def prepare(self):
try:
Logger.info("Preparing " + self.name + "...")
self._prepare()
except Exception as e:
self.failed("Failed to Prepare Exploit! (Message: " + str(e) + ")",
plain=True)
self.is_prepared = True
def _run(self):
Logger.info("Running " + self.name + "...")
response = self.listener.read()
print(response)
if "test" in response:
self.after()
else:
self.failed()
def _prepare(self):
if self.args.target is None:
self.failed(
"You need to specify a target with --target <target> !")
if self.args.port is None:
Logger.info("No port specified, using standard port 22")
self.port = 22
else:
self.port = int(self.args.port)
try:
self.target = RemoteTarget(self.args.target, self.port)
self.target.connect()
except Exception as e:
self.failed("Failed to connect to the SSH server at " +
self.args.target + ":" + str(self.port) + "! (" +
str(e) + ")")
def run(self):
if not self.is_prepared:
self.prepare()
if self.has_failed:
return
print()
Logger.info("Running " + self.name + "...")
self.start_time = int(time.time())
try:
if not self._run():
self._failed(str("Run returned false"))
except Exception as e:
tb = traceback.format_exc()
Logger.error(tb)
self._failed(str(e))
self._after()
def _run(self):
subdomains = []
Logger.info("Gathering subdomains for " + str(self.target) + "...")
r = requests.get(
"https://crt.sh/?q=%.{d}&output=json".format(d=self.target))
if r.status_code != 200:
self.failed("Failed to retrieve information from crt.sh (" +
req.status_code + ")")
return
json_data = json.loads('[{}]'.format(r.text.replace('}{', '},{')))
for (key, value) in enumerate(json_data):
subdomains.append(value['name_value'])
# Delete duplicates
subdomains = sorted(set(subdomains))
print()
Logger.info("Found " + str(len(subdomains)) +
" subdomains for domain " + self.target)
for subdomain in subdomains:
Logger.info(subdomain)
def _run(self):
self.target.send(b'WhoAreYou\r\n')
Logger.info(self.args.target + ":" + str(self.port) + " - " +
self.target.read())
def _run(self):
Logger.info("Connecting to FTP Server...")
self.ftp.connect(None, None)
Logger.info("Logged into FTP Server " + self.ftp.host + ":" + str(self.ftp.port))
Logger.info("Testing download...")
self.ftp.download("1KB.zip", local_filename="1KB.zip")
Logger.info("Done downloading...")
if os.path.getsize("1KB.zip") > 0:
Logger.info("Download should have worked (Check manually)")
Logger.info("Testing cd...")
self.ftp.cd("upload")
Logger.info("Testing upload...")
self.ftp.upload("1KB.zip")
Logger.info("Done uploading...")
Logger.info("Testing ls...")
print(self.ftp.ls())
#!/usr/bin/python3
import argparse
import importlib.util
import os
import sys
from treelib.tree import Tree, DuplicatedNodeIdError
from core.exploits.ExploitCategory import ExploitCategory
from core.logger.Logger import Logger
from core.logger import Colors
from core.ui.Banner import Banner
Banner.print_banner()
Logger.info("Initializing LolcatSec Exploits Framework...")
categories = {}
exploits = {}
parser = argparse.ArgumentParser()
parser.add_argument("--verbose",
"-v",
"-d",
help="Enabled verbose output",
action="store_true")
parser.add_argument("--exploit",
"-e",
help="Skip the exploit list, just run the given exploit",
default="")
parser.add_argument("--info", "-i", help="Show the about page of an exploit")
def _prepare(self):
Logger.info("Preparing " + self.name + "...")
self.listener = SocketListener(8383)
self.listener.listen()