Files
cli.src
- import_code("/home/me/h/libs/list.src") // exports Lst
- import_code("/home/me/h/libs/disk.src") // exports Disk
- import_code("/home/me/h/libs/nmap.src") // exports Nmap
- import_code("/home/me/h/libs/scan.src") // exports Scan
- Disk.init("/home/me/h/disks", "passwords")
- // this will get more complicated later on, i want to choose a port that i have the most change of getting in
- // so i can check a database of exploits see or see the local ip with most ports open etc
- pick_a_service = function(nmap)
- if nmap.len == 1 then return nmap[0]
- if nmap.len == 0 then return null
- with_smallest_version = nmap[0]
-
- for service in nmap[1:]
- if Nmap.service_version_to_int(service) < Nmap.service_version_to_int(with_smallest_version) then
- with_smallest_version = service
- end if
- end for
-
- return with_smallest_version
- end function
scan- Vega = {}
- Vega.vega_sig = {}
- Vega.vega_sig["description"] = "auto hacking tool"
- Vega.vega_sig["args"] = ["ip*", "port"]
- Vega.vega_sig["options"] = [{["-v", "--verbose"]: "print more logs"}]
- Vega.vega = function(args = [], options = {})
- ip = args[0]
- port = args[1]
-
- has_verbose = options["-v"]
-
- Nmap.init(ip)
- nmap = Nmap.ports
-
print(pick_a_service(nmap))- if (not port) then port = pick_a_service(nmap).port
- if (typeof(port) == "string") then port = port.to_int
-
- f = function(o)
- return o.port == port
- end function
- service = Lst.find(nmap, @f)
-
- print(port)
- print(service)
-
- Scan.metaxploit = include_lib("/lib/metaxploit.so")
- Scan.init(ip, port)
- Scan.execute
- print(Scan.get_exploits)
- end function
- import_code("/home/me/h/libs/thor.src") //depends on listlib, exports Thor
- Thor.init(Vega, "vega")
libs/list.src
- Lst = {}
-
- Lst.to_list = function(map, shallow = false)
- list = []
-
- for i in map.indexes
- if typeof(map[i]) == "map" then
- if shallow == true then
- list.push([i, map[i]])
- else
- list.push([i, Lst.to_list(map[i])])
- end if
- else
- list.push([i, map[i]])
- end if
- end for
-
- return list
- end function
-
- Lst.to_map = function(list)
- l = list[0:]
- map = {}
- for i in indexes(l)
- if typeof(l[i][1]) == "list" and l[i][1].len == 2 and typeof(l[i][1][0]) == "string" then
- map[l[i][0]] = Lst.to_map(l[i][1])
- else
- map[l[i][0]] = l[i][1]
- end if
- end for
-
- return map
- end function
-
- Lst.each = function(obj, func)
- if typeof(obj) == "map" then
- list = Lst.to_list(obj, true)
- else
- list = obj
- end if
- result = list[0:] //list copy.
- for i in indexes(list)
- if typeof(obj) == "map" then
- func(result[i][0], result[i][1])
- else
- func(result[i])
- end if
- end for
- end function
-
- Lst.map = function(list, func)
- result = list[0:] //list copy.
- for i in indexes(list)
- result[i] = func(result[i])
- end for
- return result
- end function
-
- Lst.reject = function(list, func)
- result = list[0:] //list copy.
-
- i = 0
- while i < result.len
- if func(result[i]) == true then
- result.remove(i)
- continue
- end if
- i = i + 1
- end while
-
- return result
- end function
-
- Lst.select = function(list, func)
- result = list[0:] //list copy.
-
- i = 0
- while i < result.len
- if func(result[i]) == false then
- result.remove(i)
- continue
- end if
- i = i + 1
- end while
-
- return result
- end function
- Lst.find = function(list, func)
- for i in list
- if (func(i)) then
- return i
- end if
- end for
- return null
- end function
-
- // do not rename funcc to to func it will infinite loop
- Lst.lsort = function(list, funcc)
- f = function(i)
- return Lst.to_map([["sort_key", funcc(i)], ["obj", i]])
- end function
- result = Lst.map(list, @f)
- result = result.sort("sort_key")
-
- f = function(i)
- return i["obj"]
- end function
- return Lst.map(result, @f)
- end function
-
- Lst.flat = function(list)
- result = []
- for i in list
- if typeof(i) == "list" then
- result = result + Lst.flat(i)
- else
- result.push(i)
- end if
- end for
-
- return result
- end function
-
- Lst.uniq = function(list)
- result = []
- for i in list
- if result.indexOf(i) == null then result.push(i)
- end for
- return result
- end function
-
- Lst.has_any = function(list, value)
- for i in list
- if i == value then return true
- end for
- return false
- end function
- Lst.min = function(list)
- min = list[0]
- for item in list
- if item < min then
- min = item
- end if
- end for
- return min
- end function
-
- Lst.max = function(list)
- max = list[0]
- for item in list
- if item < max then
- max = item
- end if
- end for
- return max
- end function
libs/scan.src
- map = function(list, func)
- result = list[0:] //list copy.
- for i in indexes(list)
- result[i] = func(result[i])
- end for
- return result
- end function
- _or = function(value1, value2)
- if value1 == null or value1 == false then
- return value2
- end if
- return value1
- end function
- // converts scan_address output to a list easier to process
- // usage example:
- // mem_scan = metaxploit.scan_address(metaLib, entry)
- // mem_scan = mem_scan_exploits(mem_scan)
- mem_scan_exploits = function(mem_scan)
- ex_list = []
-
- while true
- ex_mark = mem_scan.indexOf("<b>")
- if ex_mark == null then break
-
- // get exploit value
- ex_mark_end = mem_scan.indexOf("</b>")
- value = slice(mem_scan, ex_mark+3, ex_mark_end)
-
- // get requirements
- mem_scan = mem_scan[ex_mark_end+5:]
- mem_scan = mem_scan[mem_scan.indexOf(".")+1:]
-
- mem_scan_lines = mem_scan.split(char(10))[1:]
- if mem_scan_lines[0].indexOf("*") != null then
- req = mem_scan_lines[:mem_scan_lines.indexOf("")]
- else
- req = []
- end if
-
- if req.len >= 1 then
- mem_scan = mem_scan[mem_scan.indexOf(req[-1])+req[-1].len+1:]
- end if
-
- exploit = [value, req]
- //["exploit_name": ["requirement", "requirement"]]
- ex_list.push(exploit)
- end while
-
- return ex_list
- //[
- // {"exploit_name": ["requirement", "requirement"]},
- // {"exploit_name": ["requirement", "requirement"]}
- //]
- end function
- ScanExploit = {}
- ScanExploit.address = null
- // "0x62AC77E1"
- ScanExploit.value = null
- // "applyund"
- ScanExploit.requirements = null
- // ["* req1", "* req2"]
- ScanExploit.result = null
- // shell, computer, number, null, file object
- ScanExploit.result_info = null
- // string with description why the exploit failed
- Scan = {}
- Scan.ip = null
- // string ip "17.233.32.41"
- Scan.port = null
- // int port 22
- Scan.metaxploit = null
- // include_lib metaxploit
- Scan.lib_path = null
- Scan.extra_param = null
- Scan.show_null = false
- Scan.lib_file = null
- Scan.net_session = null
- Scan.shell = get_shell
- Scan.computer = Scan.shell.host_computer
- Scan.meta_lib = null
- Scan.lib_name = null
- Scan.lib_version = null
- Scan.exploits = []
- Scan.init = function(ip, port)
- self.ip = ip
- self.port = port
- if self.ip != null then
- self.net_session = _or(self.metaxploit.net_use(self.ip, self.port), self.metaxploit.net_use(self.ip))
- else
- self.lib_file = self.computer.File(self.lib_path)
- end if
- end function
- Scan.execute = function()
- if self.lib_file != null then
- self.meta_lib = metaxploit.load(self.lib_file.path)
- else
- self.meta_lib = self.net_session.dump_lib
- end if
- self.lib_name = self.meta_lib.lib_name
- self.lib_version = self.meta_lib.version
- self.addresses = self.metaxploit.scan(self.meta_lib)
- // ["0x62AC77E1", "0x50D166E8", "0x611B6063", "0x1A9FD00C"]
-
- self.get_exploits
- end function
- Scan.get_exploits = function()
- get_values = function(address)
- exploits_text = self.metaxploit.scan_address(self.meta_lib, address)
- exploits_values = mem_scan_exploits(exploits_text)
- return [address, exploits_values]
- end function
- self.exploits = map(self.addresses, @get_values)
// [[0x611B6063, [[applyund, [* req1, * req2]], ...], ...], ...]- // [0x611B6063, [[applyund, [* req1, * req2]], ...], ...], ...}]
-
- result = []
-
- for exploit_values in self.exploits
print(exploit_values)- for value in exploit_values[1]
- exploit = new ScanExploit
- exploit.address = exploit_values[0]
- exploit.value = value[0]
- exploit.requirements = value[1]
- result.push(exploit)
- end for
return exploit- //return exploit
- end for
self.exploits = []- return result
- //self.exploits = []
- end function