├── Basic_python_tips
    └── readme.md
├── Encryption
    └── XOR_encryption.py
├── Meet_Scapy
    ├── first_face.py
    ├── readme.md
    ├── s_and_r.py
    └── s_and_r1.py
├── TCP Port Connect
    ├── TCP_Port_Scan_using_nmap.py
    └── TCP_Port_Scanner.py
├── UNIX_Password_Cracker
    └── UNIX_Password_Cracker.py
├── Zip_Password_Cracker
    └── Zip_Password_Cracker.py
└── readme.md


/Basic_python_tips/readme.md:
--------------------------------------------------------------------------------
1 | #Python tips
2 | 
3 | - In python latest result can be called back again with _ (underscore)
4 | 


--------------------------------------------------------------------------------
/Encryption/XOR_encryption.py:
--------------------------------------------------------------------------------
 1 | from itertools import izip, cycle
 2 | 
 3 | def xor(data, key):
 4 |     return ''.join(chr(ord(x) ^ ord(y)) for (x,y) in izip(data, cycle(key)))
 5 | def xor3(s,t):
 6 |     """xor two strings together"""
 7 |     return "".join(chr(ord(a)^ord(b)) for a,b in zip(s,t))
 8 | 
 9 | def xor2(s, key):
10 | 	output = ""
11 | 	length = len(key)
12 | 	j=0
13 | 	for i in range(0, len(s)):
14 | 		if j<length:
15 | 			character = chr(ord(s[i]) ^ ord(key[j]))
16 | 			output += character
17 | 			j+=1
18 | 		else:
19 | 			j=0
20 | 			character = chr(ord(s[i]) ^ ord(key[j]))
21 | 			output += character
22 | 			j+=1;
23 | 	return output
24 | 
25 | firstString = 'This sentence is encrypted using XOR cipher.'
26 | secondString = 'LAcbGEUKHQEGDgsaHU8bGEUcFgwAEhUNHQtSHhYQFghSMyorWAwbGw0cCkE='
27 | thirdString = 'LAcXSz02Kk8RAhURHR1SAhZZGU8EDhcAWBgXCg5ZGwcdAgYcWAkdGUUYWAwbGw0cCk8TBQFZCwcdHgkdWAEdH0UQFk8CGQQaDAYRDktZLAcXSwMVGQhSDQoLWBsaAhZZFAoEDglZERxSHw0cWAsXCBcACBsbBAtZEwoLSwwNCwoeDUs='
28 | 
29 | fourth = xor3(firstString, secondString)
30 | print fourth
31 | print xor3(thirdString, fourth)


--------------------------------------------------------------------------------
/Meet_Scapy/first_face.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | from scapy.all import *
 3 | 
 4 | '''
 5 | Send an IMCP packet to google's server
 6 | Use wireshark to capture packets and see whats really happening
 7 | '''
 8 | def send_packet(source,life = 64):
 9 | 	send(IP(src=source,dst="8.8.8.8",ttl=life)/ICMP()/"Hello World");
10 | '''
11 | You can manipulate the source by the src parameter in IP layer
12 | But if do so you won't get ping reply since you spoofed the source IP
13 | ttl: You can add this param to change the time to live for the packet, default: 64
14 | '''
15 | send_packet('10.0.0.1');	


--------------------------------------------------------------------------------
/Meet_Scapy/readme.md:
--------------------------------------------------------------------------------
 1 | #Say Hello to Scapy
 2 | 
 3 | Your one stop solution to everything you want for hacking packets all the way
 4 | 
 5 | ##First Face
 6 | 
 7 | This shows how can you build up packets to send accross internet
 8 | 
 9 | ##Sr, Sr2, Srp
10 | 
11 | - sr : Used for sending and recieving all packets whether answered or not
12 | - sr1 : Interested in receiving only first answered packet
13 | - srp : Does the same for layer two packets (Ethernet, 802.11)
14 | 
15 | 


--------------------------------------------------------------------------------
/Meet_Scapy/s_and_r.py:
--------------------------------------------------------------------------------
 1 | from scapy.all import *
 2 | import sys
 3 | 
 4 | dest = sys.argv[1]
 5 | dport = sys.argv[2]
 6 | 
 7 | '''
 8 | You can also pass an array to dport so it will act like a port scanner (nmap)
 9 | '''
10 | def srExample(dest, Dport):
11 | 	return sr(IP(dst=dest)/TCP(dport=Dport)/"Hello World")
12 | 
13 | def showResult(packet):
14 | 	ans, unans = packet
15 | 	ans.summary()
16 | 	unans.summary()
17 | '''
18 | You can also define the type of packets to be send using flag parameter, for e.g. for sending a SYN 
19 | packet send flag='S', for ACK send 'A', remember you need to do SYN ACK before you send ACK packets
20 | '''
21 | 
22 | def srExampleWithFlag(dest, SPort, DPort, flag):
23 | 	return sr(IP(dst=dest)/TCP(sport= SPort, dport= DPort, flags= flag)/'Hello World') #Sport is the sending port from your side
24 | 
25 | '''
26 | If you want a true port scanner we must enter a random sport, give an interval b/w packets, maybe retries and timeouts
27 | Inter : Time to wait b/w to consecutive packets
28 | Retry: No of retries to be handled in case of unanswered packets. For e.g. if no of retries are 2, scapy will try to send 
29 | 		unanswered packets 2 times, if its -2, scapy will resend unanswered packets unil no more answers are are given for 
30 | 		same set of unanswered packets two times in a row
31 | Timeout: Time to wait after sending last packet		
32 | '''
33 | 
34 | def srPortScanner( dest, dPortArray, interval, retries, timeouts):
35 | 	return sr(IP(dst=dest)/TCP(sport= RandShort(),dport= dPortArray, inter= interval, retry= retries, timeout= timeouts)) 
36 | 
37 | p = srExample(dest, int(dport))
38 | showResult(p) 	 	


--------------------------------------------------------------------------------
/Meet_Scapy/s_and_r1.py:
--------------------------------------------------------------------------------
 1 | #! /usr/bin/python
 2 | import sys
 3 | from scapy.all import *
 4 | '''
 5 | Takes first argument given at commandline
 6 | '''
 7 | dest = sys.argv[1]
 8 | 
 9 | '''
10 | sr1 takes a packet sends it and returns first answered packet back
11 | dest: Destination to which packet has to be sent
12 | '''
13 | def sr1Example(dest):
14 | 	return sr1(IP(dst=dest)/ICMP()/"Hello World")
15 | 
16 | '''
17 | Print out the result of answered packed object
18 | '''
19 | def showResult(returnPacket):
20 | 	returnPacket.show()
21 | 
22 | h = sr1Example(dest)
23 | 
24 | showResult(h) 


--------------------------------------------------------------------------------
/TCP Port Connect/TCP_Port_Scan_using_nmap.py:
--------------------------------------------------------------------------------
 1 | import nmap
 2 | import optparse
 3 | def nmapScan ( tgtHost, tgtPort ):
 4 | 	nm = nmap.PortScanner()
 5 | 	nm.scan( tgtHost, tgtPort )
 6 | 	state = nm[ tgtHost ][ 'tcp' ][ int( tgtPort ) ][ 'state' ]
 7 | 	print " [*] " + tgtHost + " tcp/" + tgtPort + " " + state
 8 | 
 9 | def main():
10 | 	parser = optparse.OptionParser( 'usage %prog' + '-H <target host> -p <target ports>' )
11 | 	parser.add_option( '-H', dest = 'tgtHost', type = "string", help = 'Specify target host' )
12 | 	parser.add_option( '-p', dest = 'tgtPort', type = "string", help = 'Specify target port seperated by comma, e.g. 21,22,23' )
13 | 	( options, args ) = parser.parse_args()
14 | 	tgtHost = options.tgtHost
15 | 	tgtPorts = str(options.tgtPort).split(',')
16 | 	if( tgtHost == None ) | ( tgtPorts[0] == None ):
17 | 		print parser.usage
18 | 		exit(0)
19 | 	for tgtPort in tgtPorts:
20 | 		nmapScan( tgtHost, tgtPort )
21 | 
22 | if __name__ == '__main__':
23 | 	main()
24 | 


--------------------------------------------------------------------------------
/TCP Port Connect/TCP_Port_Scanner.py:
--------------------------------------------------------------------------------
 1 | import optparse
 2 | from socket import *
 3 | from threading import *
 4 | 
 5 | screenLock = Semaphore( value = 1 )
 6 | 
 7 | def connScan( tgtHost, tgtPort ):
 8 | 	try:
 9 | 		connSkt = socket( AF_INET, SOCK_STREAM)
10 | 		connSkt.connect( ( tgtHost, tgtPort ) )
11 | 		connSkt.send( 'ViolentPython\r\n' )
12 | 		results = connSkt.recv( 100 )
13 | 		screenLock.acquire()
14 | 		print '[+]%d/tcp open'% tgtPort
15 | 		print '[+] ' + str(results)
16 | 	except:
17 | 		screenLock.acquire()
18 | 		print '[-]%d/tcp closed'%tgtPort
19 | 	finally:
20 | 		screenLock.release()
21 | 		connSkt.close()
22 | 
23 | def portScan( tgtHost, tgtPorts ):
24 | 	try:
25 | 		tgtIP = gethostbyname( tgtHost )
26 | 	except:
27 | 		"[-] Cannot resolve '%s': Unknown Host"% tgtHost
28 | 		return
29 | 	try:
30 | 		tgtName = gethostbyaddr( tgtIP )
31 | 		print '\n[+] Scan Results for:' + tgtName[0]
32 | 	except:
33 | 		print '\n[+] Scan Results for:' + tgtIP
34 | 	setdefaulttimeout(1)
35 | 	for tgtPort in tgtPorts:
36 | 		t = Thread( target = connScan, args = ( tgtHost, int( tgtPort ) ) )
37 | 		print 'Scanning Port ' + tgtPort
38 | 		t.start()
39 | 
40 | def main():
41 | 	parser = optparse.OptionParser( "usage%prog"+ "-H <target host> -p <target port>")
42 | 	parser.add_option('-H',dest='tgtHost',type="string", help="Specify a target host")
43 | 	parser.add_option('-p',dest='tgtPort',type="string", help="Specify target ports seperated by commas E.g. 21,22,23")
44 | 	(options, args) = parser.parse_args()
45 | 	tgtHost = options.tgtHost
46 | 	tgtPorts = str( options.tgtPort ).split(',')
47 | 	if( tgtHost == None ) | (tgtPorts[0] == None):
48 | 		print '[-] You must specify a target host and target port(s)'
49 | 		exit(0)
50 | 	portScan( tgtHost, tgtPorts )
51 | 
52 | if __name__ == '__main__' :
53 | 	main()
54 | 


--------------------------------------------------------------------------------
/UNIX_Password_Cracker/UNIX_Password_Cracker.py:
--------------------------------------------------------------------------------
 1 | import crypt
 2 | def testPass(cryptPass):
 3 | 	salt = cryptPass[0:2]
 4 | 	dictfile = open('dictionary.txt','r')
 5 | 
 6 | 	for word in dictfile.readlines():
 7 | 		word = word.strip('\n')
 8 | 		cryptWord = crypt.crypt(word,salt)
 9 | 		if( cryptWord == cryptPass):
10 | 			print "[+] Found Password: "+word+"\n"
11 | 			return
12 | 	print "[-]Password not found. \n"
13 | 	return
14 | def main():
15 | 	passFile = open("password.txt")
16 | 	for line in passFile.readline():
17 | 		if ":" in line:
18 | 			user = line.split(':')[0]
19 | 			cryptPass = line:split(':')[1].strip(' ')
20 | 			print "[*] Cracking password for "+user
21 | 			testPass(cryptPass)
22 | 
23 | if __name__ == "__main__":
24 | 	main()


--------------------------------------------------------------------------------
/Zip_Password_Cracker/Zip_Password_Cracker.py:
--------------------------------------------------------------------------------
 1 | #Without using optparse
 2 | # import zipfile
 3 | # from threading import Thread
 4 | # def extractFile( zFile, Password ):
 5 | # 	try:
 6 | # 		zFIle.extractAll(pwd= Password)
 7 | # 		print '[+] Found password'+password+'\n'
 8 | # 	except:
 9 | # 		pass
10 | # def main():
11 | # 	zFile = zipFile.ZipFile('evil.zip')
12 | # 	passFile = open( 'dictionary.txt' )
13 | # 	for lines in passFile.readlines():
14 | # 		password = line.strip('\n')
15 | # 		t= Thread( target = extractFile, args=(zFile, password))
16 | # 		t.start()
17 | # if __name__ == __main__:
18 | # 	main()
19 | 
20 | 
21 | #####End
22 | 
23 | #Using optparse
24 | import zipfile
25 | import optparse
26 | from threading import Thread
27 | def extractFile( zFile, Password ):
28 | 	try:
29 | 		zFile.extractall(pwd= Password)
30 | 		print '[+] Found password'+password+'\n'
31 | 	except:
32 | 		pass
33 | def main():
34 | 	parser = optParse.OptionParser( "usage%prog"+ "-f <zipFile> -d <dictionary>")
35 | 	parser.add_option('-f',dest='zname',type="string", help="Specify a zip file")
36 | 	parser.add_option('-d',dest='dname',type="string", help="Specify a dict file")
37 | 	(options, args) = parser.parse_args()
38 | 	if( options.zname == None) | (option.dname == None):
39 | 		print parser_usage
40 | 		exit(0)
41 | 	else:
42 | 		zname = options.zname
43 | 		dname = options.dname
44 | 	zFile = zipfile.ZipFile(zname)
45 | 
46 | 	passFile = open( dname )
47 | 	for lines in passFile.readlines():
48 | 		password = line.strip('\n')
49 | 		t= Thread( target = extractFile, args=(zFile, password))
50 | 		t.start()
51 | if __name__ == '__main__' :
52 | 	main()
53 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | ###Hacking with Python
 2 | This is the collection of various python hacking tools. The repo was basically created to learn a thing or two about Hacking with Python and CTFs
 3 | 
 4 | I would also include some basic tips for python as I get them in Basic Tips folder
 5 | 
 6 | Tools covered till now:
 7 | - Simple port scans with and without nmap
 8 | - Zip and UNIX password crackers
 9 | - XOR Encryption
10 | - Scapy Introduction (sr and sr1 connect)
11 | 


--------------------------------------------------------------------------------