moved some stuff to settings, created a class for the exploitation so it is easier to mess with, edited the modules and removed -j and use #54, added new args to the available options, edited the api's by adding a description of what is happening at the time of the execution, a couple edits to autosploit.py

Author: ekultek

api_calls/censys.py

@@ -1,7 +1,10 @@
 import requests
 
 from lib.errors import AutoSploitAPIConnectionError
-from lib.output import error
+from lib.output import (
+    error,
+    info
+)
 from lib.settings import (
     HOST_FILE,
     API_URLS,
@@ -25,6 +28,7 @@ def censys(self):
         """
         connect to the Censys API and pull all IP addresses from the provided query
         """
+        info("searching Censys with given query '{}'".format(self.query))
         discovered_censys_hosts = set()
         try:
             req = requests.post(API_URLS["censys"], auth=(self.id, self.token), json={"query": self.query})

api_calls/shodan.py

@@ -3,7 +3,10 @@
 import requests
 
 from lib.errors import AutoSploitAPIConnectionError
-from lib.output import error
+from lib.output import (
+    error,
+    info
+)
 from lib.settings import (
     API_URLS,
     HOST_FILE,
@@ -27,6 +30,7 @@ def shodan(self):
         """
         connect to the API and grab all IP addresses associated with the provided query
         """
+        info("searching Shodan with given query '{}'".format(self.query))
         discovered_shodan_hosts = set()
         try:
             req = requests.get(API_URLS["shodan"].format(query=self.query, token=self.token))

api_calls/zoomeye.py

@@ -5,7 +5,10 @@
 import requests
 
 from lib.errors import AutoSploitAPIConnectionError
-from lib.output import error
+from lib.output import (
+    error,
+    info
+)
 from lib.settings import (
     API_URLS,
     HOST_FILE,
@@ -56,6 +59,7 @@ def zoomeye(self):
         connect to the API and pull all the IP addresses that are associated with the
         given query
         """
+        info("searching ZoomEye with given query '{}'".format(self.query))
         discovered_zoomeye_hosts = set()
         try:
             token = self.__get_auth()

autosploit.py

@@ -34,10 +34,12 @@
 from lib.settings import (
     validate_ip_addr,
     check_services,
+    cmdline,
     load_api_keys,
     PLATFORM_PROMPT,
     AUTOSPLOIT_PROMPT,
-    AUTOSPLOIT_TERM_OPTS
+    AUTOSPLOIT_TERM_OPTS,
+    USAGE_AND_LEGAL_PATH
 )
 from lib.output import (
     info,
@@ -55,7 +57,6 @@
 local_host = ""
 configured = False
 toolbar_width = 60
-usage_and_legal_path = "{}/etc/general".format(os.getcwd())
 loaded_exploits = load_exploits("{}/etc/json".format(os.getcwd()))
 stop_animation = False
 
@@ -91,32 +92,12 @@ def animation(text):
 
 def usage():
     """Usage & Legal."""
-    global usage_and_legal_path
     print("\033[H\033[J")  # Clear terminal
     logo()
-    with open(usage_and_legal_path) as info:
+    with open(USAGE_AND_LEGAL_PATH) as info:
         print(info.read())
 
 
-def cmdline(command):
-    """
-    Function that allows us to store system command output in a variable.
-    We'll change this later in order to solve the potential security
-    risk that arises when passing untrusted input to the shell.
-
-    I intend to have the issue resolved by Version 1.5.0.
-    """
-
-    command = shlex.split(command)
-
-    process = subprocess.Popen(
-        args=command,
-        stdout=subprocess.PIPE,
-        shell=True
-    )
-    return process.communicate()[0]
-
-
 def exploit(query=None, single=None):
     """Exploit component"""
 
@@ -557,63 +538,6 @@ def try_shodan():
 
 if __name__ == "__main__":
 
-    '''from api_calls import (
-        shodan,
-        censys,
-        zoomeye
-    )
-    from lib.settings import (
-        load_api_keys,
-        API_URLS,
-        AUTOSPLOIT_PROMPT
-    )
-
-    from lib.output import (
-        prompt,
-        info,
-        warning
-    )
-
-    tokens = load_api_keys()
-
-    possible_apis = API_URLS.keys()
-
-    def get_query():
-        query = prompt("enter your search query")
-        return query
-
-    selected = False
-    info_msg = "searching {} API with query '{}'"
-    info("pick a search engine")
-    for i, api in enumerate(sorted(possible_apis), start=1):
-        print("{}. {}".format(i, api))
-
-    while not selected:
-        choice = raw_input(AUTOSPLOIT_PROMPT)
-        try:
-            choice = int(choice)
-            if choice == 1:
-                selected = True
-                query = get_query()
-                info(info_msg.format("Shodan", query))
-                censys.CensysAPIHook(tokens["censys"][1], tokens["censys"][0], query).censys()
-            elif choice == 2:
-                selected = True
-                query = get_query()
-                info(info_msg.format("Censys", query))
-                shodan.ShodanAPIHook(tokens["shodan"][0], query).shodan()
-            elif choice == 3:
-                query = get_query()
-                selected = True
-                info("ZoomEye token will be loaded automatically")
-                info(info_msg.format("Zoomeye", query))
-                zoomeye.ZoomEyeAPIHook(query).zoomeye()
-            else:
-                warning("choice must be between 1-{}".format(len(API_URLS.keys())))
-        except:
-            warning("choice must be integer not string")'''
-
-
     logo()
 
     if len(sys.argv) > 1: