def storeScreenshot(self, ip: str, port: str, filename: str): p = process(0, "screenshooter", "screenshot (" + str(port) + "/tcp)", str(ip), str(port), "tcp", "", getTimestamp(True), getTimestamp(True), str(filename), "Finished", [process_output()], 2, 0) session = self.dbAdapter.session() session.add(p) session.commit() return p.id
def addHosts(self, iprange, runHostDiscovery, runStagedNmap): if iprange == '': print('[-] No hosts entered..') return if runStagedNmap: self.runStagedNmap(iprange, runHostDiscovery) elif runHostDiscovery: outputfile = self.logic.runningfolder + "/nmap/" + getTimestamp( ) + '-host-discover' command = "nmap -n -sn -T4 " + iprange + " -oA " + outputfile self.runCommand( 'nmap', 'nmap (discovery)', iprange, '', '', command, getTimestamp(True), outputfile, self.view.createNewTabForHost(str(iprange), 'nmap (discovery)', True)) else: outputfile = self.logic.runningfolder + "/nmap/" + getTimestamp( ) + '-nmap-list' command = "nmap -n -sL " + iprange + " -oA " + outputfile self.runCommand( 'nmap', 'nmap (list)', iprange, '', '', command, getTimestamp(True), outputfile, self.view.createNewTabForHost(str(iprange), 'nmap (list)', True))
def handleHostAction(self, ip, hostid, actions, action): if action.text() == 'Mark as checked' or action.text( ) == 'Mark as unchecked': self.logic.toggleHostCheckStatus(ip) self.view.updateInterface() return if action.text() == 'Run nmap (staged)': print( '[+] Purging previous portscan data for ' + str(ip) ) # if we are running nmap we need to purge previous portscan results if self.logic.getPortsForHostFromDB(ip, 'tcp'): self.logic.deleteAllPortsAndScriptsForHostFromDB(hostid, 'tcp') if self.logic.getPortsForHostFromDB(ip, 'udp'): self.logic.deleteAllPortsAndScriptsForHostFromDB(hostid, 'udp') self.runStagedNmap(ip, False) return for i in range(0, len(actions)): if action == actions[i]: name = self.settings.hostActions[i][1] invisibleTab = False if 'nmap' in name: # to make sure different nmap scans appear under the same tool name name = 'nmap' invisibleTab = True # remove all chars that are not alphanumeric from tool name (used in the outputfile's name) outputfile = self.logic.runningfolder + "/" + re.sub( "[^0-9a-zA-Z]", "", str(name)) + "/" + getTimestamp() + "-" + re.sub( "[^0-9a-zA-Z]", "", str( self.settings.hostActions[i][1])) + "-" + ip command = str(self.settings.hostActions[i][2]) command = command.replace('[IP]', ip).replace('[OUTPUT]', outputfile) # check if same type of nmap scan has already been made and purge results before scanning if 'nmap' in command: proto = 'tcp' if '-sU' in command: proto = 'udp' if self.logic.getPortsForHostFromDB( ip, proto ): # if we are running nmap we need to purge previous portscan results (of the same protocol) self.logic.deleteAllPortsAndScriptsForHostFromDB( hostid, proto) tabtitle = self.settings.hostActions[i][1] self.runCommand( name, tabtitle, ip, '', '', command, getTimestamp(True), outputfile, self.view.createNewTabForHost(ip, tabtitle, invisibleTab)) break
def run(self): while self.processing == True: self.sleep(1) # effectively a semaphore self.processing = True for i in range(0, len(self.urls)): try: url = self.urls.pop(0) outputfile = getTimestamp() + '-screenshot-' + url.replace( ':', '-') + '.png' ip = url.split(':')[0] port = url.split(':')[1] if isHttps(ip, port): self.save("https://" + url, ip, port, outputfile) else: self.save("http://" + url, ip, port, outputfile) except Exception as e: self.tsLog('Unable to take the screenshot. Moving on..') self.tsLog(e) continue self.processing = False if not len( self.urls ) == 0: # if meanwhile urls were added to the queue, start over unless we are in pause mode self.run() self.tsLog('Finished.')
def handleServiceNameAction(self, targets, actions, action, restoring=True): if action.text() == 'Take screenshot': for ip in targets: url = ip[0] + ':' + ip[1] self.screenshooter.addToQueue(url) self.screenshooter.start() return elif action.text() == 'Open in browser': for ip in targets: url = ip[0] + ':' + ip[1] self.browser.addToQueue(url) self.browser.start() return for i in range(0, len(actions)): if action == actions[i][1]: srvc_num = actions[i][0] for ip in targets: tool = self.settings.portActions[srvc_num][1] tabtitle = self.settings.portActions[srvc_num][ 1] + " (" + ip[1] + "/" + ip[2] + ")" outputfile = self.logic.runningfolder + "/" + re.sub( "[^0-9a-zA-Z]", "", str(tool)) + "/" + getTimestamp( ) + '-' + tool + "-" + ip[0] + "-" + ip[1] command = str(self.settings.portActions[srvc_num][2]) command = command.replace('[IP]', ip[0]).replace( '[PORT]', ip[1]).replace('[OUTPUT]', outputfile) if 'nmap' in command and ip[2] == 'udp': command = command.replace("-sV", "-sVU") if 'nmap' in tabtitle: # we don't want to show nmap tabs restoring = True self.runCommand( tool, tabtitle, ip[0], ip[1], ip[2], command, getTimestamp(True), outputfile, self.view.createNewTabForHost(ip[0], tabtitle, restoring)) break
def storeProcessKillStatus(self, processId: str): session = self.dbAdapter.session() proc = session.query(process).filter_by(id=processId).first() if proc and not proc.status == 'Finished': proc.status = 'Killed' proc.endTime = getTimestamp(True) session.add(proc) self.dbAdapter.commit()
def storeProcessCancelStatus(self, processId: str): session = self.dbAdapter.session() proc = session.query(process).filter_by(id=processId).first() if proc: proc.status = 'Cancelled' proc.endTime = getTimestamp(True) session.add(proc) self.dbAdapter.commit()
def runToolsFor(self, service, ip, port, protocol='tcp'): print('\t[+] Running tools for: ' + service + ' on ' + ip + ':' + port) if service.endswith( "?" ): # when nmap is not sure it will append a ?, so we need to remove it service = service[:-1] for tool in self.settings.automatedAttacks: if service in tool[1].split(",") and protocol == tool[2]: if tool[0] == "screenshooter": url = ip + ':' + port self.screenshooter.addToQueue(url) self.screenshooter.start() else: for a in self.settings.portActions: if tool[0] == a[1]: #restoring = False tabtitle = a[1] + " (" + port + "/" + protocol + ")" outputfile = self.logic.runningfolder + "/" + re.sub( "[^0-9a-zA-Z]", "", str( tool[0])) + "/" + getTimestamp( ) + '-' + a[1] + "-" + ip + "-" + port command = str(a[2]) command = command.replace('[IP]', ip).replace( '[PORT]', port).replace('[OUTPUT]', outputfile) #if 'nmap' in tabtitle: # we don't want to show nmap tabs # restoring = True tab = self.view.ui.HostsTabWidget.tabText( self.view.ui.HostsTabWidget.currentIndex()) self.runCommand( tool[0], tabtitle, ip, port, protocol, command, getTimestamp(True), outputfile, self.view.createNewTabForHost( ip, tabtitle, not (tab == 'Hosts'))) break
def runStagedNmap(self, iprange, discovery=True, stage=1, stop=False): if not stop: textbox = self.view.createNewTabForHost( str(iprange), 'nmap (stage ' + str(stage) + ')', True) outputfile = self.logic.runningfolder + "/nmap/" + getTimestamp( ) + '-nmapstage' + str(stage) if stage == 1: # webservers/proxies ports = self.settings.tools_nmap_stage1_ports elif stage == 2: # juicy stuff that we could enumerate + db ports = self.settings.tools_nmap_stage2_ports elif stage == 3: # bruteforceable protocols + portmapper + nfs ports = self.settings.tools_nmap_stage3_ports elif stage == 4: # first 30000 ports except ones above ports = self.settings.tools_nmap_stage4_ports else: # last 35535 ports ports = self.settings.tools_nmap_stage5_ports command = "nmap " if not discovery: # is it with/without host discovery? command += "-Pn " command += "-T4 -sV " # without scripts (faster) if not stage == 1: command += "-n " # only do DNS resolution on first stage if os.geteuid() == 0: # if we are root we can run SYN + UDP scans command += "-sSU " if stage == 2: command += "-O " # only check for OS once to save time and only if we are root otherwise it fails else: command += "-sT " command += "-p " + ports + ' ' + iprange + " -oA " + outputfile self.runCommand('nmap', 'nmap (stage ' + str(stage) + ')', str(iprange), '', '', command, getTimestamp(True), outputfile, textbox, discovery, stage, stop)
def storeProcessOutput(self, process_id: str, output: str): session = self.dbAdapter.session() proc = session.query(process).filter_by(id=process_id).first() if not proc: return False proc_output = session.query(process_output).filter_by(id=process_id).first() if proc_output: self.log.info("Storing process output into db: {0}".format(str(proc_output))) proc_output.output = unicode(output) session.add(proc_output) proc.endTime = getTimestamp(True) if proc.status == "Killed" or proc.status == "Cancelled" or proc.status == "Crashed": self.dbAdapter.commit() return True else: proc.status = 'Finished' session.add(proc) self.dbAdapter.commit()
def buildHydraCommand(self, runningfolder, userlistPath, passlistPath): self.ip = self.ipTextinput.text() self.port = self.portTextinput.text() self.service = str(self.serviceComboBox.currentText()) self.command = "hydra " + self.ip + " -s " + self.port + " -o " self.outputfile = runningfolder + "/hydra/" + getTimestamp( ) + "-" + self.ip + "-" + self.port + "-" + self.service + ".txt" self.command += "\"" + self.outputfile + "\"" # deal with paths with spaces #self.service = str(self.serviceComboBox.currentText()) #if not self.service == "snmp": # no username required for snmp if not self.service in self.settings.brute_no_username_services.split( ","): if self.singleUserRadio.isChecked(): self.command += " -l " + self.usersTextinput.text() elif self.foundUsersRadio.isChecked(): self.command += " -L \"" + userlistPath + "\"" else: self.command += " -L \"" + self.userlistTextinput.text() + "\"" #if not self.service == "smtp-enum": # no password required for smtp-enum if not self.service in self.settings.brute_no_password_services.split( ","): if self.singlePassRadio.isChecked(): escaped_password = self.passwordsTextinput.text().replace( '"', '\"\"\"') #.replace("'", "\'") self.command += " -p \"" + escaped_password + "\"" elif self.foundPasswordsRadio.isChecked(): self.command += " -P \"" + passlistPath + "\"" else: self.command += " -P \"" + self.passlistTextinput.text() + "\"" if self.checkBlankPass.isChecked(): self.command += " -e n" if self.checkLoginAsPass.isChecked(): self.command += "s" elif self.checkLoginAsPass.isChecked(): self.command += " -e s" if self.checkLoopUsers.isChecked(): self.command += " -u" if self.checkExitOnValid.isChecked(): self.command += " -f" if self.checkVerbose.isChecked(): self.command += " -V" self.command += " -t " + str(self.threadsComboBox.currentText()) self.command += " " + self.service # if self.labelPath.isVisible(): # append the additional field's content, if it was visible if self.checkAddMoreOptions.isChecked(): self.command += " " + str( self.labelPath.text()) # TODO: sanitise this? #command = "echo "+escaped_password+" > /tmp/hydra-sub.txt" #os.system(str(command)) return self.command
def backupAndSave(self, newSettings): # Backup and save print('[+] Backing up old settings and saving new settings..') os.rename('./sparta.conf', './' + getTimestamp() + '-sparta.conf') self.actions = QtCore.QSettings('./sparta.conf', QtCore.QSettings.NativeFormat) self.actions.beginGroup('GeneralSettings') self.actions.setValue('default-terminal', newSettings.general_default_terminal) self.actions.setValue('tool-output-black-background', newSettings.general_tool_output_black_background) self.actions.setValue('screenshooter-timeout', newSettings.general_screenshooter_timeout) self.actions.setValue('web-services', newSettings.general_web_services) self.actions.setValue('enable-scheduler', newSettings.general_enable_scheduler) self.actions.setValue('enable-scheduler-on-import', newSettings.general_enable_scheduler_on_import) self.actions.setValue('max-fast-processes', newSettings.general_max_fast_processes) self.actions.setValue('max-slow-processes', newSettings.general_max_slow_processes) self.actions.endGroup() self.actions.beginGroup('BruteSettings') self.actions.setValue( 'store-cleartext-passwords-on-exit', newSettings.brute_store_cleartext_passwords_on_exit) self.actions.setValue('username-wordlist-path', newSettings.brute_username_wordlist_path) self.actions.setValue('password-wordlist-path', newSettings.brute_password_wordlist_path) self.actions.setValue('default-username', newSettings.brute_default_username) self.actions.setValue('default-password', newSettings.brute_default_password) self.actions.setValue('services', newSettings.brute_services) self.actions.setValue('no-username-services', newSettings.brute_no_username_services) self.actions.setValue('no-password-services', newSettings.brute_no_password_services) self.actions.endGroup() self.actions.beginGroup('StagedNmapSettings') self.actions.setValue('stage1-ports', newSettings.tools_nmap_stage1_ports) self.actions.setValue('stage2-ports', newSettings.tools_nmap_stage2_ports) self.actions.setValue('stage3-ports', newSettings.tools_nmap_stage3_ports) self.actions.setValue('stage4-ports', newSettings.tools_nmap_stage4_ports) self.actions.setValue('stage5-ports', newSettings.tools_nmap_stage5_ports) self.actions.endGroup() self.actions.beginGroup('HostActions') for a in newSettings.hostActions: self.actions.setValue(a[1], [a[0], a[2]]) self.actions.endGroup() self.actions.beginGroup('PortActions') for a in newSettings.portActions: self.actions.setValue(a[1], [a[0], a[2], a[3]]) self.actions.endGroup() self.actions.beginGroup('PortTerminalActions') for a in newSettings.portTerminalActions: self.actions.setValue(a[1], [a[0], a[2], a[3]]) self.actions.endGroup() self.actions.beginGroup('SchedulerSettings') for tool in newSettings.automatedAttacks: self.actions.setValue(tool, newSettings.automatedAttacks[tool]) self.actions.endGroup() self.actions.sync()