create CS eyewitness

this will parse your services.tsv that you can get out of cobalt strike and get the web servers, then read your proxychains.conf file and proxy in eyewitness to take a look at them.
2023-11-20 10:54:37 -06:00
parent 4e1e64a5b4
commit d00ae5d748
3 changed files with 84 additions and 0 deletions
--- a/cs-eyewitness/src/main.rs
+++ b/cs-eyewitness/src/main.rs
@@ -0,0 +1,69 @@
+use std::fs;
+use std::io::Write;
+use std::process::Command;
+use std::env;
+
+
+fn main() {
+    let usage = "
+cs-eyewitness /path/to/services.tsv timeout(optional)
+note if you have errors parsing your proxychains config file make sure its space separated instead of tab.
+    ";
+    let args: Vec<String> = env::args().collect();
+    if args.len() < 2{
+        print!("{}",usage);
+    }
+    else{
+        let http_ports = vec!("80", "8080", "8000", "8008");
+        let https_ports = vec!("443", "4443", "4433", "8443", "10443");
+        let text = fs::read_to_string(&args[1]).expect("error opening hosts file");
+        let lines: Vec<&str> = text.split("\n").collect();
+        let mut report_folder= String::new();
+        println!("name of the folder to store your reports?");
+        std::io::stdin().read_line(&mut report_folder).expect("error naming report folder");
+        let mut output = fs::File::create("./temp_urls.txt").expect("error writing temp file");
+        for line in lines{
+            if line.len()>1{
+                let separated_line:Vec<&str> = line.split("\t").collect();
+                for port in &http_ports{
+                    if &separated_line[1] ==  port{
+                        let outline = format!("http://{}:{}\n",separated_line[0],separated_line[1]);
+                        output.write_all(outline.as_bytes()).expect("error writing file");
+                    }
+                }
+                for port in &https_ports{
+                    if &separated_line[1] == port{
+                        let outline = format!("https://{}:{}\n",separated_line[0],separated_line[1]);
+                        output.write_all(outline.as_bytes()).expect("error writing file");
+                    }
+                }
+            }
+        }
+        println!("Reading Proxychains Configuration...");
+        let proxychains_text = fs::read_to_string("/etc/proxychains.conf").expect("error reading proxychains file");
+        let conf_text: Vec<&str> = proxychains_text.split("[ProxyList]").collect();
+        let conf_section = conf_text[1];
+        let lines:Vec<&str> = conf_section.split("\n").collect();
+        let mut proxy_type = String::new();
+        let mut proxy_address = String::new();
+        let mut proxy_port = String::new();
+        for line in lines{
+            if line.contains("socks"){
+                let split_line:Vec<&str> = line.split(" ").collect();
+                proxy_type = split_line[0].to_owned();
+                proxy_address = split_line[1].to_owned();
+                proxy_port = split_line[2].to_owned();
+            }
+        }
+        let mut timeout = "120";
+        println!("Proxy settings loaded!");
+        if args.len() == 3{
+            timeout = &args[2];
+        }
+        println!("Socks Version: {} | Socks IP Address {} | Socks Port {}",proxy_type, proxy_address, proxy_port);
+        println!("eyewitness is running in the background, this will take a while, please do not close this window.");
+        Command::new("eyewitness").arg("--proxy-ip").arg(proxy_address).arg("--proxy-port").arg(proxy_port).arg("--proxy-type").arg(proxy_type).arg("--timeout").arg(timeout).arg("-f").arg("./temp_urls.txt").arg("-d").arg(report_folder.trim_end()).output().expect("error running eyewitness command");
+        fs::remove_file("./temp_urls.txt").expect("error removing temp url file");
+    }
+}
+