Sttr - Cross-Platform, Cli App To Perform Various Operations On String

sttr is command line software that allows you to quickly run various transformation operations on the string.

// With input prompt
sttr

// Direct input
sttr md5 "Hello World"

// File input
sttr md5 file.text
sttr base64-encode image.jpg

// Reading from different processor like cat, curl, printf etc..
echo "Hello World" | sttr md5
cat file.txt | sttr md5

// Writing output to a file
sttr yaml-json file.yaml > file-output.json

:movie_camera: Demo

:battery: Installation

Quick install

You can run the below curl to install it somewhere in your PATH for easy use. Ideally it will be installed at ./bin folder

curl -sfL https://raw.githubusercontent.com/abhimanyu003/sttr/main/install.sh | sh

Webi

MacOS / Linux

curl -sS https://webi.sh/sttr | sh

Windows

curl.exe https://webi.ms/sttr | powershell

See here

Homebrew

If you are on macOS and using Homebrew, you can install sttr with the following:

brew tap abhimanyu003/sttr
brew install sttr

Snap

sudo snap install sttr

Arch Linux

yay -S sttr-bin

Scoop

scoop bucket add sttr https://github.com/abhimanyu003/scoop-bucket.git
scoop install sttr

Go

go install github.com/abhimanyu003/sttr@latest

Manually

Download the pre-compiled binaries from the Release! page and copy them to the desired location.

:books: Guide

• After installation simply run sttr command.

// For interactive menu
sttr
// Provide your input
// Press two enter to open operation menu
// Press `/` to filter various operations.
// Can also press UP-Down arrows select various operations.

• Working with help.

sttr -h

// Example
sttr zeropad -h
sttr md5 -h

• Working with files input.

sttr {command-name} {filename}

sttr base64-encode image.jpg
sttr md5 file.txt
sttr md-html Readme.md

• Writing output to file.

sttr yaml-json file.yaml > file-output.json

• Taking input from other command.

curl https: //jsonplaceholder.typicode.com/users | sttr json-yaml

• Chaining the different processor.

sttr md5 hello | sttr base64-encode

echo "Hello World" | sttr base64-encode | sttr md5

:boom: Supported Operations

Encode/Decode

• [x] ascii85-encode - Encode your text to ascii85
• [x] ascii85-decode - Decode your ascii85 text
• [x] base32-decode - Decode your base32 text
• [x] base32-encode - Encode your text to base32
• [x] base64-decode - Decode your base64 text
• [x] base64-encode - Encode your text to base64
• [x] base85-encode - Encode your text to base85
• [x] base85-decode - Decode your base85 text
• [x] base64url-decode - Decode your base64 url
• [x] base64url-encode - Encode your text to url
• [x] html-decode - Unescape your HTML
• [x] html-encode - Escape your HTML
• [x] rot13-encode - Encode your text to ROT13
• [x] url-decode - Decode URL entities
• [x] url-encode - Encode URL entities

Hash

• [x] bcrypt - Get the Bcrypt hash of your text
• [x] md5 - Get the MD5 checksum of your text
• [x] sha1 - Get the SHA1 checksum of your text
• [x] sha256 - Get the SHA256 checksum of your text
• [x] sha512 - Get the SHA512 checksum of your text

String

• [x] camel - Transform your text to CamelCase
• [x] kebab - Transform your text to kebab-case
• [x] lower - Transform your text to lower case
• [x] reverse - Reverse Text ( txeT esreveR )
• [x] slug - Transform your text to slug-case
• [x] snake - Transform your text to snake_case
• [x] title - Transform your text to Title Case
• [x] upper - Transform your text to UPPER CASE

Lines

• [x] count-lines - Count the number of lines in your text
• [x] reverse-lines - Reverse lines
• [x] shuffle-lines - Shuffle lines randomly
• [x] sort-lines - Sort lines alphabetically
• [x] unique-lines - Get unique lines from list

Spaces

• [x] remove-spaces - Remove all spaces + new lines
• [x] remove-newlines - Remove all new lines

Count

• [x] count-chars - Find the length of your text (including spaces)
• [x] count-lines - Count the number of lines in your text
• [x] count-words - Count the number of words in your text

RGB/Hex

• [x] hex-rgb - Convert a #hex-color code to RGB
• [x] hex-encode - Encode your text Hex
• [x] hex-decode - Convert Hexadecimal to String

JSON

• [x] json - Format your text as JSON
• [x] json-escape - JSON Escape
• [x] json-unescape - JSON Unescape
• [x] json-yaml - Convert JSON to YAML text
• [x] json-msgpack - Convert JSON to MSGPACK
• [x] msgpack-json - Convert MSGPACK to JSON

YAML

• [x] yaml-json - Convert YAML to JSON text

Markdown

• [x] markdown-html - Convert Markdown to HTML

Extract

• [x] extract-emails - Extract emails from given text
• [x] extract-ip - Extract IPv4 and IPv6 from your text
• [x] extract-urls - Extract URls your text ( we don't do ping check )

Other

• [x] escape-quotes - escape single and double quotes from your text
• [x] completion - generate the autocompletion script for the specified shell
• [x] interactive - Use sttr in interactive mode
• [x] version - Print the version of sttr
• [x] zeropad - Pad a number with zeros
• [x] and adding more....

Featured On

These are the few locations where sttr was highlighted, many thanks to all of you. Please feel free to add any blogs/videos you may have made that discuss sttr to the list.

• Youtube: The Giants of Open Source - DevOps Paradox
• Terminal Trove - Tool of the Week
• nixCraft

Headerpwn - A Fuzzer For Finding Anomalies And Analyzing How Servers Respond To Different HTTP Headers

Install

To install headerpwn, run the following command:

go install github.com/devanshbatham/headerpwn@v0.0.3

Usage

headerpwn allows you to test various headers on a target URL and analyze the responses. Here's how to use the tool:

1. Provide the target URL using the -url flag.
2. Create a file containing the headers you want to test, one header per line. Use the -headers flag to specify the path to this file.

Example usage:

headerpwn -url https://example.com -headers my_headers.txt

• Format of my_headers.txt should be like below:

Proxy-Authenticate: foobar
Proxy-Authentication-Required: foobar
Proxy-Authorization: foobar
Proxy-Connection: foobar
Proxy-Host: foobar
Proxy-Http: foobar

Proxying requests through Burp Suite:

Follow following steps to proxy requests through Burp Suite:

• Export Burp's Certificate:

  • In Burp Suite, go to the "Proxy" tab.
  • Under the "Proxy Listeners" section, select the listener that is configured for 127.0.0.1:8080
  • Click on the "Import/ Export CA Certificate" button.
  • In the certificate window, click "Export Certificate" and save the certificate file (e.g., burp.der).

• Install Burp's Certificate:

  • Install the exported certificate as a trusted certificate on your system. How you do this depends on your operating system.
  • On Windows, you can double-click the .cer file and follow the prompts to install it in the "Trusted Root Certification Authorities" store.
  • On macOS, you can double-click the .cer file and add it to the "Keychain Access" application in the "System" keychain.
  • On Linux, you might need to copy the certificate to a trusted certificate location and configure your system to trust it.

You should be all set:

headerpwn -url https://example.com -headers my_headers.txt -proxy 127.0.0.1:8080

Credits

The headers.txt file is compiled from various sources, including the SecLists">Seclists project. These headers are used for testing purposes and provide a variety of scenarios for analyzing how servers respond to different headers.

JAW - A Graph-based Security Analysis Framework For Client-side JavaScript

An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs.

This project is licensed under GNU AFFERO GENERAL PUBLIC LICENSE V3.0. See here for more information.

JAW has a Github pages website available at https://soheilkhodayari.github.io/JAW/.

Release Notes:

• Oct 2023, JAW-v3 (Sheriff): JAW updated to detect client-side request hijacking vulnerabilities.
• July 2022, JAW-v2 (TheThing): JAW updated to its next major release with the ability to detect DOM Clobbering vulnerabilities. See JAW-V2 branch.
• Dec 2020, JAW-v1 : first prototype version. See JAW-V1 branch.

Overview of JAW

The architecture of the JAW is shown below.

Test Inputs

JAW can be used in two distinct ways:

1. Arbitrary JavaScript Analysis: Utilize JAW for modeling and analyzing any JavaScript program by specifying the program's file system path.

2. Web Application Analysis: Analyze a web application by providing a single seed URL.

Data Collection

• JAW features several JavaScript-enabled web crawlers for collecting web resources at scale.

HPG Construction

• Use the collected web resources to create a Hybrid Program Graph (HPG), which will be imported into a Neo4j database.

• Optionally, supply the HPG construction module with a mapping of semantic types to custom JavaScript language tokens, facilitating the categorization of JavaScript functions based on their purpose (e.g., HTTP request functions).

Analysis and Outputs

• Query the constructed Neo4j graph database for various analyses. JAW offers utility traversals for data flow analysis, control flow analysis, reachability analysis, and pattern matching. These traversals can be used to develop custom security analyses.

• JAW also includes built-in traversals for detecting client-side CSRF, DOM Clobbering and request hijacking vulnerabilities.

• The outputs will be stored in the same folder as that of input.

Setup

The installation script relies on the following prerequisites: - Latest version of npm package manager (node js) - Any stable version of python 3.x - Python pip package manager

Afterwards, install the necessary dependencies via:

$ ./install.sh

For detailed installation instructions, please see here.

Quick Start

Running the Pipeline

You can run an instance of the pipeline in a background screen via:

$ python3 -m run_pipeline --conf=config.yaml

The CLI provides the following options:

$ python3 -m run_pipeline -h

usage: run_pipeline.py [-h] [--conf FILE] [--site SITE] [--list LIST] [--from FROM] [--to TO]

This script runs the tool pipeline.

optional arguments:
  -h, --help            show this help message and exit
  --conf FILE, -C FILE  pipeline configuration file. (default: config.yaml)
  --site SITE, -S SITE  website to test; overrides config file (default: None)
  --list LIST, -L LIST  site list to test; overrides config file (default: None)
  --from FROM, -F FROM  the first entry to consider when a site list is provided; overrides config file (default: -1)
  --to TO, -T TO        the last entry to consider when a site list is provided; overrides config file (default: -1)

Input Config: JAW expects a .yaml config file as input. See config.yaml for an example.

Hint. The config file specifies different passes (e.g., crawling, static analysis, etc) which can be enabled or disabled for each vulnerability class. This allows running the tool building blocks individually, or in a different order (e.g., crawl all webapps first, then conduct security analysis).

Quick Example

For running a quick example demonstrating how to build a property graph and run Cypher queries over it, do:

$ python3 -m analyses.example.example_analysis --input=$(pwd)/data/test_program/test.js

Crawling and Data Collection

This module collects the data (i.e., JavaScript code and state values of web pages) needed for testing. If you want to test a specific JavaScipt file that you already have on your file system, you can skip this step.

JAW has crawlers based on Selenium (JAW-v1), Puppeteer (JAW-v2, v3) and Playwright (JAW-v3). For most up-to-date features, it is recommended to use the Puppeteer- or Playwright-based versions.

Playwright CLI with Foxhound

This web crawler employs foxhound, an instrumented version of Firefox, to perform dynamic taint tracking as it navigates through webpages. To start the crawler, do:

$ cd crawler
$ node crawler-taint.js --seedurl=https://google.com --maxurls=100 --headless=true --foxhoundpath=<optional-foxhound-executable-path>

The foxhoundpath is by default set to the following directory: crawler/foxhound/firefox which contains a binary named firefox.

Note: you need a build of foxhound to use this version. An ubuntu build is included in the JAW-v3 release.

Puppeteer CLI

To start the crawler, do:

$ cd crawler
$ node crawler.js --seedurl=https://google.com --maxurls=100 --browser=chrome --headless=true

See here for more information.

Selenium CLI

To start the crawler, do:

$ cd crawler/hpg_crawler
$ vim docker-compose.yaml # set the websites you want to crawl here and save
$ docker-compose build
$ docker-compose up -d

Please refer to the documentation of the hpg_crawler here for more information.

Graph Construction

HPG Construction CLI

To generate an HPG for a given (set of) JavaScript file(s), do:

$ node engine/cli.js  --lang=js --graphid=graph1 --input=/in/file1.js --input=/in/file2.js --output=$(pwd)/data/out/ --mode=csv

optional arguments:
  --lang:   language of the input program
  --graphid:  an identifier for the generated HPG
  --input:  path of the input program(s)
  --output:     path of the output HPG, must be i
  --mode:   determines the output format (csv or graphML)

HPG Import CLI

To import an HPG inside a neo4j graph database (docker instance), do:

$ python3 -m hpg_neo4j.hpg_import --rpath=<path-to-the-folder-of-the-csv-files> --id=<xyz> --nodes=<nodes.csv> --edges=<rels.csv>
$ python3 -m hpg_neo4j.hpg_import -h

usage: hpg_import.py [-h] [--rpath P] [--id I] [--nodes N] [--edges E]

This script imports a CSV of a property graph into a neo4j docker database.

optional arguments:
  -h, --help  show this help message and exit
  --rpath P   relative path to the folder containing the graph CSV files inside the `data` directory
  --id I      an identifier for the graph or docker container
  --nodes N   the name of the nodes csv file (default: nodes.csv)
  --edges E   the name of the relations csv file (default: rels.csv)

HPG Construction and Import CLI (v1)

In order to create a hybrid property graph for the output of the hpg_crawler and import it inside a local neo4j instance, you can also do:

$ python3 -m engine.api <path> --js=<program.js> --import=<bool> --hybrid=<bool> --reqs=<requests.out> --evts=<events.out> --cookies=<cookies.pkl> --html=<html_snapshot.html>

Specification of Parameters:

• <path>: absolute path to the folder containing the program files for analysis (must be under the engine/outputs folder).
• --js=<program.js>: name of the JavaScript program for analysis (default: js_program.js).
• --import=<bool>: whether the constructed property graph should be imported to an active neo4j database (default: true).
• --hybrid=bool: whether the hybrid mode is enabled (default: false). This implies that the tester wants to enrich the property graph by inputing files for any of the HTML snapshot, fired events, HTTP requests and cookies, as collected by the JAW crawler.
• --reqs=<requests.out>: for hybrid mode only, name of the file containing the sequence of obsevered network requests, pass the string false to exclude (default: request_logs_short.out).
• --evts=<events.out>: for hybrid mode only, name of the file containing the sequence of fired events, pass the string false to exclude (default: events.out).
• --cookies=<cookies.pkl>: for hybrid mode only, name of the file containing the cookies, pass the string false to exclude (default: cookies.pkl).
• --html=<html_snapshot.html>: for hybrid mode only, name of the file containing the DOM tree snapshot, pass the string false to exclude (default: html_rendered.html).

For more information, you can use the help CLI provided with the graph construction API:

$ python3 -m engine.api -h

Security Analysis

The constructed HPG can then be queried using Cypher or the NeoModel ORM.

Running Custom Graph traversals

You should place and run your queries in analyses/<ANALYSIS_NAME>.

Option 1: Using the NeoModel ORM (Deprecated)

You can use the NeoModel ORM to query the HPG. To write a query:

• (1) Check out the HPG data model and syntax tree.
• (2) Check out the ORM model for HPGs
• (3) See the example query file provided; example_query_orm.py in the analyses/example folder.

$ python3 -m analyses.example.example_query_orm  

For more information, please see here.

Option 2: Using Cypher Queries

You can use Cypher to write custom queries. For this:

• (1) Check out the HPG data model and syntax tree.
• (2) See the example query file provided; example_query_cypher.py in the analyses/example folder.

$ python3 -m analyses.example.example_query_cypher

For more information, please see here.

Vulnerability Detection

This section describes how to configure and use JAW for vulnerability detection, and how to interpret the output. JAW contains, among others, self-contained queries for detecting client-side CSRF and DOM Clobbering

Step 1. enable the analysis component for the vulnerability class in the input config.yaml file:

request_hijacking:
  enabled: true 
  # [...]
  # 
domclobbering:
  enabled: false
  # [...]

cs_csrf:
  enabled: false
  # [...]

Step 2. Run an instance of the pipeline with:

$ python3 -m run_pipeline --conf=config.yaml

Hint. You can run multiple instances of the pipeline under different screens:

$ screen -dmS s1 bash -c 'python3 -m run_pipeline --conf=conf1.yaml; exec sh'
$ screen -dmS s2 bash -c 'python3 -m run_pipeline --conf=conf2.yaml; exec sh'
$ # [...]

To generate parallel configuration files automatically, you may use the generate_config.py script.

How to Interpret the Output of the Analysis?

The outputs will be stored in a file called sink.flows.out in the same folder as that of the input. For Client-side CSRF, for example, for each HTTP request detected, JAW outputs an entry marking the set of semantic types (a.k.a, semantic tags or labels) associated with the elements constructing the request (i.e., the program slices). For example, an HTTP request marked with the semantic type ['WIN.LOC'] is forgeable through the window.location injection point. However, a request marked with ['NON-REACH'] is not forgeable.

An example output entry is shown below:

[*] Tags: ['WIN.LOC']
[*] NodeId: {'TopExpression': '86', 'CallExpression': '87', 'Argument': '94'}
[*] Location: 29
[*] Function: ajax
[*] Template: ajaxloc + "/bearer1234/"
[*] Top Expression: $.ajax({ xhrFields: { withCredentials: "true" }, url: ajaxloc + "/bearer1234/" })

1:['WIN.LOC'] variable=ajaxloc
    0 (loc:6)- var ajaxloc = window.location.href

This entry shows that on line 29, there is a $.ajax call expression, and this call expression triggers an ajax request with the url template value of ajaxloc + "/bearer1234/, where the parameter ajaxloc is a program slice reading its value at line 6 from window.location.href, thus forgeable through ['WIN.LOC'].

Test Web Application

In order to streamline the testing process for JAW and ensure that your setup is accurate, we provide a simple node.js web application which you can test JAW with.

First, install the dependencies via:

$ cd tests/test-webapp
$ npm install

Then, run the application in a new screen:

$ screen -dmS jawwebapp bash -c 'PORT=6789 npm run devstart; exec sh'

Detailed Documentation.

For more information, visit our wiki page here. Below is a table of contents for quick access.

The Web Crawler of JAW

• Web Crawlers

Data Model of Hybrid Property Graphs (HPGs)

• Property Graph Nodes
• Grammar and Syntax Tree
• Property Graph Edges

Graph Construction

• Building a Property Graph
• Using JAW with Neo4j Docker Container

Graph Traversals

• Running Queries Over Property Graphs

Contribution and Code Of Conduct

Pull requests are always welcomed. This project is intended to be a safe, welcoming space, and contributors are expected to adhere to the contributor code of conduct.

Academic Publication

If you use the JAW for academic research, we encourage you to cite the following paper:

@inproceedings{JAW,
  title = {JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals},
  author= {Soheil Khodayari and Giancarlo Pellegrino},
  booktitle = {30th {USENIX} Security Symposium ({USENIX} Security 21)},
  year = {2021},
  address = {Vancouver, B.C.},
  publisher = {{USENIX} Association},
}   

Acknowledgements

JAW has come a long way and we want to give our contributors a well-deserved shoutout here!

@tmbrbr, @c01gide, @jndre, and Sepehr Mirzaei.

Pentest-Muse-Cli - AI Assistant Tailored For Cybersecurity Professionals

Pentest Muse is an AI assistant tailored for cybersecurity professionals. It can help penetration testers brainstorm ideas, write payloads, analyze code, and perform reconnaissance. It can also take actions, execute command line codes, and iteratively solve complex tasks.

Pentest Muse Web App

In addition to this command-line tool, we are excited to introduce the Pentest Muse Web Application! The web app has access to the latest online information, and would be a good AI assistant for your pentesting job.

Disclaimer

This tool is intended for legal and ethical use only. It should only be used for authorized security testing and educational purposes. The developers assume no liability and are not responsible for any misuse or damage caused by this program.

Requirements

• Python 3.12 or later
• Necessary Python packages as listed in requirements.txt

Setup

Standard Setup

1. Clone the repository:

git clone https://github.com/pentestmuse-ai/PentestMuse cd PentestMuse

1. Install the required packages:

pip install -r requirements.txt

Alternative Setup (Package Installation)

Install Pentest Muse as a Python Package:

pip install .

Running the Application

Chat Mode (Default)

In the chat mode, you can chat with pentest muse and ask it to help you brainstorm ideas, write payloads, and analyze code. Run the application with:

python run_app.py

or

pmuse

Agent Mode (Experimental)

You can also give Pentest Muse more control by asking it to take actions for you with the agent mode. In this mode, Pentest Muse can help you finish a simple task (e.g., 'help me do sql injection test on url xxx'). To start the program with agent model, you can use:

python run_app.py agent

or

pmuse agent

Selection of Language Models

Managed APIs

You can use Pentest Muse with our managed APIs after signing up at www.pentestmuse.ai/signup. After creating an account, you can simply start the pentest muse cli, and the program will prompt you to login.

OpenAI API keys

Alternatively, you can also choose to use your own OpenAI API keys. To do this, you can simply add argument --openai-api-key=[your openai api key] when starting the program.

Contact

For any feedback or suggestions regarding Pentest Muse, feel free to reach out to us at contact@pentestmuse.ai or join our discord. Your input is invaluable in helping us improve and evolve.

Gtfocli - GTFO Command Line Interface For Easy Binaries Search Commands That Can Be Used To Bypass Local Security Restrictions In Misconfigured Systems

GTFOcli it's a Command Line Interface for easy binaries search commands that can be used to bypass local security restrictions in misconfigured systems.

Installation

Using go:

go install github.com/cmd-tools/gtfocli@latest

Using homebrew:

brew tap cmd-tools/homebrew-tap
brew install gtfocli

Using docker:

docker pull cmdtoolsowner/gtfocli

Usage

Search for unix binaries

Search for binary tar:

gtfocli search tar

Search for binary tar from stdin:

echo "tar" | gtfocli search

Search for binaries located into file;

cat myBinaryList.txt
/bin/bash
/bin/sh
tar
arp
/bin/tail

gtfocli search -f myBinaryList.txt

Search for windows binaries

Search for binary Winget.exe:

gtfocli search Winget --os windows

Search for binary Winget from stdin:

echo "Winget" | gtfocli search --os windows

Search for binaries located into file:

cat windowsExecutableList.txt
Winget
c:\\Users\\Desktop\\Ssh
Stordiag
Bash
c:\\Users\\Runonce.exe
Cmdkey
c:\dir\subDir\Users\Certreq.exe

gtfocli search -f windowsExecutableList.txt --os windows

Search for binary Winget and print output in yaml format (see -h for available formats):

gtfocli search Winget -o yaml --os windows

Search using dockerized solution

Examples:

Search for binary Winget and print output in yaml format:

docker run -i cmdtoolsowner/gtfocli search Winget -o yaml --os windows

Search for binary tar and print output in json format:

echo 'tar' | docker run -i cmdtoolsowner/gtfocli search -o json

Search for binaries located into file mounted as volume in the container:

cat myBinaryList.txt
/bin/bash
/bin/sh
tar
arp
/bin/tail

docker run -i -v $(pwd):/tmp cmdtoolsowner/gtfocli search -f /tmp/myBinaryList.txt

CTF

An example of common use case for gtfocli is together with find:

find / -type f \( -perm 04000 -o -perm -u=s \) -exec gtfocli search {} \; 2>/dev/null

or

find / -type f \( -perm 04000 -o -perm -u=s \) 2>/dev/null | gtfocli search

Credits

Thanks to GTFOBins and LOLBAS, without these projects gtfocli would never have come to light.

Contributing

You want to contribute to this project? Wow, thanks! So please just fork it and send a pull request.

SpeedyTest - Command-Line Tool For Measuring Internet Speed

SpeedyTest is a powerful command-line tool for measuring internet speed. With its advanced features and intuitive interface, it provides accurate and comprehensive speed test results. Whether you're a network administrator, developer, or simply want to monitor your internet connection, SpeedyTest is the perfect tool for the job.

• Measure download speed, upload speed, and ping latency.
• Generate detailed reports with graphical representation of speed test results.
• Save and export test results in various formats (CSV, JSON, etc.).
• Customize speed test parameters and server selection.
• Compare speed test results over time to track performance changes.
• Integrate SpeedyTest into your own applications using the provided API.
• track your timeline with saved database

git clone https://github.com/HalilDeniz/SpeedyTest.git

Before you can use SpeedyTest, you need to make sure that you have the necessary requirements installed. You can install these requirements by running the following command:

pip install -r requirements.txt

Run the following command to perform a speed test:

python3 speendytest.py

Receiving data \
Speed test completed!
Speed test time: 20.22 second
Server    : Farknet - Konya
IP Address: speedtest.farknet.com.tr:8080
Country   : Turkey
City      : Konya
Ping      : 20.41 ms
Download  : 90.12 Mbps
Loading   : 20 Mbps

Contributions are welcome! To contribute to SpeedyTest, follow these steps:

1. Fork the repository.
2. Create a new branch for your feature or bug fix.
3. Make your changes and commit them.
4. Push your changes to your forked repository.
5. Open a pull request in the main repository.

If you have any questions, comments, or suggestions about PrivacyNet, please feel free to contact me:

• LinkedIn......: LinkedIn
• TryHackMe.: TryHackMe
• Instagram...: Instagram
• YouTube.....: YouTube
• Email: halildeniz313@gmail.com

SpeedyTest is released under the MIT License. See LICENSE for details.

Mass-Bruter - Mass Bruteforce Network Protocols

Mass bruteforce network protocols

Info

Simple personal script to quickly mass bruteforce common services in a large scale of network.
It will check for default credentials on ftp, ssh, mysql, mssql...etc.
This was made for authorized red team penetration testing purpose only.

How it works

1. Use masscan(faster than nmap) to find alive hosts with common ports from network segment.
2. Parse ips and ports from masscan result.
3. Craft and run hydra commands to automatically bruteforce supported network services on devices.

Requirements

• Kali linux or any preferred linux distribution
• Python 3.10+

# Clone the repo
git clone https://github.com/opabravo/mass-bruter
cd mass-bruter

# Install required tools for the script
apt update && apt install seclists masscan hydra

How To Use

Private ip range : 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12

Save masscan results under ./result/masscan/, with the format masscan_<name>.<ext>

Ex: masscan_192.168.0.0-16.txt

Example command:

masscan -p 3306,1433,21,22,23,445,3389,5900,6379,27017,5432,5984,11211,9200,1521 172.16.0.0/12 | tee ./result/masscan/masscan_test.txt

Example Resume Command:

masscan --resume paused.conf | tee -a ./result/masscan/masscan_test.txt

Command Options

┌──(root㉿root)-[~/mass-bruter]
└─# python3 mass_bruteforce.py
Usage:  [OPTIONS]

  Mass Bruteforce Script

Options:
  -q, --quick           Quick mode (Only brute telnet, ssh, ftp , mysql,
                        mssql, postgres, oracle)
  -a, --all             Brute all services(Very Slow)
  -s, --show            Show result with successful login
  -f, --file-path PATH  The directory or file that contains masscan result
                        [default: ./result/masscan/]
  --help                Show this message and exit.

Quick Bruteforce Example:

python3 mass_bruteforce.py -q -f ~/masscan_script.txt

Fetch cracked credentials:

python3 mass_bruteforce.py -s

Todo

• Migrate with dpl4hydra
• Optimize the code and functions
• MultiProcessing

Any contributions are welcomed!

CryptoChat - Beyond Secure Messaging

Welcome to CryptChat - where conversations remain truly private. Built on the robust Python ecosystem, our application ensures that every word you send is wrapped in layers of encryption. Whether you're discussing sensitive business details or sharing personal stories, CryptChat provides the sanctuary you need in the digital age. Dive in, and experience the next level of secure messaging!

1. End-to-End Encryption: Every message is secured from sender to receiver, ensuring utmost privacy.
2. User-Friendly Interface: Navigating and messaging is intuitive and simple, making secure conversations a breeze.
3. Robust Backend: Built on the powerful Python ecosystem, our chat is reliable and fast.
4. Open Source: Dive into our codebase, contribute, and make it even better for everyone.
5. Multimedia Support: Not just text - send encrypted images, videos, and files with ease.
6. Group Chats: Have encrypted conversations with multiple people at once.

• Python 3.x
• cryptography
• colorama

1. Clone the repository:

   git clone https://github.com/HalilDeniz/CryptoChat.git

2. Navigate to the project directory:

   cd CryptoChat

3. Install the required dependencies:

   pip install -r requirements.txt

$ python3 server.py --help
usage: server.py [-h] [--host HOST] [--port PORT]

Start the chat server.

options:
-h, --help   show this help message and exit
--host HOST  The IP address to bind the server to.
--port PORT  The port number to bind the server to.
--------------------------------------------------------------------------
$ python3 client.py --help
usage: client.py [-h] [--host HOST] [--port PORT]

Connect to the chat server.

options:
-h, --help   show this help message and exit
--host HOST  The server's IP address.
--port PORT  The port number of the server.

$ python3 serverE.py --help
usage: serverE.py [-h] [--host HOST] [--port PORT] [--key KEY]

Start the chat server.

options:
  -h, --help   show this help message and exit
  --host HOST  The IP address to bind the server to. (Default=0.0.0.0)
  --port PORT  The port number to bind the server to. (Default=12345)
  --key KEY    The secret key for encryption. (Default=mysecretpassword)
--------------------------------------------------------------------------
$ python3 clientE.py --help
usage: clientE.py [-h] [--host HOST] [--port PORT] [--key KEY]

Connect to the chat server.

options:
  -h, --help   show this help message and exit
  --host HOST  The IP address to bind the server to. (Default=127.0.0.1)
  --port PORT  The port number to bind the server to. (Default=12345)
  --key KEY    The secret key for encr   yption. (Default=mysecretpassword)

• --help: show this help message and exit
• --host: The IP address to bind the server.
• --port: The port number to bind the server.
• --key : The secret key for encryption

Contributions are welcome! If you find any issues or have suggestions for improvements, feel free to open an issue or submit a pull request.

If you have any questions, comments, or suggestions about CryptChat, please feel free to contact me:

• LinkedIn: Halil Ibrahim Deniz
• TryHackMe: Halilovic
• Instagram: deniz.halil333
• YouTube: Halil Deniz
• Email: halildeniz313@gmail.com

WiFi-Pineapple-MK7_REST-Client - WiFi Hacking Workflow With WiFi Pineapple Mark VII API

PINEAPPLE MARK VII REST CLIENT

• The leading rogue access point and WiFi pentest toolkit for close access operations.
• Passive and active attacks analyze vulnerable and misconfigured devices.
• https://hak5.org/collections/sale/products/wifi-pineapple

Author:: TW-D

Version:: 1.3.7

Copyright:: Copyright (c) 2022 TW-D

License:: Distributes under the same terms as Ruby

Doc:: https://hak5.github.io/mk7-docs/docs/rest/rest/

Requires:: Ruby >= 2.7.0p0 and Pineapple Mark VII >= 2.1.0-stable

Installation (Debian, Ubuntu, Raspbian)::

• sudo apt-get install build-essential curl g++ ruby ruby-dev

• sudo gem install net-ssh rest-client tty-progressbar

Description

Library allowing the automation of active or passive attack operations.

Note : "Issues" and "Pull Request" are welcome.

Payloads

In "./payloads/" directory, you will find :

Payload skeleton for development

#
# Title:            <TITLE>
#
# Description:      <DESCRIPTION>
#
#
# Author:           <AUTHOR>
# Version:          <VERSION>
# Category:         <CATEGORY>
#
# STATUS
# ======================
# <SHORT-DESCRIPTION> ... SETUP
# <SHORT-DESCRIPTION> ... ATTACK
# <SHORT-DESCRIPTION> ... SPECIAL
# <SHORT-DESCRIPTION> ... FINISH
# <SHORT-DESCRIPTION> ... CLEANUP
# <SHORT-DESCRIPTION> ... OFF
#

require_relative('<PATH-TO>/classes/PineappleMK7.rb')

system_authentication = PineappleMK7::System::Authentication.new
system_authentication.host = "<PINEAPPLE-IP-ADDRESS>"
system_authentication.port = 1471
system_authentication.mac = "<PINEAPPLE-MAC-ADDRESS>"
system_authentication.password = "<ROOT-ACCOUNT-PASSWORD>"

if (system_authentication.login)

    led =    PineappleMK7::System::LED.new

    # SETUP
    #
    led.setup

    #
    # [...]
    #

    # ATTACK
    #
    led.attack

    #
    # [...]
    #

    # SPECIAL
    #
    led.special

    #
    # [...]
    #

    # FINISH
    #
    led.finish

    #
    # [...]
    #

    # CLEANUP
    #
    led.cleanup

    #
    # [...]
    #

    # OFF
    #
    led.off

end

Note : Don't hesitate to take inspiration from the payloads directory.

System modules

Authentication accessors/method

system_authentication = PineappleMK7::System::Authentication.new

system_authentication.host = (string) "<PINEAPPLE-IP-ADDRESS>"
system_authentication.port = (integer) 1471
system_authentication.mac = (string) "<PINEAPPLE-MAC-ADDRESS>"
system_authentication.password = (string) "<ROOT-ACCOUNT-PASSWORD>"

system_authentication.login()

LED methods

led = PineappleMK7::System::LED.new

led.setup()
led.failed()
led.attack()
led.special()
led.cleanup()
led.finish()
led.off()

Pineapple Modules

Dashboard

Notifications method

dashboard_notifications = PineappleMK7::Modules::Dashboard::Notifications.new

dashboard_notifications.clear()

Stats method

dashboard_stats = PineappleMK7::Modules::Dashboard::Stats.new

dashboard_stats.output()

Logging

System method

logging_system = PineappleMK7::Modules::Logging::System.new

logging_system.output()

PineAP

Clients methods

pineap_clients = PineappleMK7::Modules::PineAP::Clients.new

pineap_clients.connected_clients()
pineap_clients.previous_clients()
pineap_clients.kick( (string) mac )
pineap_clients.clear_previous()

EvilWPA accessors/method

evil_wpa = PineappleMK7::Modules::PineAP::EvilWPA.new

evil_wpa.ssid = (string default:'PineAP_WPA')
evil_wpa.bssid = (string default:'00:13:37:BE:EF:00')
evil_wpa.auth = (string default:'psk2+ccmp')
evil_wpa.password = (string default:'pineapplesareyummy')
evil_wpa.hidden = (boolean default:false)
evil_wpa.enabled = (boolean default:false)
evil_wpa.capture_handshakes = (boolean default:false)

evil_wpa.save()

Filtering methods

pineap_filtering = PineappleMK7::Modules::PineAP::Filtering.new

pineap_filtering.client_filter( (string) 'allow' | 'deny' )
pineap_filtering.add_client( (string) mac )
pineap_filtering.clear_clients()
pineap_filtering.ssid_filter( (string) 'allow' | 'deny' )

Impersonation methods

pineap_impersonation = PineappleMK7::Modules::PineAP::Impersonation.new

pineap_impersonation.output()
pineap_impersonation.add_ssid( (string) ssid )
pineap_impersonation.clear_pool()

OpenAP method

open_ap = PineappleMK7::Modules::PineAP::OpenAP.new

open_ap.output()

Settings accessors/method

pineap_settings = PineappleMK7::Modules::PineAP::Settings.new

pineap_settings.enablePineAP = (boolean default:true)
pineap_settings.autostartPineAP = (boolean default:true)
pineap_settings.armedPineAP = (boolean default:false)
pineap_settings.ap_channel = (string default:'11')
pineap_settings.karma = (boolean default:false)
pineap_settings.logging = (boolean default:false)
pineap_settings.connect_notifications = (boolean default:false)
pineap_settings.disconnect_notifications = (boolean default:false)
pineap_settings.capture_ssids = (boolean default:false)
pineap_settings.beacon_responses = (boolean default:false)
pineap_settings.broadcast_ssid_pool = (boolean default:false)
pineap_settings.broadcast_ssid_pool_random = (boolean default:false)
pineap_settings.pineap_mac = (string default:system_authentication.mac)
pineap_settings.target_mac = (string default:'FF:FF:FF:FF:FF:FF')<   br/>pineap_settings.beacon_response_interval = (string default:'NORMAL')
pineap_settings.beacon_interval = (string default:'NORMAL')

pineap_settings.save()

Recon

Handshakes methods

recon_handshakes = PineappleMK7::Modules::Recon::Handshakes.new

recon_handshakes.start( (object) ap )
recon_handshakes.stop()
recon_handshakes.output()
recon_handshakes.download( (object) handshake, (string) destination )
recon_handshakes.clear()

Scanning methods

recon_scanning = PineappleMK7::Modules::Recon::Scanning.new

recon_scanning.start( (integer) scan_time )
recon_scanning.start_continuous( (boolean) autoHandshake )
recon_scanning.stop_continuous()
recon_scanning.output( (integer) scanID )
recon_scanning.tags( (object) ap )
recon_scanning.deauth_ap( (object) ap )
recon_scanning.delete( (integer) scanID )

Settings

Networking methods

settings_networking = PineappleMK7::Modules::Settings::Networking.new

settings_networking.interfaces()
settings_networking.client_scan( (string) interface )
settings_networking.client_connect( (object) network, (string) interface )
settings_networking.client_disconnect( (string) interface )
settings_networking.recon_interface( (string) interface )

HackBot - A Simple Cli Chatbot Having Llama2 As Its Backend Chat AI

Welcome to HackBot, an AI-powered cybersecurity chatbot designed to provide helpful and accurate answers to your cybersecurity-related queries and also do code analysis and scan analysis. Whether you are a security researcher, an ethical hacker, or just curious about cybersecurity, HackBot is here to assist you in finding the information you need.

HackBot utilizes the powerful language model Meta-LLama2 through the "LlamaCpp" library. This allows HackBot to respond to your questions in a coherent and relevant manner. Please make sure to keep your queries in English and adhere to the guidelines provided to get the best results from HackBot.

Features

• AI Cybersecurity Chat: HackBot can answer various cybersecurity-related queries, helping you with penetration testing, security analysis, and more.
• Interactive Interface: The chatbot provides an interactive command-line interface, making it easy to have conversations with HackBot.
• Clear Output: HackBot presents its responses in a well-formatted markdown, providing easily readable and organized answers.
• Static Code Analysis: Utilizes the provided scan data or log file for conducting static code analysis. It thoroughly examines the source code without executing it, identifying potential vulnerabilities, coding errors, and security issues.
• Vulnerability Analysis: Performs a comprehensive vulnerability analysis using the provided scan data or log file. It identifies and assesses security weaknesses, misconfigurations, and potential exploits present in the target system or network.

How it looks

Chat:

Static Code analysis:

Vulnerability analysis:

Installation

Prerequisites

Before you proceed with the installation, ensure you have the following prerequisites:

• Python (3.6 or later)
• pip package manager
• Visual studio Code - Follow the steps in this link llama-cpp-prereq-install-instructions
• cmake

Step 1: Clone the Repository

git clone https://github.com/morpheuslord/hackbot.git
cd hackbot

Step 2: Install Dependencies

pip install -r requirements.txt

Step 3: Download the AI Model

python hackbot.py

The first time you run HackBot, it will check for the AI model required for the chatbot. If the model is not present, it will be automatically downloaded and saved as "llama-2-7b-chat.ggmlv3.q4_0.bin" in the project directory.

Usage

To start a conversation with HackBot, run the following command:

python hackbot.py

HackBot will display a banner and wait for your input. You can ask cybersecurity-related questions, and HackBot will respond with informative answers. To exit the chat, simply type "quit_bot" in the input prompt.

Here are some additional commands you can use:

• clear_screen: Clears the console screen for better readability.
• quit_bot: This is used to quit the chat application
• bot_banner: Prints the default bots banner.
• contact_dev: Provides my contact information.
• save_chat: Saves the current sessions interactions.
• vuln_analysis: Does a Vuln analysis using the scan data or log file.
• static_code_analysis: Does a Static code analysis using the scan data or log file.

Note: I am working on more addons and more such commands to give a more chatGPT experience

Please Note: HackBot's responses are based on the Meta-LLama2 AI model, and its accuracy depends on the quality of the queries and data provided to it.

I am also working on AI training by which I can teach it how to be more accurately tuned to work for hackers on a much more professional level.

Contributing

We welcome contributions to improve HackBot's functionality and accuracy. If you encounter any issues or have suggestions for enhancements, please feel free to open an issue or submit a pull request. Follow these steps to contribute:

1. Fork the repository.
2. Create a new branch with a descriptive name.
3. Make your changes and commit them.
4. Push your changes to your forked repository.
5. Open a pull request to the main branch of this repository.

Please maintain a clean commit history and adhere to the project's coding guidelines.

AI training

If anyone with the know-how of training text generation models can help improve the code.

Contact

For any questions, feedback, or inquiries related to HackBot, feel free to contact the project maintainer:

• Email: morpheuslord@protonmail.com
• Twitter: @morpheuslord2
• LinkedIn: ChiranjeeviG

pyFUD - Multi Clients FUD Reverse Shell

python3 based multi clients reverse shell.

Warning:

1. Don't Upload Any Payloads To VirusTotal.com Bcz This tool will not work
   with Time.
2. Virustotal Share Signatures With AV Comapnies.
3. Again Don't be an Idiot!

Installation:

1. git clone https://github.com/machine1337/pyFUD
2. python3 server.py (enter your ip,port and start the server)
3. client.py (Edit IP AND PORT To Put Your Own IP,Port)

Usage:

1. python3 server.py
2. Now Compile client.py to exe (make sure change ip and port in it)

Features:

1. Very Simple And Fully Undectable Reverse Shell
2. Multi Client Handling
3. Persistent  Shell
3. auto-reconnect
5. U can Convert client.py to exe using pyinstaller tool in windows.

Warning:

Use this tool Only for Educational Purpose And I will Not be Responsible For ur cruel act.