This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Related tags

Security related resourcesPYTHON-EXPLOITATION
Overview

PYTHON-EXPLOITATION

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Networking

tcp_clinet.py

The tcp_clinet.py script is used to push data to a server in the event that you are not able to use the typical networking tools. In the script we:

  • Create a socket object (line 8): the AF_INET parameter indicates we will use a standard IPv4 address or hostname, and SOCK_STREAM indicates that this will be a TCP client.
  • Connect to the client server (line 11): note that, since we are using a TCP client, we must first connect to our server (via the TCP handshake) to send data to it.
  • Send the server some data in bytes (line 14)
  • Recieve data back from the server and print out the response (line 17)

    Note that this script makes numerous assumptions about the server we are engaging with:

  • It assumes that our connection will always succeed as it does not have a fallback function in the event that the server rejects our connection.
  • It assumes that the server expects us to send data first. Sometimes, the server will want to send us data first - this is especially true if the server is being guarded by a firewall of some kind.
  • The script assumes that the server will always return data to us in a timely fashion.

    The assumptions are made for simplicity's sake. All things considered, sometimes less is more.

    udp_client.py

    Our udp_client.py script is much different from our tcp script, only that it it configured to send data via the user datagram protocol (but that much was obvious):

    • We change the socket type to SOCK_DGRAM to indicate that we will be using sending data via the UDP (line 6).
    • Also, notice that there is no connect() method beforehand, since we do not need to connect to a server beforehand using UDP. This is because UDP is a connectionaless protocol.
    • The last step is to call the recvfrom() method to receive UDP data back. This returns both the data and the details of the remote host and port (line 9).

    tcp_server.py

    The tcp_server.py is just that, a multi-threaded python TCP server that we can use in the event we want to write a command shell or craft a proxy.

    • Firstly, we pass in the IP address and port we want the server to listen on (line 9).
    • Next, we tell the server to simply start listening with a max backlog of connections set to 5 (line 10). Now ther server waits for a connection.
    • Once the clinet connects, we get the client socket in the client variable and the remote connection details in teh address variable.
    • We tehn start the thread to handle the client connection (line 17).
    • The handle_client function performs rec() and then sens a simple message back to the client.
    • Owner
    Nathan Galindo
    Hi, my name is Nathan Galindo and I am a cybersecurity student at Baylor University!
    Nathan Galindo
    GitHub Repository
    Industry ready custom API payload with an easy format for building Python APIs (Django/Django Rest Framework)

    Industry ready custom API payload with an easy format for building Python APIs (Django/Django Rest Framework) Yosh! If you are a django backend develo

    Abram (^o^) 7 Sep 30, 2022
    Notebooks, slides and dataset of the CorrelAid Machine Learning Winter School

    CorrelAid Machine Learning Spring School Welcome to the CorrelAid ML Spring School! In this repository you can find the slides and other files for the

    CorrelAid 12 Nov 23, 2022
    Cam-Hacker: Ip Cameras hack with python

    Cam-Hacker Hack Cameras Mode Of Execution: apt-get install python3 apt-get insta

    Error 4 You 9 Dec 17, 2022
    Installation of hacking tools

    Tools-Spartan This is a program that makes it easy for you to download and install tools used in Kali Linux, there are tons of tools available.

    1 Nov 10, 2021
    ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.

    ADExplorerSnapshot.py ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound. AD Explorer allows you to connect to a DC and browse L

    576 Dec 23, 2022
    Privilege escalation with polkit - CVE-2021-3560

    Polkit-exploit - CVE-2021-3560 Privilege escalation with polkit - CVE-2021-3560 Summary CVE-2021-3560 is an authentication bypass on polkit, which all

    Ahmad Almorabea 95 Dec 27, 2022
    A fast tool to scan prototype pollution vulnerability

    proto A fast tool to scan prototype pollution vulnerability Syntax python3 proto.py -l alive.txt Requirements Selenium Google Chrome Webdriver Note :

    Muhammed Mahdi 4 Aug 31, 2021
    Reverse engineered Parler API

    Parler's unofficial API with all endpoints present in their iOS app as of 08/12/2020. For the most part undocumented, but the error responses are alre

    393 Nov 26, 2022
    MVT is a forensic tool to look for signs of infection in smartphone devices

    Mobile Verification Toolkit Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic

    8.3k Jan 08, 2023
    PyPasser is a Python library for bypassing reCaptchaV3 only by sending 2 requests.

    PyPasser is a Python library for bypassing reCaptchaV3 only by sending 2 requests. In 1st request, gets token of captcha and in 2nd request,

    253 Jan 05, 2023
    Simple yara rule manager

    Yara Manager A simple program to manage your yara ruleset in a (sqlite) database. Todos Search rules and descriptions Cluster rules in rulesets Enforc

    Nils Kuhnert 65 Nov 17, 2022
    python写的一款免杀工具(shellcode加载器)BypassAV,国内杀软全过(windows denfend)

    python写的一款免杀工具(shellcode加载器)BypassAV,国内杀软全过(windows denfend)

    1frame 266 Jan 02, 2023
    Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。

    0x00 介绍 tig Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率,目前已集成微步、IP 域名反查、Fofa 信息收集、ICP 备案查询、IP 存活检测五个模块,现已支持以下信息的查询: ✅ 微步标签 ✅ I

    Wolf Group Security Team 698 Dec 09, 2022
    Cloud One Container Security Runtime Events Forwarder

    Example on how to query events by a RESTful API, compose CEF event format and send the events to an UDP receiver.

    Markus Winkler 3 Feb 10, 2022
    Windows Stack Based Auto Buffer Overflow Exploiter

    Autoflow - Windows Stack Based Auto Buffer Overflow Exploiter Autoflow is a tool that exploits windows stack based buffer overflow automatically.

    Himanshu Shukla 19 Dec 22, 2022
    Tool ini berfungsi untuk membuat virus secara instan

    vbug (ID) Tool ini berfungsi untuk membuat virus secara instan. Dengan begitu pengguna vbug maker dapat menggunakannya dengan mudah dan cepat. Di dala

    OneTXz 3 Jun 05, 2022
    MD5-CRACKER - A gmail brute force app created with python3

    MD5-CRACKER So this is my first app i created with python3 . if you guys downloa

    2 Nov 10, 2022
    ThePhish: an automated phishing email analysis tool

    ThePhish ThePhish is an automated phishing email analysis tool based on TheHive, Cortex and MISP. It is a web application written in Python 3 and base

    675 Jan 03, 2023
    Unicode fuzzer for various purposes

    UnicodeToy Unicode fuzzer for various purposes Unicode based on version 14.0 features Generate the shortest xss domain payload Generate unicode str, u

    33 Nov 27, 2022
    SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

    The SCodeScanner stands for Source Code Scanner, where you can scan your source code files like PHP and get identify the vulnerabilities inside it. The tool can use by Pentester, Developer to quickly

    136 Dec 13, 2022