Changelog EaST v2.0:
1) Changed core messages communication
2) API available from every module
3) REQUEST/RESPONSE system via websockets for GUI
4) New OS shellcodes system. Now shellcodes can be generated on every device with python 2 for Linux/Windows x86/x86_64
5) Capability to run third-party shellcodes(prepared)
6) Tools for compiling shellcodes from ASM
7) Commands history for listener commands in GUI
8) Notifications for missing python modules and proposition to install them via pip
9) BIND connector for connection to bind payloads
10) Refactoring of gui and server code
11) free public modules for vulns in:
-WordPress Dtracker plugin
-Cerberus FTP Server
-Azure data expert
-Evostream Media Server
-Wordpress Codeart Google mp3 player plugin
This software is necessary for learning and improving skills and knowledge of attacks on information systems and to conduct audits and proactive protection. The need to develop domestic Pentest framework – accessible, affordable, high-confidence – is long overdue. Therefore, for domestic (as well as to friendly domestic) markets IB was created EAST framework. EAST is a framework that has in its arsenal all the necessary tools to operate a broad range of vulnerabilities from the Web to a buffer overflow. From other similar instruments EAST is simple and easy to use. To master it, and begin to develop in the field of information security can be even a novice researcher!
+Security framework! Software used for information security must be a high level of user confidence. The EAST is implemented open, easily verifiable source code for Python. it is used for all components of the framework and modules. In this relatively small amount of code simplifies the verification of any user. During installation no changes in the OS is not performed
+ Maximum simplicity of the framework. Download the archive, run the main python script start.py, implementing the start-stop exploits, messaging … All management – locally or remotely through a browser.
+ Easily create and edit. The ability to edit and add modules and exploits “on the fly” without restarting. Code module body is simple and minimal volume.
+ Cross-platform + minimum requirements and dependencies. Tested on Windows and Linux. I should work wherever there is Python. The framework contains all the dependencies and “pulls” ext. libraries.
+ Full functionality of the classic framework Pentest! Despite the simplicity and “no congestion” – has in its arsenal of all necessary means to operate a broad range of vulnerabilities from the Web to a buffer overflow.
+ Great opportunities for capacity. Server-client architecture, API for messaging, support libraries – allow third party developers to create their own open-source solutions, or participate in the development of EAST.
+ ef_bitdefender_gravityzone_dt.py Directory traversal
+ ef_cogento_datahub_afd.py Arbitrary File Download
+ ef_e_detective_afd.py Arbitrary File Download
+ ef_easyfile_webserver_sbo.py Stack Buffer Overwlow
+ ef_fhfs_rce.py Remote Command Execution
+ ef_joomla_gallery_wd_bsqli.py Blind SQL Injection
+ ef_solarwinds_log_and_event_manager_rce.py Remote Command Execution
+ ef_symantec_pcanywhere_host_rce.py Remote Command Execution
+ ef_wincc_miniweb_dos.py Denial of Service
+ ef_winrar_rce.py Remote Command Execution
+ port_scanner.py Tools
Installation and Usage:
git clone https://github.com/C0reL0ader/EaST && cd EaST
python start.py -p 1337
then open your favorite Browser for GUI: http://localhost:1337
git pull origin master