All scripts are currently untested

A collection of security and pen testing tools and malware written in Python.

I have included versions of the scripts in both Python 2.7.16 and 3.8.0. Python 2.7 scripts are project scripts from the Udemy course Learn Python & Ethical Hacking by Scratch from Zaid Sabih. Python3 scripts were not a part of the course material and were converted by me. Some additional functionality beyond the original source material of the Python2 scritps were also added by me and are not part of the course material.

While Python 2.x has reached end of life, scripts are being included for backwards compatibility in the event that Python 3.x is not available on target machine.

• Late 2018 MacBook Pro
  • 32GB RAM
  • 6 Core Intel i9 processor
  • 1TB SSD

• MacOS Catalina
• PycharmCE
• Kite

• https://github.com/rspishock/Python-Security-Tools

A simple script which can be used to alter the MAC address of Linux based systems. The user is able to specify a MAC address for ease of recognition or have the script generate a random MAC address.

The following modules were used in this script:

• subprocess
  • This module is used to execute system level commands
• argparse
  • This module is used to parse arguments from the command line
• random
  • This module is used to generate random MAC addresses
• re
  • This module is used to parse the output of the if config command and extract the current MAC address for the interface.

Python 2.7.x python mac_changer.py -i --interface -m --mac

Python 3 python3 mac_changer.py -i --interface -m --mac

A simple script which can be used to send and receive ARP packets for host identification. Script will return target IPs and MAC addresses.

The following modules were used in this script:

• scapy

  • This module is used to manipulate data packets.
  • Must be installed on Python3
    • pip3 install scapy-python3

• argparse

  • This module is used to parse arguments from the command line

__Python 2.7.x python network_scanner.py -t --target <ip address/range>

Python 3 python3 network_scanner.py -t --target <ip address/range>

A simple script which can be used to initialize a MiTM attack.

The following modules were used in this script:

• scapy
  • This module is used to manipulate data packets.
  • Must be installed on Python3
    • pip3 install scapy-python3
• argparse
  • This module is used to parse arguments from the command line
• time
  • This module is used to control the delay in resending spoof packets

Python 2.7.x python arp_spoof.py

Python 3 python3 arp_spoof.py

A simple script used to sniff packets coming across the network and extract data.

The following modules were used in this script:

• scapy.layers
  • This module is used to search packets for specified layers
• scapy.all
  • This module is used to sniff the network for packets.
• argparse
  • This module is used to parse arguments from the command line

Python 2.7.x python3 mac_changer.py -i --interface

Python 3 python3 mac_changer.py -i --interface

The following modules were used in this script:

• netfilterqueue
  • This module is used to
• scapy.all
  • This module is used to sniff the network for packets.

Python 2.7.x python net_cut.py

Python 3 python3 net_cut.py

A simple script used to intercept and spoof DNS packets.

The following modules were used in this script:

• netfilterqueue
  • This module is used to
• scapy.all
  • This module is used to sniff the network for packets.
• argparse
• This module is used to parse arguments from the command line

Python 2.7.x python mac_changer.py

Python 3 python3 mac_changer.py

A simple script used to intercept download requests and replace the good payload with malicious payloads.

The following modules were used in this script:

• netfilterqueue
  • This module is used to
• scapy.all
  • This module is used to sniff the network for packets.
• argparse
• This module is used to parse arguments from the command line

Python 2.7.x python replace_download.py

Python 3 python3 replace_download.py

A simple script used to inject code into.

The following modules were used in this script:

• netfilterqueue
  • This module is used to
• argparse
  • This module is used to parse arguments from the command line
• scapy.all
  • This module is used to sniff the network for packets.
• re
  • This module is used to create regular expressions

python3 code_injector.py -i --ip (attacking IP) -p --port (port number)

A simple script used to detect the presence of an ARP spoofing attack.

The following modules were used in this script:

• scapy.all
  • This module is used to sniff the network for packets.

Python 2.7.x python arpsoff_detector.py

Python 3 python3 arpspoof_detector.py

A simple script used to extract wifi settings from a target host.

The following modules were used in this script:

• subprocess
• optparse
  • This module is used to parse arguments from the command line
• argparse Python 3 only
  • This module is used to parse arguments from the command line
• smtplib
  • This module is used to send emails from Python script

Python 2.7.x python execute_command.py -e --email (email address to send output to) -p --password (email password)

Python 3 python3 execute_command.py -e --email (email address to send output to) -p --password (email password)

A simple script used to download files to the target system.

The following modules were used in this script:

• requests
  • This module allows the script to send requests to the Internet.
• optparse
  • This module is used to parse arguments from the command line
• argparse Python 3 only
  • This module is used to parse arguments from the command line

Python 2.7.x python download.py -t --target (target URL)

Python 3 python3 download.py -t --target (target URL)

A simple script used to extract passwords from a target host.

The following modules were used in this script:

• subprocess
• optparse
• requests
• tempfile
• smtplib
• os

Python 2.7.x python

Python 3 python3

A simple keylogger class.

The following modules were used in this script:

• pynput
  • This module allows the script to monitor for keyboard and mouse activity.
• threading
  • This module

• smtplib

Python 2.7.x python keylogger.py

Python 3 python3 keylogger.py

A simple backdoor script.

The following modules were used in this script:

• socket
• optparse
• subprocess

Python 2.7.x python keylogger.py

Python 3 python3 keylogger.py

A simple listener script.

The following modules were used in this script:

• socket
• optparse

Python 2.7.x python keylogger.py

Python 3 python3 keylogger.py

A simple script to crawl a URL checking for all available links.

The following modules were used in this script:

• requests
• optparse
• urlparse
• re

Python 2.7.x python spider.py -t --target (target URL)

Python 3 python3 spider.py -t --target (target URL)