From 4f90a4a16ff111599aec9aa7bef9a44f14dd905d Mon Sep 17 00:00:00 2001
From: "Mariusz B. / mgeeky" <mb@binary-offensive.com>
Date: Sun, 17 Oct 2021 18:13:39 +0200
Subject: [PATCH] update

---
 phishing/RobustPentestMacro     |  2 +-
 phishing/VisualBasicObfuscator  |  2 +-
 phishing/decode-spam-headers.py | 41 ++++++++++++++++++++++++++-------
 red-teaming/ElusiveMice         |  2 +-
 red-teaming/RedWarden           |  2 +-
 red-teaming/SharpWebServer      |  2 +-
 red-teaming/cobalt-arsenal      |  2 +-
 web/tomcatWarDeployer           |  2 +-
 windows/PE-library              |  2 +-
 windows/UnhookMe                |  2 +-
 10 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/phishing/RobustPentestMacro b/phishing/RobustPentestMacro
index 32992ad..bb14d90 160000
--- a/phishing/RobustPentestMacro
+++ b/phishing/RobustPentestMacro
@@ -1 +1 @@
-Subproject commit 32992adea5369e661eea6fabbbc95b8284cc2959
+Subproject commit bb14d908d13f564a7c93a8e6a61977d07cf8fc0a
diff --git a/phishing/VisualBasicObfuscator b/phishing/VisualBasicObfuscator
index 80e7515..3bfbe8a 160000
--- a/phishing/VisualBasicObfuscator
+++ b/phishing/VisualBasicObfuscator
@@ -1 +1 @@
-Subproject commit 80e7515ed6aff631b3449e654b67988b1f01baa4
+Subproject commit 3bfbe8ad1662f010e17aee85bc77af3dcc380d74
diff --git a/phishing/decode-spam-headers.py b/phishing/decode-spam-headers.py
index b4d9f1f..a90e2f3 100644
--- a/phishing/decode-spam-headers.py
+++ b/phishing/decode-spam-headers.py
@@ -36,7 +36,15 @@ try:
     import dns.resolver
 
 except ImportError:
-    print('[!] You need to install dnspython: $ pip3 install dnspython')
+    print('''
+[!] You need to install dnspython: 
+        # pip3 install dnspython
+
+    If problem remains, re-install dnspython:
+        # pip3 uninstall dnspython
+        # pip3 install dnspython
+''')
+
     sys.exit(1)
 
 options = {
@@ -216,8 +224,7 @@ class SMTPHeadersAnalysis:
         'spm', 
         'atp', 
         'defend', 
-        'assassin', 
-        'rbl'
+        'assassin',
     )
 
     Headers_Known_For_Breaking_Line = (
@@ -251,6 +258,7 @@ class SMTPHeadersAnalysis:
         'X-Spam-Level',
         'X-Spam-Flag',
         'X-Spam-Report',
+        'ARC-Authentication-Results',
     )
 
     auth_result = {
@@ -832,6 +840,7 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
         self.results['Bad Keywords In Headers']                 = self.testBadKeywords()
         self.results['From Address Analysis']                   = self.testFrom()
         self.results['Authentication-Results']                  = self.testAuthenticationResults()
+        self.results['ARC-Authentication-Results']              = self.testARCAuthenticationResults()
         self.results['Received-SPF']                            = self.testReceivedSPF()
         self.results['Mail Client Version']                     = self.testXMailer()
         self.results['X-Forefront-Antispam-Report']             = self.testForefrontAntiSpamReport()
@@ -884,28 +893,30 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
                     hhh = re.sub(r'(' + re.escape(dodgy) + r')', self.logger.colored(r'\1', 'red'), header, flags=re.I)
 
                     tmp += f'\t({num0:02}) {self.logger.colored("Header", "magenta")}: {hhh}\n'
-                    tmp += f'\t     Value:  {value[:80]}\n\n'
+                    tmp += f'\t     Keyword:  {dodgy}\n\n'
+                    tmp += f'\t     Value:    {value[:80]}\n\n'
                     shown.add(header)
                     break
 
                 elif dodgy in value.lower() and header not in SMTPHeadersAnalysis.Handled_Spam_Headers:
                     num0 += 1
                     hhh = header
-                    tmp += f'\t({num0:02}) Header: {hhh}\n'
+                    tmp += f'\t({num0:02}) Header:   {hhh}\n'
 
                     pos = value.lower().find(dodgy)
                     ctx = re.sub(r'(' + re.escape(dodgy) + r')', self.logger.colored(r'\1', 'red'), value, flags=re.I)
 
                     if len(ctx) > 80:
                         a = pos-40
-                        b = pos+len(dodgy)+40
+                        b = -10 + pos + len(dodgy) + 30
                         
                         if a < 0: a = 0
                         if b > len(ctx): b = len(ctx)
 
                         ctx = value[a:b]
 
-                    tmp += f'\t     {self.logger.colored("Value", "magenta")}:  {ctx}\n\n'
+                    tmp += f'\t     Keyword:  {dodgy}\n\n'
+                    tmp += f'\t       {self.logger.colored("Value", "magenta")}:  {ctx}\n\n'
                     shown.add(header)
                     break
 
@@ -1046,7 +1057,12 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
             result += f'\t                       (first hop\'s domain: {self.logger.colored(firstHopDomain1, "cyan")})\n\n'
 
             if firstHopDomain1.lower() != senderDomain.lower():
-                response = dns.resolver.resolve(domain, 'TXT')
+                response = None
+                try:
+                    response = dns.resolver.resolve(domain, 'TXT')
+                except dns.resolver.NoAnswer as e:
+                    response = []
+
                 spf = False
 
                 for answer in response:
@@ -1718,6 +1734,15 @@ More information:
         (num, header, value) = self.getHeader('Authentication-Results')
         if num == -1: return []
 
+        return self._testAuthenticationResults(num, header, value)
+
+    def testARCAuthenticationResults(self):
+        (num, header, value) = self.getHeader('ARC-Authentication-Results')
+        if num == -1: return []
+
+        return self._testAuthenticationResults(num, header, value)
+
+    def _testAuthenticationResults(self, num, header, value):
         value = SMTPHeadersAnalysis.flattenLine(value)
         tests = {}
         result = ''
diff --git a/red-teaming/ElusiveMice b/red-teaming/ElusiveMice
index bfa8889..36bd44e 160000
--- a/red-teaming/ElusiveMice
+++ b/red-teaming/ElusiveMice
@@ -1 +1 @@
-Subproject commit bfa8889dfb830a59dfa8d1852404f0697e403d29
+Subproject commit 36bd44e3f6da236a404a44796cbbdb3de71b1e30
diff --git a/red-teaming/RedWarden b/red-teaming/RedWarden
index 828037b..42e82dc 160000
--- a/red-teaming/RedWarden
+++ b/red-teaming/RedWarden
@@ -1 +1 @@
-Subproject commit 828037bdd4fb10c025e572ea3aafa3c061a43b6b
+Subproject commit 42e82dcd2f9e1d324075e451c9893376b5cedf62
diff --git a/red-teaming/SharpWebServer b/red-teaming/SharpWebServer
index 1b55dcd..d80f2b1 160000
--- a/red-teaming/SharpWebServer
+++ b/red-teaming/SharpWebServer
@@ -1 +1 @@
-Subproject commit 1b55dcd600b620820b88f6f3308d3018a124a4af
+Subproject commit d80f2b1edbc6b0ec85994bf89c72241d559768e9
diff --git a/red-teaming/cobalt-arsenal b/red-teaming/cobalt-arsenal
index ac7d054..11cc93f 160000
--- a/red-teaming/cobalt-arsenal
+++ b/red-teaming/cobalt-arsenal
@@ -1 +1 @@
-Subproject commit ac7d0541073a9f31a78886f384411af3ed72a5c3
+Subproject commit 11cc93fc5dd74c16319889b31f8080b87c56dda2
diff --git a/web/tomcatWarDeployer b/web/tomcatWarDeployer
index a1a4453..451d45e 160000
--- a/web/tomcatWarDeployer
+++ b/web/tomcatWarDeployer
@@ -1 +1 @@
-Subproject commit a1a4453347bf15e77473ca3d0f66671dae38ca8d
+Subproject commit 451d45e70c5cb3e5e9e31e332a069500a69976df
diff --git a/windows/PE-library b/windows/PE-library
index 386b1c9..0937059 160000
--- a/windows/PE-library
+++ b/windows/PE-library
@@ -1 +1 @@
-Subproject commit 386b1c911efba34670e30c1b0970112d6300b8e5
+Subproject commit 093705972e61b52ee9230efd46b0300c0ba864b6
diff --git a/windows/UnhookMe b/windows/UnhookMe
index 1b9a426..25e43b1 160000
--- a/windows/UnhookMe
+++ b/windows/UnhookMe
@@ -1 +1 @@
-Subproject commit 1b9a426096e4fef285c85dac00502fab87c1062d
+Subproject commit 25e43b1ea5705a7465fe0351d4253bc209654b50