This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Related tags

Security related resourcesPYTHON-EXPLOITATION
Overview

PYTHON-EXPLOITATION

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Networking

tcp_clinet.py

The tcp_clinet.py script is used to push data to a server in the event that you are not able to use the typical networking tools. In the script we:

  • Create a socket object (line 8): the AF_INET parameter indicates we will use a standard IPv4 address or hostname, and SOCK_STREAM indicates that this will be a TCP client.
  • Connect to the client server (line 11): note that, since we are using a TCP client, we must first connect to our server (via the TCP handshake) to send data to it.
  • Send the server some data in bytes (line 14)
  • Recieve data back from the server and print out the response (line 17)

    Note that this script makes numerous assumptions about the server we are engaging with:

  • It assumes that our connection will always succeed as it does not have a fallback function in the event that the server rejects our connection.
  • It assumes that the server expects us to send data first. Sometimes, the server will want to send us data first - this is especially true if the server is being guarded by a firewall of some kind.
  • The script assumes that the server will always return data to us in a timely fashion.

    The assumptions are made for simplicity's sake. All things considered, sometimes less is more.

    udp_client.py

    Our udp_client.py script is much different from our tcp script, only that it it configured to send data via the user datagram protocol (but that much was obvious):

    • We change the socket type to SOCK_DGRAM to indicate that we will be using sending data via the UDP (line 6).
    • Also, notice that there is no connect() method beforehand, since we do not need to connect to a server beforehand using UDP. This is because UDP is a connectionaless protocol.
    • The last step is to call the recvfrom() method to receive UDP data back. This returns both the data and the details of the remote host and port (line 9).

    tcp_server.py

    The tcp_server.py is just that, a multi-threaded python TCP server that we can use in the event we want to write a command shell or craft a proxy.

    • Firstly, we pass in the IP address and port we want the server to listen on (line 9).
    • Next, we tell the server to simply start listening with a max backlog of connections set to 5 (line 10). Now ther server waits for a connection.
    • Once the clinet connects, we get the client socket in the client variable and the remote connection details in teh address variable.
    • We tehn start the thread to handle the client connection (line 17).
    • The handle_client function performs rec() and then sens a simple message back to the client.
    • Owner
    Nathan Galindo
    Hi, my name is Nathan Galindo and I am a cybersecurity student at Baylor University!
    Nathan Galindo
    GitHub Repository
    Generate MIPS reverse shell shellcodes easily !

    MIPS-Reverse MIPS-Reverse is a tool that can generate shellcodes for the MIPS architecture that launches a reverse shell where you can specify the IP

    29 Jul 27, 2021
    Dependency injection in python with autoconfiguration

    The base is a DynamicContainer to autoconfigure services using the decorators @services for regular services and @command_handler for using command pattern.

    Sergio Gómez 2 Jan 17, 2022
    PyPasser is a Python library for bypassing reCaptchaV3 only by sending 2 requests.

    PyPasser is a Python library for bypassing reCaptchaV3 only by sending 2 requests. In 1st request, gets token of captcha and in 2nd request,

    253 Jan 05, 2023
    Reusable Lightweight Pythonic Dependency Injection Library

    Vacuna Inject everything! Vacuna is a little library to provide dependency management for your python code. Install pip install vacuna Usage import va

    Fernando Martínez González 16 Sep 15, 2021
    Mad Spammer is a python webhook spammer which is very easy and safe to use.

    Mad Spammer 👿 Pre-Setup: Open your terminal/console and type: pip install module colorama python MadSpammer.py Setup: After doing that, you should be

    1 Nov 26, 2021
    A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.

    PyArmor Homepage (中文版网站) Documentation(中文版) PyArmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine

    Dashingsoft 1.9k Dec 30, 2022
    Auto Tor Ip Changer

    AutoTor Auto Tor Ip Changer for Linux! git clone https://github.com/Arest7/AutoTor cd AutoTor pip install -r requirements.txt python3 AutoTor.py follo

    Ken Ryuguji 3 Jan 23, 2022
    A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

    log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description This demo Tomcat 8 server has a vulnerable app deployed on it and is also vulne

    60 Dec 10, 2022
    NS-LOOKUP - A python script for scanning website for getting ip address of a website

    NS-LOOKUP A python script for scanning website for getting ip address of a websi

    Spider Anongreyhat 5 Aug 02, 2022
    Simulating Log4j Remote Code Execution (RCE) vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution by executing remote exploit code.

    py4jshell Simulating Log4j Remote Code Execution (RCE) CVE-2021-44228 vulnerability in a flask web server using python's logging library with custom f

    Narasimha Prasanna HN 86 Aug 21, 2022
    SonicWALL SSL-VPN Web Server Vulnerable Exploit

    SonicWALL SSL-VPN Web Server Vulnerable Exploit

    44 Nov 15, 2022
    proof-of-concept running docker container from omero web

    docker-from-omero-poc proof-of-concept running docker container from omero web How-to Edit test_script.py so that the BaseClient is created pointing t

    Erick Martins Ratamero 2 Jan 22, 2022
    Simple script for looping a Denial Of Service (DoS) attack over one single mac address in range

    Bluetooth Simple Denial Of Service (DoS) Legal Note This project is made only for educational purposes and for helping in Proofs of Concept. The autho

    1 Jan 09, 2022
    Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

    pybuster v1.1 pybuster is a tool that is used to brute-force URLs of web servers. Features Directory busting (URI) URL replace patterns (put PYBUSTER

    Glaukio 1 Jan 05, 2022
    ✨ Powerfull & Universal Link Bypasser ✨

    ✨ Powerfull & Universal Link Bypasser ✨

    Vodkarm06 4 Jun 03, 2022
    QHack-2022 - Solutions to the Coding Challenges of QHack 2022

    QHack 2022 Problems from Coding Challenges 2022. Rules and how it works To test

    Isacco Gobbi 1 Feb 14, 2022
    Rapidly enumerate subdomains and domains using rapiddns.io.

    Description Simple python module (unofficial) allowing you to access data from rapiddns.io. You can also use it as a module. As mentioned on the rapid

    27 Dec 31, 2022
    This is a keylogger in python for Windows, Mac and Linux!

    Python-Keylogger This is a keylogger in python for Windows, Mac and Linux! #How to use it by downloading the zip file? Download the zip file first The

    Zeus_Dxvxm 2 Nov 12, 2021
    EMBArk - The firmware security scanning environment

    Embark is being developed to provide the firmware security analyzer emba as a containerized service and to ease accessibility to emba regardless of system and operating system.

    emba 175 Dec 14, 2022
    Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

    DOME - A subdomain enumeration tool Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtai

    Vadi 329 Jan 01, 2023