def __init__(self):
self.parser = parser()
self.config = config()
self.badges = badges()
self.colors = colors()
self.colors_script = colors_script()
class HatSploitCommand(HatSploitCommand):
config = config()
local_storage = local_storage()
history = config.path_config['base_paths']['history_path']
storage_path = config.path_config['base_paths']['storage_path']
global_storage = global_storage(storage_path)
usage = ""
usage += "history <option>\n\n"
usage += " -l, --list List all history.\n"
usage += " -c, --clear Clear all history.\n"
usage += " on/off Turn history on/off.\n"
details = {
'Category': "developer",
'Name': "history",
'Description': "Manage HatSploit history.",
'Usage': usage,
'MinArgs': 1
}
def run(self, argc, argv):
option = argv[0]
if option == "on":
self.local_storage.set("history", True)
self.global_storage.set("history", True)
self.badges.output_information("HatSploit history: on")
elif option == "off":
self.local_storage.set("history", False)
self.global_storage.set("history", False)
self.badges.output_information("HatSploit history: off")
elif option in ['-c', '--clear']:
readline.clear_history()
with open(self.history, 'w') as history:
history.write("")
elif option in ['-l', '--list']:
using_history = self.local_storage.get("history")
if using_history:
if readline.get_current_history_length() > 0:
self.badges.output_information("HatSploit history:")
history_file = open(self.history, 'r')
history = [x.strip() for x in history_file.readlines()]
history_file.close()
for line in history:
self.badges.output_empty(" * " + line)
for index in range(1,
readline.get_current_history_length()):
self.badges.output_empty(
" * " + readline.get_history_item(index))
else:
self.badges.output_warning("HatSploit history empty.")
else:
self.badges.output_warning("No history detected.")
else:
self.badges.output_usage(self.details['Usage'])
def __init__(self):
self.db = db()
self.badges = badges()
self.local_storage = local_storage()
self.config = config()
self.modules = modules()
self.exceptions = exceptions()
self.tcp = tcp()
class HatSploitModule(HatSploitModule):
config = config()
http = http()
details = {
'Name': "Directory Scanner",
'Module': "auxiliary/multi/scanner/directory_scanner",
'Authors': ['enty8080'],
'Description': "Website directory scanner.",
'Dependencies': [''],
'Comments': [''],
'Risk': "medium"
}
options = {
'URL': {
'Description': "Target URL.",
'Value': None,
'Type': None,
'Required': True
}
}
def run(self):
target_url = self.parser.parse_options(self.options)
self.badges.output_process("Scanning " + target_url + "...")
if not self.http.check_url_access(target_url):
self.badges.output_error("Failed to scan!")
return
file = open(
self.config.path_config['base_paths']['data_path'] +
'modules/auxiliary/multi/scanner/directory_scanner/directories.txt'
)
directories = list(filter(None, file.read().split('\n')))
file.close()
for path in directories:
response = self.http.http_request(method="HEAD",
url=target_url,
path=path)
if response.status_code == 200:
self.badges.output_success(
"[%s] ... [%s %s]" %
(path, response.status_code, response.reason))
else:
self.badges.output_warning(
"[%s] ... [%s %s]" %
(path, response.status_code, response.reason))
def __init__(self):
self.io = io()
self.tip = tip()
self.jobs = jobs()
self.execute = execute()
self.loader = loader()
self.config = config()
self.badges = badges()
self.banner = banner()
self.colors = colors()
self.local_storage = local_storage()
self.modules = modules()
self.exceptions = exceptions()
self.history = self.config.path_config['base_paths']['history_path']
def __init__(self, local_host, local_port, client):
self.local_host = local_host
self.local_port = local_port
self.client = client
self.badges = badges()
self.config = config()
self.exceptions = exceptions()
self.tcp = tcp()
self.first_stage = "uname -smp"
self.first_stage_size = self.helper.len_line(self.first_stage)
self.second_stage = self.config.path_config['base_paths'][
'data_path'] + "modules/exploit/linux/stager/membrane_reverse_tcp/bin/"
self.second_stage_size = self.helper.len_file(self.second_stage)
self.second_stage_path = "/private/var/tmp/." + binascii.hexlify(
os.urandom(8)).decode()
# Copyright (c) 2020-2021 EntySec # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in all # copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. # from core.base.config import config config = config() config.configure() from tests.perform_tests import perform_tests perform_tests = perform_tests() perform_tests.perform_tests()
def __init__(self):
self.config = config()
self.http_client = requests.request
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
def __init__(self):
self.badges = badges()
self.importer = importer()
self.config = config()
def __init__(self):
self.config = config()
self.formats = {
'elf': self.generate_elf,
'macho': self.generate_macho,
'c': self.generate_c
}
self.macho_templates = {
'x64':
self.config.path_config['base_paths']['data_path'] +
"utils/payload/payload/templates/macho_x64.bin",
'aarch64':
self.config.path_config['base_paths']['data_path'] +
"utils/payload/payload/templates/macho_aarch64.bin"
}
self.elf_headers = {
'armle':
(b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x02\x00\x28\x00\x01\x00\x00\x00\x54\x80\x00\x00\x34\x00\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00\x00"
b"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00"
b"\x00\x80\x00\x00\xef\xbe\xad\xde\xef\xbe\xad\xde\x07\x00\x00\x00"
b"\x00\x10\x00\x00"),
'mipsbe':
(b"\x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x02\x00\x08\x00\x00\x00\x01\x00\x40\x00\x54\x00\x00\x00\x34"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x40\x00\x00"
b"\x00\x40\x00\x00\xde\xad\xbe\xef\xde\xad\xbe\xef\x00\x00\x00\x07"
b"\x00\x00\x10\x00"),
'mipsle':
(b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x02\x00\x08\x00\x01\x00\x00\x00\x54\x00\x40\x00\x34\x00\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00\x00"
b"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00"
b"\x00\x00\x40\x00\xef\xbe\xad\xde\xef\xbe\xad\xde\x07\x00\x00\x00"
b"\x00\x10\x00\x00"),
'x86':
(b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x02\x00\x03\x00\x01\x00\x00\x00\x54\x80\x04\x08\x34\x00\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00\x00"
b"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x08"
b"\x00\x80\x04\x08\xef\xbe\xad\xde\xef\xbe\xad\xde\x07\x00\x00\x00"
b"\x00\x10\x00\x00"),
'aarch64':
(b"\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x02\x00\xb7\x00\x00\x00\x00\x00\x78\x00\x00\x00\x00\x00\x00\x00"
b"\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x00\x00\x40\x00\x38\x00\x01\x00\x00\x00\x00\x00\x00\x00"
b"\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\xef\xbe\xad\xde\x00\x00\x00\x00\xef\xbe\xad\xde\x00\x00\x00\x00"
b"\x00\x10\x00\x00\x00\x00\x00\x00"),
'x64':
(b"\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x02\x00\x3e\x00\x01\x00\x00\x00\x78\x00\x40\x00\x00\x00\x00\x00"
b"\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x00\x00\x40\x00\x38\x00\x01\x00\x00\x00\x00\x00\x00\x00"
b"\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00"
b"\x41\x41\x41\x41\x41\x41\x41\x41\x42\x42\x42\x42\x42\x42\x42\x42"
b"\x00\x10\x00\x00\x00\x00\x00\x00")
}
class HatSploitCommand(HatSploitCommand):
config = config()
storage_path = config.path_config['base_paths']['storage_path']
local_storage = local_storage()
global_storage = global_storage(storage_path)
usage = ""
usage += "storage [global|local] <option> [arguments]\n\n"
usage += " -l, --list List all storage variables.\n"
usage += " -v, --value <name> Show specified storage variable value.\n"
usage += " -s, --set <name> <value> Set storage veriable value.\n"
usage += " -d, --delete <name> Delete storage variable.\n"
details = {
'Category': "developer",
'Name': "storage",
'Description': "Manage storage variables.",
'Usage': usage,
'MinArgs': 2
}
def run(self, argc, argv):
type_of_storage = argv[0]
if type_of_storage == "global":
choice = argv[1]
if choice in ['-l', '--list']:
self.badges.output_information("Global storage variables:")
for variable in self.global_storage.get_all():
if not str.startswith(variable, '__') and not str.endswith(variable, '__'):
self.badges.output_empty(" * " + variable)
elif choice in ['-v', '--value']:
if argc < 3:
self.badges.output_usage(self.details['Usage'])
else:
if argv[2] in self.global_storage.get_all():
self.badges.output_information(argv[2] + " = " + str(
self.global_storage.get(argv[2])))
elif choice in ['-s', '--set']:
if argc < 4:
self.badges.output_usage(self.details['Usage'])
else:
self.global_storage.set(argv[2], argv[3])
elif choice in ['-d', '--delete']:
if argc < 3:
self.badges.output_usage(self.details['Usage'])
else:
if argv[2] in self.global_storage.get_all():
self.global_storage.delete(argv[2])
else:
self.badges.output_error("Invalid storage variable name!")
else:
self.badges.output_usage(self.details['Usage'])
elif type_of_storage == "local":
choice = argv[1]
if choice in ['-l', '--list']:
self.badges.output_information("Local storage variables:")
for variable in self.local_storage.get_all():
if not str.startswith(variable, '__') and not str.endswith(variable, '__'):
self.badges.output_empty(" * " + variable)
elif choice in ['-v', '--value']:
if argc < 3:
self.badges.output_usage(self.details['Usage'])
else:
if argv[2] in self.local_storage.get_all():
self.badges.output_information(argv[2] + " = " + str(
self.local_storage.get(argv[2])))
else:
self.badges.output_error("Invalid storage variable name!")
elif choice in ['-s', '--set']:
if argc < 4:
self.badges.output_usage(self.details['Usage'])
else:
self.local_storage.set(argv[2], argv[3])
elif choice in ['-d', '--delete']:
if argc < 3:
self.badges.output_usage(self.details['Usage'])
else:
if argv[2] in self.local_storage.get_all():
self.local_storage.delete(argv[2])
else:
self.badges.output_error("Invalid storage variable name!")
else:
self.badges.output_usage(self.details['Usage'])
else:
self.badges.output_usage(self.details['Usage'])