Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

Overview

Logo


License: MIT made-with-python Docker Linux lint_python Code style: black

RedTeam Toolkit

Note: Only legal activities should be conducted with this project.
Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teaming together for the security specialist to identify vulnerabilities.

The cybersecurity open-source projects are integrated what will be a powerful toolkit together.


Currently it supports the following options:

  • FullScan (scan ports and vulnerabilities/CVEs on the target - PDF output)
  • Livehosts (scan all live hosts in the network scale - PDF output)
  • DirScan (scan all directories on a target - PDF output)
  • CVE Description ( CveID Search)
  • SSH Dictionary Attack
  • RDP BruteForce
  • WebApps Section
    • F5 BIG-IP PoC ( CVE-2022-1388 )
    • Apache Path Traversal PoC ( CVE-2021-41773 )
    • Automated XSS Finder
    • Web Crawler for gathering URLs
    • SubDomain Enumeration
    • HTTP Verb Tampering
    • (SQLi will be added soon)
  • Windows Section (Being updated, other major CVEs will be added)
    • Microsoft Exchange ProxyShell PoC ( CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 )
  • Linux Section to implement major Linux CVEs (UNDER MAINTENANCE)

    Demo

📘 Installation Guide

Dockerized version of the Web-App is available now:

git clone https://github.com/signorrayan/RedTeam_toolkit.git && cd RedTeam_toolkit
docker-compose -f docker-compose.yml up -d --build && docker-compose -f docker-compose.yml exec webapp python manage.py createsuperuser
# Create your local user and webapp will be available on --------> 127.0.0.1:4334

💻 Demo

You can find the Demo gifs in the Demo page

🔱 Contributing

Thanks to all Open-Source projects that helped me in this project .

If

  • You see any issues
  • 💫 You can make the project works better
  • 💡 You have any suggestions/ideas such as adding other open-source tools
  • 🌟 You have created a script that can add an useful functionality to this project and solve a problem

Please consider contributing to this project .
If you want to help us, don't be afraid to contribute! We have many things you can do to help out.
To contributing you can create an issue or (better) you can fork & create a pull request.

if you do not know where to start, please contact me by email [email protected]

Comments
  • Cannot download report

    Cannot download report

    when im done scan i cannot download report even i see the "download" button in blue light and btw please help me why redteamtoolkit sometime put right passwd and username but is still show wrong passwd or user ? Thanks <3

    opened by manhcot 7
  • cve desc problem ?

    cve desc problem ?

    Hello signorrayan,

    Is the CVE description tool is maintenance? I tried to search for several CVEs but without positive return.

    CVE DESCRIPTION 2021-26408 The requested CVE is not found.

    Thanks a lot.

    opened by sephirothac 5
  • FATAL:  password authentication failed for user

    FATAL: password authentication failed for user "redteamuser"

    Hello,

    Thank you for your work on this project, I followed what you recommend for the deployment of your tool but I have an error for the creation of a user account for the frontweb of your tool.

    Thank you very much for your help.

    file .env SECRET_KEY='*********************************' SQL_HOST=db ALLOWED_HOSTS=localhost,127.0.0.1 SQL_DATABASE=redteam_toolkit_db SQL_USER=redteamuser SQL_PASSWORD=147r258r DATABASE=postgres

    docker-compose -f docker-compose.yml up -d --build && docker-compose -f docker-compose.yml exec webapp python manage.py createsuperuser

    /usr/local/lib/python3.8/site-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated "class": algorithms.Blowfish, Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 225, in connect self.connection = self.get_new_connection(conn_params) File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 203, in get_new_connection connection = Database.connect(**conn_params) File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 122, in connect conn = _connect(dsn, connection_factory=connection_factory, **kwasync) psycopg2.OperationalError: connection to server at "db" (192.168.160.2), port 5432 failed: FATAL: password authentication failed for user "redteamuser"

    The above exception was the direct cause of the following exception:

    Traceback (most recent call last): File "manage.py", line 22, in main() File "manage.py", line 18, in main execute_from_command_line(sys.argv) File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 446, in execute_from_command_line utility.execute() File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 440, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 414, in run_from_argv self.execute(*args, **cmd_options) File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 87, in execute return super().execute(*args, **options) File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 459, in execute self.check_migrations() File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 576, in check_migrations executor = MigrationExecutor(connections[DEFAULT_DB_ALIAS]) File "/usr/local/lib/python3.8/site-packages/django/db/migrations/executor.py", line 18, in init self.loader = MigrationLoader(self.connection) File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 58, in init self.build_graph() File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 235, in build_graph self.applied_migrations = recorder.applied_migrations() File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 81, in applied_migrations if self.has_table(): File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 57, in has_table with self.connection.cursor() as cursor: File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 284, in cursor return self._cursor() File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 260, in _cursor self.ensure_connection() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/db/utils.py", line 91, in exit raise dj_exc_value.with_traceback(traceback) from exc_value File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 225, in connect self.connection = self.get_new_connection(conn_params) File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 203, in get_new_connection connection = Database.connect(**conn_params) File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 122, in connect conn = _connect(dsn, connection_factory=connection_factory, **kwasync) django.db.utils.OperationalError: connection to server at "db" (192.168.160.2), port 5432 failed: FATAL: password authentication failed for user "redteamuser"

    ERROR: 1

    opened by sephirothac 4
  • python manage.py makemigrations (decouple.UndefinedValueError)

    python manage.py makemigrations (decouple.UndefinedValueError)

    Hi When trying to execute this command, the following error raises:

    Traceback (most recent call last): File "/home/hack/RedTeam_toolkit/manage.py", line 22, in main() File "/home/hack/RedTeam_toolkit/manage.py", line 18, in main execute_from_command_line(sys.argv) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 425, in execute_from_command_line utility.execute() File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 369, in execute settings.INSTALLED_APPS File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 84, in getattr self._setup(name) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 71, in _setup self._wrapped = Settings(settings_module) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 179, in init mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib/python3.9/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1030, in _gcd_import File "", line 1007, in _find_and_load File "", line 986, in _find_and_load_unlocked File "", line 680, in _load_unlocked File "", line 850, in exec_module File "", line 228, in _call_with_frames_removed File "/home/hack/RedTeam_toolkit/RedTeam_toolkit/settings.py", line 27, in SECRET_KEY = config("SECRET_KEY") File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 243, in call return self.config(*args, **kwargs) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 105, in call return self.get(*args, **kwargs) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 90, in get raise UndefinedValueError('{} not found. Declare it as envvar or define a default value.'.format(option)) decouple.UndefinedValueError: SECRET_KEY not found. Declare it as envvar or define a default value.

    And here are the files in the folder:

    Demo LICENSE.md manage.py README.md RedTeam_toolkit requirements.txt SECRET_KEY.env toolkit venv

    opened by Abd659 1
  • python manage.py makemigrations  error

    python manage.py makemigrations error

    python manage.py makemigrations 1 ⨯ Traceback (most recent call last): File "/home/monkey/RedTeam_toolkit/manage.py", line 22, in main() File "/home/monkey/RedTeam_toolkit/manage.py", line 18, in main execute_from_command_line(sys.argv) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 425, in execute_from_command_line utility.execute() File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 369, in execute settings.INSTALLED_APPS File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 84, in getattr self._setup(name) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 71, in _setup self._wrapped = Settings(settings_module) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 179, in init mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib/python3.9/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1030, in _gcd_import File "", line 1007, in _find_and_load File "", line 986, in _find_and_load_unlocked File "", line 680, in load_unlocked File "", line 850, in exec_module File "", line 228, in call_with_frames_removed File "/home/monkey/RedTeam_toolkit/RedTeam_toolkit/settings.py", line 27, in SECRET_KEY = config("l=s6j#f6(0*%r956dx%7fx([email protected]$m(%+kb7)ng=^4li6fhs2yt") File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 206, in call return self.config(*args, **kwargs) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 90, in call return self.get(*args, *kwargs) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 75, in get raise UndefinedValueError('{} not found. Declare it as envvar or define a default value.'.format(option)) decouple.UndefinedValueError: l=s6j#f6(0%r956dx%7fx([email protected]$m(%+kb7)ng=^4li6fhs2yt not found. Declare it as envvar or define a default value.

    opened by phanthuthao 1
  • Bump django from 3.2.6 to 3.2.10

    Bump django from 3.2.6 to 3.2.10

    Bumps django from 3.2.6 to 3.2.10.

    Commits
    • 0153a63 [3.2.x] Bumped version for 3.2.10 release.
    • 333c656 [3.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream...
    • 6014b81 [3.2.x] Refs #33333 -- Fixed PickleabilityTestCase.test_annotation_with_calla...
    • cb724ef [3.2.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField o...
    • 0cf2d48 [3.2.x] Added requirements.txt to files ignored by Sphinx builds.
    • 487a2da [3.2.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25.
    • 742d6bc [3.2.x] Corrected signatures of QuerySet's methods.
    • 99532fd [3.2.x] Corrected isort example in coding style docs.
    • 31539a6 [3.2.x] Corrected "pip install" call in coding style docs.
    • 76a0a8a [3.2.x] Configured Read The Docs to build all formats.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

    [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

    This PR was automatically created by Snyk using the credentials of a real user.


    Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • requirements.txt
    ⚠️ Warning
    paramiko 2.11.0 requires pynacl, which is not installed.
    
    

    Vulnerabilities that will be fixed

    By pinning:

    Severity | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:-------------------------|:------------------------- low severity | Regular Expression Denial of Service (ReDoS)
    SNYK-PYTHON-SETUPTOOLS-3113904 | setuptools:
    39.0.1 -> 65.5.1
    | No | No Known Exploit

    Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

    Check the changes in this PR to ensure they won't cause issues with your project.


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic


    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Regular Expression Denial of Service (ReDoS)

    opened by signorrayan 0
  • [Snyk] Security upgrade python from 3.9.14-bullseye to 3.9.16-bullseye

    [Snyk] Security upgrade python from 3.9.14-bullseye to 3.9.16-bullseye

    This PR was automatically created by Snyk using the credentials of a real user.


    Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

    Changes included in this PR

    • Dockerfile

    We recommend upgrading to python:3.9.16-bullseye, as this image has only 272 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

    Some of the most important vulnerabilities in your base image include:

    | Severity | Priority Score / 1000 | Issue | Exploit Maturity | | :------: | :-------------------- | :---- | :--------------- | | high severity | 614 | XML External Entity (XXE) Injection
    SNYK-DEBIAN11-LIBXML2-3059797 | No Known Exploit | | high severity | 614 | Integer Overflow or Wraparound
    SNYK-DEBIAN11-LIBXML2-3059801 | No Known Exploit | | critical severity | **** | CVE-2022-46908
    SNYK-DEBIAN11-SQLITE3-3167788 | No Known Exploit | | critical severity | **** | CVE-2022-46908
    SNYK-DEBIAN11-SQLITE3-3167788 | No Known Exploit | | critical severity | 500 | Numeric Errors
    SNYK-DEBIAN11-TIFF-3113871 | No Known Exploit |


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings


    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

    opened by signorrayan 0
  • Bump certifi from 2022.5.18 to 2022.12.7

    Bump certifi from 2022.5.18 to 2022.12.7

    Bumps certifi from 2022.5.18 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump pillow from 9.2.0 to 9.3.0

    Bump pillow from 9.2.0 to 9.3.0

    Bumps pillow from 9.2.0 to 9.3.0.

    Release notes

    Sourced from pillow's releases.

    9.3.0

    https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

    Changes

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    9.3.0 (2022-10-29)

    • Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

    • Initialize libtiff buffer when saving #6699 [radarhere]

    • Inline fname2char to fix memory leak #6329 [nulano]

    • Fix memory leaks related to text features #6330 [nulano]

    • Use double quotes for version check on old CPython on Windows #6695 [hugovk]

    • Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

    • Fixed set_variation_by_name offset #6445 [radarhere]

    • Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

    • Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

    • Added ExifTags enums #6630 [radarhere]

    • Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

    • Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

    • Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

    • Added GPS TIFF tag info #6661 [radarhere]

    • Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

    • Do not attempt normalization if mode is already normal #6644 [radarhere]

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • [Snyk] Security upgrade pillow from 9.1.1 to 9.2.0

    [Snyk] Security upgrade pillow from 9.1.1 to 9.2.0

    This PR was automatically created by Snyk using the credentials of a real user.


    Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • requirements.txt
    ⚠️ Warning
    proxy-db 0.3.1 requires sqlalchemy, which is not installed.
    paramiko 2.11.0 requires pynacl, which is not installed.
    
    

    Vulnerabilities that will be fixed

    By pinning:

    Severity | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:-------------------------|:------------------------- medium severity | Denial of Service (DoS)
    SNYK-PYTHON-PILLOW-3113875 | pillow:
    9.1.1 -> 9.2.0
    | No | No Known Exploit medium severity | Denial of Service (DoS)
    SNYK-PYTHON-PILLOW-3113876 | pillow:
    9.1.1 -> 9.2.0
    | No | No Known Exploit

    Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

    Check the changes in this PR to ensure they won't cause issues with your project.


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic


    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Denial of Service (DoS) 🦉 Denial of Service (DoS)

    opened by signorrayan 0
  • [Snyk] Security upgrade gitpython from 3.1.29 to 3.1.30

    [Snyk] Security upgrade gitpython from 3.1.29 to 3.1.30

    Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • requirements.txt
    ⚠️ Warning
    paramiko 2.12.0 requires pynacl, which is not installed.
    
    

    Vulnerabilities that will be fixed

    By pinning:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 619/1000
    Why? Has a fix available, CVSS 8.1 | Remote Code Execution (RCE)
    SNYK-PYTHON-GITPYTHON-3113858 | gitpython:
    3.1.29 -> 3.1.30
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

    Check the changes in this PR to ensure they won't cause issues with your project.


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic


    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Remote Code Execution (RCE)

    opened by snyk-bot 0
  • [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

    [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

    This PR was automatically created by Snyk using the credentials of a real user.


    Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • requirements.txt
    ⚠️ Warning
    paramiko 2.12.0 requires pynacl, which is not installed.
    
    

    Vulnerabilities that will be fixed

    By pinning:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- medium severity | 551/1000
    Why? Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
    SNYK-PYTHON-SETUPTOOLS-3180412 | setuptools:
    39.0.1 -> 65.5.1
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

    Check the changes in this PR to ensure they won't cause issues with your project.


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic


    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Regular Expression Denial of Service (ReDoS)

    opened by signorrayan 0
  • request bruteforce ntlm

    request bruteforce ntlm

    Hello,

    Can you add in the solution the possibility to make brute force ntlm hash via hashcat or other, a little bit similar to this solution https://github.com/arcaneiceman/kraken

    enhancement feature 
    opened by sephirothac 1
  • rdpbruteforce error

    rdpbruteforce error

    Hello,

    Again thank you for your help I think that has a problem for the rdpbruteforce here is the log return:

    "GET /windows/rdpbruteforce/ HTTP/1.1" 200 3662 Internal Server Error: /windows/rdpbruteforce/ Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py", line 55, in inner response = get_response(request) File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 197, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/decorators.py", line 23, in _wrapped_view return view_func(request, *args, **kwargs) File "/usr/src/redteam_toolkit/toolkit/views.py", line 238, in rdpbruteforce result = rdpbrute.rdpbrute_script(ip) File "/usr/src/redteam_toolkit/toolkit/scripts/windows/rdpbrute.py", line 15, in rdpbrute_script p = subprocess.run( File "/usr/local/lib/python3.8/subprocess.py", line 493, in run with Popen(*popenargs, **kwargs) as process: File "/usr/local/lib/python3.8/subprocess.py", line 858, in init self._execute_child(args, executable, preexec_fn, close_fds, File "/usr/local/lib/python3.8/subprocess.py", line 1704, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) FileNotFoundError: [Errno 2] No such file or directory: '/usr/src/redteam_toolkit/venv/bin/python' "POST /windows/rdpbruteforce/ HTTP/1.1" 500 93785

    Thank you for your work.

    opened by sephirothac 10
Releases(v0.1.5)
  • v0.1.5(May 9, 2022)

    The Dockerized version (#19 ) of the RedTeam Toolkit. is deployed now Moreover, it now includes the following new modules:

    1. CVE-2022-1388 PoC (for F5 BIG-IP
    2. Automated XSS Finder
    3. A new module for content discovery (Gathering all URLs)
    Source code(tar.gz)
    Source code(zip)
  • v0.1.4(Dec 16, 2021)

    What's Changed

    • Add custom port for SSH Dictionary Attack.
    • Redesign SSH Dictionary attack output.
    • Django 4.0
    • Update Packages

    Full Changelog: https://github.com/signorrayan/RedTeam_toolkit/compare/v0.1.3...v0.1.4

    Source code(tar.gz)
    Source code(zip)
  • v0.1.3(Dec 1, 2021)

    Overview

    • Support 11 modules in 8 section.
    • Support multiprocessing in PDF output modules.
    • URL gathering and subdomain finder improvement.

    What's Changed

    • GitHub Action to lint Python code by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/1
    • Make bandit and mypy mandatory tests by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/2
    • Add a simple test by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/3
    • black --check . by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/6
    • Make black a mandatory test by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/7
    • Make isort --profile black . a mandatory test (again) by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/9
    • import sys Is already done on line 8 by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/10
    • Update README.md by @signorrayan in https://github.com/signorrayan/RedTeam_toolkit/pull/13
    • Fix flake8 E713 test for membership should be 'not in' by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/12
    • Shreder Contributor by @enty8080 in https://github.com/signorrayan/RedTeam_toolkit/pull/14
    • Bump sqlparse from 0.4.1 to 0.4.2 by @dependabot in https://github.com/signorrayan/RedTeam_toolkit/pull/15
    • Fix 25 flake8 F403 and F405 issues by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/16
    • Fix flake8 F841 local variable is assigned to but never used by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/17
    • Make more flake8 tests mandatory by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/18

    Referring information

    New Contributors

    • @cclauss made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/1
    • @signorrayan made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/13
    • @enty8080 made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/14
    • @dependabot made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/15

    Full Changelog: https://github.com/signorrayan/RedTeam_toolkit/commits/v0.1.3

    Source code(tar.gz)
    Source code(zip)
Owner
Mohammadreza Sarayloo
Mohammadreza Sarayloo
Hadoop Yan ResourceManager unauthorized RCE

Vuln Impact There was an unauthorized access vulnerability in Hadoop yarn ResourceManager. This vulnerability existed in Hadoop yarn, the core compone

Al1ex 25 Nov 24, 2022
A honey token manager and alert system for AWS.

SpaceSiren SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey token

287 Nov 09, 2022
CVE-log4j CheckMK plugin

CVE-2021-44228-log4j discovery (Download the MKP package) This plugin discovers vulnerable files for the CVE-2021-44228-log4j issue. To discover this

4 Jan 08, 2022
集成crawlergo、xray、dirsearch、nmap等工具的src漏洞挖掘工具,使用docker封装运行;

tools下有几个工具,所以项目文件比较大,如果下载总是中断的话建议拆开下载各个项目然后直接拷贝dockefile和recon.py即可 0x01 hscan介绍 hscan是什么 hscan是一款旨在使用一条命令替代渗透前的多条扫描命令,通过集成crawlergo扫描和xray扫描、dirsear

102 Jan 04, 2023
Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr

Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr 64bit2key.py

Stefan Marsiske 15 Nov 26, 2022
Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

Dlint Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure. The most important thing I have done as a progra

Dlint 127 Dec 27, 2022
CloudFlare reconnaissance, tries to uncover the IP behind CF.

CloudFlare reconnaissance, tries to uncover the IP behind CF.

Neospace 8 Dec 03, 2021
Local server for IDA Lumina feature

About POC of an offline server for IDA Lumina feature.

Synacktiv 166 Dec 30, 2022
Pgen is the best brute force password generator and it is improved from the cupp.py

pgen Pgen is the best brute force password generator and it is improved from the cupp.py The pgen tool is dedicated to Leonardo da Vinci -Time stays l

heyheykids 2 Jan 31, 2022
Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks.

Dependency Combobulator Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage

Apiiro 84 Dec 23, 2022
A collection of intelligence about Log4Shell and its exploitation activity

Log4Shell-IOCs Members of the Curated Intelligence Trust Group have compiled a list of IOC feeds and threat reports focused on the recent Log4Shell ex

Curated Intel 172 Nov 17, 2022
Cobalt Strike < 4.4 dos CVE-2021-36798

CVE-2021-36798 CVE-2021-36798 Cobalt Strike 4.3 dos 用法 python3 CVE-2021-36798.py BeaconURL 打瘫Cobalt Strike 只需要一个包 已测试 4.3 4.2 参考: https://labs.sent

37 Nov 09, 2022
SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

Flask-SeaSurf SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF). CSRF vulnerabilities have been found in large and popular

Max Countryman 183 Dec 28, 2022
Malware Configuration And Payload Extraction

CAPEv2 (Python3) has now been released CAPEv2 With the imminent end-of-life for Python 2 (January 1 2020), CAPEv1 will be phased out. Please upgrade t

Context Information Security 701 Dec 27, 2022
Buff A simple BOF library I wrote under an hour to help me automate with BOF attack

What is Buff? A simple BOF library I wrote under an hour to help me automate with BOF attack. It comes with fuzzer and a generic method to generate ex

0x00 3 Nov 21, 2022
CC CAMERA HACKING TOOL

CAM-HACK CC CAMERA HACKING TOOL Installation On Termux $ apt update

Aryan 10 Sep 25, 2022
CVE-2021-26084 Remote Code Execution on Confluence Servers

CVE-2021-26084 CVE-2021-26084 Remote Code Execution on Confluence Servers. Dork Fofa: app="ATLASSIAN-Confluence" Usage Show help information. python P

FQ Hsu 63 Dec 30, 2022
Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

LFI-Hunter Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI A script written in

Anukul Pandey 6 Jan 30, 2022
the metasploit script(POC) about CVE-2021-36260

CVE-2021-36260-metasploit the metasploit script(POC) about CVE-2021-36260. A command injection vulnerability in the web server of some Hikvision produ

Taroballz 14 Nov 09, 2022
A traceroute tool that also displays IP information

infotr A traceroute tool that also displays IP information. This tool has only been tested on Linux. Quick Start First, install this tool from PyPI. p

K4YT3X 10 Oct 29, 2022