Crowbar

Crowbar

LICENSE.txt

@@ -0,0 +1,19 @@
+Copyright (c)  2014 Gökhan ALKAN
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,52 @@
+## Levye - Brute forcing tool for pentests
+
+
+### What is it?
+
+**Levye** (crowbar) is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools. 
+Currently **Levye** supports  
+- OpenVPN
+- SSH private key authentication
++ VNC key authentication
+* Remote Desktop Protocol (RDP) with NLA support
+
+### Installation
+
+First you shoud install prerequisities  
+```
+ # apt-get install openvpn xfreerdp vncviewer ssh 
+```
+
+Then get latest version from github  
+```
+ # git clone https://github.com/galkan/levye 
+```
+
+
+### Usage
+
+**Brute forcing RDP**  
+```
+ # ./levye.py -b rdp -s 172.16.1.12/32 -u Administrator -c pass.txt  
+```
+
+**Brute forcing SSH**  
+```
+# ./levye.py -b sshkey -s 127.0.0.1/32 -u root -p 22 -k id_rsa  
+```
+
+**Brute forcing VNC server**  
+```
+# ./levye.py -b vnckey -s 172.16.3.87/32 -p 5901 -c keys/vncpass  
+```
+
+**Brute forcing OpenVPN**  
+```
+# ./levye.py -b openvpn -s 172.16.1.100/32 -m server.ovpn -c pass.txt -u user.txt -k server.ca.crt -p 443  
+```
+
+### Example output
+
+ # cat levye.out 
+
+

crowbar.py

@@ -0,0 +1,18 @@
+#!/usr/bin/env python
+
+
+try:
+	from lib.main import Main
+except ImportError,e:
+        import sys
+        sys.stdout.write("%s\n" %e)
+        sys.exit(1)
+
+##
+### Main 
+##
+
+if __name__ == "__main__":
+
+	crowbar = Main()
+	crowbar.run(crowbar.args.brute)

lib/common.py

@@ -0,0 +1,9 @@
+class bcolors:
+	OKBLUE = '\033[94m'
+	OKGREEN = '\033[92m'
+	ENDC = '\033[0m'
+
+	def disable(self):
+		self.OKBLUE = ''
+		self.OKGREEN = ''
+		self.ENDC = ''

lib/iprange.py

@@ -0,0 +1,107 @@
+
+try:
+	import socket	
+  	import struct
+  	import sys
+  	import re
+except ImportError,e:
+  	import sys
+  	sys.stdout.write("%s\n" %e)
+  	sys.exit(14)
+
+
+class InvalidIPAddress(ValueError):
+    	"The ip address given to ipaddr is improperly formatted"
+
+
+class IpRange:
+        """
+                Derived from http://www.randomwalking.com/snippets/iprange.text
+        """
+
+        def ipaddr_to_binary(self,ipaddr):
+                    q = ipaddr.split('.')
+                    return reduce(lambda a,b: long(a)*256 + long(b), q)
+
+
+        def binary_to_ipaddr(self,ipbinary):
+                    return socket.inet_ntoa(struct.pack('!I', ipbinary))
+
+
+        def iprange(self, ipaddr):
+                    span_re = re.compile(r'''(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})   # The beginning IP Address
+                             \s*-\s*
+                             (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})   # The end IP Address
+                          ''', re.VERBOSE)
+                    res = span_re.match(ipaddr)
+                    if res:
+                        beginning = res.group(1)
+                        end = res.group(2)
+                        return span_iprange(beginning, end)
+
+                    cidr_re = re.compile(r'''(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})   # The IP Address
+                             /(\d{1,2})                             # The mask
+                          ''', re.VERBOSE)
+                    res = cidr_re.match(ipaddr)
+                    if res:
+                        addr = res.group(1)
+                        cidrmask = res.group(2)
+                        return self.cidr_iprange(addr, cidrmask)
+                    wild_re = re.compile(r'''(\d{1,3}|\*)\.
+                             (\d{1,3}|\*)\.
+                             (\d{1,3}|\*)\.
+                             (\d{1,3}|\*)   # The IP Address
+                          ''', re.VERBOSE)
+                    res = wild_re.match(ipaddr)
+                    if res:
+                        return wildcard_iprange(ipaddr)
+
+                    raise InvalidIPAddress 
+
+
+        def span_iprange(self, beginning, end):
+                    b = self.ipaddr_to_binary(beginning) 
+                    e = ipaddr_to_binary(end) 
+                    while (b <= e):
+                        yield binary_to_ipaddr(b)
+                        b = b + 1
+
+
+        def cidr_iprange(self, ipaddr, cidrmask):
+                    mask = (long(2)**long(32-long(cidrmask))) - 1
+                    b = self.ipaddr_to_binary(ipaddr) 
+                    e = self.ipaddr_to_binary(ipaddr) 
+                    b = long(b & ~mask)
+                    e = long(e | mask)
+                    while (b <= e):
+                        yield self.binary_to_ipaddr(b)
+                        b = b + 1
+
+
+        def wildcard_iprange(ipaddr):
+                    beginning = [] 
+                    end = [] 
+
+                    tmp = ipaddr.split('.')
+                    for i in tmp:
+                        if i == '*':
+                                    beginning.append("0")
+                                    end.append("255") 
+                        else:
+                                    beginning.append(i)
+                                    end.append(i) 
+                    b = beginning[:]
+                    e = end[:]
+
+                    while int(b[0]) <= int(e[0]):
+                        while int(b[1]) <= int(e[1]):
+                                    while int(b[2]) <= int(e[2]):
+                                        while int(b[3]) <= int(e[3]):
+                                                    yield b[0] + '.' + b[1] + '.' + b[2] + '.' + b[3]
+                                                    b[3] = "%d" % (int(b[3]) + 1)
+                                        b[2] = "%d" % (int(b[2]) + 1)
+                                        b[3] = beginning[3]
+                                    b[1] = "%d" % (int(b[1]) + 1)
+                                    b[2] = beginning[2]
+                        b[0] = "%d" % (int(b[0]) + 1)
+                        b[1] = beginning[1]

lib/logger.py

@@ -0,0 +1,48 @@
+
+try:
+	import logging
+	import os.path
+except ImportError,e:
+	import sys
+	sys.stdout.write("%s\n" %e)
+	sys.exit(1)
+
+
+class Logger:
+
+	def __init__(self, log_file, output_file):
+
+
+		self.logger_log = logging.getLogger('log_file')
+		self.logger_log.setLevel(logging.INFO)
+
+		handler_log = logging.FileHandler(os.path.join(".", log_file),"a", encoding = None, delay = "true")
+		handler_log.setLevel(logging.INFO)
+		formatter = logging.Formatter("%(asctime)s %(message)s", "%Y-%m-%d %H:%M:%S")
+		handler_log.setFormatter(formatter)
+		self.logger_log.addHandler(handler_log)
+
+
+		self.logger_output = logging.getLogger('output_file')
+		self.logger_output.setLevel(logging.INFO)
+
+		handler_out = logging.FileHandler(os.path.join(".", output_file),"a", encoding = None, delay = "true")
+		handler_out.setLevel(logging.INFO)
+		formatter = logging.Formatter("%(asctime)s %(message)s", "%Y-%m-%d %H:%M:%S")
+		handler_out.setFormatter(formatter)
+		self.logger_output.addHandler(handler_out)
+
+		consoleHandler = logging.StreamHandler()
+		consoleHandler.setFormatter(formatter)
+		self.logger_output.addHandler(consoleHandler)
+
+
+
+	def log_file(self , message):
+
+		self.logger_log.critical(message)
+
+
+	def output_file(self, message):
+
+		self.logger_output.critical(message)