added xploit payloads, move things to util folder, tool needs alot of work, scanner cleaned up, bunch of database features

2025-02-16 02:01:53 +01:00
parent f62fd19482
commit 0f35791e01
18 changed files with 599 additions and 59 deletions
--- a/scanner/scanner.src
+++ b/scanner/scanner.src
@@ -1,43 +1,8 @@
-// name import Database/functions
+// import Database/functions
+// comment out if importing
 import_code("/dev/scanner/libbindb.src")
 import_code("/dev/scanner/database.src")
-
-myDB = database()
-
-if params.len == 0 then exit("<b>Usage: </b>scanner [IP/WEB_Address]")
-
-
-// import metaexploit from /lib or current folder
-metaxploit = include_lib("/lib/metaxploit.so")
-if not metaxploit then
-    metaxploit = include_lib(current_path + "/metaxploit.so")
-end if
-if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")
-
-// convert argv for easier readability
-target_ip = params[0]
-
-if not is_valid_ip(target_ip) then 
-    target_ip = nslookup(target_ip)
-    if not is_valid_ip(target_ip) then exit("<b>Usage: </b>scanner [IP/WEB_Address]") 
-end if
-
-// fetch router object en configured ports
-target_router = get_router(target_ip)
-target_ports = target_router.used_ports
-
-// print details of router and configured ports
-// TODO: Add port status
-// TODO: Add deepscan for connected devices
-column = "<b>Number Type Version IP</b>"
-	column = column + "\n" + "0" + " " + "kernel_router" + " " + target_router.kernel_version + " " + target_router.local_ip
-for port in target_ports
-	column = column + "\n" + port.port_number + " " + target_router.port_info(port) + " " + port.get_lan_ip
-end for
-
-print("\nIP Address : " + target_ip)
-print(format_columns(column))
-
+import_code("/dev/scanner/util_import.src")

 // Trying to figure out what privileges the connected user has by checking what permissions are avaiable on commen files.
 // TODO: Needs confirming, initial tests seem correct. 
@@ -48,8 +13,15 @@ checkPrivilege = function(result)
        file = result.File("/lib/init.so")
        if( file.has_permission("w") != 0) then return "Root"
        //check user
-        file = result.File("/etc/passwd")
-        if( file.has_permission("w")) then return "User"
+        homeFolders = result.File("/home")
+        homeFolders = homeFolders.get_folders
+        if(len(homeFolders) <= 1) then return "Guest"
+        for folder in homeFolders
+            file = result.File("/home/" + folder.name + "/Config/Mail.txt")
+            if(file) then
+                if(file.has_permission("w")) then return "User"
+            end if
+        end for
    
        return "Guest"
    end if
@@ -60,10 +32,11 @@ end function
 // scan port on IP address. Set optional local ip address for extra kernel_router exploits and a password for pass change exploits
 // TODO: figure out how to get proper feedback from firewall exploits and pass change exploits.
 // TODO: figure out how to get requirments for exploits.
-scanPort = function(ip, port, optional)
+scanPort = function(ip, port, optional, metaxploit)
    net_session = metaxploit.net_use(ip,port)
    
    lib = net_session.dump_lib
+    print(lib.lib_name)
    memList = metaxploit.scan(lib)
    for address in memList
        keys = metaxploit.scan_address(lib,address)
@@ -77,22 +50,40 @@ scanPort = function(ip, port, optional)
            result = lib.overflow(address,key,optional)
            if (typeof(result) != "null") then 
                print(typeof(result))
-                insertVuln(lib.lib_name,lib.version,address,key,"",typeof(result),checkPrivilege(result))
+                insertVuln(lib.lib_name,lib.version,address,key,typeof(result),checkPrivilege(result))
            end if
-            print("\n")
        end for
    end for
 end function

+scanner = function(target_ip)
+	
+	
+    metaxploit = mxploit()

+    target_ip = webToIp(target_ip)
+    if(target_ip == 1) then exit("Invalid IP")

-// DO ALL THE THINGS. needs cleaning
-scanPort(target_ip, 0, target_router.local_ip)
-for port in target_ports
+    // fetch router object and configured ports
+    target_router = get_router(target_ip)
+    target_ports = target_router.used_ports

-    if(port.is_closed != 1) then
-        scanPort(target_ip, port.port_number, "dave")
-    else
-        print(port.port_number + " is Closed.")
-    end if
-end for
+    // DO ALL THE THINGS. needs cleaning
+    scanPort(target_ip, 0, target_router.local_ip, metaxploit)
+    for port in target_ports
+        if(port.is_closed != 1) then
+            scanPort(target_ip, port.port_number, "dave", metaxploit)
+        else
+            print(port.port_number + " is Closed.")
+        end if
+    end for
+
+    nmap(target_ip, true)
+
+end function
+
+//comment out if using as import
+
+if params.len == 0 then exit("<b>Usage: </b>scanner [IP/WEB_Address]")
+myDB = database()
+scanner(params[0])