SecT0uch/pendora-box
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: SecT0uch:e8eb9803d8a73299ffa6646f956b06dffb5971af
Branches Tags
SecT0uch:master
...
compare: SecT0uch:master
Branches Tags
SecT0uch:master

9 Commits
e8eb9803d8 ... master

Author SHA1 Message Date
Jordan ERNST
91b5ce8f28 Add NimScan 2023-04-24 00:50:58 +02:00
Jordan ERNST
eefc1e7aa1 Update 2023-04-05 21:07:48 +02:00
Jordan ERNST
6a5e28dc1c Add plink, allow mimikatz 2023-03-30 23:09:58 +02:00
Jordan ERNST
b9790c7d9f Fix download method 2022-08-09 14:07:02 +02:00
Jordan ERNST
89450cd2fe Update README 2022-08-02 19:11:57 +02:00
Jordan ERNST
926676eb1b Add P0wnyShell 2022-06-08 14:28:49 +02:00
Jordan ERNST
18eaa61dda Update README 2022-05-20 12:58:03 +02:00
Jordan ERNST
5144bf6c79 Add: --update --help 2022-05-20 12:54:44 +02:00
Jordan ERNST
bd5d7a2647 Fix: is_gz 2022-05-06 15:43:13 +02:00
3 changed files with 191 additions and 26 deletions
Expand all files Collapse all files

16
README.md
View File

@ -6,8 +6,11 @@ This too has several functions:
## To-Do ## To-Do
* Add chisel x64
* Integrate msfvenom
* Add Webshells sync
* Ability to add comments or description
* Prettier code * Prettier code
* Only update once per day, except if `-u` `--update`
* Adding more services to listen to ? * Adding more services to listen to ?
## Pre-requisites ## Pre-requisites
@ -28,7 +31,16 @@ This too has several functions:
} }
``` ```
`python pendora-box.py` ```
user@wow$ python pendora-box.py -h
usage: pendora-box.py [-h] [-u]
Sync your files and starts a listener on HTTP, SMB or SMB2.
options:
-h, --help show this help message and exit
-u, --update update your files (described in config.json)
```
## Adding a file to track ## Adding a file to track

96
config.json
View File

@ -17,27 +17,107 @@
"MS11-046/ms11-046.exe", "MS11-046/ms11-046.exe",
"MS11-046/MS11_46_k8.exe", "MS11-046/MS11_46_k8.exe",
"MS10-059/MS10-059.exe" "MS10-059/MS10-059.exe"
],
"flozz/p0wny-shell": [
"shell.php"
],
"int0x33/nc.exe": [
"nc64.exe"
],
"BloodHoundAD/BloodHound": [
"Collectors/SharpHound.exe"
],
"PowerShellMafia/PowerSploit": [
"Recon/PowerView.ps1"
],
"Flangvik/SharpCollection": [
"NetFramework_4.7_Any/Rubeus.exe"
],
"calebstewart/CVE-2021-1675": [
"CVE-2021-1675.ps1"
],
"besimorhino/powercat": [
"powercat.ps1"
],
"r3motecontrol/Ghostpack-CompiledBinaries": [
"Seatbelt.exe"
] ]
}, },
"githubreleasesync": { "githubreleasesync": {
"carlospolop/PEASS-ng": { "carlospolop/PEASS-ng": {
"local_version": "20220424", "local_version": "20230419-b6aac9cb",
"files": [ "files": [
"linpeas.sh", "linpeas.sh",
"winPEAS.bat", "winPEAS.bat",
"winPEASany.exe" "winPEASany.exe",
"winPEASany_ofs.exe"
]
},
"AlessandroZ/LaZagne": {
"local_version": "v2.4.5",
"files": [
"lazagne.exe"
]
},
"DominicBreuker/pspy": {
"local_version": "v1.2.1",
"files": [
"pspy32",
"pspy64"
]
},
"itm4n/PrintSpoofer": {
"local_version": "v1.0",
"files": [
"PrintSpoofer32.exe",
"PrintSpoofer64.exe"
]
},
"PowerShell/Win32-OpenSSH": {
"local_version": "v9.2.2.0p1-Beta",
"files": [
"OpenSSH-Win32-{nobeta_version}.msi",
"OpenSSH-Win64-{nobeta_version}.msi"
]
},
"elddy/NimScan": {
"local_version": "1.0.8",
"files": [
"NimScan.exe"
] ]
}, },
"jpillora/chisel": { "jpillora/chisel": {
"local_version": "v1.7.7", "local_version": "v1.8.1",
"files": [ "files": [
{ {
"filename": "chisel_{short_version}_windows_386.gz", "filename": "chisel_{short_version}_windows_386.gz",
"binpath": "chisel.exe" "inpath": "chisel.exe",
"outpath": "chisel.exe"
}, },
{ {
"filename": "chisel_{short_version}_linux_386.gz", "filename": "chisel_{short_version}_linux_386.gz",
"binpath": "chisel" "inpath": "chisel",
"outpath": "chisel"
},
{
"filename": "chisel_{short_version}_linux_amd64.gz",
"inpath": "chisel64",
"outpath": "chisel64"
}
]
},
"gentilkiwi/mimikatz": {
"local_version": "2.2.0-20220919",
"files": [
{
"filename": "mimikatz_trunk.zip",
"inpath": "Win32/mimikatz.exe",
"outpath": "mimikatz32.exe"
},
{
"filename": "mimikatz_trunk.zip",
"inpath": "x64/mimikatz.exe",
"outpath": "mimikatz64.exe"
} }
] ]
} }
@ -54,5 +134,11 @@
"files": [ "files": [
"nc.exe" "nc.exe"
] ]
},
"plink": {
"local_version": "0.78",
"files": [
"w32/plink.exe"
]
} }
} }

103
pendora-box.py Normal file → Executable file
View File

@ -1,10 +1,12 @@
#!/usr/bin/env python3
import argparse
import json import json
from pathlib import Path from pathlib import Path
import hashlib import hashlib
import requests import requests
import base64
import sys import sys
from os import geteuid from os import geteuid, chdir
import subprocess import subprocess
from io import BytesIO from io import BytesIO
import zipfile import zipfile
@ -26,8 +28,8 @@ def get_master_info(repo, filepath, credz):
url = f"https://api.github.com/repos/{repo}/contents/{filepath}" url = f"https://api.github.com/repos/{repo}/contents/{filepath}"
r = requests.get(url, auth=credz) r = requests.get(url, auth=credz)
sha = r.json()['sha'] sha = r.json()['sha']
content = r.json()['content'] dlurl = r.json()['download_url']
return sha, content return sha, dlurl
def get_last_release_info(repo, credz): def get_last_release_info(repo, credz):
@ -66,12 +68,12 @@ def githubmastersync(reponame, filepaths, credz):
for filepath in filepaths: for filepath in filepaths:
localfile = Path('files').joinpath(Path(filepath).name) localfile = Path('files').joinpath(Path(filepath).name)
print(f" * {localfile} ", end='') print(f" * {localfile} ", end='')
lastsha, content = get_master_info(reponame, filepath, credz) lastsha, dlurl = get_master_info(reponame, filepath, credz)
if not localfile.exists(): if not localfile.exists():
content = base64.b64decode(content) r = requests.get(dlurl)
with open(localfile, 'wb') as f: with open(localfile, 'wb') as f:
f.write(content) f.write(r.content)
print('-> Installed! ;)') print('-> Installed! ;)')
else: else:
@ -80,40 +82,50 @@ def githubmastersync(reponame, filepaths, credz):
if sha == lastsha: if sha == lastsha:
print('-> Up-to-date.') print('-> Up-to-date.')
else: else:
content = base64.b64decode(content) r = requests.get(dlurl)
with open(localfile, 'wb') as f: with open(localfile, 'wb') as f:
f.write(content) f.write(r.content)
print('-> Updated!') print('-> Updated!')
def githubreleasesync(reponame, repoinfo, credz): def githubreleasesync(reponame, repoinfo, credz):
local_version = repoinfo['local_version'] local_version = repoinfo['local_version']
last_version = get_last_release_info(reponame, credz) last_version = get_last_release_info(reponame, credz)
short_version = last_version.replace('v', '') short_version = last_version.replace('v', '')
nobeta_version = last_version.replace('p1-Beta', '') # See https://github.com/PowerShell/Win32-OpenSSH/releases
filenames = repoinfo['files'] filenames = repoinfo['files']
for filename in filenames: for filename in filenames:
if isinstance(filename, dict): if isinstance(filename, dict):
binpath = filename['binpath'] inpath = filename['inpath']
outpath = filename['outpath']
filename = filename['filename'] filename = filename['filename']
filename = filename.replace('{last_version}', last_version).replace('{short_version}', short_version) filename = filename.replace('{last_version}', last_version).replace('{short_version}', short_version).replace('{nobeta_version}', nobeta_version)
localfile = Path('files').joinpath(Path(binpath).name) localfile = Path('files').joinpath(outpath)
if filename.endswith('.gz'):
is_gz = True
print(f" * {localfile} ", end='') print(f" * {localfile} ", end='')
else: else:
filename = filename.replace('{last_version}', last_version).replace('{short_version}', short_version) filename = filename.replace('{last_version}', last_version).replace('{short_version}', short_version).replace('{nobeta_version}', nobeta_version)
localfile = Path('files').joinpath(Path(filename).name) localfile = Path('files').joinpath(Path(filename).name)
print(f" * {localfile} ", end='') print(f" * {localfile} ", end='')
if filename.endswith('.gz'):
is_gz, is_zip = True, False
elif filename.endswith('.zip'):
is_gz, is_zip = False, True
else:
is_gz, is_zip = False, False
urldl = f'https://github.com/{reponame}/releases/download/{last_version}/{filename}' urldl = f'https://github.com/{reponame}/releases/download/{last_version}/{filename}'
if not localfile.exists(): if not localfile.exists():
content = requests.get(urldl, auth=credz).content content = requests.get(urldl, auth=credz).content
if is_gz: if is_gz:
extract_bin('gz', binpath, localfile, content) extract_bin('gz', inpath, localfile, content)
elif is_zip:
extract_bin('zip', inpath, localfile, content)
else: else:
with open(localfile, 'wb') as f: with open(localfile, 'wb') as f:
f.write(content) f.write(content)
@ -126,7 +138,9 @@ def githubreleasesync(reponame, repoinfo, credz):
else: else:
content = requests.get(urldl, auth=credz).content content = requests.get(urldl, auth=credz).content
if is_gz: if is_gz:
extract_bin('gz', binpath, localfile, content) extract_bin('gz', inpath, localfile, content)
elif is_zip:
extract_bin('zip', inpath, localfile, content)
else: else:
with open(localfile, 'wb') as f: with open(localfile, 'wb') as f:
f.write(content) f.write(content)
@ -246,6 +260,50 @@ def netcatsync(conf):
json.dump(data, jsonfile, indent=4) json.dump(data, jsonfile, indent=4)
def plinksync(conf):
r = requests.get('https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html')
last_version = r.text.split('PuTTY.\nCurrently this is ')[1].split(', ')[0]
local_version = conf['local_version']
for filename in conf['files']:
localfile = Path('files').joinpath(Path(filename).name)
print(f" * {localfile} ", end='')
urldl = 'https://the.earth.li/~sgtatham/putty/latest/w32/plink.exe'
if not localfile.exists():
content = requests.get(urldl).content
with open(localfile, 'wb') as f:
f.write(content)
print('-> Installed! ;)')
else:
if local_version == last_version:
print('-> Up-to-date.')
else:
content = requests.get(urldl).content
with open(localfile, 'wb') as f:
f.write(content)
with open("config.json", "r") as jsonfile:
data = json.load(jsonfile)
data['plink']['local_version'] = last_version
with open("config.json", "w") as jsonfile:
json.dump(data, jsonfile, indent=4)
print('-> Updated!')
with open("config.json", "r") as jsonfile:
data = json.load(jsonfile)
data['plink']['local_version'] = last_version
with open("config.json", "w") as jsonfile:
json.dump(data, jsonfile, indent=4)
def update(config): def update(config):
print("Updating...") print("Updating...")
with open("credz.json", "r") as jsonfile: with open("credz.json", "r") as jsonfile:
@ -258,8 +316,9 @@ def update(config):
for reponame, repoinfo in config['githubreleasesync'].items(): for reponame, repoinfo in config['githubreleasesync'].items():
githubreleasesync(reponame, repoinfo, credz) githubreleasesync(reponame, repoinfo, credz)
ncatsync(config['ncat']) # ncatsync(config['ncat'])
netcatsync(config['netcat']) netcatsync(config['netcat'])
plinksync(config['plink'])
make_executable() make_executable()
@ -429,9 +488,17 @@ def menu_choice(menu_options):
if __name__ == '__main__': if __name__ == '__main__':
chdir(Path(__file__).resolve().parent) # Change current dir to source location
parser = argparse.ArgumentParser(description='Sync your files and starts a listener on HTTP, SMB or SMB2.')
parser.add_argument('-u', '--update', action='store_true', help='update your files (described in config.json)')
args = parser.parse_args()
with open("config.json", "r") as jsonfile: with open("config.json", "r") as jsonfile:
config = json.load(jsonfile) config = json.load(jsonfile)
if args.update:
update(config) update(config)
tmp = Path('files/tmp') tmp = Path('files/tmp')
is_empty = not any(tmp.iterdir()) is_empty = not any(tmp.iterdir())