-
Notifications
You must be signed in to change notification settings - Fork 198
/
Copy pathclusterd.py
executable file
·130 lines (99 loc) · 3.58 KB
/
clusterd.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/usr/bin/env python
import sys
from shutil import rmtree
from os import getcwd, mkdir, path
sys.path.insert(0, getcwd() + '/src/core/')
from fingerprint import FingerEngine
from src.module import generate_payload, deploy_utils, discovery
from auxengine import auxengine
from parse_cmd import parse
from log import LOG
import platform
import utility
import state
""" Clustered environment exploitation framework
"""
def prerun(options):
""" Run misc flags that don't necessarily have anything to do
with fingerprinting or exploiting.
"""
# first check if we need to generate a payload
if options.generate_payload:
generate_payload.run(options)
# Check to see if we need to run the discovery module
if options.discovery_file:
discovery.run(options)
# then check if they want a listing of all deployers
if options.deploy_list:
deploy_utils.deploy_list(options.deploy_list)
if options.aux_list:
deploy_utils.auxiliary_list(options.aux_list)
if path.isdir(state.serve_dir):
# stale temp dir from a crash, etc.
rmtree(state.serve_dir)
# create our temporary directory
mkdir(state.serve_dir)
def postrun(options):
""" Cleanup routine after everything is done
"""
rmtree(state.serve_dir, ignore_errors=True)
def run(options):
""" Parse up our hosts and run fingerprinting/exploitation
on each one
"""
servers = []
if options.input_list:
with open(options.input_list, 'r') as f:
for ip in f.readlines():
if ip.count('.') < 3:
rip = utility.resolve_host(ip.strip())
if rip:
servers.append(rip)
else:
utility.Msg("Host %s could not be resolved. Skipping." %
ip.strip(), LOG.DEBUG)
else:
servers.append(ip.strip())
utility.Msg("Loaded %d servers." % len(servers))
else:
if options.ip.count('.') < 3:
ip = utility.resolve_host(options.ip)
if ip:
servers.append(ip)
else:
utility.Msg("Could not resolve hostname %s" % options.ip, LOG.ERROR)
return
else:
servers.append(options.ip)
utility.Msg("Servers' OS hinted at %s" % options.remote_os)
# iterate through all servers, fingerprint and load auxengine
for server in servers:
fingerengine = FingerEngine()
fingerengine.options = options
fingerengine.options.ip = server
fingerengine.run()
if len(fingerengine.fingerprints) is 0:
continue
utility.Msg("Fingerprinting completed.", LOG.UPDATE)
# We've got the host fingerprinted, now kick off the
# exploitation engine for the service
utility.Msg("Loading auxiliary for '%s'..." % fingerengine.service,
LOG.DEBUG)
# execute the auxiliary engine
auxengine(fingerengine)
if __name__ == "__main__":
utility.header()
options = parse(sys.argv[1:])
# set platform
state.platform = platform.system().lower()
utility.Msg("Started at %s" % (utility.timestamp()))
# log the CLI args
utility.log(' '.join(sys.argv))
try:
prerun(options)
if options.ip or options.input_list:
run(options)
postrun(options)
except KeyboardInterrupt:
pass
utility.Msg("Finished at %s" % (utility.timestamp()))