added TODO's for reference

Author: ekultek

.gitignore

@@ -5,3 +5,4 @@ hosts.txt
 secret.p
 uid.p
 etc/tokens/*
+autosploit_out/*

autosploit/main.py

@@ -77,6 +77,8 @@ def main():
         loaded_tokens = load_api_keys()
         AutoSploitParser().parse_provided(opts)
 
+        # TODO[5] figure out why this isn't used anywhere
+        # maybe we can just remove it, idk
         loaded_exploits = []
         if not opts.exploitFile:
             misc_info("checking if there are multiple exploit files")

lib/cmdline/cmd.py

@@ -154,6 +154,8 @@ def single_run_args(opt, keys, loaded_modules):
         elif opt.appendHosts:
             search_save_mode = "a"
 
+        # TODO[4]:// move the searches into their own class and call it from the static method if a search is needed
+        # this is ugly and i wanna change it
         if opt.searchCensys:
             lib.output.info(single_search_msg.format("Censys"))
             api_searches[2](

lib/exploitation/exploiter.py

@@ -1,6 +1,7 @@
-import datetime
-import csv
 import re
+import csv
+import datetime
+
 from os import (
     makedirs,
     path,
@@ -37,8 +38,16 @@ def __init__(self, configuration, all_modules, hosts=None, **kwargs):
         self.hosts = hosts
         self.configuration = configuration
         self.mods = all_modules
+        # TODO[1]:// fix the relevant module sorting
+        # there's a bug in the way the modules are sorted right here
+        # it creates a temp file wit hthe query name, but if the terminal
+        # is run multiple times, it will not recreate the file and instead
+        # opens an empty
         self.query = kwargs.get("query", lib.settings.QUERY_FILE_PATH)
-        self.query_file = open(self.query).read()
+        try:
+            self.query_file = open(self.query).read()
+        except:
+            self.query_file = ""
         self.single = kwargs.get("single", None)
         self.ruby_exec = kwargs.get("ruby_exec", False)
         self.msf_path = kwargs.get("msf_path", None)
@@ -47,7 +56,7 @@ def __init__(self, configuration, all_modules, hosts=None, **kwargs):
     def view_sorted(self):
         """
         view the modules that have been sorted by the relevance
-        there is a chance this will display 0
+        there is a chance this will display 0 (see TODO[1])
         """
         for mod in self.sorted_modules:
             print(mod)
@@ -83,7 +92,6 @@ def start_exploit(self, sep="*" * 10):
                                "All Logs"])
 
         lib.output.info("Launching exploits against {hosts_len} hosts:".format(hosts_len=len(self.hosts)))
-        lib.output.info("{}".format((linesep+"\t").join(self.hosts)))
 
         win_total = 0
         fail_total = 0

lib/settings.py

@@ -34,7 +34,7 @@
 RC_SCRIPTS_PATH = "{}/autosploit_out/".format(CUR_DIR)
 
 # path to the file that will contain our query
-QUERY_FILE_PATH = tempfile.NamedTemporaryFile(delete=False).name
+# QUERY_FILE_PATH = tempfile.NamedTemporaryFile(delete=False).name
 
 # default HTTP User-Agent
 DEFAULT_USER_AGENT = "AutoSploit/{} (Language=Python/{}; Platform={})".format(
@@ -151,9 +151,7 @@ def load_api_keys(unattended=False, path="{}/etc/tokens".format(CUR_DIR)):
     load the API keys from their .key files
     """
 
-    """
-    make the directory if it does not exist
-    """
+    # make the directory if it does not exist
     if not os.path.exists(path):
         os.mkdir(path)
 
@@ -177,14 +175,9 @@ def load_api_keys(unattended=False, path="{}/etc/tokens".format(CUR_DIR)):
 
 def cmdline(command):
     """
-    Function that allows us to store system command output in a variable.
-    We'll change this later in order to solve the potential security
-    risk that arises when passing untrusted input to the shell.
-
-    I intend to have the issue resolved by Version 1.5.0.
+    send the commands through subprocess
     """
 
-    #os.system(command)
     lib.output.info("Executing command '{}'".format(command.strip()))
     split_cmd = [x.strip() for x in command.split(" ") if x]
 
@@ -205,6 +198,7 @@ def check_for_msf():
     """
     return os.getenv("msfconsole", False) or distutils.spawn.find_executable("msfconsole")
 
+
 def logo():
     """
     display a random banner from the banner.py file

lib/term/terminal.py

@@ -80,7 +80,7 @@ def view_gathered_hosts(self):
 
     def add_single_host(self):
         """
-        add a singluar host to the hosts.txt file and check if the host
+        add a singular host to the hosts.txt file and check if the host
         will resolve to a true IP address, if it is not a true IP address
         you will be re-prompted for an IP address
 
@@ -129,7 +129,13 @@ def gather_hosts(self, query, given_choice=None, proxy=None, agent=None):
         else:
             choice = given_choice
         while not searching:
+            # TODO[2]:// bug in the animation, if the user chooses one search engine to search
+            # the animation does not stop when the user chooses a single search engine, instead
+            # the user will see the animation continuously until they either:
+            #   A) exit the terminal
+            #   B) search another search engine
             try:
+                # something in here needs to change (see TODO[2])
                 choice = int(choice)
                 if choice == 1:
                     choice_dict[choice](
@@ -204,29 +210,36 @@ def exploit_gathered_hosts(self, loaded_mods, hosts=None):
             ruby_exec=ruby_exec,
             msf_path=msf_path
         )
-        sorted_mods = exploiter.sort_modules_by_query()
-        choice = lib.output.prompt(
-            "a total of {} modules have been sorted by relevance, would you like to display them[y/N]".format(
-                len(sorted_mods)
+        try:
+            sorted_mods = exploiter.sort_modules_by_query()
+            choice = lib.output.prompt(
+                "a total of {} modules have been sorted by relevance, would you like to display them[y/N]".format(
+                    len(sorted_mods)
+                )
             )
-        )
-        if not choice.lower().strip().startswith("y"):
-            mods = lib.output.prompt("use relevant modules[y/N]")
-            if mods.lower().startswith("n"):
-                lib.output.info("starting exploitation with all loaded modules (total of {})".format(len(loaded_mods)))
-                exploiter.start_exploit()
-            elif mods.lower().startswith("y"):
-                lib.output.info("starting exploitation with sorted modules (total of {})".format(len(sorted_mods)))
-                exploiter.start_exploit()
-        else:
-            exploiter.view_sorted()
-            mods = lib.output.prompt("use relevant modules[y/N]")
-            if mods.lower().startswith("n"):
-                lib.output.info("starting exploitation with all loaded modules (total of {})".format(len(loaded_mods)))
-                exploiter.start_exploit()
-            elif mods.lower().startswith("y"):
-                lib.output.info("starting exploitation with sorted modules (total of {})".format(len(sorted_mods)))
-                exploiter.start_exploit()
+
+            if not choice.lower().strip().startswith("y"):
+                mods = lib.output.prompt("use relevant modules[y/N]")
+                if mods.lower().startswith("n"):
+                    lib.output.info(
+                        "starting exploitation with all loaded modules (total of {})".format(len(loaded_mods)))
+                    exploiter.start_exploit()
+                elif mods.lower().startswith("y"):
+                    lib.output.info("starting exploitation with sorted modules (total of {})".format(len(sorted_mods)))
+                    exploiter.start_exploit()
+            else:
+                exploiter.view_sorted()
+                mods = lib.output.prompt("use relevant modules[y/N]")
+                if mods.lower().startswith("n"):
+                    lib.output.info(
+                        "starting exploitation with all loaded modules (total of {})".format(len(loaded_mods)))
+                    exploiter.start_exploit()
+                elif mods.lower().startswith("y"):
+                    lib.output.info("starting exploitation with sorted modules (total of {})".format(len(sorted_mods)))
+                    exploiter.start_exploit()
+        except AttributeError:
+            lib.output.warning("unable to sort modules by relevance")
+
 
     def custom_host_list(self, mods):
         """
@@ -268,6 +281,7 @@ def __config_headers():
                 for i in lib.settings.AUTOSPLOIT_TERM_OPTS.keys():
                     print("{}. {}".format(i, lib.settings.AUTOSPLOIT_TERM_OPTS[i].title()))
                 choice = raw_input(lib.settings.AUTOSPLOIT_PROMPT)
+                # TODO[3] this is ugly so it needs to change
                 try:
                     choice = int(choice)
                     if choice == 99:
@@ -296,6 +310,7 @@ def __config_headers():
                         with open(lib.settings.QUERY_FILE_PATH, "a+") as _query:
                             _query.write(query)
                         proxy, agent = __config_headers()
+                        # possibly needs to change here (see TODO[2])
                         self.gather_hosts(query, proxy=proxy, agent=agent)
                         print(self.sep)
                     elif choice == 1:

run_autosploit.sh

@@ -1,16 +1,22 @@
 #!/bin/bash
 
 
-if [[ $# -lt 2 ]]; then
+# TODO[6] this causes an AttributeError somewhere
+
+if [[ $# -lt 1 ]]; then
     echo "Syntax:"
-    echo -e "\t./run_autosploit.sh <whitelist.txt> <exposed_lport>"
+    echo -e "\t./run_autosploit.sh PORT [WHITELIST]"
 	exit 1
 fi
 
-WHITELIST=$1
-LPORT=$2
+WHITELIST=$2
+LPORT=$1
 
 LHOST=`dig +short @resolver1.opendns.com myip.opendns.com`
 TIMESTAMP=`date +%s`
 
-python autosploit.py --whitelist $WHITELIST -e -C "msf_autorun_${TIMESTAMP}" $LHOST $LPORT -f etc/json/default_modules.json
+if [[ ! $WHITELIST ]]; then
+  python autosploit.py -e -C "msf_autorun_${TIMESTAMP}" $LHOST $LPORT -f etc/json/default_modules.json
+else
+  python autosploit.py --whitelist $WHITELIST -e -C "msf_autorun_${TIMESTAMP}" $LHOST $LPORT -f etc/json/default_modules.json
+fi;