Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

Overview

Logo


License: MIT made-with-python Docker Linux lint_python Code style: black

RedTeam Toolkit

Note: Only legal activities should be conducted with this project.
Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teaming together for the security specialist to identify vulnerabilities.

The cybersecurity open-source projects are integrated what will be a powerful toolkit together.


Currently it supports the following options:

  • FullScan (scan ports and vulnerabilities/CVEs on the target - PDF output)
  • Livehosts (scan all live hosts in the network scale - PDF output)
  • DirScan (scan all directories on a target - PDF output)
  • CVE Description ( CveID Search)
  • SSH Dictionary Attack
  • RDP BruteForce
  • WebApps Section
    • F5 BIG-IP PoC ( CVE-2022-1388 )
    • Apache Path Traversal PoC ( CVE-2021-41773 )
    • Automated XSS Finder
    • Web Crawler for gathering URLs
    • SubDomain Enumeration
    • HTTP Verb Tampering
    • (SQLi will be added soon)
  • Windows Section (Being updated, other major CVEs will be added)
    • Microsoft Exchange ProxyShell PoC ( CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 )
  • Linux Section to implement major Linux CVEs (UNDER MAINTENANCE)

    Demo

📘 Installation Guide

Dockerized version of the Web-App is available now:

git clone https://github.com/signorrayan/RedTeam_toolkit.git && cd RedTeam_toolkit
docker-compose -f docker-compose.yml up -d --build && docker-compose -f docker-compose.yml exec webapp python manage.py createsuperuser
# Create your local user and webapp will be available on --------> 127.0.0.1:4334

💻 Demo

You can find the Demo gifs in the Demo page

🔱 Contributing

Thanks to all Open-Source projects that helped me in this project .

If

  • You see any issues
  • 💫 You can make the project works better
  • 💡 You have any suggestions/ideas such as adding other open-source tools
  • 🌟 You have created a script that can add an useful functionality to this project and solve a problem

Please consider contributing to this project .
If you want to help us, don't be afraid to contribute! We have many things you can do to help out.
To contributing you can create an issue or (better) you can fork & create a pull request.

if you do not know where to start, please contact me by email [email protected]

Comments
  • Cannot download report

    Cannot download report

    when im done scan i cannot download report even i see the "download" button in blue light and btw please help me why redteamtoolkit sometime put right passwd and username but is still show wrong passwd or user ? Thanks <3

    opened by manhcot 7
  • cve desc problem ?

    cve desc problem ?

    Hello signorrayan,

    Is the CVE description tool is maintenance? I tried to search for several CVEs but without positive return.

    CVE DESCRIPTION 2021-26408 The requested CVE is not found.

    Thanks a lot.

    opened by sephirothac 5
  • FATAL:  password authentication failed for user

    FATAL: password authentication failed for user "redteamuser"

    Hello,

    Thank you for your work on this project, I followed what you recommend for the deployment of your tool but I have an error for the creation of a user account for the frontweb of your tool.

    Thank you very much for your help.

    file .env SECRET_KEY='*********************************' SQL_HOST=db ALLOWED_HOSTS=localhost,127.0.0.1 SQL_DATABASE=redteam_toolkit_db SQL_USER=redteamuser SQL_PASSWORD=147r258r DATABASE=postgres

    docker-compose -f docker-compose.yml up -d --build && docker-compose -f docker-compose.yml exec webapp python manage.py createsuperuser

    /usr/local/lib/python3.8/site-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated "class": algorithms.Blowfish, Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 225, in connect self.connection = self.get_new_connection(conn_params) File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 203, in get_new_connection connection = Database.connect(**conn_params) File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 122, in connect conn = _connect(dsn, connection_factory=connection_factory, **kwasync) psycopg2.OperationalError: connection to server at "db" (192.168.160.2), port 5432 failed: FATAL: password authentication failed for user "redteamuser"

    The above exception was the direct cause of the following exception:

    Traceback (most recent call last): File "manage.py", line 22, in main() File "manage.py", line 18, in main execute_from_command_line(sys.argv) File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 446, in execute_from_command_line utility.execute() File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 440, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 414, in run_from_argv self.execute(*args, **cmd_options) File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 87, in execute return super().execute(*args, **options) File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 459, in execute self.check_migrations() File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 576, in check_migrations executor = MigrationExecutor(connections[DEFAULT_DB_ALIAS]) File "/usr/local/lib/python3.8/site-packages/django/db/migrations/executor.py", line 18, in init self.loader = MigrationLoader(self.connection) File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 58, in init self.build_graph() File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 235, in build_graph self.applied_migrations = recorder.applied_migrations() File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 81, in applied_migrations if self.has_table(): File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 57, in has_table with self.connection.cursor() as cursor: File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 284, in cursor return self._cursor() File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 260, in _cursor self.ensure_connection() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/db/utils.py", line 91, in exit raise dj_exc_value.with_traceback(traceback) from exc_value File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 225, in connect self.connection = self.get_new_connection(conn_params) File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 203, in get_new_connection connection = Database.connect(**conn_params) File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 122, in connect conn = _connect(dsn, connection_factory=connection_factory, **kwasync) django.db.utils.OperationalError: connection to server at "db" (192.168.160.2), port 5432 failed: FATAL: password authentication failed for user "redteamuser"

    ERROR: 1

    opened by sephirothac 4
  • python manage.py makemigrations (decouple.UndefinedValueError)

    python manage.py makemigrations (decouple.UndefinedValueError)

    Hi When trying to execute this command, the following error raises:

    Traceback (most recent call last): File "/home/hack/RedTeam_toolkit/manage.py", line 22, in main() File "/home/hack/RedTeam_toolkit/manage.py", line 18, in main execute_from_command_line(sys.argv) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 425, in execute_from_command_line utility.execute() File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 369, in execute settings.INSTALLED_APPS File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 84, in getattr self._setup(name) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 71, in _setup self._wrapped = Settings(settings_module) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 179, in init mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib/python3.9/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1030, in _gcd_import File "", line 1007, in _find_and_load File "", line 986, in _find_and_load_unlocked File "", line 680, in _load_unlocked File "", line 850, in exec_module File "", line 228, in _call_with_frames_removed File "/home/hack/RedTeam_toolkit/RedTeam_toolkit/settings.py", line 27, in SECRET_KEY = config("SECRET_KEY") File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 243, in call return self.config(*args, **kwargs) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 105, in call return self.get(*args, **kwargs) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 90, in get raise UndefinedValueError('{} not found. Declare it as envvar or define a default value.'.format(option)) decouple.UndefinedValueError: SECRET_KEY not found. Declare it as envvar or define a default value.

    And here are the files in the folder:

    Demo LICENSE.md manage.py README.md RedTeam_toolkit requirements.txt SECRET_KEY.env toolkit venv

    opened by Abd659 1
  • python manage.py makemigrations  error

    python manage.py makemigrations error

    python manage.py makemigrations 1 ⨯ Traceback (most recent call last): File "/home/monkey/RedTeam_toolkit/manage.py", line 22, in main() File "/home/monkey/RedTeam_toolkit/manage.py", line 18, in main execute_from_command_line(sys.argv) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 425, in execute_from_command_line utility.execute() File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 369, in execute settings.INSTALLED_APPS File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 84, in getattr self._setup(name) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 71, in _setup self._wrapped = Settings(settings_module) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 179, in init mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib/python3.9/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1030, in _gcd_import File "", line 1007, in _find_and_load File "", line 986, in _find_and_load_unlocked File "", line 680, in load_unlocked File "", line 850, in exec_module File "", line 228, in call_with_frames_removed File "/home/monkey/RedTeam_toolkit/RedTeam_toolkit/settings.py", line 27, in SECRET_KEY = config("l=s6j#f6(0*%r956dx%7fx([email protected]$m(%+kb7)ng=^4li6fhs2yt") File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 206, in call return self.config(*args, **kwargs) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 90, in call return self.get(*args, *kwargs) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 75, in get raise UndefinedValueError('{} not found. Declare it as envvar or define a default value.'.format(option)) decouple.UndefinedValueError: l=s6j#f6(0%r956dx%7fx([email protected]$m(%+kb7)ng=^4li6fhs2yt not found. Declare it as envvar or define a default value.

    opened by phanthuthao 1
  • Bump django from 3.2.6 to 3.2.10

    Bump django from 3.2.6 to 3.2.10

    Bumps django from 3.2.6 to 3.2.10.

    Commits
    • 0153a63 [3.2.x] Bumped version for 3.2.10 release.
    • 333c656 [3.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream...
    • 6014b81 [3.2.x] Refs #33333 -- Fixed PickleabilityTestCase.test_annotation_with_calla...
    • cb724ef [3.2.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField o...
    • 0cf2d48 [3.2.x] Added requirements.txt to files ignored by Sphinx builds.
    • 487a2da [3.2.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25.
    • 742d6bc [3.2.x] Corrected signatures of QuerySet's methods.
    • 99532fd [3.2.x] Corrected isort example in coding style docs.
    • 31539a6 [3.2.x] Corrected "pip install" call in coding style docs.
    • 76a0a8a [3.2.x] Configured Read The Docs to build all formats.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

    [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

    This PR was automatically created by Snyk using the credentials of a real user.


    Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • requirements.txt
    ⚠️ Warning
    paramiko 2.11.0 requires pynacl, which is not installed.
    
    

    Vulnerabilities that will be fixed

    By pinning:

    Severity | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:-------------------------|:------------------------- low severity | Regular Expression Denial of Service (ReDoS)
    SNYK-PYTHON-SETUPTOOLS-3113904 | setuptools:
    39.0.1 -> 65.5.1
    | No | No Known Exploit

    Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

    Check the changes in this PR to ensure they won't cause issues with your project.


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic


    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Regular Expression Denial of Service (ReDoS)

    opened by signorrayan 0
  • [Snyk] Security upgrade python from 3.9.14-bullseye to 3.9.16-bullseye

    [Snyk] Security upgrade python from 3.9.14-bullseye to 3.9.16-bullseye

    This PR was automatically created by Snyk using the credentials of a real user.


    Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

    Changes included in this PR

    • Dockerfile

    We recommend upgrading to python:3.9.16-bullseye, as this image has only 272 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

    Some of the most important vulnerabilities in your base image include:

    | Severity | Priority Score / 1000 | Issue | Exploit Maturity | | :------: | :-------------------- | :---- | :--------------- | | high severity | 614 | XML External Entity (XXE) Injection
    SNYK-DEBIAN11-LIBXML2-3059797 | No Known Exploit | | high severity | 614 | Integer Overflow or Wraparound
    SNYK-DEBIAN11-LIBXML2-3059801 | No Known Exploit | | critical severity | **** | CVE-2022-46908
    SNYK-DEBIAN11-SQLITE3-3167788 | No Known Exploit | | critical severity | **** | CVE-2022-46908
    SNYK-DEBIAN11-SQLITE3-3167788 | No Known Exploit | | critical severity | 500 | Numeric Errors
    SNYK-DEBIAN11-TIFF-3113871 | No Known Exploit |


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings


    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

    opened by signorrayan 0
  • Bump certifi from 2022.5.18 to 2022.12.7

    Bump certifi from 2022.5.18 to 2022.12.7

    Bumps certifi from 2022.5.18 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump pillow from 9.2.0 to 9.3.0

    Bump pillow from 9.2.0 to 9.3.0

    Bumps pillow from 9.2.0 to 9.3.0.

    Release notes

    Sourced from pillow's releases.

    9.3.0

    https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

    Changes

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    9.3.0 (2022-10-29)

    • Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

    • Initialize libtiff buffer when saving #6699 [radarhere]

    • Inline fname2char to fix memory leak #6329 [nulano]

    • Fix memory leaks related to text features #6330 [nulano]

    • Use double quotes for version check on old CPython on Windows #6695 [hugovk]

    • Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

    • Fixed set_variation_by_name offset #6445 [radarhere]

    • Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

    • Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

    • Added ExifTags enums #6630 [radarhere]

    • Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

    • Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

    • Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

    • Added GPS TIFF tag info #6661 [radarhere]

    • Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

    • Do not attempt normalization if mode is already normal #6644 [radarhere]

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • [Snyk] Security upgrade pillow from 9.1.1 to 9.2.0

    [Snyk] Security upgrade pillow from 9.1.1 to 9.2.0

    This PR was automatically created by Snyk using the credentials of a real user.


    Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • requirements.txt
    ⚠️ Warning
    proxy-db 0.3.1 requires sqlalchemy, which is not installed.
    paramiko 2.11.0 requires pynacl, which is not installed.
    
    

    Vulnerabilities that will be fixed

    By pinning:

    Severity | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:-------------------------|:------------------------- medium severity | Denial of Service (DoS)
    SNYK-PYTHON-PILLOW-3113875 | pillow:
    9.1.1 -> 9.2.0
    | No | No Known Exploit medium severity | Denial of Service (DoS)
    SNYK-PYTHON-PILLOW-3113876 | pillow:
    9.1.1 -> 9.2.0
    | No | No Known Exploit

    Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

    Check the changes in this PR to ensure they won't cause issues with your project.


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic


    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Denial of Service (DoS) 🦉 Denial of Service (DoS)

    opened by signorrayan 0
  • [Snyk] Security upgrade gitpython from 3.1.29 to 3.1.30

    [Snyk] Security upgrade gitpython from 3.1.29 to 3.1.30

    Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • requirements.txt
    ⚠️ Warning
    paramiko 2.12.0 requires pynacl, which is not installed.
    
    

    Vulnerabilities that will be fixed

    By pinning:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 619/1000
    Why? Has a fix available, CVSS 8.1 | Remote Code Execution (RCE)
    SNYK-PYTHON-GITPYTHON-3113858 | gitpython:
    3.1.29 -> 3.1.30
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

    Check the changes in this PR to ensure they won't cause issues with your project.


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic


    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Remote Code Execution (RCE)

    opened by snyk-bot 0
  • [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

    [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

    This PR was automatically created by Snyk using the credentials of a real user.


    Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • requirements.txt
    ⚠️ Warning
    paramiko 2.12.0 requires pynacl, which is not installed.
    
    

    Vulnerabilities that will be fixed

    By pinning:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- medium severity | 551/1000
    Why? Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
    SNYK-PYTHON-SETUPTOOLS-3180412 | setuptools:
    39.0.1 -> 65.5.1
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

    Check the changes in this PR to ensure they won't cause issues with your project.


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic


    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Regular Expression Denial of Service (ReDoS)

    opened by signorrayan 0
  • request bruteforce ntlm

    request bruteforce ntlm

    Hello,

    Can you add in the solution the possibility to make brute force ntlm hash via hashcat or other, a little bit similar to this solution https://github.com/arcaneiceman/kraken

    enhancement feature 
    opened by sephirothac 1
  • rdpbruteforce error

    rdpbruteforce error

    Hello,

    Again thank you for your help I think that has a problem for the rdpbruteforce here is the log return:

    "GET /windows/rdpbruteforce/ HTTP/1.1" 200 3662 Internal Server Error: /windows/rdpbruteforce/ Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py", line 55, in inner response = get_response(request) File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 197, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/decorators.py", line 23, in _wrapped_view return view_func(request, *args, **kwargs) File "/usr/src/redteam_toolkit/toolkit/views.py", line 238, in rdpbruteforce result = rdpbrute.rdpbrute_script(ip) File "/usr/src/redteam_toolkit/toolkit/scripts/windows/rdpbrute.py", line 15, in rdpbrute_script p = subprocess.run( File "/usr/local/lib/python3.8/subprocess.py", line 493, in run with Popen(*popenargs, **kwargs) as process: File "/usr/local/lib/python3.8/subprocess.py", line 858, in init self._execute_child(args, executable, preexec_fn, close_fds, File "/usr/local/lib/python3.8/subprocess.py", line 1704, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) FileNotFoundError: [Errno 2] No such file or directory: '/usr/src/redteam_toolkit/venv/bin/python' "POST /windows/rdpbruteforce/ HTTP/1.1" 500 93785

    Thank you for your work.

    opened by sephirothac 10
Releases(v0.1.5)
  • v0.1.5(May 9, 2022)

    The Dockerized version (#19 ) of the RedTeam Toolkit. is deployed now Moreover, it now includes the following new modules:

    1. CVE-2022-1388 PoC (for F5 BIG-IP
    2. Automated XSS Finder
    3. A new module for content discovery (Gathering all URLs)
    Source code(tar.gz)
    Source code(zip)
  • v0.1.4(Dec 16, 2021)

    What's Changed

    • Add custom port for SSH Dictionary Attack.
    • Redesign SSH Dictionary attack output.
    • Django 4.0
    • Update Packages

    Full Changelog: https://github.com/signorrayan/RedTeam_toolkit/compare/v0.1.3...v0.1.4

    Source code(tar.gz)
    Source code(zip)
  • v0.1.3(Dec 1, 2021)

    Overview

    • Support 11 modules in 8 section.
    • Support multiprocessing in PDF output modules.
    • URL gathering and subdomain finder improvement.

    What's Changed

    • GitHub Action to lint Python code by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/1
    • Make bandit and mypy mandatory tests by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/2
    • Add a simple test by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/3
    • black --check . by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/6
    • Make black a mandatory test by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/7
    • Make isort --profile black . a mandatory test (again) by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/9
    • import sys Is already done on line 8 by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/10
    • Update README.md by @signorrayan in https://github.com/signorrayan/RedTeam_toolkit/pull/13
    • Fix flake8 E713 test for membership should be 'not in' by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/12
    • Shreder Contributor by @enty8080 in https://github.com/signorrayan/RedTeam_toolkit/pull/14
    • Bump sqlparse from 0.4.1 to 0.4.2 by @dependabot in https://github.com/signorrayan/RedTeam_toolkit/pull/15
    • Fix 25 flake8 F403 and F405 issues by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/16
    • Fix flake8 F841 local variable is assigned to but never used by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/17
    • Make more flake8 tests mandatory by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/18

    Referring information

    New Contributors

    • @cclauss made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/1
    • @signorrayan made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/13
    • @enty8080 made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/14
    • @dependabot made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/15

    Full Changelog: https://github.com/signorrayan/RedTeam_toolkit/commits/v0.1.3

    Source code(tar.gz)
    Source code(zip)
Owner
Mohammadreza Sarayloo
Mohammadreza Sarayloo
Apk Framework Detector

🚀🚀🚀Program helps you to detect the major framework or technology used in writing any android app. Just provide the apk 😇😇

Daniel Agyapong 10 Dec 07, 2022
Cam-Hacker: Ip Cameras hack with python

Cam-Hacker Hack Cameras Mode Of Execution: apt-get install python3 apt-get insta

Error 4 You 9 Dec 17, 2022
ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

ProxyShell Install git clone https://github.com/ktecv2000/ProxyShell cd ProxyShell virtualenv -p $(which python3) venv source venv/bin/activate pip3 i

Poming huang 312 Dec 09, 2022
This repository uses a mixture of numbers, alphabets, and other symbols found on the computer keyboard

This repository uses a mixture of numbers, alphabets, and other symbols found on the computer keyboard to form a 16-character password which is unpredictable and cannot easily be memorised.

Mohammad Shaad Shaikh 1 Nov 23, 2021
Phishing Campaign Toolkit

King Phisher Phishing Campaign Toolkit Installation For instructions on how to install, please see the INSTALL.md file. After installing, for instruct

RSM US LLP 1.9k Jan 01, 2023
This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

PYTHON-EXPLOITATION This is a repository filled with scripts that were made with Python, and designed to exploit computer systems. Networking tcp_clin

Nathan Galindo 1 Oct 30, 2021
Fast and customizable vulnerability scanner For JIRA written in Python

Fast and customizable vulnerability scanner For JIRA. 🤔 What is this? Jira-Lens 🔍 is a Python Based vulnerability Scanner for JIRA. Jira is a propri

Mayank Pandey 185 Dec 25, 2022
Privilege escalation with polkit - CVE-2021-3560

Polkit-exploit - CVE-2021-3560 Privilege escalation with polkit - CVE-2021-3560 Summary CVE-2021-3560 is an authentication bypass on polkit, which all

Ahmad Almorabea 95 Dec 27, 2022
Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

Michele Di Bonaventura 11 Dec 22, 2022
The First Python Compatible Camera Hacking Tool

ZCam Hack webcam using python by sending malicious link. FEATURES : [+] Real-time Camera hacking [+] Python compatible [+] URL Shortener using bitly [

Sanketh J 109 Dec 28, 2022
Android Malware Behavior Deleter

Android Malware Behavior Deleter UDcide UDcide is a tool that provides alternative way to deal with Android malware. We help you to detect and remove

27 Sep 23, 2022
RedlineSpam - Python tool to spam Redline Infostealer panels with legit looking data

RedlineSpam Python tool to spam Redline Infostealer panels with legit looking da

4 Jan 27, 2022
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the conte

hashlookup 96 Dec 20, 2022
Collection Of Discord Hacking Tools / Fun Stuff / Exploits That Is Completely Made Using Python.

Venom Collection Of Discord Hacking Tools / Fun Stuff / Exploits That Is Completely Made Using Python. Report Bug · Request Feature Contributing Well,

PndaBoi 25 Dec 06, 2022
Cisco RV110w UPnP stack overflow

Cisco RV110W UPnP 0day 分析 前言 最近UPnP比较火,恰好手里有一台Cisco RV110W,在2021年8月份思科官方公布了一个Cisco RV系列关于UPnP的0day,但是具体的细节并没有公布出来。于是想要用手中的设备调试挖掘一下这个漏洞,漏洞的公告可以在官网看到。 准

badmonkey 25 Nov 09, 2022
Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file which allows an unauthenticated user to execute arbitrary code via directory traversal

CVE-2021-40870 Exploitation An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous ty

Ashraful Islam 16 Nov 15, 2022
A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.

PyArmor Homepage (中文版网站) Documentation(中文版) PyArmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine

Dashingsoft 1.9k Dec 30, 2022
labsecurity is a framework and its use is for ethical hacking and computer security

labsecurity labsecurity is a framework and its use is for ethical hacking and computer security. Warning This tool is only for educational purpose. If

Dylan Meca 16 Dec 08, 2022
Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

dora Features Blazing fast as we are using ripgrep in backend Exploit/PoC steps for many of the API key, allowing to write a good report for bug bount

Siddharth Dushantha 243 Dec 27, 2022
Looks at Python code to search for things which look "dodgy" such as passwords or diffs

dodgy Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions desig

Landscape 112 Nov 25, 2022