sneedmca/shadowbrokers-exploits
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
shadowbrokers-exploits/windows/Resources/Ops/PyScripts/scansweep/scanengine2/scanner.py

122 lines
4.5 KiB
Python
Raw Permalink Normal View History

Inital commit of Shadowbrokers 'Lost in Translation' release
2017-04-14 09:45:07 +00:00
import ops.cmd
import dsz
from scanengine2 import scan
import os.path
def _whats_your_job():
return 'scanner\\|*'
def _whats_your_name():
return 'scanner'
def _support_ipv6():
return False
class scanner(scan, ):
def __init__(self, job, timeout=None):
scan.__init__(self, job)
if (len(job) > 1):
self.type = job[0].split('|')[1]
self.scan_type = _whats_your_name()
def execute_scan(self, verbose):
service_dict = {'win_scan': {'protocol': '-tcp', 'port': '139'}, 'winn': {'protocol': '-udp', 'port': '137'}, 'http': {'protocol': '-tcp', 'port': '80'}, 'ssh': {'protocol': '-tcp', 'port': '22'}}
redir_cmd = ops.networking.redirect.generate_tunnel_cmd(arg_list=[service_dict[self.type]['protocol'], '-target', self.target, service_dict[self.type]['port'], '-lplisten', service_dict[self.type]['port']], random=False)
redir_output = ops.networking.redirect.start_tunnel(dsz_cmd=redir_cmd)
if (not ((redir_output is not False) and (type(redir_output) is int))):
return False
PATH_TO_SCANNER = os.path.join(ops.TOOLS, 'scanner.exe')
scannercmd = ops.cmd.getDszCommand('run', dszquiet=(not verbose))
scannercmd.command = ('%s %s 127.0.0.1' % (PATH_TO_SCANNER, self.type))
scannercmd.arglist.append('-redirect')
scannercmd.prefixes.append('local')
scannercmd.prefixes.append('log')
scannerobject = scannercmd.execute()
ops.networking.redirect.stop_tunnel(dsz_cmd=redir_cmd)
data = ''
first = False
num_names = (-1)
for processoutput in scannerobject.processoutput:
lines = processoutput.output.split('\n')
for line in lines:
if (self.type == 'http'):
if line.startswith('Server:'):
data = line.strip().split(':')[1]
break
elif (self.type == 'ssh'):
if line.startswith('---------------'):
first = True
elif first:
if line.startswith('--'):
break
data = line.strip()
break
elif (self.type == 'win_scan'):
if (line.startswith('*') and (line[1] != '*')):
data = line.strip()
break
elif (self.type == 'winn'):
if line.startswith('received'):
num_names = int(line.strip().split(' ')[1])
elif (num_names > 0):
if (not first):
first = True
data = ('%s <%s>' % (line.split('<')[0].strip(), line.split('<')[1].split('>')[0].strip()))
else:
data = ('%s, %s <%s>' % (data, line.split('<')[0].strip(), line.split('<')[1].split('>')[0].strip()))
num_names = (num_names - 1)
elif (num_names == 0):
break
self.data = data
self.timestamp = dsz.Timestamp()
if (not (data == '')):
self.success = True
def return_success_message(self):
return ('%s response for %s' % (self.type, self.target))
def verify_escalation(self, escalation_rule):
scanner = self
try:
eval_res = eval(escalation_rule)
if ((eval_res == True) or (eval_res == False)):
return True
else:
return False
except:
return False
def check_escalation(self, escalation_rule):
scanner = self
try:
if eval(escalation_rule):
return True
else:
return False
except:
return False
def return_data(self):
return scan.return_data(self)
def get_display_headers(self):
return ['Targeted Address', 'Type', 'Data', 'Time Stamp']
def get_data_fields(self):
return ['target', 'type', 'data', 'timestamp']
def get_raw_fields(self):
return (self.get_data_fields() + ['success'])
def verify_job(self, job):
if ((not (len(job) == 2)) or (not (job[1] in ['http', 'win_scan', 'ssh', 'winn']))):
return False
return True
def min_time(self):
return 30
def min_range(self):
return 5
Reference in a new issue Copy permalink