created an automatic issue creator

Author: Ekultek

autosploit/main.py

@@ -6,6 +6,10 @@
 
 from lib.cmdline.cmd import AutoSploitParser
 from lib.term.terminal import AutoSploitTerminal
+from lib.creation.issue_creator import (
+    request_issue_creation,
+    hide_sensitive
+)
 from lib.output import (
     info,
     warning,
@@ -18,9 +22,9 @@
     check_services,
     cmdline,
     close,
-    download_modules_list,
     EXPLOIT_FILES_PATH,
-    START_SERVICES_PATH
+    START_SERVICES_PATH,
+    save_error_to_file,
 )
 from lib.jsonize import (
     load_exploits,
@@ -29,91 +33,99 @@
 
 
 def main():
-
     try:
-        is_admin = os.getuid() == 0
-    except AttributeError:
-        # we'll make it cross platform because it seems like a cool idea
-        is_admin = ctypes.windll.shell32.IsUserAnAdmin() != 0
 
-    if not is_admin:
-        close("must have admin privileges to run")
+        try:
+            is_admin = os.getuid() == 0
+        except AttributeError:
+            # we'll make it cross platform because it seems like a cool idea
+            is_admin = ctypes.windll.shell32.IsUserAnAdmin() != 0
 
-    opts = AutoSploitParser().optparser()
+        if not is_admin:
+            close("must have admin privileges to run")
 
-    if opts.downloadModules is not None:
-        info("downloading modules")
-        for search in opts.downloadModules:
-            downloaded = download_modules_list(search)
-            info("downloaded {} file(s)".format(len(downloaded)))
-            for f in downloaded:
-                print("=> {}".format(f))
-        info("new exploit paths have been added to JSON files, re-run autosploit to access them")
-        exit(1)
+        opts = AutoSploitParser().optparser()
 
-    logo()
-    info("welcome to autosploit, give us a little bit while we configure")
-    misc_info("checking your running platform")
-    platform_running = platform.system()
-    misc_info("checking for disabled services")
-    # according to ps aux, postgre and apache2 are the names of the services on Linux systems
-    service_names = ("postgres", "apache2")
-    if "darwin" in platform_running.lower():
-        service_names = ("postgres", "apachectl")
+        logo()
+        info("welcome to autosploit, give us a little bit while we configure")
+        misc_info("checking your running platform")
+        platform_running = platform.system()
+        misc_info("checking for disabled services")
+        # according to ps aux, postgre and apache2 are the names of the services on Linux systems
+        service_names = ("postgres", "apache2")
+        if "darwin" in platform_running.lower():
+            service_names = ("postgres", "apachectl")
 
-    for service in list(service_names):
-        while not check_services(service):
-            choice = prompt(
-                "it appears that service {} is not enabled, would you like us to enable it for you[y/N]".format(
-                    service.title()
+        for service in list(service_names):
+            while not check_services(service):
+                choice = prompt(
+                    "it appears that service {} is not enabled, would you like us to enable it for you[y/N]".format(
+                        service.title()
+                    )
                 )
-            )
-            if choice.lower().startswith("y"):
-                try:
-                    if "darwin" in platform_running.lower():
-                        cmdline("{} darwin".format(START_SERVICES_PATH))
-                    elif "linux" in platform_running.lower():
-                        cmdline("{} linux".format(START_SERVICES_PATH))
-                    else:
-                        close("your platform is not supported by AutoSploit at this time", status=2)
+                if choice.lower().startswith("y"):
+                    try:
+                        if "darwin" in platform_running.lower():
+                            cmdline("{} darwin".format(START_SERVICES_PATH))
+                        elif "linux" in platform_running.lower():
+                            cmdline("{} linux".format(START_SERVICES_PATH))
+                        else:
+                            close("your platform is not supported by AutoSploit at this time", status=2)
 
-                    # moving this back because it was funky to see it each run
-                    info("services started successfully")
-                # this tends to show up when trying to start the services
-                # I'm not entirely sure why, but this fixes it
-                except psutil.NoSuchProcess:
-                    pass
-            else:
-                process_start_command = "`sudo service {} start`"
-                if "darwin" in platform_running.lower():
-                    process_start_command = "`brew services start {}`"
-                close(
-                    "service {} is required to be started for autosploit to run successfully (you can do it manually "
-                    "by using the command {}), exiting".format(
-                        service.title(), process_start_command.format(service)
+                        # moving this back because it was funky to see it each run
+                        info("services started successfully")
+                    # this tends to show up when trying to start the services
+                    # I'm not entirely sure why, but this fixes it
+                    except psutil.NoSuchProcess:
+                        pass
+                else:
+                    process_start_command = "`sudo service {} start`"
+                    if "darwin" in platform_running.lower():
+                        process_start_command = "`brew services start {}`"
+                    close(
+                        "service {} is required to be started for autosploit to run successfully (you can do it manually "
+                        "by using the command {}), exiting".format(
+                            service.title(), process_start_command.format(service)
+                        )
                     )
-                )
 
-    if len(sys.argv) > 1:
-        info("attempting to load API keys")
-        loaded_tokens = load_api_keys()
-        AutoSploitParser().parse_provided(opts)
+        if len(sys.argv) > 1:
+            info("attempting to load API keys")
+            loaded_tokens = load_api_keys()
+            AutoSploitParser().parse_provided(opts)
+
+            if not opts.exploitFile:
+                misc_info("checking if there are multiple exploit files")
+                loaded_exploits = load_exploits(EXPLOIT_FILES_PATH)
+            else:
+                loaded_exploits = load_exploit_file(opts.exploitFile)
+                misc_info("Loaded {} exploits from {}.".format(
+                    len(loaded_exploits),
+                    opts.exploitFile))
 
-        if not opts.exploitFile:
+            AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits)
+        else:
+            warning(
+                "no arguments have been parsed, defaulting to terminal session. "
+                "press 99 to quit and help to get help"
+            )
             misc_info("checking if there are multiple exploit files")
             loaded_exploits = load_exploits(EXPLOIT_FILES_PATH)
-        else:
-            loaded_exploits = load_exploit_file(opts.exploitFile)
-            misc_info("Loaded {} exploits from {}.".format(
-                len(loaded_exploits),
-                opts.exploitFile))
+            info("attempting to load API keys")
+            loaded_tokens = load_api_keys()
+            terminal = AutoSploitTerminal(loaded_tokens)
+            terminal.terminal_main_display(loaded_exploits)
+    except Exception as e:
+        import traceback
+
+        print(
+            "\033[31m[!] AutoSploit has hit an unhandled exception: '{}', "
+            "in order for the developers to troubleshoot and repair the "
+            "issue AutoSploit will need to gather your OS information, metasploit version, "
+            "current arguments, the error message, and a traceback. "
+            "None of this information can be used to identify you in any way\033[0m".format(str(e))
+        )
+        error_traceback = ''.join(traceback.format_tb(sys.exc_info()[2]))
+        error_file = save_error_to_file(str(error_traceback))
+        request_issue_creation(error_file, hide_sensitive(), str(e))
 
-        AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits)
-    else:
-        warning("no arguments have been parsed, defaulting to terminal session. press 99 to quit and help to get help")
-        misc_info("checking if there are multiple exploit files")
-        loaded_exploits = load_exploits(EXPLOIT_FILES_PATH)
-        info("attempting to load API keys")
-        loaded_tokens = load_api_keys()
-        terminal = AutoSploitTerminal(loaded_tokens)
-        terminal.terminal_main_display(loaded_exploits)

etc/text_files/auth.key

@@ -0,0 +1 @@
+Vm0wd2VFMUdiRmhTV0d4V1YwZG9XVll3WkRSV1ZteHlWMjVrVlUxV2NIbFdNalZyWVZVeFYxZHVhRmRTZWtFeFZtMTRTMk15VGtsaFJscHBWa1ZhU1ZkV1VrZFRNazE0Vkc1V2FsSnRhRzlVVmxwWFRrWmFjbHBFVWxwV2JIQllWVEkxVDFkSFNraFZiR2hhWVRGYU0xWXhXbUZqTVZwMFVteG9hVlpyV1hwV1IzaGhZekZhU0ZOclpGaGlSMmhvVm1wT1UyRkdiRlpYYlhScVlrWmFlVlV5Y3pGV01rcEpVV3hzVjFaNlJUQlpla3BIWXpGT2MxWnNaR2xTYTNCWFZtMHhOR1F3TUhoalJXaHNVakJhVlZWc1VsZFhiR1J5VjIxR2FGWnNjSHBaTUZadlZqRktjMk5HYUZwaGExcG9WbXBHYTJOc1pISlBWbVJPWWxkb1dsWXhXbE5TTVZwMFZtdGthbEpXY0ZsWmExVXhZMVpTVjFkdFJrNVdiRlkxV1ROd1YxWnJNVmRqUldSWFRXNUNTRlpxUm1GV01rNUhWRzFHVTFKV2NFVldiR1EwVVRGYVZrMVZWazVTUkVFNQ==:9

lib/creation/__init__.py

@@ -0,0 +1,167 @@
+import re
+import sys
+import json
+import platform
+import hashlib
+import base64
+try:
+    from urllib2 import Request, urlopen
+except ImportError:
+    from urllib.request import Request, urlopen
+
+import requests
+from bs4 import BeautifulSoup
+
+import lib.settings
+import lib.output
+import lib.banner
+
+try:
+    raw_input
+except NameError:
+    raw_input = input
+
+
+def create_identifier(data):
+    obj = hashlib.sha1()
+    try:
+        obj.update(data)
+    except:
+        obj.update(data.encode("utf-8"))
+    return obj.hexdigest()[1:10]
+
+
+def get_token(path):
+    """
+    we know what this is for
+    """
+    with open(path) as _token:
+        data = _token.read()
+        token, n = data.split(":")
+        for _ in range(int(n)):
+            token = base64.b64decode(token)
+    return token
+
+
+def ensure_no_issue(param):
+    """
+    ensure that there is not already an issue that has been created for yours
+    """
+    urls = (
+        "https://github.com/NullArray/AutoSploit/issues",
+        "https://github.com/NullArray/AutoSploit/issues?q=is%3Aissue+is%3Aclosed"
+    )
+    for url in urls:
+        req = requests.get(url)
+        param = re.compile(param)
+        try:
+            if param.search(req.content) is not None:
+                return True
+        except:
+            content = str(req.content)
+            if param.search(content) is not None:
+                return True
+    return False
+
+
+def find_url(params):
+    """
+    get the URL that your issue is created at
+    """
+    searches = (
+        "https://github.com/NullArray/AutoSploit/issues",
+        "https://github.com/NullArray/AutoSploit/issues?q=is%3Aissue+is%3Aclosed"
+    )
+    for search in searches:
+        retval = "https://github.com{}"
+        href = None
+        searcher = re.compile(params, re.I)
+        req = requests.get(search)
+        status, html = req.status_code, req.content
+        if status == 200:
+            split_information = str(html).split("\n")
+            for i, line in enumerate(split_information):
+                if searcher.search(line) is not None:
+                    href = split_information[i - 1]
+        if href is not None:
+            soup = BeautifulSoup(href, "html.parser")
+            for item in soup.findAll("a"):
+                link = item.get("href")
+                return retval.format(link)
+    return None
+
+
+def hide_sensitive():
+    sensitive = (
+        "--proxy", "-P", "--personal-agent", "-q", "--query", "-C", "--config",
+        "--whitelist", "--msf-path"
+    )
+    args = sys.argv
+    for item in sys.argv:
+        if item in sensitive:
+            try:
+                item_index = args.index(item) + 1
+                hidden = ''.join([x.replace(x, "*") for x in str(args[item_index])])
+                args.pop(item_index)
+                args.insert(item_index, hidden)
+                return ' '.join(args)
+            except:
+                return ' '.join([item for item in sys.argv])
+
+
+def request_issue_creation(path, arguments, error_message):
+    """
+    request the creation and create the issue
+    """
+
+    question = raw_input(
+        "do you want to create an anonymized issue?[y/N]: "
+    )
+    if question.lower().startswith("y"):
+        # gonna read a chunk of it instead of one line
+        chunk = 4096
+        with open(path) as data:
+            identifier = create_identifier(data.read(chunk))
+            # gotta seek to the beginning of the file since it's already been read `4096` into it
+            data.seek(0)
+            issue_title = "Unhandled Exception ({})".format(identifier)
+
+        issue_data = {
+            "title": issue_title,
+            "body": (
+                "Autosploit version: `{}`\n"
+                "OS information: `{}`\n"
+                "Running context: `{}`\n"
+                "Error meesage: `{}`\n"
+                "Error traceback:\n```\n{}\n```\n"
+                "Metasploit launched: `{}`\n".format(
+                    lib.banner.VERSION,
+                    platform.platform(),
+                    ' '.join(sys.argv),
+                    error_message,
+                    open(path).read(),
+                    lib.settings.MSF_LAUNCHED,
+                )
+            )
+        }
+
+        _json_data = json.dumps(issue_data)
+        if sys.version_info > (3,):  # python 3
+            _json_data = _json_data.encode("utf-8")
+
+        if not ensure_no_issue(identifier):
+            req = Request(
+                url="https://api.github.com/repos/nullarray/autosploit/issues", data=_json_data,
+                headers={"Authorization": "token {}".format(get_token(lib.settings.TOKEN_PATH))}
+            )
+            urlopen(req, timeout=10).read()
+            lib.output.info(
+                "issue has been generated with the title '{}', at the following "
+                "URL '{}'".format(
+                    issue_title, find_url(identifier)
+                )
+            )
+        else:
+            lib.output.error(
+                "someone has already created this issue here: {}".format(find_url(identifier))
+            )

lib/creation/issue_creator.py

@@ -19,7 +19,7 @@ def whitelist_wash(hosts, whitelist_file):
     whitelist_hosts = [x.strip() for x in open(whitelist_file).readlines() if x.strip()]
     lib.output.info('Found {} entries in whitelist.txt, scrubbing'.format(str(len(whitelist_hosts))))
     washed_hosts = []
-    #return supplied hosts if whitelist file is empty
+    # return supplied hosts if whitelist file is empty
     if len(whitelist_hosts) == 0:
         return hosts
     else:
@@ -70,6 +70,8 @@ def start_exploit(self, sep="*" * 10):
         if self.dry_run:
             lib.settings.close("dry run was initiated, exploitation will not be done")
 
+        lib.settings.MSF_LAUNCHED = True
+
         today_printable = datetime.datetime.today().strftime("%Y-%m-%d_%Hh%Mm%Ss")
         current_run_path = path.join(lib.settings.RC_SCRIPTS_PATH, today_printable)
         makedirs(current_run_path)