This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Related tags

Security related resourcesPYTHON-EXPLOITATION
Overview

PYTHON-EXPLOITATION

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Networking

tcp_clinet.py

The tcp_clinet.py script is used to push data to a server in the event that you are not able to use the typical networking tools. In the script we:

  • Create a socket object (line 8): the AF_INET parameter indicates we will use a standard IPv4 address or hostname, and SOCK_STREAM indicates that this will be a TCP client.
  • Connect to the client server (line 11): note that, since we are using a TCP client, we must first connect to our server (via the TCP handshake) to send data to it.
  • Send the server some data in bytes (line 14)
  • Recieve data back from the server and print out the response (line 17)

    Note that this script makes numerous assumptions about the server we are engaging with:

  • It assumes that our connection will always succeed as it does not have a fallback function in the event that the server rejects our connection.
  • It assumes that the server expects us to send data first. Sometimes, the server will want to send us data first - this is especially true if the server is being guarded by a firewall of some kind.
  • The script assumes that the server will always return data to us in a timely fashion.

    The assumptions are made for simplicity's sake. All things considered, sometimes less is more.

    udp_client.py

    Our udp_client.py script is much different from our tcp script, only that it it configured to send data via the user datagram protocol (but that much was obvious):

    • We change the socket type to SOCK_DGRAM to indicate that we will be using sending data via the UDP (line 6).
    • Also, notice that there is no connect() method beforehand, since we do not need to connect to a server beforehand using UDP. This is because UDP is a connectionaless protocol.
    • The last step is to call the recvfrom() method to receive UDP data back. This returns both the data and the details of the remote host and port (line 9).

    tcp_server.py

    The tcp_server.py is just that, a multi-threaded python TCP server that we can use in the event we want to write a command shell or craft a proxy.

    • Firstly, we pass in the IP address and port we want the server to listen on (line 9).
    • Next, we tell the server to simply start listening with a max backlog of connections set to 5 (line 10). Now ther server waits for a connection.
    • Once the clinet connects, we get the client socket in the client variable and the remote connection details in teh address variable.
    • We tehn start the thread to handle the client connection (line 17).
    • The handle_client function performs rec() and then sens a simple message back to the client.
    • Owner
    Nathan Galindo
    Hi, my name is Nathan Galindo and I am a cybersecurity student at Baylor University!
    Nathan Galindo
    GitHub Repository
    exchange-ssrf-rce

    Usage python3 .\exchange-exp.py -------------------------------------------------------------------------------- |

    Jen 76 Nov 09, 2022
    Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

    Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

    Astro 9 Sep 27, 2022
    Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

    The Recon-ng Framework Recon-ng content now available on Pluralsight! Recon-ng is a full-featured reconnaissance framework designed with the goal of p

    2.4k Jan 07, 2023
    com_media allowed paths that are not intended for image uploads to RCE

    CVE-2021-23132 com_media allowed paths that are not intended for image uploads to RCE. CVE-2020-24597 Directory traversal in com_media to RCE Two CVEs

    KIEN HOANG 67 Nov 09, 2022
    Instagram brute force tool that uses tor as its proxy connections

    Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

    Liam 3 Jan 28, 2022
    Android Malware Behavior Deleter

    Android Malware Behavior Deleter UDcide UDcide is a tool that provides alternative way to deal with Android malware. We help you to detect and remove

    27 Sep 23, 2022
    ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

    ExProlog ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065) Usage: exprolog.py [OPTIONS] ExProlog -

    Herwono W. Wijaya 130 Dec 15, 2022
    FIVE, Vulnerability Scanner And Mass Exploiter, made for pentesting.

    $ FIVE - FIVE is a Pentesting Framework to Test the Security & Integrity of a Website, or Multiple Websites. $ Info FIVE Was Made After Vulnnr to Prod

    Neon 24 Dec 10, 2021
    CVE-2021-45232-RCE-多线程批量漏洞检测

    CVE-2021-45232-RCE CVE-2021-45232-RCE-多线程批量漏洞检测 FOFA 查询 title="Apache APISIX Das

    孤桜懶契 36 Sep 21, 2022
    All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

    All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

    Cracker 331 Jan 01, 2023
    Webpack自动化信息收集

    Webpack-信息收集工具 郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担。 0x01 介绍 作者:小洲 团队:横戈安全团队,未来一段时间将陆续开源工具,欢迎关注微信公众号: 定位:协助红队人员快速的信息收集,测绘目

    小洲 214 Dec 19, 2022
    Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

    Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the conte

    hashlookup 96 Dec 20, 2022
    Simple Dos-Attacker.

    dos-attacker ❕ Atenção Não ataque sites privados. isto é illegal. 🖥️ Pré-requisitos Ultima versão do Python3. para verificar isto, é bem simples. Bas

    Dio brando 10 Apr 15, 2022
    🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

    Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

    QeeqBox 259 Dec 31, 2022
    Fast Fb Cracking Tool

    fb-brute Fast Fb Cracking Tool 🏆

    Aryan 8 Jun 29, 2022
    A simple password generator using Python Tkinter.

    Password-Generator-using-Python A simple password generator that generates password for you. User can Copy the password to Clipboard. Project made usi

    Prashant Agheda 1 Nov 02, 2022
    SecurAID securely connects aid organizations directly with individuals in dangerous situations to allow them to discreetly and effectively get the assistance they need.

    SecurAID securely connects aid organizations directly with individuals in dangerous situations to allow them to discreetly and effec

    Ty K 2 Mar 23, 2022
    Data Recovery from your broken Android phone

    Broken Phone Recovery a guide how to backup data from your locked android phone if you broke your screen (and more) you can skip some steps depending

    v1nc 25 Sep 23, 2022
    PreviewGram is for users that wants get a more private experience with the Telegram's Channel.

    PreviewGram is for users that wants get a more private experience with the Telegram's Channel.

    1 Sep 25, 2022
    A fast sub domain brute tool for pentesters

    subDomainsBrute 1.4 A fast sub domain brute tool for pentesters. It works with P

    Oliver 2 Oct 18, 2022