Tag Archives | Python

pyrasite – Inject Code Into Running Python Processes

June 20, 2017 | 974 views 0

pyrasite is a Python-based toolkit to inject code into running Python processes. pyrasite works with Python 2.4 and newer. Injection works between versions as well, so you can run Pyrasite under Python 3 and inject into 2, and vice versa. Usage

usage: pyrasite [-h] [--gdb-prefix GDB_PREFIX] [--verbose] [--output OUTPUT_TYPE] pid [filepath|payloadname]
       pyrasite --list-payloads

pyrasite - inject code into a running python process

positional arguments:
  pid                   The ID of the process to inject code into
  filepath|payloadname  The second argument must be a path to a
                        file that will be sent as a payload to the
                        target process or it must be the name of
                        an existing payload (see --list-payloads).

optional arguments:
  -h, --help            show this help message and exit
  --gdb-prefix GDB_PREFIX
                        GDB prefix (if specified during installation)
  --verbose             Verbose mode
  --output OUTPUT_TYPE  This option controls where the output from
                        the executed payload will be printed. If
                        the value is 'procstreams' (the default) then
                        the output is sent to the stdout/stderr of the
                        process. If the value is 'localterm' then the
                        output is piped back and printed on the local
                        terminal where pyrasite is being run.
  --list-payloads       List payloads that are delivered by pyrasite

For updates, visit https://github.com/lmacken/pyrasite

usage: pyrasite [-h] [--gdb-prefix GDB_PREFIX] [--verbose] [--output OUTPUT_TYPE] pid [filepath|payloadname]

pyrasite --list-payloads

pyrasite - inject code into a running python process

positional arguments:

pid The ID of the process to inject code into

filepath|payloadname The second argument must be a path to a

file that will be sent as a payload to the

target process or it must be the name of

an existing payload (see --list-payloads).

optional arguments:

-h, --help show this help message and exit

--gdb-prefix GDB_PREFIX

GDB prefix (if specified during installation)

--verbose Verbose mode

--output OUTPUT_TYPE This option controls where the output from

the executed payload will be printed. If

the value is 'procstreams' (the default) then

the output is sent to the stdout/stderr of the

process. If the value is 'localterm' then the

output is piped back and printed on the local

terminal where pyrasite is being run.

--list-payloads List payloads that are delivered by pyrasite

For updates, visit https://github.com/lmacken/pyrasite

You can download pyrasite here: pyrasite-2.0.zip Or read more here.

Share144

Shares 144

Tags: code injector, hacking python, inject code, inject code into python process, pyrasite, Python, python security

Posted in: Exploits/Vulnerabilities, Hacking Tools, Programming | Add a Comment

snitch – Information Gathering Tool Via Dorks

June 17, 2017 | 1,077 views 0

Snitch is an information gathering tool which automates the process for a specified domain. Using built-in dork categories, this tool helps gather specified information domains which can be found using web search engines. It can be quite useful in early phases of penetration tests (commonly called the Information Gathering phase). snitch can identify general information, […]

Share35

Shares 35

Tags: dorks, dorks tool, info gathering, info gathering tool, information gathering, information gathering tool, pen-testing, penetration-testing, Python, snitch

Posted in: Hacking Tools, Privacy, Web Hacking | Add a Comment

credmap – The Credential Mapper

June 13, 2017 | 1,662 views 2

Credmap is an open source credential mapper tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these. It is not uncommon for people who are not experts in […]

Share85

+16

Share33

Shares 124

Tags: credential mapper, credential reuse, credmap, Python, reusing credentials, reusing username, test credentials, username reuse

Posted in: Hacking Tools, Password Cracking, Privacy | Add a Comment

maltrail – Malicious Traffic Detection System

June 2, 2017 | 2,303 views 0

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. http://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for […]

Shares 250

Tags: maltrail, malware, malware detection, malware network traffic, malware tracker, malware traffic, malware traffic detection, Python

Posted in: Countermeasures, Malware, Security Software | Add a Comment

Pybelt – The Hackers Tool Belt

May 20, 2017 | 2,577 views 0

Pybelt is a Python-based hackers tool belt capable of cracking hashes without prior knowledge of the algorithm, scanning ports on a given host, searching for SQLi vulnerabilities in a given URL, verifying that your Google dorks work like they should, verifying the algorithm of a given hash, scanning a URL for XSS vulnerability, and finding […]

Shares 132

Tags: hackers tool belt, hacking kit, hacking toolkit, pybelt, Python, python hackers tool belt, python hacking kit, python hacking toolkit

Posted in: Cryptography, Hacking Tools, Network Hacking | Add a Comment

Github Dorks – Github Security Scanning Tool

May 16, 2017 | 2,564 views 0

Github search is quite a powerful and useful feature and can be used to search for sensitive data in repositories, this Github security scanning tool comes with a collection of Github dorks that can reveal sensitive personal and/or other proprietary organisational information such as private keys, credentials, authentication tokens and so on. github-dork.py is a […]

Shares 216

Tags: github, github dork scanner, github dorks, github leak scanner, github scanner, github security, github security scanner, github security tool, Python

Posted in: Hacking Tools, Privacy, Programming | Add a Comment

scanless – A Public Port Scan Scraper

May 8, 2017 | 1,484 views 0

scanless is a Python-based command-line utility that functions as a public port scan scraper, it can use websites that can perform port scans on your behalf. This is useful for early stages of penetration tests when you’d like to run a port scan on a host without having it originate from your IP address. Public […]

Shares 113

Tags: command line yougetsignal, hackertarget, ipfingerprints, pingeu, port scanner scraper, port scanner scraping tool, proxy port scanner, Python, scanless, viewdns, yougetsignal

Posted in: Hacking Tools, Network Hacking | Add a Comment

PwnBin – Python Pastebin Search Tool

May 6, 2017 | 2,676 views 0

PwnBin is a webcrawler or Pastebin search tool which searches public pastebins for specified keywords. All pastes are then returned after sending completion signal CTRL+C. Apart from being a great tool for developers, Pastebins are often used by hackers to leak stolen credentials or d0x people. This tool can help you search pastebins for your […]

Shares 206

Tags: detect leaks, leaks, pastebin, pastebin api key, Privacy, pwnbin, Python, search pastebin

Posted in: Countermeasures, Privacy | Add a Comment

spectrology – Basic Audio Steganography Tool

April 10, 2017 | 1,720 views

spectrology is a Python-based audio steganography tool that can convert images to audio files with a corresponding spectrogram encoding, this allows you to hide hidden messages via images inside audio files. Using this tool you can select range of frequencies to be used and all popular image codecs are supported. Usage

usage: spectrology.py [-h] [-o OUTPUT] [-b BOTTOM] [-t TOP] [-p PIXELS]
                      [-s SAMPLING]
                      INPUT

positional arguments:
  INPUT                 Name of the image to be converted.

optional arguments:
  -h, --help            show this help message and exit
  -o OUTPUT, --output OUTPUT
                        Name of the output wav file. Default value: out.wav).
  -b BOTTOM, --bottom BOTTOM
                        Bottom frequency range. Default value: 200.
  -t TOP, --top TOP     Top frequency range. Default value: 20000.
  -p PIXELS, --pixels PIXELS
                        Pixels per second. Default value: 30.
  -s SAMPLING, --sampling SAMPLING
                        Sampling rate. Default value: 44100.

usage: spectrology.py [-h] [-o OUTPUT] [-b BOTTOM] [-t TOP] [-p PIXELS]

[-s SAMPLING]

INPUT

positional arguments:

INPUT Name of the image to be converted.

optional arguments:

-h, --help show this help message and exit

-o OUTPUT, --output OUTPUT

Name of the output wav file. Default value: out.wav).

-b BOTTOM, --bottom BOTTOM

Bottom frequency range. Default value: 200.

-t TOP, --top TOP Top frequency range. Default value: 20000.

-p PIXELS, --pixels PIXELS

Pixels per second. Default value: 30.

-s SAMPLING, --sampling SAMPLING

Sampling rate. Default value: 44100.

Example

python spectrology.py test.bmp -b 13000 -t 19000

1	python spectrology.py test.bmp -b 13000 -t 19000

You […]

Shares 202

Tags: audio steganography, audio steganography tool, Python, spectrology, steg, steganography, steganography tool

Posted in: Cryptography, Hacking Tools, Privacy | Add a Comment

HashPump – Exploit Hash Length Extension Attack

March 27, 2017 | 1,416 views

HashPump is a C++ based command line tool to exploit the Hash Length Extension Attack with various hash types supported, including MD4, MD5, SHA1, SHA256, and SHA512. There’s a good write-up of how to use this in practical terms here: Plaid CTF 2014: mtpox Usage

$ hashpump -h
HashPump [-h help] [-t test] [-s signature] [-d data] [-a additional] [-k keylength]
    HashPump generates strings to exploit signatures vulnerable to the Hash Length Extension Attack.
    -h --help          Display this message.
    -t --test          Run tests to verify each algorithm is operating properly.
    -s --signature     The signature from known message.
    -d --data          The data from the known message.
    -a --additional    The information you would like to add to the known message.
    -k --keylength     The length in bytes of the key being used to sign the original message with.
    Version 1.2.0 with CRC32, MD5, SHA1, SHA256 and SHA512 support.
    <Developed by bwall(@botnet_hunter)>

$ hashpump -h

HashPump [-h help] [-t test] [-s signature] [-d data] [-a additional] [-k keylength]

HashPump generates strings to exploit signatures vulnerable to the Hash Length Extension Attack.

-h --help Display this message.

-t --test Run tests to verify each algorithm is operating properly.

-s --signature The signature from known message.

-d --data The data from the known message.

-a --additional The information you would like to add to the known message.

-k --keylength The length in bytes of the key being used to sign the original message with.

Version 1.2.0 with CRC32, MD5, SHA1, SHA256 and SHA512 support.

You can download HashPump here:

$ git clone https://github.com/bwall/HashPump.git
$ apt-get install g++ libssl-dev
$ cd HashPump
$ make
$ make install

$ git clone https://github.com/bwall/HashPump.git

$ apt-get install g++ libssl-dev

$ cd HashPump

$ make

$ make install

Or read more […]

Share47

+19

Share10

Shares 66

Tags: c, cpp, hash length, hash length attack, hash length extension, hash length extension attack, hashpump, Python

Posted in: Cryptography, Exploits/Vulnerabilities, Hacking Tools | Add a Comment

Popular Tags

· · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · ·

1 2 … 9 Next →