Tab completion

CHANGES

@@ -1,3 +1,7 @@
+autopwn v0.18.0 - 20150609
+
+* Tab completion
+
 autopwn v0.17.0 - 20150601
 
 * autopwn shell (similar to msfconsole)

autopwn/__init__.py

@@ -29,7 +29,7 @@
 
 class Arguments:
     argparse_description = '''
-autopwn v0.17.0
+autopwn 0.18.0
 By Aidan Marlin
 Email: aidan [dot] marlin [at] nccgroup [dot] trust'''
 
@@ -599,7 +599,7 @@ def __init__(self, config, directory, log_filename, log_type, log_string):
             except OSError as e:
                 Error(30,"[E] Error creating log file: " + e)
             if config.log_started != True:
-                log_file.write("## autopwn v0.17.0 command output\n")
+                log_file.write("## autopwn 0.18.0 command output\n")
                 log_file.write("## Started logging at " + date_time + "...\n")
                 config.log_started = True
 
@@ -622,8 +622,7 @@ def __init__(self, config):
 
 class Debug:
     def __init__(self, config, arg):
-        for item in config.tools:
-            print(item)
+        import IPython; IPython.embed()
 
 class Clear:
     def __init__(self, config, arg):
@@ -701,9 +700,17 @@ def __init__(self):
 class Shell(cmd.Cmd):
     config = Configuration()
 
-    intro = 'autopwn v0.17.0 shell. Type help or ? to list commands.\n'
+    print("autopwn 0.18.0 shell. Type help or ? to list commands.\n")
     prompt = 'autopwn > '
 
+    def cmdloop(self):
+        try:
+            cmd.Cmd.cmdloop(self)
+        except KeyboardInterrupt as e:
+            print()
+            print("Type 'quit' to exit autopwn shell")
+            self.cmdloop()
+
     def do_clear(self, arg):
         'Clear job queue'
         Clear(self.config,arg)
@@ -724,6 +731,18 @@ def do_show(self, arg):
         Show(self.config,arg)
         View('show',self.config)
 
+    def complete_show(self, text, line, begin, end):
+        operations = ['options','jobs','config']
+
+        if not text:
+            completions = operations
+        else:
+            completions = [ operation
+                            for operation in operations
+                                if operation.startswith(text)
+                          ]
+        return completions
+
     def do_save(self, arg):
         'Save instance settings'
         Save(self.config)
@@ -739,18 +758,70 @@ def do_use(self, arg):
         Use(self.config,arg)
         View('use',self.config,target=self.config.instance)
         if self.config.resource_found == True:
+            if (sys.stdout.isatty()) == True:
+                arg = '\x1b[%sm%s\x1b[0m' % \
+                    (';'.join(['31']), arg)
             self.prompt = 'autopwn (' + arg + ') > '
 
+    def complete_use(self, text, line, begin, end):
+        if not text:
+            # Add assessments
+            completions = [ 'assessment/' + assessment['name']
+                            for assessment in self.config.assessments
+                          ]
+            # Add tools
+            completions = completions + [ 'tool/' + tool['name']
+                            for tool in self.config.tools
+                          ]
+        else:
+            # Drop tool/ and assessment/ from input so we have
+            # a chance of finding what we're looking for
+            text = text.replace('assessment/','')
+            text = text.replace('tool/','')
+            # Add assessments which match
+            completions = [ 'assessment/' + assessment['name']
+                            for assessment in self.config.assessments
+                                if assessment['name'].startswith(text)
+                          ]
+            # Add tools which match
+            completions = completions + [ 'tool/' + tool['name']
+                            for tool in self.config.tools
+                                if tool['name'].startswith(text)
+                          ]
+        return completions
+
     def do_set(self, arg):
         'Set configuration option'
         Set(self.config,arg)
         View('set',self.config)
 
+    def complete_set(self, text, line, begin, end):
+        for tool in self.config.tools:
+            if tool['name'] in self.config.instance['tool']:
+                completions = tool['rules']['target-parameter-exists']
+        if text != None:
+            completions = [ parameter
+                            for parameter in completions
+                                if parameter.startswith(text)
+                          ]
+        return completions
+
     def do_unset(self, arg):
         'Clear configuration option'
         Unset(self.config,arg)
         View('unset',self.config)
 
+    def complete_unset(self, text, line, begin, end):
+        for tool in self.config.tools:
+            if tool['name'] in self.config.instance['tool']:
+                completions = tool['rules']['target-parameter-exists']
+        if text != None:
+            completions = [ parameter
+                            for parameter in completions
+                                if parameter.startswith(text)
+                          ]
+        return completions
+
     def do_bye(self, arg):
         'Quit autopwn'
         self.terminate()
@@ -781,6 +852,7 @@ def terminate(self):
         quote.append("Programmers are tools for converting caffeine into code.")
         quote.append("Those who can't write programs, write help files.")
         print(random.choice(quote))
+        CleanUp()
         sys.exit(0)
 
 def _main(arglist):

autopwn/assessments/dir-brute.apc

@@ -1,4 +1,4 @@
 name: dir-brute
 long_name: Directory Brute Forcing
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 description: Brute force web application files.

autopwn/assessments/drupal.apc

@@ -1,4 +1,4 @@
 name: drupal
 long_name: Drupal Scans
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 description: Run CMSmap Drupal scans against target.

autopwn/assessments/example.apc_

@@ -7,7 +7,7 @@ name: example
 long_name: Example (Parallel)
 
 # Autopwn version
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 
 # Assessment description
 description: Example assessment configuration file

autopwn/assessments/nmap-common-ports.apc

@@ -1,4 +1,4 @@
 name: nmap-common-ports
 long_name: Nmap Scan (Common TCP Ports)
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 description: Run nmap scanner against common TCP ports of target.

autopwn/assessments/nmap.apc

@@ -1,4 +1,4 @@
 name: nmap
 long_name: Nmap Scan (All TCP Ports)
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 description: Run nmap scanner against all TCP ports on target.

autopwn/assessments/ssl-audit.apc

@@ -1,4 +1,4 @@
 name: ssl-audit
 long_name: SSL Audit
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 description: Run SSL auditing tools against target.

autopwn/assessments/test.apc_

@@ -1,4 +1,4 @@
 name: ssl-audit
 long_name: SSL Audit
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 description: Run SSL auditing tools against target.

autopwn/assessments/udp-scanning.apc

@@ -1,4 +1,4 @@
 name: udp-scan
 long_name: UDP Scanning
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 description: Run UDP scans against target.

autopwn/assessments/webapp.apc

@@ -1,4 +1,4 @@
 name: webapp
 long_name: Web Application
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 description: Run web application specific tools against target

autopwn/assessments/windows-audit.apc

@@ -1,4 +1,4 @@
 name: windows-audit
 long_name: Windows Audit
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 description: Run Windows auditing tools against target

autopwn/tools/arachni.apc

@@ -2,7 +2,7 @@ name: arachni
 binary_name: arachni
 url: http://www.arachni-scanner.com/
 description: Arachni is a Free/Open-Source Web Application Security Scanner aimed towards helping users evaluate the security of web applications.
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['webapp']
 
 rules:

autopwn/tools/cmsmap.apc

@@ -3,7 +3,7 @@ binary_prepend: python2
 binary_name: /root/work/git/CMSmap/cmsmap.py
 url: https://github.com/Dionach/CMSmap 
 description: CMSmap - Drupal instance.
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['drupal']
 
 rules:

autopwn/tools/dirb.apc

@@ -2,7 +2,7 @@ name: dirb
 binary_name: dirb
 url: http://dirb.sourceforge.net/
 description: URL Bruteforcer - DIRB is a Web Content Scanner. It looks for hidden Web Objects.
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['webapp', 'dir-brute']
 
 rules:

autopwn/tools/enum4linux.apc

@@ -2,7 +2,7 @@ name: enum4linux
 binary_name: enum4linux
 url: https://labs.portcullis.co.uk/tools/enum4linux/
 description: Enum4linux is a tool for enumerating information from Windows and Samba systems.
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['infrastructure', 'windows-audit']
 
 rules:

autopwn/tools/example.apc_

@@ -1,4 +1,4 @@
-# autopwn v0.17.0 yaml tool config file
+# autopwn v0.18.0 yaml tool config file
 
 # The name as it will be referenced by in assessments
 name: example
@@ -15,7 +15,7 @@ description: Describes which options can be set and what they mean
 
 # Version
 # The autopwn version with which this config file is compatible with
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 
 # Assessment groups
 # To which assessments this tool should belong

autopwn/tools/httrack.apc

@@ -2,7 +2,7 @@ name: httrack
 binary_name: httrack
 url: http://www.httrack.com/
 description: HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility. It allows you to download a World Wide Web site from the Internet
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['webapp']
 
 # TODO Add cookies?

autopwn/tools/nbtscan.apc

@@ -2,7 +2,7 @@ name: nbtscan
 binary_name: nbtscan
 url: http://www.unixwiz.net/tools/nbtscan.html
 description: NBTScan is a program for scanning IP networks for NetBIOS name information (similar to what the Windows nbtstat tool provides against single hosts).
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['infrastructure', 'windows-audit']
 
 rules:

autopwn/tools/nikto.apc

@@ -2,7 +2,7 @@ name: nikto
 binary_name: nikto
 url: https://cirt.net/Nikto2
 description: Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items.
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['webapp']
 
 # TODO Add cookies? Add list option?

autopwn/tools/nmap-common-ports.apc

@@ -2,7 +2,7 @@ name: nmap-common-ports
 binary_name: nmap
 url: http://nmap.org/
 description: Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['nmap-common-ports', 'infrastructure']
 
 rules:

autopwn/tools/nmap.apc

@@ -2,7 +2,7 @@ name: nmap
 binary_name: nmap
 url: http://nmap.org/
 description: Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['infrastructure', 'nmap']
 
 rules:

autopwn/tools/skipfish.apc

@@ -2,7 +2,7 @@ name: skipfish
 binary_name: skipfish
 url: https://code.google.com/p/skipfish/
 description: Skipfish is an active web application security reconnaissance tool.
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['webapp']
 
 rules:

autopwn/tools/sslscan.apc

@@ -2,7 +2,7 @@ name: sslscan
 binary_name: sslscan
 url: http://sourceforge.net/projects/sslscan/
 description: sslscan tests SSL/TLS enabled services to discover supported cipher suites.
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['ssl-audit']
 
 rules:

autopwn/tools/sslyze.apc

@@ -2,7 +2,7 @@ name: sslyze
 binary_name: sslyze
 url: https://github.com/iSECPartners/sslyze
 description: Fast and full-featured SSL scanner.
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['ssl-audit']
 
 rules:

autopwn/tools/test.apc_

@@ -1,7 +1,7 @@
 name: test
 binary_location: /usr/bin/test
 url: http://test.sourceforge.net/
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 
 rules:
     target-parameter-exists: [['ip','ip_address_list']]

autopwn/tools/testsslserver.apc

@@ -2,7 +2,7 @@ name: testsslserver
 binary_name: /root/Downloads/TestSSLServer.jar
 url: http://www.bolet.org/TestSSLServer/
 description: TestSSLServer is a simple command-line tool which contacts a SSL/TLS server (name and port are given as parameters) and obtains some information from it.
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['ssl-audit']
 
 rules:

autopwn/tools/udp-proto-scanner.apc

@@ -2,7 +2,7 @@ name: udp-proto-scanner
 binary_name: udp-proto-scanner.pl
 url: https://labs.portcullis.co.uk/tools/udp-proto-scanner/
 description: udp-proto-scanner is a perl script which discovers UDP services by sending triggers to a list of hosts.
-autopwn_version: 0.17.0
+autopwn_version: 0.18.0
 assessment_groups: ['infrastructure', 'udp-scan']
 
 rules:

setup.py

@@ -7,7 +7,7 @@
 
 setup(
     name='autopwn',
-    version='0.17.0',
+    version='0.18.0',
     description='Specify pentest targets and run sets of tools against them',
     long_description=long_desc,
     author='Aidan Marlin',