def main():
'''
handles user interface
'''
colors.colored_print("[*] Default target list is ./data/ip_list.txt",
colors.CYAN)
SESSION.ip_list = SESSION.init_dir + '/data/ip_list.txt'
futil.write_file(text=f"{os.getpid()}", filepath=SESSION.pidfile)
while True:
try:
if os.getcwd() != core.MECROOT:
os.chdir(core.MECROOT)
input_cmd = rlinit.prompt(session=SESSION)
try:
cmd.cmd_handler(SESSION, input_cmd)
except (KeyboardInterrupt, EOFError, SystemExit):
sys.exit(0)
except FileNotFoundError:
console.print_error(f"[-] {core.MECROOT} not found???")
sys.exit(1)
except KeyboardInterrupt:
answ = console.yes_no("\n[?] Are you sure to exit?")
if answ:
futil.check_kill_process('ss-proxy')
sys.exit(0)
else:
continue
def main():
'''
handles user interface
'''
rlinit.CMD_LIST = rlinit.readline_init(SESSION)
answ = str(
input(colors.CYAN + '[?] Use ip_list.txt as target list? [y/n] ' +
colors.END)).strip()
if answ.lower() == 'n':
os.system("ls ~/.mec/data")
SESSION.ip_list = SESSION.init_dir + '/data/' + \
console.input_check(
'[=] Choose your target IP list, eg. ip_list.txt ',
choices=os.listdir(core.MECROOT + '/data'))
while True:
try:
input_cmd = input(colors.CYAN + colors.BOLD + "\nmec > " +
colors.END)
try:
cmd.cmd_handler(SESSION, input_cmd)
except (KeyboardInterrupt, EOFError, SystemExit):
sys.exit(0)
except KeyboardInterrupt:
try:
answ = input("\n[?] Are you sure to exit? [y/n] ")
except KeyboardInterrupt:
print("\n[-] Okay okay, exiting immediately...")
futil.check_kill_process('ss-proxy')
sys.exit(0)
if answ.lower() == 'y':
futil.check_kill_process('ss-proxy')
sys.exit(0)
else:
continue
def command(self, user_cmd):
'''
passes to cmd handler
'''
cmd.cmd_handler(self, user_cmd)
def attack(self):
'''
handles attack command
'''
self.use_proxy = console.yes_no('[?] Do you wish to use proxychains?')
if self.use_proxy:
if shutil.which("proxychains4") is None:
console.print_error("proxychains4 not found")
return
cmd.cmd_handler(self, "proxy")
answ = console.input_check('\n[?] Do you wish to use\
\n\n [1] built-in exploits\
\n [2] or launch your own manually?\
\n\n[=] Your choice: ',
choices=['1', '2', 'built-in', 'manually'])
if answ in ['1', 'built-in']:
print(colors.CYAN + colors.BOLD + '\n[?] Choose a module from: ' +
colors.END + '\n')
colors.colored_print(futil.BUILT_IN, colors.GREEN)
module = console.input_check("[?] Choose your exploit module: ",
choices=futil.BUILT_IN.split('\n'),
allow_blank=False)
try:
scanner_instance = exploit_exec.EXPLOIT_DICT.get(module)(self)
if scanner_instance is None:
return
scanner_instance.scan()
return
except (EOFError, KeyboardInterrupt, SystemExit):
return
# run custom exploits
print(colors.CYAN + colors.UNDERLINE + colors.BOLD +
"\nWelcome, in here you can call your own exploit\n" +
colors.END)
cmd.run_exploits()
exploit = console.input_check(
"\n[*] Enter the path (eg. test/test) to your exploit: ",
choices=futil.list_exp())
jobs = int(
console.input_check("[?] How many processes each time? ",
check_type=int))
custom_args = console.input_check(
"[*] Addtional args for this exploit (other than `-t <target>`): "
).strip().split()
# parse user's exploit name
exec_path = exploit.split('/')[1:]
work_path = exploit.split('/')[:-1]
exec_path = '/'.join(exec_path)
work_path = '/'.join(work_path)
# args as parameter for scanner
scanner_instance = Scanner(work_path, exec_path, custom_args, jobs,
self)
# start scanner
scanner_instance.scan()
def attack(self):
'''
handles attack command
'''
self.use_proxy = console.input_check(
'[?] Do you wish to use proxychains? [y/n] ',
choices=['y', 'n']) == 'y'
if self.use_proxy:
if shutil.which("proxychains4") is None:
console.print_error("proxychains4 not found")
return
cmd.cmd_handler(self, "proxy")
answ = console.input_check(
'\n[?] Do you wish to use\
\n\n [a] built-in exploits\
\n [m] or launch your own manually?\
\n\n[=] Your choice: ',
choices=['a', 'm'])
if answ == 'a':
print(
colors.CYAN +
colors.BOLD +
'\n[?] Choose a module from: ' +
colors.END +
'\n')
colors.colored_print(futil.BUILT_IN, colors.GREEN)
module = console.input_check(
"[?] Choose your exploit module: ",
choices=futil.BUILT_IN.split('\n'),
allow_blank=False)
try:
scanner_instance = exploit_exec.EXPLOIT_DICT.get(module)(self)
if scanner_instance is None:
return
scanner_instance.scan()
except (EOFError, KeyboardInterrupt, SystemExit):
return
elif answ == 'm':
print(
colors.CYAN +
colors.UNDERLINE +
colors.BOLD +
"\nWelcome, in here you can choose your own exploit\n" +
colors.END)
colors.colored_print(
'[*] Here are available exploits:\n', colors.CYAN)
for poc in futil.list_exp():
colors.colored_print(poc + colors.END, colors.BLUE)
exploit = console.input_check(
"\n[*] Enter the path (eg. joomla/rce.py) of your exploit: ",
choices=futil.list_exp())
jobs = int(
console.input_check("[?] How many processes each time? ", check_type=int))
custom_args = []
answ = console.input_check(
"[?] Do you need a reverse shell [y/n]? ", choices=['y', 'n'])
if answ == 'y':
lhost = console.input_check(
"[*] Where do you want me to send shells? ", allow_blank=False, ip_check=True)
lport = console.input_check(
"[*] and at what port?",
check_type=int)
custom_args = ['-l', lhost, '-p', lport]
else:
pass
custom_args += console.input_check(
"[*] args for this exploit: ").strip().split()
# parse user's exploit name
exec_path = exploit.split('/')[1:]
work_path = exploit.split('/')[:-1]
exec_path = '/'.join(exec_path)
work_path = '/'.join(work_path)
# let user check if there's anything wrong
print(
colors.BLUE +
'[*] Your exploit will be executed like\n' +
colors.END,
'proxychains4 -q -f proxy.conf {} -t <target ip>'.format(
exec_path),
' '.join(custom_args))
# args as parameter for scanner
scanner_instance = Scanner(work_path, exec_path,
custom_args,
jobs, self)
# start scanner
scanner_instance.scan()
else:
console.print_error('[-] Invalid input')
