secator 0.22.0__py3-none-any.whl

secator/tasks/mapcidr.py

@@ -0,0 +1,42 @@
+import validators
+
+from secator.decorators import task
+from secator.definitions import (CIDR_RANGE, IP, OPT_NOT_SUPPORTED, PROXY,
+							   RATE_LIMIT, RETRIES, THREADS, TIMEOUT, SLUG)
+from secator.output_types import Ip
+from secator.tasks._categories import ReconIp
+
+
+@task()
+class mapcidr(ReconIp):
+	"""Utility program to perform multiple operations for a given subnet/cidr ranges."""
+	cmd = 'mapcidr'
+	input_types = [CIDR_RANGE, IP, SLUG]
+	output_types = [Ip]
+	tags = ['ip', 'recon']
+	input_flag = '-cidr'
+	file_flag = '-cl'
+	install_version = 'v1.1.34'
+	install_pre = {'apk': ['libc6-compat']}
+	install_cmd = 'go install -v github.com/projectdiscovery/mapcidr/cmd/mapcidr@[install_version]'
+	github_handle = 'projectdiscovery/mapcidr'
+	opts = {
+		'hide_ips': {'is_flag': True, 'short': 'hi', 'default': False, 'help': 'Hide IP addresses from output (too verbose)', 'internal': True, 'display': True},  # noqa: E501
+	}
+	opt_key_map = {
+		THREADS: OPT_NOT_SUPPORTED,
+		PROXY: OPT_NOT_SUPPORTED,
+		RATE_LIMIT: OPT_NOT_SUPPORTED,
+		RETRIES: OPT_NOT_SUPPORTED,
+		TIMEOUT: OPT_NOT_SUPPORTED,
+	}
+
+	@staticmethod
+	def on_line(self, line):
+		if validators.ipv4(line) or validators.ipv6(line):
+			ip = Ip(ip=line, alive=False)
+			if self.get_opt_value('hide_ips'):
+				self.add_result(ip, print=False)
+				return
+			return ip
+		return line

secator/tasks/msfconsole.py

@@ -0,0 +1,179 @@
+"""Attack tasks."""
+
+import logging
+
+from rich.panel import Panel
+
+from secator.config import CONFIG
+from secator.decorators import task
+from secator.definitions import (DELAY, FOLLOW_REDIRECT, HEADER, HOST, OPT_NOT_SUPPORTED, PROXY, RATE_LIMIT,
+								 RETRIES, THREADS, TIMEOUT, USER_AGENT)
+from secator.tasks._categories import VulnMulti
+from secator.utils import get_file_timestamp
+
+logger = logging.getLogger(__name__)
+
+
+@task()
+class msfconsole(VulnMulti):
+	"""CLI to access and work with the Metasploit Framework."""
+	cmd = 'msfconsole --quiet'
+	input_types = [HOST]
+	output_types = []
+	tags = ['exploit', 'attack']
+	version_flag = OPT_NOT_SUPPORTED
+	input_chunk_size = 1
+	opt_prefix = '--'
+	opts = {
+		'resource': {'type': str, 'help': 'Metasploit resource script.', 'short': 'r'},
+		'execute_command': {'type': str, 'help': 'Metasploit command.', 'short': 'x'},
+		'environment': {'type': str, 'help': 'Environment variables string KEY=VALUE.', 'short': 'e'}
+	}
+	opt_key_map = {
+		'x': 'execute_command',
+		'r': 'resource',
+		HEADER: OPT_NOT_SUPPORTED,
+		DELAY: OPT_NOT_SUPPORTED,
+		FOLLOW_REDIRECT: OPT_NOT_SUPPORTED,
+		PROXY: OPT_NOT_SUPPORTED,
+		RATE_LIMIT: OPT_NOT_SUPPORTED,
+		RETRIES: OPT_NOT_SUPPORTED,
+		THREADS: OPT_NOT_SUPPORTED,
+		TIMEOUT: OPT_NOT_SUPPORTED,
+		USER_AGENT: OPT_NOT_SUPPORTED,
+	}
+	encoding = 'ansi'
+	ignore_return_code = True
+	install_version = '6.4.59'
+	install_cmd_pre = {
+		'apt|apk': ['libpq-dev', 'libpcap-dev', 'libffi-dev', 'g++', 'make'],
+		'pacman': ['ruby-erb', 'postgresql-libs', 'make'],
+		'yum|zypper': ['postgresql-devel', 'make'],
+	}
+	install_cmd = (
+		f'git clone --depth 1 --single-branch -b [install_version] https://github.com/rapid7/metasploit-framework.git {CONFIG.dirs.share}/metasploit-framework_[install_version] || true && '  # noqa: E501
+		f'cd {CONFIG.dirs.share}/metasploit-framework_[install_version] && '
+		f'gem install bundler --user-install -n {CONFIG.dirs.bin} && '
+		f'bundle config set --local path "{CONFIG.dirs.share}" && '
+		'bundle lock --normalize-platforms &&'
+		'bundle install && '
+		f'ln -sf $HOME/.local/share/metasploit-framework_[install_version]/msfconsole {CONFIG.dirs.bin}/msfconsole'
+	)
+
+	@staticmethod
+	def on_init(self):
+		command = self.get_opt_value('execute_command')
+		script_path = self.get_opt_value('resource')
+		environment = self.run_opts.pop('environment', '')
+		env_vars = {}
+		if environment:
+			env_vars = dict(map(lambda x: x.split('='), environment.strip().split(',')))
+		env_vars['RHOST'] = self.inputs[0]
+		env_vars['RHOSTS'] = self.inputs[0]
+
+		# Passing msfconsole command directly, simply add RHOST / RHOSTS from host input and run then exit
+		if command:
+			self.run_opts['msfconsole.execute_command'] = (
+				f'setg RHOST {self.inputs[0]}; '
+				f'setg RHOSTS {self.inputs[0]}; '
+				f'{command.format(**env_vars)}; '
+				f'exit;'
+			)
+
+		# Passing resource script, replace vars inside by our environment variables if any, write to a temp file, and
+		# pass this temp file instead of the original one.
+		elif script_path:
+
+			# Read from original resource script
+			with open(script_path, 'r') as f:
+				content = f.read().replace('exit', '') + 'exit'
+
+			# Make a copy and replace vars inside by env vars passed on the CLI
+			timestr = get_file_timestamp()
+			out_path = f'{self.reports_folder}/.inputs/msfconsole_{timestr}.rc'
+			logger.debug(
+				f'Writing formatted resource script to new temp file {out_path}'
+			)
+			with open(out_path, 'w') as f:
+				content = content.format(**env_vars)
+				f.write(content)
+
+			script_name = script_path.split('/')[-1]
+			self._print(Panel(content, title=f'[bold magenta]{script_name}', expand=False), rich=True)
+
+			# Override original command with new resource script
+			self.run_opts['msfconsole.resource'] = out_path
+
+		# Nothing passed, error out
+		else:
+			raise ValueError('At least one of "execute_command" or "resource" must be passed.')
+
+
+# TODO: This is better as it goes through an RPC API to communicate with
+# metasploit rpc server, but it does not give any output.
+# Seems like output is available only in Metasploit Pro, so keeping this in case
+# we add support for it later.
+#
+# from pymetasploit3.msfrpc import MsfRpcClient
+# class msfrpcd():
+#
+#     opts = {
+#         'uri': {'type': str, 'default': '/api/', 'help': 'msfrpcd API uri'},
+#         'port': {'type': int, 'default': 55553, 'help': 'msfrpcd port'},
+#         'server': {'type': str, 'default': 'localhost', 'help': 'msfrpcd host'},
+#         'token': {'type': str, 'help': 'msfrpcd token'},
+#         'username': {'type': str, 'default': 'msf', 'help': 'msfrpcd username'},
+#         'password': {'type': str, 'default': 'test', 'help': 'msfrpcd password'},
+#         'module': {'type': str, 'required': True, 'help': 'Metasploit module to run'}
+#     }
+#
+#     def __init__(self, input, ctx={}, **run_opts):
+#         self.module = run_opts.pop('module')
+#         pw = run_opts.pop('password')
+#         self.run_opts = run_opts
+#         self.RHOST = input
+#         self.RHOSTS = input
+#         self.LHOST = self.get_lhost()
+#         # self.start_msgrpc()
+#         self.client = MsfRpcClient(pw, ssl=True, **run_opts)
+#
+#     # def start_msgrpc(self):
+#     #     code, out = Command.execute(f'msfrpcd -P {self.password}')
+#     #     logger.info(out)
+#
+#     def get_lhost(self):
+#         try:
+#             u = miniupnpc.UPnP()
+#             u.discoverdelay = 200
+#             u.discover()
+#             u.selectigd()
+#             return u.externalipaddress()
+#         except Exception:
+#             return 'localhost'
+#
+#     def run(self):
+#         """Run a metasploit module.
+#
+#         Args:
+#             modtype: Module type amongst 'auxiliary', 'exploit', 'post',
+#                 'encoder', 'nop', 'payload'.
+#             modname: Module name e.g 'auxiliary/scanner/ftp/ftp_version
+#             kwargs (dict): Module kwargs e.g RHOSTS, LHOST
+#         Returns:
+#             dict: Job results.
+#         """
+#         modtype = self.module.split('/')[0].rstrip('s')
+#         job = self.client.modules.execute(
+# 			modtype,
+# 			self.module,
+# 			RHOST=self.RHOST,
+# 			RHOSTS=self.RHOSTS,
+# 			LHOST=self.LHOST)
+#         if job.get('error', False):
+#             logger.error(job['error_message'])
+#         job_info = self.client.jobs.info_by_uuid(job['uuid'])
+#         while (job_info['status'] in ['running', 'ready']):
+#             job_info = self.client.jobs.info_by_uuid(job['uuid'])
+#         job_info.update(job)
+#         print(type(job_info['result']['127.0.0.1']))
+#         return job_info

secator/tasks/naabu.py

@@ -0,0 +1,85 @@
+from secator.decorators import task
+from secator.definitions import (DELAY, HOST, IP, OPT_NOT_SUPPORTED, PORTS,
+								 PROXY, RATE_LIMIT, RETRIES, THREADS,
+								 TIMEOUT, TOP_PORTS)
+from secator.output_types import Port, Ip
+from secator.serializers import JSONSerializer
+from secator.tasks._categories import ReconPort
+
+
+@task()
+class naabu(ReconPort):
+	"""Port scanning tool written in Go."""
+	cmd = 'naabu'
+	input_types = [HOST, IP]
+	output_types = [Port, Ip]
+	tags = ['port', 'scan']
+	input_flag = '-host'
+	file_flag = '-list'
+	json_flag = '-json'
+	opts = {
+		'scan_type': {'type': str, 'short': 'st', 'help': 'Scan type (SYN (s)/CONNECT(c))'},
+		'skip_host_discovery': {'is_flag': True, 'short': 'Pn', 'default': False, 'help': 'Skip host discovery'},
+		# 'health_check': {'is_flag': True, 'short': 'hc', 'help': 'Health check'}
+	}
+	opt_key_map = {
+		DELAY: OPT_NOT_SUPPORTED,
+		PROXY: 'proxy',
+		RATE_LIMIT: 'rate',
+		RETRIES: 'retries',
+		TIMEOUT: 'timeout',
+		THREADS: 'c',
+		PORTS: 'port',
+		TOP_PORTS: 'top-ports',
+
+		# naabu opts
+		'scan_type': 's',
+		# 'health_check': 'hc'
+	}
+	opt_value_map = {
+		TIMEOUT: lambda x: int(x)*1000 if x and int(x) > 0 else None,  # convert to milliseconds
+		PROXY: lambda x: x.replace('socks5://', '')
+	}
+	item_loaders = [JSONSerializer()]
+	install_version = 'v2.3.3'
+	install_cmd = 'go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@[install_version]'
+	github_handle = 'projectdiscovery/naabu'
+	install_pre = {'apt': ['libpcap-dev'], 'apk': ['libpcap-dev', 'libc6-compat'], 'pacman|brew': ['libpcap']}
+	install_post = {'arch|alpine': 'sudo ln -sf /usr/lib/libpcap.so /usr/lib/libpcap.so.0.8'}
+	proxychains = False
+	proxy_socks5 = True
+	proxy_http = False
+	profile = 'io'
+
+	@staticmethod
+	def before_init(self):
+		self.hosts = []
+		for ix, input in enumerate(self.inputs):
+			if input == 'localhost':
+				self.inputs[ix] = '127.0.0.1'
+
+	@staticmethod
+	def on_cmd(self):
+		scan_type = self.get_opt_value('scan_type')
+		if scan_type == 's':
+			self.requires_sudo = True
+
+	@staticmethod
+	def on_json_loaded(self, item):
+		ip = item['ip']
+		host = item['host'] if 'host' in item else ip
+		if host == '127.0.0.1':
+			host = 'localhost'
+		if host not in self.hosts:
+			yield Ip(
+				ip=ip,
+				host=host,
+				alive=True
+			)
+			self.hosts.append(host)
+		yield Port(
+			ip=ip,
+			port=item['port'],
+			host=host,
+			state='open'
+		)