From 94d17d74ae149fa94ce6652618a4d0729b7d0190 Mon Sep 17 00:00:00 2001
From: atucom <466817+atucom@users.noreply.github.com>
Date: Thu, 29 Mar 2018 09:00:35 -0500
Subject: [PATCH 1/4] Added whitelist arg and modified the Exploiter call

---
 lib/cmdline/cmd.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/cmdline/cmd.py b/lib/cmdline/cmd.py
index ec0d9ea..55425a2 100644
--- a/lib/cmdline/cmd.py
+++ b/lib/cmdline/cmd.py
@@ -67,6 +67,8 @@ def optparser():
                           help="pass the path to your framework if it is not in your ENV PATH")
         misc.add_argument("--ethics", action="store_true", dest="displayEthics",
                           help=argparse.SUPPRESS)  # easter egg!
+        misc.add_argument("--whitelist", metavar="PATH", dest="whitelist",
+                             help="only exploit hosts listed in the whitelist file")
         opts = parser.parse_args()
         return opts
 
@@ -160,10 +162,13 @@ def single_run_args(opt, keys, loaded_modules):
                 keys["censys"][1], keys["censys"][0], opt.searchQuery, proxy=headers[0], agent=headers[1]
             ).censys()
         if opt.startExploit:
+            hosts = open(lib.settings.HOST_FILE).readlines()
+            if opt.whitelist:
+                hosts = lib.exploitation.exploiter.whitelist_wash(hosts, whitelist_file=opt.whitelist)
             lib.exploitation.exploiter.AutoSploitExploiter(
                 opt.msfConfig,
                 loaded_modules,
-                open(lib.settings.HOST_FILE).readlines(),
+                hosts,
                 ruby_exec=opt.rubyExecutableNeeded,
                 msf_path=opt.pathToFramework
             ).start_exploit()

From e94c1abd1216dc5e15d02e7fc301e8f48e87cc3d Mon Sep 17 00:00:00 2001
From: atucom <466817+atucom@users.noreply.github.com>
Date: Thu, 29 Mar 2018 09:02:02 -0500
Subject: [PATCH 2/4] added the whitelist_wash function

---
 lib/exploitation/exploiter.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/lib/exploitation/exploiter.py b/lib/exploitation/exploiter.py
index f8cdc16..3525e5f 100644
--- a/lib/exploitation/exploiter.py
+++ b/lib/exploitation/exploiter.py
@@ -1,6 +1,22 @@
 import lib.settings
 import lib.output
 
+def whitelist_wash(hosts, whitelist_file):
+    """
+    remove IPs from hosts list that do not appear in WHITELIST_FILE
+    """
+    whitelist_hosts = open(whitelist_file).readlines()
+    lib.output.info('Found {} entries in whitelist.txt, scrubbing'.format(str(len(whitelist_hosts))))
+    washed_hosts = []
+    #return supplied hosts if whitelist file is empty
+    if len(whitelist_hosts) == 0:
+        return hosts
+    else:
+        for host in hosts:
+            if host in whitelist_hosts:
+                washed_hosts.append(host)
+
+    return washed_hosts
 
 class AutoSploitExploiter(object):
 

From da399f4767ce87751c69a427095cdfa932fbd856 Mon Sep 17 00:00:00 2001
From: atucom <466817+atucom@users.noreply.github.com>
Date: Thu, 29 Mar 2018 11:14:59 -0500
Subject: [PATCH 3/4] added whitelist prompt to terminal

---
 lib/term/terminal.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/lib/term/terminal.py b/lib/term/terminal.py
index f8766bc..292ece8 100644
--- a/lib/term/terminal.py
+++ b/lib/term/terminal.py
@@ -169,10 +169,19 @@ def exploit_gathered_hosts(self, loaded_mods, hosts=None):
         """
         ruby_exec = False
         msf_path = None
+        whitelist_file = lib.output.prompt("specify full path to a whitelist file, otherwise hit enter", lowercase=False)
         if hosts is None:
-            host_file = open(self.host_path).readlines()
+            if whitelist_file is not "":
+                # If whitelist is specified, return a washed hosts list
+                host_file = lib.exploitation.exploiter.whitelist_wash(open(self.host_path).readlines(), whitelist_file)
+            else:
+                host_file = open(self.host_path).readlines()
         else:
-            host_file = open(hosts).readlines()
+            if whitelist_file is not "":
+                # If whitelist is specified, return a washed hosts list
+                host_file = lib.exploitation.exploiter.whitelist_wash(open(hosts).readlines(), whitelist_file)
+            else:
+                host_file = open(hosts).readlines()
         if not lib.settings.check_for_msf():
             msf_path = lib.output.prompt(
                 "it appears that MSF is not in your PATH, provide the full path to msfconsole"

From 8519a22167ea2c19e94ee313cbb55ef9497cc3e7 Mon Sep 17 00:00:00 2001
From: atucom <466817+atucom@users.noreply.github.com>
Date: Thu, 29 Mar 2018 12:06:25 -0500
Subject: [PATCH 4/4] added check for isspace()

---
 lib/term/terminal.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/term/terminal.py b/lib/term/terminal.py
index 292ece8..c0bf2da 100644
--- a/lib/term/terminal.py
+++ b/lib/term/terminal.py
@@ -171,13 +171,13 @@ def exploit_gathered_hosts(self, loaded_mods, hosts=None):
         msf_path = None
         whitelist_file = lib.output.prompt("specify full path to a whitelist file, otherwise hit enter", lowercase=False)
         if hosts is None:
-            if whitelist_file is not "":
+            if whitelist_file is not "" and not whitelist_file.isspace():
                 # If whitelist is specified, return a washed hosts list
                 host_file = lib.exploitation.exploiter.whitelist_wash(open(self.host_path).readlines(), whitelist_file)
             else:
                 host_file = open(self.host_path).readlines()
         else:
-            if whitelist_file is not "":
+            if whitelist_file is not "" and not whitelist_file.isspace():
                 # If whitelist is specified, return a washed hosts list
                 host_file = lib.exploitation.exploiter.whitelist_wash(open(hosts).readlines(), whitelist_file)
             else: