exploitfarm 0.1.9__py3-none-any.whl

exploitfarm/__init__.py

@@ -0,0 +1,99 @@
+
+__version__ = "0.1.9"
+
+from exploitfarm.utils import try_tcp_connection
+from exploitfarm.model import ServiceDTO, AttackMode, SetupStatus
+import requests, functools, random, os
+from exploitfarm.utils.config import ClientConfig
+from exploitfarm.cmd.config import inital_config_setup
+from exploitfarm.cmd.login import login_required
+
+def get_host():
+    result = os.getenv("XFARM_HOST", None)
+    if not result:
+        raise ValueError("this exploit has to be run with xfarm")
+    return result
+
+def service_info() -> ServiceDTO|None:
+    result = os.getenv("XFARM_SERVICE", None)
+    if not result:
+        return None
+    try:
+        return ServiceDTO.model_validate_json(result)
+    except Exception:
+        return None
+
+def runtime_info() -> float:
+    data = os.getenv("XFARM_RUNTIME", None)
+    if data is None:
+        raise ValueError("this exploit has to be run with xfarm")
+    return float(data)
+
+def get_config():
+    config = ClientConfig.read()
+    if not inital_config_setup(config):
+        raise ValueError("It's required to setup the client first")
+    login_required(config)
+    return config
+
+def random_str(
+    length:int|None = None,
+    length_range:int = (8,12),
+    numbers:bool = True,
+    lower:bool = True,
+    upper:bool = True,
+    specials:bool = False,
+    exclude:str = "",
+    include:str = ""
+) -> str:
+    alphabet = ""
+    if numbers: alphabet += "0123456789"
+    if lower: alphabet += "abcdefghijklmnopqrstuvwxyz"
+    if upper: alphabet += "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    if specials: alphabet += "!@#$%^&*()_+-=[]{}|;:,.<>?/~"
+    if exclude: alphabet = alphabet.translate(str.maketrans("", "", exclude))
+    if include: alphabet += include
+    if not alphabet:
+        raise ValueError("No alphabet selected")
+    alphabet = "".join(list(set([ele for ele in alphabet])))
+    if length is None:
+        length = random.randint(*length_range)
+    return "".join(random.choices(alphabet, k=length))
+
+def session(
+    random_agent:bool = True,
+    additional_headers:list = [],
+    user_agent:str = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.3",
+) -> requests.Session:
+    headers = {
+        "User-Agent": random.choice(
+            [
+                "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0",
+                "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.3",
+                "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.3",
+            ]+additional_headers
+        ) if random_agent else user_agent,
+        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
+        "Accept-Encoding": "gzip, deflate",
+        "Accept-Language": "en-GB,en;q=0.8,it;q=0.7,en-US;q=0.6",
+    } 
+    s = requests.Session()
+    s.headers.update(headers)
+    return s
+
+#Force flush print
+print = functools.partial(print, flush = True)
+
+#Exported functions
+__all__ = [
+    "try_tcp_connection",
+    "AttackMode",
+    "SetupStatus",
+    "get_host",
+    "service_info",
+    "runtime_info",
+    "get_config",
+    "random_str",
+    "session",
+    "print",
+]

exploitfarm/cmd/config.py

@@ -0,0 +1,264 @@
+from uuid import uuid4
+from typing import List
+
+import dateutil.parser
+from textual.app import App, ComposeResult
+from textual.widgets import Button, Header
+from textual import on
+from textual.app import App, ComposeResult
+from textual.validation import Number
+from textual.widgets import Input, Label, Pretty, Checkbox, Footer
+from textual.containers import Horizontal
+from textual.validation import Length
+from rich import print
+from exploitfarm.utils.config import ClientConfig
+from exploitfarm.utils.reqs import get_url
+import dateutil, traceback
+from datetime import datetime as dt, timedelta 
+import datetime
+
+TOLLERANCE_TIME = timedelta(seconds=5)
+
+class InitialConfiguration(App):
+    
+    def __init__(self, config: ClientConfig, initial_error: str|None = None):
+        super().__init__()
+        self.title = "xFarm - Initial Configuration"
+        self.config = config
+        self.initial_error = "[bold red]"+initial_error+"[/]" if initial_error else ""
+        self.ignore_connection_failed = False
+    
+    BINDINGS = [
+        ("ctrl+t", "test_connection()", "Test connection to server"),
+        ("ctrl+s", "save()", "Save configuration"),
+        ("ctrl+c", "cancel()", "Cancel configuration")
+    ]
+    
+    CSS = """
+    Input.-valid {
+        border: tall $success 60%;
+    }
+    Input.-valid:focus {
+        border: tall $success;
+    }
+    Input {
+        margin: 1 1;
+    }
+    Pretty {
+        margin-left: 2;
+    }
+    #error{
+        margin: 2 0 0 2;
+    }
+    .input-label {
+        margin: 1 2;
+    }
+    .error-box {
+        margin: 1 2;
+        height: 1.8;
+    }
+    Button {
+        margin: 1 2;
+    }
+    .float-right {
+        content-align: right middle;
+    }
+    .button-box {
+        height: 4;
+        margin: 2 0;
+        margin-top: 1;
+    }
+    .max-width {
+        width: 100%;
+    }
+    .hidden {
+        display: none;
+    }
+    """
+
+    def compose(self) -> ComposeResult:
+        yield Header("xFarm - Initial Configuration")
+        yield Label("[bold]Welcome to xFarm, please fill the following fields to configure the client", classes="error-box")
+        yield Label("[bold]Server address:[/]", classes="input-label")
+        yield Input(
+            placeholder="127.0.0.1",
+            value=self.config.server.address,
+            validators=[Length(minimum=1)],
+            id="address",
+            classes="form-input"
+        )
+        yield Horizontal(
+            Label("[bold]Errors:[/]"),
+            Pretty([], id="address_errors"),
+            classes="error-box hidden",
+            id="address_errors_box"
+        )
+        yield Label("[bold]Server port:[/]", classes="input-label")
+        yield Input(
+            placeholder="5050",
+            value=str(self.config.server.port),
+            validators=[Number(minimum=1, maximum=65535)],
+            id="port",
+            classes="form-input"
+        )
+        yield Horizontal(
+            Label("[bold]Errors:[/]"),
+            Pretty([], id="port_errors"),
+            classes="error-box hidden",
+            id="port_errors_box"
+        )
+        yield Label("[bold]Nickname:[/]", classes="input-label")
+        yield Input(
+            placeholder="John Doe",
+            value=self.config.client_name,
+            validators=[Length(minimum=1)],
+            id="nickname",
+            classes="form-input"
+        )
+        yield Horizontal(
+            Label("[bold]Errors:[/]"),
+            Pretty([], id="nickname_errors"),
+            classes="error-box hidden",
+            id="nickname_errors_box"
+        )
+        yield Checkbox("Use HTTPS", id="https", value=self.config.server.https, classes="input-label")
+        yield Checkbox("Ignore connection failed", id="ign_conn_failed", value=self.ignore_connection_failed, classes="input-label")
+        yield Label(self.initial_error, classes=f"{'' if self.initial_error else 'hidden'}", id="error")
+        yield Horizontal(
+            Button("Save", id="save", variant="success"),
+            Button("Cancel", id="cancel", variant="error"),
+            Button("Test Connection", id="test", variant="primary", classes="float-right"),
+            classes="max-width button-box"
+        )
+        yield Footer()
+    
+    def action_save(self):
+        self.save()
+    
+    def action_cancel(self):
+        self.cancel()
+    
+    def action_test_connection(self):
+        self.test()
+        
+    @on(Button.Pressed, "#save")
+    def save(self):
+        input_forms: List[Input] = self.query(".form-input")
+        errors = []
+        for form in input_forms:
+            errors.extend([ele.failure_description for ele in form.validators if ele.failure_description])
+        if len(errors) == 0 and (self.ignore_connection_failed or self.test()):
+            self.config.write()
+            self.exit(99 if self.ignore_connection_failed else 0)
+    
+    @on(Button.Pressed, "#cancel")
+    def cancel(self):
+        self.exit(1)
+    
+    @on(Button.Pressed, "#test")
+    def test(self):
+        error_label = self.query_one("#error", Label)
+        error_label.remove_class("hidden")
+        try:
+            self.config.fetch_status()
+            error_label.update(f"[bold green]Connection done successfully to server[/]: {get_url('//', self.config)}")
+            return True
+        except Exception as e:
+            error_label.update(f"[bold red]Failed to connect to server at {get_url('//', self.config)}[/]: [orange]{e}[/]")
+            return False
+    
+    @on(Checkbox.Changed, "#https")
+    def https_change(self, event: Checkbox.Changed):
+        self.config.server.https = event.value
+    
+    @on(Checkbox.Changed, "#ign_conn_failed")
+    def ignore_connection_failed_change(self, event: Checkbox.Changed):
+        self.ignore_connection_failed = event.value
+    
+    @on(Input.Changed, "#address")
+    def address_check(self, event: Input.Changed) -> None:
+        # Updating the UI to show the reasons why validation failed
+        error_label = self.query_one("#address_errors", Pretty)
+        error_box = self.query_one("#address_errors_box", Horizontal)
+        if not event.validation_result.is_valid:
+            error_box.remove_class("hidden")
+            error_label.update(event.validation_result.failure_descriptions)
+        else:
+            error_box.add_class("hidden")
+            self.config.server.address = event.input.value
+    
+    @on(Input.Changed, "#port")
+    def port_check(self, event: Input.Changed) -> None:
+        # Updating the UI to show the reasons why validation failed
+        error_label = self.query_one("#port_errors",Pretty)
+        error_box = self.query_one("#port_errors_box", Horizontal)
+        if not event.validation_result.is_valid:
+            error_box.remove_class("hidden")
+            error_label.update(event.validation_result.failure_descriptions)
+        else:
+            error_box.add_class("hidden")
+            self.config.server.port = int(event.input.value)
+            
+    
+    @on(Input.Changed, "#nickname")
+    def nickname_check(self, event: Input.Changed) -> None:
+        # Updating the UI to show the reasons why validation failed
+        error_label = self.query_one("#nickname_errors",Pretty)
+        error_box = self.query_one("#nickname_errors_box", Horizontal)
+        if not event.validation_result.is_valid:
+            error_box.remove_class("hidden")
+            error_label.update(event.validation_result.failure_descriptions)
+        else:        
+            error_box.add_class("hidden")
+            self.config.client_name = event.input.value
+
+def _run_setup_config(config: ClientConfig, initial_error: str|None = None):
+    init_conf = InitialConfiguration(config, initial_error)
+    status = init_conf.run()
+    if status == 99:
+        return False
+    elif status != 0:
+        print(f"[bold red]Failed to configure the client[/]")
+        exit(1)
+    return True
+
+def inital_config_setup(config: ClientConfig, interactive: bool = True) -> bool:
+    
+    if config.client_id is None:
+        config.client_id = uuid4()
+        config.write()
+    
+    if (
+        config.server.address is None   or
+        config.client_name is None      or
+        config.client_name == ""
+    ):
+        if not interactive:
+            print(f"[bold red]Missing configuration, set it with 'xfarm config' command[/]")
+            exit(1)
+        if not _run_setup_config(config):
+            return False
+    try:
+        delta_request = config.delta_fetch_status()
+    except Exception:
+        msg = f"Connection to {get_url('//', config)} failed, the url is wrong or the server is down"
+        if not interactive:
+            print(f"[bold red]{msg}[/]")
+            exit(1)
+        if not _run_setup_config(config, msg):
+            return False
+        try:
+            delta_request = config.delta_fetch_status()
+        except Exception:
+            print(f"[bold red]{msg}[/]")
+            exit(1)
+
+    if config.status:
+        server_time = dateutil.parser.parse(config.status["server_time"], tzinfos={"UTC": datetime.timezone.utc})
+        delta = server_time - dt.now(datetime.timezone.utc)
+        delta = abs(delta.total_seconds())
+        tollerance = TOLLERANCE_TIME+delta_request
+        tollerance = abs(tollerance.total_seconds())
+        if delta > tollerance:
+            print(f"[bold yellow]⚠️ WARNING! The server time is not synchronized with the client, please check the server/client time is correct (delta of {delta} > tol: {tollerance})[/]")
+    return True

exploitfarm/cmd/exploitinit.py

@@ -0,0 +1,217 @@
+from uuid import UUID
+from typing import List
+
+from textual.app import App, ComposeResult
+from textual.widgets import Button, Header
+from textual import on
+from textual.app import App, ComposeResult
+from textual.widgets import Input, Label, Pretty, Footer, Select
+from textual.containers import Horizontal
+from textual.validation import Length, Regex
+from exploitfarm.utils.config import ClientConfig
+from exploitfarm.model import Language
+from exploitfarm.utils.config import EXPLOIT_CONFIG_REGEX
+from exploitfarm.utils.config import ExploitConfig
+from exploitfarm.utils.config import check_exploit_config_exists
+from rich import print
+
+class ExploitConf(App):
+    
+    def __init__(self,
+        config: ClientConfig,
+        edit:bool,
+        name:str|None = None,
+        lang:Language|None = None,
+        service:str|None = None
+    ):
+        super().__init__()
+        self.config = config
+        self.services = [(srv["name"], srv["id"]) for srv in self.config.status["services"]]+[("[bold]+ Add a new service", None)]
+        self.langs = [(lang.value, lang.value) for lang in list(Language)]
+        
+        search_service = list(filter(lambda x: x[1] == service, self.services))
+        self.service = search_service[0][1] if search_service else self.services[0][1]
+        
+        search_lang = list(filter(lambda x: Language(x[1]) == lang, self.langs))
+        self.lang = search_lang[0][1] if search_lang else Language.python.value
+        
+        self.edit = edit
+        self.title = f"xFarm - {'Editing' if self.edit else 'Creating'} Exploit"
+        self.service_name = ""
+        self.exploit_name = name if name else ""
+    
+    BINDINGS = [
+        ("ctrl+s", "save()", f"Save exploit"),
+        ("ctrl+c", "cancel()", "Cancel operation")
+    ]
+    
+    CSS = """
+    Input.-valid {
+        border: tall $success 60%;
+    }
+    Input.-valid:focus {
+        border: tall $success;
+    }
+    Input {
+        margin: 1 1;
+    }
+    Pretty {
+        margin-left: 2;
+    }
+    #error{
+        margin: 2 0 0 2;
+    }
+    .input-label, .form-input {
+        margin: 1 2;
+    }
+    .error-box {
+        margin: 1 2;
+        height: 1.8;
+    }
+    Button {
+        margin: 1 2;
+    }
+    .button-box {
+        height: 4;
+        margin: 2 0;
+        margin-top: 1;
+    }
+    .max-width {
+        width: 100%;
+    }
+    .hidden {
+        display: none;
+    }
+    """
+
+    def compose(self) -> ComposeResult:
+        yield Header(f"xFarm - {'Editing' if self.edit else 'Creating'} exploit")
+        yield Label("[bold]Exploit name:[/]", classes="input-label")
+        yield Input(
+            placeholder="funny_service_sqli",
+            value=self.exploit_name,
+            validators=[Regex(EXPLOIT_CONFIG_REGEX)],
+            id="exploit_name",
+            classes="form-input"
+        )
+        yield Horizontal(
+            Label("[bold]Errors:[/]"),
+            Pretty([], id="name_errors"),
+            classes="error-box hidden",
+            id="name_errors_box"
+        )
+        
+        yield Select(self.langs, id="lang", classes="input-label", value=self.lang, allow_blank=False)
+        yield Select(self.services, id="srv", classes="input-label", value=self.service, allow_blank=False)
+        
+        yield Label("[bold]New service name:[/]", classes="input-label hidden add-srv")
+        yield Input(
+            placeholder="service-name",
+            value=self.service_name,
+            validators=[Length(minimum=1)],
+            id="srv_name",
+            classes="form-input hidden add-srv"
+        )
+        yield Horizontal(
+            Label("[bold]Errors:[/]"),
+            Pretty([], id="srv_name_errors"),
+            classes="error-box hidden",
+            id="srv_name_errors_box"
+        )
+        yield Label("", classes="hidden", id="error")
+        yield Horizontal(
+            Button("Edit" if self.edit else "Create", id="save", variant="success"),
+            Button("Cancel", id="cancel", variant="error"),
+            classes="max-width button-box"
+        )
+        yield Footer()
+    
+    def show_error(self, s:str):
+        self.query_one("#error", Label).update(s)
+        self.query_one("#error", Label).remove_class("hidden")
+    
+    @on(Select.Changed, "#lang")
+    def lang_changed(self, event: Select.Changed) -> None:
+        if event.value == Language.other.value:
+            self.show_error("[bold yellow]Remember to set teh correct main file and interpreter in the config file!")
+        else:
+            self.query_one("#error", Label).add_class("hidden")
+        self.lang = event.value
+    
+    @on(Select.Changed, "#srv")
+    def srv_changed(self, event: Select.Changed) -> None:
+        if event.value is None:
+            self.query(".add-srv").remove_class("hidden")
+        else:
+            self.query(".add-srv").add_class("hidden")
+            self.query_one("#srv_name_errors_box", Horizontal).add_class("hidden")
+        self.service = event.value
+    
+    def action_save(self):
+        self.save()
+    
+    def action_cancel(self):
+        self.cancel()
+        
+    @on(Button.Pressed, "#save")
+    def save(self):
+        input_forms: List[Input] = self.query(".form-input")
+        errors = []
+        for form in input_forms:
+            errors.extend([ele.failure_description for ele in form.validators if ele.failure_description])
+        
+        if len(errors) == 0 and self.exploit_name:
+            if self.service is None:
+                try:
+                    self.service  = UUID(self.config.reqs.new_service({"name": self.service_name})["id"])
+                    self.config.fetch_status()
+                except Exception as e:
+                    print(f"[bold yellow] Service not subscribed!: {e}")
+                    self.service = UUID("00000000-0000-0000-0000-000000000000")
+            if self.edit:
+                x_conf = ExploitConfig.read(".")
+                x_conf.name = self.exploit_name
+                x_conf.language = Language(self.lang)
+                x_conf.service = self.service
+            else:
+                if check_exploit_config_exists(self.exploit_name):
+                    self.show_error(f"[bold red]The exploit named '{self.exploit_name}' already exists")
+                    return
+                x_conf = ExploitConfig.new(self.exploit_name, Language(self.lang), self.service)
+            x_conf.write(x_conf.name if not self.edit else ".")
+            try:
+                x_conf.publish_exploit(self.config)
+            except Exception as e:
+                self.exit(99)
+                return
+            self.exit(0)
+        else:
+            self.show_error(f"[bold red]{', '.join(errors)}")
+            
+    @on(Button.Pressed, "#cancel")
+    def cancel(self):
+        self.exit(1)
+    
+    @on(Input.Changed, "#exploit_name")
+    def name_check(self, event: Input.Changed) -> None:
+        # Updating the UI to show the reasons why validation failed
+        error_label = self.query_one("#name_errors", Pretty)
+        error_box = self.query_one("#name_errors_box", Horizontal)
+        if not event.validation_result.is_valid:
+            error_box.remove_class("hidden")
+            error_label.update(event.validation_result.failure_descriptions)
+        else:
+            error_box.add_class("hidden")
+            self.exploit_name = event.input.value
+    
+    @on(Input.Changed, "#srv_name")
+    def srv_name_check(self, event: Input.Changed) -> None:
+        error_label = self.query_one("#srv_name_errors",Pretty)
+        error_box = self.query_one("#srv_name_errors_box", Horizontal)
+        if not event.validation_result.is_valid:
+            error_box.remove_class("hidden")
+            error_label.update(event.validation_result.failure_descriptions)
+        else:
+            error_box.add_class("hidden")
+            self.service_name = event.input.value
+