def __init__(self):
"""Initialize the Integer Generator."""
self.options = Options()
self.options.add_option('min_value', 0, 'Minimum integer allowed')
self.options.add_option('max_value', 255, 'Maximum integer allowed')
self._min = 0
self._max = 255
def __init__(self):
"""Initialize the Stdout class."""
self.options = Options()
self.options.add_option('separator', 'newline',
'Separator between elements',
list(self._SEPARATORS.keys()), True)
self.options.add_option('number_format', 'decimal',
'Format for numbers',
['decimal', 'hexadecimal', 'octal'])
def __init__(self):
"""Initialize the Float Generator."""
self.options = Options()
self.options.add_option('min_value', 0.0,
'Minimum floating point value allowed')
self.options.add_option('max_value', 255.0,
'Maximum floating point value allowed')
self._min = 0.0
self._max = 255.0
def __init__(self):
"""Initialize the File class."""
self.options = Options()
self.options.add_option('filename', 'acsploit_output.dat', 'The name of the file to write to')
# TODO: add more formats
self.options.add_option('separator', 'newline', 'Separator between elements',
list(self._SEPARATORS.keys()), True)
self.options.add_option('format', 'plaintext', 'The format to write output in', ['plaintext', 'binary', 'sv', 'template'])
self.options.add_option('final_newline', True, 'Whether to end the file with a newline')
self.options.add_option('number_format', 'decimal', 'Format for numbers', ['decimal', 'hexadecimal', 'octal'])
self.options.add_option('template_file', None, 'Template file to use when "format" is "template"')
self.options.add_option('template_pattern', '<ACSPLOIT>',
'Replacement pattern in template file, marks where the payload will be copied')
self.options.add_option('replace_first_only', False,
'Whether to replace only the first occurrence of template_pattern or all occurrences')
def __init__(self, hist_file):
"""Initialization and setup of ACsploit."""
self.setup_cmd2(hist_file)
self.prompt = self.make_prompt()
self.exploit = None
self.exploit_name = ''
self.input = None
self.output = None
self.options = Options()
self.defaulted_options = []
self.script_mode = False
self.shortcuts = cmd2.DEFAULT_SHORTCUTS
def __init__(self):
"""Initialize the Chracter generator."""
self.options = Options()
self.options.add_option('min_value', 'a',
'Minimum ASCII character to use')
self.options.add_option('max_value', 'z',
'Maximum ASCII character to use')
self.options.add_option('restrictions', '',
'String of characters to exclude')
self.options.add_option(
'use_whitelist', False,
'If true, only generate characters from the whitelist')
self.options.add_option(
'whitelist', '',
'String of characters to generate from if use_whitelist is True')
# char_set will be a sorted valid set of characters given the constraints set in options
# char_set must be updated by calling prepare() if options change
self._char_set = string.ascii_lowercase
def __init__(self):
"""Initialize the Socket class."""
self.options = Options()
self.options.add_option('host', '127.0.0.1', 'Host to connect to')
self.options.add_option('port', 80, 'Port to connect to')
self.options.add_option('ip_version', 'IPv4', 'Version of IP to use',
['IPv4', 'IPv6'])
self.options.add_option('separator', 'newline',
'Separator between elements',
list(self._SEPARATORS.keys()), True)
self.options.add_option(
'final_separator', False,
'Whether to end output with an instance of the separator')
self.options.add_option(
'await_banner', False,
'Receive a banner message from the server before sending data')
self.options.add_option('number_format', 'decimal',
'Format for numbers',
['decimal', 'hexadecimal', 'octal'])
def __init__(self):
"""Initialize the String Generator."""
self.options = Options()
self.options.add_option('min_length', 1, 'Minimum string length')
self.options.add_option('max_length', 10, 'Maximum string length')
self.options.add_option('min_value', 'a',
'Minimum ASCII character to use')
self.options.add_option('max_value', 'z',
'Maximum ASCII character to use')
self.options.add_option('restrictions', '',
'String of characters to exclude')
self.options.add_option(
'use_whitelist', False,
'If True, only generate characters from the whitelist')
self.options.add_option(
'whitelist', '',
'String of characters to generate from if use_whitelist is True')
self.char_gen = CharGenerator()
self.prepare()
def __init__(self):
"""Initialize the Http class."""
self.options = Options()
self.options.add_option('url', 'http://127.0.0.1:80/',
'Host to connect to')
self.options.add_option('separator', 'newline',
'Separator between elements',
list(self._SEPARATORS.keys()), True)
self.options.add_option(
'final_separator', False,
'Whether to end output with an instance of the separator')
self.options.add_option('number_format', 'decimal',
'Format for numbers',
['decimal', 'hexadecimal', 'octal'])
# TODO - eventually support PUT, DELETE, HEAD, and OPTIONS, since requests easily handles those
self.options.add_option('http_method', 'GET',
'Type of HTTP request to make',
['POST', 'GET'])
self.options.add_option('content_type', '',
'Content-Type header for the HTTP request')
self.options.add_option('url_param_name', 'param',
'Name of URL arg(s) to use')
self.options.add_option(
'spread_params', True,
'Put each output in its own URL arg, as opposed to all in one')
self.options.add_option('use_body', False,
'Put exploit output in body, not URL args')
self.options.add_option('print_request', False, 'Print HTTP request')
self.options.add_option('send_request', True, 'Send HTTP request')
self.options.add_option('n_requests', 1,
'Total number of times to send the request')
self.options.add_option('n_parallel', 1,
'Number of requests to send simultaneously')
import os
from acsploit.options import Options
options = Options()
options.add_option('file_format', 'sh', 'Format for fork bomb', [
'bash', 'bat', 'c', 'cc', 'cs', 'erl', 'fasm', 'go', 'hs', 'html', 'java',
'js', 'lsp', 'lua', 'mdb', 'php', 'pl', 'py', 'r', 'rb', 'rs', 's', 'scm',
'sh', 'vbs'
])
DESCRIPTION = 'Produces a fork bomb in one of many formats.\n\n Fork bombs cause denial of service by forking processes' \
'infinitely, depleting available system resources. Fork bombs are also known as "rabbit viruses" or ' \
'"wabbits". ACsploit provides canned fork bombs in ' \
'a variety of programming languages shown through the "file_format" option.'
NO_INPUT = True
DEFAULT_OUTPUT = 'file'
DEFAULT_OUTPUT_OPTIONS = {'final_newline': False}
def run(output):
ret = fork_bomb(options['file_format'])
output.output([ret])
# Returns contents of fork bomb with the given format. Fork bombs found at https://github.com/aaronryank/fork-bomb/
def fork_bomb(file_format):
filename = 'fork-bomb.' + file_format
with open(
os.path.join(os.path.dirname(os.path.realpath(__file__)),
def __init__(self):
"""Initialize the Regex Generator."""
self.options = Options()
self.options.add_option('regex', '.*',
'Generated strings will match this regex')
def update_exploit(self, exploit_name):
"""Sets the exploit name as the current exploit and restores saved settings or sets default values."""
if exploit_name not in ACsploit.exploits:
eprint((colorize('Exploit ' + exploit_name + ' does not exist',
'red')))
return
# save current input/output and to current exploit in private variables
# this allows restoration of the current settings if the exploit is used again
if self.exploit is not None:
self.exploit._ACsploit_exploit_settings = {
'input': self.input,
'output': self.output,
'options': self.options,
'defaulted_options': self.defaulted_options,
}
# set the new exploit; restore previous input/output
self.exploit_name = exploit_name
self.exploit = ACsploit.exploits[exploit_name]
self.prompt = self.make_prompt(exploit_name)
eprint(colorize('exploit => %s' % exploit_name, 'cyan'))
if hasattr(self.exploit, '_ACsploit_exploit_settings'):
self.input = self.exploit._ACsploit_exploit_settings['input']
self.output = self.exploit._ACsploit_exploit_settings['output']
self.options = self.exploit._ACsploit_exploit_settings['options']
self.defaulted_options = self.exploit._ACsploit_exploit_settings[
'defaulted_options']
else:
input_desc = 'Input generator to use with exploits'
output_desc = 'Output generator to use with exploits'
self.defaulted_options = []
self.options = Options()
# set default input and output for new exploit, if any
if hasattr(self.exploit, 'NO_INPUT') and self.exploit.NO_INPUT:
self.input = None
elif hasattr(self.exploit, 'DEFAULT_INPUT'):
self.options.add_option('input',
self.exploit.DEFAULT_INPUT, input_desc,
list(ACsploit.inputs.keys()))
self.defaulted_options.append('input')
self.input = ACsploit.inputs[self.exploit.DEFAULT_INPUT]()
else:
# We set string as the default input, but do not warn if this option is changed
self.options.add_option('input', 'string', input_desc,
list(ACsploit.inputs.keys()))
self.input = ACsploit.inputs['string']()
if hasattr(self.exploit, 'NO_OUTPUT') and self.exploit.NO_OUTPUT:
self.output = None
elif hasattr(self.exploit, 'DEFAULT_OUTPUT'):
self.options.add_option('output', self.exploit.DEFAULT_OUTPUT,
output_desc,
list(ACsploit.outputs.keys()))
self.defaulted_options.append('output')
self.output = ACsploit.outputs[self.exploit.DEFAULT_OUTPUT]()
else:
# We set stdout as the default output, but do not warn if this option is changed
self.options.add_option('output', 'stdout', output_desc,
list(ACsploit.outputs.keys()))
self.output = ACsploit.outputs['stdout']()
# set defaults for input and output settings for new exploit, if any
if hasattr(self.exploit, 'DEFAULT_INPUT_OPTIONS'):
for option, value in self.exploit.DEFAULT_INPUT_OPTIONS.items(
):
self.input.set_option(option, value)
self.defaulted_options.append('input.%s' % option)
if hasattr(self.exploit, 'DEFAULT_OUTPUT_OPTIONS'):
for option, value in self.exploit.DEFAULT_OUTPUT_OPTIONS.items(
):
self.output.options.set_value(option, value)
self.defaulted_options.append('output.%s' % option)