Merge pull request #6 from trustedsec/master

Updated by Library Project Script . 20221111

README.md

@@ -129,7 +129,7 @@ TOOL_DEPEND="modules/exploitation/metasploit"
 
 ### Module Development:
 
-All of the fields are pretty easy, on the repository locations, you can use GIT, SVN or FILE. Fill in the depends, and where you want the install location to be. PTF will take where the python file is located (for example exploitation) and move it to what you specify in the PTF config (located under config). By default it installs all your tools to `/pentest/PTES_PHASE/TOOL_FOLDER`
+All of the fields are pretty easy, on the repository locations, you can use GIT, SVN FILE, OR TAGS. Fill in the depends, and where you want the install location to be. PTF will take where the python file is located (for example exploitation) and move it to what you specify in the PTF config (located under config). By default it installs all your tools to `/pentest/PTES_PHASE/TOOL_FOLDER`
 
 Note in modules, you can specify after commands `{INSTALL_LOCATION}`. This will append where you want the install location to go when using after commands.
 
@@ -139,6 +139,8 @@ You also have the ability for repository locations to specify both a 32 bit and
 
 Note that ArchLinux packages are also supported, it needs to be specified for both DEBIAN and ARCH in order for it to be properly installed on either platform in the module
 
+When using the TAGS mode, this will allow you to use a github project that utilizes tags to pull the latest version (usually compiled applications) and automatically download. In order to use the TAGS method, take a look at the structure under modules/intelligence-gathering/teamfiltration.py. In this example, there is no need for a repository_location, but you will need to know the project owner, project name/repo, and the filename to download. In the example of TeamFiltration, it is located at: https://github.com/Flangvik/TeamFiltration. The owner would be Flangvik, the project/tool would be TeamFiltration. If you navigate to releases: https://github.com/Flangvik/TeamFiltration/releases/, we can see here that the name of the file we want to download is "TeamFiltration_Linux". These are under the OWNER, REPOHOME, and FILENAME. Specifying these, PTF will automatically detect the latest release of the tool and install them.
+
 ### GITLAB Support
 
 You can create your own modules and PTF also supports gitlab access. Instead of specifying git, wget, etc., simply specify gitlab and point to your own internal gitlab tools for modules.

modules/intelligence-gathering/go-windapsearch.py

@@ -0,0 +1,37 @@
+#!/usr/bin/env python
+#####################################
+# Installation module for go-windapsearch
+#####################################
+
+# DESCRIPTION OF THE MODULE
+DESCRIPTION="This module will install/update go-windapsearch a tool to assist in Active Directory Domain enumeration through LDAP queries."
+
+AUTHOR="Ronnie Flathers - ropnop"
+
+# INSTALL TYPE GIT, SVN, FILE DOWNLOAD
+# OPTIONS = GIT, SVN, FILE
+INSTALL_TYPE="GIT"
+
+# LOCATION OF THE FILE OR GIT/SVN REPOSITORY
+REPOSITORY_LOCATION="https://github.com/ropnop/go-windapsearch.git"
+
+# WHERE DO YOU WANT TO INSTALL IT
+INSTALL_LOCATION="go-windapsearch"
+
+# DEPENDS FOR DEBIAN INSTALLS
+DEBIAN="git"
+
+# DEPENDS FOR FEDORA INSTALLS
+FEDORA="git"
+
+# DEPENDS FOR ARCHLINUX INSTALLS
+ARCHLINUX="git,go"
+
+# COMMANDS TO RUN AFTER
+AFTER_COMMANDS="go get -u github.com/magefile/mage && cd {INSTALL_LOCATION} && mage build"
+
+# THIS WILL CREATE AN AUTOMATIC LAUNCHER FOR THE TOOL
+LAUNCHER="windapsearch"
+
+# PREREQ INSTALL MODULES NEEDED FOR THIS TOOL TO WORK PROPERLY
+TOOL_DEPEND=""

modules/intelligence-gathering/teamfiltration.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python
+#####################################
+# Installation module for TeamFiltration
+#####################################
+
+# AUTHOR OF MODULE NAME
+AUTHOR="David Kennedy (HackingDave)"
+
+# DESCRIPTION OF THE MODULE
+DESCRIPTION="This module will install/update TeamFiltration - a cross-platform framework for O365/AAD accounts."
+
+# INSTALL TYPE GIT, SVN, FILE DOWNLOAD, TAGS
+# OPTIONS = GIT, SVN, FILE, TAGS
+INSTALL_TYPE="TAGS"
+
+# LOCATION OF THE FILE OR GIT/SVN REPOSITORY - new releases will need to change tag path
+REPOSITORY_LOCATION=""
+
+# IF INSTALL_TYPE TAGS IS SPECIFIED, THIS WILL PULL THE LATEST VERSION OF AN APPLICATION BACK VIA GITHUB TAGS
+# YOU WILL NEED TO KNOW THE OWNER, REPO, AND FILENAME. EXAMPLE: https://github.com/Flangvik/TeamFiltration/
+# THE OWNER: FLANGVIK
+# THE REPO: TeamFiltration
+# THE FILENAME CAN BE FOUND UNDER https://github.com/Flangvik/TeamFiltration/releases/
+# IN THIS EXAMPLE TeamFiltration_Linux IS THE NAME OF THE FILE WE ARE DOWNLOADING
+
+# OWNER OF THE REPO
+OWNER="FLANGVIK"
+
+# REPO NAME FOR THE TOOL/PROJECT
+REPOHOME="TeamFiltration"
+
+# FILENAME WE ARE DOWNLOADING
+FILENAME="TeamFiltration_Linux"
+
+# WHERE DO YOU WANT TO INSTALL IT
+INSTALL_LOCATION="teamfiltration"
+
+# DEPENDS FOR DEBIAN INSTALLS
+DEBIAN=""
+
+# DEPENDS FOR FEDORA INSTALLS
+FEDORA=""
+
+# DEPENDS FOR ARCHLINUX INSTALLS
+ARCHLINUX=""
+
+# COMMANDS TO RUN AFTER
+AFTER_COMMANDS="cd {INSTALL_LOCATION};chmod +x TeamFiltration_Linux"

modules/post-exploitation/crackmapexec.py

@@ -26,7 +26,7 @@
 FEDORA="git"
 
 # COMMANDS TO RUN AFTER
-AFTER_COMMANDS="cd {INSTALL_LOCATION},rm -rf crackmapexec,git clone --recursive https://github.com/byt3bl33d3r/CrackMapExec crackmapexec,cd {INSTALL_LOCATION}crackmapexec,python3.7 -m pip install -r requirements.txt,python3.7 setup.py install"
+AFTER_COMMANDS="cd {INSTALL_LOCATION},rm -rf crackmapexec,git clone --recursive https://github.com/byt3bl33d3r/CrackMapExec crackmapexec,cd {INSTALL_LOCATION}crackmapexec,python3 -m pip install -r requirements.txt,python3 setup.py install"
 
 # AUTOMATIC LAUNCH
 LAUNCHER="crackmapexec"

modules/post-exploitation/evilwinrm.py

@@ -25,11 +25,14 @@
 # DEPENDS FOR FEDORA INSTALLS
 FEDORA="git"
 
+# DEPENDS FOR ARCHLINUX INSTALLS
+ARCHLINUX="git, ruby"
+
 # COMMANDS TO RUN AFTER
-AFTER_COMMANDS="cd {INSTALL_LOCATION},gem install evil-winrm"
+AFTER_COMMANDS="cd {INSTALL_LOCATION},gem install evil-winrm winrm winrm-fs stringio"
 
 # THIS WILL CREATE AN AUTOMATIC LAUNCHER FOR THE TOOL
-LAUNCHER=""
+LAUNCHER="evil-winrm"
 
 # PREREQ INSTALL MODULES NEEDED FOR THIS TOOL TO WORK PROPERLY
 TOOL_DEPEND=""

modules/vulnerability-analysis/legion.py

@@ -1,34 +1,32 @@
 #!/usr/bin/env python
 #####################################
-# Installation module for Legion
+# Installation module for legion
 #####################################
 
 # AUTHOR OF MODULE NAME
-AUTHOR="qt-pie"
+AUTHOR="HackingDave / BustedSec"
 
 # DESCRIPTION OF THE MODULE
-DESCRIPTION="This module will install/update Legion by GoVanguard - a semi-automated network penetration testing framework based on the tool Sparta (https://govanguard.com/legion)"
+DESCRIPTION="This module will install/update Legion (semi-automated network penetration testing framework)"
 
 # INSTALL TYPE GIT, SVN, FILE DOWNLOAD
 # OPTIONS = GIT, SVN, FILE
 INSTALL_TYPE="GIT"
 
 # LOCATION OF THE FILE OR GIT/SVN REPOSITORY
-REPOSITORY_LOCATION="https://github.com/GoVanguard/legion"
+REPOSITORY_LOCATION="https://github.com/GoVanguard/legion.git"
 
 # WHERE DO YOU WANT TO INSTALL IT
 INSTALL_LOCATION="legion"
 
 # DEPENDS FOR DEBIAN INSTALLS
-DEBIAN="git docker xorg"
+DEBIAN="python3-pip python3-pyqt5 python3-sqlalchemy python3-serial-asyncio python3-quamash python3-termcolor python3-pyfiglet python3-psycopg2 python3-apscheduler python3-pandas"
 
 # DEPENDS FOR FEDORA INSTALLS
-FEDORA="git docker xorg-x11-server-Xorg"
+FEDORA=""
 
-AFTER_COMMANDS="cd {INSTALL_LOCATION}/docker,chmod +x runIt.sh,xhost +local:docker,./runIt.sh"
+# COMMANDS TO RUN AFTER
+AFTER_COMMANDS="pip3 install pyExploitDb;pip3 install pyShodan;cd {INSTALL_LOCATION};chmod +x startLegion.sh"
 
-# create a launcher
-LAUNCHER=""
-
-# PREREQ INSTALL MODULES NEEDED FOR THIS TOOL TO WORK PROPERLY
-TOOL_DEPEND=""
+# THIS WILL CREATE AN AUTOMATIC LAUNCHER FOR THE TOOL
+LAUNCHER="startlegion"

modules/wireless/wifipumpkin3.py

@@ -20,7 +20,7 @@
 INSTALL_LOCATION="wifipumpkin3"
 
 # DEPENDS FOR DEBIAN INSTALLS
-DEBIAN="git python3.7-dev libssl-dev libffi-dev build-essential python3.7"
+DEBIAN="git python3.7-dev libssl-dev libffi-dev build-essential python3"
 
 # DEPENDS FOR FEDORA INSTALLS
 FEDORA="git python3.7"

ptf

@@ -111,8 +111,6 @@ if __name__ == "__main__":
     except KeyboardInterrupt:
         print("\n")
         info("User aborted operation ctrl+c")
-        #print_status("Running updatedb to tidy everything up.")
-        #subprocess.Popen("updatedb", shell=True).wait()
         print_status("Exiting PTF - the easy pentest platform creation framework.")
         exit()
         sys.exit()

readme/CHANGELOG

@@ -1,3 +1,20 @@
+~~~~~~~~~~~~~~~~~
+version 2.7.1
+~~~~~~~~~~~~~~~~~
+
+* added new ability to specify TAGS option in modules. This will allow you to use the tags method in github to automatically pull back the latest version of a tool/application and keep them updated. PTF will now detect the latest version and download them. Take a look at the modules/intelligence-gathering/teamfiltration file for the appropriate format. 
+* Updated README.md with the latest ability to use TAGS method.
+* Fixed an issue that would not allow you to exit PTF properly.
+
+
+~~~~~~~~~~~~~~~~~
+version 2.7
+~~~~~~~~~~~~~~~~~
+
+* remove sparta (not updated)
+* add legion
+* add teamfiltration
+
 ~~~~~~~~~~~~~~~~~
 version 2.6
 ~~~~~~~~~~~~~~~~~

src/core.py

@@ -117,7 +117,7 @@ def count_modules():
     return counter
 
 # version information
-grab_version = "2.6"
+grab_version = "2.7.1"
 
 # banner
 banner = bcolors.RED + r"""
@@ -485,3 +485,16 @@ def check_kali():
     else:
         print("[!] Not running a Debian variant..")
         return "Non-Kali"
+
+# this will pull back the latest tag for releases if they are using git tags for releases
+# owner is the github repo owner for example in this github repo:
+# https://github.com/Flangvik/TeamFiltration
+# owner equals Flangvik
+# repo equals TeamFiltration
+# Filename is the actual filename after version, in this case it would be TeamFiltration_Linux which is the name of the binary name for the application. This is essentially the filename to download.
+def get_latest_tag(owner, repo, filename):
+        import requests
+        url = ("https://api.github.com/repos/" + owner + "/" + repo + "/releases/latest")
+        response = requests.get(url)
+        tag = (response.json()["name"]).replace("V", "v")
+        return("https://github.com/" + owner + "/" + repo + "/releases/download/" + tag + "/" + filename)

src/framework.py

@@ -331,20 +331,11 @@ def use_module(module, all_trigger):
                 if "use " in prompt:
                     return prompt
 
-                # options menu - was a choice here to load upon initial load of dynamically pull each time
-                # if changes are made, it makes sense to keep it loading each time
-                #if prompt.lower() == "show options":
-                #    print("Module options (%s):" % module)
-
                 # if we are searching for something
                 if "search " in prompt:
                     if search(prompt):
                         prompt("")
 
-                #if "show " in prompt:
-                #    prompt = split("/","")[1]
-                #    search(prompt)
-
                 if prompt == "" or len(prompt) < 1:
                     print("[*] No prompt given, type help, back, show options, or run to proceed.")
                     #prompt(back)
@@ -517,8 +508,7 @@ def check_io():
                             launcher(filename, install_location)
                             # run after commands
                             if prompt != "update": after_commands(filename, install_location)
-                        #print_status("Running updatedb to tidy everything up.")
-                        #subprocess.Popen("updatedb", shell=True).wait()
+
                     if not os.path.isdir(install_location):
                         print_error("The tool was not found in the install location. Try running install first!")
             # if we want to install it
@@ -641,8 +631,18 @@ def check_io():
                         print_status("Finished Installing! Enjoy the tool located under: " + install_location)
                         launcher(filename, install_location)
                         after_commands(filename, install_location)
-                    #print_status("Running updatedb to tidy everything up.")
-                    #subprocess.Popen("updatedb", shell=True).wait()
+                    # if we are using tags
+                    if install_type.lower() == "tags":
+                        print_status("GitHub TAGS method used, will pull the latest version of the tool/project and download each time.")
+                        owner = module_parser(filename, "OWNER")
+                        repo = module_parser(filename,  "REPOHOME")
+                        repo_filename = module_parser(filename, "FILENAME")
+                        download_url = get_latest_tag(owner, repo, repo_filename)
+                        print("Latest version found: " + download_url)
+                        print("Pulling latest version from GitHub tags...")
+                        subprocess.Popen("cd %s && wget -q %s" % (install_location, download_url), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
+                        print_status("Finished installation! Enjoy the tool located under: " + install_location)
+
             # if we update all we need to break out until finished
             if int(all_trigger) == 1 or int(all_trigger) == 2:
                 break
@@ -669,8 +669,8 @@ def handle_prompt(prompt, force=False):
     # if we want to exit out
     if prompt == "quit" or prompt == "exit" or prompt == "back":
         base_counter = 1
-        print_status("Running updatedb to tidy everything up.")
-        subprocess.Popen("updatedb", shell=True).wait()
+        #print_status("Running updatedb to tidy everything up.")
+        #subprocess.Popen("updatedb", shell=True).wait()
         exit_ptf()
         sys.exit()
     # if we want to see the modules