Add HTML menu rather than CLI

Al-Azif · Jan 2, 2018 · 019d470 · 019d470
1 parent 5be5fa4
commit 019d470
Show file tree

Hide file tree

Showing 3 changed files with 111 additions and 30 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -1 +1,2 @@
+exploit/index.html linguist-generated=true
 updates/ps4-updatefeature.html linguist-generated=true
diff --git a/exploit/index.html b/exploit/index.html
diff --git a/start.py b/start.py
@@ -90,7 +90,7 @@ def network_test(self, size):
         data = b'\0' * size
         self.my_sender('text/plain', data)
 
-    def exploit_match(self):
+    def exploit_matcher(self):
         path = self.path.rsplit('/', 1)[-1]
         if not path or path == '/':
             path = 'index.html'
@@ -100,7 +100,21 @@ def exploit_match(self):
         with open(os.path.join(EXPLOIT_LOC, path), 'rb') as buf:
             data = buf.read()
             if path == 'index.html':
-                data = inject_credits(data)
+                data = self.inject_exploit_html(data)
+            self.my_sender(mime[0], data)
+
+    def exploit(self):
+        path = self.path.rsplit('/', 1)[-1]
+        if not path or path == '/':
+            path = 'index.html'
+        which = self.path.rsplit('/')[-2]
+        mime = mimetypes.guess_type(path)
+        if not mime[0]:
+            mime[0] = 'application/octet-stream'
+        with open(os.path.join(EXPLOIT_LOC, which, path), 'rb') as buf:
+            data = buf.read()
+            if path == 'index.html':
+                data = self.inject_credits(data)
             self.my_sender(mime[0], data)
 
     def payload_launcher(self):
@@ -117,6 +131,24 @@ def payload_launcher(self):
                                       daemon=True)
             thread.start()
 
+    def inject_exploit_html(self, html):
+        inject = b'<li><a href="/exploits/{EXP}/">{EXP}</a></li>\n'
+        data = b''
+        try:
+            for exploit in os.listdir(EXPLOIT_LOC):
+                if exploit != 'index.html':
+                    data += inject.replace(b'{EXP}', bytes(exploit, 'utf-8'))
+        except IOError:
+            pass
+
+        return html.replace(b'{EXPLOITS}', data)
+
+    def inject_credits(self, html):
+        inject = b'<center><h1 id=clck>...</h1>PS4 Exploit Host by ' + \
+                 b'<a href="https://twitter.com/_AlAzif">Al Azif</a><br/>'
+
+        return html.replace(b'<center><h1 id=clck>...</h1>', inject)
+
     def do_GET(self):
         """Determines how to handle HTTP requests"""
         try:
@@ -130,8 +162,10 @@ def do_GET(self):
                 self.network_test(2097152)
             elif re.match('^/networktest/get_6m', self.path):
                 self.network_test(6291456)
-            elif re.match('^/document/[a-zA-Z\-]{2,5}/ps4/', self.path):
-                self.exploit_match()
+            elif re.match('^/document/[a-zA-Z\-]{2,5}/ps4/index.html', self.path):
+                self.exploit_matcher()
+            elif re.match('^/exploits/[a-zA-Z0-9\-\_]*/', self.path):
+                self.exploit()
             else:
                 self.send_error(404)
         except IOError:
@@ -380,13 +414,6 @@ def menu_header():
     print('└────────────────────────────────────────────────────────┘')
 
 
-def inject_credits(html):
-    inject = b'<center><h1 id=clck>...</h1>PS4 Exploit Host by ' + \
-             b'<a href="https://twitter.com/_AlAzif">Al Azif</a><br/>'
-
-    return html.replace(b'<center><h1 id=clck>...</h1>', inject)
-
-
 def main():
     """The main logic"""
     global DEBUG
@@ -399,9 +426,6 @@ def main():
         closer('ERROR: This must be run by root as it requires port 53 & 80')
 
     parser = argparse.ArgumentParser(description='PS4 Exploit Host')
-    parser.add_argument('--exploit', dest='e_type', action='store',
-                        default='', required=False,
-                        help='Select which exploit to host')
     parser.add_argument('--autosend', dest='autosend', action='store',
                         default='', required=False,
                         help='Automatically send payload when exploit loads')
@@ -424,22 +448,6 @@ def main():
         check_update_pup('SYSTEM', '203C76C97F7BE5B881DD0C77C8EDF385')
         check_update_pup('RECOVERY', '741CFE2F0DEC1BB4663571DE78AE31CF')
 
-        if not args.e_type:
-            try:
-                exploits = os.listdir(EXPLOIT_LOC)
-            except IOError:
-                closer('ERROR: No exploit directory found')
-            if not exploits:
-                closer('ERROR: No exploits found')
-            exploit = menu('Exploit', exploits)
-            args.e_type = exploits[exploit]
-
-        if os.path.isdir(os.path.join(EXPLOIT_LOC, args.e_type)) \
-           and args.e_type:
-            EXPLOIT_LOC = os.path.join(EXPLOIT_LOC, args.e_type)
-        else:
-            closer('ERROR: Could not find exploit specified')
-
         lan = get_lan()
 
         rules = generate_dns_rules(lan)