessly. Professionals can easily add or remove lines, enabling the seamless integration of new tools or exclusion of unnecessary ones. Each Exegol environment is therefore precisely equipped for the task at hand.
Furthermore, Exegol demonstrates a commitment to long-term sustainability and reliability. To achieve this, Exegol incorporates a robust CI/CD (Continuous Integration/Continuous Deployment) pipeline alongside comprehensive documentation. This integration is a strategic move that empowers users to not only build upon the existing framework of Exegol, but also to ensure that all tools and their dependencies function as intended.
Figure 3 CICD Tests confirming that the tools function correctly. Although the ones demonstrated are simple, they serve as an initial defense against a flawed environment.
This approach significantly advances over traditional virtualized environments, like those based on Kali Linux, which can sometimes encounter broken or incompatible environments due to untested updates or modifications.
Figure 4 Yes yes we could use VENV, but we have Exegol now
Customization Options in Exegol
The CI/CD pipeline in Exegol plays a critical role in maintaining the platform’s stability and reliability. It continuously tests the tools and their interactions within the Exegol environment, thereby minimizing the risk of encountering broken functionalities or compatibility issues. This ongoing testing and development process means Exegol users can confidently customize their environments, knowing that it maintains the integrity and performance of their tools. However, it’s important to note that these tests exclusively execute through GitHub actions; local changes will not undergo testing. Exegol’s documentation offers guidance on how to make changes, test them via CI/CD, and, if necessary, create a pull request. (https://exegol.readthedocs.io/en/latest/community/maintainers.html).
Alternatively, Exegol offers a method to customize existing containers through the « My resource » feature. This functionality is based on a straightforward shared volume between the host and all Exegol containers, along with a sophisticated integration within the Exegol images themselves. This feature supports all the following customization:
- apt (packages, sources, keys)
- bloodhound (customqueries, config)
- firefox (addons, CA)
- python3 (pip3)
- tmux (conf)
- vim (vimrc, configs)
- neovim (.config/nvim)
- zsh (aliases, zshrc, history)
Accountability, Reproducibility and Trust
Exegol can meticulously log every action, providing a comprehensive record for review and auditing. This feature is invaluable for transparency and compliance, offering a detailed audit trail of the testing process.
Moreover, Exegol guarantees reproducible testing environments, an essential feature for accurate and consistent results. This consistency is key in building trust between pentesters and clients, as it allows for the verification of findings and a deeper understanding of vulnerabilities.
Limitations of Exegol
Finally, Exegol lacks a true solution regarding the handling of professional tools such as Burp Suite. Currently, Exegol allows for the use of the community edition. The professional edition on the other hand is possible by providing the key in the resource, but this key will be activated at the creation of every new container, messing with the key usage. Until a real solution is implemented, the only option is to rely on a classical desktop installation of Burp on your host, side by side with Exegol.
For Mac users, the need to rely on VNC remote desktop is a downside. However, this limitation seems out of the Exegol developer’s control, as this issue originates from XQuartz.
The second limitation relates to the Docker network configuration. We observed instances where a client’s network utilizes the 172.17.0.0 IP range. This overlap with Docker’s default network range can interfere with the testing process, as it inadvertently redirects network traffic to the Docker network instead of the intended client’s network. To address this issue, we recommend altering Docker’s default IP range. This can be done by modifying the /etc/docker/daemon.json file, allowing for a smooth and uninterrupted testing experience on Exegol. Such a change ensures that the network configurations do not conflict with the containers, thereby maintaining the integrity of the testing environment.
Finally, the size of the default images might be a concern for some users, as such tools are often deployed in Virtual Machine within the clients’ internal networks. However, this is easily manageable by creating and using custom images tailored to specific needs, thereby optimizing size and content.
Conclusion
Exegol marks a significant step forward in penetration testing and cybersecurity. It sets a new benchmark with its combination of reproducibility, customization, and user-friendly features. As cybersecurity threats grow in complexity, Exegol emerges as a vital tool for professionals looking to enhance their security tools and procedures.
Sources
https://github.com/ThePorgs/Exegol
https://exegol.readthedocs.io/en/latest/
