python - howto create a hidden executable
- Compile a python script to a single executable
- Hide the console window
- Execute hidden shell commands
1. subprocess.call() - execute a system command. Don`t use os.system()!
outofsight.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import subprocess
if __name__ == '__main__':
subprocess.call("md C:\\asdf", shell=True)
2. windows=[] - suppress opening the console window.
setup.py
from distutils.core import setup
import py2exe
setup(windows=["outofsight.py"],zipfile=None)
2. --bundle - build a single executable.
buildexe.bat
python setup.py py2exe --bundle 1
sex.py 2.0
Extract valid e-mail addresses from all kind of files. With sex.py you can extract a list of emails from a defaced text file or even scan recursively through a directory and all its content.
A scenario could be to download a website to your local hard-drive and use sex.py to harvest all email addresses. Once you have an output-file including some email addresses you can also use sex to verify the accounts. Works great with MetaGooFil! ;)
Highlights:
- Switch the search pattern to match valid email addresses
- Scan a single file or multiple files form a directory (including subdirectories)
- Sort the addresses of the output file
- Remove duplicated emails
- Change output mode
- exclude files by their extension
- verify email accounts
- python (tested with python 2.6.2)
- dnspython
- improved CLI
- -y verify email accounts
- -e exclude extensions
- various code improvements
- fancier output
You can set default values by editing the source file.
verbose = n
0 no output
1 print the email addresses e.g. if you want to pipe them
2 output email addresses, current file and grand total
sort = n
0 write email addresses to destination file as found
1 sort addresses in alphabetical order
remove_duplicates = n
0 capture all addresses
1 remove duplicated emails
exclude_ext = ["x","y",...]
x,y = file extensions you want to exclude
Usage:
sex.py [options] <source> <destination>
sex.py [-lqsr] [-e ext1,ext2] <source> <destination>
sex.py -y <file>
source: absolute path to a file or directory
destination: path to write the output file
file: output-file including a list of email addresses
Options:
-l display email addresses only
-q silent output mode
-s sort addresses in alphabetical order
-r remove duplicated emails
-e EXTENSION exclude files by extension
-y FILE verify emails from file
Example:
$ python metagoofil.py -d microsoft.com -l 20 -f all -o micro.html -t micro-files
...
[ 19/21 ] http://research.microsoft.com/pubs/79881/siggraph2008.ppt
[ 20/21 ] http://www.microsoft.com/hk/msdn/download/MSDN_011214.ppt
[ 21/21 ] http://research.microsoft.com/pubs/73115/wsdm09_dcm.ppt
[+] Process finished
$ python sex.py -sr -e xls micro-files/ addresses.txt
>> FILE: micro-files/03SecEnh.doc
>> FOUND: exchdocs@microsoft.com
>> FOUND: exchdocs@microsoft.com
>> FILE: micro-files/5176.cff.pdf
>> FILE: micro-files/advreport.doc
>> FILE: micro-files/Age_of_Mythology_Strategy_Sample_Chapter.pdf
!> EXCLUDE: micro-files/australia.xls
>> FILE: micro-files/Benchmarks.ppt
...
>> Extraced email addresses: 43
$ python sex.py -y addresses.txt
NSWish@microsoft.com,mail.messaging.microsoft.com,550,5.7.1 Service unavailable; Client host [86.32.184.116] blocked using Spamhaus PBL, mail from IP banned; To request removal from this list see http://www.spamhaus.org/lookup.lasso.
....
!> FAILED: 2.WV
....
$ äähhh i think they don`t like me
Download:
sex-2.0.1.tar.gz
yaev.py - yet another email verifier
Verify emails by checking the "RCPT TO" return code from the SMTP server.
Hints:
- The output is separated by commas, so you can easily import it to another application (e.g. MS Excel).
- Create an address list by using the Smashing Email eXtractor!
- Failed checks are added at the bottom (! <domain>)
- python (tested with python 2.6.2)
- dnspython
yaev.py <file>
file: absolute path to email-address list
Example:
$ cat addresses.txt
...
wolfgang.schaeuble@wk.bundestag.de
gm.schulz@gmail.com
jan.sipocz@gmail.com
brigitte.kopinits@gmail.com
r.buchmann@amag.at
annimarie.schaffer@gmail.com
iggy.popovic@gmail.com
erich.gabis@gmail.com
Kovacs.maria4@gmail.com
andreas.schimon@gmail.com
barbarajungreithmair@gmail.com
michael.gabis@gmail.com
$ ./yaev.py addresses.txt > checked_emails.txt
$ cat checked_emails.txt
...
wolfgang.schaeuble@wk.bundestag.de,mail1.dbtg.de,554,5.7.1 Service unavailable; Client host [83.187.177.131] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=83.187.177.131
gm.schulz@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 6si6034pxi.95
jan.sipocz@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 13si2013478pxi.35
brigitte.kopinits@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 27si2008921pxi.56
r.buchmann@amag.at,srxx0055.amag.at,503,5.0.0 Need MAIL before RCPT
annimarie.schaffer@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 35si2021257pxi.2
iggy.popovic@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 37si2019611pxi.5
erich.gabis@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 2si2010789pxi.52
Kovacs.maria4@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 42si2017013pxi.17
andreas.schimon@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 9si2018016pxi.13
barbarajungreithmair@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 40si2003494pxi.87
michael.gabis@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 37si2019846pxi.5
!gmx.de
Download:
yaev.py
exlex - passive host harvester
Highlights:
- Import existing IP list
- Check input for valid IP Address
- Timestamp when host was discovered
- Sniff in promiscuous mode
- Counter
exlex_win.py --help
Example:
exlex_win.py -i existing_ip_list.txt hosts_log.txt
Requirements:
- Windows Platform (tested on Windows XP SP3)
- python 2.6.x (tested on python 2.6.2)
1. Install py2exe
2. Create a setup.py:
from distutils.core import setup
import py2exe
setup(console=["exlex_win.py"],zipfile=None)
3. Build your executeable:
python setup.py py2exe --bundle 1
For more information on building an executable read the py2exe Tutorial.
Download:
exlex_win.py
sex.py
Extract valid e-mail addresses from all kind of files. With sex.py you can extract a list of emails from a defaced text file or even scan recursively through a directory and all its content. A scenario could be to download a website to your local hard-drive and use sex.py to harvest all email addresses.
Highlights:
- Switch the search pattern to match valid email addresses
- Scan a single file or multiple files form a directory (including subdirectories)
- Sort the addresses of the output file
- Except duplicates
- Change verbosity level
To configure Smashing Email eXtractor edit the variables in the source file.
verbose = n
0 no output
1 print the email addresses e.g. if you want to pipe them
2 output email addresses, current file and grand total
sort = n
0 write email addresses to destination file as found
1 sort addresses in alphabetical order
remove_duplicates = n
0 capture all addresses
1 remove duplicated emails
Usage:
sex.py <source> <destination>
source: absolute path to a file or directory
destination: path to write the output file
Example 1:
$ wget --mirror -p --restrict-file-names=windows --html-extension --convert-links -v http://www.wolfgang-schaeuble.de/
$ python sex.py www.wolfgang-schaeuble.de/ addresses.txt
>> File: www.wolfgang-schaeuble.de/Audioplayer/swfobject.js
...
>> File: www.wolfgang-schaeuble.de/fileadmin/user_upload/PDF/050625nordkurier.pdf
Margareta.Moertl@cducsu.de
...
>> Extraced email addresses: 10
$ cat addresses.txt
Bruno.Kahl@cducsu.de
Margareta.Moertl@cducsu.de
aki-108@gmx.de
forum@welt.de
heike.nieske@cducsu.de
poststelle@bmi.bund.de
sebastian.pieper@cducsu.de
wolfgang.schaeuble.ma02@bundestag.de
wolfgang.schaeuble@bundestag.de
wolfgang.schaeuble@wk.bundestag.de
Example 2:
$ python sex.py shitty_formatted_list.txt shiny_email_list.txt
Download:
sex.py
sad.py
Walk recursively the directory. Look for matching file extensions. Find and replace your strings.
Usage:
sad.py <find> <replace> <file_extension>
Example 1:
sad.py old_text new_text txt
Example 2:
sad.py "<iframe src=\"http://badboy.com" width=0 height=0 style=\"hidden\" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>" "" php
Download:
sad.py
regwalker.py
I wrote it because Inno Setup allows multiple applications to be installed to the same directory. When that happens, the first application's uninstaller is named unins000.exe, the second application's uninstaller is named unins001.exe, and so on. If you want to use a script to uninstall a application you can use regwalker to fetch the current UninstallString in the registry.
Usage:
regwalker.py <key> <subkey> <name>
Example:
regwalker.py HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall adobe UninstallString
This will return the UninstallStrings of every installed Adobe Product.
Requirements:
- Windows Platform (tested on Windows XP SP3)
- python (tested on python 2.6.1)
1. Install py2exe
2. Create a setup.py:
from distutils.core import setup
import py2exe
setup(console=["regwalker.py"],zipfile=None)
3. Build your executeable:
python setup.py py2exe --bundle 1
For more information on building an executable read the py2exe Tutorial.
Download:
regwalker.py
TorrentFreedom Client
Highlights:
- You do not need wget
- Proxy support
- You can use special characters in your password
- *nix platform
- python (MacOS/X Leopard comes with python 2.5.1 pre-installed)
- openvpn 2.1
TorrentFreedom-01.tar.gz
Python Code Examples
ActiveState Code - covers a lot various stuff
Vaults of Parnassus - categorized python resources
Darkc0de - scanner, fuzzer, exploits, brute forcer, logger,...
Packetstormsecurity - several python projects
R00tsecurity - security forum
pypi - Python Package Index
directory.google.com - Python Google Directory
