vvvrelease/0.2.2

[grisuno]

Full Changelog: vvvrelease/0.2.1...vvvrelease/0.2.2

username_anarchy

Generate usernames using the username-anarchy tool based on user input.

This function prompts the user to either provide names directly or select
options such as auto-generation based on country datasets, input files, and
specific username formats. It then constructs the command for username-anarchy
and executes it.

:param line: is optional you can pass the name and lastname as an argument example: username_anarchy firstname lastname
:returns: None

emp3r0r

Command emp3r0r Downloads and sets up the Emperor server for local exploitation.

This function performs the following tasks:

1. Checks if Emperor is already downloaded.
2. Downloads the Emperor tar.xz file if not already present.
3. Extracts the contents into the sessions directory.
4. Executes the Emperor server.
5. Prepares the agent download command based on the OS Host and copies it to the clipboard.

Args:
line (str): Optional arguments to specify port Relay

Returns:
None

Example:
emp3r0r 6666

Notes:
- Ensure that the required dependencies are installed.

template_helper_serializer

Handles the creation and serialization of a template helper.

This function performs the following tasks:

1. Retrieves the filename and data to be written from the input line.
2. Initializes a template file and writes the data to it.
3. Serializes the template data and outputs the result.

Args:
line (str): The input line containing the filename and data in the format "filename, data".

Returns:
None

Raises:
None

Example:
template_helper_serializer shell.php,

gospherus

Command gospherus: Clones and uses the Gopherus tool to generate gopher payloads for various services.
Use the command template_helper_serializer to generate the serialization payload. more info help template_helper_serializer

This function performs the following tasks:
0. Install Python2 (Old protocol, old t00l, old python)

1. Checks if Gopherus is already cloned in the external/.exploit directory.
2. Clones the Gopherus repository if not already present.
3. Enumerates the possible exploits and prompts the user to choose one.
4. Runs the selected exploit using Gopherus.

Args:
line (str): Optional argument for specifying the chosen exploit.

Returns:
None

Example:
gospherus 2

wpscan

Command wpscan: Installs and runs WPScan to perform WordPress vulnerability scanning.

This function performs the following tasks:

1. Checks if WPScan is installed.
2. Installs WPScan using gem if not already installed.
3. Prompts the user for a URL to scan.
4. Allows the user to choose additional WPScan options such as --stealthy or --enumerate.
5. Executes the WPScan command with the chosen options.

Args:
line (str): Optional argument to specify the URL or additional WPScan options.

Returns:
None

Example:
wpscan --url blog.tld

createjsonmachine_batch

Create multiple JSON payload files based on a CSV input file from HackerOne.

This function processes a CSV file located in the 'sessions' directory. The CSV file
must contain information about different assets, including 'identifier',
'eligible_for_bounty', and 'eligible_for_submission'. For each asset where
both 'eligible_for_bounty' and 'eligible_for_submission' are set to True,
a JSON payload file is created using a predefined template.

The CSV must contain the following columns:

• 'identifier': Domain or asset name used to generate the URL and domain for the payload.
• 'eligible_for_bounty': A boolean indicating if the asset is eligible for bounty.
• 'eligible_for_submission': A boolean indicating if the asset is eligible for submission.

For each eligible asset:

• The URL is generated based on the 'identifier' field.
• The domain is derived from the 'identifier' field.
• The 'rhost' field in the JSON payload is updated using the IP address obtained by pinging the domain.

The JSON payload is saved in the format 'payload_.json'.

Parameters:
line (str): An optional string parameter. If provided, it selects the corresponding CSV file
in the 'sessions' directory based on the user's input.

Returns:
None

ip2hex

Convert an IPv4 address into its hexadecimal representation.

This function takes an IPv4 address in standard dotted-decimal format
(e.g., '192.168.1.1') and converts each of its four octets into a hexadecimal
number. The resulting hexadecimal string is concatenated without separators,
providing the full hexadecimal equivalent of the IP address.

The input IP address is expected to be a string in the format 'X.X.X.X',
where X is an integer between 0 and 255.

Parameters:
line (str): The input string representing the IPv4 address in dotted-decimal format.

Returns:
None: The hexadecimal equivalent of the IP address is printed to the console.

john2keepas

List all .kdbx files in the 'sessions' directory, let the user select one, and run the
command sudo keepass2john {user_file} > sessions/hash.txt.
If 'sessions/hash.txt' already exists, it will be backed up with a timestamp to avoid overwriting.

Parameters:
line (str): An optional string parameter. This can be used for any additional input,
though it's not needed in this specific command.

Returns:
None

keepass

Open a .kdbx file and print the titles and contents of all entries. The password can be provided through
the 'line' parameter, via user input, or from a 'credentials.txt' file in the 'sessions' directory.

If the file 'credentials.txt' exists in the 'sessions' directory, the first password from it
will be used automatically.

Parameters:
line (str): An optional string parameter to pass the password. If not provided, the user will
be prompted to input the password.

Returns:
None

mssqlcli

Attempts to connect to an MSSQL server using the mssqlclient.py tool with Windows authentication.

The function retrieves the necessary parameters (remote host and domain) from the
instance's parameter dictionary. If a credentials file exists in the 'sessions_dir',
it reads the file and uses the username/password combinations found there. If the file
does not exist, it prompts the user for a username and password.

The password is copied to the clipboard for convenience. A command is constructed using
the mssqlclient.py tool, and it is then executed to initiate the connection to the MSSQL
server.

Args:
line (str): The password input from the command line or an empty string if not provided.

Returns:
None

getadusers

Executes the GetADUsers.py script to retrieve Active Directory users.

The function retrieves the necessary parameters (domain controller IP and domain) from the
instance's parameter dictionary. If a credentials file exists in the 'sessions_dir',
it reads the file and uses the username/password combinations found there. If the file
does not exist, it prompts the user for a username and password.

The password is copied to the clipboard for convenience. A command is constructed using
the GetADUsers.py tool, and it is then executed to enumerate Active Directory users.

Args:
line (str): The password input from the command line or an empty string if not provided.

Returns:
None

crack_cisco_7_password

Crack a Cisco Type 7 password hash and display the plaintext.

This command takes an encrypted Cisco Type 7 password hash as input,
processes it to recover the original plaintext password, and prints the
result to the console.

Args:
line (str): The encrypted password hash in Cisco Type 7 format.

Returns:
None: The function prints the plaintext password directly to the console.

loxs

Command loxs: Installs and runs Loxs for multi-vulnerability web application scanning.

This function performs the following tasks:

1. Checks if Loxs is already cloned in the external/.exploit directory.
2. Clones the Loxs repository if not present.
3. Installs required dependencies.
4. Prompts the user for a URL or file input, custom payload file, success criteria, and thread count.
5. Executes Loxs for scanning vulnerabilities like LFI, OR, XSS, and SQLi.
6. Displays real-time results and optionally saves vulnerable URLs.

Args:
line (str): Optional argument for specifying the input URL or file, custom payload, and additional options.

Returns:
None

Example:
loxs --url target.com

blazy

Command blazy: Installs and runs blazy for multi-vulnerability web application scanning.

This function performs the following tasks:

1. Checks if blazy is already cloned in the external/.exploit directory.
2. Clones the blazy repository if not present.
3. Installs required dependencies.
4. Prompts the user for a URL or file input, custom payload file, success criteria, and thread count.
5. Executes blazy for Bruteforce Login.
6. Displays real-time results and optionally saves vulnerable URLs.

Args:
line (str): Optional argument for specifying the input URL.

Returns:
None

Example:
python3 main.py -i target.com

parth

Command parth: Installs and runs Parth for discovering vulnerable URLs and parameters.

This function performs the following tasks:

1. Checks if Parth is already cloned in the external/.exploit directory.
2. Clones the Parth repository if not present.
3. Installs required dependencies using pip3.
4. Prompts the user for a URL, file input, or import option and allows for custom output such as JSON or saving parameter names.
5. Executes Parth for scanning vulnerabilities like LFI, SSRF, SQLi, XSS, and open redirects.
6. Displays real-time results and optionally saves output in a file.

Args:
line (str): Optional argument for specifying the target domain, import file, or additional Parth options.

Returns:
None

Example:
parth -t example.com

breacher

Command breacher: Installs and runs Breacher for finding admin login pages and EAR vulnerabilities.

This function performs the following tasks:

1. Checks if Breacher is already cloned in the external/.exploit directory.
2. Clones the Breacher repository if not present.
3. Installs required dependencies.
4. Prompts the user for a target URL, file type (php, asp, html), custom paths, and thread options.
5. Executes Breacher for scanning admin login pages and potential EAR vulnerabilities.
6. Supports multi-threading and custom paths for enhanced scanning.

Args:
line (str): Optional argument for specifying the target URL, file type, and additional Breacher options.

Returns:
None

Example:
breacher -u example.com --type php

xsstrike

Command xsstrike: Installs and runs XSStrike for finding XSS vulnerabilities.

This function performs the following tasks:

1. Checks if XSStrike is already cloned in the external/.exploit directory.
2. Clones the XSStrike repository if not present.
3. Installs required dependencies.
4. Prompts the user for a target URL, crawling level, request method, encoding, and additional XSStrike options.
5. Executes XSStrike for testing vulnerabilities, supporting multiple features like fuzzing, blind XSS injection, crawling, and more.

Args:
line (str): Optional argument for specifying the target URL, crawling level, encoding, and other XSStrike options.

Returns:
None

Example:
xsstrike -u http://example.com/search.php?q=query --crawl -l 3

penelope

Command penelope: Installs and runs Penelope for handling reverse and bind shells.

This function performs the following tasks:

1. Checks if Penelope is already cloned in the external/.exploit directory.
2. Clones the Penelope repository if not present.
3. Prompts the user for various options to configure and run Penelope.
4. Executes Penelope with the specified options, supporting multiple features like reverse shell, bind shell, file server, etc.

Args:
line (str): Optional argument for specifying the port and other Penelope options.

Returns:
None

Example:
penelope 5555 -i eth0

v

Open a new window within a tmux session using the LazyOwn RedTeam Framework.

This method is designed to create a new vertical split window in an existing
tmux session, where the specified command will be executed. The command
used to open the new window is the ./run --no-banner script, which is
intended for use within the LazyOwn RedTeam Framework environment.

The method first ensures that the specified tmux session is active by calling
the ensure_tmux_session function. If the session is not already running,
it will create a new one. After confirming that the session is active, it
proceeds to create a new vertical window with a specified size. The size of
the new window is currently set to 50% of the available terminal space.

Args:
arg (str): Additional arguments passed to the command, if any. This can be
used to customize the behavior of the command executed in the
new window. However, in the current implementation, this
argument is not utilized and can be left as an empty string.

Example:
If this method is called within a command-line interface of the LazyOwn
RedTeam Framework, it will open a new vertical tmux window and execute
the ./run --no-banner command within it.

Note:
- Ensure that tmux is installed and properly configured on the system.
- The method assumes that the session name is defined and accessible in
the scope where this method is called.

h

Open a new window within a tmux session using the LazyOwn RedTeam Framework.

This method is designed to create a new horizontal split window in an existing
tmux session, where the specified command will be executed. The command
used to open the new window is the ./run --no-banner script, which is
intended for use within the LazyOwn RedTeam Framework environment.

The method first ensures that the specified tmux session is active by calling
the ensure_tmux_session function. If the session is not already running,
it will create a new one. After confirming that the session is active, it
proceeds to create a new horizontal window with a specified size. The size of
the new window is currently set to 50% of the available terminal space.

Args:
arg (str): Additional arguments passed to the command, if any. This can be
used to customize the behavior of the command executed in the
new window. However, in the current implementation, this
argument is not utilized and can be left as an empty string.

Example:
If this method is called within a command-line interface of the LazyOwn
RedTeam Framework, it will open a new horizontal tmux window and execute
the ./run --no-banner command within it.

Note:
- Ensure that tmux is installed and properly configured on the system.
- The method assumes that the session name is defined and accessible in
the scope where this method is called.

adgetpass

Command adgetpass: Generates a PowerShell script to extract credentials from Azure AD Connect Sync.

This function generates a PowerShell script based on user inputs, including the SQL server,
database, and custom keyset values. The script retrieves encryption keys, decrypts credentials,
and outputs the domain, username, and password from the AD Sync configuration.

Args:
line (str): Optional argument to specify the server name, database name, and other options
in the following format: "server_name database_name keyset_id instance_id entropy".

Returns:
None

Example:
adgetpass MONTEVERDE ADSync 1 1852B527-DD4F-4ECF-B541-EFCCBFF29E31 194EC2FC-F186-46CF-B44D-071EB61F49CD

openredirex

Command openredirex: Clones, installs, and runs OpenRedirex for testing open redirection vulnerabilities.

This function performs the following tasks:

1. Clones the OpenRedirex repository if not already cloned.
2. Installs the required dependencies using the setup script.
3. Prompts the user for required inputs like the URL list, payloads file, keyword, and concurrency level.
4. Executes OpenRedirex to scan the provided URLs for open redirection vulnerabilities.

Args:
line (str): Optional argument for specifying the URL list, payload file, keyword, and concurrency level.

Returns:
None

Example:
openredirex list_of_urls.txt payloads.txt FUZZ 50

feroxbuster

Command feroxbuster: Installs and runs Feroxbuster for performing forced browsing and directory brute-forcing.

This function performs the following tasks:

1. Installs Feroxbuster using a curl command if it's not already installed.
2. Prompts the user for required inputs like the target URL, wordlist, file extensions, and additional options.
3. Executes Feroxbuster for directory enumeration and brute-force attacks.

Args:
line (str): Optional argument for specifying the target URL, wordlist, and other Feroxbuster options.

Returns:
None

Example:
feroxbuster -u http://example.com -w wordlist.txt -x php,html

gowitness

Command gowitness: Installs and runs Gowitness for screenshotting web services or network CIDR blocks.

This function performs the following tasks:

1. Ensures that Gowitness is installed (if not, installs it).
2. Allows the user to select the scan type (single, scan, nmap, report).
3. Based on the scan type, prompts for the appropriate input (URL or XML file).
4. Allows the user to choose additional flags based on the scan type.
5. Executes Gowitness with the chosen parameters.

Args:
line (str): Optional argument for specifying the URL or scan type.

Returns:
None

Example:
gowitness nmap -f scan_results.xml --write-db

odat

Command odat: Runs the ODAT sidguesser module to guess Oracle SIDs on a target Oracle database.

This function performs the following tasks:

1. Ensures that ODAT is installed (checks if 'odat.py' exists).
2. Allows the user to specify the RHOST and port.
3. Runs ODAT's 'sidguesser' module with the specified parameters.

Args:
line (str): Optional argument for specifying additional ODAT options.

Returns:
None

Example:
odat

sireprat

Command sireprat: Automates the setup and usage of SirepRAT to perform various attacks on a Windows IoT Core device.

This function performs the following tasks:

1. Installs required dependencies and sets up SirepRAT if not already installed.
2. Prompts the user to select from predefined attacks, including retrieving system information, executing commands, saving registry keys, and copying files.
3. Executes the selected attack on the target device, using the remote host IP stored in self.params["rhost"].

Args:
line (str): Optional argument for specifying attack type directly.

Returns:
None

Example:
sireprat

createtargets

Generates hosts.txt, urls.txt, domains.txt, and targets.txt from multiple JSON payload files.

This function scans the current directory for all JSON files with the format 'payload_{variable}.json',
and extracts the 'rhost', 'url', 'domain', and 'subdomain' fields from each file. It then writes these values into
four separate text files: 'hosts.txt', 'urls.txt', 'domains.txt', and 'targets.txt'. The 'targets.txt' file contains
the domain and subdomain in the format '{subdomain}.{domain}' and '{subdomain}.{url}', with domains cleaned using
the 'get_domain' function.

Parameters:
line (str): An optional argument (unused in this function).

Returns:
None

shellcode2sylk

Converts shellcode to SYLK format and saves the result to a file.

This function reads the provided shellcode, or retrieves it from a default
binary source if not supplied. The shellcode is then converted to SYLK
format and saved in the sessions/shellcode.sylk file.

PoC Python code to create a SYLK file with Excel4 shellcode loader.

Author: Stan Hegt (@stanhacked)

Just a proof of concept. Needs polishing before use in actual operations.
Or as Adam Chester would put it: "RWX for this POC, because... yolo"

Background details: https://outflank.nl/blog/2019/10/30/abusing-the-sylk-file-format/

Args:
line (str): The input shellcode string. If empty or None, the function
attempts to load shellcode from a predefined source.

Returns:
None: The function writes the SYLK shellcode to a file and prints it
out, but does not return any value.

Raises:
FileNotFoundError: If no shellcode is found when trying to load it from
the default source.

---

This discussion was created from the release vvvrelease/0.2.2.