From df3ae6ad0e60d90f003b1a9792537873872252b0 Mon Sep 17 00:00:00 2001 From: jobarasoined <144627753+jobarasoined@users.noreply.github.com> Date: Fri, 1 May 2026 19:08:25 +0300 Subject: [PATCH 1/7] Added option --tls-certKey to supply cert private key --- wsuks/lib/argparser.py | 1 + wsuks/wsuks.py | 28 +++++++++++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/wsuks/lib/argparser.py b/wsuks/lib/argparser.py index 7b37be0..1484d23 100644 --- a/wsuks/lib/argparser.py +++ b/wsuks/lib/argparser.py @@ -47,6 +47,7 @@ def initParser(): advanced.add_argument("--WSUS-Server", metavar="", dest="wsusHost", help="IP or DNS name of the WSUS Server.") advanced.add_argument("--WSUS-Port", metavar="", dest="wsusPort", type=int, help="Port of the WSUS Server. (DEFAULT: 8530 for HTTP, 8531 for HTTPS)") advanced.add_argument("--tls-cert", metavar="", dest="tlsCert", help="Path to a TLS certificate that is valid for the WSUS Server. Turns on HTTPS mode.") + advanced.add_argument("--tls-certKey", metavar="", dest="tlsCertKey", help="Path to a TLS certificate private key that is valid for the WSUS Server. Turns on HTTPS mode.") webserver = mode_parser.add_argument_group("SERVE ONLY MODE", "Only run Webserver. Recommended if you have control over DNS and the traffic comes directly from the victim to your machine.") webserver.add_argument("--serve-only", action="store_true", help="Serve the executable and command without any arp spoofing, network magic or WSUS discovery.") diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index 0d1b377..7340fdb 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -140,11 +140,37 @@ def run(self): if not os.path.isfile(self.args.tlsCert): self.logger.error(f"TLS certificate file '{self.args.tlsCert}' not found! Exiting...") exit(1) + + if self.args.tlsCertKey: + if not os.path.isfile(self.args.tlsCertKey): + self.logger.error(f"TLS certificate Key file '{self.args.tlsCertKey}' not found! Exiting...") + exit(1) + self.logger.info(f"Using TLS certificate '{self.args.tlsCert}' for HTTPS WSUS Server") + # checking if the cert has the private key baked within the cert + # https://docs.python.org/3/library/ssl.html#combined-key-and-certificate + + if not self.args.tlsCertKey: + with open(self.args.tlsCert, 'r') as h: + data = h.read() + has_private_key = "-----BEGIN PRIVATE KEY-----" in data or "-----BEGIN RSA PRIVATE KEY-----" in data + has_cert = "-----BEGIN CERTIFICATE-----" in data + if has_cert and has_private_key: + self.logger.warning("Private key BEGIN in the certfile is not secure separate the two and keep the private key safe") + else: + self.logger.error("No private key found. Supply it using --tls-certKey") + # To perform TLS server authentication (decrypt/session key ops, prove ownership) the server needs the corresponding private key. The cert alone cannot do that. + exit(1) + + self.logger.info(f"Using TLS certificate private key '{self.args.tlsCertKey}' for HTTPS WSUS Server") + try: context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) - context.load_cert_chain(certfile=self.args.tlsCert) + context.load_cert_chain(certfile=self.args.tlsCert, keyfile=self.args.tlsCertKey) context.check_hostname = False http_server.socket = context.wrap_socket(http_server.socket, server_side=True) + except ssl.SSLError: + self.logger.error("Make sure The cert in a PEM format not a DER") + exit(1) try: self.logger.info(f"Starting WSUS Server on {self.hostIp}:{self.wsusPort}...") From b5cc1921b4a89832330e0b0a18148f8ad5778f7c Mon Sep 17 00:00:00 2001 From: Alexander Neff Date: Sat, 4 Jul 2026 14:31:16 -0400 Subject: [PATCH 2/7] Keep args consistent --- wsuks/lib/argparser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wsuks/lib/argparser.py b/wsuks/lib/argparser.py index 1484d23..bef9ac2 100644 --- a/wsuks/lib/argparser.py +++ b/wsuks/lib/argparser.py @@ -47,7 +47,7 @@ def initParser(): advanced.add_argument("--WSUS-Server", metavar="", dest="wsusHost", help="IP or DNS name of the WSUS Server.") advanced.add_argument("--WSUS-Port", metavar="", dest="wsusPort", type=int, help="Port of the WSUS Server. (DEFAULT: 8530 for HTTP, 8531 for HTTPS)") advanced.add_argument("--tls-cert", metavar="", dest="tlsCert", help="Path to a TLS certificate that is valid for the WSUS Server. Turns on HTTPS mode.") - advanced.add_argument("--tls-certKey", metavar="", dest="tlsCertKey", help="Path to a TLS certificate private key that is valid for the WSUS Server. Turns on HTTPS mode.") + advanced.add_argument("--tls-cert-key", metavar="", dest="tlsCertKey", help="Path to a TLS certificate private key that is valid for the WSUS Server. Turns on HTTPS mode.") webserver = mode_parser.add_argument_group("SERVE ONLY MODE", "Only run Webserver. Recommended if you have control over DNS and the traffic comes directly from the victim to your machine.") webserver.add_argument("--serve-only", action="store_true", help="Serve the executable and command without any arp spoofing, network magic or WSUS discovery.") From 284de604d29e3c75edbf33353d0689a9825c4892 Mon Sep 17 00:00:00 2001 From: Alexander Neff Date: Sat, 4 Jul 2026 14:31:20 -0400 Subject: [PATCH 3/7] Linting --- wsuks/wsuks.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index 7340fdb..dc91e24 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -141,10 +141,9 @@ def run(self): self.logger.error(f"TLS certificate file '{self.args.tlsCert}' not found! Exiting...") exit(1) - if self.args.tlsCertKey: - if not os.path.isfile(self.args.tlsCertKey): - self.logger.error(f"TLS certificate Key file '{self.args.tlsCertKey}' not found! Exiting...") - exit(1) + if self.args.tlsCertKey and not os.path.isfile(self.args.tlsCertKey): + self.logger.error(f"TLS certificate Key file '{self.args.tlsCertKey}' not found! Exiting...") + exit(1) self.logger.info(f"Using TLS certificate '{self.args.tlsCert}' for HTTPS WSUS Server") # checking if the cert has the private key baked within the cert From 167ea49f48284fd10e202410dd71b402accdbd12 Mon Sep 17 00:00:00 2001 From: Alexander Neff Date: Sat, 4 Jul 2026 16:35:11 -0400 Subject: [PATCH 4/7] Fix indentation to allow web server without tls cert --- wsuks/wsuks.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index dc91e24..c3a4037 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -161,15 +161,15 @@ def run(self): # To perform TLS server authentication (decrypt/session key ops, prove ownership) the server needs the corresponding private key. The cert alone cannot do that. exit(1) - self.logger.info(f"Using TLS certificate private key '{self.args.tlsCertKey}' for HTTPS WSUS Server") - try: - context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) - context.load_cert_chain(certfile=self.args.tlsCert, keyfile=self.args.tlsCertKey) - context.check_hostname = False - http_server.socket = context.wrap_socket(http_server.socket, server_side=True) - except ssl.SSLError: - self.logger.error("Make sure The cert in a PEM format not a DER") - exit(1) + self.logger.info(f"Using TLS certificate private key '{self.args.tlsCertKey}' for HTTPS WSUS Server") + try: + context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + context.load_cert_chain(certfile=self.args.tlsCert, keyfile=self.args.tlsCertKey) + context.check_hostname = False + http_server.socket = context.wrap_socket(http_server.socket, server_side=True) + except ssl.SSLError: + self.logger.error("Make sure The cert in a PEM format not a DER") + exit(1) try: self.logger.info(f"Starting WSUS Server on {self.hostIp}:{self.wsusPort}...") From d75c23f43c79e3c9ad1a73ecef3a236a0ccfea62 Mon Sep 17 00:00:00 2001 From: Alexander Neff Date: Sat, 4 Jul 2026 16:38:18 -0400 Subject: [PATCH 5/7] Improve logging --- wsuks/wsuks.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index c3a4037..58855c3 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -157,8 +157,8 @@ def run(self): if has_cert and has_private_key: self.logger.warning("Private key BEGIN in the certfile is not secure separate the two and keep the private key safe") else: - self.logger.error("No private key found. Supply it using --tls-certKey") # To perform TLS server authentication (decrypt/session key ops, prove ownership) the server needs the corresponding private key. The cert alone cannot do that. + self.logger.error("Certificate with no private key found. Please specify the private key using --tls-cert-key") exit(1) self.logger.info(f"Using TLS certificate private key '{self.args.tlsCertKey}' for HTTPS WSUS Server") @@ -167,8 +167,9 @@ def run(self): context.load_cert_chain(certfile=self.args.tlsCert, keyfile=self.args.tlsCertKey) context.check_hostname = False http_server.socket = context.wrap_socket(http_server.socket, server_side=True) - except ssl.SSLError: - self.logger.error("Make sure The cert in a PEM format not a DER") + except ssl.SSLError as e: + self.logger.error(f"SSL Error: {e}") + self.logger.error("Make sure the TLS certificate is in PEM format. Exiting...") exit(1) try: From 0b85c2b88338146f34e0031ba14f84efe6bc9faa Mon Sep 17 00:00:00 2001 From: Alexander Neff Date: Sat, 4 Jul 2026 16:51:29 -0400 Subject: [PATCH 6/7] Improve logging --- wsuks/wsuks.py | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index 58855c3..beeb565 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -4,6 +4,7 @@ import os from pprint import pformat import random +import re from string import digits, ascii_letters import sys from scapy.all import get_if_addr @@ -137,6 +138,7 @@ def run(self): # Add certificates for HTTPS if self.args.tlsCert: + self.logger.info(f"Using TLS certificate '{self.args.tlsCert}' for HTTPS WSUS Server") if not os.path.isfile(self.args.tlsCert): self.logger.error(f"TLS certificate file '{self.args.tlsCert}' not found! Exiting...") exit(1) @@ -145,23 +147,19 @@ def run(self): self.logger.error(f"TLS certificate Key file '{self.args.tlsCertKey}' not found! Exiting...") exit(1) - self.logger.info(f"Using TLS certificate '{self.args.tlsCert}' for HTTPS WSUS Server") + # checking if the cert has the private key baked within the cert # https://docs.python.org/3/library/ssl.html#combined-key-and-certificate - if not self.args.tlsCertKey: - with open(self.args.tlsCert, 'r') as h: - data = h.read() - has_private_key = "-----BEGIN PRIVATE KEY-----" in data or "-----BEGIN RSA PRIVATE KEY-----" in data - has_cert = "-----BEGIN CERTIFICATE-----" in data - if has_cert and has_private_key: - self.logger.warning("Private key BEGIN in the certfile is not secure separate the two and keep the private key safe") - else: - # To perform TLS server authentication (decrypt/session key ops, prove ownership) the server needs the corresponding private key. The cert alone cannot do that. + with open(self.args.tlsCert) as file: + data = file.read() + # To perform TLS server authentication (decrypt/session key ops, prove ownership) the server needs the corresponding private key. The cert alone cannot do that. + if "-BEGIN CERTIFICATE-" in data and not re.search(r"-BEGIN.*PRIVATE KEY-", data): self.logger.error("Certificate with no private key found. Please specify the private key using --tls-cert-key") exit(1) - + else: self.logger.info(f"Using TLS certificate private key '{self.args.tlsCertKey}' for HTTPS WSUS Server") + try: context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) context.load_cert_chain(certfile=self.args.tlsCert, keyfile=self.args.tlsCertKey) From 923fccdb2756072ec65d074547b74d72e82c82d5 Mon Sep 17 00:00:00 2001 From: Alexander Neff Date: Sat, 4 Jul 2026 16:55:13 -0400 Subject: [PATCH 7/7] Improve logging --- wsuks/wsuks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wsuks/wsuks.py b/wsuks/wsuks.py index beeb565..a531302 100644 --- a/wsuks/wsuks.py +++ b/wsuks/wsuks.py @@ -138,7 +138,6 @@ def run(self): # Add certificates for HTTPS if self.args.tlsCert: - self.logger.info(f"Using TLS certificate '{self.args.tlsCert}' for HTTPS WSUS Server") if not os.path.isfile(self.args.tlsCert): self.logger.error(f"TLS certificate file '{self.args.tlsCert}' not found! Exiting...") exit(1) @@ -147,6 +146,7 @@ def run(self): self.logger.error(f"TLS certificate Key file '{self.args.tlsCertKey}' not found! Exiting...") exit(1) + self.logger.info(f"Using TLS certificate '{self.args.tlsCert}' for HTTPS WSUS Server") # checking if the cert has the private key baked within the cert # https://docs.python.org/3/library/ssl.html#combined-key-and-certificate