357 lines
18 KiB
Python
357 lines
18 KiB
Python
"""
|
|
Plugin for providing a command to display the list of available commands and their descriptions.
|
|
"""
|
|
|
|
import logging
|
|
import simplematrixbotlib as botlib
|
|
|
|
async def handle_command(room, message, bot, prefix, config):
|
|
"""
|
|
Function to handle the !help command.
|
|
|
|
Args:
|
|
room (Room): The Matrix room where the command was invoked.
|
|
message (RoomMessage): The message object containing the command.
|
|
bot (MatrixBot): The Matrix bot instance.
|
|
prefix (str): The command prefix.
|
|
config (dict): The bot's configuration.
|
|
|
|
Returns:
|
|
None
|
|
"""
|
|
match = botlib.MessageMatch(room, message, bot, prefix)
|
|
if match.is_not_from_this_bot() and match.prefix() and match.command("help"):
|
|
logging.info("Fetching command help documentation")
|
|
commands_message = """
|
|
<details><summary><strong>🍄 Funguy Bot Commands 🍄</strong></summary>
|
|
<p>
|
|
<details><summary>📖 <strong>!help</strong></summary>
|
|
<p>Displays comprehensive help documentation for all available commands with usage examples.</p>
|
|
</details>
|
|
|
|
<details><summary>🔌 <strong>!plugins</strong></summary>
|
|
<p>Lists all loaded plugins along with their descriptions in alphabetical order.</p>
|
|
</details>
|
|
|
|
<details><summary>🃏 <strong>!fortune</strong></summary>
|
|
<p>Returns a random fortune message. Executes the `/usr/games/fortune` utility and sends the output as a message to the chat room.</p>
|
|
</details>
|
|
|
|
<details><summary>⏰ <strong>!date</strong></summary>
|
|
<p>Displays the current date and time. Fetches the current date and time using Python's `datetime` module and sends it in a formatted message with proper ordinal suffixes to the chat room.</p>
|
|
</details>
|
|
|
|
<details><summary>💻 <strong>!proxy</strong></summary>
|
|
<p>Retrieves a tested/working random SOCKS5 proxy. Fetches a list of SOCKS5 proxies from public sources, tests their availability, and sends the first working proxy with latency information to the chat room. Caches working proxies for faster access.</p>
|
|
</details>
|
|
|
|
<details><summary>📶 <strong>!isup [domain/ip]</strong></summary>
|
|
<p>Checks if the specified domain or IP address is reachable. Performs DNS resolution and checks HTTP/HTTPS service availability. Reports successful DNS resolution and service status.</p>
|
|
</details>
|
|
|
|
<details><summary>☯ <strong>!karma [user]</strong></summary>
|
|
<p>Retrieves the karma points for the specified user. Retrieves the karma points for the specified user from a SQLite database and sends them as a message to the chat room.</p>
|
|
</details>
|
|
|
|
<details><summary>⇧ <strong>!karma [user] up</strong></summary>
|
|
<p>Increases the karma points for the specified user by 1. Increases the karma points for the specified user by 1 in the database and sends the updated points as a message to the chat room. Users cannot modify their own karma.</p>
|
|
</details>
|
|
|
|
<details><summary>⇩ <strong>!karma [user] down</strong></summary>
|
|
<p>Decreases the karma points for the specified user by 1. Decreases the karma points for the specified user by 1 in the database and sends the updated points as a message to the chat room. Users cannot modify their own karma.</p>
|
|
</details>
|
|
|
|
<details><summary>🌧️ <strong>!weather [location]</strong></summary>
|
|
<p>Fetches current weather information for any location using OpenWeatherMap API. Shows temperature (Celsius/Fahrenheit), conditions, humidity, wind speed, and weather emojis. Requires OPENWEATHER_API_KEY environment variable.</p>
|
|
</details>
|
|
|
|
<details><summary>📖 <strong>!ud [term] [index]</strong></summary>
|
|
<p>Fetches definitions from Urban Dictionary. Use without arguments for random definition, or specify term and optional index number. Shows definition, example, author, votes, and permalink.</p>
|
|
</details>
|
|
|
|
<details><summary>🔍 <strong>!dns [domain]</strong></summary>
|
|
<p>Performs comprehensive DNS reconnaissance on a domain. Queries multiple DNS record types including A, AAAA, MX, NS, TXT, CNAME, SOA, and SRV records. Validates domain format and provides formatted results.</p>
|
|
</details>
|
|
|
|
<details><summary>💰 <strong>!btc</strong></summary>
|
|
<p>Fetches the current Bitcoin price in USD from bitcointicker.co API. Shows real-time BTC/USD price with proper formatting. Includes error handling for API timeouts and data parsing issues.</p>
|
|
</details>
|
|
|
|
<details><summary>🔍 <strong>!shodan [command] [query]</strong></summary>
|
|
<p>Shodan.io integration for security reconnaissance and threat intelligence.</p>
|
|
<p><strong>Commands:</strong></p>
|
|
<ul>
|
|
<li><code>!shodan ip <ip_address></code> - Detailed IP information (services, ports, banners)</li>
|
|
<li><code>!shodan search <query></code> - Search Shodan database with filters</li>
|
|
<li><code>!shodan host <domain></code> - Host information and subdomain enumeration</li>
|
|
<li><code>!shodan count <query></code> - Count results with geographic/organization breakdown</li>
|
|
<li><code>!shodan test</code> - Test API connection and debug queries</li>
|
|
</ul>
|
|
<p><strong>Search Examples:</strong></p>
|
|
<ul>
|
|
<li><code>!shodan search apache</code></li>
|
|
<li><code>!shodan search "port:22 country:US"</code></li>
|
|
<li><code>!shodan search "product:nginx"</code></li>
|
|
<li><code>!shodan search "net:192.168.1.0/24"</code></li>
|
|
<li><code>!shodan search "http.title:'admin'"</code></li>
|
|
</ul>
|
|
<p><strong>Common Filters:</strong> country, city, port, product, os, org, net, has_ssl, http.title</p>
|
|
<p><em>Requires SHODAN_KEY environment variable</em></p>
|
|
</details>
|
|
|
|
<details><summary>🌐 <strong>!dnsdumpster [domain]</strong></summary>
|
|
<p>Comprehensive DNS reconnaissance and attack surface mapping using DNSDumpster.com API.</p>
|
|
<p><strong>Commands:</strong></p>
|
|
<ul>
|
|
<li><code>!dnsdumpster <domain></code> - Complete DNS reconnaissance for any domain</li>
|
|
<li><code>!dnsdumpster test</code> - Test API connection and key validity</li>
|
|
</ul>
|
|
<p><strong>Features:</strong></p>
|
|
<ul>
|
|
<li>A Records - All IPv4 addresses with geographic and ASN information</li>
|
|
<li>NS Records - Complete name server information with IP locations</li>
|
|
<li>MX Records - All mail servers with geographic data</li>
|
|
<li>CNAME Records - Full alias chain mappings</li>
|
|
<li>TXT Records - All text records including SPF, DKIM, verification</li>
|
|
<li>Additional Records - AAAA, SRV, SOA, PTR records when available</li>
|
|
<li>Web Services - HTTP/HTTPS service detection with banner information</li>
|
|
</ul>
|
|
<p><strong>Examples:</strong></p>
|
|
<ul>
|
|
<li><code>!dnsdumpster google.com</code></li>
|
|
<li><code>!dnsdumpster github.com</code></li>
|
|
<li><code>!dnsdumpster example.com</code></li>
|
|
</ul>
|
|
<p><em>Requires DNSDUMPSTER_KEY environment variable</em><br>
|
|
<em>Rate Limit: 1 request per 2 seconds</em></p>
|
|
</details>
|
|
|
|
<details>
|
|
<summary><strong>💣 !exploitdb - Search Exploit Database</strong></summary>
|
|
<br>
|
|
<strong>Description:</strong><br>
|
|
Search Exploit-DB for security vulnerabilities and exploits. Returns detailed information about exploits including EDB-ID, type, platform, author, and direct links to exploit code.<br>
|
|
<br>
|
|
<strong>Usage:</strong><br>
|
|
<code>!exploitdb <search_term> [max_results]</code><br>
|
|
<br>
|
|
<strong>Parameters:</strong><br>
|
|
• <strong>search_term</strong> (required) - Software name, CVE number, or vulnerability type<br>
|
|
• <strong>max_results</strong> (optional) - Number of results to return (1-10, default: 5)<br>
|
|
<br>
|
|
<strong>Examples:</strong><br>
|
|
<code>!exploitdb wordpress</code> - Search for WordPress exploits<br>
|
|
<code>!exploitdb apache 3</code> - Get 3 Apache exploits<br>
|
|
<code>!exploitdb windows privilege escalation</code> - Search for Windows privesc<br>
|
|
<code>!exploitdb CVE-2021-44228</code> - Search by CVE number<br>
|
|
<code>!exploitdb linux kernel 10</code> - Get 10 Linux kernel exploits<br>
|
|
<code>!exploitdb sql injection</code> - Search for SQL injection exploits<br>
|
|
<br>
|
|
<strong>Output Includes:</strong><br>
|
|
• Exploit title and description<br>
|
|
• EDB-ID (Exploit Database ID)<br>
|
|
• Exploit type (webapps, local, remote, etc.)<br>
|
|
• Platform/OS (PHP, Linux, Windows, etc.)<br>
|
|
• Author name<br>
|
|
• Publication date<br>
|
|
• Direct link to full exploit code<br>
|
|
<br>
|
|
<strong>Notes:</strong><br>
|
|
• Searches the official Exploit-DB CSV database<br>
|
|
• May take a few seconds on first use (downloads database)<br>
|
|
• Falls back to search links if database unavailable<br>
|
|
<br>
|
|
<em>⚠️ Use responsibly and only on systems you have permission to test.</em>
|
|
</details>
|
|
|
|
<details><summary>🛡️ <strong>!headers <url></strong></summary>
|
|
<p>Comprehensive HTTP security header analysis with security scoring and recommendations.</p>
|
|
<p><strong>Features:</strong></p>
|
|
<ul>
|
|
<li>Security scoring (0-100) with color-coded ratings</li>
|
|
<li>Critical security header validation and configuration checking</li>
|
|
<li>HTTP to HTTPS redirect chain analysis</li>
|
|
<li>SSL certificate information for HTTPS sites</li>
|
|
<li>Information disclosure header detection</li>
|
|
<li>Actionable security recommendations</li>
|
|
</ul>
|
|
<p><strong>Security Headers Analyzed:</strong></p>
|
|
<ul>
|
|
<li><code>Strict-Transport-Security</code> - HSTS enforcement</li>
|
|
<li><code>Content-Security-Policy</code> - XSS protection</li>
|
|
<li><code>X-Frame-Options</code> - Clickjacking protection</li>
|
|
<li><code>X-Content-Type-Options</code> - MIME sniffing prevention</li>
|
|
<li><code>Referrer-Policy</code> - Referrer control</li>
|
|
<li><code>Feature-Policy</code> - Browser feature restrictions</li>
|
|
<li>Server information headers</li>
|
|
</ul>
|
|
<p><strong>Security Ratings:</strong></p>
|
|
<ul>
|
|
<li>🟢 <strong>Excellent (80-100)</strong> - Strong configuration</li>
|
|
<li>🟡 <strong>Good (60-79)</strong> - Moderate, needs improvement</li>
|
|
<li>🟠 <strong>Fair (40-59)</strong> - Basic, significant improvements needed</li>
|
|
<li>🔴 <strong>Poor (0-39)</strong> - Weak configuration</li>
|
|
</ul>
|
|
<p><strong>Examples:</strong></p>
|
|
<ul>
|
|
<li><code>!headers example.com</code></li>
|
|
<li><code>!headers https://github.com</code></li>
|
|
<li><code>!headers localhost:3000</code></li>
|
|
<li><code>!headers subdomain.target.com</code></li>
|
|
</ul>
|
|
<p><em>Provides enterprise-grade security analysis for penetration testers and developers</em></p>
|
|
</details>
|
|
|
|
<details><summary>🔄 <strong>!hashid <hash></strong></summary>
|
|
<p>Advanced hash type identification with confidence scoring and tool recommendations.</p>
|
|
<p><strong>Features:</strong></p>
|
|
<ul>
|
|
<li>100+ hash types including modern, legacy, and exotic algorithms</li>
|
|
<li>Color-coded confidence scoring (🟢 Very High to 🔴 Low)</li>
|
|
<li>Hashcat mode numbers and John the Ripper format names</li>
|
|
<li>Context-aware parsing for various hash formats</li>
|
|
</ul>
|
|
<p><strong>Supported Categories:</strong></p>
|
|
<ul>
|
|
<li><strong>Modern:</strong> yescrypt, scrypt, Argon2, bcrypt</li>
|
|
<li><strong>Unix/Linux:</strong> SHA-512/256 Crypt, MD5 Crypt, apr1</li>
|
|
<li><strong>Raw Hashes:</strong> MD5, SHA family, SHA-3, NTLM, LM</li>
|
|
<li><strong>Databases:</strong> MySQL, PostgreSQL, Oracle, MSSQL</li>
|
|
<li><strong>Web/CMS:</strong> WordPress, Drupal, phpBB3, Django</li>
|
|
<li><strong>LDAP:</strong> SSHA, SMD5, LDAP crypt formats</li>
|
|
<li><strong>Network:</strong> NetNTLMv1/v2, Kerberos</li>
|
|
<li><strong>Exotic:</strong> Whirlpool, RIPEMD, GOST, BLAKE2</li>
|
|
</ul>
|
|
<p><strong>Tool Integration:</strong></p>
|
|
<ul>
|
|
<li><strong>Hashcat:</strong> Mode numbers for <code>-m</code> parameter</li>
|
|
<li><strong>John:</strong> Format names for <code>--format=</code> parameter</li>
|
|
<li>Multi-tool compatibility</li>
|
|
</ul>
|
|
<p><strong>Examples:</strong></p>
|
|
<ul>
|
|
<li><code>!hashid 5d41402abc4b2a76b9719d911017c592</code> (MD5)</li>
|
|
<li><code>!hashid aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d</code> (SHA-1)</li>
|
|
<li><code>!hashid $6$rounds=5000$salt$hash...</code> (SHA-512 Crypt)</li>
|
|
<li><code>!hashid $y$j9T$...</code> (yescrypt - modern Linux)</li>
|
|
<li><code>!hashid 8846f7eaee8fb117ad06bdd830b7586c</code> (NTLM)</li>
|
|
<li><code>!hashid *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19</code> (MySQL)</li>
|
|
</ul>
|
|
<p><strong>Confidence Legend:</strong></p>
|
|
<ul>
|
|
<li>🟢 Very High (90-100%) - Single definitive match</li>
|
|
<li>🟡 High (80-89%) - Strong match with minor alternatives</li>
|
|
<li>🟠 Medium (60-79%) - Multiple plausible matches</li>
|
|
<li>🔴 Low (0-59%) - Uncertain, needs context</li>
|
|
</ul>
|
|
<p><em>Essential for penetration testers, forensic analysts, and password cracking</em></p>
|
|
</details>
|
|
|
|
<details><summary>🔐 <strong>!sslscan <domain[:port]></strong></summary>
|
|
<p>Comprehensive SSL/TLS security scanning and analysis with vulnerability detection.</p>
|
|
<p><strong>Features:</strong></p>
|
|
<ul>
|
|
<li>TLS 1.0-1.3 protocol support testing with security scoring</li>
|
|
<li>Certificate chain validation, expiration, and signature analysis</li>
|
|
<li>25+ cipher suite testing with strength classification</li>
|
|
<li>Vulnerability detection (POODLE, weak ciphers, protocol issues)</li>
|
|
<li>0-100 security rating with color-coded assessment</li>
|
|
<li>PCI DSS and modern security standards compliance checking</li>
|
|
</ul>
|
|
<p><strong>Security Checks:</strong></p>
|
|
<ul>
|
|
<li><strong>Protocol Security:</strong> TLS 1.2/1.3 enforcement, insecure protocol detection</li>
|
|
<li><strong>Certificate Health:</strong> Expiration monitoring, signature validation</li>
|
|
<li><strong>Cipher Security:</strong> RC4, DES, 3DES, NULL cipher detection</li>
|
|
<li><strong>Modern Standards:</strong> Forward Secrecy, strong encryption</li>
|
|
</ul>
|
|
<p><strong>Security Ratings:</strong></p>
|
|
<ul>
|
|
<li>🟢 <strong>Excellent (90-100)</strong> - Modern TLS with strong security</li>
|
|
<li>🟡 <strong>Good (80-89)</strong> - Good security, minor improvements needed</li>
|
|
<li>🟠 <strong>Fair (60-79)</strong> - Moderate security, significant improvements</li>
|
|
<li>🔴 <strong>Poor (0-59)</strong> - Critical issues requiring immediate attention</li>
|
|
</ul>
|
|
<p><strong>Examples:</strong></p>
|
|
<ul>
|
|
<li><code>!sslscan example.com</code></li>
|
|
<li><code>!sslscan github.com:443</code></li>
|
|
<li><code>!sslscan localhost:8443</code></li>
|
|
<li><code>!sslscan 192.168.1.1:443</code></li>
|
|
</ul>
|
|
<p><em>Essential for security teams, system administrators, and developers ensuring TLS compliance</em><br>
|
|
<em>Note: SSLv2/SSLv3 testing limited by Python security features</em></p>
|
|
</details>
|
|
|
|
|
|
|
|
<details><summary>📸 <strong>!sd [prompt]</strong></summary>
|
|
<p>Generates images using self-hosted Stable Diffusion. Supports options: --steps, --cfg, --h, --w, --neg, --sampler. Uses queuing system to handle multiple requests. See available options using just '!sd'.</p>
|
|
</details>
|
|
|
|
<details><summary>📄 <strong>!text [prompt]</strong></summary>
|
|
<p>Generates text using Ollama's Mistral 7B Instruct model. Options: --max_tokens, --temperature. Uses queuing system for sequential processing.</p>
|
|
</details>
|
|
|
|
<details><summary>📰 <strong>!xkcd</strong></summary>
|
|
<p>Fetches and displays a random XKCD comic. Downloads comic image and sends it directly to the chat room.</p>
|
|
</details>
|
|
|
|
<details><summary>🎬 <strong>YouTube Features</strong></summary>
|
|
<p>Automatic preview when YouTube links are posted. Shows video info, description, and attempts to fetch lyrics. Also supports !yt [search terms] for direct YouTube searching.</p>
|
|
</details>
|
|
|
|
<details><summary>⏱️ <strong>!cron [add|remove] [room_id] [cron_entry] [command]</strong></summary>
|
|
<p>Schedule automated commands using cron syntax. Add or remove cron jobs for specific rooms and commands.</p>
|
|
</details>
|
|
|
|
<details><summary>🔧 <strong>Admin Commands</strong></summary>
|
|
<p>
|
|
<strong>!set [option] [value]</strong> - Set configuration options (admin_user, prefix)<br>
|
|
<strong>!get [option]</strong> - Get configuration values<br>
|
|
<strong>!saveconf</strong> - Save current configuration<br>
|
|
<strong>!loadconf</strong> - Load saved configuration<br>
|
|
<strong>!show</strong> - Display current configuration<br>
|
|
<strong>!reset</strong> - Reset configuration to defaults<br>
|
|
<strong>!load [plugin]</strong> - Load a plugin<br>
|
|
<strong>!unload [plugin]</strong> - Unload a plugin<br>
|
|
<strong>!reload</strong> - Reload all plugins<br>
|
|
<strong>!disable [plugin] [room_id]</strong> - Disable a plugin for specific room<br>
|
|
<strong>!enable [plugin] [room_id]</strong> - Enable a plugin for specific room<br>
|
|
<strong>!rehash</strong> - Reload configuration<br>
|
|
<em>Note: Admin commands require admin_user privileges</em>
|
|
</p>
|
|
</details>
|
|
</p>
|
|
</details>
|
|
|
|
<details><summary><strong>🤖 Funguy Bot AI Commands</strong></summary>
|
|
<p>
|
|
<strong>Creative & Writing</strong>: !write, !script, !author, !poem, !rap, !story, !comic, !motiv, !debate, !crit, !litcrit<br>
|
|
<strong>Technical</strong>: !tech, !dev, !py, !php, !regex, !math, !web, !it, !security, !ai, !ml, !data, !game, !gaming<br>
|
|
<strong>Professional</strong>: !seo, !recruit, !coach, !devrel, !sales, !ceo, !mgmt, !startup, !invest, !fin, !acad<br>
|
|
<strong>Educational</strong>: !tutor, !teach, !edu, !hist, !astro, !chem, !psych, !meditate, !socrat, !philos<br>
|
|
<strong>Lifestyle</strong>: !fit, !health, !diet, !cook, !travel, !art, !music, !film, !selfhelp<br>
|
|
<strong>Specialized</strong>: !legal, !medical, !realest, !auto, !fashion, !design, !interior, !florist<br>
|
|
<strong>Communication</strong>: !pron, !spk, !speak, !eloc, !comm, !msg, !langdet<br>
|
|
<strong>Business</strong>: !eth, !browse, !search, !create, !review, !curation, !domain<br>
|
|
<strong>Entertainment</strong>: !char, !adv, !advgame, !esc, !title, !stats, !prompt<br>
|
|
<strong>Technical Specialties</strong>: !intv, !plag, !trv, !foot, !rel, !etymo, !magic, !counsel, !behavior, !mh, !log, !dental, !acc, !chef, !tea, !telemed, !law, !trans, !chess, !time, !dream, !r, !emergency, !worksheet, !test, !create, !guide, !diag, !therapy, !gen, !drunk, !rec, !techtrans, !proof, !spirit, !friend, !chat, !wiki, !kanji, !note, !enhance, !nav, !hypno, !critic, !comp, !journo, !pscoach, !makeup, !childcare, !writing, !syn, !shop, !dining<br>
|
|
|
|
<em>Each AI command uses specialized prompts optimized for different domains and interfaces with local AI models. Consult ai.json</em>
|
|
</p>
|
|
</details>
|
|
|
|
<details><summary>🌟 <strong>Funguy Bot Credits</strong></summary>
|
|
<p>
|
|
<strong>🧙♂️ Creator & Developer</strong>: HB is the author of 🍄Funguy Bot🍄. (@hashborgir:mozilla.org)<br>
|
|
<strong>🚀 Development Context</strong>: Created during recovery from two-level cervical spinal surgery (CDA Cervical Discectomy and Disc Arthroplasty)<br>
|
|
<br>
|
|
<strong>Join our Matrix Room</strong>: <a href="https://matrix.to/#/#selfhosting:mozilla.org">Self-hosting | Security | Sysadmin | Homelab | Programming</a>
|
|
</p>
|
|
</details>
|
|
"""
|
|
|
|
await bot.api.send_markdown_message(room.room_id, commands_message)
|
|
logging.info("Sent help documentation to the room")
|