SecT0uch/pendora-box
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: SecT0uch:89450cd2fe733fd1655046d004cbaa24ce697ca7
Branches Tags
SecT0uch:master
...
compare: SecT0uch:master
Branches Tags
SecT0uch:master

4 Commits
89450cd2fe ... master

Author SHA1 Message Date
Jordan ERNST
91b5ce8f28 Add NimScan 2023-04-24 00:50:58 +02:00
Jordan ERNST
eefc1e7aa1 Update 2023-04-05 21:07:48 +02:00
Jordan ERNST
6a5e28dc1c Add plink, allow mimikatz 2023-03-30 23:09:58 +02:00
Jordan ERNST
b9790c7d9f Fix download method 2022-08-09 14:07:02 +02:00
2 changed files with 150 additions and 40 deletions
Expand all files Collapse all files

103
config.json
View File

@ -27,48 +27,99 @@
"BloodHoundAD/BloodHound": [
"Collectors/SharpHound.exe"
],
"InitRoot/SweetPotato": [
"SweetPotato.exe"
"PowerShellMafia/PowerSploit": [
"Recon/PowerView.ps1"
],
"Flangvik/SharpCollection": [
"NetFramework_4.7_Any/Rubeus.exe"
],
"calebstewart/CVE-2021-1675": [
"CVE-2021-1675.ps1"
],
"besimorhino/powercat": [
"powercat.ps1"
],
"r3motecontrol/Ghostpack-CompiledBinaries": [
"Seatbelt.exe"
]
},
"githubreleasesync": {
"carlospolop/PEASS-ng": {
"local_version": "20220731",
"local_version": "20230419-b6aac9cb",
"files": [
"linpeas.sh",
"winPEAS.bat",
"winPEASany.exe"
]
},
"jpillora/chisel": {
"local_version": "v1.7.7",
"files": [
{
"filename": "chisel_{short_version}_windows_386.gz",
"binpath": "chisel.exe"
},
{
"filename": "chisel_{short_version}_linux_386.gz",
"binpath": "chisel"
},
{
"filename": "chisel_{short_version}_linux_amd64.gz",
"binpath": "chisel64"
}
"winPEASany.exe",
"winPEASany_ofs.exe"
]
},
"AlessandroZ/LaZagne": {
"local_version": "2.4.3",
"local_version": "v2.4.5",
"files": [
"lazagne.exe"
]
},
"DominicBreuker/pspy": {
"local_version": "v1.2.0",
"local_version": "v1.2.1",
"files": [
"pspy32",
"pspy64"
]
},
"itm4n/PrintSpoofer": {
"local_version": "v1.0",
"files": [
"PrintSpoofer32.exe",
"PrintSpoofer64.exe"
]
},
"PowerShell/Win32-OpenSSH": {
"local_version": "v9.2.2.0p1-Beta",
"files": [
"OpenSSH-Win32-{nobeta_version}.msi",
"OpenSSH-Win64-{nobeta_version}.msi"
]
},
"elddy/NimScan": {
"local_version": "1.0.8",
"files": [
"NimScan.exe"
]
},
"jpillora/chisel": {
"local_version": "v1.8.1",
"files": [
{
"filename": "chisel_{short_version}_windows_386.gz",
"inpath": "chisel.exe",
"outpath": "chisel.exe"
},
{
"filename": "chisel_{short_version}_linux_386.gz",
"inpath": "chisel",
"outpath": "chisel"
},
{
"filename": "chisel_{short_version}_linux_amd64.gz",
"inpath": "chisel64",
"outpath": "chisel64"
}
]
},
"gentilkiwi/mimikatz": {
"local_version": "2.2.0-20220919",
"files": [
{
"filename": "mimikatz_trunk.zip",
"inpath": "Win32/mimikatz.exe",
"outpath": "mimikatz32.exe"
},
{
"filename": "mimikatz_trunk.zip",
"inpath": "x64/mimikatz.exe",
"outpath": "mimikatz64.exe"
}
]
}
},
"ncat": {
@ -83,5 +134,11 @@
"files": [
"nc.exe"
]
},
"plink": {
"local_version": "0.78",
"files": [
"w32/plink.exe"
]
}
}

87
pendora-box.py
View File

@ -5,7 +5,6 @@ import json
from pathlib import Path
import hashlib
import requests
import base64
import sys
from os import geteuid, chdir
import subprocess
@ -29,8 +28,8 @@ def get_master_info(repo, filepath, credz):
url = f"https://api.github.com/repos/{repo}/contents/{filepath}"
r = requests.get(url, auth=credz)
sha = r.json()['sha']
content = r.json()['content']
return sha, content
dlurl = r.json()['download_url']
return sha, dlurl
def get_last_release_info(repo, credz):
@ -69,12 +68,12 @@ def githubmastersync(reponame, filepaths, credz):
for filepath in filepaths:
localfile = Path('files').joinpath(Path(filepath).name)
print(f" * {localfile} ", end='')
lastsha, content = get_master_info(reponame, filepath, credz)
lastsha, dlurl = get_master_info(reponame, filepath, credz)
if not localfile.exists():
content = base64.b64decode(content)
r = requests.get(dlurl)
with open(localfile, 'wb') as f:
f.write(content)
f.write(r.content)
print('-> Installed! ;)')
else:
@ -83,43 +82,50 @@ def githubmastersync(reponame, filepaths, credz):
if sha == lastsha:
print('-> Up-to-date.')
else:
content = base64.b64decode(content)
r = requests.get(dlurl)
with open(localfile, 'wb') as f:
f.write(content)
f.write(r.content)
print('-> Updated!')
def githubreleasesync(reponame, repoinfo, credz):
local_version = repoinfo['local_version']
last_version = get_last_release_info(reponame, credz)
short_version = last_version.replace('v', '')
nobeta_version = last_version.replace('p1-Beta', '') # See https://github.com/PowerShell/Win32-OpenSSH/releases
filenames = repoinfo['files']
for filename in filenames:
if isinstance(filename, dict):
binpath = filename['binpath']
inpath = filename['inpath']
outpath = filename['outpath']
filename = filename['filename']
filename = filename.replace('{last_version}', last_version).replace('{short_version}', short_version)
localfile = Path('files').joinpath(Path(binpath).name)
filename = filename.replace('{last_version}', last_version).replace('{short_version}', short_version).replace('{nobeta_version}', nobeta_version)
localfile = Path('files').joinpath(outpath)
print(f" * {localfile} ", end='')
else:
filename = filename.replace('{last_version}', last_version).replace('{short_version}', short_version)
filename = filename.replace('{last_version}', last_version).replace('{short_version}', short_version).replace('{nobeta_version}', nobeta_version)
localfile = Path('files').joinpath(Path(filename).name)
print(f" * {localfile} ", end='')
if filename.endswith('.gz'):
is_gz = True
is_gz, is_zip = True, False
elif filename.endswith('.zip'):
is_gz, is_zip = False, True
else:
is_gz = False
is_gz, is_zip = False, False
urldl = f'https://github.com/{reponame}/releases/download/{last_version}/{filename}'
if not localfile.exists():
content = requests.get(urldl, auth=credz).content
if is_gz:
extract_bin('gz', binpath, localfile, content)
extract_bin('gz', inpath, localfile, content)
elif is_zip:
extract_bin('zip', inpath, localfile, content)
else:
with open(localfile, 'wb') as f:
f.write(content)
@ -132,7 +138,9 @@ def githubreleasesync(reponame, repoinfo, credz):
else:
content = requests.get(urldl, auth=credz).content
if is_gz:
extract_bin('gz', binpath, localfile, content)
extract_bin('gz', inpath, localfile, content)
elif is_zip:
extract_bin('zip', inpath, localfile, content)
else:
with open(localfile, 'wb') as f:
f.write(content)
@ -252,6 +260,50 @@ def netcatsync(conf):
json.dump(data, jsonfile, indent=4)
def plinksync(conf):
r = requests.get('https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html')
last_version = r.text.split('PuTTY.\nCurrently this is ')[1].split(', ')[0]
local_version = conf['local_version']
for filename in conf['files']:
localfile = Path('files').joinpath(Path(filename).name)
print(f" * {localfile} ", end='')
urldl = 'https://the.earth.li/~sgtatham/putty/latest/w32/plink.exe'
if not localfile.exists():
content = requests.get(urldl).content
with open(localfile, 'wb') as f:
f.write(content)
print('-> Installed! ;)')
else:
if local_version == last_version:
print('-> Up-to-date.')
else:
content = requests.get(urldl).content
with open(localfile, 'wb') as f:
f.write(content)
with open("config.json", "r") as jsonfile:
data = json.load(jsonfile)
data['plink']['local_version'] = last_version
with open("config.json", "w") as jsonfile:
json.dump(data, jsonfile, indent=4)
print('-> Updated!')
with open("config.json", "r") as jsonfile:
data = json.load(jsonfile)
data['plink']['local_version'] = last_version
with open("config.json", "w") as jsonfile:
json.dump(data, jsonfile, indent=4)
def update(config):
print("Updating...")
with open("credz.json", "r") as jsonfile:
@ -264,8 +316,9 @@ def update(config):
for reponame, repoinfo in config['githubreleasesync'].items():
githubreleasesync(reponame, repoinfo, credz)
ncatsync(config['ncat'])
# ncatsync(config['ncat'])
netcatsync(config['netcat'])
plinksync(config['plink'])
make_executable()