This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Related tags

Security related resourcesPYTHON-EXPLOITATION
Overview

PYTHON-EXPLOITATION

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Networking

tcp_clinet.py

The tcp_clinet.py script is used to push data to a server in the event that you are not able to use the typical networking tools. In the script we:

  • Create a socket object (line 8): the AF_INET parameter indicates we will use a standard IPv4 address or hostname, and SOCK_STREAM indicates that this will be a TCP client.
  • Connect to the client server (line 11): note that, since we are using a TCP client, we must first connect to our server (via the TCP handshake) to send data to it.
  • Send the server some data in bytes (line 14)
  • Recieve data back from the server and print out the response (line 17)

    Note that this script makes numerous assumptions about the server we are engaging with:

  • It assumes that our connection will always succeed as it does not have a fallback function in the event that the server rejects our connection.
  • It assumes that the server expects us to send data first. Sometimes, the server will want to send us data first - this is especially true if the server is being guarded by a firewall of some kind.
  • The script assumes that the server will always return data to us in a timely fashion.

    The assumptions are made for simplicity's sake. All things considered, sometimes less is more.

    udp_client.py

    Our udp_client.py script is much different from our tcp script, only that it it configured to send data via the user datagram protocol (but that much was obvious):

    • We change the socket type to SOCK_DGRAM to indicate that we will be using sending data via the UDP (line 6).
    • Also, notice that there is no connect() method beforehand, since we do not need to connect to a server beforehand using UDP. This is because UDP is a connectionaless protocol.
    • The last step is to call the recvfrom() method to receive UDP data back. This returns both the data and the details of the remote host and port (line 9).

    tcp_server.py

    The tcp_server.py is just that, a multi-threaded python TCP server that we can use in the event we want to write a command shell or craft a proxy.

    • Firstly, we pass in the IP address and port we want the server to listen on (line 9).
    • Next, we tell the server to simply start listening with a max backlog of connections set to 5 (line 10). Now ther server waits for a connection.
    • Once the clinet connects, we get the client socket in the client variable and the remote connection details in teh address variable.
    • We tehn start the thread to handle the client connection (line 17).
    • The handle_client function performs rec() and then sens a simple message back to the client.
    • Owner
    Nathan Galindo
    Hi, my name is Nathan Galindo and I am a cybersecurity student at Baylor University!
    Nathan Galindo
    GitHub Repository
    A tool combined with the advantages of masscan and nmap

    A tool combined with the advantages of masscan and nmap

    59 Dec 24, 2022
    VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

    vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

    Ashish Kunwar 4 Sep 23, 2022
    Just another script for automatize boolean-based blind SQL injections.

    SQL Blind Injection Tool A script for automatize boolean-based blind SQL injections. Works with SQLite at least, supports using cookies. It uses bitwi

    RIM 51 Dec 15, 2022
    ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

    ProxyShell Install git clone https://github.com/ktecv2000/ProxyShell cd ProxyShell virtualenv -p $(which python3) venv source venv/bin/activate pip3 i

    Poming huang 312 Dec 09, 2022
    OLOP: One-Line & Obfuscated Python

    OLOP: One-Line & Obfuscated Python This repository contains useful python modules for one-line and obfuscated python. pip install olop-ShadowLugia650

    1 Jan 09, 2022
    Official repository for Pyew.

    pyew Pyew is a (command line) python tool to analyse malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE

    Joxean 362 Nov 28, 2022
    A small script to export all AWAF policies from a BIG-IP device

    This script leverages BIG-IP iControl REST API to export ALL AWAF policies in the system and saves them locally. The policies can be exported in the following formats: xml, plc and json.

    3 Feb 03, 2022
    Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)

    OMIGOD Proof on Concept Exploit for CVE-2021-38647 (OMIGOD) For background information and context, read the our blog post detailing this vulnerabilit

    Horizon 3 AI Inc 231 Nov 12, 2022
    Steal Files on a Windows Machine

    File-Stealer Steal Files on a Windows Machine About This Script will steal certain Files on a Windows Machine and sends them to a FTP Server. Preview

    Marcel 5 Nov 17, 2022
    NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat

    NoSecerets NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat How does it work? Instead of taking

    DosentTrust GithubDatabase 9 Jul 04, 2022
    This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks.

    This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks. The goal is to successfully use this notebook project below with Security Onion for beacon detection

    4 Jun 08, 2022
    Malware-analysis-writeups - Some of my Malware Analysis writeups

    About This repo contains some malware analysis writeups i've created over time m

    Itay Migdal 14 Jun 22, 2022
    A GitHub action for organizations that enables advanced security code scanning on all new repos

    Advanced-Security-Enforcer What this repository does This code is for an active GitHub Action written in Python to check (on a schedule) for new repos

    Zack Koppert 30 May 17, 2022
    Brainly-Scrambler - Brainly Scrambler With Python

    Brainly-Scrambler Untuk admin brainly jangan lupa pasang captcha mu Note: Kamu

    8 Feb 24, 2022
    The Multi-Tool Web Vulnerability Scanner.

    🟥 RapidScan v1.2 - The Multi-Tool Web Vulnerability Scanner RapidScan has been ported to Python3 i.e. v1.2. The Python2.7 codebase is available on v1

    skavngr 1.3k Dec 31, 2022
    Scanning for CVE-2021-44228

    Filesystem log4j_scanner for windows and Unix. Scanning for CVE-2021-44228, CVE-2021-45046, CVE-2019-17571 Requires a minimum of Python 2.7. Can be ex

    Brett England 4 Jan 09, 2022
    A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228

    1.Create a Sample Vulnerable Application . 2.Start a netcat listner . 3.Run the exploit . 5.Use jdk1.8.0_20 for better results . Exploit-db - https://

    Isuru Umayanga 7 Aug 06, 2022
    AnonStress-Stored-XSS-Exploit - An exploit and demonstration on how to exploit a Stored XSS vulnerability in anonstress

    AnonStress Stored XSS Exploit An exploit and demonstration on how to exploit a S

    صلى الله على محمد وآله 3 Jun 22, 2022
    SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

    Flask-SeaSurf SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF). CSRF vulnerabilities have been found in large and popular

    Max Countryman 183 Dec 28, 2022
    Jolokia Exploitation Toolkit (JET) helps exploitation of exposed jolokia endpoints.

    jolokia-exploitation-toolkit Jolokia Exploitation Toolkit (JET) helps exploitation of exposed jolokia endpoints. Core concept Jolokia is a protocol br

    Laluka 194 Jan 01, 2023