just making some minor updates here and there

Author: Ekultek

lib/banner.py

@@ -1,7 +1,7 @@
 import os
 import random
 
-VERSION = "3.1.3"
+VERSION = "3.1.4"
 
 
 def banner_1(line_sep="#--", space=" " * 30):

lib/cmdline/cmd.py

@@ -25,10 +25,10 @@ def optparser():
         """
 
         parser = argparse.ArgumentParser(
-            usage="python autosploit.py -[c|z|s|a] -[q] QUERY\n"
-                  "{spacer}[-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH\n"
-                  "{spacer}[--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH\n"
-                  "{spacer}[--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT".format(
+            usage="python autosploit.py -c[z|s|a] -q QUERY [-O|A]\n"
+                  "{spacer}[-C WORKSPACE LHOST LPORT] [-e] [--whitewash PATH] [-H]\n"
+                  "{spacer}[--ruby-exec] [--msf-path] PATH [-E EXPLOIT-FILE-PATH]\n"
+                  "{spacer}[--rand-agent] [--proxy PROTO://IP:PORT] [-P AGENT] [-D QUERY,QUERY,..]".format(
                     spacer=" " * 28
             )
         )
@@ -42,8 +42,10 @@ def optparser():
         se.add_argument("-a", "--all", action="store_true", dest="searchAll",
                         help="search all available search engines to gather hosts")
         save_results_args = se.add_mutually_exclusive_group(required=False)
-        save_results_args.add_argument("-O", "--overwrite", action="store_true", dest="overwriteHosts",
-                        help="When specified, start from scratch by overwriting the host file with new search results.")
+        save_results_args.add_argument(
+            "-O", "--overwrite", action="store_true", dest="overwriteHosts",
+            help="When specified, start from scratch by overwriting the host file with new search results."
+        )
         save_results_args.add_argument("-A", "--append", action="store_true", dest="appendHosts",
                                        help="When specified, append discovered hosts to the host file.")
 
@@ -65,7 +67,7 @@ def optparser():
         exploit.add_argument("-e", "--exploit", action="store_true", dest="startExploit",
                              help="start exploiting the already gathered hosts")
         exploit.add_argument("-d", "--dry-run", action="store_true", dest="dryRun",
-                             help="Do not launch metasploit's exploits. Do everything else. msfconsole is never called.")
+                             help="msfconsole will never be called when this flag is passed")
         exploit.add_argument("-f", "--exploit-file-to-use", metavar="PATH", dest="exploitFile",
                              help="Run AutoSploit with provided exploit JSON file.")
         exploit.add_argument("-H", "--is-honeypot", type=float, default=1000, dest="checkIfHoneypot", metavar="HONEY-SCORE",

lib/creation/issue_creator.py

@@ -78,7 +78,7 @@ def check_version_number(current_version):
     try:
         req = requests.get("https://raw.githubusercontent.com/NullArray/AutoSploit/master/lib/banner.py")
         available_version = version_checker.search(req.content).group().split("=")[-1].split('"')[1]
-        if available_version != current_version:
+        if available_version > current_version:
             return False
         return True
     except Exception:
@@ -168,15 +168,25 @@ def hide_sensitive():
     args = sys.argv
     for item in sys.argv:
         if item in sensitive:
-            # TODO:/ we need to block the IP addresses in the -C argument
-            try:
-                item_index = args.index(item) + 1
-                hidden = ''.join([x.replace(x, "*") for x in str(args[item_index])])
-                args.pop(item_index)
-                args.insert(item_index, hidden)
+            if item in ["-C", "--config"]:
+                try:
+                    item_index = args.index("-C") + 1
+                except ValueError:
+                    item_index = args.index("--config") + 1
+                for _ in range(3):
+                    hidden = ''.join([x.replace(x, '*') for x in str(args[item_index])])
+                    args.pop(item_index+_)
+                    args.insert(item_index, hidden)
                 return ' '.join(args)
-            except:
-                return ' '.join([item for item in sys.argv])
+            else:
+                try:
+                    item_index = args.index(item) + 1
+                    hidden = ''.join([x.replace(x, "*") for x in str(args[item_index])])
+                    args.pop(item_index)
+                    args.insert(item_index, hidden)
+                    return ' '.join(args)
+                except:
+                    return ' '.join([item for item in sys.argv])
 
 
 def request_issue_creation(path, arguments, error_message):

lib/exploitation/exploiter.py

@@ -40,6 +40,7 @@ class AutoSploitExploiter(object):
     sorted_modules = []
 
     def __init__(self, configuration, all_modules, hosts=None, **kwargs):
+        self.hosts = hosts
         self.hosts = hosts
         self.configuration = configuration
         self.mods = all_modules
@@ -89,14 +90,13 @@ def start_exploit(self, sep="*" * 10):
         report_path = path.join(current_run_path, "report.csv")
         with open(report_path, 'w') as f:
             csv_file = csv.writer(f, quoting=csv.QUOTE_ALL)
-            csv_file.writerow(['Target Host',
-                               'Date (UTC)',
-                               'MSF Module',
-                               "LocalHost",
-                               "Listening Port",
-                               "Successful Logs",
-                               "Failure Logs",
-                               "All Logs"])
+            csv_file.writerow(
+                [
+                    'Target Host', 'Date (UTC)', 'MSF Module',
+                    "LocalHost", "Listening Port", "Successful Logs",
+                    "Failure Logs", "All Logs"
+                ]
+            )
 
         lib.output.info("Launching exploits against {hosts_len} hosts:".format(hosts_len=len(self.hosts)))
 
@@ -117,7 +117,7 @@ def start_exploit(self, sep="*" * 10):
                     skip = True
                     skip_amount += 1
                 else:
-                    lib.output.misc_info("{} does not appear to be a honeypot, continuing attack")
+                    lib.output.misc_info("{} does not appear to be a honeypot, continuing attack".format(host))
                     skip = False
             else:
                 skip = False
@@ -188,27 +188,22 @@ def start_exploit(self, sep="*" * 10):
                         ansi_escape = re.compile(r'\x1B\[[0-?]*[ -/]*[@-~]')
                         msf_output_lines = [ansi_escape.sub('', x) for x in output if re.search('\[.\]', x)]
 
-                        msf_wins = [x for x in msf_output_lines if re.search('\[\+\]', x) or
-                                                 'Meterpreter' in x or
-                                                 'Session' in x or
-                                                 'Sending stage' in x]
-
-                        msf_fails = [x for x in msf_output_lines if re.search('\[-\]', x)]
+                        msf_wins = [
+                            x for x in msf_output_lines if re.search('\[\+\]', x) or
+                                                           'Meterpreter' in x or 'Session' in x or 'Sending stage' in x
+                        ]
+                        msf_fails = [x for x in msf_output_lines if re.search('\[-\]', x) and 'Background' not in x]
 
                         if len(msf_wins):
                             win_total += 1
                         if len(msf_fails):
                             fail_total += 1
 
                         csv_file = csv.writer(f, quoting=csv.QUOTE_ALL)
-                        csv_file.writerow([rhost,
-                                           today_printable,
-                                           module_name,
-                                           lhost,
-                                           lport,
-                                           linesep.join(msf_wins),
-                                           linesep.join(msf_fails),
-                                           linesep.join(msf_output_lines)])
+                        csv_file.writerow([
+                                rhost, today_printable, module_name, lhost, lport,
+                                linesep.join(msf_wins), linesep.join(msf_fails), linesep.join(msf_output_lines)
+                             ])
 
         print("")
         lib.output.info("{}RESULTS{}".format(sep, sep))

lib/settings.py

@@ -51,7 +51,7 @@ def complete_text(self, text, state):
 exploit/run/attack      Run the exploits on the already gathered hosts
 search/api/gather       Search the API's for hosts
 exit/quit               Exit the terminal session
-single                  Load a single host into the file
+single                  Load a single host into the file, or multiple hosts separated by a comma (1,2,3,..)
 personal/custom         Load a custom host file
 tokens/reset            Reset API tokens if needed
 external                View loaded external commands

lib/term/terminal.py

@@ -308,22 +308,24 @@ def do_add_single_host(self, ip):
         Explanation:
         ------------
         Add a single host by IP address
+        Or a list of single hosts separatedd by a comma
 
         Parameters:
         -----------
         :param ip: IP address to be added
 
         Examples:
         ---------
-        single 89.76.12.124
+        single 89.76.12.124[89.76.12.43,89.90.65.78,...]
         """
-        validated_ip = lib.settings.validate_ip_addr(ip)
-        if not validated_ip:
-            lib.output.error("provided IP '{}' is invalid, try again".format(ip))
-        else:
-            with open(lib.settings.HOST_FILE, "a+") as hosts:
-                hosts.write(ip + "\n")
-                lib.output.info("host '{}' saved to hosts file".format(ip))
+        for item in ip.split(","):
+            validated_ip = lib.settings.validate_ip_addr(item)
+            if not validated_ip:
+                lib.output.error("provided IP '{}' is invalid, try again".format(ip))
+            else:
+                with open(lib.settings.HOST_FILE, "a+") as hosts:
+                    hosts.write(item + "\n")
+                    lib.output.info("host '{}' saved to hosts file".format(item))
 
     def do_quit_terminal(self, save_history=True):
         """
@@ -518,7 +520,7 @@ def terminal_main_display(self, tokens, extra_commands=None, save_history=True):
                                 lib.output.error(
                                     "must provide at least LHOST, LPORT, workspace name with `{}` keyword "
                                     "(IE {} 127.0.0.1 9076 default [whitelist-path] [honeycheck])".format(
-                                        choice.strip(), choice.strip()
+                                        choice.split(" ")[0].strip(), choice.split(" ")[0].strip()
                                     )
                                 )
                             else:
@@ -574,7 +576,7 @@ def terminal_main_display(self, tokens, extra_commands=None, save_history=True):
                                 lib.output.error(
                                     "must provide a list of API names after `{}` keyword and query "
                                     "(IE {} shodan,censys apache2)".format(
-                                        choice.strip(), choice.strip()
+                                        choice.split(" ")[0].strip(), choice.split(" ")[0].strip()
                                     )
                                 )
                             else:
@@ -605,7 +607,7 @@ def terminal_main_display(self, tokens, extra_commands=None, save_history=True):
                                 lib.output.error(
                                     "must supply API name with `{}` keyword along with "
                                     "new token (IE {} shodan mytoken123 [userID (censys)])".format(
-                                        choice.strip(), choice.strip()
+                                        choice.split(" ")[0].strip(), choice.split(" ")[0].strip()
                                     )
                                 )
                             else: