diff --git a/requirements.txt b/requirements.txt index 22c660b..d39ebf9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13,3 +13,4 @@ requests==2.28.1 scapy==2.4.5+g9420c22 SocksiPy_branch==1.01 urllib3==1.26.12 +user-agent==0.1.14 \ No newline at end of file diff --git a/tools/exploits/git-dumper.py b/tools/exploits/git-dumper.py index d043d7d..3fe7519 100755 --- a/tools/exploits/git-dumper.py +++ b/tools/exploits/git-dumper.py @@ -17,8 +17,12 @@ import dulwich.objects import dulwich.pack import requests import socks +import user_agent -USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36" +from urllib3.exceptions import InsecureRequestWarning +requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) + +USER_AGENT = user_agent.generate_user_agent() def printf(fmt, *args, file=sys.stdout): if args: diff --git a/tools/misc/web_template.py b/tools/misc/web_template.py index 9274ccd..8df4de9 100755 --- a/tools/misc/web_template.py +++ b/tools/misc/web_template.py @@ -12,7 +12,8 @@ def generate_template(base_url, features): imports = [ "os", "io", "re", "sys", "json", "time", "base64", "requests", - "subprocess", "urllib.parse" + "subprocess", "urllib.parse", + "user_agent" ] partial_imports = { @@ -22,6 +23,8 @@ def generate_template(base_url, features): "urllib3.exceptions": ["InsecureRequestWarning"] } + class_definitions = [] + main_code = [] methods = [] ip_address_arg = next(filter(lambda f: re.match(r"ip_address=(.*)", f), features), None) @@ -29,7 +32,8 @@ def generate_template(base_url, features): variables = { "IP_ADDRESS": ip_address, - "BASE_URL": f'"{base_url}" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"' + "BASE_URL": f'"{base_url}" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"', + "USER_AGENT": "user_agent.generate_user_agent()" } proxy_arg = next(filter(lambda f: re.match(r"proxy=(.*)", f), features), None) @@ -67,48 +71,60 @@ def generate_template(base_url, features): if "verify" not in kwargs: kwargs["verify"] = False + + headers = kwargs.get("headers", {{}}) + headers["User-Agent"] = USER_AGENT + kwargs["headers"] = headers {proxy} url = {full_url} return client.request(method, url, **kwargs) """) if "register" in features or "account" in features: - main_code.append("""if not register(USERNAME, PASSWORD): + main_code.append("""if not register(USER): exit(1) """) - variables["USERNAME"] = '"Blindhero"' - variables["PASSWORD"] = '"test1234"' methods.append(""" -def register(username, password): - res = request("POST", "/register", data={"username": username, "password": password}) +def register(user): + res = request("POST", "/register", data={"username": user.username, "password": user.password}) if res.status_code != 200: print("[-] Error registering") - exit() + return False return True """) if "login" in features or "account" in features: - main_code.append("""session = login(USERNAME, PASSWORD) + main_code.append("""session = login(USER) if not session: exit(1) """) - variables["USERNAME"] = '"username"' - variables["PASSWORD"] = '"password"' + variables["USER"] = 'User("username", "password")' + class_definitions.append(""" +class User: + def __init__(self, username, password): + self.username = username + self.password = password + def tobase64(self): + return base64.b64encode(f"{self.username}:{self.password}".encode()).decode() + def get_basic_auth(self): + return "Basic " + self.tobase64() +""") + methods.append(""" -def login(username, password): +def login(user): session = requests.Session() - res = request("POST", "/login", data={"username": username, "password": password}, session=session) + res = request("POST", "/login", data={"username": user.username, "password": user.password}, session=session) if res.status_code != 200: print("[-] Error logging in") - exit() + return None return session """) if "sqli" in features: - partial_imports["hackingscripts.sqli"] = ["MySQLi", "PostgreSQLi", "BlindSQLi", "ReflectedSQLi"] - methods.append(""" + partial_imports["hackingscripts.utils.sqli"] = ["MySQLi", "PostgreSQLi", "BlindSQLi", "ReflectedSQLi"] + class_definitions.append(""" class ReflectedSQLiPoC(MySQLi, ReflectedSQLi): def __init__(self): # TODO: specify reflected columns with their types @@ -117,7 +133,7 @@ class ReflectedSQLiPoC(MySQLi, ReflectedSQLi): # TODO: build query and extract columns from response return None """) - methods.append(""" + class_definitions.append(""" class BlindSQLiPoC(MySQLi, BlindSQLi): def blind_sqli(self, condition: str, verbose=False) -> bool: # TODO: build query and evaluate condition @@ -153,6 +169,7 @@ if __name__ == "__main__": imports = "\n".join(f"import {i}" for i in sorted(imports, key=len)) imports += "\n" + "\n".join(sorted(list(f"from {p} import {', '.join(i)}" for p, i in partial_imports.items()), key=len)) + class_definitions = "\n".join(class_definitions) variables = "\n".join(f"{k} = {v}" for k, v in variables.items()) header = f"""#!/usr/bin/env python @@ -163,7 +180,7 @@ if __name__ == "__main__": {imports} requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) - +{class_definitions} {variables} """ diff --git a/tools/scanner/phpinfo-analyzer.py b/tools/scanner/phpinfo-analyzer.py index 095ce99..1374221 100755 --- a/tools/scanner/phpinfo-analyzer.py +++ b/tools/scanner/phpinfo-analyzer.py @@ -16,7 +16,7 @@ def analyze(soup): if len(tds) != 3: continue - label, local, master = tds + label, local, master = tds if local.text != master.text: print(f"[+] {label.text} differs. local={local.text} master={master.text}")