def parseOutputString(self, output, debug=False):
host_info = re.search(
r"(\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)",
output)
if host_info is None:
api.log("No hosts detected")
else:
for host in output.splitlines():
if host != "":
h_id = self.createAndAddHost(host)
i_id = self.createAndAddInterface(h_id,
host,
ipv4_address=host)
s_id = self.createAndAddServiceToInterface(
h_id,
i_id,
str(self._port),
"tcp",
ports=[self._port],
status="open",
version="",
description="")
if debug is True:
api.devlog("Debug is active")
return True
def parseOutputString(self, output, debug=False):
host_info = re.search(r"Connected to (.+)\.", output)
banner = re.search("220?([\w\W]+)$", output)
if re.search("Connection timed out",
output) is None and host_info is not None:
hostname = host_info.group(1)
ip_address = self.resolve(hostname)
self._version = banner.groups(0) if banner else ""
if debug:
print ip_address
h_id = self.createAndAddHost(ip_address)
i_id = self.createAndAddInterface(h_id,
ip_address,
ipv4_address=ip_address,
hostname_resolution=[hostname])
s_id = self.createAndAddServiceToInterface(h_id,
i_id,
"ftp",
"tcp",
ports=[self._port],
status="open")
if debug is True:
api.devlog("Debug is active")
return True
def _doSql(self, db, sql):
try:
api.devlog("SQL:" + sql)
db.execute(sql)
except Exception, e:
print("Error SQL[" + e.pgcode + "] - " + e.pgerror)
return None
def parseOutputString(self, output, debug=False):
host_info = re.search(
r"(\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)",
output)
host_mac_addr = re.search(r"([\dA-F]{2}(?:[-:][\dA-F]{2}){5})", output,
re.IGNORECASE)
if host_info is None:
api.devlog("No hosts detected")
else:
for line in output.split('\n'):
vals = line.split("\t")
if len(vals) == 3:
if len(vals[0].split(".")) == 4:
host = vals[0]
h_id = self.createAndAddHost(host)
i_id = self.createAndAddInterface(h_id,
host,
ipv4_address=host,
mac=vals[1])
n_id = self.createAndAddNoteToHost(
h_id, "NIC VENDOR:", vals[2])
return True
def setSavingModel(self, value):
api.devlog("setSavingModel: %s" % value)
self._saving_model_flag = value
if value:
self._saving_model_lock.acquire()
else:
try:
self._saving_model_lock.release()
except RuntimeError:
pass
def parseOutputString(self, output, debug=False):
"""
This method will discard the output the shell sends, it will read it from
the xml where it expects it to be present.
NOTE: if 'debug' is true then it is being run from a test case and the
output being sent is valid.
"""
try:
f = urlopen(
self.getSetting("Host") + "/api/hooks?token=" +
self.getSetting("Authkey"))
data = json.loads(f.read())
except:
api.devlog("[BeEF] - Connection with api")
return
if "hooked-browsers" in data:
for t in ["online", "offlne"]:
for h in data["hooked-browsers"][t]:
name = str(data["hooked-browsers"][t][h]['name'])
version = str(data["hooked-browsers"][t][h]['version'])
os = str(data["hooked-browsers"][t][h]['os'])
platform = str(data["hooked-browsers"][t][h]['platform'])
session = str(data["hooked-browsers"][t][h]['session'])
ip = str(data["hooked-browsers"][t][h]['ip'])
domain = str(data["hooked-browsers"][t][h]['domain'])
port = str(data["hooked-browsers"][t][h]['port'])
page_uri = str(data["hooked-browsers"][t][h]['page_uri'])
desc = "Client ip:" + ip + \
" has been injected with BeEF using the url:" + page_uri + "\n"
desc += "More information:"
desc += "\ntype:" + t
desc += "\nname:" + name
desc += "\nversion:" + version
desc += "\nos:" + os
desc += "\nplatform:" + platform
desc += "\nsession:" + session
desc += "\nip:" + ip
desc += "\ndomain:" + domain
desc += "\nport:" + port
desc += "\npage_uri:" + page_uri
h_id = self.createAndAddHost(ip)
v_id = self.createAndAddVulnToHost(
h_id,
"BeEF injected " + t + " session:" + session,
desc=desc,
ref=["http://http://beefproject.com/"],
severity=3)
def addUpdate(self, old_object, new_object, command_id):
# Returns True if the update was resolved without user interaction
try:
mergeAction = old_object.addUpdate(new_object, command_id)
if mergeAction:
if old_object not in self.objects_with_updates:
self.objects_with_updates.append(old_object)
notifier.conflictUpdate(1)
return False
except Exception as ex:
api.devlog("(%s).addUpdate(%s, %s) - failed" %
(self, old_object, new_object))
return False
self.mappers_manager.update(old_object, command_id)
notifier.editHost(old_object)
return True
def _processAction(self, action, parameters, sync=False):
"""
decodes and performs the action given
It works kind of a dispatcher
"""
if sync:
self._sync_api_request = True
api.devlog("_processAction - %s - parameters = %s" %
(action, str(parameters)))
action_callback = self._actionDispatcher[action]
res = self._dispatchActionWithLock(action_callback, *parameters)
# finally we notify the widgets about this change
# if res: # notify only if action was done successfuly
# self._notifyModelUpdated(*parameters)
# else:
if not res:
api.devlog("Action code %d failed. Parameters = %s" %
(action, str(parameters)))
if sync:
self._sync_api_request = False
def stop_server(self):
api.devlog("server stopping...")
self._stop = True
def serve_forever(self):
while not self._stop:
self.handle_request()
api.devlog("server forever stopped by flag")
def run(self):
self.serve_forever()
api.devlog("serve_forever ended")
return
def handle(self):
try:
api.devlog("-" * 60)
api.devlog("[XMLRPCHandler] - request = %s" % str(self.request))
api.devlog("[XMLRPCHandler] - client_address = %s" %
str(self.client_address))
api.devlog("[XMLRPCHandler] - server = %s" % str(self.server))
api.devlog("-" * 60)
SimpleXMLRPCServer.SimpleXMLRPCRequestHandler.handle(self)
except Exception:
api.devlog(
"[XMLRPCHandler] - An error ocurred while handling a request\n%s"
% traceback.format_exc())
def _devlog(self, msg, *args, **kwargs):
# I have no idea what I am doing
api.devlog(msg)
return True
