Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

Last update: Jan 01, 2023

Overview

RedTeam Toolkit

Note: Only legal activities should be conducted with this project.
Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teaming together for the security specialist to identify vulnerabilities.

The cybersecurity open-source projects are integrated what will be a powerful toolkit together.

Currently it supports the following options:

FullScan (scan ports and vulnerabilities/CVEs on the target - PDF output)
Livehosts (scan all live hosts in the network scale - PDF output)
DirScan (scan all directories on a target - PDF output)
CVE Description ( CveID Search)
SSH Dictionary Attack
RDP BruteForce
WebApps Section
- F5 BIG-IP PoC ( CVE-2022-1388 )
- Apache Path Traversal PoC ( CVE-2021-41773 )
- Automated XSS Finder
- Web Crawler for gathering URLs
- SubDomain Enumeration
- HTTP Verb Tampering
- (SQLi will be added soon)
Windows Section (Being updated, other major CVEs will be added)
- Microsoft Exchange ProxyShell PoC ( CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 )
Linux Section to implement major Linux CVEs (UNDER MAINTENANCE)

📘 Installation Guide

Dockerized version of the Web-App is available now:

git clone https://github.com/signorrayan/RedTeam_toolkit.git && cd RedTeam_toolkit
docker-compose -f docker-compose.yml up -d --build && docker-compose -f docker-compose.yml exec webapp python manage.py createsuperuser
# Create your local user and webapp will be available on --------> 127.0.0.1:4334

If you prefer to build the project from scratch, you can find the installation guide in the Installation wiki page .
Please refer to Additional Information page about toolkit modules.

💻 Demo

You can find the Demo gifs in the Demo page

🔱 Contributing

Thanks to all Open-Source projects that helped me in this project .

❗ You see any issues
💫 You can make the project works better
💡 You have any suggestions/ideas such as adding other open-source tools
🌟 You have created a script that can add an useful functionality to this project and solve a problem

Please consider contributing to this project .
If you want to help us, don't be afraid to contribute! We have many things you can do to help out.
To contributing you can create an issue or (better) you can fork & create a pull request.

if you do not know where to start, please contact me by email [email protected]

Comments

Cannot download report

when im done scan i cannot download report even i see the "download" button in blue light and btw please help me why redteamtoolkit sometime put right passwd and username but is still show wrong passwd or user ? Thanks <3

opened by manhcot 7
cve desc problem ?

Hello signorrayan,

Is the CVE description tool is maintenance? I tried to search for several CVEs but without positive return.

CVE DESCRIPTION 2021-26408 The requested CVE is not found.

Thanks a lot.

opened by sephirothac 5
FATAL: password authentication failed for user "redteamuser"

Hello,

Thank you for your work on this project, I followed what you recommend for the deployment of your tool but I have an error for the creation of a user account for the frontweb of your tool.

Thank you very much for your help.

file .env SECRET_KEY='*********************************' SQL_HOST=db ALLOWED_HOSTS=localhost,127.0.0.1 SQL_DATABASE=redteam_toolkit_db SQL_USER=redteamuser SQL_PASSWORD=147r258r DATABASE=postgres

docker-compose -f docker-compose.yml up -d --build && docker-compose -f docker-compose.yml exec webapp python manage.py createsuperuser

/usr/local/lib/python3.8/site-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated "class": algorithms.Blowfish, Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 225, in connect self.connection = self.get_new_connection(conn_params) File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 203, in get_new_connection connection = Database.connect(**conn_params) File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 122, in connect conn = _connect(dsn, connection_factory=connection_factory, **kwasync) psycopg2.OperationalError: connection to server at "db" (192.168.160.2), port 5432 failed: FATAL: password authentication failed for user "redteamuser"

The above exception was the direct cause of the following exception:

Traceback (most recent call last): File "manage.py", line 22, in main() File "manage.py", line 18, in main execute_from_command_line(sys.argv) File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 446, in execute_from_command_line utility.execute() File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 440, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 414, in run_from_argv self.execute(*args, **cmd_options) File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 87, in execute return super().execute(*args, **options) File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 459, in execute self.check_migrations() File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 576, in check_migrations executor = MigrationExecutor(connections[DEFAULT_DB_ALIAS]) File "/usr/local/lib/python3.8/site-packages/django/db/migrations/executor.py", line 18, in init self.loader = MigrationLoader(self.connection) File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 58, in init self.build_graph() File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 235, in build_graph self.applied_migrations = recorder.applied_migrations() File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 81, in applied_migrations if self.has_table(): File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 57, in has_table with self.connection.cursor() as cursor: File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 284, in cursor return self._cursor() File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 260, in _cursor self.ensure_connection() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/db/utils.py", line 91, in exit raise dj_exc_value.with_traceback(traceback) from exc_value File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 225, in connect self.connection = self.get_new_connection(conn_params) File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 203, in get_new_connection connection = Database.connect(**conn_params) File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 122, in connect conn = _connect(dsn, connection_factory=connection_factory, **kwasync) django.db.utils.OperationalError: connection to server at "db" (192.168.160.2), port 5432 failed: FATAL: password authentication failed for user "redteamuser"

ERROR: 1

opened by sephirothac 4
python manage.py makemigrations (decouple.UndefinedValueError)

Hi When trying to execute this command, the following error raises:

Traceback (most recent call last): File "/home/hack/RedTeam_toolkit/manage.py", line 22, in main() File "/home/hack/RedTeam_toolkit/manage.py", line 18, in main execute_from_command_line(sys.argv) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 425, in execute_from_command_line utility.execute() File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 369, in execute settings.INSTALLED_APPS File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 84, in getattr self._setup(name) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 71, in _setup self._wrapped = Settings(settings_module) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 179, in init mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib/python3.9/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1030, in _gcd_import File "", line 1007, in _find_and_load File "", line 986, in _find_and_load_unlocked File "", line 680, in _load_unlocked File "", line 850, in exec_module File "", line 228, in _call_with_frames_removed File "/home/hack/RedTeam_toolkit/RedTeam_toolkit/settings.py", line 27, in SECRET_KEY = config("SECRET_KEY") File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 243, in call return self.config(*args, **kwargs) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 105, in call return self.get(*args, **kwargs) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 90, in get raise UndefinedValueError('{} not found. Declare it as envvar or define a default value.'.format(option)) decouple.UndefinedValueError: SECRET_KEY not found. Declare it as envvar or define a default value.

And here are the files in the folder:

Demo LICENSE.md manage.py README.md RedTeam_toolkit requirements.txt SECRET_KEY.env toolkit venv

opened by Abd659 1
python manage.py makemigrations error

python manage.py makemigrations 1 ⨯ Traceback (most recent call last): File "/home/monkey/RedTeam_toolkit/manage.py", line 22, in main() File "/home/monkey/RedTeam_toolkit/manage.py", line 18, in main execute_from_command_line(sys.argv) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 425, in execute_from_command_line utility.execute() File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 369, in execute settings.INSTALLED_APPS File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 84, in getattr self._setup(name) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 71, in _setup self._wrapped = Settings(settings_module) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 179, in init mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib/python3.9/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1030, in _gcd_import File "", line 1007, in _find_and_load File "", line 986, in _find_and_load_unlocked File "", line 680, in load_unlocked File "", line 850, in exec_module File "", line 228, in call_with_frames_removed File "/home/monkey/RedTeam_toolkit/RedTeam_toolkit/settings.py", line 27, in SECRET_KEY = config("l=s6j#f6(0*%r956dx%7fx([email protected]$m(%+kb7)ng=^4li6fhs2yt") File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 206, in call return self.config(*args, **kwargs) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 90, in call return self.get(*args, *kwargs) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 75, in get raise UndefinedValueError('{} not found. Declare it as envvar or define a default value.'.format(option)) decouple.UndefinedValueError: l=s6j#f6(0%r956dx%7fx([email protected]$m(%+kb7)ng=^4li6fhs2yt not found. Declare it as envvar or define a default value.

opened by phanthuthao 1
Bump django from 3.2.6 to 3.2.10
Bumps django from 3.2.6 to 3.2.10.

Commits

0153a63 [3.2.x] Bumped version for 3.2.10 release.

333c656 [3.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream...

6014b81 [3.2.x] Refs #33333 -- Fixed PickleabilityTestCase.test_annotation_with_calla...

cb724ef [3.2.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField o...

0cf2d48 [3.2.x] Added requirements.txt to files ignored by Sphinx builds.

487a2da [3.2.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25.

742d6bc [3.2.x] Corrected signatures of QuerySet's methods.

99532fd [3.2.x] Corrected isort example in coding style docs.

31539a6 [3.2.x] Corrected "pip install" call in coding style docs.

76a0a8a [3.2.x] Configured Read The Docs to build all formats.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
[Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1
This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

requirements.txt

⚠️ Warning

paramiko 2.11.0 requires pynacl, which is not installed.

Vulnerabilities that will be fixed

By pinning:

Severity | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
SNYK-PYTHON-SETUPTOOLS-3113904 | setuptools:
39.0.1 -> 65.5.1
| No | No Known Exploit

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
opened by signorrayan 0
[Snyk] Security upgrade python from 3.9.14-bullseye to 3.9.16-bullseye
This PR was automatically created by Snyk using the credentials of a real user.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Changes included in this PR

Dockerfile

We recommend upgrading to python:3.9.16-bullseye, as this image has only 272 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

| Severity | Priority Score / 1000 | Issue | Exploit Maturity | | :------: | :-------------------- | :---- | :--------------- | | | 614 | XML External Entity (XXE) Injection
SNYK-DEBIAN11-LIBXML2-3059797 | No Known Exploit | | | 614 | Integer Overflow or Wraparound
SNYK-DEBIAN11-LIBXML2-3059801 | No Known Exploit | | | **** | CVE-2022-46908
SNYK-DEBIAN11-SQLITE3-3167788 | No Known Exploit | | | **** | CVE-2022-46908
SNYK-DEBIAN11-SQLITE3-3167788 | No Known Exploit | | | 500 | Numeric Errors
SNYK-DEBIAN11-TIFF-3113871 | No Known Exploit |

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
opened by signorrayan 0
Bump certifi from 2022.5.18 to 2022.12.7
Bumps certifi from 2022.5.18 to 2022.12.7.

Commits

9e9e840 2022.12.07

b81bdb2 2022.09.24

939a28f 2022.09.14

aca828a 2022.06.15.2

de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...

b8eb5e9 2022.06.15.1

47fb7ab Fix deprecation warning on Python 3.11 (#199)

b0b48e0 fixes #198 -- update link in license

9d514b4 2022.06.15

4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump pillow from 9.2.0 to 9.3.0
Bumps pillow from 9.2.0 to 9.3.0.

Release notes

Sourced from pillow's releases.

9.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

Changes

Initialize libtiff buffer when saving #6699 [@radarhere]

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [@wiredfool]

Inline fname2char to fix memory leak #6329 [@nulano]

Fix memory leaks related to text features #6330 [@nulano]

Use double quotes for version check on old CPython on Windows #6695 [@hugovk]

GHA: replace deprecated set-output command with GITHUB_OUTPUT file #6697 [@nulano]

Remove backup implementation of Round for Windows platforms #6693 [@cgohlke]

Upload fribidi.dll to GitHub Actions #6532 [@nulano]

Fixed set_variation_by_name offset #6445 [@radarhere]

Windows build improvements #6562 [@nulano]

Fix malloc in _imagingft.c:font_setvaraxes #6690 [@cgohlke]

Only use ASCII characters in C source file #6691 [@cgohlke]

Release Python GIL when converting images using matrix operations #6418 [@hmaarrfk]

Added ExifTags enums #6630 [@radarhere]

Do not modify previous frame when calculating delta in PNG #6683 [@radarhere]

Added support for reading BMP images with RLE4 compression #6674 [@npjg]

Decode JPEG compressed BLP1 data in original mode #6678 [@radarhere]

pylint warnings #6659 [@marksmayo]

Added GPS TIFF tag info #6661 [@radarhere]

Added conversion between RGB/RGBA/RGBX and LAB #6647 [@radarhere]

Do not attempt normalization if mode is already normal #6644 [@radarhere]

Fixed seeking to an L frame in a GIF #6576 [@radarhere]

Consider all frames when selecting mode for PNG save_all #6610 [@radarhere]

Don't reassign crc on ChunkStream close #6627 [@radarhere]

Raise a warning if NumPy failed to raise an error during conversion #6594 [@radarhere]

Only read a maximum of 100 bytes at a time in IMT header #6623 [@radarhere]

Show all frames in ImageShow #6611 [@radarhere]

Allow FLI palette chunk to not be first #6626 [@radarhere]

If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode #6592 [@radarhere]

Round box position to integer when pasting embedded color #6517 [@radarhere]

Removed EXIF prefix when saving WebP #6582 [@radarhere]

Pad IM palette to 768 bytes when saving #6579 [@radarhere]

Added DDS BC6H reading #6449 [@ShadelessFox]

Added support for opening WhiteIsZero 16-bit integer TIFF images #6642 [@JayWiz]

Raise an error when allocating translucent color to RGB palette #6654 [@jsbueno]

Moved mode check outside of loops #6650 [@radarhere]

Added reading of TIFF child images #6569 [@radarhere]

Improved ImageOps palette handling #6596 [@PososikTeam]

Defer parsing of palette into colors #6567 [@radarhere]

Apply transparency to P images in ImageTk.PhotoImage #6559 [@radarhere]

Use rounding in ImageOps contain() and pad() #6522 [@bibinhashley]

Fixed GIF remapping to palette with duplicate entries #6548 [@radarhere]

Allow remap_palette() to return an image with less than 256 palette entries #6543 [@radarhere]

Corrected BMP and TGA palette size when saving #6500 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

9.3.0 (2022-10-29)

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

Initialize libtiff buffer when saving #6699 [radarhere]

Inline fname2char to fix memory leak #6329 [nulano]

Fix memory leaks related to text features #6330 [nulano]

Use double quotes for version check on old CPython on Windows #6695 [hugovk]

Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

Fixed set_variation_by_name offset #6445 [radarhere]

Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

Added ExifTags enums #6630 [radarhere]

Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

Added GPS TIFF tag info #6661 [radarhere]

Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

Do not attempt normalization if mode is already normal #6644 [radarhere]

... (truncated)

Commits

d594f4c Update CHANGES.rst [ci skip]

909dc64 9.3.0 version bump

1a51ce7 Merge pull request #6699 from hugovk/security-libtiff_buffer

2444cdd Merge pull request #6700 from hugovk/security-samples_per_pixel-sec

744f455 Added release notes

0846bfa Add to release notes

799a6a0 Fix linting

00b25fd Hide UserWarning in logs

05b175e Tighter test case

13f2c5a Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
[Snyk] Security upgrade pillow from 9.1.1 to 9.2.0
This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

requirements.txt

⚠️ Warning

proxy-db 0.3.1 requires sqlalchemy, which is not installed. paramiko 2.11.0 requires pynacl, which is not installed.

Vulnerabilities that will be fixed

By pinning:

Severity | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:-------------------------|:------------------------- | Denial of Service (DoS)
SNYK-PYTHON-PILLOW-3113875 | pillow:
9.1.1 -> 9.2.0
| No | No Known Exploit | Denial of Service (DoS)
SNYK-PYTHON-PILLOW-3113876 | pillow:
9.1.1 -> 9.2.0
| No | No Known Exploit

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS) 🦉 Denial of Service (DoS)
opened by signorrayan 0
[Snyk] Security upgrade gitpython from 3.1.29 to 3.1.30
Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

requirements.txt

⚠️ Warning

paramiko 2.12.0 requires pynacl, which is not installed.

Vulnerabilities that will be fixed

By pinning:

Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- | 619/1000
Why? Has a fix available, CVSS 8.1 | Remote Code Execution (RCE)
SNYK-PYTHON-GITPYTHON-3113858 | gitpython:
3.1.29 -> 3.1.30
| No | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)
opened by snyk-bot 0
[Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1
This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

requirements.txt

⚠️ Warning

paramiko 2.12.0 requires pynacl, which is not installed.

Vulnerabilities that will be fixed

By pinning:

Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- | 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
SNYK-PYTHON-SETUPTOOLS-3180412 | setuptools:
39.0.1 -> 65.5.1
| No | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
opened by signorrayan 0
request bruteforce ntlm

Hello,

Can you add in the solution the possibility to make brute force ntlm hash via hashcat or other, a little bit similar to this solution https://github.com/arcaneiceman/kraken
enhancement feature

opened by sephirothac 1
rdpbruteforce error

Hello,

Again thank you for your help I think that has a problem for the rdpbruteforce here is the log return:

"GET /windows/rdpbruteforce/ HTTP/1.1" 200 3662 Internal Server Error: /windows/rdpbruteforce/ Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py", line 55, in inner response = get_response(request) File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 197, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/decorators.py", line 23, in _wrapped_view return view_func(request, *args, **kwargs) File "/usr/src/redteam_toolkit/toolkit/views.py", line 238, in rdpbruteforce result = rdpbrute.rdpbrute_script(ip) File "/usr/src/redteam_toolkit/toolkit/scripts/windows/rdpbrute.py", line 15, in rdpbrute_script p = subprocess.run( File "/usr/local/lib/python3.8/subprocess.py", line 493, in run with Popen(*popenargs, **kwargs) as process: File "/usr/local/lib/python3.8/subprocess.py", line 858, in init self._execute_child(args, executable, preexec_fn, close_fds, File "/usr/local/lib/python3.8/subprocess.py", line 1704, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) FileNotFoundError: [Errno 2] No such file or directory: '/usr/src/redteam_toolkit/venv/bin/python' "POST /windows/rdpbruteforce/ HTTP/1.1" 500 93785

Thank you for your work.

opened by sephirothac 10

Releases(v0.1.5)

v0.1.5(May 9, 2022)
The Dockerized version (#19 ) of the RedTeam Toolkit. is deployed now Moreover, it now includes the following new modules:

CVE-2022-1388 PoC (for F5 BIG-IP

Automated XSS Finder

A new module for content discovery (Gathering all URLs)

Source code(tar.gz)
Source code(zip)
v0.1.4(Dec 16, 2021)
What's Changed

Add custom port for SSH Dictionary Attack.

Redesign SSH Dictionary attack output.

Django 4.0

Update Packages

Full Changelog: https://github.com/signorrayan/RedTeam_toolkit/compare/v0.1.3...v0.1.4
Source code(tar.gz)
Source code(zip)
v0.1.3(Dec 1, 2021)
Overview

Support 11 modules in 8 section.

Support multiprocessing in PDF output modules.

URL gathering and subdomain finder improvement.

What's Changed

GitHub Action to lint Python code by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/1

Make bandit and mypy mandatory tests by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/2

Add a simple test by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/3

black --check . by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/6

Make black a mandatory test by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/7

Make isort --profile black . a mandatory test (again) by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/9

import sys Is already done on line 8 by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/10

Update README.md by @signorrayan in https://github.com/signorrayan/RedTeam_toolkit/pull/13

Fix flake8 E713 test for membership should be 'not in' by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/12

Shreder Contributor by @enty8080 in https://github.com/signorrayan/RedTeam_toolkit/pull/14

Bump sqlparse from 0.4.1 to 0.4.2 by @dependabot in https://github.com/signorrayan/RedTeam_toolkit/pull/15

Fix 25 flake8 F403 and F405 issues by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/16

Fix flake8 F841 local variable is assigned to but never used by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/17

Make more flake8 tests mandatory by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/18

Referring information

Check Installation Guide

Check Demo

Check Additional Information about Modules

New Contributors

@cclauss made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/1

@signorrayan made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/13

@enty8080 made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/14

@dependabot made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/15

Full Changelog: https://github.com/signorrayan/RedTeam_toolkit/commits/v0.1.3
Source code(tar.gz)
Source code(zip)

Owner

Mohammadreza Sarayloo

GitHub Repository

♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

About Tool This plugin is made for more familiarity with Python, but can also be used to create passwords.

2 Jul 23, 2022

#whois it? Let's find out!

whois_bot #whois it? Let's find out! Currently in development: a gatekeeper bot for a community (https://t.me/IT_antalya) of 250+ expat IT pros of Ant

14 Jun 24, 2022

Raphael is a vulnerability scanning tool based on Python3.

Raphael Raphael是一款基于Python3开发的插件式漏洞扫描工具。 Raphael is a vulnerability scanning too

5 Mar 21, 2022

A fast tool to scan prototype pollution vulnerability

proto A fast tool to scan prototype pollution vulnerability Syntax python3 proto.py -l alive.txt Requirements Selenium Google Chrome Webdriver Note :

4 Aug 31, 2021

xray多线程批量扫描工具

Auto_xray xray多线程批量扫描工具简介 xray社区版貌似没有批量扫描，这就让安服仔使用起来很不方便，扫站得一个个手动添加，非常难受 Auto_xray目录下记得放xray，就跟平时一样的。选项1：oneforall+xray 输入一个主域名，自动采集子域名然后添加到xray任务列表

13 Nov 09, 2022

A toolkit for web reconnaissance, it's fast and easy to use.

A toolkit for web reconnaissance, it's fast and easy to use. File Structure httpsuite/ main.py init.py db/ db.py init.py subdomains_db directories_db

22 Jul 22, 2022

INFO 3350/6350, Spring 2022, Cornell

Information Science 3350/6350 Text mining for history and literature Staff and sections Instructor: Matthew Wilkens Graduate TAs: Federica Bologna, Ro

6 Feb 21, 2022

MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions

MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions (pdf, doc, docx, etc), and downloads them.

150 Jan 03, 2023

Early days of an Asset Discovery tool.

Please star this project! Written in Python Report Bug . Request Feature DISCLAIMER This project is in its early days, everything you see here is almo

3 Dec 20, 2022

🐎🖥《赛马娘》（ウマ娘: Pretty Derby）辅助脚本

auto-derby 自动化养马育成结果 Nurturing result 功能支持客户端 DMM （前台）实验性安卓 ADB 连接（后台）开发基于 1080x1920 分辨率团队赛 (Team race) 有胜利确定奖励时吃帕菲日常赛 (Daily race) PvP 活动赛 (Cha

376 Jan 01, 2023

CVE-2022-22965 - CVE-2010-1622 redux

CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la

20 Aug 25, 2022

C++ fully undetected shellcode launcher

charlotte c++ fully undetected shellcode launcher ;) releasing this to celebrate the birth of my newborn description 13/05/2021: c++ shellcode launche

894 Dec 25, 2022

S2-061 的payload，以及对应简单的PoC/Exp

S2-061 脚本皆根据vulhub的struts2-059/061漏洞测试环境来写的，不具普遍性，还望大佬多多指教 struts2-061-poc.py（可执行简单系统命令）用法：python struts2-061-poc.py http://ip:port command 例子：python

46 Oct 20, 2022

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

mailcat The only cat who can find existing email addresses by nickname. Usage First install requirements: pip3 install -r requirements.txt Then just

282 Dec 30, 2022

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

Related tags

Overview

RedTeam Toolkit

📘 Installation Guide

💻 Demo

🔱 Contributing

Comments

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

By pinning:

Changes included in this PR

9.3.0

Changes

9.3.0 (2022-10-29)

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

By pinning:

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

By pinning:

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

By pinning:

Releases(v0.1.5)

v0.1.5(May 9, 2022)

v0.1.4(Dec 16, 2021)

What's Changed

v0.1.3(Dec 1, 2021)

Overview

What's Changed

Referring information

New Contributors

Owner

Mohammadreza Sarayloo

♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

#whois it? Let's find out!

Raphael is a vulnerability scanning tool based on Python3.

A fast tool to scan prototype pollution vulnerability

xray多线程批量扫描工具

A toolkit for web reconnaissance, it's fast and easy to use.

INFO 3350/6350, Spring 2022, Cornell

MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions

Early days of an Asset Discovery tool.

🐎🖥《赛马娘》（ウマ娘: Pretty Derby）辅助脚本

CVE-2022-22965 - CVE-2010-1622 redux

C++ fully undetected shellcode launcher

S2-061 的payload，以及对应简单的PoC/Exp

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

Agile Threat Modeling Toolkit

A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Separate handling of protected media in Django, with X-Sendfile support

Omega - From Wordpress admin to pty

com_media allowed paths that are not intended for image uploads to RCE

Worm/Trojan/Ransomware/apt/Rootkit/Virus Database