Skip to content

Instantly share code, notes, and snippets.

View dhondta's full-sized avatar

Alex dhondta

516 followers · 40 following
View GitHub Profile
@dhondta
dhondta / README.md
Last active October 31, 2025 15:02
Tinyscript tool for making an evil Pickle

Evil Pickle creation tool

This is a Tinyscript wrapper for this Gist, working with Python 2 and 3.

$ pip install tinyscript
$ tsm install evil-pickle-maker
@dhondta
dhondta / README.md
Last active October 8, 2025 11:14
Tinyscript steganography tool based on base32/64 padding

Paddinganograph

This Tinyscript-based tool allows to unhide data hidden in base32/base64 strings. It can take a PNG or JPG in input to retrieve an EXIF value as the input data.

This can be installed using:

$ pip install tinyscript
$ tsm install paddinganograph
@dhondta
dhondta / README.md
Last active October 6, 2025 21:07
Tinyscript steganography tool implementing the Pixel Indicator Technique

StegoPIT

This Tinyscript-based tool allows to apply steganography based on PIT (Pixel Indicator Technique) in order to retrieve hidden data from an image.

$ pip install tinyscript
$ tsm install stegopit

@dhondta
dhondta / README.md
Last active October 6, 2025 21:02
Tinyscript steganography tool implementing the Least Significant Bit algorithm

StegoLSB

This Tinyscript-based tool allows to apply steganography based on LSB (Least Significant Bit) in order to retrieve hidden data from an image.

$ pip install tinyscript
$ tsm install stegolsb

@dhondta
dhondta / README.md
Last active August 15, 2025 03:35
Tinyscript steganography tool implementing the Pixel Value Differencing algorithm

StegoPVD

This Tinyscript-based tool allows to apply steganography based on PVD (Pixel Value Differencing) in order to retrieve hidden data from an image.

$ pip install tinyscript
$ tsm install stegopvd

@dhondta
dhondta / README.md
Last active August 9, 2025 09:11
Tinyscript tool for getting IP locations from an email (EML file)

Get Email Origin

This Tinyscript-based allows to load an email and to parse the receivers, indicating where the found IP addesses originate from.

This can be installed using:

$ pip install ipaddress mail_parser maxminddb-geolite2 tinyscript
$ tsm install get-email-origin
@dhondta
dhondta / README.md
Last active June 9, 2025 08:00
Proof-of-Concept for python-xdg 0.25 Python code injection (CVE-2019-12761)

CVE-2019-12761 - Code Injection in Python's xdg Module

Description

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.

References

@dhondta
dhondta / README.md
Last active June 9, 2025 07:59
Proof-of-Concept for Python parso Cache Load Vulnerability (CVE-2019-12760)

CVE-2019-12760 - ACE in Python's parso Module

Description

** DISPUTED ** A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration."

References

@dhondta
dhondta / README.md
Last active June 9, 2025 07:57
Proof-of-Concept for logging Python code injection

ACE in Python's logging Native Module

Description

While loading a configuration file, logging/config.py's handler parsing function calls eval() twice on unsanitized variables coming from the configuration file, therefore allowing an attacker to execute arbitrary code.

References

@dhondta
dhondta / README.md
Last active May 4, 2025 14:47
OUI/MAC Organization Finder

OUI/MAC Organization Finder

This is a small tool using Tinyscript for finding the organization associated with a given OUI or MAC address.

$ pip install tinyscript
$ tsm install oui