From d00ae5d7489d94aedde6f21c4e11294f9eda9e77 Mon Sep 17 00:00:00 2001
From: Pyro57000 <147988717+Pyro57000@users.noreply.github.com>
Date: Mon, 20 Nov 2023 10:54:37 -0600
Subject: [PATCH] create CS eyewitness

this will parse your services.tsv that you can get out of cobalt strike and get the web servers, then read your proxychains.conf file and proxy in eyewitness to take a look at them.
---
 cs-eyewitness/Cargo.lock  |  7 ++++
 cs-eyewitness/Cargo.toml  |  8 +++++
 cs-eyewitness/src/main.rs | 69 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 84 insertions(+)
 create mode 100644 cs-eyewitness/Cargo.lock
 create mode 100644 cs-eyewitness/Cargo.toml
 create mode 100644 cs-eyewitness/src/main.rs

diff --git a/cs-eyewitness/Cargo.lock b/cs-eyewitness/Cargo.lock
new file mode 100644
index 0000000..e6c7044
--- /dev/null
+++ b/cs-eyewitness/Cargo.lock
@@ -0,0 +1,7 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "cs-eyewitness"
+version = "0.1.0"
diff --git a/cs-eyewitness/Cargo.toml b/cs-eyewitness/Cargo.toml
new file mode 100644
index 0000000..fecdeb3
--- /dev/null
+++ b/cs-eyewitness/Cargo.toml
@@ -0,0 +1,8 @@
+[package]
+name = "cs-eyewitness"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
diff --git a/cs-eyewitness/src/main.rs b/cs-eyewitness/src/main.rs
new file mode 100644
index 0000000..43e6c7a
--- /dev/null
+++ b/cs-eyewitness/src/main.rs
@@ -0,0 +1,69 @@
+use std::fs;
+use std::io::Write;
+use std::process::Command;
+use std::env;
+
+
+fn main() {
+    let usage = "
+cs-eyewitness /path/to/services.tsv timeout(optional)
+note if you have errors parsing your proxychains config file make sure its space separated instead of tab.
+    ";
+    let args: Vec<String> = env::args().collect();
+    if args.len() < 2{
+        print!("{}",usage);
+    }
+    else{
+        let http_ports = vec!("80", "8080", "8000", "8008");
+        let https_ports = vec!("443", "4443", "4433", "8443", "10443");
+        let text = fs::read_to_string(&args[1]).expect("error opening hosts file");
+        let lines: Vec<&str> = text.split("\n").collect();
+        let mut report_folder= String::new();
+        println!("name of the folder to store your reports?");
+        std::io::stdin().read_line(&mut report_folder).expect("error naming report folder");
+        let mut output = fs::File::create("./temp_urls.txt").expect("error writing temp file");
+        for line in lines{
+            if line.len()>1{
+                let separated_line:Vec<&str> = line.split("\t").collect();
+                for port in &http_ports{
+                    if &separated_line[1] ==  port{
+                        let outline = format!("http://{}:{}\n",separated_line[0],separated_line[1]);
+                        output.write_all(outline.as_bytes()).expect("error writing file");
+                    }
+                }
+                for port in &https_ports{
+                    if &separated_line[1] == port{
+                        let outline = format!("https://{}:{}\n",separated_line[0],separated_line[1]);
+                        output.write_all(outline.as_bytes()).expect("error writing file");
+                    }
+                }
+            }
+        }
+        println!("Reading Proxychains Configuration...");
+        let proxychains_text = fs::read_to_string("/etc/proxychains.conf").expect("error reading proxychains file");
+        let conf_text: Vec<&str> = proxychains_text.split("[ProxyList]").collect();
+        let conf_section = conf_text[1];
+        let lines:Vec<&str> = conf_section.split("\n").collect();
+        let mut proxy_type = String::new();
+        let mut proxy_address = String::new();
+        let mut proxy_port = String::new();
+        for line in lines{
+            if line.contains("socks"){
+                let split_line:Vec<&str> = line.split(" ").collect();
+                proxy_type = split_line[0].to_owned();
+                proxy_address = split_line[1].to_owned();
+                proxy_port = split_line[2].to_owned();
+            }
+        }
+        let mut timeout = "120";
+        println!("Proxy settings loaded!");
+        if args.len() == 3{
+            timeout = &args[2];
+        }
+        println!("Socks Version: {} | Socks IP Address {} | Socks Port {}",proxy_type, proxy_address, proxy_port);
+        println!("eyewitness is running in the background, this will take a while, please do not close this window.");
+        Command::new("eyewitness").arg("--proxy-ip").arg(proxy_address).arg("--proxy-port").arg(proxy_port).arg("--proxy-type").arg(proxy_type).arg("--timeout").arg(timeout).arg("-f").arg("./temp_urls.txt").arg("-d").arg(report_folder.trim_end()).output().expect("error running eyewitness command");
+        fs::remove_file("./temp_urls.txt").expect("error removing temp url file");
+    }
+}
+