Commit graph

15826 commits

Author SHA1 Message Date
crawl3r41
7ec537b993 Update README.md 2021-04-06 22:40:10 +08:00
crawl3r41
4d1b322306 Update README.md 2021-04-06 22:10:08 +08:00
crawl3r41
a4b5ae3cd2 Update README.md 2021-04-06 22:04:09 +08:00
crawl3r41
0a7186de77 Update README.md 2021-04-06 22:01:26 +08:00
crawl3r41
5bc8420f12 Update README.md 2021-04-06 21:59:26 +08:00
crawl3r41
d3abc4efac Update README.md 2021-04-06 21:57:58 +08:00
crawl3r41
b40206be7c Update README.md 2021-04-06 21:56:17 +08:00
crawl3r41
bc31f2b6c7 Update README.md 2021-04-06 21:54:35 +08:00
crawl3r41
b4c656d7fd Update README.md 2021-04-06 21:52:26 +08:00
crawl3r41
c42b5c3db1 Update README.md 2021-04-06 21:48:49 +08:00
crawl3r41
ed7739f055 Update README.md 2021-04-06 08:01:46 +08:00
crawl3r41
54e13c43e8 Update README.md 2021-04-06 08:00:47 +08:00
crawl3r41
43a32c679c Update README.md 2021-04-06 07:59:02 +08:00
crawl3r41
556be0d413 Update README.md 2021-04-06 07:54:27 +08:00
crawl3r41
429c94c23b Update README.md 2021-04-06 07:49:00 +08:00
crawl3r41
6f8fd9ad83 Update README.md 2021-04-06 07:48:02 +08:00
crawl3r41
214aeda56f Update README.md 2021-04-06 07:46:10 +08:00
crawl3r41
e7d7efc77d Update README.md 2021-04-06 07:43:59 +08:00
crawl3r41
8546c024f2 Update README.md 2021-04-06 07:42:33 +08:00
crawl3r41
03f7b9100b Update README.md 2021-04-06 07:31:59 +08:00
crawl3r41
45a14e9760
Update README.md
I added instructions on how to install SET on WSL/WSL2 Kali Linux. I was using Kali Linux on WSL2. I tried installing SET using the given instructions, but pip3 isn't installed.
I used "apt search set" and found it. I just thought it would be nice if there's instruction on how to install SET on WSL/WSL2 Kali Linux.
2021-04-04 08:54:26 +08:00
Affan Ahmad
53cfb2cda0
Merge pull request #1 from anonymous-ME/webcloner-fix
fixing web cloner - fallback option with urllib
2021-03-23 14:12:06 +00:00
Affan Ahmad
fc43b655d5
fixing web cloner - fallback option with urllib 2021-03-23 14:10:52 +00:00
Reagan Kirby
a16d800550 Fixed docker file. Successfully built and ran image 2021-02-23 20:31:58 -06:00
Reagan Kirby
2674ee840d Initial commit of Dockerfile 2021-02-19 04:58:15 -06:00
verhelstq
cb326541c9 Fix path #838 2021-01-08 15:52:58 +01:00
Jeff McJunkin
e7dc1f0080
Fix requirements.txt installation instructions 2021-01-07 17:43:16 -08:00
udit19281
72f7ec5ec2
Update smtp_web.py
This solves the TypeError: a byte like object is required,not 'str' issue
2020-10-19 01:27:16 +05:30
mohammedmubashir
a3e400721f
Update RATTE_README.txt 2020-10-01 00:03:49 +05:30
Zane Salti
4f357eced5 non needed library after cgi.escape was changed to html.escape 2020-08-29 14:03:11 -05:00
cookiedragon234
1594724616
Fix missing space in setprompt
Resulted in prompts without a trailing space e.g. ![](https://i.binclub.dev/kcltsjjp.png)
2020-07-14 12:02:38 +01:00
David Kennedy
5e057388e5
Merge pull request #737 from swam-htet-a/patch-2
Update harvester.py
2020-06-09 10:08:13 -04:00
swam-htet-a
4e0fb3c1a6
Update harvester.py
I fixed attribute error in this code for latest python3 versions.
Errors =>  "Module 'cgi' has no attribute escape
2020-05-05 21:26:59 +06:30
David Kennedy
a95413d3e6
Merge pull request #713 from kollieartwolf/patch-2
Fix utf-8 codec error (1/2)
2020-04-28 13:29:49 -04:00
Климентий Титов
739756b0a9
Merge pull request #1 from kollieartwolf/patch-3
Fix utf-8 codec error (2/2)
2020-04-09 23:01:28 +03:00
Климентий Титов
b71a57a148
Fix utf-8 codec error (2/2)
This is necessary in order to fix the error with the site cloner:
"Something went wrong, printing the error: 'utf-8' codec can't decode byte 0xc2 in position 387: invalid continuation byte"
The same error is also contained in src/webattack/web_clone/cloner.py file
2020-04-09 22:57:54 +03:00
Климентий Титов
81f559c2c2
Fix utf-8 codec error (1/2)
This is necessary in order to fix the error with the site cloner:
"Something went wrong, printing the error: 'utf-8' codec can't decode byte 0xc2 in position 387: invalid continuation byte"
The same error is also contained in src/webattack/harvester/scraper.py file
2020-04-09 22:55:31 +03:00
David Kennedy
9a68a5bab6
Merge pull request #700 from meitar/harvester-302-redirect
Fix HTTP headers, use HTTP 302 Found in response to POST requests.
2020-03-20 10:12:54 -04:00
Meitar M
390160d74b
Fix HTTP headers, use HTTP 302 Found in response to POST requests.
This commit brings the SET Harvester into better conformance with the
HTTP specification. Notably, this makes it possible to use the Harvester
module behind strict layer 7 reverse proxies (such as Cloudflare, Ngrok,
and similar) that require proper HTTP response headers for all replies.

The major change is the addition of a proper HTTP `302 Found` redirect
using the `Location` HTTP header and the addition of an HTML5 document
type declaration (`<!doctype html>`) prepening the body of the reply
sent to a visitor when submitting the SET Harvester's phishing login
form. Smaller changes include correcting misspellings in other HTTP
headers (`Content_type` -> `Content-Type`) in various places.
2020-03-19 23:35:50 -04:00
David Kennedy
fba5551957
Merge pull request #699 from meitar/dns-server
Revive SET's built-in DNS responder under Python 3
2020-03-14 22:37:28 -04:00
Meitar M
ec37d317c9
Bitwise AND should be with decimal 31 to also compare QR flag.
The original version of pyminifakedns ignored the value of the
Query/Response Flag ("QR flag"), which is the bit immediately prior to
the DNS opcode field. The value of the QR flag should be checked for the
value 0 along with the opcode bits, which should also be zero.
2020-03-14 02:45:50 -04:00
Meitar M
bee1a38d05
Port original pyminifakedns, circa 2006, to Python 3.
This commit completes porting the internals of the MiniFakeDNS server
class to Python 3. This primarily means converting the Python 2 `str`
types to Python 3's `bytes` objects.

In the process, I've also translated the variable names from their
original Spanish into English, and added explanatory comments for how
the DNS header parsing is accomplished to enhance the educational
potential of SET.

Another small change is the addition of a new core helper function,
`detect_public_ip()`, which makes a couple parts of the codebase a
little more DRY by reducing code duplication across the `set.py` and
`setcore.py` files. This change also makes it possible to parameterize
the IP address that MiniFakeDNS server responds to requests with.
2020-03-14 02:18:18 -04:00
Meitar M
3a2ba0a500
Move the DNS server into its own module. Refactor how to call to it.
This is a relatively large commit because it refactors SET's interface
to the build-in DNS server it runs. Instead of a block of code inside of
the `setcore.py` file, a new module called `minifakedns` is added, which
houses all of the DNS-related code. Note that this commit *only*
refactors the DNS interface and its internals, it does not actually fix
the exception caused by receiving some DNS query, nor does it complete
the work required to set parameters for the DNS server, such as which IP
address it should respond with. It is just intended to make these
changes easier to introduce moving forward in upcoming chunks of work.

This replaces the `core.start_dns()` function with a new helper, whose
full path is `src.core.minifakedns.start_dns_server()`.

The previous implementation assumed the DNS server would be run from the
main thread, and thus have access to SIGINT, but this was never actually
possible because a `KeyboardInterrupt` was actually intercepted by SET
itself, before the DNS server code ever got to see it. This means that
the DNS server would never shut down cleanly.

This implementation changes that by using a simplistic sentinel value
(called `stop_flag`) that can be set as an instance attribute on the new
`MiniFakeDNS` object. When the sentinel value is `True`, the DNS server
thread will exit its listening loop.

Another change this introduces is the fact that, due to this new design,
the DNS server stops when `core.cleanup_routine()` is run. And, as a
note about that, this was running twice, once upon *startup* rather than
when SET shut down. This looked like a bug to me, and it was causing
problems for this DNS server design, so I removed that extra call and
performed some simplistic tests of various SET functionality to make
sure everything still works. (It seems fine, but might warrant a second
look.)

Finally, note that this commit breaks Python 2 compatibility due to the
use of a context manager handling the UDP socket. Given that the DNS
server was not really functional for some period of time before I
started looking at it more closely, the fact that Python 2 is officially
end-of-life'd (as of January 2020), the relative complexity of writing a
Python 2 and Python 3 implementation, and the fact that many comments
elsewhere in the SET codebase all seem to be nudging towards a Python 3
compatible upgrade, I am choosing to drop support for Python 2 in my own
patches, unless there is some considerable objection.
2020-03-12 19:25:28 -04:00
Meitar M
67c2210c3e
Begin work to revive SET's built-in DNS spoofer.
The DNS server in SET assumes that it's going to be able to bind to port
53 on all interfaces, but on most modern *nix machines, that's no longer
reasonable because `systemd-resolved` runs a stub resolver there. This
means an unhandled exception is raised as soon as `DNS_SERVER=ON` in the
`set.config` file.

While there are other issues with this setting, the first chunk of work
is represented in this patch. It checks to see whether the system is
likely configured in the way systemd recommends, with `/etc/resolv.conf`
set to be a symlink pointing at `/run/systemd/resolve/stub-resolv.conf`.
If so, SET uses its root privileges to automatically reconfigure the
system in such a way as to disable `systemd-resolved`'s stub DNS
resolver, clearing port 53, and then setting the system to use Quad Nine
(`9.9.9.9`) as its DNS resolver. Quad Nine is a free service run by the
security community that provides a fast, anycast public recursive DNS
resolver. This was chosen over Cloudflare (at `1.1.1.1`) or Google
(at `8.8.8.8`) because Quad Nine also provides some malware filtering.
See https://quad9.net for details about this service.

In any event, once the reconfiguration is complete, we register a
cleanup function that will undo our configuration, ceding our own setup
back to the original system configuration just before the DNS server
thread exits, ensuring no permanent changes are made to the system.

This only works on GNU/Linux systems, of course, since Apple macOS do
not run systemd, even though they are POSIX. Of course, Apple also
doesn't run its own local stub resolver, so this is not a problem in
need of a solution of macOS. For this reason, `check_os()` is not used.
2020-03-12 02:57:48 -04:00
David Kennedy
3c56c68b5c
Merge pull request #685 from yichi-yang/master
harvester set Content-Type and Content-Length
2020-03-11 16:36:44 -04:00
David Kennedy
3a6090ee40
Merge pull request #696 from meitar/issue-686
Fixes #686: Starting SSL server causes import error.
2020-03-11 16:36:31 -04:00
David Kennedy
51aa33862f
Merge pull request #697 from meitar/seautomate-python-3
Make `seautomate` functional with Python 3.
2020-03-11 16:36:15 -04:00
David Kennedy
162d0f043b
Merge pull request #698 from meitar/ssl-socket-error
First pass at surviving certain TLS connection issues. See #696.
2020-03-11 16:36:05 -04:00
Meitar M
696e09e29d
Fix NameErrors that were swallowed by blanket except blocks.
The actual `socketserver` variable was sometimes called `server` and
sometimes called `httpd`. This meant that invisible `NameError`
exceptions were being raised in several places when the server's socket
was supposed to be closed (with calls to `socket.close()`.

This commit converges on the variable name `server` for the socket
server, and continues to move code responsible solely for generating
reports into the `generate_reports()` helper function. By doing so, the
functions where the servers are being handled are shorter, making it
easier to spot name errors such as the ones fixed here.
2020-03-10 21:22:24 -04:00
Meitar M
46481e0147
Fixes report generation for built-in SSL server.
Turns out, the `shutdown_request()` method was not ever catching
`KeyboardInterrupt` exceptions because they were never raised there.
This means we can at least catch the exception in that block, and move
the exception handling closer to where it should be.

That turns out to be in `ssl_server()` itself, which AFAICT was never
going to generate reports the same way that the non-SSL server was,
visible in the `run()` method.

This commit revives the report generation capabilities in `ssl_server()`
by moving the same logic used by `run()` into a new function,
`generate_reports()` and calling it in both code paths.
2020-03-10 21:07:55 -04:00