o Change DEAFULT_QUERY and DEFAULT_FILTER to support the new Graph Search
Language. Example:
‘context[‘PROTO’] == “TCP” and context[‘PORT’] == “80”’
Changed to:
‘PROTO == “TCP” and PORT == “80”’
o Context can be searched via ‘/’ (read: div) operator
Example:
“127.0.0.1” -> ipv4_address -> nmap
Then:
_/”PORT == ‘80’” -> nikto
Or:
_/”PROTO == ‘TCP’”/”PORT == ‘21’” -> ...
And etc.
o Component Entry Point is changed from run() to main(). Use run() for
external inovcation (i.e. from The Shell, or Python Code) and main() for
internal inovcation (i.e. from another Component). The run() method will
call the main() method, but will perform init tasks before doing so.
o Context is now a Directed Graph
o Remove RemoteSessionContext, there’s only one Context Object: class Context
o Delete _ordereddict.py
Hackersh 0.2 [2013-05-02]
o Introduce dnsdict6 - new external component for:
Information Gathering / Network Analysis / DNS Analysis
dnsdict6 v1.8 (c) 2011 by van Hauser / THC <vh@thc.org> www.thc.org
Example: “hackersh.org” -> domain -> dnsdict6(“-4 -s”) -> ...
o Implement SimpleRegExHandler class - a new Pseudo SAX Content Handler
class for processing output using regex
o amap, nikto, nmap, ping, w3af, xprobe2, and browse: Change DEFAULT_QUERY
to evaluate context[‘IPV4_ADDRESS’] before context[‘HOSTNAME’]
o Implement NbtScanStdoutOutputHandler class. Rewrite nbtscan to use it
o Implement SqlMapStdoutOutputHandler class. Rewrite sqlmap to use it
o Implement StdoutOutputHandler - a new Pseudo SAX Content Handler base
class for stdout processing
o Implement ExternalComponentStreamOutput - a new base class for generic
SAX-style output parsing. Change ExternalComponentStdoutOutput and
ExternalComponentFileOutput to inherit from it.
o Implement shell_split() and replace shlex.split() with it. shell_split()
will not remove double quotes (i.e. “”) when splitting DEFAULT_QUERY.
o sqlmap: Change DEFAULT_QUERY to use “inline IF” to avoid:
TypeError: unsupported operand type(s) for +: ‘bool’ and ‘str’
Whenever:
context[‘COOKIES’] = False
o Introduce ipv6_address - new root component for processing IPv6 Address.
Example: ”::1” -> ipv6_address -> ...
o Introduce domain - new root component for processing domain names.
Example: “hackersh.org” -> domain -> ...
o Implement HackershError Exception class and add 3 new error messages:
XXX: not enough data to start (if Component Filter is False)
XXX: command not found (if Ext. Component filename is missing)
XXX: unable to parse (if all Output Handlers failed)
o Split hackersh/network.py and hackersh/misc.py into multiple files and
implement a simple plug-in architecture to load them during startup