Grey Repo

Files

cli.src libs/nmap.src libs/scan.src libs/machine.src

cli.src

import_code("/home/me/h/libs/list.src") // exports Lst
~~import_code("/home/me/h/libs/disk.src") // exports Disk~~
~~import_code("/home/me/h/libs/nmap.src") // exports Nmap~~
import_code("/home/me/h/libs/disk.src") // exports Disk, Block
import_code("/home/me/h/libs/nmap.src") // exports Nmap, Service
import_code("/home/me/h/libs/scan.src") // exports Scan
import_code("/home/me/h/libs/machine.src") // exports Machine, MachineService, depends on Lst, Scan, Nmap
~~Disk.init("/home/me/h/disks", "passwords")~~
~~// this will get more complicated later on, i want to choose a port that i have the most change of getting in~~
// so i can check a database of exploits see or see the local ip with most ports open etc
~~pick_a_service = function(nmap)~~
~~if nmap.len == 1 then return nmap[0]~~
~~if nmap.len == 0 then return null~~
Machine.metaxploit = include_lib("/lib/metaxploit.so")
Scan.metaxploit = include_lib("/lib/metaxploit.so")
~~with_smallest_version = nmap[0]~~
~~for service in nmap[1:]~~
~~if Nmap.service_version_to_int(service) < Nmap.service_version_to_int(with_smallest_version) then~~
~~with_smallest_version = service~~
~~end if~~
~~end for~~
~~return with_smallest_version~~
~~end function~~
Disk.init("/home/me/h/disks", "passwords")
Vega = {}
Vega.vega_sig = {}
Vega.vega_sig["description"] = "auto hacking tool"
~~Vega.vega_sig["args"] = ["ip*", "port"]~~
Vega.vega_sig["args"] = ["ip*"]
Vega.vega_sig["options"] = [{["-v", "--verbose"]: "print more logs"}]
Vega.vega = function(args = [], options = {})
//TODO: check if ip is valid
ip = args[0]
~~port = args[1]~~
has_verbose = options["-v"]
~~Nmap.init(ip)~~
~~nmap = Nmap.ports~~
~~if (not port) then port = pick_a_service(nmap).port~~
~~if (typeof(port) == "string") then port = port.to_int~~
~~f = function(o)~~
~~return o.port == port~~
~~end function~~
~~service = Lst.find(nmap, @f)~~
~~print(port)~~
~~print(service)~~
~~Scan.metaxploit = include_lib("/lib/metaxploit.so")~~
Scan.init(ip, port)
~~Scan.execute~~
machine = new Machine
machine.init(ip)
~~print(Scan.get_exploits)~~
machine.most_vulnerable_service.set_exploits
print(machine.most_vulnerable_service.exploits)
end function
~~import_code("/home/me/h/libs/thor.src") //depends on listlib, exports Thor~~
import_code("/home/me/h/libs/thor.src") //depends on Lst, exports Thor
Thor.init(Vega, "vega")

libs/nmap.src

map = function(list, func)
result = list[0:] //list copy.
for i in indexes(list)
result[i] = func(result[i])
end for
return result
end function
Service = {}
// port : port number
// state : closed or open
// lan_ip
// info : service name and version
// port_obj : port obj
// version_to_int : int of 3 digits
Service.init = function(nmap, port)
self.nmap = nmap
self.port_obj = port
self.port = self.port_obj.port_number
self.status = "open"
if(self.port_obj.is_closed and not self.nmap.is_lan) then
self.status = "closed"
end if
self.info = self.nmap.router.port_info(self.port_obj)
self.lan_ip = self.port_obj.get_lan_ip
self.version_to_int = self.info.split(" ")[1].split(".").join("").to_int
end function
Service.inspect = function()
return {"port": self.port, "status": self.status, "lan_ip": self.lan_ip, "info": info}
end function
Nmap = {}
Nmap.init = function(ip)
self.ip = ip
if not is_valid_ip(self.ip) then exit("nmap: invalid ip address")
self.is_lan = is_lan_ip(self.ip)
~~self.set_router()~~
~~self.set_ports()~~
self.set_router
self.set_ports
self.set_services
end function
Nmap.set_router = function()
if self.is_lan then
self.router = get_router;
else
self.router = get_router(self.ip)
end if
if self.router == null then exit("nmap: ip address not found")
end function
Nmap.set_ports = function()
if not self.is_lan then
self.ports = self.router.used_ports
else
self.ports = self.router.device_ports(self.ip)
end if
if self.ports == null then exit("nmap: ip address not found")
if typeof(self.ports) == "string" then exit(self.ports)
~~self.format_ports()~~
end function
~~Nmap.format_ports = function()~~
~~port_to_map = function(port)~~
~~service_info = self.router.port_info(port)~~
~~lan_ip = port.get_lan_ip~~
~~port_status = "open"~~
if(port.is_closed and not self.is_lan) then
~~port_status = "closed"~~
~~end if~~
~~return {"port": port.port_number, "state": port_status, "service": service_info, "lan_ip": lan_ip, "obj": port}~~
Nmap.set_services = function()
port_to_service = function(port)
service = new Service
service.init(self, port)
return service
end function
~~self.ports = map(self.ports, @port_to_map)~~
~~end function~~
Nmap.service_version_to_int = function(service)
~~return service.service.split(" ")[1].split(".").join("").to_int~~
~~end function~~
self.services = map(self.ports, @port_to_service)
end function

libs/scan.src

map = function(list, func)
result = list[0:] //list copy.
for i in indexes(list)
result[i] = func(result[i])
end for
return result
end function
_or = function(value1, value2)
if value1 == null or value1 == false then
return value2
end if
return value1
end function
// converts scan_address output to a list easier to process
// usage example:
// mem_scan = metaxploit.scan_address(metaLib, entry)
// mem_scan = mem_scan_exploits(mem_scan)
mem_scan_exploits = function(mem_scan)
ex_list = []
while true
ex_mark = mem_scan.indexOf("<b>")
if ex_mark == null then break
// get exploit value
ex_mark_end = mem_scan.indexOf("</b>")
value = slice(mem_scan, ex_mark+3, ex_mark_end)
// get requirements
mem_scan = mem_scan[ex_mark_end+5:]
mem_scan = mem_scan[mem_scan.indexOf(".")+1:]
mem_scan_lines = mem_scan.split(char(10))[1:]
if mem_scan_lines[0].indexOf("*") != null then
req = mem_scan_lines[:mem_scan_lines.indexOf("")]
else
req = []
end if
if req.len >= 1 then
mem_scan = mem_scan[mem_scan.indexOf(req[-1])+req[-1].len+1:]
end if
exploit = [value, req]
//["exploit_name": ["requirement", "requirement"]]
ex_list.push(exploit)
end while
return ex_list
//[
// {"exploit_name": ["requirement", "requirement"]},
// {"exploit_name": ["requirement", "requirement"]}
//]
end function
ScanExploit = {}
// ScanExploit.address : "0x62AC77E1"
// ScanExploit.value : "applyund"
// ScanExploit.requirements : ["* req1", "* req2"]
// ScanExploit.result :shell, computer, number, null, file object
// ScanExploit.result_info : string with description why the exploit failed
ScanExploit.init = function(options)
self.address = options.address
self.value = options.value
self.requirements = options.requirements
end function
~~ScanExploit.address = null~~
~~// "0x62AC77E1"~~
~~ScanExploit.value = null~~
~~// "applyund"~~
~~ScanExploit.requirements = null~~
~~// ["* req1", "* req2"]~~
ScanExploit.result = null
~~// shell, computer, number, null, file object~~
ScanExploit.result_info = null
// string with description why the exploit failed
ScanExploit.get_result = function()
try_exploit(entry, exploit[0])
end function
Scan = {}
~~Scan.ip = null~~
~~// string ip "17.233.32.41"~~
~~Scan.port = null~~
~~// int port 22~~
Scan.metaxploit = null
// include_lib metaxploit
Scan.lib_path = null
Scan.extra_param = null
Scan.show_null = false
Scan.lib_file = null
Scan.net_session = null
Scan.shell = get_shell
Scan.computer = Scan.shell.host_computer
Scan.meta_lib = null
Scan.lib_name = null
Scan.lib_version = null
Scan.exploits = []
// ip "17.233.32.41", port 22
Scan.init = function(ip, port)
self.ip = ip
self.port = port
if self.ip != null then
self.net_session = _or(self.metaxploit.net_use(self.ip, self.port), self.metaxploit.net_use(self.ip))
else
self.lib_file = self.computer.File(self.lib_path)
end if
end function
Scan.execute = function()
if self.lib_file != null then
self.meta_lib = metaxploit.load(self.lib_file.path)
else
self.meta_lib = self.net_session.dump_lib
end if
self.lib_name = self.meta_lib.lib_name
self.lib_version = self.meta_lib.version
self.addresses = self.metaxploit.scan(self.meta_lib)
// ["0x62AC77E1", "0x50D166E8", "0x611B6063", "0x1A9FD00C"]
self.get_exploits
end function
Scan.get_exploits = function()
get_values = function(address)
exploits_text = self.metaxploit.scan_address(self.meta_lib, address)
exploits_values = mem_scan_exploits(exploits_text)
return [address, exploits_values]
end function
self.exploits = map(self.addresses, @get_values)
// [0x611B6063, [[applyund, [* req1, * req2]], ...], ...], ...}]
result = []
for exploit_values in self.exploits
for value in exploit_values[1]
exploit = new ScanExploit
~~exploit.address = exploit_values[0]~~
exploit.value = value[0]
exploit.requirements = value[1]
exploit.init({"address": exploit_values[0], "value": value[0], "requirements": value[1]})
result.push(exploit)
end for
~~//return exploit~~
end for
return result
//self.exploits = []
end function

libs/machine.src

~~Machine = {}~~
~~Machine.metaxploit = null //required~~
~~MachineServices = {}~~
~~MachineServices.set_exploits = function()~~
~~self.scan = new Scan~~
~~self.scan.init(self.nmap.ip, self.port)~~
~~self.scan.execute~~
~~self.exploits = self.scan.get_exploits~~
~~end function~~
~~Machine.init = function(ip)~~
~~self.ip = ip~~
~~self.set_services~~
~~end function~~
~~Machine.set_services = function()~~
~~self.nmap = new Nmap~~
~~self.nmap.init(self.ip)~~
~~self.services = self.nmap.services~~
~~for i in self.services.indexes~~
~~self.services[i].set_exploits = @MachineServices.set_exploits~~
~~end for~~
~~end function~~
~~// this will get more complicated later on, i want to choose a port that i have the most change of getting in~~
~~// so i can check a database of exploits see or see the local ip with most ports open etc~~
~~Machine.most_vulnerable_service = function()~~
~~if self.services.len == 1 then return self.services[0]~~
~~if self.services.len == 0 then return null~~
~~with_smallest_version = self.services[0]~~
~~for service in self.services[1:]~~
~~if service.version_to_int < with_smallest_version.version_to_int then~~
~~with_smallest_version = service~~
~~end if~~
~~end for~~
~~return with_smallest_version~~
~~end function~~