MCMetasploit/main.py at master · Hololm/MCMetasploit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
import getpass
import os
import sys
import re
from optparse import OptionParser
from minecraft import authentication
from minecraft.exceptions import YggdrasilError
from minecraft.networking.connection import Connection
from minecraft.networking.packets import Packet, clientbound, serverbound
from dotenv import load_dotenv
import time
from tabulate import tabulate
import importlib
import inspect
from colorama import Fore, Back, Style, init


load_dotenv()  #: loads variables from .env


def main():

    x: list = os.listdir("modules")  #: lists all files in the modules folder
    x.remove("schema.py")
    modules: list = []

    for i in x:
        if i[-3:] == ".py":  #: checks if file contains .py
            y = importlib.import_module('modules.%s' % i[:-3])  #: removes .py from the file
            try:
                if inspect.isclass(y.Exploit):  #: checks if class 'Exploit' is in file
                    modules.append(y)
            except (AttributeError, NameError):
                pass

    #: exploits: litebans sql dump, holographics dir traversal, log4j
    print("Logging in...")

    auth_token = authentication.AuthenticationToken()
    try:
        email = os.getenv("EMAIL")
        password = os.getenv("PASSWORD")
        auth_token.authenticate(email, password)
    except YggdrasilError as e:
        print(e)
        sys.exit()

    print(Fore.LIGHTGREEN_EX + "Logged in as %s..." % auth_token.username)
    time.sleep(1)

    table = []
    for y in modules:
        k = y.Exploit()
        table.append([k.name, k.description])  #: adds the name and description of exploit every iteration
    print(Fore.LIGHTWHITE_EX + tabulate(table, headers=['ID', 'Name', 'Description'], showindex="always", tablefmt="fancy_grid"))

    id = int(input(Fore.LIGHTYELLOW_EX + 'Choose an exploit: '))
    exploit = modules[id]
    params = []
    funcparams = [i for i in inspect.getmembers(exploit.Exploit()) if not i[0].startswith('_') if not inspect.ismethod(i[1])]

    serverip = input('MC Server IP: ')
    serverport = int(input('MC Server Port: '))

    for x in funcparams:
        if x[0] == "client":
            params.append(Connection(serverip, serverport, auth_token=auth_token))
            continue

        if x[1] is None:
            data = input('{}: '.format(x[0].title()))
            params.append(data)

    success, message = exploit.Exploit(*tuple(params)).execute()
    print(Fore.LIGHTGREEN_EX + "{}, {}".format(success, message))


if __name__ == '__main__':
    main()