diff --git a/lib/common/helpers.py b/lib/common/helpers.py index ed7bd56..2322a97 100644 --- a/lib/common/helpers.py +++ b/lib/common/helpers.py @@ -173,7 +173,6 @@ def strip_python_comments(data): Strip block comments, line comments, empty lines, verbose statements, and debug statements from a Python source file. """ - # TODO: implement pyminifier functionality print color("[!] strip_python_comments is deprecated and should not be used") lines = data.split("\n") strippedLines = [line for line in lines if ((not line.strip().startswith("#")) and (line.strip() != ''))] @@ -547,7 +546,7 @@ def get_config(fields): conn.isolation_level = None cur = conn.cursor() - + # Check if there is a new field not in the database columns = [i[1] for i in cur.execute('PRAGMA table_info(config)')] for field in fields.split(','): diff --git a/lib/common/obfuscation.py b/lib/common/obfuscation.py new file mode 100644 index 0000000..a6fa88d --- /dev/null +++ b/lib/common/obfuscation.py @@ -0,0 +1,52 @@ +""" Contains methods to encrypt, obfuscate, minify, etc. source code, either +Python or Powershell, for use in agents, stagers, etc. + +In essence: you should be able to put Python or Powershell code strings into +any function in this file, and get back a string which has the same +functionality but different meta-characteristics (no comments, shorter length, +better evasion, etc.) +""" + +from pyminifier import token_utils as py_tokenizer +from pyminifier import minification as py_minifier +from pyminifier import obfuscate as py_obfuscator + +################################################################################ +# +# Python Encryption/Obfuscation/Minification/Etc. +# +################################################################################ + +class PyminifierOptions(object): + """ + Irritating options "struct" needed for pyminifier. + See: https://liftoff.github.io/pyminifier/_modules/pyminifier/minification.html#minify + """ + tabs = False + +def py_minify(code): + """ + minifies a string (of python code) passed + see: https://liftoff.github.io/pyminifier/_modules/pyminifier/minification.html#minify + """ + tokenized = py_tokenizer.listified_tokenizer(code) + + options = PyminifierOptions() + minified = py_minifier.minify(tokenized, options) + return minified + +# TODO py_obfuscate fails with the following: +# File "/usr/lib/python2.7/site-packages/pyminifier/obfuscate.py", line 92, in apply_obfuscation +# tokens, obfuscate_variable, variable, name_generator) +# TypeError: replace_obfuscatables() takes at least 5 arguments (4 given) + +# def py_obfuscate(code): +# py_obfuscator.name_generator = py_obfuscator.obfuscation_machine(identifier_length=1) +# return py_obfuscator.apply_obfuscation(code) + + +################################################################################ +# +# Powershell Encryption/Obfuscation/Minification/Etc. +# +################################################################################ diff --git a/lib/listeners/dbx.py b/lib/listeners/dbx.py index 740fafb..3395515 100755 --- a/lib/listeners/dbx.py +++ b/lib/listeners/dbx.py @@ -15,6 +15,7 @@ from lib.common import encryption from lib.common import packets from lib.common import messages from lib.common import templating +from lib.common import obfuscation class Listener: @@ -443,7 +444,7 @@ class Listener: } stager = template.render(template_options) - # TODO compress, minify, etc. with https://liftoff.github.io/pyminifier/ + stager = obfuscation.py_minify(stager) if encode: return base64.b64encode(stager) diff --git a/lib/listeners/http.py b/lib/listeners/http.py index 54109ac..35526f7 100644 --- a/lib/listeners/http.py +++ b/lib/listeners/http.py @@ -15,6 +15,7 @@ from lib.common import encryption from lib.common import packets from lib.common import messages from lib.common import templating +from lib.common import obfuscation class Listener: @@ -534,7 +535,7 @@ class Listener: } stager = template.render(template_options) - # TODO compress, minify, etc. with https://liftoff.github.io/pyminifier/ + stager = obfuscation.py_minify(stager) # base64 encode the stager and return it if encode: @@ -827,7 +828,7 @@ def send_message(packets=None): return launcher else: return make_response(self.default_response(), 200) - + @app.before_request def check_ip(): """ diff --git a/setup/requirements.txt b/setup/requirements.txt index eeabfc8..cfda6d3 100644 --- a/setup/requirements.txt +++ b/setup/requirements.txt @@ -12,3 +12,4 @@ netifaces M2Crypto jinja2 cryptography +pyminifier==2.1