entysec / hatsploit Goto Github PK
View Code? Open in Web Editor NEWModular penetration testing platform that enables you to write, test, and execute exploit code.
Home Page: https://hatsploit.com
License: MIT License
Modular penetration testing platform that enables you to write, test, and execute exploit code.
Home Page: https://hatsploit.com
License: MIT License
Describe the bug
When i start hsf
and use command use
+ double tabs, it shows all files in current folder. It suppose to suggest all modules instead
To Reproduce
Steps to reproduce the behavior:
sudo hsf
. Accept Term and build dbuse
double tabDesktop (please complete the following information):
Describe the bug
When using the auxiliary/generic/scanner/port_scanner
module, running info
produces a traceback, erroring with:
'Show' object has no attribute 'show_module_information'`
To Reproduce
hsf
auxiliary/generic/scanner/port_scanner
info
Expected behavior
The module's info is printed to stdout.
Desktop (please complete the following information):
Additional context
Terminal output:
(hsf)> use auxiliary/generic/scanner/port_scanner
(hsf: auxiliary: Port Scanner)> info
[-] An error occured: 'Show' object has no attribute 'show_module_information'!
File "/home/vagrant/.local/bin/hsf", line 8, in <module>
sys.exit(cli())
File "/home/vagrant/.local/lib/python3.10/site-packages/hatsploit/__init__.py", line 40, in cli
runtime.catch(hsf.cli)
File "/home/vagrant/.local/lib/python3.10/site-packages/hatsploit/lib/runtime.py", line 75, in catch
function(*args)
File "/home/vagrant/.local/lib/python3.10/site-packages/hatsploit/__main__.py", line 183, in cli
self.launch()
File "/home/vagrant/.local/lib/python3.10/site-packages/hatsploit/__main__.py", line 85, in launch
self.console.shell()
File "/home/vagrant/.local/lib/python3.10/site-packages/hatsploit/core/base/console.py", line 97, in shell
self.runtime.catch(self.shell_execute)
File "/home/vagrant/.local/lib/python3.10/site-packages/hatsploit/lib/runtime.py", line 89, in catch
traceback.print_stack(file=sys.stdout)
I dont know, The older versions worked cheap for me but this one gave me error like: 'Casting' object has no attribute 'is_ipv4_range'. Did you mean: 'is_port_range'
I type "hsf" in terminal but it gaves me this error and exits
So, please fix this i really like the framework design/modules/etc..
Thanks!
(hsf)> modules_db -c modules /home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/lib/../db/modules.json
[-] An error occurred: 'DB' object has no attribute 'bagdes'!
(hsf)>
the same error with plugins_db
and payloads_db
error in hatsploit/core/db/db.py
So from the last issue i created, the HatSploit force install HatVenom from internet automatically. I have and alternative idea. We can try something like try import hatvenom; except ImportError: <do install from pip>
. IDK if it is possible in setup.py
. What do you think about it? The idea is to check if system has HatVenom. With this method, setup.py
can check version of HatVenom as well like
try:
import hatvenom
if hatvenom.version < "required version":
print("You are having old version of hatvenom")
do_upgrade_hatvenom()
else:
pass
except ImportError:
do_install_hatvenom()
I find this project very interesting and useful. was able to install and establish connections to a remote PC but I wasn't able to send commands.
could you please make an example of how to send commands after successful connections?
thanks
you are awesome brother !!
It's not a bug, just error when building modules db.
Screentext.
[i] Reason: No module named 'pwny'k...\
[-] Failed to add <python>/payloads/linux/x64/pwny_reverse_tcp to payload database!
[i] Reason: No module named 'pwny'
[-] Failed to add <python>/hatsploit/payloads/iphoneos/aarch64/pwny_reverse_tcp to payload database!
Add --force-update
command pls
Error in file hatsploit/lib/modules.py
You forgot to create session_id variable
[-] An error occurred: name 'session_id' is not defined!
(hsf)> repeat 2 "exec ls"
[*] Executing system command: l
[-] Unrecognized system command: l!
[*] Executing system command: l
[-] Unrecognized system command: l!
(hsf)>
(hsf)> repeat 2 "history --list"
Usage: history <option>
-l, --list List all history.
-c, --clear Clear all history.
on/off Turn history on/off.
Usage: history <option>
-l, --list List all history.
-c, --clear Clear all history.
on/off Turn history on/off.
(hsf)>
(hsf)> sleep 10
Time: 10.007538080215454 seconds
(hsf)> repeat 1 "sleep 10"
Time: 1.001197338104248 seconds
(hsf)>
Yo!... yea again me, i wanna say i cant upgrade the framework or even install it after uninstalling
so the problem is the git says theres no github link for HatLoads module!
Hmm, I would say I can edit modules only by including their names, if it was by numbers that was be good tho!
[i] --( The HatSploit Terms of Service )--
This tool is designed for educational purposes only.
Adequate defenses can only be built by researching attack techniques available to malicious actors.
Using this tool against target systems without prior permission is illegal in most jurisdictions.
The authors are not liable for any damages from misuse of this information or code.
If you are planning on using this tool for malicious purposes that are not authorized by the company
you are performing assessments for, you are violating the terms of service and license.
By accepting our terms of service, you agree that you will only use this tool for lawful purposes only.
[-] An error occurred: 'ColorScript' object has no attribute 'parse_input'!
File "/usr/local/bin/hsf", line 33, in
sys.exit(load_entry_point('hatsploit==5.0.0', 'console_scripts', 'hsf')())
File "/usr/local/lib/python3.11/dist-packages/hatsploit/init.py", line 43, in hsf_cli
runtime.catch(hsf.cli)
File "/usr/local/lib/python3.11/dist-packages/hatsploit/lib/runtime.py", line 126, in catch
traceback.print_stack(file=sys.stdout)
I'm going to package HatSploit and HatVenom for Parrot OS and it will be great if both projects have release version so i can update new versions automatically.
What's the difference between execute_from_file
from hatsploit/core/base/execute.py
and script
from hatsploit/core/base/console.py
?
if you try to create file in root directory and you don't have permissions, hsf dies
(hsf)> log on /file.txt
[i] HatSploit log: on
[-] An error occurred: [Errno 13] Permission denied: '/file.txt'!
Traceback (most recent call last):
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/console.py", line 87, in launch_menu
self.execute.execute_command(commands, arguments)
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/execute.py", line 47, in execute_command
if not self.execute_core_command(commands, arguments):
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/execute.py", line 90, in execute_core_command
command.run(len(arguments), arguments)
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/lib/../commands/log.py", line 42, in run
self.print_information("HatSploit log: on")
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/cli/badges.py", line 64, in print_information
self.print_empty(self.I + message, start=start, end=end)
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/cli/badges.py", line 46, in print_empty
self.io.print(message, start=start, end=end)
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/io.py", line 49, in print
with open(use_log, 'a') as f:
PermissionError: [Errno 13] Permission denied: '/file.txt'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/thecakeisfalse/.local/bin/hsf", line 8, in <module>
sys.exit(main())
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/hsf.py", line 169, in main
hsf.launch(script=hsf.root_path + 'startup.hsf')
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/hsf.py", line 93, in launch
self.console.script(script, do_shell)
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/console.py", line 179, in script
self.launch_menu()
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/console.py", line 94, in launch_menu
self.badges.print_error("An error occurred: " + str(e) + "!")
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/cli/badges.py", line 58, in print_error
self.print_empty(self.E + message, start=start, end=end)
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/cli/badges.py", line 46, in print_empty
self.io.print(message, start=start, end=end)
File "/home/thecakeisfalse/.local/lib/python3.8/site-packages/hatsploit/core/base/io.py", line 49, in print
with open(use_log, 'a') as f:
PermissionError: [Errno 13] Permission denied: '/file.txt'
bruh@bruh:~$
Hi @enty8080 Do you have any plans for using encoders? When I do encoding on a shellcode, I ran into BadChars
problem \x00
messing with the compiler and if I try to remove badChars
manually I will mess up offset substitutions.
Cheers Bro!
Just saw your comment at RomBruter and you're right, your framework is much more versatile, up-to-date and very well modulary written. I'll check it out in depth and see if I can contribute something.
(hsf)> edit auxiliary/android/checker/check_adb_installation
[-] An error occurred: 'HatSploitCommand' object has no attribute 'execute'!
(hsf)> edit auxiliary/iphoneos/checker/jailbroken_or_not
[-] An error occurred: 'HatSploitCommand' object has no attribute 'execute'!
(hsf)>
When I run history -l
command, it print same text twice.
(hsf)> history -c
(hsf)> load cowsay
[*] Loading cowsay plugin...
________________
< Cow here, moo! >
----------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
[i] Use cowsay to call me.
[+] Successfully loaded cowsay plugin!
(hsf)> history -l
[i] HatSploit history:
* load cowsay
* load cowsay
(hsf)>
Can you write error in search if user haven't agreed to build database?
Current message:
(hsf)> search test
[-] An error occurred: 'NoneType' object has no attribute 'keys'!
(hsf)>
โโ$ hsf
Traceback (most recent call last):
File "/home/glitch/.local/bin/hsf", line 5, in
from hatsploit import cli
File "/home/glitch/.local/lib/python3.10/site-packages/hatsploit/init.py", line 30, in
from .main import HatSploit
File "/home/glitch/.local/lib/python3.10/site-packages/hatsploit/main.py", line 33, in
from hatsploit.core.utils.api import API
File "/home/glitch/.local/lib/python3.10/site-packages/hatsploit/core/utils/api.py", line 27, in
from flask import Flask
File "/home/glitch/.local/lib/python3.10/site-packages/flask/init.py", line 19, in
from . import json
File "/home/glitch/.local/lib/python3.10/site-packages/flask/json/init.py", line 15, in
from itsdangerous import json as _json
ImportError: cannot import name 'json' from 'itsdangerous' (/usr/lib/python3/dist-packages/itsdangerous/init.py)
Netcat don't work right on target computer
On my computer
(hsf: exploit: Bind TCP Handler)> set PAYLOAD unix/generic/netcat_reverse_tcp
[i] PAYLOAD ==> unix/generic/netcat_reverse_tcp
(hsf: exploit: Bind TCP Handler)> run
[*] Establishing connection...
[*] Sending payload stage...
[*] Executing payload...
[*] Listening on port 8888...
On target computer
nc: invalid option -- 'e'
usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
[-m minttl] [-O length] [-P proxy_username] [-p source_port]
[-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] [-w timeout]
[-X proxy_protocol] [-x proxy_address[:port]] [destination] [port]
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.