Sploit Rework MVP Structure, Packaging, and Comms

First part of the MVP for the larger Sploit rework effort.
Add project structure, python packaging, basic comms, and "log" hook.
From in or out of the sploit directory, you can run the "sploit.py"
script, run python -m sploit, or import the sploit modules from the
python3 shell.
You can also pip install Sploit and from anywhere you can run the sploit
command, run python -m sploit, or import the sploit modules from the
python3 shell.
Running as a standalone application, Sploit can run in a "target" mode,
a "pipe" mode, and a "pipe daemon" mode. In "target" mode, Sploit will
launch a target program as a subprocess and run an exploit script
against its I/O.  In "pipe" mode, Sploit will create named fifos and
wait for a program to connect to them to run an exploit script against
them. In "pipe daemon" mode, Sploit will run similar to the "pipe" mode,
but automatically recreate the fifos with the same name after each
execution.
Basic comm operations of read, readline, write, and writeline are
available to the exploit script.
A "log" hook is executed whenever data is read in from the target
program.  This will just print the data out, but it can be configured to
decode it with a specific encoding or you could replace the function for
different behavior.

Signed-off-by: dusoleil <howcansocksbereal@gmail.com>

6 files changed, 120 insertions, 1 deletions

diff --git a/sploit b/sploit
deleted file mode 120000
index 1ba655a..0000000
--- a/sploit
+++ /dev/null
@@ -1 +0,0 @@
-sploit.py
\ No newline at end of file
diff --git a/sploit/__init__.py b/sploit/__init__.py
new file mode 100644
index 0000000..c7d2c93
--- /dev/null
+++ b/sploit/__init__.py
@@ -0,0 +1 @@
+__all__ = ["log","comm"]
diff --git a/sploit/__main__.py b/sploit/__main__.py
new file mode 120000
index 0000000..98537fc
--- /dev/null
+++ b/sploit/__main__.py
@@ -0,0 +1 @@
+../sploit.py
\ No newline at end of file
diff --git a/sploit/comm.py b/sploit/comm.py
new file mode 100644
index 0000000..009f193
--- /dev/null
+++ b/sploit/comm.py
@@ -0,0 +1,68 @@
+import subprocess
+import tempfile
+import os
+
+from sploit.log import log
+
+class Comm:
+    def __init__(self, backend):
+        self.back = backend
+
+    def __del__(self):
+        for line in self.back.stdin:
+            log(line)
+
+    def read(self, size):
+        data = self.back.stdin.read(size)
+        log(data)
+        return data
+
+    def readline(self):
+        data = self.back.stdin.readline()
+        log(data)
+        return data
+
+    def write(self, data):
+        self.back.stdout.write(data)
+        self.back.stdout.flush()
+
+    def writeline(self, data):
+        self.write(data + b'\n')
+
+class Process:
+    def __init__(self, args):
+        print(f"Running: {' '.join(args)}")
+        self.proc = subprocess.Popen(args,
+                stdin=subprocess.PIPE,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.STDOUT)
+        print(f"PID: {self.proc.pid}")
+        self.stdin = self.proc.stdout
+        self.stdout = self.proc.stdin
+
+    def __del__(self):
+        self.proc.wait()
+
+class Pipes:
+    def __init__(self,tmp=None):
+        if(tmp == None):
+            self.dir = tempfile.TemporaryDirectory()
+            dirname = self.dir.name
+        else:
+            dirname =  os.path.join("/tmp",tmp)
+        self.pathin = os.path.join(dirname,"in")
+        self.pathout = os.path.join(dirname,"out")
+        os.mkfifo(self.pathin)
+        os.mkfifo(self.pathout)
+        print("Waiting on Target to Connect...")
+        print("<"+self.pathin+" >"+self.pathout)
+        self.stdout = open(self.pathin,"wb")
+        self.stdin = open(self.pathout, "rb")
+        print("Connected!")
+
+    def __del__(self):
+        self.stdout.close()
+        self.stdin.close()
+        os.unlink(self.pathin)
+        os.unlink(self.pathout)
+
diff --git a/sploit/log.py b/sploit/log.py
new file mode 100644
index 0000000..cd9c3be
--- /dev/null
+++ b/sploit/log.py
@@ -0,0 +1,6 @@
+ENCODING = ''
+def log(s):
+    if ENCODING != '':
+        s = s.decode(ENCODING)
+    print(s)
+
diff --git a/sploit/main.py b/sploit/main.py
new file mode 100644
index 0000000..ebcbd41
--- /dev/null
+++ b/sploit/main.py
@@ -0,0 +1,44 @@
+import argparse
+import tempfile
+
+from sploit.comm import *
+
+def main():
+    parser = argparse.ArgumentParser(description='Execute Sploit Script Against Target')
+    parser.add_argument('-d', '--daemon', action='store_true',
+                        help='run in "daemon" mode with pipes instead of a designated target')
+    parser.add_argument('script',
+                        help='exploit script to run')
+    parser.add_argument('target', nargs=argparse.REMAINDER,
+                        help='target program to exploit')
+    args = parser.parse_args()
+
+    if(len(args.target)>0):
+        if(args.daemon):
+            print("Target Given. Ignoring Daemon Flag...")
+        target(args.script,args.target)
+    else:
+        if(args.daemon):
+            daemon(args.script)
+        else:
+            pipe(args.script)
+
+def daemon(script):
+    print("Running in Pipe Daemon Mode...")
+    tmpdir = tempfile.TemporaryDirectory()
+    tmp = os.path.split(tmpdir.name)[1]
+    while(True):
+        runscript(script,Comm(Pipes(tmp)));
+
+def pipe(script):
+    print("Running in Pipe Mode...");
+    runscript(script,Comm(Pipes()));
+
+def target(script,target):
+    print("Running in Target Mode...")
+    runscript(script,Comm(Process(target)));
+
+def runscript(script,comm):
+    print("Running Script...")
+    exec(open(script).read())
+