4. Modules (exploits) development
All modules are inherited from main class – Sploit. This class contains basic methods for interaction with a server.
4.1. Main modules writing rules:
- Module should contain INFO dictionary with the keys «NAME», «DESCRIPTION», «NOTES», – which defines the name, brief description, detailed description respectively.
- Module could contain OPTIONS dict, with appropriate user defined keys which influence GUI and could be altered from GUI .
- args(self, OPTIONS) method allows for GUI altered parameters and options import so that a user could use them in module. When module has been started with listener being autorun, – listener port could be obtained like so: listener_port = Sploit.args(self, OPTIONS)[‘listener’][‘PORT’]
- Method self.log(msg) – send messages to GUI and writes them down to text log file.
- Method self.finish(state) is used when module finished to operate… state = True, for successfull exploitation complete, state = False, when modules failed for some reason
Depending on the option type, GUI options are displayed differently.
Simple option type could be set like: OPTION[‘int’] = 10 or OPTION[‘bool’]=True.
More complex option type allowing to choose from list: OPTION[‘list’] = dict(options=[a,b,c], selected=c)
4.2. Auxillary classes
There are several auxillary classes which could be of use for exploit writers:
- PortScannerMT. Simple multi threaded scanner allowing to define whether port is open or closed on the remote machine
- Shellcode generator for several OS.