def startUi(self):
"""This function checks if ui file exists and then show the view"""
try:
from PyQt4.Qt import PYQT_VERSION_STR as PYQTVERSION
from nmap import __version__ as NMAPVERSION
from fpdf import __version__ as FPDVERSION
from requests import __version__ as REQUESTSVERSION
self.load('about')
# Connect things
self.buttonBox.accepted.connect(self.buttonBoxAccepted)
# Add information
self.labelTitle.setText('RExploit (Router Exploitation)')
self.labelDescription.setText(
"This program is written on Python 2.7\n"
"This program uses pyqt4 ({0}), fpdf ({1}),\n"
"python-nmap ({2}) and requests ({3})\n\n"
"Copyright(C) 2007 General Public License 3 (GPL3)\n".format(
PYQTVERSION, FPDVERSION, NMAPVERSION, REQUESTSVERSION))
return True
except Exception as e:
MessageBox.critical("Error", str(e))
return False
def actionReportPDF(self):
"""This function is executed when actionReportPDF is clicked."""
if self.__scanController.save():
if self.__exploitsController.save():
if self.__reportController.show():
MessageBox.information(
"Report PDF", "Your report was saved successfully")
def create(self, name, ip, location):
"""
Create a project with the params that it receives
:param name: Project's name
:param ip: IP Address
:param location: Path
:return: None
"""
dbHelper = DBHelper()
try:
mac, info = dbHelper.fetchone(ip)
except EOFError as e:
MessageBox.critical("Error", str(e))
return None
if not mac and not info:
mac = oui = company = "Unknown"
else:
oui = info[1]
company = info[2]
self.__projectFile = ProjectFile(location, name)
self.__projectFile.write("Information", "Name", name)
self.__projectFile.write("Information", "Location", self.__projectFile.getFileName())
self.__projectFile.write("Information", "IP", ip)
self.__projectFile.write("Information", "MAC", mac)
self.__projectFile.write("Information", "OUI", oui)
self.__projectFile.write("Information", "Company", company)
self.__projectFile.write("Information", "Router", None)
def save(self):
"""
Save all items on a file. Firstly we get all items that appear on table and we save it.
:return: True if it was saved successfully, False otherwise.
"""
self.__projectFile.write("Information", "Router",
self.__view.getRouterActive())
exploits = self.__view.getExploitSuccess()
if exploits:
for i, exploit in enumerate(exploits):
section = "Exploit_%s" % i
try:
self.__projectFile.write(section, "Name", exploit.name)
self.__projectFile.write(section, "Authors",
exploit.authors)
self.__projectFile.write(section, "Description",
exploit.description)
self.__projectFile.write(section, "CWE", exploit.cwe)
self.__projectFile.write(section, "Targets",
exploit.target)
self.__projectFile.write(section, "References",
exploit.references)
except Exception as e:
MessageBox.critical("Error", e.message)
return False
return True
def startUi(self):
"""This function checks if ui file exists and then show the view"""
try:
from PyQt4.Qt import PYQT_VERSION_STR as PYQTVERSION
from nmap import __version__ as NMAPVERSION
from fpdf import __version__ as FPDVERSION
from requests import __version__ as REQUESTSVERSION
self.load('about')
# Connect things
self.buttonBox.accepted.connect(self.buttonBoxAccepted)
# Add information
self.labelTitle.setText('RExploit (Router Exploitation)')
self.labelDescription.setText(
"This program is written on Python 2.7\n"
"This program uses pyqt4 ({0}), fpdf ({1}),\n"
"python-nmap ({2}) and requests ({3})\n\n"
"Copyright(C) 2007 General Public License 3 (GPL3)\n".format(PYQTVERSION,
FPDVERSION,
NMAPVERSION,
REQUESTSVERSION))
return True
except Exception as e:
MessageBox.critical("Error", str(e))
return False
def pushButtonExploitClicked(self):
if self.check():
self.plainTextEditData.clear()
try:
self.setProgressBarState(2)
self.pushButtonExploit.setEnabled(False)
self.pushButtonCancel.setEnabled(True)
if str(self.lineEditUsers.text()):
if exists(str(self.lineEditUsers.text())):
users = Parse.getContentFromFile(str(self.lineEditUsers.text()))
else:
users = self.__generatorUsers.create()
else:
users = None
if str(self.lineEditPasswords.text()):
if exists(str(self.lineEditPasswords.text())):
passwords = Parse.getContentFromFile(str(self.lineEditPasswords.text()))
else:
passwords = self.__generatorPasswords.create()
else:
passwords = None
if not users or not passwords:
MessageBox.critical("Error", "An error happened while items generation or read the dictionary.")
self.pushButtonCancelClicked()
data = {"port": int(self.lineEditPort.text()), "users": users, "passwords": passwords}
self.__exploitThread.setExploit(self.exploit, data)
self.__exploitThread.start()
except Exception as e:
MessageBox.critical("Error", str(e.args))
def setModels(self, models):
if models:
for model in models:
self.comboBoxModel.addItem(str(model))
else:
MessageBox.critical(
"Error",
"We can not found models for this router. Try to choose other router."
)
def check(self):
if Network.ping(self.exploit.ip):
if str(self.lineEditData.text()):
return True
else:
MessageBox.critical("Error", "You must write a command")
return False
else:
MessageBox.critical("Error", "Destination Host Unreachable")
return False
def check(self):
if Network.ping(self.exploit.ip):
if str(self.lineEditData.text()):
return True
else:
MessageBox.critical("Error", "You have to complete the data box")
return False
else:
MessageBox.critical("Error", "Destination Host Unreachable")
return False
def isName(self):
"""
Check if lineEdit name is not empty
:return: True if name is not empty, False otherwise
"""
if str(self.lineEditName.text()):
return True
else:
MessageBox.critical("Error", "You have to complete the information")
return False
def check(self):
if Network.ping(self.exploit.ip):
if not str(self.lineEditPath.text()).startswith("/"):
MessageBox.critical("Error", "An absolute path is required.")
return False
else:
return True
else:
MessageBox.critical("Error", "Destination Host Unreachable")
return False
def check(self):
if Network.ping(self.exploit.ip):
if not str(self.lineEditPath.text()).startswith("/"):
MessageBox.critical("Error", "An absolute path is required.")
return False
else:
return True
else:
MessageBox.critical("Error", "Destination Host Unreachable")
return False
def check(self):
if Network.ping(self.exploit.ip):
if str(self.lineEditData.text()):
return True
else:
MessageBox.critical("Error",
"You have to complete the data box")
return False
else:
MessageBox.critical("Error", "Destination Host Unreachable")
return False
def pushButtonExploitClicked(self):
if self.check():
self.plainTextEditData.clear()
try:
data = self.exploit.default()
result = self.exploit.run(data)
self.plainTextEditData.appendPlainText(result)
if self.exploit.vulnerable:
self.setCheckBoxVulnerableChecked()
except Exception as e:
MessageBox.critical("Error", str(e))
def pushButtonExploitClicked(self):
if self.check():
self.plainTextEditData.clear()
try:
data = self.exploit.default()
result = self.exploit.run(data)
self.plainTextEditData.appendPlainText(result)
if self.exploit.vulnerable:
self.setCheckBoxVulnerableChecked()
except Exception as e:
MessageBox.critical("Error", str(e))
def pushButtonExploitClicked(self):
if self.check():
self.plainTextEditData.clear()
try:
data = Parse.sanatizeJSONOutput(str(self.lineEditCommand.text()))
result = self.exploit.run(data)
self.plainTextEditData.appendPlainText(result)
if self.exploit.vulnerable:
self.vulnerable = True
except Exception as e:
MessageBox.critical("Error", str(e.message))
def isName(self):
"""
Check if lineEdit name is not empty
:return: True if name is not empty, False otherwise
"""
if str(self.lineEditName.text()):
return True
else:
MessageBox.critical("Error",
"You have to complete the information")
return False
def getProfiles(self):
"""
Get all profiles
:return: a dict with all profiles
"""
try:
self.__profile.read()
return self.__profile.getAll()
except IOError as e:
MessageBox.critical("Error", str(e))
return None
def pushButtonExploitClicked(self):
if self.check():
path = str(self.lineEditPath.text())
self.plainTextEditData.clear()
try:
data = self.exploit.run(path)
self.plainTextEditData.appendPlainText(str(data))
if self.exploit.vulnerable:
self.vulnerable = True
except Exception as e:
MessageBox.critical("Error", str(e.message))
def pushButtonExploitClicked(self):
if self.check():
path = str(self.lineEditPath.text())
self.plainTextEditData.clear()
try:
data = self.exploit.run(path)
self.plainTextEditData.appendPlainText(str(data))
if self.exploit.vulnerable:
self.vulnerable = True
except Exception as e:
MessageBox.critical("Error", str(e.message))
def pushButtonPingClicked(self):
if Network.ping(str(self.lineEditIP.text())):
buttons = self.buttonBox.buttons()
buttons[0].setEnabled(True)
mac, oui, company = self.__settingsController.getInformation(str(self.lineEditIP.text()))
self.labelMAC.setText(mac)
self.labelOUI.setText(oui)
self.labelCompany.setText(company)
else:
buttons = self.buttonBox.buttons()
buttons[0].setEnabled(False)
MessageBox.critical("Error", "Destination Host Unreachable")
def getCommand(self, profile):
"""
Get the command associates with this
:param profile: the profile's name
:return: the command
"""
try:
self.__profile.read()
return self.__profile.getCommand(profile)
except Exception as e:
MessageBox.critical("Error", str(e))
return None
def startUi(self):
"""This function checks if ui file exists and then show the view"""
try:
self.load('profile')
# Connect things
self.buttonBox.rejected.connect(self.buttonBoxRejected)
self.buttonBox.accepted.connect(self.buttonBoxAccepted)
return True
except Exception as e:
MessageBox.critical("Error", str(e))
return False
def start(self, router):
"""
This function is executed when combobox router changed.
:param router: the router that we select
:return: None
"""
exploits = self.findExploits(router)
if exploits:
self.__view.show()
self.__view.setExploits(exploits)
else:
MessageBox.critical("Error", "We can not found exploits for this router")
def startUi(self):
"""This function checks if ui file exists and then show the view"""
try:
ui = join(dirname(__file__.split('rexploit')[0]), join("rexploit", "data", "ui", "mainwindow" + ".ui"))
loadUi(ui, self)
# Disable buttons
self.setEnabledItems(False)
self.show()
except Exception as e:
MessageBox.critical("Error", str(e))
exit(-1)
def startUi(self):
"""This function checks if ui file exists and then show the view"""
try:
self.load('profile')
# Connect things
self.buttonBox.rejected.connect(self.buttonBoxRejected)
self.buttonBox.accepted.connect(self.buttonBoxAccepted)
return True
except Exception as e:
MessageBox.critical("Error", str(e))
return False
def start(self, router):
"""
This function is executed when combobox router changed.
:param router: the router that we select
:return: None
"""
exploits = self.findExploits(router)
if exploits:
self.__view.show()
self.__view.setExploits(exploits)
else:
MessageBox.critical("Error",
"We can not found exploits for this router")
def pushButtonUpdateClicked(self):
"""This function is executed when pushbutton Update is clicked."""
url = str(self.lineEditURL.text())
if not url:
MessageBox.critical("Error", "URL can not be empty.")
else:
auxiliary, generic, routers = self.__updateController.update(url)
if auxiliary == 0 and generic == 0 and routers == 0:
pass
else:
self.setExploitsUpdated(auxiliary, generic, routers)
self.pushButtonUpgrade.setEnabled(True)
def pushButtonPingClicked(self):
if Network.ping(str(self.lineEditIP.text())):
buttons = self.buttonBox.buttons()
buttons[0].setEnabled(True)
mac, oui, company = self.__settingsController.getInformation(
str(self.lineEditIP.text()))
self.labelMAC.setText(mac)
self.labelOUI.setText(oui)
self.labelCompany.setText(company)
else:
buttons = self.buttonBox.buttons()
buttons[0].setEnabled(False)
MessageBox.critical("Error", "Destination Host Unreachable")
def startUi(self):
"""This function checks if ui file exists and then show the view"""
try:
ui = join(dirname(__file__.split('rexploit')[0]),
join("rexploit", "data", "ui", "mainwindow" + ".ui"))
loadUi(ui, self)
# Disable buttons
self.setEnabledItems(False)
self.show()
except Exception as e:
MessageBox.critical("Error", str(e))
exit(-1)
def removeProfile(self, profile):
"""
Remove the profile that it receives
:param profile: the profile that we want to remove
:return: None
"""
try:
self.__profile.read()
self.__profile.removeProfile(profile)
return True
except IOError as e:
MessageBox.critical("Error", str(e))
return None
def isLocation(self):
"""
Check if lineEdit location is well formed
:return: True if we can create a project on this path, False otherwise
"""
location = str(self.lineEditLocation.text())
name = str(self.lineEditName.text())
path = join(location, name + ".ini")
if not exists(path) and access(str(self.lineEditLocation.text()), W_OK):
return True
else:
MessageBox.critical("Error", "Exist a report with same name on this path ({}).".format(path))
return False
def buttonBoxAccepted(self):
"""This function is executed when buttonBox OK is clicked."""
name = str(self.lineEditProfile.text())
command = str(self.lineEditCommand.text())
if name:
if command:
self.__profiles.setProfile(name, command)
self.done(1)
else:
MessageBox.critical("Error", "Command box is empty")
self.done(-1)
else:
MessageBox.critical("Error", "Profile's name is empty")
self.done(-2)
def check(self):
mac = self.lineEditMAC.text()
# Credits http://stackoverflow.com/questions/18782926/regex-to-match-mac-address-and-also-extract-its-values
regex = compile(
r'^([0-9A-F]{1,2})\:([0-9A-F]{1,2})\:([0-9A-F]{1,2})\:([0-9A-F]{1,2})\:([0-9A-F]{1,2})\:([0-9A-F]{1,2})$',
IGNORECASE)
result = regex.match(mac)
if result:
return True
else:
MessageBox.critical(
"Error", "You have to set a MAC. Example: '00:11:22:33:44:55'")
return False
def buttonBoxAccepted(self):
"""This function is executed when buttonBox OK is clicked."""
name = str(self.lineEditProfile.text())
command = str(self.lineEditCommand.text())
if name:
if command:
self.__profiles.setProfile(name, command)
self.done(1)
else:
MessageBox.critical("Error", "Command box is empty")
self.done(-1)
else:
MessageBox.critical("Error", "Profile's name is empty")
self.done(-2)
def startUi(self):
"""This function checks if ui file exists and then show the view"""
try:
self.load("report")
self.lineEditLocation.setText(expanduser("~"))
# Connect things
self.buttonBox.rejected.connect(self.buttonBoxRejected)
self.buttonBox.accepted.connect(self.buttonBoxAccepted)
self.toolButton.clicked.connect(self.toolButtonClicked)
return True
except Exception as e:
MessageBox.critical("Error", str(e))
return False
def startUi(self):
"""This function checks if ui file exists and then show the view"""
try:
self.load("report")
self.lineEditLocation.setText(expanduser("~"))
# Connect things
self.buttonBox.rejected.connect(self.buttonBoxRejected)
self.buttonBox.accepted.connect(self.buttonBoxAccepted)
self.toolButton.clicked.connect(self.toolButtonClicked)
return True
except Exception as e:
MessageBox.critical("Error", str(e))
return False
def isLocation(self):
"""
Check if lineEdit location is well formed
:return: True if we can create a project on this path, False otherwise
"""
location = str(self.lineEditLocation.text())
if not location:
MessageBox.critical("Error", "You have to add a location")
return None
else:
if access(location, W_OK):
return location
else:
MessageBox.critical("Error", "Wrong directory. You must have access tto this directory")
return None
def open(self):
"""
Open a filedialog and get a filename
:exception: throw a critical MessageBox with the error
:return: True if filedialog is opened successfully, False otherwise
"""
fileName = FileDialog.getOpenFileName()
if fileName:
try:
self.__projectFile = ProjectFile(fileName)
return True
except Exception as e:
MessageBox.critical("Error", e.message)
else:
return False
def closeEvent(self, event):
"""This function is executed when main window will close."""
if MessageBox.question("Confirm Exit",
"Are you sure you want to exit ?"):
event.accept()
else:
event.ignore()
def start(self):
"""This function is executed when program start"""
try:
self.__view.startUi()
self.__scanController = ScanController(self.__view)
self.__exploitsController = ExploitsController(self.__view)
widgets = {"Exploits": self.__exploitsController.getWidget(),
"Scan": self.__scanController.getWidget()}
self.__view.buildUI(widgets)
except IOError as e:
MessageBox.critical("Error", str(e))
exit(-1)
except AttributeError as e:
MessageBox.critical("Error", str(e))
exit(-1)
def startUi(self):
"""This function checks if ui file exists and then show the view"""
try:
self.load("update")
# Connect things
self.pushButtonUpdate.clicked.connect(self.pushButtonUpdateClicked)
self.pushButtonUpgrade.clicked.connect(self.pushButtonUpgradeClicked)
self.lineEditURL.setText("http://127.0.0.1")
self.labelTitle.setText('Update RExploit')
self.labelResult.setText("Click on 'Update' for checking new updates.")
return True
except Exception as e:
MessageBox.critical("Error", str(e))
return False
def isLocation(self):
"""
Check if lineEdit location is well formed
:return: True if we can create a project on this path, False otherwise
"""
location = str(self.lineEditLocation.text())
name = str(self.lineEditName.text())
path = join(location, name + ".ini")
if not exists(path) and access(str(self.lineEditLocation.text()),
W_OK):
return True
else:
MessageBox.critical(
"Error",
"Exist a report with same name on this path ({}).".format(
path))
return False
def loadWidgets(self):
"""
Load all widget
:return: None
"""
try:
self.addWidget(CrossSiteRequestForgeryView(self.__parent))
self.addWidget(BackdoorView(self.__parent))
self.addWidget(BruteForceView(self.__parent))
self.addWidget(GeneratorView(self.__parent))
self.addWidget(InformationDisclosureView(self.__parent))
self.addWidget(LocalFileInclusionView(self.__parent))
except EOFError as e:
MessageBox.critical("Error", str(e))
except AttributeError as e:
MessageBox.critical("Error", str(e))
exit(-1)
def isLocation(self):
"""
Check if lineEdit location is well formed
:return: True if we can create a project on this path, False otherwise
"""
location = str(self.lineEditLocation.text())
name = str(self.lineEditProjectName.text())
if location == self.__location and name == self.__name:
# Same path and filename
return True
else:
if not exists(join(location, name + ".ini")) and access(str(self.lineEditLocation.text()), W_OK):
return True
else:
MessageBox.critical("Error", "Exist a project with same name on this path.")
return False
def loadWidgets(self):
"""
Load all widget
:return: None
"""
try:
self.addWidget(CrossSiteRequestForgeryView(self.__parent))
self.addWidget(BackdoorView(self.__parent))
self.addWidget(BruteForceView(self.__parent))
self.addWidget(GeneratorView(self.__parent))
self.addWidget(InformationDisclosureView(self.__parent))
self.addWidget(LocalFileInclusionView(self.__parent))
except EOFError as e:
MessageBox.critical("Error", str(e))
except AttributeError as e:
MessageBox.critical("Error", str(e))
exit(-1)
def startUi(self):
"""This function checks if ui file exists and then show the view"""
try:
self.load("project")
self.lineEditLocation.setText(expanduser("~"))
regex = QRegExp("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
self.__validator = QRegExpValidator(regex, self.lineEditIP)
self.lineEditIP.setValidator(self.__validator)
# Connect things
self.buttonBox.rejected.connect(self.buttonBoxRejected)
self.buttonBox.accepted.connect(self.buttonBoxAccepted)
self.toolButton.clicked.connect(self.toolButtonClicked)
return True
except Exception as e:
MessageBox.critical("Error", str(e))
return False
def startUi(self):
"""This function checks if ui file exists and then show the view"""
try:
self.load("project")
self.lineEditLocation.setText(expanduser("~"))
regex = QRegExp("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
self.__validator = QRegExpValidator(regex, self.lineEditIP)
self.lineEditIP.setValidator(self.__validator)
# Connect things
self.buttonBox.rejected.connect(self.buttonBoxRejected)
self.buttonBox.accepted.connect(self.buttonBoxAccepted)
self.toolButton.clicked.connect(self.toolButtonClicked)
return True
except Exception as e:
MessageBox.critical("Error", str(e))
return False
def isIP(self):
"""
Check if lineEdit IP is well formed
:return: True if IP is well formed and it is reachable, False otherwise
"""
# Verify if the IP "matches" the regular expression
IP = self.lineEditIP.text()
if IP:
state = self.__validator.validate(IP, 0)[0]
if state == QValidator.Acceptable:
return True
else:
MessageBox.critical("Error", "You have to add a valid IP (0.0.0.0).")
return False
else:
MessageBox.information("Information", "You have not add a IP on this project.")
return True
def start(self):
"""This function is executed when program start"""
try:
self.__view.startUi()
self.__scanController = ScanController(self.__view)
self.__exploitsController = ExploitsController(self.__view)
widgets = {
"Exploits": self.__exploitsController.getWidget(),
"Scan": self.__scanController.getWidget()
}
self.__view.buildUI(widgets)
except IOError as e:
MessageBox.critical("Error", str(e))
exit(-1)
except AttributeError as e:
MessageBox.critical("Error", str(e))
exit(-1)
def removeProfile(self, profile):
"""
Remove the profile that receive
:param profile: the profile that we want to remove
:return: None
"""
if MessageBox.question("Remove Profile", "Do you want remove this profile \'{0}\' ".format(profile)):
self.__profilesController.removeProfile(profile)
profiles = self.__profilesController.getProfiles()
self.__view.addProfiles(profiles)
def getInformation(ip):
"""
Get information about the IP that receive
:param ip: IP Address
:return: MAC, OUI and company
"""
dbHelper = DBHelper()
try:
mac, info = dbHelper.fetchone(ip)
except EOFError as e:
MessageBox.critical("Error", str(e))
return None
if not mac and not info:
mac = oui = company = "Unknown"
else:
oui = info[1]
company = info[2]
return mac, oui, company
def save(self):
"""
Save all items on a file. Firstly we get all items that appear on table and we save it.
:return: True if it was saved successfully, False otherwise.
"""
targets = []
row, col = self.__view.rowColumnCount()
for i in xrange(row):
item = map(lambda j: self.__view.getItemText(i, j), range(col))
target = Target(
protocol=item[0],
port=item[1],
name=item[2],
state=item[3],
product=item[4],
info=item[5])
targets.append(target)
if targets:
for i, target in enumerate(targets):
section = "Target_%s" % i
try:
if not self.__projectFile.readValue(section, "Port") == target.port:
self.__projectFile.write(section, "Protocol", target.protocol)
self.__projectFile.write(section, "Port", target.port)
self.__projectFile.write(section, "Name", target.name)
self.__projectFile.write(section, "State", target.state)
self.__projectFile.write(section, "Product",
"{0} {1}".format(target.product, target.version))
self.__projectFile.write(section, "Extra", target.info)
except Exception as e:
MessageBox.critical("Error", e.message)
return False
return True
def save(self):
"""
Save all items on a file. Firstly we get all items that appear on table and we save it.
:return: True if it was saved successfully, False otherwise.
"""
self.__projectFile.write("Information", "Router", self.__view.getRouterActive())
exploits = self.__view.getExploitSuccess()
if exploits:
for i, exploit in enumerate(exploits):
section = "Exploit_%s" % i
try:
self.__projectFile.write(section, "Name", exploit.name)
self.__projectFile.write(section, "Authors", exploit.authors)
self.__projectFile.write(section, "Description", exploit.description)
self.__projectFile.write(section, "CWE", exploit.cwe)
self.__projectFile.write(section, "Targets", exploit.target)
self.__projectFile.write(section, "References", exploit.references)
except Exception as e:
MessageBox.critical("Error", e.message)
return False
return True
