Skip to content

Instantly share code, notes, and snippets.

Avatar

Alex dhondta

View GitHub Profile
@dhondta
dhondta / README.md
Last active Jul 27, 2020
Tinyscript Proof-of-Concept tool using PyBots for exploiting a Code Execution vulnerability in ClipperCMS
View README.md
@dhondta
dhondta / README.md
Last active Aug 6, 2020
Tinyscript steganography tool implementing the Pixel Value Differencing algorithm
View README.md

StegoPVD

This can be installed using:

$ pip install tinyscript
$ wget https://gist.githubusercontent.com/dhondta/feaf4f5fb3ed8d1eb7515abe8cde4880/raw/stegopvd.py && chmod +x stegopvd.py && sudo mv stegopvd.py /usr/bin/stegopvd

This tool is especially useful in the use cases hereafter.

@dhondta
dhondta / README.md
Last active Aug 6, 2020
Tinyscript steganography tool implementing the Least Significant Bit algorithm
View README.md

StegoLSB

This can be installed using:

$ pip install tinyscript
$ wget https://gist.githubusercontent.com/dhondta/d2151c82dcd9a610a7380df1c6a0272c/raw/stegolsb.py && chmod +x stegolsb.py && sudo mv stegolsb.py /usr/bin/stegolsb

This tool is especially useful in the use cases hereafter.

@dhondta
dhondta / README.md
Last active Aug 25, 2020
Tinyscript tool for making an evil Pickle
View README.md

Evil Pickle creation tool

This is a Tinyscript wrapper for this Gist, working with Python 2 and 3.

@dhondta
dhondta / README.md
Last active Sep 10, 2020
Tinyscript steganography tool implementing the Pixel Indicator Technique
View README.md

StegoPIT

This can be installed using:

$ pip install tinyscript
$ wget https://gist.githubusercontent.com/dhondta/30abb35bb8ee86109d17437b11a1477a/raw/stegopit.py && chmod +x stegopit.py && sudo mv stegopit.py /usr/bin/stegopit

This tool is especially useful in the use cases hereafter.

@dhondta
dhondta / README.md
Last active Jan 1, 2021
Tinyscript tools for downloading resources from Pentester Academy
View README.md

Pentester Academy Download Tools

This is a set of tools using Tinyscript in order to download resources from pentesteracademy.com and compress videos.

  • pta-downloader.py: allows to download resources given some course identifiers while compressing downloaded videos if needed.
  • video-compressor.py: allows to compress videos a posteriori.

PTA Downloader

This tool relies on wget and ffmpeg and takes a session cookie on pentesteracademy.com as a first positional argument and then multiple course identifiers as next positional arguments (for a sequential download of multiple tools). A compression ratio can be specified or compression (with default ratio 30) can be enabled for compressing videos. Check out the examples at the end of the help message to see the different usages.

@dhondta
dhondta / poc-python-parso.py
Last active Mar 25, 2021
Proof-of-Concept for Python parso Cache Load Vulnerability (CVE-2019-12760)
View poc-python-parso.py
#!/usr/bin/python
import parso
import pickle
import random
import shutil
import threading
from hashlib import sha256
from os import makedirs, remove, system
from os.path import dirname, exists, join
from six import b, u
@dhondta
dhondta / poc-python-xdg-0.25.py
Last active Mar 25, 2021
Proof-of-Concept for python-xdg 0.25 Python code injection (CVE-2019-12761)
View poc-python-xdg-0.25.py
#!/usr/bin/python3
import os
import shutil
from xdg.BaseDirectory import xdg_config_dirs
from xdg.Menu import parse
TEMP = "/tmp/poc-xdg"
MENU = "gnome-evil.menu"
RSLT = "{}/result.txt".format(TEMP)
CMD = "ls"
@dhondta
dhondta / README.md
Last active Apr 23, 2021
Tinyscript tool for generating loose comparison hashes for PHP type juggling
View README.md

PHP loose comparison input generator

This can be installed using:

$ pip install tinyscript
$ wget https://gist.githubusercontent.com/dhondta/8937374f087f708c608bcacac431969f/raw/loose-comparison-input-generator.py && chmod +x loose-comparison-input-generator.py && sudo mv loose-comparison-input-generator.py /usr/bin/loose-comparison-input-generator

This tool is especially useful in the use cases hereafter.

@dhondta
dhondta / README.md
Last active Apr 23, 2021
Tinyscript tool for getting IP locations from an email (EML file)
View README.md

Get Email Origin

This can be installed using:

$ pip install -r requirements.txt
$ wget https://gist.githubusercontent.com/dhondta/9a8027062ff770b2aa5d8422ddd78b57/raw/get-email-origin.py && chmod +x get-email-origin.py && sudo mv get-email-origin.py /usr/bin/get-email-origin