class BaseAuxiliary_iax2:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_llmnr(self, timeout_value=5, threads_value=1):
self.target_type = "http"
self.register_options([
BaseOption(name='JavaMeterpreterDebug',
required=False,
description=
"Run the payload in debug mode, with logging enabled"),
BaseOption(name='Spawn',
required=True,
description="Number of subprocesses to spawn",
value=2)
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = []#referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database
multi_target = False#vvarios alvos
targets = []#alvo
target_type = None#tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_client_dns(self):
self.target_type = "http"
self.register_options([
BaseOption(name="URIPATH", required=False, description='The URI to use for this exploit (default is random)'),
BaseOption(name='FILENAME', required=True, description='The file name', value='thg.webarchive'),
BaseOption(name='GRABPATH', required=False, description="The URI to receive the UXSS'ed data", value='grab'),
BaseOption(name='DOWNLOAD_PATH', required=True, description='The path to download the webarchive', value='thg.webarchive'),
BaseOption(name='FILE_URLS', required=False, description='Additional file:// URLs to steal. $USER will be resolved to the username.',),
BaseOption(name='STEAL_COOKIES', required=True, description="Enable cookie stealing", value=True),
BaseOption(name='STEAL_FILES', required=True, description="Enable local file stealing",value=True),
BaseOption(name='INSTALL_EXTENSION', required=True, description="Silently install a Safari extensions (requires click)",value=False),
BaseOption(name='EXTENSION_URL', required=False, description="HTTP URL of a Safari extension to install",value="https://data.getadblock.com/safari/AdBlock.safariextz"),
BaseOption(name='EXTENSION_ID', required=False, description="The ID of the Safari extension to install", value="com.betafish.adblockforsafari-UAMUU4S2D9")
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_client_dns(self):
self.register_options([
BaseOption(name='LPATH',
required=False,
description='The path of the local file to utilize'),
BaseOption(
name='FILE_LPATHS',
required=False,
description='A file containing a list of local files to utilize'
)
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_Drdos(self):
self.target_type = "http"
self.register_options([
BaseOption(name='SRCIP',
required=False,
description='Use this source IP'),
BaseOption(name='NUM_REQUESTS',
required=False,
description='Number of requests to send',
value=1),
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Etcd:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = []#referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database
multi_target = False#vvarios alvos
targets = []#alvo
target_type = None#tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_Etcd(self, timeout_value=5, threads_value=1):
self.target_type = "http"
self.register_options([
BaseOption(name='RPORT',required=True, description="Port to connect",value=""),
BaseOption(name='TARGETURI',required=True, description='base URI of etcd',value='/')
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = []#referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database
multi_target = False#vvarios alvos
targets = []#alvo
target_type = None#tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_client_dns(self):
self.register_options([
BaseOption(name='PATH', required=True, description='The path to the vulnerable script.',value= '/' ),
BaseOption(name='GET', required=False, description="GET parameters. ('foo=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", value="" ),
BaseOption(name='POST',required=False, description="POST parameters. ('foo=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)",value= "" ),
BaseOption(name='COOKIES',required=False, description="Cookies to be sent with the request. ('foo=bar;vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", value="" ),
BaseOption(name='HEADERS',required=False, description="Headers to be sent with the request. ('User-Agent=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", value="" ),
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = []#referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database
multi_target = False#vvarios alvos
targets = []#alvo
target_type = None#tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_client_dns(self):
self.register_options([
BaseOption(name='RPORT', required=True, description="Remote RPORT to Connect",value=5985),
BaseOption(name='DOMAIN', required=True, description='The domain to use for Windows authentification', value='WORKSTATION'),
BaseOption(name='URI', required=True, description="The URI of the WinRM service", value="/wsman" ),
BaseOption(name='USERNAME', required=False, description='A specific username to authenticate as' ),
BaseOption(name='PASSWORD', required=False, description='A specific password to authenticate with' ),
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = []#referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database
multi_target = False#vvarios alvos
targets = []#alvo
target_type = None#tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_client_dns(self):
self.register_options([
BaseOption(name='SERVICE_NAME', required=False, description='The service name' ),
BaseOption(name='SERVICE_DISPLAY_NAME', required=False, description='The service display name'),
BaseOption(name='SERVICE_PERSIST', required=False, description='Create an Auto run service and do not remove it.', value=False),
BaseOption(name='SERVICE_DESCRIPTION', required=False, description="Service description to to be used on target for pretty listing")
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = []#referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database
multi_target = False#vvarios alvos
targets = []#alvo
target_type = None#tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_client_dns(self):
self.register_options([
BaseOption(name='SRVPORT', required=True, description= 'The local port to listen on.', value=445 ),
BaseOption(name='SMBServerMaximumBuffer', required=True, description= 'The maximum number of data in megabytes to buffer', value=2 ),
BaseOption(name='SMBServerIdleTimeout', required=True, description= 'The maximum amount of time to keep an idle session open in seconds', value=120)
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Pii:
name = None # nome do auxiliar
description = None # descricao do auxiliar
author = [] # nome do autor
references = [] # referenia do exploit
disclosure_date = None # data de divulgacao
service_name = None # nome do servico
service_version = None # versao do servico
dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name','service_version'] # info database
multi_target = False # vvarios alvos
targets = [] # alvo
target_type = None # tipo de alvo
options = None # opcoes
results = None # resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_pii(self, timeout_value=5, threads_value=1):
self.target_type = "http"
self.register_options([
BaseOption(name='ENTRIES', required=False, description="PII Entry Count", value=1000),
BaseOption(name='EMAIL_DOMAIN', required=False, description="Email Domain", value="localhost.localdomain")
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
def __init__(self): self.multi_target = False self.target_type = None self.targets = [] self.options = BaseOptions() self.results = BaseResult() name = None #nome do auxiliar description = None #descricao do auxiliar author = [] # nome do autor references = []#referenia do exploit disclosure_date = None #data de divulgacao service_name = None #nome do servico service_version = None #versao do servico dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database multi_target = False#vvarios alvos targets = []#alvo target_type = None#tipo de alvo options = None #opcoes results = None #resultados
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_client_dns(self):
self.register_options([
BaseOption(
name='TARGETURI',
required=True,
description='The base path to the wordpress application',
value='/'),
#], Msf::Exploit::Remote::HTTP::Wordpress
BaseOption(name='WPCONTENTDIR',
required=True,
description='The name of the wp-content directory',
value='wp-content'),
BaseOption(
name='WPCHECK',
required=True,
description='Check if the website is a valid WordPress install',
value=True),
#], Msf::Exploit::Remote::HTTP::Wordpress
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Redis:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_redis(self, timeout_value=5, threads_value=1):
self.target_type = "http"
self.register_options([
BaseOption(name='RUNTIME',
required=True,
description="The number of seconds to run the test",
value=5),
BaseOption(name='RPORT',
required=True,
description='port',
value=6379),
BaseOption(name='PASSWORD',
required=False,
description='Redis password for authentication test',
value='foobared'),
BaseOption(
name='READ_TIMEOUT',
required=True,
description='Seconds to wait while reading redis responses',
value=2)
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = []#referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database
multi_target = False#vvarios alvos
targets = []#alvo
target_type = None#tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_client_dns(self):
self.register_options([
BaseOption(name='URIPATH', required=False, description="The URI to use for this exploit (default is random)"),
#Exploit::Remote::HttpServer
BaseOption(name='HTTP::no_cache', required=False, description='Disallow the browser to cache HTTP content', value=False),
BaseOption(name='HTTP::chunked', required=False, description='Enable chunking of HTTP responses via "Transfer-Encoding: chunked"',value=False),
BaseOption(name='HTTP::header_folding', required=False, description='Enable folding of HTTP headers', value=False),
BaseOption(name='HTTP::junk_headers', required=False, description='Enable insertion of random junk HTTP headers', value=False),
BaseOption(name='HTTP::compression', required=False, description='Enable compression of HTTP responses via content encoding', value='none',),
#['none','gzip','deflate']]
BaseOption(name='HTTP::server_name', required=True, description='Configures the Server header of all outgoing replies', value='Apache'),
BaseOption(name='URIHOST', required=False, description='Host to use in URI (useful for tunnels)'),
BaseOption(name='URIPORT', required=False, description='Port to use in URI (useful for tunnels)'),
BaseOption(name='SendRobots', required=False, description='Return a robots.txt file if asked for one', value=False)
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Crawler:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def get_full_info(self):
return self.dbinfo
def register_crawler(self):
self.target_type = "http"
self.register_options([
BaseOption(name="RHOST", required=True, description="ip to test"),
BaseOption(name="RPORT",
required=True,
description="port",
value=80),
BaseOption(name='VHOST',
required=False,
description="HTTP server virtual host"),
BaseOption(name='URI',
required=True,
description="The starting page to crawl",
value="/"),
BaseOption(name="Proxies",
required=True,
description="proxy to connnect"),
BaseOption(
name='MAX_PAGES',
required=True,
description='The maximum number of pages to crawl per URL',
value=500),
BaseOption(name='MAX_MINUTES',
required=True,
description=
'The maximum number of minutes to spend on each URL',
value=5),
BaseOption(name='MAX_THREADS',
required=True,
description='The maximum number of concurrent requests',
value=4),
BaseOption(
name='HttpUsername',
required=False,
description='The HTTP username to specify for authentication'),
BaseOption(
name='HttpPassword',
required=False,
description='The HTTP password to specify for authentication'),
BaseOption(
name='DOMAIN',
required=True,
description='The domain to use for windows authentication',
value='WORKSTATION'),
BaseOption(
name='SSL',
required=False,
description='Negotiate SSL/TLS for outgoing connections',
value=False),
BaseOption(name='DirBust',
required=False,
description='Bruteforce common URL paths',
value=True),
BaseOption(
name='RequestTimeout',
required=False,
description='The maximum number of seconds to wait for a reply',
value=15),
BaseOption(name='RedirectLimit',
required=False,
description=
'The maximum number of redirects for a single request',
value=5),
BaseOption(name='RetryLimit',
required=False,
description=
'The maximum number of attempts for a single request',
value=5),
BaseOption(
name='UserAgent',
required=True,
description='The User-Agent header to use for all requests',
value=
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
),
BaseOption(
name='BasicAuthUser',
required=False,
description=
'The HTTP username to specify for basic authentication'),
BaseOption(
name='BasicAuthPass',
required=False,
description=
'The HTTP password to specify for basic authentication'),
BaseOption(
name='HTTPAdditionalHeaders',
required=False,
description=
"A list of additional headers to send (separated by \\x01)"),
BaseOption(
name='HTTPCookie',
required=False,
description="A HTTP cookie header to send with each request"),
BaseOption(name='SSLVersion',
required=True,
description="SSL VERSION TO CONNECT")
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Scanner:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_scanner(self):
self.target_type = "http"
self.register_options([
BaseOption(name='THREADS',
required=True,
description="The number of concurrent threads",
value=1),
BaseOption(name='ShowProgress',
required=True,
description='Display progress messages during a scan',
value=True),
BaseOption(name='ShowProgressPercent',
required=True,
description=
'The interval in percent that progress should be shown',
value=10)
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Brute:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = []#referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database
multi_target = False#vvarios alvos
targets = []#alvo
target_type = None#tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_tcp_target_brute(self, port_value=None, timeout_value=5, threads_value=1):
self.target_type = "tcp"
self.register_options([
BaseOption(name="HOST", required=True, description="The IP address to be tested"),
BaseOption(name="PORT", required=True, description="The port to be tested", value=port_value),
BaseOption(name="TIMEOUT", required=True, description="Connection timeout", value=timeout_value),
BaseOption(name="THREADS", required=True, description="The number of threads", value=threads_value),
BaseOption(name='USERNAME', required=True, description='A specific username to authenticate as'),
BaseOption(name='PASSWORD', required=True, description='A specific password to authenticate with'),
BaseOption(name='USER_FILE', required=True, description="File containing usernames, one per line"),
BaseOption(name='PASS_FILE', required=True, description="File containing passwords, one per line"),
BaseOption(name='USERNAME', required=False, description='A specific username to authenticate as'),
BaseOption(name='PASSWORD', required=False, description='A specific password to authenticate with'),
BaseOption(name='USER_FILE', required=False, description="File containing usernames, one per line",value=wordlists.aspx),
BaseOption(name='PASS_FILE', required=False, description="File containing passwords, one per line"),
BaseOption(name='USERPASS_FILE', required=False, description="File containing users and passwords separated by space, one pair per line"),
BaseOption(name='BRUTEFORCE_SPEED', required=True, description="How fast to bruteforce, from 0 to 5"),
BaseOption(name='VERBOSE', required=True, description="Whether to print output for all attempts"),
BaseOption(name='BLANK_PASSWORDS', required=False, description="Try blank passwords for all users"),
BaseOption(name='USER_AS_PASS', required=False, description="Try the username as the password for all users"),
BaseOption(name='DB_ALL_CREDS', required=False,description="Try each user/password couple stored in the current database"),
BaseOption(name='DB_ALL_USERS', required=False,description="Add all users in the current database to the list"),
BaseOption(name='DB_ALL_PASS', required=False,description="Add all passwords in the current database to the list"),
BaseOption(name='STOP_ON_SUCCESS', required=True,description="Stop guessing when a credential works for a host"),
BaseOption(name='REMOVE_USER_FILE', required=True,description="Automatically delete the USER_FILE on module completion", value=False),
BaseOption(name='REMOVE_PASS_FILE', required=True,description="Automatically delete the PASS_FILE on module completion", value=False),
BaseOption(name='REMOVE_USERPASS_FILE', required=True,description="Automatically delete the USERPASS_FILE on module completion", value=False),
BaseOption(name='PASSWORD_SPRAY', required=True,description="Reverse the credential pairing order. For each password, attempt every possible user.",value=False),
BaseOption(name='TRANSITION_DELAY', required=False,description="Amount of time (in minutes) to delay before transitioning to the next user in the array (or password when PASSWORD_SPRAY=true)",value=0),
BaseOption(name='MaxGuessesPerService', required=False,description="Maximum number of credentials to try per service instance. If set to zero or a non-number, this option will not be used.",value=0),
BaseOption(name='MaxMinutesPerService', required=False,description="Maximum time in minutes to bruteforce the service instance. If set to zero or a non-number, this option will not be used.",value=0),
BaseOption(name='MaxGuessesPerUser', required=False,description="Maximum guesses for a particular username for the service instance.Note that users are considered unique among different services")
])
def register_http_target_brute(self, timeout_value=5, threads_value=1):
self.target_type = "http"
self.register_options([
BaseOption(name="URL", required=True, description="The url to be tested"),
BaseOption(name="TIMEOUT", required=True, description="Connection timeout", value=timeout_value),
BaseOption(name="THREADS", required=True, description="The number of threads", value=threads_value),
BaseOption(name='USERNAME', required=True, description='A specific username to authenticate as'),
BaseOption(name='PASSWORD', required=True, description='A specific password to authenticate with'),
BaseOption(name='USER_FILE', required=True, description="File containing usernames, one per line"),
BaseOption(name='PASS_FILE', required=True, description="File containing passwords, one per line"),
BaseOption(name='USERNAME', required=False, description='A specific username to authenticate as'),
BaseOption(name='PASSWORD', required=False, description='A specific password to authenticate with'),
BaseOption(name='USER_FILE', required=False, description="File containing usernames, one per line"),
BaseOption(name='PASS_FILE', required=False, description="File containing passwords, one per line"),
BaseOption(name='USERPASS_FILE', required=False,
description="File containing users and passwords separated by space, one pair per line"),
BaseOption(name='BRUTEFORCE_SPEED', required=True, description="How fast to bruteforce, from 0 to 5"),
BaseOption(name='VERBOSE', required=True, description="Whether to print output for all attempts"),
BaseOption(name='BLANK_PASSWORDS', required=False, description="Try blank passwords for all users"),
BaseOption(name='USER_AS_PASS', required=False, description="Try the username as the password for all users"),
BaseOption(name='DB_ALL_CREDS', required=False,
description="Try each user/password couple stored in the current database"),
BaseOption(name='DB_ALL_USERS', required=False,
description="Add all users in the current database to the list"),
BaseOption(name='DB_ALL_PASS', required=False,
description="Add all passwords in the current database to the list"),
BaseOption(name='STOP_ON_SUCCESS', required=True,
description="Stop guessing when a credential works for a host"),
BaseOption(name='REMOVE_USER_FILE', required=True,
description="Automatically delete the USER_FILE on module completion", value=False),
BaseOption(name='REMOVE_PASS_FILE', required=True,
description="Automatically delete the PASS_FILE on module completion", value=False),
BaseOption(name='REMOVE_USERPASS_FILE', required=True,
description="Automatically delete the USERPASS_FILE on module completion", value=False),
BaseOption(name='PASSWORD_SPRAY', required=True,
description="Reverse the credential pairing order. For each password, attempt every possible user.",
value=False),
BaseOption(name='TRANSITION_DELAY', required=False,
description="Amount of time (in minutes) to delay before transitioning to the next user in the array (or password when PASSWORD_SPRAY=true)",
value=0),
BaseOption(name='MaxGuessesPerService', required=False,
description="Maximum number of credentials to try per service instance. If set to zero or a non-number, this option will not be used.",
value=0), # Tracked in @@guesses_per_service
BaseOption(name='MaxMinutesPerService', required=False,
description="Maximum time in minutes to bruteforce the service instance. If set to zero or a non-number, this option will not be used.",
value=0), # Tracked in @@brute_start_time
BaseOption(name='MaxGuessesPerUser', required=False,
description="Maximum guesses for a particular username for the service instance.Note that users are considered unique among different services, so auser at 10.1.1.1:22 is different from one at 10.2.2.2:22, and both willbe tried up to the MaxGuessesPerUser limit. If set to zero or a non-number,this option will not be used")
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_client_dns(self):
self.register_options([
BaseOption(
name='NAMEDPIPE',
required=False,
description=
'A named pipe that can be connected to (leave blank for auto)',
value=""),
BaseOption(name='LEAKATTEMPTS',
required=True,
description='How many times to try to leak transaction',
value=99), # Win10 can get stubborn
BaseOption(name='RPORT',
required=True,
description='The Target port',
value=445),
BaseOption(name='DBGTRACE',
required=True,
description="Show extra debug trace info",
value=False),
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = []#referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database
multi_target = False#vvarios alvos
targets = []#alvo
target_type = None#tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_client_dns(self):
self.register_options([
BaseOption(name='SMB::pipe_evasion', required=True, description='Enable segmented read/writes for SMB Pipes', value=False),
BaseOption(name='SMB::pipe_write_min_size', required=True, description='Minimum buffer size for pipe writes', value=1),
BaseOption(name='SMB::pipe_write_max_size', required=True, description='Maximum buffer size for pipe writes', value=1024),
BaseOption(name='SMB::pipe_read_min_size', required=True, description='Minimum buffer size for pipe reads', value=1),
BaseOption(name='SMB::pipe_read_max_size', required=True, description='Maximum buffer size for pipe reads', value=1024),
BaseOption(name='SMB::pad_data_level', required=True, description='Place extra padding between headers and data (level 0-3)', value=0),
BaseOption(name='SMB::pad_file_level', required=True, description='Obscure path names used in open/create (level 0-3)', value=0),
BaseOption(name='SMB::obscure_trans_pipe_level', required=True, description='Obscure PIPE string in TransNamedPipe (level 0-3)', value=0),
BaseOption(name='SMBDirect', required=False, description='The target port is a raw SMB service (not NetBIOS)', value=True),
BaseOption(name='SMBUser', required=False, description='The username to authenticate as', value=''),
BaseOption(name='SMBPass', required=False, description='The password for the specified username', value=''),
BaseOption(name='SMBDomain', required=False, description='The Windows domain to use for authentication', value='.'),
BaseOption(name='SMBName', required=True, description='The NetBIOS hostname (required for port 139 connections)', value='*SMBSERVER'),
BaseOption(name='SMB::VerifySignature', required=True, description="Enforces client-side verification of server response signatures",value=False),
BaseOption(name='SMB::ChunkSize', required=True, description='The chunk size for SMB segments, bigger values will increase speed but break NT 4.0 and SMB signing', value=500),
#
# Control the identified operating system of the client
#
BaseOption(name='SMB::Native_OS', required=True, description='The Native OS to send during authentication', value='Windows 2000 2195'),
BaseOption(name='SMB::Native_LM', required=True, description='The Native LM to send during authentication', value='Windows 2000 5.0'),
BaseOption(name='RHOST', required=True, description="Remote Host to connect"),
BaseOption(name='RPORT', required=True, description='The SMB service port', value=445)
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_alphanum(self):
self.target_type = "http"
self.register_options([
BaseOption(
name='BufferRegister',
required=False,
description="The register that pointers to the encoded payload"
),
BaseOption(
name='BufferOffset',
required=False,
description=
"The offset to the buffer from the start of the register",
value=False),
BaseOption(
name='AllowWin32SEH',
required=True,
description=
"Use SEH to determine the address of the stub (Windows only)",
value=False)
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Nmap:
name = None # nome do auxiliar
description = None # descricao do auxiliar
author = [] # nome do autor
references = [] # referenia do exploit
disclosure_date = None # data de divulgacao
service_name = None # nome do servico
service_version = None # versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] # info database
multi_target = False # vvarios alvos
targets = [] # alvo
target_type = None # tipo de alvo
options = None # opcoes
results = None # resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_Nmap(self):
self.target_type = "http"
self.register_options([
BaseOption(name='RHOSTS',
required=False,
description="list of hosts",
value=""),
BaseOption(name='NMAP_VERBOSE',
required=False,
description='Display nmap output',
volue=True),
BaseOption(
name='RPORTS', required=False,
description='Ports to target'), # RPORT supersedes RPORTS
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Fuzzer:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_Fuzzer(self, timeout_value=5, threads_value=1):
self.target_type = "http"
self.register_options([
BaseOption(
name='FuzzTracer',
required=True,
description=
'Sets the magic string to embed into fuzzer string inputs',
value='MSFROCKS'),
BaseOption(name='FuzzChar',
required=True,
description=
'Sets the character to use for generating long strings',
value='X')
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Rservices:
name = None # nome do auxiliar
description = None # descricao do auxiliar
author = [] # nome do autor
references = [] # referenia do exploit
disclosure_date = None # data de divulgacao
service_name = None # nome do servico
service_version = None # versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] # info database
multi_target = False # vvarios alvos
targets = [] # alvo
target_type = None # tipo de alvo
options = None # opcoes
results = None # resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_Rservices(self, timeout_value=5, threads_value=1):
self.target_type = "http"
self.register_options([
BaseOption(name='RUNTIME',
required=True,
description="The number of seconds to run the test",
value=5),
BaseOption(name='FROMUSER',
required=True,
description='The username to login from'),
BaseOption(
name='FROMUSER_FILE',
required=True,
description='File containing from usernames, one per line'),
BaseOption(
name='REMOVE_FROMUSER_FILE',
required=True,
description=
"Automatically delete the FROMUSER_FILE on module completion",
value=False)
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_client_dns(self):
self.target_type = "http"
self.register_options([
BaseOption(name='RPORT',
required=False,
description="port connections",
value=53),
BaseOption(name='Proxies',
required=False,
description="proxy connections"),
BaseOption(name='DOMAIN',
required=False,
description="The target domain name"),
BaseOption(
name='NS',
required=False,
description=
"Specify the nameservers to use for queries, space separated"),
BaseOption(name='SEARCHLIST',
required=False,
description="DNS domain search list, comma separated"),
BaseOption(
name='THREADS',
required=True,
description="Number of threads to use in threaded queries",
value=1),
BaseOption(
name='DnsClientDefaultNS',
required=False,
description=
"Specify the default to use for queries, space separated",
value='8.8.8.8 8.8.4.4'),
BaseOption(
name='DnsClientRetry',
required=False,
description=
"Number of times to try to resolve a record if no response is received",
value=2),
BaseOption(
name='DnsClientRetryInterval',
required=False,
description="Number of seconds to wait before doing a retry",
value=2),
BaseOption(name='DnsClientReportARecords',
required=False,
description="Add hosts found via BRT and RVL to DB",
value=True),
BaseOption(name='DnsClientRVLExistingOnly',
required=False,
description="Only perform lookups on hosts in DB",
value=True),
BaseOption(name='DnsClientTcpDns',
required=False,
description="Run queries over TCP",
value=False),
BaseOption(
name='DnsClientResolvconf',
required=True,
description=
"Resolvconf formatted configuration file to use for Resolver",
value="/dev/null")
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Mms:
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = []#referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']#info database
multi_target = False#vvarios alvos
targets = []#alvo
target_type = None#tipo de alvo
options = None #opcoes
results = None #resultados
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_Mms(self, timeout_value=5, threads_value=1):
self.target_type = "http"
BaseOption(name="RHOST", required=True, description="ip to test"),
self.register_options([
BaseOption(name='SMTPFROM',required=False, description='The FROM field for SMTP', value=''),
BaseOption(name='SMTPADDRESS',required=True, description='The SMTP server to use to send the text messages',value=''),
BaseOption(name='MMSSUBJECT',required=False, description='The Email subject', value=''),
BaseOption(name='SMTPPORT',required=True, description='The SMTP port to use to send the text messages', value=25),
BaseOption(name='SMTPUSERNAME',required=True, description='The SMTP account to use to send the text messages'),
BaseOption(name='SMTPPASSWORD',required=True, description='The SMTP password to use to send the text messages'),
BaseOption(name='MMSCARRIER',required=True, description='The targeted MMS service provider', value=''),
BaseOption(name='CELLNUMBERS',required=True, description='The phone numbers to send to'),
BaseOption(name='TEXTMESSAGE',required=True, description='The text message to send'),
BaseOption(name='MMSFILE',required=True, description='The attachment to include in the text file'),
BaseOption(name='MMSFILECTYPE',required=True, description='The attachment content type'),
BaseOption(name='SmtpLoginType',required=True, description='The SMTP login type', value=''),
BaseOption(name='HeloDdomain', required=True, description='The domain to use for HELO',value='')
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_iax2:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_iax2(self, timeout_value=5, threads_value=1):
self.target_type = "http"
self.register_options([
BaseOption(name='IAX_HOST',
required=True,
description='The IAX2 server to communicate with'),
BaseOption(name='IAX_PORT',
required=True,
description='The IAX2 server port',
value=4569),
BaseOption(name='IAX_USER',
required=False,
description='An optional IAX2 username'),
BaseOption(name='IAX_PASS',
required=False,
description='An optional IAX2 password',
value=""),
BaseOption(name='IAX_CID_NAME',
required=False,
description='The default caller ID name',
value=''),
BaseOption(name='IAX_CID_NUMBER',
required=True,
description='The default caller ID number',
value='15555555555'),
BaseOption(name='IAX_DEBUG',
required=False,
description='Enable IAX2 debugging messages',
value=False)
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Drdos:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_client_dns(self):
self.target_type = "http"
self.register_options([
BaseOption(name='SRVPORT',
required=True,
description='The local port to listen on.',
value=53),
BaseOption(
name='STATIC_ENTRIES',
required=False,
description=
"DNS domain search list (hosts file or space/semicolon separate entries)"
),
BaseOption(name='DISABLE_RESOLVER',
required=False,
description="Disable DNS request forwarding",
value=False),
BaseOption(name='DISABLE_NS_CACHE',
required=False,
description="Disable DNS response caching",
value=False),
BaseOption(name='DnsServerUdp',
required=True,
description="Serve UDP DNS requests",
value=True),
BaseOption(name='DnsServerTcp',
required=True,
description="Serve TCP DNS requests",
value=False)
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
class BaseAuxiliary_Llmnr:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_Llmnr(self, timeout_value=5, threads_value=1):
self.target_type = "http"
self.register_options([
BaseOption(name="RHOST", required=True, description="ip to test"),
BaseOption(name="RHOST", required=True, description="ip to test"),
BaseOption(
name='RHOSTS',
required=False,
description=
'The multicast address or CIDR range of targets to query',
value='224.0.0.252'),
BaseOption(name='RPORT',
required=False,
description="port of connection",
value=5355),
BaseOption(name='NAME',
required=True,
description='The name to query',
volue='localhost'),
BaseOption(name='TYPE',
required=True,
description='The query type (name, # or TYPE#)',
value='A')
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
class BaseAuxiliary_Udp_Scanner:
name = None #nome do auxiliar
description = None #descricao do auxiliar
author = [] # nome do autor
references = [] #referenia do exploit
disclosure_date = None #data de divulgacao
service_name = None #nome do servico
service_version = None #versao do servico
dbinfo = [
'name', 'description', 'author', 'references', 'disclosure_date',
'service_name', 'service_version'
] #info database
multi_target = False #vvarios alvos
targets = [] #alvo
target_type = None #tipo de alvo
options = None #opcoes
results = None #resultados
def __init__(self):
self.multi_target = False
self.target_type = None
self.targets = []
self.options = BaseOptions()
self.results = BaseResult()
def get_info(self):
info = {}
for field_name in self.dbinfo:
info[field_name] = getattr(self, field_name)
return info
def register_udp_scanner(self, timeout_value=5, threads_value=1):
self.target_type = "http"
self.register_options([
BaseOption(name='BATCHSIZE',
required=True,
description='The number of hosts to probe in each set',
value=256),
BaseOption(name='THREADS',
required=True,
description="The number of concurrent threads",
value=10),
#Opt::CHOST,
#Opt::CPORT,
BaseOption(
name='ScannerRecvInterval',
required=True,
description=
'The maximum numbers of sends before entering the processing loop',
value=30),
BaseOption(
name='ScannerMaxResends',
required=True,
description=
'The maximum times to resend a packet when out of buffers',
value=10),
BaseOption(
name='ScannerRecvQueueLimit',
required=True,
description=
'The maximum queue size before breaking out of the processing loop',
value=100),
BaseOption(
name='ScannerRecvWindow',
required=True,
description=
'The number of seconds to wait post-scan to catch leftover replies',
value=15)
])
def thg_update_info(self, info):
for name in info:
if name in self.dbinfo:
setattr(self, name, info[name])
def register_options(self, option_array):
for option in option_array:
self.options.add_option(option)
def get_missing_options(self):
def is_missing(option):
return option.required and option.value in [None, '']
missing_options = filter(is_missing, self.options.get_options())
return list(missing_options)
