pushing the API packages to Github, will implement them later on (issue #64 and #49)

Author: ekultek

api_calls/__init__.py

@@ -0,0 +1,31 @@
+import requests
+
+from lib.errors import AutoSploitAPIConnectionError
+from lib.output import error
+from lib.settings import (
+    HOST_FILE,
+    API_URLS,
+    write_to_file
+)
+
+
+class CensysAPIHook(object):
+
+    def __init__(self, identity, token, query):
+        self.id = identity
+        self.token = token
+        self.query = query
+        self.host_file = HOST_FILE
+
+    def censys(self):
+        discovered_censys_hosts = set()
+        try:
+            req = requests.post(API_URLS["censys"], auth=(self.id, self.token), json={"query": self.query})
+            json_data = req.json()
+            for item in json_data["results"]:
+                discovered_censys_hosts.add(str(item["ip"]))
+            write_to_file(discovered_censys_hosts, self.host_file)
+            return True
+        except Exception as e:
+            error(AutoSploitAPIConnectionError(str(e)))
+            return False

api_calls/censys.py

@@ -0,0 +1,35 @@
+import json
+
+import requests
+
+from lib.errors import AutoSploitAPIConnectionError
+from lib.output import error
+from lib.settings import (
+    API_URLS,
+    HOST_FILE,
+    write_to_file
+)
+
+
+class ShodanAPIHook(object):
+
+    def __init__(self, token, query, proxy=None):
+        self.token = token
+        self.query = query
+        self.proxy = proxy
+        self.host_file = HOST_FILE
+
+    def shodan(self):
+        discovered_shodan_hosts = set()
+        try:
+            req = requests.get(API_URLS["shodan"].format(query=self.query, token=self.token))
+            json_data = json.loads(req.content)
+            for match in json_data["matches"]:
+                discovered_shodan_hosts.add(match["ip_str"])
+            write_to_file(discovered_shodan_hosts, self.host_file)
+            return True
+        except Exception as e:
+            error(AutoSploitAPIConnectionError(str(e)))
+            return False
+
+

api_calls/shodan.py

@@ -0,0 +1,60 @@
+import os
+import base64
+import json
+
+import requests
+
+from lib.errors import AutoSploitAPIConnectionError
+from lib.output import error
+from lib.settings import (
+    API_URLS,
+    HOST_FILE,
+    write_to_file
+)
+
+
+class ZoomEyeAPIHook(object):
+
+    def __init__(self, query):
+        self.query = query
+        self.host_file = HOST_FILE
+        self.user_file = "{}/etc/text_files/users.lst".format(os.getcwd())
+        self.pass_file = "{}/etc/text_files/passes.lst".format(os.getcwd())
+
+    @staticmethod
+    def __decode(filepath):
+        with open(filepath) as f:
+            data = f.read()
+            token, n = data.split(":")
+            for _ in range(int(n.strip())):
+                token = base64.b64decode(token)
+        return token.strip()
+
+    def __get_auth(self):
+        username = self.__decode(self.user_file)
+        password = self.__decode(self.pass_file)
+        data = {"username": username, "password": password}
+        req = requests.post(API_URLS["zoomeye"][0], json=data)
+        token = json.loads(req.content)
+        return token
+
+    def zoomeye(self):
+        discovered_zoomeye_hosts = set()
+        try:
+            token = self.__get_auth()
+            headers = {"Authorization": "JWT {}".format(str(token["access_token"]))}
+            params = {"query": self.query, "page": "1", "facet": "ipv4"}
+            req = requests.get(API_URLS["zoomeye"][1].format(query=self.query), params=params, headers=headers)
+            _json_data = req.json()
+            for item in _json_data["matches"]:
+                if len(item["ip"]) > 1:
+                    # TODO:/ grab all the IP addresses when there's more then 1
+                    discovered_zoomeye_hosts.add(str(item["ip"][0]))
+                else:
+                    discovered_zoomeye_hosts.add(str(item["ip"][0]))
+            write_to_file(discovered_zoomeye_hosts, self.host_file)
+            return True
+        except Exception as e:
+            error(AutoSploitAPIConnectionError(str(e)))
+            return False
+

api_calls/zoomeye.py

@@ -13,6 +13,7 @@
  - Fix the non-existing host path reference line #409
  - Create a retry decorator with a max of 5 min of 3 line #436
  - Add a secondary check to make sure autosploit is running line #535
+ - Implement the API packages into the flow (api_calls, will create a `main` class or function for it)
 """
 
 import os
@@ -58,12 +59,19 @@
 stop_animation = False
 
 
-def logo(line_sep="#--", space=" " * 30):
-    """Logo."""
-    print banner_main()
+def logo():
+    """
+    display a random banner from the banner.py file
+    """
+    print(banner_main())
 
 
 def animation(text):
+    """
+    display an animation while working, this will be
+    single threaded so that it will not screw with the
+    current running process
+    """
     global stop_animation
     i = 0
     while not stop_animation:

autosploit.py

@@ -0,0 +1 @@
+Vm0xNFUxSXlTWGxUV0dST1UwZFNUMVV3YUVOWFZteFZVMnhPV0ZKdGVIcFdiR2hyWWtaYWMxTnVjRmRpV0VKRVdWZDRkMDVyTVVWaGVqQTk=:7

etc/text_files/passes.lst

@@ -0,0 +1 @@
+Vm1wR2IyUXhVWGhXV0d4V1lteEtWVmx0ZUV0WFJteFZVVzFHYWxac1NsbGFWV1JIWVd4YWMxTnJiRlZXYkhCUVdWUktTMU5XUmxsalJscFRZa1ZaZWxaVldrWlBWa0pTVUZRd1BRPT0=:7

etc/text_files/users.lst

@@ -0,0 +1 @@
+class AutoSploitAPIConnectionError(Exception): pass

lib/errors.py

@@ -4,11 +4,22 @@
 
 import psutil
 
+import lib.output
 
+
+HOST_FILE = "{}/hosts.txt".format(os.getcwd())
 START_POSTGRESQL_PATH = "{}/etc/scripts/start_postgre.sh".format(os.getcwd())
 START_APACHE_PATH = "{}/etc/scripts/start_apache.sh".format(os.getcwd())
 PLATFORM_PROMPT = "\n{}@\033[36mPLATFORM\033[0m$ ".format(getpass.getuser())
 AUTOSPLOIT_PROMPT = "\n\033[31m{}\033[0m@\033[36mautosploit\033[0m# ".format(getpass.getuser())
+API_URLS = {
+    "shodan": "https://api.shodan.io/shodan/host/search?key={token}&query={query}",
+    "censys": "https://censys.io/api/v1/search/ipv4",
+    "zoomeye": (
+        "https://api.zoomeye.org/user/login",
+        "https://api.zoomeye.org/web/search"
+    )
+}
 AUTOSPLOIT_TERM_OPTS = {
     1: "usage and legal", 2: "gather hosts", 3: "custom hosts",
     4: "add single host", 5: "view gathered hosts", 6: "exploit gathered hosts",
@@ -17,6 +28,9 @@
 
 
 def validate_ip_addr(provided):
+    """
+    validate an IP address to see if it is real or not
+    """
     try:
         socket.inet_aton(provided)
         return True
@@ -25,11 +39,37 @@ def validate_ip_addr(provided):
 
 
 def check_services(service_name):
+    """
+    check to see if certain services ar started
+    """
     all_processes = set()
     for pid in psutil.pids():
         running_proc = psutil.Process(pid)
         all_processes.add(" ".join(running_proc.cmdline()).strip())
     for proc in list(all_processes):
         if service_name in proc:
             return True
-    return False
+    return False
+
+
+def write_to_file(data_to_write, filename, mode="a+"):
+    """
+    write data to a specified file, if it exists, ask to overwrite
+    """
+    if os.path.exists(filename):
+        is_append = lib.output.prompt("would you like to (a)ppend or (o)verwrite the file")
+        if is_append == "o":
+            mode = "w"
+        elif is_append == "a":
+            mode = "a+"
+        else:
+            lib.output.warning("invalid input provided ('{}'), appending to file".format(is_append))
+            mode = "a+"
+    with open(filename, mode) as log:
+        if isinstance(data_to_write, (tuple, set, list)):
+            for item in list(data_to_write):
+                log.write("{}{}".format(item.strip(), os.linesep))
+        else:
+            log.write(data_to_write)
+    lib.output.info("successfully wrote info to '{}'".format(filename))
+    return filename