-
Notifications
You must be signed in to change notification settings - Fork 1
/
demo.py
132 lines (108 loc) · 3.66 KB
/
demo.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# region imports
import sys
import pkg_resources
dependencies = open("requirements.txt").readlines()
try:
pkg_resources.require(dependencies)
except Exception as e:
sys.exit("missing requirements: {}".format(str(e)))
from lib.utils import *
from lib import xploiter as Xploiter
from lib import logger as logger
from termcolor import colored
import inquirer
import os
import argparse
import json
# endregion
def getArguments():
parser = argparse.ArgumentParser()
parser.add_argument("-p", "--profile", required=False, default=None, help="Attackers AWS profile name (as appears in ~/.aws/credentials")
parser.add_argument("-r", "--region", required=False, default="us-east-1", help="The region in deployed the DVSA on (defualt is `us-east-1`")
parser.add_argument("-e", "--endpoint", required=False, default=None, help="The endpoint (API Gateway) for the lambda with XXE Vulnerability")
parser.add_argument("-a", "--account", required=False, default=None, help="The AWS Account ID on which DVSA is installed")
parser.add_argument("-x", "--proxy", required=False, default=None, help="[HOST]:[PORT]")
parser.add_argument("-v", "--verbose", required=False, action="store_true", help="Print additional information to stdout")
parser.add_argument("-d", "--attack", required=False, default="None", help="Run attack directly. Use: [xxe, injection]")
args = parser.parse_args()
return {
"attack": args.attack,
"profile": args.profile,
"endpoint": args.endpoint,
"account": args.account,
"region": args.region,
"proxy": args.proxy,
"verbose": args.verbose
}
def showInitManu():
profile = getProfile()
exploit = ""
while exploit.find("[!]") == -1:
choices = [
' [01] XXE',
' [02] Injection',
colored(' [!] Quit', 'yellow')
]
question = [
inquirer.List('exploit',
message="Choose an exploit",
choices=choices
)
]
try:
return inquirer.prompt(question)["exploit"]
except:
signal_handler(None, None)
def exploit_navigator(exploit):
try:
x = exploit[exploit.find("[")+1:exploit.find("]")]
except:
return
if x=="01":
Xploiter.xploit_xxe()
elif x=="02":
Xploiter.xploit_injection()
# quit
elif x.find("!") > -1:
logger.flush()
logger.bye()
sys.exit(0)
else:
return
def main():
# update arguments to memory
args = getArguments()
print args
if not os.path.exists(LOCAL_FOLDER):
os.makedirs(LOCAL_FOLDER)
elif args['endpoint'] is None and os.path.isfile(LOCAL_FOLDER + ".endpoint"):
with open(LOCAL_FOLDER + ".endpoint") as f:
args['endpoint'] = f.read()
else:
pass
updateProfile(args)
if "attack" in getProfile() and getProfile()["attack"] is not None:
if getProfile()["attack"] == "xxe":
Xploiter.xploit_xxe()
elif getProfile()["attack"] == "injection":
Xploiter.xploit_injection()
else:
pass
# run menu in loop until exit
exploit = None
while exploit is None or exploit.find("[!]") == -1:
logger.flush()
logger.logo()
exploit = showInitManu()
logger.liner()
exploit_navigator(exploit)
# quit
if exploit.find("[!]") > -1:
logger.flush()
logger.bye()
sys.exit(0)
else:
print("What did you do ?!")
sys.exit(1)
if __name__ == "__main__":
main()