epilog='There\'s been an awakening... have you felt it?')
parser.add_argument("-t",type=int,dest="threads",default=10,help="Set how many concurrent threads to use (defaults to 10)")
parser.add_argument("-u",metavar="USERNAME",dest='user',type=str,default=None,help="Username(s) or file containing usernames")
parser.add_argument("-p",metavar="PASSWORD",dest='passwd',type=str,default=None,help="Password(s) or file containing passwords")
parser.add_argument("-H",metavar="HASH",dest='hash',type=str,default=None,help='NTLM hash(es) or file containing NTLM hashes')
parser.add_argument("-C",metavar="COMBO_FILE",dest='combo_file',type=str,default=None,help="Combo file containing a list of domain\\username:password or username:password entries")
parser.add_argument('-k',action="store",dest='aesKey',metavar="HEX_KEY",help='AES key to use for Kerberos Authentication (128 or 256 bits)')
parser.add_argument("-s",metavar="SHARE",dest='share',default="C$",help="Specify a share (default: C$)")
parser.add_argument('--kerb',action="store_true",dest='kerb',help='Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based on target parameters')
parser.add_argument("--port",dest='port',type=int,choices={139,445},default=445,help="SMB port (default: 445)")
parser.add_argument("--server",choices={'http','https','smb'},default='http',help='Use the selected server (defaults to http)')
#parser.add_argument("--server-port", type=int, help='Start the server on the specified port')
parser.add_argument("target",nargs=1,type=str,help="The target range, CIDR identifier or file containing targets")
rgroup=parser.add_argument_group("Credential Gathering","Options for gathering credentials")
rgroup.add_argument("--sam",action='store_true',help='Dump SAM hashes from target systems')
rgroup.add_argument("--mimikatz",action='store_true',help='Run Invoke-Mimikatz (sekurlsa::logonpasswords) on target systems')
rgroup.add_argument("--mimikatz-cmd",metavar='MIMIKATZ_CMD',dest='mimi_cmd',help='Run Invoke-Mimikatz with the specified command')
rgroup.add_argument("--ntds",choices={'vss','drsuapi','ninja'},help="Dump the NTDS.dit from target DCs using the specifed method\n(drsuapi is the fastest)")
rgroup.add_argument("--enable-wdigest",action='store_true',help="Creates the 'UseLogonCredential' registry key enabling WDigest cred dumping on Windows 8.1")
rgroup.add_argument("--disable-wdigest",action='store_true',help="Deletes the 'UseLogonCredential' registry key")
egroup=parser.add_argument_group("Mapping/Enumeration","Options for Mapping/Enumerating")
cgroup=parser.add_argument_group("Command Execution","Options for executing commands")
cgroup.add_argument('--execm',choices={"wmi","smbexec","atexec","psexec"},default="wmi",help="Method to execute the command (default: wmi)")
cgroup.add_argument('--force-ps32',action='store_true',dest='force_ps32',help='Force all PowerShell code/commands to run in a 32bit process')
cgroup.add_argument("-x",metavar="COMMAND",dest='command',help="Execute the specified command")
cgroup.add_argument("-X",metavar="PS_COMMAND",dest='pscommand',help='Excute the specified powershell command')
xgroup=parser.add_argument_group("Shellcode/EXE/DLL/Meterpreter Injection","Options for injecting Shellcode/EXE/DLL/Meterpreter in memory using PowerShell")
xgroup.add_argument("--inject",choices={'shellcode','exe','dll','met_reverse_https','met_reverse_http'},help='Inject Shellcode, EXE, DLL or Meterpreter')
xgroup.add_argument("--path",type=str,help='Path to the Shellcode/EXE/DLL you want to inject on the target systems (ignored if injecting Meterpreter)')
xgroup.add_argument('--procid',type=int,help='Process ID to inject the Shellcode/EXE/DLL/Meterpreter into (if omitted, will inject within the running PowerShell process)')
xgroup.add_argument("--exeargs",type=str,help='Arguments to pass to the EXE being reflectively loaded (ignored if not injecting an EXE)')
xgroup.add_argument("--met-options",nargs=2,metavar=('LHOST','LPORT'),dest='met_options',help='Meterpreter options (ignored if not injecting Meterpreter)')
bgroup=parser.add_argument_group("Filesystem Interaction","Options for interacting with filesystems")
bgroup.add_argument("--list",metavar='PATH',nargs='?',const='.',type=str,help='List contents of a directory (defaults to top level directory)')
bgroup.add_argument("--download",metavar="PATH",help="Download a file from the remote systems")
bgroup.add_argument("--upload",nargs=2,metavar=('SRC','DST'),help="Upload a file to the remote systems")
bgroup.add_argument("--delete",metavar="PATH",help="Delete a remote file")
iflen(sys.argv)==1:
parser.print_help()
sys.exit(1)
args=parser.parse_args()
args.target=args.target[0]
patterns=[]
targets=[]
init_args(args)
ifargs.verbose:
setup_logger(args.target,DEBUG)
else:
setup_logger(args.target)
###################### Just a bunch of error checking to make sure everythings good to go ######################
ifargs.inject:
ifnotargs.inject.startswith('met_'):
ifnotargs.path:
print_error("You must specify a '--path' to the Shellcode/EXE/DLL to inject")