Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

Logo


License: MIT made-with-python Docker Linux lint_python Code style: black

RedTeam Toolkit

Note: Only legal activities should be conducted with this project.
Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teaming together for the security specialist to identify vulnerabilities.

The cybersecurity open-source projects are integrated what will be a powerful toolkit together.


Currently it supports the following options:

  • FullScan (scan ports and vulnerabilities/CVEs on the target - PDF output)
  • Livehosts (scan all live hosts in the network scale - PDF output)
  • DirScan (scan all directories on a target - PDF output)
  • CVE Description ( CveID Search)
  • SSH Dictionary Attack
  • RDP BruteForce
  • WebApps Section
    • F5 BIG-IP PoC ( CVE-2022-1388 )
    • Apache Path Traversal PoC ( CVE-2021-41773 )
    • Automated XSS Finder
    • Web Crawler for gathering URLs
    • SubDomain Enumeration
    • HTTP Verb Tampering
    • (SQLi will be added soon)
  • Windows Section (Being updated, other major CVEs will be added)
    • Microsoft Exchange ProxyShell PoC ( CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 )
  • Linux Section to implement major Linux CVEs (UNDER MAINTENANCE)

    Demo

ūüďė Installation Guide

Dockerized version of the Web-App is available now:

git clone https://github.com/signorrayan/RedTeam_toolkit.git && cd RedTeam_toolkit
docker-compose -f docker-compose.yml up -d --build && docker-compose -f docker-compose.yml exec webapp python manage.py createsuperuser
# Create your local user and webapp will be available on --------> 127.0.0.1:4334

ūüíĽ Demo

You can find the Demo gifs in the Demo page

ūüĒĪ Contributing

Thanks to all Open-Source projects that helped me in this project .

If

  • ‚Ěó You see any issues
  • ūüíę You can make the project works better
  • ūüí° You have any suggestions/ideas such as adding other open-source tools
  • ūüĆü You have created a script that can add an useful functionality to this project and solve a problem

Please consider contributing to this project .
If you want to help us, don't be afraid to contribute! We have many things you can do to help out.
To contributing you can create an issue or (better) you can fork & create a pull request.

if you do not know where to start, please contact me by email [email protected]

Comments
  • cve desc problem ?

    cve desc problem ?

    Hello signorrayan,

    Is the CVE description tool is maintenance? I tried to search for several CVEs but without positive return.

    CVE DESCRIPTION 2021-26408 The requested CVE is not found.

    Thanks a lot.

  • FATAL:  password authentication failed for user

    FATAL: password authentication failed for user "redteamuser"

    Hello,

    Thank you for your work on this project, I followed what you recommend for the deployment of your tool but I have an error for the creation of a user account for the frontweb of your tool.

    Thank you very much for your help.

    file .env SECRET_KEY='*********************************' SQL_HOST=db ALLOWED_HOSTS=localhost,127.0.0.1 SQL_DATABASE=redteam_toolkit_db SQL_USER=redteamuser SQL_PASSWORD=147r258r DATABASE=postgres

    docker-compose -f docker-compose.yml up -d --build && docker-compose -f docker-compose.yml exec webapp python manage.py createsuperuser

    /usr/local/lib/python3.8/site-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated "class": algorithms.Blowfish, Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 225, in connect self.connection = self.get_new_connection(conn_params) File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 203, in get_new_connection connection = Database.connect(**conn_params) File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 122, in connect conn = _connect(dsn, connection_factory=connection_factory, **kwasync) psycopg2.OperationalError: connection to server at "db" (192.168.160.2), port 5432 failed: FATAL: password authentication failed for user "redteamuser"

    The above exception was the direct cause of the following exception:

    Traceback (most recent call last): File "manage.py", line 22, in main() File "manage.py", line 18, in main execute_from_command_line(sys.argv) File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 446, in execute_from_command_line utility.execute() File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 440, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 414, in run_from_argv self.execute(*args, **cmd_options) File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 87, in execute return super().execute(*args, **options) File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 459, in execute self.check_migrations() File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 576, in check_migrations executor = MigrationExecutor(connections[DEFAULT_DB_ALIAS]) File "/usr/local/lib/python3.8/site-packages/django/db/migrations/executor.py", line 18, in init self.loader = MigrationLoader(self.connection) File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 58, in init self.build_graph() File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 235, in build_graph self.applied_migrations = recorder.applied_migrations() File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 81, in applied_migrations if self.has_table(): File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 57, in has_table with self.connection.cursor() as cursor: File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 284, in cursor return self._cursor() File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 260, in _cursor self.ensure_connection() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/db/utils.py", line 91, in exit raise dj_exc_value.with_traceback(traceback) from exc_value File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 225, in connect self.connection = self.get_new_connection(conn_params) File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 203, in get_new_connection connection = Database.connect(**conn_params) File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 122, in connect conn = _connect(dsn, connection_factory=connection_factory, **kwasync) django.db.utils.OperationalError: connection to server at "db" (192.168.160.2), port 5432 failed: FATAL: password authentication failed for user "redteamuser"

    ERROR: 1

  • python manage.py makemigrations (decouple.UndefinedValueError)

    python manage.py makemigrations (decouple.UndefinedValueError)

    Hi When trying to execute this command, the following error raises:

    Traceback (most recent call last): File "/home/hack/RedTeam_toolkit/manage.py", line 22, in main() File "/home/hack/RedTeam_toolkit/manage.py", line 18, in main execute_from_command_line(sys.argv) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 425, in execute_from_command_line utility.execute() File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 369, in execute settings.INSTALLED_APPS File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 84, in getattr self._setup(name) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 71, in _setup self._wrapped = Settings(settings_module) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 179, in init mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib/python3.9/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1030, in _gcd_import File "", line 1007, in _find_and_load File "", line 986, in _find_and_load_unlocked File "", line 680, in _load_unlocked File "", line 850, in exec_module File "", line 228, in _call_with_frames_removed File "/home/hack/RedTeam_toolkit/RedTeam_toolkit/settings.py", line 27, in SECRET_KEY = config("SECRET_KEY") File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 243, in call return self.config(*args, **kwargs) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 105, in call return self.get(*args, **kwargs) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 90, in get raise UndefinedValueError('{} not found. Declare it as envvar or define a default value.'.format(option)) decouple.UndefinedValueError: SECRET_KEY not found. Declare it as envvar or define a default value.

    And here are the files in the folder:

    Demo LICENSE.md manage.py README.md RedTeam_toolkit requirements.txt SECRET_KEY.env toolkit venv

  • python manage.py makemigrations  error

    python manage.py makemigrations error

    python manage.py makemigrations 1 ‚®Į Traceback (most recent call last): File "/home/monkey/RedTeam_toolkit/manage.py", line 22, in main() File "/home/monkey/RedTeam_toolkit/manage.py", line 18, in main execute_from_command_line(sys.argv) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 425, in execute_from_command_line utility.execute() File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 369, in execute settings.INSTALLED_APPS File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 84, in getattr self._setup(name) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 71, in _setup self._wrapped = Settings(settings_module) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 179, in init mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib/python3.9/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1030, in _gcd_import File "", line 1007, in _find_and_load File "", line 986, in _find_and_load_unlocked File "", line 680, in load_unlocked File "", line 850, in exec_module File "", line 228, in call_with_frames_removed File "/home/monkey/RedTeam_toolkit/RedTeam_toolkit/settings.py", line 27, in SECRET_KEY = config("l=s6j#f6(0*%r956dx%7fx([email protected]$m(%+kb7)ng=^4li6fhs2yt") File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 206, in call return self.config(*args, **kwargs) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 90, in call return self.get(*args, *kwargs) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 75, in get raise UndefinedValueError('{} not found. Declare it as envvar or define a default value.'.format(option)) decouple.UndefinedValueError: l=s6j#f6(0%r956dx%7fx([email protected]$m(%+kb7)ng=^4li6fhs2yt not found. Declare it as envvar or define a default value.

  • Bump django from 3.2.6 to 3.2.10

    Bump django from 3.2.6 to 3.2.10

    Bumps django from 3.2.6 to 3.2.10.

    Commits
    • 0153a63 [3.2.x] Bumped version for 3.2.10 release.
    • 333c656 [3.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream...
    • 6014b81 [3.2.x] Refs #33333 -- Fixed PickleabilityTestCase.test_annotation_with_calla...
    • cb724ef [3.2.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField o...
    • 0cf2d48 [3.2.x] Added requirements.txt to files ignored by Sphinx builds.
    • 487a2da [3.2.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25.
    • 742d6bc [3.2.x] Corrected signatures of QuerySet's methods.
    • 99532fd [3.2.x] Corrected isort example in coding style docs.
    • 31539a6 [3.2.x] Corrected "pip install" call in coding style docs.
    • 76a0a8a [3.2.x] Configured Read The Docs to build all formats.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump django from 4.0.2 to 4.0.4

    Bump django from 4.0.2 to 4.0.4

    Bumps django from 4.0.2 to 4.0.4.

    Commits
    • 89807fb [4.0.x] Bumped version for 4.0.4 release.
    • 00b0fc5 [4.0.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against...
    • 8008288 [4.0.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), a...
    • 78e553b [4.0.x] Fixed #33628 -- Ignored directories with empty names in autoreloader ...
    • 7700084 [4.0.x] Added stub release notes and release date for 4.0.4, 3.2.13, and 2.2.28.
    • 5137416 [4.0.x] Fixed #32129 -- Adjusted the docs for session expiry helpers.
    • 7d540d6 [4.0.x] Fixed #33598 -- Reverted "Removed unnecessary reuse_with_filtered_rel...
    • f62816b [4.0.x] Updated Oracle docs links to Oracle 21c.
    • 0da9053 [4.0.x] Updated various links to HTTPS and new locations.
    • 7f69c0d [4.0.x] Corrected models.FileField signature in docs.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump paramiko from 2.9.2 to 2.10.1

    Bump paramiko from 2.9.2 to 2.10.1

    Bumps paramiko from 2.9.2 to 2.10.1.

    Commits
    • 286bd9f Cut 2.10.1
    • 4c491e2 Fix CVE re: PKey.write_private_key chmod race
    • aa3cc6f Cut 2.10.0
    • e50e19f Fix up changelog entry with real links
    • 02ad67e Helps to actually leverage your mocked system calls
    • 29d7bf4 Clearly our agent stuff is not fully tested yet...
    • 5fcb8da OpenSSH docs state %C should also work in IdentityFile and Match exec
    • 1bf3dce Changelog enhancement
    • f6342fc Prettify, add %C as acceptable controlpath token, mock gethostname
    • 3f3451f Add to changelog
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump django from 4.0.1 to 4.0.2

    Bump django from 4.0.1 to 4.0.2

    Bumps django from 4.0.1 to 4.0.2.

    Commits
    • b12be7a [4.0.x] Bumped version for 4.0.2 release.
    • f9c7d48 [4.0.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
    • 0142204 [4.0.x] Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag.
    • 6928227 [4.0.x] Fixed #33480 -- Fixed makemigrations crash when renaming field of ren...
    • aff79be [4.0.x] Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on ...
    • 7a1c653 [4.0.x] Updated translations from Transifex.
    • 9a9c5b4 [4.0.x] Fixed #33459 -- Clarified index type in full text search docs.
    • 7c2d4d9 [4.0.x] Fixed #33462 -- Fixed migration crash when altering type of primary k...
    • f4de870 [4.0.x] Fixed #33048 -- Doc'd that DEBUG static files requests don't use midd...
    • f82ca84 [4.0.x] Fixed #33407 -- Fixed .radiolist admin CSS.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump django from 4.0 to 4.0.1

    Bump django from 4.0 to 4.0.1

    Bumps django from 4.0 to 4.0.1.

    Commits
    • 15aff7f [4.0.x] Bumped version for 4.0.1 release.
    • e1592e0 [4.0.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage sub...
    • 2a8ec7f [4.0.x] Fixed CVE-2021-45116 -- Fixed potential information disclosure in dic...
    • df79ef0 [4.0.x] Fixed CVE-2021-45115 -- Prevented DoS vector in UserAttributeSimilari...
    • 7753169 [4.0.x] Avoided suggestion of plain text database password in sessions topic.
    • fe59bf2 [4.0.x] Fixed #33391 -- Clarified Aggregate.empty_result_set_value docs.
    • b93fb3d [4.0.x] Improved @‚Äčdisplay(empty_value) example in ModelAdmin.empty_value_disp...
    • c46e996 [4.0.x] Fixed #27936 -- Rewrote spanning multi-valued relationships docs.
    • e9b023b [4.0.x] Added default values to Entry's fields in making queries docs.
    • 76d24d5 [4.0.x] Updated example of YAML serialization format in docs.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump pillow from 8.4.0 to 9.0.0

    Bump pillow from 8.4.0 to 9.0.0

    Bumps pillow from 8.4.0 to 9.0.0.

    Release notes

    Sourced from pillow's releases.

    9.0.0

    https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html

    Changes

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    9.0.0 (2022-01-02)

    • Restrict builtins for ImageMath.eval(). CVE-2022-22817 #5923 [radarhere]

    • Ensure JpegImagePlugin stops at the end of a truncated file #5921 [radarhere]

    • Fixed ImagePath.Path array handling. CVE-2022-22815, CVE-2022-22816 #5920 [radarhere]

    • Remove consecutive duplicate tiles that only differ by their offset #5919 [radarhere]

    • Improved I;16 operations on big endian #5901 [radarhere]

    • Limit quantized palette to number of colors #5879 [radarhere]

    • Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [radarhere]

    • When saving RGBA to GIF, make use of first transparent palette entry #5859 [radarhere]

    • Pass SAMPLEFORMAT to libtiff #5848 [radarhere]

    • Added rounding when converting P and PA #5824 [radarhere]

    • Improved putdata() documentation and data handling #5910 [radarhere]

    • Exclude carriage return in PDF regex to help prevent ReDoS #5912 [hugovk]

    • Fixed freeing pointer in ImageDraw.Outline.transform #5909 [radarhere]

    • Added ImageShow support for xdg-open #5897 [m-shinder, radarhere]

    • Support 16-bit grayscale ImageQt conversion #5856 [cmbruns, radarhere]

    • Convert subsequent GIF frames to RGB or RGBA #5857 [radarhere]

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Fix 25 flake8 F403 and F405 issues

    Fix 25 flake8 F403 and F405 issues

    1     F403 'from lib.core.common import *' used; unable to detect undefined names
    24    F405 'bcolors' may be undefined, or defined from star imports: lib.core.common
    
  • rdpbruteforce error

    rdpbruteforce error

    Hello,

    Again thank you for your help I think that has a problem for the rdpbruteforce here is the log return:

    "GET /windows/rdpbruteforce/ HTTP/1.1" 200 3662 Internal Server Error: /windows/rdpbruteforce/ Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py", line 55, in inner response = get_response(request) File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 197, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/decorators.py", line 23, in _wrapped_view return view_func(request, *args, **kwargs) File "/usr/src/redteam_toolkit/toolkit/views.py", line 238, in rdpbruteforce result = rdpbrute.rdpbrute_script(ip) File "/usr/src/redteam_toolkit/toolkit/scripts/windows/rdpbrute.py", line 15, in rdpbrute_script p = subprocess.run( File "/usr/local/lib/python3.8/subprocess.py", line 493, in run with Popen(*popenargs, **kwargs) as process: File "/usr/local/lib/python3.8/subprocess.py", line 858, in init self._execute_child(args, executable, preexec_fn, close_fds, File "/usr/local/lib/python3.8/subprocess.py", line 1704, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) FileNotFoundError: [Errno 2] No such file or directory: '/usr/src/redteam_toolkit/venv/bin/python' "POST /windows/rdpbruteforce/ HTTP/1.1" 500 93785

    Thank you for your work.

RedTeam-Security - In this repo you will get the information of Red Team Security related links
RedTeam-Security - In this repo you will get the information of Red Team Security related links

OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M

May 18, 2022
labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface
labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface

labsecurity labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface. Warning

May 6, 2022
Proof-of-concept obfuscation toolkit for C# post-exploitation tools
Proof-of-concept obfuscation toolkit for C# post-exploitation tools

InvisibilityCloak Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio proj

May 19, 2022
Python Toolkit containing different Cyber Attacks Tools
Python Toolkit containing different Cyber Attacks Tools

Helikopter Python Toolkit containing different Cyber Attacks Tools. Tools in Helikopter Toolkit 1. FattyNigger (PYTHON WORM) 2. Taxes (PYTHON PASS EXT

Mar 12, 2022
Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

The Recon-ng Framework Recon-ng content now available on Pluralsight! Recon-ng is a full-featured reconnaissance framework designed with the goal of p

May 19, 2022
A toolkit for web reconnaissance, it's fast and easy to use.
A toolkit for web reconnaissance, it's fast and easy to use.

A toolkit for web reconnaissance, it's fast and easy to use. File Structure httpsuite/ main.py init.py db/ db.py init.py subdomains_db directories_db

May 10, 2022
A python package with tools to read and postprocess the output of the channel DNS-solver (davecats/channel), as well as its associated postprocessing tools.

Python tools for davecats/channel A python package with tools to read and postprocess the output of the channel dns solver, as well as its associated

Dec 13, 2021
Writeups for wtf-CTF hosted by Manipal Information Security Team as part of Techweek2021- INCOGNITO
Writeups for wtf-CTF hosted by Manipal Information Security Team as part of Techweek2021- INCOGNITO

wtf-CTF_Writeups Table of Contents Table of Contents Crypto Misc Reverse Pwn Web Crypto wtf_Bot Author: Madjelly Join the discord server!You know how

Jun 7, 2021
Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking
Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Big-Papa is a remote cookie stealer which can then be used for session hijacking and Bypassing 2 Factor Authentication

Apr 24, 2022
D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.
D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.

Introduction fork from https://gitlab.com/eshard/d810 What is D-810 D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation

May 19, 2022
This is tools hacking for scan vuln in port web, happy using
This is tools hacking for scan vuln in port web, happy using

Xnuvers007 PortInjection this is tools hacking for scan vuln in port web, happy using view/show python 3.9 solo coder (tangerang) 19 y/o installation

Feb 8, 2022
Web-eyes - OSINT tools for website research
Web-eyes - OSINT tools for website research

WEB-EYES V1.0 web-eyes: OSINT tools for website research, 14 research methods ar

Mar 14, 2022
Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

django-permissions-policy Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app. Requirements Python 3.

Apr 27, 2022
An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several useful utilites to change the configuration of the device.

TMOHS1 Root Utility Description An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several

May 20, 2022
Detection tool of malware(s) by checksum (useful for forensic)

?? malware_checker.py Detection tool of malware(s) by checksum (useful for forensic) ?? Dependencies installation $ pip3 install -r requirements.txt

Jan 30, 2022
A web-app helping to create strong passwords that are easy to remember.
A web-app helping to create strong passwords that are easy to remember.

This is a simple Web-App that demonstrates a method of creating strong passwords that are still easy to remember. It also provides time estimates how long it would take an attacker to crack a password using the zxcvbn library developed by Dropbox.

Jun 4, 2021
A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Hcoder This is a python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Dec 6, 2021
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

Feb 24, 2022