h00die
115 lines
3.8 KiB
Ruby
115 lines
3.8 KiB
Ruby
##
|
||
# This module requires Metasploit: https://metasploit.com/download
|
||
# Current source: https://github.com/rapid7/metasploit-framework
|
||
##
|
||
|
||
require 'faraday'
|
||
|
||
class MetasploitModule < Msf::Auxiliary
|
||
def initialize
|
||
super(
|
||
'Name' => 'Telegram Message Client',
|
||
'Description' => %q{
|
||
This module can be used to send a document and/or message to
|
||
multiple chats on telegram. Please refer to the module
|
||
documentation for info on how to retrieve the bot token and corresponding chat
|
||
ID values.
|
||
},
|
||
'Author' => [
|
||
'Ege Balcı <egebalci[at]pm.me>', # Aka @egeblc of https://pentest.blog
|
||
'Gaurav Purswani' # @pingport80
|
||
],
|
||
'License' => MSF_LICENSE,
|
||
)
|
||
|
||
register_options(
|
||
[
|
||
OptString.new('BOT_TOKEN', [true, 'Telegram BOT token', '']),
|
||
OptString.new('MESSAGE', [false, 'The message to be sent']),
|
||
OptInt.new('CHAT_ID', [false, 'Chat ID for the BOT', '']),
|
||
OptPath.new('DOCUMENT', [false, 'The path to the document(binary, video etc)']),
|
||
OptPath.new('IDFILE', [false, 'File containing chat IDs, one per line']),
|
||
OptEnum.new('FORMATTING', [false, 'Message formatting option (Markdown|MarkdownV2|HTML)', 'Markdown', [ 'Markdown', 'MarkdownV2', 'HTML']])
|
||
], self.class
|
||
)
|
||
end
|
||
|
||
def formatting
|
||
datastore['FORMATTING']
|
||
end
|
||
|
||
def message
|
||
datastore['MESSAGE']
|
||
end
|
||
|
||
def document
|
||
datastore['DOCUMENT']
|
||
end
|
||
|
||
def bot_token
|
||
datastore['BOT_TOKEN']
|
||
end
|
||
|
||
def id_file
|
||
datastore['IDFILE']
|
||
end
|
||
|
||
def send_document(conn, chat_id)
|
||
unless ::File.file?(document) && ::File.readable?(document)
|
||
fail_with(Failure::BadConfig, 'The document to be sent does not exist or is not a readable file!')
|
||
end
|
||
raw_params = { 'chat_id' => chat_id, 'document' => Faraday::UploadIO.new(document, 'application/octet-stream') }
|
||
params = {}
|
||
raw_params.each_with_object({}) do |(key, value), _tmp_params|
|
||
params[key] = value
|
||
end
|
||
response = conn.post("/bot#{bot_token}/sendDocument", params)
|
||
if response.status == 200
|
||
print_good("Document sent successfully to #{chat_id}")
|
||
elsif response.status == 403
|
||
print_bad("Error while sending document! Make sure you have access to message chat_id : #{chat_id}")
|
||
else
|
||
print_bad("Error while sending the document to #{chat_id} API Status : #{response.status}")
|
||
end
|
||
end
|
||
|
||
def send_message(conn, chat_id)
|
||
params = { 'chat_id' => chat_id, 'text' => message, 'parse_mode' => formatting }
|
||
response = conn.post("/bot#{bot_token}/sendMessage", params)
|
||
if response.status == 200
|
||
print_good("Message sent successfully to #{chat_id}")
|
||
elsif response.status == 403
|
||
print_bad("Error while sending document! Make sure you have access to message chat_id : #{chat_id}")
|
||
else
|
||
print_bad("Error while sending the message to chat_id #{chat_id} API Status : #{response.status}")
|
||
end
|
||
end
|
||
|
||
def run
|
||
unless document || message
|
||
fail_with(Failure::BadConfig, 'You must supply a message and/or document')
|
||
end
|
||
url = 'https://api.telegram.org'
|
||
conn = Faraday.new(url: url) do |faraday|
|
||
faraday.request :multipart
|
||
faraday.request :url_encoded
|
||
faraday.adapter Faraday.default_adapter
|
||
end
|
||
|
||
if id_file
|
||
print_warning("Opening `#{id_file}` to fetch chat IDs...")
|
||
unless ::File.file?(id_file) && ::File.readable?(id_file)
|
||
fail_with(Failure::BadConfig, 'The ID file is not an existing readable file!')
|
||
end
|
||
File.readlines(id_file).each do |chat_id|
|
||
send_document(conn, chat_id) if document
|
||
send_message(conn, chat_id) if message
|
||
end
|
||
return
|
||
end
|
||
send_document(conn, datastore['CHAT_ID']) if document
|
||
send_message(conn, datastore['CHAT_ID']) if message
|
||
end
|
||
|
||
end
|