Initializer for the LazyOwnShell class.
This method sets up the initial parameters and scripts for an instance of the LazyOwnShell class. It initializes a dictionary of parameters with default values and a list of script names that are part of the LazyOwnShell toolkit.
Attributes: params (dict): A dictionary of parameters with their default values. scripts (list): A list of script names included in the toolkit. output (str): An empty string to store output or results.
Handles undefined commands, including aliases.
This method checks if a given command (or its alias) exists within the class by attempting to find a corresponding method. If the command or alias is not found, it prints an error message.
:param line: The command or alias to be handled. :type line: str :return: None
Internal function to execute commands.
This method attempts to execute a given command using
onecmd
and captures the output. It sets the
output
attribute based on whether the command was executed
successfully or an exception occurred.
:param command: The command to be executed. :type command: str :return: A message indicating the result of the command execution. :rtype: str
Handle the case where the user enters an empty line.
This method is called when the user submits an empty line of input in the command-line interface. By default, it provides feedback indicating that no command was entered.
It is useful for providing user-friendly messages or handling empty input cases in a custom manner.
License: This function is part of a program released under the GNU General Public License v3.0 (GPLv3). You can redistribute it and/or modify it under the terms of the GPLv3, as published by the Free Software Foundation.
Note: This method is called by the cmd library when an empty line is entered. You can override it in a subclass to change its behavior.
Example: >>> shell = LazyOwnShell() >>> shell.emptyline() You didn’t enter any command.
Handle the end-of-file (EOF) condition.
This method is called when the user sends an end-of-file (EOF) signal by pressing Ctrl+D. It is typically used to handle cleanup or exit operations when the user terminates input.
In this implementation, it prints a farewell message and returns True to indicate that the shell should exit.
License: This function is part of a program released under the GNU General Public License v3.0 (GPLv3). You can redistribute it and/or modify it under the terms of the GPLv3, as published by the Free Software Foundation.
Note: This method is a part of the cmd
library’s command
handling system. You can override it in a subclass to customize its
behavior.
Example: >>> shell = LazyOwnShell() >>> shell.do_EOF(None) LazyOwn say Goodbye! (shell exits)
Handle operations to perform after exiting the command loop.
This method is called after the command loop terminates, typically used for performing any final cleanup or displaying messages before the program exits.
In this implementation, it prints a message indicating that the custom shell is exiting.
License: This function is part of a program released under the GNU General Public License v3.0 (GPLv3). You can redistribute it and/or modify it under the terms of the GPLv3, as published by the Free Software Foundation.
Note: This method is called automatically by the cmd
library’s command loop after the loop terminates. You can override it in
a subclass to customize its behavior.
Example: >>> shell = LazyOwnShell() >>> shell.cmdloop() # Exits the command loop Exiting custom LazyOwnShell.
Set a parameter value.
This function takes a line of input, splits it into a parameter and a value, and sets the specified parameter to the given value if the parameter exists.
:param line: A string containing the parameter and value to be set.
Expected format: ‘
Show the current parameter values.
This function iterates through the current parameters and their values, printing each parameter and its associated value.
:param line: This parameter is not used in the function. :type line: str :return: None
Lists all available scripts in the modules directory.
This method prints a list of available scripts in a formatted manner, arranging them into columns. It shows each script with sufficient spacing for readability.
:param line: This parameter is not used in the method. :type line: str :return: None
Runs a specific LazyOwn script.
This method executes a script from the LazyOwn toolkit based on the
provided script name. If the script is not recognized, it prints an
error message. To see available scripts, use the list
or
help list
commands.
:param line: The command line input containing the script name. :type line: str :return: None
Runs the internal module modules/lazysearch.py
.
This method executes the lazysearch
script from the
specified path, using the binary_name
parameter from the
self.params
dictionary. If binary_name
is not
set, it prints an error message.
:return: None
Run the internal module located at
modules/LazyOwnExplorer.py
.
This method executes the LazyOwnExplorer.py
script,
which is used for graphical user interface (GUI) functionality within
the LazyOwn framework.
The function performs the following steps:
self.run_script
with
LazyOwnExplorer.py
to execute the GUI module.:returns: None
Manual execution: 1. Ensure that the
modules/LazyOwnExplorer.py
script is present in the
modules
directory. 2. Run the script with:
python3 modules/LazyOwnExplorer.py
Example: To run LazyOwnExplorer.py
directly, execute:
python3 modules/LazyOwnExplorer.py
Note: - Ensure that the script has the appropriate permissions and dependencies to run. - Verify that your environment supports GUI operations if using this script in a non-graphical environment.
Run the internal module located at
modules/lazyown.py
.
This method executes the lazyown.py
script, which is a
core component of the LazyOwn framework.
The function performs the following steps:
self.run_script
with lazyown.py
to
execute the script.:returns: None
Manual execution: 1. Ensure that the modules/lazyown.py
script is present in the modules
directory. 2. Run the
script with: python3 modules/lazyown.py
Example: To run lazyown.py
directly, execute:
python3 modules/lazyown.py
Note: - Ensure that the script has the appropriate permissions and dependencies to run.
Run the internal module located at
modules/update_db.sh
.
This method executes the update_db.sh
script to update
the database of binary exploitables from gtofbins
.
The function performs the following steps:
update_db.sh
script located in the
modules
directory using os.system
.:returns: None
Manual execution: 1. Ensure that the
modules/update_db.sh
script is present in the
modules
directory. 2. Run the script with:
./modules/update_db.sh
Example: To manually update the database, execute:
./modules/update_db.sh
Note: - Ensure that the script has execute permissions. - The script should be run with the necessary privileges if required.
Runs the internal module modules/lazynmap.sh
for
multiple Nmap scans.
This method executes the lazynmap
script, using the
current working directory and the rhost
parameter from the
self.params
dictionary as the target IP. If
rhost
is not set, it prints an error message.
:return: None
Run the internal module located at
modules/lazywerkzeug.py
in debug mode.
This method executes the lazywerkzeug.py
script with the
specified parameters for remote and local hosts and ports. It is used to
test Werkzeug in debug mode.
The function performs the following steps:
rhost
, lhost
,
rport
, and lport
values from
self.params
.self.run_script
with lazywerkzeug.py
and the specified parameters.:param rhost: The remote host address. :type rhost: str
:param lhost: The local host address. :type lhost: str
:param rport: The remote port number. :type rport: int
:param lport: The local port number. :type lport: int
:returns: None
Manual execution: 1. Ensure that rhost
,
lhost
, rport
, and lport
are set
in self.params
. 2. The script
modules/lazywerkzeug.py
should be present in the
modules
directory. 3. Run the script with:
python3 modules/lazywerkzeug.py <rhost> <rport> <lhost> <lport>
Example: To run lazywerkzeug.py
with rhost
set to "127.0.0.1"
, rport
to
5000
, lhost
to "localhost"
, and
lport
to 8000
, set:
self.params["rhost"] = "127.0.0.1"
self.params["rport"] = 5000
self.params["lhost"] = "localhost"
self.params["lport"] = 8000
Then call:
run_lazywerkzeugdebug()
Note: - Ensure that modules/lazywerkzeug.py
has the
appropriate permissions and dependencies to run. - Verify that the
specified hosts and ports are correct and available.
Run the internal module located at modules/lazygat.sh
.
to gathering the sistem :)
This method executes the lazygat.sh
script located in
the modules
directory with sudo
privileges.
The function performs the following steps:
lazygat.sh
script using sudo
to ensure it runs with elevated permissions.:returns: None
Manual execution: 1. Ensure that the modules/lazygat.sh
script is present in the modules
directory. 2. Run the
script with: sudo ./modules/lazygat.sh
Example: To manually run the script with elevated privileges,
execute: sudo ./modules/lazygat.sh
Note: - Ensure that the script has execute permissions. - The script
should be run with sudo
if it requires elevated
privileges.
Runs the internal module modules/lazynmap.sh
with
discovery mode.
This method executes the lazynmap
script in discovery
mode. It uses the current working directory for locating the script.
:return: None
Run the sniffer internal module located at
modules/lazysniff.py
with the specified parameters.
This method executes the script with the following arguments:
device
: The network interface to be used for sniffing,
specified in self.params
.The function performs the following steps:
device
value from
self.params
.LANG
and
TERM
to ensure proper script execution.subprocess.run
to execute the
lazysniff.py
script with the -i
option to
specify the network interface.:param device: The network interface to be used for sniffing. :type device: str
:returns: None
Manual execution: 1. Ensure that device
is set in
self.params
. 2. The script
modules/lazysniff.py
should be present in the
modules
directory. 3. Run the script with:
python3 modules/lazysniff.py -i <device>
Example: To run lazysniff
with device
set
to "eth0"
, set: self.params["device"] = "eth0"
Then call: run_lazysniff()
Note: - Ensure that modules/lazysniff.py
has the
appropriate permissions and dependencies to run. - Ensure that the
network interface specified is valid and properly configured.
Run the sniffer ftp internal module located at
modules/lazyftpsniff.py
with the specified parameters.
This function executes the script with the following arguments:
device
: The network interface to be used for sniffing,
specified in self.params
.The function performs the following steps:
device
value from
self.params
.LANG
and
TERM
to ensure proper script execution.subprocess.run
to execute the
lazyftpsniff.py
script with the -i
option to
specify the network interface.:param device: The network interface to be used for sniffing. :type device: str
:returns: None
Manual execution: 1. Ensure that device
is set in
self.params
. 2. The script
modules/lazyftpsniff.py
should be present in the
modules
directory. 3. Run the script with:
python3 modules/lazyftpsniff.py -i <device>
Example: To run lazyftpsniff
with device
set to "eth0"
, set:
self.params["device"] = "eth0"
Then call:
run_lazyftpsniff()
Note: - Ensure that modules/lazyftpsniff.py
has the
appropriate permissions and dependencies to run. - Ensure that the
network interface specified is valid and properly configured.
Run the internal module to search netbios vuln victims, located at
modules/lazynetbios.py
with the specified parameters.
This function executes the script with the following arguments:
startip
: The starting IP address for the NetBIOS scan,
specified in self.params
.endip
: The ending IP address for the NetBIOS scan,
specified in self.params
.spoof_ip
: The IP address to be used for spoofing,
specified in self.params
.The function performs the following steps:
startip
, endip
, and
spoof_ip
values from self.params
.subprocess.run
to execute the
lazynetbios.py
script with the specified parameters.:param startip: The starting IP address for the NetBIOS scan. :type startip: str
:param endip: The ending IP address for the NetBIOS scan. :type endip: str
:param spoof_ip: The IP address to be used for spoofing. :type spoof_ip: str
:returns: None
Manual execution: 1. Ensure that startip
,
endip
, and spoof_ip
are set in
self.params
. 2. The script
modules/lazynetbios.py
should be present in the
modules
directory. 3. Run the script with:
python3 modules/lazynetbios.py <startip> <endip> <spoof_ip>
Example: To run lazynetbios
with startip
set to "192.168.1.1"
, endip
set to
"192.168.1.10"
, and spoof_ip
set to
"192.168.1.100"
, set:
self.params["startip"] = "192.168.1.1"
self.params["endip"] = "192.168.1.10"
self.params["spoof_ip"] = "192.168.1.100"
Then call:
run_lazynetbios()
Note: - Ensure that modules/lazynetbios.py
has the
appropriate permissions and dependencies to run. - Ensure that the IP
addresses are correctly set and valid for the NetBIOS scan.
Run the internal module located at
modules/lazyhoneypot.py
with the specified parameters.
This function executes the script with the following arguments:
email_from
: The email address from which messages will
be sent, specified in self.params
.email_to
: The recipient email address, specified in
self.params
.email_username
: The username for email authentication,
specified in self.params
.email_password
: The password for email authentication,
specified in self.params
.The function performs the following steps:
email_from
, email_to
,
email_username
, and email_password
values from
self.params
.run_script
method to execute the
lazyhoneypot.py
script with the provided email
parameters.:param email_from: The email address from which messages will be sent. :type email_from: str
:param email_to: The recipient email address. :type email_to: str
:param email_username: The username for email authentication. :type email_username: str
:param email_password: The password for email authentication. :type email_password: str
:returns: None
Manual execution: 1. Ensure that email_from
,
email_to
, email_username
, and
email_password
are set in self.params
. 2. The
script modules/lazyhoneypot.py
should be present in the
modules
directory. 3. Run the script with:
python3 modules/lazyhoneypot.py --email_from <email_from> --email_to <email_to> --email_username <email_username> --email_password <email_password>
Example: To run lazyhoneypot
with
email_from
set to "sender@example.com"
,
email_to
set to "recipient@example.com"
,
email_username
set to "user"
, and
email_password
set to "pass"
, set:
self.params["email_from"] = "sender@example.com"
self.params["email_to"] = "recipient@example.com"
self.params["email_username"] = "user"
self.params["email_password"] = "pass"
Then call:
run_lazyhoneypot()
Note: - Ensure that modules/lazyhoneypot.py
has the
appropriate permissions and dependencies to run. - Ensure that the email
credentials are correctly set for successful authentication and
operation.
Run the internal module to create Oneliners with Groq AI located at
modules/lazygptcli.py
with the specified parameters.
This function executes the script with the following arguments:
prompt
: The prompt to be used by the script, specified
in self.params
.api_key
: The API key to be set in the environment
variable GROQ_API_KEY
, specified in
self.params
.The function performs the following steps:
prompt
and api_key
values
from self.params
.prompt
and api_key
are set.
If either is missing, it prints an error message and returns.GROQ_API_KEY
with the
provided api_key
.run_script
method to execute the
lazygptcli.py
script with the --prompt
argument.:param prompt: The prompt to be used by the script. :type prompt: str
:param api_key: The API key for accessing the service. :type api_key: str
:returns: None
Manual execution: 1. Ensure that prompt
and
api_key
are set in self.params
. 2. The script
modules/lazygptcli.py
should be present in the
modules
directory. 3. Set the environment variable
GROQ_API_KEY
with the API key value. 4. Run the script
with:
python3 modules/lazygptcli.py --prompt <prompt>
Example: To run lazygptcli
with prompt
set
to "Your prompt"
and api_key
set to
"your_api_key"
, set:
self.params["prompt"] = "Your prompt"
self.params["api_key"] = "your_api_key"
Then call:
run_lazygptcli()
Note: - Ensure that modules/lazygptcli.py
has the
appropriate permissions and dependencies to run. - The environment
variable GROQ_API_KEY
must be correctly set for the script
to function.
Run the internal module GROQ AI located at
modules/lazysearch_bot.py
with the specified
parameters.
This function executes the script with the following arguments:
prompt
: The prompt to be used by the script, specified
in self.params
.api_key
: The API key to be set in the environment
variable GROQ_API_KEY
, specified in
self.params
.The function performs the following steps:
prompt
and api_key
values
from self.params
.prompt
and api_key
are set.
If either is missing, it prints an error message and returns.GROQ_API_KEY
with the
provided api_key
.run_script
method to execute the
lazysearch_bot.py
script with the --prompt
argument.:param prompt: The prompt to be used by the script. :type prompt: str
:param api_key: The API key for accessing the service. :type api_key: str
:returns: None
Manual execution: 1. Ensure that prompt
and
api_key
are set in self.params
. 2. The script
modules/lazysearch_bot.py
should be present in the
modules
directory. 3. Set the environment variable
GROQ_API_KEY
with the API key value. 4. Run the script
with:
python3 modules/lazysearch_bot.py --prompt <prompt>
Example: To run lazysearch_bot
with prompt
set to "Search query"
and api_key
set to
"your_api_key"
, set:
self.params["prompt"] = "Search query"
self.params["api_key"] = "your_api_key"
Then call:
run_lazysearch_bot()
Note: - Ensure that modules/lazysearch_bot.py
has the
appropriate permissions and dependencies to run. - The environment
variable GROQ_API_KEY
must be correctly set for the script
to function.
Run the Metadata extractor internal module located at
modules/lazyown_metaextract0r.py
with the specified
parameters.
This function executes the script with the following arguments:
path
: The file path to be processed by the script,
specified in self.params
.The function performs the following steps:
path
from
self.params
.path
parameter is set. If not, it prints
an error message and returns.run_script
method to execute the
lazyown_metaextract0r.py
script with the appropriate
argument.:param path: The file path to be processed by the script. :type path: str
:returns: None
Manual execution: 1. Ensure that path
is set in
self.params
. 2. The script
modules/lazyown_metaextract0r.py
should be present in the
modules
directory. 3. Run the script with:
python3 modules/lazyown_metaextract0r.py --path <path>
Example: To run lazyown_metaextract0r
with
path
set to /home/user/file.txt
, set:
self.params["path"] = "/home/user/file.txt"
Then call:
run_lazymetaextract0r()
Note: - Ensure that modules/lazyown_metaextract0r.py
has
the appropriate permissions and dependencies to run.
Run the internal module located at
modules/lazyownclient.py
with the specified parameters.
This function executes the script with the following arguments:
lhost
: The IP address of the local host, specified in
self.params
.lport
: The port number of the local host, specified in
self.params
.rat_key
: The RAT key, specified in
self.params
.The function performs the following steps:
lhost
, lport
, and
rat_key
from self.params
.lhost
,
lport
, and rat_key
) are set. If any are
missing, it prints an error message and returns.run_script
method to execute the
lazyownclient.py
script with the appropriate
arguments.:param lhost: The IP address of the local host. :type lhost: str :param lport: The port number of the local host. :type lport: int :param rat_key: The RAT key. :type rat_key: str
:returns: None
Manual execution: 1. Ensure that lhost
,
lport
, and rat_key
are set in
self.params
. 2. The script
modules/lazyownclient.py
should be present in the
modules
directory. 3. Run the script with:
python3 modules/lazyownclient.py --host <lhost> --port <lport> --key <rat_key>
Example: To run lazyownclient
with lhost
set to 192.168.1.10
, lport
set to
8080
, and rat_key
set to
my_secret_key
, set:
self.params["lhost"] = "192.168.1.10"
self.params["lport"] = 8080
self.params["rat_key"] = "my_secret_key"
Then call:
run_lazyownratcli()
Note: - Ensure that modules/lazyownclient.py
has the
appropriate permissions and dependencies to run.
Run the internal module located at
modules/lazyownserver.py
with the specified parameters.
This function executes the script with the following arguments:
rhost
: The IP address of the remote host, specified in
self.params
.rport
: The port number of the remote host, specified in
self.params
.rat_key
: The RAT key, specified in
self.params
.The function performs the following steps:
rhost
, rport
, and
rat_key
from self.params
.rhost
,
rport
, and rat_key
) are set. If any are
missing, it prints an error message and returns.run_script
method to execute the
lazyownserver.py
script with the appropriate
arguments.:param rhost: The IP address of the remote host. :type rhost: str :param rport: The port number of the remote host. :type rport: int :param rat_key: The RAT key. :type rat_key: str
:returns: None
Manual execution: 1. Ensure that rhost
,
rport
, and rat_key
are set in
self.params
. 2. The script
modules/lazyownserver.py
should be present in the
modules
directory. 3. Run the script with:
python3 modules/lazyownserver.py --host <rhost> --port <rport> --key <rat_key>
Example: To run lazyownserver
with rhost
set to 192.168.1.10
, rport
set to
8080
, and rat_key
set to
my_secret_key
, set:
self.params["rhost"] = "192.168.1.10"
self.params["rport"] = 8080
self.params["rat_key"] = "my_secret_key"
Then call:
run_lazyownrat()
Note: - Ensure that modules/lazyownserver.py
has the
appropriate permissions and dependencies to run.
Run the internal module located at modules/lazybotnet.py
with the specified parameters.
This function executes the script with the following arguments:
rhost
: The IP address of the remote host, hardcoded to
“0.0.0.0”.rport
: The port number of the remote host, specified in
self.params
.rat_key
: The RAT key, specified in
self.params
.The function performs the following steps:
rport
and rat_key
from self.params
. The rhost
is hardcoded to
“0.0.0.0”.rport
and
rat_key
) are set. If any are missing, it prints an error
message and returns.run_script
method to execute the
lazybotnet.py
script with the appropriate arguments.:param rport: The port number of the remote host. :type rport: int :param rat_key: The RAT key. :type rat_key: str
:returns: None
Manual execution: 1. Ensure that rport
and
rat_key
are set in self.params
. 2. The script
modules/lazybotnet.py
should be present in the
modules
directory. 3. Run the script with:
python3 modules/lazybotnet.py --host <rhost> --port <rport> --key <rat_key>
Example: To run lazybotnet
with rport
set
to 1234
and rat_key
set to
my_key
, set: self.params["rport"] = 1234
self.params["rat_key"] = "my_key"
Then call:
run_lazybotnet()
Note: - Ensure that modules/lazybotnet.py
has the
appropriate permissions and dependencies to run.
Run the internal module located at
modules/lazylfi2rce.py
with the specified parameters.
This function executes the script with the following arguments:
rhost
: The IP address of the remote host, specified in
self.params
.rport
: The port number of the remote host, specified in
self.params
.lhost
: The IP address of the local host, specified in
self.params
.lport
: The port number of the local host, specified in
self.params
.field
: The field name for the LFI (Local File
Inclusion) attack, specified in self.params
.wordlist
: The path to the wordlist file used for the
attack, specified in self.params
.The function performs the following steps:
rhost
, rport
,
lhost
, lport
, field
, and
wordlist
from self.params
.run_script
method to execute the
lazylfi2rce.py
script with the appropriate arguments.:param rhost: The IP address of the remote host. :type rhost: str :param rport: The port number of the remote host. :type rport: int :param lhost: The IP address of the local host. :type lhost: str :param lport: The port number of the local host. :type lport: int :param field: The field name for the LFI attack. :type field: str :param wordlist: The path to the wordlist file. :type wordlist: str
:returns: None
Manual execution: 1. Ensure that rhost
,
rport
, lhost
, lport
,
field
, and wordlist
are set in
self.params
. 2. The script
modules/lazylfi2rce.py
should be present in the
modules
directory. 3. Run the script with:
python3 modules/lazylfi2rce.py --rhost <rhost> --rport <rport> --lhost <lhost> --lport <lport> --field <field> --wordlist <wordlist>
Example: To run the lazylfi2rce with rhost
set to
192.168.1.1
, rport
set to 80
,
lhost
set to 192.168.1.2
, lport
set to 8080
, field
set to file
,
and wordlist
set to path/to/wordlist.txt
, set:
self.params["rhost"] = "192.168.1.1"
self.params["rport"] = 80
self.params["lhost"] = "192.168.1.2"
self.params["lport"] = 8080
self.params["field"] = "file"
self.params["wordlist"] = "path/to/wordlist.txt"
Then call:
run_lazylfi2rce()
Note: - Ensure that modules/lazylfi2rce.py
has the
appropriate permissions and dependencies to run.
Run the internal module located at
modules/lazylogpoisoning.py
with the specified
parameters.
This function executes the script with the following arguments:
rhost
: The IP address of the remote host, specified in
self.params
.lhost
: The IP address of the local host, specified in
self.params
.The function performs the following steps:
rhost
and lhost
from self.params
.rhost
and
lhost
are set. If not, it prints an error message and
returns.run_script
method to execute the
lazylogpoisoning.py
script with the appropriate
arguments.:param rhost: The IP address of the remote host. Must be set in
self.params
. :type rhost: str :param lhost: The IP address
of the local host. Must be set in self.params
. :type lhost:
str
:returns: None
Manual execution: 1. Ensure that rhost
and
lhost
are set in self.params
. 2. The script
modules/lazylogpoisoning.py
should be present in the
modules
directory. 3. Run the script with:
python3 modules/lazylogpoisoning.py --rhost <rhost> --lhost <lhost>
Example: To run the lazylogpoisoning with rhost
set to
192.168.1.1
and lhost
set to
192.168.1.2
, set:
self.params["rhost"] = "192.168.1.1"
self.params["lhost"] = "192.168.1.2"
Then call:
run_lazylogpoisoning()
Note: - Ensure that modules/lazylogpoisoning.py
has the
appropriate permissions and dependencies to run.
Run the internal module located at modules/lazybotcli.py
with the specified parameters.
This function executes the script with the following arguments:
rhost
: The IP address of the remote host (default is
"0.0.0.0"
).rport
: The port number to be used, specified in
self.params
.rat_key
: The key for the Remote Access Tool (RAT),
specified in self.params
.The function performs the following steps:
rport
and rat_key
from self.params
.rport
and
rat_key
are set. If not, it prints an error message and
returns.run_script
method to execute the
lazybotcli.py
script with the appropriate arguments.:param rport: The port number for the connection. Must be set in
self.params
. :type rport: int :param rat_key: The key for
the RAT. Must be set in self.params
. :type rat_key: str
:returns: None
Manual execution: 1. Ensure that rport
and
rat_key
are set in self.params
. 2. The script
modules/lazybotcli.py
should be present in the
modules
directory. 3. Run the script with:
python3 modules/lazybotcli.py --host 0.0.0.0 --port <rport> --key <rat_key>
Example: To run the lazybotcli with port 12345
and key
mysecretkey
, set: self.params["rport"] = 12345
self.params["rat_key"] = "mysecretkey"
Then call:
run_lazybotcli()
Note: - Ensure that modules/lazybotcli.py
has the
appropriate permissions and dependencies to run.
Run the internal module located at
modules/lazybrutesshuserenum.py
with the specified
parameters. ONLY valid for 7.x Version !!!
The script will be executed with the following arguments:
wordlist
: The path to the wordlist file containing
potential usernames for SSH enumeration.rhost
: The target IP address or hostname for SSH
enumeration.The function performs the following steps:
wordlist
and
rhost
from self.params
.lazybrutesshuserenum.sh
script with the specified
arguments.os.system
method.:param wordlist: The path to the wordlist file for username
enumeration. Must be set in self.params
. :type wordlist:
str :param rhost: The target IP address or hostname for SSH enumeration.
Must be set in self.params
. :type rhost: str
:returns: None
Manual execution: 1. Ensure that wordlist
and
rhost
are set in self.params
. 2. Run the
script modules/lazybrutesshuserenum.sh
with the appropriate
arguments.
Dependencies: - modules/lazybrutesshuserenum.sh
must be
present in the modules
directory and must be
executable.
Example: To run the SSH user enumeration with a wordlist located at
/path/to/wordlist.txt
and target IP
192.168.1.1
, set:
self.params["usrwordlist"] = "/path/to/wordlist.txt"
self.params["rhost"] = "192.168.1.1"
Then call:
run_lazyssh77enum()
Note: - The accuracy of the results may vary depending on the version of the script and the wordlist used.
Run the internal module located at
modules/lazyown_burpfuzzer.py
with the specified
parameters.
The script will be executed with the following arguments:
--url
: The target URL for the fuzzer.--method
: The HTTP method to use (e.g., GET,
POST).--proxy_port
: The port for the proxy server.--headers
: Optional HTTP headers to include in the
request.--data
: Optional data to include in the request
body.--params
: Optional URL parameters to include in the
request.--json_data
: Optional JSON data to include in the
request body.-w
: Optional wordlist for fuzzing.-hc
: Optional hide code for fuzzing.The function performs the following steps:
url
, method
,
headers
, params
, data
,
json_data
, proxy_port
, wordlist
,
and hide_code
from self.params
.lazyown_burpfuzzer.py
script with the specified arguments.headers_file
, data_file
,
params_file
, json_data_file
) are
provided.run_command
method.:param url: The target URL for the fuzzer. Must be set in
self.params
. :type url: str :param method: The HTTP method
to use. Must be set in self.params
. :type method: str
:param headers: Optional HTTP headers. Must be set in
self.params
or provided via headers_file
.
:type headers: str :param params: Optional URL parameters. Must be set
in self.params
or provided via params_file
.
:type params: str :param data: Optional data for the request body. Must
be set in self.params
or provided via
data_file
. :type data: str :param json_data: Optional JSON
data for the request body. Must be set in self.params
or
provided via json_data_file
. :type json_data: str :param
proxy_port: The port for the proxy server. Must be set in
self.params
. :type proxy_port: int :param wordlist:
Optional wordlist for fuzzing. Must be set in self.params
.
:type wordlist: str :param hide_code: Optional code to hide. Must be set
in self.params
. :type hide_code: int :param headers_file:
Optional file containing headers. :type headers_file: str, optional
:param data_file: Optional file containing data. :type data_file: str,
optional :param params_file: Optional file containing parameters. :type
params_file: str, optional :param json_data_file: Optional file
containing JSON data. :type json_data_file: str, optional
:returns: None
Manual execution: 1. Ensure that url
,
method
, and proxy_port
are set in
self.params
. 2. Provide additional parameters as needed. 3.
Run the script modules/lazyown_burpfuzzer.py
with the
appropriate arguments.
Dependencies: - modules/lazyown_burpfuzzer.py
must be
present in the modules
directory and must be
executable.
Example: To run the fuzzer with URL http://example.com
,
HTTP method POST
, and proxy port 8080
, set:
self.params["url"] = "http://example.com"
self.params["method"] = "POST"
self.params["proxy_port"] = 8080
Then call:
run_lazyburpfuzzer()
Note: - Ensure that all required parameters are set before calling this function. - Parameters can also be provided via corresponding files.
Run the internal module located at
modules/lazyreverse_shell.sh
with the specified
parameters.
The script will be executed with the following arguments: -
--ip
: The IP address to use for the reverse shell. -
--puerto
: The port to use for the reverse shell.
The function performs the following steps:
rhost
(IP address) and
reverse_shell_port
(port) from
self.params
.rhost
and
reverse_shell_port
parameters are set.lazyreverse_shell.sh
script with the specified arguments.:param ip: The IP address to use for the reverse shell. Must be set
in self.params
. :type ip: str :param port: The port to use
for the reverse shell. Must be set in self.params
. :type
port: str
:returns: None
Manual execution: 1. Ensure that rhost
and
reverse_shell_port
are set in self.params
. 2.
Run the script modules/lazyreverse_shell.sh
with the
appropriate arguments.
Dependencies: - modules/lazyreverse_shell.sh
must be
present in the modules
directory and must be
executable.
Example: To set up a reverse shell with IP 192.168.1.100
and port 4444
, set:
self.params["rhost"] = "192.168.1.100"
self.params["reverse_shell_port"] = "4444"
Then call:
run_lazyreverse_shell()
Note: - Ensure that modules/lazyreverse_shell.sh
has the
necessary permissions to execute. - Parameters must be set before
calling this function.
Run the internal module located at
modules/lazyarpspoofing.py
with the specified
parameters.
The script will be executed with the following arguments: -
--device
: The network interface to use for ARP spoofing. -
lhost
: The local host IP address to spoof. -
rhost
: The remote host IP address to spoof.
The function performs the following steps:
lhost
, rhost
, and
device
from self.params
.lhost
, rhost
, and
device
parameters are set.lazyarpspoofing.py
script with the specified arguments.:param lhost: The local host IP address to spoof. Must be set in
self.params
. :type lhost: str :param rhost: The remote host
IP address to spoof. Must be set in self.params
. :type
rhost: str :param device: The network interface to use for ARP spoofing.
Must be set in self.params
. :type device: str
:returns: None
Manual execution: 1. Ensure that lhost
,
rhost
, and device
are set in
self.params
. 2. Run the script
modules/lazyarpspoofing.py
with the appropriate
arguments.
Dependencies: - modules/lazyarpspoofing.py
must be
present in the modules
directory and must be
executable.
Example: To execute ARP spoofing with local host
192.168.1.2
, remote host 192.168.1.1
, and
device eth0
, set:
self.params["lhost"] = "192.168.1.2"
self.params["rhost"] = "192.168.1.1"
self.params["device"] = "eth0"
Then call:
run_lazyarpspoofing()
Note: - Ensure that modules/lazyarpspoofing.py
has the
necessary permissions to execute. - Parameters must be set before
calling this function.
Run the internal module located at modules/lazyatack.sh
with the specified parameters.
The script will be executed with the following arguments: -
--modo
: The mode of the attack. - --ip
: The
target IP address. - --atacante
: The attacker IP
address.
The function performs the following steps:
mode
, rhost
, and
lhost
parameters are set.lazyatack.sh
script
with the specified arguments.:param mode: The mode in which the attack should be run. Must be set
in self.params
. :type mode: str :param target_ip: The IP
address of the target. Must be set in self.params
. :type
target_ip: str :param attacker_ip: The IP address of the attacker. Must
be set in self.params
. :type attacker_ip: str
:returns: None
Manual execution: 1. Ensure that mode
,
rhost
, and lhost
are set in
self.params
. 2. Run the script
modules/lazyatack.sh
with the appropriate arguments.
Dependencies: - modules/lazyatack.sh
must be present in
the modules
directory and must be executable.
Example: To execute the attack with mode scan
, target IP
192.168.1.100
, and attacker IP 192.168.1.1
,
set: self.params["mode"] = "scan"
self.params["rhost"] = "192.168.1.100"
self.params["lhost"] = "192.168.1.1"
Then call:
run_lazyattack()
Note: - Ensure that modules/lazyatack.sh
has the
necessary permissions to execute. - Parameters must be set before
calling this function.
Executes the msfvenom
tool to generate a variety of
payloads based on user input.
This function prompts the user to select a payload type from a
predefined list and runs the corresponding msfvenom
command
to create the desired payload. It handles tasks such as generating
different types of payloads for Linux, Windows, macOS, and Android
systems, including optional encoding with Shikata Ga Nai for C
payloads.
The generated payloads are moved to a sessions
directory, where appropriate permissions are set. Additionally, the
payloads can be compressed using UPX for space efficiency. If the
selected payload is an Android APK, the function will also sign the APK
and perform necessary post-processing steps.
:param line: Command line arguments for the script. :return: None
Creates a path hijacking attack by performing the following steps:
binary_name
to a temporary script
located at modules/tmp.sh
./tmp
with the name
specified by binary_name
./tmp
to the system’s PATH environment variable
to ensure the script is executed in preference to other binaries.The function then prints out each command being executed and a message indicating the binary name used for the path hijacking.
:param binary_name: The name of the binary to be used in the path
hijacking attack. It should be set in self.params
before
calling this method. :type binary_name: str
:returns: None
Manual execution: 1. Ensure that binary_name
is set in
self.params
. 2. Append the binary name to
modules/tmp.sh
. 3. Copy modules/tmp.sh
to
/tmp/{binary_name}
. 4. Set executable permissions on the
copied file. 5. Update the PATH environment variable to prioritize
/tmp
.
Dependencies: - The self.params
dictionary must contain
a valid binary_name
. - Ensure that
modules/tmp.sh
exists and contains appropriate content for
the attack.
Example: To execute the path hijacking attack with
binary_name
as malicious
, ensure
self.params["binary_name"]
is set to
"malicious"
, and then call:
run_lazypathhijacking()
Note: - The binary_name
parameter must be a string
representing the name of the binary to hijack. - The method modifies the
PATH environment variable, which may affect the execution of other
binaries.
Creates a path hijacking attack by performing the following steps:
binary_name
to a temporary script
located at modules/tmp.sh
./tmp
with the name
specified by binary_name
./tmp
to the system’s PATH environment variable
to ensure the script is executed in preference to other binaries.The function then prints out each command being executed and a message indicating the binary name used for the path hijacking.
:param binary_name: The name of the binary to be used in the path hijacking attack. :returns: None
Run a script with the given arguments
This method constructs and executes a command to run a Python script
with the specified arguments. It uses the run_command
method to execute the script and handle real-time output.
:param script_name: The name of the script to be executed. :type script_name: str :param args: The arguments to be passed to the script. :type args: tuple of str
:returns: None
Manual execution: 1. Build the command list with “python3”, the
script name, and the arguments. 2. Call run_command
with
the constructed command list.
Dependencies: - run_command
method for executing the
constructed command and streaming output.
Example: To execute a script named example.py
with
arguments arg1
and arg2
, call:
run_script("example.py", "arg1", "arg2")
Note: - The script_name
parameter should be a string
representing the name of the script. - The args
parameter
is a variable-length argument list containing the arguments to be passed
to the script. - Ensure that the script and arguments are properly
specified.
Run a command and print output in real-time
This method executes a given command using
subprocess.Popen
and streams both the standard output and
standard error to the console in real-time. The output from both streams
is appended to the self.output
attribute. If interrupted,
the process is terminated gracefully.
:param command: The command to be executed. :type command: str
:returns: None
Manual execution: 1. Execute the command specified by the
command
parameter. 2. Stream and print the command’s
standard output and error to the console in real-time. 3. Append all
output to the self.output
attribute. 4. Handle
KeyboardInterrupt
by terminating the process and printing
an error message.
Dependencies: - subprocess
module for running the
command and capturing output. - print_msg
function for
printing output to the console. - print_error
function for
printing error messages to the console.
Example: To execute a command, call
run_command("ls -l")
.
Note: - The command
parameter should be a string
representing the command to be executed. - self.output
must
be initialized before calling this method. - Ensure proper exception
handling to manage process interruptions.
Load parameters from a specified payload JSON file.
This function loads parameters from a JSON file specified by the
line
argument and updates the instance’s
params
dictionary with the values from the file. If the
file does not exist or contains invalid JSON, it will print an
appropriate error message.
Usage: payload
:param line: The name of the JSON file to load. :type line: str
:returns: None
Manual execution: 1. Open and read the specified JSON file. 2. Update
the params
dictionary with values from the JSON file. 3.
Print a success message if the parameters were successfully loaded. 4.
Handle FileNotFoundError
if the file does not exist. 5.
Handle JSONDecodeError
if there is an error decoding the
JSON file.
Dependencies: - json
module for reading and parsing the
JSON file.
Example: To execute the function, call
payload payload_10.10.10.10.json
.
Note: - Ensure that the specified JSON file exists in the current directory and is properly formatted. - The confirmation message includes color formatting for better visibility.
Exit the command line interface.
This function prompts the user to confirm whether they want to exit the command line interface. If confirmed, it will terminate the program. Otherwise, it will cancel the exit.
Usage: exit
:param arg: This parameter is not used in this function. :type arg: str
:returns: None
Manual execution: 1. Prompt the user with a confirmation message to exit the CLI. 2. If the user confirms with ‘s’, print a message and exit the program. 3. If the user provides any other input, print a cancellation message and remain in the CLI.
Dependencies: - sys.exit
function for exiting the
program.
Example: To execute the function, simply call exit
.
Note: - The confirmation prompt is in Spanish. - Ensure that
sys
is imported in your script.
Fix permissions for LazyOwn shell scripts.
This function adjusts the file permissions for shell scripts and CGI
scripts in the modules
directory, making them
executable.
Usage: fixperm
:param line: This parameter is not used in this function. :type line: str
:returns: None
Manual execution: 1. Change the permissions of all shell scripts in
the modules
directory to be executable. 2. Change the
permissions of all files in the modules/cgi-bin
directory
to be executable.
Dependencies: - chmod
command must be available on the
system.
Example: To execute the function, simply call
fixperm
.
Note: - Ensure you have the necessary permissions to modify file permissions.
Run LazyOwn webshell server.
This function starts a web server that serves the
lazywebshell.py
script from the modules
directory on port 8888. The server is run in the background.
Usage: lazywebshell
:param line: This parameter is not used in this function. :type line: str
:returns: None
Manual execution: 1. Start a Python HTTP server with CGI support on
port 8888. 2. The server serves files from the modules
directory.
Dependencies: - Python 3.x must be installed on the system. - The
http.server
module should be available.
Example: To execute the function, simply call
lazywebshell
.
Note: - The server runs in the background, and the output will not be displayed in the terminal.
Retrieve and display file capabilities on the system.
This function uses the getcap
command to recursively
list capabilities for files starting from the root directory
(/
). The output is filtered to suppress error messages.
Usage: getcap
:param line: This parameter is not used in this function. :type line: str
:returns: None
Manual execution: 1. Run the getcap -r /
command to list
file capabilities recursively from the root directory. 2. Redirect
standard error to /dev/null
to suppress error messages. 3.
Copy to clipboard the command to appy in the victim machine.
Dependencies: - getcap
must be installed on the system.
Example: To execute the function, simply call
do_getcap
.
Note: - The command may require elevated permissions to access certain directories and files.
Get the SecLists wordlist from GitHub.
This function downloads and extracts the SecLists wordlist from
GitHub to the /usr/share/wordlists/
directory.
Usage: getseclist
:param line: This parameter is not used in this function. :type line: str
:returns: None
Manual execution: 1. Navigate to the
/usr/share/wordlists/
directory. 2. Download the SecLists
repository using wget
. 3. Extract the downloaded ZIP file.
4. Remove the ZIP file after extraction.
Dependencies: - wget
must be installed on the system. -
unzip
must be installed on the system. - sudo
must be available for downloading and extracting files.
Example: To execute the function, simply call
getseclist
.
Note: - Ensure that you have the necessary permissions to write to
the /usr/share/wordlists/
directory. - If wget
or unzip
is not installed, the function will fail.
Interacts with SMB shares using the smbclient
command to
perform the following operations:
rhost
(remote host) and lhost
(local host) are set; if not, an error message is displayed.line
(share name) is provided:smbclient -N \\{rhost}\{line}
line
is not provided:smbclient -N -L \\{rhost}
mount -t cifs "//{lhost}/share" /mnt/smb
:param line: The name of the SMB share to access on the remote host. If not provided, the function will list all available shares. :returns: None
smbmap -H 10.10.10.3 [OPTIONS] Uses the smbmap
tool to
interact with SMB shares on a remote host:
rhost
(remote host) and lhost
(local host) are set; if not, an error message is displayed.line
(share name or options) is provided:deefbeef
using the command:
smbmap -H {rhost} -u 'deefbeef'
line
is provided:smbmap
with the specified options or share
name using the command: smbmap -H {rhost} -R {line}
mount -t cifs "//{lhost}/documents" /mnt/smb
:param line: Options or share name to use with smbmap
.
If not provided, uses a default user to list shares. :returns: None
sudo impacket-GetNPUsers mist.htb/ -no-pass -usersfile
sessions/users.txt Executes the impacket-GetNPUsers
command
to enumerate users with Kerberos pre-authentication disabled.
line
(domain) argument is provided; if
not, an error message is displayed, instructing the user to provide a
domain.impacket-GetNPUsers
with the following
options:-no-pass
: Skips password prompt.-usersfile sessions/users.txt
: Specifies the file
containing the list of users to check.:param line: The domain to query. Must be provided in the format
domain.com
. Example usage:
getnpusers domain.com
:returns: None
Manual execution: To manually run this command, use the following
syntax: sudo impacket-GetNPUsers <domain>
with the actual
domain name you want to query.
Copies the rhost
IP address to the clipboard and updates
the prompt with the IP address.
rhost
IP address from the
self.params
parameter.rhost
is valid using
check_rhost()
. If invalid, the function returns without
making changes.line
is ‘clean’, resets the custom prompt to its
original state.rhost
IP
address in the specified format.rhost
IP address to the clipboard using
xclip
.:param line: This parameter determines whether the prompt should be reset or updated with the IP address. :type line: str :returns: None
Manual execution: To manually run this command, use the following
syntax: rhost <line>
with ‘clean’ to
reset the prompt, or any other string to update the prompt with the IP
address.
Executes the rpcdump.py
script to dump RPC services from
a target host.
rhost
parameter.rhost
parameter is valid using
check_rhost()
. If invalid, the function returns early.rpcdump.py
script on port 135 and 593 to
gather RPC service information from the target host.:param line: This parameter is not used in this command but is included for consistency with other methods. :returns: None
Manual execution: To manually run this command, use the following
syntax: rpcdump.py -p 135 <target_host>
with the IP address or hostname
of the target machine.
Executes the dig
command to query DNS information.
line
parameter and
the target host from the rhost
parameter.rhost
is not provided, an
error message is printed.dig
command to query the version of the
DNS server and additional records.:param line: DNS server IP or hostname. Must be provided for the
dig
command. :param rhost: Target host for additional
dig
queries.
:returns: None
Manual execution: To manually run these commands, use the following
syntax: dig version.bind CHAOS TXT @
Replace <dns_server>
with the IP address or
hostname of the DNS server, <domain>
with the target
domain, and <rhost>
with the IP address or hostname
of the target machine.
Copies a file from the ExploitDB directory to the sessions directory.
line
parameter.sessions
directory in the current working directory.:param line: The relative path to the file within the ExploitDB
directory. For example, java/remote/51884.py
. :param
exploitdb: The path to the ExploitDB directory. This must be set in
advance or provided directly.
:returns: None
Manual execution: To manually copy files, use the following syntax:
cp
Replace <exploitdb_path>
with the path to your
ExploitDB directory, <file_path>
with the relative
path to the file, and <destination_path>
with the
path where you want to copy the file.
For example: cp /usr/share/exploitdb/exploits/java/remote/51884.py /path/to/sessions/
Performs DNS enumeration using dnsenum
to identify
subdomains for a given domain.
dnsenum
command with parameters to specify
the DNS server, output file, and wordlist for enumeration.:param line: The target domain to perform DNS enumeration on, e.g.,
ghost.htb
. :param rhost: The DNS server to use for
enumeration, e.g., 10.10.11.24
. :param dnswordlist: The
path to the DNS wordlist file used for subdomain discovery.
:returns: None
Manual execution: To manually perform DNS enumeration, use the
following command: dnsenum –dnsserver
Replace <dns_server>
with the DNS server IP,
<output_file>
with the file path to save the results,
<dns_wordlist>
with the path to your DNS wordlist
file, and <target_domain>
with the domain to be
enumerated.
For example: dnsenum –dnsserver 10.10.11.24 –enum -p 0 -s 0 -o sessions/subdomains.txt -f /path/to/dnswordlist.txt ghost.htb
Performs DNS enumeration using dnsmap
to discover
subdomains for a specified domain.
dnsmap
command to scan the given domain
with a specified wordlist.:param line: The target domain to perform DNS enumeration on, e.g.,
ghost.htb
. :param dnswordlist: The path to the wordlist
file used for DNS enumeration.
:returns: None
Manual execution: To manually perform DNS enumeration, use the
following command: dnsmap
Replace <target_domain>
with the domain you want
to scan and <dns_wordlist>
with the path to your DNS
wordlist file.
For example: dnsmap ghost.htb -w /path/to/dnswordlist.txt
Performs a web technology fingerprinting scan using
whatweb
.
whatweb
command to identify technologies
used by the target web application.:param line: This parameter is not used in the current implementation
but could be used to pass additional options or arguments if needed.
:param rhost: The target web host to be scanned, specified in the
params
dictionary.
:returns: None
Manual execution: To manually perform web technology fingerprinting,
use the following command: whatweb
Replace <target_host>
with the URL or IP address
of the web application you want to scan.
For example: whatweb example.com
Performs enumeration of information from a target Linux/Unix system
using enum4linux
.
enum4linux
command with the
-a
option to gather extensive information from the
specified target.:param line: This parameter is not used in the current implementation
but could be used to pass additional options or arguments if needed.
:param rhost: The target host for enumeration, specified in the
params
dictionary.
:returns: None
Manual execution: To manually enumerate information from a Linux/Unix
system, use the following command: enum4linux -a
Replace <target_host>
with the IP address or
hostname of the target system.
For example: enum4linux -a 192.168.1.10
Performs network scanning using nbtscan
to discover
NetBIOS names and addresses in a specified range.
nbtscan
command with the -r
option to scan the specified range of IP addresses for NetBIOS
information.:param line: This parameter is not used in the current implementation
but could be used to specify additional options or arguments if needed.
:param rhost: The target network range for scanning, specified in the
params
dictionary.
:returns: None
Manual execution: To manually perform a NetBIOS scan across a network
range, use the following command: sudo nbtscan -r
Replace <network_range>
with the IP address range
you want to scan. For example: sudo nbtscan -r 192.168.1.0/24
Executes the rpcclient
command to interact with a remote
Windows system over RPC (Remote Procedure Call) using anonymous
credentials.
rpcclient
with the -U ''
(empty
username) and -N
(no password) options to connect to the
target host specified by rhost
.:param line: This parameter is not used in the current implementation
but could be used to specify additional options or arguments if needed.
:param rhost: The IP address of the remote host to connect to, specified
in the params
dictionary.
:returns: None
Manual execution: To manually interact with a remote Windows system
using RPC, use the following command: rpcclient -U ’’ -N
Replace <target_ip>
with the IP address of the
target system. For example: rpcclient -U ’’ -N 10.10.10.10
Runs the nikto
tool to perform a web server
vulnerability scan against the specified target host.
nikto
with the -h
option to
specify the target host IP address.nikto
if it is not already installed.:param line: This parameter is not used in the current implementation
but could be used to specify additional options or arguments if needed.
:param rhost: The IP address of the target web server, specified in the
params
dictionary.
:returns: None
Manual execution: To manually perform a web server vulnerability scan
using nikto
, use the following command: nikto -h
Replace <target_ip>
with the IP address of the
target web server. For example: nikto -h 10.10.10.10
Runs the finalrecon
tool to perform a web server
vulnerability scan against the specified target host.
finalrecon
with the -h
option to
specify the target host IP address.:param line: This parameter is not used in the current implementation
but could be used to specify additional options or arguments if needed.
:param rhost: The IP address of the target web server, specified in the
params
dictionary.
:returns: None
Manual execution: To manually perform a web server vulnerability scan
using finalrecon
, use the following command: finalrecon
–url=http://
Replace <target_ip>
with the IP address of the
target web server. For example: finalrecon –url=http://192.168.1.92
–full -o txt -cd /home/gris/finalrecon
Uses openssl s_client
to connect to a specified host and
port, allowing for testing and debugging of SSL/TLS connections.
:param line: The port number to connect to on the target host. This
must be provided as an argument. :param rhost: The IP address or
hostname of the target server, specified in the params
dictionary.
:returns: None
Manual execution: To manually connect to a server using
openssl s_client
and test SSL/TLS, use the following
command: openssl s_client -connect
Replace <target_ip>
with the IP address or
hostname of the target server and <port>
with the
port number. For example: openssl s_client -connect 10.10.10.10:443
Uses searchsploit
to search for exploits in the Exploit
Database based on the provided search term.
:param line: The search term or query to find relevant exploits. This must be provided as an argument.
:returns: None
Manual execution: To manually search for exploits using
searchsploit
, use the following command: searchsploit
Replace <search_term>
with the term or keyword you
want to search for. For example: searchsploit kernel
Uses wfuzz
to perform fuzzing based on provided
parameters. This function supports various options for directory and
file fuzzing.
:param line: The options and arguments for wfuzz
. The
line
parameter can include the following: -
sub <domain>
: Fuzz DNS subdomains. Requires
dnswordlist
to be set. - iis
: Fuzz IIS
directories. Uses a default wordlist if iiswordlist
is not
set. - Any other argument: General directory and file fuzzing.
:returns: None
Manual execution: To manually use wfuzz
for directory
and file fuzzing, use the following commands:
Example: wfuzz -c –hl=7 -t 200 -w /path/to/dnswordlist -H ‘Host: FUZZ.example.com’ example.com
Example: wfuzz -c –hl=7 -t 200 -w /usr/share/wordlists/SecLists-master/Discovery/Web-Content/IIS.fuzz.txt http://10.10.10.10/FUZZ
Example: wfuzz -c –hl=7 -t 200 -w /path/to/dirwordlist http://10.10.10.10/FUZZ
Searches for packages on Launchpad based on the provided search term and extracts codenames from the results. The distribution is extracted from the search term.
:param line: The search term to be used for querying Launchpad. The
line
parameter should be a string containing the search
term, e.g., “8.2p1 Ubuntu 4ubuntu0.11”.
:returns: None
Manual execution: To manually execute the equivalent command, use the following steps:
%20
to form the encoded search
query.curl
to perform the search and filter results: curl
-s “https://launchpad.net/+search?field.text=Example: If the search term is “8.2p1 Ubuntu 4ubuntu0.11”, the command would be: curl -s “https://launchpad.net/+search?field.text=8.2p1%20Ubuntu%204ubuntu0.11” | grep ‘href’ | grep ‘ubuntu’ | grep -oP ‘(?<=href=“https://launchpad.net/ubuntu/)[^/"]+’ | sort -u
Notes: - Ensure that curl
is installed and accessible in
your environment. - The extracted codenames are printed to the
console.
Uses gobuster
for directory and virtual host fuzzing
based on provided parameters. Supports directory enumeration and virtual
host discovery.
:param line: The options and arguments for gobuster
. The
line
parameter can include the following: -
url
: Perform directory fuzzing on a specified URL. Requires
url
and dirwordlist
to be set. -
vhost
: Perform virtual host discovery on a specified URL.
Requires url
and dirwordlist
to be set. - Any
other argument: General directory fuzzing with additional
parameters.
:returns: None
Manual execution: To manually use gobuster
, use the
following commands:
Example: gobuster dir –url http://example.com/ –wordlist /path/to/dirwordlist
Example: gobuster vhost –append-domain -u http://example.com -w /path/to/dirwordlist –random-agent -t 600
Example: gobuster dir –url http://10.10.10.10/ –wordlist /path/to/dirwordlist -x .php,.html
Adds an entry to the /etc/hosts
file, mapping an IP
address to a domain name.
:param line: The domain name to be added to the
/etc/hosts
file. - Example: permx.htb
:returns: None
Manual execution: To manually add a domain to the
/etc/hosts
file, use the following command:
sudo sh -c -e "echo '<rhost> <domain>' >> /etc/hosts"
Example: sudo sh -c -e “echo ‘10.10.11.23 permx.htb’ >> /etc/hosts”
This command appends the IP address and domain name to the
/etc/hosts
file, enabling local resolution of the
domain.
Performs an SMB enumeration using crackmapexec
.
:param line: Not used in this function.
:returns: None
Manual execution: To manually run crackmapexec
for SMB
enumeration, use the following command:
crackmapexec smb <target>
Example: crackmapexec smb 10.10.11.24
This command will enumerate SMB shares and perform basic SMB checks against the specified target IP address.
Dumps LDAP information using ldapdomaindump
with
credentials from a file.
:param line: The domain to use for authentication (e.g., ‘domain.local’).
:returns: None
Manual execution: To manually run ldapdomaindump
for
LDAP enumeration, use the following command:
ldapdomaindump -u '<domain>\<username>' -p '<password>' <target>
Example: ldapdomaindump -u ‘domain.local’ -p ‘passadmin123’ 10.10.11.23
Ensure you have a file sessions/credentials.txt
in the
format user:password
, where each line contains credentials
for the LDAP enumeration.
Perform LDAP enumeration using bloodhound-python with credentials from a file.
:param line: This parameter is not used in the function but could be used for additional options or domain information.
:returns: None
Manual execution: To manually run bloodhound-python
for
LDAP enumeration, use the following command:
bloodhound-python -c All -u '<username>' -p '<password>' -ns <target>
Example: bloodhound-python -c All -u ‘usuario’ -p ‘password’ -ns 10.10.10.10
Ensure you have a file sessions/credentials.txt
with the
format user:password
, where each line contains credentials
for enumeration.
Perform a ping to check host availability and infer the operating system based on TTL values.
:param line: This parameter is not used in the function but could be used for additional options or settings.
:returns: None
Manual execution: To manually ping a host and determine its operating system, use the following command:
ping -c 1 <target>
Example: ping -c 1 10.10.10.10
The TTL (Time To Live) value is used to infer the operating system: - TTL values around 64 typically indicate a Linux system. - TTL values around 128 typically indicate a Windows system.
Ensure you have set rhost
to the target host for the
command to work.
Try gospider for web spidering.
This function executes the gospider
tool to perform web
spidering. It can either use a URL provided as a parameter or the remote
host defined in self.params
.
Usage: gospider url gospider
:param line: Command parameter that determines the execution mode. Use “url” to specify a URL, or leave empty to use the remote host. :type line: str
line
is “url”, the method uses the URL specified in
self.params["url"]
.line
is not “url”, the method uses the remote host
specified in self.params["rhost"]
.:returns: None
Manual execution: 1. Ensure that the gospider
tool is
installed on the system. 2. Set the url
parameter if using
the “url” mode. 3. Run the method to perform the spidering
operation.
Dependencies: - gospider
must be installed on the
system. - The sudo
command must be available for installing
gospider
.
Examples: 1. To scan a specific URL: gospider url
2. To
scan the remote host: gospider
Note: - If gospider
is not installed, the method will
attempt to install it. - Ensure that the network and tools are
configured correctly for successful execution.
Executes an ARP scan using arp-scan
.
This function performs an ARP scan on the local network using the
arp-scan
tool. The network device to be used for scanning
must be specified.
Usage: arpscan
:param line: Command parameters (not used in this function). :type line: str
arp-scan
command with the specified
network device.:returns: None
Manual execution: 1. Ensure that the network device is set using the appropriate parameter. 2. Run the method to perform an ARP scan.
Dependencies: - arp-scan
must be installed on the
system. - The sudo
command must be available for executing
arp-scan
.
Examples: 1. Set the device parameter using
set device <network_device>
. 2. Run
arpscan
to perform the ARP scan.
Note: - The network device must be configured and available on the
system for the scan to work. - Ensure that arp-scan
is
installed and accessible from the command line.
Executes the LazyPwn script.
This function runs the lazypwn.py
script located in the
modules
directory. The script is typically used for
automated exploitation or security testing tasks within the LazyOwn
framework.
Usage: lazypwn
:param line: Command parameters (not used in this function). :type line: str
lazypwn.py
script with Python 3.:returns: None
Manual execution: 1. Run the method to execute the LazyPwn script.
Dependencies: - The lazypwn.py
script must be present in
the modules
directory. - Python 3 must be installed and
accessible from the command line.
Examples: 1. Run do_lazypwn
to execute the LazyPwn
script.
Note: - Ensure that lazypwn.py
is configured correctly
before running this method. - The script’s functionality depends on its
implementation in modules/lazypwn.py
.
Fixes file permissions and line endings in the project directories.
This function converts line endings from DOS/Windows format to Unix format for all files in the project directories. This helps to ensure consistent line endings and can prevent issues related to file format mismatches.
Usage: fixel
:param line: Command parameters (not used in this function). :type line: str
:returns: None
Manual execution: 1. Run the method to fix line endings in the specified directories.
Dependencies: - The dos2unix
command must be installed
and accessible from the command line.
Examples: 1. Run do_fixel
to convert line endings for
all files in the project directories.
Note: - This method only fixes line endings and does not modify file
permissions. - Ensure that the dos2unix
command is
installed and functioning correctly.
Sets up an SMB server using Impacket and creates an SCF file for SMB share access.
This function configures an SMB server to serve files from the
sessions
directory and generates an SCF file that points to
the SMB share. The SCF file can be used to create a shortcut to the SMB
share on a Windows system.
Usage: smbserver
:param line: Command parameters (not used in this function). :type line: str
lhost
is valid using the
check_lhost
function.sessions/file.scf
) with
configuration to access the SMB share.sessions
directory.:returns: None
Manual execution: 1. Ensure lhost
is set to a valid IP
address or hostname. 2. Run the method to create the SCF file and start
the SMB server. 3. Use the copied curl command to download the SCF file
on the target system. 4. Ensure that impacket-smbserver
is
installed and accessible from the command line.
Dependencies: - The impacket-smbserver
tool must be
installed and accessible from the command line. - The
check_lhost
function must validate the lhost
parameter.
Examples: 1. Run do_smbserver
to set up the SMB server
and generate the SCF file. 2. Use the provided curl command to download
the SCF file on the target system.
Note: - The SCF file is used to create a shortcut to the SMB share
and should be accessible from the target system. - Ensure that the
lhost
parameter is correctly set and that the SMB server is
properly configured.
Uses sqlmap to perform SQL injection testing on a given URL or request file (you can get one with burpsuit or proxy command and foxyproxy plugin for browser).
This function allows the execution of sqlmap commands with various options, including testing URL endpoints, reading from request files, and using sqlmap’s wizard mode for easy configuration.
Usage: sqlmap req