def main(): opts = AutoSploitParser().optparser() logo() info("welcome to autosploit, give us a little bit while we configure") info("checking for services") service_names = ("postgresql", "apache") for service in list(service_names): if not check_services(service): choice = prompt("it appears that service {} is not enabled, would you like us to enable it for you[y/N]".format(service)) if choice.lower().startswith("y"): if "postgre" in service: cmdline("sudo bash {}".format(START_POSTGRESQL_PATH)) else: cmdline("sudo bash {}".format(START_APACHE_PATH)) info("service started successfully") else: error("service {} is required to be started for autosploit to run, exiting".format(service.title())) sys.exit(1) if len(sys.argv) > 1: info("attempting to load API keys") loaded_tokens = load_api_keys() AutoSploitParser().parse_provided(opts) info("checking if there are multiple exploit files") loaded_exploits = load_exploits(EXPLOIT_FILES_PATH) AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits) else: warning("no arguments have been parsed, defaulting to terminal session. press 99 to quit and help to get help") info("checking if there are multiple exploit files") loaded_exploits = load_exploits(EXPLOIT_FILES_PATH) info("attempting to load API keys") loaded_tokens = load_api_keys() terminal = AutoSploitTerminal(loaded_tokens) terminal.terminal_main_display(loaded_exploits)
from autosploit.main import main from lib.output import error if __name__ == "__main__": try: main() except KeyboardInterrupt: error("user aborted session")
def main(): try: opt = BucketDumpParser().optparse() print(BANNER) if opt.fileSearch is not None: discovered_files = search_files(opt.fileSearch, LOOT_DIRECTORY.format(HOME, "")) if len(discovered_files) != 0: info("a total of {} files matched your search".format( len(discovered_files))) for i, f in enumerate(discovered_files, start=1): print("#{}. {}".format(i, f)) exit(0) if opt.verifyProxy: try: real_address = check_ip_address() address_behind_proxy = check_ip_address(proxy=opt.useProxy) if real_address["origin"] == address_behind_proxy["origin"]: warn( "it appears your proxy is pointing to your local host") else: info("it appears that your proxy is running correctly") except ValueError: error( "something went wrong during JSON conversion, unable to verify proxy" ) if opt.getThisBucket is not None: info("connecting to specified S3 bucket '{}'".format( opt.getThisBucket)) spider_bucket(opt.getThisBucket, DEFAULT_BUCKET_QUERY, proxy=opt.useProxy, headers=opt.extraHeaders, limit=opt.bucketsToPull) exit(1) if opt.fileWithBuckets is not None: info("reading from bucket file") with open(opt.fileWithBuckets) as buckets: for bucket in buckets: try: bucket = bucket.strip() info("connecting to S3 bucket: '{}'".format(bucket)) spider_bucket(bucket, DEFAULT_BUCKET_QUERY, proxy=opt.useProxy, headers=opt.extraHeaders, limit=opt.bucketsToPull) except: warn("problem with bucket, continuing") continue exit(1) if opt.searchQuery is None and opt.searchQueries is None: import os fatal( "must provide a search query with `-q/--query` or the `-l/--list` flag" ) os.system("python tadpole.py --help") exit(1) search_queries = [] if opt.searchQuery is not None: search_queries.append(opt.searchQuery) elif opt.searchQueries is not None: info("using all queries from provided file: {}".format( opt.searchQueries)) with open(opt.searchQueries) as data: for item in data.readlines(): search_queries.append(item.strip()) else: error("no search queries provided") exit(1) for query in search_queries: info("searching for open s3 buckets with provided query: '{}'". format(query)) post_data = "keywords={}".format(query) if opt.randomAgent is not None: agent = get_random_agent(debug=opt.runVerbose).strip() else: agent = DEFAULT_USER_AGENT gathered_links = gather_bucket_links( GRAY_HAT_WARFARE_URL, query, post_data=post_data, user_agent=agent, debug=opt.runVerbose, proxy=opt.useProxy, extra_headers=opt.extraHeaders, crawl_bucket=opt.spiderFoundBucket, download_limit=opt.bucketsToPull) info("gathered a total of {} files from {} different bucket(s)". format(len(gathered_links[0]), len(gathered_links[1]))) if len(gathered_links[0]) != 0: info("downloading all discovered file(s)") for f in gathered_links[0]: download_files(f, "{}/{}".format( LOOT_DIRECTORY.format(HOME, query), f.split("/")[2]), debug=opt.runVerbose, proxy=opt.useProxy) success( "files have been successfully downloaded into: {}".format( LOOT_DIRECTORY.format(HOME, query))) else: error("no open buckets discovered with provided query") except KeyboardInterrupt: error("user quit")
#!/usr/bin/python3 #IMPORTS from s2d.main import main from lib.output import error #MAIN if __name__ == "__main__": try: main() except KeyboardInterrupt: error("[-] User aborter session")
def optparse(): parser = argparse.ArgumentParser( usage=("./letmein_main -[S|W|R|u|s] [REGEX|INFO STRING]\n" "\t\t{spacer}[-pP|iI] [PASSWORD|INFO]\n" "\t\t{spacer}[--clean|no-prompt|answer] [ANSWER]").format( spacer=" " * 5)) mandatory = parser.add_argument_group( "mandatory", "arguments that must be passed to run the program") mandatory.add_argument("-S", "--show-all", action="store_true", dest="showAllStoredPasswords", help="display all stored passwords") mandatory.add_argument( "-s", "--show", metavar="INFORMATION-STRING", dest="showOnlyThisPassword", help="provided the information string stored alongside the password " "to show the stored password") mandatory.add_argument( "-R", "--regex", metavar="REGEX", dest="regexToSearch", help= "provided a string that will be searched as a regular expression and pull " "all the passwords that match the given expression") mandatory.add_argument("-W", "--store", action="store_true", dest="storeProvidedPassword", help="store a password in the database") mandatory.add_argument( "-u", "--update", metavar="INFO", dest="updateExistingPassword", help= "update an existing password by looking for the associated information string" ) mandatory.add_argument( "-b", "--batch", action="store_true", dest="batchStore", help="store multiple passwords instead of one at a time") information = parser.add_argument_group( "information", "arguments you can pass to provide information") information.add_argument( "-p", "-P", "--password", metavar="PASSWORD", dest="passwordToProcess", help="provide a plaintext password to store (*default=prompt)") information.add_argument( "-i", "-I", "--info", metavar="INFORMATION", dest="passwordInformation", help="provide information about the password to store alongside " "(*default=prompt)") misc = parser.add_argument_group( "misc", "arguments that don't fit into any other category") misc.add_argument("--clean", action="store_true", dest="cleanHomeFolder", help="erase everything in the home folder") misc.add_argument( "--no-prompt", action="store_false", dest="doNotPrompt", help="don't prompt to display the passwords in plaintext") misc.add_argument( "--answer", metavar="ANSWER", default="n", dest="promptAnswer", help="pass the prompt answer in conjunction with `--no-prompt`") misc.add_argument("--reset-master", action="store_true", dest="resetAllMasters", help="reset your master key and password") misc.add_argument("--version", action="store_true", dest="showVersionNumber", help="show the version number and exit") opts = parser.parse_args() if len(sys.argv) == 1: error("no arguments passed, dropping to help page") time.sleep(1.5) parser.print_help() exit(1) return opts
def main(): opts = AutoSploitParser().optparser() logo() info("welcome to autosploit, give us a little bit while we configure") # verify if we are running python 2.X misc_info("checking python version") if not sys.version_info[ 0] == 2: # if we are not running a python version 2.X error( "Your Python installation seems to be incompatible with AutoSploit. You should try using Python 2.x" ) exit() misc_info("checking for disabled services") # according to ps aux, postgre and apache2 are the names of the services service_names = ("postgres", "apache2") for service in list(service_names): while not check_services(service): choice = prompt( "it appears that service {} is not enabled, would you like us to enable it for you[y/N]" .format(service.title())) if choice.lower().startswith("y"): try: if "postgre" in service: cmdline("sudo bash {}".format(START_POSTGRESQL_PATH)) else: cmdline("sudo bash {}".format(START_APACHE_PATH)) # moving this back because it was funky to see it each run info("services started successfully") # this tends to show up when trying to start the services # I'm not entirely sure why, but this fixes it except psutil.NoSuchProcess: pass else: error( "service {} is required to be started for autosploit to run successfully (you can do it manually " "by using the command `sudo service {} start`), exiting". format(service.title(), service)) sys.exit(1) if len(sys.argv) > 1: info("attempting to load API keys") loaded_tokens = load_api_keys() AutoSploitParser().parse_provided(opts) misc_info("checking if there are multiple exploit files") loaded_exploits = load_exploits(EXPLOIT_FILES_PATH) AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits) else: warning( "no arguments have been parsed, defaulting to terminal session. press 99 to quit and help to get help" ) misc_info("checking if there are multiple exploit files") loaded_exploits = load_exploits(EXPLOIT_FILES_PATH) info("attempting to load API keys") loaded_tokens = load_api_keys() terminal = AutoSploitTerminal(loaded_tokens) terminal.terminal_main_display(loaded_exploits)
def main(): try: opt = LetMeInParser().optparse() if opt.showVersionNumber: from lib.settings import VERSION_STRING, VERSION print(VERSION.format(VERSION_STRING)) exit(0) print(BANNER) info("initializing") _, stored_password = store_key(MAIN_DIR) if not compare(stored_password): secure_delete(MAIN_DIR) warning("ALL DATA HAS BEEN REMOVED") else: stored_key, _ = store_key(MAIN_DIR, grab_key=True) info("password accepted!") conn, cursor = SQL(db_file=DATABASE_FILE).create_connection() if opt.showAllStoredPasswords: password_data = SQL(cursor=cursor).select_all_data() if password_data is not None: info("gathered {} password(s) total".format(len(password_data))) info("decrypting stored information") display_formatted_list_output( password_data, stored_key, prompting=opt.doNotPrompt, answer=opt.promptAnswer ) else: fatal("received no password data from the database, is there anything in there?") if opt.showOnlyThisPassword is not None: results = SQL(information=opt.showOnlyThisPassword, cursor=cursor).show_single_password() if len(results) == 0: warning("no information could be found with the provided string, you should check all first") else: info("found what you are looking for") try: display_formatted_list_output( results, stored_key, prompting=opt.doNotPrompt, answer=opt.promptAnswer ) except TypeError: print("INFO: {}\tSTORED PASSWORD: {}\n\n{}".format( results[0], AESCipher(stored_key).decrypt(results[1]), "-" * 30 )) if opt.storeProvidedPassword: if opt.passwordInformation is not None: password_information = opt.passwordInformation else: password_information = prompt("enter the information string associated with this password: "******"enter the password to store: ", hide=True) encrypted_password = AESCipher(stored_key).encrypt(password) status = SQL( connection=conn, cursor=cursor, information=password_information, enc_password=encrypted_password, regex=password_information ).create_new_row() if status == "ok": info("password stored successfully") elif status == "exists": warning( "provided information already exists in the database. " "if you are trying to update the information use the `-u/--update` switch" ) else: fatal("unable to add row to database, received an error: {}".format(status)) if opt.regexToSearch is not None: data = SQL(regex=opt.regexToSearch, connection=conn, cursor=cursor).display_by_regex() if len(data) == 0: error("no items matched your search") else: info("a total of {} item(s) matched your search".format(len(data))) display_formatted_list_output( data, stored_key, prompting=opt.doNotPrompt, answer=opt.promptAnswer ) if opt.updateExistingPassword is not None: apparent_possible_passwords = SQL( regex=opt.updateExistingPassword, connection=conn, cursor=cursor ).display_by_regex() if len(apparent_possible_passwords) == 0: fatal("no apparent existing passwords found with given string") else: info("{} possible passwords found to edit".format(len(apparent_possible_passwords))) for i, item in enumerate(apparent_possible_passwords): print("[{}] {}".format(i, item[0])) choice = prompt("choose an item to edit[0-{}]: ".format(len(apparent_possible_passwords) - 1)) if int(choice) in range(len(apparent_possible_passwords)): information = prompt("enter the new information for the update: ") password = prompt("enter the new password to update: ", hide=True) result = SQL( connection=conn, cursor=cursor, to_update=(information, AESCipher(stored_key).encrypt(password)), information=apparent_possible_passwords[int(choice)] ).update_existing_column() if result == "ok": info("password updated successfully") else: fatal("issue updating password: {}".format(result)) if opt.batchStore: stored_items = [] to_store = create_data_tuples(stored_key) for item in to_store: res = SQL( connection=conn, cursor=cursor, information=item[0], enc_password=item[1] ).create_new_row(regex=item[0]) stored_items.append(res) amount_stored = len([r for r in stored_items if r == "ok"]) amount_not_stored = len([r for r in stored_items if r == "exists"]) info("{} password(s) stored in database ({} already existed in database)".format( amount_stored, amount_not_stored )) if opt.cleanHomeFolder: secure_delete(MAIN_DIR) info("all data has been deleted") clear_cache(LETMEIN_CACHE) exit(0) except KeyboardInterrupt: error("user quit")