Open Source Python Security Software - Page 23

SharPyShell is a tiny and obfuscated ASP.NET web shell that executes commands received by an encrypted channel compiling them in memory at runtime. SharPyShell supports only C# web applications that run on .NET Framework >= 2.0. SharPyShell is a post-exploitation framework written in Python. The main aim of this framework is to provide the penetration tester with a series of tools to ease the post-exploitation phase once exploitation has been successful against an IIS webserver. This tool is not intended as a replacement for the frameworks for C2 Server (i.e. Meterpreter, Empire, etc..) but this should be used when you land on a fully restricted server where inbound and outbound connections are very limited. In this framework, you will have all the tools needed to privesc, net discovery, and lateral movement as you are typing behind the cmd of the target server.

Soicmp is a remote shell system, similar to telnet or netcat that allows a user to connect to a remote shell daemon, by using ICMP protocol instead of classical TCP. http://soicmp.sourceforge.net/ http://billiejoex.altervista.org/Prj_Py_soicmp.shtml

Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and Nmap for performing the attacks, as well as being integrated with an in-house Command-and-Control Server for exfiltrating data from compromised machines automatically. Shennina scans a set of input targets for available network services, uses its AI engine to identify recommended exploits for the attacks, and then attempts to test and attack the targets. If the attack succeeds, Shennina proceeds with the post-exploitation phase. The AI engine is initially trained against live targets to learn reliable exploits against remote services. Shennina also supports a "Heuristics" mode for identfying recommended exploits.

Sherlock Roams is a Python-based password auditing tool for Un*x-based systems. It uses a brute force approach on the shadow file (or the regular password file if that fails) to determine which users on your system have obviously insecure passwords.

Signal Sciences Site Manager.

A simple security tool to test for the integrity of a computer installation. SdT constructs a signature of the current system state and checks installation state with a previously made signature. Is intended to work on a compromised system.

Sometimes I lament losing important information from my clipboard so I made this to record it all into a single TXT file with timestamps. Its a fully offline python program that works in your windows tray, that lets you access the TXT file any time you need. Sadly, its worth mentioning that keyloggers that hackers use to steal data work with the same method as this program, except they hide it and send the data online, so this program may result in a false positive with your installed antivirus. You'll need to create an exception to let this program not get quarantined by accident. Source code is included with the program and this program will never send your data anywhere or record it anywhere else than that single TXT file so I assure you it is safe - you can check the source code yourself.

The Simple Ubuntu Vulnerability Scanner lets you check an Ubuntu system for vulnerabilities.

SAT (Simple scAnning Tool) is a simple and fast network scanner written in Python progamming language. It is used to identify network devices/services: the identification is based on recieved data (for example banners).

Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Python and it allows us to check the security of a VoIP server using SIP protocol. You can freely use, modify and distribute. If modified, please put a reference to this site. Most security tools can be used for illegal purposes, but the purpose of this tool is to check the security of your own servers and not to use to do bad things. I am not responsible for the misuse of this tool. Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. Sipscan is a fast scanner for SIP services that uses multithread. Sipscan can check several IPs and port ranges and it can work over UDP or TCP. Sipexten identifies extensions on a SIP server. Also tells you if the extension line requires authentication or not. Sipexten can check several IPs and port ranges.

This is an Alpha version of what is to become an all in one tool for pentesting of web applications. In its current phase it currently scans google dorks and tests for sql vulnerabilities. Once urls are harvested from google dorks they are saved to a log file for future reference. One a sql check is run, the vulnerable URLs are saved to a seperate log file. View the readme in /docs for more information.

Il software permette di disturbare una persona bombardandola di sms, e se la vittima ha un device di fascia molto bassa addirittura potrebbe bloccarsi il telefono. Ovviamente questo software è solo a scopo di studio e non andrebbe usato.

Snarfzilla was a GUI and web browser for the official Freenet Java server. The first web browser for the dark web. It hasn't been compatible with Freenet for several years and development ceased.

Snort IDS library for Python

Open source project for bots that can be used on social networks. These bots are for testing only and should not be used for SPAM or other malicious means. Bots are currently coded in Python and Ruby and demonstrate many different ways to use bots.

General software and open source projects

Social Media Downloader for Open Source Intelligence purpos. Supportes so far: Facebook Instagram Twitter

Sparkles is a dynamic tarpit, adapted from LaBrea, that profiles active hosts on a network and then emulates those profiles across the network.

Spondulas is browser emulator and parser designed to retrieve web pages for hunting malware. It supports generation of browser user agents, GET/POST requests, and SOCKS5 proxy. It can be used to parse HTML files sent via e-mail. Monitor mode allows a website to be monitored at intervals to discover changes in DNS or content over time. Autolog mode creates an investigation file that documents redirection chains. The retrieved web pages are parsed for links and reported to an output file. More information is available on the wiki.

'Spot The Difference' is a file integrity checker developed in python. It is OS independent, easy to use and fast. It supports most of the open-source databases (MySQL, PostgreSQL, SQLite and dbm).

Springenwerk is a free Cross Site Scripting (XSS) security scanner written in Python.

This software let's you hide text message's inside a image .

A program rövid üzeneteket tud elrejteni, kódolni latin nyelvű disztichonos versekben. Dekódolni is tudja az ilyen titkosított üzeneteket rejtő verseket. Ezen kívül véletlenszerűen is tud verseket generálni. Minden generált vers értelmes latin nyelvű költemény.

Easy OpenVPN certificate and configuration management.

SuStorID is an advanced Intrusion Detection System (IDS) for web services, based on machine learning. Its name comes from the term “Su Stori”, which in Sardinian language means “The Falcon”. It’s version is experimental, but demonstrates a number of interesting features, that can be readily exploited to detect and act against web attacks. SuStorID can be coupled with modsecurity, the well known web application firewall, to gather training data and provide for real-time counteractions. So, SuStorID is a host-based Intrusion Detection System, and by means of modsecurity can access internal web server’s data (i.e. http request/response fields) exactly as Apache does.