diff --git a/30_raw_socket_struck_send.py b/30_raw_socket_struck_send.py new file mode 100644 index 0000000..0cd540a --- /dev/null +++ b/30_raw_socket_struck_send.py @@ -0,0 +1,18 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +import socket +import struct + +rawSocket = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(0x0800)) + +#rawSocket.bind(("eth0", socket.htons(0x0800))) +rawSocket.bind(("enp0s31f6", socket.htons(0x0800))) + +# layer 2 message, then data +# src mac / dst mac / eth type +inet_header = struct.pack("!6s6s2s", '\xaa\xaa\xaa\xaa\xaa\xaa', '\xbb\xbb\xbb\xbb\xbb\xbb','\x08\x00') # 14 bytes + +print len(inet_header) + +rawSocket.send(inet_header + "Anything") diff --git a/31_scapy.py b/31_scapy.py new file mode 100644 index 0000000..32e2750 --- /dev/null +++ b/31_scapy.py @@ -0,0 +1,33 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +#import scapy +from scapy.all import sniff + +# from intractive mode: conf, ls(), ls(IP) +# note" conf.route.add(host="192.168.2.4", gw="192.168.2.5") / conf.route.resync() / etc... + +pkts = sniff(iface="enp0s31f6", count=5) + +print pkts[0] +print pkts[0].show + +print hexdump(pkts[1]) + +# wrpcap("test.pcap", pkts) # write the packets into pcap file +# read_pkts = rdpcap("test.pcap") # read pcap +# read_pkts[0] # print pcap + +pkts_filtered = sniff(iface="enp0s31f6", filter="icmp", count=5) # BPS filters +print pkts_filtered[1] + +pks_live = sniff(iface="enp0s31f6", filter="icmp", count=2, prn=lambda x: x.summary()) + + +# icmp_str = str(pkts[1]) +# recon = Ether(icmp_str) +# print recon # this is more for fun / converting pkts to str and back using Ether + +# newPkt = export_object(icmp_str) # packet into base64 +# import_object(newPkt) # packet from base64 +# Ether(newPkt) # and so on... :) diff --git a/32_scapy_packet_injection.py b/32_scapy_packet_injection.py new file mode 100644 index 0000000..f232037 --- /dev/null +++ b/32_scapy_packet_injection.py @@ -0,0 +1,32 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +#import scapy +from scapy.all import Ether, IP, ICMP, TCP, sr, sr1 + +pkt = IP(dst="gentoo.org") # Simple packet creation +#print pkt.show() + +pkt = IP(dst="gentoo.org")/ICMP()/"Not-Vivek was here" # ICMP packet creation with message + +sr1(pkt) + + + +# More tricks / tips + +# sendp(Ether()/IP(dst="gentoo.org")/ICMP()/"any", iface="enp0s31f6", loop=1, inter=1) # Sending on layer 2 level, plus loop, but be carefule with that : ) + this is interactive command! + + +# Layer 3 send and receive: sr() sr1() +# Layer 2 send and receive: srp() srp1() + +#srp1(Ether()/IP(dst="gentoo.org", ttl=22)/ICMP/"any") + +#sr(IP(dst="gentoo.org", ttl=22)/ICMP()/"any") +#response, no_response = _ +#print response[0] # print answer + + +#r1(IP(dst="gentoo.org"), timeout=4) + diff --git a/33_web_parsing_beautifulsoup.py b/33_web_parsing_beautifulsoup.py new file mode 100644 index 0000000..1c44320 --- /dev/null +++ b/33_web_parsing_beautifulsoup.py @@ -0,0 +1,44 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +import requests +from bs4 import BeautifulSoup + +# GET with requests, then parse with BeautifulSoup +r = requests.get("https://gentoo.org/") +print r.content +bt = BeautifulSoup(r.content, "lxml") # It's recommended to use LXML, not the default html parser. +print bt.title +print bt.title.string + + +# Find all metatags +allMetaTags = bt.find_all('meta') +print allMetaTags + + +allMetaTags = bt.find_all('meta') +print allMetaTags[2] + +#allMetaTags = bt.find_all('meta') +#print allMetaTags[0]['content'] # Works in video, not here. wat? + + +# Print all links from the site +allLinks = bt.find_all('a') +print len(allLinks) # How many links do we have? +#print allLinks[1] +print allLinks[4]['href'] +#print allLinks[1].string + + +# Print all text output, could be great for password list generations +print bt.get_text() + + +#Print all links +for link in allLinks: + print link['href'] + + +# print bt.meta.next.next.next.next.next.next # Don't. diff --git a/34_web_parsing_beautifulsoup_scraper.py b/34_web_parsing_beautifulsoup_scraper.py new file mode 100644 index 0000000..b0ff860 --- /dev/null +++ b/34_web_parsing_beautifulsoup_scraper.py @@ -0,0 +1,22 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +import requests +from bs4 import BeautifulSoup + +# GET with requests, then parse with BeautifulSoup +#r = requests.get("https://gentoo.org/") +#print r.content + + +r = requests.get("http://securitytube.net/video/3000") + +bs = BeautifulSoup(r.content, "lxml") # It's recommended to use LXML, not the default html parser. +print bs.title + +videoLink = bs.find('iframe', {'title' : 'YouTube video player'}) +print videoLink +print videoLink['src'] + +# To Be Continued ! + diff --git a/35_web_mechanize.py b/35_web_mechanize.py new file mode 100644 index 0000000..c4ce4ee --- /dev/null +++ b/35_web_mechanize.py @@ -0,0 +1,23 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +import mechanize + +br = mechanize.Browser() +br.open('https://www.gentoo.org/donate') + + +# Dump all forms from gentoo.org/donate +for form in br.forms(): + print form + +br.select_form(nr=0) # 0 because of first form - it references to the first form. +br.form['amount'] = 'thanks!' + +br.submit() # Done, submitted! +# Better idea is to implement it with: https://searx.me/ + + +# Print list of links +for link in br.links(): + print link.url + ' : ' + link.text diff --git a/36_web_mechanize_forms_click_links.py b/36_web_mechanize_forms_click_links.py new file mode 100644 index 0000000..8d722f0 --- /dev/null +++ b/36_web_mechanize_forms_click_links.py @@ -0,0 +1,32 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +import mechanize + +# Note: mechanize takes care of cookies. + +br=mechanize.Browser() + +br.open('http://student.securitytube.net/login/index.php') + +for form in br.forms(): + print form + +br.select_form(nr=0) + +br.form['username'] = 'demo-user' +br.form['password'] = 'demouser1]M' # It won't work ;) + +br.submit() +print br.response().read + +for link in br.links(): + print link.url + ' + ' + link.text + +# It's different url now, just for example: +#new_link = br.click_link(text='moodle[IMG]Change Password') +#br.open(new_link) +#print br.response().read() + +#for form in br.forms(): +# print form diff --git a/37_immunity_debugger_simple.py b/37_immunity_debugger_simple.py new file mode 100644 index 0000000..7bba54a --- /dev/null +++ b/37_immunity_debugger_simple.py @@ -0,0 +1,25 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Place this file into PyCommands directory to use with Immunity Debugger. + +import immlib + +DESC = "This will be the Description in ID." + +def main(args): + + imm = immlib.Debugger() # This is what we attach to. + + imm.log("Write that into ID log window!") + + imm.updateLog() # Any pending line will be printed immediately! + + + td = imm.createTable("Any name", ['PID', 'Name', 'Path', 'Services']) + + psList = imm.ps() + for process in psList: + td.add(0, [ str(process[0], process[1], process[2], str(process[3]))]) + + return "Welcome to ID Scripting."