NetExec/cme/cli.py

import argparse
import sys
from argparse import RawTextHelpFormatter
from cme.loaders.protocol_loader import protocol_loader
from cme.helpers.logger import highlight
from termcolor import colored

def gen_cli_args():

    VERSION  = '5.2.2dev'
    CODENAME = "The Dark Knight"

    p_loader =  protocol_loader()
    protocols = p_loader.get_protocols()

    parser = argparse.ArgumentParser(description=f"""
      ______ .______           ___        ______  __  ___ .___  ___.      ___      .______    _______ ___   ___  _______   ______
     /      ||   _  \         /   \      /      ||  |/  / |   \/   |     /   \     |   _  \  |   ____|\  \ /  / |   ____| /      |
    |  ,----'|  |_)  |       /  ^  \    |  ,----'|  '  /  |  \  /  |    /  ^  \    |  |_)  | |  |__    \  V  /  |  |__   |  ,----'
    |  |     |      /       /  /_\  \   |  |     |    <   |  |\/|  |   /  /_\  \   |   ___/  |   __|    >   <   |   __|  |  |
    |  `----.|  |\  \----. /  _____  \  |  `----.|  .  \  |  |  |  |  /  _____  \  |  |      |  |____  /  .  \  |  |____ |  `----.
     \______|| _| `._____|/__/     \__\  \______||__|\__\ |__|  |__| /__/     \__\ | _|      |_______|/__/ \__\ |_______| \______|

                                                A swiss army knife for pentesting networks
                                    Forged by @byt3bl33d3r and @mpgn_x64 using the powah of dank memes

                                           {colored("Exclusive release for Porchetta Industries users", "magenta")}

                                                   {highlight('Version', 'red')} : {highlight(VERSION)}
                                                   {highlight('Codename', 'red')}: {highlight(CODENAME)}
""",

    formatter_class=RawTextHelpFormatter)

    parser.add_argument("-t", type=int, dest="threads", default=100, help="set how many concurrent threads to use (default: 100)")
    parser.add_argument("--timeout", default=None, type=int, help='max timeout in seconds of each thread (default: None)')
    parser.add_argument("--jitter", metavar='INTERVAL', type=str, help='sets a random delay between each connection (default: None)')
    parser.add_argument("--darrell", action='store_true', help='give Darrell a hand')
    parser.add_argument("--verbose", action='store_true', help="enable verbose output")

    subparsers = parser.add_subparsers(title='protocols', dest='protocol', description='available protocols')

    std_parser = argparse.ArgumentParser(add_help=False)
    std_parser.add_argument("target", nargs='*', type=str, help="the target IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets, NMap XML or .Nessus file(s)")
    std_parser.add_argument('-id', metavar="CRED_ID", nargs='+', default=[], type=str, dest='cred_id', help='database credential ID(s) to use for authentication')
    std_parser.add_argument("-u", metavar="USERNAME", dest='username', nargs='+', default=[], help="username(s) or file(s) containing usernames")
    std_parser.add_argument("-p", metavar="PASSWORD", dest='password', nargs='+', default=[], help="password(s) or file(s) containing passwords")
    std_parser.add_argument("-k", "--kerberos", action='store_true', help="Use Kerberos authentication from ccache file (KRB5CCNAME)")
    std_parser.add_argument("--export", metavar="EXPORT", nargs='+', help="Export result into a file, probably buggy")
    std_parser.add_argument("--aesKey",  metavar="AESKEY", nargs='+', help="AES key to use for Kerberos Authentication (128 or 256 bits)")
    std_parser.add_argument("--kdcHost", metavar="KDCHOST", help="FQDN of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter")

    fail_group = std_parser.add_mutually_exclusive_group()
    fail_group.add_argument("--gfail-limit", metavar='LIMIT', type=int, help='max number of global failed login attempts')
    fail_group.add_argument("--ufail-limit", metavar='LIMIT', type=int, help='max number of failed login attempts per username')
    fail_group.add_argument("--fail-limit", metavar='LIMIT', type=int, help='max number of failed login attempts per host')

    module_parser = argparse.ArgumentParser(add_help=False)
    mgroup = module_parser.add_mutually_exclusive_group()
    mgroup.add_argument("-M", "--module", metavar='MODULE', help='module to use')
    #mgroup.add_argument('-MC','--module-chain', metavar='CHAIN_COMMAND', help='Payload module chain command string to run')
    module_parser.add_argument('-o', metavar='MODULE_OPTION', nargs='+', default=[], dest='module_options', help='module options')
    module_parser.add_argument('-L', '--list-modules', action='store_true', help='list available modules')
    module_parser.add_argument('--options', dest='show_module_options', action='store_true', help='display module options')
    module_parser.add_argument("--server", choices={'http', 'https'}, default='https', help='use the selected server (default: https)')
    module_parser.add_argument("--server-host", type=str, default='0.0.0.0', metavar='HOST', help='IP to bind the server to (default: 0.0.0.0)')
    module_parser.add_argument("--server-port", metavar='PORT', type=int, help='start the server on the specified port')
    module_parser.add_argument("--connectback-host", type=str, metavar='CHOST', help='IP for the remote system to connect back to (default: same as server-host)')

    for protocol in protocols.keys():
        protocol_object = p_loader.load_protocol(protocols[protocol]['path'])
        subparsers = getattr(protocol_object, protocol).proto_args(subparsers, std_parser, module_parser)

    if len(sys.argv) == 1:
        parser.print_help()
        sys.exit(1)

    args = parser.parse_args()

    return args
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`import argparse`
			`import sys`
			`from argparse import RawTextHelpFormatter`
			`from cme.loaders.protocol_loader import protocol_loader`
			`from cme.helpers.logger import highlight`
Modified banner 2020-11-16 20:21:41 +00:00			`from termcolor import colored`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00
			`def gen_cli_args():`

Bump to version 5.2.2 The Dark Knight 2021-11-21 17:14:22 +00:00			`VERSION = '5.2.2dev'`
			`CODENAME = "The Dark Knight"`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00
			`p_loader = protocol_loader()`
			`protocols = p_loader.get_protocols()`

Modified banner 2020-11-16 20:21:41 +00:00			`parser = argparse.ArgumentParser(description=f"""`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`______ .______ ___ ______ __ ___ .___ ___. ___ .______ _______ ___ ___ _______ ______`
			`/ \|\| _ \ / \ / \|\| \|/ / \| \/ \| / \ \| _ \ \| ____\|\ \ / / \| ____\| / \|`
			`\| ,----'\| \|_) \| / ^ \ \| ,----'\| ' / \| \ / \| / ^ \ \| \|_) \| \| \|__ \ V / \| \|__ \| ,----'`
			`\| \| \| / / /_\ \ \| \| \| < \| \|\/\| \| / /_\ \ \| ___/ \| __\| > < \| __\| \| \|`
			\| `----.\| \|\ \----. / _____ \ \| `----.\| . \ \| \| \| \| / _____ \ \| \| \| \|____ / . \ \| \|____ \| `----.
			\______\|\| _\| `._____\|/__/ \__\ \______\|\|__\|\__\ \|__\| \|__\| /__/ \__\ \| _\| \|_______\|/__/ \__\ \|_______\| \______\|

Bump CME to version 5.2.0 2021-09-19 14:23:26 +00:00			`A swiss army knife for pentesting networks`
			`Forged by @byt3bl33d3r and @mpgn_x64 using the powah of dank memes`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00
Bump CME to version 5.2.0 2021-09-19 14:23:26 +00:00			`{colored("Exclusive release for Porchetta Industries users", "magenta")}`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00
Bump CME to version 5.2.0 2021-09-19 14:23:26 +00:00			`{highlight('Version', 'red')} : {highlight(VERSION)}`
Modified banner 2020-11-16 20:21:41 +00:00			`{highlight('Codename', 'red')}: {highlight(CODENAME)}`
			`""",`

			`formatter_class=RawTextHelpFormatter)`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00
Initial 4.0 pre-release 2017-03-27 21:09:36 +00:00			`parser.add_argument("-t", type=int, dest="threads", default=100, help="set how many concurrent threads to use (default: 100)")`
Re-added most of the SMB protocol functionality - Added new module gpp_decrypt - Cleaned up the SMB spider as much as possible - --wmi now uses pywerview - Re-added the http protocol 2017-04-05 15:07:00 +00:00			`parser.add_argument("--timeout", default=None, type=int, help='max timeout in seconds of each thread (default: None)')`
			`parser.add_argument("--jitter", metavar='INTERVAL', type=str, help='sets a random delay between each connection (default: None)')`
Initial 4.0 pre-release 2017-03-27 21:09:36 +00:00			`parser.add_argument("--darrell", action='store_true', help='give Darrell a hand')`
			`parser.add_argument("--verbose", action='store_true', help="enable verbose output")`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00
Initial 4.0 pre-release 2017-03-27 21:09:36 +00:00			`subparsers = parser.add_subparsers(title='protocols', dest='protocol', description='available protocols')`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00
			`std_parser = argparse.ArgumentParser(add_help=False)`
Added WINRM support, NMap XML and .Nessus parsing - Added the WINRM protocol, CME now supports executing commands through WinRM (Powershell Remoting) - Added support for NMap XML and .Nessus files if given as targets - Fixed a bug in the MSSQL protocol which caused it to not retrieve host info - Version Bump 2017-10-25 02:08:19 +00:00			`std_parser.add_argument("target", nargs='*', type=str, help="the target IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets, NMap XML or .Nessus file(s)")`
Initial 4.0 pre-release 2017-03-27 21:09:36 +00:00			`std_parser.add_argument('-id', metavar="CRED_ID", nargs='+', default=[], type=str, dest='cred_id', help='database credential ID(s) to use for authentication')`
			`std_parser.add_argument("-u", metavar="USERNAME", dest='username', nargs='+', default=[], help="username(s) or file(s) containing usernames")`
			`std_parser.add_argument("-p", metavar="PASSWORD", dest='password', nargs='+', default=[], help="password(s) or file(s) containing passwords")`
Adding Kerberos support for CME #22 TODO - aeskey - dc-ip - checkifadmin() 2020-05-03 18:30:41 +00:00			`std_parser.add_argument("-k", "--kerberos", action='store_true', help="Use Kerberos authentication from ccache file (KRB5CCNAME)")`
Fix and add a lot, check commit message Update LDAP proto: - can fetch a LDAP domain from an account from another domain (trust relation between forest) - fix sizeLimit to unlimited on LDAP queries - fix little mistake in LDAP modules Update SMB proto: - fix users function when DC is vulnerable to NULL SESSION - add SAMRPC function to fetch users on the domain - add option --computers to fetch all computers Update CLI - add function export, but it's not tested 2021-06-24 18:37:54 +00:00			`std_parser.add_argument("--export", metavar="EXPORT", nargs='+', help="Export result into a file, probably buggy")`
Add kerberoasting and asrepoast attack with LDAP protocol 2020-06-19 13:20:22 +00:00			`std_parser.add_argument("--aesKey", metavar="AESKEY", nargs='+', help="AES key to use for Kerberos Authentication (128 or 256 bits)")`
Improve LDAP protocol - improve authentification status error - check if user is on a juicy group 2021-07-02 08:50:41 +00:00			`std_parser.add_argument("--kdcHost", metavar="KDCHOST", help="FQDN of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter")`
Add support kerberos aesKey and kdcHost #22 add lssasy module kerberos support add error when not credential foud on lsassy module #368 2020-05-04 17:22:10 +00:00
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`fail_group = std_parser.add_mutually_exclusive_group()`
Initial 4.0 pre-release 2017-03-27 21:09:36 +00:00			`fail_group.add_argument("--gfail-limit", metavar='LIMIT', type=int, help='max number of global failed login attempts')`
			`fail_group.add_argument("--ufail-limit", metavar='LIMIT', type=int, help='max number of failed login attempts per username')`
			`fail_group.add_argument("--fail-limit", metavar='LIMIT', type=int, help='max number of failed login attempts per host')`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00
			`module_parser = argparse.ArgumentParser(add_help=False)`
			`mgroup = module_parser.add_mutually_exclusive_group()`
Re-wrote the HTTP protocol to use splinter and phantomjs - All http connections are now concurrent - Added a flag to take screenshots of webpages - Minor Code cleanup 2017-04-30 18:54:35 +00:00			`mgroup.add_argument("-M", "--module", metavar='MODULE', help='module to use')`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`#mgroup.add_argument('-MC','--module-chain', metavar='CHAIN_COMMAND', help='Payload module chain command string to run')`
Re-wrote the HTTP protocol to use splinter and phantomjs - All http connections are now concurrent - Added a flag to take screenshots of webpages - Minor Code cleanup 2017-04-30 18:54:35 +00:00			`module_parser.add_argument('-o', metavar='MODULE_OPTION', nargs='+', default=[], dest='module_options', help='module options')`
Initial 4.0 pre-release 2017-03-27 21:09:36 +00:00			`module_parser.add_argument('-L', '--list-modules', action='store_true', help='list available modules')`
			`module_parser.add_argument('--options', dest='show_module_options', action='store_true', help='display module options')`
			`module_parser.add_argument("--server", choices={'http', 'https'}, default='https', help='use the selected server (default: https)')`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`module_parser.add_argument("--server-host", type=str, default='0.0.0.0', metavar='HOST', help='IP to bind the server to (default: 0.0.0.0)')`
Initial 4.0 pre-release 2017-03-27 21:09:36 +00:00			`module_parser.add_argument("--server-port", metavar='PORT', type=int, help='start the server on the specified port')`
Add option --connectback-host for module to bypass NAT network 2021-11-17 13:02:06 +00:00			`module_parser.add_argument("--connectback-host", type=str, metavar='CHOST', help='IP for the remote system to connect back to (default: same as server-host)')`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00
			`for protocol in protocols.keys():`
			`protocol_object = p_loader.load_protocol(protocols[protocol]['path'])`
			`subparsers = getattr(protocol_object, protocol).proto_args(subparsers, std_parser, module_parser)`

			`if len(sys.argv) == 1:`
			`parser.print_help()`
			`sys.exit(1)`

			`args = parser.parse_args()`

			`return args`