infosecn1nja
/
PoshC2_Python
mirror of https://github.com/infosecn1nja/PoshC2_Python.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add fpc script for searching DB for commands or output

temp
m0rv4i 2019-04-08 17:14:56 +01:00
parent 423fe08c8c
commit e3aeae9646
4 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Files/fpc Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
python3 /usr/bin/fpc.py $@

24
Files/fpc.py Executable file
View File

@ -0,0 +1,24 @@
#!/usr/bin/env python
import sys, argparse, sqlite3, os, pandas
def create_arg_parser():
parser = argparse.ArgumentParser(description='Search for a PoshC2 Command Output')
parser.add_argument("-p", "--project", help='The PoshC2 project dir', default = '/opt/PoshC2_Project')
parser.add_argument("-c", "--command", help='The command to search for', default = '%')
parser.add_argument("-u", "--user", help='The user to filter on', default = '%')
parser.add_argument("-o", "--output", help='The output to search for', default = '%')
return parser
def main():
args = create_arg_parser().parse_args()
if args.command == '%' and args.output == '%':
print("[-] A minimum of a --command or --output search term must be specified")
sys.exit(1)
conn = sqlite3.connect(os.path.join(args.project, 'PowershellC2.SQLite'))
with pandas.option_context('display.max_rows', None, 'display.max_columns', None, 'display.max_colwidth', -1):
print (str(pandas.read_sql_query("SELECT Command,Output from Tasks where User like '%s' and Command like '%%%s%%' and Output like '%%%s%%'" % (args.user, args.command, args.output), conn)).replace('\\r', '\r').replace('\\n', '\n'))
if __name__ == '__main__':
main()

7
Install.sh
View File

@ -57,6 +57,13 @@ echo ""
pip install --upgrade pip
python -m pip install -r /opt/PoshC2_Python/requirements.txt
echo ""
echo "[+] Copying useful scripts to /usr/bin"
cp files/fpc /usr/bin
cp files/fpc.py /usr/bin
chmod +x /usr/bin/fpc
chmod +x /usr/bin/fpc.py
echo ""
echo "[+] Setup complete"
echo ""

1
changelog.txt
View File

@ -13,6 +13,7 @@ Add base64 encoded versions of the shellcode to the payloads directory
Add a configurable jitter to all implants
Update the notifications config if it is changed in the Config.py
Add NotificationsProjectName in Config.py which is displayed in notifications message
Add fpc script which searches the Posh DB for a particular command
4.8 (13/02/19)
==============