Hackersh Changelog

# Hackersh Changelog

HEAD

o Delete internal component “submit” for now. It will be back in the future,

together with a nice set of HTTP components.

o Rename “iterate_links” to “web_crawler”. For example:

“http://localhost” -> url -> web_crawler -> ...

o All builtin shell commands and external components will

display usage if -h or –help command line is passed. Example: nmap -h

o Introduce clipboard - new internal component for pasting text from Clipboard.

Example: (Copy a URL) and then clipboard | url | w3af

o Introduce regex_expand - new internal component for inverting Regex.

Example: “http://localhost/index[0-9].html” -> regex_expand -> url

o Root Components can be piped via __STDIN__ key in Context

o Add Components: write, write_all, and read to Write/Read Contexts.

For more info see: info write, info write_all, and info read

o Hackersh loads Environment Variables on Load. For example:

IPV4_ADDRESS=”127.0.0.1” ./bin/hackersh -c ‘_ | nmap | print_all’

o Support Multi-Line in Interactive Console via Backslash (‘’). For example:

show

all

Or: x = 5 And etc.

o print component will print a given context, while print_all will join

(i.e. reduce) all contexts into a single tree and print that tree.

o Components can return Component-level Errors via HackershError() class.

Aggregation occurs at Console-level prior to printing the return value.

o Hackersh Console Prompt can be customize via PROMPT variable. Example:

PROMPT=’% ‘

o Autocomplete with TAB. Examples:

sho<TAB> info nm<TAB> “127.0.0.1” | <TAB> “127.0.0.1” | ipv4_<TAB> and etc.

o Add show Command (e.g. show)

o Add info Command (e.g. info nmap, info ipv4_address, and etc.)

o Add help Command (e.g. help help, help exit, and etc.)

o And Limited auto-ocomplete for Shell-like expressions (e.g. ./<TAB> and /<TAB>)

o Automatically Handle (i.e. return False) and Log Exceptions from Components.

To see the a given Component Exceptions use debug=True

o Support realtime STDOUT and STDERR output via debug=True (e.g. “127.0.0.1” -> ipv4_address -> nmap(debug=True))

o Support Shell-style Arg Passing (i.e. “127.0.01” -> ipv4_address -> nmap -p22)

o Support “Smooth” Shell Pipeline Experience (i.e. /bin/cat /etc/hosts | /usr/bin/grep “127.0.0.1” | /usr/bin/awk ‘{ print $1 }’ | /usr/bin/tr -d ‘n’ | ipv4_address | mmap)

o Change DEAFULT_QUERY and DEFAULT_FILTER to support the new Graph Search

Language. Example:

‘context[‘PROTO’] == “TCP” and context[‘PORT’] == “80”’

Changed to:

‘PROTO == “TCP” and PORT == “80”’

o Context can be searched via ‘/’ (read: div) operator

Example:

“127.0.0.1” -> ipv4_address -> nmap

Then:

_/”PORT == ‘80’” -> nikto

Or:

_/”PROTO == ‘TCP’”/”PORT == ‘21’” -> ...

And etc.

o Component Entry Point is changed from run() to main(). Use run() for

external inovcation (i.e. from The Shell, or Python Code) and main() for internal inovcation (i.e. from another Component). The run() method will call the main() method, but will perform init tasks before doing so.

o Context is now a Directed Graph

o Remove RemoteSessionContext, there’s only one Context Object: class Context

o Delete _ordereddict.py

Hackersh 0.2 [2013-05-02]

o Introduce dnsdict6 - new external component for:

Information Gathering / Network Analysis / DNS Analysis dnsdict6 v1.8 (c) 2011 by van Hauser / THC <vh@thc.org> www.thc.org Example: “hackersh.org” -> domain -> dnsdict6(“-4 -s”) -> ...

o Implement SimpleRegExHandler class - a new Pseudo SAX Content Handler

class for processing output using regex

o amap, nikto, nmap, ping, w3af, xprobe2, and browse: Change DEFAULT_QUERY

to evaluate context[‘IPV4_ADDRESS’] before context[‘HOSTNAME’]

o Implement NbtScanStdoutOutputHandler class. Rewrite nbtscan to use it

o Implement SqlMapStdoutOutputHandler class. Rewrite sqlmap to use it

o Implement StdoutOutputHandler - a new Pseudo SAX Content Handler base

class for stdout processing

o Implement ExternalComponentStreamOutput - a new base class for generic

SAX-style output parsing. Change ExternalComponentStdoutOutput and ExternalComponentFileOutput to inherit from it.

o Implement shell_split() and replace shlex.split() with it. shell_split()

will not remove double quotes (i.e. “”) when splitting DEFAULT_QUERY.

o sqlmap: Change DEFAULT_QUERY to use “inline IF” to avoid:

TypeError: unsupported operand type(s) for +: ‘bool’ and ‘str’

Whenever:

context[‘COOKIES’] = False

o Introduce ipv6_address - new root component for processing IPv6 Address.

Example: ”::1” -> ipv6_address -> ...

o Introduce domain - new root component for processing domain names.

Example: “hackersh.org” -> domain -> ...

o Implement HackershError Exception class and add 3 new error messages:

XXX: not enough data to start (if Component Filter is False) XXX: command not found (if Ext. Component filename is missing) XXX: unable to parse (if all Output Handlers failed)

o Split hackersh/network.py and hackersh/misc.py into multiple files and

implement a simple plug-in architecture to load them during startup

o Add support for BackTrack 5R3 and 5R2

Hackersh 0.1 [2013-04-01]

o Initial commit

Questions? Comments?

comments powered by Disqus