This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Overview

PYTHON-EXPLOITATION

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Networking

tcp_clinet.py

The tcp_clinet.py script is used to push data to a server in the event that you are not able to use the typical networking tools. In the script we:

  • Create a socket object (line 8): the AF_INET parameter indicates we will use a standard IPv4 address or hostname, and SOCK_STREAM indicates that this will be a TCP client.
  • Connect to the client server (line 11): note that, since we are using a TCP client, we must first connect to our server (via the TCP handshake) to send data to it.
  • Send the server some data in bytes (line 14)
  • Recieve data back from the server and print out the response (line 17)

    Note that this script makes numerous assumptions about the server we are engaging with:

  • It assumes that our connection will always succeed as it does not have a fallback function in the event that the server rejects our connection.
  • It assumes that the server expects us to send data first. Sometimes, the server will want to send us data first - this is especially true if the server is being guarded by a firewall of some kind.
  • The script assumes that the server will always return data to us in a timely fashion.

    The assumptions are made for simplicity's sake. All things considered, sometimes less is more.

    udp_client.py

    Our udp_client.py script is much different from our tcp script, only that it it configured to send data via the user datagram protocol (but that much was obvious):

    • We change the socket type to SOCK_DGRAM to indicate that we will be using sending data via the UDP (line 6).
    • Also, notice that there is no connect() method beforehand, since we do not need to connect to a server beforehand using UDP. This is because UDP is a connectionaless protocol.
    • The last step is to call the recvfrom() method to receive UDP data back. This returns both the data and the details of the remote host and port (line 9).

    tcp_server.py

    The tcp_server.py is just that, a multi-threaded python TCP server that we can use in the event we want to write a command shell or craft a proxy.

    • Firstly, we pass in the IP address and port we want the server to listen on (line 9).
    • Next, we tell the server to simply start listening with a max backlog of connections set to 5 (line 10). Now ther server waits for a connection.
    • Once the clinet connects, we get the client socket in the client variable and the remote connection details in teh address variable.
    • We tehn start the thread to handle the client connection (line 17).
    • The handle_client function performs rec() and then sens a simple message back to the client.
  • Owner
    Nathan Galindo
    Hi, my name is Nathan Galindo and I am a cybersecurity student at Baylor University!
    Nathan Galindo
    STATS305C: Applied Statistics III (Spring, 2022)

    STATS305C: Applied Statistics III Instructor: Scott Linderman TA: Matt MacKay, James Yang Term: Spring 2022 Stanford University Course Description: Pr

    Scott Linderman 14 Aug 11, 2022
    Tools for investigating Log4j CVE-2021-44228

    Log4jTools Tools for investigating Log4j CVE-2021-44228 FetchPayload.py (Get java payload from ldap path provided in JNDI lookup). Example command: Re

    MalwareTech 91 Dec 29, 2022
    DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE

    DepFine DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE Installation: You Can inst

    Hossam mesbah 14 Nov 11, 2022
    Searches through git repositories for high entropy strings and secrets, digging deep into commit history

    truffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accident

    Truffle Security 10.1k Jan 09, 2023
    集成crawlergo、xray、dirsearch、nmap等工具的src漏洞挖掘工具,使用docker封装运行;

    tools下有几个工具,所以项目文件比较大,如果下载总是中断的话建议拆开下载各个项目然后直接拷贝dockefile和recon.py即可 0x01 hscan介绍 hscan是什么 hscan是一款旨在使用一条命令替代渗透前的多条扫描命令,通过集成crawlergo扫描和xray扫描、dirsear

    102 Jan 04, 2023
    windows电脑查看全部连接过的WiFi密码

    python WIFI历史密码查看器 WIFI密码查看器 原理 win+R,输入cmd打开命令行窗口 #这个命令可以列出你所有连接过的wifi netsh wlan show profiles #替换你要查找的WiFi名称,就可以显示出这个wifi的所有信息,包括密码 netsh wlan show

    GMYXDS 15 Dec 22, 2022
    The Multi-Tool Web Vulnerability Scanner.

    🟥 RapidScan v1.2 - The Multi-Tool Web Vulnerability Scanner RapidScan has been ported to Python3 i.e. v1.2. The Python2.7 codebase is available on v1

    skavngr 1.3k Dec 31, 2022
    Exploit grafana Pre-Auth LFI

    Grafana-LFI-8.x Exploit grafana Pre-Auth LFI How to use python3

    2 Jul 25, 2022
    Tools Crack Fb Terbaru

    Tools Crack Fb Terbaru

    Jeeck 12 Jan 06, 2022
    Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

    Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Above is an adversarial example: the slightly pert

    Anish Athalye 838 Dec 18, 2022
    Add a Web Server based on Rogue Mysql Server to allow remote user get

    介绍 对于需要使用 Rogue Mysql Server 的漏洞来说,若想批量检测这种漏洞的话需要自备一个服务器。并且我常用的Rogue Mysql Server 脚本 不支持动态更改读取文件名、不支持远程用户访问读取结果、不支持批量化检测网站。于是乎萌生了这个小脚本的想法 Rogue-MySql-

    6 May 17, 2022
    CVE-2022-22536 - SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536

    CVE-2022-22536 SAP memory pipes desynchronization vulnerability(MPI) CVE-2022-22

    antx 49 Nov 09, 2022
    A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries

    A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including P

    neeraj 95 Dec 26, 2022
    Update of uncaptcha2 from 2019

    YouTube Video Proof of Concept I created a new YouTube Video with technical Explanation for breaking Google's Audio reCAPTCHAs: Click on the image bel

    Nikolai Tschacher 153 Dec 20, 2022
    Script for automatic dump and brute-force passwords using Volatility Framework

    Volatility-auto-hashdump Script for automatic dump and brute-force passwords using Volatility Framework

    whoamins 11 Apr 11, 2022
    Visius Heimdall is a tool that checks for risks on your cloud infrastructure

    Heimdall Cloud Checker 🇧🇷 About Visius is a Brazilian cybersecurity startup that follows the signs of the crimson thunder ;) 🎸 ! As we value open s

    visius 48 Jun 20, 2022
    Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

    log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

    Víctor García 187 Jan 03, 2023
    Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

    django-permissions-policy Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app. Requirements Python 3.

    Adam Johnson 76 Nov 30, 2022
    Brainly-Scrambler - Brainly Scrambler With Python

    Brainly-Scrambler Untuk admin brainly jangan lupa pasang captcha mu Note: Kamu

    8 Feb 24, 2022
    Credit Card And SK Checker Written In Python

    💳 Credit Card Checker (CC Checker) & Mass SK Checker & Generator 💳

    Rimuru Tempest 53 Dec 31, 2022