Comments

Saturday, December 7, 2013

Two Days with Cortana Script Engine - Cobalt Strike/Armitage

Posted by at Saturday, December 07, 2013 Read our previous post

Cobalt Strike logo

 

Shodanhq meets Cobalt Strike Script Engine

Maybe anybody can need it,Just a Simple Interface Script for Shodan Search Engine.

Here some Screenshots :

Kali-2013-11-27-22-02-08_thumb%25255B2%25255D[1]

Enter Search Word Like “ssh2”

Kali-2013-11-27-22-03-13_thumb%25255B2%25255D[1]

Kali-2013-11-27-22-04-38_thumb%25255B4%25255D[1]

Be Happy ;)

Kali-2013-11-27-22-05-55_thumb%25255B4%25255D[1]

Simple Script to parse all ips,sry im not a dev pro ;) No auto add ips atm….. maybe sometimes

Kali-2013-11-27-22-06-37_thumb%25255B3%25255D[1]

Add Host Copy & Paste

Kali-2013-11-27-22-20-49_thumb%25255B4%25255D[1]

Happy Hunting ---->

Its a littlebit buggi but it works .

Source code :

# Shodan API Query for Cobalt Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy
# from http://security-is-just-an-illusion.blogspot.de

println("\n----------------------------------------\n\c4[*] Shodan API Query for Cobalt Engine v0.1 Loaded [*] \n----------------------------------------");

menubar("Web ToolKit", "webstuff",2);

popup webstuff {
menu "Shodan Search" {
item "Query Shodan Api" {

$ip = prompt_text("Enter Search Query");
$output = prompt_text("Enter File Name Log File Saved on Desktop");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");

println("\n----------------------------------------\n\c4[*] Get Targets from Shodan API \n----------------------------------------");
$console = console();
$console = open_console_tab("Get Targets from Shodan API");
cmd($console, "use auxiliary/gather/shodan_search");
cmd($console, "set MAXPAGE 5");
cmd($console, "set SHODAN_APIKEY W6UgwFqFuejJvAEOZuRX5Jd6vXrbfN72");
cmd($console, "set QUERY $ip");
cmd($console, "set DATABASE 1");
cmd($console, "set OUTFILE /root/Desktop/$output");
cmd($console, "set VHOST www.shodanhq.com");
cmd($console, "run -j");
sleep(10 * 1000);
}
cmd($console, "python /root/Desktop/shoda.py /root/Desktop/$output");
db_sync();
}
}
}

 


Split Ips from Log File :

 


#!/usr/bin/python
#########################################################################
# ___ _ _ _____ ___ ____ __
# / __)( )_( )( _ )/ __)( _ \( )
# \__ \ ) _ ( )(_)( ( (_-.) / )(__
# (___/(_) (_)(_____)\___/(_)\_)(____) V0.21
# -some code borrowed from >> https://developers.shodan.io/index.html
# -rest created/mixed up by FIZZLESTICK
# -trollsohard[at]rebelbas.es
#
# MORE INFO COMING
#
# [changelog]
# 9/25/2013 v0.2 - written up for RC worth.. needs some IP/vs DNS handling
# 10/11/2013 v0.21 - cleaned up host output a bit, banners, formatting
#########################################################################
#!/usr/bin/env python

#import the necessary modules
import re #for regular expressions - to match ip's
import sys #for parsing command line opts

# I need to probably make this more pythonic but am working on that...
# if file is specified on command line, parse, else ask for file
if sys.argv[1:]:
logfile = sys.argv[1]
else:
logfile = raw_input("Please enter a file to parse, e.g /var/log/secure: ")

try:
# open the file
file = open(logfile, "r")
# create an empty list
ips = []
# read through the file
for text in file.readlines():
#strip off the \n
text = text.rstrip()
#this is probably not the best way, but it works for now
regex = re.findall(r'(?:\d{1,3}\.){3}\d{1,3}', text)
# if the regex is not empty and is not already in ips list append
if regex is not None and regex not in ips:
ips.append(regex)


#loop through the list
for ip in ips:
#I know there is argument as to whether the string join method is pythonic
addy = "".join(ip)
if addy is not '':
print "%s"% (addy)
#cleanup and close file
file.close()
#catch any standard error (we can add more later)
except IOError, (errno, strerror):
print "I/O Error(%s) : %s" % (errno, strerror)

INFO : Feel Free to use my Api Key :)


2 comments:

  1. Submit your website or blog now for indexing in Google and over 300 other search engines!

    Over 200,000 sites listed!

    SUBMIT NOW using I NEED HITS!!!

    ReplyDelete
  2. Find free website marketing tools at TrafficHeap.

    ReplyDelete

[#] iNFO [#]

All the information provided on this site is for educational purposes only.
 
The site and it's author is in no way responsible for any misuse of the information.
©2012 Security is just an Illusion is powered by Blogger - Template designed by Stramaxon - Best SEO Template