This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Related tags

Security related resourcesPYTHON-EXPLOITATION
Overview

PYTHON-EXPLOITATION

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Networking

tcp_clinet.py

The tcp_clinet.py script is used to push data to a server in the event that you are not able to use the typical networking tools. In the script we:

  • Create a socket object (line 8): the AF_INET parameter indicates we will use a standard IPv4 address or hostname, and SOCK_STREAM indicates that this will be a TCP client.
  • Connect to the client server (line 11): note that, since we are using a TCP client, we must first connect to our server (via the TCP handshake) to send data to it.
  • Send the server some data in bytes (line 14)
  • Recieve data back from the server and print out the response (line 17)

    Note that this script makes numerous assumptions about the server we are engaging with:

  • It assumes that our connection will always succeed as it does not have a fallback function in the event that the server rejects our connection.
  • It assumes that the server expects us to send data first. Sometimes, the server will want to send us data first - this is especially true if the server is being guarded by a firewall of some kind.
  • The script assumes that the server will always return data to us in a timely fashion.

    The assumptions are made for simplicity's sake. All things considered, sometimes less is more.

    udp_client.py

    Our udp_client.py script is much different from our tcp script, only that it it configured to send data via the user datagram protocol (but that much was obvious):

    • We change the socket type to SOCK_DGRAM to indicate that we will be using sending data via the UDP (line 6).
    • Also, notice that there is no connect() method beforehand, since we do not need to connect to a server beforehand using UDP. This is because UDP is a connectionaless protocol.
    • The last step is to call the recvfrom() method to receive UDP data back. This returns both the data and the details of the remote host and port (line 9).

    tcp_server.py

    The tcp_server.py is just that, a multi-threaded python TCP server that we can use in the event we want to write a command shell or craft a proxy.

    • Firstly, we pass in the IP address and port we want the server to listen on (line 9).
    • Next, we tell the server to simply start listening with a max backlog of connections set to 5 (line 10). Now ther server waits for a connection.
    • Once the clinet connects, we get the client socket in the client variable and the remote connection details in teh address variable.
    • We tehn start the thread to handle the client connection (line 17).
    • The handle_client function performs rec() and then sens a simple message back to the client.
    • Owner
    Nathan Galindo
    Hi, my name is Nathan Galindo and I am a cybersecurity student at Baylor University!
    Nathan Galindo
    GitHub Repository
    Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.

    Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more. BLOG COMING SOON Code and README.md this time around are

    96 Dec 14, 2022
    A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

    log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

    Duc Linh Nguyen 4 Aug 08, 2022
    Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

    CVE-2021-41773 Fast python tool to test apache path traversal CVE-2021-41773 in a List of url Usage :- create a live urls file and use the flag "-l" p

    Zahir Tariq 12 Nov 09, 2022
    Separate handling of protected media in Django, with X-Sendfile support

    Django Protected Media Django Protected Media is a Django app that manages media that are considered sensitive in a protected fashion. Not only does t

    Cobus Carstens 46 Nov 12, 2022
    A honey token manager and alert system for AWS.

    SpaceSiren SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey token

    287 Nov 09, 2022
    CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight;

    CloakifyFactory CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of

    3 Oct 18, 2022
    A collection of intelligence about Log4Shell and its exploitation activity

    Log4Shell-IOCs Members of the Curated Intelligence Trust Group have compiled a list of IOC feeds and threat reports focused on the recent Log4Shell ex

    Curated Intel 172 Nov 17, 2022
    The Devils Eye is an OSINT tool that searches the Darkweb for onion links and descriptions that match with the users query without requiring the use for Tor.

    The Devil's Eye searches the darkweb for information relating to the user's query and returns the results including .onion links and their description

    Richard Mwewa 135 Dec 31, 2022
    Python script to tamper with pages to test for Log4J Shell vulnerability.

    log4jShell Scanner This shell script scans a vulnerable web application that is using a version of apache-log4j 2.15.0. This application is a static

    GoVanguard 8 Oct 20, 2022
    PoC for CVE-2021-26855 -Just a checker-

    CVE-2021-26855 PoC for CVE-2021-26855 -Just a checker- Usage python3 CVE-2021-26855.py -u https://mail.example.com -c example.burpcollaborator.net # C

    Abdullah AlZahrani 17 Dec 22, 2022
    Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

    Cowrie Welcome to the Cowrie GitHub repository This is the official repository for the Cowrie SSH and Telnet Honeypot effort. What is Cowrie Cowrie is

    Cowrie 4.1k Jan 09, 2023
    About Hive Burp Suite Extension

    Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss

    7 Dec 07, 2022
    Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts.

    Oh365 User Finder Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to ident

    Joe Helle 414 Jan 02, 2023
    Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022

    TSAR Source code for NAACL 2022 paper: A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction. 🔥 Introduction We focus on extra

    21 Sep 24, 2022
    open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

    CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre

    Taroballz 7 Nov 09, 2022
    wsvuls - website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.]

    WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What's WSVuls? WSVuls is a simple and powerf

    Anouar Ben Saad 47 Sep 22, 2022
    Reverse engineered Parler API

    Parler's unofficial API with all endpoints present in their iOS app as of 08/12/2020. For the most part undocumented, but the error responses are alre

    393 Nov 26, 2022
    Python Toolkit containing different Cyber Attacks Tools

    Helikopter Python Toolkit containing different Cyber Attacks Tools. Tools in Helikopter Toolkit 1. FattyNigger (PYTHON WORM) 2. Taxes (PYTHON PASS EXT

    Saqlain Naqvi 22 Dec 04, 2022
    Scan your logs for CVE-2021-44228 related activity and report the attackers

    jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report

    js-on 2 Nov 24, 2022
    IPscan - This Script is Framework To automate IP process large scope For Bug Hunting

    IPscan This Script is Framework To automate IP process large scope For Bug Hunti

    0xd2rdir 8 Mar 12, 2022