From b1ba40d8c89f524e566127a8c7017e6aeda2df13 Mon Sep 17 00:00:00 2001
From: Jordan ERNST <pro.ernst@gmail.com>
Date: Wed, 20 Apr 2022 16:47:01 +0200
Subject: [PATCH] Sync releases, use tokens, rearrange config.

---
 .gitignore     |   2 +
 README.md      |  11 ++++-
 config.json    |  53 ++++++++++++-----------
 pendora-box.py | 111 ++++++++++++++++++++++++++++++++++++-------------
 4 files changed, 121 insertions(+), 56 deletions(-)

diff --git a/.gitignore b/.gitignore
index 19ca352..92c2c96 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 files/*
 !files/.gitkeep
+
+credz.json
\ No newline at end of file
diff --git a/README.md b/README.md
index 0753f0b..d68b506 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ This too has several functions:
 
 ## To-Do
 
-* Keeping up-to-date from Github releases
+* Only update once per day, except if `-u` `--update`
 * Adding more services to listen to ?
 
 ## Dependencies
@@ -16,6 +16,15 @@ This too has several functions:
 
 ## Usage
 
+[Create a Github personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token), and create the file `credz.json`:
+
+```json
+{
+    "username": "DwightSchrute",
+    "token": "ghp_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+}
+```
+
 `python pendora-box.py`
 
 ## Adding a file to track
diff --git a/config.json b/config.json
index ceb8103..13afaae 100644
--- a/config.json
+++ b/config.json
@@ -1,31 +1,30 @@
 {
-    "githubfilesync": [
-        {
-            "samratashok/nishang": [
-                "Shells/Invoke-PowerShellTcp.ps1",
-                "Shells/Invoke-PowerShellTcpOneLine.ps1"
-            ]
-        },
-        {
-            "samratashok/nishang": [
-                "Shells/Invoke-PowerShellTcp.ps1",
-                "Shells/Invoke-PowerShellTcpOneLine.ps1"
-            ]
-        },
-        {
-            "antonioCoco/ConPtyShell": [
-                "Invoke-ConPtyShell.ps1"
-            ]
-        },
-        {
-            "ly4k/PwnKit": [
-                "PwnKit"
-            ]
-        },
-        {
-            "Re4son/Churrasco": [
-                "churrasco.exe"
+    "githubmastersync": {
+        "samratashok/nishang": [
+            "Shells/Invoke-PowerShellTcp.ps1",
+            "Shells/Invoke-PowerShellTcpOneLine.ps1"
+        ],
+        "antonioCoco/ConPtyShell": [
+            "Invoke-ConPtyShell.ps1"
+        ],
+        "ly4k/PwnKit": [
+            "PwnKit"
+        ],
+        "Re4son/Churrasco": [
+            "churrasco.exe"
+        ],
+        "SecWiki/windows-kernel-exploits": [
+            "MS11-046/ms11-046.exe"
+        ]
+    },
+    "githubreleasesync": {
+        "carlospolop/PEASS-ng": {
+            "local_version": "20220417",
+            "files": [
+                "linpeas.sh",
+                "winPEAS.bat",
+                "winPEASany.exe"
             ]
         }
-    ]
+    }
 }
\ No newline at end of file
diff --git a/pendora-box.py b/pendora-box.py
index 67c2d29..e94c05b 100644
--- a/pendora-box.py
+++ b/pendora-box.py
@@ -16,43 +16,94 @@ def compute_file_hash(filepath):
     return hashlib.sha1(b"blob " + bytes(str(filesize), 'utf-8') + b"\0" + data).hexdigest()
 
 
-def get_info(repo, filepath):
+def get_master_info(repo, filepath, credz):
     url = f"https://api.github.com/repos/{repo}/contents/{filepath}"
-    r = requests.get(url)
+    r = requests.get(url, auth=credz)
     sha = r.json()['sha']
     content = r.json()['content']
     return sha, content
 
 
-def update():
-    with open("config.json", "r") as jsonfile:
-        config = json.load(jsonfile)
+def get_last_release_info(repo, credz):
+    url = f"https://api.github.com/repos/{repo}/releases"
+    r = requests.get(url, auth=credz)
+    for release in r.json():
+        if not release['draft'] and not release['prerelease']:
+            return release['tag_name']
 
+
+def githubmastersync(reponame, filepaths, credz):
+    for filepath in filepaths:
+        localfile = pathlib.Path('files').joinpath(pathlib.Path(filepath).name)
+        print(f"  * {localfile} ", end='')
+        lastsha, content = get_master_info(reponame, filepath, credz)
+
+        if not localfile.exists():
+            content = base64.b64decode(content)
+            with open(localfile, 'wb') as f:
+                f.write(content)
+            print('-> Installed! ;)')
+
+        else:
+            sha = compute_file_hash(localfile)
+
+            if sha == lastsha:
+                print('-> Up-to-date.')
+            else:
+                content = base64.b64decode(content)
+                with open(localfile, 'wb') as f:
+                    f.write(content)
+                print('-> Updated!')
+
+
+def githubreleasesync(reponame, repoinfo, credz):
+    local_version = repoinfo['local_version']
+    last_version = get_last_release_info(reponame, credz)
+
+    filenames = repoinfo['files']
+
+    for filename in filenames:
+        localfile = pathlib.Path('files').joinpath(pathlib.Path(filename).name)
+        urldl = f'https://github.com/{reponame}/releases/download/{last_version}/{filename}'
+        print(f"  * {localfile} ", end='')
+
+        if not localfile.exists():
+            content = requests.get(urldl, auth=credz).content
+            with open(localfile, 'wb') as f:
+                f.write(content)
+
+            print('-> Installed! ;)')
+        else:
+            if local_version == last_version:
+                print('-> Up-to-date.')
+
+            else:
+                content = requests.get(urldl, auth=credz).content
+                with open(localfile, 'wb') as f:
+                    f.write(content)
+
+                with open("config.json", "r") as jsonfile:
+                    data = json.load(jsonfile)
+
+                data['githubreleasesync'][reponame]['local_version'] = last_version
+
+                with open("config.json", "w") as jsonfile:
+                    json.dump(data, jsonfile, indent=4)
+
+                print('-> Updated!')
+
+
+def update(config):
     print("Updating...")
+    with open("credz.json", "r") as jsonfile:
+        credz = json.load(jsonfile)
+    credz = (credz['username'], credz['token'])
 
-    for repo in config['githubfilesync']:
-        for reponame, value in repo.items():
-            for filepath in value:
-                localfile = pathlib.Path('files').joinpath(pathlib.Path(filepath).name)
-                print(f"  * {localfile} ", end='')
-                lastsha, content = get_info(reponame, filepath)
+    for reponame, filepaths in config['githubmastersync'].items():
+        githubmastersync(reponame, filepaths, credz)
 
-                if not localfile.exists():
-                    content = base64.b64decode(content)
-                    with open(localfile, 'wb') as f:
-                        f.write(content)
-                    print('-> Installed! ;)')
-
-                else:
-                    sha = compute_file_hash(localfile)
-
-                    if sha == lastsha:
-                        print('-> Up-to-date.')
-                    else:
-                        content = base64.b64decode(content)
-                        with open(localfile, 'wb') as f:
-                            f.write(content)
-                        print('-> Updated!')
+    for reponame, repoinfo in config['githubreleasesync'].items():
+        githubreleasesync(reponame, repoinfo, credz)
 
 
 def print_menu(menu_options):
@@ -166,10 +217,14 @@ def menu_choice(menu_options):
 
 
 if __name__ == '__main__':
+    with open("config.json", "r") as jsonfile:
+        config = json.load(jsonfile)
+
+    update(config)
+
     menu_options = {
         1: 'HTTP',
         2: 'SMB',
         0: 'Exit',
     }
-    update()
     menu_choice(menu_options)