-
Notifications
You must be signed in to change notification settings - Fork 3
/
2-download-tls.cna
174 lines (143 loc) · 5.34 KB
/
2-download-tls.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
import java.io.BufferedInputStream;
import java.io.FileOutputStream;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.File;
import java.net.URL;
import java.net.URLConnection;
import java.io.IOException;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;
import java.security.KeyStore;
# ===== Global Variables =====
$saveFilePath = script_resource() . "/downloads"; # Location to store downloaded zips
$destPath = script_resource(); # Unzipped repositories destination folder is relative to this scripts location
# ============================
# ==== Git Repositories ====
# Name, repository ID, branch, [CNA script paths to load]
# Name => repository will be downloaded into this folder, the name has to match the path that is used to load the bofs! (see the modified cna script)
# URL to download zip from => GitLab repository ID
# Paths => relative path from root directory to the cna script to load
@repositories = @(
@("CS-Situational-Awareness-BOF", "https://github.com/trustedsec/CS-Situational-Awareness-BOF/archive/refs/heads/master.zip", "CS-Situational-Awareness-BOF-master/SA/SA.cna"),
@("CS-Remote-OPs-BOF", "https://github.com/trustedsec/CS-Remote-OPs-BOF/archive/refs/heads/main.zip", "CS-Remote-OPs-BOF-main/Remote/Remote.cna", "CS-Remote-OPs-BOF-main/Injection/Injection.cna"),
# add other entries here as well
);
# ============================
# ==== Functions ====
# Download all repository zip files one by one
sub loadArsenal {
for($i = 0; $i < size(@repositories); $i++) {
downloadRepo(@repositories[$i][1],@repositories[$i][0]);
}
}
# createDir($path, $type);
sub createDir {
$path = $1;
$type = $2;
mkdir($path);
if (checkError($error)) {
warn("Unable to create $type directory: $error");
$eMsg = "true";
}
}
# createFile($path);
sub createFile {
$path = $1;
createNewFile($path);
}
# writeFile($handle, $path);
sub writeFile {
$handle = $1;
$path = $2;
$outFile = openf(">" . $path);
writeb($outFile, readb($handle, -1));
closef($outFile);
}
# Download a single repository and write the contents to downloads/repositoryname.zip
sub downloadRepo {
$downloadUrl = $1;
$fileName = $2 . ".zip";
# Create downloads dir if it does not exist
if (!-exists $saveFilePath) {
createDir($saveFilePath);
}
println("> Downloading " . $fileName . "...");
println("\tDownload url: $downloadUrl");
# Check if the zip file can be created
$saveFilePathProper = $saveFilePath . "/" . $fileName;
createFile($saveFilePathProper);
# Obtain the content and write to file
$handle = httpGet($downloadUrl);
writeFile($handle, $saveFilePathProper);
}
# httpGet($url);
# Adapted from https://gist.github.com/mgeeky/2d7f8c2a6ffbfd23301e1e2de0312087
sub httpGet {
$method = "GET";
$url = $1;
$n = 0;
if(size(@_) == 2) { $n = $2; }
$maxRedirectsAllowed = 10;
if ($n > $maxRedirectsAllowed) {
warn("Exceeded maximum number of redirects: $method $url ");
return "";
}
$USER_AGENT = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0";
try {
# When using private git server, load the truststore with the custom root CA or self-signed CA from the current directory
$filepath = script_resource("truststore-public.jks");
# The trust store file and optional password to unlock it
$trustStoreFile = [new File: $filepath];
$trustStorePassword = "changeit";
# Load the trust store from file into an object, the type is "jks"
$trustStore = [KeyStore getInstance: "JKS"];
[$trustStore load: [new FileInputStream: $trustStoreFile], $trustStorePassword];
# init TrustManagerFactory with truststore containing root CA
$tmf = [TrustManagerFactory getInstance: [TrustManagerFactory getDefaultAlgorithm]];
[$tmf init: $trustStore];
# Set the SSLContext of the HTTP requests to ensure the root CA certificate is trusted
$sslContext = [SSLContext getInstance: "TLS"];
[$sslContext init: $null, [$tmf getTrustManagers], $null];
[javax.net.ssl.HttpsURLConnection setDefaultSSLSocketFactory: [$sslContext getSocketFactory]];
# Build the HTTP Request
$urlobj = [new java.net.URL: $url];
if (checkError($error)) {
warn("1: $error");
}
$con = $null;
$con = [$urlobj openConnection];
[$con setRequestMethod: $method];
[$con setInstanceFollowRedirects: true];
[$con setRequestProperty: "Accept", "*/*"];
[$con setRequestProperty: "Cache-Control", "max-age=0"];
[$con setRequestProperty: "Connection", "keep-alive"];
[$con setRequestProperty: "User-Agent", $USER_AGENT];
# Send the request and obtain the content
$inputstream = [$con getInputStream];
$handle = [SleepUtils getIOHandle: $inputstream, $null];
$responseCode = [$con getResponseCode];
# If a redirect is returned, try again with the redirect target (max 10 times)
if (($responseCode >= 301) && ($responseCode <= 304)) {
warn("Redirect");
$loc = [$con getHeaderField: "Location"];
httpRequest($loc, $n + 1);
}
# return the handle with the content
return $handle;
}
catch $message {
warn("HTTP Request failed: $method $url : $message ");
printAll(getStackTrace());
return "";
}
}
# Create Cobalt Strike menu to download Arsenal
popup Arsenal {
item("&Download", { loadArsenal(); });
}
menubar("Arsenal", "Arsenal");