violent_ruby 1.0.0

data/lib/violent_ruby/unix_password_cracker/README.md

@@ -0,0 +1,38 @@
+# Unix Password Cracker
+
+The unix password cracker provide a simple interface to crack unix passwords. As hackers do.
+
+## Initialization
+
+You can create a new password cracker in a few ways. You can set the `/etc/passwd` and `dictionary` file later if you want to:
+
+### Create a new Unix Password Cracker, with a Config
+
+```ruby
+require 'violent_ruby'
+config = { file: "/etc/passwd", dictionry: "dictionary.txt" }
+upc = ViolentRuby::UnixPasswordCracker.new(config)
+```
+
+### Create a new Unix Password Cracker, setting stuff later
+
+```ruby
+require 'violent_ruby'
+upc = ViolentRuby::UnixPasswordCracker.new
+upc.file = "/etc/passwd"
+upc.dictionary = "dictionary.txt"
+```
+
+## Several Ways to Crack'a Password
+
+Because aliases are fun. You can crack passwords in a few ways.
+
+```ruby
+require 'violent_ruby'
+upc = ViolentRuby::UnixPasswordCracker.new(file: "/etc/passwd", dictionry: "dictionary.txt")
+upc.crack_passwords
+upc.crack!
+upc.get_crackn
+up.release_the_kraken
+```
+

data/lib/violent_ruby/unix_password_cracker/unix_password_cracker.rb

@@ -0,0 +1,117 @@
+module ViolentRuby
+  # Unix Password Cracker provides a friendly interface to
+  # crack unix passwords. Because all hackers totes do this.
+  # @author Kent 'picat' Gruber
+  #
+  # == Create a new Unix Password Cracker
+  # In order for the password cracker to work, we're going to need a +dictionary+,
+  # and an /etc/passwd +file+ we want to crack.
+  #
+  # @example Basic Usage
+  #   config = { file: "/etc/passwd", dictionry: "dictionary.txt" }
+  #   upc = ViolentRuby::UnixPasswordCracker.new(config)
+  #   upc.crack! 
+  class UnixPasswordCracker
+    # @attr [String] file Path to /etc/passwd file.
+    attr_accessor :file
+    # @attr [String] dictionary Path to dictionary file.
+    attr_accessor :dictionary
+
+    # Create a new Unix Password Cracker.
+    #
+    # @param [Hash] args The options to create a new Unix Password Cracker.
+    # @param args [String] :file The path to an /etc/passwd file.
+    # @param args [String] :dictionary The path to a dictionry of passwords.
+    def initialize(args = {})
+      @file       = false
+      @dictionary = false
+      if args[:file] && File.readable?(args[:file])
+        @file        = args[:file]
+        @credentials = parse_etc_file(file: args[:file])
+      end
+      return unless args[:dictionary]
+      return unless File.readable?(args[:dictionary])
+      @dictionary = args[:dictionary]
+    end
+
+    # Parse a unix /etc/passwd file into a more mangeable form.
+    #
+    # @param [Hash] args The options when parsing the file.
+    # @param args [String] :file The path to an /etc/passwd file.
+    # @param args [Boolean] :users Specify that only users should be returned ( default: +false+ ).
+    # @param args [Boolean] :passwords Specify that only passwords should be returned ( default: +false+ ).
+    # @return [Hash]
+    def parse_etc_file(args = {})
+      raise 'No /etc/passwd file given.' unless args[:file]
+      raise "File #{args[:file]} not readable!" unless File.readable?(args[:file])
+      lines = File.readlines(args[:file]).collect do |line|
+        line unless line.split(':').first.chars.first.include?('#')
+      end
+      users = lines.collect { |x| x.split(':')[0] }.map(&:strip)
+      return users if args[:users]
+      passwords = lines.collect { |x| x.split(':')[1] }.map(&:strip)
+      return passwords if args[:passwords]
+      users_passwords = Hash[users.zip(passwords)]
+      if block_given?
+        users_passwords.each do |user, password|
+          yield user, password
+        end
+      else
+        users_passwords
+      end
+    end
+
+    # Crack unix passwords.
+    #
+    # @param [Hash] args The options when crack'n some passwords.
+    # @param args [String] :file The path to an /etc/passwd file.
+    # @param args [String] :dictionary The path to a dictionry of passwords.
+    # @return [Array<Hash>]
+    def crack_passwords(args = {})
+      file = args[:file]       || @file
+      dict = args[:dictionary] || @dictionary
+      results = []
+      parse_etc_file(file: file) do |user, password|
+        File.readlines(dict).map(&:strip).each do |word|
+          results << format_result(user, password, word) if cracked?(password, word)
+        end
+      end
+      results
+    end
+
+    alias crack! crack_passwords
+
+    alias get_crackn crack_passwords
+
+    alias release_the_kraken crack_passwords 
+
+    # Check if a given encrypted password matches a given plaintext
+    # word when the same crytographic operation is performed on it.
+    #
+    # @param [String] encrypted_password The encrypted password to check against.
+    # @param [String] word The plaintext password to check against.
+    # @return [Boolean]
+    def check_password(encrypted_password, word)
+      if word.strip.crypt(encrypted_password[0, 2]) == encrypted_password
+        true
+      else
+        false
+      end
+    end 
+
+    alias cracked? check_password
+
+    private
+
+    # @api private
+    # Format the results for the password crack'n.
+    #
+    # @param [String] user
+    # @param [String] encrypted_pass
+    # @param [String] plaintext_pass 
+    # @return [Hash] 
+    def format_result(user, encrypted_pass, plaintext_pass)
+      { username: user, encrypted_password: encrypted_pass, plaintext_password: plaintext_pass } 
+    end
+  end
+end

data/lib/violent_ruby/version.rb

@@ -0,0 +1,3 @@
+module ViolentRuby
+  VERSION = "1.0.0"
+end

data/lib/violent_ruby/vulnerability_scanner/README.md

@@ -0,0 +1,88 @@
+# Vulnerability Scanner
+
+The vulnerability scanner class provides a simple way to check if service banners match a list of known vulnerabilities.
+
+## Initialization
+
+The Vulnerability Scanner scanner class can be setup in a few flexible ways.
+
+### Basic Setup
+
+Provide no targets, ip addresses or even a file. I'll be there for you~
+
+```ruby
+require 'violent_ruby'
+scanner = ViolentRuby::VulnerabilityScanner.new
+```
+
+### Provide Some Targets with Setup
+
+Targets are the known IP addresses for the scanner class. Though, note: you can scan IP addresses that are set during the scan method call. Because I do like flexibility quite a bit, don't I?
+
+```ruby
+require 'violent_ruby'
+ipaddrs = ['192.168.0.2', '192.168.0.3', '192.168.0.4']
+scanner = ViolentRuby::VulnerabilityScanner.new(targets: ipaddrs)
+```
+
+### Provide a Dictionary with Setup
+
+Because you can do that.
+
+```ruby
+require 'violent_ruby'
+scanner = ViolentRuby::VulnerabilityScanner.new(dictionary: "known_vulnerable_banners.txt")
+```
+
+## Banner Grabbing
+
+Maybe you just wana grab some banners? I feel you bruhv. Let's do that.
+
+### Grab Banner from 192.168.0.2 on port 8080 
+
+```ruby
+require 'violent_ruby'
+scanner = ViolentRuby::VulnerabilityScanner.new
+scanner.retrieve_banner('192.168.0.2', 8080)
+# => "MS-IIS WEB SERVER 5.0"
+```
+
+### Banner Grabbing, in'a Block
+
+Because maybe expressing things in blocks is just the best thing every.
+
+```ruby
+require 'violent_ruby'
+scanner = ViolentRuby::VulnerabilityScanner.new
+scanner.retrieve_banner('192.168.0.2', 8080) do |banner|
+  puts "Banner found: " + banner if banner
+end
+```
+
+## Basic Scanning
+
+The Vulnerability Scanner class does have a `scan()` method, because that makes a lot of sense! 
+
+### Method to the Madness 
+
+The scan method provides most of the underlying magic for this class.
+
+```ruby
+require 'violent_ruby'
+scanner = ViolentRuby::VulnerabilityScanner.new
+scanner.scan(ip: "192.168.0.2", port: 8080, file: "dictionary.txt")
+```
+
+```ruby
+require 'violent_ruby'
+scanner = ViolentRuby::VulnerabilityScanner.new
+scanner.scan(ips: ["192.168.0.2", "192.168.0.3" ], port: 8080, file: "dictionary.txt")
+```
+
+```ruby
+require 'violent_ruby'
+scanner = ViolentRuby::VulnerabilityScanner.new
+scanner.file = "dictionary.txt"
+scanner.scan(ips: ["192.168.0.2", "192.168.0.3" ], ports: [80, 8080])
+```
+

data/lib/violent_ruby/vulnerability_scanner/vulnerability_scanner.rb

@@ -0,0 +1,275 @@
+require 'socket'
+require 'timeout'
+
+module ViolentRuby
+  # Vulnerability Scanner provides a friendly interface to easily manage
+  # banner grabbing +targets+ to match a list of +known vulnerable services+
+  # that we want to identify.
+  # @author Kent 'picat' Gruber
+  #
+  # == Create a new Vulnerability Scanner
+  # The Vulnerability Scanner scanner class can be setup in a few flexible ways.
+  # 
+  # @example Provide no targets, ip addresses or even a file.
+  #   scanner = ViolentRuby::VulnerabilityScanner.new
+  # 
+  # @example Provide targets.
+  #   ipaddrs = ['192.168.0.2', '192.168.0.3', '192.168.0.4']
+  #   scanner = ViolentRuby::VulnerabilityScanner.new(targets: ipaddrs)
+  # 
+  # @example Provide a file of known vulnerabilities.
+  #   scanner = ViolentRuby::VulnerabilityScanner.new(known_vulnerabilities: "vuln_banners.txt")
+  #
+  # @example Just set targets and provide a file later.
+  #   scanner = ViolentRuby::VulnerabilityScanner.new
+  #   ['192.168.0.2', '192.168.0.3'].each do |ip|
+  #     scanner.targets << ip
+  #   end
+  #   scanner.targets
+  #   # => ['192.168.0.2', '192.168.0.3']
+  #   File.readlines("vuln_banners.txt").map(&:strip).each |banner|
+  #     scanner.known_vulnerabilities << banner
+  #   end
+  #   # => ['MS-IIS WEB SERVER 4.0', 'MS-IIS WEB SERVER 5.0']
+  #   scanner.scan
+  #
+  # == Banner Grabbing
+  # The Vulnerability Scanner provides a simple banner grabbing method which can be used.
+  #
+  # @example Connect to 192.168.0.2 on port 8080
+  #   scanner = ViolentRuby::VulnerabilityScanner.new
+  # 
+  #   # If no banner, or hit timeout.
+  #   scanner.retrieve_banner('192.168.0.2', 8080)
+  #   # => false 
+  #   
+  #   # If banner exists.
+  #   scanner.retrieve_banner('192.168.0.2', 80)
+  #   # => "MS-IIS WEB SERVER 5.0"
+  #
+  # @example Connect to 192.168.0.2 on port 8080, trying for 10 seconds
+  #   scanner = ViolentRuby::VulnerabilityScanner.new
+  #   scanner.retrieve_banner('192.168.0.2', 8080, 10)
+  #
+  # @example Connect to 192.168.0.2 on port 8080, with a given block
+  #   scanner = ViolentRuby::VulnerabilityScanner.new
+  #   scanner.retrieve_banner('192.168.0.2', 8080) do |banner|
+  #     # do something with banner ( false if none found )
+  #     if banner
+  #       puts "Banner found: " + banner
+  #     else
+  #       puts "Banner not found."
+  #     end
+  #   end
+  #
+  # == Example Usage 
+  # The VulnerabilityScanner is meant to be easy and flexible to use.
+  #
+  # @example Basic
+  #   require 'violent_ruby'
+  #   config  = { targets: ['192.168.0.2', '192.168.0.3' ], known_vulnerabilities: 'vulns.txt' }
+  #   scanner = ViolentRuby::VulnerabilityScanner.new(config)
+  #   scanner.scan
+  #
+  # @example Advanced (sort'a)
+  #   require 'violent_ruby'
+  #   scanner = ViolentRuby::VulnerabilityScanner.new
+  #   scanner.targets = ['192.168.0.2', '192.168.0.3' ]
+  #   scanner.known_vulnerabilities = 'vulns.txt'
+  #   scanner.scan(port: 8080) 
+  #
+  class VulnerabilityScanner
+    # @attr [Array<String>] targets List of target ip addresses.
+    attr_accessor :targets
+    # @attr [Array<String>] known_vulnerabilities List of known vulnerabilities. 
+    attr_accessor :known_vulnerabilities
+
+    # Create a new instance of the vulnerability scanner.
+    # 
+    # @param [Hash] args The options to create a new Vulnerability Scanner. Very optional. 
+    # @param args [Array<String>] :targets The targets to work with.
+    # @param args [Array<String>] :known_vulnerabilities A file containing known vulnerabilities.
+    # @return [VulnerabilityScanner]
+    def initialize(args = {})
+      @targets                   = []
+      @known_vulnerabilities     = [] 
+      self.targets               = args[:targets] if args[:targets]
+      self.known_vulnerabilities = args[:known_vulnerabilities] if args[:known_vulnerabilities]
+    end
+
+    # Retrieve a banner from a given ip and port for a given ammount
+    # of seconds, or default for two seconds.
+    #
+    # @param [String] ip Target ip address.
+    # @param [Integer] port Target port number. 
+    # @param [Integer] seconds Timeout value.
+    # @return [String,Boolean]
+    def retrieve_banner(ip, port, seconds = 2)
+      banner = false
+      Timeout.timeout(seconds) do 
+        socket = TCPSocket.new(ip, port)
+        banner = socket.recv(1024)
+        socket.close
+      end
+      return false unless banner
+      banner.strip!
+      yield banner if block_given?
+      banner
+    rescue
+      false
+    end      
+
+    # Check if a given banner is included in a given file which
+    # should contain a list of vulnerable banners to match
+    # against in order to determine vulnerabilities.
+    #
+    # @param [String] banner Target banner to check.
+    # @param optional [String] file A file containing vulnerable banners.
+    # @return [Boolean]
+    def check_vulnerabilities(banner, file = false)
+      if file
+        File.readlines(file).map(&:strip).each do |line|
+          return true if line.match?(banner)
+        end
+      else
+        @known_vulnerabilities.each do |vulnerability|
+          return true if vulnerability.match?(banner)
+        end
+      end
+      false
+    end
+
+    # Human readable alias. 
+    alias :vulnerable? :check_vulnerabilities
+
+    # Do the scanning!
+    #
+    # @param [Hash] args Scan arguments.
+    # @param args [String] :ip @see handle_ip
+    # @param args [Array<String>] :ips @see handle_ip
+    # @param args [Integer] :port @see handle_port
+    # @param args [Array<Integer>] :ports @see handle_port
+    # @param args [String] :file @see handle_file
+    # @param args [Integer] :timeout @see handle_timeout
+    # @return [void]
+    def scan(args = {})
+      ip_addrs = handle_ip(args)
+      ports    = handle_port(args)
+      timeout  = handle_timeout(args)
+      file     = handle_file(args)
+      results  = []
+      ip_addrs.each do |ip|
+        ports.each do |port|
+          retrieve_banner(ip, port, timeout) do |banner|
+            results << result(ip, port, banner) if vulnerable?(banner, file)
+          end
+        end
+      end
+      results
+    end
+
+    # @param [String,Array<String>] args Either a IP address or an array of IP addresses.
+    # @return [void]
+    def targets=(args)
+      if args.is_a? String
+        @targets << args
+      else args.is_a? Array
+        args.each { |target| @targets << target }
+      end 
+    end
+
+    # @param [String,Array<String>] args Either a banner string or an array of banner strings.
+    # @return [void]
+    def known_vulnerabilities=(args)
+      if File.readable?(args)
+        File.readlines(args[:known_vulnerabilities]).map(&:strip).each do |line|
+          @known_vulnerabilities << line
+        end 
+      elsif args.is_a? String
+        @known_vulnerabilities << args
+      elsif args.is_a? Array
+        args.each { |vulnerability| @known_vulnerabilities << vulnerability }
+      end
+    end
+
+    private
+
+    # @api private
+    # This method manages what is done with the result once we know
+    # a vulnerable banner is found. 
+    #
+    # @param [String] ip
+    # @param [Integer] port
+    # @param [String] banner
+    # @return [Hash]
+    def result(ip, port, banner)
+      {ip: ip, port: port, banner: banner}
+    end
+
+    # @api private
+    # This method manages dealing with handling the +ip+ arguments
+    # for the +scan+ method in a clean manner.
+    #
+    # @param [Hash] args
+    # @param args [String] :ip Single ip address.
+    # @param args [Array<String>] :ips Multiple ip addresses.
+    # @return [Array<String>]
+    def handle_ip(args = {})
+      if args[:ip]
+        [args[:ip]]
+      elsif args[:ips]
+        args[:ips]
+      else
+        @targets
+      end
+    end
+
+    # @api private
+    # This method manages dealing with handling the +port+ arguments
+    # for the +scan+ method in a clean manner.
+    #
+    # @param [Hash] args
+    # @param args [String] :port Single port.
+    # @param args [Array<String>] :ips Multiple ports.
+    # @return [Array<Integer>]
+    def handle_port(args = {})
+      if args[:port]
+        [args[:port]]
+      elsif args[:ports]
+        args[:ports]
+      else
+        [21, 22, 25, 80, 110, 443]
+      end
+    end
+
+    # @api private
+    # This method manages dealing with handling the +timeout+ argument
+    # for the +scan+ method in a clean manner.
+    #
+    # @param [Hash] args
+    # @param args [Integer] :timeout Timeout in seconds.
+    # @return [Integer]
+    def handle_timeout(args = {})
+      if args[:timeout]
+        args[:timeout]
+      else
+        2
+      end
+    end
+
+    # @api private
+    # This method manages dealing with handling the +file+ argument
+    # for the +scan+ method in a clean manner.
+    #
+    # @param [Hash] args
+    # @param args [Integer] :file File containing vulnerable banners.
+    # @return [String, Boolean]
+    def handle_file(args = {})
+      if args[:file]
+        args[:file]
+      else
+        false
+      end
+    end
+  end
+end