Update repos for Packet Squirrel Mk 2 release

payloads/recon/nmapdump/payload.sh

@@ -0,0 +1,276 @@
+#!/bin/bash
+# 
+# This payload is for the original Packet Squirrel.  It may not work on 
+# the Packet Squirrel Mark II
+#
+# Title:		NMap Dump
+# Description:		Dumps NMap scan data to USB storage.
+# Author: 		infoskirmish.com
+# Version:		2.0
+# Category:		sniffing
+# Target: 		Any
+# Net Mode:		TRANSPARENT
+
+# Updated to the Packet Squirrel Mark II by Hak5
+
+# LEDs
+# SUCCESS:		Scan complete
+# FAIL:			No USB storage found
+# SCANNING:		Rapid White
+
+#### Constants ####
+
+# If you know which interface will allow outbound traffic you can specify it here
+# leaving it blank will enable the payload trying to attempt to figure out which
+# interface to use.
+defaultInterface="lo"
+
+
+# Number of decoy IPs to spawn
+rndDecoyNumber=5
+
+# Spoof the MAC of this device type
+spoofDevType="Cisco"
+
+# Seconds to sleep while loading NAT
+netSleep=10
+
+# Squirrel NETMODE TRANSPARENT | BRDIGE | NAT | NONE
+# BRIDGE mode will preserve the Squirrel IP 
+mode="BRIDGE"
+
+# When done what should we do? reboot | halt | nothing | poweroff
+onEnd="halt"
+
+# Path to store results
+lootPath="/usb/loot/nmapdump"
+
+# File name scheme 
+lootFileNameScheme="nmapdump_$(date +%Y-%m-%d-%H%M)"
+
+# Clear the log every run?
+clearLogs=true
+
+#### Payload Code ####
+
+function finish() {
+
+	# Sync filesystem
+	sync
+
+	# Indicate successful shutdown
+	LED B SUCCESS
+	sleep 1
+
+	# Halt the system
+	LED OFF
+
+	case "$onEnd" in
+		"poweroff") poweroff ;;
+		"reboot") reboot ;;
+		"halt") halt ;;
+		"nothing") echo "see ya!" >> $lootPath/log.txt ;;
+		*) reboot;;
+	esac
+
+}
+
+function run() {
+
+	# Create loot directory
+	mkdir -p $lootPath &> /dev/null
+
+    # Clear the logs
+    if [ "${clearLogs}x" == "truex" ]; then
+        echo > ${lootPath}/log.txt
+    fi
+	
+	# Set networking mode to user preferance and sleep to allow time to sync up.
+	# If set to NONE this will not be set and thus not kick you out of your SSH session.
+	if [ "$mode" != "NONE" ]; then
+	
+		NETMODE $mode
+		sleep $netSleep
+
+	fi 
+
+	# Log ifconfig data; helpful for troubleshooting 
+	ifconfig >> $lootPath/log.txt
+
+	# Starting scanning LED (rapid white blink)
+  	LED W VERYFAST
+
+	# Run nmap scan with options
+
+	# Now lets figure out which interface to use.
+	iface=$(ip -o link show | awk '{print $2}')
+
+	# Set ipv6 default to null
+	ipv6=""
+
+	# Now lets look at the ip addresses assigned to the various interfaces.
+	while IFS= read -r line; do
+
+		# Standardize interface name
+        	line="${line//:}"
+
+		# We can skip lo
+        	if [ "$line" != "lo" ]; then
+
+			# Get IP Address for Interface.
+			ifip=$(ifconfig $line 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://')
+
+			# Make sure result is not null.
+			if [ "$ifip" ]; then
+
+				# Store for later use the ip addresses associted with interface.
+				# We don't want an empty 1st line.
+				if [ "$ipaddresses" ]; then
+					ipaddresses+=$'\n'$ifip
+				else
+					ipaddresses=$ifip
+				fi
+			
+				# If user has specified a default interface than we can disregard.
+				if [ ! "$defaultInterface" ]; then
+
+					# Store the interface for later use.	
+					# We don't want an empty 1st line.
+					if [ "$interfaces" ]; then
+						interfaces+=$'\n'$line
+					else
+						interfaces=$line
+					fi
+				fi
+			
+				# convert ip to subnet
+				newSubNet=`echo $ifip | cut -d"." -f1-3`
+				newSubNet=$newSubNet".1/24"
+		
+				# Add subnet to list
+				# We don't want a leading empty character.
+				if [ "$newSubNet" ]; then
+					targets+=" $newSubNet"
+				else
+					targets=$newSubNet
+				fi
+
+			fi	
+
+	        fi # end our test for lo
+
+	done <<< "$iface"  # loop to gather IP addresses
+
+	# Clean up subnets to remove accidental double spaces.
+	echo "$targets" | awk '$1=$1' &> /dev/null
+
+	# if targets is empty we have no subnets. Let's check if we can find IPv6 
+	if [ ! "$targets" ]; then
+
+		# Collect all uniqu IPv6 address that we can ping.
+		ipv6=$(ping -6 ff02::1 -w 10 2>/dev/null | awk '/from/ {print $4}' | cut -d":" -f1-6 | sort | uniq | tr "\r\n" " ")
+		if [ ! "$ipv6" ]; then
+
+			# We could not find any ipv4 address and ipv6 returned nothing.
+			echo "Could not accquire any IP addresses to scan." >> $lootPath/log.txt
+			sync
+			LED OFF
+			exit 1
+		fi
+	fi
+
+	# Add lo as some setups the loopback maybe the interface to send out traffic
+	# If user supplies default interface tie in their selection and disregard the
+	# auto locate data.
+	if [ ! "$defaultInterface" ]; then
+		interfaces+=$'\nlo'
+	else
+		interfaces=$defaultInterface
+	fi
+
+	# log subnets and ip addresses we found
+	echo "Subnets to scan $targets" >> $lootPath/log.txt
+	echo "IPs to scan $ipaddresses" >> $lootPath/log.txt
+
+	# Document the fact we will be scanning ipv6
+	if [ "$ipv6" ]; then
+		echo "We will be scanning ipv6 addresses" >> $lootPath/log.txt
+	fi
+
+	# Now lets find the interface that will allow outbound traffic on the LAN.
+	while IFS= read -r interface; do
+
+		# We will use the ip addresses we found to see if this interface can ping it.
+		while IFS= read -r ip; do
+
+			# If we can send ping packets then the interface is likley able to work with nmap
+			# Determin if we should ping in ipv4 or ipv6
+			if [ ! "$ipv6" ]; then
+
+				if [[ ! $(ping -I $interface $ip -w 3 | grep '0 packets received') ]]; then
+			
+					# Make sure wee don't end up with a blank first line.
+					if [ "$goodInterface" ]; then
+
+						goodInterfaces+=$'\n'$interface
+					else
+						goodInterfaces=$interface
+					fi			
+				fi
+
+			else
+
+				if [[ ! $(ping -6 ff02::1 -w 3 | grep '0 packets received') ]]; then
+			
+					# Make sure wee don't end up with a blank first line.
+					if [ "$goodInterface" ]; then
+
+						goodInterfaces+=$'\n'$interface
+					else
+						goodInterfaces=$interface
+					fi			
+				fi
+
+			fi
+
+		done <<< "$ipaddresses" # end loop to find interfaces we can use
+
+	done <<< "$interfaces" # end loop to scan interfaces
+
+	# Log interfaces we can use
+	echo "Interfaces allowing outbound traffic: $goodInterfaces" >> $lootPath/log.txt
+
+	# Make sure we have interfaces that will allow outbound traffic.	
+	if [ "$goodInterfaces" ]; then	
+		while IFS= read -r goodInterface; do
+
+			# Finally! Lets run NMap!
+			# Use ipv4
+			if [ ! "$ipv6" ]; then
+				nmap -Pn -e $goodInterface -sS -F -sV -oA $lootPath/$lootFileNameScheme -D RND:$rndDecoyNumber --randomize-hosts --spoof-mac $spoofDevType $targets >> $lootPath/log.txt
+			else
+				# Use ipv6
+				nmap -Pn -e $goodInterface -sT -F -R -oA $lootPath/$lootFileNameScheme --randomize-hosts --spoof-mac $spoofDevType -6 $ipv6 >> $lootPath/log.txt
+			fi
+	
+		done <<< "$goodInterfaces"
+
+	else
+		echo "Could not find any interfaces that will allow outbound traffic." >> $lootPath/log.txt
+		exit 1
+	fi
+
+
+	# Done scanning; clean up.
+	finish
+
+} # end run() function
+
+USB_WAIT
+
+# Show attack LED
+LED ATTACK
+
+# ATTACK!!!!
+run
+