• python flask教程,html格式

    python flask web开发框架教程,html格式,寻迹渐进。

  • lcx修改版,端口转发工具,内网端口转外网


  • wrodpress dos tools

    利用 xmlrpc.php 的漏洞对,wordpress drupal 等采用xmlrpc 服务的拒绝服务工具。

  • Tkinter Programming Code By Examples

    Tkinter python 例子,快速学习标准库实现python编程

  • hydra 7.2 win32

    H Y D R A (c) 2001-2012 by van Hauser / THC <vh@thc.org> http://www.thc.org co-maintained by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal <dlabaljan@gmail.com> Licensed under GPLv3 (see LICENSE file) INTRODUCTION ------------ Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system. THIS TOOL IS FOR LEGAL PURPOSES ONLY! There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallized connects. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD and OSX. Currently this tool supports: AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. However the module engine for new services is very easy so it won't take a long time until even more services are supported. Your help in writing, enhancing or fixing modules is highly appreciated!! :-) HOW TO COMPILE -------------- For hydra, just type: ./configure make make install If you need ssh module support, you have to setup libssh on your system, get it from http://www.libssh.org, for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. If you use Ubuntu, this will install supplementary libraries needed for a few optional modules: apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ firebird2.1-dev libncp-dev This enables all optional modules and features with the exception of Oracle, SAP R/3 and the apple filing protocol - which you will need to download and install from the vendor's web sites. For all other Linux derivates and BSD based systems, use the system software installer and look for similar named libraries like in the comand above. In all other cases you have to download all source libraries and compile them manually. SUPPORTED PLATFORMS ------------------- All UNIX platforms (linux, *bsd, solaris, etc.) Mac OS/X Windows with Cygwin (both ipv4 and ipv6) Mobile systems based on Linux or Mac OS/X (e.g. Android, iPhone, Zaurus, iPaq) HOW TO USE ---------- Type "./configure", followed by "make" to compile hydra and then "./hydra -h" to see the command line options. You make also type "make install" to install hydra to /usr/local/bin. Note that NO login/password file is included. Generate them yourself. For Linux users, a GTK gui is available, try "./xhydra" SPECIAL OPTIONS FOR MODULES --------------------------- Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m commandline option, you can pass one option to a module. Many modules use this, a few require it! To see the special option of a module, type: hydra -U <module> e.g. ./hydra -U http-post-form The special options can be passed via the -m parameter, as 3rd command line option or in the service://target/option format. Examples (they are all equal): ./hydra -l test -p test -m PLAIN imap ./hydra -l test -p test imap PLAIN ./hydra -l test -p test imap:// RESTORING AN ABORTED/CRASHED SESSION ------------------------------------ When hydra is aborted with Control-C, killed or crashs, it leavs a "hydra.restore" file behind which contains all necessary information to restore the session. This session file is written every 5 minutes. NOTE: if you are cracking parallel hosts (-M option), this feature doesnt work, and is therefore disabled! NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. from little indian to big indian, or from solaris to aix) HOW TO SCAN/CRACK OVER A PROXY ------------------------------ The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works just for the http/www service!). The following syntax is valid: HYDRA_PROXY_HTTP="" For all other services, use the HYDRA_PROXY variable to scan/crack via by default a web proxy's CONNECT call. It uses the same syntax. eg: HYDRA_PROXY=[http|socks4|socks5]://proxy_addr:proxy_port for example: HYDRA_PROXY=http://proxy.anonymizer.com:8000 If you require authentication for the proxy, use the HYDRA_PROXY_AUTH environment variable: HYDRA_PROXY_AUTH="the_login:the_password" ADDITIONAL HINTS ---------------- * sort your password files by likelihood and use the -u option to find passwords much faster! * uniq your dictionary files! this can save you a lot of time :-) cat words.txt | sort | uniq > dictionary.txt * if you know that the target is using a password policy (allowing users only to choose password with a minimum length of 6, containing a least one letter and one number, etc. use the tool pw-inspector which comes along with the hydra package to reduce the password list: cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt SPEED ----- through the parallizing feature, this password cracker tool can be very fast, however it depends on the protocol. The fastest are generally POP3 and FTP. Experiment with the task option (-t) to speed things up! The higher - the faster ;-) (but too high - and it disables the service) STATISTICS ---------- Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing 295 entries (294 tries invalid logins, 1 valid). Every test was run three times (only for "1 task" just once), and the average noted down. P A R A L L E L T A S K S SERVICE 1 4 8 16 32 50 64 100 128 ------- -------------------------------------------------------------------- telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 (*) Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with 128 tasks, running four times resulted in timings between 28 and 97 seconds! The reason for this is unknown... guesses per task (rounded up): 295 74 38 19 10 6 5 3 3 guesses possible per connect (depends on the server software and config): telnet 4 ftp 6 pop3 1 imap 3 BUGS & FEATURES --------------- Hydra: Email me or David if you find bugs or if you have written a new module. vh@thc.org (and put "antispam" in the subject line) David (dot) Maciejak @ gmail (dot) com Type Bits/KeyID Date User ID pub 2048/CDD6A571 1998/04/27 van Hauser / THC <vh@reptile.rug.ac.be> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzVE0A4AAAEIAOzKPhKBDFDyeTvMKQ1xx6781tEdIYgrkrsUEL6VoJ8H8CIU SeXDuCVu3JlMKITD6nPMFJ/DT0iKHgnHUZGdCQEk/b1YHUYOcig1DPGsg3WeTX7L XL1M4DwqDvPz5QUQ+U+VHuNOUzgxfcjhHsjJj2qorVZ/T5x4k3U960CMJ11eOVNC meD/+c6a2FfLZJG0sJ/kIZ9HUkY/dvXDInOJaalQc1mYjkvfcPsSzas4ddiXiDyc QcKX+HAXIdmT7bjq5+JS6yspnBvIZC55tB7ci2axTjwpkdzJBZIkCoBlWsDXNwyq s70Lo3H9dcaNt4ubz5OMVIvJHFMCEtIGS83WpXEABRG0J3ZhbiBIYXVzZXIgLyBU SEMgPHZoQHJlcHRpbGUucnVnLmFjLmJlPokAlQMFEDVE0D7Kb9wCOxiMfQEBvpAD /3UCDgJs1CNg/zpLhRuUBlYsZ1kimb9cbB/ufL1I4lYM5WMyw+YfGN0p02oY4pVn CQN6ca5OsqeXHWfn7LxBT3lXEPCckd+vb9LPPCzuDPS/zYnOkUXgUQdPo69B04dl C9C1YXcZjplYso2q3NYnuc0lu7WVD0qT52snNUDkd19ciQEVAwUQNUTQDhLSBkvN 1qVxAQGRTwgA05OmurXHVByFcvDaBRMhX6pKbTiVKh8HdJa8IdvuqHOcYFZ2L+xZ PAQy2WCqeakvss9Xn9I28/PQZ+6TmqWUmG0qgxe5MwkaXWxszKwRsQ8hH+bcppsZ 2/Q3BxSfPege4PPwFWsajnymsnmhdVvvrt69grzJDm+iMK0WR33+RvtgjUj+i22X lpt5hLHufDatQzukMu4R84M1tbGnUCNF0wICrU4U503yCA4DT/1eMoDXI0BQXmM/ Ygk9bO2Icy+lw1WPodrWmg4TJhdIgxuYlNLIu6TyqDYxjA/c525cBbdqwoE+YvUI o7CN/bJN0bKg1Y/BMTHEK3mpRLLWxVMRYw== =MdzX -----END PGP PUBLIC KEY BLOCK-----

  • 用Python做科学计算

    软件包的安装和介绍 安装软件包 函数库介绍 NumPy-快速处理数据 ndarray对象 ufunc运算 矩阵运算 文件存取 SciPy-数值计算库 最小二乘拟合 函数最小值 非线性方程组求解 B-Spline样条曲线 数值积分 解常微分方程组 滤波器设计 用Weave嵌入C语言 SymPy-符号运算好帮手 封面上的经典公式 球体体积 matplotlib-绘制精美的图表 快速绘图 绘制多轴图 配置文件 Artist对象 Traits-为Python添加类型定义 背景 Traits是什么 动态添加Trait属性 Property属性 Trait属性监听 TraitsUI-轻松制作用户界面 缺省界面 自定义界面 配置视图 Chaco-交互式图表 面向脚本绘图 面向应用绘图 TVTK-三维可视化数据 TVTK使用简介 TVTK的改进 Mayavi-更方便的可视化 用mlab快速绘图 Mayavi应用程序 将Mayavi嵌入到界面中 Visual-制作3D演示动画 场景、物体和照相机 简单动画 盒子中反弹的球 OpenCV-图像处理和计算机视觉 读写图像和视频文件

  • pyloris-3.2-win32

    Using HTTPLoris is simple. In its most basic form, HTTPLoris merely needs a copy of Python 2.6. On a Linux machine, one must simply invoke the script in a terminal, stating a site to test: motoma@rocksalt:/home/motoma$ python pyloris-3.0.py motomastyle.com On Mac OS X, one invokes PyLoris the same way. Using the Terminal Application: hotdog:/Users/Motoma/ motoma$ python pyloris-3.0.py motomastyle.com Using HTTPLoris in Windows is a little different. One will need to know the location of the Python installation, and be in the proper directory. Load up a command prompt: C:\Users\Motoma\Desktop\pyloris-3.0>C:\Python26\python.exe pyloris-3.0.py motomastyle.com Advanced Options Invoking HTTPLoris by using the commands above start a limited to 500 connections across 50 threads, each sending at 1 byte/second and waiting until the connection is forced shut by the server. While this behavior will bog down an Apache server with the default settings, it is not a very thorough test. The following are some additionall options that will allow one to customize the way HTTPLoris works: -a, --attacklimit The --attacklimit flag restricts the number of total connections (current + completed) during a single session. Set this to zero to specify no limit. -c, --connectionlimit Adjusting the --connectionlimit flag can drastically change how well HTTPLoris performs. The --connectionlimit flag directly controls the number of concurrent connections held during the session. In a base Apache environment, when this number is above the MaxClients setting, the server is unresponsive. -t, --threadlimit This is the number of attacker threads run during the session. -b, --connectionspeed This is the connection speed for each individual connection in bytes/second. Comparing this with the lenght of the request, and you should have an accurate guess of how long each connection should linger. -f, --finish Specifying the --finish flag will cause HTTPLoris to finish and close connections upon the completion of the request. This will prompt servers to send full responses to the HTTP requests that are made. -k --keepalive Using the --keepalive flag will add the Connection: Keep-Alive header to the HTTP request. On vulnerable servers, this will increase the duration of connections considerably. -p, --port HTTPLoris will connect on port 80 by default. Specifying the --port flag will change this behavior. -P, --page By default, HTTPLoris will make HTTP requests for "/". Setting the --page flag will allow one to control the page that HTTPLoris requests. -q, --quit Terminate the connection without receiving reply from the server. This will reduce the effectivenes as connections will terminate as soon as the full request buffer has been sent. -r, --requesttype Setting the --requesttype flag will change the HTTP method used. Available options are GET, HEAD, POST, PUT, DELETE, OPTIONS, and TRACE. Certain proxies and load balancers will filter out certain types of requests, and hold them until the requests are complete. POST requests are commonly passed through due to their potential for large sizes, therefore this may cause different behavior. -R, --referer Adds a referring URL to the HTTP request. -s, --Size The --size flag allows one to increase the size of the request made. Increasing the size will in turn increase the duration of connections, leading to a longer sustained test. In situations where servers or firewalls are set to terminate unfinished connections, this can extend the length of the test drastically. This can also be used to test a web server's capability to handle multiple large requests and benchmark memory usage. The additional data is filled in the Cookie-Data field. -u, --useragent By default, HTTPLoris advertizes itself in the User-Agent header. The --useragent flag allows one to override this and masquerade as other web browsers. Useful because some sites will render different pages for different web browsers. -z, --gzip Specifying the --gzip flag will allow instruct PyLoris to send an "Accept-Encoding: gzip" header. When combined with the --quit and --finish flags, this can test for the CEV-2009-1891 DoS vulnerability (http://www.mail-archive.com/dev@httpd.apache.org/msg44323.html). Also leads to larger CPU usage and smaller bandwidth usage. -w, --timebetweenthreads Setting the --timebetweenthreads flag will adjust the amount of time between threads spawning. Adjusting this in conjunction with the --threadlimit will change the CPU load on your local machine. -W, --timebetweenconnections Setting the --timebetweenconnections flag will adjust the amount of time between socket connections. This will directly affect how quickly the target's connection limit is reached. Proxy Options HTTPLoris is able to connect through SOCKS4, SOCKS5, and HTTP proxies. This allows HTTPLoris to run through SSH tunnels, as well as TOR. Utilizing TOR should essentially eliminate the mitigating effects of ipchains, mod_antiloris, and mod_noloris. --socksversion Setting the --socksversion flag tells HTTPLoris to connect through a SOCKS proxy. Allowed values are SOCKS4, SOCKS5, and HTTP. --sockshost Set the --sockshost flag to the address of the SOCKS proxy when --socksversion is set. If this is not set, HTTPLoris will default to --socksport Set the --socksport flag to the port number of the SOCKS proxy when --socksversion is set. --socksuser and --sockspass Optionally, one may set a username and password for the SOCKS proxy using these two flags.

  • 灰帽Python-黑客和逆向工程的Python编程(中文)


  • PHP Fuzzing行动——源码审计

    目录: Section 1: 20种PHP源码快速审计方式 Section 2: PHP源码审计自动化( PHP Fuzzer ) 风险级别: ■ Low ■ Medium ■ High

  • 类似IE的VC编写浏览器


关注 私信