INSTALLING & RUNNING
====================

Installing and running Maligno is straight forward:


1. Installation

install.sh will take care of missing dependencies (internet connection required) and the generation
of a self-signed certificate for SSL/TLS support.

./install.sh

You should follow the instructions presented on the screen.
Do not forget to update your server configuration if you want to enable SSL/TLS support.
If SSL/TLS is disabled, the certificate configuration will have no effect.


2. Configure the server

You should configure server_config.xml with the values that fit your pentest scenario.
Also, you should configure a profile that will be applied to the client & server behavior.

Check server_config.explained and ./profiles/profile.explained for more information.


3. Run Maligno server

Maligno server can be started with a simple command:

python maligno_srv.py

The server will parse the configuration files, generate shellcode, generate resource files and wait for connections.


4. Generate a client

Using clientgen.py, you will be able to generate a set of clients that fits your server configuration.
The tool expects one parameter:

- Maligno server configuration file

python clientgen.py -f server_config.xml

You should find the client code in the "clients" folder.
This folder should contain one file per configured payload, including its payload ID.

The client code file should be ready for use.
The client should run either directly with python or in binary form (PyInstaller).

If you use PyInstaller, make sure that you don't generate 64-bit binaries with 32-bit shellcode.


5. Metasploit handler

You should start msfconsole with the resource files generated by Maligno, based on your configuration.

msfconsole -r 0_standard_reverse_tcp_192.168.0.2_4444.rc


6. Start getting shells and/or training your NSM people :-)
