-
Notifications
You must be signed in to change notification settings - Fork 115
/
twitt.rb
266 lines (234 loc) · 8.34 KB
/
twitt.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
# Copyright (c) 2011, Carlos Perez <carlos_perez[at]darkoperator.com
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification, are permitted
# provided that the following conditions are met:
#
# Redistributions of source code must retain the above copyright notice, this list of conditions and
# the following disclaimer.
#
# Redistributions in binary form must reproduce the above copyright notice, this list of conditions
# and the following disclaimer in the documentation and/or other materials provided with the
# distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
# FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
require 'twitter'
module Msf
class Plugin::Twitt < Msf::Plugin
include Msf::SessionEvent
# Checks if the constant is already set, if not it is set
if not defined?(Twitter_yaml)
Twitter_yaml = "#{Msf::Config.get_config_root}/twitter.yaml"
end
# Initialize the Class
def initialize(framework, opts)
super
add_console_dispatcher(TwittCommandDispatcher)
end
# Cleans up the event subscriber on unload
def cleanup
self.framework.events.remove_session_subscriber(self)
remove_console_dispatcher('twitt')
end
# Sets the name of the Plug-In
def name
"twitt"
end
# Sets the description of the Plug-In
def desc
"Automatically send Twitter Direct Message when sessions are created and closed"
end
# Twitt Command Dispatcher Class
class TwittCommandDispatcher
include Msf::Ui::Console::CommandDispatcher
@consumer_key = nil
@consumer_secret = nil
@oauth_token = nil
@oauth_token_secret = nil
@twitt_client = nil
# Action for when a session is created
def on_session_open(session)
print_status("Session received Sending Message to #{@user}")
send_direct("Source: #{@source} Session: #{session.sid} IP: #{session.session_host} Peer: #{session.tunnel_peer} Platform: #{session.platform} Type: #{session.type}")
return
end
# Action for when the session is closed
def on_session_close(session,reason = "")
begin
print_status("Session:#{session.sid} Type:#{session.type} is shutting down")
send_direct("Source: #{@source} Session:#{session.sid} Type:#{session.type} is shutting down")
rescue
return
end
return
end
# Name of the Plug-In
def name
"twitt"
end
# Method for sending the direct message
def send_direct(message)
returned_message = @twitt_client.direct_message_create(@user, message)
end
# Reads and set the valued from a YAML File
def read_settings
read = nil
if File.exist?("#{Twitter_yaml}")
ldconfig = YAML.load_file("#{Twitter_yaml}")
@consumer_key = ldconfig['consumer_key']
@consumer_secret = ldconfig['consumer_secret']
@oauth_token = ldconfig['oauth_token']
@oauth_token_secret = ldconfig['oauth_token_secret']
@user = ldconfig['user']
@source = ldconfig['source']
read = true
else
print_error("You must create a YAML File with the options")
print_error("as: #{Twitter_yaml}")
return read
end
return read
end
# Sets the commands for the Plug-In
def commands
{
'twitt_help' => "Displays help",
'twitt_start' => "Start Twitter Plugin after saving settings.",
'twitt_stop' => "Stop monitoring for new sessions.",
'twitt_test' => "Send test message to make sure confoguration is working.",
'twitt_save' => "Save Settings to YAML File #{Twitter_yaml}.",
'twitt_set_consumer_key' => "Sets Twitter Consumer Key.",
'twitt_set_consumer_secret' => "Sets Consumer Secret.",
'twitt_set_oauth_token' => "Sets Oauth Token.",
'twitt_set_oauth_token_secret' => "Sets Oauth Token Secret",
'twitt_set_user' => "Sets User to whom messages will be sent.",
'twitt_set_source' => "Sets Source Name from where the messages are sent.",
'twitt_show_parms' => "Shows currently set parameters."
}
end
# Help Command
def cmd_twitt_help
puts "Help"
end
# Re-Read YAML file and set Twitter Configuration
def cmd_twitt_start
print_status "Starting to monitor sessions to Twitt"
if read_settings()
self.framework.events.add_session_subscriber(self)
@twitt_client = Twitter.configure do |config|
config.consumer_key = @consumer_key
config.consumer_secret = @consumer_secret
config.oauth_token = @oauth_token
config.oauth_token_secret = @oauth_token_secret
end
print_good("Twitter Plugin Started, Monitoring Sessions")
else
print_error("Could not set Twitter settings.")
end
end
def cmd_twitt_stop
print_status("Stopping the monitoring of sessions to Twitt")
self.framework.events.remove_session_subscriber(self)
end
def cmd_twitt_test
print_status("Sending tests message")
read_settings
@twitt_client = Twitter.configure do |config|
config.consumer_key = @consumer_key
config.consumer_secret = @consumer_secret
config.oauth_token = @oauth_token
config.oauth_token_secret = @oauth_token_secret
end
send_direct("This is a test Message from your Metasploit console #{::Time.now}")
return
end
# Save Parameters to text file
def cmd_twitt_save
print_status("Saving paramters to config file")
if @consumer_key and @consumer_secret and @oauth_token and @oauth_token_secret and @user
config = {'consumer_key' => @consumer_key, 'consumer_secret' => @consumer_secret,
'oauth_token' => @oauth_token, 'oauth_token_secret' => @oauth_token_secret,
'user' => @user, 'source' => @source
}
File.open(Twitter_yaml, 'w') do |out|
YAML.dump(config, out)
end
print_good("All parameters saved to #{Twitter_yaml}")
else
print_error("You have not provided all the parameters!")
end
end
# Get Consumer Key
def cmd_twitt_set_consumer_key(*args)
if args.length > 0
print_status("Setting the Consumer Key to #{args[0]}")
@consumer_key = args[0]
else
print_error("Please provide a value")
end
end
# Get Consumer Secret
def cmd_twitt_set_consumer_secret(*args)
if args.length > 0
print_status("Setting the Consumer Secret to #{args[0]}")
@consumer_secret = args[0]
else
print_error("Please provide a value")
end
end
# Get OATH Token
def cmd_twitt_set_oauth_token(*args)
if args.length > 0
print_status("Setting the OAUTH Token to #{args[0]}")
@oauth_token = args[0]
else
print_error("Please provide a value")
end
end
# Get Oath Token Secret
def cmd_twitt_set_oauth_token_secret(*args)
if args.length > 0
print_status("Setting the OAUTH Token Secret to #{args[0]}")
@oauth_token_secret = args[0]
else
print_error("Please provide a value")
end
end
# Get User to whom Direct Messages Will be Sent to
def cmd_twitt_set_user(*args)
if args.length > 0
print_status("Setting the DM target user to #{args[0]}")
@user = args[0]
else
print_error("Please provide a value")
end
end
# Set Source Name to be included in the messages
def cmd_twitt_set_source(*args)
if args.length > 0
print_status("Setting the source name to #{args[0]}")
@source = args[0]
else
print_error("Please provide a value")
end
end
# Show the parameters set on the Plug-In
def cmd_twitt_show_parms
print_status("Parameters:")
print_good("consumer_key: #{@consumer_key}")
print_good("consumer_secret: #{@consumer_secret}")
print_good("oauth_token: #{@oauth_token}")
print_good("oauth_token_secret: #{@oauth_token_secret}")
print_good("user: #{@user}")
print_good("source: #{@source}")
end
end
end
end