entysec / hatsploit Goto Github PK

Describe the bug
When i start hsf and use command use + double tabs, it shows all files in current folder. It suppose to suggest all modules instead

To Reproduce
Steps to reproduce the behavior:

1. Start hsf (version 2.0) as root sudo hsf. Accept Term and build db
2. use double tab
3. See output
   Expected behavior
   It should show modules instead. Like "exploit", "scanner", ...

Screenshots

Desktop (please complete the following information):

• OS: Parrot OS
• Version 4.11.2 amd64. Python3.9

Describe the bug

When using the auxiliary/generic/scanner/port_scanner module, running info produces a traceback, erroring with:

'Show' object has no attribute 'show_module_information'`

To Reproduce

1. Start hsf
2. Use the module auxiliary/generic/scanner/port_scanner
3. Run info

Expected behavior

The module's info is printed to stdout.

Desktop (please complete the following information):

• OS: Arch Linux

Additional context

Terminal output:

(hsf)> use auxiliary/generic/scanner/port_scanner
(hsf: auxiliary: Port Scanner)> info
[-] An error occured: 'Show' object has no attribute 'show_module_information'!
  File "/home/vagrant/.local/bin/hsf", line 8, in <module>
    sys.exit(cli())
  File "/home/vagrant/.local/lib/python3.10/site-packages/hatsploit/__init__.py", line 40, in cli
    runtime.catch(hsf.cli)
  File "/home/vagrant/.local/lib/python3.10/site-packages/hatsploit/lib/runtime.py", line 75, in catch
    function(*args)
  File "/home/vagrant/.local/lib/python3.10/site-packages/hatsploit/__main__.py", line 183, in cli
    self.launch()
  File "/home/vagrant/.local/lib/python3.10/site-packages/hatsploit/__main__.py", line 85, in launch
    self.console.shell()
  File "/home/vagrant/.local/lib/python3.10/site-packages/hatsploit/core/base/console.py", line 97, in shell
    self.runtime.catch(self.shell_execute)
  File "/home/vagrant/.local/lib/python3.10/site-packages/hatsploit/lib/runtime.py", line 89, in catch
    traceback.print_stack(file=sys.stdout)

I dont know, The older versions worked cheap for me but this one gave me error like: 'Casting' object has no attribute 'is_ipv4_range'. Did you mean: 'is_port_range'
I type "hsf" in terminal but it gaves me this error and exits

So, please fix this i really like the framework design/modules/etc..

Thanks!

(hsf)> modules_db -c modules /home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/lib/../db/modules.json
[-] An error occurred: 'DB' object has no attribute 'bagdes'!
(hsf)>

the same error with plugins_db and payloads_db

error in hatsploit/core/db/db.py

So from the last issue i created, the HatSploit force install HatVenom from internet automatically. I have and alternative idea. We can try something like try import hatvenom; except ImportError: <do install from pip>. IDK if it is possible in setup.py. What do you think about it? The idea is to check if system has HatVenom. With this method, setup.py can check version of HatVenom as well like

try:
  import hatvenom
  if hatvenom.version < "required version":
    print("You are having old version of hatvenom")
    do_upgrade_hatvenom()
  else:
    pass
except ImportError:
   do_install_hatvenom()

I find this project very interesting and useful. was able to install and establish connections to a remote PC but I wasn't able to send commands.

could you please make an example of how to send commands after successful connections?

thanks

you are awesome brother !!

It's not a bug, just error when building modules db.

Screentext.

[i] Reason: No module named 'pwny'k...\
[-] Failed to add  <python>/payloads/linux/x64/pwny_reverse_tcp to payload database!
[i] Reason: No module named 'pwny'
[-] Failed to add <python>/hatsploit/payloads/iphoneos/aarch64/pwny_reverse_tcp to payload database!

Add --force-update command pls

@enty8080

Error in file hatsploit/lib/modules.py

You forgot to create session_id variable

[-] An error occurred: name 'session_id' is not defined!

Yo!... yea again me, i wanna say i cant upgrade the framework or even install it after uninstalling

so the problem is the git says theres no github link for HatLoads module!

Hmm, I would say I can edit modules only by including their names, if it was by numbers that was be good tho!

[i] --( The HatSploit Terms of Service )--
This tool is designed for educational purposes only.

Adequate defenses can only be built by researching attack techniques available to malicious actors.
Using this tool against target systems without prior permission is illegal in most jurisdictions.
The authors are not liable for any damages from misuse of this information or code.

If you are planning on using this tool for malicious purposes that are not authorized by the company
you are performing assessments for, you are violating the terms of service and license.

By accepting our terms of service, you agree that you will only use this tool for lawful purposes only.

[-] An error occurred: 'ColorScript' object has no attribute 'parse_input'!
File "/usr/local/bin/hsf", line 33, in
sys.exit(load_entry_point('hatsploit==5.0.0', 'console_scripts', 'hsf')())
File "/usr/local/lib/python3.11/dist-packages/hatsploit/init.py", line 43, in hsf_cli
runtime.catch(hsf.cli)
File "/usr/local/lib/python3.11/dist-packages/hatsploit/lib/runtime.py", line 126, in catch
traceback.print_stack(file=sys.stdout)

I'm going to package HatSploit and HatVenom for Parrot OS and it will be great if both projects have release version so i can update new versions automatically.

What's the difference between execute_from_file from hatsploit/core/base/execute.py and script from hatsploit/core/base/console.py?

@enty8080

if you try to create file in root directory and you don't have permissions, hsf dies

(hsf)> log on /file.txt
[i] HatSploit log: on
[-] An error occurred: [Errno 13] Permission denied: '/file.txt'!
Traceback (most recent call last):
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/console.py", line 87, in launch_menu
    self.execute.execute_command(commands, arguments)
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/execute.py", line 47, in execute_command
    if not self.execute_core_command(commands, arguments):
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/execute.py", line 90, in execute_core_command
    command.run(len(arguments), arguments)
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/lib/../commands/log.py", line 42, in run
    self.print_information("HatSploit log: on")
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/cli/badges.py", line 64, in print_information
    self.print_empty(self.I + message, start=start, end=end)
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/cli/badges.py", line 46, in print_empty
    self.io.print(message, start=start, end=end)
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/io.py", line 49, in print
    with open(use_log, 'a') as f:
PermissionError: [Errno 13] Permission denied: '/file.txt'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/thecakeisfalse/.local/bin/hsf", line 8, in <module>
    sys.exit(main())
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/hsf.py", line 169, in main
    hsf.launch(script=hsf.root_path + 'startup.hsf')
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/hsf.py", line 93, in launch
    self.console.script(script, do_shell)
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/console.py", line 179, in script
    self.launch_menu()
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/console.py", line 94, in launch_menu
    self.badges.print_error("An error occurred: " + str(e) + "!")
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/cli/badges.py", line 58, in print_error
    self.print_empty(self.E + message, start=start, end=end)
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/cli/badges.py", line 46, in print_empty
    self.io.print(message, start=start, end=end)
  File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/io.py", line 49, in print
    with open(use_log, 'a') as f:
PermissionError: [Errno 13] Permission denied: '/file.txt'
bruh@bruh:~$ 

Hi @enty8080 Do you have any plans for using encoders? When I do encoding on a shellcode, I ran into BadChars problem \x00 messing with the compiler and if I try to remove badChars manually I will mess up offset substitutions.
Cheers Bro!

Just saw your comment at RomBruter and you're right, your framework is much more versatile, up-to-date and very well modulary written. I'll check it out in depth and see if I can contribute something.

@enty8080

(hsf)> edit auxiliary/android/checker/check_adb_installation
[-] An error occurred: 'HatSploitCommand' object has no attribute 'execute'!
(hsf)> edit auxiliary/iphoneos/checker/jailbroken_or_not
[-] An error occurred: 'HatSploitCommand' object has no attribute 'execute'!
(hsf)> 

@enty8080

When I run history -l command, it print same text twice.

(hsf)> history -c
(hsf)> load cowsay
[*] Loading cowsay plugin...
 ________________
< Cow here, moo! >
 ----------------
         \   ^__^ 
          \  (oo)\_______
             (__)\       )\/\
                 ||----w |
                 ||     ||
        
[i] Use cowsay to call me.
[+] Successfully loaded cowsay plugin!
(hsf)> history -l
[i] HatSploit history:
    * load cowsay
    * load cowsay
(hsf)> 

Can you write error in search if user haven't agreed to build database?

Current message:

(hsf)> search test
[-] An error occurred: 'NoneType' object has no attribute 'keys'!
(hsf)> 

└─$ hsf
Traceback (most recent call last):
File "/home/glitch/.local/bin/hsf", line 5, in
from hatsploit import cli
File "/home/glitch/.local/lib/python3.10/site-packages/hatsploit/init.py", line 30, in
from .main import HatSploit
File "/home/glitch/.local/lib/python3.10/site-packages/hatsploit/main.py", line 33, in
from hatsploit.core.utils.api import API
File "/home/glitch/.local/lib/python3.10/site-packages/hatsploit/core/utils/api.py", line 27, in
from flask import Flask
File "/home/glitch/.local/lib/python3.10/site-packages/flask/init.py", line 19, in
from . import json
File "/home/glitch/.local/lib/python3.10/site-packages/flask/json/init.py", line 15, in
from itsdangerous import json as _json
ImportError: cannot import name 'json' from 'itsdangerous' (/usr/lib/python3/dist-packages/itsdangerous/init.py)

Netcat don't work right on target computer

On my computer

(hsf: exploit: Bind TCP Handler)> set PAYLOAD unix/generic/netcat_reverse_tcp
[i] PAYLOAD ==> unix/generic/netcat_reverse_tcp
(hsf: exploit: Bind TCP Handler)> run
[*] Establishing connection...
[*] Sending payload stage...
[*] Executing payload...
[*] Listening on port 8888...

On target computer

nc: invalid option -- 'e'
usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
	  [-m minttl] [-O length] [-P proxy_username] [-p source_port]
	  [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] [-w timeout]
	  [-X proxy_protocol] [-x proxy_address[:port]] 	  [destination] [port]