Hacker information collection, used to collect information about the target.
Direct operation of specific usage.
Example:
python3 Hacker Tool set.py
python3 Hacker information collection.py
python3 translate.py
python3 arp.py
Please modify the SMTP. Login and SMTP. Sendmail () parameters before calling the mailbox forge script.
Ddos.py is the user I wrote with python2.7 please
Self modify the attack target inside
Defense ddos
Defense ddos: please first execute install. Py =>fyddos.
Then the defense ddos script starts. If you are attacked by ddos, execute.
Netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq-c | sort -n.
Command to view your IP. Detailed article: http://www.cnblogs.com/haq5201314/p/8351960.html
python shell.py -h
-a asp Trojan horse
-j jsap Trojan horse
-p php Trojan horse
-v Edition
python3 Sqllinject.py
python3 WebmasterTools.py
Usage: [-z Subdomain mining][-p Side of the station inquiries][-x http status query]
Options:
-h, --help show this help message and exit
-z SUBDOMAIN Subdomain mining
-p SIDE Side of the station inquiries
-x HTTP http status query
I didn't have time to go to school before I uploaded the scripts I finished.
My blog: http://www.cnblogs.com/haq5201314/
Distinguish.py用于批量安装工具包,方便大家安装工具
These scripts and methods of use are all in my blog. Please dig or use this script.
The updated scripts are as follows:
cms.py #For mining target CMS targets His accessories are data.json
csrfjiance.py #Used to detect CSRF vulnerabilities
sqlzhuruapi.py #This is a script for mass mining site SQL injection
urltiaozhuan.py #This is a script for mining URL jump holes
Distinguish.py #This is the two generation of an information collection script
dianjijieci.py #This is a script that excavated clicking hijacking
python3 exploitsearch.py
Usage: exploitsearch.py [options]
Options:
-h, --help show this help message and exit
-m Save the home directory in the local area
-w Save all the attack loads of Web
-s SEARCH search exploit
-y Save the Long-range all exploit
-b Save the local all exploit
CVE-2018-2894任意文件上传漏洞检测POC:在Weblogic任意上传文件里面
2018年7月31号新增加的
dedecms远程文件写入exp 15年的
phpcms中转注入漏洞批量验证
Linux信息收集脚本
直接在目标机运行就行,信息保存在save.txt
收集的信息有:
首先要获取系统信息:
系统名称
本地ip
主机名
本地dns
环境变量
shell程序
hosts文件
路由信息
arp缓存
计划任务
挂载磁盘
mail目录
history文件
home/root/bin/sbin目录
获取用户信息
当前权限
用户信息
本地用户
在线用户
hash加密规则
hash信息
用户组信息
最后登录信息
最后登录用户信息
所有用户的计划任务
安全扫描
是否能无密码sudo
conf配置文件
ssh的密钥文件
是否能root登录
敏感配置文件扫描
关键字含有config、web.xml、database、pass的文件
uid为0用户
敏感服务匿名
空密码用户
zip/tar.gz/sh/pl/py/rb/txt/bak后缀文件
cms_debug是一个集合多种CMS插件的项目 目前版本1.0,已集合Asp_CMS的插件
Cms_debug is a collection of multiple CMS plug-ins. Now version 1, the plugin that has already assembled Asp_CMS.
WDCP爆破是专门针对wdcp后台进行爆破的
云悉指纹用于识别web指纹
MS17010是自己闲着无聊写的检测脚本
ECShop-exploit ECSHOP RCE 漏洞复现教程:VULNSPY实验-ECShop <= 2.7.x 全系列版本远程代码执行高危漏洞利用
SPLOITUS抓取了一个不错的exploits搜索引擎
xss_payload
是用于进行xss检测的
LEFI
是用于进行文件包含漏洞扫描的
这段时间比较忙没有及时更新写的脚本,在此说声抱歉。很多写过的脚本,具体作用我也忘的差不多了
请各位自行使用和了解,Thanks
By 九世 time 2018.11.16 0:11
base64 _injection.py 是用于进行base64注入的脚本,他要求你先填写你的url,在填写里面的id
例如:http://xxx.com/ss.php?id=MTM
先填:http://xxx.com/ss.php?id=
在填ID=13
此脚本针对无防御的站点
测试站点:http://yyyhhg.com
搜索更多类似的站点:google语法:inurl:.php?id=MTM
Base64_injection.py is a script for base64 injection. It asks you to fill in your URL first and fill in the ID in it.
For example: http://xxx.com/ss.php?Id=MTM
First fill in: http://xxx.com/ss.php?Id=
Filling in ID=13
This script is for defenseless sites
Test site: http://yyyhhg.com
Search for more similar sites: Google grammar: inurl:. php? Id = MTM
By 九世 time:2018/12/2
c2项目是我第一个接触c2通信所写出来的脚本
具体使用方法:
server:demo.py IP port or demo.exe IP port
client:修改gc.html里的连接配置http://127.0.0.1/gc.html,连接服务器并执行命令(可过360)
视频:[c2通信实现—其他—视频高清在线观看-优酷](https://v.youku.com/v_show/id_XMzk2NDI2MjI0MA==.html?spm=a2hzp.8253869.0.0)
C2 project is my first script to contact C2 communication
Specific methods of use:
Server: demo.py IP port or demo.exe IP port
Client: Modify the connection configuration in gc.html http://127.0.0.1/gc.html, connect to the server and execute commands (up to 360)
BY 九世 2018/12/14