#!/usr/bin/env python3 # badKarma - network reconnaissance toolkit # ( https://badkarma.xfiltrated.com ) # # Copyright (C) 2018 <Giuseppe `r3vn` Corti> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import os import gi import signal gi.require_version('Gtk', '3.0') from gi.repository import Gtk from gi.repository import Gdk from core import widgets, file_filters from core.extensions import base_ext class karma_ext(base_ext): name = "bruter" log = True menu = { "service" : ["all"], "label" : "Send to Bruter" } def get_log(self, output): """ bruter read function, (parser could be implemented?)""" scrolledwindow = Gtk.ScrolledWindow() scrolledwindow.set_hexpand(True) scrolledwindow.set_vexpand(True) textview = widgets.SourceView() textbuffer = textview.get_buffer() textbuffer.set_text(output) textview.set_editable(False) scrolledwindow.add(textview) textview.show() return scrolledwindow def task(self, config): serv = config["service"] self.proxy = config["proxychains"] auto_exec = config["autoexec"] rhost = config["rhost"] rport = config["rport"] output_file = config["outfile"] path_config = config["path_config"] path_wordlist = config["path_wordlist"] path_script = config["path_script"] config_file = self.conf() builder = self.gui() self.running = False self.bruter_box = builder.get_object("bruter-box") self.bruter_host = builder.get_object("bruter-host") self.bruter_port = builder.get_object("bruter-port") self.bruter_threads = builder.get_object("bruter-threads") self.bruter_terminal_loc = builder.get_object("bruter-terminal-loc") self.bruter_start = builder.get_object("bruter-start") self.bruter_service = builder.get_object("bruter-service") self.bruter_user_box = builder.get_object("bruter-user-box") self.bruter_user_checkbox = builder.get_object("bruter-user-wordlsit-checkbox") self.bruter_user_wl_path = builder.get_object("bruter-user-wordlist") self.bruter_pass_wl_path = builder.get_object("bruter-pass-wordlist") self.bruter_user_wl_open = builder.get_object("bruter-user-wordlist-open") self.bruter_pass_wl_open = builder.get_object("bruter-pass-wordlist-open") self.bruter_reversed = builder.get_object("reversed") self.bruter_login_as_pass = builder.get_object("login-as-pass") self.bruter_blank_pass = builder.get_object("blank-pass") self.bruter_use_ssl = builder.get_object("use-ssl") self.bruter_exit_on_first = builder.get_object("exit-on-first-good") self.bruter_terminal = widgets.Terminal() self.bruter_terminal_loc.add(self.bruter_terminal) self.bruter_user_checkbox_enabled = False self.bruter_user_box.set_sensitive(True) self.bruter_user_wl_path.set_sensitive(False) self.bruter_user_wl_open.set_sensitive(False) self.bruter_user_wl_open.connect("clicked", self.bruter_open_user_file) self.bruter_pass_wl_open.connect("clicked", self.bruter_open_pass_file) self.bruter_start.connect("clicked", self._bruter_start) # filil the service combo-box name_store = Gtk.ListStore(str) hydra_services = ["afp", "asterisk", "cisco-enable", "cisco", "cvs", "firebird", "ftp", "http-proxy-urlenum", "http-proxy", "http-get","http-head","https-get", "https-head", "icq", "imap", "irc", "ldap", "mssql", "mysql", "ncp", "nntp", "oracle-listener", "oracle-sid", "oracle", "pcanywhere", "pcnfs", "pop3", "postgres", "rdp", "redis", "rexec", "rlogin", "rpcap", "rsh", "rtsp", "s7-300", "sapr3", "sip", "smb","smtp-enum", "smtp", "snmp", "socks5", "ssh", "ssh-key", "svn", "teamspeak", "telnet", "time", "vmauthd", "vnc", "xmpp"] for service in hydra_services: name_store.append([service]) vbox = Gtk.Box(orientation=Gtk.Orientation.VERTICAL, spacing=6) self.bruter_service_combo = Gtk.ComboBox.new_with_model_and_entry(name_store) self.bruter_user_checkbox.connect("toggled", self._bruter_check_user) self.bruter_service_combo.set_entry_text_column(0) vbox.pack_start(self.bruter_service_combo, False, False, 0) self.bruter_service.add(vbox) # bruter wordlists default_user_wordlist = config_file["default"]["user_wordlist"].replace("$wordlists", path_wordlist) defautl_pass_wordlist = config_file["default"]["pass_wordlist"].replace("$wordlists", path_wordlist) self.bruter_user_wl_path.set_text(default_user_wordlist) self.bruter_pass_wl_path.set_text(defautl_pass_wordlist) self.bruter_box.show_all() status = self.bruter_terminal.status self.pid = self.bruter_terminal.pid self.bruter_terminal.connect("child_exited", self.task_terminated) self.bruter_terminal.hide() self.bruter_host.set_text(rhost) self.bruter_port.set_text(rport) # set default values self.bruter_blank_pass.set_active(config_file.getboolean("default", "blank_password")) self.bruter_login_as_pass.set_active(config_file.getboolean("default", "try_login_as_password")) self.bruter_use_ssl.set_active(config_file.getboolean("default", "use_ssl")) self.bruter_exit_on_first.set_active(config_file.getboolean("default", "exit_on_first_good")) self.bruter_user_checkbox.set_active(config_file.getboolean("default", "brute_force_user")) self.bruter_threads.set_text(config_file["default"]["threads"]) self.bruter_user_box.set_text(config_file["default"]["user"]) service_model = self.bruter_service_combo.get_model() iter1 = 0 for ser in service_model: if ser[0] == config["service"]: break iter1 += 1 self.bruter_service_combo.set_active(iter1) if config["autoexec"]: self._bruter_start('test') return self.bruter_box, self.pid def read(self, output): return output def task_terminated(self, widget, two): self.bruter_box.set_sensitive(False) self.emit('end_task', str(widget.get_text_range(0,0,widget.get_cursor_position()[1] + widget.get_row_count(),10)[0])) def _bruter_start(self, widget): # start the brute force process if self.bruter_start.get_label() == "start": cmd = "hydra -t "+self.bruter_threads.get_text()+" " #-l root -P /usr/share/wordlists/dnsmap.txt 127.0.0.1 ssh"] if self.bruter_reversed.get_active() or self.bruter_blank_pass.get_active() or self.bruter_login_as_pass.get_active() : cmd += "-e " if self.bruter_reversed.get_active(): cmd += "r" if self.bruter_blank_pass.get_active(): cmd += "n" if self.bruter_login_as_pass.get_active(): cmd += "s" cmd += " " if self.bruter_use_ssl.get_active(): cmd += "-S " if self.bruter_exit_on_first.get_active(): cmd += "-F " if self.bruter_user_checkbox.get_active(): # brute force usernames cmd += "-L " + self.bruter_user_wl_path.get_text() else: # use provided user cmd += "-l " + self.bruter_user_box.get_text() # pass wordlist path cmd += " -P " + self.bruter_pass_wl_path.get_text() # pass port cmd += " -s " + self.bruter_port.get_text() # pass host cmd += " " + self.bruter_host.get_text() # pass service active = self.bruter_service_combo.get_active() model = self.bruter_service_combo.get_model() cmd += " " + model[active][0] + "; exit;\n" # add proxychain if self.proxy: cmd = "proxychains "+cmd # add the tasks self.bruter_start.set_label("stop") self.bruter_terminal.show() self.bruter_terminal.feed_child(cmd.encode()) else: os.killpg(os.getpgid(self.pid), signal.SIGKILL) self.bruter_start.set_sensitive(False) def _bruter_check_user(self, widget): if not self.bruter_user_checkbox.get_active(): self.bruter_user_wl_path.set_sensitive(False) self.bruter_user_wl_open.set_sensitive(False) self.bruter_user_box.set_sensitive(True) else: self.bruter_user_wl_open.set_sensitive(True) self.bruter_user_wl_path.set_sensitive(True) self.bruter_user_box.set_sensitive(False) def bruter_open_user_file(self ,widget): dialog = Gtk.FileChooserDialog("Please choose a file", None, Gtk.FileChooserAction.OPEN, (Gtk.STOCK_CANCEL, Gtk.ResponseType.CANCEL, Gtk.STOCK_OPEN, Gtk.ResponseType.OK)) file_filters.add_filter_txt(dialog) response = dialog.run() if response == Gtk.ResponseType.OK: file_selected = dialog.get_filename() self.bruter_user_wl_path.set_text(file_selected) elif response == Gtk.ResponseType.CANCEL: dialog.destroy() dialog.destroy() def bruter_open_pass_file(self ,widget): dialog = Gtk.FileChooserDialog("Please choose a file", None, Gtk.FileChooserAction.OPEN, (Gtk.STOCK_CANCEL, Gtk.ResponseType.CANCEL, Gtk.STOCK_OPEN, Gtk.ResponseType.OK)) file_filters.add_filter_txt(dialog) response = dialog.run() if response == Gtk.ResponseType.OK: file_selected = dialog.get_filename() self.bruter_pass_wl_path.set_text(file_selected) elif response == Gtk.ResponseType.CANCEL: dialog.destroy() dialog.destroy()