├── .gitignore ├── LICENSE ├── combinations.py ├── ez_b64 ├── inject_shellcode.py ├── pdf_dumper.py ├── pem_extract.py ├── permutations.py ├── rot_alpha.py ├── rsa_wrapper.py ├── tcp_client.py ├── udp_client.py ├── wordlist_add_digits.py └── xor.py /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | 5 | # C extensions 6 | *.so 7 | 8 | # Distribution / packaging 9 | .Python 10 | env/ 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | lib/ 17 | lib64/ 18 | parts/ 19 | sdist/ 20 | var/ 21 | *.egg-info/ 22 | .installed.cfg 23 | *.egg 24 | 25 | # PyInstaller 26 | # Usually these files are written by a python script from a template 27 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 28 | *.manifest 29 | *.spec 30 | 31 | # Installer logs 32 | pip-log.txt 33 | pip-delete-this-directory.txt 34 | 35 | # Unit test / coverage reports 36 | htmlcov/ 37 | .tox/ 38 | .coverage 39 | .cache 40 | nosetests.xml 41 | coverage.xml 42 | 43 | # Translations 44 | *.mo 45 | *.pot 46 | 47 | # Django stuff: 48 | *.log 49 | 50 | # Sphinx documentation 51 | docs/_build/ 52 | 53 | # PyBuilder 54 | target/ 55 | 56 | # Vim SWP files 57 | *.swp 58 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 David Tomaschik 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /combinations.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from string import uppercase, lowercase, maketrans 4 | import math, sys 5 | 6 | 7 | class combinations(): 8 | 9 | def combs(self, total, choice): 10 | return (math.factorial(total)/(math.factorial(choice)*math.factorial(total-choice))) 11 | 12 | 13 | if __name__ == '__main__': 14 | try: 15 | total = sys.argv[1] 16 | choice = sys.argv[2] 17 | total = int(total, 0) 18 | choice = int(choice, 0) 19 | ops = combinations() 20 | result = ops.combs(total, choice) 21 | print result 22 | except IndexError: 23 | print('Usage: combinations.py ') 24 | -------------------------------------------------------------------------------- /ez_b64: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #Simple b64 wrapper 3 | import base64, sys 4 | 5 | 6 | class EZ_b64(): 7 | 8 | def encode(self, data): 9 | encoded = base64.b64encode(data) 10 | print encoded 11 | 12 | def decode(self, data): 13 | decoded = base64.b64decode(data) 14 | print decoded 15 | 16 | 17 | if __name__ == '__main__': 18 | try: 19 | opperation = sys.argv[1] 20 | data = sys.argv[2] 21 | b64 = EZ_b64() 22 | if opperation == "encode": 23 | b64.encode(data) 24 | else: 25 | if opperation == "decode": 26 | b64.decode(data) 27 | else: 28 | print('Usage: ez_b64.py (encode or decode) data') 29 | sys.exit(1) 30 | except IndexError: 31 | print('Usage: ez_b64.py (encode or decode) data') 32 | sys.exit(1) 33 | -------------------------------------------------------------------------------- /inject_shellcode.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import ctypes, sys 3 | 4 | 5 | class InjectShellcode(): 6 | 7 | def runShellcode(self, shellcode): 8 | #ShellCode into bytearray 9 | code = bytearray(shellcode) 10 | #Uses kernel32 to inject into memory 11 | ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(code)),ctypes.c_int(0x3000),ctypes.c_int(0x40)) 12 | buf = (ctypes.c_char * len(code)).from_buffer(code) 13 | ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),buf,ctypes.c_int(len(code))) 14 | ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(ptr),ctypes.c_int(0),ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0))) 15 | ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht),ctypes.c_int(-1)) 16 | 17 | 18 | if __name__ == '__main__': 19 | try: 20 | shellcode = sys.argv[1] 21 | #Can hardcode options as well # shellcode = "" 22 | process = InjectShellcode() 23 | process.runShellcode(shellcode) 24 | except IndexError: 25 | print('Usage: inject_shellcode.py "\\xbe\\xba\\xfe\\xca\\xef\\xbe\\xad\\xde"') 26 | sys.exit(1) 27 | -------------------------------------------------------------------------------- /pdf_dumper.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from __future__ import print_function 4 | import hashlib 5 | import Image 6 | import pyPdf 7 | import sys 8 | 9 | 10 | class PDFDumper(object): 11 | """Dump resources from a pdf. 12 | 13 | Currently, only images are supported. 14 | """ 15 | 16 | _image_colorspaces = { 17 | '/DeviceRGB': 'RGB', 18 | '/DeviceGray': 'L', 19 | } 20 | 21 | def __init__(self, fp): 22 | self.fp = fp 23 | self.reader = pyPdf.PdfFileReader(fp) 24 | 25 | def get_resources(self): 26 | extracted = set() 27 | for page in self.reader.pages: 28 | try: 29 | resources = page['/Resources'] 30 | except KeyError: 31 | continue 32 | try: 33 | xobject = resources['/XObject'] 34 | except KeyError: 35 | # Are there types other than XObject? 36 | continue 37 | for res in xobject.itervalues(): 38 | # In case it's indirect 39 | res = res.getObject() 40 | try: 41 | name = self.resource_name(res) 42 | except (NotImplementedError, AssertionError) as ex: 43 | print('Warning: {}'.format(ex)) 44 | continue 45 | if name in extracted: 46 | continue 47 | extracted.add(name) 48 | yield res 49 | 50 | def get_image(self, resource): 51 | dimensions = (resource['/Width'], resource['/Height']) 52 | colorspace = resource['/ColorSpace'] 53 | if isinstance(colorspace, basestring): 54 | # Basic image 55 | colorspace = self._image_colorspaces[colorspace] 56 | im = Image.new(colorspace, dimensions) 57 | im.frombytes(resource.getData()) 58 | return im 59 | # Paletteized image 60 | if colorspace[0] != '/Indexed': 61 | print('Not implemented, image type: {}{}'.format( 62 | colorspace[0], colorspace[1])) 63 | return None 64 | palette = colorspace[3].getObject().getData() 65 | im = Image.new('P', dimensions) 66 | im.putpalette(palette) 67 | im.frombytes(resource.getData()) 68 | return im 69 | 70 | @staticmethod 71 | def resource_name(resource): 72 | return hashlib.sha1(resource.getData()).hexdigest() 73 | 74 | def save_resources(self): 75 | for res in self.get_resources(): 76 | if res['/Type'] == '/XObject' and res['/Subtype'] == '/Image': 77 | im = self.get_image(res) 78 | im.save('{}.png'.format(self.resource_name(res))) 79 | continue 80 | print('Unknown Resource: {}/{}'.format( 81 | res['/Type'], res['/Subtype'])) 82 | 83 | 84 | if __name__ == '__main__': 85 | try: 86 | fp = open(sys.argv[1]) 87 | except IndexError: 88 | print('Usage: pdf_dumper ') 89 | sys.exit(1) 90 | dumper = PDFDumper(fp) 91 | dumper.save_resources() 92 | -------------------------------------------------------------------------------- /pem_extract.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from __future__ import print_function 4 | import hashlib 5 | import re 6 | import shlex 7 | import subprocess 8 | import sys 9 | 10 | 11 | class OpenSSLWrapper(object): 12 | """Class containing helper methods for using OpenSSL.""" 13 | 14 | @staticmethod 15 | def _exec_openssl(args, indata): 16 | args = shlex.split(args) 17 | proc = subprocess.Popen( 18 | ['openssl'] + args, stdin=subprocess.PIPE, 19 | stdout=subprocess.PIPE, close_fds=True) 20 | stdout, _ = proc.communicate(indata) 21 | return stdout.strip() 22 | 23 | @classmethod 24 | def openssl_hash(cls, pemdata): 25 | options = 'x509 -noout -hash' 26 | return cls._exec_openssl(options, pemdata) 27 | 28 | @classmethod 29 | def openssl_fingerprint(cls, pemdata): 30 | options = 'x509 -noout -fingerprint' 31 | return cls._exec_openssl(options, pemdata).split('=', 1)[-1] 32 | 33 | 34 | class PEMExtractor(object): 35 | """Hunt for PEM files within another file or file-like object.""" 36 | 37 | _pem_re = re.compile( 38 | r'-----BEGIN ([^-]+)-----' 39 | r'[A-Za-z0-9+/\n\r]+=*[\r\n]*' 40 | r'-----END \1-----') 41 | 42 | def __init__(self, source, block_size=5*1024*1024): 43 | self.block_size = block_size 44 | if isinstance(source, basestring): 45 | self.source = open(source, 'rb') 46 | else: 47 | try: 48 | getattr(source, 'read') 49 | except AttributeError: 50 | raise ValueError( 51 | 'source must be a filename or file-like object.') 52 | self.source = source 53 | 54 | def walk(self, callback, unique=True): 55 | chunk = '' 56 | seen = set() 57 | while True: 58 | tail = len(chunk) 59 | tmp = self.source.read(self.block_size) 60 | if not tmp: 61 | break 62 | chunk += tmp 63 | for m in self._pem_re.finditer(chunk): 64 | tail = max(tail, m.end()) 65 | cert = m.group() 66 | fp = OpenSSLWrapper.openssl_fingerprint(cert) 67 | if not unique or fp not in seen: 68 | callback(cert) 69 | seen.add(fp) 70 | chunk = chunk[tail:] 71 | 72 | def save_certs(self): 73 | def save_single_cert(cert): 74 | cert_hash = OpenSSLWrapper.openssl_hash(cert) 75 | filename = '{}.pem'.format(cert_hash) 76 | with open(filename, 'wb') as fp: 77 | fp.write(cert) 78 | print('Wrote {}'.format(filename)) 79 | self.walk(save_single_cert) 80 | 81 | 82 | if __name__ == '__main__': 83 | try: 84 | source = sys.argv[1] 85 | except IndexError: 86 | source = sys.stdin 87 | extractor = PEMExtractor(source) 88 | extractor.save_certs() 89 | -------------------------------------------------------------------------------- /permutations.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from string import uppercase, lowercase, maketrans 4 | import math, sys 5 | 6 | 7 | class permutations(): 8 | 9 | def perms(self, total, choice): 10 | result = 1 11 | for x in range(0, choice): 12 | result *= total-x 13 | return result 14 | 15 | 16 | if __name__ == '__main__': 17 | try: 18 | total = sys.argv[1] 19 | choice = sys.argv[2] 20 | total = int(total, 0) 21 | choice = int(choice, 0) 22 | ops = permutations() 23 | result = ops.perms(total, choice) 24 | print result 25 | except IndexError: 26 | print('Usage: permutations.py ') 27 | -------------------------------------------------------------------------------- /rot_alpha.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from string import uppercase, lowercase, maketrans 4 | import sys 5 | 6 | 7 | class ROTAlpha(): 8 | 9 | def rot_alpha(self, data, rot): 10 | upper = ''.join([uppercase[(i + rot) % 26] for i in xrange(26)]) 11 | lower = ''.join([lowercase[(i + rot) % 26] for i in xrange(26)]) 12 | table = maketrans(uppercase + lowercase, upper + lower) 13 | print(data.translate(table)) 14 | 15 | 16 | if __name__ == '__main__': 17 | try: 18 | data = sys.argv[1] 19 | rot = sys.argv[2] 20 | rot = int(rot, 0) 21 | table = ROTAlpha() 22 | table.rot_alpha(data, rot) 23 | except IndexError: 24 | print('Usage: rot_alpha.py ') 25 | sys.exit(1) 26 | -------------------------------------------------------------------------------- /rsa_wrapper.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # basic rsa functions 3 | import sys 4 | import zlib 5 | import base64 6 | from Crypto.PublicKey import RSA 7 | from Crypto.Cipher import PKCS1_OAEP 8 | from Crypto.Hash import SHA256 9 | 10 | 11 | class rsa_wrapper(): 12 | 13 | def keygen(self): 14 | key = RSA.generate(2048, e=65537) 15 | public = key.publickey().exportKey("PEM") 16 | private = key.exportKey("PEM") 17 | return public, private 18 | 19 | def encrypt(self, public, plaintext): 20 | rsakey = RSA.importKey(public) 21 | rsakey = PKCS1_OAEP.new(rsakey) 22 | offset = 0 23 | encrypted = "" 24 | plaintext = zlib.compress(plaintext) 25 | while offset < len(plaintext): 26 | encrypted += rsakey.encrypt(plaintext[offset:offset+256]) 27 | offset += 256 28 | encrypted = base64.b64encode(encrypted) 29 | return encrypted 30 | 31 | def decrypt(self, private, ciphertext): 32 | rsakey = RSA.importKey(private) 33 | rsakey = PKCS1_OAEP.new(rsakey) 34 | offset = 0 35 | decrypted = "" 36 | ciphertext = base64.b64decode(ciphertext) 37 | while offset < len(ciphertext): 38 | decrypted += rsakey.decrypt(ciphertext[offset:offset+256]) 39 | offset += 256 40 | decrypted = zlib.decompress(decrypted) 41 | return decrypted 42 | 43 | def sign(self, private, plaintext): 44 | rsakey = RSA.importKey(private) 45 | hashed = SHA256.new(plaintext).digest() 46 | signature = rsakey.sign(hashed, '') 47 | return signature 48 | 49 | def verify(self, public, signature, plaintext): 50 | rsakey = RSA.importKey(public) 51 | hashed = SHA256.new(plaintext).digest() 52 | verified = rsakey.verify(hashed, signature) 53 | return verified 54 | 55 | 56 | if __name__ == '__main__': 57 | try: 58 | message = sys.argv[1] 59 | rsa = rsa_wrapper() 60 | public, private = rsa.keygen() 61 | print "Public Key is:\n{}\n".format(public) 62 | print "Private Key is:\n{}\n".format(private) 63 | 64 | encrypted_message = rsa.encrypt(public, message) 65 | print "Test message encrypted with public key is:\n{}\n".format(encrypted_message) 66 | 67 | decrypted_message = rsa.decrypt(private, encrypted_message) 68 | print "Testing decryption function to return orginal message:\n{}\n".format(decrypted_message) 69 | 70 | signature = rsa.sign(private, message) 71 | print "Plaintext message signature is:\n{}\n".format(signature) 72 | 73 | verified = rsa.verify(public, signature, message) 74 | print "Verifying the plaintext against the signature results in:\n{}\n".format(verified) 75 | 76 | except IndexError: 77 | print "python rsa_wrapper.py " 78 | -------------------------------------------------------------------------------- /tcp_client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import socket, sys 3 | 4 | 5 | class TCPclient(): 6 | 7 | def tcp_send(self, server, port, msg): 8 | client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 9 | client.connect((server,port)) 10 | client.send(msg) 11 | response = client.recv(4096) 12 | print response 13 | 14 | 15 | if __name__ == '__main__': 16 | try: 17 | server = sys.argv[1] 18 | port = sys.argv[2] 19 | msg = sys.argv[3] 20 | port = int(port, 0) 21 | #Can hardcode options as well # msg = "HEAD / HTTP/1.1\r\nHost: shadowcats.info\r\n\r\n" 22 | client = TCPclient() 23 | client.tcp_send(server, port, msg) 24 | except IndexError: 25 | print('Usage: tcp_client.py ') 26 | sys.exit(1) 27 | -------------------------------------------------------------------------------- /udp_client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import socket, sys 3 | 4 | 5 | class UDPclient(): 6 | 7 | def udp_send(self, server, port, msg): 8 | client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) 9 | client.sendto(msg,(server,port)) 10 | response, addr = client.recvfrom(4096) 11 | print response 12 | 13 | 14 | if __name__ == '__main__': 15 | try: 16 | server = sys.argv[1] 17 | port = sys.argv[2] 18 | msg = sys.argv[3] 19 | port = int(port, 0) 20 | #Can hardcode options as well # msg = "" 21 | client = UDPclient() 22 | client.udp_send(server, port, msg) 23 | except IndexError: 24 | print('Usage: udp_client.py ') 25 | sys.exit(1) 26 | -------------------------------------------------------------------------------- /wordlist_add_digits.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #Adds 4digits to the end of the common word lists 3 | import os, sys 4 | 5 | 6 | class Wordlist_Add_Digits(): 7 | 8 | def add_digits(self, wordlist, outfile): 9 | #File to start with 10 | file=wordlist 11 | #Output file 12 | out=open(outfile, 'w') 13 | #Start loop of 0000-9999 added to each word 14 | with open(file) as f: 15 | content = f.read().splitlines() 16 | for x in content: 17 | for a in range(10): 18 | x0=x+str(a) 19 | for b in range(10): 20 | x1=x0+str(b) 21 | for c in range (10): 22 | x2=x1+str(c) 23 | for d in range (10): 24 | x3=x2+str(d) 25 | # print final combo 26 | out.write(str(x3)+"\n") 27 | 28 | 29 | if __name__ == '__main__': 30 | try: 31 | wordlist = sys.argv[1] 32 | outfile = sys.argv[2] 33 | wordz = Wordlist_Add_Digits() 34 | wordz.add_digits(wordlist, outfile) 35 | except IndexError: 36 | print('Usage: wordlist_add_digits.py wordlist.txt output.txt') 37 | sys.exit(1) 38 | -------------------------------------------------------------------------------- /xor.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | #xor file 4 | import sys 5 | 6 | class xor(): 7 | 8 | def xor(self, orginal_file, new_file, xor_var): 9 | l = len(xor_var) 10 | data = bytearray(open(orginal_file, 'rb').read()) 11 | result = bytearray(( 12 | (data[i] ^ xor_var[i % l]) for i in range(0,len(data)) 13 | )) 14 | localFile = open(new_file, 'w') 15 | localFile.write(result) 16 | localFile.close() 17 | 18 | def hexToByte(self, hexStr): 19 | bytes = [] 20 | hexStr = ''.join( hexStr.split(" ") ) 21 | for i in range(0, len(hexStr), 2): 22 | bytes.append( chr( int (hexStr[i:i+2], 16 ) ) ) 23 | return bytes 24 | 25 | 26 | if __name__ == '__main__': 27 | try: 28 | transform = xor() 29 | orginal_file = sys.argv[1] 30 | new_file = sys.argv[2] 31 | bytes = transform.hexToByte(sys.argv[3]) 32 | xor_var = bytearray(bytes) 33 | transform.xor(orginal_file, new_file, xor_var) 34 | except IndexError: 35 | print('Usage: xor.py <"XOR hex bytes">') 36 | sys.exit(1) 37 | --------------------------------------------------------------------------------