-
-
Notifications
You must be signed in to change notification settings - Fork 81
/
lolbas.py
87 lines (61 loc) · 2.31 KB
/
lolbas.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
import requests
import yaml
from bs4 import BeautifulSoup
from tabulate import tabulate
from utils import colors
URL = "https://lolbas-project.github.io/"
RAW_URL = "https://raw.githubusercontent.com/LOLBAS-Project/LOLBAS-Project.github.io/master/_lolbas/"
def get_exe():
"""Get a dictionary of all the binaries.
The format of the dictionary is:
{'name of the binary': 'url to the binary'}
"""
exe = dict()
r = requests.get(URL)
soup = BeautifulSoup(r.text, 'lxml')
tds = soup.find_all('a', class_='bin-name')
for i in tds:
exe[i.text] = i['href'][8:][:-1]
return exe
def list_exe():
"""Display list of all the executables
"""
exe = get_exe()
def table(A, n=7): return [A[i:i+n] for i in range(0, len(A), n)]
tab = table(list(exe.keys()))
print(tabulate(tab, tablefmt="fancy_grid"))
def parse(data):
"""Parse and print the commands
The yml file contains the following fields: Description, Command,
Category, Privileges, OperatingSystem, UseCase, MitreID, MItreLink.
If any more data has to be printed then we can just do that.
For easy reference see the following yml file: RAW_URL/Libraries/Ieadvpack.md
Arguments:
data {list} -- list of dictionary having everything a command
yml file contains
"""
# TODO: Figure out a way to improve this printing
cmd = data['Commands']
for c in cmd:
print("# " + colors(c['Description'], 93) + "\n")
print("CMD:\t\t" + colors(c["Command"], 92))
print("Category:\t" + colors(c["Category"], 91))
print("Privileges:\t" + colors(c["Privileges"], 91))
print("\n")
def lolbas(name: str):
"""Search binaries from LOLBAS within command line
Arguments:
name {[type]} -- Name of the exe to get info about
Keyword Arguments:
cmd {str} -- get only the code section (default: {False})
"""
exes = get_exe()
if name in exes.keys():
url = RAW_URL + exes[name] + '.md'
r = requests.get(url).text
data = list(yaml.load_all(r, Loader=yaml.SafeLoader))[0]
parse(data)
else:
print(colors("[!] Binary not found on LOLBAS", 91))
#TODO: Match user input and make suggestion for search
print(colors("[!] Make sure to provide name with proper extension", 91))