moby.rb 1.0.0

data/lib/Moby/Backends/SeleniumBackend.rb

@@ -0,0 +1,236 @@
+# lib/Moby/Backends/SeleniumBackend.rb
+# Moby::Backends::SeleniumBackend
+
+require 'selenium-webdriver'
+
+require_relative '../Selenium/WebDriver/Driver/Attempt/attempt'
+require_relative '../Selenium/WebDriver/SearchContext/ElementPresentQ/element_presentQ'
+
+class Moby
+  module Backends
+    class SeleniumBackend
+      def counter_phish
+        set_up_driver
+        navigate_to_target
+        repeatedly_fill_and_submit_login_form
+      ensure
+        cleanup_driver unless @config.debug?
+      end
+
+      private
+
+      def initialize(config:, random_input_generator:)
+        @config = config
+        @random_input_generator = random_input_generator
+        @driver = nil
+      end
+
+      def driver
+        puts "Setting up #{@config.browser} driver..." if @config.verbose
+        case @config.browser.to_sym
+        when :chrome
+          options = Selenium::WebDriver::Chrome::Options.new
+          options.add_argument('--headless') unless @config.debug
+          options.add_argument('--disable-gpu')
+          options.add_argument('--no-sandbox')
+          options.add_argument("user-agent=#{@config.user_agent}") if @config.user_agent
+          @driver = Selenium::WebDriver.for(:chrome, options: options)
+        when :firefox
+          options = Selenium::WebDriver::Firefox::Options.new
+          options.add_argument('--headless') unless @config.debug
+          options.add_preference('general.useragent.override', @config.user_agent) if @config.user_agent
+          @driver = Selenium::WebDriver.for(:firefox, options: options)
+        else
+          @driver = Selenium::WebDriver.for(@config.browser)
+        end
+        puts "Driver setup complete." if @config.verbose?
+      end
+      alias_method :set_up_driver, :driver
+
+      def navigate_to_target
+        puts "Navigating to #{@config.url}..." if @config.verbose?
+        @driver.attempt do
+          @driver.get(@config.url)
+          wait_for_page_load
+        end
+        puts "Page loaded successfully." if @config.verbose?
+      end
+
+      def wait_for_page_load
+        wait = Selenium::WebDriver::Wait.new(timeout: 10)
+        wait.until do
+          @driver.execute_script('return document.readyState') == 'complete'
+        end
+      end
+
+      def form
+        @form ||= (
+          if @config.using_form_name?
+            find_form_by_name
+          else
+            find_form_by_number
+          end
+        )
+      end
+
+      def repeatedly_fill_and_submit_login_form
+        start_time = Time.now
+        puts "moby session begun #{start_time}."
+        submission_count = 0
+        begin
+          if @config.fixed_number_of_submissions?
+            @config.iterations.times do |iteration|
+              fill_and_submit_login_form
+              submission_count += 1
+              puts "Submission #{submission_count} of #{@config.iterations}." if @config.verbose?
+            end
+            puts "Successfully completed #{@config.iterations} submissions." if @config.verbose?
+          else
+            loop do
+              fill_and_submit_login_form
+              submission_count += 1
+              puts "#{submission_count} #{username}:#{password}" if @config.verbose?
+            end
+          end
+        ensure
+          finish_time = Time.now
+          time_delta_in_minutes = (finish_time - start_time) / 60
+          submissions_per_minute = submission_count / time_delta_in_minutes
+          puts "moby session terminated #{finish_time} with #{submission_count} counter-phishes served in #{time_delta_in_minutes} minutes for an average of #{submissions_per_minute} submissions per minute."
+        end
+      end
+
+      def fill_and_submit_login_form
+        puts "Filling with: #{username}:#{password}" if @config.verbose?
+        driver.navigate.to(@config.url)
+        wait_for_page_load
+        driver.attempt do
+          username_field.clear
+          username_field.send_keys(username)
+          password_field.clear
+          password_field.send_keys(password)
+          submit_form(form)
+        end
+        sleep @config.delay if @config.delay > 0
+      end
+
+      def find_form_by_name
+        name = @config.form_name
+        selectors = [
+          [:name, name],
+          [:id, name],
+          [:css, "form[name='#{name}']"],
+          [:css, "form##{name}"]
+        ]
+        selectors.each do |type, selector|
+          if @driver.element_present?(type, selector)
+            return @driver.find_element(type, selector)
+          end
+        end
+        raise("Could not find a form with the name or id of #{@config.form_name}.")
+      end
+
+      def find_form_by_number
+        index = @config.form_number
+        forms = @driver.find_elements(:tag_name, 'form')
+        return forms[index] if forms[index]
+        raise("Could not find a form at index #{@config.form_number}.")
+      end
+
+      def username
+        @random_input_generator.random_username
+      end
+
+      def password
+        @random_input_generator.random_password
+      end
+
+      def username_field
+        @username_field ||= (
+          if @config.using_username_field_name?
+            find_username_field_by_name
+          else
+            find_username_field_by_number
+          end
+        )
+      end
+
+      def password_field
+        @password_field ||= (
+          if @config.using_password_field_name?
+            find_password_field_by_name
+          else
+            find_password_field_by_number
+          end
+        )
+      end
+
+      def find_username_field_by_name
+        name = @config.username_field_name
+        selectors = [
+          [:name, name],
+          [:id, name],
+          [:css, "input[name='#{name}']"],
+          [:css, "input##{name}"]
+        ]
+        selectors.each do |type, selector|
+          begin
+            element = form.find_element(type, selector)
+            return element if element
+          rescue Selenium::WebDriver::Error::NoSuchElementError
+            next
+          end
+        end
+        raise("Could not find username field: #{@config.username_field_name}")
+      end
+
+      def find_username_field_by_number
+        index = @config.username_field_number
+        inputs = form.find_elements(:tag_name, 'input')
+        inputs[index] ||
+          raise("Could not find username field at index #{index}")
+      end
+
+      def find_password_field_by_name
+        name = @config.password_field_name
+        selectors = [
+          [:name, name],
+          [:id, name],
+          [:css, "input[name='#{name}']"],
+          [:css, "input##{name}"]
+        ]
+        selectors.each do |type, selector|
+          begin
+            element = form.find_element(type, selector)
+            return element if element
+          rescue Selenium::WebDriver::Error::NoSuchElementError
+            next
+          end
+        end
+        raise("Could not find password field: #{@config.password_field_name}")
+      end
+
+      def find_password_field_by_number
+        index = @config.password_field_number
+        inputs = form.find_elements(:tag_name, 'input')
+        inputs[index] ||
+          raise("Could not find password field at index #{index}")
+      end
+
+      def submit_form(form)
+        begin
+          submit_button = form.find_element(:css, "input[type='submit'], button[type='submit'], button")
+          submit_button.click
+        rescue
+          form.submit
+        end
+        sleep 0.5
+      end
+
+      def cleanup_driver
+        @driver.quit if @driver
+        puts "Driver closed." if @config.verbose?
+      end
+    end
+  end
+end

data/lib/Moby/Configuration.rb

@@ -0,0 +1,113 @@
+# lib/Moby/Configuration.rb
+# Moby::Configuration
+
+require 'mechanize'
+
+class Moby
+  class Configuration
+    AVAILABLE_USER_AGENTS = (Mechanize::AGENT_ALIASES.keys - ['Mechanize']).freeze
+
+    attr_accessor(
+      :url,
+      :backend,
+      :browser,
+      :debug,
+      :verbose,
+      :form_name,
+      :form_number,
+      :username_field_name,
+      :username_field_number,
+      :password_field_name,
+      :password_field_number,
+      :username_hostname,
+      :username_is_email_address,
+      :iterations,
+      :delay,
+      :word_list_path
+    )
+
+    attr_writer(
+      :user_agent,
+    )
+
+    def user_agent
+      @user_agent || random_user_agent
+    end
+
+    def using_form_name?
+      !@form_name.nil?
+    end
+
+    def using_username_field_name?
+      !@username_field_name.nil?
+    end
+
+    def using_password_field_name?
+      !@password_field_name.nil?
+    end
+
+    def mechanize?
+      @backend == :mechanize
+    end
+
+    def selenium?
+      @backend == :selenium
+    end
+
+    def username_is_email_address?
+      @username_is_email_address || @username_hostname || @username_field_name == 'email'
+    end
+
+    def debug?
+      @debug
+    end
+
+    def verbose?
+      @verbose
+    end
+
+    def fixed_number_of_submissions?
+      !!@iterations
+    end
+
+    private
+
+    # @param url [String] The target URL
+    # @param backend [Symbol] :mechanize or :selenium (default: :selenium)
+    # @param browser [Symbol] :chrome or :firefox (default: :chrome)
+
+    def initialize(url:, backend: :selenium, browser: :chrome, **args)
+      @url = url
+      @backend = backend.to_sym
+
+      # Browser configuration (for Selenium)
+      @browser = browser.to_sym
+      @user_agent = args[:user_agent]
+
+      # Form identification
+      @form_name = args[:form_name]
+      @form_number = args[:form_number] || 0
+
+      # Field identification
+      @username_field_name = args[:username_field_name]
+      @username_field_number = args[:username_field_number] || 0
+      @password_field_name = args[:password_field_name]
+      @password_field_number = args[:password_field_number] || 1
+
+      # Username configuration
+      @username_hostname = args[:username_hostname]
+      @username_is_email_address = args[:username_is_email_address] || false
+
+      # Runtime configuration
+      @debug = args[:debug] || false
+      @verbose = args[:verbose] || false
+      @iterations = args[:iterations] || 100
+      @delay = args[:delay] || 0
+      @word_list_path = args[:word_list_path] || '/usr/share/dict/words'
+    end
+
+    def random_user_agent
+      AVAILABLE_USER_AGENTS.sample
+    end
+  end
+end

data/lib/Moby/RandomInputGenerator.rb

@@ -0,0 +1,49 @@
+# lib/Moby/RandomInputGenerator.rb
+# Moby::RandomInputGenerator
+
+class Moby
+  class RandomInputGenerator
+    TLD = %w{com net org edu int mil gov arpa biz aero name coop info pro museum}
+
+    def random_username
+      if username_is_email_address?
+        if @username_hostname
+          "#{random_word}@#{@username_hostname}"
+        else
+          "#{random_word}@#{random_word}.#{random_TLD}"
+        end
+      else
+        random_word
+      end
+    end
+
+    def random_password
+      random_word
+    end
+
+    private
+
+    def initialize(word_list_path:, username_hostname: nil, username_is_email_address: false)
+      @word_list_path = word_list_path
+      @username_hostname = username_hostname
+      @username_is_email_address = username_is_email_address
+    end
+
+    def random_word
+      words.sample
+    end
+
+    def words
+      @words ||= File.readlines(@word_list_path).map(&:chomp).reject(&:empty?)
+    end
+    alias_method :load_words, :words
+
+    def random_TLD
+      TLD.sample
+    end
+
+    def username_is_email_address?
+      @username_is_email_address
+    end
+  end
+end

data/lib/Moby/VERSION.rb

@@ -0,0 +1,6 @@
+# lib/Moby/VERSION.rb
+# Moby::VERSION
+
+class Moby
+  VERSION = '1.0.0'
+end

data/lib/Moby.rb

@@ -0,0 +1,179 @@
+# Moby.rb
+# Moby
+
+require 'mechanize'
+require 'pp'
+
+require_relative './File/self.collect'
+require_relative './Moby/VERSION'
+
+class Moby
+  TLD = %w{com net org edu int mil gov arpa biz aero name coop info pro museum}
+
+  attr_accessor\
+    :debug,
+    :form_name,
+    :form_number,
+    :password_field_name,
+    :password_field_number,
+    :url,
+    :username_field_name,
+    :username_field_number,
+    :username_hostname,
+    :username_is_email_address,
+    :verbose
+
+  attr_writer\
+    :user_agent
+
+  def initialize(
+    debug: false,
+    form_name: nil,
+    form_number: 0,
+    password_field_name: 'password',
+    password_field_number: 1,
+    url: nil,
+    user_agent: nil,
+    username_field_name: 'username',
+    username_field_number: 0,
+    username_hostname: nil,
+    username_is_email_address: false,
+    verbose: false
+  )
+    @debug = debug
+    @form_name = form_name
+    @form_number = form_number.to_i
+    @password_field_name = password_field_name
+    @password_field_number = password_field_number.to_i
+    @url = url
+    @user_agent = user_agent
+    @username_field_name = username_field_name
+    @username_field_number = username_field_number.to_i
+    @username_hostname = username_hostname
+    @username_is_email_address = username_is_email_address
+    @verbose = verbose
+  end
+
+  def counter_phish
+    start_time = Time.now
+    puts "Moby session begun #{start_time}."
+    submission_count = 0
+    begin
+      loop do
+        mechanize.user_agent_alias = user_agent
+        username_field.value = username
+        password_field.value = password
+        pp page if @debug
+        result = mechanize.submit(form)
+        pp result if @debug
+        submission_count += 1
+        puts "#{submission_count} #{username}:#{password}" if @verbose
+      rescue Net::HTTP::Persistent::Error
+        puts "\n\nNet::HTTP::Persistent::Error rescued.\n\n" if @verbose
+      rescue Net::OpenTimeout
+        puts "\n\nNet::OpenTimeout rescued.\n\n" if @verbose
+      end
+    ensure
+      finish_time = Time.now
+      time_delta_in_minutes = (finish_time - start_time) / 60
+      submissions_per_minute = submission_count / time_delta_in_minutes
+      puts "Moby session terminated #{finish_time} with #{submission_count} counter-phishes served in #{time_delta_in_minutes} minutes for an average of #{submissions_per_minute} submissions per minute."
+    end
+  end
+
+  private
+
+  def mechanize
+    @mechanize ||= Mechanize.new
+  end
+
+  def words(filename = '/usr/share/dict/words')
+    @words ||= File.collect(filename){|line| line.chomp}
+  end
+
+  def random_word
+    words[rand(words.size)]
+  end
+
+  def random_TLD
+    TLD[rand(TLD.size)]
+  end
+
+  def random_user_agent
+    agent_aliases = Mechanize::AGENT_ALIASES
+    agent_aliases.delete('Mechanize')
+    agent_aliases_keys = agent_aliases.keys
+    agent_aliases_keys[rand(agent_aliases.size)]
+  end
+
+  def page
+    @page ||= (
+      page = mechanize.get(@url)
+      md = page.body.match(/meta.*?Refresh.*?url=(.*?)"/i)
+      if md
+        puts 'meta_refresh_url found' if @debug
+        page = mechanize.get(md[1])
+      end
+      pp page if @debug
+      page
+    )
+  end
+
+  def form
+    @form ||= (
+      if @form_name
+        page.form(@form_name)
+      elsif @form_number
+        page.forms[@form_number]
+      else
+        page.forms[0]
+      end
+    )
+  end
+
+  def username
+    if username_is_email_address?
+      if username_hostname
+        "#{random_word}@#{@username_hostname}"
+      else
+        "#{random_word}@#{random_word}.#{random_TLD}"
+      end
+    else
+      random_word
+    end
+  end
+
+  def password
+    random_word
+  end
+
+  def user_agent
+    @user_agent || random_user_agent
+  end
+
+  def username_field
+    if @username_field_name
+      form.field(@username_field_name)
+    elsif @username_field_number
+      form.fields[@username_field_number]
+    else
+      form.fields[0]
+    end
+  end
+
+  def password_field
+    if @password_field_name
+      form.field(@password_field_name)
+    elsif @password_field_number
+      form.fields[@password_field_number]
+    else
+      form.fields[1]
+    end
+  end
+
+  # predicate methods
+
+  def username_is_email_address?
+    @username_is_email_address || @username_hostname || username_field.name == 'email'
+  end
+end

data/lib/Selenium/WebDriver/Driver/Attempt/attempt.rb

@@ -0,0 +1,18 @@
+# Selenium/WebDriver/Driver/Attempt/attempt.rb
+# Selenium::WebDriver::Driver::Attempt.attempt
+
+# 20200418
+# 0.3.0
+
+# Examples:
+# 1. driver.attempt do |driver|
+#     driver.get('https://example.com/users/sign_in')
+#     enter_username
+#     enter_password
+#     sign_in
+#   end
+
+# Changes:
+# 1. Moved all the logic into the Thoran namespace.
+
+require 'Thoran/Selenium/WebDriver/Driver/Attempt/attempt'

data/lib/Selenium/WebDriver/SearchContext/ElementPresentQ/element_presentQ.rb

@@ -0,0 +1,13 @@
+# Selenium/WebDriver/SearchContext/ElementPresentQ/element_presentQ.rb
+# Selenium::WebDriver::SearchContext::ElementPresentQ.element_present?
+
+# 20200418
+# 0.3.0
+
+# Examples:
+# 1. driver.element_present?(:xpath, '//a[@id="submit"]')
+
+# Changes:
+# 1. Moved all the logic into the Thoran namespace.
+
+require 'Thoran/Selenium/WebDriver/SearchContext/ElementPresentQ/element_presentQ'

data/lib/Thoran/File/SelfCollect/self.collect.rb

@@ -0,0 +1,22 @@
+# Thoran/File/SelfCollect/self.collect.rb
+# Thoran::File::SelfCollect.collect.rb
+
+# 20190821
+# 0.2.0
+
+# Changes:
+# 1. + Thoran::File::SelfCollect namespace.
+
+module Thoran
+  module File
+    module SelfCollect
+      
+      def collect(filename, &block)
+        open(filename, 'r').collect(&block)
+      end
+      
+    end
+  end
+end
+
+File.extend(Thoran::File::SelfCollect)

data/lib/Thoran/Selenium/WebDriver/Driver/Attempt/attempt.rb

@@ -0,0 +1,53 @@
+# Thoran/Selenium/WebDriver/Attempt/attempt.rb
+# Thoran::Selenium::WebDriver::Attempt.attempt
+
+# 20200419
+# 0.0.1
+
+# Examples:
+# 1. driver.attempt do |driver|
+#   driver.get('https://example.com/users/sign_in')
+#   enter_username
+#   enter_password
+#   sign_in
+# end
+
+# Changes:
+# 1. + Thoran namespace.
+
+module Thoran
+  module Selenium
+    module WebDriver
+      module Driver
+        module Attempt
+
+          def attempt(max_attempts = 3, &block)
+            attempts = 0
+            loop do
+              begin
+                yield
+                break
+              rescue Timeout::Error, ::Selenium::WebDriver::Error::UnknownError, ::Selenium::WebDriver::Error::NoSuchElementError => e
+                attempts += 1
+                if attempts >= max_attempts
+                  @driver.quit
+                  puts "Giving up after #{max_attempts} attempts to #{__method__} because #{e}."
+                  exit
+                end
+              end
+            end
+          end
+
+        end
+      end
+    end
+  end
+end
+
+module Selenium
+  module WebDriver
+    class Driver
+      include Thoran::Selenium::WebDriver::Driver::Attempt
+    end
+  end
+end