A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

Overview
https://travis-ci.org/python-security/pyt.svg?branch=master https://readthedocs.org/projects/pyt/badge/?version=latest

This project is no longer maintained

March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulnerabilities in your Python codebase.

Pyre from Facebook is an amazing project that has a bright future and many smart people working on it. I would suggest, if you don't know that much about program analysis, that you understand how PyT works before diving into Pyre. Along with the README's in most directories, there are the original Master's Thesis and some slides. With that said, I am happy to review pull requests and give you write permissions if you make more than a few.

There were a lot of great contributors to this project, I plan on working on other projects like detect-secrets and others (e.g. Pyre eventually) in the future if you'd like to work together more :)

If you are a security engineer with e.g. a Python codebase without type annotations, that Pyre won't handle, I would suggest you replace your sinks with a secure wrapper (something like defusedxml), and alert off any uses of the standard sink. You can use Bandit to do this since dataflow analysis is not required, but you will have to trim it a lot, due to the high false-positive rate.

Python Taint

Static analysis of Python web applications based on theoretical foundations (Control flow graphs, fixed point, dataflow analysis)

Features

  • Detect command injection, SSRF, SQL injection, XSS, directory traveral etc.
  • A lot of customisation possible

For a look at recent changes, please see the changelog.

Example usage and output:

https://raw.githubusercontent.com/KevinHock/rtdpyt/master/readme_static_files/pyt_example.png

Install

Before continuing, make sure you have python3.6 or 3.7 installed.

pip install python-taint
โœจ๐Ÿฐโœจ

PyT can also be installed from source. To do so, clone the repo, and then run:

python3 setup.py install

How it Works

Soon you will find a README.rst in every directory in the pyt/ folder, start here.

How to Use

  1. Choose a web framework

The -a option determines which functions will have their arguments tainted, by default it is Flask.

  1. (optional) Customize source and sink information

Use the -t option to specify sources and sinks, by default this file is used.

  1. (optional) Customize which library functions propagate taint

For functions from builtins or libraries, e.g. url_for or os.path.join, use the -m option to specify whether or not they return tainted values given tainted inputs, by default this file is used.

Usage

usage: python -m pyt [-h] [-a ADAPTOR] [-pr PROJECT_ROOT]
                     [-b BASELINE_JSON_FILE] [-j] [-t TRIGGER_WORD_FILE]
                     [-m BLACKBOX_MAPPING_FILE] [-i] [-o OUTPUT_FILE]
                     [--ignore-nosec] [-r] [-x EXCLUDED_PATHS]
                     [--dont-prepend-root] [--no-local-imports]
                     targets [targets ...]

required arguments:
  targets               source file(s) or directory(s) to be scanned

important optional arguments:
  -a ADAPTOR, --adaptor ADAPTOR
                        Choose a web framework adaptor: Flask(Default),
                        Django, Every or Pylons

  -t TRIGGER_WORD_FILE, --trigger-word-file TRIGGER_WORD_FILE
                        Input file with a list of sources and sinks

  -m BLACKBOX_MAPPING_FILE, --blackbox-mapping-file BLACKBOX_MAPPING_FILE
                            Input blackbox mapping file

optional arguments:
  -pr PROJECT_ROOT, --project-root PROJECT_ROOT
                        Add project root, only important when the entry file
                        is not at the root of the project.

  -b BASELINE_JSON_FILE, --baseline BASELINE_JSON_FILE
                        Path of a baseline report to compare against (only
                        JSON-formatted files are accepted)

  -j, --json            Prints JSON instead of report.

  -i, --interactive     Will ask you about each blackbox function call in
                        vulnerability chains.

  -o OUTPUT_FILE, --output OUTPUT_FILE
                        Write report to filename

  --ignore-nosec        Do not skip lines with # nosec comments

  -r, --recursive       Find and process files in subdirectories

  -x EXCLUDED_PATHS, --exclude EXCLUDED_PATHS
                        Separate files with commas

  --dont-prepend-root   In project root e.g. /app, imports are not prepended
                        with app.*

  --no-local-imports    If set, absolute imports must be relative to the
                        project root. If not set, modules in the same
                        directory can be imported just by their names.

Usage from Source

Using it like a user python3 -m pyt examples/vulnerable_code/XSS_call.py

Running the tests python3 -m tests

Running an individual test file python3 -m unittest tests.import_test

Running an individual test python3 -m unittest tests.import_test.ImportTest.test_import

Contributions

Join our slack group: https://pyt-dev.slack.com/ - ask for invite: [email protected]

Guidelines

Virtual env setup guide

Create a directory to hold the virtual env and project

mkdir ~/a_folder

cd ~/a_folder

Clone the project into the directory

git clone https://github.com/python-security/pyt.git

Create the virtual environment

python3 -m venv ~/a_folder/

Check that you have the right versions

python3 --version sample output Python 3.6.0

pip --version sample output pip 9.0.1 from /Users/kevinhock/a_folder/lib/python3.6/site-packages (python 3.6)

Change to project directory

cd pyt

In the future, just type source ~/a_folder/bin/activate to start developing.

Comments
  • -r Recursive option

    -r Recursive option

    Issue: #127 There is a few steps for completing this PR. Now we can get all ".py" files in directory and exclude some files with "-x" option.

    cool important 
    opened by omergunal 13
  • Write tests for __main__.py

    Write tests for __main__.py

    As we can see on CodeClimate https://codeclimate.com/github/python-security/pyt/coverage/5935971dbf92ed000102998b there is pretty low test coverage of main, I understand why this is but adding some tests for it would increase our test coverage percentage and 75% isn't satisfying.

    If you have any trouble with this I can help, I am going to label this issue as Easy so new comers see it.

    good first issue 
    opened by KevinHock 9
  • Add readthedocs

    Add readthedocs

    If you look at https://github.com/trailofbits/manticore/blob/master/README.md you can see a nice link at the top to the docs. I'll write the docs once the layout is there, please see https://www.slideshare.net/mobile/JohnCosta/how-to-readthedocs

    (So the [easy] issues are good for new people who want to start contributing to look at.)

    enhancement easy 
    opened by KevinHock 9
  • Add support for sinks introduced with

    Add support for sinks introduced with "from .... import ..."

    Right now sinks seem to be considered during vulnerability analysis only in case of "module scope imports". E.g. vulnerabilities w.r.t. sink subprocess.call( are only detected in case the production code imports module scope wise:

    import subprocess
    
    subprocess.call(
    

    In case the production code introduces the sink via module import the vulnerability won't be detected.

    from subprocess import call
    
    call(
    
    help wanted cool 
    opened by fkromer 8
  • Publish new version

    Publish new version

    Would be great to get a new release published on pypi soon.

    We have over 190 commits added, though I'm not sure of the specific criteria for bumping the version.

    opened by bcaller 8
  • 128: Allow the user to cancel interactive mode

    128: Allow the user to cancel interactive mode

    This should resolve #128. The change is so straight forward and any potential tests would be awkward, so I'm not sure we want to include specific tests for this (there were none before for interactive mode anyway).

    I'm open to suggestions though.

    You can manually test this change by using this sample code:

    import scrypt
    
    
    image_name = request.args.get('image_name')
    if not image_name:
        image_name = 'foo'
    foo = scrypt.outer(image_name) # Any call after ControlFlowNode caused the problem
    foo = scrypt.hash(foo, 'salt')
    foo = scrypt.encrypt(os.urandom(datalength), foo)
    send_file(foo)
    

    Then python -m pyt sample.py -m bb.txt -i. You can see how it does as many as you want until you answer s.

    opened by adrianbn 7
  • Feature Request: Whitelist lines ending in # nosec

    Feature Request: Whitelist lines ending in # nosec

    So both detect-secrets and Bandit have the concept of whitelisting a line by putting a comment at the end, similar to how you've probably seen people do # noqa: F401 or whatever, with pylint.

    Let us steal once again, from Bandit, since they are most similar to us, here are the relevant lines, but we shall change lineno + 1 for to enumerate(lines, start=1) because it is more pythonic.

    They also have the --ignore-nosec do not skip lines with # nosec comments command line optionso we shall pass in the set of lines to the 2 calls tofind_vulnerabilities` in __main__,

    feature request 
    opened by KevinHock 7
  • Can't clone repo on MacOS

    Can't clone repo on MacOS

    Hi!

    For some weird reason when cloning the repo on a mac (tested with 10.11 and 10.13) the file pyt/trigger_definitions/flask_trigger_words.pyt won't be written.

    here's an example:

    } /tmp$ git clone https://github.com/python-security/pyt.git
    Cloning into 'pyt'...
    remote: Counting objects: 5740, done.
    remote: Total 5740 (delta 0), reused 0 (delta 0), pack-reused 5740
    Receiving objects: 100% (5740/5740), 2.62 MiB | 3.75 MiB/s, done.
    Resolving deltas: 100% (3916/3916), done.
    Checking connectivity... done.
    } /tmp$ cd pyt/
    } /tmp/pyt$ git status
    On branch master
    Your branch is up-to-date with 'origin/master'.
    Changes not staged for commit:
      (use "git add/rm <file>..." to update what will be committed)
      (use "git checkout -- <file>..." to discard changes in working directory)
    
    	deleted:    pyt/trigger_definitions/flask_trigger_words.pyt
    
    no changes added to commit (use "git add" and/or "git commit -a")
    

    Even copy pasting the content in a file result in the file not existing. Tried with default terminal, iterm2 and intellij's terminal, all the same so musn't be the terminal.

    Doing some try/fail we suspect that the faulty line is subprocess.call( but doing a hexdump of the file (on a xenial box) doesn't show much...

    [email protected]:~/pyt/pyt/trigger_definitions# cat flask_trigger_words.pyt | hexdump -C
    00000000  73 6f 75 72 63 65 73 3a  0a 67 65 74 28 0a 2e 64  |sources:.get(..d|
    00000010  61 74 61 0a 66 6f 72 6d  5b 0a 66 6f 72 6d 28 0a  |ata.form[.form(.|
    00000020  4d 61 72 6b 75 70 28 0a  63 6f 6f 6b 69 65 73 5b  |Markup(.cookies[|
    00000030  0a 66 69 6c 65 73 5b 0a  53 51 4c 41 6c 63 68 65  |.files[.SQLAlche|
    00000040  6d 79 0a 0a 73 69 6e 6b  73 3a 0a 72 65 70 6c 61  |my..sinks:.repla|
    00000050  63 65 28 20 2d 3e 20 65  73 63 61 70 65 0a 73 65  |ce( -> escape.se|
    00000060  6e 64 5f 66 69 6c 65 28  20 2d 3e 20 27 2e 2e 27  |nd_file( -> '..'|
    00000070  2c 20 27 2e 2e 27 20 69  6e 0a 65 78 65 63 75 74  |, '..' in.execut|
    00000080  65 28 0a 73 79 73 74 65  6d 28 0a 66 69 6c 74 65  |e(.system(.filte|
    00000090  72 28 0a 73 75 62 70 72  6f 63 65 73 73 2e 63 61  |r(.subprocess.ca|
    000000a0  6c 6c 28 0a 72 65 6e 64  65 72 5f 74 65 6d 70 6c  |ll(.render_templ|
    000000b0  61 74 65 28 0a 73 65 74  5f 63 6f 6f 6b 69 65 28  |ate(.set_cookie(|
    000000c0  0a 72 65 64 69 72 65 63  74 28 0a 75 72 6c 5f 66  |.redirect(.url_f|
    000000d0  6f 72 28 0a 66 6c 61 73  68 28 0a 6a 73 6f 6e 69  |or(.flash(.jsoni|
    000000e0  66 79 28                                          |fy(|
    000000e3
    

    The result of this is the tool can't seem to run on mac since this file is not available, fails with

    Traceback (most recent call last):
      File ".../bin/pyt", line 11, in <module>
        load_entry_point('pyt==1.0.0a20', 'console_scripts', 'pyt')()
      File ".../lib/python3.5/site-packages/pyt-1.0.0a20-py3.5.egg/pyt/__main__.py", line 247, in main
        args.trim_reassigned_in)
      File ".../lib/python3.5/site-packages/pyt-1.0.0a20-py3.5.egg/pyt/vulnerabilities.py", line 394, in find_vulnerabilities
        definitions = parse(trigger_word_file)
      File ".../lib/python3.5/site-packages/pyt-1.0.0a20-py3.5.egg/pyt/trigger_definitions_parser.py", line 48, in parse
        with open(trigger_word_file, 'r') as fd:
    FileNotFoundError: [Errno 2] No such file or directory: '.../lib/python3.5/site-packages/pyt-1.0.0a20-py3.5.egg/pyt/trigger_definitions/flask_trigger_words.pyt'
    

    Does that ring any bell?

    opened by lindycoder 7
  • (Not an issue right now) Handle multiple returns

    (Not an issue right now) Handle multiple returns

    ~~I'll try to work on this relatively soon, but~~ to think out loud..

    In interprocedural_cfg.py, we have

    def return_handler(self, node, function_nodes):
        """Handle the return from a function during a function call."""
        call_node = None
        for n in function_nodes:
            if isinstance(n, ConnectToExitNode):
                LHS = CALL_IDENTIFIER + 'call_' + str(self.function_index)
                previous_node = self.nodes[-1]
                if not call_node:
                    RHS = 'ret_' + get_call_names_as_string(node.func)
                    r = RestoreNode(LHS + ' = ' + RHS, LHS, [RHS],
                                    line_number=node.lineno,
                                    path=self.filenames[-1])
                    call_node = self.append_node(r)
                    previous_node.connect(call_node)
            else:
                # lave rigtig kobling
                pass
    

    which cleaned is

    def return_handler(self, call_node, function_nodes):
        """Handle the return from a function during a function call.
    
        Args:
            call_node(ast.Call) : The node that calls the definition.
            function_nodes(list[Node]): List of nodes of the function being called.
        """
        for node in function_nodes:
            # Only Return's and Raise's can be of type ConnectToExitNode
            if isinstance(node, ConnectToExitNode):                
                # Create e.g. ยคcall_1 = ret_func_foo RestoreNode
                LHS = CALL_IDENTIFIER + 'call_' + str(self.function_call_index)
                RHS = 'ret_' + get_call_names_as_string(call_node.func)
                return_node = RestoreNode(LHS + ' = ' + RHS,
                                          LHS,
                                          [RHS],
                                          line_number=call_node.lineno,
                                          path=self.filenames[-1])
                self.nodes[-1].connect(return_node)
                self.nodes.append(return_node)
                return 
    

    Firstly, the for loop and the if statement seem to just serve the purpose of "Is there a node of type Return or Raise in the function?" But I think all functions should have at least one return node, right? I'm not sure if I understand the original intention that well e.g. what was going to be in the else?

    Secondly, here is an example to illustrate the problem/need to handle multiple returns:

    TODO

    difficult 
    opened by KevinHock 7
  • Implement -r recursive option

    Implement -r recursive option

    So let us steal, once again (a 3rd, or 4th time), from Bandit.

    https://github.com/openstack/bandit/blob/master/bandit/cli/main.py#L157-L160

    https://github.com/openstack/bandit/blob/8f09d8b208f037b7d49ed6bc88f2ac200e7cc06c/bandit/core/manager.py#L171-L219

    This will enable a user to just give -r /path/to/files instead of -f file one at a time.

    This is less straightforward, you should also add

        parser.add_argument(
            'targets', metavar='targets', type=str, nargs='*',
            help='source file(s) or directory(s) to be tested'
        )
    
        parser.add_argument(
            '-x', '--exclude', dest='excluded_paths', action='store',
            default='', help='comma-separated list of paths to exclude from scan '
                             '(note that these are in addition to the excluded '
                             'paths provided in the config file)'
        )
    

    too.

    This will help us out a great deal, as I'm working on documentation, and then after docs I'll return to the CFG work (the expr_star_handler stuff). So without you I wouldn't work on this for a while.

    cool 
    opened by KevinHock 6
  • Tags: 'final' and 'finalfinal'

    Tags: 'final' and 'finalfinal'

    Hi team,

    Thanks for your project. We added Pyt to our security tools section. While reviewing we noticed we could only extract tags from the GitHub repo, as no releases are used. Now tags are sorted by alphabet, meaning that the tagged version 'finalfinal' always is listed as the highest release number. Not sure if it is possible, but you could re-tag it 'final' and 'finalfinal'. Then the community can pick up future released and promote your project. Otherwise, it gets stuck on a very old version ;-)

    opened by mboelen 6
  • args is empty in BBorBInode when CFG generated

    args is empty in BBorBInode when CFG generated

    Excuse me, why is there no argument in the variable args in the picture below? image cmd_result = subprocess.Popen(cmd,shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.DEVNULL).stdout.read() Sorry, I'm not a native speaker. I hope I'm making myself clear

    opened by megapyroblast 0
  • pyt usually picks the wrong encoding to load files

    pyt usually picks the wrong encoding to load files

    Traceback (most recent call last):
      File "c:\users\matth\appdata\local\programs\python\python38\lib\runpy.py", line 193, in _run_module_as_main
        return _run_code(code, main_globals, None,
      File "c:\users\matth\appdata\local\programs\python\python38\lib\runpy.py", line 86, in _run_code
        exec(code, run_globals)
      File "C:\Users\matth\.local\bin\pyt.exe\__main__.py", line 7, in <module>
      File "c:\users\matth\.local\pipx\venvs\python-taint\lib\site-packages\pyt\__main__.py", line 92, in main
        nosec_lines[path] = retrieve_nosec_lines(path)
      File "c:\users\matth\.local\pipx\venvs\python-taint\lib\site-packages\pyt\__main__.py", line 57, in retrieve_nosec_lines
        lines = file.readlines()
      File "c:\users\matth\appdata\local\programs\python\python38\lib\encodings\cp1252.py", line 23, in decode
        return codecs.charmap_decode(input,self.errors,decoding_table)[0]
    UnicodeDecodeError: 'charmap' codec can't decode byte 0x81 in position 2105: character maps to <undefined>
    

    sometimes this helps

    export PYTHONIOENCODING=utf-8
    export LC_ALL=en_US.UTF-8
    export LANG=en_US.UTF-8
    

    but today it didn't so I'm about ready to stop using pyt... I'm somewhat worried I've been using it wrong for a few years because of the various tools I use, pyt never complained about anything, (i.e. found no vulnerabilities or bugs, neither positive or false)

    If anyone ever takes over this project, then all the file open() calls should either specify utf-8 (a better "guess") or use chardet to make a really good guess.

    opened by matthewdeanmartin 1
  • docs: fix simple typo, traveral -> traversal

    docs: fix simple typo, traveral -> traversal

    There is a small typo in README.rst.

    Should read traversal rather than traveral.

    Semi-automated pull request generated by https://github.com/timgates42/meticulous/blob/master/docs/NOTE.md

    opened by timgates42 0
  • Fails on Python 3.9.0

    Fails on Python 3.9.0

    Looks like pyt took a dependency on a private attribute that has disappeared. Yes. I saw the tool is no longer maintained, but it used to at least run on 3.8.x

    Traceback (most recent call last):
      File "/root/.local/bin/pyt", line 8, in <module>
        sys.exit(main())
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/__main__.py", line 101, in main
        cfg = make_cfg(
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/make_cfg.py", line 36, in make_cfg
        visitor = ExprVisitor(
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/expr_visitor.py", line 69, in __init__
        self.init_cfg(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/expr_visitor.py", line 76, in init_cfg
        module_statements = self.visit(node)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 67, in visit_Module
        return self.stmt_star_handler(node.body)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 88, in stmt_star_handler
        node = self.visit(stmt)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 1069, in visit_ImportFrom
        return self.add_module(
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 807, in add_module
        self.visit(tree)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 67, in visit_Module
        return self.stmt_star_handler(node.body)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 88, in stmt_star_handler
        node = self.visit(stmt)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/cfg/stmt_visitor.py", line 460, in visit_Assign
        label.visit(node)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/helper_visitors/label_visitor.py", line 56, in visit_Assign
        self.visit(node.value)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/helper_visitors/label_visitor.py", line 334, in visit_IfExp
        self.visit(node.orelse)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/helper_visitors/label_visitor.py", line 173, in visit_Subscript
        self.slicev(node.slice)
      File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/helper_visitors/label_visitor.py", line 190, in slicev
        self.visit(node.value)
      File "/usr/local/lib/python3.9/ast.py", line 407, in visit
        return visitor(node)
      File "/usr/local/lib/python3.9/ast.py", line 411, in generic_visit
        for field, value in iter_fields(node):
      File "/usr/local/lib/python3.9/ast.py", line 249, in iter_fields
        for field in node._fields:
    AttributeError: 'str' object has no attribute '_fields'
    
    opened by matthewdeanmartin 7
  • How to handle callbacks

    How to handle callbacks

    Hi, I am trying pyt to work through callbacks. It taints the function arguments but not callbacks. If anyone has any idea about this , please let me know.

    opened by sabazahra 2
Cam-Hacker: Ip Cameras hack with python

Cam-Hacker Hack Cameras Mode Of Execution: apt-get install python3 apt-get insta

Error 4 You 9 Dec 17, 2022
DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE

DepFine DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE Installation: You Can inst

Hossam mesbah 14 Nov 11, 2022
A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF

Allyson O'Malley 118 Nov 07, 2022
CVE-2021-45232-RCE-ๅคš็บฟ็จ‹ๆ‰น้‡ๆผๆดžๆฃ€ๆต‹

CVE-2021-45232-RCE CVE-2021-45232-RCE-ๅคš็บฟ็จ‹ๆ‰น้‡ๆผๆดžๆฃ€ๆต‹ FOFA ๆŸฅ่ฏข title="Apache APISIX Das

ๅญคๆกœๆ‡ถๅฅ‘ 36 Sep 21, 2022
่šๅˆGithubไธŠๅทฒๆœ‰็š„Pocๆˆ–่€…Exp๏ผŒCVEไฟกๆฏๆฅ่‡ชCVEๅฎ˜็ฝ‘ใ€‚Auto Collect Poc Or CVE from Github by CVE ID.

PocOrExp in Github ่šๅˆGithubไธŠๅทฒๆœ‰็š„Pocๆˆ–่€…Exp๏ผŒCVEไฟกๆฏๆฅ่‡ชCVEๅฎ˜็ฝ‘ ๆณจๆ„๏ผšๅช้€š่ฟ‡้€š็”จ็š„CVEๅท่šๅˆ๏ผŒๅ› ๆญคๅฏนไบŽMS17-010็ญ‰Windows็ผ–ๅทๆผๆดžไปฅๅŠ่‘—ๅ็š„ๆœ‰็ปฐๅท็š„ๆผๆดž๏ผŒ่ฟ˜ๆ˜ฏ่‡ชๅทฑๆฃ€็ดขไธ€ไธ‹ๆฏ”่พƒๅฅฝ Usage python3 exp.py -h usage: ex

567 Dec 30, 2022
A deobfuscator for multiple python obfuscators

PY4COC A deobfuscator for multiple python obfuscators, supports exe's packed with pyinstaller too. How to use python3 py4coc.py exe file or py file o

svenskithesource 16 Dec 03, 2022
GitLab CI security tools runner

Common Security Pipeline ะžะฟะธัะฐะฝะธะต ะฟั€ะพะตะบั‚ะฐ: ะ”ะฐะฝะฝั‹ะน ะฟั€ะพะตะบั‚ ัะฒะปัะตั‚ัั ะฒะฐั€ะธะฐะฝั‚ะพะผ ั€ะตะฐะปะธะทะฐั†ะธะธ DevSecOps ะฟั€ะฐะบั‚ะธะบ, ะฝะฐ ะฑะฐะทะต: GitLab DefectDojo OpenSouce tools g

ะกะธั‚ะธ-ะœะพะฑะธะป 14 Dec 23, 2022
S2-061 ็š„payload๏ผŒไปฅๅŠๅฏนๅบ”็ฎ€ๅ•็š„PoC/Exp

S2-061 ่„šๆœฌ็š†ๆ นๆฎvulhub็š„struts2-059/061ๆผๆดžๆต‹่ฏ•็Žฏๅขƒๆฅๅ†™็š„๏ผŒไธๅ…ทๆ™ฎ้ๆ€ง๏ผŒ่ฟ˜ๆœ›ๅคงไฝฌๅคšๅคšๆŒ‡ๆ•™ struts2-061-poc.py๏ผˆๅฏๆ‰ง่กŒ็ฎ€ๅ•็ณป็ปŸๅ‘ฝไปค๏ผ‰ ็”จๆณ•๏ผšpython struts2-061-poc.py http://ip:port command ไพ‹ๅญ๏ผšpython

dreamer 46 Oct 20, 2022
Metal Gear Online 2 (MGO2) stage files decryption

Metal Gear Online 2 decryption tool Metal Gear Online 2 (MGO2) has an additional layer of encryption for stage files. I was not able to find info abou

4 Sep 02, 2022
Worm/Trojan/Ransomware/apt/Rootkit/Virus Database

Pestilence - The Malware Database [] Screenshot Pestilence is a project created to make the possibility of malware analysis open and available to the

*ERR0R* 47 Dec 21, 2022
Web Headers Security Scanner

Web Headers Security Scanner

Emre Koybasi 3 Dec 16, 2022
A simple multi-threaded distributed SSH brute-forcing tool written in Python.

OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxi

K4YT3X 408 Jan 03, 2023
OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238. It generates and validates OTPs based

1 Nov 15, 2021
๐™พ๐š™๐šŽ๐š— ๐š‚๐š˜๐šž๐š›๐šŒ๐šŽ ๐š‚๐šŒ๐š›๐š’๐š™๐š - ๐™ฝ๐š˜ ๐™ฒ๐š˜๐š™๐šข๐š›๐š’๐š๐š‘๐š - ๐šƒ๐šŽ๐šŠ๐š– ๐š†๐š˜๐š›๐š” - ๐š‚๐š’๐š–๐š™๐š•๐šŽ ๐™ฟ๐šข๐š๐š‘๐š˜๐š— ๐™ฟ๐š›๐š˜๐š“๐šŽ๐šŒ๐š - ๐™ฒ๐š›๐šŽ๐šŠ๐š๐šŽ๐š ๐™ฑ๐šข : ๐™ฐ๐š•๐š• ๐šƒ๐šŽ๐šŠ๐š– - ๐™ฒ๐š˜๐š™๐šข๐™ฟ๐šŠ๐šœ๐š ๐™ฒ๐šŠ๐š— ๐™ฝ๐š˜๐š ๐™ผ๐šŠ๐š”๐šŽ ๐šˆ๐š˜๐šž ๐š๐šŽ๐šŠ๐š• ๐™ฟ๐š›๐š˜๐š๐š›๐šŠ๐š–๐š–๐šŽ๐š›

๐™พ๐š™๐šŽ๐š— ๐š‚๐š˜๐šž๐š›๐šŒ๐šŽ ๐š‚๐šŒ๐š›๐š’๐š™๐š - ๐™ฝ๐š˜ ๐™ฒ๐š˜๐š™๐šข๐š›๐š’๐š๐š‘๐š - ๐šƒ๐šŽ๐šŠ๐š– ๐š†๐š˜๐š›๐š” - ๐š‚๐š’๐š–๐š™๐š•๐šŽ ๐™ฟ๐šข๐š๐š‘๐š˜๐š— ๐™ฟ๐š›๐š˜๐š“๐šŽ๐šŒ๐š - ๐™ฒ๐š›๐šŽ๐šŠ๐š๐šŽ๐š ๐™ฑ๐šข : ๐™ฐ๐š•๐š• ๐šƒ๐šŽ๐šŠ๐š– - ๐™ฒ๐š˜๐š™๐šข๐™ฟ๐šŠ๐šœ๐š ๐™ฒ๐šŠ๐š— ๐™ฝ๐š˜๐š ๐™ผ๐šŠ๐š”๐šŽ ๐šˆ๐š˜๐šž ๐š๐šŽ๐šŠ๐š• ๐™ฟ๐š›๐š˜๐š๐š›๐šŠ๐š–๐š–๐šŽ๐š›

CodeX-ID 2 Oct 27, 2022
Discord exploit allowing you to be unbannable.

Discord-Ban-Immunity Discord exploit allowing you to be unbannable. 9/3/2021 Found in late August. Found by Passive and Me. Explanation If a user gets

orlando 9 Nov 23, 2022
This is tools hacking for scan vuln in port web, happy using

Xnuvers007 PortInjection this is tools hacking for scan vuln in port web, happy using view/show python 3.9 solo coder (tangerang) 19 y/o installation

XnuxersXploitXen 6 Dec 24, 2022
Buffer Overflow para SLmail5.5 32 bits

SLmail5.5-Exploit-BoF Buffer Overflow para SLmail5.5 32 bits con un par de utilidades para que puedas hacer el tuyo REQUISITOS PARA QUE FUNCIONE: Desa

Luis Javier 15 Jul 30, 2022
This program is a WiFi cracker, you can test many passwords for a desired wifi to find the wifi password!

WiFi_Cracker About the Program: This program is a WiFi cracker! Just run code and select a desired wifi to start cracking ๐Ÿ’ฃ Note: you can use this pa

Sina.f 13 Dec 08, 2022
Log4j rce test environment and poc

log4jpwn log4j rce test environment See: https://www.lunasec.io/docs/blog/log4j-zero-day/ Experiments to trigger in various software products mentione

Leon Jacobs 307 Dec 24, 2022
Lite - Lite cracker tool for python

Wellcome to tools Results Install Tools

Jeeck X Nano 23 Dec 17, 2022