Skip to content

Dev beta #1293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
+352 −128
Open

Dev beta #1293

Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
b5cae35
minor tweaks and updates
Sep 5, 2019
8affba8
Merge branch 'master' of https://github.com/nullarray/autosploit into…
Sep 6, 2019
9b1b1cb
fixes issue #1213
Dec 3, 2019
03020fd
fixes issue #1210
Dec 3, 2019
cc4319f
fixes issue #1205
Dec 3, 2019
fd907d3
fixes issue #1200
Dec 3, 2019
7763c00
fixes issue #1199
Dec 3, 2019
a447f50
bumps version number for the 5 new commits
Dec 3, 2019
b7259f3
fuck you @cryptollama
Mar 21, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions etc/text_files/nmap_opts.lst
View file
Original file line number Diff line number Diff line change
@@ -89,6 +89,8 @@
-oG
-oA
-v
-vv
-vvv
-d
--reason
--open
2 changes: 1 addition & 1 deletion lib/banner.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import os
import random

VERSION = "4.0"
VERSION = "4.0.6"


def banner_1(line_sep="#--", space=" " * 30):
1 change: 1 addition & 0 deletions lib/cmdline/cmd.py
View file
Original file line number Diff line number Diff line change
@@ -12,6 +12,7 @@
import lib.exploitation.exploiter


# I'm just pushing to say FUCK YOU @cryptollama
class AutoSploitParser(argparse.ArgumentParser):

def __init__(self):
6 changes: 4 additions & 2 deletions lib/exploitation/exploiter.py
View file
Original file line number Diff line number Diff line change
@@ -137,7 +137,7 @@ def start_exploit(self, sep="*" * 10):
)

cmd_template = (
"sudo {use_ruby} {msf_path} -r {rc_script_path} -q"
"{use_sudo} {use_ruby} {msf_path} -r {rc_script_path} -q"
)

use_ruby = "ruby" if self.ruby_exec else ""
@@ -162,6 +162,7 @@ def start_exploit(self, sep="*" * 10):
lhost = self.configuration[1]
lport = self.configuration[2]
rhost = host.strip()
is_docker = "sudo" if lib.settings.we_dockered() else ""

current_rc_script_path = path.join(current_host_path, mod.replace("/", '-').strip())
with open(current_rc_script_path, 'w') as f:
@@ -172,7 +173,8 @@ def start_exploit(self, sep="*" * 10):
lhost=lhost,
lport=lport,
rhost=rhost,
rhosts=rhost
rhosts=rhost,
use_sudo=is_docker
))

with open(report_path, 'a') as f:
306 changes: 220 additions & 86 deletions lib/scanner/nmap.py
View file
Original file line number Diff line number Diff line change
@@ -120,7 +120,12 @@ def do_scan(host, nmap_path, ports=None, arguments=None):
perform the nmap scan
"""
if arguments is None:
arguments = "-sV"
lib.output.misc_info("using default scan arguments")
arguments = [
"-sF", "-Pn", "-sV",
"-O", "-F", "--reason",
"-vvv"
]
launch_arguments = [
nmap_path, '-oX', '-', host,
'-p ' + ports if ports is not None else "",
@@ -150,106 +155,235 @@ def do_scan(host, nmap_path, ports=None, arguments=None):
return output_data, "".join(nmap_warn_tracestack), "".join(nmap_error_tracestack)


# copy pasta :DD
# https://github.com/komand/python-nmap/blob/master/nmap/nmap.py#L273
def parse_xml_output(output, warnings, error):
"""
parse the XML data out of the file into a dict
Analyses NMAP xml scan ouput
May raise PortScannerError exception if nmap output was not xml
Test existance of the following key to know if something went wrong : ['nmap']['scaninfo']['error']
If not present, everything was ok.
:param nmap_xml_output: xml string to analyse
:returns: scan_result as dictionnary
"""
results = {}
# nmap xml output looks like :
# <host starttime="1267974521" endtime="1267974522">
# <status state="up" reason="user-set"/>
# <address addr="192.168.1.1" addrtype="ipv4" />
# <hostnames><hostname name="neufbox" type="PTR" /></hostnames>
# <ports>
# <port protocol="tcp" portid="22">
# <state state="filtered" reason="no-response" reason_ttl="0"/>
# <service name="ssh" method="table" conf="3" />
# </port>
# <port protocol="tcp" portid="25">
# <state state="filtered" reason="no-response" reason_ttl="0"/>
# <service name="smtp" method="table" conf="3" />
# </port>
# </ports>
# <hostscript>
# <script id="nbstat" output="NetBIOS name: GROSTRUC, NetBIOS user: &lt;unknown&gt;, NetBIOS MAC: &lt;unknown&gt;&#xa;" />
# <script id="smb-os-discovery" output=" &#xa; OS: Unix (Samba 3.6.3)&#xa; Name: WORKGROUP\Unknown&#xa; System time: 2013-06-23 15:37:40 UTC+2&#xa;" />
# <script id="smbv2-enabled" output="Server doesn&apos;t support SMBv2 protocol" />
# </hostscript>
# <times srtt="-1" rttvar="-1" to="1000000" />
# </host>
# <port protocol="tcp" portid="25">
# <state state="open" reason="syn-ack" reason_ttl="0"/>
# <service name="smtp" product="Exim smtpd" version="4.76" hostname="grostruc" method="probed" conf="10">
# <cpe>cpe:/a:exim:exim:4.76</cpe>
# </service>
# <script id="smtp-commands" output="grostruc Hello localhost [127.0.0.1], SIZE 52428800, PIPELINING, HELP, &#xa; Commands supported: AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP "/>
# </port>
scan_result = {}
try:
root = ElementTree.fromstring(output)
dom = ElementTree.fromstring(output)
except Exception:
if len(error) != 0:
if len(error) > 0:
raise lib.errors.NmapScannerError(error)
else:
raise lib.errors.NmapScannerError(output)
results['nmap_scan'] = {
'full_command_line': root.get('args'),
'scan_information': {},
'scan_stats': {
'time_string': root.find('runstats/finished').get('timestr'),
'elapsed': root.find('runstats/finished').get('elapsed'),
'hosts_up': root.find('runstats/hosts').get('up'),
'down_hosts': root.find('runstats/hosts').get('down'),
'total_hosts_scanned': root.find('runstats/hosts').get('total')
# nmap command line
scan_result['nmap'] = {
'command_line': dom.get('args'),
'scaninfo': {},
'scanstats': {
'timestr': dom.find("runstats/finished").get('timestr'),
'elapsed': dom.find("runstats/finished").get('elapsed'),
'uphosts': dom.find("runstats/hosts").get('up'),
'downhosts': dom.find("runstats/hosts").get('down'),
'totalhosts': dom.find("runstats/hosts").get('total')}
}
}
if len(error) != 0:
results['nmap_scan']['scan_information']['errors'] = error
if len(warnings) != 0:
results['nmap_scan']['scan_information']['warnings'] = warnings
for info in root.findall('scaninfo'):
results['nmap_scan']['scan_information'][info.get('protocol')] = {
'method': info.get('type'),
'services': info.get('services')
}
for attempted_host in root.findall('host'):
# if there was an error
if len(error) > 0:
scan_result['nmap']['scaninfo']['error'] = error
# if there was a warning
if len(warnings) > 0:
scan_result['nmap']['scaninfo']['warning'] = warnings
# info about scan
for dsci in dom.findall('scaninfo'):
scan_result['nmap']['scaninfo'][dsci.get('protocol')] = {
'method': dsci.get('type'),
'services': dsci.get('services')
}
scan_result['scan'] = {}
for dhost in dom.findall('host'):
# host ip, mac and other addresses
host = None
addresses = {}
vendors = {}
for address in attempted_host.findall("address"):
address_type = address.get('addrtype')
addresses[address_type] = address.get('addr')
if address_type == "ipv4":
host = addresses[address_type]
elif address_type == "mac" and address.get('vendor') is not None:
vendors[addresses[address_type]] = address.get('vendor')
address_block = {}
vendor_block = {}
for address in dhost.findall('address'):
addtype = address.get('addrtype')
address_block[addtype] = address.get('addr')
if addtype == 'ipv4':
host = address_block[addtype]
elif addtype == 'mac' and address.get('vendor') is not None:
vendor_block[address_block[addtype]] = address.get('vendor')
if host is None:
host = attempted_host.find('address').get('addr')
host = dhost.find('address').get('addr')
hostnames = []
if len(attempted_host.findall('hostnames/hostname')) != 0:
for current_hostnames in attempted_host.findall('hostnames/hostname'):
if len(dhost.findall('hostnames/hostname')) > 0:
for dhostname in dhost.findall('hostnames/hostname'):
hostnames.append({
'hostname': current_hostnames.get('name'),
'host_type': current_hostnames.get('type')
'name': dhostname.get('name'),
'type': dhostname.get('type'),
})
else:
hostnames.append({
'hostname': None,
'host_type': None
'name': '',
'type': '',
})

results['nmap_scan'][host] = {}
results['nmap_scan'][host]['hostnames'] = hostnames
results['nmap_scan'][host]['addresses'] = addresses
results['nmap_scan'][host]['vendors'] = vendors

for status in attempted_host.findall('status'):
results['nmap_scan'][host]['status'] = {
'state': status.get('state'),
'reason': status.get('reason')
}
for uptime in attempted_host.findall('uptime'):
results['nmap_scan'][host]['uptime'] = {
'seconds': uptime.get('seconds'),
'lastboot': uptime.get('lastboot')
}
for discovered_port in attempted_host.findall('ports/port'):
protocol = discovered_port.get('protocol')
port_number = discovered_port.get('portid')
port_state = discovered_port.find('state').get('state')
port_reason = discovered_port.find('state').get('reason')

# this is actually a thing!!
name = discovered_config = discovered_version = extra_information = discovered_product = stuff = ""
for discovered_name in discovered_port.findall('service'):
name = discovered_name.get('name')
if discovered_name.get('product'):
discovered_product = discovered_name.get('product')
if discovered_name.get('version'):
discovered_version = discovered_name.get('version')
if discovered_name.get('extrainfo'):
extra_information = discovered_name.get('extrainfo')
if discovered_name.get('conf'):
discovered_config = discovered_name.get('conf')

for other_stuff in discovered_name.findall('cpe'):
stuff = other_stuff.text
if protocol not in results['nmap_scan'][host].keys():
results['nmap_scan'][host][protocol] = list()
results['nmap_scan'][host][protocol].append({
'port': port_number, 'state': port_state, 'reason': port_reason,
'name': name, 'product': discovered_product, 'version': discovered_version,
'extrainfo': extra_information, 'conf': discovered_config, 'cpe': stuff
scan_result['scan'][host] = {'hostnames': hostnames}
scan_result['scan'][host]['addresses'] = address_block
scan_result['scan'][host]['vendor'] = vendor_block
for dstatus in dhost.findall('status'):
# status : up...
scan_result['scan'][host]['status'] = {'state': dstatus.get('state'),
'reason': dstatus.get('reason')}
for dstatus in dhost.findall('uptime'):
# uptime : seconds, lastboot
scan_result['scan'][host]['uptime'] = {'seconds': dstatus.get('seconds'),
'lastboot': dstatus.get('lastboot')}
for dport in dhost.findall('ports/port'):
# protocol
proto = dport.get('protocol')
# port number converted as integer
port = int(dport.get('portid'))
# state of the port
state = dport.find('state').get('state')
# reason
reason = dport.find('state').get('reason')
# name, product, version, extra info and conf if any
name = product = version = extrainfo = conf = cpe = ''
for dname in dport.findall('service'):
name = dname.get('name')
if dname.get('product'):
product = dname.get('product')
if dname.get('version'):
version = dname.get('version')
if dname.get('extrainfo'):
extrainfo = dname.get('extrainfo')
if dname.get('conf'):
conf = dname.get('conf')
for dcpe in dname.findall('cpe'):
cpe = dcpe.text
# store everything
if proto not in list(scan_result['scan'][host].keys()):
scan_result['scan'][host][proto] = list()
# Komand - change proto from dict to list to ease output spec
scan_result['scan'][host][proto].append({
'port': port,
'state': state,
'reason': reason,
'name': name,
'product': product,
'version': version,
'extrainfo': extrainfo,
'conf': conf,
'cpe': cpe
})
script_id = ''
script_out = ''
# get script output if any
for dscript in dport.findall('script'):
script_id = dscript.get('id')
script_out = dscript.get('output')
if 'script' not in list(scan_result['scan'][host][proto][port].keys()):
scan_result['scan'][host][proto][port]['script'] = {}
scan_result['scan'][host][proto][port]['script'][script_id] = script_out
# <hostscript>
# <script id="nbstat" output="NetBIOS name: GROSTRUC, NetBIOS user: &lt;unknown&gt;, NetBIOS MAC: &lt;unknown&gt;&#xa;" />
# <script id="smb-os-discovery" output=" &#xa; OS: Unix (Samba 3.6.3)&#xa; Name: WORKGROUP\Unknown&#xa; System time: 2013-06-23 15:37:40 UTC+2&#xa;" />
# <script id="smbv2-enabled" output="Server doesn&apos;t support SMBv2 protocol" />
# </hostscript>
for dhostscript in dhost.findall('hostscript'):
for dname in dhostscript.findall('script'):
hsid = dname.get('id')
hsoutput = dname.get('output')
if 'hostscript' not in list(scan_result['scan'][host].keys()):
scan_result['scan'][host]['hostscript'] = []
scan_result['scan'][host]['hostscript'].append(
{
'id': hsid,
'output': hsoutput
}
)
# <osmatch name="Juniper SA4000 SSL VPN gateway (IVE OS 7.0)" accuracy="98" line="36241">
# <osclass type="firewall" vendor="Juniper" osfamily="IVE OS" osgen="7.X"
# accuracy="98"><cpe>cpe:/h:juniper:sa4000</cpe><cpe>cpe:/o:juniper:ive_os:7</cpe></osclass>
# </osmatch>
# <osmatch name="Cymphonix EX550 firewall" accuracy="98" line="17929">
# <osclass type="firewall" vendor="Cymphonix" osfamily="embedded"
# accuracy="98"><cpe>cpe:/h:cymphonix:ex550</cpe></osclass>
# </osmatch>
for dos in dhost.findall('os'):
osmatch = []
portused = []
for dportused in dos.findall('portused'):
# <portused state="open" proto="tcp" portid="443"/>
state = dportused.get('state')
proto = dportused.get('proto')
portid = dportused.get('portid')
portused.append({
'state': state,
'proto': proto,
'portid': portid,
})

return results
scan_result['scan'][host]['portused'] = portused
for dosmatch in dos.findall('osmatch'):
# <osmatch name="Linux 3.7 - 3.15" accuracy="100" line="52790">
name = dosmatch.get('name')
accuracy = dosmatch.get('accuracy')
line = dosmatch.get('line')
osclass = []
for dosclass in dosmatch.findall('osclass'):
# <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="98"/>
ostype = dosclass.get('type')
vendor = dosclass.get('vendor')
osfamily = dosclass.get('osfamily')
osgen = dosclass.get('osgen')
accuracy = dosclass.get('accuracy')
cpe = []
for dcpe in dosclass.findall('cpe'):
cpe.append(dcpe.text)
osclass.append({
'type': ostype,
'vendor': vendor,
'osfamily': osfamily,
'osgen': osgen,
'accuracy': accuracy,
'cpe': cpe,
})
osmatch.append({
'name': name,
'accuracy': accuracy,
'line': line,
'osclass': osclass
})
else:
scan_result['scan'][host]['osmatch'] = osmatch
for dport in dhost.findall('osfingerprint'):
# <osfingerprint fingerprint="OS:SCAN(V=5.50%D=11/[...]S)&#xa;"/>
fingerprint = dport.get('fingerprint')
scan_result['scan'][host]['fingerprint'] = fingerprint
return scan_result
17 changes: 16 additions & 1 deletion lib/settings.py
View file
Original file line number Diff line number Diff line change
@@ -55,8 +55,9 @@ def complete_text(self, text, state):
personal/custom Load a custom host file
tokens/reset Reset API tokens if needed
external View loaded external commands
ver[sion] View the current version of the program
version View the current version of the program
clean/clear Clean the hosts.txt file of duplicate IP addresses
nmap/mapper/mappy Run an nmap scan on a provided host
help/? Display this help
"""

@@ -490,3 +491,17 @@ def find_similar(command, internal, external):
if exter.startswith(first_char):
retval.append(exter)
return retval


def we_dockered():
"""
determine if we are inside a docker container or not
"""
try:
with open("/proc/1/cgroup") as cgroup:
searcher = re.compile("docker", re.I)
if searcher.search(cgroup.read()) is not None:
return True
return False
except Exception:
return False
146 changes: 108 additions & 38 deletions lib/term/terminal.py
View file
Original file line number Diff line number Diff line change
@@ -45,7 +45,7 @@ class object for the main terminal of the program
# reset API tokens
"reset", "tokens",
# show the version number
"ver", "version",
"version",
# clean the hosts file of duplicate IP's
"clean", "clear",
# easter eggs!
@@ -74,7 +74,10 @@ def __init__(self, tokens, modules):
self.loaded_hosts = open(lib.settings.HOST_FILE, "a+").readlines()

def __reload(self):
self.loaded_hosts = open(lib.settings.HOST_FILE).readlines()
try:
self.loaded_hosts = open(lib.settings.HOST_FILE).readlines()
except IOError:
lib.output.warning("there's no hosts file to reload")

def reflect_memory(self, max_memory=100):
"""
@@ -199,9 +202,15 @@ def do_token_reset(self, api, token, username):
if api.lower() == "censys":
lib.output.info("resetting censys API credentials")
with open(lib.settings.API_KEYS["censys"][0], 'w') as token_:
token_.write(token)
try:
token_.write(token)
except:
lib.output.warning("issue writing token, is it blank? Try again")
with open(lib.settings.API_KEYS["censys"][1], 'w') as username_:
username_.write(username)
try:
username_.write(username)
except:
lib.output.warning("issue writing username, is it blank? Try again")
else:
with open(lib.settings.API_KEYS["shodan"][0], 'w') as token_:
token_.write(token)
@@ -246,7 +255,10 @@ def do_api_search(self, requested_api_data, query, tokens):
api_list = requested_api_data.split(",")
except:
api_list = [requested_api_data]
prompt_for_save = len(open(lib.settings.HOST_FILE).readlines()) != 0
try:
prompt_for_save = len(open(lib.settings.HOST_FILE).readlines()) != 0
except IOError:
prompt_for_save = False
if prompt_for_save:
save_mode = lib.output.prompt(
"would you like to [a]ppend or [o]verwrite the file[a/o]", lowercase=True
@@ -371,11 +383,11 @@ def do_exploit_targets(self, workspace_info, shodan_token=None):
Command Format:
--------------
exploit[/run/attack] IP PORT WORKSPACE_NAME [whitewash list]
exploit[/run/attack] IP PORT WORKSPACE_NAME [whitewash list] [honeycheck] [nmap]
Examples:
---------
exploit 127.0.0.1 9065 default whitelist.txt
exploit 127.0.0.1 9065 default whitelist.txt honeycheck nmap
"""
if workspace_info[3] is not None and workspace_info[3] != "honeycheck":
lib.output.misc_info("doing whitewash on hosts file")
@@ -453,7 +465,13 @@ def do_load_custom_hosts(self, file_path):
return
lib.output.warning("overwriting hosts file with provided, and backing up current")
backup_path = lib.settings.backup_host_file(lib.settings.HOST_FILE, lib.settings.HOST_FILE_BACKUP)
shutil.copy(file_path, lib.settings.HOST_FILE)
try:
shutil.copy(file_path, lib.settings.HOST_FILE)
except Exception as e:
if "are the same file" in str(e):
lib.output.warning("there hasn't been any changes to the file since last save")
else:
raise e.__class__(str(e))
lib.output.info("host file replaced, backup stored under '{}'".format(backup_path))
self.loaded_hosts = open(lib.settings.HOST_FILE).readlines()

@@ -483,8 +501,11 @@ def do_nmap_scan(self, target, arguments):

sep = "-" * 30
if arguments is not None:
arguments = arguments.split(",")
passable_arguments = lib.scanner.nmap.parse_nmap_args(arguments)
if not type(arguments) == list:
arguments = arguments.split(",")
passable_arguments = lib.scanner.nmap.parse_nmap_args(arguments)
else:
passable_arguments = lib.scanner.nmap.parse_nmap_args(arguments)
else:
passable_arguments = None
try:
@@ -499,18 +520,25 @@ def do_nmap_scan(self, target, arguments):
formatted_results_output = lib.scanner.nmap.parse_xml_output(output, warnings, errors)
save_file = lib.scanner.nmap.write_data(target, formatted_results_output, is_xml=False)
lib.output.misc_info("JSON data dumped to file: '{}'".format(save_file))
print("{sep}\n{data}\n{sep}".format(
data=json.dumps(formatted_results_output["nmap_scan"][target], indent=4), sep=sep
))
try:
print("{sep}\n{data}\n{sep}".format(
data=json.dumps(formatted_results_output['scan'][target], indent=4), sep=sep
))
except KeyError:
lib.output.error(
formatted_results_output['nmap']['scaninfo']['error']
)
except lib.errors.NmapScannerError as e:
lib.output.error(str(e).strip())

def terminal_main_display(self, tokens, extra_commands=None, save_history=True):
# idk what the fuck the problem is but this seems to fix it so...
import lib.output
"""
terminal main display
"""
# idk what the fuck the problem is but this seems to fix it so...
# if you remove the lib.output the below warning will cause an Exception
# saying that lib.output was never imported, so like WHAT?!
import lib.output
lib.output.warning(
"no arguments have been parsed at run time, dropping into terminal session. "
"to get help type `help` to quit type `exit/quit` to get help on "
@@ -595,7 +623,7 @@ def terminal_main_display(self, tokens, extra_commands=None, save_history=True):
if choice_data_list is None or len(choice_data_list) < 4:
lib.output.error(
"must provide at least LHOST, LPORT, workspace name with `{}` keyword "
"(IE {} 127.0.0.1 9076 default [whitelist-path] [honeycheck])".format(
"(IE {} 127.0.0.1 9076 default [whitelist-path] [honeycheck] [nmap])".format(
choice.split(" ")[0].strip(), choice.split(" ")[0].strip()
)
)
@@ -605,15 +633,17 @@ def terminal_main_display(self, tokens, extra_commands=None, save_history=True):
workspace = (
choice_data_list[1], choice_data_list[2],
choice_data_list[3], choice_data_list[4],
True if "honeycheck" in choice_data_list else False
True if "honeycheck" in choice_data_list else False,
True if "nmap" in choice_data_list else False,
)
except IndexError:
workspace = (
choice_data_list[1], choice_data_list[2],
choice_data_list[3], None,
True if "honeycheck" in choice_data_list else False
True if "honeycheck" in choice_data_list else False,
True if "nmap" in choice_data_list else False
)
if workspace[-1]:
if workspace[4]:
honeyscore = None
while honeyscore is None:
honeyscore = lib.output.prompt(
@@ -624,6 +654,44 @@ def terminal_main_display(self, tokens, extra_commands=None, save_history=True):
except:
honeyscore = None
lib.output.error("honey score must be a float (IE 0.3)")
if workspace[5]:
# perform an nmap scan on every IP address before they're exploited.
# this will probably be really annoying, but you also get the option
# to skip them. I think the `nmap` command is probably a better idea
# given the circumstances of how it works. But really in the end
# it's completely up to you.
big_question = lib.output.prompt(
"do you want to initiate a port scan on all gathered IP addresses "
"before beginning the initial exploitation phase[y/N]"
)
if big_question.lower().startswith("y"):
lib.output.info("scanning gathered IP addresses before starting attacks")
self.__reload()
for ip in self.loaded_hosts:
ip = ip.strip()
option = lib.output.prompt(
"scan IP address: {}[y/N]".format(ip), lowercase=True
)
if option.lower().startswith("y"):
provided_arguments = []
done_providing = False
# pass arguments to nmap by being prompted by them
# as soon as the prompt receives `STOP` it breaks out
# of the loop and adds the arguments to the nmap
# scan call.
while not done_providing:
argument = lib.output.prompt(
"provide an argument that you want to pass to nmap "
"(type 'STOP' to continue)",
lowercase=False
)
if argument != "STOP":
provided_arguments.append(argument)
else:
break
self.do_nmap_scan(ip, provided_arguments)
else:
lib.output.misc_info("skipping scan for {}".format(ip))
self.do_exploit_targets(
workspace, shodan_token=self.tokens["shodan"][0]
)
@@ -696,27 +764,29 @@ def terminal_main_display(self, tokens, extra_commands=None, save_history=True):
else:
lib.output.error("cannot reset {} API credentials".format(choice))
elif any(c in choice for c in ["nmap", "mapper", "mappy"]):
try:
if "help" in choice_data_list:
print(self.do_nmap_scan.__doc__)
except TypeError:
pass
target = choice_data_list[1]
try:
arguments = choice_data_list[2]
if choice_data_list is not None and not len(choice_data_list) == 1:
try:
if "help" in choice_data_list:
print(self.do_nmap_scan.__doc__)
except TypeError:
pass
target = choice_data_list[1]
try:
arguments = choice_data_list[2]
lib.output.warning(
"arguments that have a space in them most likely will not be processed correctly, "
"(IE --dns-servers 1.1.1.1 will most likely cause issues)"
)
except IndexError:
arguments = None
# to do ports just pass the -p flag to nmap, simple and easy. You're welcome
if "help" not in choice_data_list:
self.do_nmap_scan(target, arguments)
else:
lib.output.warning(
"arguments that have a space in them most likely will not be processed correctly, "
"(IE --dns-servers 1.1.1.1 will most likely cause issues)"
"must supply at least an IP address to initiate a nmap scan "
"nmap IP [arg1,arg2,arg3]"
)
except IndexError:
arguments = None
# don't know how im going to implement ports yet
# try:
# ports = choice_data_list[3]
# except IndexError:
# ports = None
if "help" not in choice_data_list:
self.do_nmap_scan(target, arguments)
self.history.append(choice)
self.__reload()
except KeyboardInterrupt: