Adding verbosity level to creds modules. Fixing encoding problem with basic auth.

routersploit/modules/creds/ftp_bruteforce.py

@@ -11,6 +11,7 @@ from routersploit import (
     LockedIterator,
     print_success,
     print_table,
+    boolify,
 )
 
 
@@ -32,6 +33,7 @@ class Exploit(exploits.Exploit):
     threads = exploits.Option(8, 'Number of threads')
     usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
     passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
+    verbosity = exploits.Option('yes', 'Display authentication attempts')
 
     credentials = []
 
@@ -70,9 +72,10 @@ class Exploit(exploits.Exploit):
             print_error("Credentials not found")
 
     def target_function(self, running, data):
+        module_verbosity = boolify(self.verbosity)
         name = threading.current_thread().name
 
-        print_status(name, 'process is starting...')
+        print_status(name, 'process is starting...', verbose=module_verbosity)
 
         ftp = ftplib.FTP()
         while running.is_set():
@@ -89,22 +92,22 @@ class Exploit(exploits.Exploit):
                         ftp.connect(self.target, port=int(self.port), timeout=10)
                         break
                     except socket.error, socket.timeout:
-                        print_error("{} Connection problem. Retrying...".format(name))
+                        print_error("{} Connection problem. Retrying...".format(name), verbose=module_verbosity)
                         retries += 1
 
                         if retries > 2:
-                            print_error("Too much connection problems. Quiting...")
+                            print_error("Too much connection problems. Quiting...", verbose=module_verbosity)
                             return
 
                 try:
                     ftp.login(user, password)
 
                     running.clear()
-                    print_success("{}: Authentication succeed!".format(name), user, password)
+                    print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
                     self.credentials.append((user, password))
                 except:
-                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password))
+                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
 
                 ftp.close()
 
-        print_status(name, 'process is terminated.')
+        print_status(name, 'process is terminated.', verbose=module_verbosity)

routersploit/modules/creds/ftp_default.py

@@ -10,6 +10,7 @@ from routersploit import (
     LockedIterator,
     print_success,
     print_table,
+    boolify,
 )
 
 
@@ -30,6 +31,7 @@ class Exploit(exploits.Exploit):
 
     threads = exploits.Option(8, 'Numbers of threads')
     defaults = exploits.Option(wordlists.defaults, 'User:Pass pair or file with default credentials (file://)')
+    verbosity = exploits.Option('yes', 'Display authentication attempts')
 
     credentials = []
 
@@ -62,9 +64,10 @@ class Exploit(exploits.Exploit):
             print_error("Credentials not found")
 
     def target_function(self, running, data):
+        module_verbosity = boolify(self.verbosity)
         name = threading.current_thread().name
 
-        print_status(name, 'process is starting...')
+        print_status(name, 'process is starting...', verbose=module_verbosity)
 
         ftp = ftplib.FTP()
         while running.is_set():
@@ -81,22 +84,22 @@ class Exploit(exploits.Exploit):
                         ftp.connect(self.target, port=int(self.port), timeout=10)
                         break
                     except:
-                        print_error("{} Connection problem. Retrying...".format(name))
+                        print_error("{} Connection problem. Retrying...".format(name), verbose=module_verbosity)
                         retries += 1
 
                         if retries > 2:
-                            print_error("Too much connection problems. Quiting...")
+                            print_error("Too much connection problems. Quiting...", verbose=module_verbosity)
                             return
 
                 try:
                     ftp.login(user, password)
 
                     running.clear()
-                    print_success("{}: Authentication succeed!".format(name), user, password)
+                    print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
                     self.credentials.append((user, password))
                 except:
-                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password))
+                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
 
                 ftp.close()
 
-        print_status(name, 'process is terminated.')
+        print_status(name, 'process is terminated.', verbose=module_verbosity)

routersploit/modules/creds/http_basic_bruteforce.py

@@ -11,6 +11,7 @@ from routersploit import (
     print_success,
     print_table,
     sanitize_url,
+    boolify,
 )
 
 
@@ -33,6 +34,7 @@ class Exploit(exploits.Exploit):
     usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
     passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
     path = exploits.Option('/', 'URL Path')
+    verbosity = exploits.Option('yes', 'Display authentication attempts')
 
     credentials = []
 
@@ -75,25 +77,26 @@ class Exploit(exploits.Exploit):
             print_error("Credentials not found")
 
     def target_function(self, running, data):
+        module_verbosity = boolify(self.verbosity)
         name = threading.current_thread().name
         url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
 
-        print_status(name, 'process is starting...')
+        print_status(name, 'process is starting...', verbose=module_verbosity)
 
         while running.is_set():
             try:
                 user, password = data.next()
-                user = user.strip()
-                password = password.strip()
+                user = user.encode('utf-8').strip()
+                password = password.encode('utf-8').strip()
                 r = requests.get(url, auth=(user, password))
 
                 if r.status_code != 401:
                     running.clear()
-                    print_success("{}: Authentication succeed!".format(name), user, password)
+                    print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
                     self.credentials.append((user, password))
                 else:
-                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password))
+                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
             except StopIteration:
                 break
 
-        print_status(name, 'process is terminated.')
+        print_status(name, 'process is terminated.', verbose=module_verbosity)

routersploit/modules/creds/http_basic_default.py

@@ -10,6 +10,7 @@ from routersploit import (
     print_success,
     print_table,
     sanitize_url,
+    boolify,
 )
 
 
@@ -30,6 +31,7 @@ class Exploit(exploits.Exploit):
     threads = exploits.Option(8, 'Number of threads')
     defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
     path = exploits.Option('/', 'URL Path')
+    verbosity = exploits.Option('yes', 'Display authentication attempts')
 
     credentials = []
 
@@ -66,25 +68,26 @@ class Exploit(exploits.Exploit):
             print_error("Credentials not found")
 
     def target_function(self, running, data):
+        module_verbosity = boolify(self.verbosity)
         name = threading.current_thread().name
         url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
 
-        print_status(name, 'process is starting...')
+        print_status(name, 'process is starting...', verbose=module_verbosity)
 
         while running.is_set():
             try:
                 line = data.next().split(":")
-                user = line[0].strip()
-                password = line[1].strip()
+                user = line[0].encode('utf-8').strip()
+                password = line[1].encode('utf-8').strip()
                 r = requests.get(url, auth=(user, password))
 
                 if r.status_code != 401:
                     running.clear()
-                    print_success("{}: Authentication succeed!".format(name), user, password)
+                    print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
                     self.credentials.append((user, password))
                 else:
-                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password))
+                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
             except StopIteration:
                 break
 
-        print_status(name, 'process is terminated.')
+        print_status(name, 'process is terminated.', verbose=module_verbosity)

routersploit/modules/creds/http_form_bruteforce.py

@@ -12,6 +12,7 @@ from routersploit import (
     print_success,
     print_table,
     sanitize_url,
+    boolify,
 )
 
 
@@ -34,6 +35,7 @@ class Exploit(exploits.Exploit):
     passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
     form = exploits.Option('auto', 'Post Data: auto or in form login={{LOGIN}}&password={{PASS}}&submit')
     path = exploits.Option('/login.php', 'URL Path')
+    verbosity = exploits.Option('yes', 'Display authentication attempts')
 
     credentials = []
     data = ""
@@ -134,11 +136,12 @@ class Exploit(exploits.Exploit):
         return '&'.join(res)
 
     def target_function(self, running, data):
+        module_verbosity = boolify(self.verbosity)
         name = threading.current_thread().name
         url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
         headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
 
-        print_status(name, 'process is starting...')
+        print_status(name, 'process is starting...', verbose=module_verbosity)
 
         while running.is_set():
             try:
@@ -152,11 +155,11 @@ class Exploit(exploits.Exploit):
 
                 if l < self.invalid["min"] or l > self.invalid["max"]:
                     running.clear()
-                    print_success("{}: Authentication succeed!".format(name), user, password)
+                    print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
                     self.credentials.append((user, password))
                 else:
-                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password))
+                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
             except StopIteration:
                 break
 
-        print_status(name, 'process is terminated.')
+        print_status(name, 'process is terminated.', verbose=module_verbosity)

routersploit/modules/creds/http_form_default.py

@@ -11,6 +11,7 @@ from routersploit import (
     print_success,
     print_table,
     sanitize_url,
+    boolify,
 )
 
 
@@ -32,6 +33,7 @@ class Exploit(exploits.Exploit):
     defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
     form = exploits.Option('auto', 'Post Data: auto or in form login={{LOGIN}}&password={{PASS}}&submit')
     path = exploits.Option('/login.php', 'URL Path')
+    verbosity = exploits.Option('yes', 'Display authentication attempts')
 
     credentials = []
     data = ""
@@ -127,11 +129,12 @@ class Exploit(exploits.Exploit):
         return '&'.join(res)
 
     def target_function(self, running, data):
+        module_verbosity = boolify(self.verbosity)
         name = threading.current_thread().name
         url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
         headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
 
-        print_status(name, 'process is starting...')
+        print_status(name, 'process is starting...', verbose=module_verbosity)
 
         while running.is_set():
             try:
@@ -145,11 +148,11 @@ class Exploit(exploits.Exploit):
 
                 if l < self.invalid["min"] or l > self.invalid["max"]:
                     running.clear()
-                    print_success("{}: Authentication succeed!".format(name), user, password)
+                    print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
                     self.credentials.append((user, password))
                 else:
-                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password))
+                    print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
             except StopIteration:
                 break
 
-        print_status(name, 'process is terminated.')
+        print_status(name, 'process is terminated.', verbose=module_verbosity)

routersploit/modules/creds/snmp_bruteforce.py

 import threading
 import netsnmp
 
-from routersploit.utils import print_status, print_success, print_error, print_table, LockedIterator
-from routersploit import exploits
-from routersploit import wordlists
+from routersploit import (
+    exploits,
+    wordlists,
+    print_status,
+    print_error,
+    LockedIterator,
+    print_success,
+    print_table,
+    boolify,
+)
 
 
 class Exploit(exploits.Exploit):
@@ -20,6 +27,7 @@ class Exploit(exploits.Exploit):
     port = exploits.Option(161, 'Target port')
     threads = exploits.Option(8, 'Number of threads')
     snmp = exploits.Option(wordlists.snmp, 'Community string or file with community strings (file://)')
+    verbosity = exploits.Option('yes', 'Display authentication attempts')
 
     strings = []
 
@@ -44,10 +52,11 @@ class Exploit(exploits.Exploit):
             print_error("Valid community strings not found")
 
     def target_function(self, running, data):
+        module_verbosity = boolify(self.verbosity)
         name = threading.current_thread().name
         address = "{}:{}".format(self.target, self.port)
 
-        print_status(name, 'thread is starting...')
+        print_status(name, 'thread is starting...', verbose=module_verbosity)
 
         while running.is_set():
             try:
@@ -58,12 +67,12 @@ class Exploit(exploits.Exploit):
 
                 if res[0] is not None:
                     running.clear()
-                    print_success("{}: Valid community string found!".format(name), string)
+                    print_success("{}: Valid community string found!".format(name), string, verbose=module_verbosity)
                     self.strings.append(tuple([string]))
                 else:
-                    print_error("{}: Invalid community string.".format(name), string)
+                    print_error("{}: Invalid community string.".format(name), string, verbose=module_verbosity)
 
             except StopIteration:
                 break
 
-        print_status(name, 'thread is terminated.')
+        print_status(name, 'thread is terminated.', verbose=module_verbosity)

routersploit/modules/creds/ssh_bruteforce.py

@@ -31,7 +31,7 @@ class Exploit(exploits.Exploit):
     threads = exploits.Option(8, 'Number of threads')
     usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
     passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
-    verbosity = exploits.Option(True, 'Display authentication attempts')
+    verbosity = exploits.Option('yes', 'Display authentication attempts')
 
     credentials = []
 
@@ -88,7 +88,7 @@ class Exploit(exploits.Exploit):
                 break
             except paramiko.ssh_exception.SSHException as err:
                 ssh.close()
-                print_error(name, err, user, password, verbose=module_verbosity)
+                print_error(name, err, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
             else:
                 running.clear()
 

routersploit/modules/creds/ssh_default.py

@@ -10,6 +10,7 @@ from routersploit import (
     LockedIterator,
     print_success,
     print_table,
+    boolify,
 )
 
 
@@ -32,7 +33,6 @@ class Exploit(exploits.Exploit):
     verbosity = exploits.Option('yes', 'Display authentication attempts')
 
     credentials = []
-    verb = None
 
     def run(self):
         self.credentials = []
@@ -54,7 +54,6 @@ class Exploit(exploits.Exploit):
         else:
             defaults = [self.defaults]
 
-        self.verb = self.verbosity.lower()
         collection = LockedIterator(defaults)
         self.run_threads(self.threads, self.target_function, collection)
 
@@ -66,12 +65,12 @@ class Exploit(exploits.Exploit):
             print_error("Credentials not found")
 
     def target_function(self, running, data):
+        module_verbosity = boolify(self.verbosity)
         name = threading.current_thread().name
         ssh = paramiko.SSHClient()
         ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 
-        if self.verb == 'yes':
-            print_status(name, 'process is starting...')
+        print_status(name, 'process is starting...', verbose=module_verbosity)
 
         while running.is_set():
             try:
@@ -84,15 +83,12 @@ class Exploit(exploits.Exploit):
             except paramiko.ssh_exception.SSHException as err:
                 ssh.close()
 
-                if self.verb == 'yes':
-                    print_error(name, err, "Username: '{}' Password: '{}'".format(user, password))
+                print_error(name, err, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
             else:
                 running.clear()
 
-                if self.verb == 'yes':
-                    print_success("{}: Authentication succeed!".format(name), user, password)
+                print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
 
                 self.credentials.append((user, password))
 
-        if self.verb == 'yes':
-            print_status(name, 'process is terminated.')
+        print_status(name, 'process is terminated.', verbose=module_verbosity)

routersploit/modules/creds/telnet_bruteforce.py

@@ -10,6 +10,7 @@ from routersploit import (
     LockedIterator,
     print_success,
     print_table,
+    boolify,
 )
 
 
@@ -29,6 +30,7 @@ class Exploit(exploits.Exploit):
     threads = exploits.Option(8, 'Number of threads')
     usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
     passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
+    verbosity = exploits.Option('yes', 'Display authentication attempts')
 
     credentials = []
 
@@ -64,9 +66,10 @@ class Exploit(exploits.Exploit):
             print_error("Credentials not found")
 
     def target_function(self, running, data):
+        module_verbosity = boolify(self.verbosity)
         name = threading.current_thread().name
 
-        print_status(name, 'thread is starting...')
+        print_status(name, 'thread is starting...', verbose=module_verbosity)
 
         while running.is_set():
             try:
@@ -90,21 +93,21 @@ class Exploit(exploits.Exploit):
                         tn.close()
 
                         if i != -1:
-                            print_error(name, "Username: '{}' Password: '{}'".format(user, password))
+                            print_error(name, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
                         else:
                             if any(map(lambda x: x in res, ["#", "$", ">"])) or len(res) > 500:  # big banner e.g. mikrotik
                                 running.clear()
-                                print_success("{}: Authentication succeed!".format(name), user, password)
+                                print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
                                 self.credentials.append((user, password))
                         tn.close()
                         break
                     except EOFError:
-                        print_error(name, "Connection problem. Retrying...")
+                        print_error(name, "Connection problem. Retrying...", verbose=module_verbosity)
                         retries += 1
 
                         if retries > 2:
-                            print_error("Too much connection problems. Quiting...")
+                            print_error("Too much connection problems. Quiting...", verbose=module_verbosity)
                             return
                         continue
 
-        print_status(name, 'thread is terminated.')
+        print_status(name, 'thread is terminated.', verbose=module_verbosity)

routersploit/modules/creds/telnet_default.py

@@ -9,6 +9,7 @@ from routersploit import (
     LockedIterator,
     print_success,
     print_table,
+    boolify,
 )
 
 
@@ -29,6 +30,7 @@ class Exploit(exploits.Exploit):
 
     threads = exploits.Option(8, 'Numbers of threads')
     defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
+    verbosity = exploits.Option('yes', 'Display authentication attempts')
 
     credentials = []
 
@@ -59,8 +61,9 @@ class Exploit(exploits.Exploit):
             print_error("Credentials not found")
 
     def target_function(self, running, data):
+        module_verbosity = boolify(self.verbosity)
         name = threading.current_thread().name
-        print_status(name, 'process is starting...')
+        print_status(name, 'process is starting...', verbose=module_verbosity)
 
         while running.is_set():
             try:
@@ -84,21 +87,21 @@ class Exploit(exploits.Exploit):
                         tn.close()
 
                         if i != -1:
-                            print_error(name, "Username: '{}' Password: '{}'".format(user, password))
+                            print_error(name, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
                         else:
                             if any(map(lambda x: x in res, ["#", "$", ">"])) or len(res) > 500:  # big banner e.g. mikrotik
                                 running.clear()
-                                print_success("{}: Authentication succeed!".format(name), user, password)
+                                print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
                                 self.credentials.append((user, password))
                         tn.close()
                         break
                     except EOFError:
-                        print_error(name, "Connection problem. Retrying...")
+                        print_error(name, "Connection problem. Retrying...", verbose=module_verbosity)
                         retries += 1
 
                         if retries > 2:
-                            print_error("Too much connection problems. Quiting...")
+                            print_error("Too much connection problems. Quiting...", verbose=module_verbosity)
                             return
                         continue
 
-        print_status(name, 'process is terminated.')
+        print_status(name, 'process is terminated.', verbose=module_verbosity)