# bash completion for netexec                                  -*- shell-script -*-

_nxc()
{
  local cur prev protocols protocol hosts
  COMPREPLY=()
  cur="${COMP_WORDS[COMP_CWORD]}"
  prev="${COMP_WORDS[COMP_CWORD - 1]}"
  protocol="${COMP_WORDS[1]}"
  protocols=("mssql" "smb" "ftp" "ldap" "nfs" "rdp" "ssh" "vnc" "winrm" "wmi")
  hosts=$(compgen -A hostname | grep -vE '^(localhost|parrot|ip6-localhost|ip6-loopback|ip6-allnodes|ip6-allrouters|ff02::1|ff02::2|::1|)$')

  # Show protocols (nxc <TAB>)
  if [[ $COMP_CWORD -eq 1 ]]; then
    COMPREPLY=( $(compgen -W "${protocols[*]}" -- "$cur") )
  fi

  # Suggest targets (nxc <protocol> <TAB>)
  if [[ $COMP_CWORD -eq 2 ]]; then
    COMPREPLY=( $(compgen -W "$hosts" -- "$cur") )

    ## Netexec also supports a wordlist of hosts
    if [[ -n "$cur" ]]; then
      localfiles=$(compgen -f -- "$cur")
      reply=$(printf "%s\n%s" "$hosts" "$localfiles" | sort -u)
      COMPREPLY=( $(compgen -W "$reply" -- "$cur") )
    fi
  fi

  # Protocol specific options (nxc <protocol> <target> -<TAB>)
  if [[ $cur == -* ]]; then
    COMPREPLY=( $(compgen -W "$(_parse_usage nxc $protocol)" -- "$cur") )
  fi

  # Specific switch completions
  case "$protocol" in
    ldap)
      case "$prev" in
        -d|--domain)
            COMPREPLY=( $(compgen -W "$hosts" -- "$cur") );;
        -c)
            collection_options=("Group LocalAdmin Session
                        Trusts Default DCOnly DCOM RDP PSRemote LoggedOn Container
                        ObjectProps ACL All")
            COMPREPLY=( $(compgen -W "$collection_options" -- "$cur") );;
      esac
      ;;
    mssql)
      case "$prev" in
        -d|--domain)
            COMPREPLY=( $(compgen -W "$hosts" -- "$cur") );;
      esac
      ;;
    rdp)
      case "$prev" in
        -d|--domain)
            COMPREPLY=( $(compgen -W "$hosts" -- "$cur") );;
      esac
      ;;
    smb)
      case "$prev" in
        -d|--domain)
            COMPREPLY=( $(compgen -W "$hosts" -- "$cur") );;
        --sam|--lsa)
            COMPREPLY=( $(compgen -W "secdump regdump" -- "$cur") );;
        --ntds)
            COMPREPLY=( $(compgen -W "vss drsuapi" -- "$cur") );;
        --dpapi)
            COMPREPLY=( $(compgen -W "nosystem cookies" -- "$cur") );;
        --sccm)
            COMPREPLY=( $(compgen -W "disk wmi" -- "$cur") );;
        --exec-method)
            COMPREPLY=( $(compgen -W "wmiexec mmcexec atexec smbexec" -- "$cur") );;
        --server)
            COMPREPLY=( $(compgen -W "http https") -- "$cur");;
      esac
      ;;
    ssh)
      case "$prev" in
        --sudo-check-method)
            COMPREPLY=( $(compgen -W "mkfifo sudo-stdin") -- "$cur");;
        --server)
            COMPREPLY=( $(compgen -W "https http") -- "$cur");;
      esac
      ;;
    winrm)
      case "$prev" in
        -d|--domain)
            COMPREPLY=( $(compgen -W "$hosts" -- "$cur") );;
        --dump-method)
            COMPREPLY=( $(compgen -W "cmd powershell" -- "$cur") );;
      esac
      ;;
    wmi)
      case "$prev" in
        -d|--domain)
            COMPREPLY=( $(compgen -W "$hosts" -- "$cur") );;
        --exec-method)
            COMPREPLY=( $(compgen -W "wmiexec wmiexec-event" -- "$cur") );;
      esac
  esac


  ### This is too opionated - Will eventually refactor it to use nxcdb 
  #local passwords
  #local usernames
  ## Prepare username and password suggestions for -u and -p
  #for f in "./creds.txt" "./creds"; do
  #  if [[ -r "$f" ]]; then
  #    #usernames=$(awk -F: 'NF >= 2 && $1 != "" {print $1}' "$f")
  #    usernames=$(awk -F: '{ if (NF > 1) { split($1, a, " "); print a[length(a)] } }' "$f")
  #    #passwords=$(awk -F: 'NF >= 2 && $2 != "" {print $2}' "$f")
  #    passwords=$(awk -F: '{ if (NF > 1) { split($2, a, " "); print a[1] } }' "$f")
  #    break
  #  fi
  #done
  #if [[ "$prev" == "-u" || "$prev" == "--username" ]]; then
  #  COMPREPLY=( $(compgen -W "$usernames" -- "$cur") )
  #fi
  #if [[ "$prev" == "-p" || "$prev" == "--password" ]]; then
  #  COMPREPLY=( $(compgen -W "$passwords" -- "$cur") )
  #fi

}

complete -o bashdefault -o default -F _nxc nxc

# ex: filetype=sh
