Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

Last update: Jan 01, 2023

Overview

RedTeam Toolkit

Note: Only legal activities should be conducted with this project.
Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teaming together for the security specialist to identify vulnerabilities.

The cybersecurity open-source projects are integrated what will be a powerful toolkit together.

Currently it supports the following options:

FullScan (scan ports and vulnerabilities/CVEs on the target - PDF output)
Livehosts (scan all live hosts in the network scale - PDF output)
DirScan (scan all directories on a target - PDF output)
CVE Description ( CveID Search)
SSH Dictionary Attack
RDP BruteForce
WebApps Section
- F5 BIG-IP PoC ( CVE-2022-1388 )
- Apache Path Traversal PoC ( CVE-2021-41773 )
- Automated XSS Finder
- Web Crawler for gathering URLs
- SubDomain Enumeration
- HTTP Verb Tampering
- (SQLi will be added soon)
Windows Section (Being updated, other major CVEs will be added)
- Microsoft Exchange ProxyShell PoC ( CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 )
Linux Section to implement major Linux CVEs (UNDER MAINTENANCE)

📘 Installation Guide

Dockerized version of the Web-App is available now:

git clone https://github.com/signorrayan/RedTeam_toolkit.git && cd RedTeam_toolkit
docker-compose -f docker-compose.yml up -d --build && docker-compose -f docker-compose.yml exec webapp python manage.py createsuperuser
# Create your local user and webapp will be available on --------> 127.0.0.1:4334

If you prefer to build the project from scratch, you can find the installation guide in the Installation wiki page .
Please refer to Additional Information page about toolkit modules.

💻 Demo

You can find the Demo gifs in the Demo page

🔱 Contributing

Thanks to all Open-Source projects that helped me in this project .

❗ You see any issues
💫 You can make the project works better
💡 You have any suggestions/ideas such as adding other open-source tools
🌟 You have created a script that can add an useful functionality to this project and solve a problem

Please consider contributing to this project .
If you want to help us, don't be afraid to contribute! We have many things you can do to help out.
To contributing you can create an issue or (better) you can fork & create a pull request.

if you do not know where to start, please contact me by email [email protected]

Comments

Cannot download report

when im done scan i cannot download report even i see the "download" button in blue light and btw please help me why redteamtoolkit sometime put right passwd and username but is still show wrong passwd or user ? Thanks <3

opened by manhcot 7
cve desc problem ?

Hello signorrayan,

Is the CVE description tool is maintenance? I tried to search for several CVEs but without positive return.

CVE DESCRIPTION 2021-26408 The requested CVE is not found.

Thanks a lot.

opened by sephirothac 5
FATAL: password authentication failed for user "redteamuser"

Hello,

Thank you for your work on this project, I followed what you recommend for the deployment of your tool but I have an error for the creation of a user account for the frontweb of your tool.

Thank you very much for your help.

file .env SECRET_KEY='*********************************' SQL_HOST=db ALLOWED_HOSTS=localhost,127.0.0.1 SQL_DATABASE=redteam_toolkit_db SQL_USER=redteamuser SQL_PASSWORD=147r258r DATABASE=postgres

docker-compose -f docker-compose.yml up -d --build && docker-compose -f docker-compose.yml exec webapp python manage.py createsuperuser

/usr/local/lib/python3.8/site-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated "class": algorithms.Blowfish, Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 225, in connect self.connection = self.get_new_connection(conn_params) File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 203, in get_new_connection connection = Database.connect(**conn_params) File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 122, in connect conn = _connect(dsn, connection_factory=connection_factory, **kwasync) psycopg2.OperationalError: connection to server at "db" (192.168.160.2), port 5432 failed: FATAL: password authentication failed for user "redteamuser"

The above exception was the direct cause of the following exception:

Traceback (most recent call last): File "manage.py", line 22, in main() File "manage.py", line 18, in main execute_from_command_line(sys.argv) File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 446, in execute_from_command_line utility.execute() File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 440, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 414, in run_from_argv self.execute(*args, **cmd_options) File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 87, in execute return super().execute(*args, **options) File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 459, in execute self.check_migrations() File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 576, in check_migrations executor = MigrationExecutor(connections[DEFAULT_DB_ALIAS]) File "/usr/local/lib/python3.8/site-packages/django/db/migrations/executor.py", line 18, in init self.loader = MigrationLoader(self.connection) File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 58, in init self.build_graph() File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 235, in build_graph self.applied_migrations = recorder.applied_migrations() File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 81, in applied_migrations if self.has_table(): File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 57, in has_table with self.connection.cursor() as cursor: File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 284, in cursor return self._cursor() File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 260, in _cursor self.ensure_connection() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/db/utils.py", line 91, in exit raise dj_exc_value.with_traceback(traceback) from exc_value File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 244, in ensure_connection self.connect() File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 225, in connect self.connection = self.get_new_connection(conn_params) File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner return func(*args, **kwargs) File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 203, in get_new_connection connection = Database.connect(**conn_params) File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 122, in connect conn = _connect(dsn, connection_factory=connection_factory, **kwasync) django.db.utils.OperationalError: connection to server at "db" (192.168.160.2), port 5432 failed: FATAL: password authentication failed for user "redteamuser"

ERROR: 1

opened by sephirothac 4
python manage.py makemigrations (decouple.UndefinedValueError)

Hi When trying to execute this command, the following error raises:

Traceback (most recent call last): File "/home/hack/RedTeam_toolkit/manage.py", line 22, in main() File "/home/hack/RedTeam_toolkit/manage.py", line 18, in main execute_from_command_line(sys.argv) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 425, in execute_from_command_line utility.execute() File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 369, in execute settings.INSTALLED_APPS File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 84, in getattr self._setup(name) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 71, in _setup self._wrapped = Settings(settings_module) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 179, in init mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib/python3.9/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1030, in _gcd_import File "", line 1007, in _find_and_load File "", line 986, in _find_and_load_unlocked File "", line 680, in _load_unlocked File "", line 850, in exec_module File "", line 228, in _call_with_frames_removed File "/home/hack/RedTeam_toolkit/RedTeam_toolkit/settings.py", line 27, in SECRET_KEY = config("SECRET_KEY") File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 243, in call return self.config(*args, **kwargs) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 105, in call return self.get(*args, **kwargs) File "/home/hack/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 90, in get raise UndefinedValueError('{} not found. Declare it as envvar or define a default value.'.format(option)) decouple.UndefinedValueError: SECRET_KEY not found. Declare it as envvar or define a default value.

And here are the files in the folder:

Demo LICENSE.md manage.py README.md RedTeam_toolkit requirements.txt SECRET_KEY.env toolkit venv

opened by Abd659 1
python manage.py makemigrations error

python manage.py makemigrations 1 ⨯ Traceback (most recent call last): File "/home/monkey/RedTeam_toolkit/manage.py", line 22, in main() File "/home/monkey/RedTeam_toolkit/manage.py", line 18, in main execute_from_command_line(sys.argv) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 425, in execute_from_command_line utility.execute() File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/core/management/init.py", line 369, in execute settings.INSTALLED_APPS File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 84, in getattr self._setup(name) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 71, in _setup self._wrapped = Settings(settings_module) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/django/conf/init.py", line 179, in init mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib/python3.9/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1030, in _gcd_import File "", line 1007, in _find_and_load File "", line 986, in _find_and_load_unlocked File "", line 680, in load_unlocked File "", line 850, in exec_module File "", line 228, in call_with_frames_removed File "/home/monkey/RedTeam_toolkit/RedTeam_toolkit/settings.py", line 27, in SECRET_KEY = config("l=s6j#f6(0*%r956dx%7fx([email protected]$m(%+kb7)ng=^4li6fhs2yt") File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 206, in call return self.config(*args, **kwargs) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 90, in call return self.get(*args, *kwargs) File "/home/monkey/RedTeam_toolkit/venv/lib/python3.9/site-packages/decouple.py", line 75, in get raise UndefinedValueError('{} not found. Declare it as envvar or define a default value.'.format(option)) decouple.UndefinedValueError: l=s6j#f6(0%r956dx%7fx([email protected]$m(%+kb7)ng=^4li6fhs2yt not found. Declare it as envvar or define a default value.

opened by phanthuthao 1
Bump django from 3.2.6 to 3.2.10
Bumps django from 3.2.6 to 3.2.10.

Commits

0153a63 [3.2.x] Bumped version for 3.2.10 release.

333c656 [3.2.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream...

6014b81 [3.2.x] Refs #33333 -- Fixed PickleabilityTestCase.test_annotation_with_calla...

cb724ef [3.2.x] Fixed #33333 -- Fixed setUpTestData() crash with models.BinaryField o...

0cf2d48 [3.2.x] Added requirements.txt to files ignored by Sphinx builds.

487a2da [3.2.x] Added stub release notes and release date for 3.2.10, 3.1.14 and 2.2.25.

742d6bc [3.2.x] Corrected signatures of QuerySet's methods.

99532fd [3.2.x] Corrected isort example in coding style docs.

31539a6 [3.2.x] Corrected "pip install" call in coding style docs.

76a0a8a [3.2.x] Configured Read The Docs to build all formats.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
[Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1
This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

requirements.txt

⚠️ Warning

paramiko 2.11.0 requires pynacl, which is not installed.

Vulnerabilities that will be fixed

By pinning:

Severity | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
SNYK-PYTHON-SETUPTOOLS-3113904 | setuptools:
39.0.1 -> 65.5.1
| No | No Known Exploit

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
opened by signorrayan 0
[Snyk] Security upgrade python from 3.9.14-bullseye to 3.9.16-bullseye
This PR was automatically created by Snyk using the credentials of a real user.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Changes included in this PR

Dockerfile

We recommend upgrading to python:3.9.16-bullseye, as this image has only 272 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

| Severity | Priority Score / 1000 | Issue | Exploit Maturity | | :------: | :-------------------- | :---- | :--------------- | | | 614 | XML External Entity (XXE) Injection
SNYK-DEBIAN11-LIBXML2-3059797 | No Known Exploit | | | 614 | Integer Overflow or Wraparound
SNYK-DEBIAN11-LIBXML2-3059801 | No Known Exploit | | | **** | CVE-2022-46908
SNYK-DEBIAN11-SQLITE3-3167788 | No Known Exploit | | | **** | CVE-2022-46908
SNYK-DEBIAN11-SQLITE3-3167788 | No Known Exploit | | | 500 | Numeric Errors
SNYK-DEBIAN11-TIFF-3113871 | No Known Exploit |

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
opened by signorrayan 0
Bump certifi from 2022.5.18 to 2022.12.7
Bumps certifi from 2022.5.18 to 2022.12.7.

Commits

9e9e840 2022.12.07

b81bdb2 2022.09.24

939a28f 2022.09.14

aca828a 2022.06.15.2

de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...

b8eb5e9 2022.06.15.1

47fb7ab Fix deprecation warning on Python 3.11 (#199)

b0b48e0 fixes #198 -- update link in license

9d514b4 2022.06.15

4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump pillow from 9.2.0 to 9.3.0
Bumps pillow from 9.2.0 to 9.3.0.

Release notes

Sourced from pillow's releases.

9.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

Changes

Initialize libtiff buffer when saving #6699 [@radarhere]

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [@wiredfool]

Inline fname2char to fix memory leak #6329 [@nulano]

Fix memory leaks related to text features #6330 [@nulano]

Use double quotes for version check on old CPython on Windows #6695 [@hugovk]

GHA: replace deprecated set-output command with GITHUB_OUTPUT file #6697 [@nulano]

Remove backup implementation of Round for Windows platforms #6693 [@cgohlke]

Upload fribidi.dll to GitHub Actions #6532 [@nulano]

Fixed set_variation_by_name offset #6445 [@radarhere]

Windows build improvements #6562 [@nulano]

Fix malloc in _imagingft.c:font_setvaraxes #6690 [@cgohlke]

Only use ASCII characters in C source file #6691 [@cgohlke]

Release Python GIL when converting images using matrix operations #6418 [@hmaarrfk]

Added ExifTags enums #6630 [@radarhere]

Do not modify previous frame when calculating delta in PNG #6683 [@radarhere]

Added support for reading BMP images with RLE4 compression #6674 [@npjg]

Decode JPEG compressed BLP1 data in original mode #6678 [@radarhere]

pylint warnings #6659 [@marksmayo]

Added GPS TIFF tag info #6661 [@radarhere]

Added conversion between RGB/RGBA/RGBX and LAB #6647 [@radarhere]

Do not attempt normalization if mode is already normal #6644 [@radarhere]

Fixed seeking to an L frame in a GIF #6576 [@radarhere]

Consider all frames when selecting mode for PNG save_all #6610 [@radarhere]

Don't reassign crc on ChunkStream close #6627 [@radarhere]

Raise a warning if NumPy failed to raise an error during conversion #6594 [@radarhere]

Only read a maximum of 100 bytes at a time in IMT header #6623 [@radarhere]

Show all frames in ImageShow #6611 [@radarhere]

Allow FLI palette chunk to not be first #6626 [@radarhere]

If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode #6592 [@radarhere]

Round box position to integer when pasting embedded color #6517 [@radarhere]

Removed EXIF prefix when saving WebP #6582 [@radarhere]

Pad IM palette to 768 bytes when saving #6579 [@radarhere]

Added DDS BC6H reading #6449 [@ShadelessFox]

Added support for opening WhiteIsZero 16-bit integer TIFF images #6642 [@JayWiz]

Raise an error when allocating translucent color to RGB palette #6654 [@jsbueno]

Moved mode check outside of loops #6650 [@radarhere]

Added reading of TIFF child images #6569 [@radarhere]

Improved ImageOps palette handling #6596 [@PososikTeam]

Defer parsing of palette into colors #6567 [@radarhere]

Apply transparency to P images in ImageTk.PhotoImage #6559 [@radarhere]

Use rounding in ImageOps contain() and pad() #6522 [@bibinhashley]

Fixed GIF remapping to palette with duplicate entries #6548 [@radarhere]

Allow remap_palette() to return an image with less than 256 palette entries #6543 [@radarhere]

Corrected BMP and TGA palette size when saving #6500 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

9.3.0 (2022-10-29)

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

Initialize libtiff buffer when saving #6699 [radarhere]

Inline fname2char to fix memory leak #6329 [nulano]

Fix memory leaks related to text features #6330 [nulano]

Use double quotes for version check on old CPython on Windows #6695 [hugovk]

Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

Fixed set_variation_by_name offset #6445 [radarhere]

Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

Added ExifTags enums #6630 [radarhere]

Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

Added GPS TIFF tag info #6661 [radarhere]

Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

Do not attempt normalization if mode is already normal #6644 [radarhere]

... (truncated)

Commits

d594f4c Update CHANGES.rst [ci skip]

909dc64 9.3.0 version bump

1a51ce7 Merge pull request #6699 from hugovk/security-libtiff_buffer

2444cdd Merge pull request #6700 from hugovk/security-samples_per_pixel-sec

744f455 Added release notes

0846bfa Add to release notes

799a6a0 Fix linting

00b25fd Hide UserWarning in logs

05b175e Tighter test case

13f2c5a Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
[Snyk] Security upgrade pillow from 9.1.1 to 9.2.0
This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

requirements.txt

⚠️ Warning

proxy-db 0.3.1 requires sqlalchemy, which is not installed. paramiko 2.11.0 requires pynacl, which is not installed.

Vulnerabilities that will be fixed

By pinning:

Severity | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:-------------------------|:------------------------- | Denial of Service (DoS)
SNYK-PYTHON-PILLOW-3113875 | pillow:
9.1.1 -> 9.2.0
| No | No Known Exploit | Denial of Service (DoS)
SNYK-PYTHON-PILLOW-3113876 | pillow:
9.1.1 -> 9.2.0
| No | No Known Exploit

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS) 🦉 Denial of Service (DoS)
opened by signorrayan 0
[Snyk] Security upgrade gitpython from 3.1.29 to 3.1.30
Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

requirements.txt

⚠️ Warning

paramiko 2.12.0 requires pynacl, which is not installed.

Vulnerabilities that will be fixed

By pinning:

Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- | 619/1000
Why? Has a fix available, CVSS 8.1 | Remote Code Execution (RCE)
SNYK-PYTHON-GITPYTHON-3113858 | gitpython:
3.1.29 -> 3.1.30
| No | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)
opened by snyk-bot 0
[Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1
This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

requirements.txt

⚠️ Warning

paramiko 2.12.0 requires pynacl, which is not installed.

Vulnerabilities that will be fixed

By pinning:

Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- | 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
SNYK-PYTHON-SETUPTOOLS-3180412 | setuptools:
39.0.1 -> 65.5.1
| No | No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
opened by signorrayan 0
request bruteforce ntlm

Hello,

Can you add in the solution the possibility to make brute force ntlm hash via hashcat or other, a little bit similar to this solution https://github.com/arcaneiceman/kraken
enhancement feature

opened by sephirothac 1
rdpbruteforce error

Hello,

Again thank you for your help I think that has a problem for the rdpbruteforce here is the log return:

"GET /windows/rdpbruteforce/ HTTP/1.1" 200 3662 Internal Server Error: /windows/rdpbruteforce/ Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py", line 55, in inner response = get_response(request) File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 197, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/decorators.py", line 23, in _wrapped_view return view_func(request, *args, **kwargs) File "/usr/src/redteam_toolkit/toolkit/views.py", line 238, in rdpbruteforce result = rdpbrute.rdpbrute_script(ip) File "/usr/src/redteam_toolkit/toolkit/scripts/windows/rdpbrute.py", line 15, in rdpbrute_script p = subprocess.run( File "/usr/local/lib/python3.8/subprocess.py", line 493, in run with Popen(*popenargs, **kwargs) as process: File "/usr/local/lib/python3.8/subprocess.py", line 858, in init self._execute_child(args, executable, preexec_fn, close_fds, File "/usr/local/lib/python3.8/subprocess.py", line 1704, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) FileNotFoundError: [Errno 2] No such file or directory: '/usr/src/redteam_toolkit/venv/bin/python' "POST /windows/rdpbruteforce/ HTTP/1.1" 500 93785

Thank you for your work.

opened by sephirothac 10

Releases(v0.1.5)

v0.1.5(May 9, 2022)
The Dockerized version (#19 ) of the RedTeam Toolkit. is deployed now Moreover, it now includes the following new modules:

CVE-2022-1388 PoC (for F5 BIG-IP

Automated XSS Finder

A new module for content discovery (Gathering all URLs)

Source code(tar.gz)
Source code(zip)
v0.1.4(Dec 16, 2021)
What's Changed

Add custom port for SSH Dictionary Attack.

Redesign SSH Dictionary attack output.

Django 4.0

Update Packages

Full Changelog: https://github.com/signorrayan/RedTeam_toolkit/compare/v0.1.3...v0.1.4
Source code(tar.gz)
Source code(zip)
v0.1.3(Dec 1, 2021)
Overview

Support 11 modules in 8 section.

Support multiprocessing in PDF output modules.

URL gathering and subdomain finder improvement.

What's Changed

GitHub Action to lint Python code by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/1

Make bandit and mypy mandatory tests by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/2

Add a simple test by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/3

black --check . by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/6

Make black a mandatory test by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/7

Make isort --profile black . a mandatory test (again) by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/9

import sys Is already done on line 8 by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/10

Update README.md by @signorrayan in https://github.com/signorrayan/RedTeam_toolkit/pull/13

Fix flake8 E713 test for membership should be 'not in' by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/12

Shreder Contributor by @enty8080 in https://github.com/signorrayan/RedTeam_toolkit/pull/14

Bump sqlparse from 0.4.1 to 0.4.2 by @dependabot in https://github.com/signorrayan/RedTeam_toolkit/pull/15

Fix 25 flake8 F403 and F405 issues by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/16

Fix flake8 F841 local variable is assigned to but never used by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/17

Make more flake8 tests mandatory by @cclauss in https://github.com/signorrayan/RedTeam_toolkit/pull/18

Referring information

Check Installation Guide

Check Demo

Check Additional Information about Modules

New Contributors

@cclauss made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/1

@signorrayan made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/13

@enty8080 made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/14

@dependabot made their first contribution in https://github.com/signorrayan/RedTeam_toolkit/pull/15

Full Changelog: https://github.com/signorrayan/RedTeam_toolkit/commits/v0.1.3
Source code(tar.gz)
Source code(zip)

Owner

Mohammadreza Sarayloo

GitHub Repository

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798

12 Nov 18, 2022

OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the

omigood (OM I GOOD?) This repository contains a free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threa

13 Jul 13, 2022

RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API.

RapiDAST RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API. Its core engine is OWASP Z

17 Nov 11, 2022

CVE-2022-21907 - Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907

CVE-2022-21907 Description POC for CVE-2022-21907: Windows HTTP协议栈远程代码执行漏洞 creat

365 Nov 30, 2022

Password list generator for password spraying - prebaked with goodies

Generates permutations of Months, Seasons, Years, Sports Teams (NFL, NBA, MLB, NHL), Sports Scores, "Password", and even Iterable Keyspaces of a specified size.

65 Dec 22, 2022

This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things.

Fuzzing PDFs like its 1990s This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things. Some discl

14 Sep 30, 2022

Docker Compose based system for running remote browsers (including Flash and Java support) connected to web archives

pywb Remote Browsers This repository provides a simple configuration for deploying any pywb with remote browsers provided by OWT/Shepherd Remote Brows

10 Jul 28, 2022

A tool to crack a wifi password with a help of wordlist

A tool to crack a wifi password with a help of wordlist. This may take long to crack a wifi depending upon number of passwords your wordlist contains. Also it is slower as compared to social media ac

144 Dec 29, 2022

macOS Initial Access Payload Generator

Mystikal macOS Initial Access Payload Generator Related Blog Post: https://posts.specterops.io/introducing-mystikal-4fbd2f7ae520 Usage: Install Xcode

206 Dec 31, 2022

Raphael is a vulnerability scanning tool based on Python3.

Raphael Raphael是一款基于Python3开发的插件式漏洞扫描工具。 Raphael is a vulnerability scanning too

5 Mar 21, 2022

DCSync - DCSync Attack from Outside using Impacket

Adding DCSync Permissions Mostly copypasta from https://github.com/tothi/rbcd-at

77 Dec 16, 2022

The Linux defender anti-virus software ported to work on CentOS Linux.

By: Seanpm2001, Et; Al. Top README.md Read this article in a different language Sorted by: A-Z Sorting options unavailable ( af Afrikaans Afrikaans |

2 Sep 12, 2022

This is a simple Port Flooder written in Python 3.

This is a simple Port Flooder written in Python 3. Use this tool to quickly stress test your network devices and measure your router's or server's load.

4 Feb 20, 2022

Visibility and Mitigation for Log4J vulnerabilities

Visibility and Mitigation for Log4J vulnerabilities Several scripts for the visibility and mitigation of Log4J vulnerabilities. Static Scanner - Linux

15 May 21, 2022

A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask.

PWInput A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask. Installatio

26 Sep 04, 2022

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

Related tags

Overview

RedTeam Toolkit

📘 Installation Guide

💻 Demo

🔱 Contributing

Comments

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

By pinning:

Changes included in this PR

9.3.0

Changes

9.3.0 (2022-10-29)

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

By pinning:

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

By pinning:

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

By pinning:

Releases(v0.1.5)

v0.1.5(May 9, 2022)

v0.1.4(Dec 16, 2021)

What's Changed

v0.1.3(Dec 1, 2021)

Overview

What's Changed

Referring information

New Contributors

Owner

Mohammadreza Sarayloo

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the

RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API.

CVE-2022-21907 - Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907

Password list generator for password spraying - prebaked with goodies

This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things.

Docker Compose based system for running remote browsers (including Flash and Java support) connected to web archives

A tool to crack a wifi password with a help of wordlist

macOS Initial Access Payload Generator

Raphael is a vulnerability scanning tool based on Python3.

DCSync - DCSync Attack from Outside using Impacket

The Linux defender anti-virus software ported to work on CentOS Linux.

This is a simple Port Flooder written in Python 3.

Visibility and Mitigation for Log4J vulnerabilities

A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask.

VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit

Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp

You can crack any zip file and get the password.

Backdoor is a term that refers to the access of the software or hardware of a computer system without being detected.

A web-app helping to create strong passwords that are easy to remember.