Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks.

Related tags

Security related resourcesreverse-engineeringwindows-kernelidaida-pluginidapythonwindows-driverdriver-exploitation
Overview

Driver Buddy Reloaded Quickstart

Table of Contents

  1. Installation
  2. Usage
  3. About Driver Buddy Reloaded
    1. Finding DispatchDeviceControl
    2. Labelling WDM & WDF Structures
    3. Finding & Decoding IOCTL Codes
    4. Flagging Functions
    5. Finding DeviceName
    6. Dumping Pooltags
  4. Known Caveats & Limitations
  5. Credits & Acknowledgements

Installation

Copy DriverBuddyReloaded folder and DriverBuddyReloaded.py file into the IDA plugins folder ( e.g. C:\Program Files (x86)\IDA 7\plugins\) or wherever you have installed IDA.

Usage

To use the auto-analysis feature:

  1. Start IDA and load a Windows kernel driver.
  2. Go to Edit -> Plugins -> Driver Buddy Reloaded or press CTRL+ALT+A to start the auto-analysis.
  3. Check the "Output" window for the analysis results.

To decode an IOCTLs:

  1. Place the mouse cursor on the line containing a suspected IOCTL code.
  2. Right-click and select Driver Buddy Reloaded -> Decode IOCTL; alternatively press CTRL+ALT+D.

About Driver Buddy Reloaded

Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks. It has a number of handy features, such as:

  • Identifying the type of the driver
  • Locating DispatchDeviceControl / DispatchInternalDeviceControl functions
  • Populating common structures for WDF and WDM drivers
    • Attempts to identify and label structures like the IRP and IO_STACK_LOCATION
    • Label calls to WDF functions that would normally be unlabeled
  • Finding and decoding IOCTL codes
  • Flagging functions prone to misuse
  • Finding potential DeviceName
  • Dumping Pooltags

Finding DispatchDeviceControl

The tool can automatically locate and identify the DispatchDeviceControl routine. This function is used to route all incoming DeviceIoControl codes to the specific driver function associated with that code. Automatically identifying this function makes finding the valid DeviceIoControl codes for each driver much quicker. Additionally, when investigating possible vulnerabilities in a driver due to a crash, knowing the location of this function helps narrow the focus to the specific function call associated with the crashing DeviceIoControl code.

When the analysis is successful some subs will be renamed as follow:

  • DriverEntry: the original first driver-supplied routine that is called after a driver is loaded. It is responsible for initializing the driver.
  • Real_Driver_Entry: usually the function where the execution from DriverEntry has been transferred to. It is usually where the DeviceName is initialized.
  • DispatchDeviceControl/DispatchInternalDeviceControl: if the tool was able to recover the functions at some specific offsets, the functions will then be renamed with the appropriate name.
  • Possible_DispatchDeviceControl_#: if the tool was not able to recover DispatchDeviceControl or DispatchInternalDeviceControl, it employs an experimental searching, following the execution flow, and checking for cases where the function is loading known IO_STACK_LOCATION & IRP addresses; indicating that the function could be the DispatchDeviceControl. As it is based on heuristic, it could return more than one result, and it is prone to false positives.

Labelling WDM and WDF Structures

Several driver structures are shared among all WDM/WDF drivers. The tool is able to automatically identify these structures, such as the IO_STACK_LOCATION, IRP, and DeviceObject structures and can help save time during the reverse engineering process and provide context to areas of the driver where these functions are in use.

Finding and Decoding IOCTL Codes

While reversing drivers, it is common to come across IOCTL codes as part of the analysis. These codes, when decoded, reveal useful information and may draw focus to specific parts of the driver where vulnerabilities are more likely to exist.

By right-clicking on a potential IOCTL code, a context menu option is presented (alternatively using the Ctrl+Alt+D shortcut when the cursor is on the line containing a suspected IOCTL code) and can be used to decode the value. This will print out a table with all decoded IOCTL codes. By right-clicking on a decoded IOCTL code, in the disassembly view, it's possible to mark it as invalid; this will leave any non-IOCTL comment intact.

If you right-click on the first instruction of the function you believe to be the IOCTL dispatcher ( DispatchDeviceControl/DispatchInternalDeviceControl/Possible_DispatchDeviceControl_#) under the Driver Buddy Reloaded menu, a β€œDecode All” option appears, this attempt to decode all the IOCTL codes it can find in the function. This is a bit hacky but most of the time it can speed things up.

Flagging Functions

Driver Buddy Reloaded has a list of C/C++ functions and opcodes as well as Windows API that are commonly vulnerable or that can facilitate buffer overflow conditions. All found instances are reported back during the auto-analysis and can help while looking for possible user-controlled code paths reaching sensitive functions.

Finding DeviceName

The tool automatically attempts to find the drivers registered device paths (DeviceName), if no paths can be found by looking at Unicode strings inside the binary, then the analyst can manually try to use Madiant’s FLOSS in an attempt to find obfuscated paths.

Dumping Pooltags

During the auto-analysis, the tool also dumps the Pooltags used by the binary in a format that works with pooltags.txt. The output can then be copy-pasted at the end of the file and later picked up by WinDbg.

Known Caveats and Limitations

  • Experimental DispatchDeviceControl searching works only for x64 drivers
  • Shortcuts are incompatible with F-Secure's win_driver_plugin

Credits and Acknowledgements

  • Created in 2021 by Paolo Stagno aka @Void_Sec:
    • Made it compatible with Python 3.x
    • Made it compatible with IDA 7.x
    • Updated C/C++ function and Windows APIs list
    • Various bug fixing
    • Various improvements
    • Integrated part of the functionalities presents in F-Secure's win_driver_plugin
  • DriverBuddy was originally written by Braden Hollembaek and Adam Pond of NCC Group.
  • Using Satoshi Tanda's IOCTL decoder.
  • The WDF functions struct is based on Red Plait's work and was ported to IDA Python by Nicolas Guigo, later updated by Braden Hollembaek and Adam Pond.
  • Using Sam Brown's F-Secure win_driver_plugin to retrieve device name and pool tags, specifically Alexander Pick fork.
  • The original code for adding items to the right-click menu (and possibly some other random snippets) came from 'herrcore'.
Comments
  • [BUG] IOCTLs with less than 10 decimal digits aren't found

    [BUG] IOCTLs with less than 10 decimal digits aren't found

    Describe the bug Any IOCTL with a code that has less than 10 decimal digits (e.g. 0x222003) won't be found by the current code.

    Expected behavior All IOCTLs should be found

    Desktop (please complete the following information):

    • OS and version: Windows 10 21H2 (19044.1586)
    • IDA version: IDA 7.7 SP1
    • DriverBuddyReloaded Version: latest (1.3)
    • Python Version: 3.9.5
    bug help wanted 
    opened by eranzim 7
  • [BUG] module 'idaapi' has no attribute 'compiled_binpat_vec_t'

    [BUG] module 'idaapi' has no attribute 'compiled_binpat_vec_t' 

    Traceback (most recent call last):
  File "C:/Program Files/IDA 7.0/plugins/DriverBuddyReloaded.py", line 465, in run
    driver_type = utils.get_driver_id(driver_entry_addr, log_file)
  File "C:/Program Files/IDA 7.0/plugins\DriverBuddyReloaded\utils.py", line 209, in get_driver_id
    populate_wdf()
  File "C:/Program Files/IDA 7.0/plugins\DriverBuddyReloaded\wdf.py", line 102, in populate_wdf
    binpat = idaapi.compiled_binpat_vec_t()
AttributeError: module 'idaapi' has no attribute 'compiled_binpat_vec_t'

    Version 7.5.201028 Windows x64 (64-bit address size)

    7.6 minimum required?

    bug 
    opened by neobenedict 6
  • [BUG] WDF Structures

    [BUG] WDF Structures

    In commit https://github.com/VoidSec/DriverBuddyReloaded/commit/43eba17ae4eaa9fca8fbaab42a8e3c273676bdf0 I've finished updating IDA's APIs and fixing breaking code changes.

    Unfortunately, despite the script is not breaking anymore, it seems that it still fails this condition at: https://github.com/VoidSec/DriverBuddyReloaded/blob/43eba17ae4eaa9fca8fbaab42a8e3c273676bdf0/DriverBuddyReloaded/wdf.py#L770

    for a reason that, at the moment, is unknown. The logic behind https://github.com/VoidSec/DriverBuddyReloaded/blob/main/DriverBuddyReloaded/wdf.py is pretty "hacky" and somewhat "obscure". In addition to that, I'm not sure that the logic detecting the WDF version at https://github.com/VoidSec/DriverBuddyReloaded/blob/43eba17ae4eaa9fca8fbaab42a8e3c273676bdf0/DriverBuddyReloaded/wdf.py#L759 makes complete sense.

    We should also update the WDF structures in order to include updated ones and keep them updated as I'm pretty sure the latest WDF version is >= 1.13.

    bug help wanted 
    opened by VoidSec 4
  • [BUG] `parse_binpat_str` expected at least 4 arguments

    [BUG] `parse_binpat_str` expected at least 4 arguments

    Describe the bug When I try to decode cdrom.sys, it will occur python warning.

    To Reproduce Steps to reproduce the behavior:

    1. use ida to reverse cdrom.sys
    2. Ctrl+Alt+A
    Traceback (most recent call last):
  File "C:/Users/raven/Desktop/ida77sp1/x64_idapronw_hexarm64w_hexarmw_hexmipsw_hexppc64w_hexppcw_hexx64w_hexx86w_220118/plugins/DriverBuddyReloaded.py", line 466, in run
    driver_type = utils.get_driver_id(driver_entry_addr, log_file)
  File "C:/Users/raven/Desktop/ida77sp1/x64_idapronw_hexarm64w_hexarmw_hexmipsw_hexppc64w_hexppcw_hexx64w_hexx86w_220118/plugins\DriverBuddyReloaded\utils.py", line 205, in get_driver_id
    populate_wdf()
  File "C:/Users/raven/Desktop/ida77sp1/x64_idapronw_hexarm64w_hexarmw_hexmipsw_hexppc64w_hexppcw_hexx64w_hexx86w_220118/plugins\DriverBuddyReloaded\wdf.py", line 753, in populate_wdf
    idx = ida_bytes.bin_search(ea, idaapi.BADADDR, ida_bytes.parse_binpat_str("KmdfLibrary"),
  File "C:\Users\raven\Desktop\ida77sp1\x64_idapronw_hexarm64w_hexarmw_hexmipsw_hexppc64w_hexppcw_hexx64w_hexx86w_220118\python\3\ida_bytes.py", line 3903, in parse_binpat_str
    return _ida_bytes.parse_binpat_str(*args)
TypeError: parse_binpat_str expected at least 4 arguments, got 1

    Expected behavior

    Screenshots If applicable, add screenshots to help explain your problem.

    Desktop (please complete the following information):

    • OS and version: Windows 11
    • IDA version IDA 7.7
    • DriverBuddyReloaded Version: HEad
    • Python Version 3.9

    Additional context Add any other context about the problem here.

    bug 
    opened by loveraven42 3
  • DriverBuddy entry does not shown in plugins menu

    DriverBuddy entry does not shown in plugins menu

    I use IDA Pro 7.6 and Python 3.10, after copying the folder and py script, it should be appeared in Edit->Plugins, but I cannot see the plugin listed?, exact for which IDA and Python versions, will this work?

    bug 
    opened by prksastry 2
  • [BUG] find opcode

    [BUG] find opcode

    find opcode sometimes print out opcodes not related with the searching

    [>] Searching for interesting opcodes...
	- Found mov     al, [rdi+rcx] in sub_231C4 at 0x0002327d
    bug 
    opened by VoidSec 1
  • feat: add addresses where finding IOCTLs

    feat: add addresses where finding IOCTLs

    It will become more convinient to have addresses where we find IOCTLs.

    Get

    [>] Searching for IOCTLs found by IDA...
0x14000b6e8        : 0x2D1400   | FILE_DEVICE_MASS_STORAGE        0x2D       | 0x500      | METHOD_BUFFERED   0    | FILE_ANY_ACCESS (0)

    instead of

    [>] Searching for IOCTLs found by IDA...
0x2D1400   | FILE_DEVICE_MASS_STORAGE        0x2D       | 0x500      | METHOD_BUFFERED   0    | FILE_ANY_ACCESS (0)
    opened by zeze-zeze 0
  • [BUG] TypeError: %d format: a number is required, not struc_t

    [BUG] TypeError: %d format: a number is required, not struc_t 

    Failed while executing plugin_t.run():
Traceback (most recent call last):
  File "D:/IDA/plugins/DriverBuddyReloaded.py", line 466, in run
    driver_type = utils.get_driver_id(driver_entry_addr, log_file)
  File "D:\IDA/plugins\DriverBuddyReloaded\utils.py", line 209, in get_driver_id
    populate_wdf()
  File "D:\IDA/plugins\DriverBuddyReloaded\wdf.py", line 759, in populate_wdf
    id = add_struct(version)
  File "D:\IDA/plugins\DriverBuddyReloaded\wdf.py", line 50, in add_struct
    idc.add_struc_member(struc, "pfnWdfChildListCreate", idc.BADADDR, idc.FF_DATA | FF_PTR, None, ptr_size)
  File "D:\IDA\python\3\idc.py", line 3919, in add_struc_member
    return eval_idc('add_struc_member(%d, "%s", %d, %d, %d, %d);' % (sid, ida_kernwin.str2user(name or ""), offset, flag, typeid, nbytes))
TypeError: %d format: a number is required, not struc_t
    bug help wanted 
    opened by VoidSec 0
  • [BUG] TypeError: in method 'get_struc', argument 1 of type 'ea_t'

    [BUG] TypeError: in method 'get_struc', argument 1 of type 'ea_t'

    Testing cdrom.sys

    Failed while executing plugin_t.run():
Traceback (most recent call last):
  File "D:/IDA/plugins/DriverBuddyReloaded.py", line 466, in run
    driver_type = utils.get_driver_id(driver_entry_addr, log_file)
  File "D:\IDA/plugins\DriverBuddyReloaded\utils.py", line 208, in get_driver_id
    populate_wdf()
  File "D:\IDA/plugins\DriverBuddyReloaded\wdf.py", line 759, in populate_wdf
    id = add_struct(version)
  File "D:\IDA/plugins\DriverBuddyReloaded\wdf.py", line 45, in add_struct
    idc.del_struc(idaapi.get_struc(id))
  File "D:\IDA\python\3\idc.py", line 3855, in del_struc
    s = ida_struct.get_struc(sid)
  File "D:\IDA\python\3\ida_struct.py", line 532, in get_struc
    return _ida_struct.get_struc(*args)
TypeError: in method 'get_struc', argument 1 of type 'ea_t'
    bug 
    opened by VoidSec 0
  • Fix use of non working function

    Fix use of non working function

    Fixed using ida_bytes.bin_search with parse_binpat_str.

    I tried to find out how to use the ida_bytes.bin_search function and parse_binpat_str and the only thing I could find was this, as soon as I found out how use it I sent this pr

    opened by harelon 0
  • Adding deprecated functions

    Adding deprecated functions

    Added deprecated/banned/dangerous functions to the list, based on existing entries and on: https://github.com/x509cert/banned/blob/master/banned.h https://github.com/tpn/winsdk-10/blob/master/Include/10.0.16299.0/shared/dontuse.h

    enhancement 
    opened by eranzim 0
  • [FEATURE] enumeration of MajorCodes

    [FEATURE] enumeration of MajorCodes

    It will be useful add the enumeration of MajorCodes

    enum Major_Codes { IRP_MJ_CREATE = 0x0, IRP_MJ_CREATE_NAMED_PIPE = 0x1, IRP_MJ_CLOSE = 0x2, IRP_MJ_READ = 0x3, IRP_MJ_WRITE = 0x4, IRP_MJ_QUERY_INFORMATION = 0x5, IRP_MJ_SET_INFORMATION = 0x6, IRP_MJ_QUERY_EA = 0x7, IRP_MJ_SET_EA = 0x8, IRP_MJ_FLUSH_BUFFERS = 0x9, IRP_MJ_QUERY_VOLUME_INFORMATION = 0xA, IRP_MJ_SET_VOLUME_INFORMATION = 0xB, IRP_MJ_DIRECTORY_CONTROL = 0xC, IRP_MJ_FILE_SYSTEM_CONTROL = 0xD, IRP_MJ_DEVICE_CONTROL = 0xE, IRP_MJ_INTERNAL_DEVICE_CONTROL = 0xF, IRP_MJ_SHUTDOWN = 0x10, IRP_MJ_LOCK_CONTROL = 0x11, IRP_MJ_CLEANUP = 0x12, IRP_MJ_CREATE_MAILSLOT = 0x13, IRP_MJ_QUERY_SECURITY = 0x14, IRP_MJ_SET_SECURITY = 0x15, IRP_MJ_QUERY_POWER = 0x16, IRP_MJ_SET_POWER = 0x17, IRP_MJ_DEVICE_CHANGE = 0x18, IRP_MJ_QUERY_QUOTA = 0x19, IRP_MJ_SET_QUOTA = 0x1A, IRP_MJ_PNP_POWER = 0x1B, IRP_MJ_MAXIMUM_FUNCTION = 0x1C, };

    If this enumeration exists in localtypes and is syncronized, you can press M in the code numbers and add the MJ function name.

    This can be converted to

    NTSTATUS __stdcall DriverEntry(_DRIVER_OBJECT *DriverObject, PUNICODE_STRING RegistryPath) { int v3; // ebx _QWORD *v4; // rcx __int64 v5; // rax struct _UNICODE_STRING DestinationString; // [rsp+40h] [rbp-28h] BYREF struct _UNICODE_STRING SymbolicLinkName; // [rsp+50h] [rbp-18h] BYREF PDEVICE_OBJECT DeviceObject; // [rsp+70h] [rbp+8h] BYREF

    DriverObject->MajorFunction[0] = (PDRIVER_DISPATCH)&Possible_DispatchDeviceControl_0; DriverObject->MajorFunction[2] = (PDRIVER_DISPATCH)&Possible_DispatchDeviceControl_0; DriverObject->MajorFunction[14] = (PDRIVER_DISPATCH)&Possible_DispatchDeviceControl_0; DriverObject->DriverStartIo = 0i64; DriverObject->DriverUnload = (PDRIVER_UNLOAD)sub_11520;

    to

    NTSTATUS __stdcall DriverEntry(_DRIVER_OBJECT *DriverObject, PUNICODE_STRING RegistryPath) { int v3; // ebx _QWORD *v4; // rcx __int64 v5; // rax struct _UNICODE_STRING DestinationString; // [rsp+40h] [rbp-28h] BYREF struct _UNICODE_STRING SymbolicLinkName; // [rsp+50h] [rbp-18h] BYREF PDEVICE_OBJECT DeviceObject; // [rsp+70h] [rbp+8h] BYREF

    DriverObject->MajorFunction[IRP_MJ_CREATE] = (PDRIVER_DISPATCH)&Possible_DispatchDeviceControl_0; DriverObject->MajorFunction[IRP_MJ_CLOSE] = (PDRIVER_DISPATCH)&Possible_DispatchDeviceControl_0; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = (PDRIVER_DISPATCH)&Possible_DispatchDeviceControl_0; DriverObject->DriverStartIo = 0i64;

    Thanks for a good tool

    enhancement help wanted 
    opened by ricnar456 1
  • [FEATURE] Print the address where IOCTLs have been found

    [FEATURE] Print the address where IOCTLs have been found

    At the moment the table being printed does not contain the function/address where the specific "dumb" IOCTL values have been found. Adding it to the output will improve the navigability and augment the information value

    enhancement help wanted 
    opened by VoidSec 0
  • [FEATURE] Some pooltags aren't recognized

    [FEATURE] Some pooltags aren't recognized

    Describe the bug Pooltags which aren't immediate values in the correct place, but possibly propagated via a register, aren't found. Example code snippet:

    ...
mov     ebp, 'ABCD'
mov     rdx, rax        ; NumberOfBytes
mov     r8d, ebp        ; Tag
call    cs:ExAllocatePoolWithTag

    Expected behavior All Pooltags should be found

    Desktop (please complete the following information):

    • OS and version: Windows 10 21H2 (19044.1586)
    • IDA version: IDA 7.7 SP1
    • DriverBuddyReloaded Version: latest (1.3)
    • Python Version: 3.9.5
    enhancement help wanted 
    opened by eranzim 3
Releases(1.6)
Owner
Paolo 'VoidSec' Stagno
Offensive Security Researcher & Exploit Developer
Paolo 'VoidSec' Stagno
GitHub Repository https://voidsec.com/driver-buddy-reloaded
the swiss army knife in the hash field. fast, reliable and easy to use

hexxus Hexxus is a fast hash cracking tool which checks more than 30 thousand passwords in under 4 seconds and can crack the following types bcrypt sh

enigma146 17 Apr 05, 2022
Separate handling of protected media in Django, with X-Sendfile support

Django Protected Media Django Protected Media is a Django app that manages media that are considered sensitive in a protected fashion. Not only does t

Cobus Carstens 46 Nov 12, 2022
Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

lfama 8 Feb 27, 2022
Script Crack Facebook Elite πŸšΆβ€β™‚

elite Script Crack Facebook Elite πŸšΆβ€β™‚ Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install git $ pkg install python $ pip

Yumasaa 1 Jan 02, 2022
Writing and posting code throughout my new journey into python!

bootleg-productions consider this account to be a journal for me to record my progress throughout my python journey feel free to copy codes from this

1 Dec 30, 2021
Yet another web fuzzer

yafuzz Yet another web fuzzer Usage This script can run in two modes of operation. Supplying a wordlist -W argument will initiate a multithreaded fuzz

FooBallZ 5 Feb 02, 2022
com_media allowed paths that are not intended for image uploads to RCE

CVE-2021-23132 com_media allowed paths that are not intended for image uploads to RCE. CVE-2020-24597 Directory traversal in com_media to RCE Two CVEs

KIEN HOANG 67 Nov 09, 2022
The First Python Compatible Camera Hacking Tool

ZCam Hack webcam using python by sending malicious link. FEATURES : [+] Real-time Camera hacking [+] Python compatible [+] URL Shortener using bitly [

Sanketh J 109 Dec 28, 2022
adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.

adb - An exploitation tool for android devices. A tool that allows you to search for vulnerable android devices across the world and exploit them. Fea

136 Jan 02, 2023
These are Simple python scripts to test/scan your network

Disclaimer This tool is for Educational purpose only. We do not promote or encourage any illegal activities. Summary These are Simple python scripts t

Varun Jagtap 5 Oct 08, 2022
Web3 Pancakeswap Sniper & honeypot detector Take Profit/StopLose bot written in python3, For ANDROID WIN MAC & LINUX

πŸ† Pancakeswap BSC Sniper Bot web3 with honeypot detector (ANDROID WINDOWS MAC LINUX) πŸ₯‡ ⭐️ ⭐️ ⭐️ First SNIPER BOT for ANDROID & WINDOWS with honeypot

Mayank 12 Jan 07, 2023
hackinsta: a program to hack instagram

hackinsta a program to hack instagram Yokoback_(instahack) is the file to open, you need libraries write on import. You run that file in the same fold

1 Dec 04, 2021
Phoenix Framework is an environment for writing, testing and using exploit code.

Phoenix Framework is an environment for writing, testing and using exploit code. πŸ–Ό Screenshots πŸŽͺ Community PwnWiki Forums πŸ”‘ Licen

42 Aug 09, 2022
Scan Site - Tools For Scanning Any Site and Get Site Information

Site Scanner Tools For Scanning Any Site and Get Site Information Example Require - pip install colorama - pip install requests How To Use Download Th

NumeX 5 Mar 19, 2022
Salesforce Recon and Exploitation Toolkit

Salesforce Recon and Exploitation Toolkit Salesforce Recon and Exploitation Toolkit Usage python3 main.py URL References Announcement Blog - https:/

81 Dec 23, 2022
A Python replicated exploit for Webmin 1.580 /file/show.cgi Remote Code Execution

CVE-2012-2982 John Hammond | September 4th, 2021 Checking searchsploit for Webmin 1.580 I only saw a Metasploit module for the /file/show.cgi Remote C

John Hammond 25 Dec 08, 2022
Python implementation for PrintNightmare using standard Impacket.

PrintNightmare Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket. Installtion $ pip3 install impacket

ollypwn 141 Dec 31, 2022
This repository consists of the python scripts for execution and automation of vivid tasks.

Scripting.py is a repository being maintained to keep log of the python scripts that I create for automating and executing some of my boring manual task.

Prakriti Regmi 1 Feb 07, 2022
DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

vijay sahu 12 Dec 17, 2022
A OSINT tool coded in python

Argus Welcome to Argus, a OSINT tool coded in python. Disclaimer I Am not responsible what you do with the information that is given to you by my tool

Aidan 2 Mar 20, 2022