def main(): import argparse import platform import logging from asysocks import logger as asylogger parser = argparse.ArgumentParser(description='Interactive SMB client') parser.add_argument('-v', '--verbose', action='count', default=0) parser.add_argument('-s', '--silent', action='store_true', help='do not print banner') parser.add_argument('-n', '--no-interactive', action='store_true') parser.add_argument('smb_url', help = 'Connection string that describes the authentication and target. Example: smb+ntlm-password://TEST\\Administrator:[email protected]') parser.add_argument('commands', nargs='*') args = parser.parse_args() if args.silent is False: print(__banner__) if args.verbose >=1: logger.setLevel(logging.DEBUG) if args.verbose > 2: print('setting deepdebug') logger.setLevel(1) #enabling deep debug sockslogger.setLevel(1) asylogger.setLevel(1) asyncio.get_event_loop().set_debug(True) logging.basicConfig(level=logging.DEBUG) asyncio.run(amain(args))
def main(): import argparse parser = argparse.ArgumentParser(description='MS LDAP library') parser.add_argument('-v', '--verbose', action='count', default=0, help='Verbosity, can be stacked') parser.add_argument('-n', '--no-interactive', action='store_true') parser.add_argument('url', help='Connection string in URL format.') parser.add_argument( 'commands', nargs='*', help= "Takes a series of commands which will be executed until error encountered. If the command is 'i' is encountered during execution it drops back to interactive shell." ) args = parser.parse_args() ###### VERBOSITY if args.verbose == 0: logging.basicConfig(level=logging.INFO) else: sockslogger.setLevel(logging.DEBUG) logger.setLevel(logging.DEBUG) logging.basicConfig(level=logging.DEBUG) asyncio.run(amain(args))
def main(): import argparse import platform import logging from asysocks import logger as sockslogger parser = argparse.ArgumentParser(description='Zerologon tester') parser.add_argument('-v', '--verbose', action='count', default=0) parser.add_argument('-e', '--exploit', action='store_true', help='perform the expolit') parser.add_argument('dc_ip', help='IP address of the domain controller') parser.add_argument( 'dc_name', help='NETBIOS NAME of the domain controller (without $)') args = parser.parse_args() if args.verbose >= 1: logger.setLevel(logging.DEBUG) if args.verbose > 2: print('setting deepdebug') logger.setLevel(1) #enabling deep debug sockslogger.setLevel(1) asyncio.get_event_loop().set_debug(True) logging.basicConfig(level=logging.DEBUG) asyncio.run(run(args.dc_name, args.dc_ip, args.exploit))
def main(): import argparse parser = argparse.ArgumentParser(description='MS LDAP library') parser.add_argument('-v', '--verbose', action='count', default=0, help='Verbosity, can be stacked') parser.add_argument('-n', '--no-interactive', action='store_true') parser.add_argument('url', help='Connection string in URL format.') args = parser.parse_args() ###### VERBOSITY if args.verbose == 0: logging.basicConfig(level=logging.INFO) else: sockslogger.setLevel(logging.DEBUG) logger.setLevel(logging.DEBUG) logging.basicConfig(level=logging.DEBUG) ldap_url = MSLDAPURLDecoder(args.url) compdomlist = MSLDAPCompDomainList(ldap_url) asyncio.run(compdomlist.run())
def main(): import argparse parser = argparse.ArgumentParser(description='Transparent TCP tunnel for SOCKS unaware clients.') parser.add_argument('proxy_connection_string', help='connection string decribing the socks5 proxy server connection properties') parser.add_argument('dst_ip', help='IP address of the desination server') parser.add_argument('dst_port', type = int, help='port number of the desination service') parser.add_argument('-l', '--listen-ip', default = '127.0.0.1', help='Listener IP address to bind to') parser.add_argument('-p', '--listen-port', type = int, default = 11111, help='Listener port number to bind to') parser.add_argument('-t', '--timeout', type = int, default = None, help='Endpoint timeout') parser.add_argument('-v', '--verbose', action='count', default=0) args = parser.parse_args() if args.verbose >=1: logger.setLevel(logging.DEBUG) elif args.verbose > 2: logger.setLevel(1) comms = SocksLitenerComms(args.listen_ip, args.listen_port) url = SocksClientURL.from_url(args.proxy_connection_string) url.endpoint_ip = args.dst_ip url.endpoint_port = args.dst_port url.endpoint_timeout = args.timeout target = url.get_target() credentials = url.get_creds() if args.verbose >=1: print(str(target)) print(__banner__) layout = """Connection layout CLIENT --->| CLIENT --->|(LISTENER) %s:%s |--->| (%s) %s:%s |--->| (FINAL DST) %s:%s CLIENT --->| """ % (args.listen_ip, args.listen_port, target.version.name.upper() ,target.server_ip, target.server_port, args.dst_ip, args.dst_port) print(layout) client = SOCKSClient(comms, target, credentials) print('Waiting for incoming connections') asyncio.run(client.run())
def main(): import argparse import platform parser = argparse.ArgumentParser(description='Interactive SMB client') parser.add_argument('-v', '--verbose', action='count', default=0) parser.add_argument('-n', '--no-interactive', action='store_true') parser.add_argument('smb_url', help = 'Connection string that describes the authentication and target. Example: smb+ntlm-password://TEST\\Administrator:[email protected]') parser.add_argument('commands', nargs='*') args = parser.parse_args() print(__banner__) if args.verbose > 2: print('setting deepdebug') logger.setLevel(1) #enabling deep debug sockslogger.setLevel(1) print(args.commands) asyncio.run(amain(args))
print(res) target_user = '******' spn = KerberosSPN.from_user_email(target_user) url = 'kerberos+pw://TEST\\victim:[email protected]/?timeout=77' ku = KerberosClientURL.from_url(url) target = ku.get_target() cred = ku.get_creds() arr = Kerberoast(target, cred) res = await arr.run([spn]) print(res) target_user = '******' spn = KerberosSPN.from_user_email(target_user) url = 'kerberos+pw://TEST\\victim:[email protected]/?proxyhost=10.10.10.102&proxytype=socks5&proxyport=1080' ku = KerberosClientURL.from_url(url) target = ku.get_target() print(target) cred = ku.get_creds() arr = Kerberoast(target, cred) res = await arr.run([spn]) print(res) if __name__ == '__main__': from asysocks import logger as alogger from pycquery_krb.common.url import KerberosClientURL import asyncio alogger.setLevel(2) asyncio.run(main())
def main(): import argparse parser = argparse.ArgumentParser( description='SOCKS5 proxy auth bruteforcer') parser.add_argument( 'proxy_connection_string', help= 'connection string decribing the socks5 proxy server connection properties' ) parser.add_argument( '-u', '--users', action='append', help='User or users file with one user per line. can be stacked') parser.add_argument( '-p', '--passwords', action='append', help= 'Password or password file with one password per line. can be stacked') parser.add_argument('-t', '--timeout', type=int, default=None, help='Brute retries sleep time') parser.add_argument('-w', '--worker-count', type=int, default=1, help='Parallelism') parser.add_argument('-v', '--verbose', action='count', default=0, help='Verbosity') parser.add_argument('-s', '--silent', action='store_true', help='dont print banner') parser.add_argument('-o', '--out-file', help='output file') parser.add_argument('--positive', action='store_true', help='only show sucsessful results') args = parser.parse_args() if args.silent is False: print(__banner__) logger.setLevel(100) if args.verbose >= 1: logger.setLevel(logging.DEBUG) elif args.verbose > 2: logger.setLevel(1) url = SocksClientURL.from_url(args.proxy_connection_string) brute = SOCKSBrute(url) brute.timeout = args.timeout brute.worker_cnt = args.worker_count brute.output_file = args.out_file brute.only_positive = args.positive if args.users is None or args.passwords is None: print('Users "-u" and Passwords "-p" must be set! Exiting') return notfile = [] for target in args.users: try: f = open(target, 'r') f.close() brute.user_gens.append(FileStringGen(target)) except: notfile.append(target) if len(notfile) > 0: brute.user_gens.append(ListStringGen(notfile)) if len(brute.user_gens) == 0: print('[-] No suitable users were found!') return notfile = [] for target in args.passwords: try: f = open(target, 'r') f.close() brute.password_gens.append(FileStringGen(target)) except: notfile.append(target) if len(notfile) > 0: brute.password_gens.append(ListStringGen(notfile)) if len(brute.password_gens) == 0: print('[-] No suitable passwords were found!') return _, err = asyncio.run(brute.run()) if err is not None: print('Failed to perform bruting! Reason: %s' % err) return if args.silent is False: print('Done!')
import ipaddress import logging import asyncio from asysocks.common.target import SocksTarget from asysocks.common.comms import SocksQueueComms from asysocks.common.constants import * from asysocks.client import SOCKSClient from asysocks import logger logging.basicConfig(level=2) logger.setLevel(logging.DEBUG) async def read_q(in_queue): while True: data = await in_queue.get() print(data) async def main(): in_queue = asyncio.Queue() out_queue = asyncio.Queue() await out_queue.put(b'GET / HTTP/1.1\r\nHost: google.com\r\n\r\n') target = SocksTarget() #target.version = SocksServerVersion.SOCKS4 target.version = SocksServerVersion.SOCKS5 target.server_ip = '127.0.0.1' target.server_port = 9050 target.is_bind = False target.proto = SocksProtocol.TCP
def main(): import argparse parser = argparse.ArgumentParser( description='SOCKS/HTTP proxy port scanner') parser.add_argument( 'proxy_connection_string', help= 'connection string decribing the socks5 proxy server connection properties' ) parser.add_argument( '-p', '--ports', action='append', help= 'port to scan / port range to scan / port range file. can be stacked') parser.add_argument('-t', '--timeout', type=int, default=None, help='Scan retries sleep time') parser.add_argument('-r', '--retries', type=int, default=0, help='Retries for testing the port') parser.add_argument('-w', '--worker-count', type=int, default=1, help='Parallelism') parser.add_argument('-v', '--verbose', action='count', default=0) parser.add_argument('targets', nargs='+', help='IP address / IP range (CDIR) / targets file') args = parser.parse_args() logger.setLevel(100) if args.verbose >= 1: logger.setLevel(logging.DEBUG) elif args.verbose > 2: logger.setLevel(1) url = SocksClientURL.from_url(args.proxy_connection_string) scanner = SOCKSPortscan(url) scanner.max_retries = args.retries scanner.retries_timeout = args.timeout scanner.worker_cnt = args.worker_count notfile = [] for target in args.targets: try: f = open(target, 'r') f.close() scanner.target_gens.append(FileTargetIPGen(target)) except: notfile.append(target) if len(notfile) > 0: scanner.target_gens.append(ListTargetIPGen(notfile)) if len(scanner.target_gens) == 0: print('[-] No suitable targets were found!') return notfile = [] for target in args.ports: try: f = open(target, 'r') f.close() scanner.port_gens.append(FileTargetPortGen(target)) except: notfile.append(target) if len(notfile) > 0: scanner.port_gens.append(ListTargetPortGen(notfile)) if len(scanner.port_gens) == 0: print('[-] No suitable ports were found!') return asyncio.run(scanner.run())
def main(): import argparse parser = argparse.ArgumentParser( description='SOCKS5 proxy security tester') parser.add_argument('host', help='') parser.add_argument('port', help='') parser.add_argument('-t', '--timeout', type=int, default=None, help='Timeout') parser.add_argument('-v', '--verbose', action='count', default=0, help='Verbosity') parser.add_argument('--ssl', action='store_true', help='SSL') parser.add_argument('-s', '--silent', action='store_true', help='SSL') parser.add_argument('--verify-host', help='Destination host to test proxy on') parser.add_argument('--verify-port', type=int, help='Destination port to test proxy on') parser.add_argument('--verify-send', help='Data to send to destination to test the proxy') parser.add_argument( '--verify-recv', help='Data expected to be recieved from the destination via proxy') parser.add_argument('-u', '--username', help='Username for proxy auth') parser.add_argument('-p', '--password', help='Password for proxy auth') args = parser.parse_args() if args.silent is False: print(__banner__) logger.setLevel(100) if args.verbose >= 1: logger.setLevel(logging.DEBUG) elif args.verbose > 2: logger.setLevel(1) socsec = SocksSecurity() socsec.server_ip = args.host socsec.server_port = args.port socsec.server_sslctx = None if args.ssl is False else ssl.create_default_context( ) socsec.timeout = args.timeout socsec.verify_host = args.verify_host #endpoint ip/hostname to test the connection socsec.verify_port = args.verify_port #endpoint port socsec.verify_send = args.verify_send #data to be sent to the endpoint service upon succsessfull connection socsec.verify_recv = args.verify_recv #data expected from the endpoint service in response to verify_send supported, notsupported, errors = asyncio.run(socsec.socks5_authmethods()) for method, err in errors: print('[AUTHMETHOD][E] %s : %s' % (method.name, err)) for method in supported: print('[AUTHMETHOD][+] %s' % method.name) for method in notsupported: print('[AUTHMETHOD][-] %s' % method.name) res, err = asyncio.run(socsec.socks5_noauth()) if err is not None: print('[NOAUTH][E] Error while determining noauth. Reson: %s' % err) elif res is True: print('[NOAUTH][+] No authentication needed') elif res is False: print('[NOAUTH][-] Authentication needed') res, err = asyncio.run(socsec.socks5_bind(args.username, args.password)) if err is not None: print('[BIND][E] Error while determining BIND support. Reson: %s' % err) elif res is True: print('[BIND][+] Server supports BIND') elif res is False: print('[BIND][-] Server doesnt support BIND') res, err = asyncio.run(socsec.socks5_local(args.username, args.password)) if err is not None: print( '[LOCALPORT][E] Error while determining local connect support. Reson: %s' % err) elif res is True: print('[LOCALPORT][+] Server supports connecting to localhost') elif res is False: print('[LOCALPORT][-] Server doesnt support connecting to localhost') if args.verify_host is not None and args.verify_port is not None: if args.username is not None: res, err = asyncio.run( socsec.socks5_login(args.username, args.password)) else: res, err = asyncio.run(socsec.socks5_noauth()) if err is not None: print( '[CONNTEST][E] Error while performing connection test! Reason: %s' % err) elif res is True: print('[CONNTEST][+] Server sucsessfully connected to %s:%s' % (args.verify_host, args.verify_port)) elif res is False: print('[CONNTEST][-] Server failed to connect to %s:%s' % (args.verify_host, args.verify_port)) if args.silent is False: print('Done!')
async def run(args): try: if args.silent is True: print(__banner__) if args.verbose == 0: logging.basicConfig(level=logging.INFO) jdlogger.setLevel(logging.INFO) msldaplogger.setLevel(logging.CRITICAL) asysockslogger.setLevel(logging.CRITICAL) smblogger.setLevel(100) elif args.verbose == 1: logging.basicConfig(level=logging.DEBUG) jdlogger.setLevel(logging.DEBUG) msldaplogger.setLevel(logging.WARNING) smblogger.setLevel(logging.CRITICAL) asysockslogger.setLevel(logging.CRITICAL) elif args.verbose > 1: logging.basicConfig(level=1) msldaplogger.setLevel(logging.DEBUG) jdlogger.setLevel(1) smblogger.setLevel(1) asysockslogger.setLevel(1) if not args.sql and args.command != 'auto': print( 'SQL connection identification is missing! You need to provide the --sql parameter' ) sys.exit() work_dir = args.work_dir ldap_url = None smb_url = None if hasattr(args, 'ldap_url'): ldap_url = args.ldap_url if hasattr(args, 'smb_url'): smb_url = args.smb_url db_conn = args.sql db_session = None if db_conn is not None: db_session = get_session(db_conn) os.environ['JACKDAW_SQLITE'] = '0' if args.sql.lower().startswith('sqlite'): os.environ['JACKDAW_SQLITE'] = '1' else: os.environ['JACKDAW_SQLITE'] = '1' if args.command == 'enum': with multiprocessing.Pool() as mp_pool: gatherer = Gatherer(db_session, work_dir, ldap_url, smb_url, kerb_url=args.kerberoast, ldap_worker_cnt=args.ldap_workers, smb_worker_cnt=args.smb_workers, mp_pool=mp_pool, smb_gather_types=['all'], progress_queue=None, show_progress=args.silent, calc_edges=True, ad_id=None, dns=args.dns, no_work_dir=args.no_work_dir, proxy=args.proxy) res, err = await gatherer.run() if err is not None: raise err elif args.command == 'auto': _, err = await run_auto(ldap_worker_cnt=args.ldap_workers, smb_worker_cnt=args.smb_workers, dns=args.dns, work_dir=work_dir, show_progress=args.silent, no_work_dir=args.no_work_dir) if err is not None: print(err) elif args.command == 'dbinit': create_db(db_conn) elif args.command == 'adinfo': from jackdaw.dbmodel.adinfo import ADInfo from jackdaw.utils.table import print_table rows = [['Ad ID', 'domain name', 'scantime']] for did, distinguishedName, creation in db_session.query( ADInfo).with_entities(ADInfo.id, ADInfo.distinguishedName, ADInfo.fetched_at).all(): name = distinguishedName.replace('DC=', '') name = name.replace(',', '.') rows.append([str(did), name, creation.isoformat()]) print_table(rows) elif args.command == 'ldap': with multiprocessing.Pool() as mp_pool: gatherer = Gatherer(db_session, work_dir, ldap_url, smb_url, ldap_worker_cnt=args.ldap_workers, smb_worker_cnt=None, mp_pool=mp_pool, smb_gather_types=['all'], progress_queue=None, show_progress=args.silent, calc_edges=args.calculate_edges, ad_id=args.ad_id, no_work_dir=args.no_work_dir, proxy=args.proxy) _, err = await gatherer.run() if err is not None: raise err elif args.command == 'kerberoast': gatherer = Gatherer(db_session, work_dir, None, None, kerb_url=args.kerberos_url, ldap_worker_cnt=None, smb_worker_cnt=None, mp_pool=None, smb_gather_types=[], progress_queue=None, show_progress=False, calc_edges=False, ad_id=args.ad_id, proxy=args.proxy) _, err = await gatherer.run() if err is not None: raise err print('Kerberoast Finished!') elif args.command in ['shares', 'sessions', 'localgroups', 'smball']: if args.command == 'smball': args.command = 'all' gatherer = Gatherer(db_session, work_dir, ldap_url, smb_url, ad_id=args.ad_id, ldap_worker_cnt=None, smb_worker_cnt=args.smb_workers, mp_pool=None, smb_gather_types=args.command, progress_queue=None, show_progress=args.silent, calc_edges=False, proxy=args.proxy) _, err = await gatherer.run() if err is not None: raise err elif args.command == 'dns': gatherer = Gatherer(db_session, work_dir, None, None, ad_id=args.ad_id, ldap_worker_cnt=None, smb_worker_cnt=None, mp_pool=None, smb_gather_types=None, progress_queue=None, show_progress=args.silent, calc_edges=False, dns=args.dns, proxy=args.proxy) _, err = await gatherer.run() if err is not None: raise err elif args.command == 'version': print('Jackdaw version: %s' % jdversion) print('MSLDAP version : %s' % ldapversion) print('AIOSMB version : %s' % smbversion) elif args.command == 'smbfiles': gatherer = SMBFileGatherer( db_session, args.ad_id, args.smb_url, worker_cnt=args.smb_workers, progress_queue=None, show_progress=True, stream_data=False, depth=args.depth, to_file=args.out_file, ) _, err = await gatherer.run() if err is not None: raise err elif args.command == 'creds': creds = JackDawCredentials(db_conn, args.domain_id) creds.add_credentials_impacket(args.impacket_file) elif args.command == 'passwords': creds = JackDawCredentials(db_conn) creds.add_cracked_passwords(args.potfile, args.disable_usercheck, args.disable_passwordcheck) elif args.command == 'uncracked': creds = JackDawCredentials(db_conn, args.domain_id) creds.get_uncracked_hashes(args.hash_type, args.history) elif args.command == 'cracked': creds = JackDawCredentials(db_conn, args.domain_id) creds.get_cracked_info() elif args.command == 'recalc': with multiprocessing.Pool() as mp_pool: gatherer = Gatherer(db_session, work_dir, None, None, mp_pool=mp_pool, progress_queue=None, show_progress=args.silent, calc_edges=True, store_to_db=True, ad_id=None, graph_id=args.graphid) _, err = await gatherer.run() if err is not None: raise err elif args.command == 'nest': from jackdaw.nest.wrapper import NestServer debug = bool(args.verbose) server = NestServer( args.sql, bind_ip=args.ip, bind_port=args.port, debug=debug, work_dir=args.work_dir, graph_backend=args.backend, ) server.run() elif args.command == 'ws': from jackdaw.nest.ws.server import NestWebSocketServer server = NestWebSocketServer(args.listen_ip, args.listen_port, args.sql, args.work_dir, args.backend, ssl_ctx=None, wsnet_router=args.wsrouter) await server.run() elif args.command == 'bhimport': from jackdaw.utils.bhimport import BHImport print( 'DISCLAIMER! This feature is still beta! Bloodhound acquires way less data than Jackdaw therefore not all functionality will work after import. Any errors during import will be silently ignored, use "-vvv" verbosity level to see all errors.' ) bh = BHImport.from_zipfile(args.bhfile) bh.db_conn = db_conn if args.verbose > 1: bh.set_debug(True) bh.run() print('Import complete!') elif args.command == 'createcache': print(args) from jackdaw.nest.functions.graph import create as creategraphcache if args.backend.upper() == 'networkx'.upper(): from jackdaw.nest.graph.backends.networkx.domaingraph import JackDawDomainGraphNetworkx graph_type = JackDawDomainGraphNetworkx elif args.backend.upper() == 'igraph'.upper(): from jackdaw.nest.graph.backends.igraph.domaingraph import JackDawDomainGraphIGraph graph_type = JackDawDomainGraphIGraph elif args.backend.upper() == 'graphtools'.upper(): from jackdaw.nest.graph.backends.graphtools.domaingraph import JackDawDomainGraphGrapthTools graph_type = JackDawDomainGraphGrapthTools session = get_session(db_conn) creategraphcache(args.graph_id, session, args.work_dir, graph_type, db_conn) except Exception as e: jdlogger.exception('main')