social-engineer-toolkit/src/core/set.py

1055 lines
53 KiB
Python
Raw Normal View History

2012-12-31 22:11:37 +00:00
#!/usr/bin/env python
#########################################
#
# The Social-Engineer Toolkit
# Written by: David Kennedy (ReL1K)
#
###############################################
import shutil
import os
import time
import re
import sys
import socket
from src.core.setcore import *
from src.core.menu import text
me = mod_name()
###############################################
# Define path and set it to the SET root dir
###############################################
definepath = os.getcwd()
sys.path.append(definepath)
################################################
# ROOT CHECK
################################################
# grab the operating system
operating_system = check_os()
# grab metasploit path
msf_path = meta_path()
if operating_system == "posix":
if os.geteuid() != 0:
print "\n The Social-Engineer Toolkit (SET) - by David Kennedy (ReL1K)"
print "\n Not running as root. \n\nExiting the Social-Engineer Toolkit (SET).\n"
sys.exit(1)
2012-12-31 22:11:37 +00:00
define_version = get_version()
# remove old stale files and restore java applet to original applet
# cleanup_routine()
try:
while 1:
show_banner(define_version, '1')
2012-12-31 22:11:37 +00:00
###################################################
# USER INPUT: SHOW MAIN MENU #
2012-12-31 22:11:37 +00:00
###################################################
debug_msg(me, "printing 'text.main'", 5)
show_main_menu = create_menu(text.main_text, text.main)
# special case of list item 99
print '\n 99) Return back to the main menu.\n'
main_menu_choice = (raw_input(setprompt("0", "")))
if main_menu_choice == 'exit':
break
if operating_system == "windows" or msf_path == False:
if main_menu_choice == "1" or main_menu_choice == "4" or main_menu_choice == "8" or main_menu_choice == "3":
print_warning("Sorry. This feature is not yet supported in Windows or Metasploit was not found.")
return_continue()
break
if main_menu_choice == '1': #'Spearphishing Attack Vectors
while 1:
###################################################
# USER INPUT: SHOW SPEARPHISH MENU #
###################################################
2012-12-31 22:11:37 +00:00
if operating_system != "windows":
debug_msg(me, "printing 'text.spearphish_menu'", 5)
show_spearphish_menu = create_menu(text.spearphish_text, text.spearphish_menu)
spearphish_menu_choice = raw_input(setprompt(["1"], ""))
if spearphish_menu_choice == 'exit':
exit_set()
if spearphish_menu_choice == 'help':
print text.spearphish_text
# Spearphish menu choice 1: Perform a Mass Email Attack
if spearphish_menu_choice == '1':
sys.path.append("src/core/msf_attacks/")
debug_msg(me, "importing 'src.core.msf_attacks.create_payload'", 1)
try:
reload(create_payload)
except:
pass
import create_payload
# Spearphish menu choice 2: Create a FileFormat Payload
if spearphish_menu_choice == '2':
sys.path.append("src/core/msf_attacks/")
debug_msg(me, "importing 'src.core.msf_attacks.create_payload'", 1)
try:
reload(create_payload)
except:
import create_payload
#Spearphish menu choice 3: Create a Social-Engineering Template
if spearphish_menu_choice == '3':
debug_msg(me, "calling function 'custom_template' from 'src.core.setcore'", 3)
custom_template()
#Spearphish menu choice 99
if spearphish_menu_choice == '99': break
2012-12-31 22:11:37 +00:00
#####################
# Web Attack Menu
#####################
# Main Menu choice 2: Website Attack Vectors
if main_menu_choice == '2':
while 1:
###################################################
# USER INPUT: SHOW WEB ATTACK MENU #
###################################################
debug_msg(me, "printing 'text.webattack_menu'", 5)
show_webattack_menu = create_menu(text.webattack_text, text.webattack_menu)
attack_vector = raw_input(setprompt(["2"], ""))
choice3 = ""
if attack_vector == 'exit':
exit_set()
if attack_vector == "":
debug_msg(me, "no attack vector entered, defaulting to '1) Java Applet Attack Method'", 3)
attack_vector = "1"
# check unsupported features
if operating_system == "windows" or msf_path == False:
if attack_vector == "2" or attack_vector == "9":
2012-12-31 22:11:37 +00:00
print_warning("Sorry. This option is not yet available in Windows or Metasploit was not found.")
return_continue()
break
# Web Attack menu choice 9: Create or Import a CodeSigning Certificate
if attack_vector == '8':
sys.path.append("src/html/unsigned")
debug_msg(me, "importing 'src.html.unsigned.verified_sign'", 1)
try:
reload(verified_sign)
except:
import verified_sign
# Web Attack menu choice 9: Return to the Previous Menu
if attack_vector == '99': break
2012-12-31 22:11:37 +00:00
try:
attack_check = int(attack_vector)
except:
print_error("ERROR:Invalid selection, going back to menu.")
break
if attack_check > 9:
print_warning("Invalid option")
return_continue()
break
# Removed to delete MLITM
if attack_vector != "99999":
###################################################
# USER INPUT: SHOW WEB ATTACK VECTORS MENU #
###################################################
if attack_vector != "8":
2012-12-31 22:11:37 +00:00
debug_msg(me, "printing 'text.webattack_vectors_menu'", 5)
show_webvectors_menu = create_menu(text.webattack_vectors_text, text.webattack_vectors_menu)
print ' 99) Return to Webattack Menu\n'
choice3 = raw_input(setprompt(["2"], ""))
2012-12-31 22:11:37 +00:00
if choice3 == 'exit':
exit_set()
if choice3 == "99": break
2012-12-31 22:11:37 +00:00
if choice3 == "quit" or choice3 == '4': break
try:
# write our attack vector to file to be called later
os.chdir(definepath)
2013-04-15 14:26:00 +00:00
filewrite = file(setdir + "/attack_vector","w")
# webjacking and web templates are not allowed
if attack_vector == "6" and choice3 == "1":
2012-12-31 22:11:37 +00:00
print bcolors.RED+ "\n Sorry, you can't use the Web Jacking vector with Web Templates."+ bcolors.ENDC
return_continue()
break
# if we select multiattack, web templates are not allowed
if attack_vector == "7" and choice3 == "1":
2012-12-31 22:11:37 +00:00
print bcolors.RED+ "\n Sorry, you can't use the Multi-Attack vector with Web Templates." + bcolors.ENDC
return_continue()
break
# if we select web template and tabnabbing, throw this error and bomb out to menu
if attack_vector == "4" and choice3 == "1":
2012-12-31 22:11:37 +00:00
print bcolors.RED+ "\n Sorry, you can only use the cloner option with the tabnabbing method." + bcolors.ENDC
return_continue()
break
# if attack vector is default or 1 for java applet
if attack_vector == '': attack_vector = '1'
# specify java applet attack
if attack_vector == '1':
2012-12-31 22:11:37 +00:00
attack_vector = "java"
filewrite.write(attack_vector)
filewrite.close()
# specify browser exploits
if attack_vector == '2':
2012-12-31 22:11:37 +00:00
attack_vector = "browser"
filewrite.write(attack_vector)
filewrite.close()
if attack_vector == '': attack_vector = '3'
# specify web harvester method
if attack_vector == '3':
2012-12-31 22:11:37 +00:00
attack_vector = "harvester"
filewrite.write(attack_vector)
filewrite.close()
print_info("Credential harvester will allow you to utilize the clone capabilities within SET")
print_info("to harvest credentials or parameters from a website as well as place them into a report")
# specify tab nabbing attack vector
if attack_vector == '4':
2012-12-31 22:11:37 +00:00
attack_vector = "tabnabbing"
filewrite.write(attack_vector)
filewrite.close()
# specify webjacking attack vector
2013-04-15 14:26:00 +00:00
if attack_vector == "5":
2012-12-31 22:11:37 +00:00
attack_vector = "webjacking"
filewrite.write(attack_vector)
filewrite.close()
# specify Multi-Attack Vector
attack_vector_multi = ""
2013-04-15 14:26:00 +00:00
if attack_vector == '6':
2012-12-31 22:11:37 +00:00
# trigger the multiattack flag in SET
attack_vector = "multiattack"
# write the attack vector to file
filewrite.write(attack_vector)
filewrite.close()
# pull ip address
2013-04-15 14:26:00 +00:00
if choice3 != "-1":
2012-12-31 22:11:37 +00:00
fileopen = file("config/set_config", "r").readlines()
for line in fileopen:
line = line.rstrip()
match = re.search("AUTO_DETECT=ON", line)
if match:
try:
ipaddr = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
ipaddr.connect(('google.com', 0))
ipaddr.settimeout(2)
ipaddr = ipaddr.getsockname()[0]
update_options("IPADDR=" + ipaddr)
except Exception, error:
log(error)
ipaddr = raw_input(setprompt(["2"], "Your interface IP Address"))
update_options("IPADDR=" + ipaddr)
2012-12-31 22:11:37 +00:00
# if AUTO_DETECT=OFF prompt for IP Address
for line in fileopen:
line = line.rstrip()
match = re.search("AUTO_DETECT=OFF", line)
if match:
if attack_vector != "harvester":
if attack_vector != "tabnabbing":
if attack_vector != "webjacking":
# this part is to determine if NAT/port forwarding is used
# if it is it'll prompt for additional questions
print_info("NAT/Port Forwarding can be used in the cases where your SET machine is")
print_info("not externally exposed and may be a different IP address than your reverse listener.")
nat_or_fwd = yesno_prompt('0', 'Are you using NAT/Port Forwarding [yes|no]')
if nat_or_fwd == "YES":
ipquestion = raw_input(setprompt(["2"], "IP address to SET web server (this could be your external IP or hostname)"))
2013-04-15 14:26:00 +00:00
filewrite2 = file(setdir + "/interface", "w")
filewrite2.write(ipquestion)
filewrite2.close()
# is your payload/listener on a different IP?
natquestion = yesno_prompt(["2"], "Is your payload handler (metasploit) on a different IP from your external NAT/Port FWD address [yes|no]")
if natquestion == 'YES':
ipaddr = raw_input(setprompt(["2"], "IP address for the reverse handler (reverse payload)"))
if natquestion == "NO":
ipaddr = ipquestion
# if you arent using NAT/Port FWD
if nat_or_fwd == "NO":
print_info("Enter the IP address of your interface IP or if your using an external IP, what")
print_info("will be used for the connection back and to house the web server (your interface address)")
ipaddr = raw_input(setprompt(["2"], "IP address or hostname for the reverse connection"))
# here we check if they are using a hostname else we loop through until they have a legit one
if validate_ip(ipaddr) == False:
while 1:
choice = raw_input(setprompt(["2"], "This is not an IP address. Are you using a hostname? [y/n] "))
if choice == "" or choice.lower() == "y":
print_status("Roger that. Using hostnames moving forward..")
break
else:
ipaddr = raw_input(setprompt(["2"], "IP address for the reverse connection"))
if validate_ip(ipaddr) == True: break
if attack_vector == "harvester" or attack_vector == "tabnabbing" or attack_vector == "webjacking":
print_info("This option is used for what IP the server will POST to.")
print_info("If you're using an external IP, use your external IP for this")
ipaddr = raw_input(setprompt(["2"], "IP address for the POST back in Harvester/Tabnabbing"))
update_options("IPADDR=" + ipaddr)
# if java applet attack
if attack_vector == "java":
# Allow Self-Signed Certificates
fileopen = file("config/set_config", "r").readlines()
for line in fileopen:
2012-12-31 22:11:37 +00:00
line = line.rstrip()
match = re.search("SELF_SIGNED_APPLET=ON", line)
2012-12-31 22:11:37 +00:00
if match:
sys.path.append("src/html/unsigned/")
debug_msg(me, "importing 'src.html.unsigned.self_sign'", 1)
import self_sign
2012-12-31 22:11:37 +00:00
# Select SET quick setup
if choice3 == '1':
# get the template ready
sys.path.append("src/html/templates")
debug_msg(me, "importing src.html.templates.template'", 1)
try:
reload(template)
except:
import template
# grab browser exploit selection
if attack_vector == "browser":
# grab clientattack
sys.path.append("src/webattack/browser_exploits")
debug_msg(me, "line 357: importing 'src.webattack.browser_exploits.gen_payload'", 1)
try:
reload(gen_payload)
except:
import gen_payload
# arp cache attack, will exit quickly
# if not in config file
sys.path.append("src/core/arp_cache")
debug_msg(me, "line 364: importing 'src.core.arp_cache.arp'", 1)
try:
reload(arp)
except:
import arp
# actual website attack here
# web_server.py is main core
sys.path.append("src/html/")
# clean up stale file
2013-04-15 14:26:00 +00:00
if os.path.isfile(setdir + "/cloner.failed"):
os.remove(setdir + "/cloner.failed")
site_cloned = True
debug_msg(me, "line 375: importing 'src.webattack.web_clone.cloner'", 1)
2013-04-15 14:26:00 +00:00
try: reload(src.webattack.web_clone.cloner)
except: import src.webattack.web_clone.cloner
# grab java applet attack
2012-12-31 22:11:37 +00:00
if attack_vector == "java":
debug_msg(me, "importing 'src.core.payloadgen.create_payloads'", 1)
2013-04-15 14:26:00 +00:00
try: reload(src.core.payloadgen.create_payloads)
except: import src.core.payloadgen.create_payloads
2013-04-15 14:26:00 +00:00
if os.path.isfile(setdir + "/cloner.failed"):
site_cloned = False
if site_cloned == True:
# cred harvester for auto site here
if attack_vector == "harvester" or attack_vector == "tabnabbing" or attack_vector == "webjacking":
if attack_vector == "tabnabbing" or attack_vector == "webjacking":
debug_msg(me, "importing 'src.webattack.tabnabbing.tabnabbing'", 1)
try:reload(src.webattack.tabnabbing)
except: import src.webattack.tabnabbing
# start web cred harvester here
# sys.path.append("src/webattack/harvester")
debug_msg(me, "importing 'src.webattack.harvester.harvester'", 1)
try: reload(src.webattack.harvester.harvester)
except: import src.webattack.harvester.harvester
# if we are using profiler lets prep everything to get ready
if attack_vector == "profiler":
from src.webattack.profiler.webprofiler import *
prep_website()
if attack_vector != "harvester":
if attack_vector != "tabnabbing":
if attack_vector != "multiattack":
if attack_vector != "webjacking":
if attack_vector != "multiattack":
if attack_vector != "profiler":
# spawn web server here
debug_msg(me, "importing 'src.html.spawn'", 1)
import src.html.spawn
# multi attack vector here
if attack_vector == "multiattack":
if choice3 == "1":
try:
filewrite = file("src/progam_junk/multiattack.template","w")
filewrite.write("TEMPLATE=TRUE")
filewrite.close()
except:
pass
debug_msg(me, "importing 'src.webattack.multi_attack.multiattack'", 1)
import src.webattack.multi_attack.multiattack
# Create a website clone
if choice3 == '2':
2012-12-31 22:11:37 +00:00
# flag that we want a custom website
sys.path.append("src/webattack/web_clone/")
2013-04-15 14:26:00 +00:00
if os.path.isfile(setdir + "/site.template"):
os.remove(setdir + "/site.template")
filewrite = file(setdir + "/site.template", "w")
2012-12-31 22:11:37 +00:00
filewrite.write("TEMPLATE=CUSTOM")
print_info("SET supports both HTTP and HTTPS")
# specify the site to clone
print_info("Example: http://www.thisisafakesite.com")
URL = raw_input(setprompt(["2"], "Enter the url to clone"))
match = re.search("http://", URL)
match1 = re.search("https://", URL)
if not match:
if not match1:
URL = ("http://"+URL)
2012-12-31 22:11:37 +00:00
match2 = re.search("facebook.com", URL)
if match2:
URL = ("https://login.facebook.com/login.php")
2012-12-31 22:11:37 +00:00
filewrite.write("\nURL=%s" % (URL))
filewrite.close()
# grab browser exploit selection
if attack_vector == "browser":
# grab clientattack
sys.path.append("src/webattack/browser_exploits")
debug_msg(me, "importing 'src.webattack.browser_exploits.gen_payload'", 1)
try:
reload(gen_payload)
except:
import gen_payload
2012-12-31 22:11:37 +00:00
# set site cloner to true
site_cloned = True
if attack_vector != "multiattack":
# import our website cloner
2012-12-31 22:11:37 +00:00
site_cloned = True
debug_msg(me, "importing 'src.webattack.web_clone.cloner'", 1)
2013-04-15 14:26:00 +00:00
try:
reload(src.webattack.web_clone.cloner)
except:
import src.webattack.web_clone.cloner
2012-12-31 22:11:37 +00:00
2013-04-15 14:26:00 +00:00
if os.path.isfile(setdir + "/cloner.failed"):
site_cloned = False
2012-12-31 22:11:37 +00:00
if site_cloned == True:
if attack_vector == "java":
# import our payload generator
debug_msg(me, "importing 'src.core.payloadgen.create_payloads'", 1)
2013-04-15 14:26:00 +00:00
try:
reload(src.core.payloadgen.create_payloads)
except:
import src.core.payloadgen.create_payloads
2012-12-31 22:11:37 +00:00
# arp cache if applicable
sys.path.append("src/core/arp_cache")
debug_msg(me, "line 500: importing 'src.core.arp_cache.arp'", 1)
try:
reload(arp)
except:
import arp
# tabnabbing and harvester selection here
if attack_vector == "harvester" or attack_vector == "tabnabbing" or attack_vector == "webjacking":
if attack_vector == "tabnabbing" or attack_vector == "webjacking":
sys.path.append("src/webattack/tabnabbing")
debug_msg(me, "importing 'src.webattack.tabnabbing.tabnabbing'", 1)
try:
reload(tabnabbing)
except:
import tabnabbing
sys.path.append("src/webattack/harvester")
debug_msg(me, "importing 'src.webattack.harvester.harvester'", 1)
2012-12-31 22:11:37 +00:00
try:
reload(harvester)
2012-12-31 22:11:37 +00:00
except:
import harvester
2012-12-31 22:11:37 +00:00
# multi_attack vector here
if attack_vector == "multiattack":
sys.path.append("src/webattack/multi_attack/")
debug_msg(me, "importing 'src.webattack.multi_attack.multiattack'", 1)
try:
reload(multiattack)
except:
import multiattack
# if we arent using credential harvester or tabnabbing
if attack_vector != "harvester":
if attack_vector != "tabnabbing":
if attack_vector != "multiattack":
if attack_vector != "webjacking":
sys.path.append("src/html")
debug_msg(me, "importing 'src.html.spawn'", 1)
try:
reload(spawn)
except:
import spawn
# Import your own site
if choice3 == '3':
2012-12-31 22:11:37 +00:00
sys.path.append("src/webattack/web_clone/")
2013-04-15 14:26:00 +00:00
if os.path.isfile(setdir + "/site.template"):
os.remove(setdir + "/site.template")
filewrite = file(setdir + "/site.template", "w")
2012-12-31 22:11:37 +00:00
filewrite.write("TEMPLATE=SELF")
# specify the site to clone
2013-04-15 14:26:00 +00:00
if not os.path.isdir(setdir + "/web_clone"):
os.makedirs(setdir + "/web_clone")
2012-12-31 22:11:37 +00:00
print_warning("Example: /home/website/ (make sure you end with /)")
print_warning("Also note that there MUST be an index.html in the folder you point to.")
URL = raw_input(setprompt(["2"], "Path to the website to be cloned"))
if not URL.endswith("/"):
if not URL.endswith("index.html"):
URL = URL + "/"
2012-12-31 22:11:37 +00:00
if not os.path.isfile(URL+"index.html"):
if os.path.isfile(URL):
2013-04-15 14:26:00 +00:00
shutil.copyfile("%s" % (URL), setdir + "/web_clone/index.html")
if not os.path.isfile(URL):
if URL.endswith("index.html"):
2013-04-15 14:26:00 +00:00
shutil.copyfile(URL, "%s/web_clone/index.html" % (setdir))
else:
print_error("ERROR:index.html not found!!")
print_error("ERROR:Did you just put the path in, not file?")
print_error("Exiting the Social-Engineer Toolkit...Hack the Gibson.\n")
exit_set()
2012-12-31 22:11:37 +00:00
if os.path.isfile(URL+"index.html"):
print_status("Index.html found. Do you want to copy the entire folder or just index.html?")
choice = raw_input("\n1. Copy just the index.html\n2. Copy the entire folder\n\nEnter choice [1/2]: ")
if choice == "1" or choice == "":
2013-04-15 14:26:00 +00:00
if os.path.isfile("%s/web_clone/index.html" % (setdir)):
os.remove("%s/web_clone/index.html" % (setdir))
shutil.copyfile(URL + "index.html", "%s/web_clone/" % (setdir))
if choice == "2":
2013-04-15 14:26:00 +00:00
if os.path.isdir(URL + "src/webattack"):
print_error("You cannot specify a folder in the default SET path. This goes into a loop Try something different.")
URL = raw_input("Enter the folder to import into SET, this CANNOT be the SET directory: ")
2013-04-15 14:26:00 +00:00
if os.path.isdir(URL + "src/webattack" % (URL)):
print_error("You tried the same thing. Exiting now.")
sys.exit()
2013-04-15 14:26:00 +00:00
copyfolder(URL, "%s/web_clone/" % setdir)
2012-12-31 22:11:37 +00:00
filewrite.write("\nURL=%s" % (URL))
filewrite.close()
2012-12-31 22:11:37 +00:00
# if not harvester then load up cloner
if attack_vector == "java" or attack_vector == "browser":
# import our website cloner
debug_msg(me, "importing 'src.webattack.web_clone.cloner'", 1)
import src.webattack.web_clone.cloner
2012-12-31 22:11:37 +00:00
# if java applet attack
if attack_vector == "java":
# import our payload generator
2012-12-31 22:11:37 +00:00
debug_msg(me, "importing 'src.core.payloadgen.create_payloads'", 1)
import src.core.payloadgen.create_payloads
2012-12-31 22:11:37 +00:00
# grab browser exploit selection
if attack_vector == "browser":
# grab clientattack
sys.path.append("src/webattack/browser_exploits")
debug_msg(me, "importing 'src.webattack.browser_exploits.gen_payload'", 1)
try:
reload(gen_payload)
except:
import gen_payload
# arp cache if applicable
sys.path.append("src/core/arp_cache")
debug_msg(me, "line 592: importing 'src.core.arp_cache.arp'", 1)
try:
reload(arp)
except:
import arp
# if not harvester spawn server
if attack_vector == "java" or attack_vector == "browser":
# import web_server and do magic
sys.path.append("src/html")
debug_msg(me, "importing 'src.html.spawn'", 1)
try:
reload(spawn)
except:
import spawn
2012-12-31 22:11:37 +00:00
# cred harvester for auto site here
if attack_vector == "harvester":
# get the url
print_info("Example: http://www.blah.com")
URL = raw_input(setprompt(["2"], "URL of the website you imported"))
match = re.search("http://", URL)
match1 = re.search("https://", URL)
if not match:
if not match1:
URL = ("http://"+URL)
2013-04-15 14:26:00 +00:00
filewrite = file(setdir + "/site.template","w")
filewrite.write("\nURL=%s" % (URL))
filewrite.close()
# start web cred harvester here
sys.path.append("src/webattack/harvester")
debug_msg(me, "importing 'src.webattack.harvester.harvester'", 1)
try:
reload(harvester)
except:
import harvester
2012-12-31 22:11:37 +00:00
# tabnabbing for auto site here
if attack_vector == "tabnabbing" or attack_vector == "webjacking":
# get the url
print_info("Example: http://www.blah.com")
URL = raw_input(setprompt(["2"], "URL of the website you imported"))
match = re.search("http://", URL)
match1 = re.search("https://", URL)
if not match:
if not match1:
URL = ("http://"+URL)
2013-04-15 14:26:00 +00:00
filewrite = file(setdir + "/site.template","w")
filewrite.write("\nURL=%s" % (URL))
filewrite.close()
# start tabnabbing here
sys.path.append("src/webattack/tabnabbing")
debug_msg(me, "importing 'src.webattack.tabnabbing.tabnabbing'", 1)
try:
reload(tabnabbing)
except:
import tabnabbing
2012-12-31 22:11:37 +00:00
# start web cred harvester here
sys.path.append("src/webattack/harvester")
debug_msg(me, "importing 'src.webattack.harvester.harvester'", 1)
try:
reload(harvester)
except:
import harvester
2012-12-31 22:11:37 +00:00
# multi attack vector here
if attack_vector == "multiattack":
try:
filewrite = file("src/progam_junk/multiattack.template","w")
filewrite.write("TEMPLATE=TRUE")
filewrite.close()
except:
pass
debug_msg(me, "importing 'src.webattack.multi_attack.multiattack'", 1)
import src.webattack.multi_attack.multiattack
# Return to main menu
if choice3 == '4':
print (" Returning to main menu.\n")
2012-12-31 22:11:37 +00:00
break
except KeyboardInterrupt:
print " Control-C detected, bombing out to previous menu.."
break
# Define Auto-Infection USB/CD Method here
if main_menu_choice == '3':
###################################################
# USER INPUT: SHOW INFECTIOUS MEDIA MENU #
###################################################
# Main Menu choice 3: Infectious Media Generator
debug_msg(me, "printing 'text.infectious_menu'", 5)
show_infectious_menu = create_menu(text.infectious_text, text.infectious_menu)
infectious_menu_choice = raw_input(setprompt(["3"], ""))
2012-12-31 22:11:37 +00:00
if infectious_menu_choice == 'exit':
exit_set()
if infectious_menu_choice == "99":
menu_back()
if infectious_menu_choice == "":
infectious_menu_choice = "1"
# if fileformat
if infectious_menu_choice == "1":
2012-12-31 22:11:37 +00:00
ipaddr = raw_input(setprompt(["3"], "IP address for the reverse connection (payload)"))
update_options("IPADDR=" + ipaddr)
2013-04-15 14:26:00 +00:00
filewrite1 = file(setdir + "/payloadgen", "w")
filewrite1.write("payloadgen=solo")
filewrite1.close()
2012-12-31 22:11:37 +00:00
# if choice is file-format
if infectious_menu_choice == "1":
2013-04-15 14:26:00 +00:00
filewrite = file(setdir + "/fileformat.file","w")
2012-12-31 22:11:37 +00:00
filewrite.write("fileformat=on")
filewrite.close()
sys.path.append("src/core/msf_attacks/")
debug_msg(me, "importing 'src.core.msf_attacks.create_payload'", 1)
try:
reload(create_payload)
except:
import create_payload
# if choice is standard payload
if infectious_menu_choice == "2":
2013-04-15 14:26:00 +00:00
filewrite = file(setdir + "/standardpayload.file", "w")
2012-12-31 22:11:37 +00:00
filewrite.write("standardpayload=on")
filewrite.close()
#sys.path.append("src/core/payloadgen/")
#try: reload(create_payloads)
#except: import create_payloads
debug_msg(me, "importing 'src.core.payloadgen.create_payloads'", 1)
import src.core.payloadgen.create_payloads
if infectious_menu_choice != "99":
2012-12-31 22:11:37 +00:00
# import the autorun stuff
sys.path.append("src/autorun/")
debug_msg(me, "importing 'src.autorun.autorun'", 1)
try:
reload(autorun)
except:
import autorun
if infectious_menu_choice == "2":
2012-12-31 22:11:37 +00:00
sys.path.append("src/core/payloadgen/")
debug_msg(me, "importing 'src.core.payloadgen.solo'", 1)
try:
reload(solo)
except:
import solo
2013-03-17 22:02:03 +00:00
#
#
# Main Menu choice 4: Create a Payload and Listener
2013-03-17 22:02:03 +00:00
#
#
if main_menu_choice == '4':
2013-04-15 14:26:00 +00:00
filewrite = file(setdir + "/payloadgen", "w")
filewrite.write("payloadgen=solo")
filewrite.close()
debug_msg(me, "importing 'src.core.payloadgen.create_payloads'", 1)
import src.core.payloadgen.create_payloads
print_status("Your payload is now in the root directory of SET as msf.exe")
2013-04-15 14:26:00 +00:00
if os.path.isfile(setdir + "/meterpreter.alpha"):
2012-12-31 22:11:37 +00:00
print "[*] Saving alphanumeric shellcode in root directory of SET as meterpreter.alpha"
2013-04-15 14:26:00 +00:00
shutil.copyfile(setdir + "/meterpreter.alpha", "meterpreter.alpha")
if os.path.isfile(setdir + "/msf.exe"):
shutil.copyfile(setdir + "/msf.exe", "msf.exe")
# if we didn't select the SET interactive shell or RATTE
2013-04-15 14:26:00 +00:00
if not os.path.isfile(setdir + "/set.payload"):
2013-03-17 22:02:03 +00:00
upx_check = check_config("UPX_ENCODE=")
if upx_check.lower() == "on":
upx("msf.exe")
2012-12-31 22:11:37 +00:00
# if the set payload is there
2013-04-15 14:26:00 +00:00
if os.path.isfile(setdir + "/set.payload"):
shutil.copyfile(setdir + "/msf.exe", "msf.exe")
2012-12-31 22:11:37 +00:00
sys.path.append("src/core/payloadgen/")
debug_msg(me, "importing 'src.core.payloadgen.solo'", 1)
try:
reload(solo)
except:
import solo
return_continue()
# Main Menu choice 5: Mass Mailer Attack
if main_menu_choice == '5':
sys.path.append("src/phishing/smtp/client")
debug_msg(me, "importing 'src.phishing.smtp.client.smtp_web'", 1)
try:
reload(smtp_web)
except:
import smtp_web
# Main Menu choice 6: Teensy USB HID Attack Vector
if main_menu_choice == '6':
###################################################
# USER INPUT: SHOW TEENSY MENU #
###################################################
debug_msg(me, "printing 'text.teensy_menu'", 5)
show_teensy_menu = create_menu(text.teensy_text, text.teensy_menu)
teensy_menu_choice = raw_input(setprompt(["6"], ""))
if teensy_menu_choice == 'exit':
exit_set()
# if not return to main menu
yes_or_no = ''
if teensy_menu_choice != "99":
2012-12-31 22:11:37 +00:00
# set our teensy info file in program junk
2013-04-15 14:26:00 +00:00
filewrite = file(setdir + "/teensy", "w")
2012-12-31 22:11:37 +00:00
filewrite.write(teensy_menu_choice+"\n")
if teensy_menu_choice != "3" and teensy_menu_choice != "7" and teensy_menu_choice !="8" and teensy_menu_choice !="9" and teensy_menu_choice !="10" and teensy_menu_choice != "11" and teensy_menu_choice != "12" and teensy_menu_choice != "13":
yes_or_no = yesno_prompt("0","Do you want to create a payload and listener [yes|no]: ")
if yes_or_no == "YES":
filewrite.write("payload")
2012-12-31 22:11:37 +00:00
filewrite.close()
# load a payload
sys.path.append("src/core/payloadgen")
debug_msg(me, "importing 'src.core.payloadgen.create_payloads'", 1)
try:
reload(create_payloads)
except:
import create_payloads
if yes_or_no == "NO":
filewrite.close()
2012-12-31 22:11:37 +00:00
# need these default files for web server load
2013-04-15 14:26:00 +00:00
filewrite = file(setdir + "/site.template", "w")
2012-12-31 22:11:37 +00:00
filewrite.write("TEMPLATE=CUSTOM")
filewrite.close()
2013-04-15 14:26:00 +00:00
filewrite = file(setdir + "/attack_vector", "w")
2012-12-31 22:11:37 +00:00
filewrite.write("hid")
filewrite.close()
# if we are doing binary2teensy
if teensy_menu_choice != "7" and teensy_menu_choice !="8" and teensy_menu_choice != "9" and teensy_menu_choice !="10" and teensy_menu_choice != "11" and teensy_menu_choice != "12":
sys.path.append("src/teensy")
debug_msg(me, "importing 'src.teensy.teensy'", 1)
try:
reload(teensy)
except:
import teensy
2012-12-31 22:11:37 +00:00
if teensy_menu_choice == "7":
debug_msg(me, "importing 'src.teensy.binary2teensy'", 1)
import src.teensy.binary2teensy
2012-12-31 22:11:37 +00:00
# if we are doing sd2teensy attack
if teensy_menu_choice == "8":
debug_msg(me, "importing 'src.teensy.sd2teensy'", 1)
import src.teensy.sd2teensy
2012-12-31 22:11:37 +00:00
# if we are doing the sd2teensy osx attack
if teensy_menu_choice == "9":
print_status("Generating the SD2Teensy OSX pde file for you...")
2013-04-15 14:26:00 +00:00
shutil.copyfile("src/teensy/osx_sd2teensy.pde %s/reports/" % (setdir))
print_status("File has been exported to ~/.set/reports/osx_sd2teensy.pde")
return_continue()
2012-12-31 22:11:37 +00:00
# if we are doing the X10 Arduino Sniffer
if teensy_menu_choice == "10":
print_status("Generating the Arduino sniffer and libraries pde..")
2013-04-15 14:26:00 +00:00
if not os.path.isdir(setdir + "/reports/arduino_sniffers"):
os.makedirs(setdir + "/reports/arduino_sniffers")
shutil.copyfile("src/teensy/x10/x10_sniffer.pde", setdir + "/reports/arduino_sniffer")
2013-04-25 13:53:32 +00:00
shutil.copyfile("src/teensy/x10/libraries.zip", setdir + "/reports/arduino_sniffer/")
2013-04-15 14:26:00 +00:00
print_status("Arduino sniffer files and libraries exported to ~/.set/reports/arduino_sniffer")
return_continue()
2012-12-31 22:11:37 +00:00
# if we are doing the X10 Jammer
if teensy_menu_choice == "11":
print_status("Generating the Arduino jammer pde and libraries...")
2013-04-15 14:26:00 +00:00
if not os.path.isdir(setdir + "/reports/arduino_jammer"):
os.makedirs(setdir + "/reports/arduino_jammer")
shutil.copyfile("src/teensy/x10/x10_blackout.pde", setdir + "/reports/arduino_jammer")
shutil.copyfile("src/teensy/x10/libraries.zip", setdir + "/reports/arduino_hammer")
print_status("Arduino jammer files and libraries exported to ~/.set/reports/arduino_jammer")
return_continue()
2012-12-31 22:11:37 +00:00
# powershell shellcode injection
if teensy_menu_choice == "12":
print_status("Generating the Powershell - Shellcode injection pde..")
debug_msg(me, "importing 'src.teensy.powershell_shellcode'", 1)
import src.teensy.powershell_shellcode
if teensy_menu_choice == "99": teensy_menu_choice = None
2012-12-31 22:11:37 +00:00
#
# Main Menu choice 8: Wireless Attack Point Attack Vector
#
if main_menu_choice == '8':
if operating_system == "windows":
print_warning("Sorry. The wireless attack vector is not yet supported in Windows.")
return_continue()
if operating_system != "windows":
2012-12-31 22:11:37 +00:00
# set path to nothing
airbase_path = ""
dnsspoof_path = ""
# need to pull the SET config file
fileopen = file("config/set_config", "r")
for line in fileopen:
line = line.rstrip()
match = re.search("AIRBASE_NG_PATH=", line)
if match:
airbase_path = line.replace("AIRBASE_NG_PATH=", "")
2012-12-31 22:11:37 +00:00
match1 = re.search("DNSSPOOF_PATH=", line)
if match1: dnsspoof_path = line.replace("DNSSPOOF_PATH=", "")
2012-12-31 22:11:37 +00:00
if not os.path.isfile(airbase_path):
if not os.path.isfile("/usr/local/sbin/airbase-ng"):
print_warning("Warning airbase-ng was not detected on your system. Using one in SET.")
print_warning("If you experience issues, you should install airbase-ng on your system.")
print_warning("You can configure it through the set_config and point to airbase-ng.")
airbase_path = ("src/wireless/airbase-ng")
if os.path.isfile("/usr/local/sbin/airbase-ng"):
airbase_path = "/usr/local/sbin/airbase-ng"
2012-12-31 22:11:37 +00:00
if not os.path.isfile(dnsspoof_path):
if os.path.isfile("/usr/local/sbin/dnsspoof"): dnsspoof_path = "/usr/local/sbin/dnsspoof"
2012-12-31 22:11:37 +00:00
# if we can find airbase-ng
if os.path.isfile(airbase_path):
if os.path.isfile(dnsspoof_path):
# start the menu here
while 1:
###################################################
# USER INPUT: SHOW WIRELESS MENU #
###################################################
debug_msg(me, "printing 'text.wireless_attack_menu'", 5)
show_wireless_menu = create_menu(text.wireless_attack_text, text.wireless_attack_menu)
wireless_menu_choice = raw_input(setprompt(["8"], ""))
# if we want to start access point
if wireless_menu_choice == "1":
sys.path.append("src/wireless/")
debug_msg(me, "importing 'src.wireless.wifiattack'", 1)
try:
reload(wifiattack)
except:
import wifiattack
# if we want to stop the wifi attack
if wireless_menu_choice == "2":
sys.path.append("src/wireless/")
debug_msg(me, "importing 'src.wireless.stop_wifiattack'", 1)
try:
reload(stop_wifiattack)
except:
import stop_wifiattack
# if we want to return to the main menu
if wireless_menu_choice == "99":
print (" [*] Returning to the main menu ...")
break
2012-12-31 22:11:37 +00:00
if not os.path.isfile(dnsspoof_path):
if not os.path.isfile("/usr/local/sbin/dnsspoof"):
print_error("ERROR:DNS Spoof was not detected. Check the set_config file.")
return_continue()
2012-12-31 22:11:37 +00:00
#
# END WIFI ATTACK MODULE
#
2012-12-31 22:11:37 +00:00
# Main Menu choice 9: QRCode Generator
if main_menu_choice == '9':
try:
from PIL import Image, ImageDraw
from src.qrcode.qrgenerator import *
print """
The QRCode Attack Vector will create a QRCode for you with whatever URL you want.
2012-12-31 22:11:37 +00:00
When you have the QRCode Generated, select an additional attack vector within SET and
deploy the QRCode to your victim. For example, generate a QRCode of the SET Java Applet
and send the QRCode via a mailer.
2012-12-31 22:11:37 +00:00
"""
url = raw_input("Enter the URL you want the QRCode to go to: ")
# if the reports directory does not exist then create it
2013-04-15 14:26:00 +00:00
if not os.path.isdir("%s/reports" % (setdir)):
os.makedirs("%s/reports" % (setdir))
gen_qrcode(url)
pause = raw_input("QRCode generated.")
return_continue()
2012-12-31 22:11:37 +00:00
except ImportError:
print_error("This module requires python-imaging to work properly.")
print_error("In Ubuntu do apt-get install python-imaging")
print_error("Else refer to here for installation: http://code.google.com/appengine/docs/python/images/installingPIL.html")
return_continue()
2012-12-31 22:11:37 +00:00
# Main Menu choice 10: PowerShell Attacks
if main_menu_choice == '10':
#show_powershell_menu = create_menu(text.powershell_text, text.powershell_menu)
#powershell_menu_choice = raw_input(setprompt(["1"], ""))
import src.powershell.powershell
# Main Menu choice 11: Third Party Modules
if main_menu_choice == '11':
sys.path.append("src/core")
debug_msg(me, "importing 'src.core.module_handler'", 1)
try:
reload(module_handler)
except:
import module_handler
# Main Menu choice 99: Exit the Social-Engineer Toolkit
if main_menu_choice == '99':
break
# Main Menu choice 7: SMS Spoofing Attack Vector
if main_menu_choice == '7':
sms_menu_choice = '0'
while sms_menu_choice != '3':
###################################################
# USER INPUT: SHOW SMS MENU #
###################################################
2012-12-31 22:11:37 +00:00
debug_msg(me, "printing 'text.sms_attack_text'", 5)
show_sms_menu = create_menu(text.sms_attack_text, text.sms_attack_menu)
sms_menu_choice = raw_input(setprompt(["7"], ""))
2012-12-31 22:11:37 +00:00
if sms_menu_choice == 'exit':
exit_set()
2012-12-31 22:11:37 +00:00
if sms_menu_choice == '1':
sys.path.append("src/sms/client/")
debug_msg(me, "importing 'src.sms.client.sms_client'", 1)
try:
reload(sms_client)
except:
import sms_client
2012-12-31 22:11:37 +00:00
if sms_menu_choice == '2':
sys.path.append("src/sms/client/")
debug_msg(me, "importing 'src.sms.client.custom_sms_template'", 1)
try:
reload(custom_sms_template)
except:
import custom_sms_template
2012-12-31 22:11:37 +00:00
if sms_menu_choice == '99': break
# handle keyboard interrupts
except KeyboardInterrupt:
print "\n\n Thank you for " + bcolors.RED+"shopping" + bcolors.ENDC+" with the Social-Engineer Toolkit.\n\n Hack the Gibson...and remember...hugs are worth more than handshakes.\n"