release/0.1.62

Full Changelog: release/0.1.61...release/0.1.62

emp3r0r

Command emp3r0r Downloads and sets up the Emperor server for local exploitation.

This function performs the following tasks:

1. Checks if Emperor is already downloaded.
2. Downloads the Emperor tar.xz file if not already present.
3. Extracts the contents into the sessions directory.
4. Executes the Emperor server.
5. Prepares the agent download command based on the OS Host and copies it to the clipboard.

Args:
line (str): Optional arguments to specify port Relay

Returns:
None

Example:
emp3r0r 6666

Notes:
- Ensure that the required dependencies are installed.

template_helper_serializer

Handles the creation and serialization of a template helper.

This function performs the following tasks:

1. Retrieves the filename and data to be written from the input line.
2. Initializes a template file and writes the data to it.
3. Serializes the template data and outputs the result.

Args:
line (str): The input line containing the filename and data in the format "filename, data".

Returns:
None

Raises:
None

Example:
template_helper_serializer shell.php,

gospherus

Command gospherus: Clones and uses the Gopherus tool to generate gopher payloads for various services.
Use the command template_helper_serializer to generate the serialization payload. more info help template_helper_serializer

This function performs the following tasks:
0. Install Python2 (Old protocol, old t00l, old python)

1. Checks if Gopherus is already cloned in the external/.exploit directory.
2. Clones the Gopherus repository if not already present.
3. Enumerates the possible exploits and prompts the user to choose one.
4. Runs the selected exploit using Gopherus.

Args:
line (str): Optional argument for specifying the chosen exploit.

Returns:
None

Example:
gospherus 2

wpscan

Command wpscan: Installs and runs WPScan to perform WordPress vulnerability scanning.

This function performs the following tasks:

1. Checks if WPScan is installed.
2. Installs WPScan using gem if not already installed.
3. Prompts the user for a URL to scan.
4. Allows the user to choose additional WPScan options such as --stealthy or --enumerate.
5. Executes the WPScan command with the chosen options.

Args:
line (str): Optional argument to specify the URL or additional WPScan options.

Returns:
None

Example:
wpscan --url blog.tld

createjsonmachine_batch

Create multiple JSON payload files based on a CSV input file from HackerOne.

This function processes a CSV file located in the 'sessions' directory. The CSV file
must contain information about different assets, including 'identifier',
'eligible_for_bounty', and 'eligible_for_submission'. For each asset where
both 'eligible_for_bounty' and 'eligible_for_submission' are set to True,
a JSON payload file is created using a predefined template.

The CSV must contain the following columns:

• 'identifier': Domain or asset name used to generate the URL and domain for the payload.
• 'eligible_for_bounty': A boolean indicating if the asset is eligible for bounty.
• 'eligible_for_submission': A boolean indicating if the asset is eligible for submission.

For each eligible asset:

• The URL is generated based on the 'identifier' field.
• The domain is derived from the 'identifier' field.
• The 'rhost' field in the JSON payload is updated using the IP address obtained by pinging the domain.

The JSON payload is saved in the format 'payload_.json'.

Parameters:
line (str): An optional string parameter. If provided, it selects the corresponding CSV file
in the 'sessions' directory based on the user's input.

Returns:
None

release/0.1.61

Full Changelog: release/0.1.60...release/0.1.61

  Compiles and uploads an .ino sketch to a Digispark device using Arduino CLI and Micronucleus.

    This method checks if Arduino CLI and Micronucleus are installed on the system.
    If they are not available, it installs them. It then compiles a Digispark sketch 
    and uploads the generated .hex file to the Digispark device.

    The method performs the following actions:
    1. Checks for the presence of Arduino CLI and installs it if not available.
    2. Configures Arduino CLI for Digispark if not already configured.
    3. Generates a reverse shell payload and prepares the sketch for Digispark.
    4. Compiles the prepared Digispark sketch using Arduino CLI.
    5. Checks for the presence of Micronucleus and installs it if not available.
    6. Uploads the compiled .hex file to the Digispark device using Micronucleus.

    Args:
        line (str): Command line input provided by the user, which may contain additional parameters.

    Returns:
        None: The function does not return any value but may modify the state of the system
            by executing commands.

release/0.1.60

Full Changelog: release/0.1.59...release/0.1.60

release/0.1.59

Full Changelog: release/0.1.58...release/0.1.59

release/0.1.58

Full Changelog: release/0.1.57...release/0.1.58

release/0.1.57

Full Changelog: release/0.1.56...release/0.1.57

release/0.1.56

Full Changelog: release/0.1.55...release/0.1.56

createjsonmachine

Create a new JSON payload file based on the template provided in payload.json.

This function reads an existing JSON file named 'payload.json' and
allows the user to update specific fields. The following fields can
be modified:

• 'url': The new URL to connect to, which can be entered manually
  or automatically generated based on the input parameter 'line'.
• 'domain': The new domain associated with the URL, similarly
  generated or entered.
• 'rhost': The new remote host IP address that needs to be specified
  by the user.

All other fields from the original payload are preserved in the new
JSON file, ensuring that no other data is lost or altered.

The newly created JSON payload will be saved in a new file with the
format 'payload_<new_name>.json', where <new_name> is derived
from the domain name's subpart.

Parameters:
line (str): An optional string parameter that, if provided, is used
to generate the new 'url' and 'domain'. If empty,
the user will be prompted to enter values for 'url'
and 'domain'.

Returns:
None

xss

Executes the XSS (Cross-Site Scripting) vulnerability testing procedure
using user-defined parameters and configurations.

This method guides the user through the process of setting up and
executing XSS payload injections against a specified target domain.
It prompts the user for necessary input, including the XSS payload
URL, the target domain, and the request timeout settings. The
function ensures that all required inputs are provided and valid
before proceeding with the injection process.

Parameters:
line (str): A line of input that may contain additional parameters
or commands (not utilized within this method).

Raises:
ValueError: If the provided payload URL or target domain is empty,
indicating that these are required for the injection
process.

This method leverages user input for flexibility, allowing
customized testing scenarios for XSS vulnerabilities.

arjun

Executes an Arjun scan on the specified URL for parameter discovery.

This function checks if Arjun is installed on the system, installs it if necessary, and then constructs
a command to run Arjun against the provided URL with user-defined options.

Parameters:
line (str): Input line, not currently used.

release/0.1.55

Full Changelog: release/0.1.54...release/0.1.55

evidence

Compresses the 'sessions' folder and encodes it into a video using the lazyown_infinitestorage.py script.
If a filename is provided as an argument, it decodes the specified video instead.

This function operates in two modes depending on the input:

1. Encode Mode (default):

• Compresses the contents of the 'sessions' directory into a ZIP file named 'sessions.zip'.
• Utilizes the lazyown_infinitestorage.py script to convert the ZIP file into a high-definition video file named 'encoded_output.avi' with a frame size of 1920x1080 and a frame rate of 25 FPS.

2. Decode Mode:

• When the 'line' parameter contains the string "decode", it lists all available video files in the 'sessions' directory (files with .mp4, .mkv, or .avi extensions).
• If there are no video files present, it prints an error message and exits.
• Prompts the user to select a video by entering its corresponding number.
• Constructs a command to decode the selected video file using the lazyown_infinitestorage.py script, outputting the decoded result to a specified directory.

:param line: An optional parameter that, when provided, indicates that the user wants to decode a video. If not provided, the function operates in encode mode.
:type line: str
:returns: None

Example usage:
- To compress and encode: do_evidence()
- To decode a video: do_evidence('decode')

Notes:

• The 'sessions' directory must exist and contain files for encoding.
• The lazyown_infinitestorage.py script must be present in the specified directory.
• Ensure that the output paths for both encoding and decoding do not conflict with existing files.

rejetto_hfs_exec

HttpFileServer version 2.3. Vulnerable using the module rejetto_hfs_exec of metasploit
:param line: Command line input that provides the LHOST and RHOST.
:type line: str
:returns: None

ms08_067_netapi

SMB CVE-2008-4250. Vulnerable using the module ms08_067_netapi of metasploit
:param line: Command line input that provides the LHOST and RHOST.
:type line: str
:returns: None

automsf

Try to check if Vulnerable using the module passed by argument of lazyown example automsf exploit/windows/iis/iis_webdav_upload_asp to use in metasploit
:param line: Command line input that provides the LHOST and RHOST.
:type line: str
:returns: None

iis_webdav_upload_asp

(CVE-2017-7269). Vulnerable using the module iis_webdav_upload_asp of metasploit
:param line: Command line input that provides the LHOST and RHOST.
:type line: str
:returns: None

nano

Opens or creates the file using line in the sessions directory for editing using nano.

:param line: name of the file to use in nano in session directory.

:returns: None

nc

Runs nc with the specified port for listening.

This function starts a nc listener on the specified local port. It can use a port defined in the lport parameter or a port provided as an argument.

Usage:
pwncatcs

:param line: The port number to use for the nc listener. If not provided, it defaults to the lport parameter.
:type line: str
:returns: None

Manual execution:

1. Ensure that nc is installed and accessible from your command line.
2. The port number can either be provided as an argument or be set in the lport parameter of the function.
3. Run the function to start nc on the specified port.

If no port is provided as an argument, the function will use the port specified in the lport parameter. If a port is provided, it overrides the lport value.

After starting the listener, the function prints a message indicating that nc is running on the specified port and another message when the session is closed.

Dependencies:

• nc: A tool used for creating reverse shells or bind shells.

release/0.1.54

Full Changelog: release/0.1.53...release/0.1.54

waybackmachine

Fetch URLs from the Wayback Machine for a given website.
The URL is taken from line. If the URL is not provided, an error is printed.
The limit of results is taken from self.params["limit"] if provided; otherwise, defaults to 10.
Results are printed directly to the console.

c2

Handles the execution of a C2 (Command and Control) server setup command.

This function performs the following tasks:

1. Retrieves and validates the local host (lhost) and local port (lport) parameters.
2. Checks if the required file modules/run exists.
3. Reads the content of the modules/run file, replaces placeholders with actual values (lport, line, lhost),
   and copies the updated content to the clipboard.
4. Prompts the user to start the C2 server, and if confirmed, executes the server command.
5. Provides a warning about shutting down the server.

Args:
line (str): The victim ID or command line to be used by the C2 server.

Returns:
None

Raises:
None

Example:
c2 victim-1

Notes:
- Ensure that the lhost and lport parameters are valid before calling this function.
- The modules/run file must exist and be correctly formatted.
- The server command is executed using os.system, which may require additional handling for security.

kick

Handles the process of sending a spoofed ARP packet to a specified IP address with a given MAC address.

This function performs the following steps:

1. Executes a command to list current ARP entries and prints the IP and MAC addresses.
2. Prompts the user to input the target IP and MAC address in a specified format.
3. Parses the provided input to extract the IP and MAC addresses.
4. Sets up default values for the gateway IP, local MAC address, and network interface.
5. Creates an ARP packet with the specified target IP and MAC address.
6. Sends the ARP packet using the specified network interface.
7. Prints a confirmation message indicating that the spoofing packet has been sent.

Args:
line (str): Input line for the command, which is not used directly in this function.

Raises:
Exception: If any error occurs during the execution of the function.

sqli

Asks the user for the URL, database, table, and columns, and then executes the Python script
'modules/lazybsqli.py' with the provided parameters.

Parameters:

• def_func: Function to execute (not used in this example).
• line: Command line or additional input (not used in this example).

Example:

• do_bsqli(None, None)

sshkey

Generates an SSH key pair with RSA 4096-bit encryption. If no name is provided, it uses 'lazyown' by default.
The keys are stored in the 'sessions/' directory.

Parameters:

• line: The name of the key file. If empty, 'lazyown' is used as the default.

Example:

• do_sshkey(None) # Generates 'lazyown' key
• do_sshkey("custom_key") # Generates 'custom_key' key

crunch

Generate a custom dictionary using the crunch tool.

This function creates a wordlist with a specified length using the crunch command.
It allows the user to specify a custom character pattern for the wordlist.

:param line: The length of the strings to be generated (e.g., '6' for 6-character strings).
If not provided, the function will prompt an error message.

:returns: None

Example usage:

crunch 6
This will generate a wordlist with all possible combinations of 6-character strings using the default pattern.

Additional notes:

• If no custom pattern is provided, the function uses a default pattern: "0123456789abcdefghijklmnñopqrstuvxyz,.-#$%@"
• The output is saved in the sessions/ directory with the filename format dict_<length>.txt

malwarebazar

Fetches and displays malware information from the MalwareBazaar API based on the given tag.

Args:
line (str): The tag used to query the MalwareBazaar API.

This function performs the following steps:

1. Constructs a URL to query the MalwareBazaar API with the provided tag.
2. Uses curl to send a POST request to the API and saves the response in a JSON file.
3. Checks if the file was successfully created and exists.
4. Loads the JSON data from the file.
5. Checks the query_status field to determine if there are results.
   • If no_results, prints a warning message and exits the function.
6. Iterates through the list of file information provided in the response.
   • Prints detailed information about each file, including:
     • File name
     • File type
     • File size
     • Hashes (SHA-256, SHA-1, MD5)
     • First seen date
     • Signature
     • Tags
     • ClamAV results (if any)
     • Downloads and uploads count
7. Deletes the temporary file used to store the API response.

Returns:
None

download_malwarebazar

Download a malware sample from MalwareBazaar using its SHA256 hash.

This function allows the user to download a malware sample from MalwareBazaar by providing
the SHA256 hash of the desired file. If the hash is not provided as an argument, the function
will prompt an error message indicating the correct usage. The downloaded malware sample
will be saved as a zipped file (malware.zip) and will be password protected.

Arguments:
line (str): The SHA256 hash of the malware sample to be downloaded.

Returns:
None

Example:

download_malwarebazar 094fd325049b8a9cf6d3e5ef2a6d4cc6a567d7d49c35f8bb8dd9e3c6acf3d78d

Notes:

• Ensure that the SHA256 hash provided is correct and that it corresponds to a file available
  on MalwareBazaar.
• The downloaded file will be password protected using the password "infected".
• To obtain the SHA256 hash of malware samples, refer to the help malwarebazar command.

See Also:

• run(command): Utility function used to execute the command for downloading the malware.

sslscan

Run an SSL scan on the specified remote host.

This function initiates an SSL scan on a specified remote host (rhost)
using the sslscan-singleip.sh script. If a specific port is provided in the
line argument, the scan will target that port; otherwise, it will scan
all available ports.

Parameters:
line (str): The port number to scan (optional). If omitted, the scan will target all ports.

Internal Variables:
rhost (str): The remote host IP address or hostname extracted from the params attribute.

Returns:
None

Example Usage:

• To scan all ports on the specified rhost: sslscan
• To scan a specific port (e.g., port 443) on rhost: sslscan 443

Note:

• The check_rhost() function is used to validate the rhost before running the scan.
• The sslscan-singleip.sh script must be present in the sessions directory.

cewl

This function constructs and executes a command for the 'cewl' tool.
It first checks if the 'url' parameter is set. If not, it prints an error message.
If the 'url' is set, it extracts the domain from the URL using the get_domain function.
Then, it constructs a 'cewl' command with the specified parameters and prepares it for execution.

Scan to a depth of 2 (-d 2) and use a minimum word length of 5 (-m 5), save the words to a file (-w docswords.txt), targeting the given URL (https://example.com):

Parameters:
line (str): The command line input for this function.

Expected self.params keys:

• url (str): The URL to be used for the 'cewl' command.

Example usage:

• set url http://example.com
• do_cewl

dmitry

This function constructs and executes a command for the 'dmitry' tool.
It first checks if the 'url' parameter is set. If not, it prints an error message.
If the 'url' is set, it extracts the domain from the URL using the get_domain function.
Then, it constructs a 'dmitry' command with the specified parameters and prepares it for execution.

Run a domain whois lookup (w), an IP whois lookup (i), retrieve Netcraft info (n), search for subdomains (s), search for email addresses (e), do a TCP port scan (p), and save the output to example.txt (o) for the domain example.com:

Parameters:
line (str): The command line input for this function.

Expected self.params keys:

• url (str): The URL to be used for the 'dmitry' command.

Example usage:

• set url http://example.com
• do_dmitry

graudit

Executes the graudit command to perform a static code analysis with the specified options.

This function runs the 'graudit' tool with the '-A' option for an advanced scan and
the '-i sessions' option to include session files. The results will be displayed
directly in the terminal.

Args:
line (str): Input line from the command interface. This argument is currently
not used within the function but is required for the command
interface structure.

Example:
To run this function from the command interface, simply type 'graudit' and press enter.
The function will execute the 'graudit -A -i sessions' command.

Note:
Ensure that 'graudit' is installed and properly configured in your system's PATH
for this function to work correctly.

msfrpc

Connects to the msfrpcd daemon and allows remote control of Metasploit.

Usage:
msfrpc -a -p -U -P [-S]

This command will prompt the user for necessary information to connect to msfrpcd.

nuclei

Executes a Nuclei scan on a specified target URL or host.

Usage:
nuclei -u [-o ] [other options]

If a URL is provided as an argument, it will be used as the target for the scan.
Otherwise, it will use the target specified in self.params["rhost"].

parsero

Executes a parsero scan on a specified target URL or host.

Usage:
parsero -u [-o ] [other options]

If a URL is provided as an argume...

release/0.1.53

Full Changelog: release/0.1.52...release/0.1.53