/PentestingTools

Some Python scripts for pentesting

Primary LanguagePythonApache License 2.0Apache-2.0

PentestingTools

Some scripts for pentesting.

padding

A simple Python script for replicating the functionality of pattern_create.rb and pattern_offset.rb tools of the Metasploit Framework. Useful for exploit writers than only have a python binary around. About 25 times faster than the MSF implementation which is as slow as molasses.

Simply invoke the script without arguments or junk arguments in order to get the help.

Examples

# create a 128 bytes buffer
python padding.py create 128
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae

Created a buffer of 128 bytes

# find the string offset
python padding.py offset Ab0A
Pattern found at position: 30

# WARNING: valid hex values are not decoded if they are part of the ACTUAL buffer
# the hex decoding is a fallback measure for the input
python padding.py offset Ab0Ab1
Pattern found at position: 30

# decode a hex value to a string offset
python padding.py offset 41306241
hex pattern decoded as: Ab0A
Pattern found at position: 30

# decode another representation of the hex value to a string offset
# use this representation of a hex value in order to force the decoding
python padding.py offset 0x41306241
hex pattern decoded as: Ab0A
Pattern found at position: 30

# find multiple offsets for patterns exceeding 20280 bytes
# 20280 bytes is the maximum unique bytes for the Aa0 pattern
python padding.py offset Aa0 30000
0
20280

str2char

Simple MySQL string to HEX and string to CHAR() encoder.

Example

# The most basic usage.
The used string: =>/etc/passwd<=
MySQL HEX: 0x2f6574632f706173737764
MySQL DEC: CHAR(47,101,116,99,47,112,97,115,115,119,100)

# The quotes, as expected, are ignored.
python str2char.py "/etc/passwd"
The used string: =>/etc/passwd<=
MySQL HEX: 0x2f6574632f706173737764
MySQL DEC: CHAR(47,101,116,99,47,112,97,115,115,119,100)
python str2char.py '/etc/passwd'
The used string: =>/etc/passwd<=
MySQL HEX: 0x2f6574632f706173737764
MySQL DEC: CHAR(47,101,116,99,47,112,97,115,115,119,100)

# Yes, it has bare words. Beware of whitespaces at the start / end of the string!
python str2char.py this tool supports bare words when you don\'t need whitespaces at the start or at the end of the string
The used string: =>this tool supports bare words when you don't need whitespaces at the start or at the end of the string<=
MySQL HEX: 0x7468697320746f6f6c20737570706f727473206261726520776f726473207768656e20796f7520646f6e2774206e65656420776869746573706163657320617420746865207374617274206f722061742074686520656e64206f662074686520737472696e67
MySQL DEC: CHAR(116,104,105,115,32,116,111,111,108,32,115,117,112,112,111,114,116,115,32,98,97,114,101,32,119,111,114,100,115,32,119,104,101,110,32,121,111,117,32,100,111,110,39,116,32,110,101,101,100,32,119,104,105,116,101,115,112,97,99,101,115,32,97,116,32,116,104,101,32,115,116,97,114,116,32,111,114,32,97,116,32,116,104,101,32,101,110,100,32,111,102,32,116,104,101,32,115,116,114,105,110,103)

checkip.sh

Simple Bash scripts to find IP location.

Example

# Check IP list in a file
bash checkip.sh -f filename

# Check single IP
bash checkip.sh -i ip