Philippe Delteil pdelteil

## wifer.sh
#!/bin/sh
# This script allows you to login into a adsl router (with default password) and retrieve
# WIFI SSD, password and WPS code. It uses a list of IPs.

FILE=$1
OUTPUT=$2

for IP in $(cat $FILE |grep Host |awk '{ print $2 }');
do
RES=$( curl -s  $IP|grep motorola|wc -c)

## prettyJSON.py
#Convert JSON data to human-readable form.

#Usage:
#  prettyJSON.py inputFile [outputFile]

import sys
import simplejson as json

def main(args):
    try:

## mapper.py
import sys

#print "file: "  + sys.argv[1]
myKeys = open(sys.argv[1])
#keymappings ref (pag 53) https://www.usb.org/sites/default/files/documents/hut1_12v2.pdf
newmap = {
 2: "PostFail",
 4: "a", 5: "b", 6: "c", 7: "d", 8: "e",
 9: "f", 10: "g", 11: "h", 12: "i", 13: "j",
 14: "k", 15: "l", 16: "m", 17: "n", 18: "o",

## openURL.sh
cat openUrls.sh
if [[ $# -eq 0 ]] ; then
    echo "Usage $0 fileWithUrls.txt"
    exit 0
fi

PROGRAM="firefox"
INPUT=$1

if pgrep -x $PROGRAM > /dev/null

## pubsploit.py
import urllib.request, json, sys, textwrap
# Run like
# python3 pubsploit.py CVE-2017-0143

def cveSearch(cve):
    with urllib.request.urlopen('http://cve.circl.lu/api/cve/'+cve) as url:
        data = json.loads(url.read().decode())
        try:
            if data['cvss']:
                print("{} | CVSS {}".format(cve,data['cvss']))

## crackWep.sh
# Checking for arguments
if [ $# -lt 3 ]
  then
        echo "Not enough arguments supplied"
        echo "Usage: ./deauth.sh  <bssid> <channel> <interface>"
else
        BSSID=$1
        CHAN=$2
        INTERF=$3
        TIMEOUT=20

## gist:6ebac2290a6fb33eea1af194485a22b1
#!/usr/bin/env python
# Exploit Title: Unauthenticated SQL Injection on CMS Made Simple <= 2.2.9
# Date: 30-03-2019
# Exploit Author: Daniele Scanu @ Certimeter Group
# Vendor Homepage: https://www.cmsmadesimple.org/
# Software Link: https://www.cmsmadesimple.org/downloads/cmsms/
# Version: <= 2.2.9
# Tested on: Ubuntu 18.04 LTS
# CVE : CVE-2019-9053

## Large_projects_exporter_tester.sh
#!/bin/bash
#Export_Large_Projects tester
if [ $# -lt 2 ]
  then
    echo "USE $0 CSV_FILE SAS_FILE"
    exit 1
fi

declare -a EQ_to_CSV=("info_informacin_de_c_v_0"  "f23_registro_contact_v_1"  "f18_actualizacion_in_v_2" "f3_ecografia_abdomin_v_3" "f3_ecografia_abdomin_v_4" "f3_ecografia_abdomin_v_5" "f10_encuesta_de_segu_v_6" "f22_encuesta_colecis_v_7" "f5_pareamiento_segun_v_8" "f4_examen_fisico_seg_v_9" "f22_encuesta_colecis_v_10" "f12_recoleccion_de_e_v_11" "f25_sospecha_cncer_c_v_12" "f11a_revisin_de_fich_v_13" "f11a_revision_de_fic_v_14" "f20_formularios_falt_v_15" "f19_salida_del_estud_v_16")
declare -a EQ_to_SAS=("info_informacin_de_contacto_complete" "f23_registro_contacto_seguimiento_complete" "f18_actualizacion_informacion_de_participante_complete" "f3_ecografia_abdominal_complete" "f3_ecografia_abdominal_segunda_complete" "f3_ecografia_abdominal_tercera_complete" "f10_encuesta_de_seguimiento_complete" "f22_encuesta_colecistectomia_complete" "f5_pareamiento_segundo_complete" "f4_examen_fisico_segun

## getVideoLinkFromChannels.py
import urllib.request
import json
import math
import sys

#Get list of videos from Youtube channel
def getVideos(maxResults, uploadId, key,nextPageToken, videosOutput):
    videos = []
    urld = searchURL+"/playlistItems?part=snippet%2CcontentDetails&maxResults="+maxResults+"&playlistId="+uploadId+"&key="+key+"&pageToken="+nextPageToken
    with urllib.request.urlopen(urld) as url:

## solveChallenge.py
from skyfield.api import Topos, load
import socket
from time import sleep
import re
import array as arr

#connecting to server
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('where.satellitesabove.me', 5021))
print("connecting to where.satellitesabove.me:5021")
	#!/bin/sh
	# This script allows you to login into a adsl router (with default password) and retrieve
	# WIFI SSD, password and WPS code. It uses a list of IPs.

	FILE=$1
	OUTPUT=$2

	for IP in $(cat $FILE \|grep Host \|awk '{ print $2 }');
	do
	RES=$( curl -s $IP\|grep motorola\|wc -c)
	#Convert JSON data to human-readable form.

	#Usage:
	# prettyJSON.py inputFile [outputFile]

	import sys
	import simplejson as json

	def main(args):
	try:
	import sys

	#print "file: " + sys.argv[1]
	myKeys = open(sys.argv[1])
	#keymappings ref (pag 53) https://www.usb.org/sites/default/files/documents/hut1_12v2.pdf
	newmap = {
	2: "PostFail",
	4: "a", 5: "b", 6: "c", 7: "d", 8: "e",
	9: "f", 10: "g", 11: "h", 12: "i", 13: "j",
	14: "k", 15: "l", 16: "m", 17: "n", 18: "o",
	cat openUrls.sh
	if [[ $# -eq 0 ]] ; then
	echo "Usage $0 fileWithUrls.txt"
	exit 0
	fi

	PROGRAM="firefox"
	INPUT=$1

	if pgrep -x $PROGRAM > /dev/null
	import urllib.request, json, sys, textwrap
	# Run like
	# python3 pubsploit.py CVE-2017-0143

	def cveSearch(cve):
	with urllib.request.urlopen('http://cve.circl.lu/api/cve/'+cve) as url:
	data = json.loads(url.read().decode())
	try:
	if data['cvss']:
	print("{} \| CVSS {}".format(cve,data['cvss']))
	# Checking for arguments
	if [ $# -lt 3 ]
	then
	echo "Not enough arguments supplied"
	echo "Usage: ./deauth.sh <bssid> <channel> <interface>"
	else
	BSSID=$1
	CHAN=$2
	INTERF=$3
	TIMEOUT=20
	#!/usr/bin/env python
	# Exploit Title: Unauthenticated SQL Injection on CMS Made Simple <= 2.2.9
	# Date: 30-03-2019
	# Exploit Author: Daniele Scanu @ Certimeter Group
	# Vendor Homepage: https://www.cmsmadesimple.org/
	# Software Link: https://www.cmsmadesimple.org/downloads/cmsms/
	# Version: <= 2.2.9
	# Tested on: Ubuntu 18.04 LTS
	# CVE : CVE-2019-9053
	#!/bin/bash
	#Export_Large_Projects tester
	if [ $# -lt 2 ]
	then
	echo "USE $0 CSV_FILE SAS_FILE"
	exit 1
	fi

	declare -a EQ_to_CSV=("info_informacin_de_c_v_0" "f23_registro_contact_v_1" "f18_actualizacion_in_v_2" "f3_ecografia_abdomin_v_3" "f3_ecografia_abdomin_v_4" "f3_ecografia_abdomin_v_5" "f10_encuesta_de_segu_v_6" "f22_encuesta_colecis_v_7" "f5_pareamiento_segun_v_8" "f4_examen_fisico_seg_v_9" "f22_encuesta_colecis_v_10" "f12_recoleccion_de_e_v_11" "f25_sospecha_cncer_c_v_12" "f11a_revisin_de_fich_v_13" "f11a_revision_de_fic_v_14" "f20_formularios_falt_v_15" "f19_salida_del_estud_v_16")
	declare -a EQ_to_SAS=("info_informacin_de_contacto_complete" "f23_registro_contacto_seguimiento_complete" "f18_actualizacion_informacion_de_participante_complete" "f3_ecografia_abdominal_complete" "f3_ecografia_abdominal_segunda_complete" "f3_ecografia_abdominal_tercera_complete" "f10_encuesta_de_seguimiento_complete" "f22_encuesta_colecistectomia_complete" "f5_pareamiento_segundo_complete" "f4_examen_fisico_segun
	import urllib.request
	import json
	import math
	import sys

	#Get list of videos from Youtube channel
	def getVideos(maxResults, uploadId, key,nextPageToken, videosOutput):
	videos = []
	urld = searchURL+"/playlistItems?part=snippet%2CcontentDetails&maxResults="+maxResults+"&playlistId="+uploadId+"&key="+key+"&pageToken="+nextPageToken
	with urllib.request.urlopen(urld) as url:
	from skyfield.api import Topos, load
	import socket
	from time import sleep
	import re
	import array as arr

	#connecting to server
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.connect(('where.satellitesabove.me', 5021))
	print("connecting to where.satellitesabove.me:5021")