Installation

In this section we will go through our installation options. In case you just want to test Cryton, check the quick-start or playground pages.

Do I need to install all components?

Since the version 2.0.0, Cryton is shipped as a single application with the option to select extras. Cryton's front-end is treated as a different application.

• Hive and Worker are usually installed on different hosts
• Installing the front-end is unnecessary if you wish to control Cryton using only the CLI
• CLI and front-end can be deployed on a different host and installed on demand

Prerequisites

The following is a list of applications used and required by Cryton (its components).

HiveWorker

• RabbitMQ server
• PostgreSQL database
• PgBouncer

Use Docker images for a quick start

The following commands allow you to quickly deploy the prerequisites without studying them.
They use Cryton's default credentials and shouldn't be used for production.
Be aware that these commands may expose ports to network, read them first.

RabbitMQ:

docker run --rm --detach --restart always \
      --publish 5672:5672 \
      --hostname rabbit \
      --name rabbit \
      --env RABBITMQ_DEFAULT_USER=cryton \
      --env RABBITMQ_DEFAULT_PASS=cryton \
      rabbitmq:3.12

Postgres:

docker run --rm --detach --restart always \
      --hostname postgres \
      --name postgres \
      --volume cryton_db_data:/var/lib/postgresql/data \
      --env POSTGRES_PASSWORD=cryton \
      --env POSTGRES_USER=cryton \
      --env POSTGRES_DB=cryton \
      --env POSTGRES_HOST_AUTH_METHOD=md5 \
      postgres:16

PgBouncer:

docker run --rm --detach --restart always \
      --publish 127.0.0.1:5432:5432 \
      --hostname pgbouncer \
      --name pgbouncer \
      --volume cryton_db_data:/var/lib/postgresql/data \
      --env POSTGRESQL_HOST=postgres \
      --env POSTGRESQL_PASSWORD=cryton \
      --env POSTGRESQL_USERNAME=cryton \
      --env POSTGRESQL_DATABASE=cryton \
      --env PGBOUNCER_DATABASE=cryton \
      --env PGBOUNCER_PORT=5432 \
      --env PGBOUNCER_MAX_CLIENT_CONN=1000 \
      --env PGBOUNCER_MIN_POOL_SIZE=8 \
      --env PGBOUNCER_POOL_MODE=transaction \
      bitnami/pgbouncer:1.22.0

• Metasploit Framework
• PostgreSQL database (for Metasploit Framework)
• Empire C2

Use Docker images for a quick start

The following commands allow you to quickly deploy the prerequisites without studying them.
They use Cryton's default credentials and shouldn't be used for production.
Be aware that these commands may expose ports to network, read them first.

Metasploit Framework:

docker run --rm --detach --restart always \
      --tty \
      --network host \
      --name metasploit \
      --env MSF_DB_HOST=127.0.0.1 \
      --env MSF_DB_PORT=5432 \
      --env MSF_DB_NAME=cryton \
      --env MSF_DB_USERNAME=cryton \
      --env MSF_DB_PASSWORD=cryton \
      registry.gitlab.ics.muni.cz:443/cryton/configurations/metasploit-framework:0

Postgres:

docker run --rm --detach --restart always \
      --publish 127.0.0.1:5432:5432 \
      --hostname postgres \
      --name postgres \
      --volume cryton_db_data:/var/lib/postgresql/data \
      --env POSTGRES_PASSWORD=cryton \
      --env POSTGRES_USER=cryton \
      --env POSTGRES_DB=cryton \
      --env POSTGRES_HOST_AUTH_METHOD=md5 \
      postgres:16

Empire

docker run --rm --detach --restart always \
      --interactive \
      --network host \
      --name empire \
      bcsecurity/empire:v4.10.0 \
      server --username cryton --password cryton

With pipx

Cryton is available on PyPI and can be installed using pipx or pip.
It is highly recommended to use pipx, since it creates and manages an isolated environment.

Requirements

• Python >=3.9,<3.13
• pipx

HiveWorkerCLIAll-in-one

pipx

pipx install cryton[hive]==2.*

pip

pip install --user cryton[hive]==2.*

pipx

pipx install cryton[worker]==2.*

pip

pip install --user cryton[worker]==2.*

pipx

pipx install cryton[cli]==2.*

pip

pip install --user cryton[cli]==2.*

pipx

pipx install cryton[all]==2.*

pip

pip install --user cryton[all]==2.*

Once you finish the installation, check out the usage page.

With Docker

Cryton is also shipped in the form of Docker images.

Requirements

• Docker

Note

In the following commands, we are using the --network host parameter which tells the container to use host's network interface. You don't have to use it, but make sure the applications and prerequisites can communicate.

This doesn't apply to the front-end. We will expose only the necessary port.

Once you start the container, and it's healthy, you are all set. Otherwise, check the logs from the unhealthy container (docker logs <container-name>).

Before starting the containers, make sure to check out the settings page. Use environment variables to override Container settings.

HiveWorkerCLIFrontend

Run the container in the background:

docker run --network host -d registry.gitlab.ics.muni.cz:443/cryton/cryton/hive:2

Run the container in the background:

docker run --network host -d registry.gitlab.ics.muni.cz:443/cryton/cryton/worker:2

It contains the official modules and their prerequisites.

Run the container and enter an interactive shell:

docker run --network host -it registry.gitlab.ics.muni.cz:443/cryton/cryton/cli:2

Run the container in the background:

docker run -d -p 127.0.0.1:8080:80 registry.gitlab.ics.muni.cz:443/cryton/cryton-frontend:2

Shell completion

Shell completion is available for the Bash, Zsh, and Fish shell and has to be manually enabled (after successful installation).

First, make sure the app directory exists:

mkdir -p ~/.local/cryton/

Generate, save, and load the completion script:

HiveWorkerCLI

BashZshFish

_CRYTON_HIVE_COMPLETE=bash_source cryton-hive > ~/.local/cryton/cryton-hive-complete.bash
echo ". ~/.local/cryton/cryton-hive-complete.bash" >> ~/.bashrc

_CRYTON_HIVE_COMPLETE=zsh_source cryton-hive > ~/.local/cryton/cryton-hive-complete.zsh
echo ". ~/.local/cryton/cryton-hive-complete.zsh" >> ~/.zshrc

_CRYTON_HIVE_COMPLETE=fish_source cryton-hive > ~/.config/fish/completions/cryton-hive-complete.fish

BashZshFish

_CRYTON_WORKER_COMPLETE=bash_source cryton-worker > ~/.local/cryton/cryton-worker-complete.bash
echo ". ~/.local/cryton/cryton-worker-complete.bash" >> ~/.bashrc

_CRYTON_WORKER_COMPLETE=zsh_source cryton-worker > ~/.local/cryton/cryton-worker-complete.zsh
echo ". ~/.local/cryton/cryton-worker-complete.zsh" >> ~/.zshrc

_CRYTON_WORKER_COMPLETE=fish_source cryton-worker > ~/.config/fish/completions/cryton-worker-complete.fish

BashZshFish

_CRYTON_CLI_COMPLETE=bash_source cryton-cli > ~/.local/cryton/cryton-cli-complete.bash
echo ". ~/.local/cryton/cryton-cli-complete.bash" >> ~/.bashrc

_CRYTON_CLI_COMPLETE=zsh_source cryton-cli > ~/.local/cryton/cryton-cli-complete.zsh
echo ". ~/.local/cryton/cryton-cli-complete.zsh" >> ~/.zshrc

_CRYTON_CLI_COMPLETE=fish_source cryton-cli > ~/.config/fish/completions/cryton-cli-complete.fish

You may need to restart your shell for the changes to take effect.

Installing additional modules

To install an unofficial module, please check here.