Damn Small SQLi Scanner (DSSS): A Fully Functional SQL Injection Vulnerability Scanner

Damn Small SQLi Scanner (DSSS): A Fully Functional SQL Injection Vulnerability Scanner 

As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie.

Sample runs

$ python dsss.py -h
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.2o
by: Miroslav Stampar (@stamparm)

Usage: 

dsss.py [options]

Options:

  --version          show program's version number and exit
  -h, --help         show this help message and exit
  -u URL, --url=URL  Target URL (e.g. "http://www.target.com/page.php?id=1")


--data=DATA        POST data (e.g. "query=test")
  --cookie=COOKIE    HTTP Cookie header value
  --user-agent=UA    HTTP User-Agent header value
  --referer=REFERER  HTTP Referer header value
  --proxy=PROXY      HTTP proxy address (e.g. "http://127.0.0.1:8080")
$ python dsss.py -u "http://testphp.vulnweb.com/artists.php?artist=1"
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.2o
 by: Miroslav Stampar (@stamparm)

* scanning GET parameter 'artist'
 (i) GET parameter 'artist' could be error SQLi vulnerable (MySQL)
 (i) GET parameter 'artist' appears to be blind SQLi vulnerable (e.g.: 'http://t
estphp.vulnweb.com/artists.php?artist=1%20AND%2061%3E60')

scan results: possible vulnerabilities found

Requirements

Python version 2.6.x or 2.7.x is required for running this program.

Download DSSS

How To Send An HTML E-mail Using Python Code

How To Send An HTML E-mail Using Python Code

Python is a fully-functional programming language that can do anything almost any other language can do, at comparable speeds. "Modules" are pre-written Python code that you "import" in your Python program.

Simple Mail Transfer Protocol (SMTP) is a protocol, which handles sending e-mail and routing e-mail between mail servers.

Python provides smtplib module, which defines an SMTP client session object that can be used to send mail to any Internet machine with an SMTP or ESMTP listener daemon.


Here is a simple syntax to create one SMTP object, which can later be used to send an e-mail −

import smtplib
smtpObj = smtplib.SMTP( [host [, port [, local_hostname]]] )

Here is the detail of the parameters:

host: This is the host running your SMTP server. You can specifiy IP address of the host or a domain name like tutorialspoint.com. This is optional argument.

port: If you are providing host argument, then you need to specify a port, where SMTP server is listening. Usually this port would be 25.

local_hostname:  If your SMTP server is running on your local machine, then you can specify just localhost as of this option.

An SMTP object has an instance method called sendmail, which is typically used to do the work of mailing a message. It takes three parameters −

• The sender - A string with the address of the sender.
• The receivers - A list of strings, one for each recipient.
• The message - A message as a string formatted as specified in the various RFCs.

Example

Here is a simple way to send one e-mail using Python script. Try it once

#!/usr/bin/python

import smtplib

sender = 'from@anydomain.com'
receivers = ['to@toanydomain.com']

message = """From: From Person <from@anydomain.com>
To: To Person <to@toanydomain.com>
Subject: SMTP e-mail test

This is a test e-mail message.
"""

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, receivers, message)         
   print "Successfully sent email"
except SMTPException:
   print "Error: unable to send email"

Here, you have placed a basic e-mail in message, using a triple quote, taking care to format the headers correctly. An e-mail requires a From, To, and Subject header, separated from the body of the e-mail with a blank line.

To send the mail you use smtpObj to connect to the SMTP server on the local machine and then use the sendmail method along with the message, the from address, and the destination address as parameters (even though the from and to addresses are within the e-mail itself, these aren't always used to route mail).

If you are not running an SMTP server on your local machine, you can use smtplibclient to communicate with a remote SMTP server. Unless you are using a webmail service (such as Hotmail or Yahoo! Mail), your e-mail provider must have provided you with outgoing mail server details that you can supply them, as follows −

smtplib.SMTP('mail.your-domain.com', 25)

Sending an HTML e-mail using Python

When you send a text message using Python, then all the content are treated as simple text. Even if you include HTML tags in a text message, it is displayed as simple text and HTML tags will not be formatted according to HTML syntax. But Python provides option to send an HTML message as actual HTML message.

While sending an e-mail message, you can specify a Mime version, content type and character set to send an HTML e-mail.

Example

Following is the example to send HTML content as an e-mail. Try it 

#!/usr/bin/python

import smtplib

message = """From: From Person <from@anydomain.com>
To: To Person <to@toanydomain.com>
MIME-Version: 1.0
Content-type: text/html
Subject: SMTP HTML e-mail test

This is an e-mail message to be sent in HTML format

<b>This is HTML message.</b>
<h1>This is headline.</h1>
"""

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, receivers, message)         
   print "Successfully sent email"
except SMTPException:
   print "Error: unable to send email"

Sending Attachments as an E-mail

To send an e-mail with mixed content requires to set Content-type header to multipart/mixed. Then, text and attachment sections can be specified within boundaries.

A boundary is started with two hyphens followed by a unique number, which cannot appear in the message part of the e-mail. A final boundary denoting the e-mail's final section must also end with two hyphens.

Attached files should be encoded with the pack("m") function to have base64 encoding before transmission.

Example

Following is the example, which sends a file /tmp/test.txt as an attachment. Try it once −

#!/usr/bin/python

import smtplib
import base64

filename = "/tmp/test.txt"

# Read a file and encode it into base64 format
fo = open(filename, "rb")
filecontent = fo.read()
encodedcontent = base64.b64encode(filecontent)  # base64

sender = 'webmaster@anydomain.com'
reciever = 'xyz@gmail.com'

marker = "AUNIQUEMARKER"

body ="""
This is a test email to send an attachment.
"""
# Define the main headers.
part1 = """From: From Person <me@domain.com>
To: To Person <xyz@gmail.com>
Subject: Sending Attachement
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=%s
--%s
""" % (marker, marker)

# Define the message action
part2 = """Content-Type: text/plain
Content-Transfer-Encoding:8bit

%s
--%s
""" % (body,marker)

# Define the attachment section
part3 = """Content-Type: multipart/mixed; name=\"%s\"
Content-Transfer-Encoding:base64
Content-Disposition: attachment; filename=%s

%s
--%s--
""" %(filename, filename, encodedcontent, marker)
message = part1 + part2 + part3

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, reciever, message)
   print "Successfully sent email"
except Exception:
   print "Error: unable to send email"

Enjoy the Code..

Source

A2SV: Auto Scanning Tool To Find SSL Vulnerability

A2SV: Auto Scanning Tool To Find SSL Vulnerability

What is A2SV?
Its an Auto Scanning tool to find SSL Vulnerability and its featured with HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc

A. Support Vulnerability

[CVE-2014-0160] CCS Injection
[CVE-2014-0224] HeartBleed
[CVE-2014-3566] SSLv3 POODLE
[CVE-2015-0204] FREAK Attack
[CVE-2015-4000] LOGJAM Attack
[CVE-2016-0703] SSLv2 DROWN
B. Dev Plan

[PLAN] SSL ACCF

2. How to Install?

A. Download(clone) & Unpack A2SV

git clone https://github.com/hahwul/a2sv.git
cd a2sv
B. Install Python Package / OpenSSL

pip install argparse
pip install netaddr

apt-get install openssl
C. Run A2SV

python a2sv.py -h

3. How to Use?

usage: a2sv.py [-h] [-t TARGET] [-p PORT] [-m MODULE] [-v]

Optional arguments:
-h, --help            show this help message and exit
-t TARGET, --target TARGET
                      Target URL/IP Address
-p PORT, --port PORT  Custom Port / Default: 443
-m MODULE, --module MODULE
                      Check SSL Vuln with one module
                      [h]: HeartBleed
                      [c]: CCS Injection
                      [p]: SSLv3 POODLE
                      [f]: OpenSSL FREAK
                      [l]: OpenSSL LOGJAM
                      [d]: SSLv2 DROWN
-u, --update          Update A2SV (GIT)
-v, --version         Show Version

[Scan SSL Vulnerability]
python a2sv.py -t 127.0.0.1
python a2sv.py -t 127.0.0.1 -m heartbleed
python a2sv.py -t 127.0.0.1 -p 8111

[Update A2SV]
python a2sv.py -u
python a2sv.py --update

Download 

Pompem - Exploit and Vulnerability Finder Pentester Tool

Pompem - Exploit and Vulnerability Finder Pentester Tool

Pompem is an open source tool, designed to automate the search for Exploits and Vulnerability in the most important databases. 

Its's Developed in Python, has a system of advanced search, that help the work of pentesters and ethical hackers. In the current version, it performs searches in PacketStorm security, CXSecurity, ZeroDay, Vulners, National Vulnerability Database, WPScan Vulnerability Database.

Source code

You can download the latest tarball by clicking here or latest zipball by clicking here.

You can also download Pompem directly from its Git repository:

$ git clone https://github.com/rfunix/Pompem.git

Dependencies

Pompem works out of the box with Python 3.5 on any platform and requires the following packages:

Requests 2.9.1+

Installation

Get Pompem up and running in a single command:

$ pip3.5 install -r requirements.txt

Usage

To get the list of basic options and information about the project:

$ python3.5 pompem.py -h

Options:

  -h, --help              show this help message and exit
  -s, --search <keyword,keyword,keyword> text for search
  --txt                           Write txt File
  --html                          Write html File

Examples of use:

$ python3.5 pompem.py -s Wordpress
$ python3.5 pompem.py -s Joomla --html
$ python3.5 pompem.py -s "Internet Explorer,joomla,wordpress" --html
$ python3.5 pompem.py -s FortiGate --txt
$ python3.5 pompem.py -s ssh,ftp,mysql

Download 

A Simple Static Malware Analyzer SSMA Tool Written in Python 3

SSMA is a simple malware analyzer written in Python 3. 

Features: 

1. Analyze PE file’s header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc.) 
2. Searches for possible domains, e-mail addresses, IP addresses in the strings of the file. 
3. Checks if domain is blacklisted based on abuse.ch’s Ransomware Domain Blocklist and malwaredomains.com’s blocklist. 
4. Looks for Windows functions commonly used by malware. 
5. Get results from VirusTotal and/or upload files. 
6. Malware detection based on Yara-rules 
7. Detect well-known software packers. 
8. Detect the existence of cryptographic algorithms. 
9. Detect anti-debug and anti-virtualization techniques used by malware to evade automated analysis. 
10. Find if documents have been crafted to leverage malicious code. 

Usage: 

git clone https://github.com/secrary/SSMA
cd SSMA
sudo pip3 install -r requirements.txt
python3 ssma.py -h
python3 ssma.py -k api-key file.exe

You can just statically scan the file or upload to VirustTotal using your API-KEY.

python3 ssma.py file.exe
python3 ssma.py -k api-key file.exe

Download

EAST: Exploits And Security Tools For Penetration Testing Framework

EAST: Exploits And Security Tools For Penetration Testing Framework

Pentest framework environment is the basis of IT security specialist’s toolkit. This software is essential as for learning and improving of knowledge in IT systems attacks and for inspections and proactive protection. 

The need of native comprehensive open source pen test framework with high level of trust existed for a long time. That is why EAST framework was created for native and native friendly IT security markets. EAST is a framework that has all necessary resources for wide range exploits to run, starting from Web to buffer overruns. EAST differs from similar toolkits by its ease of use. Even a beginner can handle it and start to advance in IT security.

Main features:

• Framework security. Software used for IT security must have a high level of user trust. Easy to check open source Python code realized in EAST. It is used for all parts of the framework and modules. Relative little amount of code eases its verification by any user. No OS changes applied during software installation.
• Framework maximum simplicity. Archive downloads, main python script start.py launches, which allows exploits start-stop and message traffic. All handled local or remotely via browser.
• Exploits simplicity of creation and editing. Possibility to edit and add modules and exploits on the fly without restart. Module code body is easy and minimal in terms of amount.
• Cross-platform + minimal requirements and dependencies. Tests for Windows and Linux. Should function everywhere where Python is installed. Framework contains all dependencies and does not download additional libraries.
• Full capacity of vanilla pen test framework. In spite of simplicity and
• “unoverload” the framework has all necessary resources for wide range exploits to run, starting from Web to buffer overruns.
• Wide enhancement possibilities. Third party developers can create their own open source solutions or participate in EAST development by use of Server-client architecture, message traffic API and support libraries. 
•  
•  
• 2. Requirements
• Python 2

3. Usage

git clone https://github.com/C0reL0ader/EaST && cd EaST
python start.py [-p PORT] [--all-interfaces]

Download EAST

•  

How To Port Windows Dynamic Link Libraries to Linux

Porting Windows Dynamic Link Libraries to Linux.

Tavis Ormandy, who is the vulnerability researcher at Google have developed loadlibrary tool.

Introduction

This repository contains a library that allows native Linux programs to load and call functions from a Windows DLL.

As a demonstration, Ormandy ported Windows Defender to Linux.

$ ./mpclient eicar.com
main(): Scanning eicar.com...
EngineScanCallback(): Scanning input
EngineScanCallback(): Threat Virus:DOS/EICAR_Test_File identified.

How does it work?

The peloader directory contains a custom PE/COFF loader derived from ndiswrapper. The library will process the relocations and imports, then provide a dlopen-like API. The code supports debugging with gdb (including symbols), basic block coverage collection, and runtime hooking and patching.

What works?

The intention is to allow scalable and efficient fuzzing of self-contained Windows libraries on Linux. Good candidates might be video codecs, decompression libraries, virus scanners, image decoders, and so on.

• C++ exception dispatch and unwinding.
• Loading additional symbols from IDA.
• Debugging with gdb (including symbols), breakpoints, stack traces, etc.
• Runtime hooking and patching.
• Support for ASAN and Valgrind to detect subtle memory corruption bugs.

If you need to add support for any external imports, writing stubs is usually quick and easy.

Why?

Distributed, scalable fuzzing on Windows can be challenging and inefficient. This is especially true for endpoint security products, which use complex interconnected components that span across kernel and user space. This often requires spinning up an entire virtualized Windows environment to fuzz them or collect coverage data.

This is less of a problem on Linux, and Ormandy found that porting components of Windows Antivirus products to Linux is often possible. This allows to run the code testing in minimal containers with very little overhead, and easily scale up testing.

Windows Defender

MsMpEng is the Malware Protection service that is enabled by default on Windows 8, 8.1, 10, Windows Server 2016, and so on. Additionally, Microsoft Security Essentials, System Centre Endpoint Protection and various other Microsoft security products share the same core engine.

The core component of MsMpEng responsible for scanning and analysis is called mpengine. Mpengine is a vast and complex attack surface, comprising of handlers for dozens of esoteric archive formats, executable packers, full system emulators for various architectures and interpreters for various languages. All of this code is accessible to remote attackers.

Building

To build the test client, simply type make.

$ make

Dependencies

Fedora / RedHat         Ubuntu / Debian               Comment
glibc-devel.i686          libc6-dev:i386
libgcc.i686                    gcc-multilib
readline-devel.i686  libreadline-dev:i386 Optional, used in mpscript.
cabextract                    cabextract                 Used to extract definitions.

You will need to download the 32-bit antimalware update file from this page:
https://www.microsoft.com/security/portal/definitions/adl.aspx#manual

This should be a direct link to the right file:
http://go.microsoft.com/fwlink/?LinkID=121721&arch=x86

This will download a file called mpam-fe.exe, which is a cabinet file that can be extracted with cabextract. Extract the files into the engine directory:

$ cabextract mpam-fe.exe
Extracting cabinet: mpam-fe.exe
  extracting MPSigStub.exe
  extracting mpavdlta.vdm
  extracting mpasdlta.vdm
  extracting mpavbase.vdm
  extracting mpasbase.vdm
  extracting mpengine.dll

All done, no errors.

If you want to know which version you got, try this:

$ exiftool mpengine.dll | grep 'Product Version Number'
Product Version Number          : 1.1.13701.0

Running

The main mpengine loader is called mpclient, it accepts filenames to scan as a parameter.

$ ./mpclient netsky.exe
main(): Scanning netsky.exe...
EngineScanCallback(): Scanning input
EngineScanCallback(): Threat Worm:Win32/Netsky.P@mm identified.

There are some other sample tools, mpstreamfuzz and mpscript.

Debugging

If you want to debug a crash, single step through a routine or set breakpoints, follow these examples. First, you need a map file from IDA.

Microsoft doesn't release public symbols for every build, and sometimes the symbols lag behind for a few months after release. Make sure you're using an mpengine version with public symbols available.

Use the following sample commandline to generate map and idb files.

> idaw -A -P+ -S"createmap.idc mpengine.map" mpengine.dll


If you generate the map files on Windows, you'll get CRLF line terminators, fix them like this:

$ dos2unix mpengine.map

When you run mpclient under gdb, it will detect a debugger and print the commands you need to enter to teach gdb about the symbols:

$ gdb -q ./mpclient
(gdb) r testfile.txt
Starting program: mpclient
main(): GDB: add-symbol-file engine/mpengine.dll 0xf6af4008+0x1000
main(): GDB: shell bash genmapsym.sh 0xf6af4008+0x1000 symbols_19009.o < mpengine.map
main(): GDB: add-symbol-file symbols_19009.o 0

Program received signal SIGTRAP, Trace/breakpoint trap.
0x0804d213 in main (argc=1, argv=0xffffcc64, envp=0xffffcc6c) at mpclient.c:156
156         __debugbreak();
(gdb)

If you enter the commands it shows into gdb, you will have symbols available.

(gdb) add-symbol-file engine/mpengine.dll 0xf6af4008+0x1000
add symbol table from file "engine/mpengine.dll" at
.text_addr = 0xf6af5008
Reading symbols from engine/mpengine.dll...done.
(gdb) shell bash genmapsym.sh 0xf6af4008+0x1000 symbols_19009.o < mpengine.map
(gdb) add-symbol-file symbols_19009.o 0
add symbol table from file "symbols_19009.o" at
.text_addr = 0x0
Reading symbols from symbols_19009.o...done.
(gdb) p as3_parsemetadata_swf_vars_t
$1 = {void (void)} 0xf6feb842 <as3_parsemetadata_swf_vars_t>

Then you can continue, and it will run as normal.

(gdb) c

Breakpoints, watchpoints and backtraces all work as normal, although it may be more reliable to use hardware breakpoints than software breakpoints.

To use hardware breakpoints in gdb, you just use hb or hbreak instead of break. Note that you only get a limited number of hardware breakpoints.

(gdb) b as3_parsemethodinfo_swf_vars_t
Breakpoint 1 at 0xf6feb8da
(gdb) c
Continuing.
main(): Scanning test/input.swf...
EngineScanCallback(): Scanning input
Breakpoint 1, 0xf6feb8da in as3_parsemethodinfo_swf_vars_t ()
(gdb) bt
#0  0xf6feb8da in as3_parsemethodinfo_swf_vars_t ()
#1  0xf6dbad7f in SwfScanFunc ()
#2  0xf6d73ec3 in UfsScannerWrapper__ScanFile_scanresult_t ()
#3  0xf6d6c9e3 in UfsClientRequest__fscan_SCAN_REPLY ()
#4  0xf6d6a818 in UfsNode__ScanLoopHelper_wchar_t ()
#5  0xf6d6a626 in UfsNode__Analyze_UfsAnalyzeSetup ()
#6  0xf6d71f7f in UfsClientRequest__AnalyzeLeaf_wchar_t ()
#7  0xf6d71bb9 in UfsClientRequest__AnalyzePath_wchar_t ()
#8  0xf6dbbd88 in std___String_alloc_std___String_base_types_char_std__allocator_char______Myptr_void_ ()
#9  0xf6d75e72 in UfsCmdBase__ExecuteCmd__lambda_c80a88e180c1f4524a759d69aa15f87e____lambda_c80a88e180c1f4524a759d69aa15f87e__ ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) x/3i $pc
=> 0xf6feb8da <as3_parsemethodinfo_swf_vars_t+7>: lea    ebx,[edx+0x1c]
   0xf6feb8dd <as3_parsemethodinfo_swf_vars_t+10>: push   esi
   0xf6feb8de <as3_parsemethodinfo_swf_vars_t+11>: mov    edx,ebx

What about Wine and Winelib?

This project does not replace Wine or Winelib.

Winelib is used to port Windows C++ projects to Linux, and Wine is intended to run full Windows applications. This project is intended to allow native Linux code to load simple Windows DLLs.

The closest analogy would be ndiswrapper but for userspace.

Download