Skip to content

Instantly share code, notes, and snippets.

Avatar

Alex dhondta

View GitHub Profile
@dhondta
dhondta / README.md
Last active Jan 1, 2021
Tinyscript tools for downloading resources from Pentester Academy
View README.md

Pentester Academy Download Tools

This is a set of tools using Tinyscript in order to download resources from pentesteracademy.com and compress videos.

  • pta-downloader.py: allows to download resources given some course identifiers while compressing downloaded videos if needed.
  • video-compressor.py: allows to compress videos a posteriori.

PTA Downloader

This tool relies on wget and ffmpeg and takes a session cookie on pentesteracademy.com as a first positional argument and then multiple course identifiers as next positional arguments (for a sequential download of multiple tools). A compression ratio can be specified or compression (with default ratio 30) can be enabled for compressing videos. Check out the examples at the end of the help message to see the different usages.

@dhondta
dhondta / README.md
Last active May 17, 2021
Tinyscript tool to bruteforce the password of a PDF
View README.md

PDF password bruteforcer

This is a small tool using Tinyscript and PyPDF2 to bruteforce the password of a PDF given an alphabet (defaults to printables) and a length (default is 8).

@dhondta
dhondta / README.md
Last active Aug 25, 2020
Tinyscript tool for making an evil Pickle
View README.md

Evil Pickle creation tool

This is a Tinyscript wrapper for this Gist, working with Python 2 and 3.

@dhondta
dhondta / README.md
Last active Jul 27, 2020
Tinyscript Proof-of-Concept tool using PyBots for exploiting an SSTI vulnerability in Craft CMS (CVE-2018-14716)
View README.md

Craft CMS SEOmatic 3.1.4 SSTI Exploit (CVE-2018-14716)

This is an automation of this exploit using Tinyscript and Pybots for getting config settings or user properties.

@dhondta
dhondta / README.md
Last active Apr 18, 2020
Modification of Firefox-Decrypt to support dictionary attack
View README.md

Firefox-Decrypt modified for dictionary attack on master password

This script is the modification of this excellent project, a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles, to make it support dictionary attack. This is published as a Gist as the related PR was refused (for a reason I completely understand) and with the consent of the author.

For the main options, please refer to the original project. You can provide a wordlist of master passwords for a dictionary attack as follows:

$ python firefox_decrypt_modified.py -w passwords.lst l1u1xh65.default
@dhondta
dhondta / README.md
Last active Jul 27, 2020
Tinyscript Proof-of-Concept tool using PyBots for exploiting a Code Execution vulnerability in ClipperCMS
View README.md
@dhondta
dhondta / README.md
Last active Apr 27, 2020
Simple lexer module for parsing a line of arguments and keyword-arguments, useful for CLI tools
View README.md

Arguments Lexer

Simple arguments lexer for parsing a line of arguments and keyword-arguments.

The ValueLexer evaluates strings (delimited by single or double quotes), booleans, floats, integers and also binary, octal or hexadecimal (to an integer).

The ArgumentsLexer ensures that the input line of arguments has the form:

arg1 arg2 ... argN kw1=val1 kw2=val2 ... kwM=valM
@dhondta
dhondta / README.md
Created Jan 25, 2020
Tinyscript cryptography tool implementing the Solitaire Cipher algorithm
View README.md

Solitaire-Cipher

This can be installed using:

$ pip install tinyscript
$ wget https://gist.githubusercontent.com/dhondta/1858f406fc55e5e5d440ff26432ad0a4/raw/solitaire-cipher.py && chmod +x solitaire-cipher.py && sudo mv solitaire-cipher.py /usr/bin/solitaire-cipher

This tool is especially useful in the use cases hereafter.

@dhondta
dhondta / README.md
Last active Aug 6, 2020
Tinyscript steganography tool implementing the Pixel Value Differencing algorithm
View README.md

StegoPVD

This can be installed using:

$ pip install tinyscript
$ wget https://gist.githubusercontent.com/dhondta/feaf4f5fb3ed8d1eb7515abe8cde4880/raw/stegopvd.py && chmod +x stegopvd.py && sudo mv stegopvd.py /usr/bin/stegopvd

This tool is especially useful in the use cases hereafter.

@dhondta
dhondta / README.md
Last active Aug 6, 2020
Tinyscript steganography tool implementing the Least Significant Bit algorithm
View README.md

StegoLSB

This can be installed using:

$ pip install tinyscript
$ wget https://gist.githubusercontent.com/dhondta/d2151c82dcd9a610a7380df1c6a0272c/raw/stegolsb.py && chmod +x stegolsb.py && sudo mv stegolsb.py /usr/bin/stegolsb

This tool is especially useful in the use cases hereafter.