#!/usr/bin/env python import sqlite3, re, subprocess, time import pandas as pd from Config import * def graphviz(): GV = """ digraph "PoshC2" { subgraph proxy { node [color=white, fontcolor=red, fontsize=15, shapefile="/opt/PoshC2_Python/Files/firewall.png"]; "POSHSERVER"; } subgraph implant { node [color=white, fontcolor=white, fontsize=15, shapefile="/opt/PoshC2_Python/Files/implant.png"]; IMPLANTHOSTS } subgraph daisy { node [color=white, fontcolor=white, fontsize=15, shapefile="/opt/PoshC2_Python/Files/implant.png"]; DAISYHOSTS } } """ ServerTAG = "\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nPoshC2 Server\\n%s" % HostnameIP GV = GV.replace("POSHSERVER",ServerTAG) implants = get_implants_all_db() hosts = "" daisyhosts = "" for i in implants: if "Daisy" not in i[15]: if i[3] not in hosts: hostname = i[11].replace("\\","\\\\") hosts += "\"%s\" -> \"%s \\n %s\\n\\n\\n\\n \"; \n" % (ServerTAG,hostname,i[3]) for i in implants: if "Daisy" in i[15]: hostname = i[11].replace("\\","\\\\") if "\"%s\\n\\n\\n\\n \" -> \"%s \\n %s\\n\\n\\n\\n \"; \n" % (i[9].replace('\x00','').replace("\\","\\\\").replace('@',' \\n '),hostname,i[3]) not in daisyhosts: daisyhosts += "\"%s\\n\\n\\n\\n \" -> \"%s \\n %s\\n\\n\\n\\n \"; \n" % (i[9].replace('\x00','').replace("\\","\\\\").replace('@',' \\n '),hostname,i[3]) GV = GV.replace("DAISYHOSTS",daisyhosts) GV = GV.replace("IMPLANTHOSTS",hosts) output_file = open("%sPoshC2_Python.dot" % ReportsDirectory, 'w') output_file.write("%s" % GV.encode('utf-8')) output_file.close() subprocess.check_output("dot -T png -o %sPoshC2_Python.png %sPoshC2_Python.dot" % (ReportsDirectory,ReportsDirectory), shell=True) print "" print "GraphViz Generated PoshC2_Python.png" time.sleep(1) def get_implants_all_db(): conn = sqlite3.connect(DB) conn.row_factory = sqlite3.Row c = conn.cursor() c.execute("SELECT * FROM Implants") result = c.fetchall() if result: return result else: return None def get_htmlimplant( randomuri ): conn = sqlite3.connect(DB) conn.row_factory = sqlite3.Row c = conn.cursor() c.execute("SELECT * FROM Implants WHERE RandomURI=?",(randomuri,)) result = c.fetchone() if result: return result else: return None def generate_table(table): HTMLPre = """
__________ .__. _________ ________ \_______ \____ _____| |__ \_ ___ \ \_____ \ | ___/ _ \/ ___/ | \ / \ \/ / ____/ | | ( <_> )___ \| Y \ \ \____/ \ |____| \____/____ >___| / \______ /\_______ \/ \/ \/ \/ =============== v4.0 www.PoshC2.co.uk =============""" if table == "CompletedTasks": HTMLPre += """ """ conn = sqlite3.connect(DB) pd.set_option('display.max_colwidth', -1) pd.options.mode.chained_assignment = None frame = pd.read_sql_query("SELECT * FROM %s" % table, conn) if table == "CompletedTasks": framelen = frame['RandomURI'].count() for x in range(0, framelen): try: frame['RandomURI'][x] a = get_htmlimplant(str(frame['RandomURI'][x])) frame['RandomURI'][x] = a[3], a[11] except Exception as e: print e a = "None" reportname = "%s%s.html" % (ReportsDirectory,table) output_file = open(reportname, 'w') HTMLPost = (frame.to_html(classes='table',index=False,escape=False)).replace("\\r\\n","") HTMLPost = HTMLPost.replace("\\n","") HTMLPost = re.sub(u'\x00', '', HTMLPost) HTMLPost = HTMLPost.replace("
CompletedTaskID | ","ID | ") HTMLPost = HTMLPost.replace("ID | ","ID | ") HTMLPost = HTMLPost.replace("TaskID | ","TaskID | ") HTMLPost = HTMLPost.replace("RandomURI | ","RandomURI | ") HTMLPost = HTMLPost.replace("Command | ","Command | ") HTMLPost = HTMLPost.replace("Output | ","Output | ") HTMLPost = HTMLPost.replace("Prompt | ","Prompt | ") HTMLPost = HTMLPost + """ """ output_file.write("%s%s" % (HTMLPre.encode('utf-8'),HTMLPost.encode('utf-8'))) output_file.close() print reportname
---|