This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Related tags

Security related resourcesPYTHON-EXPLOITATION
Overview

PYTHON-EXPLOITATION

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Networking

tcp_clinet.py

The tcp_clinet.py script is used to push data to a server in the event that you are not able to use the typical networking tools. In the script we:

  • Create a socket object (line 8): the AF_INET parameter indicates we will use a standard IPv4 address or hostname, and SOCK_STREAM indicates that this will be a TCP client.
  • Connect to the client server (line 11): note that, since we are using a TCP client, we must first connect to our server (via the TCP handshake) to send data to it.
  • Send the server some data in bytes (line 14)
  • Recieve data back from the server and print out the response (line 17)

    Note that this script makes numerous assumptions about the server we are engaging with:

  • It assumes that our connection will always succeed as it does not have a fallback function in the event that the server rejects our connection.
  • It assumes that the server expects us to send data first. Sometimes, the server will want to send us data first - this is especially true if the server is being guarded by a firewall of some kind.
  • The script assumes that the server will always return data to us in a timely fashion.

    The assumptions are made for simplicity's sake. All things considered, sometimes less is more.

    udp_client.py

    Our udp_client.py script is much different from our tcp script, only that it it configured to send data via the user datagram protocol (but that much was obvious):

    • We change the socket type to SOCK_DGRAM to indicate that we will be using sending data via the UDP (line 6).
    • Also, notice that there is no connect() method beforehand, since we do not need to connect to a server beforehand using UDP. This is because UDP is a connectionaless protocol.
    • The last step is to call the recvfrom() method to receive UDP data back. This returns both the data and the details of the remote host and port (line 9).

    tcp_server.py

    The tcp_server.py is just that, a multi-threaded python TCP server that we can use in the event we want to write a command shell or craft a proxy.

    • Firstly, we pass in the IP address and port we want the server to listen on (line 9).
    • Next, we tell the server to simply start listening with a max backlog of connections set to 5 (line 10). Now ther server waits for a connection.
    • Once the clinet connects, we get the client socket in the client variable and the remote connection details in teh address variable.
    • We tehn start the thread to handle the client connection (line 17).
    • The handle_client function performs rec() and then sens a simple message back to the client.
    • Owner
    Nathan Galindo
    Hi, my name is Nathan Galindo and I am a cybersecurity student at Baylor University!
    Nathan Galindo
    GitHub Repository
    DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

    DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

    2 Feb 05, 2022
    Security System using OpenCV

    Security-System Security System using OpenCV Files in this Repository: email_send.py - This file contains python code to send an email when something

    Mehul Patwari 1 Oct 28, 2021
    Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

    Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

    Jet Berry's 21 Jan 01, 2023
    Simple Dos-Attacker.

    dos-attacker ❕ Atenção Não ataque sites privados. isto é illegal. 🖥️ Pré-requisitos Ultima versão do Python3. para verificar isto, é bem simples. Bas

    Dio brando 10 Apr 15, 2022
    A Fast Broken Link Hijacker Tool written in Python

    Broken Link Hijacker BrokenLinkHijacker(BLH) is a Fast Broken Link Hijacker Tool written in Python.

    Mayank Pandey 70 Nov 30, 2022
    A burp-suite plugin that extract all parameter names from in-scope requests

    ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe

    29 Nov 09, 2022
    Python lib to automate basic QFT calculations like Wick-contractions.

    QFTools Python lib to automate basic QFT calculations like Wick-contractions. Features Wick contractions for real scalar fields Wick contractions for

    2 Aug 21, 2022
    Website OSINT untuk mencari informasi dari email dan nomor telepon. Dibuat dengan React dan Flask.

    Inspektur Cari informasi mengenai email dan nomor telepon dengan mudah. Inspektur adalah aplikasi OSINT yang berguna untuk mencari informasi berdasark

    Bagas Wastu 36 Dec 04, 2022
    Some Attacks of Exchange SSRF ProxyLogon&ProxyShell

    Some Attacks of Exchange SSRF This project is heavily replicated in ProxyShell, NtlmRelayToEWS https://mp.weixin.qq.com/s/GFcEKA48bPWsezNdVcrWag Get 1

    Jumbo 129 Dec 30, 2022
    Python script to tamper with pages to test for Log4J Shell vulnerability.

    log4jShell Scanner This shell script scans a vulnerable web application that is using a version of apache-log4j 2.15.0. This application is a static

    GoVanguard 8 Oct 20, 2022
    Separate handling of protected media in Django, with X-Sendfile support

    Django Protected Media Django Protected Media is a Django app that manages media that are considered sensitive in a protected fashion. Not only does t

    Cobus Carstens 46 Nov 12, 2022
    Proof-of-concept obfuscation toolkit for C# post-exploitation tools

    InvisibilityCloak Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio proj

    259 Dec 19, 2022
    DCSync - DCSync Attack from Outside using Impacket

    Adding DCSync Permissions Mostly copypasta from https://github.com/tothi/rbcd-at

    n00py 77 Dec 16, 2022
    Generate obfuscated meterpreter shells

    Generator Evade AV with obfuscated payloads Installation must install dotnet prior to running the script with net45 Running ./generator.py -ip Your-I

    Fawaz Al-Mutairi 219 Nov 28, 2022
    A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps

    boring-flutter A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps. Currently only supporting

    Hamza 64 Oct 18, 2022
    This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)

    zip-symlink-payload-creator This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload

    stark0de 6 Aug 18, 2022
    Simple tool to create passwords.

    PasswordGenerator Simple password generator: -Simplisitc Window Application -Allows Numbers, Symbols & letters upper and lowercase -Restricts rows of

    DM 1 Jan 10, 2022
    LaxrFar Python Obfuscator

    LaxrFar Python Obfuscator Usage First do the things from "Upload to Webserver" o

    LaxrFar 5 Jul 19, 2022
    A secure way of storing your passwords.

    StrongBox 🔐 A secure way of storing your passwords. 🔑 Why to use StrongBox? StrongBox makes it possible to have a random generated strong password i

    Dylan Tintenfich 5 Dec 25, 2021
    Reverse engineered Parler API

    Parler's unofficial API with all endpoints present in their iOS app as of 08/12/2020. For the most part undocumented, but the error responses are alre

    393 Nov 26, 2022