Merge pull request #1162 from NullArray/dev-beta

Version 3.1.5

api_calls/honeyscore_hook.py

@@ -1,5 +1,4 @@
 import requests
-from bs4 import BeautifulSoup
 
 
 class HoneyHook(object):

autosploit/main.py

@@ -24,6 +24,7 @@
     EXPLOIT_FILES_PATH,
     START_SERVICES_PATH,
     save_error_to_file,
+    stop_animation
 )
 from lib.jsonize import (
     load_exploits,
@@ -115,6 +116,10 @@ def main():
             terminal = AutoSploitTerminal(loaded_tokens, loaded_exploits)
             terminal.terminal_main_display(loaded_tokens)
     except Exception as e:
+        global stop_animation
+
+        stop_animation = True
+
         import traceback
 
         print(
@@ -128,4 +133,3 @@ def main():
         error_class = str(e.__class__).split(" ")[1].split(".")[1].strip(">").strip("'")
         error_file = save_error_to_file(str(error_traceback), str(e), error_class)
         request_issue_creation(error_file, hide_sensitive(), str(e))
-

dryrun_autosploit.sh → drysploit.sh

@@ -1,15 +1,16 @@
 #!/usr/bin/env bash
 
+#
+# this script dryruns autosploit. That's it, nothing special just a dry run
+#
+
 
 if [[ $# -lt 1 ]]; then
     echo "Syntax:"
-    echo -e "\t./dryrun_autosploit.sh <search_query> [whitelist]"
+    echo -e "\t./drysploit.sh <search_query> [whitelist]"
 	exit 1
 fi
 
-echo -e "[!] Make sure you are not on your localhost while running this script, press enter to continue";
-read
-
 WHITELIST=$2
 SEARCH_QUERY=$1
 LPORT=4444

etc/json/default_fuzzers.json

@@ -1,6 +1,5 @@
 {
   "exploits": [
-    "auxiliary/fuzzers/dns/dns_fuzzer",
     "auxiliary/fuzzers/ftp/client_ftp",
     "auxiliary/fuzzers/ftp/ftp_pre_post",
     "auxiliary/fuzzers/http/http_form_field",

etc/text_files/ethics.lst

@@ -11,4 +11,5 @@
 "My fear is that this has magnified the attack surface, and made it so that every exposed service on the internet will be scanned and probed on a near-constant basis by an entirely new set of attackers."
 "The release of tools like these exponentially expands the threat landscape by allowing a wider group of hackers to launch global attacks at will"
 "Good to know we’ve weaponized for the masses. Everyone can now be a script kiddie simply by plugging, playing and attacking."
-"The fact that something is really easy, does not make unauthorized computer access any less a crime. And tools like this leave a forensic footprint that is miles wide. Yes, you can compromise poorly protected systems very easily with this tool, but you can also end up in a lot of trouble."
+"The fact that something is really easy, does not make unauthorized computer access any less a crime. And tools like this leave a forensic footprint that is miles wide. Yes, you can compromise poorly protected systems very easily with this tool, but you can also end up in a lot of trouble."
+"I can't believe it's not skidware!"

etc/text_files/nmap_options.lst

@@ -0,0 +1,108 @@
+-iL
+-iR
+--exclude
+--excludefile
+-sL
+-sn
+-Pn
+-PS
+-PA
+-PU
+-PY
+-PE
+-PP
+-PM
+-PO
+-n
+-R
+--dns-servers
+--system-dns
+--traceroute
+-sS
+-sT
+-sA
+-sW
+-sM
+-sU
+-sN
+-sF
+-sX
+--scanflags
+-sI
+-sY
+-sZ
+-sO
+-b
+-p
+--exclude-ports
+-F
+-r
+--top-ports
+--port-ratio
+-sV
+--version-intensity
+--version-light
+--version-all
+--version-trace
+-sC
+--script
+--script-args
+--script-args-file
+--script-trace
+--script-updatedb
+--script-help
+-O
+--osscan-limit
+--osscan-guess
+-T
+--min-hostgroup
+--max-hostgroup
+--min-parallelism
+--max-parallelism
+--min-rtt-timeout
+--max-rtt-timeout
+--initial-rtt-timeout
+--max-retries
+--host-timeout
+--scan-delay
+--max-scan-delay
+--min-rate
+--max-rate
+-f
+--mtu
+-D
+-S
+-e
+-g
+--source-port
+--proxies
+--data
+--data-string
+--data-length
+--ip-options
+--ttl
+--spoof-mac
+--badsum
+-oN
+-oX
+-oS
+-oG
+-oA
+-v
+-d
+--reason
+--open
+--packet-trace
+--iflist
+--append-output
+--resume
+--stylesheet
+--webxml
+--no-stylesheet
+-6
+-A
+--datadir
+--send-eth/--send-ip
+--privileged
+--unprivileged
+-V

install.sh

@@ -88,7 +88,7 @@ function install () {
             installOSX;
             ;;
         *)
-            echo "Unable to detect operating system that is compatible with AutoSploit...";
+            echo "Unable to detect an operating system that is compatible with AutoSploit...";
             ;;
     esac
     echo "";

lib/banner.py

@@ -1,7 +1,7 @@
 import os
 import random
 
-VERSION = "3.1.2"
+VERSION = "3.1.5"
 
 
 def banner_1(line_sep="#--", space=" " * 30):

lib/cmdline/cmd.py

@@ -25,10 +25,10 @@ def optparser():
         """
 
         parser = argparse.ArgumentParser(
-            usage="python autosploit.py -[c|z|s|a] -[q] QUERY\n"
-                  "{spacer}[-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH\n"
-                  "{spacer}[--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH\n"
-                  "{spacer}[--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT".format(
+            usage="python autosploit.py -c[z|s|a] -q QUERY [-O|A]\n"
+                  "{spacer}[-C WORKSPACE LHOST LPORT] [-e] [--whitewash PATH] [-H]\n"
+                  "{spacer}[--ruby-exec] [--msf-path] PATH [-E EXPLOIT-FILE-PATH]\n"
+                  "{spacer}[--rand-agent] [--proxy PROTO://IP:PORT] [-P AGENT] [-D QUERY,QUERY,..]".format(
                     spacer=" " * 28
             )
         )
@@ -42,8 +42,10 @@ def optparser():
         se.add_argument("-a", "--all", action="store_true", dest="searchAll",
                         help="search all available search engines to gather hosts")
         save_results_args = se.add_mutually_exclusive_group(required=False)
-        save_results_args.add_argument("-O", "--overwrite", action="store_true", dest="overwriteHosts",
-                        help="When specified, start from scratch by overwriting the host file with new search results.")
+        save_results_args.add_argument(
+            "-O", "--overwrite", action="store_true", dest="overwriteHosts",
+            help="When specified, start from scratch by overwriting the host file with new search results."
+        )
         save_results_args.add_argument("-A", "--append", action="store_true", dest="appendHosts",
                                        help="When specified, append discovered hosts to the host file.")
 
@@ -65,7 +67,7 @@ def optparser():
         exploit.add_argument("-e", "--exploit", action="store_true", dest="startExploit",
                              help="start exploiting the already gathered hosts")
         exploit.add_argument("-d", "--dry-run", action="store_true", dest="dryRun",
-                             help="Do not launch metasploit's exploits. Do everything else. msfconsole is never called.")
+                             help="msfconsole will never be called when this flag is passed")
         exploit.add_argument("-f", "--exploit-file-to-use", metavar="PATH", dest="exploitFile",
                              help="Run AutoSploit with provided exploit JSON file.")
         exploit.add_argument("-H", "--is-honeypot", type=float, default=1000, dest="checkIfHoneypot", metavar="HONEY-SCORE",
@@ -79,7 +81,7 @@ def optparser():
         misc.add_argument("--ethics", action="store_true", dest="displayEthics",
                           help=argparse.SUPPRESS)  # easter egg!
         misc.add_argument("--whitelist", metavar="PATH", dest="whitelist",
-                             help="only exploit hosts listed in the whitelist file")
+                          help="only exploit hosts listed in the whitelist file")
         misc.add_argument("-D", "--download", nargs="+", metavar="SEARCH1 SEARCH2 ...", dest="downloadModules",
                           help="download new exploit modules with a provided search flag")
         opts = parser.parse_args()

lib/creation/ip_generator.py

@@ -0,0 +1,66 @@
+import socket
+import itertools
+
+from multiprocessing import Pool
+
+
+def generate_ip_range(selected_range):
+    """
+    generate an IP address range from each provided node.
+    for example `10.0.1-10.1-10` will return a generator
+    object that has IP `10.0.1.1 - 10.0.10.10` in it
+    """
+    octets = selected_range.split(".")
+    chunks = [map(int, octet.split("-")) for octet in octets]
+    ranges = [range(c[0], c[1] + 1) if len(c) == 2 else c for c in chunks]
+    for address in itertools.product(*ranges):
+        yield ".".join(map(str, address))
+
+
+def check_ip_alive(ip):
+    """
+    efficiently check if an IP address is alive or not
+    by using the socket.gethostbyaddr function
+    """
+    def is_valid_ip(ip):
+        try:
+            socket.inet_aton(ip)
+            return True
+        except:
+            return False
+
+    try:
+        if not is_valid_ip(ip):
+            return False
+        else:
+            return socket.gethostbyaddr(ip)
+    except socket.herror:
+        return False
+
+
+def check_ip_wrapper(generated_ips, limit=250):
+    """
+    multiprocess the check_ip_alive function in order
+    to proces a large amount of IP addresses quickly
+    """
+    alive_ips = []
+    ips_to_use = []
+    i = 0
+    proc_pool = Pool(processes=35)
+
+    for ip in generated_ips:
+        ips_to_use.append(ip)
+        i += 1
+        if i == limit:
+            break
+    for ip in ips_to_use:
+        try:
+            result = proc_pool.apply_async(check_ip_alive, args=(ip,)).get()
+            if not result:
+                pass
+            else:
+                alive_ips.append(ip)
+        except Exception:
+            pass
+    proc_pool.close()
+    return alive_ips

lib/creation/issue_creator.py

@@ -78,7 +78,7 @@ def check_version_number(current_version):
     try:
         req = requests.get("https://raw.githubusercontent.com/NullArray/AutoSploit/master/lib/banner.py")
         available_version = version_checker.search(req.content).group().split("=")[-1].split('"')[1]
-        if available_version != current_version:
+        if available_version > current_version:
             return False
         return True
     except Exception:
@@ -168,15 +168,25 @@ def hide_sensitive():
     args = sys.argv
     for item in sys.argv:
         if item in sensitive:
-            # TODO:/ we need to block the IP addresses in the -C argument
-            try:
-                item_index = args.index(item) + 1
-                hidden = ''.join([x.replace(x, "*") for x in str(args[item_index])])
-                args.pop(item_index)
-                args.insert(item_index, hidden)
+            if item in ["-C", "--config"]:
+                try:
+                    item_index = args.index("-C") + 1
+                except ValueError:
+                    item_index = args.index("--config") + 1
+                for _ in range(3):
+                    hidden = ''.join([x.replace(x, '*') for x in str(args[item_index])])
+                    args.pop(item_index+_)
+                    args.insert(item_index, hidden)
                 return ' '.join(args)
-            except:
-                return ' '.join([item for item in sys.argv])
+            else:
+                try:
+                    item_index = args.index(item) + 1
+                    hidden = ''.join([x.replace(x, "*") for x in str(args[item_index])])
+                    args.pop(item_index)
+                    args.insert(item_index, hidden)
+                    return ' '.join(args)
+                except:
+                    return ' '.join([item for item in sys.argv])
 
 
 def request_issue_creation(path, arguments, error_message):

lib/errors.py

@@ -1 +1,7 @@
-class AutoSploitAPIConnectionError(Exception): pass
+class AutoSploitAPIConnectionError(Exception): pass
+
+
+class NmapNotFoundException(Exception): pass
+
+
+class NmapScannerError(Exception): pass