forked from p15670423/monkey
Fix spacing
This commit is contained in:
parent
58b775cfb5
commit
6bef096e71
|
@ -35,28 +35,28 @@ class MonkeyIslandRequests(object):
|
||||||
return request_function_wrapper
|
return request_function_wrapper
|
||||||
|
|
||||||
def get_jwt_from_server(self):
|
def get_jwt_from_server(self):
|
||||||
resp = requests.post(self.addr + "api/auth", # noqa: DUO123
|
resp = requests.post(self.addr + "api/auth", # noqa: DUO123
|
||||||
json={"username": NO_AUTH_CREDS, "password": NO_AUTH_CREDS},
|
json={"username": NO_AUTH_CREDS, "password": NO_AUTH_CREDS},
|
||||||
verify=False)
|
verify=False)
|
||||||
return resp.json()["access_token"]
|
return resp.json()["access_token"]
|
||||||
|
|
||||||
@_Decorators.refresh_jwt_token
|
@_Decorators.refresh_jwt_token
|
||||||
def get(self, url, data=None):
|
def get(self, url, data=None):
|
||||||
return requests.get(self.addr + url, # noqa: DUO123
|
return requests.get(self.addr + url, # noqa: DUO123
|
||||||
headers=self.get_jwt_header(),
|
headers=self.get_jwt_header(),
|
||||||
params=data,
|
params=data,
|
||||||
verify=False)
|
verify=False)
|
||||||
|
|
||||||
@_Decorators.refresh_jwt_token
|
@_Decorators.refresh_jwt_token
|
||||||
def post(self, url, data):
|
def post(self, url, data):
|
||||||
return requests.post(self.addr + url, # noqa: DUO123
|
return requests.post(self.addr + url, # noqa: DUO123
|
||||||
data=data,
|
data=data,
|
||||||
headers=self.get_jwt_header(),
|
headers=self.get_jwt_header(),
|
||||||
verify=False)
|
verify=False)
|
||||||
|
|
||||||
@_Decorators.refresh_jwt_token
|
@_Decorators.refresh_jwt_token
|
||||||
def post_json(self, url, dict_data):
|
def post_json(self, url, dict_data):
|
||||||
return requests.post(self.addr + url, # noqa: DUO123
|
return requests.post(self.addr + url, # noqa: DUO123
|
||||||
json=dict_data,
|
json=dict_data,
|
||||||
headers=self.get_jwt_header(),
|
headers=self.get_jwt_header(),
|
||||||
verify=False)
|
verify=False)
|
||||||
|
|
|
@ -144,7 +144,7 @@ class ControlClient(object):
|
||||||
return
|
return
|
||||||
try:
|
try:
|
||||||
telemetry = {'monkey_guid': GUID, 'log': json.dumps(log)}
|
telemetry = {'monkey_guid': GUID, 'log': json.dumps(log)}
|
||||||
requests.post("https://%s/api/log" % (WormConfiguration.current_server,), # noqa: DUO123
|
requests.post("https://%s/api/log" % (WormConfiguration.current_server,), # noqa: DUO123
|
||||||
data=json.dumps(telemetry),
|
data=json.dumps(telemetry),
|
||||||
headers={'content-type': 'application/json'},
|
headers={'content-type': 'application/json'},
|
||||||
verify=False,
|
verify=False,
|
||||||
|
@ -158,7 +158,7 @@ class ControlClient(object):
|
||||||
if not WormConfiguration.current_server:
|
if not WormConfiguration.current_server:
|
||||||
return
|
return
|
||||||
try:
|
try:
|
||||||
reply = requests.get("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), # noqa: DUO123
|
reply = requests.get("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), # noqa: DUO123
|
||||||
verify=False,
|
verify=False,
|
||||||
proxies=ControlClient.proxies)
|
proxies=ControlClient.proxies)
|
||||||
|
|
||||||
|
@ -185,7 +185,7 @@ class ControlClient(object):
|
||||||
if not WormConfiguration.current_server:
|
if not WormConfiguration.current_server:
|
||||||
return
|
return
|
||||||
try:
|
try:
|
||||||
requests.patch("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), # noqa: DUO123
|
requests.patch("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), # noqa: DUO123
|
||||||
data=json.dumps({'config_error': True}),
|
data=json.dumps({'config_error': True}),
|
||||||
headers={'content-type': 'application/json'},
|
headers={'content-type': 'application/json'},
|
||||||
verify=False,
|
verify=False,
|
||||||
|
@ -247,7 +247,7 @@ class ControlClient(object):
|
||||||
if (monkeyfs.isfile(dest_file)) and (size == monkeyfs.getsize(dest_file)):
|
if (monkeyfs.isfile(dest_file)) and (size == monkeyfs.getsize(dest_file)):
|
||||||
return dest_file
|
return dest_file
|
||||||
else:
|
else:
|
||||||
download = requests.get("https://%s/api/monkey/download/%s" % # noqa: DUO123
|
download = requests.get("https://%s/api/monkey/download/%s" % # noqa: DUO123
|
||||||
(WormConfiguration.current_server, filename),
|
(WormConfiguration.current_server, filename),
|
||||||
verify=False,
|
verify=False,
|
||||||
proxies=ControlClient.proxies)
|
proxies=ControlClient.proxies)
|
||||||
|
@ -273,7 +273,7 @@ class ControlClient(object):
|
||||||
if not WormConfiguration.current_server:
|
if not WormConfiguration.current_server:
|
||||||
return None, None
|
return None, None
|
||||||
try:
|
try:
|
||||||
reply = requests.post("https://%s/api/monkey/download" % (WormConfiguration.current_server,), # noqa: DUO123
|
reply = requests.post("https://%s/api/monkey/download" % (WormConfiguration.current_server,), # noqa: DUO123
|
||||||
data=json.dumps(host_dict),
|
data=json.dumps(host_dict),
|
||||||
headers={'content-type': 'application/json'},
|
headers={'content-type': 'application/json'},
|
||||||
verify=False, proxies=ControlClient.proxies)
|
verify=False, proxies=ControlClient.proxies)
|
||||||
|
|
|
@ -209,7 +209,7 @@ class ShellShockExploiter(HostExploiter):
|
||||||
try:
|
try:
|
||||||
LOG.debug("Header is: %s" % header)
|
LOG.debug("Header is: %s" % header)
|
||||||
LOG.debug("Attack is: %s" % attack)
|
LOG.debug("Attack is: %s" % attack)
|
||||||
r = requests.get(url, headers={header: attack}, verify=False, timeout=TIMEOUT) # noqa: DUO123
|
r = requests.get(url, headers={header: attack}, verify=False, timeout=TIMEOUT) # noqa: DUO123
|
||||||
result = r.content.decode()
|
result = r.content.decode()
|
||||||
return result
|
return result
|
||||||
except requests.exceptions.RequestException as exc:
|
except requests.exceptions.RequestException as exc:
|
||||||
|
@ -232,7 +232,7 @@ class ShellShockExploiter(HostExploiter):
|
||||||
attack_urls = [attack_path + url for url in url_list]
|
attack_urls = [attack_path + url for url in url_list]
|
||||||
for u in attack_urls:
|
for u in attack_urls:
|
||||||
try:
|
try:
|
||||||
reqs.append(requests.head(u, verify=False, timeout=TIMEOUT)) # noqa: DUO123
|
reqs.append(requests.head(u, verify=False, timeout=TIMEOUT)) # noqa: DUO123
|
||||||
except requests.Timeout:
|
except requests.Timeout:
|
||||||
timeout = True
|
timeout = True
|
||||||
break
|
break
|
||||||
|
|
|
@ -80,7 +80,7 @@ class WebLogic201710271(WebRCE):
|
||||||
else:
|
else:
|
||||||
payload = self.get_exploit_payload('cmd', '/c', command + ' 1> NUL 2> NUL')
|
payload = self.get_exploit_payload('cmd', '/c', command + ' 1> NUL 2> NUL')
|
||||||
try:
|
try:
|
||||||
post(url, data=payload, headers=HEADERS, timeout=EXECUTION_TIMEOUT, verify=False) # noqa: DUO123
|
post(url, data=payload, headers=HEADERS, timeout=EXECUTION_TIMEOUT, verify=False) # noqa: DUO123
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
LOG.error("Connection error: %s" % e)
|
LOG.error("Connection error: %s" % e)
|
||||||
return False
|
return False
|
||||||
|
@ -116,7 +116,7 @@ class WebLogic201710271(WebRCE):
|
||||||
def check_if_exploitable_weblogic(self, url, httpd):
|
def check_if_exploitable_weblogic(self, url, httpd):
|
||||||
payload = self.get_test_payload(ip=httpd.local_ip, port=httpd.local_port)
|
payload = self.get_test_payload(ip=httpd.local_ip, port=httpd.local_port)
|
||||||
try:
|
try:
|
||||||
post(url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False) # noqa: DUO123
|
post(url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False) # noqa: DUO123
|
||||||
except exceptions.ReadTimeout:
|
except exceptions.ReadTimeout:
|
||||||
# Our request will not get response thus we get ReadTimeout error
|
# Our request will not get response thus we get ReadTimeout error
|
||||||
pass
|
pass
|
||||||
|
|
|
@ -32,7 +32,7 @@ class HTTPFinger(HostFinger):
|
||||||
# try http, we don't optimise for 443
|
# try http, we don't optimise for 443
|
||||||
for url in (https, http): # start with https and downgrade
|
for url in (https, http): # start with https and downgrade
|
||||||
try:
|
try:
|
||||||
with closing(head(url, verify=False, timeout=1)) as req: # noqa: DUO123
|
with closing(head(url, verify=False, timeout=1)) as req: # noqa: DUO123
|
||||||
server = req.headers.get('Server')
|
server = req.headers.get('Server')
|
||||||
ssl = True if 'https://' in url else False
|
ssl = True if 'https://' in url else False
|
||||||
self.init_service(host.services, ('tcp-' + port[1]), port[0])
|
self.init_service(host.services, ('tcp-' + port[1]), port[0])
|
||||||
|
|
|
@ -51,15 +51,18 @@ if is_windows_os():
|
||||||
local_hostname = socket.gethostname()
|
local_hostname = socket.gethostname()
|
||||||
return socket.gethostbyname_ex(local_hostname)[2]
|
return socket.gethostbyname_ex(local_hostname)[2]
|
||||||
|
|
||||||
|
|
||||||
def get_routes():
|
def get_routes():
|
||||||
raise NotImplementedError()
|
raise NotImplementedError()
|
||||||
else:
|
else:
|
||||||
from fcntl import ioctl
|
from fcntl import ioctl
|
||||||
|
|
||||||
|
|
||||||
def local_ips():
|
def local_ips():
|
||||||
valid_ips = [network['addr'] for network in get_host_subnets()]
|
valid_ips = [network['addr'] for network in get_host_subnets()]
|
||||||
return valid_ips
|
return valid_ips
|
||||||
|
|
||||||
|
|
||||||
def get_routes(): # based on scapy implementation for route parsing
|
def get_routes(): # based on scapy implementation for route parsing
|
||||||
try:
|
try:
|
||||||
f = open("/proc/net/route", "r")
|
f = open("/proc/net/route", "r")
|
||||||
|
@ -125,7 +128,7 @@ def check_internet_access(services):
|
||||||
"""
|
"""
|
||||||
for host in services:
|
for host in services:
|
||||||
try:
|
try:
|
||||||
requests.get("https://%s" % (host,), timeout=TIMEOUT, verify=False) # noqa: DUO123
|
requests.get("https://%s" % (host,), timeout=TIMEOUT, verify=False) # noqa: DUO123
|
||||||
return True
|
return True
|
||||||
except ConnectionError:
|
except ConnectionError:
|
||||||
# Failed connecting
|
# Failed connecting
|
||||||
|
|
Loading…
Reference in New Issue