Two Days with Cortana Script Engine - Cobalt Strike/Armitage

Posted by Security is just an illusion at Saturday, December 07, 2013 Read our previous post

 

Shodanhq meets Cobalt Strike Script Engine

Maybe anybody can need it,Just a Simple Interface Script for Shodan Search Engine.

Here some Screenshots :

Enter Search Word Like “ssh2”

Be Happy ;)

Simple Script to parse all ips,sry im not a dev pro ;) No auto add ips atm….. maybe sometimes

Add Host Copy & Paste

Happy Hunting ---->

Its a littlebit buggi but it works .

Source code :

# Shodan API Query for Cobalt Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy 
# from http://security-is-just-an-illusion.blogspot.de
 
println("\n----------------------------------------\n\c4[*] Shodan API Query for Cobalt Engine v0.1 Loaded [*] \n----------------------------------------");
 
menubar("Web ToolKit", "webstuff",2);
 
popup webstuff {
menu "Shodan Search" {
item "Query Shodan Api" {
 
$ip = prompt_text("Enter Search Query");
$output = prompt_text("Enter File Name Log File Saved on Desktop");
if
($ip !is $null) {
show_message("Lets Pwn The Box!"); 
 
    println("\n----------------------------------------\n\c4[*] Get Targets from Shodan API \n----------------------------------------");
   $console = console();
   $console = open_console_tab("Get Targets from Shodan API");
 cmd($console, "use auxiliary/gather/shodan_search");
    cmd($console, "set MAXPAGE 5");
 cmd($console, "set SHODAN_APIKEY W6UgwFqFuejJvAEOZuRX5Jd6vXrbfN72");
    cmd($console, "set QUERY $ip");
 cmd($console, "set DATABASE 1");
        cmd($console, "set OUTFILE /root/Desktop/$output");
 cmd($console, "set VHOST www.shodanhq.com");
    cmd($console, "run -j");
        sleep(10 * 1000);
}
  cmd($console, "python /root/Desktop/shoda.py /root/Desktop/$output");
        db_sync(); 
}
}
}

 

Split Ips from Log File :

 

#!/usr/bin/python
#########################################################################
# ___ _ _ _____ ___ ____ __
# / __)( )_( )( _ )/ __)( _ \( )
# \__ \ ) _ ( )(_)( ( (_-.) / )(__
# (___/(_) (_)(_____)\___/(_)\_)(____) V0.21
# -some code borrowed from >> https://developers.shodan.io/index.html
# -rest created/mixed up by FIZZLESTICK
# -trollsohard[at]rebelbas.es
#
# MORE INFO COMING
#
# [changelog]
# 9/25/2013 v0.2 - written up for RC worth.. needs some IP/vs DNS handling
# 10/11/2013 v0.21 - cleaned up host output a bit, banners, formatting
#########################################################################
#!/usr/bin/env python
  
#import the necessary modules
import re #for regular expressions - to match ip's
import sys #for parsing command line opts
  
# I need to probably make this more pythonic but am working on that...
# if file is specified on command line, parse, else ask for file
if sys.argv[1:]:
    logfile = sys.argv[1]
else:
    logfile = raw_input("Please enter a file to parse, e.g /var/log/secure: ")
  
try:
    # open the file
    file = open(logfile, "r")
    # create an empty list
    ips = []
    # read through the file
    for text in file.readlines():
       #strip off the \n
        text = text.rstrip()
       #this is probably not the best way, but it works for now
        regex = re.findall(r'(?:\d{1,3}\.){3}\d{1,3}', text)
        # if the regex is not empty and is not already in ips list append
        if regex is not None and regex not in ips:
            ips.append(regex)
  
  
    #loop through the list
    for ip in ips:
        #I know there is argument as to whether the string join method is pythonic
        addy = "".join(ip)
        if addy is not '':
            print "%s"% (addy)
    #cleanup and close file
    file.close()
#catch any standard error (we can add more later)
except IOError, (errno, strerror):
    print "I/O Error(%s) : %s" % (errno, strerror)

INFO : Feel Free to use my Api Key :)