Merge pull request #62 from NullArray/cmdline

NullArray · web-flow · commit cd0483d2d1bc · 2018-02-22T10:43:37.000Z
Arguments
diff --git a/autosploit.py b/autosploit.py
@@ -23,15 +23,14 @@
 import pickle
 import threading
 import subprocess
-import json
-import requests
 import censysSearch
 import shodan
 # idk if you're going to need this since retrying is a decorator (see line 410)
 # from retrying import retry
 from blessings import Terminal
 
 from lib.jsonize import load_exploits
+from lib.cmdline.cmd import AutoSploitParser
 
 
 t = Terminal()
@@ -598,6 +597,12 @@ def try_shodan():
 
 
 if __name__ == "__main__":
+
+    if len(sys.argv) > 1:
+        opts = AutoSploitParser().optparser()
+        AutoSploitParser().single_run_args(opts)
+
+
     logo()
 
     print("[{}]Initializing AutoSploit...".format(t.green("+")))
diff --git a/etc/text_files/ethics.lst b/etc/text_files/ethics.lst
@@ -0,0 +1,12 @@
+"Consider if playing Xbox would be a wiser choice before proceeding..."
+"Think of it this way, is it worth the jail time?"
+"In the end, I can't figure out how to use Autosploit in a way that isn't merely a random act of vandalism.."
+"Threat or menace? 'Autosploit' tool sparks fears of empowered 'script kiddies'"
+"So far the response to AutoSploit has been a mix of outrage, fear, some applause, and more than a few shrugs."
+"Releasing AutoSploit, making mass exploitation even easier, was irresponsible. My friends at the FBI remind us all that while exploitation is easier, it is not any less illegal. #scriptkiddiesbeware"
+"New tool makes hacking even easier. Many people are critical of the release."
+"The kids are not more dangerous. They already were dangerous. We’ve simply given them a newer, simpler, shinier way to exploit everything that’s broken. Maybe we should fix the ROOT problem"
+"This provides an unending opportunity for cybercriminals and script kiddies to hijack vulnerable devices and subsequently launch attacks against online organizations with ease"
+"Both Metasploit and Shodan have been available for years, as integral to the pen testers toolkit as Nessus and Burpsuite. But with Autosploit pulling them together, the concern should be focused on curious kids thinking it would be fun to see what they can find"
+"My fear is that this has magnified the attack surface, and made it so that every exposed service on the internet will be scanned and probed on a near-constant basis by an entirely new set of attackers."
+"The release of tools like these exponentially expands the threat landscape by allowing a wider group of hackers to launch global attacks at will"
diff --git a/lib/cmdline/__init__.py b/lib/cmdline/__init__.py
diff --git a/lib/cmdline/cmd.py b/lib/cmdline/cmd.py
@@ -0,0 +1,37 @@
+import os
+import sys
+import random
+import argparse
+
+
+class AutoSploitParser(argparse.ArgumentParser):
+
+    def __init__(self):
+        super(AutoSploitParser, self).__init__()
+
+    @staticmethod
+    def optparser():
+        parser = argparse.ArgumentParser()
+        parser.add_argument("-c", "--censys", action="store_true", dest="searchCensys",
+                            help="use censys.io as the search engine instead of shodan.io to gather hosts")
+        parser.add_argument("-b", "--both", action="store_true", dest="searchBoth",
+                            help="search both shodan.io and censys.io for hosts")
+        parser.add_argument("--proxy", metavar="PROTO://IP:PORT", dest="proxyConfig",
+                            help="run behind a proxy while performing the searches")
+        parser.add_argument("-e", "--exploit-file", metavar="PATH", dest="exploitList",
+                            help="provide a text file to convert into JSON and save for later use")
+        parser.add_argument("-E", "--exploit", metavar="EXPLOIT", dest="singleExploit",
+                            help="pass a single exploit in the same format as the JSON file(s)")
+        parser.add_argument("--ethics", action="store_true", dest="displayEthics",
+                            help=argparse.SUPPRESS)  # easter egg!
+        opts = parser.parse_args()
+        return opts
+
+    @staticmethod
+    def single_run_args(opt):
+        if opt.displayEthics:
+            ethics_file = "{}/etc/text_files/ethics.lst".format(os.getcwd())
+            with open(ethics_file) as ethics:
+                ethic = random.choice(ethics.readlines()).strip()
+                print("Your ethic for the day:\n\n{}".format(ethic))
+                sys.exit(0)
