def get(self):
provider = Provider()
wordlists = provider.wordlists()
files = wordlists.get_wordlists()
api_files = []
for name, file in files.items():
api_files.append(self.compile_file_object(file))
return self.send_valid_response(api_files)
def setup_hybrid(session_id):
provider = Provider()
sessions = provider.sessions()
wordlists = provider.wordlists()
if not sessions.can_access(current_user, session_id):
flash('Access Denied', 'error')
return redirect(url_for('home.index'))
user_id = 0 if current_user.admin else current_user.id
session = sessions.get(user_id=user_id, session_id=session_id)[0]
return render_template('sessions/setup/hybrid.html',
session=session,
wordlists=wordlists.get_wordlists())
def __setup_wordlist(session_id, request):
provider = Provider()
sessions = provider.sessions()
wordlists = provider.wordlists()
wordlist_type = int(request.form['wordlist_type'].strip())
if wordlist_type == 0:
# Global wordlist.
wordlist = request.form['wordlist'].strip()
if not wordlists.is_valid_wordlist(wordlist):
flash('Invalid wordlist selected', 'error')
return redirect(url_for('sessions.setup_wordlist', session_id=session_id))
wordlist_location = wordlists.get_wordlist_path(wordlist)
sessions.set_hashcat_setting(session_id, 'wordlist', wordlist_location)
elif wordlist_type == 1:
# Custom wordlist.
save_as = sessions.session_filesystem.get_custom_file_path(current_user.id, session_id,
prefix='custom_wordlist')
file = request.files['custom_wordlist']
if file.filename == '':
# If file already exists, use that one instead.
if not sessions.session_filesystem.custom_file_exists(save_as):
flash('Uploaded wordlist file could not be found', 'error')
return redirect(url_for('sessions.setup_wordlist', session_id=session_id))
else:
# Otherwise upload new file.
file.save(save_as)
sessions.set_hashcat_setting(session_id, 'wordlist', save_as)
elif wordlist_type == 2:
# Create wordlist from cracked passwords.
save_as = sessions.session_filesystem.get_custom_file_path(current_user.id, session_id, prefix='pwd_wordlist')
sessions.export_cracked_passwords(session_id, save_as)
sessions.set_hashcat_setting(session_id, 'wordlist', save_as)
else:
flash('Invalid wordlist option', 'error')
return redirect(url_for('sessions.setup_wordlist', session_id=session_id))
sessions.set_hashcat_setting(session_id, 'wordlist_type', wordlist_type)
return True
def set_global(self, user_id, session_id):
required_fields = ['name']
data = self.get_json(required_fields)
if data is False:
return self.send_error_response(5000, 'Missing fields',
'Required fields are: ' + ', '.join(required_fields))
provider = Provider()
sessions = provider.sessions()
wordlists = provider.wordlists()
session = sessions.get(user_id=user_id, session_id=session_id)
if not session:
return self.send_access_denied_response()
elif not wordlists.is_valid_wordlist(data['name']):
return self.send_error_response(5009, 'Invalid wordlist', '')
wordlist_location = wordlists.get_wordlist_path(data['name'])
sessions.set_hashcat_setting(session_id, 'wordlist', wordlist_location)
return self.send_success_response()
def setup_wordlist(session_id):
provider = Provider()
sessions = provider.sessions()
wordlists = provider.wordlists()
rules = provider.rules()
if not sessions.can_access(current_user, session_id):
flash('Access Denied', 'error')
return redirect(url_for('home.index'))
user_id = 0 if current_user.admin else current_user.id
session = sessions.get(user_id=user_id, session_id=session_id)[0]
has_custom_wordlist = sessions.session_filesystem.custom_file_exists(sessions.session_filesystem.get_custom_file_path(current_user.id, session_id, prefix='custom_wordlist'))
has_custom_rule = sessions.session_filesystem.custom_file_exists(sessions.session_filesystem.get_custom_file_path(current_user.id, session_id, prefix='custom_rule', extension='.rule'))
return render_template(
'sessions/setup/wordlist.html',
session=session,
wordlists=wordlists.get_wordlists(),
rules=rules.get_rules(),
has_custom_wordlist=has_custom_wordlist,
has_custom_rule=has_custom_rule
)
def setup_wordlist(session_id):
provider = Provider()
sessions = provider.sessions()
wordlists = provider.wordlists()
rules = provider.rules()
if not sessions.can_access(current_user, session_id):
flash('Access Denied', 'error')
return redirect(url_for('home.index'))
user_id = 0 if current_user.admin else current_user.id
session = sessions.get(user_id=user_id, session_id=session_id)[0]
password_wordlists = wordlists.get_wordlists()
hashcat_rules = rules.get_rules()
return render_template('sessions/setup/wordlist.html',
session=session,
wordlists_json=json.dumps(password_wordlists,
indent=4,
sort_keys=True,
default=str),
rules=hashcat_rules)
def setup_wordlist_save(session_id):
provider = Provider()
sessions = provider.sessions()
wordlists = provider.wordlists()
rules = provider.rules()
if not sessions.can_access(current_user, session_id):
flash('Access Denied', 'error')
return redirect(url_for('home.index'))
wordlist_type = int(request.form['wordlist_type'].strip())
if wordlist_type == 0:
# Global wordlist.
wordlist = request.form['wordlist'].strip()
if not wordlists.is_valid_wordlist(wordlist):
flash('Invalid wordlist selected', 'error')
return redirect(
url_for('sessions.setup_wordlist', session_id=session_id))
wordlist_location = wordlists.get_wordlist_path(wordlist)
sessions.set_hashcat_setting(session_id, 'wordlist', wordlist_location)
elif wordlist_type == 1:
# Custom wordlist.
save_as = sessions.session_filesystem.get_custom_wordlist_path(
current_user.id,
session_id,
prefix='custom_wordlist_',
random=True)
if len(request.files) != 1:
flash('Uploaded file could not be found', 'error')
return redirect(
url_for('sessions.setup_wordlist', session_id=session_id))
file = request.files['custom_wordlist']
if file.filename == '':
flash('No hashes uploaded', 'error')
return redirect(
url_for('sessions.setup_wordlist', session_id=session_id))
file.save(save_as)
sessions.set_hashcat_setting(session_id, 'wordlist', save_as)
elif wordlist_type == 2:
# Create wordlist from cracked passwords.
save_as = sessions.session_filesystem.get_custom_wordlist_path(
current_user.id, session_id, prefix='pwd_wordlist')
sessions.export_cracked_passwords(session_id, save_as)
sessions.set_hashcat_setting(session_id, 'wordlist', save_as)
else:
flash('Invalid wordlist option', 'error')
return redirect(
url_for('sessions.setup_wordlist', session_id=session_id))
sessions.set_hashcat_setting(session_id, 'wordlist_type', wordlist_type)
rule = request.form['rule'].strip()
if len(rule) > 0 and not rules.is_valid_rule(rule):
flash('Invalid rule selected', 'error')
return redirect(
url_for('sessions.setup_wordlist', session_id=session_id))
rule_location = rules.get_rule_path(rule)
sessions.set_hashcat_setting(session_id, 'rule', rule_location)
return redirect(url_for('sessions.settings', session_id=session_id))
def setup_hybrid_save(session_id):
provider = Provider()
sessions = provider.sessions()
wordlists = provider.wordlists()
has_errors = False
if not sessions.can_access(current_user, session_id):
flash('Access Denied', 'error')
return redirect(url_for('home.index'))
#WORDLIST
wordlist_type = int(request.form['wordlist_type'].strip())
if wordlist_type == 0:
# Global wordlist.
wordlist = request.form['wordlist'].strip()
if not wordlists.is_valid_wordlist(wordlist):
flash('Invalid wordlist selected', 'error')
has_errors = True
wordlist_location = wordlists.get_wordlist_path(wordlist)
sessions.set_hashcat_setting(session_id, 'wordlist', wordlist_location)
elif wordlist_type == 1:
# Custom wordlist.
save_as = sessions.session_filesystem.get_custom_wordlist_path(
current_user.id,
session_id,
prefix='custom_wordlist_',
random=True)
if len(request.files) != 1:
flash('Uploaded file could not be found', 'error')
has_errors = True
file = request.files['custom_wordlist']
if file.filename == '':
flash('No hashes uploaded', 'error')
has_errors = True
file.save(save_as)
sessions.set_hashcat_setting(session_id, 'wordlist', save_as)
elif wordlist_type == 2:
# Create wordlist from cracked passwords.
save_as = sessions.session_filesystem.get_custom_wordlist_path(
current_user.id, session_id, prefix='pwd_wordlist')
sessions.export_cracked_passwords(session_id, save_as)
sessions.set_hashcat_setting(session_id, 'wordlist', save_as)
else:
flash('Invalid wordlist option', 'error')
has_errors = True
#MASK
mask = request.form['compiled-mask'].strip()
enable_increments = int(request.form.get('enable_increments', 0))
if enable_increments == 1:
increment_min = int(request.form['increment-min'].strip())
increment_max = int(request.form['increment-max'].strip())
else:
increment_min = 0
increment_max = 0
if len(mask) == 0:
flash('No mask set', 'error')
has_errors = True
if enable_increments == 1:
if increment_min <= 0:
has_errors = True
flash('Min Increment is invalid', 'error')
if increment_max <= 0:
has_errors = True
flash('Max Increment is invalid', 'error')
if increment_min > increment_max:
has_errors = True
flash('Min Increment cannot be bigger than Max Increment', 'error')
else:
increment_min = 0
increment_max = 0
if has_errors:
return redirect(url_for('sessions.setup_hybrid',
session_id=session_id))
sessions.set_hashcat_setting(session_id, 'wordlist_type', wordlist_type)
sessions.set_hashcat_setting(session_id, 'mask', mask)
sessions.set_hashcat_setting(session_id, 'increment_min', increment_min)
sessions.set_hashcat_setting(session_id, 'increment_max', increment_max)
return redirect(url_for('sessions.settings', session_id=session_id))
