def main():
opts = AutoSploitParser().optparser()
logo()
info("welcome to autosploit, give us a little bit while we configure")
info("checking for services")
service_names = ("postgresql", "apache")
for service in list(service_names):
if not check_services(service):
choice = prompt("it appears that service {} is not enabled, would you like us to enable it for you[y/N]".format(service))
if choice.lower().startswith("y"):
if "postgre" in service:
cmdline("sudo bash {}".format(START_POSTGRESQL_PATH))
else:
cmdline("sudo bash {}".format(START_APACHE_PATH))
info("service started successfully")
else:
error("service {} is required to be started for autosploit to run, exiting".format(service.title()))
sys.exit(1)
if len(sys.argv) > 1:
info("attempting to load API keys")
loaded_tokens = load_api_keys()
AutoSploitParser().parse_provided(opts)
info("checking if there are multiple exploit files")
loaded_exploits = load_exploits(EXPLOIT_FILES_PATH)
AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits)
else:
warning("no arguments have been parsed, defaulting to terminal session. press 99 to quit and help to get help")
info("checking if there are multiple exploit files")
loaded_exploits = load_exploits(EXPLOIT_FILES_PATH)
info("attempting to load API keys")
loaded_tokens = load_api_keys()
terminal = AutoSploitTerminal(loaded_tokens)
terminal.terminal_main_display(loaded_exploits)
from autosploit.main import main
from lib.output import error
if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
error("user aborted session")
def main():
try:
opt = BucketDumpParser().optparse()
print(BANNER)
if opt.fileSearch is not None:
discovered_files = search_files(opt.fileSearch,
LOOT_DIRECTORY.format(HOME, ""))
if len(discovered_files) != 0:
info("a total of {} files matched your search".format(
len(discovered_files)))
for i, f in enumerate(discovered_files, start=1):
print("#{}. {}".format(i, f))
exit(0)
if opt.verifyProxy:
try:
real_address = check_ip_address()
address_behind_proxy = check_ip_address(proxy=opt.useProxy)
if real_address["origin"] == address_behind_proxy["origin"]:
warn(
"it appears your proxy is pointing to your local host")
else:
info("it appears that your proxy is running correctly")
except ValueError:
error(
"something went wrong during JSON conversion, unable to verify proxy"
)
if opt.getThisBucket is not None:
info("connecting to specified S3 bucket '{}'".format(
opt.getThisBucket))
spider_bucket(opt.getThisBucket,
DEFAULT_BUCKET_QUERY,
proxy=opt.useProxy,
headers=opt.extraHeaders,
limit=opt.bucketsToPull)
exit(1)
if opt.fileWithBuckets is not None:
info("reading from bucket file")
with open(opt.fileWithBuckets) as buckets:
for bucket in buckets:
try:
bucket = bucket.strip()
info("connecting to S3 bucket: '{}'".format(bucket))
spider_bucket(bucket,
DEFAULT_BUCKET_QUERY,
proxy=opt.useProxy,
headers=opt.extraHeaders,
limit=opt.bucketsToPull)
except:
warn("problem with bucket, continuing")
continue
exit(1)
if opt.searchQuery is None and opt.searchQueries is None:
import os
fatal(
"must provide a search query with `-q/--query` or the `-l/--list` flag"
)
os.system("python tadpole.py --help")
exit(1)
search_queries = []
if opt.searchQuery is not None:
search_queries.append(opt.searchQuery)
elif opt.searchQueries is not None:
info("using all queries from provided file: {}".format(
opt.searchQueries))
with open(opt.searchQueries) as data:
for item in data.readlines():
search_queries.append(item.strip())
else:
error("no search queries provided")
exit(1)
for query in search_queries:
info("searching for open s3 buckets with provided query: '{}'".
format(query))
post_data = "keywords={}".format(query)
if opt.randomAgent is not None:
agent = get_random_agent(debug=opt.runVerbose).strip()
else:
agent = DEFAULT_USER_AGENT
gathered_links = gather_bucket_links(
GRAY_HAT_WARFARE_URL,
query,
post_data=post_data,
user_agent=agent,
debug=opt.runVerbose,
proxy=opt.useProxy,
extra_headers=opt.extraHeaders,
crawl_bucket=opt.spiderFoundBucket,
download_limit=opt.bucketsToPull)
info("gathered a total of {} files from {} different bucket(s)".
format(len(gathered_links[0]), len(gathered_links[1])))
if len(gathered_links[0]) != 0:
info("downloading all discovered file(s)")
for f in gathered_links[0]:
download_files(f,
"{}/{}".format(
LOOT_DIRECTORY.format(HOME, query),
f.split("/")[2]),
debug=opt.runVerbose,
proxy=opt.useProxy)
success(
"files have been successfully downloaded into: {}".format(
LOOT_DIRECTORY.format(HOME, query)))
else:
error("no open buckets discovered with provided query")
except KeyboardInterrupt:
error("user quit")
#!/usr/bin/python3
#IMPORTS
from s2d.main import main
from lib.output import error
#MAIN
if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
error("[-] User aborter session")
def optparse():
parser = argparse.ArgumentParser(
usage=("./letmein_main -[S|W|R|u|s] [REGEX|INFO STRING]\n"
"\t\t{spacer}[-pP|iI] [PASSWORD|INFO]\n"
"\t\t{spacer}[--clean|no-prompt|answer] [ANSWER]").format(
spacer=" " * 5))
mandatory = parser.add_argument_group(
"mandatory", "arguments that must be passed to run the program")
mandatory.add_argument("-S",
"--show-all",
action="store_true",
dest="showAllStoredPasswords",
help="display all stored passwords")
mandatory.add_argument(
"-s",
"--show",
metavar="INFORMATION-STRING",
dest="showOnlyThisPassword",
help="provided the information string stored alongside the password "
"to show the stored password")
mandatory.add_argument(
"-R",
"--regex",
metavar="REGEX",
dest="regexToSearch",
help=
"provided a string that will be searched as a regular expression and pull "
"all the passwords that match the given expression")
mandatory.add_argument("-W",
"--store",
action="store_true",
dest="storeProvidedPassword",
help="store a password in the database")
mandatory.add_argument(
"-u",
"--update",
metavar="INFO",
dest="updateExistingPassword",
help=
"update an existing password by looking for the associated information string"
)
mandatory.add_argument(
"-b",
"--batch",
action="store_true",
dest="batchStore",
help="store multiple passwords instead of one at a time")
information = parser.add_argument_group(
"information", "arguments you can pass to provide information")
information.add_argument(
"-p",
"-P",
"--password",
metavar="PASSWORD",
dest="passwordToProcess",
help="provide a plaintext password to store (*default=prompt)")
information.add_argument(
"-i",
"-I",
"--info",
metavar="INFORMATION",
dest="passwordInformation",
help="provide information about the password to store alongside "
"(*default=prompt)")
misc = parser.add_argument_group(
"misc", "arguments that don't fit into any other category")
misc.add_argument("--clean",
action="store_true",
dest="cleanHomeFolder",
help="erase everything in the home folder")
misc.add_argument(
"--no-prompt",
action="store_false",
dest="doNotPrompt",
help="don't prompt to display the passwords in plaintext")
misc.add_argument(
"--answer",
metavar="ANSWER",
default="n",
dest="promptAnswer",
help="pass the prompt answer in conjunction with `--no-prompt`")
misc.add_argument("--reset-master",
action="store_true",
dest="resetAllMasters",
help="reset your master key and password")
misc.add_argument("--version",
action="store_true",
dest="showVersionNumber",
help="show the version number and exit")
opts = parser.parse_args()
if len(sys.argv) == 1:
error("no arguments passed, dropping to help page")
time.sleep(1.5)
parser.print_help()
exit(1)
return opts
def main():
opts = AutoSploitParser().optparser()
logo()
info("welcome to autosploit, give us a little bit while we configure")
# verify if we are running python 2.X
misc_info("checking python version")
if not sys.version_info[
0] == 2: # if we are not running a python version 2.X
error(
"Your Python installation seems to be incompatible with AutoSploit. You should try using Python 2.x"
)
exit()
misc_info("checking for disabled services")
# according to ps aux, postgre and apache2 are the names of the services
service_names = ("postgres", "apache2")
for service in list(service_names):
while not check_services(service):
choice = prompt(
"it appears that service {} is not enabled, would you like us to enable it for you[y/N]"
.format(service.title()))
if choice.lower().startswith("y"):
try:
if "postgre" in service:
cmdline("sudo bash {}".format(START_POSTGRESQL_PATH))
else:
cmdline("sudo bash {}".format(START_APACHE_PATH))
# moving this back because it was funky to see it each run
info("services started successfully")
# this tends to show up when trying to start the services
# I'm not entirely sure why, but this fixes it
except psutil.NoSuchProcess:
pass
else:
error(
"service {} is required to be started for autosploit to run successfully (you can do it manually "
"by using the command `sudo service {} start`), exiting".
format(service.title(), service))
sys.exit(1)
if len(sys.argv) > 1:
info("attempting to load API keys")
loaded_tokens = load_api_keys()
AutoSploitParser().parse_provided(opts)
misc_info("checking if there are multiple exploit files")
loaded_exploits = load_exploits(EXPLOIT_FILES_PATH)
AutoSploitParser().single_run_args(opts, loaded_tokens,
loaded_exploits)
else:
warning(
"no arguments have been parsed, defaulting to terminal session. press 99 to quit and help to get help"
)
misc_info("checking if there are multiple exploit files")
loaded_exploits = load_exploits(EXPLOIT_FILES_PATH)
info("attempting to load API keys")
loaded_tokens = load_api_keys()
terminal = AutoSploitTerminal(loaded_tokens)
terminal.terminal_main_display(loaded_exploits)
def main():
try:
opt = LetMeInParser().optparse()
if opt.showVersionNumber:
from lib.settings import VERSION_STRING, VERSION
print(VERSION.format(VERSION_STRING))
exit(0)
print(BANNER)
info("initializing")
_, stored_password = store_key(MAIN_DIR)
if not compare(stored_password):
secure_delete(MAIN_DIR)
warning("ALL DATA HAS BEEN REMOVED")
else:
stored_key, _ = store_key(MAIN_DIR, grab_key=True)
info("password accepted!")
conn, cursor = SQL(db_file=DATABASE_FILE).create_connection()
if opt.showAllStoredPasswords:
password_data = SQL(cursor=cursor).select_all_data()
if password_data is not None:
info("gathered {} password(s) total".format(len(password_data)))
info("decrypting stored information")
display_formatted_list_output(
password_data, stored_key, prompting=opt.doNotPrompt, answer=opt.promptAnswer
)
else:
fatal("received no password data from the database, is there anything in there?")
if opt.showOnlyThisPassword is not None:
results = SQL(information=opt.showOnlyThisPassword, cursor=cursor).show_single_password()
if len(results) == 0:
warning("no information could be found with the provided string, you should check all first")
else:
info("found what you are looking for")
try:
display_formatted_list_output(
results, stored_key, prompting=opt.doNotPrompt, answer=opt.promptAnswer
)
except TypeError:
print("INFO: {}\tSTORED PASSWORD: {}\n\n{}".format(
results[0], AESCipher(stored_key).decrypt(results[1]), "-" * 30
))
if opt.storeProvidedPassword:
if opt.passwordInformation is not None:
password_information = opt.passwordInformation
else:
password_information = prompt("enter the information string associated with this password: "******"enter the password to store: ", hide=True)
encrypted_password = AESCipher(stored_key).encrypt(password)
status = SQL(
connection=conn, cursor=cursor, information=password_information,
enc_password=encrypted_password, regex=password_information
).create_new_row()
if status == "ok":
info("password stored successfully")
elif status == "exists":
warning(
"provided information already exists in the database. "
"if you are trying to update the information use the `-u/--update` switch"
)
else:
fatal("unable to add row to database, received an error: {}".format(status))
if opt.regexToSearch is not None:
data = SQL(regex=opt.regexToSearch, connection=conn, cursor=cursor).display_by_regex()
if len(data) == 0:
error("no items matched your search")
else:
info("a total of {} item(s) matched your search".format(len(data)))
display_formatted_list_output(
data, stored_key, prompting=opt.doNotPrompt, answer=opt.promptAnswer
)
if opt.updateExistingPassword is not None:
apparent_possible_passwords = SQL(
regex=opt.updateExistingPassword, connection=conn, cursor=cursor
).display_by_regex()
if len(apparent_possible_passwords) == 0:
fatal("no apparent existing passwords found with given string")
else:
info("{} possible passwords found to edit".format(len(apparent_possible_passwords)))
for i, item in enumerate(apparent_possible_passwords):
print("[{}] {}".format(i, item[0]))
choice = prompt("choose an item to edit[0-{}]: ".format(len(apparent_possible_passwords) - 1))
if int(choice) in range(len(apparent_possible_passwords)):
information = prompt("enter the new information for the update: ")
password = prompt("enter the new password to update: ", hide=True)
result = SQL(
connection=conn, cursor=cursor,
to_update=(information, AESCipher(stored_key).encrypt(password)),
information=apparent_possible_passwords[int(choice)]
).update_existing_column()
if result == "ok":
info("password updated successfully")
else:
fatal("issue updating password: {}".format(result))
if opt.batchStore:
stored_items = []
to_store = create_data_tuples(stored_key)
for item in to_store:
res = SQL(
connection=conn, cursor=cursor, information=item[0], enc_password=item[1]
).create_new_row(regex=item[0])
stored_items.append(res)
amount_stored = len([r for r in stored_items if r == "ok"])
amount_not_stored = len([r for r in stored_items if r == "exists"])
info("{} password(s) stored in database ({} already existed in database)".format(
amount_stored, amount_not_stored
))
if opt.cleanHomeFolder:
secure_delete(MAIN_DIR)
info("all data has been deleted")
clear_cache(LETMEIN_CACHE)
exit(0)
except KeyboardInterrupt:
error("user quit")
