Initial commit: AI agents + infosec installer scripts for Termux

Adds two standalone setup scripts: - install-ai-agents.sh: Claude Code, Gemini CLI, GitHub Copilot CLI, Aider - install-infosec.sh: categorized pentesting/infosec tools (recon, web, network, passwords, forensics, reversing, utils) with SecLists wordlist fetch
2026-02-22 20:21:38 +01:00
commit e3438d2cc4
2 changed files with 661 additions and 0 deletions
--- a/install-infosec.sh
+++ b/install-infosec.sh
@@ -0,0 +1,389 @@
+#!/usr/bin/env bash
+# =============================================================================
+# pimp-my-termux — Infosec / Pentesting Tools Installer
+# For security researchers on Termux/Android
+#
+# Usage:
+#   bash install-infosec.sh
+#   bash install-infosec.sh --skip-update
+#   bash install-infosec.sh --category recon     # install one category only
+#
+# Categories: recon | web | network | passwords | forensics | reversing | utils
+# =============================================================================
+
+# --- Colors ------------------------------------------------------------------
+R='\033[0;31m'  G='\033[0;32m'  Y='\033[1;33m'
+B='\033[0;34m'  C='\033[0;36m'  M='\033[0;35m'
+BOLD='\033[1m'  DIM='\033[2m'   NC='\033[0m'
+
+info()    { echo -e "${C}[·]${NC} $*"; }
+success() { echo -e "${G}[✓]${NC} $*"; }
+warn()    { echo -e "${Y}[!]${NC} $*"; }
+error()   { echo -e "${R}[✗]${NC} $*"; }
+header()  { echo -e "\n${BOLD}${B}━━━ $* ${NC}"; }
+note()    { echo -e "    ${DIM}$*${NC}"; }
+skip()    { echo -e "  ${DIM}[–] $* (already installed)${NC}"; }
+
+FAILED=()
+SKIP_UPDATE=false
+ONLY_CATEGORY=""
+
+for arg in "$@"; do
+  [[ "$arg" == "--skip-update" ]] && SKIP_UPDATE=true
+  [[ "$arg" == "--category" ]]   && shift && ONLY_CATEGORY="$1"
+done
+
+# --- Termux guard ------------------------------------------------------------
+[[ -z "${PREFIX:-}" || ! -d "/data/data/com.termux" ]] && {
+  error "Must be run inside Termux on Android."; exit 1; }
+
+# --- Banner ------------------------------------------------------------------
+echo -e "${R}${BOLD}"
+echo "  ╔═════════════════════════════════════════════╗"
+echo "  ║     pimp-my-termux · Infosec Edition        ║"
+echo "  ║  Recon · Web · Network · Pwn · Forensics    ║"
+echo "  ╚═════════════════════════════════════════════╝"
+echo -e "${NC}"
+echo -e "  ${DIM}For authorized security research and CTF use only.${NC}\n"
+
+# --- Helpers -----------------------------------------------------------------
+run_category() {
+  local cat="$1"
+  [[ -n "$ONLY_CATEGORY" && "$ONLY_CATEGORY" != "$cat" ]] && return
+}
+
+pkg_install() {
+  # Install a pkg package; skip gracefully if already present
+  local pkg="$1"
+  local label="${2:-$pkg}"
+  if pkg list-installed 2>/dev/null | grep -q "^${pkg}/"; then
+    skip "$label"
+  else
+    info "Installing $label…"
+    if pkg install -y "$pkg" 2>/dev/null; then
+      success "$label"
+    else
+      error "$label — pkg install failed"
+      FAILED+=("$label")
+    fi
+  fi
+}
+
+pip_install() {
+  local pkg="$1"
+  local label="${2:-$pkg}"
+  info "pip: $label…"
+  if python -m pip install --upgrade --quiet "$pkg"; then
+    success "$label"
+  else
+    error "$label — pip install failed"
+    FAILED+=("$label")
+  fi
+}
+
+go_install() {
+  local module="$1"
+  local binary="$2"
+  local label="${3:-$binary}"
+  if command -v "$binary" &>/dev/null; then
+    skip "$label"
+    return
+  fi
+  info "go install: $label…"
+  if go install "$module" 2>/dev/null; then
+    success "$label"
+  else
+    error "$label — go install failed"
+    FAILED+=("$label")
+  fi
+}
+
+# --- Update ------------------------------------------------------------------
+if ! $SKIP_UPDATE; then
+  header "Package Update"
+  pkg update -y && pkg upgrade -y
+  success "Packages up to date"
+fi
+
+# --- Base dependencies -------------------------------------------------------
+header "Base Dependencies"
+pkg_install python         "Python 3"
+pkg_install golang         "Go (for Go-based tools)"
+pkg_install git            "git"
+pkg_install curl           "curl"
+pkg_install wget           "wget"
+pkg_install openssl-tool   "openssl"
+pkg_install libssl         "libssl"
+
+python -m pip install --upgrade pip --quiet
+success "pip up to date"
+
+# =============================================================================
+# CATEGORY 1 — RECONNAISSANCE
+# =============================================================================
+if run_category recon; then
+header "Reconnaissance"
+
+pkg_install nmap           "nmap (port scanner)"
+pkg_install whois          "whois"
+pkg_install dnsutils       "dig / nslookup"
+pkg_install traceroute     "traceroute"
+pkg_install mtr            "mtr (traceroute + ping)"
+pkg_install masscan        "masscan (fast port scanner)"
+
+# theHarvester — OSINT / email & subdomain harvester
+pip_install theHarvester   "theHarvester (OSINT harvester)"
+
+# Shodan CLI
+pip_install shodan         "shodan-cli"
+note "shodan init <YOUR_API_KEY>   →   https://account.shodan.io"
+
+# subfinder — subdomain discovery (Go)
+go_install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest \
+           subfinder       "subfinder (subdomain enum)"
+
+# httpx — fast HTTP prober (Go)
+go_install github.com/projectdiscovery/httpx/cmd/httpx@latest \
+           httpx           "httpx (HTTP prober)"
+
+# dnsx — DNS toolkit (Go)
+go_install github.com/projectdiscovery/dnsx/cmd/dnsx@latest \
+           dnsx            "dnsx (DNS recon)"
+
+# amass — in-depth attack surface mapper (Go)
+go_install github.com/owasp-amass/amass/v4/...@master \
+           amass           "amass (attack surface mapper)"
+
+fi  # recon
+
+# =============================================================================
+# CATEGORY 2 — WEB TESTING
+# =============================================================================
+if run_category web; then
+header "Web Testing"
+
+pkg_install nikto          "nikto (web vuln scanner)"
+pkg_install sqlmap         "sqlmap (SQL injection)"
+
+# httpie — user-friendly curl alternative
+pip_install httpie         "httpie (http client)"
+
+# ffuf — web fuzzer (Go)
+go_install github.com/ffuf/ffuf/v2@latest \
+           ffuf            "ffuf (web fuzzer)"
+
+# gobuster — dir/subdomain brute force (Go)
+go_install github.com/OJ/gobuster/v3@latest \
+           gobuster        "gobuster (dir/sub brute force)"
+
+# nuclei — template-based vulnerability scanner (Go)
+go_install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest \
+           nuclei          "nuclei (vuln scanner)"
+note "nuclei -update-templates   ← run after install"
+
+# wfuzz — web fuzzer (Python)
+pip_install wfuzz          "wfuzz (web fuzzer)"
+
+# jwt-tool — JWT attack toolkit
+pip_install jwt_tool        "jwt-tool (JWT attacks)"
+
+fi  # web
+
+# =============================================================================
+# CATEGORY 3 — NETWORK
+# =============================================================================
+if run_category network; then
+header "Network Tools"
+
+pkg_install netcat-openbsd "netcat (nc)"
+pkg_install ncat           "ncat (nmap's netcat)"
+pkg_install socat          "socat (relay / reverse shells)"
+pkg_install tcpdump        "tcpdump"
+pkg_install tshark         "tshark (Wireshark CLI)"
+pkg_install iproute2       "ip / ss commands"
+pkg_install bind-utils     "host / dig"
+pkg_install openssh        "ssh / scp / sftp"
+
+# impacket — Windows/SMB protocol suite (Python)
+pip_install impacket       "impacket (SMB/AD tools)"
+
+# scapy — packet crafting (Python)
+pip_install scapy          "scapy (packet crafting)"
+
+warn "tcpdump / tshark require root for live capture on Android."
+warn "Use them with pcap files (offline analysis) without root."
+
+fi  # network
+
+# =============================================================================
+# CATEGORY 4 — PASSWORDS & AUTH
+# =============================================================================
+if run_category passwords; then
+header "Passwords & Authentication"
+
+pkg_install hydra          "hydra (network brute force)"
+pkg_install john           "john (John the Ripper)"
+pkg_install hashcat        "hashcat (GPU hash cracker)"
+pkg_install medusa         "medusa (parallel brute force)"
+
+# CrackMapExec / netexec (Python)
+pip_install netexec        "netexec / CrackMapExec"
+
+warn "hashcat GPU mode is limited on Android; CPU mode (-D 1) works fine."
+note "Common wordlists can be fetched with:"
+note "  wget https://github.com/danielmiessler/SecLists/raw/master/Passwords/Common-Credentials/10-million-password-list-top-1000.txt"
+
+fi  # passwords
+
+# =============================================================================
+# CATEGORY 5 — FORENSICS
+# =============================================================================
+if run_category forensics; then
+header "Forensics"
+
+pkg_install binwalk        "binwalk (firmware analysis)"
+pkg_install exiftool       "exiftool (metadata)"
+pkg_install steghide       "steghide (steganography)"
+pkg_install foremost       "foremost (file carving)"
+pkg_install sleuthkit      "sleuthkit / fls / fsstat"
+pkg_install hexedit        "hexedit"
+pkg_install xxd            "xxd (hex dump)"
+
+# volatility3 — memory forensics (Python)
+pip_install volatility3    "volatility3 (memory forensics)"
+
+# oletools — Office/OLE malware analysis (Python)
+pip_install oletools       "oletools (Office/OLE analysis)"
+
+# pdfminer — PDF analysis
+pip_install pdfminer.six   "pdfminer (PDF parser)"
+
+# python-magic — file type detection
+pip_install python-magic   "python-magic (file ID)"
+
+fi  # forensics
+
+# =============================================================================
+# CATEGORY 6 — REVERSING & EXPLOITATION
+# =============================================================================
+if run_category reversing; then
+header "Reversing & Exploitation"
+
+pkg_install gdb            "gdb (debugger)"
+pkg_install radare2        "radare2 (r2 framework)"
+pkg_install ltrace         "ltrace (library call tracer)"
+pkg_install strace         "strace (syscall tracer)"
+pkg_install nasm           "nasm (assembler)"
+pkg_install binutils       "binutils (objdump, nm, strings…)"
+
+# pwntools — CTF/exploit dev (Python)
+pip_install pwntools       "pwntools (exploit dev)"
+
+# ROPgadget
+pip_install ROPgadget      "ROPgadget (ROP chain builder)"
+
+# angr — binary analysis framework (heavy)
+pip_install angr           "angr (binary analysis)"
+
+note "angr is large (~500 MB). Skip if disk space is limited."
+
+fi  # reversing
+
+# =============================================================================
+# CATEGORY 7 — UTILITIES
+# =============================================================================
+if run_category utils; then
+header "General Utilities"
+
+pkg_install jq             "jq (JSON processor)"
+pkg_install tmux           "tmux (terminal multiplexer)"
+pkg_install vim            "vim"
+pkg_install zsh            "zsh"
+pkg_install fzf            "fzf (fuzzy finder)"
+pkg_install bat            "bat (cat with syntax highlighting)"
+pkg_install lsd            "lsd (ls with icons)"
+pkg_install ripgrep        "ripgrep (fast grep)"
+pkg_install fd             "fd (fast find)"
+pkg_install tree           "tree"
+pkg_install zip            "zip / unzip"
+pkg_install p7zip          "7zip"
+pkg_install termux-api     "termux-api (Android integration)"
+
+# CyberChef CLI alternative — python cyberchef
+pip_install pycipher       "pycipher (classical ciphers)"
+pip_install pycryptodome   "pycryptodome (crypto library)"
+
+fi  # utils
+
+# =============================================================================
+# WORDLISTS
+# =============================================================================
+header "Wordlists"
+
+WORDLISTS_DIR="$HOME/wordlists"
+mkdir -p "$WORDLISTS_DIR"
+
+info "Cloning SecLists (this may take a while — ~1.3 GB)…"
+if [[ -d "$WORDLISTS_DIR/SecLists/.git" ]]; then
+  skip "SecLists (already cloned)"
+else
+  if git clone --depth 1 https://github.com/danielmiessler/SecLists.git \
+       "$WORDLISTS_DIR/SecLists"; then
+    success "SecLists → $WORDLISTS_DIR/SecLists"
+  else
+    warn "SecLists clone failed (network issue or low storage)"
+    FAILED+=("SecLists")
+  fi
+fi
+
+note "For a smaller download use --depth 1 and only the subdirs you need."
+note "rockyou.txt is inside SecLists/Passwords/Leaked-Databases/"
+
+# =============================================================================
+# ROOT-LIMITED TOOLS NOTE
+# =============================================================================
+header "Root-Limited Tools"
+echo -e "  The following tools ${Y}work better (or only) with root${NC}:
+
+  ${DIM}•${NC} tcpdump / tshark  — live packet capture needs CAP_NET_RAW
+  ${DIM}•${NC} aircrack-ng       — needs monitor mode wifi (rare on Android)
+  ${DIM}•${NC} hashcat           — GPU acceleration (OpenCL) not available on Termux
+  ${DIM}•${NC} arp-scan          — raw socket ARP requires root
+
+  ${G}Tip:${NC} If you have a rooted device, install ${BOLD}tsu${NC} for sudo-like access:
+  ${DIM}pkg install tsu && tsu${NC}
+"
+
+# =============================================================================
+# SUMMARY
+# =============================================================================
+header "Summary"
+
+TOOLS=(nmap masscan nikto sqlmap hydra john hashcat
+       gobuster ffuf nuclei subfinder httpx
+       netcat socat tshark gdb radare2
+       binwalk exiftool steghide)
+
+for t in "${TOOLS[@]}"; do
+  if command -v "$t" &>/dev/null; then
+    success "$t"
+  else
+    warn "$t — not in PATH yet (reopen Termux)"
+  fi
+done
+
+if [[ ${#FAILED[@]} -gt 0 ]]; then
+  echo ""
+  error "Failed installs:"
+  for f in "${FAILED[@]}"; do
+    echo -e "  ${R}•${NC} $f"
+  done
+  echo ""
+  warn "Re-run with --skip-update, or install individually:"
+  warn "  pkg install <tool>   OR   pip install <tool>"
+fi
+
+echo ""
+echo -e "  ${G}${BOLD}Done.${NC} Reopen Termux or run:  ${BOLD}source ~/.bashrc${NC}"
+echo -e "  ${DIM}Wordlists:  ~/wordlists/SecLists/${NC}"
+echo ""