'''Netcat replacement in Python.Suggestions:* Run as Python script or as

1. '''
2. Netcat replacement in Python.
3.  
4. Suggestions:
5. * Run as Python script or as executable to suit your needs.
6. '''
7.  
8. import sys
9. import socket
10. import getopt
11. import threading
12. import subprocess
13.  
14.  
15. # Define global variables
16. listen = False
17. command = False
18. upload = False
19. execute = ""
20. target = ""
21. upload_destination = ""
22. port = ""
23.  
24.  
25. def usage():
26. print '''
27. <PyNet>\n
28. Usage: pynet.py -t <target_IP> -p <port>\n
29. Options:
30. -l --listen : listen on <host>:<port> for incoming connections
31. -e --execute=<file to run> : execute the given file upon receiving a connection
32. -c --command : initialize a command shell
33. -u --upload=<destination> : upon receiving a connection, upload a file and write to <destination>
34.  
35. Examples:
36. pynet.py -t 192.168.0.1 -p 5555 -l -c
37. pynet.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe
38. pynet.py -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd\"
39. echo 'ABCDEFGHI' | ./pynet.py -t 192.168.11.12 -p 135
40. '''
41. sys.exit(0)
42.  
43.  
44. def client_sender(buffer):
45. client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
46.  
47. try:
48. client.connect((target, port))
49.  
50. if len(buffer):
51. client.send(buffer)
52.  
53. while True:
54. # Wait for data
55. recv_len = 1
56. response = ""
57.  
58. while recv_len:
59. data = client.recv(4096)
60. recv_len = len(data)
61. response += data
62.  
63. if recv_len < 4096:
64. break
65.  
66. print response
67.  
68. # Wait for more input
69. buffer = raw_input("")
70. buffer += "\n"
71.  
72. # Send the input
73. client.send(buffer)
74.  
75. except:
76. print "[!] Error! Exiting..."
77. client.close()
78.  
79.  
80. def server_loop():
81. global target
82.  
83. # If no target is defined, we listen on all interfaces
84. if not len(target):
85. target = "0.0.0.0"
86.  
87. server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
88. server.bind((target, port))
89. server.listen(5)
90.  
91. while True:
92. client_socket, addr = server.accept()
93. print "[+] Received connection from: {}".format(addr)
94.  
95. # Spin off a thread to handle our new client
96. client_thread = threading.Thread(target=client_handler,
97. args=(client_socket,))
98. client_thread.start()
99.  
100.  
101. def run_command(command):
102. # Trim the newline
103. command = command.rstrip()
104.  
105. # Run the command and get the output back
106. try:
107. output = subprocess.check_output(command, stderr=subprocess.STDOUT, shell=True)
108. except:
109. output = "[!] Failed to execute command.\r\n"
110.  
111. # Send the output back to the client
112. return output
113.  
114.  
115. def client_handler(client_socket):
116. global upload
117. global execute
118. global command
119.  
120. # Check for upload
121. if len(upload_destination):
122. # Read in all of the bytes and write to our destination
123. file_buffer = ""
124.  
125. # Keep reading data until none is available
126. while True:
127. data = client_socket.recv(1024)
128.  
129. if not data:
130. break
131. else:
132. file_buffer += data
133.  
134. # Take the bytes and try to write them out
135. try:
136. file_descriptor = open(upload_destination, "wb")
137. file_descriptor.write(file_buffer)
138. file_descriptor.close()
139.  
140. # Acknowledge that we wrote the file out
141. client_socket.send("[+] Successfully saved file to: {}\r\n".format(upload_destination))
142.  
143. except:
144. client_socket.send("[!] Failed to save file to: {}\r\n".format(upload_destination))
145.  
146. # Check for command execution
147. if len(execute):
148. # Run the command
149. output = run_command(execute)
150. client_socket.send(output)
151.  
152. # Go into another loop if a command shell was requested
153. if command:
154. while True:
155. # Show a simple prompt
156. client_socket.send("<PyNet:#> ")
157.  
158. # Receive until we see a linefeed <enter key>
159. cmd_buffer = ""
160. while "\n" not in cmd_buffer:
161. cmd_buffer += client_socket.recv(1024)
162.  
163. # Send back the command output
164. response = run_command(cmd_buffer)
165.  
166. # Send back the response
167. client_socket.send(response)
168.  
169.  
170. def main():
171. global listen
172. global port
173. global execute
174. global command
175. global upload_destination
176. global target
177.  
178. if not len(sys.argv[1:]):
179. usage()
180.  
181. # Read the command line options
182. try:
183. opts, args = getopt.getopt(sys.argv[1:], "hle:t:p:cu", ["help", "listen", "execute", "target", "port", "command", "upload"])
184.  
185. except:
186. print str(err)
187. usage()
188.  
189. for o, a in opts:
190. if o in ("-h", "--help"):
191. usage()
192. elif o in ("-l", "--listen"):
193. listen = True
194. elif o in ("-e", "--execute"):
195. execute = a
196. elif o in ("-c", "--commandshell"):
197. command = True
198. elif o in ("-u", "--upload"):
199. upload_destination = a
200. elif o in ("-t", "--target"):
201. target = a
202. elif o in ("-p", "--port"):
203. port = int(a)
204. else:
205. assert False, "Unhandled Option"
206.  
207. # Are we going to listen or just send data from stdin?
208. if not listen and len(target) and port > 0:
209. '''
210. Read in the buffer from the commandline this will block,
211. so send CTRL-D if not sending input to stdin
212. '''
213. print "[*] Press CTRL-D to enter an interactive shell."
214. buffer = sys.stdin.read()
215.  
216. # Send data
217. client_sender(buffer)
218.  
219. '''
220. We are going to listen and potentially upload things, execute
221. commands, and drop a shell back depending on our command line
222. options
223. '''
224. if listen:
225. server_loop()
226.  
227. main()