Ejemplo n.º 1
0
def httpscan_worker(target,
                    useragent,
                    proxy,
                    dir_bruteforce,
                    extensions,
                    dir_bruteforce_workers,
                    timeout,
                    excluded_code=[]):
    httpscan = HTTPScan(target['method'], target['hostname'], target['port'],
                        useragent, proxy, timeout)

    output = httpscan.get(target['path'])
    if output != None and not output['code'] in excluded_code:
        output['message_type'] = 'http'
        output['target'] = httpscan.url(target['path'])
        Output.write(output)

        if httpscan.method == 'https':
            names = httpscan.get_cert_hostnames()
            if len(names) != 0:
                Output.write({
                    "target":
                    httpscan.url(target['path']),
                    "message":
                    "certificates names: %s" % ", ".join(names)
                })

        if dir_bruteforce:
            extension_list = ['']
            if extensions != None:
                extension_list += extensions.split(',')
                extension_list = list(set(extension_list))

            gen = dir_bruteforce_generator(target, dir_bruteforce,
                                           extension_list)
            gen_size = dir_file_count(dir_bruteforce) * len(extension_list)

            args = (useragent, proxy, None, extensions, dir_bruteforce_workers,
                    timeout, [400, 404])
            dispatch(gen,
                     gen_size,
                     httpscan_worker,
                     args,
                     workers=dir_bruteforce_workers,
                     process=False,
                     pg_name=httpscan.url(target['path']))
Ejemplo n.º 2
0
def telnetscan_worker(target, actions, creds, timeout):
    try:

        telnet = Telnet(target['hostname'], target['port'], timeout)

        banner = telnet.connect()
        Output.write({
            'target': telnet.url(),
            'message': 'Telnet: %s' % banner
        })

        if 'username' in creds and 'password' in creds:

            success = telnet.auth(creds['username'], creds['password'])
            if success:
                Output.write({
                    'target':
                    telnet.url(),
                    'message':
                    'Successful authentication with username %s and password %s'
                    % (creds['username'], creds['password'])
                })

                if 'command' in actions:
                    output = "Command '%s':\n" % actions['command']['command']
                    output += telnet.execute(actions['command']['command'])
                    Output.write({
                        'target': target['hostname'],
                        'message': output
                    })
            else:
                Output.write({
                    'target':
                    telnet.url(),
                    'message':
                    'Authentication failure with username %s and password %s' %
                    (creds['username'], creds['password'])
                })

        if 'bruteforce' in actions:
            if 'username_file' in actions['bruteforce'] != None:
                Output.write({
                    'target': telnet.url(),
                    'message': 'Starting bruteforce:'
                })

                username_file = actions['bruteforce']['username_file']
                password_file = actions['bruteforce'][
                    'password_file'] if 'password_file' in actions[
                        'bruteforce'] else None
                bruteforce_workers = actions['bruteforce']['workers']

                # The generator will provide a username:password_list couple
                gen = bruteforce_generator(target, username_file,
                                           password_file)
                gen_size = bruteforce_generator_count(target, username_file,
                                                      password_file)

                args = (timeout, )
                dispatch(gen,
                         gen_size,
                         bruteforce_worker,
                         args,
                         workers=bruteforce_workers,
                         process=False,
                         pg_name=target['hostname'])

    except ConnectionRefusedError:
        pass
    except Exception as e:
        Output.write({
            'target':
            telnet.url(),
            'message':
            '%s: %s\n%s' % (type(e), e, traceback.format_exc())
        })
    finally:
        telnet.disconnect()
Ejemplo n.º 3
0
def postgrescan_worker(target, actions, creds, timeout):
    try:
        postgresql = PostgreSQL(target['hostname'], target['port'], timeout)

        if not 'username' in creds:
            pass
        elif not 'password' in creds:
            pass
        else:
            username = creds['username']
            password = creds['password']

            success = False

            success, version = postgresql.auth(username, password)

            postgresql_info = {'version': version}
            postgresql_info['target'] = postgresql.url()
            postgresql_info['message_type'] = 'postgresql'
            Output.write(postgresql_info)

            if success:
                Output.write({
                    'target':
                    postgresql.url(),
                    'message':
                    'Successful authentication with credentials %s and password %s'
                    % (username, password)
                })

                if 'list_dbs' in actions:
                    databases = postgresql.list_databases()
                    output = "Databases:\n"
                    for db in databases:
                        output += " " * 60 + "- %s:\n" % db['name']
                        for table in db['tables']:
                            output += " " * 60 + "\t- %s\n" % table
                    Output.write({
                        'target': postgresql.url(),
                        'message': output
                    })
                if 'cmd' in actions:
                    output = "Command result:\n"
                    output += postgresql.execute_cmd(actions['cmd']['command'])

                    Output.write({
                        'target': postgresql.url(),
                        'message': output
                    })
            else:
                Output.write({
                    'target':
                    postgresql.url(),
                    'message':
                    'Authentication failure with credentials %s and password %s'
                    % (username, password)
                })

        if 'bruteforce' in actions:
            if 'username_file' in actions['bruteforce'] != None:
                Output.write({
                    'target': postgresql.url(),
                    'message': 'Starting bruteforce:'
                })

                username_file = actions['bruteforce']['username_file']
                password_file = actions['bruteforce'][
                    'password_file'] if 'password_file' in actions[
                        'bruteforce'] else None
                bruteforce_workers = actions['bruteforce']['workers']

                # The generator will provide a username:password_list couple
                gen = bruteforce_generator(target, username_file,
                                           password_file)
                gen_size = bruteforce_generator_count(target, username_file,
                                                      password_file)

                args = (timeout, )
                dispatch(gen,
                         gen_size,
                         bruteforce_worker,
                         args,
                         workers=bruteforce_workers,
                         process=False,
                         pg_name=target['hostname'])

    except OSError:
        pass
    except ConnectionRefusedError:
        pass
    except Exception as e:
        Output.write({
            'target':
            postgresql.url(),
            'message':
            '%s: %s\n%s' % (type(e), e, traceback.format_exc())
        })
    finally:
        postgresql.disconnect()
Ejemplo n.º 4
0
def sshscan_worker(target, actions, creds, timeout):
    try:

        ssh = SSH(target['hostname'], target['port'], timeout)

        version = ssh.get_version()
        if not version:
            return
        Output.write({'target': ssh.url(), 'message': '%s' % version})

        if 'username' in creds and 'password' in creds:

            success = ssh.auth(creds['username'], creds['password'])
            if success:
                Output.write({
                    'target':
                    ssh.url(),
                    'message':
                    'Successful authentication with username %s and password %s'
                    % (creds['username'], creds['password'])
                })

                if 'command' in actions:
                    output = "Command '%s':\n" % actions['command']['command']
                    output += ssh.execute(actions['command']['command'])
                    Output.write({
                        'target': target['hostname'],
                        'message': output
                    })
            else:
                Output.write({
                    'target':
                    ssh.url(),
                    'message':
                    'Authentication failure with username %s and password %s' %
                    (creds['username'], creds['password'])
                })

        if 'bruteforce' in actions:
            if 'username_file' in actions['bruteforce'] != None:
                Output.write({
                    'target': ssh.url(),
                    'message': 'Starting bruteforce:'
                })

                username_file = actions['bruteforce']['username_file']
                password_file = actions['bruteforce'][
                    'password_file'] if 'password_file' in actions[
                        'bruteforce'] else None
                bruteforce_workers = actions['bruteforce']['workers']

                # The generator will provide a username:password_list couple
                gen = bruteforce_generator(target, username_file,
                                           password_file)
                gen_size = bruteforce_generator_count(target, username_file,
                                                      password_file)

                args = (timeout, )
                dispatch(gen,
                         gen_size,
                         bruteforce_worker,
                         args,
                         workers=bruteforce_workers,
                         process=False,
                         pg_name=target['hostname'])

    except paramiko.AuthenticationException as e:
        Output.write({
            'target':
            ssh.url(),
            'message':
            'Authentication failure with username %s and password %s' %
            (creds['username'], creds['password'])
        })
    except ValueError as e:
        Output.write({
            'target':
            ssh.url(),
            'message':
            "Authentication failure because of crypto failure: %s" % str(e)
        })
    except paramiko.SSHException as e:
        pass
    except socket.error:
        pass
    except Exception as e:
        Output.write({
            'target':
            ssh.url(),
            'message':
            '%s: %s\n%s' % (type(e), e, traceback.format_exc())
        })
    finally:
        ssh.disconnect()
Ejemplo n.º 5
0
def ftpscan_worker(target, actions, creds, timeout):
    try:
        ftpscan = FTPScan(target['hostname'], target['port'], timeout)

        ftp_code, version = ftpscan.grab_banner()
        if ftp_code:
            Output.write({
                'target': ftpscan.url(),
                'message': '%d   %s' % (ftp_code, version)
            })

            if 'username' in creds and 'password' in creds:
                success = ftpscan.auth(creds['username'], creds['password'])
            else:
                success = ftpscan.auth()
            if success:
                if 'username' in creds and 'password' in creds:
                    Output.write({
                        'target':
                        ftpscan.url(),
                        'message':
                        'Successful connection with credentials %s:%s' % creds
                    })
                else:
                    Output.write({
                        'target': ftpscan.url(),
                        'message': 'Successful anonymous connection'
                    })

                if 'list' in actions:
                    try:
                        ftp_dir = '/'
                        contents = ""
                        for content in ftpscan.list_content(
                                ftp_dir, recurse=actions['list']['recurse']):
                            if 'size' in content:
                                contents += " " * 60 + "- %s %s\n" % (
                                    content['name'].ljust(30),
                                    sizeof_fmt(content['size']))
                            else:
                                contents += " " * 60 + "- %s\n" % content[
                                    'name']
                        Output.write({
                            'target':
                            ftpscan.url(),
                            'message':
                            'Contents of %s\n%s' % (ftp_dir, contents)
                        })
                    except socket.timeout as e:
                        Output.write({
                            'target':
                            ftpscan.url(),
                            'message':
                            'Timeout while listing folder, do you have a firewall enabled ?'
                        })

        if 'bruteforce' in actions:
            if 'username_file' in actions['bruteforce'] != None:
                Output.write({
                    'target': ftpscan.url(),
                    'message': 'Starting bruteforce:'
                })

                username_file = actions['bruteforce']['username_file']
                password_file = actions['bruteforce'][
                    'password_file'] if 'password_file' in actions[
                        'bruteforce'] else None
                bruteforce_workers = actions['bruteforce']['workers']

                # The generator will provide a username:password_list couple
                gen = bruteforce_generator(target, username_file,
                                           password_file)
                gen_size = bruteforce_generator_count(target, username_file,
                                                      password_file)

                args = (timeout, )
                dispatch(gen,
                         gen_size,
                         bruteforce_worker,
                         args,
                         workers=bruteforce_workers,
                         process=False,
                         pg_name=target['hostname'])

    except Exception as e:
        Output.write({
            'target':
            ftpscan.url(),
            'message':
            '%s: %s\n%s' % (type(e), e, traceback.format_exc())
        })
    finally:
        ftpscan.disconnect()
Ejemplo n.º 6
0
def mysqlscan_worker(target, actions, creds, timeout):
    try:
        mysqlscan = MySQLScan(target['hostname'], target['port'], timeout)

        # We are against a MySQL server

        # Gather info
        version = mysqlscan.get_server_version_unauth()
        if version == None:
            return

        mysql_info = {'version': version}
        mysql_info['target'] = mysqlscan.url()
        mysql_info['message_type'] = 'mysql'
        Output.write(mysql_info)

        if not 'username' in creds:
            pass
        elif not 'password' in creds:
            pass
        else:
            username = creds['username']
            password = creds['password']

            success = False

            try:
                success, version = mysqlscan.auth(username, password)
                Output.write({
                    'target':
                    mysqlscan.url(),
                    'message':
                    'Successful authentication with credentials %s and password %s'
                    % (username, password)
                })
            except AuthFailure as e:
                Output.write({
                    'target':
                    mysqlscan.url(),
                    'message':
                    'Authentication failure with credentials %s and password %s: %s'
                    % (username, password, str(e))
                })

            if success:
                if 'list_dbs' in actions:
                    databases = mysqlscan.list_databases()
                    output = "Databases:\n"
                    for db in databases:
                        output += " " * 60 + "- %s:\n" % db['name']
                        for table in db['tables']:
                            output += " " * 60 + "\t- %s\n" % table
                    Output.write({
                        'target': mysqlscan.url(),
                        'message': output
                    })
                if 'list_hashes' in actions:
                    hashes = mysqlscan.list_hashes()
                    output = "Hashes:\n"
                    for account in hashes:
                        user = "******" % (account['username'],
                                           account['host'])
                        output += " " * 60 + "- %s   %s\n" % (user,
                                                              account['hash'])
                    Output.write({
                        'target': mysqlscan.url(),
                        'message': output
                    })
                if 'sql' in actions:
                    output = "Query result:\n"
                    result = mysqlscan.execute_sql(actions['sql']['query'])
                    for item in result:
                        output += "- %s\n" % (item, )

                    Output.write({
                        'target': mysqlscan.url(),
                        'message': output
                    })

        if 'bruteforce' in actions:
            if 'username_file' in actions['bruteforce'] != None:
                Output.write({
                    'target': mysqlscan.url(),
                    'message': 'Starting bruteforce:'
                })

                username_file = actions['bruteforce']['username_file']
                password_file = actions['bruteforce'][
                    'password_file'] if 'password_file' in actions[
                        'bruteforce'] else None
                bruteforce_workers = actions['bruteforce']['workers']

                # The generator will provide a username:password_list couple
                gen = bruteforce_generator(target, username_file,
                                           password_file)
                gen_size = bruteforce_generator_count(target, username_file,
                                                      password_file)

                args = (timeout, )
                dispatch(gen,
                         gen_size,
                         bruteforce_worker,
                         args,
                         workers=bruteforce_workers,
                         process=False,
                         pg_name=target['hostname'])

    except OSError:
        pass
    except ConnectionRefusedError:
        pass
    except Exception as e:
        Output.write({
            'target':
            mysqlscan.url(),
            'message':
            '%s: %s\n%s' % (type(e), e, traceback.format_exc())
        })
    finally:
        mysqlscan.disconnect()
Ejemplo n.º 7
0
def mongoscan_worker(target, actions, creds, timeout):
    try:
        auth = False
        version_printed = False

        mongo = Mongo(target['hostname'], target['port'], timeout)

        # try anonymous auth
        auth, version = mongo.auth(None, None)

        if auth:
            version_printed = True
            Output.write({'target': mongo.url(), 'message': version})
            Output.write({
                'target':
                mongo.url(),
                'message':
                'Authentication success with anonymous credentials'
            })

        if 'username' in creds and 'password' in creds:
            mongo_auth = Mongo(target['hostname'], target['port'], timeout)
            auth2, version = mongo_auth.auth(creds['username'],
                                             creds['password'],
                                             database=target['database'])

            if auth2:
                auth = auth2
                if not version_printed:
                    Output.write({'target': mongo.url(), 'message': version})
                Output.write({
                    'target':
                    mongo.url(),
                    'message':
                    'Authentication success with username %s and password %s for database \'%s\''
                    %
                    (creds['username'], creds['password'], target['database'])
                })
                mongo.disconnect()
                mongo = mongo_auth

        if not auth:
            Output.write({'target': mongo.url(), 'message': 'Unknown'})
        else:
            if 'list_dbs' in actions:
                databases = mongo.list_databases()
                output = "Databases:\n"
                for db in databases:
                    output += " " * 60 + "- %s:\n" % db['name']
                    for table in db['collections']:
                        output += " " * 60 + "\t- %s\n" % table
                Output.write({'target': mongo.url(), 'message': output})

        if 'bruteforce' in actions:
            if 'username_file' in actions['bruteforce'] != None:
                Output.write({
                    'target': mongo.url(),
                    'message': 'Starting bruteforce:'
                })

                username_file = actions['bruteforce']['username_file']
                password_file = actions['bruteforce'][
                    'password_file'] if 'password_file' in actions[
                        'bruteforce'] else None
                bruteforce_workers = actions['bruteforce']['workers']

                # The generator will provide a username:password_list couple
                gen = bruteforce_generator(target, username_file,
                                           password_file)
                gen_size = bruteforce_generator_count(target, username_file,
                                                      password_file)

                args = (timeout, )
                dispatch(gen,
                         gen_size,
                         bruteforce_worker,
                         args,
                         workers=bruteforce_workers,
                         process=False,
                         pg_name=target['hostname'])

    except OSError:
        pass
    except ConnectionRefusedError:
        pass
    except Exception as e:
        Output.write({
            'target':
            mongo.url(),
            'message':
            '%s: %s\n%s' % (type(e), e, traceback.format_exc())
        })
    finally:
        mongo.disconnect()
Ejemplo n.º 8
0
def redisscan_worker(target, actions, creds, timeout):
    try:
        auth = False
        version_printed = False

        redis = Redis(target['hostname'], target['port'], timeout)

        # try anonymous auth
        auth, version = redis.auth(None)

        if auth:
            version_printed = True
            Output.write({'target': redis.url(), 'message': version})
            Output.write({'target': redis.url(), 'message': 'Authentication success with anonymous credentials'})

        if 'password' in creds:
            redis_auth = Redis(target['hostname'], target['port'], timeout)
            auth2, version2 = redis_auth.auth(creds['password'])

            if auth2:
                auth = auth2
                version = version2
                if not version_printed:
                    Output.write({'target': redis.url(), 'message': version})
                Output.write({'target': redis.url(), 'message': 'Authentication success with password %s' % (creds['password'],)})
                redis.disconnect()
                redis = redis_auth

        if version:
            # check if vulnerable to CVE-2015-4335
            version_tuple = tuple([int(i) for i in version.split(".")])

            if version_tuple < (2, 8, 21) or version_tuple[0] == 3 and version_tuple < (3, 0, 2):
                Output.write({'target': redis.url(), 'message': "RCE on Redis (CVE-2015-4335)"})

        if not auth:
            Output.write({'target': redis.url(), 'message': 'Unknown'})
        else:
            """
            if 'list_dbs' in actions:
                databases = redis.list_databases()
                output = "Databases:\n"
                for db in databases:
                    output += " "*60+"- %s:\n" % db['name']
                    for table in db['collections']:
                        output += " "*60+"\t- %s\n" % table
                Output.write({'target': redis.url(), 'message': output})
            """

        if 'bruteforce' in actions:
            if 'password_file' in actions['bruteforce'] != None:
                Output.write({'target': redis.url(), 'message': 'Starting bruteforce:'})

                password_file = actions['bruteforce']['password_file']
                bruteforce_workers = actions['bruteforce']['workers']

                # The generator will provide a username:password_list couple
                gen = bruteforce_generator(target, password_file)
                gen_size = bruteforce_generator_count(target, password_file)

                args = (timeout,)
                dispatch(gen, gen_size, bruteforce_worker, args, workers=bruteforce_workers, process=False, pg_name=target['hostname'])

    except OSError:
        pass
    except ConnectionRefusedError:
        pass
    except redislib.exceptions.ConnectionError:
        pass
    except redislib.exceptions.TimeoutError:
        pass
    except Exception as e:
        Output.write({'target': redis.url(), 'message': '%s: %s\n%s' % (type(e), e, traceback.format_exc())})
    finally:
        redis.disconnect()
Ejemplo n.º 9
0
def smbscan_worker(target, actions, creds, timeout):
    try:
        smbscan = SMBScan(target['hostname'], target['port'], timeout)

        if smbscan.connect():
            # We are against a SMB server

            # Gather info
            smb_info = smbscan.get_server_info()
            smb_info['target'] = smbscan.url()
            smb_info['message_type'] = 'smb'
            Output.write(smb_info)

            smbscan.disconnect()

            # Start new connection
            smbscan.connect()

            success = False
            is_admin = False
            # Authenticate
            if not 'username' in creds:
                pass
            else:
                if not 'domain' in creds:
                    creds['domain'] = 'WORKGROUP'

                if '\\' in creds['username']:
                    creds['domain'] = creds['username'].split('\\')[0]
                    creds['username'] = creds['username'].split('\\')[1]

                if 'password' in creds:
                    try:
                        success, is_admin = smbscan.auth(
                            domain=creds['domain'],
                            username=creds['username'],
                            password=creds['password'])
                        Output.write({
                            'target':
                            smbscan.url(),
                            'message':
                            'Successful authentication with credentials {domain}\\{username} and password {password}'
                            .format(**creds)
                        })
                    except AuthFailure as e:
                        Output.write({
                            'target':
                            smbscan.url(),
                            'message':
                            'Authentication failure with credentials {domain}\\{username} and password {password}: %s'
                            .format(**creds) % str(e)
                        })
                elif 'hash' in creds:
                    try:
                        success, is_admin = smbscan.auth(
                            domain=creds['domain'],
                            username=creds['username'],
                            hash=creds['hash'])
                        Output.write({
                            'target':
                            smbscan.url(),
                            'message':
                            'Successful authentication with credentials {domain}\\{username} and hash {hash}'
                            .format(**creds)
                        })
                    except AuthFailure as e:
                        Output.write({
                            'target':
                            smbscan.url(),
                            'message':
                            'Authentication failure with credentials {domain}\\{username} and hash {hash}: %s'
                            .format(**creds) % str(e)
                        })
                else:
                    try:
                        success, is_admin = smbscan.auth(
                            domain=creds['domain'],
                            username=creds['username'],
                            password='')
                        Output.write({
                            'target':
                            smbscan.url(),
                            'message':
                            'Successful authentication with credentials {domain}\\{username} and no password'
                            .format(**creds)
                        })
                    except AuthFailure as e:
                        Output.write({
                            'target':
                            smbscan.url(),
                            'message':
                            'Authentication failure with credentials {domain}\\{username} and no password: %s'
                            .format(**creds) % str(e)
                        })

                if is_admin:
                    Output.write({
                        'target':
                        smbscan.url(),
                        'message':
                        'Administrative privileges with credentials {domain}\\{username}'
                        .format(**creds)
                    })

            if success:
                # Authenticated, now perform actions
                share_list = []
                if 'list_shares' in actions:
                    shares = "Shares:\n"
                    try:
                        for share_info in smbscan.list_shares():
                            shares += " " * 60 + "- %s %s %s\n" % (
                                share_info['name'].ljust(15), ", ".join(
                                    share_info['access']).ljust(20),
                                share_info['remark'])
                            share_list.append(share_info['name'])
                        Output.write({
                            'target': smbscan.url(),
                            'message': shares
                        })
                    except impacket.smbconnection.SessionError as e:
                        if 'STATUS_ACCESS_DENIED' in str(e):
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                'List shares: Access denied'
                            })
                        else:
                            raise e
                if 'list' in actions:
                    try:
                        if not 'share' in actions['list']:
                            if len(share_list) == 0:
                                for share_info in smbscan.list_shares():
                                    share_list.append(share_info['name'])
                        else:
                            share_list = [actions['list']['share']]

                        for share in share_list:
                            contents = "Content of share %s:\n" % share
                            for content in smbscan.list_content(
                                    path="\\",
                                    share=share,
                                    recurse=actions['list']['recurse']):
                                if 'size' in content:
                                    contents += " " * 60 + "- %s %s\n" % (
                                        content['name'].ljust(30),
                                        sizeof_fmt(content['size']))
                                else:
                                    contents += " " * 60 + "- %s\n" % (
                                        content['name'].ljust(30), )
                            Output.write({
                                'target': smbscan.url(),
                                'message': contents
                            })
                    except impacket.smbconnection.SessionError as e:
                        if 'STATUS_ACCESS_DENIED' in str(e):
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                'List share contents: Access denied'
                            })
                        else:
                            raise e
                if 'command' in actions:
                    output = smbscan.exec(
                        actions['command']['command'],
                        exec_method=actions['command']['method'],
                        get_output=True)
                    if output:
                        Output.write({
                            'target':
                            smbscan.url(),
                            'message':
                            'Executed command \'%s\':\n%s' %
                            (actions['command']['command'], output)
                        })
                    else:
                        Output.write({
                            'target':
                            smbscan.url(),
                            'message':
                            'Failed to execute command %s' %
                            (actions['command']['command'], )
                        })
                if 'sam' in actions:
                    output = "SAM hashes:\n"
                    try:
                        entries = smbscan.dump_sam()
                        for entry in entries:
                            output += " " * 60 + "- %s %s\n" % (
                                entry['username'].ljust(30), entry['hash'])
                        Output.write({
                            'target': smbscan.url(),
                            'message': output
                        })
                    except impacket.dcerpc.v5.rpcrt.DCERPCException as e:
                        if 'access_denied' in str(e):
                            Output.write({
                                'target': smbscan.url(),
                                'message': 'SAM dump: Access denied'
                            })
                        else:
                            raise e
                if 'lsa' in actions:
                    output = "LSA secrets:\n"
                    try:
                        entries = smbscan.dump_lsa()
                        for entry in entries:
                            output += " " * 60 + "- %s\n" % (entry['secret'], )
                        Output.write({
                            'target': smbscan.url(),
                            'message': output
                        })
                    except impacket.dcerpc.v5.rpcrt.DCERPCException as e:
                        if 'access_denied' in str(e):
                            Output.write({
                                'target': smbscan.url(),
                                'message': 'LSA dump: Access denied'
                            })
                        else:
                            raise e
                if 'users' in actions:
                    Output.write({
                        'target': smbscan.url(),
                        'message': 'Users:'
                    })
                    try:
                        entries = smbscan.enum_users()
                        for entry in entries:
                            user = '******' % (entry['domain'],
                                               entry['username'])
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                '(%d) %s   %s  [%s]' %
                                (entry['uid'], user.ljust(30),
                                 entry['fullname'].ljust(30), ','.join(
                                     entry['tags']))
                            })
                    except impacket.dcerpc.v5.rpcrt.DCERPCException as e:
                        if 'access_denied' in str(e):
                            Output.write({
                                'target': smbscan.url(),
                                'message': 'Enum users: Access denied'
                            })
                        else:
                            raise e
                if 'groups' in actions:
                    Output.write({
                        'target': smbscan.url(),
                        'message': 'Groups:'
                    })
                    try:
                        entries = smbscan.enum_groups()
                        for entry in entries:
                            group = '%s\\%s' % (entry['domain'],
                                                entry['groupname'])
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                '(%d) %s   %s' %
                                (entry['uid'], group.ljust(30),
                                 entry['admin_comment'])
                            })
                    except impacket.dcerpc.v5.rpcrt.DCERPCException as e:
                        if 'access_denied' in str(e):
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                'Enum groups: Access denied'
                            })
                        else:
                            raise e
                if 'admins' in actions:
                    Output.write({
                        'target': smbscan.url(),
                        'message': 'Administrators:'
                    })
                    try:
                        entries = smbscan.enum_admins()
                        for entry in entries:
                            admin = '%s\\%s' % (entry['domain'], entry['name'])
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                '- %s (%s)' % (admin.ljust(30), entry['type'])
                            })
                    except impacket.dcerpc.v5.rpcrt.DCERPCException as e:
                        if 'access_denied' in str(e):
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                'Enum admins: Access denied'
                            })
                        else:
                            raise e
                if 'passpol' in actions:
                    try:
                        password_policy = smbscan.enum_password_policy()
                        output = "Password policy:\n"
                        output += " " * 60 + "- Complexity:       %s\n" % (
                            "Enabled" if password_policy['complexity'] == 1
                            else "Disabled", )
                        output += " " * 60 + "- Minimum length:   %d\n" % password_policy[
                            'minimum_length']
                        output += " " * 60 + "- History:          last %d passwords\n" % password_policy[
                            'history_length']
                        output += " " * 60 + "- Maximum age:      %s\n" % password_policy[
                            'maximum_age']
                        output += " " * 60 + "- Minimum age:      %s\n" % password_policy[
                            'minimum_age']
                        output += " " * 60 + "- Lock threshold:   %s\n" % (
                            str(password_policy['lock_threshold'])
                            if password_policy['lock_threshold'] != 0 else
                            "Disabled", )
                        if password_policy['lock_threshold'] != 0:
                            output += " " * 60 + "- Lock duration:    %s\n" % password_policy[
                                'lock_duration']

                        Output.write({
                            'target': smbscan.url(),
                            'message': output
                        })
                    except impacket.dcerpc.v5.rpcrt.DCERPCException as e:
                        if 'access_denied' in str(e):
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                'Enum password policy: Access denied'
                            })
                        else:
                            raise e
                if 'loggedin' in actions:
                    Output.write({
                        'target': smbscan.url(),
                        'message': 'Logged in users:'
                    })
                    try:
                        entries = smbscan.enum_loggedin()
                        for entry in entries:
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                'Logged in: %s\\%s' %
                                (entry['domain'], entry['username'])
                            })
                    except impacket.dcerpc.v5.rpcrt.DCERPCException as e:
                        if 'access_denied' in str(e):
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                'Enum logged in: Access denied'
                            })
                        else:
                            raise e
                if 'session' in actions:
                    Output.write({
                        'target': smbscan.url(),
                        'message': 'Sessions:'
                    })
                    try:
                        entries = smbscan.enum_sessions()
                        for entry in entries:
                            Output.write({
                                'target': smbscan.url(),
                                'message': 'Session: %s' % (entry, )
                            })
                    except impacket.dcerpc.v5.rpcrt.DCERPCException as e:
                        if 'access_denied' in str(e):
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                'Enum sessions: Access denied'
                            })
                        else:
                            raise e
                if 'rid_brute' in actions:
                    Output.write({
                        'target':
                        smbscan.url(),
                        'message':
                        'Users discovered via RID bruteforce:'
                    })
                    try:
                        entries = smbscan.rid_bruteforce(
                            actions['rid_brute']['start'],
                            actions['rid_brute']['end'])
                        for entry in entries:
                            user = '******' % (entry['domain'], entry['name'])
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                '- %s (%s)' % (user.ljust(30), entry['type'])
                            })
                    except impacket.dcerpc.v5.rpcrt.DCERPCException as e:
                        if 'access_denied' in str(e):
                            Output.write({
                                'target':
                                smbscan.url(),
                                'message':
                                'RID brutefroce: Access denied'
                            })
                        else:
                            raise e

            if 'bruteforce' in actions:
                if 'username_file' in actions['bruteforce'] != None:
                    Output.write({
                        'target': smbscan.url(),
                        'message': 'Starting bruteforce:'
                    })

                    if 'domain' in creds:
                        domain = creds['domain']
                    else:
                        domain = 'WORKGROUP'
                    username_file = actions['bruteforce']['username_file']
                    password_file = actions['bruteforce'][
                        'password_file'] if 'password_file' in actions[
                            'bruteforce'] else None
                    bruteforce_workers = actions['bruteforce']['workers']

                    # The generator will provide a username:password_list couple
                    gen = bruteforce_generator(target, domain, username_file,
                                               password_file)
                    gen_size = bruteforce_generator_count(
                        target, domain, username_file, password_file)

                    args = (timeout, )
                    dispatch(gen,
                             gen_size,
                             bruteforce_worker,
                             args,
                             workers=bruteforce_workers,
                             process=False,
                             pg_name=target['hostname'])
            if 'simple_bruteforce' in actions:
                if 'username_file' in actions['bruteforce'] != None:
                    Output.write({
                        'target': smbscan.url(),
                        'message': 'Starting simple bruteforce:'
                    })

                    if 'domain' in creds:
                        domain = creds['domain']
                    else:
                        domain = 'WORKGROUP'
                    username_file = actions['bruteforce']['username_file']
                    bruteforce_workers = actions['bruteforce']['workers']

                    # The generator will provide a username:password_list couple
                    gen = bruteforce_generator(target,
                                               domain,
                                               username_file,
                                               None,
                                               simple_bruteforce=True)
                    gen_size = bruteforce_generator_count(
                        target, domain, username_file, password_file)

                    args = (timeout, )
                    dispatch(gen,
                             gen_size,
                             bruteforce_worker,
                             args,
                             workers=bruteforce_workers,
                             process=False,
                             pg_name=target['hostname'])

    except ConnectionResetError:
        Output.write({
            'target': smbscan.url(),
            'message': 'Connection reset by target'
        })
    except TypeError as e:
        if 'ConnectionResetError' in str(e):
            Output.write({
                'target': smbscan.url(),
                'message': 'Connection reset by target'
            })
        else:
            Output.write({
                'target':
                smbscan.url(),
                'message':
                '%s: %s\n%s' % (type(e), e, traceback.format_exc())
            })
    except Exception as e:
        Output.write({
            'target':
            smbscan.url(),
            'message':
            '%s: %s\n%s' % (type(e), e, traceback.format_exc())
        })
    finally:
        smbscan.disconnect()