Damn Small SQLi Scanner (DSSS): A Fully Functional SQL Injection Vulnerability Scanner

Damn Small SQLi Scanner (DSSS): A Fully Functional SQL Injection Vulnerability Scanner 

As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie.

Sample runs

$ python dsss.py -h
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.2o
by: Miroslav Stampar (@stamparm)

Usage: 

dsss.py [options]

Options:

  --version          show program's version number and exit
  -h, --help         show this help message and exit
  -u URL, --url=URL  Target URL (e.g. "http://www.target.com/page.php?id=1")


--data=DATA        POST data (e.g. "query=test")
  --cookie=COOKIE    HTTP Cookie header value
  --user-agent=UA    HTTP User-Agent header value
  --referer=REFERER  HTTP Referer header value
  --proxy=PROXY      HTTP proxy address (e.g. "http://127.0.0.1:8080")
$ python dsss.py -u "http://testphp.vulnweb.com/artists.php?artist=1"
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.2o
 by: Miroslav Stampar (@stamparm)

* scanning GET parameter 'artist'
 (i) GET parameter 'artist' could be error SQLi vulnerable (MySQL)
 (i) GET parameter 'artist' appears to be blind SQLi vulnerable (e.g.: 'http://t
estphp.vulnweb.com/artists.php?artist=1%20AND%2061%3E60')

scan results: possible vulnerabilities found

Requirements

Python version 2.6.x or 2.7.x is required for running this program.

Download DSSS

How To Send An HTML E-mail Using Python Code

How To Send An HTML E-mail Using Python Code

Python is a fully-functional programming language that can do anything almost any other language can do, at comparable speeds. "Modules" are pre-written Python code that you "import" in your Python program.

Simple Mail Transfer Protocol (SMTP) is a protocol, which handles sending e-mail and routing e-mail between mail servers.

Python provides smtplib module, which defines an SMTP client session object that can be used to send mail to any Internet machine with an SMTP or ESMTP listener daemon.


Here is a simple syntax to create one SMTP object, which can later be used to send an e-mail −

import smtplib
smtpObj = smtplib.SMTP( [host [, port [, local_hostname]]] )

Here is the detail of the parameters:

host: This is the host running your SMTP server. You can specifiy IP address of the host or a domain name like tutorialspoint.com. This is optional argument.

port: If you are providing host argument, then you need to specify a port, where SMTP server is listening. Usually this port would be 25.

local_hostname:  If your SMTP server is running on your local machine, then you can specify just localhost as of this option.

An SMTP object has an instance method called sendmail, which is typically used to do the work of mailing a message. It takes three parameters −

• The sender - A string with the address of the sender.
• The receivers - A list of strings, one for each recipient.
• The message - A message as a string formatted as specified in the various RFCs.

Example

Here is a simple way to send one e-mail using Python script. Try it once

#!/usr/bin/python

import smtplib

sender = 'from@anydomain.com'
receivers = ['to@toanydomain.com']

message = """From: From Person <from@anydomain.com>
To: To Person <to@toanydomain.com>
Subject: SMTP e-mail test

This is a test e-mail message.
"""

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, receivers, message)         
   print "Successfully sent email"
except SMTPException:
   print "Error: unable to send email"

Here, you have placed a basic e-mail in message, using a triple quote, taking care to format the headers correctly. An e-mail requires a From, To, and Subject header, separated from the body of the e-mail with a blank line.

To send the mail you use smtpObj to connect to the SMTP server on the local machine and then use the sendmail method along with the message, the from address, and the destination address as parameters (even though the from and to addresses are within the e-mail itself, these aren't always used to route mail).

If you are not running an SMTP server on your local machine, you can use smtplibclient to communicate with a remote SMTP server. Unless you are using a webmail service (such as Hotmail or Yahoo! Mail), your e-mail provider must have provided you with outgoing mail server details that you can supply them, as follows −

smtplib.SMTP('mail.your-domain.com', 25)

Sending an HTML e-mail using Python

When you send a text message using Python, then all the content are treated as simple text. Even if you include HTML tags in a text message, it is displayed as simple text and HTML tags will not be formatted according to HTML syntax. But Python provides option to send an HTML message as actual HTML message.

While sending an e-mail message, you can specify a Mime version, content type and character set to send an HTML e-mail.

Example

Following is the example to send HTML content as an e-mail. Try it 

#!/usr/bin/python

import smtplib

message = """From: From Person <from@anydomain.com>
To: To Person <to@toanydomain.com>
MIME-Version: 1.0
Content-type: text/html
Subject: SMTP HTML e-mail test

This is an e-mail message to be sent in HTML format

<b>This is HTML message.</b>
<h1>This is headline.</h1>
"""

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, receivers, message)         
   print "Successfully sent email"
except SMTPException:
   print "Error: unable to send email"

Sending Attachments as an E-mail

To send an e-mail with mixed content requires to set Content-type header to multipart/mixed. Then, text and attachment sections can be specified within boundaries.

A boundary is started with two hyphens followed by a unique number, which cannot appear in the message part of the e-mail. A final boundary denoting the e-mail's final section must also end with two hyphens.

Attached files should be encoded with the pack("m") function to have base64 encoding before transmission.

Example

Following is the example, which sends a file /tmp/test.txt as an attachment. Try it once −

#!/usr/bin/python

import smtplib
import base64

filename = "/tmp/test.txt"

# Read a file and encode it into base64 format
fo = open(filename, "rb")
filecontent = fo.read()
encodedcontent = base64.b64encode(filecontent)  # base64

sender = 'webmaster@anydomain.com'
reciever = 'xyz@gmail.com'

marker = "AUNIQUEMARKER"

body ="""
This is a test email to send an attachment.
"""
# Define the main headers.
part1 = """From: From Person <me@domain.com>
To: To Person <xyz@gmail.com>
Subject: Sending Attachement
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=%s
--%s
""" % (marker, marker)

# Define the message action
part2 = """Content-Type: text/plain
Content-Transfer-Encoding:8bit

%s
--%s
""" % (body,marker)

# Define the attachment section
part3 = """Content-Type: multipart/mixed; name=\"%s\"
Content-Transfer-Encoding:base64
Content-Disposition: attachment; filename=%s

%s
--%s--
""" %(filename, filename, encodedcontent, marker)
message = part1 + part2 + part3

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, reciever, message)
   print "Successfully sent email"
except Exception:
   print "Error: unable to send email"

Enjoy the Code..

Source

A2SV: Auto Scanning Tool To Find SSL Vulnerability

A2SV: Auto Scanning Tool To Find SSL Vulnerability

What is A2SV?
Its an Auto Scanning tool to find SSL Vulnerability and its featured with HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc

A. Support Vulnerability

[CVE-2014-0160] CCS Injection
[CVE-2014-0224] HeartBleed
[CVE-2014-3566] SSLv3 POODLE
[CVE-2015-0204] FREAK Attack
[CVE-2015-4000] LOGJAM Attack
[CVE-2016-0703] SSLv2 DROWN
B. Dev Plan

[PLAN] SSL ACCF

2. How to Install?

A. Download(clone) & Unpack A2SV

git clone https://github.com/hahwul/a2sv.git
cd a2sv
B. Install Python Package / OpenSSL

pip install argparse
pip install netaddr

apt-get install openssl
C. Run A2SV

python a2sv.py -h

3. How to Use?

usage: a2sv.py [-h] [-t TARGET] [-p PORT] [-m MODULE] [-v]

Optional arguments:
-h, --help            show this help message and exit
-t TARGET, --target TARGET
                      Target URL/IP Address
-p PORT, --port PORT  Custom Port / Default: 443
-m MODULE, --module MODULE
                      Check SSL Vuln with one module
                      [h]: HeartBleed
                      [c]: CCS Injection
                      [p]: SSLv3 POODLE
                      [f]: OpenSSL FREAK
                      [l]: OpenSSL LOGJAM
                      [d]: SSLv2 DROWN
-u, --update          Update A2SV (GIT)
-v, --version         Show Version

[Scan SSL Vulnerability]
python a2sv.py -t 127.0.0.1
python a2sv.py -t 127.0.0.1 -m heartbleed
python a2sv.py -t 127.0.0.1 -p 8111

[Update A2SV]
python a2sv.py -u
python a2sv.py --update

Download 

Pompem - Exploit and Vulnerability Finder Pentester Tool

Pompem - Exploit and Vulnerability Finder Pentester Tool

Pompem is an open source tool, designed to automate the search for Exploits and Vulnerability in the most important databases. 

Its's Developed in Python, has a system of advanced search, that help the work of pentesters and ethical hackers. In the current version, it performs searches in PacketStorm security, CXSecurity, ZeroDay, Vulners, National Vulnerability Database, WPScan Vulnerability Database.

Source code

You can download the latest tarball by clicking here or latest zipball by clicking here.

You can also download Pompem directly from its Git repository:

$ git clone https://github.com/rfunix/Pompem.git

Dependencies

Pompem works out of the box with Python 3.5 on any platform and requires the following packages:

Requests 2.9.1+

Installation

Get Pompem up and running in a single command:

$ pip3.5 install -r requirements.txt

Usage

To get the list of basic options and information about the project:

$ python3.5 pompem.py -h

Options:

  -h, --help              show this help message and exit
  -s, --search <keyword,keyword,keyword> text for search
  --txt                           Write txt File
  --html                          Write html File

Examples of use:

$ python3.5 pompem.py -s Wordpress
$ python3.5 pompem.py -s Joomla --html
$ python3.5 pompem.py -s "Internet Explorer,joomla,wordpress" --html
$ python3.5 pompem.py -s FortiGate --txt
$ python3.5 pompem.py -s ssh,ftp,mysql

Download 

A Simple Static Malware Analyzer SSMA Tool Written in Python 3

SSMA is a simple malware analyzer written in Python 3. 

Features: 

1. Analyze PE file’s header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc.) 
2. Searches for possible domains, e-mail addresses, IP addresses in the strings of the file. 
3. Checks if domain is blacklisted based on abuse.ch’s Ransomware Domain Blocklist and malwaredomains.com’s blocklist. 
4. Looks for Windows functions commonly used by malware. 
5. Get results from VirusTotal and/or upload files. 
6. Malware detection based on Yara-rules 
7. Detect well-known software packers. 
8. Detect the existence of cryptographic algorithms. 
9. Detect anti-debug and anti-virtualization techniques used by malware to evade automated analysis. 
10. Find if documents have been crafted to leverage malicious code. 

Usage: 

git clone https://github.com/secrary/SSMA
cd SSMA
sudo pip3 install -r requirements.txt
python3 ssma.py -h
python3 ssma.py -k api-key file.exe

You can just statically scan the file or upload to VirustTotal using your API-KEY.

python3 ssma.py file.exe
python3 ssma.py -k api-key file.exe

Download

EAST: Exploits And Security Tools For Penetration Testing Framework

EAST: Exploits And Security Tools For Penetration Testing Framework

Pentest framework environment is the basis of IT security specialist’s toolkit. This software is essential as for learning and improving of knowledge in IT systems attacks and for inspections and proactive protection. 

The need of native comprehensive open source pen test framework with high level of trust existed for a long time. That is why EAST framework was created for native and native friendly IT security markets. EAST is a framework that has all necessary resources for wide range exploits to run, starting from Web to buffer overruns. EAST differs from similar toolkits by its ease of use. Even a beginner can handle it and start to advance in IT security.

Main features:

• Framework security. Software used for IT security must have a high level of user trust. Easy to check open source Python code realized in EAST. It is used for all parts of the framework and modules. Relative little amount of code eases its verification by any user. No OS changes applied during software installation.
• Framework maximum simplicity. Archive downloads, main python script start.py launches, which allows exploits start-stop and message traffic. All handled local or remotely via browser.
• Exploits simplicity of creation and editing. Possibility to edit and add modules and exploits on the fly without restart. Module code body is easy and minimal in terms of amount.
• Cross-platform + minimal requirements and dependencies. Tests for Windows and Linux. Should function everywhere where Python is installed. Framework contains all dependencies and does not download additional libraries.
• Full capacity of vanilla pen test framework. In spite of simplicity and
• “unoverload” the framework has all necessary resources for wide range exploits to run, starting from Web to buffer overruns.
• Wide enhancement possibilities. Third party developers can create their own open source solutions or participate in EAST development by use of Server-client architecture, message traffic API and support libraries. 
•  
•  
• 2. Requirements
• Python 2

3. Usage

git clone https://github.com/C0reL0ader/EaST && cd EaST
python start.py [-p PORT] [--all-interfaces]

Download EAST

•