feat: Order payloads by exploitability and impact (#16)

* feat: Order payloads by exploitability and impact
* feat: Add autorun mode (-a), for interactionless execution
* feat: Add autorun mode for single command mode
* fix: Python 2 compatibility issue

Author: Frissi0n

.github/workflows/docker-pytest.yml

@@ -26,9 +26,10 @@ jobs:
       - name: Run tests
         run: |
           docker run --name gtfonow_test_${{ matrix.python-version }} -d gtfonow_test:${{ matrix.python-version }}
-
+      - name: Wait
+        run: sleep 15
       - name: Run Pytest
-        run: docker exec gtfonow_test_${{ matrix.python-version }} su -l lowpriv -c "pytest -v --cov=gtfonow --cov-report=xml --cov-report=term-missing"
+        run: docker exec -u lowpriv gtfonow_test_${{ matrix.python-version }} pytest -v --cov=gtfonow --cov-report=xml --cov-report=term-missing
       - name: Copy coverage report from Docker container to host
         run: docker cp gtfonow_test_${{ matrix.python-version }}:/home/lowpriv/coverage.xml .
 

Dockerfile

@@ -23,10 +23,12 @@ RUN chmod u+s $(which tee)
 RUN chmod u+s $(which dd)
 RUN chmod u+s $(which mv)
 RUN chmod u+s $(which rbash)
-
+RUN pip install mock
 RUN useradd -ms /bin/bash lowpriv
 RUN useradd -ms /bin/bash higherpriv
-
+RUN ssh-keygen -N '' -f /root/.ssh/id_rsa
+RUN cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
+RUN echo "ONLY_ROOT_CAN_READ_THIS" > /root/proof.txt
 RUN echo "lowpriv ALL=(ALL) NOPASSWD: /usr/bin/head" >> /etc/sudoers
 RUN echo "lowpriv ALL=(higherpriv) NOPASSWD: /usr/bin/vim" >> /etc/sudoers