def storeScreenshot(self, ip: str, port: str, filename: str):
p = process(0, "screenshooter", "screenshot (" + str(port) + "/tcp)", str(ip), str(port), "tcp", "",
getTimestamp(True), getTimestamp(True), str(filename), "Finished", [process_output()], 2, 0)
session = self.dbAdapter.session()
session.add(p)
session.commit()
return p.id
def addHosts(self, iprange, runHostDiscovery, runStagedNmap):
if iprange == '':
print('[-] No hosts entered..')
return
if runStagedNmap:
self.runStagedNmap(iprange, runHostDiscovery)
elif runHostDiscovery:
outputfile = self.logic.runningfolder + "/nmap/" + getTimestamp(
) + '-host-discover'
command = "nmap -n -sn -T4 " + iprange + " -oA " + outputfile
self.runCommand(
'nmap', 'nmap (discovery)', iprange, '', '', command,
getTimestamp(True), outputfile,
self.view.createNewTabForHost(str(iprange), 'nmap (discovery)',
True))
else:
outputfile = self.logic.runningfolder + "/nmap/" + getTimestamp(
) + '-nmap-list'
command = "nmap -n -sL " + iprange + " -oA " + outputfile
self.runCommand(
'nmap', 'nmap (list)', iprange, '', '', command,
getTimestamp(True), outputfile,
self.view.createNewTabForHost(str(iprange), 'nmap (list)',
True))
def handleHostAction(self, ip, hostid, actions, action):
if action.text() == 'Mark as checked' or action.text(
) == 'Mark as unchecked':
self.logic.toggleHostCheckStatus(ip)
self.view.updateInterface()
return
if action.text() == 'Run nmap (staged)':
print(
'[+] Purging previous portscan data for ' + str(ip)
) # if we are running nmap we need to purge previous portscan results
if self.logic.getPortsForHostFromDB(ip, 'tcp'):
self.logic.deleteAllPortsAndScriptsForHostFromDB(hostid, 'tcp')
if self.logic.getPortsForHostFromDB(ip, 'udp'):
self.logic.deleteAllPortsAndScriptsForHostFromDB(hostid, 'udp')
self.runStagedNmap(ip, False)
return
for i in range(0, len(actions)):
if action == actions[i]:
name = self.settings.hostActions[i][1]
invisibleTab = False
if 'nmap' in name: # to make sure different nmap scans appear under the same tool name
name = 'nmap'
invisibleTab = True
# remove all chars that are not alphanumeric from tool name (used in the outputfile's name)
outputfile = self.logic.runningfolder + "/" + re.sub(
"[^0-9a-zA-Z]", "",
str(name)) + "/" + getTimestamp() + "-" + re.sub(
"[^0-9a-zA-Z]", "", str(
self.settings.hostActions[i][1])) + "-" + ip
command = str(self.settings.hostActions[i][2])
command = command.replace('[IP]',
ip).replace('[OUTPUT]', outputfile)
# check if same type of nmap scan has already been made and purge results before scanning
if 'nmap' in command:
proto = 'tcp'
if '-sU' in command:
proto = 'udp'
if self.logic.getPortsForHostFromDB(
ip, proto
): # if we are running nmap we need to purge previous portscan results (of the same protocol)
self.logic.deleteAllPortsAndScriptsForHostFromDB(
hostid, proto)
tabtitle = self.settings.hostActions[i][1]
self.runCommand(
name, tabtitle, ip, '', '', command, getTimestamp(True),
outputfile,
self.view.createNewTabForHost(ip, tabtitle, invisibleTab))
break
def run(self):
while self.processing == True:
self.sleep(1) # effectively a semaphore
self.processing = True
for i in range(0, len(self.urls)):
try:
url = self.urls.pop(0)
outputfile = getTimestamp() + '-screenshot-' + url.replace(
':', '-') + '.png'
ip = url.split(':')[0]
port = url.split(':')[1]
if isHttps(ip, port):
self.save("https://" + url, ip, port, outputfile)
else:
self.save("http://" + url, ip, port, outputfile)
except Exception as e:
self.tsLog('Unable to take the screenshot. Moving on..')
self.tsLog(e)
continue
self.processing = False
if not len(
self.urls
) == 0: # if meanwhile urls were added to the queue, start over unless we are in pause mode
self.run()
self.tsLog('Finished.')
def handleServiceNameAction(self,
targets,
actions,
action,
restoring=True):
if action.text() == 'Take screenshot':
for ip in targets:
url = ip[0] + ':' + ip[1]
self.screenshooter.addToQueue(url)
self.screenshooter.start()
return
elif action.text() == 'Open in browser':
for ip in targets:
url = ip[0] + ':' + ip[1]
self.browser.addToQueue(url)
self.browser.start()
return
for i in range(0, len(actions)):
if action == actions[i][1]:
srvc_num = actions[i][0]
for ip in targets:
tool = self.settings.portActions[srvc_num][1]
tabtitle = self.settings.portActions[srvc_num][
1] + " (" + ip[1] + "/" + ip[2] + ")"
outputfile = self.logic.runningfolder + "/" + re.sub(
"[^0-9a-zA-Z]", "", str(tool)) + "/" + getTimestamp(
) + '-' + tool + "-" + ip[0] + "-" + ip[1]
command = str(self.settings.portActions[srvc_num][2])
command = command.replace('[IP]', ip[0]).replace(
'[PORT]', ip[1]).replace('[OUTPUT]', outputfile)
if 'nmap' in command and ip[2] == 'udp':
command = command.replace("-sV", "-sVU")
if 'nmap' in tabtitle: # we don't want to show nmap tabs
restoring = True
self.runCommand(
tool, tabtitle, ip[0], ip[1], ip[2], command,
getTimestamp(True), outputfile,
self.view.createNewTabForHost(ip[0], tabtitle,
restoring))
break
def storeProcessKillStatus(self, processId: str):
session = self.dbAdapter.session()
proc = session.query(process).filter_by(id=processId).first()
if proc and not proc.status == 'Finished':
proc.status = 'Killed'
proc.endTime = getTimestamp(True)
session.add(proc)
self.dbAdapter.commit()
def storeProcessCancelStatus(self, processId: str):
session = self.dbAdapter.session()
proc = session.query(process).filter_by(id=processId).first()
if proc:
proc.status = 'Cancelled'
proc.endTime = getTimestamp(True)
session.add(proc)
self.dbAdapter.commit()
def runToolsFor(self, service, ip, port, protocol='tcp'):
print('\t[+] Running tools for: ' + service + ' on ' + ip + ':' + port)
if service.endswith(
"?"
): # when nmap is not sure it will append a ?, so we need to remove it
service = service[:-1]
for tool in self.settings.automatedAttacks:
if service in tool[1].split(",") and protocol == tool[2]:
if tool[0] == "screenshooter":
url = ip + ':' + port
self.screenshooter.addToQueue(url)
self.screenshooter.start()
else:
for a in self.settings.portActions:
if tool[0] == a[1]:
#restoring = False
tabtitle = a[1] + " (" + port + "/" + protocol + ")"
outputfile = self.logic.runningfolder + "/" + re.sub(
"[^0-9a-zA-Z]", "", str(
tool[0])) + "/" + getTimestamp(
) + '-' + a[1] + "-" + ip + "-" + port
command = str(a[2])
command = command.replace('[IP]', ip).replace(
'[PORT]',
port).replace('[OUTPUT]', outputfile)
#if 'nmap' in tabtitle: # we don't want to show nmap tabs
# restoring = True
tab = self.view.ui.HostsTabWidget.tabText(
self.view.ui.HostsTabWidget.currentIndex())
self.runCommand(
tool[0], tabtitle, ip, port, protocol, command,
getTimestamp(True), outputfile,
self.view.createNewTabForHost(
ip, tabtitle, not (tab == 'Hosts')))
break
def runStagedNmap(self, iprange, discovery=True, stage=1, stop=False):
if not stop:
textbox = self.view.createNewTabForHost(
str(iprange), 'nmap (stage ' + str(stage) + ')', True)
outputfile = self.logic.runningfolder + "/nmap/" + getTimestamp(
) + '-nmapstage' + str(stage)
if stage == 1: # webservers/proxies
ports = self.settings.tools_nmap_stage1_ports
elif stage == 2: # juicy stuff that we could enumerate + db
ports = self.settings.tools_nmap_stage2_ports
elif stage == 3: # bruteforceable protocols + portmapper + nfs
ports = self.settings.tools_nmap_stage3_ports
elif stage == 4: # first 30000 ports except ones above
ports = self.settings.tools_nmap_stage4_ports
else: # last 35535 ports
ports = self.settings.tools_nmap_stage5_ports
command = "nmap "
if not discovery: # is it with/without host discovery?
command += "-Pn "
command += "-T4 -sV " # without scripts (faster)
if not stage == 1:
command += "-n " # only do DNS resolution on first stage
if os.geteuid() == 0: # if we are root we can run SYN + UDP scans
command += "-sSU "
if stage == 2:
command += "-O " # only check for OS once to save time and only if we are root otherwise it fails
else:
command += "-sT "
command += "-p " + ports + ' ' + iprange + " -oA " + outputfile
self.runCommand('nmap', 'nmap (stage ' + str(stage) + ')',
str(iprange), '', '', command, getTimestamp(True),
outputfile, textbox, discovery, stage, stop)
def storeProcessOutput(self, process_id: str, output: str):
session = self.dbAdapter.session()
proc = session.query(process).filter_by(id=process_id).first()
if not proc:
return False
proc_output = session.query(process_output).filter_by(id=process_id).first()
if proc_output:
self.log.info("Storing process output into db: {0}".format(str(proc_output)))
proc_output.output = unicode(output)
session.add(proc_output)
proc.endTime = getTimestamp(True)
if proc.status == "Killed" or proc.status == "Cancelled" or proc.status == "Crashed":
self.dbAdapter.commit()
return True
else:
proc.status = 'Finished'
session.add(proc)
self.dbAdapter.commit()
def buildHydraCommand(self, runningfolder, userlistPath, passlistPath):
self.ip = self.ipTextinput.text()
self.port = self.portTextinput.text()
self.service = str(self.serviceComboBox.currentText())
self.command = "hydra " + self.ip + " -s " + self.port + " -o "
self.outputfile = runningfolder + "/hydra/" + getTimestamp(
) + "-" + self.ip + "-" + self.port + "-" + self.service + ".txt"
self.command += "\"" + self.outputfile + "\"" # deal with paths with spaces
#self.service = str(self.serviceComboBox.currentText())
#if not self.service == "snmp": # no username required for snmp
if not self.service in self.settings.brute_no_username_services.split(
","):
if self.singleUserRadio.isChecked():
self.command += " -l " + self.usersTextinput.text()
elif self.foundUsersRadio.isChecked():
self.command += " -L \"" + userlistPath + "\""
else:
self.command += " -L \"" + self.userlistTextinput.text() + "\""
#if not self.service == "smtp-enum": # no password required for smtp-enum
if not self.service in self.settings.brute_no_password_services.split(
","):
if self.singlePassRadio.isChecked():
escaped_password = self.passwordsTextinput.text().replace(
'"', '\"\"\"') #.replace("'", "\'")
self.command += " -p \"" + escaped_password + "\""
elif self.foundPasswordsRadio.isChecked():
self.command += " -P \"" + passlistPath + "\""
else:
self.command += " -P \"" + self.passlistTextinput.text() + "\""
if self.checkBlankPass.isChecked():
self.command += " -e n"
if self.checkLoginAsPass.isChecked():
self.command += "s"
elif self.checkLoginAsPass.isChecked():
self.command += " -e s"
if self.checkLoopUsers.isChecked():
self.command += " -u"
if self.checkExitOnValid.isChecked():
self.command += " -f"
if self.checkVerbose.isChecked():
self.command += " -V"
self.command += " -t " + str(self.threadsComboBox.currentText())
self.command += " " + self.service
# if self.labelPath.isVisible(): # append the additional field's content, if it was visible
if self.checkAddMoreOptions.isChecked():
self.command += " " + str(
self.labelPath.text()) # TODO: sanitise this?
#command = "echo "+escaped_password+" > /tmp/hydra-sub.txt"
#os.system(str(command))
return self.command
def backupAndSave(self, newSettings):
# Backup and save
print('[+] Backing up old settings and saving new settings..')
os.rename('./sparta.conf', './' + getTimestamp() + '-sparta.conf')
self.actions = QtCore.QSettings('./sparta.conf',
QtCore.QSettings.NativeFormat)
self.actions.beginGroup('GeneralSettings')
self.actions.setValue('default-terminal',
newSettings.general_default_terminal)
self.actions.setValue('tool-output-black-background',
newSettings.general_tool_output_black_background)
self.actions.setValue('screenshooter-timeout',
newSettings.general_screenshooter_timeout)
self.actions.setValue('web-services', newSettings.general_web_services)
self.actions.setValue('enable-scheduler',
newSettings.general_enable_scheduler)
self.actions.setValue('enable-scheduler-on-import',
newSettings.general_enable_scheduler_on_import)
self.actions.setValue('max-fast-processes',
newSettings.general_max_fast_processes)
self.actions.setValue('max-slow-processes',
newSettings.general_max_slow_processes)
self.actions.endGroup()
self.actions.beginGroup('BruteSettings')
self.actions.setValue(
'store-cleartext-passwords-on-exit',
newSettings.brute_store_cleartext_passwords_on_exit)
self.actions.setValue('username-wordlist-path',
newSettings.brute_username_wordlist_path)
self.actions.setValue('password-wordlist-path',
newSettings.brute_password_wordlist_path)
self.actions.setValue('default-username',
newSettings.brute_default_username)
self.actions.setValue('default-password',
newSettings.brute_default_password)
self.actions.setValue('services', newSettings.brute_services)
self.actions.setValue('no-username-services',
newSettings.brute_no_username_services)
self.actions.setValue('no-password-services',
newSettings.brute_no_password_services)
self.actions.endGroup()
self.actions.beginGroup('StagedNmapSettings')
self.actions.setValue('stage1-ports',
newSettings.tools_nmap_stage1_ports)
self.actions.setValue('stage2-ports',
newSettings.tools_nmap_stage2_ports)
self.actions.setValue('stage3-ports',
newSettings.tools_nmap_stage3_ports)
self.actions.setValue('stage4-ports',
newSettings.tools_nmap_stage4_ports)
self.actions.setValue('stage5-ports',
newSettings.tools_nmap_stage5_ports)
self.actions.endGroup()
self.actions.beginGroup('HostActions')
for a in newSettings.hostActions:
self.actions.setValue(a[1], [a[0], a[2]])
self.actions.endGroup()
self.actions.beginGroup('PortActions')
for a in newSettings.portActions:
self.actions.setValue(a[1], [a[0], a[2], a[3]])
self.actions.endGroup()
self.actions.beginGroup('PortTerminalActions')
for a in newSettings.portTerminalActions:
self.actions.setValue(a[1], [a[0], a[2], a[3]])
self.actions.endGroup()
self.actions.beginGroup('SchedulerSettings')
for tool in newSettings.automatedAttacks:
self.actions.setValue(tool, newSettings.automatedAttacks[tool])
self.actions.endGroup()
self.actions.sync()
