#!/usr/bin/env python
import sqlite3, re, subprocess, time, cgi
import pandas as pd
from Config import *
def replace_tabs(s):
s = s.replace("\t", " ")
return s
def graphviz():
GV = """
digraph "PoshC2" {
subgraph proxy {
node [color=white, fontcolor=red, fontsize=15, shapefile="/opt/PoshC2_Python/Files/firewall.png"];
"POSHSERVER";
}
subgraph implant {
node [color=white, fontcolor=white, fontsize=15, shapefile="/opt/PoshC2_Python/Files/implant.png"];
IMPLANTHOSTS
}
subgraph daisy {
node [color=white, fontcolor=white, fontsize=15, shapefile="/opt/PoshC2_Python/Files/implant.png"];
DAISYHOSTS
}
}
"""
ServerTAG = "\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nPoshC2 Server\\n%s" % HostnameIP
GV = GV.replace("POSHSERVER",ServerTAG)
implants = get_implants_all_db()
hosts = ""
daisyhosts = ""
for i in implants:
if "Daisy" not in i[15]:
if i[3] not in hosts:
hostname = i[11].replace("\\","\\\\")
hosts += "\"%s\" -> \"%s \\n %s\\n\\n\\n\\n \"; \n" % (ServerTAG,hostname,i[3])
for i in implants:
if "Daisy" in i[15]:
hostname = i[11].replace("\\","\\\\")
if "\"%s\\n\\n\\n\\n \" -> \"%s \\n %s\\n\\n\\n\\n \"; \n" % (i[9].replace('\x00','').replace("\\","\\\\").replace('@',' \\n '),hostname,i[3]) not in daisyhosts:
daisyhosts += "\"%s\\n\\n\\n\\n \" -> \"%s \\n %s\\n\\n\\n\\n \"; \n" % (i[9].replace('\x00','').replace("\\","\\\\").replace('@',' \\n '),hostname,i[3])
GV = GV.replace("DAISYHOSTS",daisyhosts)
GV = GV.replace("IMPLANTHOSTS",hosts)
output_file = open("%sPoshC2_Python.dot" % ReportsDirectory, 'w')
output_file.write("%s" % GV.encode('utf-8'))
output_file.close()
subprocess.check_output("dot -T png -o %sPoshC2_Python.png %sPoshC2_Python.dot" % (ReportsDirectory,ReportsDirectory), shell=True)
print ""
print "GraphViz Generated PoshC2_Python.png"
time.sleep(1)
def get_implants_all_db():
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM Implants")
result = c.fetchall()
if result:
return result
else:
return None
def get_htmlimplant( randomuri ):
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM Implants WHERE RandomURI=?",(randomuri,))
result = c.fetchone()
if result:
return result
else:
return None
def generate_table(table):
HTMLPre = """
__________ .__. _________ ________
\_______ \____ _____| |__ \_ ___ \ \_____ \\
| ___/ _ \/ ___/ | \ / \ \/ / ____/
| | ( <_> )___ \| Y \ \ \____/ \\
|____| \____/____ >___| / \______ /\_______ \\
\/ \/ \/ \/
================== www.PoshC2.co.uk ===============
"""
if table == "Tasks":
HTMLPre += """
"""
if table == "Implants":
HTMLPre += """
"""
conn = sqlite3.connect(Database)
pd.set_option('display.max_colwidth', -1)
pd.options.mode.chained_assignment = None
frame = pd.read_sql_query("SELECT * FROM %s" % table, conn)
# encode the Output column
if table == "Tasks":
for index, row in frame.iterrows():
frame.loc[index, "Command"] = replace_tabs(cgi.escape(row["Command"]))
frame.loc[index, "Output"] = replace_tabs(cgi.escape(row["Output"]))
# convert the random uri to original hostname
if table == "Tasks":
framelen = frame['RandomURI'].count()
for x in range(0, framelen):
try:
if (len(frame['Output'][x]) > 1000032):
print "[-] Truncating output as this row is over 10mb:"
print frame['Command'][x]
frame['Output'][x] = "Truncated"
frame['RandomURI'][x]
a = get_htmlimplant(str(frame['RandomURI'][x]))
frame['RandomURI'][x] = a[11] + "\\" + a[2] + " @ " + a[3]
except Exception as e:
print e
a = "None"
csvreportname = "%s%s.csv" % (ReportsDirectory,table)
output_csv = open(csvreportname, 'w')
CSV = (frame.to_csv(index=False,encoding = 'utf-8').replace("\\r\\n",""))
output_csv.write(CSV)
output_csv.close()
print csvreportname
reportname = "%s%s.html" % (ReportsDirectory,table)
output_file = open(reportname, 'w')
HTMLPost = (frame.to_html(classes='table',index=False,escape=True)).replace("\\r\\n","")
HTMLPost = HTMLPost.replace("\\n","")
HTMLPost = re.sub(u'\x00', '', HTMLPost)
HTMLPost = HTMLPost.replace(" "," | ")
HTMLPost = HTMLPost.replace(" | ","
")
HTMLPost = HTMLPost.replace("","")
HTMLPost = HTMLPost.replace("| CompletedTaskID | ","ID | ")
HTMLPost = HTMLPost.replace("ID | ","ID | ")
HTMLPost = HTMLPost.replace("Label | ","Label | ")
HTMLPost = HTMLPost.replace("TaskID | ","TaskID | ")
HTMLPost = HTMLPost.replace("RandomURI | ","Context | ")
HTMLPost = HTMLPost.replace("Command | ","Command | ")
HTMLPost = HTMLPost.replace("Output | ","Output | ")
HTMLPost = HTMLPost.replace("User | ","User | ")
HTMLPost = HTMLPost.replace("ImplantID | ","ImplantID | ")
HTMLPost = HTMLPost.replace("User | ","User | ")
HTMLPost = HTMLPost.replace("Hostname | ","Hostname | ")
HTMLPost = HTMLPost.replace("IpAddress | ","IpAddress | ")
HTMLPost = HTMLPost.replace("Key | ","Key | ")
HTMLPost = HTMLPost.replace("FirstSeen | ","FirstSeen | ")
HTMLPost = HTMLPost.replace("LastSeen | ","LastSeen | ")
HTMLPost = HTMLPost.replace("PID | ","PID | ")
HTMLPost = HTMLPost.replace("Proxy | ","Proxy | ")
HTMLPost = HTMLPost.replace("Arch | ","Arch | ")
HTMLPost = HTMLPost.replace("Domain | ","Domain | ")
HTMLPost = HTMLPost.replace("Alive | ","Alive | ")
HTMLPost = HTMLPost.replace("Sleep | ","Sleep | ")
HTMLPost = HTMLPost.replace("ModsLoaded | ","ModsLoaded | ")
HTMLPost = HTMLPost.replace("Pivot | ","Pivot | ")
HTMLPost = HTMLPost + """
"""
output_file.write("%s%s" % (HTMLPre.encode('utf-8'),HTMLPost.encode('utf-8')))
output_file.close()
print reportname