forked from threat9/routersploit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
interpreter.py
426 lines (347 loc) · 15.7 KB
/
interpreter.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
from __future__ import print_function
import os
import sys
import traceback
import atexit
import importlib
import inspect
from socket import inet_ntoa
from struct import pack
from routersploit.exceptions import RoutersploitException
from routersploit.exploits import Exploit
from routersploit import utils
from routersploit import modules as rsf_modules
from routersploit.utils import print_status
if sys.platform == "darwin":
import gnureadline as readline
else:
import readline
class BaseInterpreter(object):
history_file = os.path.expanduser("~/.history")
history_length = 100
def __init__(self):
self.setup()
self.banner = ""
def setup(self):
""" Initialization of third-party libraries
Setting interpreter history.
Setting appropriate completer function.
:return:
"""
if not os.path.exists(self.history_file):
open(self.history_file, 'a+').close()
readline.read_history_file(self.history_file)
readline.set_history_length(self.history_length)
atexit.register(readline.write_history_file, self.history_file)
readline.parse_and_bind('set enable-keypad on')
readline.set_completer(self.complete)
readline.set_completer_delims(' \t\n;')
readline.parse_and_bind("tab: complete")
def parse_line(self, line):
""" Split line into command and argument.
:param line: line to parse
:return: (command, argument)
"""
command, _, arg = line.strip().partition(" ")
return command, arg.strip()
@property
def prompt(self):
""" Returns prompt string """
return ">>>"
def get_command_handler(self, command, args):
""" Parsing command and returning appropriate handler.
:param command: command
:return: command_handler
"""
try:
command_handler = getattr(self, "command_{}".format(command))
except AttributeError:
raise RoutersploitException("Unknown command: '{}'".format(command))
return command_handler
def get_show_handler(self, command, args):
""" Parsing show commands and returns the appropriate handler. """
try:
show_handler = getattr(self, "show_{}".format(command))
except AttributeError:
raise RoutersploitException("Unknown command: '{}'".format(command))
return show_handler
def start(self):
""" Routersploit main entry point. Starting interpreter loop. """
print(self.banner)
while True:
try:
command, args = self.parse_line(raw_input(self.prompt))
if not command:
continue
command_handler = self.get_command_handler(command, args)
if command_handler == None:
continue
command_handler(args)
except RoutersploitException as err:
utils.print_error(err)
except (KeyboardInterrupt, EOFError):
print()
utils.print_status("routersploit stopped")
break
def complete(self, text, state):
"""Return the next possible completion for 'text'.
If a command has not been entered, then complete against command list.
Otherwise try to call complete_<command> to get list of completions.
"""
if state == 0:
original_line = readline.get_line_buffer()
line = original_line.lstrip()
stripped = len(original_line) - len(line)
start_index = readline.get_begidx() - stripped
end_index = readline.get_endidx() - stripped
if start_index > 0:
cmd, args = self.parse_line(line)
if cmd == '':
complete_function = self.default_completer
else:
try:
complete_function = getattr(self, 'complete_' + cmd)
except AttributeError:
complete_function = self.default_completer
else:
complete_function = self.raw_command_completer
self.completion_matches = complete_function(text, line, start_index, end_index)
try:
return self.completion_matches[state]
except IndexError:
return None
def commands(self, *ignored):
""" Returns full list of interpreter commands.
:param ignored:
:return: full list of interpreter commands
"""
return [command.rsplit("_").pop() for command in dir(self) if command.startswith("command_")]
def raw_command_completer(self, text, line, start_index, end_index):
""" Complete command w/o any argument """
return filter(lambda entry: entry.startswith(text), self.suggested_commands())
def default_completer(self, *ignored):
return []
def suggested_commands(self):
""" Entry point for intelligent tab completion.
Overwrite this method to suggest suitable commands.
:return: list of suitable commands
"""
return self.commands()
class RoutersploitInterpreter(BaseInterpreter):
history_file = os.path.expanduser("~/.rsf_history")
def __init__(self):
super(RoutersploitInterpreter, self).__init__()
self.current_module = None
self.raw_prompt_template = None
self.module_prompt_template = None
self.prompt_hostname = 'rsf'
self.modules_directory = rsf_modules.__path__[0]
self.modules = []
self.modules_with_errors = {}
self.main_modules_dirs = []
self.__parse_prompt()
self.load_modules()
self.banner = self.ret_banner()
def load_modules(self):
self.main_modules_dirs = [module for module in os.listdir(self.modules_directory) if not module.startswith("__")]
self.modules = []
self.modules_with_errors = {}
for root, dirs, files in os.walk(self.modules_directory):
_, package, root = root.rpartition('routersploit')
root = "".join((package, root)).replace(os.sep, '.')
modules = map(lambda x: '.'.join((root, os.path.splitext(x)[0])), filter(lambda x: x.endswith('.py'), files))
for module_path in modules:
try:
module = importlib.import_module(module_path)
except ImportError as error:
self.modules_with_errors[module_path] = error
else:
klasses = inspect.getmembers(module, inspect.isclass)
exploits = filter(lambda x: issubclass(x[1], Exploit), klasses)
# exploits = map(lambda x: '.'.join([module_path.split('.', 2).pop(), x[0]]), exploits)
# self.modules.extend(exploits)
if exploits:
self.modules.append(module_path.split('.', 2).pop())
def __parse_prompt(self):
raw_prompt_default_template = "\001\033[4m\002{host}\001\033[0m\002 > "
raw_prompt_template = os.getenv("RSF_RAW_PROMPT", raw_prompt_default_template).replace('\\033', '\033')
self.raw_prompt_template = raw_prompt_template if '{host}' in raw_prompt_template else raw_prompt_default_template
module_prompt_default_template = "\001\033[4m\002{host}\001\033[0m\002 (\001\033[91m\002{module}\001\033[0m\002) > "
module_prompt_template = os.getenv("RSF_MODULE_PROMPT", module_prompt_default_template).replace('\\033', '\033')
self.module_prompt_template = module_prompt_template if all(map(lambda x: x in module_prompt_template, ['{host}', "{module}"])) else module_prompt_default_template
@property
def module_metadata(self):
return getattr(self.current_module, "_{}__info__".format(self.current_module.__class__.__name__))
@property
def prompt(self):
""" Returns prompt string based on current_module attribute.
Adding module prefix (module.name) if current_module attribute is set.
:return: prompt string with appropriate module prefix.
"""
if self.current_module:
try:
return self.module_prompt_template.format(host=self.prompt_hostname, module=self.module_metadata['name'])
except (AttributeError, KeyError):
return self.module_prompt_template.format(host=self.prompt_hostname, module="UnnamedModule")
else:
return self.raw_prompt_template.format(host=self.prompt_hostname)
def available_modules_completion(self, text):
""" Looking for tab completion hints using setup.py entry_points.
May need optimization in the future!
:param text: argument of 'use' command
:return: list of tab completion hints
"""
text = utils.pythonize_path(text)
all_possible_matches = filter(lambda x: x.startswith(text), self.modules)
matches = set()
for match in all_possible_matches:
head, sep, tail = match[len(text):].partition('.')
if not tail:
sep = ""
matches.add("".join((text, head, sep)))
return list(map(utils.humanize_path, matches)) # humanize output, replace dots to forward slashes
def suggested_commands(self):
""" Entry point for intelligent tab completion.
Based on state of interpreter this method will return intelligent suggestions.
:return: list of most accurate command suggestions
"""
if self.current_module:
return ['run', 'back', 'set ', 'show ', 'check', 'debug', 'exit']
else:
return ['use ', 'debug', 'exit', 'clear']
def command_back(self, *args, **kwargs):
self.current_module = None
def command_use(self, module_path, *args, **kwargs):
module_path = utils.pythonize_path(module_path)
module_path = '.'.join(('routersploit', 'modules', module_path))
# module_path, _, exploit_name = module_path.rpartition('.')
try:
module = importlib.import_module(module_path)
self.current_module = getattr(module, 'Exploit')()
except (ImportError, AttributeError, KeyError):
utils.print_error("Error during loading '{}' module. "
"It should be valid path to the module. "
"Use <tab> key multiple times for completion.".format(utils.humanize_path(module_path)))
@utils.stop_after(2)
def complete_use(self, text, *args, **kwargs):
if text:
return self.available_modules_completion(text)
else:
return self.main_modules_dirs
@utils.module_required
def command_run(self, *args, **kwargs):
utils.print_status("Running module...")
try:
self.current_module.run()
except:
utils.print_error(traceback.format_exc(sys.exc_info()))
def command_exploit(self, *args, **kwargs):
self.command_run()
@utils.module_required
def command_set(self, *args, **kwargs):
key, _, value = args[0].partition(' ')
if key in self.current_module.options:
setattr(self.current_module, key, value)
utils.print_success({key: value})
else:
utils.print_error("You can't set option '{}'.\n"
"Available options: {}".format(key, self.current_module.options))
@utils.stop_after(2)
def complete_set(self, text, *args, **kwargs):
if text:
return [' '.join((attr, "")) for attr in self.current_module.options if attr.startswith(text)]
else:
return self.current_module.options
@utils.module_required
def get_opts(self, *args):
""" Generator returning module's Option attributes (option_name, option_value, option_description)
:param args: Option names
:return:
"""
for opt_key in args:
try:
opt_description = self.current_module.exploit_attributes[opt_key]
opt_value = getattr(self.current_module, opt_key)
except (KeyError, AttributeError):
pass
else:
yield opt_key, opt_value, opt_description
@utils.module_required
def command_show(self, *args, **kwargs):
""" While hardcoded show commands work, I thought that implementing something similar
to the get_command_handler() for show commands would be good """
sub_command = args[0]
show_handler = self.get_show_handler(sub_command, args[1:])
if show_handler == None:
raise RoutersploitException("Unknown command: show {}".format(sub_command))
show_handler(args)
def show_info(self, args):
utils.pprint_dict_in_order(
self.module_metadata,
("name", "description", "targets", "authors", "references"),
)
def show_options(self, args):
target_opts = {'port', 'target'}
module_opts = set(self.current_module.options) - target_opts
headers = ("Name", "Current settings", "Description")
utils.print_info('\nTarget options:')
utils.print_table(headers, *self.get_opts(*target_opts))
if module_opts:
utils.print_info('\nModule options:')
utils.print_table(headers, *self.get_opts(*module_opts))
utils.print_info()
def show_gateway(self, args):
print_status(self.linux_gateway())
@utils.stop_after(2)
def complete_show(self, text, *args, **kwargs):
sub_commands = dir(self)
if text:
return [(filter(lambda command: command.startswith('show_'+text), sub_commands)[0].split('show_')[1])]
else:
return [(filter(lambda command: command.startswith('show_'), sub_commands)[0].split('show_'))]
@utils.module_required
def command_check(self, *args, **kwargs):
try:
result = self.current_module.check()
except:
utils.print_error(traceback.format_exc(sys.exc_info()))
else:
if result is True:
utils.print_success("Target is vulnerable")
elif result is False:
utils.print_error("Target is not vulnerable")
else:
utils.print_status("Target could not be verified")
def command_debug(self, *args, **kwargs):
for key, value in self.modules_with_errors.iteritems():
utils.print_info(key)
utils.print_error(value, '\n')
def command_exit(self, *args, **kwargs):
raise KeyboardInterrupt
def command_clear(self, *args, **kwargs):
sys.stderr.write('\x1b[2J\x1b[H')
def command_banner(self, *args, **kwargs):
print(self.ret_banner())
def ret_banner(self, *args, **kwargs):
return """
______ _ _____ _ _ _
| ___ \ | | / ___| | | (_) |
| |_/ /___ _ _| |_ ___ _ __\ `--. _ __ | | ___ _| |_
| // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __|
| |\ \ (_) | |_| | || __/ | /\__/ / |_) | | (_) | | |_
\_| \_\___/ \__,_|\__\___|_| \____/| .__/|_|\___/|_|\__|
| |
Router Exploitation Framework |_|
Dev Team : Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz)
Codename : Bad Blood
Version : 2.0.0
Total module count: {modules_count}
""".format(modules_count=len(self.modules))
def linux_gateway(self, *args, **kwargs):
"""Read the default gateway directly from /proc."""
with open("/proc/net/route") as fh:
for line in fh:
fields = line.strip().split()
if fields[1] != '00000000' or not int(fields[3], 16) & 2:
continue
return inet_ntoa(pack("<L", int(fields[2], 16)))