def knock(host, ports, syn, default_proto, delay, verbose):
for port in ports:
#Handle tcp vs udp settings, either getting from global or port-specific setting
if len(port.split(':')) == 2:
port, proto = port.split(':')
else:
proto = default_proto
#Now we're rid of proto, convert ports to integer
try:
port = int(port)
except:
bc.info("Unexpected error in port integer conversion:",
sys.exc_info()[0])
raise
if verbose:
bc.info("Hitting Port {} with Proto {}".format(
port, proto.upper()))
if proto.lower() == "tcp" and not syn:
result = tcp_connect(host, port)
elif proto.lower() == "tcp":
result = send_syn(host, port)
elif proto.lower() == "syn":
result = send_syn(host, port)
elif proto.lower() == "udp":
result = send_udp(host, port, b"")
else:
bc.err("Improper protocol '{}' set for port {}.".format(
proto, port))
#Wait
if delay > 0:
time.sleep(delay)
return result
def single_crack(bruter, single, single_first, login_q, len_q):
i = 0
try:
n_bruter = file_len(bruter)
if single_first:
bc.info("Attempting login for 1 user and {} passwords.".format(n_bruter), True)
else:
bc.info("Attempting login for {} users and 1 password.".format(n_bruter), True)
len_q.put(n_bruter)
#For each line in the file, bang it in the queue
with open(bruter, 'r', encoding='latin-1') as bl:
#with open(bruter, 'r', encoding='utf-8') as bl:
for b in bl:
b = b.strip()
if not b: continue
i+=1
if single_first:
login_q.put([single, b])
else:
login_q.put([b, single])
except UnicodeDecodeError as e:
bc.err("Error decoding on wordlist line {}\n{}.".format(i, e))
bc.warn("Skipping guess")
except BrokenPipeError as e:
bc.err("Error communicating between processes : {}".format(e))
bc.info("Continuing")
except ConnectionResetError as e:
bc.err("Error communicating between processes : {}".format(e))
bc.info("Continuing")
except KeyboardInterrupt:
return
def main():
#CLI Parsing - simple and dirty:
if len(argv[1:]) != 1:
app = basename(__file__)
print("Usage: {} [number]".format(app))
exit(0)
#Set up variables from CLI
try:
num = int(argv[1])
except:
bc.err('Cannot process argument. Is your input an integer?')
exit(0)
if is_prime(num):
bc.success('Yes, {} is prime!'.format(num), True)
else:
bc.info('No, {} is not prime, sorry!'.format(num), True)
def main():
args = get_args()
print_banner()
check_root()
#Set scan type, remove default TCP connect if Syn Scan
#Also setup default protocols and TCP flags (if applicable)
if args.syn:
args.tcp_connect = False
if args.udp:
default_proto = "udp"
else:
default_proto = "tcp"
#Format ports into list, check number of ports first
if len(args.knock_ports.split(',')) < 2:
bc.err("Error parsing knock ports!\t" + bc.UNDERLINE + \
"Did you supply comma delimited ports?" + bc.ENDC)
sys.exit(0)
else:
knock_ports = args.knock_ports.split(',')
#If not brute, knock
if not args.brute:
if args.verbose:
bc.success("Starting knock against ports: {}".format(knock_ports))
knock(args.host, knock_ports, args.syn, default_proto, args.delay,
args.verbose)
else:
#BRUTE!
bc.info("Bruting...")
#If port to test - NOTE syn set to False, because we're looking for connection
if args.target_port and knock(args.host, [args.target_port], False, \
default_proto, args.delay, args.verbose) == 0:
bc.success("Knock complete - {}, test port open!".format(
bc.bold_format("success")))
elif args.target_port:
bc.err(
"Knock complete - {} - test port filtered or closed... BEWARE UDP."
.format(bc.bold_format("Failure")))
else:
bc.info("Knock complete.")
def double_crack(login_list, password_list, login_q, len_q):
i = 0
j = 0
try:
n_login = file_len(login_list)
n_pass = file_len(password_list)
bc.info("Attempting login for {} users and {} passwords.".format(n_login, n_pass), True)
len_q.put(n_login*n_pass)
#For each line in the file, bang it in the queue
with open(login_list, 'r', encoding='latin-1') as ul:
for u in ul:
u = u.strip()
if not u: continue
i += 1
with open(password_list, 'r', encoding='latin-1') as pl:
for p in pl:
p = p.strip()
if not p: continue
j += 1
login_q.put([u, p])
except UnicodeDecodeError as e:
bc.err("Error decoding at login_list line {} & password_list line {}\n{}.".format(i,j, e))
bc.warn("Skipping guess")
except BrokenPipeError as e:
bc.err("Error communicating between processes : {}".format(e))
bc.info("Continuing")
except ConnectionResetError as e:
bc.err("Error communicating between processes : {}".format(e))
bc.info("Continuing")
except KeyboardInterrupt:
return
def convert_hashcat(args, sha512_to_crack, hmac_to_crack):
"""Take a mosquitto_passwd file and convert it to hashcat format
can handle both SHA512 and PBKDF2_HMAC_SHA512 output formats"""
sha512s = []
hmacs = []
for h in sha512_to_crack:
sha512s.append(sha512_to_hashcat(h))
for h in hmac_to_crack:
hmacs.append(hmac_to_hashcat(h))
if len(sha512s) > 0:
with open("{}.1710.hcat".format(args.out_file), "w") as o:
for h in sha512s:
o.write(h + "\n")
if len(hmacs) > 0:
with open("{}.12100.hcat".format(args.out_file), "w") as o:
for h in hmacs:
o.write(h + "\n")
bc.success("Hashes written out to files starting '{}'".format(
args.out_file))
bc.info("Run SHA512s in mode 1710 with --hex-salt.", strong=True)
bc.info("Run HMAC-SHA512s in mode 12100.", strong=True)
def convert_john(args, sha512_to_crack, hmac_to_crack):
"""Take a mosquitto_passwd file and convert it to John's dynamic 82
format. Can handle both SHA512 and PBKDF2_HMAC_SHA512 output formats.
Using raw hex for hash and salt because bad bytes."""
sha512s = []
hmacs = []
for h in sha512_to_crack:
sha512s.append(sha512_to_john(h))
for h in hmac_to_crack:
hmacs.append(hmac_to_john(h))
if len(sha512s) > 0:
with open("{}.sha512s.john".format(args.out_file), "w") as o:
for h in sha512s:
o.write(h + "\n")
if len(hmacs) > 0:
with open("{}.hmacs.john".format(args.out_file), "w") as o:
for h in hmacs:
o.write(h + "\n")
bc.success("Hashes written out to files starting '{}'".format(
args.out_file))
bc.info("Run separate sessions for each hash type. " + \
"No format specification needed.", strong=True)
def main():
#Mega basic command line parsing will do fine for our purposes
try:
if len(sys.argv[1:]) == 1:
addresses = scrape_emails(sys.argv[1])
if addresses is not None:
bc.success("Found addresses :")
for a in addresses:
print("\t{}".format(a))
elif len(sys.argv[1:]) == 2:
addresses = scrape_emails(sys.argv[1])
if addresses is not None and not exists(sys.argv[2]):
with open(sys.argv[2], "w") as f:
for address in addresses:
f.write(address + '\n')
elif addresses is not None and exists(sys.argv[2]):
answer = 'placeholder'
fmt_str = bc.blue_format(
"[!] ", "- {} exists, overwrite, append or cancel [o/a/c]? :".format(
sys.argv[2]))
while answer.lower() not in ['o','a','c']:
answer = input(fmt_str)
if answer == 'c':
bc.info("Exiting.")
sys.exit(0)
else:
mode = 'w' if answer == 'o' else 'a'
with open(sys.argv[2], mode) as f:
for address in addanswerresses:
f.write(address + '\n')
else:
app = basename(__file__)
print('Usage: {} [target_url] [outfile (optional)]'.format(app))
except Exception as e:
bc.err("Error parsing emails: {}".format(e))
def main():
args = get_args()
hashes = parse_hashfile(args.hashfile)
hmac_to_crack = hashes[0]
sha512_to_crack = hashes[1]
bc.info("Parsed {} HMAC and {} SHA512 Hashes from {}".format(
len(hmac_to_crack), len(sha512_to_crack), args.hashfile))
#Hashcat conversion operation
if args.convert_hashcat:
convert_hashcat(args, sha512_to_crack, hmac_to_crack)
exit(0)
# John conversion operation
elif args.convert_john:
convert_john(args, sha512_to_crack, hmac_to_crack)
exit(0)
with open(args.wordlist, 'r', encoding='latin-1') as w:
for word in w:
if not word: continue
word = word.strip()
if len(sha512_to_crack) == 0 and len(hmac_to_crack) == 0:
bc.info("No more hashes to crack, exiting.")
break
# crack any straight 512s
if len(sha512_to_crack) > 0:
for h in sha512_to_crack:
this_hash = sha512(word.encode() + h[0]).digest()
if b64encode(this_hash).decode() == h[1]:
bc.success("{} : {}".format(h[2], word), strong=True)
sha512_to_crack.remove(h)
# Now for any HMACS
if len(hmac_to_crack) > 0:
for h in hmac_to_crack:
this_hash = pbkdf2_hmac('sha512', word.encode(), h[0],
int(h[3]))
if b64encode(this_hash).decode() == h[1]:
bc.success("{} : {}".format(h[2], word), strong=True)
hmac_to_crack.remove(h)
bc.info("{} HMAC and {} SHA512 hashes left to be cracked.".format(
len(hmac_to_crack), len(sha512_to_crack)))
def main():
"""Do the main lifting!"""
# Configuration and config stuff
args = get_args()
if args.config == 'resources/discordnotify.yml':
config_file = dirname(realpath(__file__)) + \
'/resources/discordnotify.yml'
config = get_config(config_file)
hook_name, hook, user = check_config(args, config)
bcolors.info("Executing job: {}".format(bcolors.bold_format(args.command)),
strong=True)
#Create main webhook for proc completion
wh = DiscordWebhook(url=hook, \
content="You've just started a job. Brace for updates...",\
username=user['username'])
embed = DiscordEmbed(title="Process running",\
description="Full command line: {}".format(args.command), color=242424)
if user['image']:
embed.set_author(name="Job: {}".format(args.command.split(' ')[0]),
icon_url=user['image'])
else:
embed.set_author(name="Job: {}".format(args.command.split(' ')[0]))
embed.set_footer(
text="Sent with DiscordNotify by @blackf3ll - [email protected]")
wh.add_embed(embed)
sent_wh = wh.execute()
#Pre-ampble and process start
t1 = time()
t2 = time()
worker = False
start_time = ctime() #Human friendly :)
output = ''
p = subprocess.Popen(
args.command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,\
shell=True , encoding='utf-8', errors='replace')
# Manage beat updates
if args.beat:
worker = True
embed.add_embed_field(name="Job ongoing",
value="No updates yet...",
inline=False)
stdout_q = multiprocessing.Queue()
stdout_worker = multiprocessing.Process(target=stdout_reader,
args=(p, stdout_q))
stdout_worker.start()
while p.poll() == None:
try:
while not stdout_q.empty():
output += stdout_q.get()
t3 = time()
if round(t3 - t2) >= args.beat:
t2 = int(t3)
# update embed summary data with stdout summary and time info
embed.fields[0]['value'] = \
"Started: {} Elapsed : {}s Output summary:\n{}".format(
start_time, round(t3-t1),trim_output(
output, config['instance_info']['max_embed_lines']))
wh.edit(sent_wh) # and send it
except Exception as e:
bcolors.err("Error sending update:\n{}".format(e))
# Mop up any un-read stdout and print to console
output += p.stdout.read() #.decode()
duration = round(time() - t1)
print(output)
#Configure final report & embed in webhook
was_error = "with errors" if p.returncode != 0 else "without errors"
embed.add_embed_field(name="Process Complete",
value="Completed {} \
(exit code {}) in {} Seconds".format(was_error, p.returncode,
duration),
inline=False)
if output:
out_summary = trim_output(output,
config['instance_info']['max_embed_lines'])
else:
out_summary = "No data on STDOUT or STDERR."
embed.add_embed_field(name="Stdout Summary",
value=out_summary,
inline=False)
# Add any requested image - TODO - fix this so it works - add to file attachment?
if args.image:
embed.set_thumbnail(url='attachment://{}'.format(args.image))
# Now send
try:
wh.edit(sent_wh)
except Exception as e:
bcolors.err("Failed to send update to Discord:\n{}".format(e))
# Send any file on afterwards, to avoid conflictings file space/embed requirements
if args.file:
# Use a fresh webhook to avoid API limits and issues with large embeds
filewh = DiscordWebhook(url=hook, \
content="Here's the associated file for your job: {}.".format(
args.command), username=user['username'])
try:
with open(args.file, "rb") as f:
filewh.add_file(file=f.read(), filename=args.file)
filewh.execute()
except Exception as e:
bcolors.err("Couldn't attach file : {} :\n{}".format(args.file, e))
# Worker process cleanup
if worker:
stdout_worker.terminate()
stdout_worker.join(5)
bc.info("No more hashes to crack, exiting.")
break
# crack any straight 512s
if len(sha512_to_crack) > 0:
for h in sha512_to_crack:
this_hash = sha512(word.encode() + h[0]).digest()
if b64encode(this_hash).decode() == h[1]:
bc.success("{} : {}".format(h[2], word), strong=True)
sha512_to_crack.remove(h)
# Now for any HMACS
if len(hmac_to_crack) > 0:
for h in hmac_to_crack:
this_hash = pbkdf2_hmac('sha512', word.encode(), h[0],
int(h[3]))
if b64encode(this_hash).decode() == h[1]:
bc.success("{} : {}".format(h[2], word), strong=True)
hmac_to_crack.remove(h)
bc.info("{} HMAC and {} SHA512 hashes left to be cracked.".format(
len(hmac_to_crack), len(sha512_to_crack)))
if __name__ == '__main__':
try:
main()
except KeyboardInterrupt:
bc.info("Interrupted, exiting.")
def main():
"""ACtually do the bruting"""
#Setup initial variables
args = get_args()
#SMB variables
t = args.timeout
#Get crack mode
crack_mode = get_crack_mode(args.login_list, \
args.password_list, args.login, args.password)
#If there's a bad file provided or some other error in crack_mode derivation
if not crack_mode: exit(0)
#Instantiate workers
m = multiprocessing.Manager()
login_q = m.Queue()
done_q = m.Queue()
len_q = m.Queue()
struck_gold = multiprocessing.Event()
kill_flag = multiprocessing.Event()
start_time = time()
for i in range(args.threads):
t = multiprocessing.Process(target=guesser, args=(args.host,\
args.domain, args.port, login_q, args.timeout, kill_flag, \
struck_gold, done_q))
t.start()
#Now we have mode, carry out attack in whatever way specified
if crack_mode == 'double':
double_mode = double_crack if not args.spray else spray
#double_crack(args.login_list, args.password_list, login_q, len_q)
t = multiprocessing.Process(target=double_mode,
args=(
args.login_list,
args.password_list,
login_q,
len_q,
))
elif crack_mode == 'user':
#single_crack(args.login_list, args.password, False, login_q, len_q)
t = multiprocessing.Process(target=single_crack,
args=(
args.login_list,
args.password,
False,
login_q,
len_q,
))
elif crack_mode == 'password':
#single_crack(args.password_list, args.login, True, login_q, len_q)
t = multiprocessing.Process(target=single_crack,
args=(
args.password_list,
args.login,
True,
login_q,
len_q,
))
else:
bc.err("Brute force mode invalid - {}. Exiting.".format(crack_mode))
kill_flag.set()
sleep(0.5)
exit(0)
bc.info("Workers initialised. Calculating effort required.")
#Start the bruteforce thread, reading passwords into the worker queue
t.start()
#When available get the number of guesses
n_guesses = len_q.get()
#bc.info("guesses total : {}".format(n_guesses))
last_progress = 0.0
with progressbar.ProgressBar(max_value=n_guesses) as bar:
while True:
try:
done = done_q.qsize()
except Exception as e:
bc.warn("Error when checking progress : {}".format(e))
bc.info("Continuing")
progress = round((done / n_guesses) * 100, 0)
if struck_gold.is_set() and not args.cont:
kill_flag.set()
bc.info("Creds found, continue flag not set. Finishing.")
break
elif progress >= 100.0 and login_q.empty():
kill_flag.set()
sleep(1)
print()
bc.info("Brute complete. Shutting down...")
break
else:
#Just waiting for a mate
bar.update(done)
sleep(1)
#Gracefully kill everything
for p in multiprocessing.active_children():
p.join(0.5)
def main():
#Setup initial variables
args = get_args()
#HTML Request Variables
#Request data
fmt_str = "{}={}&{}={}".format(args.user_param, "{}", args.pass_param, "{}")
if args.extra_param:
for a in args.extra_param:
fmt_str = fmt_str + "&{}".format(a[0])
#Headers
hdr = {
"User-Agent" : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",
"Accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-Language" : "en-US,en;q=0.5",
"Accept-Encoding" : "gzip, deflate",
"Referer" : args.url,
"Content-Type" : "application/x-www-form-urlencoded",
"Connection" : "close",
}
#Get crack mode
crack_mode = get_crack_mode(args.login_list, \
args.password_list, args.login, args.password)
#If there's a bad file provided or some other error in crack_mode derivation
if not crack_mode : exit(0)
#Instantiate workers
m = multiprocessing.Manager()
login_q = m.Queue()
done_q = m.Queue()
len_q = m.Queue()
struck_gold = multiprocessing.Event()
kill_flag = multiprocessing.Event()
start_time = time()
for i in range(args.threads):
t = multiprocessing.Process(target=guesser, args=(args.url, fmt_str, hdr, \
login_q, args.success_match, args.success_exclude, \
kill_flag, struck_gold, done_q))
t.start()
#Now we have mode, carry out attack in whatever way specified
if crack_mode == 'double':
#double_crack(args.login_list, args.password_list, login_q, len_q)
t = multiprocessing.Process(target=double_crack, args=(
args.login_list, args.password_list, login_q, len_q, ))
elif crack_mode == 'user':
#single_crack(args.login_list, args.password, False, login_q, len_q)
t = multiprocessing.Process(target=single_crack, args=(
args.login_list, args.password, False, login_q, len_q, ))
elif crack_mode == 'password':
#single_crack(args.password_list, args.login, True, login_q, len_q)
t = multiprocessing.Process(target=single_crack, args=(
args.password_list, args.login, True, login_q, len_q, ))
else:
bc.err("Brute force mode invalid - {}. Exiting.".format(crack_mode))
kill_flag.set()
sleep(0.5)
exit(0)
bc.info("Workers initialised. Calculating effort required.")
#Start the bruteforce thread, reading passwords into the worker queue
t.start()
#When available get the number of guesses
n_guesses = len_q.get()
#bc.info("guesses total : {}".format(n_guesses))
last_progress = 0.0
with progressbar.ProgressBar(max_value= n_guesses) as bar:
while True:
try:
done = done_q.qsize()
except Exception as e:
bc.warn("Error when checking progress : {}".format(e))
bc.info("Continuing")
progress = round( (done / n_guesses ) * 100 , 0)
if struck_gold.is_set() and not args.cont:
kill_flag.set()
bc.info("Creds found, continue flag not set. Finishing.")
break
elif progress >= 100.0 and login_q.empty():
kill_flag.set()
sleep(1)
print()
bc.info("Brute complete. Shutting down...")
break
else:
#Just waiting for a mate
bar.update(done)
sleep(1)
#Gracefully kill everything
for p in multiprocessing.active_children():
p.join(0.5)