Login
In the dynamic realm of cybersecurity, vigilance and proactive defense are key. Malicious actors often leverage Microsoft Office files and Zip archives, embedding covert URLs or macros to initiate harmful actions. This Python script is crafted to detect potential threats by scrutinizing the contents of Microsoft Office documents, Acrobat Reader PDF documents and Zip files, reducing the risk of inadvertently triggering malicious code.
The script smartly identifies Microsoft Office documents (.docx, .xlsx, .pptx), Acrobat Reader PDF documents (.pdf) and Zip files. These file types, including Office documents, are zip archives that can be examined programmatically.
For both Office and Zip files, the script decompresses the contents into a temporary directory. It then scans these contents for URLs using regular expressions, searching for potential signs of compromise.
To minimize false positives, the script includes a list of domains to ignore, filtering out common URLs typically found in Office documents. This ensures focused analysis on unusual or potentially harmful URLs.
Files with URLs not on the ignored list are marked as suspicious. This heuristic method allows for adaptability based on your specific security context and threat landscape.
Post-scanning, the script cleans up by erasing temporary decompressed files, leaving no traces.
To effectively utilize the script:
Execute the script with the command: python CanaryTokenScanner.py FILE_OR_DIRECTORY_PATH (Replace FILE_OR_DIRECTORY_PATH with the actual file or directory path.)
Interpretation
Β
An example of the Canary Token Scanner script in action, demonstrating its capability to detect suspicious URLs.
This script is intended for educational and security testing purposes only. Utilize it responsibly and in compliance with applicable laws and regulations.
Penetration tests on SSH servers using dictionary attacks. Written in C.
brute krag means "brute force" in afrikΓ‘ans
This tool is for ethical testing purpose only.
cbrutekrag and its owners can't be held responsible for misuse by users.
Users have to act as permitted by local law rules.
Β
cbrutekrag uses libssh - The SSH Library (http://www.libssh.org/)
Requirements:
FreshRSS 
makegcc compilerlibssh-devgit clone --depth=1 https://github.com/matricali/cbrutekrag.git
cd cbrutekrag
make
make installRequirements:
cmakegcc compilermakelibssl-devlibz-devgit clone --depth=1 https://github.com/matricali/cbrutekrag.git
cd cbrutekrag
bash static-build.sh
make install$ cbrutekrag -h
_ _ _
| | | | | |
___ | |__ _ __ _ _| |_ ___| | ___ __ __ _ __ _
/ __|| '_ \| '__| | | | __/ _ \ |/ / '__/ _` |/ _` |
| (__ | |_) | | | |_| | || __/ <| | | (_| | (_| |
\___||_.__/|_| \__,_|\__\___|_|\_\_| \__,_|\__, |
OpenSSH Brute force tool 0.5.0 __/ |
(c) Copyright 2014-2022 Jorge Matricali |___/
usage: ./cbrutekrag [-h] [-v] [-aA] [-D] [-P] [-T TARGETS.lst] [-C combinations.lst]
[-t THREADS] [-o OUTPUT.txt] [TARGETS...]
-h This help
-v Verbose mode
-V Verbose mode (sshlib)
-s Scan mode
-D Dry run
-P Progress bar
-T <targets> Targets file
-C <combinations> Username and password file -t <threads> Max threads
-o <output> Output log file
-a Accepts non OpenSSH servers
-A Allow servers detected as honeypots.cbrutekrag -T targets.txt -C combinations.txt -o result.log
cbrutekrag -s -t 8 -C combinations.txt -o result.log 192.168.1.0/24root root
root password
root $BLANKPASS$
