mazen160 / shennina Goto Github PK
View Code? Open in Web Editor NEWAutomating Host Exploitation with AI
Home Page: https://mazinahmed.net/blog/shennina-exploitation-framework/
Automating Host Exploitation with AI
Home Page: https://mazinahmed.net/blog/shennina-exploitation-framework/
i dont get passed this
Downloading tensorflow-2.11.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (588.3 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╸ 588.0/588.3 MB 33.3 MB/s eta 0:00:01
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╸ 588.3/588.3 MB 33.5 MB/s eta 0:00:01Killed
I'm having msfrpc authentication failed error. Just wondering does anyone facing the same issue?
running ./run-msrpc.py
is ok.
[*] MSGRPC Service: 127.0.0.1:55553
[*] MSGRPC Username: admin
[*] MSGRPC Password: admin
[*] Successfully loaded plugin: msgrpc
running ./run-server.sh
is ok.
* Running on all addresses (0.0.0.0)
* Running on http://127.0.0.1:8040
* Running on http://172.17.0.2:8040
testing connecting with msfrpc client
works fine.
> msfrpc -U admin -P admin -a 127.0.0.1 -S
[*] The 'rpc' object holds the RPC client interface
[*] Use rpc.call('group.command') to make RPC calls
>>
just that when I run shennina.py
the msfrpc connection failed.
Traceback (most recent call last):
File "/home/kali/py3.9/lib/python3.9/site-packages/pymetasploit3/msfrpc.py", line 218, in login
if auth['result'] == 'success':
KeyError: 'result'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/shennina/rpc_test.py", line 4, in <module>
client = MsfRpcClient("password", host="localhost", port=55553)
File "/home/kali/py3.9/lib/python3.9/site-packages/pymetasploit3/msfrpc.py", line 191, in __init__
self.login(kwargs.get('username', 'msf'), password)
File "/home/kali/py3.9/lib/python3.9/site-packages/pymetasploit3/msfrpc.py", line 224, in login
raise MsfAuthError("MsfRPC: Authentication failed")
pymetasploit3.msfrpc.MsfAuthError: 'MsfRPC: Authentication failed'
my env is python3.9
and I have tried with pymetasploit 1.0, 1.0.1, 1.0.2
and 1.0.3
(all versions)
still the same result.
Not really sure where to go from here.
error from Shennina
[%] Starting at 19:42:19 / 01-01-2023
'MsfRPC: Authentication failed' (I've modified the script to print out the exception error.)
[!] [19:42:19] Error connecting to MSFRPC server.
Hi,
I'm trying to install shennina on my Kali VM.
I always get this error:
ERROR: Could not find a version that satisfies the requirement tensorflow==2.7.3 (from versions: 2.8.0rc0, 2.8.0rc1, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.9.0rc0, 2.9.0rc1, 2.9.0rc2, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.10.0rc0, 2.10.0rc1, 2.10.0rc2, 2.10.0rc3, 2.10.0, 2.10.1, 2.11.0rc0, 2.11.0rc1, 2.11.0rc2, 2.11.0) ERROR: No matching distribution found for tensorflow==2.7.3
Any hints how to fix this issue?
I run it in the console and get an error, I installed all the plugins, but there is no connection
./shennina.py --lhost 127.0.0.1 --target 217.11.. --use-cached-service-scan --vulnerability-scan-mode
/ || | ___ _ __ _ __ ()_ __ __ _
___ | '_ \ / _ \ '_ | '_ | | '_ \ / ` |
) | | | | __/ | | | | | | | | | | (| |
|/|| ||___|| ||| |||| ||_,|
v0.3
[%] Starting at 22:19:38 / 21-12-2022
[!] [22:19:41] Error connecting to MSFRPC server.
After updating the requirements.txt document for the initial install / setup of shennina, I attempted to start the exfiltration-server, following the below steps:
cd ./exfiltration-server
./run-server.sh
[ 5/11] RUN pip3 install flask:
1.087 error: externally-managed-environment
1.087
1.087 × This environment is externally managed
1.087 ╰─>
1.087 The system-wide python installation should be maintained using the system
1.087 package manager (apk) only.
1.087
1.087 If the package in question is not packaged already (and hence installable via
1.087 "apk add py3-somepackage"), please consider installing it inside a virtual
1.087 environment, e.g.:
1.087
1.087 python3 -m venv /path/to/venv
1.087 . /path/to/venv/bin/activate
1.087 pip install mypackage
1.087
1.087 To exit the virtual environment, run:
1.087
1.087 deactivate
1.087
1.087 The virtual environment is not deleted, and can be re-entered by re-sourcing
1.087 the activate file.
1.087
1.087 To automatically manage virtual environments, consider using pipx (from the
1.087 pipx package).
1.087
1.087 note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
1.087 hint: See PEP 668 for the detailed specification.
ERROR: failed to solve: process "/bin/sh -c pip3 install flask" did not complete successfully: exit code: 1
Unable to find image 'exfiltration-server:latest' locally
docker: Error response from daemon: pull access denied for exfiltration-server, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
"
Any ideas on how I might solve this issue?
Hi everyone,
So I walked through shennina docs then got to the point I have been able to install it and initialize the exploits tree so stage 3.1.
I'm having at stage 4. some problems to understand the scanning, training and exploitation commands so these one :
$ ./shennina.py --lhost metasploit-ip --target target.local --service-scan-only
$ ./shennina.py --lhost metasploit-ip --target target.local --use-cached-service-scan
$ ./shennina.py --training-mode --lhost lhost.local --target training-target.local
$ ./shennina.py --lhost lhost.local --target target.local --exploitation-mode
Can somebody explain to me how these commands works, what should(or can) be changed and show a practical examples with the possible outcomes please ?
Also are part 5 to 9 for information and more theoretical knowledge ?
Thanks :)
Terri.
Hello, I've run into an issue with Shennina.
So far, It seems when running in "training mode", it uses up all my memory and kills the process.
Here I am training a metasploitable3 system.
Shennina is running on Kali inside UTM, on my M1 Mac. I've bumped the memory to 16 GB.
Once it's OOM, it kills the process.
The screenshot is not too long after the process was killed.
Hello.
I had some issues installing the default requirements so I used these :
pymetasploit3
termcolor
python-nmap
requests
flask
tensorflow==2.8.0 (Instead of 2.7.3)
tensorflow-estimator==2.7.0
tensorflow-hub==0.12.0
matplotlib==3.4.3
pandas==1.1.5
numpy==1.21.0 (Instead of 1.16.3)
numpydoc==0.9.1
So the requirements installed well but when I run shennina.py I get these errors :
Traceback (most recent call last):
File "/home/arch1618033/HACKING_TOOLS/shennina/shennina.py", line 11, in
import a3c_classes
File "/home/arch1618033/HACKING_TOOLS/shennina/classes/a3c_classes.py", line 4, in
from tensorflow.python.keras import layers
File "/usr/lib/python3.10/site-packages/tensorflow/init.py", line 473, in
keras._load()
File "/usr/lib/python3.10/site-packages/tensorflow/python/util/lazy_loader.py", line 41, in _load
module = importlib.import_module(self.name)
File "/usr/lib/python3.10/importlib/init.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "/usr/lib/python3.10/site-packages/keras/init.py", line 25, in
from keras import models
File "/usr/lib/python3.10/site-packages/keras/models.py", line 20, in
from keras import metrics as metrics_module
File "/usr/lib/python3.10/site-packages/keras/metrics.py", line 24, in
from keras import activations
File "/usr/lib/python3.10/site-packages/keras/activations.py", line 20, in
from keras.layers import advanced_activations
File "/usr/lib/python3.10/site-packages/keras/layers/init.py", line 27, in
from keras.engine.base_preprocessing_layer import PreprocessingLayer
File "/usr/lib/python3.10/site-packages/keras/engine/base_preprocessing_layer.py", line 19, in
from keras.engine import data_adapter
File "/usr/lib/python3.10/site-packages/keras/engine/data_adapter.py", line 38, in
import pandas as pd # pylint: disable=g-import-not-at-top
File "/usr/lib/python3.10/site-packages/pandas/init.py", line 30, in
from pandas._libs import hashtable as _hashtable, lib as _lib, tslib as _tslib
File "/usr/lib/python3.10/site-packages/pandas/_libs/init.py", line 13, in
from pandas._libs.interval import Interval
File "pandas/_libs/interval.pyx", line 1, in init pandas._libs.interval
ValueError: numpy.ndarray size changed, may indicate binary incompatibility. Expected 96 from C header, got 88 from PyObject
CAN ANYBODY HELP ME FIX THIS PLEASE ?
Some info about my system (Feel free to ask for more detail) :
Thanks a lot :)
Hi everyone,
How are you doing ?
I'm facing this issues in part 3.1 Initializing Exploits tree. Here is what I get when I run ./shennina.py --initialize-exploits-tree :
Here is my config files :
#!/usr/bin/env python3
import json
import os
from pymetasploit3.msfrpc import MsfRpcClientBase config
PROJECT_PATH = os.path.dirname(os.path.abspath(file))
SCANS_PATH = PROJECT_PATH + "/.scans/"
REPORTS_PATH = PROJECT_PATH + "/reports/"Second brain configuration
SUPERVISOD_CSV_FILE = 'data/exploits.csv'
SECOND_BRAIN_NAME = 'second_brain'if not os.path.exists(SCANS_PATH):
os.mkdir(SCANS_PATH)
if not os.path.exists(REPORTS_PATH):
os.mkdir(REPORTS_PATH)EXPLOITS_TREE_PATH = PROJECT_PATH + "/data/" + "exploits_tree.json"
EXFILTRATION_SERVER = "172.17.0.1:8040"
MAX_TESTING_THREADS = 10
SCANNING_THROUGH_TEST = False
TTL_FOR_EXPLOIT_VALIDATION = 15.0TODO: remove these lines and use config.EXPLOITS_TREE instead
SERVICE_LIST = 'openssh@dav@login@rpc@php@joomla@http@rmiregistry@krb524@x11@java@bind@domain@tcpwrapped@drupal@postfix@apache@vsftpd@proftpd@telnet@irc@jetty@nginx@unix@tikiwiki@postgresql@ftp@ajp13@vnc@smtp@sambasmbd@upnp@ldap@mysql@phpbb@ubuntu@webmin@samba@oscommerce@ms-wbt-server@exec@rpcbind@moodle@mediawiki@python@phpmyadmin@shell@wordpress@ssh@sugarcrm@netbios-ssn@tomcat@linuxtelnetd'
OS_LIST = 'fortinet@windows@unix@solaris@osx@netware@linux@irix@hpux@freebsd@firefox@dialup@bsdi@apple_ios@android@aix@unknown'Cache Search Results
CACHED_SEARCH_RESULTS = {}
Exploits Tree & Array
EXPLOITS_TREE = []
EXPLOITS_ARRAY = []Functions
def getClient():
MSFRPC_CONFIG = open(PROJECT_PATH + "/config/" + "msfrpc-config.json")MSFRPC_CONFIG = json.loads(MSFRPC_CONFIG.read()) client = None try: client = MsfRpcClient(MSFRPC_CONFIG["password"], user=MSFRPC_CONFIG["user"], host=MSFRPC_CONFIG["host"], port=MSFRPC_CONFIG["port"], ssl=MSFRPC_CONFIG["ssl"]) except Exception: pass return client
def loadExploitsTree(detailed=True):
exploits_tree = json.loads(open(EXPLOITS_TREE_PATH, "r").read())
if detailed:
return exploits_tree
return [_['exploit'] for _ in exploits_tree]
{
"password": "password",
"user": "username",
"host": "127.0.0.1",
"port": 55553,
"ssl": false
}
Can anybody help fix this ? Or give more explanation about the issue I'm facing ?
Thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.