Wip

README.md

@@ -1,19 +1,57 @@
-### PhpSploit: _Furtive post-exploitation framework_
-Full-featured **C2 framework** which silently persists on webserver via **evil PHP oneliner**
+<p align="center">
+  <a href="https://github.com/nil0x42/phpsploit" alt="master">
+    <img src="data/img/logo.png" alt="Master">
+  </a>
+</p>
+
+<p align="center">
+    Full-featured C2 framework which silently persists on webserver via <b>polymorphic PHP oneliner</b>
+</p>
+<br>
+
+<p align="center">
+  <a href="https://travis-ci.org/nil0x42/phpsploit">
+    <img src="https://travis-ci.org/nil0x42/phpsploit.svg?branch=master" alt="travis build">
+  </a>
+  <a href="https://requires.io/github/nil0x42/phpsploit/requirements/?branch=master">
+    <img src="https://requires.io/github/nil0x42/phpsploit/requirements.svg?branch=master" alt="requires.io requirements">
+  </a>
+  <a href="https://app.codacy.com/app/nil0x42/phpsploit?utm_source=github.com&utm_medium=referral&utm_content=nil0x42/phpsploit&utm_campaign=Badge_Grade_Dashboard">
+    <img src="https://api.codacy.com/project/badge/Grade/b998fe23c25f40a78c6c35c722bb9fa0" alt="codacy code quality">
+  </a>
+  <a href="https://lgtm.com/projects/g/nil0x42/phpsploit/alerts/">
+    <img src="https://img.shields.io/lgtm/alerts/g/nil0x42/phpsploit.svg?logo=lgtm&logoWidth=18" alt="lgtm alerts">
+  </a>
+  <a href="https://codecov.io/gh/nil0x42/phpsploit">
+    <img src="https://codecov.io/gh/nil0x42/phpsploit/branch/master/graph/badge.svg" alt="codecov coverage">
+  </a>
+  <a href="https://codeclimate.com/github/nil0x42/phpsploit/maintainability">
+    <img src="https://api.codeclimate.com/v1/badges/6986200c1729b4a70a40/maintainability" alt="codeclimate maintainability">
+  </a>
+</p>
+
+<p align="center">
+  <a href="https://twitter.com/intent/follow?screen_name=nil0x42" target="_blank">
+    <img src="https://img.shields.io/twitter/follow/nil0x42.svg?logo=twitter">
+  </a>
+</p>
+
+<div align="center">
+  <sub>
+    Created by
+    <a href="https://twitter.com/nil0x42">nil0x42</a> and
+    <a href="https://github.com/nil0x42/phpsploit#contributors">contributors</a>
+  </sub>
+</div>
+
+<br>
 
-[![twitter follow](https://img.shields.io/twitter/follow/nil0x42?label=Follow%20nil0x42%20%21&style=social)](https://twitter.com/intent/follow?screen_name=nil0x42)<br>
-
-[![travis build](https://travis-ci.org/nil0x42/phpsploit.svg?branch=master)](https://travis-ci.org/nil0x42/phpsploit)
-[![license](https://img.shields.io/github/license/nil0x42/phpsploit.svg)](https://github.com/nil0x42/phpsploit/blob/master/LICENSE)
-[![requires.io requirements](https://requires.io/github/nil0x42/phpsploit/requirements.svg?branch=master)](https://requires.io/github/nil0x42/phpsploit/requirements/?branch=master)<br>
-[![codacy code quality](https://api.codacy.com/project/badge/Grade/b998fe23c25f40a78c6c35c722bb9fa0)](https://app.codacy.com/app/nil0x42/phpsploit?utm_source=github.com&utm_medium=referral&utm_content=nil0x42/phpsploit&utm_campaign=Badge_Grade_Dashboard)
-[![lgtm alerts](https://img.shields.io/lgtm/alerts/g/nil0x42/phpsploit.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/nil0x42/phpsploit/alerts/)
-[![codecov coverage](https://codecov.io/gh/nil0x42/phpsploit/branch/master/graph/badge.svg)](https://codecov.io/gh/nil0x42/phpsploit)
-[![codeclimate maintainability](https://api.codeclimate.com/v1/badges/6986200c1729b4a70a40/maintainability)](https://codeclimate.com/github/nil0x42/phpsploit/maintainability)
+* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 
-![phpsploit demo](data/img/phpsploit-demo.png)
+<p align="center">
+  <img src="data/img/demo.png">
+</p>
 
-* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 
 #### Overview
 

data/README

@@ -19,7 +19,7 @@
     It contains the introduction message, written right below the ascii logo.
 
 
-./messages.lst
+./quotes.lst
 ==============
     This useless file contains a list of quotes, randomly picked-up and
     printed on framework start/end, just for fun!

data/logo.ascii

@@ -1,6 +1,11 @@
-       _                     _       _ _
- _ __ | |__  _ __  ___ _ __ | | ___ (_) |_
-| '_ \| '_ \| '_ \/ __| '_ \| |/ _ \| | __|
-| |_) | | | | |_) \__ \ |_) | | (_) | | |_
-| .__/|_| |_| .__/|___/ .__/|_|\___/|_|\__|
-|_|         |_|       |_|
+
+  ██▓███    ██░ ██  ██▓███    ██████  ██▓███    ██▓    ▒█████    ██▓▄▄▄█████▓
+ ▓██░  ██ ▒▓██░ ██ ▓██░  ██ ▒██    ▒ ▓██░  ██  ▓██▒   ▒██▒  ██▒▒▓██▒▓  ██▒ ▓▒
+ ▓██░ ██▓▒░▒██▀▀██ ▓██░ ██▓▒░ ▓██▄   ▓██░ ██▓▒ ▒██░   ▒██░  ██▒▒▒██▒▒ ▓██░ ▒░
+ ▒██▄█▓▒ ▒ ░▓█ ░██ ▒██▄█▓▒ ▒  ▒   ██▒▒██▄█▓▒ ▒ ▒██░   ▒██   ██░░░██░░ ▓██▓ ░
+ ▒██▒ ░  ░ ░▓█▒░██▓▒██▒ ░  ░▒██████▒▒▒██▒ ░  ░▒░██████░ ████▓▒░░░██░  ▒██▒ ░
+ ▒▓▒░ ░  ░  ▒ ░░▒░▒▒▓▒░ ░  ░▒ ▒▓▒ ▒ ░▒▓▒░ ░  ░░░ ▒░▓  ░ ▒░▒░▒░  ░▓    ▒ ░░
+ ░▒ ░       ▒ ░▒░ ░░▒ ░     ░ ░▒  ░  ░▒ ░     ░░ ░ ▒    ░ ▒ ▒░ ░ ▒ ░    ░
+ ░░         ░  ░░ ░░░       ░  ░  ░  ░░          ░ ░  ░ ░ ░ ▒  ░ ▒ ░  ░
+            ░  ░  ░               ░           ░    ░      ░ ░    ░
+

data/messages.lst → data/quotes.lst

@@ -1,8 +1,8 @@
-All roads lead to root...
-A backdoor to bring them all...
+All roads lead to r00t...
+A PHP oneliner to bring them all...
 Hack the Gibson !
 PhpSploit Phor Phun and Prophit
-The stake that sticks up gets hammered down...
+The nail that sticks out gets hammered down...
 Details make perfection, and perfection is not a detail
 Computer Science is no more about computers than astronomy is about telescopes
 You are Not Expected to Understand This

phpsploit

@@ -85,9 +85,9 @@ def run_process(cmd: list) -> str:
     return streamdata.decode("utf-8").strip()
 
 
-def rand_message() -> str:
-    """return a random funny message"""
-    msg_list = Path(src.BASEDIR + "data/messages.lst").readlines()
+def rand_quote() -> str:
+    """return a random funny quote"""
+    msg_list = Path(src.BASEDIR + "data/quotes.lst").readlines()
     return random.choice(msg_list).strip()
 
 
@@ -152,9 +152,8 @@ def main() -> int:
     elif interactive and ui.output.isatty():
         logo = Path(src.BASEDIR + "data/logo.ascii").read()
         cmdrun(iface, "lrun clear")
-        print(logo + '\n\n')
-        print(colorize("%Bold", "# Stealth post-exploitation framework\n"))
-        print(colorize("%DimWhite", rand_message()))
+        print(logo)
+        print(colorize("%DimBold", "# Stealth & persistent C2 framework via ", "%White", "evil PHP oneliner"))
         cmdrun(iface, "help")
 
     iface.init()
@@ -181,7 +180,7 @@ def main() -> int:
     if interactive or not ui.input.isatty():
         iface.cmdloop()
         if ui.output.isatty():
-            print(colorize("%DimWhite", '\n' + rand_message() + '\n'))
+            print(colorize("%DimWhite", '\n' + rand_quote() + '\n'))
 
     return retval
 

test/interface/phpsploit-launcher.sh

@@ -17,14 +17,6 @@ timeout -s INT 0.2 $RAW_PHPSPLOIT --help > $TMPFILE-out 2>> $TMPFILE
 assert_contains $TMPFILE "\[-\] .* initialization interrupted$"
 rm $TMPFILE-out
 
-###
-### Check Random Message presence in interactive/TTY mode
-###
-faketty $PHPSPLOIT -ie exit > $TMPFILE
-decolorize $TMPFILE
-common=$(comm -12 <(sort $TMPFILE) <(sort $ROOTDIR/data/messages.lst) | wc -l)
-[ "$common" -eq 1 ] || FAIL
-
 ###
 ### Use phpsploit as a script's shebang
 ###