388 lines
11 KiB
Ruby
Executable File
388 lines
11 KiB
Ruby
Executable File
#!/usr/bin/env ruby
|
|
# -*- coding: binary -*-
|
|
|
|
#
|
|
# Check for data scripts to ensure they are up to date
|
|
#
|
|
# by h00die
|
|
#
|
|
|
|
require 'digest'
|
|
require 'open-uri'
|
|
require 'optparse'
|
|
require 'tempfile'
|
|
|
|
options = {}
|
|
optparse = OptionParser.new do |opts|
|
|
opts.banner = 'Usage: check_external_scripts.rb [options]'
|
|
opts.on('-u', '--update', 'Overwrite old scripts with newer ones.') do
|
|
options[:update] = true
|
|
end
|
|
opts.on('-h', '--help', 'Display this screen.') do
|
|
puts opts
|
|
exit
|
|
end
|
|
end
|
|
optparse.parse!
|
|
|
|
# colors and puts templates from msftidy.rb
|
|
|
|
class String
|
|
def red
|
|
"\e[1;31;40m#{self}\e[0m"
|
|
end
|
|
|
|
def yellow
|
|
"\e[1;33;40m#{self}\e[0m"
|
|
end
|
|
|
|
def green
|
|
"\e[1;32;40m#{self}\e[0m"
|
|
end
|
|
|
|
def cyan
|
|
"\e[1;36;40m#{self}\e[0m"
|
|
end
|
|
end
|
|
|
|
#
|
|
# Display an error message, given some text
|
|
#
|
|
def error(txt)
|
|
puts "[#{'ERROR'.red}] #{cleanup_text(txt)}"
|
|
end
|
|
|
|
#
|
|
# Display a warning message, given some text
|
|
#
|
|
def warning(txt)
|
|
puts "[#{'WARNING'.yellow}] #{cleanup_text(txt)}"
|
|
end
|
|
|
|
#
|
|
# Display a info message, given some text
|
|
#
|
|
def info(txt)
|
|
puts "[#{'INFO'.cyan}] #{cleanup_text(txt)}"
|
|
end
|
|
|
|
def cleanup_text(txt)
|
|
# remove line breaks
|
|
txt = txt.gsub(/[\r\n]/, ' ')
|
|
# replace multiple spaces by one space
|
|
txt.gsub(/\s{2,}/, ' ')
|
|
end
|
|
|
|
def cleanup_sqlmap_decloak_dir
|
|
unless system('rm -rf /tmp/sqlmap_decloak')
|
|
error 'Could not remove existing /tmp/sqlmap_decloak directory'
|
|
end
|
|
end
|
|
|
|
def clone_sqlmap_decloak
|
|
cleanup_sqlmap_decloak_dir
|
|
unless system('git clone -q --depth=1 https://github.com/sqlmapproject/sqlmap.git /tmp/sqlmap_decloak')
|
|
error "Either 'git' is not installed, your internet is not connected, or /tmp/sqlmap_decloak could not be removed."
|
|
end
|
|
end
|
|
|
|
# https://github.com/rapid7/metasploit-framework/pull/13191#issuecomment-626584689
|
|
def decloak(file)
|
|
unless system("python /tmp/sqlmap_decloak/extra/cloak/cloak.py -d -i #{file.path} -o #{file.path}_decloak")
|
|
unless system("python3 /tmp/sqlmap_decloak/extra/cloak/cloak.py -d -i #{file.path} -o #{file.path}_decloak")
|
|
error "Either python is not installed, or the file at #{file.path} could not be found! Please double check your computer's setup and check that the #{file.path} file exists!"
|
|
end
|
|
end
|
|
File.binread("#{file.path}_decloak")
|
|
end
|
|
|
|
#
|
|
#
|
|
# Main
|
|
#
|
|
#
|
|
|
|
scripts = []
|
|
|
|
###
|
|
# Bloodhound/Sharphound files
|
|
###
|
|
|
|
# https://github.com/BloodHoundAD/BloodHound/commit/b6ab5cd369c70219c6376d9f5c4fcd63f34fb4a0
|
|
scripts << {
|
|
name: 'Sharphound (Bloodhound) ps1',
|
|
addr: 'https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Collectors/SharpHound.ps1',
|
|
dest: '/data/post/powershell/SharpHound.ps1',
|
|
subs: [
|
|
["\t", ' '], # tabs to spaces
|
|
[/\s+$/, ''] # trailing whitespace
|
|
]
|
|
}
|
|
scripts << {
|
|
name: 'Sharphound (Bloodhound) exe',
|
|
addr: 'https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Collectors/SharpHound.exe',
|
|
dest: '/data/post/SharpHound.exe',
|
|
subs: []
|
|
}
|
|
###
|
|
# JTR files
|
|
###
|
|
scripts << {
|
|
name: 'JTR - dumb16.conf',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/dumb16.conf',
|
|
dest: '/data/jtr/dumb16.conf',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - alnumspace.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/alnumspace.chr',
|
|
dest: '/data/jtr/alnumspace.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - regex_alphabets.conf',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/regex_alphabets.conf',
|
|
dest: '/data/jtr/regex_alphabets.conf',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - latin1.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/latin1.chr',
|
|
dest: '/data/jtr/latin1.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - lowerspace.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/lowerspace.chr',
|
|
dest: '/data/jtr/lowerspace.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - utf8.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/utf8.chr',
|
|
dest: '/data/jtr/utf8.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - john.conf',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/john.conf',
|
|
dest: '/data/jtr/john.conf',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - dumb32.conf',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/dumb32.conf',
|
|
dest: '/data/jtr/dumb32.conf',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - alpha.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/alpha.chr',
|
|
dest: '/data/jtr/alpha.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - dynamic.conf',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/dynamic.conf',
|
|
dest: '/data/jtr/dynamic.conf',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - repeats32.conf',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/repeats32.conf',
|
|
dest: '/data/jtr/repeats32.conf',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - lm_ascii.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/lm_ascii.chr',
|
|
dest: '/data/jtr/lm_ascii.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - upper.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/upper.chr',
|
|
dest: '/data/jtr/upper.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - lowernum.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/lowernum.chr',
|
|
dest: '/data/jtr/lowernum.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - ascii.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/ascii.chr',
|
|
dest: '/data/jtr/ascii.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - dynamic_disabled.conf',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/dynamic_disabled.conf',
|
|
dest: '/data/jtr/dynamic_disabled.conf',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - hybrid.conf',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/hybrid.conf',
|
|
dest: '/data/jtr/hybrid.conf',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - repeats16.conf',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/repeats16.conf',
|
|
dest: '/data/jtr/repeats16.conf',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - digits.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/digits.chr',
|
|
dest: '/data/jtr/digits.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - uppernum.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/uppernum.chr',
|
|
dest: '/data/jtr/uppernum.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - lanman.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/lanman.chr',
|
|
dest: '/data/jtr/lanman.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - dynamic_flat_sse_formats.conf',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/dynamic_flat_sse_formats.conf',
|
|
dest: '/data/jtr/dynamic_flat_sse_formats.conf',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - alnum.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/alnum.chr',
|
|
dest: '/data/jtr/alnum.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - lower.chr',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/lower.chr',
|
|
dest: '/data/jtr/lower.chr',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'JTR - korelogic.conf',
|
|
addr: 'https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/korelogic.conf',
|
|
dest: '/data/jtr/korelogic.conf',
|
|
subs: []
|
|
}
|
|
|
|
###
|
|
# SQLMap UDF files
|
|
###
|
|
scripts << {
|
|
name: 'SQLMap UDF - lib_mysqludf_sys_32.so',
|
|
addr: 'https://github.com/sqlmapproject/sqlmap/blob/master/data/udf/mysql/linux/32/lib_mysqludf_sys.so_?raw=true',
|
|
dest: '/data/exploits/mysql/lib_mysqludf_sys_32.so',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'SQLMap UDF - lib_mysqludf_sys_64.so',
|
|
addr: 'https://github.com/sqlmapproject/sqlmap/blob/master/data/udf/mysql/linux/64/lib_mysqludf_sys.so_?raw=true',
|
|
dest: '/data/exploits/mysql/lib_mysqludf_sys_64.so',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'SQLMap UDF - lib_mysqludf_sys_32.dll',
|
|
addr: 'https://github.com/sqlmapproject/sqlmap/blob/master/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_?raw=true',
|
|
dest: '/data/exploits/mysql/lib_mysqludf_sys_32.dll',
|
|
subs: []
|
|
}
|
|
scripts << {
|
|
name: 'SQLMap UDF - lib_mysqludf_sys_64.dll',
|
|
addr: 'https://github.com/sqlmapproject/sqlmap/blob/master/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_?raw=true',
|
|
dest: '/data/exploits/mysql/lib_mysqludf_sys_64.dll',
|
|
subs: []
|
|
}
|
|
|
|
###
|
|
# CMS Files
|
|
###
|
|
|
|
# https://github.com/rapid7/metasploit-framework/pull/11862#issuecomment-496578367
|
|
scripts << {
|
|
name: 'WordPress - Plugins List',
|
|
addr: 'https://plugins.svn.wordpress.org',
|
|
dest: '/data/wordlists/wp-plugins.txt',
|
|
subs: [
|
|
[/^((?! <li>).)*/, ''], # remove all non-plugin lines
|
|
[/ <li><a href="[^"]+">/, ''], # remove beginning
|
|
[/\/<\/a><\/li>/,''], # remove end
|
|
[/^\s*/,''] # remove empty lines
|
|
]
|
|
}
|
|
|
|
scripts << {
|
|
name: 'WordPress - Themes List',
|
|
addr: 'https://themes.svn.wordpress.org',
|
|
dest: '/data/wordlists/wp-themes.txt',
|
|
subs: [
|
|
[/^((?! <li>).)*/, ''], # remove all non-plugin lines
|
|
[/ <li><a href="[^"]+">/, ''], # remove beginning
|
|
[/\/<\/a><\/li>/,''], # remove end
|
|
[/^\s*/,''] # remove empty lines
|
|
]
|
|
}
|
|
|
|
# Joomla's is more complicated. It looks for more than
|
|
# just components. Because of that, if you want the
|
|
# file updated, see:
|
|
# https://github.com/rapid7/metasploit-framework/pull/11199#issue-242415518
|
|
# python3 tools/dev/update_joomla_components.py
|
|
|
|
path = File.expand_path('../../', File.dirname(__FILE__))
|
|
|
|
clone_sqlmap_decloak
|
|
|
|
scripts.each do |script|
|
|
puts "Downloading: #{script[:name]}"
|
|
begin
|
|
old_content = File.binread(path + script[:dest])
|
|
old_hash = Digest::SHA1.hexdigest old_content
|
|
info "Old Hash: #{old_hash}"
|
|
|
|
new_content = URI.open(script[:addr]).read
|
|
if script.key?(:subs)
|
|
script[:subs].each do |sub|
|
|
new_content.gsub!(sub[0], sub[1])
|
|
end
|
|
end
|
|
|
|
if script[:name].start_with?('SQLMap UDF')
|
|
info('Performing decloaking')
|
|
f = Tempfile.new('sqlmap_udf')
|
|
f.write(new_content)
|
|
f.close
|
|
new_content = decloak(f)
|
|
end
|
|
|
|
new_hash = Digest::SHA1.hexdigest new_content
|
|
info "New Hash: #{new_hash}"
|
|
|
|
unless old_hash == new_hash
|
|
warning ' New version identified!'
|
|
if options[:update] == true
|
|
warning " Updating MSF copy of #{script[:dest]}"
|
|
File.binwrite(path + script[:dest], new_content)
|
|
end
|
|
end
|
|
rescue OpenURI::HTTPError
|
|
error "Unable to download, check URL: #{script[:addr]}"
|
|
rescue Errno::ENOENT
|
|
error "Destination not found, check path: #{path + script[:dest]}"
|
|
end
|
|
end
|
|
|
|
cleanup_sqlmap_decloak_dir
|