refactor: use random user agent as default

docs/USAGE.md

@@ -44,8 +44,7 @@ Request:
   --cookie COOKIE       HTTP Cookie header value
   --host HOST           HTTP Host header value
   --referer REFERER     HTTP Referer header value
-  --user-agent AGENT    HTTP User-Agent header value
-  --random-agent        Use randomly selected HTTP User-Agent header value
+  --user-agent AGENT    HTTP User-Agent header value (default random)
   --proxy PROXY         Use a proxy to connect to the target URL
   --proxy-cred PROXY_CRED
                         Proxy authentication credentials (name:password)
@@ -98,6 +97,7 @@ Modules:
                         Connect back host for target PoC in shell mode
   --lport CONNECT_BACK_PORT
                         Connect back port for target PoC in shell mode
+  --tls                 Enable TLS listener in shell mode
   --comparison          Compare popular web search engines
   --dork-b64            Whether dork is in base64 format
 

manpages/pocsuite.1

@@ -78,10 +78,7 @@ HTTP Host header value
 HTTP Referer header value
 .TP
 \fB\-\-user\-agent\fR AGENT
-HTTP User\-Agent header value
-.TP
-\fB\-\-random\-agent\fR
-Use randomly selected HTTP User\-Agent header value
+HTTP User\-Agent header value (default random)
 .TP
 \fB\-\-proxy\fR PROXY
 Use a proxy to connect to the target URL

pocsuite.ini

@@ -19,10 +19,8 @@ cookie =
 host = 
 ; http referer header value
 referer = 
-; http user-agent header value
+; http user-agent header value (default random)
 agent = 
-; use randomly selected http user-agent header value
-random_agent = False
 ; use a proxy to connect to the target url
 proxy = 
 ; proxy authentication credentials (name:password)

pocsuite3/lib/core/common.py

@@ -92,9 +92,7 @@ def set_paths(root_path):
     paths.POCSUITE_POCS_PATH = os.path.join(paths.POCSUITE_ROOT_PATH, "pocs")
     paths.USER_POCS_PATH = None
 
-    paths.USER_AGENTS = os.path.join(paths.POCSUITE_DATA_PATH, "user-agents.txt")
     paths.WEAK_PASS = os.path.join(paths.POCSUITE_DATA_PATH, "password-top100.txt")
-    paths.LARGE_WEAK_PASS = os.path.join(paths.POCSUITE_DATA_PATH, "password-top1000.txt")
 
     paths.POCSUITE_HOME_PATH = os.path.expanduser("~")
     _ = os.path.join(paths.POCSUITE_HOME_PATH, ".pocsuite")

pocsuite3/lib/core/option.py

@@ -29,7 +29,7 @@
 from pocsuite3.lib.core.exception import PocsuiteSyntaxException, PocsuiteSystemException, PocsuiteHeaderTypeException
 from pocsuite3.lib.core.log import FORMATTER
 from pocsuite3.lib.core.register import load_file_to_module
-from pocsuite3.lib.core.settings import DEFAULT_USER_AGENT, DEFAULT_LISTENER_PORT, CMD_PARSE_WHITELIST
+from pocsuite3.lib.core.settings import DEFAULT_LISTENER_PORT, CMD_PARSE_WHITELIST
 from pocsuite3.lib.core.statistics_comparison import StatisticsComparison
 from pocsuite3.lib.core.update import update
 from pocsuite3.lib.parse.cmd import DIY_OPTIONS
@@ -77,21 +77,6 @@ def _set_http_user_agent():
     set user-agent
     :return:
     '''
-
-    conf.http_headers[HTTP_HEADER.USER_AGENT] = DEFAULT_USER_AGENT
-
-    if conf.random_agent:
-        uapath = os.path.join(paths.POCSUITE_DATA_PATH, 'user-agents.txt')
-        if os.path.exists(uapath):
-            with open(uapath) as f:
-                agents = f.read().split("\n")
-                if len(agents) == 1 and "" in agents:
-                    logger.error("user-agents file is empty will use default")
-                else:
-                    conf.agents = agents
-        else:
-            logger.error("user-agents file not fond will use default")
-
     if conf.agent:
         conf.http_headers[HTTP_HEADER.USER_AGENT] = conf.agent
 
@@ -246,6 +231,7 @@ def _set_multiple_targets():
     if conf.dork_quake:
         conf.plugins.append('target_from_quake')
 
+
 def _set_task_queue():
     if kb.registered_pocs and kb.targets:
         for poc_module in kb.registered_pocs:
@@ -510,15 +496,13 @@ def _set_conf_attributes():
     conf.referer = None
     conf.agent = None
     conf.headers = None
-    conf.random_agent = None
     conf.proxy = None
     conf.proxy_cred = None
     conf.proxies = {}
     conf.timeout = 30
     conf.retry = 0
     conf.delay = 0
     conf.http_headers = {}
-    conf.agents = [DEFAULT_USER_AGENT]  # When loading from the plug-in, if the data source has no default value, it needs to be processed
     conf.login_user = None
     conf.login_pass = None
     conf.shodan_token = None

pocsuite3/lib/core/optiondict.py

@@ -17,7 +17,6 @@
         'host': 'string',
         'referer': 'string',
         'agent': 'string',
-        'random_agent': 'boolean',
         'proxy': 'string',
         'proxy_cred': 'string',
         'timeout': 'string',

pocsuite3/lib/core/settings.py

@@ -54,8 +54,6 @@
 # Encoding used for Unicode data
 UNICODE_ENCODING = "utf-8"
 
-DEFAULT_USER_AGENT = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36"
-
 BOLD_PATTERNS = (
     "' is vulnerable",
     "success",
@@ -123,7 +121,6 @@
     "host",
     "referer",
     "user-agent",
-    "random-agent",
     "proxy",
     "proxy-cred",
     "timeout",

pocsuite3/lib/parse/cmd.py

@@ -54,9 +54,7 @@ def cmd_line_parser(argv=None):
         request.add_argument("--cookie", dest="cookie", help="HTTP Cookie header value")
         request.add_argument("--host", dest="host", help="HTTP Host header value")
         request.add_argument("--referer", dest="referer", help="HTTP Referer header value")
-        request.add_argument("--user-agent", dest="agent", help="HTTP User-Agent header value")
-        request.add_argument("--random-agent", dest="random_agent", action="store_true", default=False,
-                             help="Use randomly selected HTTP User-Agent header value")
+        request.add_argument("--user-agent", dest="agent", help="HTTP User-Agent header value (default random)")
         request.add_argument("--proxy", dest="proxy", help="Use a proxy to connect to the target URL")
         request.add_argument("--proxy-cred", dest="proxy_cred", help="Proxy authentication credentials (name:password)")
         request.add_argument("--timeout", dest="timeout", help="Seconds to wait before timeout connection (default 30)")

pocsuite3/lib/request/patch/hook_request.py

@@ -1,9 +1,9 @@
-from random import choice
 from pocsuite3.lib.core.data import conf
 from pocsuite3.lib.core.enums import HTTP_HEADER
+from pocsuite3.lib.utils import generate_random_user_agent
 from requests.models import Request
 from requests.sessions import Session
-from requests.sessions import merge_setting, merge_cookies
+from requests.sessions import merge_cookies
 from requests.cookies import RequestsCookieJar
 from requests.utils import get_encodings_from_content, to_key_val_list
 from requests.compat import OrderedDict, Mapping
@@ -37,8 +37,8 @@ def _merge_retain_none(request_setting, session_setting, dict_class=OrderedDict)
     # Create the Request.
     merged_cookies = merge_cookies(merge_cookies(RequestsCookieJar(), self.cookies),
                                    cookies or (conf.cookie if 'cookie' in conf else None))
-    if conf.random_agent:
-        conf.http_headers[HTTP_HEADER.USER_AGENT] = choice(conf.agents)
+    if not conf.agent:
+        conf.http_headers[HTTP_HEADER.USER_AGENT] = generate_random_user_agent()
 
     req = Request(
         method=method.upper(),

pocsuite3/lib/utils/__init__.py

@@ -43,6 +43,10 @@ def random_str(length=10, chars=string.ascii_letters + string.digits):
     return ''.join(random.sample(chars, length))
 
 
+def generate_random_user_agent():
+    return Faker().user_agent()
+
+
 def get_middle_text(text, prefix, suffix, index=0):
     """
     Simple implementation of obtaining intermediate text

pocsuite3/modules/httpserver/__init__.py

@@ -90,7 +90,7 @@ class HTTPServerV4(HTTPServer):
 
 class PHTTPServer(threading.Thread, metaclass=PHTTPSingleton):
     def __init__(self, bind_ip='0.0.0.0', bind_port=666, is_ipv6=False, use_https=False,
-                 certfile=os.path.join(paths.POCSUITE_DATA_PATH, 'cacert.pem'),
+                 certfile=os.path.join(paths.POCSUITE_TMP_PATH, 'cacert.pem'),
                  requestHandler=BaseRequestHandler):
         gen_cert(filepath=certfile)
         threading.Thread.__init__(self)

pocsuite3/modules/listener/reverse_tcp.py

@@ -32,7 +32,7 @@ def get_sock_listener(listen_port, listen_host="0.0.0.0", ipv6=False, protocol=N
     if conf.enable_tls_listener and protocol == socket.SOCK_STREAM:
         import ssl
         context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-        cert_path = os.path.join(paths.POCSUITE_DATA_PATH, 'cacert.pem')
+        cert_path = os.path.join(paths.POCSUITE_TMP_PATH, 'cacert.pem')
         gen_cert(filepath=cert_path)
         context.load_cert_chain(cert_path)
         s = context.wrap_socket(s, server_side=True)

tests/test_configfile.py

@@ -55,9 +55,7 @@ def test_build_ini(self):
             request.add_option("--cookie", dest="cookie", help="HTTP Cookie header value")
             request.add_option("--host", dest="host", help="HTTP Host header value")
             request.add_option("--referer", dest="referer", help="HTTP Referer header value")
-            request.add_option("--user-agent", dest="agent", help="HTTP User-Agent header value")
-            request.add_option("--random-agent", dest="random_agent", action="store_true", default=False,
-                               help="Use randomly selected HTTP User-Agent header value")
+            request.add_option("--user-agent", dest="agent", help="HTTP User-Agent header value (default random)")
             request.add_option("--proxy", dest="proxy", help="Use a proxy to connect to the target URL")
             request.add_option("--proxy-cred", dest="proxy_cred",
                                help="Proxy authentication credentials (name:password)")