diff --git a/README.md b/README.md index 44a73928..384808b1 100755 --- a/README.md +++ b/README.md @@ -39,7 +39,10 @@ ## Usage - NOTE: When you start a pentest, type the INIT command and define the target +### NOTE: When you start a pentest, type the INIT command and define the target, or write +### values in linux-evil-toolkit/config/letk.rb + +### Basics |exit | Close this script |clear | Clear terminal @@ -48,9 +51,7 @@ |INIT | Setup global variables |reset | Clear terminal and reset global variables |cover | Cover your tracks on your computer - |portscanner | This command is replaced by automap - |automap | Scanner target, grep ports, services, operational system, - | | firewall rules and more. + |simple_map | This command execute automap (auto namap) |search | Search email, whois and banner grep |status | Show machine status |dnsscanner | Scan for 'A', 'AAAA', 'CNAME', 'MX', 'NS', 'PTR', 'SOA' @@ -63,6 +64,40 @@ |test | For development only +### simple_scan options + + alone + + "-sL" --> "List Scan - simply list targets to scan" + "-sP" --> "Ping Scan - go no further than determining if host is online" + + default + + "-sS -sV" --> "TCP SYN" + "-sU -sV" --> "UDP Scan" + + icmp_echo + + "-sS -sV -PE" --> "TCP SYN + ICMP echo discovery probes" + "-sU -sV -PE" --> "UDP Scan + ICMP echo discovery probes" + "-sA -sV -PE" --> "ACK + ICMP echo discovery probes" + + port_list + + "-sS" --> "TCP SYN + [portlist]: TCP SYN discovery probes to given ports" + "-sA" --> "ACK + [portlist]: TCP ACK discovery probes to given ports" + "-sU" --> "UDP Scan + [portlist]: TCP UDP discovery probes to given ports" + + special + + "-sT -sV" --> "Connect()" + "-sW -sV" --> "Window" + "-sM -sV" --> "Maimon scans" + "-sN -sV" --> "TCP Null" + "-sF -sV" --> "FIN" + "-sX -sV" --> "Xmas scans" + + ## Backend Functions ### From engine module @@ -77,13 +112,9 @@ Engine.status() | Show machine status Engine.dns_scanner() | Scan for 'A', 'AAAA', 'CNAME', 'MX', 'NS', 'PTR', 'SOA' Emgine.dir_scanner() | Brute force for search files and folders - -### From Automap module - - Automap.less_boring() | Execute automap host scan - Automap.assembly() | Backend function - Automap.exec() | Backend function - + Engine.simple_scan() | Execute automap + Engine.assembly() | Backend function + Engine.exec() | Backend function ### From Visual module @@ -92,7 +123,6 @@ Visual.linux_files() | Function for show text Visual.linux_folders() | Function for show text Visual.linux_util() | Function for show text - ### From Interpreter Module @@ -100,4 +130,10 @@ Interpreter.main() | Backend function -### ERROR CODES & COLORS +## ERROR CODES & COLORS + + prGreen() | Succesful + prRed() | Error + Other[Cyan, yellow] | Execultion error + +### Donate diff --git a/config/letk.rb b/config/letk.rb index 0d2962b0..0b415c9e 100644 --- a/config/letk.rb +++ b/config/letk.rb @@ -1,6 +1,6 @@ # CONFIG FILE FOR AUTOMATION # Set time -$time = time = Time.now.strftime("%d-%m-%Y_%H-%M") +$time = Time.now.strftime("%d-%m-%Y_%H-%M") # Write results in file? $documentation = false # Enable proxy @@ -12,4 +12,6 @@ # automatically generate new ip. [true| false] $silent_mode = false # Change mac [true| false] -$change_mac = false \ No newline at end of file +$change_mac = false +#Set network interface name: [wlan0, wlp2s0]: " +$interface = false \ No newline at end of file diff --git a/config/requirements.txt b/config/requirements.txt index fb81bd32..0372b117 100755 --- a/config/requirements.txt +++ b/config/requirements.txt @@ -10,6 +10,7 @@ tmux links code vim +srm gedit net-tools adb diff --git a/modules/automap.rb b/modules/automap.rb deleted file mode 100644 index a6f3d383..00000000 --- a/modules/automap.rb +++ /dev/null @@ -1,116 +0,0 @@ -#------------------------------------------------------------- -# -# Linux Evil Toolkit -# -# By v0id -# -# -#------------------------------------------------------------ - -module Automap - - $HOS = [ - ["-P0", "Treat all hosts as online -- skip host discovery"], - ["-PS", "[portlist]: TCP SYN discovery probes to given ports"], - ["-PA", "[portlist]: TCP ACK discovery probes to given ports"], - ["-PU", "[portlist]: TCP UDP discovery probes to given ports"], - ["-PE", "ICMP echo discovery probes"], - ["-sV", "Probe open ports to determine service/version info"], - ["-PP", "timestamp request discovery probes"], - ["-PM", "netmask request discovery probes"] - ] - - $ALO = [ - ["-sL", "List Scan - simply list targets to scan"], - ["-sP", "Ping Scan - go no further than determining if host is online"], - ] - - $SCA = [ - ["-sS", "TCP SYN"], - ["-sT", "Connect()"], - ["-sA", "ACK"], - ["-sW", "Window"], - ["-sM", "Maimon scans"], - ["-sN", "TCP Null"], - ["-sF", "FIN"], - ["-sX", "Xmas scans"] - ] - - $VEN = [ - ["006017", "Tokimec"], - ["006018", "Stellar ONE"], - ["006019", "Roche Diagnostics"], - ["00601A", "Keithley Instruments"], - ["00601B", "Mesa Electronics"], - ["00601C", "Telxon"], - ["00601D", "Lucent Technologies"], - ["00601E", "Softlab"], - ["00601F", "Stallion Technologies"], - ["006020", "Pivotal Networking"], - ["006021", "DSC"], - ["006022", "Vicom Systems"], - ["006023", "Pericom Semiconductor"], - ["006024", "Gradient Technologies"], - ["006025", "Active Imaging PLC"], - ["006026", "Viking Modular Solutions"] - ] - - def assembly(unity) - # Define hidden flag - mac = $VEN[rand(0..14)] - return "nmap #{unity} -O -T3 #{$target} --spoof-mac #{mac[0]} --data-length #{rand(2..256)} --max-retries 10 --mtu 1024 --host-timeout 30 --ttl 60 -f #{rand(1..6)}" - end - - def exec(method, list) - for ht_method in list - prCyan "[AUTO EXEC]: #{ht_method[1]}\n" - command = sys(assembly("#{method} #{ht_method[0]}")) - if command == true - prRed("#{$line}\n[SUCCESSFUL]\n") - else - prGreen("#{$line}\n[ERROR]: External command fail: Keep calm, monkeys working\n") - end - end - end - - def less_boring() - - # Why? - method = $SCA - ht_method = $HOS - # List all option - for var in method - prCyan "flag: -all | value: Use all options" - prCyan "flag: #{var[0]} | value: #{var[1]}" - end - # Get value from monkey user - print("#{$line}\nSet flarg option: [ex: -sS]: ") - flag = gets.chomp.to_s - # Test flag option - case flag - when "-sS" - exec("-sS", ht_method) - when "-sT" - exec("-sT", ht_method) - when "-sA" - exec("-sA", ht_method) - when "-sW" - exec("-sW", ht_method) - when "-sM" - exec("-sM", ht_method) - when "-sN" - exec("-sN", ht_method) - when "-sF" - exec("-sF", ht_method) - when "-sX" - exec("-sX", ht_method) - when "-all" - for f_all in method - exec(f_all[0], ht_method) - end - else - prRed("#{$line}\n[ERROR]: less_boring() execution fail, sad monkeys") - end - end - -end diff --git a/modules/engine.rb b/modules/engine.rb index 17625d27..e5e2e6b7 100644 --- a/modules/engine.rb +++ b/modules/engine.rb @@ -10,7 +10,8 @@ module Engine # LINE - $line = "\n\n[+]---------------------------------------[+]\n\n" + $line = "\n\n[+]----------------------------------------------------[+]\n\n" + $pline ="\n ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" # INIT options and set target def INIT() @@ -36,9 +37,9 @@ def INIT() end if $change_mac == false print "Set network interface name: [wlan0, wlp2s0]: "; $interface = gets.chomp.to_s - command = sys("ip link set #{interface} down") - command = sys("macchanger -r #{interface}") - command = sys("ip link set #{interface} up") + command = sys("ip link set #{$interface} down") + command = sys("macchanger -r #{$interface}") + command = sys("ip link set #{$interface} up") $command == false ? prYellow("Change mac address") : prRed("[ERROR]: Interface not found") else prYellow "Set target, or die!" @@ -103,16 +104,15 @@ def compress() ext == "zip" ? sys("gzip #{file_name}"): prCyan(msg) end - # Set cover your tracks (or not) + # Set cover your tracks (or yes) def cover() prRed($line) # Clear prCyan "[+] Clear auth log" - sys('echo "" /var/log/auth.log') + sys('srm -rfD /var/log/') # History prCyan "[+] Clear bash_history" - sys('echo "" -/.bash_history') - sys('rm -rf ~/.bash_history') + sys('srm -rfD -/.bash_history') prCyan "[+] Clear history" sys('history -c') # Disable history @@ -121,45 +121,41 @@ def cover() sys('export HISTSIZE=O') sys('unset HISTFILE') # kill your sel... session - prCyan "[+] Kill session"; - sys('kill -9 $$') # No history, (UwU) prCyan "[+] Perrnanentlj send all bash history commands to /dev/null" - sys('ln /dev/null -/.bash_historj -sf') - prCyan "\n\n" + sys('ln /dev/null ~/.bash_history -sf') + puts "\n\n" end # Machine status def status() - $pline ="\n::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" - prRed($pline) - date_time = Time.now.strftime("%d-%m-%Y_%H-%M") - prRed("\n[+] #{date_time} [+]"); - prGreen("\n[+] Memory:\n") + prRed $pline + prRed "\n[+] #{$time} [+]" + prGreen "\n[+] Memory:\n" system("free -lh") - prGreen("\n[+] Machine:\n") + prGreen "\n[+] Machine:\n" system("uname -a") - prGreen("\n[+] Temp:\n") + prGreen "\n[+] Temp:\n" system("sensors") - prRed($pline) + prRed $pline end # Web vul scanner def search() prRed($line) - prYellow "WHOIS"; sys("whois -a #{$target}") - prYellow "Test connection"; sys("ping -c4 #{$ip}") - prYellow "Email Enumeration"; sys("theharvester -d #{$target} -l 500 -b all") - prYellow "HTTP Banner grep"; sys("ncat -v #{$ip} 80") - prYellow "HTTPS Banner grep"; sys("openssl s_client -quiet -connect #{$target}:443") - prYellow "Nikto scanner"; sys("nikto -h #{$ip}:443 -ssl") + prYellow "#{$line}[+] WHOIS"; sys("whois -a #{$target}") + prYellow "#{$line}[+] Test connection"; sys("ping -c4 #{$ip}") + prYellow "#{$line}[+] Email Enumeration"; sys("theharvester -d #{$target} -l 500 -b all") + prYellow "#{$line}[+] HTTP Banner grep"; sys("ncat -v #{$ip} 80") + prYellow "#{$line}[+] HTTPS Banner grep"; sys("openssl s_client -quiet -connect #{$target}:443") + prYellow "#{$line}[+] Nikto scanner"; sys("nikto -h #{$ip}:443 -ssl") end # Web dns scanner def dns_scanner() - prYellow "DNS Enumeration" + prYellow "#{$line}DNS Enumeration" sys("dnsenum --enum #{$target} ./wordlist/dns2.txt") reg_dns = ['A', 'AAAA', 'CNAME', 'MX', 'NS', 'PTR', 'SOA'] for reg in reg_dns @@ -170,6 +166,7 @@ def dns_scanner() # Web directory scanner def dir_scanner() + prCyan $line prCyan "======================== HOTKEYS ========================" prCyan " 'n' -> Go to next directory." prCyan " 'q' -> Stop scan. (Saving state for resume)" @@ -202,10 +199,67 @@ def dir_scanner() end end - def dump() + def assembly(string, timing, ipv6) + # Define hidden flag + mac_vendor = [ "006017", "006018", "006019", "00601A", "00601B", "00601C", "00601D", "00601E", "00601F", "006020", "006021", "006022", "006023", "006024", "006025", "006026" ] + sys "nmap #{string} -O -T#{timing} #{$target} --spoof-mac #{mac_vendor[rand(0..15)]} --data-length #{rand(2..256)} --max-retries 10 --mtu 1024 --host-timeout 30 --ttl 60 -f #{rand(1..6)} #{ipv6 != nil ? '-6' : ''}" + end - def silent() + def exec(list) + for opt in list + prYellow "[EXEC]: #{opt[1]}" + cmd = assembly(opt[0]) + cmd == true ? prGreen("[SYS_COMMAND]: Done") : prRed("[COMMAND_ERROR]: Fail") + end end + + def simple_scan(props) + + alone = [ + ["-sL", "List Scan - simply list targets to scan"], + ["-sP", "Ping Scan - go no further than determining if host is online"], + ] + + default = [ + ["-sS -sV", "TCP SYN"], + ["-sU -sV", "UDP Scan"], + ] + + icmp_echo = [ + ["-sS -sV -PE", "TCP SYN + ICMP echo discovery probes"], + ["-sU -sV -PE", "UDP Scan + ICMP echo discovery probes"], + ["-sA -sV -PE", "ACK + ICMP echo discovery probes"], + ] + + port_list = [ + ["-sS", "TCP SYN + [portlist]: TCP SYN discovery probes to given ports"], + ["-sA", "ACK + [portlist]: TCP ACK discovery probes to given ports"], + ["-sU", "UDP Scan + [portlist]: TCP UDP discovery probes to given ports"], + ] + + special = [ + ["-sT -sV", "Connect()"], + ["-sW -sV", "Window"], + ["-sM -sV", "Maimon scans"], + ["-sN -sV", "TCP Null"], + ["-sF -sV", "FIN"], + ["-sX -sV", "Xmas scans"] + ] + + case props + when 'alone' + exec(alone) + when 'default' + exec(default) + when 'icmp_echo' + exec(icmp_echo) + when 'port_list' + exec(port_list) + when 'special' + exec(special) + + + end end diff --git a/modules/install.rb b/modules/install.rb new file mode 100644 index 00000000..d2696e90 --- /dev/null +++ b/modules/install.rb @@ -0,0 +1,22 @@ +#------------------------------------------------------------- +# +# Linux Evil Toolkit +# +# By v0id +# +# +#------------------------------------------------------------- + +module Install + + def fedora_linux() + prCyan "#{$line}Install dependences on Fedora Linux" + cmd = sys("dnf group install 'security lab' -y") + cmd == true ? prYellow("Dependences instaled") : prRed("[SYSTEM_ERROR]: dnf error") + end + + def arch_linux() + # Nothing + end + +end \ No newline at end of file diff --git a/modules/interpreter.rb b/modules/interpreter.rb index 956cc2b3..f2dc4bb9 100644 --- a/modules/interpreter.rb +++ b/modules/interpreter.rb @@ -33,8 +33,8 @@ def interpreter(props) Engine.extract() when "compress" Engine.compress() - when "portscanner" - Engine.port_scanner() + when "simple_map" + Engine.simple_map() when "search" Engine.search() when "status" @@ -55,8 +55,6 @@ def interpreter(props) Visual.linux_folders() when "linuxutil" Visual.linux_util() - when "automap" - Automap.less_boring() when "test" Test.debug_all() else