def do_contributors(self, args):
"""
Display a list of Mercury contributors.
"""
argv = shlex.split(args, comments=True)
if len(argv) == 1 and (argv[0] == "-h" or argv[0] == "--help"):
self.do_help("contributors")
return
contributors = map(lambda m: Module.get(m).author, Module.all())
contribution = [
(c[0], len(list(c[1])))
for c in itertools.groupby(sorted(flatten(contributors)))
]
self.stdout.write("Core Contributors:\n")
for contributor in [
'MWR InfoSecurity (@mwrlabs)',
'Luander ([email protected])',
'Rodrigo Chiossi ([email protected])'
]:
self.stdout.write(" %s\n" % contributor)
self.stdout.write("\nModule Contributors:\n")
for contributor in sorted(contribution, key=lambda c: -c[1]):
self.stdout.write(" %s\n" % contributor[0])
def do_help(self, args):
"""
usage: help [COMMAND OR MODULE]
Displays help information.
"""
argv = shlex.split(args, comments=True)
if len(argv) == 1 and (argv[0] == "-h" or argv[0] == "--help"):
self.do_help("help")
return
if len(argv) > 0:
if self.__module_name(argv[0]) in Module.all(
) or self.__module_name("." + argv[0]) in Module.all():
self.do_run(" ".join([argv[0], "--help"]))
else:
try:
func = getattr(self, 'help_' + argv[0])
except AttributeError:
try:
doc = getattr(self, 'do_' + argv[0]).__doc__
if doc:
self.stdout.write(
"%s\n" %
wrap(textwrap.dedent(str(doc)).strip(),
width=console.get_size()[0]))
return
except AttributeError:
pass
self.stdout.write("%s\n" % str(self.nohelp) % (argv[0], ))
return
func()
else:
cmd.Cmd.do_help(self, args)
def __modules(self):
"""
Gets a full list of all module identifiers.
"""
if self.__base == "":
return Module.all()
else:
return filter(lambda m: m.startswith(self.__base), Module.all())
def __vulnerabilities(self):
"""
Find all vulnerability definition modules under 'vulnerabilities'.
"""
return filter(
lambda m: m.startswith(self.vulnerabilities) and hasattr(
Module.get(m), '_vulnerability_definition') and Module.get(m).
_vulnerability_definition, Module.all())
def __modules(self):
"""
Gets a full list of all module identifiers.
"""
if self.__base == "":
return Module.all()
else:
return filter(lambda m: m.startswith(self.__base), Module.all())
def do_reload(self, args):
"""
usage: reload
Load a fresh copy of all modules from disk.
"""
Module.reload()
self.stdout.write("Done.\n\n")
def do_reload(self, args):
"""
usage: reload
Load a fresh copy of all modules from disk.
"""
Module.reload()
self.stdout.write("Done.\n\n")
def do_reload(self, args):
"""
usage: reload
Load a fresh copy of all modules from disk.
"""
Module.reload()
print "Done.\n"
def do_module(self, args):
"""
module [COMMAND] (inside Mercury)
Run the Mercury Module and Repository Manager.
The Repository Manager handles Mercury modules and module repositories.
"""
ModuleManager().run(shlex.split(args, comments=True))
Module.reload()
def do_module(self, args):
"""
module [COMMAND] (inside Mercury)
Run the Mercury Module and Repository Manager.
The Repository Manager handles Mercury modules and module repositories.
"""
ModuleManager().run(shlex.split(args, comments=True))
Module.reload()
def __modules(self, permissions=None):
"""
Gets a full list of all module identifiers.
"""
if permissions == "any":
required_perms = None
else:
required_perms = self.permissions()
if self.__base == "":
return Module.all(required_perms)
else:
return filter(lambda m: m.startswith(self.__base), Module.all(required_perms))
def __vulnerabilities(self):
"""
Find all vulnerability definition modules under 'vulnerabilities'.
"""
return filter(lambda m: m.startswith(self.vulnerabilities) and hasattr(Module.get(m), '_vulnerability_definition') and Module.get(m)._vulnerability_definition, Module.all())
def do_list(self, args):
"""
usage: list [FILTER]
Displays a list of the available modules, optionally filtered by name.
Examples:
mercury> list
activity.forintent
activity.info
... snip ...
mercury> list debug
information.debuggable
mercury>
"""
argv = shlex.split(args, comments=True)
if len(argv) == 1 and (argv[0] == "-h" or argv[0] == "--help"):
self.do_help("list")
return
term = len(argv) > 0 and argv[0] or None
print console.format_dict(dict(map(lambda m: [m, Module.get(m).name], filter(lambda m: term == None or m.find(term.lower()) >= 0, self.__modules()))))
def do_help(self, args):
"""
usage: help [COMMAND OR MODULE]
Displays help information.
"""
argv = shlex.split(args, comments=True)
if len(argv) == 1 and (argv[0] == "-h" or argv[0] == "--help"):
self.do_help("help")
return
if len(argv) > 0:
if self.__module_name(argv[0]) in Module.all() or self.__module_name("." + argv[0]) in Module.all():
self.do_run(" ".join([argv[0], "--help"]))
else:
try:
func = getattr(self, 'help_' + argv[0])
except AttributeError:
try:
doc = getattr(self, 'do_' + argv[0]).__doc__
if doc:
self.stdout.write("%s\n" % wrap(textwrap.dedent(str(doc)).strip(), width=console.get_size()[0]))
return
except AttributeError:
pass
self.stdout.write("%s\n" % str(self.nohelp) % (argv[0],))
return
func()
else:
cmd.Cmd.do_help(self, args)
def do_list(self, args):
"""
usage: list [FILTER]
Displays a list of the available modules, optionally filtered by name.
Examples:
mercury> list
activity.forintent
activity.info
... snip ...
mercury> list debug
information.debuggable
mercury>
"""
argv = shlex.split(args, comments=True)
if len(argv) == 1 and (argv[0] == "-h" or argv[0] == "--help"):
self.do_help("list")
return
term = len(argv) > 0 and argv[0] or None
self.stdout.write(
console.format_dict(
dict(
map(
lambda m: [m, Module.get(m).name],
filter(
lambda m: term == None or m.find(term.lower()) >=
0, self.__modules())))) + "\n")
def __namespaces(self, global_scope=False):
"""
Gets a full list of all namespace identifiers, either globally or in
the current namespace scope.
"""
if global_scope:
return set(map(lambda m: self.__module("." + m).namespace(), Module.all()))
else:
return set(map(lambda m: self.__module("." + m).namespace(), self.__modules()))
def do_list(self, args):
"""
usage: list [FILTER]
Displays a list of the available modules, optionally filtered by name.
Examples:
mercury> list
activity.forintent
activity.info
... snip ...
mercury> list debug
information.debuggable
mercury>
optional arguments:
--unsupported include a list of the modules that are not available on your device
"""
argv = shlex.split(args, comments=True)
if len(argv) == 1 and (argv[0] == "-h" or argv[0] == "--help"):
self.do_help("list")
return
if "--unsupported" in argv:
argv.remove("--unsupported")
term = len(argv) > 0 and argv[0] or None
s_modules = filter(lambda m: term == None or m.find(term.lower()) >= 0, self.__modules())
u_modules = filter(lambda m: (term == None or m.find(term.lower()) >= 0) and not m in s_modules, self.__modules("any"))
else:
term = len(argv) > 0 and argv[0] or None
s_modules = filter(lambda m: term == None or m.find(term.lower()) >= 0, self.__modules())
u_modules = []
self.stdout.write(console.format_dict(dict(map(lambda m: [m, Module.get(m).name], s_modules))) + "\n")
if len(u_modules) > 0:
self.stdout.write("\nUnsupported Modules:\n\n")
self.stdout.write(console.format_dict(dict(map(lambda m: [m, Module.get(m).name], u_modules))) + "\n")
def do_contributors(self, args):
"""
Display a list of Mercury contributors.
"""
argv = shlex.split(args, comments=True)
if len(argv) == 1 and (argv[0] == "-h" or argv[0] == "--help"):
self.do_help("contributors")
return
contributors = map(lambda m: Module.get(m).author, Module.all())
contribution = [(c[0], len(list(c[1]))) for c in itertools.groupby(sorted(flatten(contributors)))]
self.stdout.write("Core Contributors:\n")
for contributor in ['MWR InfoSecurity (@mwrlabs)', 'Luander ([email protected])', 'Rodrigo Chiossi ([email protected])']:
self.stdout.write(" %s\n"%contributor)
self.stdout.write("\nModule Contributors:\n")
for contributor in sorted(contribution, key=lambda c: -c[1]):
self.stdout.write(" %s\n"%contributor[0])
def __module(self, key):
"""
Gets a module instance, by identifier, and initialises it with the
required session parameters.
"""
module = None
try:
module = Module.get(self.__module_name(key))
except KeyError:
pass
if module == None:
try:
module = Module.get(key)
except KeyError:
pass
if module == None:
raise KeyError(key)
else:
return module(self.__reflector, self.stdout, self.stderr)
def __namespaces(self, global_scope=False):
"""
Gets a full list of all namespace identifiers, either globally or in
the current namespace scope.
"""
if global_scope:
return set(
map(lambda m: self.__module("." + m).namespace(),
Module.all()))
else:
return set(
map(lambda m: self.__module("." + m).namespace(),
self.__modules()))
def __module(self, key):
"""
Gets a module instance, by identifier, and initialises it with the
required session parameters.
"""
module = None
try:
module = Module.get(self.__module_name(key))
except KeyError:
pass
if module == None:
try:
module = Module.get(key)
except KeyError:
pass
if module == None:
raise KeyError(key)
else:
return module(self.__reflector, self.stdout, self.stderr)
def execute(self, arguments):
"""
Implementation of the Module execute() method. Each included vulnerability
test is executed in turn, and printed out as 'Vulnerable', 'Not Vulnerable',
or 'Exception'.
"""
for vulnerability in self.__vulnerabilities():
try:
check = Module.get(vulnerability)(self._Module__reflector, self.stdout, self.stderr)
result = check.isVulnerable(arguments)
self.stdout.write("%s - %s\n" % (check.label, result and "[color red]Vulnerable[/color]" or "[color green]Not Vulnerable[/color]"))
except:
self.stdout.write("%s - %s\n" % (check.label, "[color blue]Exception[/color]"))
def __setBase(self, base):
"""
Changes the user's namespace.
Changing to:
'str' - selects the 'str' namespace, within the currently active
namespace
'.str' - selects the 'str' namespace, in the root namespace
'..' - goes back on namespace
'' - goes back to the root namespace
"""
if base == "":
self.__base = base
else:
if base == "..":
path = self.__base.split(".")
try:
path.pop(-2)
except IndexError:
pass
target = ".".join(path)
elif base.startswith("."):
target = base[1:] + "."
else:
target = self.__base + base + "."
if True in map(lambda m: m.startswith(target), Module.all()):
self.__base = target
else:
self.stderr.write("no such namespace: %s\n" % base)
if base == "":
self.prompt = "mercury> "
else:
self.prompt = "mercury#{}> ".format(
self.__base[0:len(self.__base) - 1])
return True
def __setBase(self, base):
"""
Changes the user's namespace.
Changing to:
'str' - selects the 'str' namespace, within the currently active
namespace
'.str' - selects the 'str' namespace, in the root namespace
'..' - goes back on namespace
'' - goes back to the root namespace
"""
if base == "":
self.__base = base
else:
if base == "..":
path = self.__base.split(".")
try:
path.pop(-2)
except IndexError:
pass
target = ".".join(path)
elif base.startswith("."):
target = base[1:] + "."
else:
target = self.__base + base + "."
if True in map(lambda m: m.startswith(target), Module.all()):
self.__base = target
else:
self.stderr.write("no such namespace: %s\n"%base)
if base == "":
self.prompt = "mercury> "
else:
self.prompt = "mercury#{}> ".format(self.__base[0:len(self.__base)-1])
return True
def execute(self, arguments):
"""
Implementation of the Module execute() method. Each included vulnerability
test is executed in turn, and printed out as 'Vulnerable', 'Not Vulnerable',
or 'Exception'.
"""
for vulnerability in self.__vulnerabilities():
try:
check = Module.get(vulnerability)(self._Module__reflector,
self.stdout, self.stderr)
label = hasattr(check, 'label') and check.label or check.fqmn()
result = check.isVulnerable(arguments)
self.stdout.write(
"%s - %s\n" %
(label, result and "[color red]Vulnerable[/color]"
or "[color green]Not Vulnerable[/color]"))
except:
self.stdout.write("%s - %s\n" %
(label, "[color blue]Exception[/color]"))
def do_list(self, args):
"""
usage: list [FILTER]
Displays a list of the available modules, optionally filtered by name.
Examples:
mercury> list
activity.forintent
activity.info
... snip ...
mercury> list debug
information.debuggable
mercury>
"""
argv = shlex.split(args, comments=True)
if len(argv) == 1 and (argv[0] == "-h" or argv[0] == "--help"):
self.do_help("list")
return
term = len(argv) > 0 and argv[0] or None
# recalculate the sizing, depending on the size of the user's terminal window
width = { 'gutter': 2, 'total': console.getSize()[0] }
width['label'] = width['total'] / 3
width['desc'] = width['total'] - (width['gutter'] + width['label'])
for module in filter(lambda m: term == None or m.find(term.lower()) >= 0, self.__modules()):
name = wrap(Module.get(module).name, width['desc']).split("\n")
if len(module[len(self.__base):]) > width['label']:
self.stdout.write(("{:<%d}\n" % width['label']).format(module[len(self.__base):]))
self.stdout.write(("{:<%d} {:<%d}\n" % (width['label'], width['desc'])).format("", name.pop(0)))
else:
self.stdout.write(("{:<%d} {:<%d}\n" % (width['label'], width['desc'])).format(module[len(self.__base):], name.pop(0)))
for line in name:
self.stdout.write(("{:<%d} {:<%d}\n" % (width['label'], width['desc'])).format("", line))
def __init__(self, *args, **kwargs):
Module.__init__(self, *args, **kwargs)
self.add_arguments_with = None
self.execute_with = None
def testItShouldGetAModuleFromTheModuleLoader(self):
Module._Module__loader = ModuleTestCase.MockModuleLoader()
assert Module.get("an.example.module") == None
def testItShouldReturnNoneIfTheModuleLoaderHasNoModule(self):
Module._Module__loader = ModuleTestCase.MockModuleLoader("aModule")
assert Module.get("an.example.module") == "aModule"
def __init__(self, *args, **kwargs):
Module.__init__(self, *args, **kwargs)
self.add_arguments_with = None
self.execute_with = None
def testItShouldListAllFromTheModuleLoader(self):
Module._Module__loader = ModuleTestCase.MockModuleLoader()
assert Module.all() == [
"an.example.module", "an.other.module", "module.in.other.namespace"
]
def testItShouldGetAModuleFromTheModuleLoader(self):
Module._Module__loader = ModuleTestCase.MockModuleLoader()
assert Module.get("an.example.module") == None
def testItShouldReturnNoneIfTheModuleLoaderHasNoModule(self):
Module._Module__loader = ModuleTestCase.MockModuleLoader("aModule")
assert Module.get("an.example.module") == "aModule"
def testItShouldListAllFromTheModuleLoader(self):
Module._Module__loader = ModuleTestCase.MockModuleLoader()
assert Module.all() == ["an.example.module", "an.other.module", "module.in.other.namespace"]
