This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Related tags

Security related resourcesPYTHON-EXPLOITATION
Overview

PYTHON-EXPLOITATION

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Networking

tcp_clinet.py

The tcp_clinet.py script is used to push data to a server in the event that you are not able to use the typical networking tools. In the script we:

  • Create a socket object (line 8): the AF_INET parameter indicates we will use a standard IPv4 address or hostname, and SOCK_STREAM indicates that this will be a TCP client.
  • Connect to the client server (line 11): note that, since we are using a TCP client, we must first connect to our server (via the TCP handshake) to send data to it.
  • Send the server some data in bytes (line 14)
  • Recieve data back from the server and print out the response (line 17)

    Note that this script makes numerous assumptions about the server we are engaging with:

  • It assumes that our connection will always succeed as it does not have a fallback function in the event that the server rejects our connection.
  • It assumes that the server expects us to send data first. Sometimes, the server will want to send us data first - this is especially true if the server is being guarded by a firewall of some kind.
  • The script assumes that the server will always return data to us in a timely fashion.

    The assumptions are made for simplicity's sake. All things considered, sometimes less is more.

    udp_client.py

    Our udp_client.py script is much different from our tcp script, only that it it configured to send data via the user datagram protocol (but that much was obvious):

    • We change the socket type to SOCK_DGRAM to indicate that we will be using sending data via the UDP (line 6).
    • Also, notice that there is no connect() method beforehand, since we do not need to connect to a server beforehand using UDP. This is because UDP is a connectionaless protocol.
    • The last step is to call the recvfrom() method to receive UDP data back. This returns both the data and the details of the remote host and port (line 9).

    tcp_server.py

    The tcp_server.py is just that, a multi-threaded python TCP server that we can use in the event we want to write a command shell or craft a proxy.

    • Firstly, we pass in the IP address and port we want the server to listen on (line 9).
    • Next, we tell the server to simply start listening with a max backlog of connections set to 5 (line 10). Now ther server waits for a connection.
    • Once the clinet connects, we get the client socket in the client variable and the remote connection details in teh address variable.
    • We tehn start the thread to handle the client connection (line 17).
    • The handle_client function performs rec() and then sens a simple message back to the client.
    • Owner
    Nathan Galindo
    Hi, my name is Nathan Galindo and I am a cybersecurity student at Baylor University!
    Nathan Galindo
    GitHub Repository
    SPV SecurePasswordVerification

    SPV SecurePasswordVerification Its is python module for doing a secure password verification without sharing the password directly. Features The passw

    Merwin 1 Feb 12, 2022
    Ini membuat tema berbasis bendera Indonesia with Python + Linux.py

    tema Ubah Tema Termux Menjadi Linux Ubah Font Termux Jadi Linux dibuat oleh wahyudioputra INSTALL pkg update && pkg upgrade pkg install python pkg ins

    wahyudioputra 2 Nov 30, 2021
    Scan your logs for CVE-2021-44228 related activity and report the attackers

    jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report

    js-on 2 Nov 24, 2022
    CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

    CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection Usage usage: cve-2021-26084_confluence_rce.py [-h] --url URL [--cmd CMD] [--shell] CVE-2021-2

    r0cky 92 Jul 20, 2022
    Sentinel-1 SAR time series analysis for OSINT use

    SARveillance Sentinel-1 SAR time series analysis for OSINT use. Description Generates a time lapse GIF of the Sentinel-1 satellite images for the loca

    21 Dec 09, 2022
    pybotnet - A Python Library for building Botnet , Trojan or BackDoor for windows and linux with Telegram control panel

    pybotnet A Python Library for building botnet , trojan or backdoor for windows and linux with Telegram control panel Disclaimer: Please note that this

    </oNion 181 Jan 02, 2023
    Official repository for Pyew.

    pyew Pyew is a (command line) python tool to analyse malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE

    Joxean 362 Nov 28, 2022
    Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VSS-AGENT service running on host)

    VSSTrigger Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VS

    Filip Dragovic 6 Jul 24, 2022
    BurpSuite Extension: Log4j2 RCE Scanner

    Log4j2 RCE Scanner 作者:[email protected]元亨实验室 声明:由于传播、利用本项目所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,项目作者不为此承担任何责

    ᴋᴇʏ 87 Dec 29, 2021
    python driver for fingerprint machine (ZKTeco biometrics)

    fpmachine python driver for fingerprint machine (ZKTeco biometrics) support until now 2 model supported and tested ZMM100_TFT and ZMM220_TFT install p

    Samy Sultan 4 Oct 06, 2022
    A burp-suite plugin that extract all parameter names from in-scope requests

    ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe

    29 Nov 09, 2022
    Springboot directory scanning

    Springboot directory scanning

    WINEZERO 87 Dec 28, 2022
    A Python script that can be used to check if a SAP system is affected by CVE-2022-22536

    Vulnerability assessment for CVE-2022-22536 This repository contains a Python script that can be used to check if a SAP system is affected by CVE-2022

    Onapsis Inc. 42 Dec 01, 2022
    A simple subdomain scanner in python

    Subdomain-Scanner A simple subdomain scanner in python ✨ Features scans subdomains of a domain thats it! 💁‍♀️ How to use first download the scanner.p

    Portgas D Ace 2 Jan 07, 2022
    A simple way to store your passwords without requiring third party applications

    SimplePasswordManager A simple way to store your passwords without requiring third party applications Simple To Use. Store Your Passwords For Each Web

    Leone Odinga 1 Dec 23, 2021
    TLaunch: Launch Programs on Multiple Hosts

    TLaunch: Launch Programs on Multiple Hosts Introduction Deepmind launchpad is a library that helps writing distributed program in a simple way. But cu

    Tsinghua AI Research Team for Reinforcement Learning 11 Nov 11, 2022
    Fast and easy way to rollout on multiple GitLab project file a particular content.

    Volatile Fast and easy way to rollout on multiple GitLab project file a particular content. Why ? After looking for a tool to simply enforce a develop

    Lujeni 4 Jan 17, 2022
    dos-atack-tor script de python que permite usar conexiones cebollas para atacar paginas .onion o paginas convencionales via tor.

    script de python que permite usar conexiones cebollas para atacar paginas .onion o paginas convencionales via tor. tiene capacidad de ajustar la cantidad de informacion a enviar, el numero de hilos a

    Desmon 2 Jun 01, 2022
    Open-source keylogger write in python

    Python open-source keylogger Language Python open-source keylogger using pynput module Using Install dependences in archive setup.py or install.sh in

    Dio brando 4 Jan 15, 2022
    MTBLLS Ethical Hacking Tool Announcement of v2.0

    MTBLLS Ethical Hacking Tool Announcement of v2.0 MTBLLS is a Free and Open-Source Ethical Hacking Tool developed by GhostTD (SkyWtkh) The tool can onl

    Ghost 2 Mar 19, 2022