-
Notifications
You must be signed in to change notification settings - Fork 2.3k
/
interpreter.py
543 lines (443 loc) · 19.4 KB
/
interpreter.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
from __future__ import print_function
import atexit
import itertools
import os
import sys
import traceback
from collections import Counter
from future.builtins import input
from routersploit.core.exploit.exceptions import RoutersploitException
from routersploit.core.exploit.utils import (
index_modules,
pythonize_path,
humanize_path,
import_exploit,
stop_after,
module_required,
MODULES_DIR,
WORDLISTS_DIR,
)
from routersploit.core.exploit.printer import (
print_info,
print_success,
print_error,
print_status,
print_table,
pprint_dict_in_order,
PrinterThread,
printer_queue
)
from routersploit.core.exploit.exploit import GLOBAL_OPTS
from routersploit.core.exploit.payloads import BasePayload
import readline
def is_libedit():
return "libedit" in readline.__doc__
class BaseInterpreter(object):
history_file = os.path.expanduser("~/.history")
history_length = 100
global_help = ""
def __init__(self):
self.setup()
self.banner = ""
def setup(self):
""" Initialization of third-party libraries
Setting interpreter history.
Setting appropriate completer function.
:return:
"""
if not os.path.exists(self.history_file):
with open(self.history_file, "a+") as history:
if is_libedit():
history.write("_HiStOrY_V2_\n\n")
readline.read_history_file(self.history_file)
readline.set_history_length(self.history_length)
atexit.register(readline.write_history_file, self.history_file)
readline.parse_and_bind("set enable-keypad on")
readline.set_completer(self.complete)
readline.set_completer_delims(" \t\n;")
if is_libedit():
readline.parse_and_bind("bind ^I rl_complete")
else:
readline.parse_and_bind("tab: complete")
def parse_line(self, line):
""" Split line into command and argument.
:param line: line to parse
:return: (command, argument)
"""
command, _, arg = line.strip().partition(" ")
return command, arg.strip()
@property
def prompt(self):
""" Returns prompt string """
return ">>>"
def get_command_handler(self, command):
""" Parsing command and returning appropriate handler.
:param command: command
:return: command_handler
"""
try:
command_handler = getattr(self, "command_{}".format(command))
except AttributeError:
raise RoutersploitException("Unknown command: '{}'".format(command))
return command_handler
def start(self):
""" Routersploit main entry point. Starting interpreter loop. """
print_info(self.banner)
printer_queue.join()
while True:
try:
command, args = self.parse_line(input(self.prompt))
if not command:
continue
command_handler = self.get_command_handler(command)
command_handler(args)
except RoutersploitException as err:
print_error(err)
except EOFError:
print_info()
print_status("routersploit stopped")
break
except KeyboardInterrupt:
print_info()
finally:
printer_queue.join()
def complete(self, text, state):
"""Return the next possible completion for 'text'.
If a command has not been entered, then complete against command list.
Otherwise try to call complete_<command> to get list of completions.
"""
if state == 0:
original_line = readline.get_line_buffer()
line = original_line.lstrip()
stripped = len(original_line) - len(line)
start_index = readline.get_begidx() - stripped
end_index = readline.get_endidx() - stripped
if start_index > 0:
cmd, args = self.parse_line(line)
if cmd == "":
complete_function = self.default_completer
else:
try:
complete_function = getattr(self, "complete_" + cmd)
except AttributeError:
complete_function = self.default_completer
else:
complete_function = self.raw_command_completer
self.completion_matches = complete_function(text, line, start_index, end_index)
try:
return self.completion_matches[state]
except IndexError:
return None
def commands(self, *ignored):
""" Returns full list of interpreter commands.
:param ignored:
:return: full list of interpreter commands
"""
return [command.rsplit("_").pop() for command in dir(self) if command.startswith("command_")]
def raw_command_completer(self, text, line, start_index, end_index):
""" Complete command w/o any argument """
return [command for command in self.suggested_commands() if command.startswith(text)]
def default_completer(self, *ignored):
return []
def suggested_commands(self):
""" Entry point for intelligent tab completion.
Overwrite this method to suggest suitable commands.
:return: list of suitable commands
"""
return self.commands()
class RoutersploitInterpreter(BaseInterpreter):
history_file = os.path.expanduser("~/.rsf_history")
global_help = """Global commands:
help Print this help menu
use <module> Select a module for usage
exec <shell command> <args> Execute a command in a shell
search <search term> Search for appropriate module
exit Exit RouterSploit"""
module_help = """Module commands:
run Run the selected module with the given options
back De-select the current module
set <option name> <option value> Set an option for the selected module
setg <option name> <option value> Set an option for all of the modules
unsetg <option name> Unset option that was set globally
show [info|options|devices] Print information, options, or target devices for a module
check Check if a given target is vulnerable to a selected module's exploit"""
def __init__(self):
super(RoutersploitInterpreter, self).__init__()
PrinterThread().start()
self.current_module = None
self.raw_prompt_template = None
self.module_prompt_template = None
self.prompt_hostname = "rsf"
self.show_sub_commands = ("info", "options", "devices", "all", "encoders", "creds", "exploits", "scanners", "wordlists")
self.global_commands = sorted(["use ", "exec ", "help", "exit", "show ", "search "])
self.module_commands = ["run", "back", "set ", "setg ", "check"]
self.module_commands.extend(self.global_commands)
self.module_commands.sort()
self.modules = index_modules()
self.modules_count = Counter()
self.modules_count.update([module.split('.')[0] for module in self.modules])
self.main_modules_dirs = [module for module in os.listdir(MODULES_DIR) if not module.startswith("__")]
self.__parse_prompt()
self.banner = """ ______ _ _____ _ _ _
| ___ \ | | / ___| | | (_) |
| |_/ /___ _ _| |_ ___ _ __\ `--. _ __ | | ___ _| |_
| // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __|
| |\ \ (_) | |_| | || __/ | /\__/ / |_) | | (_) | | |_
\_| \_\___/ \__,_|\__\___|_| \____/| .__/|_|\___/|_|\__|
| |
Exploitation Framework for |_| by Threat9
Embedded Devices
Codename : I Knew You Were Trouble
Version : 3.3.0
Homepage : https://www.threat9.com - @threatnine
Join Slack : https://www.threat9.com/slack
Join Threat9 Beta Program - https://www.threat9.com
Exploits: {exploits_count} Scanners: {scanners_count} Creds: {creds_count} Generic: {generic_count} Payloads: {payloads_count} Encoders: {encoders_count}
""".format(exploits_count=self.modules_count["exploits"],
scanners_count=self.modules_count["scanners"],
creds_count=self.modules_count["creds"],
generic_count=self.modules_count["generic"],
payloads_count=self.modules_count["payloads"],
encoders_count=self.modules_count["encoders"])
def __parse_prompt(self):
raw_prompt_default_template = "\001\033[4m\002{host}\001\033[0m\002 > "
raw_prompt_template = os.getenv("RSF_RAW_PROMPT", raw_prompt_default_template).replace('\\033', '\033')
self.raw_prompt_template = raw_prompt_template if '{host}' in raw_prompt_template else raw_prompt_default_template
module_prompt_default_template = "\001\033[4m\002{host}\001\033[0m\002 (\001\033[91m\002{module}\001\033[0m\002) > "
module_prompt_template = os.getenv("RSF_MODULE_PROMPT", module_prompt_default_template).replace('\\033', '\033')
self.module_prompt_template = module_prompt_template if all(map(lambda x: x in module_prompt_template, ['{host}', "{module}"])) else module_prompt_default_template
@property
def module_metadata(self):
return getattr(self.current_module, "_{}__info__".format(self.current_module.__class__.__name__))
@property
def prompt(self):
""" Returns prompt string based on current_module attribute.
Adding module prefix (module.name) if current_module attribute is set.
:return: prompt string with appropriate module prefix.
"""
if self.current_module:
try:
return self.module_prompt_template.format(host=self.prompt_hostname, module=self.module_metadata['name'])
except (AttributeError, KeyError):
return self.module_prompt_template.format(host=self.prompt_hostname, module="UnnamedModule")
else:
return self.raw_prompt_template.format(host=self.prompt_hostname)
def available_modules_completion(self, text):
""" Looking for tab completion hints using setup.py entry_points.
May need optimization in the future!
:param text: argument of 'use' command
:return: list of tab completion hints
"""
text = pythonize_path(text)
all_possible_matches = filter(lambda x: x.startswith(text), self.modules)
matches = set()
for match in all_possible_matches:
head, sep, tail = match[len(text):].partition('.')
if not tail:
sep = ""
matches.add("".join((text, head, sep)))
return list(map(humanize_path, matches)) # humanize output, replace dots to forward slashes
def suggested_commands(self):
""" Entry point for intelligent tab completion.
Based on state of interpreter this method will return intelligent suggestions.
:return: list of most accurate command suggestions
"""
if self.current_module and GLOBAL_OPTS:
return sorted(itertools.chain(self.module_commands, ("unsetg ",)))
elif self.current_module:
return self.module_commands
else:
return self.global_commands
def command_back(self, *args, **kwargs):
self.current_module = None
def command_use(self, module_path, *args, **kwargs):
module_path = pythonize_path(module_path)
module_path = ".".join(("routersploit", "modules", module_path))
# module_path, _, exploit_name = module_path.rpartition('.')
try:
self.current_module = import_exploit(module_path)()
except RoutersploitException as err:
print_error(str(err))
@stop_after(2)
def complete_use(self, text, *args, **kwargs):
if text:
return self.available_modules_completion(text)
else:
return self.main_modules_dirs
@module_required
def command_run(self, *args, **kwargs):
print_status("Running module...")
try:
self.current_module.run()
except KeyboardInterrupt:
print_info()
print_error("Operation cancelled by user")
except Exception:
print_error(traceback.format_exc(sys.exc_info()))
def command_exploit(self, *args, **kwargs):
self.command_run()
@module_required
def command_set(self, *args, **kwargs):
key, _, value = args[0].partition(" ")
if key in self.current_module.options:
if key == "encoder":
value = self.current_module.get_encoder(value)
if not value:
print_error("Encoder not available. Check available encoders with `show encoders`.")
return
setattr(self.current_module, key, value)
self.current_module.exploit_attributes[key][0] = value
if kwargs.get("glob", False):
GLOBAL_OPTS[key] = value
print_success("{} => {}".format(key, value))
else:
print_error("You can't set option '{}'.\n"
"Available options: {}".format(key, self.current_module.options))
@stop_after(2)
def complete_set(self, text, *args, **kwargs):
if text:
return [" ".join((attr, "")) for attr in self.current_module.options if attr.startswith(text)]
else:
return self.current_module.options
@module_required
def command_setg(self, *args, **kwargs):
kwargs['glob'] = True
self.command_set(*args, **kwargs)
@stop_after(2)
def complete_setg(self, text, *args, **kwargs):
return self.complete_set(text, *args, **kwargs)
@module_required
def command_unsetg(self, *args, **kwargs):
key, _, value = args[0].partition(' ')
try:
del GLOBAL_OPTS[key]
except KeyError:
print_error("You can't unset global option '{}'.\n"
"Available global options: {}".format(key, list(GLOBAL_OPTS.keys())))
else:
print_success({key: value})
@stop_after(2)
def complete_unsetg(self, text, *args, **kwargs):
if text:
return [' '.join((attr, "")) for attr in GLOBAL_OPTS.keys() if attr.startswith(text)]
else:
return list(GLOBAL_OPTS.keys())
@module_required
def get_opts(self, *args):
""" Generator returning module's Option attributes (option_name, option_value, option_description)
:param args: Option names
:return:
"""
for opt_key in args:
try:
opt_description = self.current_module.exploit_attributes[opt_key][1]
opt_display_value = self.current_module.exploit_attributes[opt_key][0]
except (KeyError, AttributeError):
pass
else:
yield opt_key, opt_display_value, opt_description
@module_required
def _show_info(self, *args, **kwargs):
pprint_dict_in_order(
self.module_metadata,
("name", "description", "devices", "authors", "references"),
)
print_info()
@module_required
def _show_options(self, *args, **kwargs):
target_names = ["target", "port", "ssl", "rhost", "rport", "lhost", "lport"]
target_opts = [opt for opt in self.current_module.options if opt in target_names]
module_opts = [opt for opt in self.current_module.options if opt not in target_opts]
headers = ("Name", "Current settings", "Description")
print_info("\nTarget options:")
print_table(headers, *self.get_opts(*target_opts))
if module_opts:
print_info("\nModule options:")
print_table(headers, *self.get_opts(*module_opts))
print_info()
@module_required
def _show_devices(self, *args, **kwargs): # TODO: cover with tests
try:
devices = self.current_module._Exploit__info__['devices']
print_info("\nTarget devices:")
i = 0
for device in devices:
if isinstance(device, dict):
print_info(" {} - {}".format(i, device['name']))
else:
print_info(" {} - {}".format(i, device))
i += 1
print_info()
except KeyError:
print_info("\nTarget devices are not defined")
@module_required
def _show_wordlists(self, *args, **kwargs):
headers = ("Wordlist", "Path")
wordlists = [(f, "file://{}/{}".format(WORDLISTS_DIR, f)) for f in os.listdir(WORDLISTS_DIR) if f.endswith(".txt")]
print_table(headers, *wordlists, max_column_length=100)
@module_required
def _show_encoders(self, *args, **kwargs):
if issubclass(self.current_module.__class__, BasePayload):
encoders = self.current_module.get_encoders()
if encoders:
headers = ("Encoder", "Name", "Description")
print_table(headers, *encoders, max_column_length=100)
return
print_error("No encoders available")
def __show_modules(self, root=''):
for module in [module for module in self.modules if module.startswith(root)]:
print_info(module.replace('.', os.sep))
def _show_all(self, *args, **kwargs):
self.__show_modules()
def _show_scanners(self, *args, **kwargs):
self.__show_modules('scanners')
def _show_exploits(self, *args, **kwargs):
self.__show_modules('exploits')
def _show_creds(self, *args, **kwargs):
self.__show_modules('creds')
def command_show(self, *args, **kwargs):
sub_command = args[0]
try:
getattr(self, "_show_{}".format(sub_command))(*args, **kwargs)
except AttributeError:
print_error("Unknown 'show' sub-command '{}'. "
"What do you want to show?\n"
"Possible choices are: {}".format(sub_command, self.show_sub_commands))
@stop_after(2)
def complete_show(self, text, *args, **kwargs):
if text:
return [command for command in self.show_sub_commands if command.startswith(text)]
else:
return self.show_sub_commands
@module_required
def command_check(self, *args, **kwargs):
try:
result = self.current_module.check()
except Exception as error:
print_error(error)
else:
if result is True:
print_success("Target is vulnerable")
elif result is False:
print_error("Target is not vulnerable")
else:
print_status("Target could not be verified")
def command_help(self, *args, **kwargs):
print_info(self.global_help)
if self.current_module:
print_info("\n", self.module_help)
def command_exec(self, *args, **kwargs):
os.system(args[0])
def command_search(self, *args, **kwargs):
keyword = args[0]
if not keyword:
print_error("Please specify search keyword. e.g. 'search cisco'")
return
for module in self.modules:
if keyword in module:
module = humanize_path(module)
print_info(
"{}\033[31m{}\033[0m{}".format(*module.partition(keyword))
)
def command_exit(self, *args, **kwargs):
raise EOFError