This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Related tags

Security related resourcesPYTHON-EXPLOITATION
Overview

PYTHON-EXPLOITATION

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Networking

tcp_clinet.py

The tcp_clinet.py script is used to push data to a server in the event that you are not able to use the typical networking tools. In the script we:

  • Create a socket object (line 8): the AF_INET parameter indicates we will use a standard IPv4 address or hostname, and SOCK_STREAM indicates that this will be a TCP client.
  • Connect to the client server (line 11): note that, since we are using a TCP client, we must first connect to our server (via the TCP handshake) to send data to it.
  • Send the server some data in bytes (line 14)
  • Recieve data back from the server and print out the response (line 17)

    Note that this script makes numerous assumptions about the server we are engaging with:

  • It assumes that our connection will always succeed as it does not have a fallback function in the event that the server rejects our connection.
  • It assumes that the server expects us to send data first. Sometimes, the server will want to send us data first - this is especially true if the server is being guarded by a firewall of some kind.
  • The script assumes that the server will always return data to us in a timely fashion.

    The assumptions are made for simplicity's sake. All things considered, sometimes less is more.

    udp_client.py

    Our udp_client.py script is much different from our tcp script, only that it it configured to send data via the user datagram protocol (but that much was obvious):

    • We change the socket type to SOCK_DGRAM to indicate that we will be using sending data via the UDP (line 6).
    • Also, notice that there is no connect() method beforehand, since we do not need to connect to a server beforehand using UDP. This is because UDP is a connectionaless protocol.
    • The last step is to call the recvfrom() method to receive UDP data back. This returns both the data and the details of the remote host and port (line 9).

    tcp_server.py

    The tcp_server.py is just that, a multi-threaded python TCP server that we can use in the event we want to write a command shell or craft a proxy.

    • Firstly, we pass in the IP address and port we want the server to listen on (line 9).
    • Next, we tell the server to simply start listening with a max backlog of connections set to 5 (line 10). Now ther server waits for a connection.
    • Once the clinet connects, we get the client socket in the client variable and the remote connection details in teh address variable.
    • We tehn start the thread to handle the client connection (line 17).
    • The handle_client function performs rec() and then sens a simple message back to the client.
    • Owner
    Nathan Galindo
    Hi, my name is Nathan Galindo and I am a cybersecurity student at Baylor University!
    Nathan Galindo
    GitHub Repository
    Backdoor is a term that refers to the access of the software or hardware of a computer system without being detected.

    This program is an non-object oriented opensource, hidden and undetectable backdoor/reverse shell/RAT for Windows made in Python 3 which contains many features such as multi-client support and cross-

    35 Apr 17, 2022
    This is an injection tool that can inject any xposed modules apk into the debug android app

    This is an injection tool that can inject any xposed modules apk into the debug android app, the native code in the xposed module can also be injected.

    Windy 32 Nov 05, 2022
    A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

    TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

    Krypt0mux 162 Nov 25, 2022
    Metal Gear Online 2 (MGO2) stage files decryption

    Metal Gear Online 2 decryption tool Metal Gear Online 2 (MGO2) has an additional layer of encryption for stage files. I was not able to find info abou

    4 Sep 02, 2022
    Privacy-respecting metasearch engine

    Privacy-respecting, hackable metasearch engine / pronunciation səːks. If you are looking for running instances, ready to use, then visit searx.space.

    Searx engine 12.4k Jan 08, 2023
    Guess the password for Tik Tok accounts

    Guess the password for Tik Tok accounts Tool features : You don't need proxies There is no captcha Running on a private api Combo T

    32 Dec 25, 2022
    Early days of an Asset Discovery tool.

    Please star this project! Written in Python Report Bug . Request Feature DISCLAIMER This project is in its early days, everything you see here is almo

    grag1337 3 Dec 20, 2022
    OpenSource Poc && Vulnerable-Target Storage Box.

    reapoc OpenSource Poc && Vulnerable-Target Storage Box. We are aming to collect different normalized poc and the vulerable target to verify it. Now re

    cckuailong 560 Dec 23, 2022
    A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)

    wifi-bf [LINUX ONLY] A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021) This script is purely for educa

    Finn Lancaster 20 Nov 12, 2022
    OpenPort scanner GUI tool (CNMAP)

    CNMAP-GUI- OpenPort scanner GUI tool (CNMAP) as you know it is the advanced tool to find open port, firewalls and we also added here heartbleed scanni

    9 Mar 05, 2022
    Agile Threat Modeling Toolkit

    Threagile is an open-source toolkit for agile threat modeling:

    Threagile 425 Jan 07, 2023
    Tool ini berfungsi untuk membuat virus secara instan

    vbug (ID) Tool ini berfungsi untuk membuat virus secara instan. Dengan begitu pengguna vbug maker dapat menggunakannya dengan mudah dan cepat. Di dala

    OneTXz 3 Jun 05, 2022
    Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software in packages called containers However, 'security' is a top request on Docker's public roadmap This project aims at vulnerability check for such docker containers. New contributions are accepted

    Docker-Vulnerability-Check Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software i

    Team Spark 103 Aug 20, 2022
    A tool combined with the advantages of masscan and nmap

    A tool combined with the advantages of masscan and nmap

    59 Dec 24, 2022
    Python library to remotely extract credentials on a set of hosts.

    Python library to remotely extract credentials on a set of hosts.

    Pixis 1.5k Dec 31, 2022
    Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022

    TSAR Source code for NAACL 2022 paper: A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction. 🔥 Introduction We focus on extra

    21 Sep 24, 2022
    SSL / TLS Checking Tool written in Python3

    ssts-chk SSL / TLS Checking Tool written in Python3. This tool will perform the following functions: Connect the target given Analyze the secure conne

    Douglas Berdeaux 2 Feb 12, 2022
    Reverse engineered Parler API

    Parler's unofficial API with all endpoints present in their iOS app as of 08/12/2020. For the most part undocumented, but the error responses are alre

    393 Nov 26, 2022
    Automatically fetch, measure, and merge subscription links on the network, use Github Action

    Free Node Merge Introduction Modified from alanbobs999/TopFreeProxies It measures the speed of free nodes on the network and import the stable and hig

    52 Jul 16, 2022
    Open Source Tool - Cybersecurity Graph Database in Neo4j

    GraphKer Open Source Tool - Cybersecurity Graph Database in Neo4j |G|r|a|p|h|K|e|r| { open source tool for a cybersecurity graph database in neo4j } W

    Adamantios - Marios Berzovitis 27 Dec 06, 2022