..you how to create native tools. I'm not going to make a new tool though, instead I will show you what is required to create one. You can find all the native tools in the configuration..
Mister LG can create upload forms and test targets on file upload vulnerabilities
<?php
/* Control center configure, will be included when you first load the hacksuite
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 10-1-2015
*/
if(!defined('IN_SCRIPT')){
exit;
}
// for security reasons we want to make a map of the hacksuite installation, so let's make sure it's not already there
$sDest = $_PATHS['root']."/Modules/thc_xm/profiles.php";
if(!file_exists($sDest)){
// attempt to create it
$_CONTEXT['errors'][] = "Expecting profiles.php in thc_xm module";
$_CONTEXT['fatal'] = true;
include_once($_PATHS['end']);
}
// get the content of the file
include_once($sDest);
if(!isset($_CONTEXT['blueprints']) || !is_array($_CONTEXT['blueprints'])){
// corrupt data file
$_CONTEXT['errors'][] = "Expecting array data in thc_xm/profiles.php";
$_CONTEXT['fatal'] = true;
include_once($_PATHS['end']);
}
// content should be ok, we're looking for a profile name by the name install...if it isn't there it means this is either <0.6 or a first load of 0.6
for($x=0;$x<count($_CONTEXT['blueprints']);$x++){
// yes, it should be the first record, but who knows, this might be an old installation
if($_CONTEXT['blueprints'][$x][0]=="install"){
$_CONTEXT['blueprintskip'] = true;
}
}
if(!isset($_CONTEXT['blueprintskip'])){
/*
There's no map made of the installation, we will force the hacksuite to generate it regardless of what the user wants (unless you have access to 'diff' it's highly NOT recommended)
In case you don't want it to be generated, just comment the line where cc_setup.php file is included...you can find the command in default.php:
include_once($_PATHS['includes_root']."/cc_setup.php");
We need to load the js that sends a json request to Modules/thc_xm/mapper.php which will generate the map in the background, we can't use handler.js as there's form to extract values from
*/
$_CONTEXT['htmlo'] .= "\n<script>\n";
$_CONTEXT['htmlo'] .= "\$(document).ready(function(){\n";
$_CONTEXT['htmlo'] .= " dataString = \$(\"form.sendform\").serialize();\n";
$_CONTEXT['htmlo'] .= " \$.ajax({\n";
$_CONTEXT['htmlo'] .= " type: \"POST\",\n";
$_CONTEXT['htmlo'] .= " url: \"Modules/thc_xm/mapper.php\",\n";
$_CONTEXT['htmlo'] .= " data: { sBluePrintFolder: \"".$_PATHS['root']."\",sName: \"install\",sFileZ: \"thchs\" },\n";
$_CONTEXT['htmlo'] .= " dataType: \"json\",\n";
$_CONTEXT['htmlo'] .= " beforeSend:function(){\n";
$_CONTEXT['htmlo'] .= " \$('div.cc_notifications').html('Setting up installation blueprint...');\n";
$_CONTEXT['htmlo'] .= " },\n";
$_CONTEXT['htmlo'] .= " success: function(json){\n";
$_CONTEXT['htmlo'] .= " if(json.jresult==false){\n";
$_CONTEXT['htmlo'] .= " alert(json.jerror);\n";
$_CONTEXT['htmlo'] .= " }\n";
$_CONTEXT['htmlo'] .= " else{\n";
$_CONTEXT['htmlo'] .= " \$('div.cc_notifications').html('Successfully mapped installation, thank you for installing!');\n";
$_CONTEXT['htmlo'] .= " }\n";
$_CONTEXT['htmlo'] .= " }\n";
$_CONTEXT['htmlo'] .= " });\n";
$_CONTEXT['htmlo'] .= "});\n";
$_CONTEXT['htmlo'] .= "</script>";
}
?>