SecT0uch
/
pendora-box
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sync releases, use tokens, rearrange config.

This commit is contained in:
Jordan ERNST 2022-04-20 16:47:01 +02:00
parent 2ad6c75ef8
commit b1ba40d8c8
4 changed files with 121 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,4 @@
files/* files/*
!files/.gitkeep !files/.gitkeep
credz.json

11
README.md
View File

@ -6,7 +6,7 @@ This too has several functions:
## To-Do ## To-Do
* Keeping up-to-date from Github releases * Only update once per day, except if `-u` `--update`
* Adding more services to listen to ? * Adding more services to listen to ?
## Dependencies ## Dependencies
@ -16,6 +16,15 @@ This too has several functions:
## Usage ## Usage
[Create a Github personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token), and create the file `credz.json`:
```json
{
"username": "DwightSchrute",
"token": "ghp_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
```
`python pendora-box.py` `python pendora-box.py`
## Adding a file to track ## Adding a file to track

53
config.json
View File

@ -1,31 +1,30 @@
{ {
"githubfilesync": [ "githubmastersync": {
{ "samratashok/nishang": [
"samratashok/nishang": [ "Shells/Invoke-PowerShellTcp.ps1",
"Shells/Invoke-PowerShellTcp.ps1", "Shells/Invoke-PowerShellTcpOneLine.ps1"
"Shells/Invoke-PowerShellTcpOneLine.ps1" ],
] "antonioCoco/ConPtyShell": [
}, "Invoke-ConPtyShell.ps1"
{ ],
"samratashok/nishang": [ "ly4k/PwnKit": [
"Shells/Invoke-PowerShellTcp.ps1", "PwnKit"
"Shells/Invoke-PowerShellTcpOneLine.ps1" ],
] "Re4son/Churrasco": [
}, "churrasco.exe"
{ ],
"antonioCoco/ConPtyShell": [ "SecWiki/windows-kernel-exploits": [
"Invoke-ConPtyShell.ps1" "MS11-046/ms11-046.exe"
] ]
}, },
{ "githubreleasesync": {
"ly4k/PwnKit": [ "carlospolop/PEASS-ng": {
"PwnKit" "local_version": "20220417",
] "files": [
}, "linpeas.sh",
{ "winPEAS.bat",
"Re4son/Churrasco": [ "winPEASany.exe"
"churrasco.exe"
] ]
} }
] }
} }

111
pendora-box.py
View File

@ -16,43 +16,94 @@ def compute_file_hash(filepath):
return hashlib.sha1(b"blob " + bytes(str(filesize), 'utf-8') + b"\0" + data).hexdigest() return hashlib.sha1(b"blob " + bytes(str(filesize), 'utf-8') + b"\0" + data).hexdigest()
def get_info(repo, filepath): def get_master_info(repo, filepath, credz):
url = f"https://api.github.com/repos/{repo}/contents/{filepath}" url = f"https://api.github.com/repos/{repo}/contents/{filepath}"
r = requests.get(url) r = requests.get(url, auth=credz)
sha = r.json()['sha'] sha = r.json()['sha']
content = r.json()['content'] content = r.json()['content']
return sha, content return sha, content
def update(): def get_last_release_info(repo, credz):
with open("config.json", "r") as jsonfile: url = f"https://api.github.com/repos/{repo}/releases"
config = json.load(jsonfile) r = requests.get(url, auth=credz)
for release in r.json():
if not release['draft'] and not release['prerelease']:
return release['tag_name']
def githubmastersync(reponame, filepaths, credz):
for filepath in filepaths:
localfile = pathlib.Path('files').joinpath(pathlib.Path(filepath).name)
print(f" * {localfile} ", end='')
lastsha, content = get_master_info(reponame, filepath, credz)
if not localfile.exists():
content = base64.b64decode(content)
with open(localfile, 'wb') as f:
f.write(content)
print('-> Installed! ;)')
else:
sha = compute_file_hash(localfile)
if sha == lastsha:
print('-> Up-to-date.')
else:
content = base64.b64decode(content)
with open(localfile, 'wb') as f:
f.write(content)
print('-> Updated!')
def githubreleasesync(reponame, repoinfo, credz):
local_version = repoinfo['local_version']
last_version = get_last_release_info(reponame, credz)
filenames = repoinfo['files']
for filename in filenames:
localfile = pathlib.Path('files').joinpath(pathlib.Path(filename).name)
urldl = f'https://github.com/{reponame}/releases/download/{last_version}/{filename}'
print(f" * {localfile} ", end='')
if not localfile.exists():
content = requests.get(urldl, auth=credz).content
with open(localfile, 'wb') as f:
f.write(content)
print('-> Installed! ;)')
else:
if local_version == last_version:
print('-> Up-to-date.')
else:
content = requests.get(urldl, auth=credz).content
with open(localfile, 'wb') as f:
f.write(content)
with open("config.json", "r") as jsonfile:
data = json.load(jsonfile)
data['githubreleasesync'][reponame]['local_version'] = last_version
with open("config.json", "w") as jsonfile:
json.dump(data, jsonfile, indent=4)
print('-> Updated!')
def update(config):
print("Updating...") print("Updating...")
with open("credz.json", "r") as jsonfile:
credz = json.load(jsonfile)
credz = (credz['username'], credz['token'])
for repo in config['githubfilesync']: for reponame, filepaths in config['githubmastersync'].items():
for reponame, value in repo.items(): githubmastersync(reponame, filepaths, credz)
for filepath in value:
localfile = pathlib.Path('files').joinpath(pathlib.Path(filepath).name)
print(f" * {localfile} ", end='')
lastsha, content = get_info(reponame, filepath)
if not localfile.exists(): for reponame, repoinfo in config['githubreleasesync'].items():
content = base64.b64decode(content) githubreleasesync(reponame, repoinfo, credz)
with open(localfile, 'wb') as f:
f.write(content)
print('-> Installed! ;)')
else:
sha = compute_file_hash(localfile)
if sha == lastsha:
print('-> Up-to-date.')
else:
content = base64.b64decode(content)
with open(localfile, 'wb') as f:
f.write(content)
print('-> Updated!')
def print_menu(menu_options): def print_menu(menu_options):
@ -166,10 +217,14 @@ def menu_choice(menu_options):
if __name__ == '__main__': if __name__ == '__main__':
with open("config.json", "r") as jsonfile:
config = json.load(jsonfile)
update(config)
menu_options = { menu_options = {
1: 'HTTP', 1: 'HTTP',
2: 'SMB', 2: 'SMB',
0: 'Exit', 0: 'Exit',
} }
update()
menu_choice(menu_options) menu_choice(menu_options)