GitHub - CrackerCat/python: python黑客与一些脚本

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 33 Commits
Hacker python		Hacker python
Linux信息收集脚本		Linux信息收集脚本
WebLogic任意文件上传		WebLogic任意文件上传
phpcms（中转注入批量检测）		phpcms（中转注入批量检测）
御剑		御剑
织梦写入批检		织梦写入批检
Distinguish.py		Distinguish.py
Interface.json		Interface.json
README.txt		README.txt
Sqlinject.py		Sqlinject.py
WebmasterTools.py		WebmasterTools.py
arp.py		arp.py
cms.py		cms.py
cms.txt		cms.txt
cs.py		cs.py
csrfjiance.py		csrfjiance.py
ddos.py		ddos.py
dianjijieci.py		dianjijieci.py
dy1.py		dy1.py
dy2.py		dy2.py
dy3.py		dy3.py
exploitsearch.py		exploitsearch.py
fg.txt		fg.txt
fyddos.py		fyddos.py
gonjusetup.py		gonjusetup.py
install.py		install.py
list.txt		list.txt
mulu.txt		mulu.txt
shell.py		shell.py
shibie.py		shibie.py
sqlzhuru.py		sqlzhuru.py
sqlzhuruapi.py		sqlzhuruapi.py
translate.py		translate.py
urltiaozhuan.py		urltiaozhuan.py
whois.txt		whois.txt
windows 10.txt		windows 10.txt
windows XP.txt		windows XP.txt
windows server 2003.txt		windows server 2003.txt
windows server 2008.txt		windows server 2008.txt
windows server 2012.txt		windows server 2012.txt
windows7.txt		windows7.txt
yxwz.py		yxwz.py

Repository files navigation

Hacker information collection, used to collect information about the target.
Direct operation of specific usage.
Example:
python3 Hacker Tool set.py
python3 Hacker information collection.py
python3 translate.py
python3 arp.py
Please modify the SMTP. Login and SMTP. Sendmail () parameters before calling the mailbox forge script.
Ddos.py is the user I wrote with python2.7 please
Self modify the attack target inside
Defense ddos
Defense ddos: please first execute install. Py =>fyddos.

Then the defense ddos script starts. If you are attacked by ddos, execute.

Netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq-c | sort -n.

Command to view your IP. Detailed article: http://www.cnblogs.com/haq5201314/p/8351960.html

python shell.py -h
-a  asp Trojan horse 
-j  jsap Trojan horse 
-p php Trojan horse 
-v Edition

python3 Sqllinject.py

python3 WebmasterTools.py
Usage: [-z Subdomain mining][-p Side of the station inquiries][-x http status query]

Options:
  -h, --help    show this help message and exit
  -z SUBDOMAIN  Subdomain mining
  -p SIDE       Side of the station inquiries
  -x HTTP       http status query

I didn't have time to go to school before I uploaded the scripts I finished.

My blog: http://www.cnblogs.com/haq5201314/




Distinguish.py用于批量安装工具包，方便大家安装工具


These scripts and methods of use are all in my blog. Please dig or use this script.

The updated scripts are as follows:
cms.py #For mining target CMS targets His accessories are data.json
csrfjiance.py #Used to detect CSRF vulnerabilities
sqlzhuruapi.py #This is a script for mass mining site SQL injection
urltiaozhuan.py #This is a script for mining URL jump holes
Distinguish.py #This is the two generation of an information collection script
dianjijieci.py #This is a script that excavated clicking hijacking



python3 exploitsearch.py
Usage: exploitsearch.py [options]

Options:
  -h, --help  show this help message and exit
  -m          Save the home directory in the local area
  -w          Save all the attack loads of Web
  -s SEARCH   search exploit
  -y          Save the Long-range all exploit
  -b          Save the local all exploit


CVE-2018-2894任意文件上传漏洞检测POC：在Weblogic任意上传文件里面


2018年7月31号新增加的
dedecms远程文件写入exp 15年的
phpcms中转注入漏洞批量验证

Linux信息收集脚本
直接在目标机运行就行，信息保存在save.txt

收集的信息有：
首先要获取系统信息：
系统名称
本地ip
主机名
本地dns
环境变量
shell程序
hosts文件
路由信息
arp缓存
计划任务
挂载磁盘
mail目录
history文件
home/root/bin/sbin目录

获取用户信息
当前权限
用户信息
本地用户
在线用户
hash加密规则
hash信息
用户组信息
最后登录信息
最后登录用户信息
所有用户的计划任务

安全扫描
是否能无密码sudo
conf配置文件
ssh的密钥文件
是否能root登录
敏感配置文件扫描
关键字含有config、web.xml、database、pass的文件
uid为0用户
敏感服务匿名
空密码用户
zip/tar.gz/sh/pl/py/rb/txt/bak后缀文件