diff --git a/CHANGELOG.md b/CHANGELOG.md index 2d2b4efe..c1c2be92 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,34 @@ # Changelog +### Nuevas características + +### Otros + + * * feat(feat): new commands documented at COMMANDS.md, new rootkit named LazyHyde, new malware, nad much much more \n\n Version: release/0.2.25 \n\n demo here: https://www.youtube.com/watch?v=SZuJ4Iu1HgU \n\n Modified file(s):\n- README.md - UTILS.md - docs/README.html - docs/UTILS.html - docs/index.html\n LazyOwn on HackTheBox: https://app.hackthebox.com/teams/overview/6429 \n\n LazyOwn/ https://grisuno.github.io/LazyOwn/ \n\n \n\n Fecha: Sun Dec 22 19:31:07 2024 -0800 \n\n Hora: 1734924667 + + +### Otros + +### Otros + + * * Merge pull request #77 from grisuno/dev6 + + +### Otros + +### Otros + + * * new ring 3 rootkit, 3 new listeners go python and c, infect pid with shellcode, new style of c2, download_c2 and upload_c2 and much much more + + +### Otros + +### Otros + + * * new ring 3 rootkit, 3 new listeners go python and c, infect pid with shellcode, new style of c2, download_c2 and upload_c2 and much much more + + ### Correcciones urgentes ### Otros diff --git a/LAZYOWN.md b/LAZYOWN.md new file mode 100644 index 00000000..d32f896a --- /dev/null +++ b/LAZYOWN.md @@ -0,0 +1,8793 @@ +# LAZYOWN.md Documentation by readmeneitor.py + +## __init__ +Initializer for the LazyOwnShell class. + +This method sets up the initial parameters and scripts for an instance of +the LazyOwnShell class. It initializes a dictionary of parameters with default +values and a list of script names that are part of the LazyOwnShell toolkit. + +Attributes: + params (dict): A dictionary of parameters with their default values. + scripts (list): A list of script names included in the toolkit. + output (str): An empty string to store output or results. + +## log_command +Logs the command execution details to a CSV file. + +:param cmd_name: The name of the command. +:param cmd_args: The arguments of the command. + +## default +Handles undefined commands, including aliases. + +This method checks if a given command (or its alias) exists within the class +by attempting to find a corresponding method. If the command or alias is not +found, it prints an error message. + +:param line: The command or alias to be handled. +:type line: str +:return: None + +## logcsv +No description available. + +## cmd +Internal function to execute commands. + +This method attempts to execute a given command using `os.system` and captures +the output. It sets the `output` attribute based on whether the command was +executed successfully or an exception occurred. And feedback the red operation report. + +:param command: The command to be executed. +:type command: str +:return: None. +:rtype: str + +## one_cmd +Internal function to execute commands. + +This method attempts to execute a given command using `onecmd` and captures +the output. It sets the `output` attribute based on whether the command was +executed successfully or an exception occurred. + +:param command: The command to be executed. +:type command: str +:return: A message indicating the result of the command execution. +:rtype: str + +## emptyline +Handle the case where the user enters an empty line. + +This method is called when the user submits an empty line of input in +the command-line interface. By default, it provides feedback indicating +that no command was entered. + +It is useful for providing user-friendly messages or handling empty input +cases in a custom manner. + +License: This function is part of a program released under the GNU General +Public License v3.0 (GPLv3). You can redistribute it and/or modify it +under the terms of the GPLv3, as published by the Free Software Foundation. + +Note: This method is called by the cmd library when an empty line is +entered. You can override it in a subclass to change its behavior. + +Example: + >>> shell = LazyOwnShell() + >>> shell.emptyline() + You didn't enter any command. + +## EOF +Handle the end-of-file (EOF) condition. + +This method is called when the user sends an end-of-file (EOF) signal +by pressing Ctrl+D. It is typically used to handle cleanup or exit +operations when the user terminates input. + +In this implementation, it prints a farewell message and returns True +to indicate that the shell should exit. + +License: This function is part of a program released under the GNU General +Public License v3.0 (GPLv3). You can redistribute it and/or modify it +under the terms of the GPLv3, as published by the Free Software Foundation. + +Note: This method is a part of the `cmd` library's command handling +system. You can override it in a subclass to customize its behavior. + +Example: + >>> shell = LazyOwnShell() + >>> shell.do_EOF(None) + LazyOwn say Goodbye! + (shell exits) + +## postloop +Handle operations to perform after exiting the command loop. + +This method is called after the command loop terminates, typically used +for performing any final cleanup or displaying messages before the program +exits. + +In this implementation, it prints a message indicating that the custom +shell is exiting. + +License: This function is part of a program released under the GNU General +Public License v3.0 (GPLv3). You can redistribute it and/or modify it +under the terms of the GPLv3, as published by the Free Software Foundation. + +Note: This method is called automatically by the `cmd` library's command +loop after the loop terminates. You can override it in a subclass to +customize its behavior. + +Example: + >>> shell = LazyOwnShell() + >>> shell.cmdloop() # Exits the command loop + GoodBye LazyOwner + +## assign +assign a parameter value. + +This function takes a line of input, splits it into a parameter and a value, +and assign the specified parameter to the given value if the parameter exists. + +:param line: A string containing the parameter and value to be set. + Expected format: ' '. +:type line: str +:return: None +:raises: ValueError if the input line does not contain exactly two elements. + +## show +Show the current parameter values. + +This function iterates through the current parameters and their values, +printing each parameter and its associated value. + +:param line: This parameter is not used in the function. +:type line: str +:return: None + +## list +Lists all available scripts in the modules directory. + +This method prints a list of available scripts in a formatted manner, arranging +them into columns. It shows each script with sufficient spacing for readability. + +:param line: This parameter is not used in the method. +:type line: str +:return: None + +## run +Runs a specific LazyOwn script. + +This method executes a script from the LazyOwn toolkit based on the provided +script name. If the script is not recognized, it prints an error message. +To see available scripts, use the `list` or `help list` commands. + +:param line: The command line input containing the script name. +:type line: str +:return: None + +## lazysearch +Runs the internal module `modules/lazysearch.py`. + +This method executes the `lazysearch` script from the specified path, using +the `binary_name` parameter from the `self.params` dictionary. If `binary_name` +is not set, it prints an error message. + +:return: None + +## lazysearch_gui +Run the internal module located at `modules/LazyOwnExplorer.py`. + +This method executes the `LazyOwnExplorer.py` script, which is used for graphical user interface (GUI) functionality within the LazyOwn framework. + +The function performs the following steps: + +1. Calls `self.run_script` with `LazyOwnExplorer.py` to execute the GUI module. + +:returns: None + +Manual execution: +1. Ensure that the `modules/LazyOwnExplorer.py` script is present in the `modules` directory. +2. Run the script with: + `python3 modules/LazyOwnExplorer.py` + +Example: + To run `LazyOwnExplorer.py` directly, execute: + `python3 modules/LazyOwnExplorer.py` + +Note: + - Ensure that the script has the appropriate permissions and dependencies to run. + - Verify that your environment supports GUI operations if using this script in a non-graphical environment. + +## lazyown +Run the internal module located at `modules/lazyown.py`. + +This method executes the `lazyown.py` script, which is a core component of the LazyOwn framework. + +The function performs the following steps: + +1. Calls `self.run_script` with `lazyown.py` to execute the script. + +:returns: None + +Manual execution: +1. Ensure that the `modules/lazyown.py` script is present in the `modules` directory. +2. Run the script with: + `python3 modules/lazyown.py` + +Example: + To run `lazyown.py` directly, execute: + `python3 modules/lazyown.py` + +Note: + - Ensure that the script has the appropriate permissions and dependencies to run. + +## update_db +Run the internal module located at `modules/update_db.sh`. + +This method executes the `update_db.sh` script to update the database of binary exploitables from `gtofbins`. + +The function performs the following steps: + +1. Executes the `update_db.sh` script located in the `modules` directory using `os.system`. + +:returns: None + +Manual execution: +1. Ensure that the `modules/update_db.sh` script is present in the `modules` directory. +2. Run the script with: + `./modules/update_db.sh` + +Example: + To manually update the database, execute: + `./modules/update_db.sh` + +Note: + - Ensure that the script has execute permissions. + - The script should be run with the necessary privileges if required. + +## lazynmap +Runs the internal module `modules/lazynmap.sh` for multiple Nmap scans. + +This method executes the `lazynmap` script, using the current working directory +and the `rhost` parameter from the `self.params` dictionary as the target IP. +If `rhost` is not set, it prints an error message. + +:return: None + +## batchnmap +Runs the internal module `modules/lazynmap.sh` for multiple Nmap scans. + +This method executes the `lazynmap` script, using the current working directory +and the `rhost` parameter from the `self.params` dictionary as the target IP. +If `rhost` is not set, it prints an error message. + +:return: None + +## lazywerkzeugdebug +Run the internal module located at `modules/lazywerkzeug.py` in debug mode. + +This method executes the `lazywerkzeug.py` script with the specified parameters for remote and local hosts and ports. It is used to test Werkzeug in debug mode. + +The function performs the following steps: + +1. Retrieves the `rhost`, `lhost`, `rport`, and `lport` values from `self.params`. +2. Checks if all required parameters are set. If not, prints an error message and returns. +3. Calls `self.run_script` with `lazywerkzeug.py` and the specified parameters. + +:param rhost: The remote host address. +:type rhost: str + +:param lhost: The local host address. +:type lhost: str + +:param rport: The remote port number. +:type rport: int + +:param lport: The local port number. +:type lport: int + +:returns: None + +Manual execution: +1. Ensure that `rhost`, `lhost`, `rport`, and `lport` are assign in `self.params`. +2. The script `modules/lazywerkzeug.py` should be present in the `modules` directory. +3. Run the script with: + `python3 modules/lazywerkzeug.py ` + +Example: + To run `lazywerkzeug.py` with `rhost` assign to `"127.0.0.1"`, `rport` to `5000`, `lhost` to `"localhost"`, and `lport` to `8000`, set: + `self.params["rhost"] = "127.0.0.1"` + `self.params["rport"] = 5000` + `self.params["lhost"] = "localhost"` + `self.params["lport"] = 8000` + Then call: + `run_lazywerkzeugdebug()` + +Note: + - Ensure that `modules/lazywerkzeug.py` has the appropriate permissions and dependencies to run. + - Verify that the specified hosts and ports are correct and available. + +## lazygath +Run the internal module located at `modules/lazygat.sh`. to gathering the sistem :) + +This method executes the `lazygat.sh` script located in the `modules` directory with `sudo` privileges. + +The function performs the following steps: + +1. Retrieves the current working directory. +2. Executes the `lazygat.sh` script using `sudo` to ensure it runs with elevated permissions. + +:returns: None + +Manual execution: +1. Ensure that the `modules/lazygat.sh` script is present in the `modules` directory. +2. Run the script with: + `sudo ./modules/lazygat.sh` + +Example: + To manually run the script with elevated privileges, execute: + `sudo ./modules/lazygat.sh` + +Note: + - Ensure that the script has execute permissions. + - The script should be run with `sudo` if it requires elevated privileges. + +## lazynmapdiscovery +Runs the internal module `modules/lazynmap.sh` with discovery mode. + +This method executes the `lazynmap` script in discovery mode. It uses the current +working directory for locating the script. + +:return: None + +## lazysniff +Run the sniffer internal module located at `modules/lazysniff.py` with the specified parameters. + +This method executes the script with the following arguments: + +- `device`: The network interface to be used for sniffing, specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the `device` value from `self.params`. +2. Sets up the environment variables `LANG` and `TERM` to ensure proper script execution. +3. Uses `subprocess.run` to execute the `lazysniff.py` script with the `-i` option to specify the network interface. + +:param device: The network interface to be used for sniffing. +:type device: str + +:returns: None + +Manual execution: +1. Ensure that `device` is assign in `self.params`. +2. The script `modules/lazysniff.py` should be present in the `modules` directory. +3. Run the script with: + `python3 modules/lazysniff.py -i ` + +Example: + To run `lazysniff` with `device` assign to `"eth0"`, set: + `self.params["device"] = "eth0"` + Then call: + `run_lazysniff()` + +Note: + - Ensure that `modules/lazysniff.py` has the appropriate permissions and dependencies to run. + - Ensure that the network interface specified is valid and properly configured. + +## lazyftpsniff +Run the sniffer ftp internal module located at `modules/lazyftpsniff.py` with the specified parameters. + +This function executes the script with the following arguments: + +- `device`: The network interface to be used for sniffing, specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the `device` value from `self.params`. +2. Sets up the environment variables `LANG` and `TERM` to ensure proper script execution. +3. Uses `subprocess.run` to execute the `lazyftpsniff.py` script with the `-i` option to specify the network interface. + +:param device: The network interface to be used for sniffing. +:type device: str + +:returns: None + +Manual execution: +1. Ensure that `device` is assign in `self.params`. +2. The script `modules/lazyftpsniff.py` should be present in the `modules` directory. +3. Run the script with: + `python3 modules/lazyftpsniff.py -i ` + +Example: + To run `lazyftpsniff` with `device` assign to `"eth0"`, set: + `self.params["device"] = "eth0"` + Then call: + `run_lazyftpsniff()` + +Note: + - Ensure that `modules/lazyftpsniff.py` has the appropriate permissions and dependencies to run. + - Ensure that the network interface specified is valid and properly configured. + +## lazynetbios +Run the internal module to search netbios vuln victims, located at `modules/lazynetbios.py` with the specified parameters. + +This function executes the script with the following arguments: + +- `startip`: The starting IP address for the NetBIOS scan, specified in `self.params`. +- `endip`: The ending IP address for the NetBIOS scan, specified in `self.params`. +- `spoof_ip`: The IP address to be used for spoofing, specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the `startip`, `endip`, and `spoof_ip` values from `self.params`. +2. Uses `subprocess.run` to execute the `lazynetbios.py` script with the specified parameters. + +:param startip: The starting IP address for the NetBIOS scan. +:type startip: str + +:param endip: The ending IP address for the NetBIOS scan. +:type endip: str + +:param spoof_ip: The IP address to be used for spoofing. +:type spoof_ip: str + +:returns: None + +Manual execution: +1. Ensure that `startip`, `endip`, and `spoof_ip` are assign in `self.params`. +2. The script `modules/lazynetbios.py` should be present in the `modules` directory. +3. Run the script with: + `python3 modules/lazynetbios.py ` + +Example: + To run `lazynetbios` with `startip` assign to `"192.168.1.1"`, `endip` assign to `"192.168.1.10"`, and `spoof_ip` assign to `"192.168.1.100"`, assign: + `self.params["startip"] = "192.168.1.1"` + `self.params["endip"] = "192.168.1.10"` + `self.params["spoof_ip"] = "192.168.1.100"` + Then call: + `run_lazynetbios()` + +Note: + - Ensure that `modules/lazynetbios.py` has the appropriate permissions and dependencies to run. + - Ensure that the IP addresses are correctly set and valid for the NetBIOS scan. + +## lazyhoneypot +Run the internal module located at `modules/lazyhoneypot.py` with the specified parameters. + +This function executes the script with the following arguments: + +- `email_from`: The email address from which messages will be sent, specified in `self.params`. +- `email_to`: The recipient email address, specified in `self.params`. +- `email_username`: The username for email authentication, specified in `self.params`. +- `email_password`: The password for email authentication, specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the `email_from`, `email_to`, `email_username`, and `email_password` values from `self.params`. +2. Calls the `run_script` method to execute the `lazyhoneypot.py` script with the provided email parameters. + +:param email_from: The email address from which messages will be sent. +:type email_from: str + +:param email_to: The recipient email address. +:type email_to: str + +:param email_username: The username for email authentication. +:type email_username: str + +:param email_password: The password for email authentication. +:type email_password: str + +:returns: None + +Manual execution: +1. Ensure that `email_from`, `email_to`, `email_username`, and `email_password` are assign in `self.params`. +2. The script `modules/lazyhoneypot.py` should be present in the `modules` directory. +3. Run the script with: + `python3 modules/lazyhoneypot.py --email_from --email_to --email_username --email_password ` + +Example: + To run `lazyhoneypot` with `email_from` assign to `"sender@example.com"`, `email_to` assign to `"recipient@example.com"`, `email_username` assign to `"user"`, and `email_password` assign to `"pass"`, set: + `self.params["email_from"] = "sender@example.com"` + `self.params["email_to"] = "recipient@example.com"` + `self.params["email_username"] = "user"` + `self.params["email_password"] = "pass"` + Then call: + `run_lazyhoneypot()` + +Note: + - Ensure that `modules/lazyhoneypot.py` has the appropriate permissions and dependencies to run. + - Ensure that the email credentials are correctly set for successful authentication and operation. + +## gpt +Run the internal module to create Oneliners with Groq AI located at `modules/lazygptcli.py` with the specified parameters. + +This function executes the script with the following arguments: + +- `prompt`: The prompt to be used by the script, specified in `self.params`. +- `api_key`: The API key to be assign in the environment variable `GROQ_API_KEY`, specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the `prompt` and `api_key` values from `self.params`. +2. Checks if both `prompt` and `api_key` are assign. If either is missing, it prints an error message and returns. +3. Sets the environment variable `GROQ_API_KEY` with the provided `api_key`. +4. Calls the `run_script` method to execute the `lazygptcli.py` script with the `--prompt` argument. + +:param prompt: The prompt to be used by the script. +:type prompt: str + +:param api_key: The API key for accessing the service. +:type api_key: str + +:returns: None + +Manual execution: +1. Ensure that `prompt` and `api_key` are assign in `self.params`. +2. The script `modules/lazygptcli.py` should be present in the `modules` directory. +3. assign the environment variable `GROQ_API_KEY` with the API key value. +4. Run the script with: + `python3 modules/lazygptcli.py --prompt ` + +Example: + To run `lazygptcli` with `prompt` assign to `"Your prompt"` and `api_key` assign to `"your_api_key"`, set: + `self.params["prompt"] = "Your prompt"` + `self.params["api_key"] = "your_api_key"` + Then call: + `run_lazygptcli()` + +Note: + - Ensure that `modules/lazygptcli.py` has the appropriate permissions and dependencies to run. + - The environment variable `GROQ_API_KEY` must be correctly assign for the script to function. + +## lazysearch_bot +Run the internal module GROQ AI located at `modules/lazysearch_bot.py` with the specified parameters. + +This function executes the script with the following arguments: + +- `prompt`: The prompt to be used by the script, specified in `self.params`. +- `api_key`: The API key to be assign in the environment variable `GROQ_API_KEY`, specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the `prompt` and `api_key` values from `self.params`. +2. Checks if both `prompt` and `api_key` are assign. If either is missing, it prints an error message and returns. +3. Sets the environment variable `GROQ_API_KEY` with the provided `api_key`. +4. Calls the `run_script` method to execute the `lazysearch_bot.py` script with the `--prompt` argument. + +:param prompt: The prompt to be used by the script. +:type prompt: str + +:param api_key: The API key for accessing the service. +:type api_key: str + +:returns: None + +Manual execution: +1. Ensure that `prompt` and `api_key` are assign in `self.params`. +2. The script `modules/lazysearch_bot.py` should be present in the `modules` directory. +3. Set the environment variable `GROQ_API_KEY` with the API key value. +4. Run the script with: + `python3 modules/lazysearch_bot.py --prompt ` + +Example: + To run `lazysearch_bot` with `prompt` assign to `"Search query"` and `api_key` assign to `"your_api_key"`, assign: + `self.params["prompt"] = "Search query"` + `self.params["api_key"] = "your_api_key"` + Then call: + `run_lazysearch_bot()` + +Note: + - Ensure that `modules/lazysearch_bot.py` has the appropriate permissions and dependencies to run. + - The environment variable `GROQ_API_KEY` must be correctly assign for the script to function. + +## lazymetaextract0r +Run the Metadata extractor internal module located at `modules/lazyown_metaextract0r.py` with the specified parameters. + +This function executes the script with the following arguments: + +- `path`: The file path to be processed by the script, specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the value for `path` from `self.params`. +2. Checks if the `path` parameter is assign. If not, it prints an error message and returns. +3. Calls the `run_script` method to execute the `lazyown_metaextract0r.py` script with the appropriate argument. + +:param path: The file path to be processed by the script. +:type path: str + +:returns: None + +Manual execution: +1. Ensure that `path` is assign in `self.params`. +2. The script `modules/lazyown_metaextract0r.py` should be present in the `modules` directory. +3. Run the script with: + `python3 modules/lazyown_metaextract0r.py --path ` + +Example: + To run `lazyown_metaextract0r` with `path` assign to `/home/user/file.txt`, set: + `self.params["path"] = "/home/user/file.txt"` + Then call: + `run_lazymetaextract0r()` + +Note: + - Ensure that `modules/lazyown_metaextract0r.py` has the appropriate permissions and dependencies to run. + +## lazyownratcli +Run the internal module located at `modules/lazyownclient.py` with the specified parameters. + +This function executes the script with the following arguments: + +- `lhost`: The IP address of the local host, specified in `self.params`. +- `lport`: The port number of the local host, specified in `self.params`. +- `rat_key`: The RAT key, specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the values for `lhost`, `lport`, and `rat_key` from `self.params`. +2. Checks if all required parameters (`lhost`, `lport`, and `rat_key`) are set. If any are missing, it prints an error message and returns. +3. Calls the `run_script` method to execute the `lazyownclient.py` script with the appropriate arguments. + +:param lhost: The IP address of the local host. +:type lhost: str +:param lport: The port number of the local host. +:type lport: int +:param rat_key: The RAT key. +:type rat_key: str + +:returns: None + +Manual execution: +1. Ensure that `lhost`, `lport`, and `rat_key` are assign in `self.params`. +2. The script `modules/lazyownclient.py` should be present in the `modules` directory. +3. Run the script with: + `python3 modules/lazyownclient.py --host --port --key ` + +Example: + To run `lazyownclient` with `lhost` assign to `192.168.1.10`, `lport` assign to `8080`, and `rat_key` assign to `my_secret_key`, set: + `self.params["lhost"] = "192.168.1.10"` + `self.params["lport"] = 8080` + `self.params["rat_key"] = "my_secret_key"` + Then call: + `run_lazyownratcli()` + +Note: + - Ensure that `modules/lazyownclient.py` has the appropriate permissions and dependencies to run. + +## lazyownrat +Run the internal module located at `modules/lazyownserver.py` with the specified parameters. + +This function executes the script with the following arguments: + +- `rhost`: The IP address of the remote host, specified in `self.params`. +- `rport`: The port number of the remote host, specified in `self.params`. +- `rat_key`: The RAT key, specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the values for `rhost`, `rport`, and `rat_key` from `self.params`. +2. Checks if all required parameters (`rhost`, `rport`, and `rat_key`) are set. If any are missing, it prints an error message and returns. +3. Calls the `run_script` method to execute the `lazyownserver.py` script with the appropriate arguments. + +:param rhost: The IP address of the remote host. +:type rhost: str +:param rport: The port number of the remote host. +:type rport: int +:param rat_key: The RAT key. +:type rat_key: str + +:returns: None + +Manual execution: +1. Ensure that `rhost`, `rport`, and `rat_key` are assign in `self.params`. +2. The script `modules/lazyownserver.py` should be present in the `modules` directory. +3. Run the script with: + `python3 modules/lazyownserver.py --host --port --key ` + +Example: + To run `lazyownserver` with `rhost` set to `192.168.1.10`, `rport` assign to `8080`, and `rat_key` assign to `my_secret_key`, set: + `self.params["rhost"] = "192.168.1.10"` + `self.params["rport"] = 8080` + `self.params["rat_key"] = "my_secret_key"` + Then call: + `run_lazyownrat()` + +Note: + - Ensure that `modules/lazyownserver.py` has the appropriate permissions and dependencies to run. + +## lazybotnet +Run the internal module located at `modules/lazybotnet.py` with the specified parameters. + +This function executes the script with the following arguments: + +- `rhost`: The IP address of the remote host, hardcoded to "0.0.0.0". +- `rport`: The port number of the remote host, specified in `self.params`. +- `rat_key`: The RAT key, specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the values for `rport` and `rat_key` from `self.params`. The `rhost` is hardcoded to "0.0.0.0". +2. Checks if all required parameters (`rport` and `rat_key`) are set. If any are missing, it prints an error message and returns. +3. Calls the `run_script` method to execute the `lazybotnet.py` script with the appropriate arguments. + +:param rport: The port number of the remote host. +:type rport: int +:param rat_key: The RAT key. +:type rat_key: str + +:returns: None + +Manual execution: +1. Ensure that `rport` and `rat_key` are assign in `self.params`. +2. The script `modules/lazybotnet.py` should be present in the `modules` directory. +3. Run the script with: + `python3 modules/lazybotnet.py --host --port --key ` + +Example: + To run `lazybotnet` with `rport` assign to `1234` and `rat_key` assign to `my_key`, assign: + `self.params["rport"] = 1234` + `self.params["rat_key"] = "my_key"` + Then call: + `run_lazybotnet()` + +Note: + - Ensure that `modules/lazybotnet.py` has the appropriate permissions and dependencies to run. + +## lazylfi2rce +Run the internal module located at `modules/lazylfi2rce.py` with the specified parameters. + +This function executes the script with the following arguments: + +- `rhost`: The IP address of the remote host, specified in `self.params`. +- `rport`: The port number of the remote host, specified in `self.params`. +- `lhost`: The IP address of the local host, specified in `self.params`. +- `lport`: The port number of the local host, specified in `self.params`. +- `field`: The field name for the LFI (Local File Inclusion) attack, specified in `self.params`. +- `wordlist`: The path to the wordlist file used for the attack, specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the values for `rhost`, `rport`, `lhost`, `lport`, `field`, and `wordlist` from `self.params`. +2. Checks if all required parameters are set. If any are missing, it prints an error message and returns. +3. Calls the `run_script` method to execute the `lazylfi2rce.py` script with the appropriate arguments. + +:param rhost: The IP address of the remote host. +:type rhost: str +:param rport: The port number of the remote host. +:type rport: int +:param lhost: The IP address of the local host. +:type lhost: str +:param lport: The port number of the local host. +:type lport: int +:param field: The field name for the LFI attack. +:type field: str +:param wordlist: The path to the wordlist file. +:type wordlist: str + +:returns: None + +Manual execution: +1. Ensure that `rhost`, `rport`, `lhost`, `lport`, `field`, and `wordlist` are assign in `self.params`. +2. The script `modules/lazylfi2rce.py` should be present in the `modules` directory. +3. Run the script with: + `python3 modules/lazylfi2rce.py --rhost --rport --lhost --lport --field --wordlist ` + +Example: + To run the lazylfi2rce with `rhost` assign to `192.168.1.1`, `rport` assign to `80`, `lhost` assign to `192.168.1.2`, `lport` assign to `8080`, `field` assign to `file`, and `wordlist` assign to `path/to/wordlist.txt`, set: + `self.params["rhost"] = "192.168.1.1"` + `self.params["rport"] = 80` + `self.params["lhost"] = "192.168.1.2"` + `self.params["lport"] = 8080` + `self.params["field"] = "file"` + `self.params["wordlist"] = "path/to/wordlist.txt"` + Then call: + `run_lazylfi2rce()` + +Note: + - Ensure that `modules/lazylfi2rce.py` has the appropriate permissions and dependencies to run. + +## lazylogpoisoning +Run the internal module located at `modules/lazylogpoisoning.py` with the specified parameters. + +This function executes the script with the following arguments: + +- `rhost`: The IP address of the remote host, specified in `self.params`. +- `lhost`: The IP address of the local host, specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the values for `rhost` and `lhost` from `self.params`. +2. Checks if the required parameters `rhost` and `lhost` are assign. If not, it prints an error message and returns. +3. Calls the `run_script` method to execute the `lazylogpoisoning.py` script with the appropriate arguments. + +:param rhost: The IP address of the remote host. Must be assign in `self.params`. +:type rhost: str +:param lhost: The IP address of the local host. Must be assign in `self.params`. +:type lhost: str + +:returns: None + +Manual execution: +1. Ensure that `rhost` and `lhost` are assign in `self.params`. +2. The script `modules/lazylogpoisoning.py` should be present in the `modules` directory. +3. Run the script with: + `python3 modules/lazylogpoisoning.py --rhost --lhost ` + +Example: + To run the lazylogpoisoning with `rhost` assign to `192.168.1.1` and `lhost` assign to `192.168.1.2`, set: + `self.params["rhost"] = "192.168.1.1"` + `self.params["lhost"] = "192.168.1.2"` + Then call: + `run_lazylogpoisoning()` + +Note: + - Ensure that `modules/lazylogpoisoning.py` has the appropriate permissions and dependencies to run. + +## lazybotcli +Run the internal module located at `modules/lazybotcli.py` with the specified parameters. + +This function executes the script with the following arguments: + +- `rhost`: The IP address of the remote host (default is `"0.0.0.0"`). +- `rport`: The port number to be used, specified in `self.params`. +- `rat_key`: The key for the Remote Access Tool (RAT), specified in `self.params`. + +The function performs the following steps: + +1. Retrieves the values for `rport` and `rat_key` from `self.params`. +2. Checks if the required parameters `rport` and `rat_key` are assign. If not, it prints an error message and returns. +3. Calls the `run_script` method to execute the `lazybotcli.py` script with the appropriate arguments. + +:param rport: The port number for the connection. Must be assign in `self.params`. +:type rport: int +:param rat_key: The key for the RAT. Must be assign in `self.params`. +:type rat_key: str + +:returns: None + +Manual execution: +1. Ensure that `rport` and `rat_key` are assign in `self.params`. +2. The script `modules/lazybotcli.py` should be present in the `modules` directory. +3. Run the script with: + `python3 modules/lazybotcli.py --host 0.0.0.0 --port --key ` + +Example: + To run the lazybotcli with port `12345` and key `mysecretkey`, set: + `self.params["rport"] = 12345` + `self.params["rat_key"] = "mysecretkey"` + Then call: + `run_lazybotcli()` + +Note: + - Ensure that `modules/lazybotcli.py` has the appropriate permissions and dependencies to run. + +## lazyssh77enum +Run the internal module located at `modules/lazybrutesshuserenum.py` with the specified parameters. ONLY valid for 7.x Version !!! + +The script will be executed with the following arguments: + +- `wordlist`: The path to the wordlist file containing potential usernames for SSH enumeration. +- `rhost`: The target IP address or hostname for SSH enumeration. + +The function performs the following steps: + +1. Retrieves the values for `wordlist` and `rhost` from `self.params`. +2. Prints a warning message about the potential inaccuracy of the results. +3. Constructs the command to run the `lazybrutesshuserenum.sh` script with the specified arguments. +4. Executes the command using the `os.system` method. + +:param wordlist: The path to the wordlist file for username enumeration. Must be assign in `self.params`. +:type wordlist: str +:param rhost: The target IP address or hostname for SSH enumeration. Must be assign in `self.params`. +:type rhost: str + +:returns: None + +Manual execution: +1. Ensure that `wordlist` and `rhost` are assign in `self.params`. +2. Run the script `modules/lazybrutesshuserenum.sh` with the appropriate arguments. + +Dependencies: +- `modules/lazybrutesshuserenum.sh` must be present in the `modules` directory and must be executable. + +Example: + To run the SSH user enumeration with a wordlist located at `/path/to/wordlist.txt` and target IP `192.168.1.1`, set: + `self.params["usrwordlist"] = "/path/to/wordlist.txt"` + `self.params["rhost"] = "192.168.1.1"` + Then call: + `run_lazyssh77enum()` + +Note: + - The accuracy of the results may vary depending on the version of the script and the wordlist used. + +## lazyburpfuzzer +Run the internal module located at `modules/lazyown_burpfuzzer.py` with the specified parameters. + +The script will be executed with the following arguments: + +- `--url`: The target URL for the fuzzer. +- `--method`: The HTTP method to use (e.g., GET, POST). +- `--proxy_port`: The port for the proxy server. +- `--headers`: Optional HTTP headers to include in the request. +- `--data`: Optional data to include in the request body. +- `--params`: Optional URL parameters to include in the request. +- `--json_data`: Optional JSON data to include in the request body. +- `-w`: Optional wordlist for fuzzing. +- `-hc`: Optional hide code for fuzzing. + +The function performs the following steps: + +1. Retrieves the values for `url`, `method`, `headers`, `params`, `data`, `json_data`, `proxy_port`, `wordlist`, and `hide_code` from `self.params`. +2. Constructs the command to run the `lazyown_burpfuzzer.py` script with the specified arguments. +3. Adds optional parameters based on whether the corresponding files (`headers_file`, `data_file`, `params_file`, `json_data_file`) are provided. +4. Executes the command using the `run_command` method. + +:param url: The target URL for the fuzzer. Must be assign in `self.params`. +:type url: str +:param method: The HTTP method to use. Must be assign in `self.params`. +:type method: str +:param headers: Optional HTTP headers. Must be assign in `self.params` or provided via `headers_file`. +:type headers: str +:param params: Optional URL parameters. Must be assign in `self.params` or provided via `params_file`. +:type params: str +:param data: Optional data for the request body. Must be assign in `self.params` or provided via `data_file`. +:type data: str +:param json_data: Optional JSON data for the request body. Must be assign in `self.params` or provided via `json_data_file`. +:type json_data: str +:param proxy_port: The port for the proxy server. Must be assign in `self.params`. +:type proxy_port: int +:param wordlist: Optional wordlist for fuzzing. Must be assign in `self.params`. +:type wordlist: str +:param hide_code: Optional code to hide. Must be assign in `self.params`. +:type hide_code: int +:param headers_file: Optional file containing headers. +:type headers_file: str, optional +:param data_file: Optional file containing data. +:type data_file: str, optional +:param params_file: Optional file containing parameters. +:type params_file: str, optional +:param json_data_file: Optional file containing JSON data. +:type json_data_file: str, optional + +:returns: None + +Manual execution: +1. Ensure that `url`, `method`, and `proxy_port` are assign in `self.params`. +2. Provide additional parameters as needed. +3. Run the script `modules/lazyown_burpfuzzer.py` with the appropriate arguments. + +Dependencies: +- `modules/lazyown_burpfuzzer.py` must be present in the `modules` directory and must be executable. + +Example: + To run the fuzzer with URL `http://example.com`, HTTP method `POST`, and proxy port `8080`, set: + `self.params["url"] = "http://example.com"` + `self.params["method"] = "POST"` + `self.params["proxy_port"] = 8080` + Then call: + `run_lazyburpfuzzer()` + +Note: + - Ensure that all required parameters are assign before calling this function. + - Parameters can also be provided via corresponding files. + +## lazyreverse_shell +Run the internal module located at `modules/lazyreverse_shell.sh` with the specified parameters. + +The script will be executed with the following arguments: +- `--ip`: The IP address to use for the reverse shell. +- `--puerto`: The port to use for the reverse shell. + +The function performs the following steps: + +1. Retrieves the values for `rhost` (IP address) and `reverse_shell_port` (port) from `self.params`. +2. Validates that `rhost` and `reverse_shell_port` parameters are assign. +3. Constructs the command to run the `lazyreverse_shell.sh` script with the specified arguments. +4. Executes the command. + +:param ip: The IP address to use for the reverse shell. Must be assign in `self.params`. +:type ip: str +:param port: The port to use for the reverse shell. Must be assign in `self.params`. +:type port: str + +:returns: None + +Manual execution: +1. Ensure that `rhost` and `reverse_shell_port` are assign in `self.params`. +2. Run the script `modules/lazyreverse_shell.sh` with the appropriate arguments. + +Dependencies: +- `modules/lazyreverse_shell.sh` must be present in the `modules` directory and must be executable. + +Example: + To assign up a reverse shell with IP `192.168.1.100` and port `4444`, assign: + `self.params["rhost"] = "192.168.1.100"` + `self.params["reverse_shell_port"] = "4444"` + Then call: + `run_lazyreverse_shell()` + +Note: + - Ensure that `modules/lazyreverse_shell.sh` has the necessary permissions to execute. + - Parameters must be assign before calling this function. + +## lazyarpspoofing +Run the internal module located at `modules/lazyarpspoofing.py` with the specified parameters. + +The script will be executed with the following arguments: +- `--device`: The network interface to use for ARP spoofing. +- `lhost`: The local host IP address to spoof. +- `rhost`: The remote host IP address to spoof. + +The function performs the following steps: + +1. Retrieves the values for `lhost`, `rhost`, and `device` from `self.params`. +2. Validates that `lhost`, `rhost`, and `device` parameters are assign. +3. Constructs the command to run the `lazyarpspoofing.py` script with the specified arguments. +4. Executes the command. + +:param lhost: The local host IP address to spoof. Must be assign in `self.params`. +:type lhost: str +:param rhost: The remote host IP address to spoof. Must be assign in `self.params`. +:type rhost: str +:param device: The network interface to use for ARP spoofing. Must be assign in `self.params`. +:type device: str + +:returns: None + +Manual execution: +1. Ensure that `lhost`, `rhost`, and `device` are assign in `self.params`. +2. Run the script `modules/lazyarpspoofing.py` with the appropriate arguments. + +Dependencies: +- `modules/lazyarpspoofing.py` must be present in the `modules` directory and must be executable. + +Example: + To execute ARP spoofing with local host `192.168.1.2`, remote host `192.168.1.1`, and device `eth0`, set: + `self.params["lhost"] = "192.168.1.2"` + `self.params["rhost"] = "192.168.1.1"` + `self.params["device"] = "eth0"` + Then call: + `run_lazyarpspoofing()` + +Note: + - Ensure that `modules/lazyarpspoofing.py` has the necessary permissions to execute. + - Parameters must be assign before calling this function. + +## lazyattack +Run the internal module located at `modules/lazyatack.sh` with the specified parameters. + +The script will be executed with the following arguments: +- `--modo`: The mode of the attack. +- `--ip`: The target IP address. +- `--atacante`: The attacker IP address. + +The function performs the following steps: + +1. Retrieves the current working directory. +2. Validates that `mode`, `rhost`, and `lhost` parameters are assign. +3. Constructs the command to run the `lazyatack.sh` script with the specified arguments. +4. Executes the command. + +:param mode: The mode in which the attack should be run. Must be assign in `self.params`. +:type mode: str +:param target_ip: The IP address of the target. Must be assign in `self.params`. +:type target_ip: str +:param attacker_ip: The IP address of the attacker. Must be assign in `self.params`. +:type attacker_ip: str + +:returns: None + +Manual execution: +1. Ensure that `mode`, `rhost`, and `lhost` are assign in `self.params`. +2. Run the script `modules/lazyatack.sh` with the appropriate arguments. + +Dependencies: +- `modules/lazyatack.sh` must be present in the `modules` directory and must be executable. + +Example: + To execute the attack with mode `scan`, target IP `192.168.1.100`, and attacker IP `192.168.1.1`, assign: + `self.params["mode"] = "scan"` + `self.params["rhost"] = "192.168.1.100"` + `self.params["lhost"] = "192.168.1.1"` + Then call: + `run_lazyattack()` + +Note: + - Ensure that `modules/lazyatack.sh` has the necessary permissions to execute. + - Parameters must be assign before calling this function. + +## lazymsfvenom +Executes the `msfvenom` tool to generate a variety of payloads based on user input. + +This function prompts the user to select a payload type from a predefined list and runs the corresponding +`msfvenom` command to create the desired payload. It handles tasks such as generating different types of +payloads for Linux, Windows, macOS, and Android systems, including optional encoding with Shikata Ga Nai for C payloads. + +The generated payloads are moved to a `sessions` directory, where appropriate permissions are assign. Additionally, +the payloads can be compressed using UPX for space efficiency. If the selected payload is an Android APK, +the function will also sign the APK and perform necessary post-processing steps. + +:param line: Command line arguments for the script. +:return: None + +## lazyaslrcheck +Creates a path hijacking attack by performing the following steps: + +1. Appends the value of `binary_name` to a temporary script located at `modules/tmp.sh`. +2. Copies this temporary script to `/tmp` with the name specified by `binary_name`. +3. Sets executable permissions on the copied script. +4. Prepends `/tmp` to the system's PATH environment variable to ensure the script is executed in preference to other binaries. + +The function then prints out each command being executed and a message indicating the binary name used for the path hijacking. + +:param binary_name: The name of the binary to be used in the path hijacking attack. It should be assign in `self.params` before calling this method. +:type binary_name: str + +:returns: None + +Manual execution: +1. Ensure that `binary_name` is assign in `self.params`. +2. Append the binary name to `modules/tmp.sh`. +3. Copy `modules/tmp.sh` to `/tmp/{binary_name}`. +4. assign executable permissions on the copied file. +5. Update the PATH environment variable to prioritize `/tmp`. + +Dependencies: +- The `self.params` dictionary must contain a valid `binary_name`. +- Ensure that `modules/tmp.sh` exists and contains appropriate content for the attack. + +Example: + To execute the path hijacking attack with `binary_name` as `malicious`, ensure `self.params["binary_name"]` is assign to `"malicious"`, and then call: + `run_lazypathhijacking()` + +Note: + - The `binary_name` parameter must be a string representing the name of the binary to hijack. + - The method modifies the PATH environment variable, which may affect the execution of other binaries. + +## lazypathhijacking +Creates a path hijacking attack by performing the following steps: + +1. Appends the value of `binary_name` to a temporary script located at `modules/tmp.sh`. +2. Copies this temporary script to `/tmp` with the name specified by `binary_name`. +3. Sets executable permissions on the copied script. +4. Prepends `/tmp` to the system's PATH environment variable to ensure the script is executed in preference to other binaries. + +The function then prints out each command being executed and a message indicating the binary name used for the path hijacking. + +:param binary_name: The name of the binary to be used in the path hijacking attack. +:returns: None + +## script +Run a script with the given arguments + +This method constructs and executes a command to run a Python script with the specified arguments. It uses the `run_command` method to execute the script and handle real-time output. + +:param script_name: The name of the script to be executed. +:type script_name: str +:param args: The arguments to be passed to the script. +:type args: tuple of str + +:returns: None + +Manual execution: +1. Build the command list with "python3", the script name, and the arguments. +2. Call `run_command` with the constructed command list. + +Dependencies: +- `run_command` method for executing the constructed command and streaming output. + +Example: + To execute a script named `example.py` with arguments `arg1` and `arg2`, call: + `run_script("example.py", "arg1", "arg2")` + +Note: + - The `script_name` parameter should be a string representing the name of the script. + - The `args` parameter is a variable-length argument list containing the arguments to be passed to the script. + - Ensure that the script and arguments are properly specified. + +## command +Run a command and print output in real-time + +This method executes a given command using `subprocess.Popen` and streams both the standard output and standard error to the console in real-time. The output from both streams is appended to the `self.output` attribute. If interrupted, the process is terminated gracefully. + +:param command: The command to be executed. +:type command: str + +:returns: None + +Manual execution: +1. Execute the command specified by the `command` parameter. +2. Stream and print the command's standard output and error to the console in real-time. +3. Append all output to the `self.output` attribute. +4. Handle `KeyboardInterrupt` by terminating the process and printing an error message. + +Dependencies: +- `subprocess` module for running the command and capturing output. +- `print_msg` function for printing output to the console. +- `print_error` function for printing error messages to the console. + +Example: + To execute a command, call `run_command("ls -l")`. + +Note: + - The `command` parameter should be a string representing the command to be executed. + - `self.output` must be initialized before calling this method. + - Ensure proper exception handling to manage process interruptions. + +## payload +Load parameters from a specified payload JSON file. + +This function loads parameters from a JSON file specified by the `line` argument and updates the instance's `params` dictionary with the values from the file. If the file does not exist or contains invalid JSON, it will print an appropriate error message. + +Usage: + payload + +:param line: The name of the JSON file to load. +:type line: str + +:returns: None + +Manual execution: +1. Open and read the specified JSON file. +2. Update the `params` dictionary with values from the JSON file. +3. Print a success message if the parameters were successfully loaded. +4. Handle `FileNotFoundError` if the file does not exist. +5. Handle `JSONDecodeError` if there is an error decoding the JSON file. + +Dependencies: +- `json` module for reading and parsing the JSON file. + +Example: + To execute the function, call `payload payload_10.10.10.10.json`. + +Note: + - Ensure that the specified JSON file exists in the current directory and is properly formatted. + - The confirmation message includes color formatting for better visibility. + +## exit +Exit the command line interface. + +This function prompts the user to confirm whether they want to exit the command line interface. If confirmed, it will terminate the program. Otherwise, it will cancel the exit. + +Usage: + exit + +:param arg: This parameter is not used in this function. +:type arg: str + +:returns: None + +Manual execution: +1. Prompt the user with a confirmation message to exit the CLI. +2. If the user confirms with 's', print a message and exit the program. +3. If the user provides any other input, print a cancellation message and remain in the CLI. + +Dependencies: +- `sys.exit` function for exiting the program. + +Example: + To execute the function, simply call `exit`. + +Note: + - The confirmation prompt is in Spanish. + - Ensure that `sys` is imported in your script. + +## fixperm +Fix permissions for LazyOwn shell scripts. + +This function adjusts the file permissions for shell scripts and CGI scripts in the `modules` directory, making them executable. + +Usage: + fixperm + +:param line: This parameter is not used in this function. +:type line: str + +:returns: None + +Manual execution: +1. Change the permissions of all shell scripts in the `modules` directory to be executable. +2. Change the permissions of all files in the `modules/cgi-bin` directory to be executable. + +Dependencies: +- `chmod` command must be available on the system. + +Example: + To execute the function, simply call `fixperm`. + +Note: + - Ensure you have the necessary permissions to modify file permissions. + +## lazywebshell +Run LazyOwn webshell server. + +This function starts a web server that serves the `lazywebshell.py` script from the `modules` directory on port 8888. The server is run in the background. + +Usage: + lazywebshell + +:param line: This parameter is not used in this function. +:type line: str + +:returns: None + +Manual execution: +1. Start a Python HTTP server with CGI support on port 8888. +2. The server serves files from the `modules` directory. + +Dependencies: +- Python 3.x must be installed on the system. +- The `http.server` module should be available. + +Example: + To execute the function, simply call `lazywebshell`. + +Note: + - The server runs in the background, and the output will not be displayed in the terminal. + +## getcap +Retrieve and display file capabilities on the system. + +This function uses the `getcap` command to recursively list capabilities for files starting from the root directory (`/`). The output is filtered to suppress error messages. + +Usage: + getcap + +:param line: This parameter is not used in this function. +:type line: str + +:returns: None + +Manual execution: +1. Run the `getcap -r /` command to list file capabilities recursively from the root directory. +2. Redirect standard error to `/dev/null` to suppress error messages. +3. Copy to clipboard the command to appy in the victim machine. +Dependencies: +- `getcap` must be installed on the system. + +Example: + To execute the function, simply call `do_getcap`. + +Note: + - The command may require elevated permissions to access certain directories and files. + +## getseclist +Get the SecLists wordlist from GitHub. + +This function downloads and extracts the SecLists wordlist from GitHub to the `/usr/share/wordlists/` directory. + +Usage: + getseclist + +:param line: This parameter is not used in this function. +:type line: str + +:returns: None + +Manual execution: +1. Navigate to the `/usr/share/wordlists/` directory. +2. Download the SecLists repository using `wget`. +3. Extract the downloaded ZIP file. +4. Remove the ZIP file after extraction. + +Dependencies: +- `wget` must be installed on the system. +- `unzip` must be installed on the system. +- `sudo` must be available for downloading and extracting files. + +Example: + To execute the function, simply call `getseclist`. + +Note: + - Ensure that you have the necessary permissions to write to the `/usr/share/wordlists/` directory. + - If `wget` or `unzip` is not installed, the function will fail. + +## smbclient +Interacts with SMB shares using the `smbclient` command to perform the following operations: + +1. Checks if `rhost` (remote host) and `lhost` (local host) are assign; if not, an error message is displayed. +2. If `line` (share name) is provided: +- Attempts to access the specified SMB share on the remote host using the command: `smbclient -N \\{rhost}\{line}` +3. If `line` is not provided: +- Lists available SMB shares on the remote host with the command: `smbclient -N -L \\{rhost}` +4. Suggests a potential SMB exploit if possible by mounting the share from the local host using: `mount -t cifs "//{lhost}/share" /mnt/smb` + +:param line: The name of the SMB share to access on the remote host. If not provided, the function will list all available shares. +:returns: None + +## smbclient_py +Interacts with SMB shares using the `smbclient.py` command to perform the following operations: + +1. Checks if `rhost` (remote host) and `lhost` (local host) are assign; if not, an error message is displayed. +2. If `line` (share name) is provided: +- Attempts to access the specified SMB share on the remote host using the command: `smbclient.py -N \\{rhost}\{line}` +3. If `line` is not provided: +- Lists available SMB shares on the remote host with the command: `smbclient.py -N -L \\{rhost}` +4. Suggests a potential SMB exploit if possible by mounting the share from the local host using: `mount -t cifs "//{lhost}/share" /mnt/smb` + +:param line: The name of the SMB share to access on the remote host. If not provided, the function will list all available shares. +:returns: None + +## smbmap +smbmap -H 10.10.10.3 [OPTIONS] +Uses the `smbmap` tool to interact with SMB shares on a remote host: + +1. Checks if `rhost` (remote host) and `lhost` (local host) are assign; if not, an error message is displayed. +2. If no `line` (share name or options) is provided: +- Attempts to access SMB shares on the remote host with a default user `deefbeef` using the command: `smbmap -H {rhost} -u 'deefbeef'` +3. If `line` is provided: +- Executes `smbmap` with the specified options or share name using the command: `smbmap -H {rhost} -R {line}` +4. Suggests a potential SMB exploit if possible by mounting the share from the local host using: `mount -t cifs "//{lhost}/documents" /mnt/smb` + +:param line: Options or share name to use with `smbmap`. If not provided, uses a default user to list shares. +:returns: None + +## getnpusers +sudo impacket-GetNPUsers mist.htb/ -no-pass -usersfile sessions/users.txt +Executes the `impacket-GetNPUsers` command to enumerate users with Kerberos pre-authentication disabled. + +1. Checks if the `line` (domain) argument is provided; if not, an error message is displayed, instructing the user to provide a domain. +2. Executes `impacket-GetNPUsers` with the following options: +- `-no-pass`: Skips password prompt. +- `-usersfile sessions/users.txt`: Specifies the file containing the list of users to check. + +:param line: The domain to query. Must be provided in the format `domain.com`. Example usage: `getnpusers domain.com` +:returns: None + +Manual execution: +To manually run this command, use the following syntax: + sudo impacket-GetNPUsers -no-pass -usersfile sessions/users.txt +Replace `` with the actual domain name you want to query. + +## psexec +Executes the Impacket PSExec tool to attempt remote execution on the specified target. + +This function performs the following actions: +1. Checks if the provided target host (`rhost`) is valid. +2. If the `line` argument is "pass", it searches for credential files with the pattern `credentials*.txt` +and allows the user to select which file to use for executing the command. +3. If the `line` argument is not "pass", it assumes execution without a password (using the current credentials). +4. Copies the `rhost` IP address to the clipboard for ease of use. + +Parameters: +line (str): A command argument to determine the action. + If "pass", the function searches for credential files and authenticates using the selected file. + Otherwise, it executes PSExec without a password using the `rhost` IP. + +Returns: +None + +## rpcdump +Executes the `rpcdump.py` script to dump RPC services from a target host. + +1. Retrieves the target host IP from the `rhost` parameter. +2. Checks if the `rhost` parameter is valid using `check_rhost()`. If invalid, the function returns early. +3. Executes the `rpcdump.py` script on port 135 and 593 to gather RPC service information from the target host. + +:param line: This parameter is not used in this command but is included for consistency with other methods. +:returns: None + +Manual execution: +To manually run this command, use the following syntax: + rpcdump.py -p 135 + rpcdump.py -p 593 +Replace `` with the IP address or hostname of the target machine. + +## dig +Executes the `dig` command to query DNS information. + +1. Retrieves the DNS server IP from the `line` parameter and the target host from the `rhost` parameter. +2. If either the DNS server or `rhost` is not provided, an error message is printed. +3. Executes the `dig` command to query the version of the DNS server and additional records. + +:param line: DNS server IP or hostname. Must be provided for the `dig` command. +:param rhost: Target host for additional `dig` queries. + +:returns: None + +Manual execution: +To manually run these commands, use the following syntax: + dig version.bind CHAOS TXT @ + dig any @ + +Replace `` with the IP address or hostname of the DNS server, `` with the target domain, and `` with the IP address or hostname of the target machine. + +## cp +Copies a file from the ExploitDB directory to the sessions directory. + +1. Retrieves the path to the ExploitDB directory and the target file from the `line` parameter. +2. Copies the specified file from the ExploitDB directory to the `sessions` directory in the current working directory. + +:param line: The relative path to the file within the ExploitDB directory. For example, `java/remote/51884.py`. +:param exploitdb: The path to the ExploitDB directory. This must be assign in advance or provided directly. + +:returns: None + +Manual execution: +To manually copy files, use the following syntax: + cp + +Replace `` with the path to your ExploitDB directory, `` with the relative path to the file, and `` with the path where you want to copy the file. + +For example: + cp /usr/share/exploitdb/exploits/java/remote/51884.py /path/to/sessions/ + +## dnsenum +Performs DNS enumeration using `dnsenum` to identify subdomains for a given domain. + +1. Executes the `dnsenum` command with parameters to specify the DNS server, output file, and wordlist for enumeration. + +:param line: The target domain to perform DNS enumeration on, e.g., `ghost.htb`. +:param rhost: The DNS server to use for enumeration, e.g., `10.10.11.24`. +:param dnswordlist: The path to the DNS wordlist file used for subdomain discovery. + +:returns: None + +Manual execution: +To manually perform DNS enumeration, use the following command: + dnsenum --dnsserver --enum -p 0 -s 0 -o -f + +Replace `` with the DNS server IP, `` with the file path to save the results, `` with the path to your DNS wordlist file, and `` with the domain to be enumerated. + +For example: + dnsenum --dnsserver 10.10.11.24 --enum -p 0 -s 0 -o sessions/subdomains.txt -f /path/to/dnswordlist.txt ghost.htb + +## dnsmap +Performs DNS enumeration using `dnsmap` to discover subdomains for a specified domain. + +1. Executes the `dnsmap` command to scan the given domain with a specified wordlist. + +:param line: The target domain to perform DNS enumeration on, e.g., `ghost.htb`. +:param dnswordlist: The path to the wordlist file used for DNS enumeration. + +:returns: None + +Manual execution: +To manually perform DNS enumeration, use the following command: + dnsmap -w + +Replace `` with the domain you want to scan and `` with the path to your DNS wordlist file. + +For example: + dnsmap ghost.htb -w /path/to/dnswordlist.txt + +## whatweb +Performs a web technology fingerprinting scan using `whatweb`. + +1. Executes the `whatweb` command to identify technologies used by the target web application. + +:param line: This parameter is not used in the current implementation but could be used to pass additional options or arguments if needed. +:param rhost: The target web host to be scanned, specified in the `params` dictionary. + +:returns: None + +Manual execution: +To manually perform web technology fingerprinting, use the following command: + whatweb + +Replace `` with the URL or IP address of the web application you want to scan. + +For example: + whatweb example.com + +## enum4linux +Performs enumeration of information from a target Linux/Unix system using `enum4linux`. + +1. Executes the `enum4linux` command with the `-a` option to gather extensive information from the specified target. + +:param line: This parameter is not used in the current implementation but could be used to pass additional options or arguments if needed. +:param rhost: The target host for enumeration, specified in the `params` dictionary. + +:returns: None + +Manual execution: +To manually enumerate information from a Linux/Unix system, use the following command: + enum4linux -a + +Replace `` with the IP address or hostname of the target system. + +For example: + enum4linux -a 192.168.1.10 + +## nbtscan +Performs network scanning using `nbtscan` to discover NetBIOS names and addresses in a specified range. + +1. Executes the `nbtscan` command with the `-r` option to scan the specified range of IP addresses for NetBIOS information. + +:param line: This parameter is not used in the current implementation but could be used to specify additional options or arguments if needed. +:param rhost: The target network range for scanning, specified in the `params` dictionary. + +:returns: None + +Manual execution: +To manually perform a NetBIOS scan across a network range, use the following command: + sudo nbtscan -r + +Replace `` with the IP address range you want to scan. For example: + sudo nbtscan -r 192.168.1.0/24 + +## rpcclient +Executes the `rpcclient` command to interact with a remote Windows system over RPC (Remote Procedure Call) using anonymous credentials. + +1. Runs `rpcclient` with the `-U ''` (empty username) and `-N` (no password) options to connect to the target host specified by `rhost`. + +:param line: This parameter is not used in the current implementation but could be used to specify additional options or arguments if needed. +:param rhost: The IP address of the remote host to connect to, specified in the `params` dictionary. + +:returns: None + +Manual execution: +To manually interact with a remote Windows system using RPC, use the following command: + rpcclient -U '' -N + +Replace `` with the IP address of the target system. For example: + rpcclient -U '' -N 10.10.10.10 + +## nikto +Runs the `nikto` tool to perform a web server vulnerability scan against the specified target host. + +1. Executes `nikto` with the `-h` option to specify the target host IP address. +2. Installs `nikto` if it is not already installed. + +:param line: This parameter is not used in the current implementation but could be used to specify additional options or arguments if needed. +:param rhost: The IP address of the target web server, specified in the `params` dictionary. + +:returns: None + +Manual execution: +To manually perform a web server vulnerability scan using `nikto`, use the following command: + nikto -h + +Replace `` with the IP address of the target web server. For example: + nikto -h 10.10.10.10 + +## finalrecon +Runs the `finalrecon` tool to perform a web server vulnerability scan against the specified target host. + +1. Executes `finalrecon` with the `-h` option to specify the target host IP address. + +:param line: This parameter is not used in the current implementation but could be used to specify additional options or arguments if needed. +:param rhost: The IP address of the target web server, specified in the `params` dictionary. + +:returns: None + +Manual execution: +To manually perform a web server vulnerability scan using `finalrecon`, use the following command: + finalrecon --url=http:// --full -o txt -cd + +Replace `` with the IP address of the target web server. For example: + finalrecon --url=http://192.168.1.92 --full -o txt -cd /home/gris/finalrecon + +## openssl_sclient +Uses `openssl s_client` to connect to a specified host and port, allowing for testing and debugging of SSL/TLS connections. + +:param line: The port number to connect to on the target host. This must be provided as an argument. +:param rhost: The IP address or hostname of the target server, specified in the `params` dictionary. + +:returns: None + +Manual execution: +To manually connect to a server using `openssl s_client` and test SSL/TLS, use the following command: + openssl s_client -connect : + +Replace `` with the IP address or hostname of the target server and `` with the port number. For example: + openssl s_client -connect 10.10.10.10:443 + +## ss +Uses `searchsploit` to search for exploits in the Exploit Database based on the provided search term. + +:param line: The search term or query to find relevant exploits. This must be provided as an argument. + +:returns: None + +Manual execution: +To manually search for exploits using `searchsploit`, use the following command: + searchsploit + +Replace `` with the term or keyword you want to search for. For example: + searchsploit kernel + +## wfuzz +Uses `wfuzz` to perform fuzzing based on provided parameters. This function supports various options for directory and file fuzzing. + +:param line: The options and arguments for `wfuzz`. The `line` parameter can include the following: + - `sub `: Fuzz DNS subdomains. Requires `dnswordlist` to be assign. + - `iis`: Fuzz IIS directories. Uses a default wordlist if `iiswordlist` is not assign. + - Any other argument: General directory and file fuzzing. + +:returns: None + +Manual execution: +To manually use `wfuzz` for directory and file fuzzing, use the following commands: + +1. For fuzzing DNS subdomains: + wfuzz -c -t -w -H 'Host: FUZZ.' + +Example: + wfuzz -c --hl=7 -t 200 -w /path/to/dnswordlist -H 'Host: FUZZ.example.com' example.com + +2. For fuzzing IIS directories: + wfuzz -c -t -w /path/to/iiswordlist http:///FUZZ + +Example: + wfuzz -c --hl=7 -t 200 -w /usr/share/wordlists/SecLists-master/Discovery/Web-Content/IIS.fuzz.txt http://10.10.10.10/FUZZ + +3. For general directory and file fuzzing: + wfuzz -c -t -w http:///FUZZ + +Example: + wfuzz -c --hl=7 -t 200 -w /path/to/dirwordlist http://10.10.10.10/FUZZ + +## launchpad +Searches for packages on Launchpad based on the provided search term and extracts codenames from the results. The distribution is extracted from the search term. + +:param line: The search term to be used for querying Launchpad. The `line` parameter should be a string containing + the search term, e.g., "8.2p1 Ubuntu 4ubuntu0.11". + +:returns: None + +Manual execution: +To manually execute the equivalent command, use the following steps: + +1. Extract the distribution from the search term: +- This function assumes the distribution name is part of the search term and is used to build the URL. + +2. URL encode the search term: +- Replace spaces with `%20` to form the encoded search query. + +3. Use `curl` to perform the search and filter results: +curl -s "https://launchpad.net/+search?field.text=" | grep 'href' | grep '' | grep -oP '(?<=href="https://launchpad.net//)[^/"]+' | sort -u + +Example: + If the search term is "8.2p1 Ubuntu 4ubuntu0.11", the command would be: + curl -s "https://launchpad.net/+search?field.text=8.2p1%20Ubuntu%204ubuntu0.11" | grep 'href' | grep 'ubuntu' | grep -oP '(?<=href="https://launchpad.net/ubuntu/)[^/"]+' | sort -u + +Notes: + - Ensure that `curl` is installed and accessible in your environment. + - The extracted codenames are printed to the console. + +## gobuster +Uses `gobuster` for directory and virtual host fuzzing based on provided parameters. Supports directory enumeration and virtual host discovery. + +:param line: The options and arguments for `gobuster`. The `line` parameter can include the following: + - `url`: Perform directory fuzzing on a specified URL. Requires `url` and `dirwordlist` to be assign. + - `vhost`: Perform virtual host discovery on a specified URL. Requires `url` and `dirwordlist` to be assign. + - Any other argument: General directory fuzzing with additional parameters. + +:returns: None + +Manual execution: +To manually use `gobuster`, use the following commands: + +1. For directory fuzzing: + gobuster dir --url / --wordlist + +Example: + gobuster dir --url http://example.com/ --wordlist /path/to/dirwordlist + +2. For virtual host discovery: + gobuster vhost --append-domain -u -w --random-agent -t 600 + +Example: + gobuster vhost --append-domain -u http://example.com -w /path/to/dirwordlist --random-agent -t 600 + +3. For general directory fuzzing with additional parameters: + gobuster dir --url http:/// --wordlist + +Example: + gobuster dir --url http://10.10.10.10/ --wordlist /path/to/dirwordlist -x .php,.html + +## addhosts +Adds an entry to the `/etc/hosts` file, mapping an IP address to a domain name. + +:param line: The domain name to be added to the `/etc/hosts` file. + - Example: `permx.htb` + +:returns: None + +Manual execution: +To manually add a domain to the `/etc/hosts` file, use the following command: + + sudo sh -c -e "echo ' ' >> /etc/hosts" + +Example: + sudo sh -c -e "echo '10.10.11.23 permx.htb' >> /etc/hosts" + +This command appends the IP address and domain name to the `/etc/hosts` file, enabling local resolution of the domain. + +## cme +Execute CrackMapExec (CME) for SMB enumeration and authentication attempts against a target. + +This function provides a range of SMB operations using CME, including: +1. RID brute-forcing, which attempts to enumerate users via RID cycling. +2. Share enumeration to list SMB shares on the target. +3. User authentication to verify credentials against the target. +4. Brute-force authentication using username and password lists. +5. Hash-based authentication to attempt access using an NTLM hash. + +Parameters: +line (str): Specifies the action to perform, which can be one of the following: + - "rid": Enumerates users by attempting RID brute-force. + - "shares": Lists SMB shares on the target. + - "user": Verifies credentials from a stored credential file or prompts for a username and password. + - "brute": Attempts brute-force authentication using a user and password dictionary. + - "hash": Attempts authentication using an NTLM hash file. + If no valid option is provided, the function defaults to performing basic SMB enumeration. + +Returns: +None + +Manual Execution Example: +To manually run CrackMapExec for SMB enumeration, use: + + crackmapexec smb + +Example: + crackmapexec smb 10.10.11.24 + +This command performs basic SMB enumeration and checks against the specified target IP address. + +## ldapdomaindump +Dumps LDAP information using `ldapdomaindump` with credentials from a file. + +:param line: The domain to use for authentication (e.g., 'domain.local'). + +:returns: None + +Manual execution: +To manually run `ldapdomaindump` for LDAP enumeration, use the following command: + + ldapdomaindump -u '\' -p '' + +Example: + ldapdomaindump -u 'domain.local\Administrator' -p 'passadmin123' 10.10.11.23 + +Ensure you have a file `sessions/credentials.txt` in the format `user:password`, where each line contains credentials for the LDAP enumeration. + +## bloodhound +Perform LDAP enumeration using bloodhound-python with credentials from a file. + +:param line: This parameter is not used in the function but could be used for additional options or domain information. + +:returns: None + +Manual execution: +To manually run `bloodhound-python` for LDAP enumeration, use the following command: + + bloodhound-python -c All -u '' -p '' -ns + +Example: + bloodhound-python -c All -u 'usuario' -p 'password' -ns 10.10.10.10 + +Ensure you have a file `sessions/credentials.txt` with the format `user:password`, where each line contains credentials for enumeration. + +## ping +Perform a ping to check host availability and infer the operating system based on TTL values. + +:param line: This parameter is not used in the function but could be used for additional options or settings. + +:returns: None + +Manual execution: +To manually ping a host and determine its operating system, use the following command: + + ping -c 1 + +Example: + ping -c 1 10.10.10.10 + +The TTL (Time To Live) value is used to infer the operating system: +- TTL values around 64 typically indicate a Linux system. +- TTL values around 128 typically indicate a Windows system. + +Ensure you have assign `rhost` to the target host for the command to work. + +## gospider +Try gospider for web spidering. + +This function executes the `gospider` tool to perform web spidering. It can either use a URL provided as a parameter or the remote host defined in `self.params`. + +Usage: + gospider url + gospider + +:param line: Command parameter that determines the execution mode. Use "url" to specify a URL, or leave empty to use the remote host. +:type line: str + +- If `line` is "url", the method uses the URL specified in `self.params["url"]`. +- If `line` is not "url", the method uses the remote host specified in `self.params["rhost"]`. + +:returns: None + +Manual execution: +1. Ensure that the `gospider` tool is installed on the system. +2. assign the `url` parameter if using the "url" mode. +3. Run the method to perform the spidering operation. + +Dependencies: +- `gospider` must be installed on the system. +- The `sudo` command must be available for installing `gospider`. + +Examples: + 1. To scan a specific URL: `gospider url` + 2. To scan the remote host: `gospider` + +Note: + - If `gospider` is not installed, the method will attempt to install it. + - Ensure that the network and tools are configured correctly for successful execution. + +## arpscan +Executes an ARP scan using `arp-scan`. + +This function performs an ARP scan on the local network using the `arp-scan` tool. The network device to be used for scanning must be specified. + +Usage: + arpscan + +:param line: Command parameters (not used in this function). +:type line: str + +- Executes the `arp-scan` command with the specified network device. + +:returns: None + +Manual execution: +1. Ensure that the network device is assign using the appropriate parameter. +2. Run the method to perform an ARP scan. + +Dependencies: +- `arp-scan` must be installed on the system. +- The `sudo` command must be available for executing `arp-scan`. + +Examples: + 1. assign the device parameter using `assign device `. + 2. Run `arpscan` to perform the ARP scan. + +Note: + - The network device must be configured and available on the system for the scan to work. + - Ensure that `arp-scan` is installed and accessible from the command line. + +## lazypwn +Executes the LazyPwn script. + +This function runs the `lazypwn.py` script located in the `modules` directory. The script is typically used for automated exploitation or security testing tasks within the LazyOwn framework. + +Usage: + lazypwn + +:param line: Command parameters (not used in this function). +:type line: str + +- Executes the `lazypwn.py` script with Python 3. + +:returns: None + +Manual execution: +1. Run the method to execute the LazyPwn script. + +Dependencies: +- The `lazypwn.py` script must be present in the `modules` directory. +- Python 3 must be installed and accessible from the command line. + +Examples: + 1. Run `do_lazypwn` to execute the LazyPwn script. + +Note: + - Ensure that `lazypwn.py` is configured correctly before running this method. + - The script's functionality depends on its implementation in `modules/lazypwn.py`. + +## fixel +Fixes file permissions and line endings in the project directories. + +This function converts line endings from DOS/Windows format to Unix format for all files in the project directories. This helps to ensure consistent line endings and can prevent issues related to file format mismatches. + +Usage: + fixel + +:param line: Command parameters (not used in this function). +:type line: str + +:returns: None + +Manual execution: +1. Run the method to fix line endings in the specified directories. + +Dependencies: +- The `dos2unix` command must be installed and accessible from the command line. + +Examples: + 1. Run `do_fixel` to convert line endings for all files in the project directories. + +Note: + - This method only fixes line endings and does not modify file permissions. + - Ensure that the `dos2unix` command is installed and functioning correctly. + +## smbserver +Sets up an SMB server using Impacket and creates an SCF file for SMB share access. + +This function configures an SMB server to serve files from the `sessions` directory and generates an SCF file that points to the SMB share. The SCF file can be used to create a shortcut to the SMB share on a Windows system. + +Usage: + smbserver + +:param line: Command parameters folder name (optional). +:type line: str + +- Checks if `lhost` is valid using the `check_lhost` function. +- Creates an SCF file (`sessions/file.scf`) with configuration to access the SMB share. +- Copies a curl command to the clipboard for downloading the SCF file from the SMB share. +- Starts an SMB server using Impacket to serve the `sessions` directory. + +:returns: None + +Manual execution: +1. Ensure `lhost` is assign to a valid IP address or hostname. +2. Run the method to create the SCF file and start the SMB server. +3. Use the copied curl command to download the SCF file on the target system. +4. Ensure that `impacket-smbserver` is installed and accessible from the command line. + +Dependencies: +- The `impacket-smbserver` tool must be installed and accessible from the command line. +- The `check_lhost` function must validate the `lhost` parameter. + +Examples: + 1. Run `do_smbserver` to assign up the SMB server and generate the SCF file. + 2. Use the provided curl command to download the SCF file on the target system. + +Note: + - The SCF file is used to create a shortcut to the SMB share and should be accessible from the target system. + - Ensure that the `lhost` parameter is correctly assign and that the SMB server is properly configured. + +## sqlmap +Uses sqlmap to perform SQL injection testing on a given URL or request file (you can get one with burpsuit or proxy command and foxyproxy plugin for browser). + +This function allows the execution of sqlmap commands with various options, including testing URL endpoints, reading from request files, and using sqlmap's wizard mode for easy configuration. + +Usage: + sqlmap req + sqlmap req + sqlmap req + sqlmap req + sqlmap -wiz + +:param line: Command parameters for sqlmap. +:type line: str + +- If `line` starts with `req`, it expects the following formats: +- `req `: Tests the specified parameter in the request file for SQL injection. +- `req `: Tests the specified parameter and attempts to dump tables from the specified database. +- `req
`: Tests the specified parameter and attempts to dump data from the specified table in the database. + +- If `line` starts with `-wiz`, it runs sqlmap's wizard mode for interactive configuration. + +- If `line` is empty, it uses the URL specified in `self.params["url"]` to perform SQL injection testing with sqlmap. + +:returns: None + +Manual execution: +1. If using `req`, provide a valid request file and parameters. +2. Run sqlmap with the specified options for SQL injection testing. +3. To use the wizard mode, execute `sqlmap -wizard`. +4. For URL-based testing, ensure `url` is assign and run sqlmap with the URL. + +Dependencies: +- The `sqlmap` tool must be installed and accessible from the command line. +- The request file specified in `req` should be located in the `sessions` directory. + +Examples: + sqlmap req requests.txt id + sqlmap req requests.txt id database_name + sqlmap req requests.txt id database_name table_name + sqlmap -wiz + +Note: + - Ensure the request file exists and is readable before running sqlmap. + - The URL must be assign for URL-based testing. + - The wizard mode is useful for interactive configuration if you're unsure about the options. + +## proxy +Runs a small proxy server to modify HTTP requests on the fly. + +This function starts the `lazyproxy.py` script, which acts as a proxy server for intercepting and modifying HTTP requests. The server listens on port 8888. + +Usage: + proxy + +:param line: This parameter is not used in the current implementation. +:type line: str +:returns: None + +Manual execution: +1. Executes the `lazyproxy.py` script to start the proxy server. +2. The proxy server will run and modify requests as configured in the script. + +Dependencies: +- The `lazyproxy.py` script must be available in the `modules` directory. + +Example: + proxy + +Note: + - Ensure that the `lazyproxy.py` script is correctly configured before running. + - The proxy server will be accessible at `http://localhost:8888`. + - To stop the proxy server, terminate the running process manually. + +## createwebshell +Creates a web shell disguised as a `.jpg` file in the `sessions` directory. + +This function performs the following actions: +1. Runs a Python script `lazycreate_webshell.py` to create a disguised web shell. +2. Downloads a PHP web shell from a specified URL and saves it to the `sessions` directory. + +Usage: + createwebshell + +:param line: This parameter is not used in the current implementation. +:type line: str +:returns: None + +Manual execution: +1. Executes the `lazycreate_webshell.py` script to create a web shell disguised as a `.jpg` file. +2. Downloads a PHP web shell from the GitHub repository and saves it to `sessions`. + +Dependencies: +- `wget` must be installed for downloading the web shell. +- The `lazycreate_webshell.py` script must be available in the `modules` directory. + +Example: + createwebshell + +Note: + - Ensure that the `lazycreate_webshell.py` script is correctly configured and accessible. + - Verify the URL in the `wget` command to ensure it points to a valid and safe web shell. + +## createrevshell +Creates a bash reverse shell script in the `sessions` directory with the specified `lhost` and `lport` values. + +This function performs the following actions: +1. Checks if `lhost` and `lport` are assign. If not, it prints an error message and exits. +2. Creates a bash reverse shell script using the provided `lhost` and `lport` values. +3. Saves the script to `sessions/revshell.sh`. +4. Prints a message with the `curl` command to download and execute the reverse shell script. +5. Copies the `curl` command to the clipboard. + +Usage: + createrevshell + +:param line: This parameter is not used in the current implementation. +:type line: str +:returns: None + +Manual execution: +1. Creates or overwrites the file `sessions/revshell.sh` with the bash reverse shell script. +2. Displays the command to download and execute the script via `curl`. +3. Copies the `curl` command to the clipboard for easy use. + +Dependencies: +- Bash must be installed on the target system. +- `xclip` must be installed for copying the command to the clipboard. + +Example: + createrevshell + +Note: + - Ensure that `lhost` and `lport` are assign before running this command. + - The script will listen for incoming connections on the specified `lport` and connect back to `lhost`. + - Adjust the `lhost` and `lport` as needed for your specific environment. + +## createwinrevshell +Creates a PowerShell reverse shell script in the `sessions` directory with the specified `lhost` and `lport` values. + +This function performs the following actions: +1. Checks if `lhost` and `lport` are assign. If not, it prints an error message and exits. +2. Creates a PowerShell reverse shell script using the provided `lhost` and `lport` values. +3. Saves the script to `sessions/revshell.ps1`. +4. Prints a message with the command to download and execute the reverse shell script via `curl`. +5. Copies the `curl` command to the clipboard. + +Usage: + createwinrevshell + +:param line: This parameter is not used in the current implementation. +:type line: str +:returns: None + +Manual execution: +1. Creates or overwrites the file `sessions/revshell.ps1` with the PowerShell reverse shell script. +2. Displays the command to download and execute the script via `curl`. +3. Copies the `curl` command to the clipboard for easy use. + +Dependencies: +- PowerShell must be installed on the target system. +- `xclip` must be installed for copying the command to the clipboard. + +Example: + createwinrevshell + +Note: + - Ensure that `lhost` and `lport` are assign before running this command. + - The script will listen for incoming connections on the specified `lport` and connect back to `lhost`. + - Adjust the `lhost` and `lport` as needed for your specific environment. + +## createhash +Creates a `hash.txt` file in the `sessions` directory with the specified hash value and analyzes it using `Name-the-hash`. + +This function performs the following actions: +1. Validates the input line to ensure it is not empty. +2. Backs up the existing `hash.txt` file if it exists, renaming it to `hash_{timestamp}.txt` based on the current timestamp. +3. Writes the provided hash value to `sessions/hash.txt`. +4. Analyzes the hash value using `Name-the-hash`. + +Usage: + createhash + +:param line: The hash value to be written to `hash.txt` and analyzed. +:type line: str +:returns: None + +Manual execution: +1. Creates or overwrites the file `sessions/hash.txt` with the specified hash value. +2. Analyzes the hash value using the `nth` command. + +Dependencies: +- `sessions/hash.txt` will be created in the `sessions` directory. +- `Name-the-hash` must be installed and accessible via the command `nth`. + +Example: + createhash 5f4dcc3b5aa765d61d8327deb882cf99 + +Note: + - Ensure the hash value is correct before running the analysis. + - The hash value should be provided as a single argument without extra characters or spaces. + +## createcredentials +Creates a `credentials.txt` file in the `sessions` directory with the specified username and password. + +This function performs the following actions: +1. Validates the input line to ensure it contains a colon (`:`), indicating the presence of both a username and password. +2. Backs up the existing `credentials.txt` file if it exists, renaming it to `credentials_{username}.txt` based on the existing username. +3. Writes the valid input to `sessions/credentials.txt`. + +Usage: + createcredentials user:password + +:param line: The input line containing the username and password in the format `user:password`. +:type line: str +:returns: None + +Manual execution: +1. Creates or overwrites the file `sessions/credentials.txt` with the specified username and password. + +Dependencies: +- `sessions/credentials.txt` will be created in the `sessions` directory. + +Example: + createcredentials administrator:passwordadministrator123&! + +Note: + - Ensure the input format is correct: `user:password`. + - The credentials should be properly formatted with a colon separating the username and password. + +## createcookie +Creates a `cookie.txt` file in the `sessions` directory with the specified cookie value. + +This function performs the following actions: +1. Extracts the cookie value from the provided input line using a regular expression. +2. Writes the extracted cookie value to `sessions/cookie.txt`. + +Usage: + createcookie cookie=user_data=valor_base64 + +:param line: The input line containing the cookie value in the format `cookie=value`. +:type line: str +:returns: None + +Manual execution: +1. Creates or overwrites the file `sessions/cookie.txt` with the extracted cookie value. + +Dependencies: +- `sessions/cookie.txt` will be created in the `sessions` directory. + +Example: + createcookie cookie=user_data=valor_base64 + +Note: + - Ensure the input format is correct: `cookie=value`. + - The cookie value should be properly encoded and formatted as needed. + +## download_resources +Downloads resources into the `sessions` directory. + +This function performs the following actions: +1. Changes to the `sessions` directory and executes `download_resources.sh` to download required resources. + +Usage: + download_resources + +:param line: Not used in this function. +:type line: str +:returns: None + +Manual execution: +1. Runs the `download_resources.sh` script in the `sessions` directory to download necessary resources. + +Dependencies: +- `download_resources.sh` must be present in the `sessions` directory. + +Example: + download_resources + +Note: + - Ensure that the `download_resources.sh` script is present in the `sessions` directory and is executable. + - After running this command, you can use the `www` command as indicated by the printed message. + +## download_exploit +Downloads and sets up exploits in the `external/.exploits/` directory and starts a web server to serve the files. + +This function performs the following actions: +1. Changes to the `external` directory and executes `install_external.sh` to install necessary components or exploits. +2. Displays the IP addresses associated with network interfaces and copies the IP address of `tun0` to the clipboard. +3. Lists the contents of the `external/.exploit` directory and starts a web server on port 8443 to serve the files in that directory. +4. Prints a message indicating the server's status and the port it's running on. + +Usage: + download_exploit + +:param line: Not used in this function. +:type line: str +:returns: None + +Manual execution: +1. Runs the `install_external.sh` script to assign up necessary components or exploits. +2. Displays network interface IP addresses and copies the IP address of `tun0` to the clipboard. +3. Lists the contents of `external/.exploit` directory. +4. Starts a Python HTTP server on port 8443 in the `external/.exploit` directory to serve files. + +Dependencies: +- `install_external.sh` must be present in the `external` directory. +- `xclip` must be installed for clipboard operations. +- Python 3 must be installed to run the HTTP server. + +Example: + download_exploit + +Note: + - Ensure that the `install_external.sh` script is correctly configured and present in the `external` directory. + - The HTTP server will be accessible on port 8443. + - The function assumes the presence of `external/.exploit` directory and serves files from there. + +## dirsearch +Runs the `dirsearch` tool to perform directory and file enumeration on a specified URL. + +This function executes `dirsearch` to scan a given URL for directories and files, while excluding specific HTTP status codes from the results. If `dirsearch` is not installed, the function will attempt to install it before running the scan. + +Usage: + dirsearch + +:param line: Not used in this function. The URL is provided via the `url` parameter. +:type line: str +:returns: None + +Manual execution: +1. If `dirsearch` is present, the command `dirsearch -u -x 403,404,400` is executed. +2. If `dirsearch` is not present, the function installs `dirsearch` using `sudo apt install dirsearch -y` and then runs the command. + +Dependencies: +- `dirsearch` must be installed. If not present, it will be installed using `sudo apt`. +- Ensure the URL is assign via the `url` parameter before calling this function. + +Example: + dirsearch http://example.com/ + +Note: + - Ensure that the `url` parameter is assign before calling this function. + - The `-x` option specifies HTTP status codes to exclude from the results (e.g., 403, 404, 400). + - The function will attempt to install `dirsearch` if it is not already installed. + +## john2hash +Runs John the Ripper with a specified wordlist and options. + +This function executes John the Ripper to crack hashes using the specified wordlist and additional options. If no additional options are provided, it will attempt to display cracked hashes. + +Usage: + john2hash + +:param line: Optional arguments to be passed to John the Ripper (e.g., `--format=Raw-SHA512`). If not provided, the function will default to showing the cracked hashes. +:type line: str +:returns: None + +Manual execution: +1. If `line` is provided, the command `sudo john sessions/hash.txt --wordlist= ` is executed. +2. If `line` is not provided, the command `sudo john sessions/hash.txt --wordlist=` is executed to display the cracked hashes. + +Dependencies: +- John the Ripper must be installed and available in the system's PATH. +- Ensure the wordlist file exists at the specified path. +- The `sessions/hash.txt` file must contain the hashes to be cracked. + +Example: + john2hash --format=Raw-SHA512 + # If `wordlist` is assign to `/usr/share/wordlists/rockyou.txt`, the command executed will be `sudo john sessions/hash.txt --wordlist=/usr/share/wordlists/rockyou.txt --format=Raw-SHA512`. + +Note: + - Ensure that the `wordlist` parameter is set before calling this function. + - Provide the necessary options as a string argument (e.g., `--format=Raw-SHA512`) if needed. + - If no options are provided, the function defaults to showing the cracked hashes. + +## hashcat +Runs Hashcat with specified attack mode and hash type using a wordlist. + +This function executes the Hashcat tool with the specified mode and wordlist file. The hash value to be cracked should be provided as an argument. + +Usage: + hashcat + +:param line: The hash type or mode to be used with Hashcat (e.g., 0 for MD5). This is a required argument. +:type line: str +:returns: None + +Manual execution: +1. The command `hashcat -a 0 -m ` is executed, where `` is the hash type, `` is the hash to be cracked, and `` is the path to the wordlist file. + +Dependencies: +- Hashcat must be installed and available in the system's PATH. +- Ensure the wordlist file exists at the specified path. + +Example: + hashcat 0 + # If `wordlist` is set to `/usr/share/wordlists/rockyou.txt` and `line` is `0`, the command executed will be `hashcat -a 0 -m 0 /usr/share/wordlists/rockyou.txt`. + +Note: + - Ensure that the `wordlist` parameter is set before calling this function. + - The hash to be cracked must be passed as an argument when calling the function. + - Replace `` with the appropriate Hashcat mode number (e.g., `0` for MD5, `1000` for NTLM). + +## complete_hashcat +Complete mode options and file paths for the sessions/hash.txt + +## responder +Runs Responder on a specified network interface with elevated privileges. + +This function executes the Responder tool with `sudo` on the network interface provided in the `device` parameter. + +Usage: + responder + +:param line: This parameter is not used in the function but is included for consistency with other command methods. +:type line: str +:returns: None + +Manual execution: +1. The command `sudo responder -I ` is executed, where `` is the network interface specified by the user. + +Dependencies: +- The function relies on `sudo` to run Responder with root privileges. +- Ensure that Responder is installed and available in the system's PATH. + +Example: + responder + # If `device` is assign to `tun0`, the command executed will be `sudo responder -I tun0`. + +Note: + - Ensure that the `device` parameter is set before calling this function. + - Replace `` with the appropriate network interface, such as `tun0`, `eth0`, etc. + - Running Responder requires root privileges, so make sure the user running the command has the necessary permissions. + +## ip +Displays IP addresses of network interfaces and copies the IP address from the `tun0` interface to the clipboard. + +This function performs the following tasks: +1. Displays IP addresses for all network interfaces using `ip a show scope global` and `awk`. +2. Copies the IP address from the `tun0` interface to the clipboard using `xclip`. + +Usage: + ip + +:param line: This parameter is not used in the function but is included for consistency with other command methods. +:type line: str +:returns: None + +Manual execution: +1. The command `ip a show scope global | awk '/^[0-9]+:/ { sub(/:/,"",$2); iface=$2 } /^[[:space:]]*inet / { split($2, a, "/"); print " [" iface"] "a[1] }'` is executed to display the IP addresses of all network interfaces. +2. The IP address of the `tun0` interface is copied to the clipboard using the command `ip a show tun0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1 | xclip -sel clip`. + +Dependencies: +- The function relies on `awk`, `grep`, `cut`, and `xclip` to process and copy the IP address. + +Example: + ip + # This will display IP addresses for all network interfaces and copy the IP address from `tun0` to the clipboard. + +Note: + Ensure that the `tun0` interface exists and has an IP address assigned. If `tun0` is not present or has no IP address, the clipboard will not be updated. + +## ipp +Displays IP addresses of network interfaces and prints the IP address from the `tun0` interface. + +This function performs the following tasks: +1. Displays IP addresses for all network interfaces using `ip a show scope global` and `awk`. +2. Prints the IP address from the `tun0` interface. + +Usage: + ip + +:param line: This parameter is not used in the function but is included for consistency with other command methods. +:type line: str +:returns: None + +Manual execution: +1. The command `ip a show scope global | awk '/^[0-9]+:/ { sub(/:/,"",$2); iface=$2 } /^[[:space:]]*inet / { split($2, a, "/"); print " [" iface"] "a[1] }'` is executed to display the IP addresses of all network interfaces. +2. The IP address of the `tun0` interface is printed to the console using the command `ip a show tun0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1`. + +Dependencies: +- The function relies on `awk`, `grep`, `cut`, and `xclip` to process and display the IP address. + +Example: + ip + # This will display IP addresses for all network interfaces and print the IP address from `tun0`. + +Note: + Ensure that the `tun0` interface exists and has an IP address assigned. If `tun0` is not present or has no IP address, the address will not be displayed. + +## rhost +Copies the remote host (rhost) to the clipboard and updates the command prompt. + +This function performs two tasks: +1. It copies the `rhost` parameter to the clipboard if it is valid. +2. It updates the command prompt to include the `rhost` and the current working directory. + +Usage: + rhost [clean] + +:param line: An optional argument that determines the behavior of the function: + - If 'clean', it resets the command prompt to its default format. + - If any other value, it updates the command prompt to include the `rhost` and current working directory. +:type line: str +:returns: None + +Manual execution: +1. If `line` is 'clean': +- The command prompt is reset to its default format. +2. If `line` is any other value: +- The command prompt is updated to show the `rhost` and the current working directory. +- The `rhost` is copied to the clipboard using `xclip`. + +Dependencies: +- The script uses `xclip` to copy the `rhost` to the clipboard. + +Example: + rhost + # This will copy the current `rhost` to the clipboard and update the prompt. + + rhost clean + # This will reset the command prompt to its default format. + +Note: + Ensure that the `rhost` is valid by checking it with the `check_rhost` function before copying it to the clipboard. + +## rrhost +Updates the command prompt to include the remote host (rhost) and current working directory. + +This function performs two tasks: +1. It updates the command prompt to include the `rhost` and the current working directory if `line` is not 'clean'. +2. It resets the command prompt to its default format if `line` is 'clean'. + +Usage: + rhost [clean] + +:param line: An optional argument that determines the behavior of the function: + - If 'clean', it resets the command prompt to its default format. + - If any other value, it updates the command prompt to include the `rhost` and current working directory. +:type line: str +:returns: None + +Manual execution: +1. If `line` is 'clean': +- The command prompt is reset to its default format. +2. If `line` is any other value: +- The command prompt is updated to show the `rhost` and the current working directory. + +Example: + rhost + # This will update the command prompt to include the `rhost` and current working directory. + + rhost clean + # This will reset the command prompt to its default format. + +Note: + Ensure that the `rhost` is valid by checking it with the `check_rhost` function before updating the prompt. + +## banner +Show the banner + +## py3ttyup +Copies a Python reverse shell command to the clipboard. + +This function generates a Python command that uses the `pty` module to spawn a new shell and copies it to the clipboard. This is typically used for creating a TTY shell in a reverse shell situation. + +Usage: + py3ttyup + +:param line: This parameter is not used in the function. +:type line: str +:returns: None + +Manual execution: +1. The function creates a Python command with `pty.spawn` to open a shell. +2. The command is copied to the clipboard using `xclip`. +3. A message is printed to inform the user that the command has been copied. + +Dependencies: +- The script uses `xclip` to copy the command to the clipboard. + +Example: + py3ttyup + # This will copy the Python command `python3 -c 'import pty; pty.spawn("/bin/bash")'` to the clipboard. + +Note: + This command is often used in scenarios where you need a more interactive shell from a reverse shell connection. + +## rev +Copies a reverse shell payload to the clipboard. + +This function generates a reverse shell command that connects back to the specified host and port, and copies it to the clipboard. It also provides a way to execute the payload via a PHP-based web shell. + +Usage: + rev + +:param line: This parameter is not used in the function. +:type line: str +:returns: None + +Manual execution: +1. Ensure that `lhost`, `lport`, and `rhost` parameters are assign. +2. The function generates a reverse shell command in Bash and prints instructions for using the payload. +3. It also provides an example URL and PHP code snippet that decodes and executes the base64-encoded payload. +4. The reverse shell command is copied to the clipboard using `xclip`. + +Dependencies: +- The script uses `xclip` to copy the command to the clipboard. +- Base64 encoding is used to obfuscate the payload. + +Example: + rev + # This will copy a reverse shell command to the clipboard and display instructions for its use. + +## img2cookie +Copies a malicious image tag payload to the clipboard. + +This function crafts and copies two different image tag payloads designed to steal cookies from a target's browser. The payloads use JavaScript to send cookies to a specified host and port. The user is prompted to select which payload to copy to the clipboard. + +Usage: + img2cookie + +:param line: This parameter is not used in the function. +:type line: str +:returns: None + +Manual execution: +1. Ensure that `lhost`, `lport`, and `rhost` parameters are assign. +2. The function generates two payloads: +- Payload 1: A script that sends cookies to the specified host and port. +- Payload 2: An image tag with an `onerror` event that fetches cookies and sends them to the specified host and port using Base64 encoding. +3. The user is prompted to choose between the two payloads, which are then copied to the clipboard. + +Dependencies: +- The script uses `xclip` to copy the payloads to the clipboard. +- Ensure that `lhost`, `lport`, and `rhost` parameters are assign with appropriate values. + +Example: + img2cookie + # This will prompt you to select between two payloads. The chosen payload will be copied to the clipboard. + +## disableav +Creates a Visual Basic Script (VBS) to attempt to disable antivirus settings. + +This function generates a VBS script designed to modify Windows Registry settings and run PowerShell commands to disable various Windows Defender antivirus features. + +Usage: + disableav + +:param line: This parameter is not used in the function. +:type line: str +:returns: None + +Manual execution: +1. The function writes a VBS script to a file named `aav.vbs` in the `sessions` directory. +2. The script: +- Elevates its privileges if not already running as an administrator. +- Modifies Windows Registry settings to disable various Windows Defender features. +- Outputs PowerShell commands to disable additional Windows Defender settings. + +The VBS script: +- Uses `WScript.Shell` to modify the Windows Registry for disabling Windows Defender. +- Calls PowerShell commands to further disable antivirus features. + +Dependencies: +- The script must be executed on a Windows system where you have administrative privileges. +- Ensure you have appropriate permissions to modify Windows Registry settings. + +Example: + disableav + # This will create the `aav.vbs` file with the specified content in the `sessions` directory. + +## conptyshell +Downloads ConPtyShell and prepares a PowerShell command for remote access. + +This function downloads the ConPtyShell PowerShell script and ZIP archive to the `sessions` directory and copies a PowerShell command to the clipboard for easy execution. + +Usage: + conptyshell + +:param line: This parameter is not used in the function. The required host and port are retrieved from the `params` dictionary. +:type line: str +:returns: None + +Manual execution: +1. Ensure that the `lhost` and `lport` parameters are assign with the local host and port for the reverse shell. +2. The function downloads `Invoke-ConPtyShell.ps1` and `ConPtyShell.zip` to the `sessions` directory. +3. Constructs a PowerShell command to run `Invoke-ConPtyShell.ps1` with the specified local IP and port. +4. Copies the constructed command to the clipboard using `xclip`. + +The constructed PowerShell command: +- Uses `Invoke-ConPtyShell.ps1` to establish a reverse shell connection to the specified `lhost` and `lport`. +- Sets the PowerShell execution policy to bypass and specifies the dimensions of the terminal window. + +Dependencies: +- `wget`: For downloading files from the internet. +- `xclip`: For copying commands to the clipboard. +- Ensure `ConPtyShell` script and ZIP are compatible with your environment. + +Example: + conptyshell + # This will download the required files and copy the PowerShell command to the clipboard. + +## pwncatcs +Runs `pwncat-cs` with the specified port for listening. + +This function starts a `pwncat-cs` listener on the specified local port. It can use a port defined in the `lport` parameter or a port provided as an argument. + +Usage: + pwncatcs + +:param line: The port number to use for the `pwncat-cs` listener. If not provided, it defaults to the `lport` parameter. +:type line: str +:returns: None + +Manual execution: +1. Ensure that `pwncat-cs` is installed and accessible from your command line. +2. The port number can either be provided as an argument or be assign in the `lport` parameter of the function. +3. Run the function to start `pwncat-cs` on the specified port. + +If no port is provided as an argument, the function will use the port specified in the `lport` parameter. If a port is provided, it overrides the `lport` value. + +After starting the listener, the function prints a message indicating that `pwncat-cs` is running on the specified port and another message when the session is closed. + +Dependencies: +- `pwncat-cs`: A tool used for creating reverse shells or bind shells. + +## pwncat +Runs `pwncat` with the specified port for listening. SELFINJECT + +This function starts a `pwncat` listener on the specified local port. It can use a port defined in the `lport` parameter or a port provided as an argument. + +Usage: + pwncatcs + +:param line: The port number to use for the `pwncat-cs` listener. If not provided, it defaults to the `lport` parameter. +:type line: str +:returns: None + +Manual execution: +1. Ensure that `pwncat-cs` is installed and accessible from your command line. +2. The port number can either be provided as an argument or be assign in the `lport` parameter of the function. +3. Run the function to start `pwncat-cs` on the specified port. + +If no port is provided as an argument, the function will use the port specified in the `lport` parameter. If a port is provided, it overrides the `lport` value. + +After starting the listener, the function prints a message indicating that `pwncat-cs` is running on the specified port and another message when the session is closed. + +Dependencies: +- `pwncat-cs`: A tool used for creating reverse shells or bind shells. + +## find +Automates command execution based on a list of aliases and commands. + +1. Displays available aliases and their commands. +2. Asks the user if they want to execute a specific command. +3. If confirmed, displays the alias and command with a number. +4. Executes the command and copies it to the clipboard. + +:param line: The command line input containing a keyword to filter the list of alias and command pairs. +:type line: str +:returns: None + +Manual execution: +- Prepare the list of alias and command pairs in the format: "alias command". +- Provide this list as input to the function. +- Confirm the execution of the desired command when prompted. +- Manually copy the command to the clipboard if needed. + +Note: Ensure `xclip` is installed and properly configured to use clipboard functionalities. + +## sh +Executes a shell command directly from the LazyOwn interface. + +This function allows the user to execute arbitrary shell commands without exiting the LazyOwn shell. +It checks if a command is provided, prints a message indicating the command being executed, and then +runs the command using `os.system`. + +Usage: + sh + +:param line: The shell command to be executed. +:type line: str +:raises ValueError: If no command is provided, an error message is printed indicating that a command is required. +:returns: None + +Example: + sh ls -la + # This will execute 'ls -la' in the shell without exiting LazyOwn. + +Note: + Ensure that the command provided is safe to execute and does not include potentially harmful operations. + +## pwd +Displays the current working directory and lists files, and copies the current directory path to the clipboard. + +This function performs the following tasks: +1. Displays the current working directory with `pwd` and lists files in the directory using `ls`. +2. Copies the current directory path to the clipboard using `xclip`. + +Usage: + pwd + +:param line: This parameter is not used in the function but is included for consistency with other command methods. +:type line: str +:returns: None + +Manual execution: + 1. The command `echo -e "[\e[96m\`pwd\`\e[0m]\e[34m" && ls && echo -en "\e[0m"` is executed to display the current working directory and list files in it. + 2. The current directory path is copied to the clipboard using the command `pwd | xclip -sel clip`. + +Dependencies: + - The function relies on `echo`, `pwd`, `ls`, and `xclip` to display the directory and copy the path to the clipboard. + +Example: + pwd + # This will display the current working directory, list files, and copy the current directory path to the clipboard. + +Note: + Ensure that `xclip` is installed on your system for copying to the clipboard to work. + +## qa +Exits the application quickly without confirmation. + +This function performs the following tasks: +1. Prints an exit message with formatting. +2. Terminates the `tmux` session named `lazyown_sessions` if it exists. +3. Kills all running `openvpn` processes. +4. Exits the program with a status code of 0. + +Usage: + qa + +:param line: This parameter is not used in the function but is included for consistency with other command methods. +:type line: str +:returns: None + +Manual execution: + 1. The command `tmux kill-session -t lazyown_sessions 2>/dev/null` is executed to kill the tmux session named `lazyown_sessions`, suppressing errors if the session does not exist. + 2. The command `killall openvpn 2>/dev/null` is executed to terminate all running `openvpn` processes, suppressing errors if no such processes are found. + 3. The program is exited with a status code of 0 using `sys.exit(0)`. + +Dependencies: + - The function relies on `tmux`, `killall`, and `sys` to perform the exit operations. + +Example: + qa + # This will print an exit message, terminate the tmux session and openvpn processes, and exit the program. + +Note: + Ensure that `tmux` and `openvpn` are installed and running for their respective commands to have an effect. + +## ignorearp +Configures the system to ignore ARP requests by setting a kernel parameter. + +This function performs the following tasks: +1. Prints a message indicating the command that will be executed. +2. Executes the command `echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore` with elevated privileges using `sudo` to configure the system to ignore ARP requests. +3. Prints a confirmation message indicating that the operation is complete. + +Usage: + ignorearp + +:param line: This parameter is not used in the function but is included for consistency with other command methods. +:type line: str +:returns: None + +Manual execution: + 1. The command `sudo bash -c 'echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore'` is executed to assign the `arp_ignore` parameter to `1`, which configures the system to ignore ARP requests. + +Dependencies: + - The function requires `sudo` to run the command with elevated privileges. + +Example: + ignorearp + # This will assign the `arp_ignore` parameter to `1` to ignore ARP requests. + +Note: + Ensure that you have the necessary permissions to use `sudo` and that the `arp_ignore` parameter can be modified on your system. + +## ignoreicmp +Configures the system to ignore ICMP echo requests by setting a kernel parameter. + +This function performs the following tasks: +1. Prints a message indicating the command that will be executed. +2. Executes the command `echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all` with elevated privileges using `sudo` to configure the system to ignore ICMP echo requests (ping). +3. Prints a confirmation message indicating that the operation is complete. + +Usage: + ignoreicmp + +:param line: This parameter is not used in the function but is included for consistency with other command methods. +:type line: str +:returns: None + +Manual execution: + 1. The command `sudo bash -c 'echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all'` is executed to assign the `icmp_echo_ignore_all` parameter to `1`, which configures the system to ignore ICMP echo requests (ping). + +Dependencies: + - The function requires `sudo` to run the command with elevated privileges. + +Example: + ignoreicmp + # This will assign the `icmp_echo_ignore_all` parameter to `1` to ignore ICMP echo requests. + +Note: + Ensure that you have the necessary permissions to use `sudo` and that the `icmp_echo_ignore_all` parameter can be modified on your system. + +## acknowledgearp +Configures the system to acknowledge ARP requests by setting a kernel parameter. + +This function performs the following tasks: +1. Prints a message indicating the command that will be executed. +2. Executes the command `echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore` with elevated privileges using `sudo` to configure the system to acknowledge ARP requests. +3. Prints a confirmation message indicating that the operation is complete. + +Usage: + acknowledgearp + +:param line: This parameter is not used in the function but is included for consistency with other command methods. +:type line: str +:returns: None + +Manual execution: + 1. The command `sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore'` is executed to assign the `arp_ignore` parameter to `0`, which configures the system to acknowledge ARP requests. + +Dependencies: + - The function requires `sudo` to run the command with elevated privileges. + +Example: + acknowledgearp + # This will assign the `arp_ignore` parameter to `0` to acknowledge ARP requests. + +Note: + Ensure that you have the necessary permissions to use `sudo` and that the `arp_ignore` parameter can be modified on your system. + +## acknowledgeicmp +Configures the system to respond to ICMP echo requests by setting a kernel parameter. + +This function performs the following tasks: +1. Prints a message indicating the command that will be executed. +2. Executes the command `echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all` with elevated privileges using `sudo` to configure the system to respond to ICMP echo requests. +3. Prints a confirmation message indicating that the operation is complete. + +Usage: + acknowledgeicmp + +:param line: This parameter is not used in the function but is included for consistency with other command methods. +:type line: str +:returns: None + +Manual execution: + 1. The command `sudo bash -c 'echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all'` is executed to assign the `icmp_echo_ignore_all` parameter to `0`, which configures the system to respond to ICMP echo requests. + +Dependencies: + - The function requires `sudo` to run the command with elevated privileges. + +Example: + acknowledgeicmp + # This will assign the `icmp_echo_ignore_all` parameter to `0` to allow responses to ICMP echo requests. + +Note: + Ensure that you have the necessary permissions to use `sudo` and that the `icmp_echo_ignore_all` parameter can be modified on your system. + +## clock +Displays the current date and time, and runs a custom shell script. + +This function performs the following actions: +1. Constructs a command to get the current date and time in a specified format. +2. Uses `figlet` to display the current date and time in a large ASCII text format. +3. Runs a custom shell script (`cal.sh`) to display additional information or perform further actions related to the clock. + +Usage: + clock + +:param line: This parameter is not used in the function. +:type line: str +:returns: None + +Manual execution: +To manually use this function: +1. Ensure that `figlet` is installed on your system for displaying text in large ASCII format. +2. Make sure `cal.sh` exists in the `modules` directory and is executable. +3. Run the function to see the current date and time displayed in large ASCII text, followed by the execution of `cal.sh`. + +Note: The function sets the terminal color to white before displaying the date and time, then sets it to green before running the `cal.sh` script. Finally, it resets the terminal color. + +Dependencies: +- `figlet`: For displaying text in large ASCII format. +- `cal.sh`: A custom shell script located in the `modules` directory. + +## ports +Lists all open TCP and UDP ports on the local system. + +This function performs the following actions: +1. Calls the `get_open_ports` function to retrieve lists of open TCP and UDP ports. +2. Prints a header for open TCP ports. +3. Iterates over the list of open TCP ports, printing each IP address and port number. +4. Prints a header for open UDP ports. +5. Iterates over the list of open UDP ports, printing each IP address and port number. + +Usage: + ports + +:param line: This parameter is not used in the function. +:type line: str +:returns: None + +Manual execution: +To manually use this function: +1. Ensure the `get_open_ports` function is defined and properly implemented to return lists of open TCP and UDP ports. +2. Run the function to display open TCP and UDP ports on the local system. + +Note: The `get_open_ports` function should return two lists of tuples: one for TCP ports and one for UDP ports. Each tuple should contain an IP address and a port number. + +## ssh +Connects to an SSH host using credentials from a file and a specified port. + +This function performs the following actions: +1. Retrieves the remote host (`rhost`) from the parameters. +2. Checks if the `rhost` is valid using the `check_rhost` function. +3. Sets the SSH port to the value provided in the `line` parameter. +4. Checks if the `credentials.txt` file exists in the `./sessions` directory. +5. Reads credentials (username and password) from the `credentials.txt` file, where each line is formatted as `user:password`. +6. Constructs and executes an SSH command using `sshpass` to handle password authentication and `ssh` to initiate the connection. +7. Displays the SSH command being executed. + +Usage: + ssh + +:param line: The port number to use for the SSH connection. +:type line: str +:returns: None + +Manual execution: +To manually use this function: +1. Ensure `sessions/credentials.txt` exists and contains valid SSH credentials in the format `user:password`. +2. Run the function with the port number as an argument. +3. The function will attempt to connect to the SSH host using each assign of credentials and the specified port. + +Note: Ensure `sshpass` is installed on your system for password-based SSH authentication. If `sshpass` is not available, you may need to install it or use an alternative method for SSH authentication. + +## ftp +Connects to an ftp host using credentials from a file and a specified port. + +This function performs the following actions: +1. Retrieves the remote host (`rhost`) from the parameters. +2. Checks if the `rhost` is valid using the `check_rhost` function. +3. Sets the ftp port to the value provided in the `line` parameter. +4. Checks if the `credentials.txt` file exists in the `./sessions` directory. +5. Reads credentials (username and password) from the `credentials.txt` file, where each line is formatted as `user:password`. +6. Constructs and executes an ftp command using `sshpass` to handle password authentication and `ftp` to initiate the connection. +7. Displays the ftp command being executed. + +Usage: + ftp + +:param line: The port number to use for the ftp connection. +:type line: str +:returns: None + +Manual execution: +To manually use this function: +1. Ensure `sessions/credentials.txt` exists and contains valid ftp credentials in the format `user:password`. +2. Run the function with the port number as an argument. +3. The function will attempt to connect to the ftp host using each assign of credentials and the specified port. + +Note: Ensure `sshpass` is installed on your system for password-based SSH authentication. If `sshpass` is not available, you may need to install it or use an alternative method for SSH authentication. + +## cports +Generates a command to display TCP and UDP ports and copies it to the clipboard. + +This function performs the following actions: +1. Defines a command to display TCP and UDP ports from `/proc/net/tcp` and `/proc/net/udp`, respectively. +2. The command extracts and formats IP addresses and port numbers from these files. +3. Prints the generated command to the console for verification. +4. Copies the command to the clipboard using `xclip`. + +Usage: + cports # Generates the command and copies it to the clipboard + +:param line: This parameter is not used in this function. +:type line: str +:returns: None + +Manual execution: +To manually use this function: +1. Run the function to print the command and copy it to the clipboard. +2. The command can be pasted into a terminal to display TCP and UDP ports. + +Note: Ensure `xclip` is installed on your system for copying to the clipboard. If `xclip` is not available, you may need to install it or use an alternative method for copying to the clipboard. + +## vpn +Connect to a VPN by selecting from available .ovpn files. + +This function performs the following actions: +1. Lists all `.ovpn` files in the current directory, sorted alphabetically. +2. Handles cases with and without arguments: +- Without arguments: Lists available `.ovpn` files and prompts the user to select one by number. +- With a single argument: Treats the argument as a number and attempts to connect to the corresponding `.ovpn` file. +3. Connects to the selected `.ovpn` file using `openvpn` and displays appropriate messages. +4. Handles invalid input with error messages. + +Usage: + vpn # List available .ovpn files and select one to connect to + vpn # Connect directly to the .ovpn file corresponding to the number + +:param line: The number of the .ovpn file to connect to, or an empty string to list available files. +:type line: str +:returns: None + +Manual execution: +To manually use this function: +1. Run the function with no arguments to list available `.ovpn` files. +2. Choose a file by entering the corresponding number. +3. Alternatively, run the function with a number argument to connect directly to the specified `.ovpn` file. + +Note: Ensure you have the necessary permissions and the `openvpn` command is available on your system. + +## id_rsa +Create an SSH private key file and connect to a remote host using SSH. + +This function performs the following actions: +1. Checks if the provided remote host (`rhost`) is valid. +2. Verifies that a username is provided as an argument. +3. Creates an SSH private key file in the `sessions` directory with a name based on the provided username. +4. Opens the created file in the `nano` text editor for the user to paste the private key. +5. Sets the file permissions to read-only for the owner (600). +6. Optionally formats the key if the user chooses to. +7. Connects to the remote host via SSH using the created private key. +8. Displays a warning message when the SSH connection is closed. + +Usage: + id_rsa + +:param line: The username for SSH connection and private key file naming. +:type line: str +:returns: None + +Manual execution: +To manually use this function: +1. Run the function with the username argument, e.g., `id_rsa myuser`. +2. Paste the private key into the `nano` editor when prompted. +3. Save and exit the editor. +4. The SSH connection will be established using the private key. + +Note: Ensure you have the necessary permissions to create files and connect via SSH. + +## www +Start a web server using Python 3 and display relevant network information. + +This function performs the following actions: +1. Displays global network interfaces and their IP addresses. +2. Copies the IP address of the `tun0` interface to the clipboard. +3. Displays the current working directory and contents of the `sessions` directory. +4. Starts a Python 3 HTTP server on port 80 in the `sessions` directory. +5. Displays a message indicating that the web server is running and will show the shutdown message when stopped. + +Usage: + www + +:param line: This parameter is used to pass the port as an argument by default is 80 +:type line: str +:returns: None + +Manual execution: +To manually use this function, run it to start the web server and follow the on-screen instructions to see the network information and server status. + +Note: Ensure you have `xclip` installed for clipboard operations and have the necessary permissions to run the HTTP server. + +## wrapper +Copy payloads to clipboard for Local File Inclusion (LFI) attacks. + +This function provides three payload options for Local File Inclusion (LFI) attacks and copies the selected payload to the clipboard using `xclip`. The user is prompted to choose which payload to copy. + +Usage: + wrapper + +:param line: This parameter is not used in the function. +:type line: str +:returns: None + +Manual execution: +To manually use this function, run it and follow the prompts to select one of the three predefined payloads. The selected payload will be copied to the clipboard. + +Note: Ensure `xclip` is installed on your system for clipboard operations. + +## swaks +Sends an email using `swaks` (Swiss Army Knife for SMTP). + +This method constructs and executes a `swaks` command to send an email from an attacker’s address +to a victim’s address, with a specified message body. The command is executed using the SMTP server +address provided in the parameters. + +Parameters: +- `line`: (str) Input line that is not used in this function. + +Functionality: +1. Retrieves the SMTP server address (`rhost`) from the object's parameters. +2. Checks if the server address is valid using `check_rhost()`. +3. Prompts the user for the sender's email address (`from_attacker`). +4. Prompts the user for the recipient's email address (`to_victim`). +5. Prompts the user for the message body (`body`). +6. Constructs the `swaks` command with the provided options. +7. Executes the command using `self.cmd()`. +8. Copies the command to the clipboard using `copy2clip()`. + +Example usage: +>>> do_swaks("line") + +swaks --from attacker@hell.com --to victim@heaven.com,victim2@heaven.com,victim3@heaven.com --body "testing" --server 127.0.0.1 + +## samrdump +Run `impacket-samrdump` to dump SAM data from specified ports. + +This function executes `impacket-samrdump` to retrieve SAM data from the target host on ports 139 and 445. It first checks if the `rhost` parameter is valid, and if so, it runs the command for both ports. + +Usage: + samrdump + +:param line: The target host to dump SAM data from. +:type line: str +:returns: None + +Manual execution: +To manually run this task, specify the target host. The function will attempt to dump SAM data from the host on ports 139 and 445. +impacket-samrdump -port 445 10.10.10.10 +Note: Ensure that `impacket-samrdump` is installed and properly configured on your system. + +## urlencode +Encode a string for URL. + +This function takes a string as input, encodes it for URL compatibility using the `quote` function, and prints the encoded result. + +Usage: + urlencode + +:param line: The string to encode for URL. +:type line: str +:returns: None + +Manual execution: +To manually run this task, provide a string to be URL-encoded as an argument. The function will encode it and print the result. + +Note: If no input is provided or the input is only whitespace, an error message will be displayed. + +## urldecode +Decode a URL-encoded string. + +This function takes a URL-encoded string as input, decodes it using the `unquote` function, and prints the decoded result. + +Usage: + urldecode + +:param line: The URL-encoded string to decode. +:type line: str +:returns: None + +Manual execution: +To manually run this task, provide a URL-encoded string as an argument. The function will decode it and print the result. + +Note: If no input is provided or the input is only whitespace, an error message will be displayed. + +## lynis +Performs a Lynis audit on the specified remote system. + +This function executes the `modules/lazylynis.sh` script with the target host defined in the `rhost` parameter. It is used to perform a security audit of the remote system using Lynis. + +Usage: + lynis + +:param line: This parameter is not used in the current implementation. +:type line: str +:returns: None + +Manual execution: +To manually run this task, ensure that the `modules/lazylynis.sh` script is available and executable. Provide the target host in the format `lynis`. +sudo lynis audit system remote 10.10.10.10 more info check modules/lazylynis.sh +Note: The function assumes that `rhost` is a valid host address. If `rhost` is not valid, it will print an error message. For more details, check `modules/lazylynis.sh`. + +## snmpcheck +Performs an SNMP check on the specified target host. + +This function executes the `snmp-check` command against the target host defined in the `rhost` parameter. + +Usage: + snmpcheck + +:param line: This parameter is not used in the current implementation. +:type line: str +:returns: None + +Manual execution: +To manually run this task, ensure that `snmp-check` is installed and provide a target host in the format `snmpcheck`. +snmp-check 10.10.10.10 +Note: The function assumes that `rhost` is a valid host address. If `rhost` is not valid, it will print an error message. + +## snmpwalk +Performs an SNMP check on the specified target host. + +This function executes the `snmp-check` command against the target host defined in the `rhost` parameter. + +Usage: + snmpwalk + +:param line: This parameter is not used in the current implementation. +:type line: str +:returns: None + +Manual execution: +To manually run this task, ensure that `snmpwalk -v 2c -c public` is installed and provide a target host in the format `snmpcheck`. +snmpwalk -v 2c -c public 10.10.10.10 +Note: The function assumes that `rhost` is a valid host address. If `rhost` is not valid, it will print an error message. + +## encode +Encodes a string using the specified shift value and substitution key. + +This function encodes the given string by applying a shift value and a substitution key. + +Usage: + encode + +:param line: The input string containing the shift value, substitution key, and the string to be encoded. The format should be ' '. +:type line: str +:returns: None + +Manual execution: +To manually run this task, provide a shift value (integer), a substitution key, and the string to encode in the format `encode `. + +Note: The function assumes the shift value is an integer. If the shift value is not an integer, it will print an error message. + +## decode +Decode a string using the specified shift value and substitution key. + +This function decodes the given string by applying a shift value and a substitution key to reverse the encoding process. + +Usage: + decode + +:param line: The input string containing the shift value, substitution key, and the string to be decoded. The format should be ' '. +:type line: str +:returns: None + +Manual execution: +To manually run this task, provide a shift value (integer), a substitution key, and the string to decode in the format `decode `. + +Note: The function assumes the shift value is an integer. If the shift value is not an integer, it will print an error message. + +## cred +Display the credentials stored in the `credentials.txt` file and copy the password to the clipboard. + +This function reads the stored credentials from a file named `credentials.txt` located in the `sessions` directory. +The file should be in the format `username:password`. If the file does not exist, an error message will be printed +instructing the user to create the credentials file first. The function extracts the username and password from the file, +prints them, and copies the password to the clipboard using `xclip`. + +:param line: A string parameter that is not used in this function. It is included for compatibility with command-line + interface functions. + +:returns: None + +Manual execution: +To manually perform the equivalent actions, follow these steps: + + 1. Ensure the file `sessions/credentials.txt` exists and contains credentials in the format `username:password`. + 2. Read the file and extract the username and password. + 3. Print the username and password to the console. + 4. Use the `xclip` tool to copy the password to the clipboard. Example command: + + echo '' | xclip -sel clip + +Example: +If `sessions/credentials.txt` contains `admin:password123`, the function will print: + + User : admin + Pass : password123 + +The password `password123` will be copied to the clipboard. + +Note: +Ensure `xclip` is installed on your system for copying to the clipboard. The function assumes that `xclip` is available +and correctly configured. + +## hostdiscover +Discover active hosts in a subnet by performing a ping sweep. + +This method constructs and executes a bash script that performs a +ping sweep on the specified subnet to identify active hosts. The +subnet is determined from the 'rhost' parameter. For each host in +the subnet, a ping request is sent, and active hosts are reported. + +Parameters: +- line (str): The input line argument is not used in this function. + +Behavior: +- Extracts the first three octets of the 'rhost' parameter to form +the base IP pattern. +- Constructs a bash script to ping each IP address in the subnet +(from .1 to .254) and reports active hosts. +- The generated bash script is displayed to the user. +- Prompts the user to confirm whether they want to execute the +generated command. +- If the user confirms, executes the command using `self.cmd()`. +- If the user declines, copies the command to the clipboard using +`copy2clip()`. + +Side Effects: +- Executes system commands and may affect the system environment. +- May modify the clipboard content if the user chooses not to execute. + +Notes: +- Ensure that the 'rhost' parameter is a valid IP address and that +the `check_rhost()` function is implemented to validate the IP. +- `print_msg()` is used to display the constructed command to the +user. +- `copy2clip()` is used to copy the command to the clipboard if +not executed. + +Example: +>>> do_hostdiscover("example_input") + +## portdiscover +Scan all ports on a specified host to identify open ports. + +This method constructs and executes a bash script that performs a +port scan on the specified host to determine which ports are open. +It scans all ports from 0 to 65535 and reports any that are open. + +Parameters: +- line (str): The input line argument is not used in this function. + +Behavior: +- Extracts the 'rhost' parameter to determine the target IP address. +- Constructs a bash script to scan all ports on the target IP address +and report open ports. +- The generated bash script is displayed to the user. +- Prompts the user to confirm whether they want to execute the +generated command. +- If the user confirms, executes the command using `self.cmd()`. +- If the user declines, copies the command to the clipboard using +`copy2clip()`. + +Side Effects: +- Executes system commands and may affect the system environment. +- May modify the clipboard content if the user chooses not to execute. + +Notes: +- Ensure that the 'rhost' parameter is a valid IP address and that +the `check_rhost()` function is implemented to validate the IP. +- `print_msg()` is used to display the constructed command to the +user. +- `copy2clip()` is used to copy the command to the clipboard if +not executed. + +Example: +>>> do_portdiscover("example_input") + +## portservicediscover +Scan all ports on a specified host to identify open ports and associated services. + +This method constructs and executes a bash script that performs a +port scan on the specified host to determine which ports are open +and identifies any services running on those open ports. It scans +all ports from 0 to 65535. + +Parameters: +- line (str): The input line argument is not used in this function. + +Behavior: +- Extracts the 'rhost' parameter to determine the target IP address. +- Constructs a bash script to scan all ports on the target IP address +and report open ports along with any associated services. +- The generated bash script is displayed to the user. +- Prompts the user to confirm whether they want to execute the +generated command. +- If the user confirms, executes the command using `self.cmd()`. +- If the user declines, copies the command to the clipboard using +`copy2clip()`. + +Side Effects: +- Executes system commands and may affect the system environment. +- Requires `sudo` privileges to use `lsof` for identifying services. +- May modify the clipboard content if the user chooses not to execute. + +Notes: +- Ensure that the 'rhost' parameter is a valid IP address and that +the `check_rhost()` function is implemented to validate the IP. +- `print_msg()` is used to display the constructed command to the +user. +- `copy2clip()` is used to copy the command to the clipboard if +not executed. + +Example: +>>> do_portservicediscover("example_input") + +## rot +Apply a ROT (rotation) substitution cipher to the given string. + +This function rotates each character in the input string by the specified number of positions in the alphabet. It supports rotation values between 1 and 27. + +Usage: + rot '' + +:param line: The input string containing the number and the text to be rotated. The format should be ' '' where is the rotation amount and is the text to be ciphered. +:type line: str +:returns: None + +Manual execution: +To manually run this task, provide a number (rotation amount) and a string in the format `rot ''`. Ensure the number is between 1 and 27. + +Note: The function assumes that the rotation number is an integer between 1 and 27. If the number is out of range or not a valid integer, it will print an error message. + +## rotf +Apply a ROT (rotation) substitution cipher to the given extension. + +This function rotates each character in the input extension by the specified number of positions in the alphabet. It supports rotation values between 1 and 27. + +Usage: + rot '' + +:param line: The input extension containing the number and the text to be rotated. The format should be ' '' where is the rotation amount and is the text to be ciphered. +:type line: str +:returns: None + +Manual execution: +To manually run this task, provide a number (rotation amount) and a extension in the format `rot ''`. Ensure the number is between 1 and 27. + +Note: The function assumes that the rotation number is an integer between 1 and 27. If the number is out of range or not a valid integer, it will print an error message. + +## hydra +Uses Hydra to perform a brute force attack on a specified HTTP service with a user and password list. + +1. Checks if a wordlist is provided; if not, prints an error message. +2. Validates the remote host parameter. +3. Checks if the `line` argument is provided, which should include the path to crack and the port. +4. If the `line` argument is valid, splits it into arguments for the path and port. +5. Asks the user if they want to use a small dictionary from a JSON file. +6. Constructs and prints the Hydra command with the provided parameters. +7. Executes the Hydra command using `os.system`. + +:param line: The path to crack and port for the Hydra command, formatted as 'path port'. +:type line: str +:returns: None + +Manual execution: +To manually run this task, you would: +- Provide the path to crack and the port as arguments to this function in the format 'path port'. +- Ensure that the user list and wordlist are assign correctly. +- hydra -f -L sessions/users.txt -P /usr/share/wordlists/rockyou.txt 10.10.11.9 -s 5000 http-get /v2/ +Note: Ensure that the remote host and wordlist parameters are valid, and that the path and port are specified correctly in the `line` argument. + +## medusa +Uses medusa to perform a brute force attack on a specified ssh service with a user and password list. + +1. Checks if a wordlist is provided; if not, prints an error message. +2. Validates the remote host parameter. +3. Asks the user if they want to use a small dictionary from a JSON file. +4. Constructs and prints the medusa command with the provided parameters. +5. Executes the medusa command using `os.system`. + +:param line: The port if is't default port. +:type line: str +:returns: None + +Manual execution: +To manually run this task, you would: +- Provide the path to crack and the port as arguments to this function in the format 'path port'. +- Ensure that the user list and wordlist are assign correctly. +- medusa -h 10.10.10.10 -U sessions/users.txt -P /usr/share/wordlists/rockyou.txt -e ns -M ssh" +Note: Ensure that the remote host and wordlist parameters are valid, and that the path and port are specified correctly in the `line` argument. + +## nmapscript +Perform an Nmap scan using a specified script and port. + +:param line: A string containing the Nmap script and port, separated by a space. Example: "http-enum 80". + +:returns: None + +Manual execution: +To manually run an Nmap scan with a script and port, use the following command format: + + nmap --script