This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import ctypes | |
from pathlib import Path | |
shellcode = bytearray(Path("shellcode.bin").read_bytes()) | |
kernel32 = ctypes.windll.kernel32 | |
kernel32.VirtualAlloc.restype = ctypes.c_void_p | |
kernel32.RtlMoveMemory.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_size_t] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import xml.etree.ElementTree as ET | |
from ctypes import Structure, pointer, windll, wintypes | |
# https://learn.microsoft.com/en-us/windows/win32/api/guiddef/ns-guiddef-guid | |
class GUID(Structure): | |
_fields_ = [ | |
("Data1", wintypes.DWORD), | |
("Data2", wintypes.WORD), | |
("Data3", wintypes.WORD), | |
("Data4", wintypes.BYTE * 8), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Customized from https://github.com/prompt-toolkit/python-prompt-toolkit/blob/master/prompt_toolkit/widgets/base.py | |
from typing import Generic, Sequence, Tuple, TypeVar | |
from prompt_toolkit.application import get_app | |
from prompt_toolkit.filters import Condition | |
from prompt_toolkit.formatted_text import ( | |
AnyFormattedText, | |
StyleAndTextTuples, | |
to_formatted_text, | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Don't actually use this. Why would you use this? Seriously, don't use it, fam. | |
import inspect | |
from types import FunctionType | |
from typing import Callable | |
def param_inherit(inherited_func: Callable): | |
"""Allows function to inherit the parameters of another function""" | |
def decorator(func: Callable): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################## | |
## PyDefenderCheck - Python implementation of DefenderCheck | |
################################################## | |
## Author: daddycocoaman | |
## Based on: https://github.com/matterpreter/DefenderCheck | |
################################################## | |
import argparse | |
import enum |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import asyncio | |
import aiodns | |
import aiofiles | |
import aiohttp | |
from colorama import Fore | |
from dataclasses import field, dataclass | |
from pycares import ares_query_cname_result | |
from concurrent.futures import ThreadPoolExecutor | |
import sys | |
import re |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Opens 98 Windows! | |
Author: Daddycocoaman */ | |
import System.Windows.Forms | |
for i in range(0, 98): | |
MessageBox.Show("Windows ${i + 1}!", "MalWARE") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Pings all of your available networks and tells your net that you're snitching | |
Author: Daddycocoaman */ | |
import System | |
import System.Net.NetworkInformation | |
import System.Net | |
import System.Net.Sockets | |
import System.Text | |
BUFFER = ASCIIEncoding().GetBytes("IMSNITCHINGONALLYALLCAUSEMALWARE") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Creates a "uncloseable" form window with an ASCII cat. It's SO Cat! | |
Author: Daddycocoaman */ | |
import System.Windows.Forms | |
import System.Drawing | |
SOCAT = """ | |
|\__/,| (`\ | |
|o o |__ _) | |
_.( T ) ` / |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import sqlite3 | |
import olefile | |
import argparse | |
def parse_snt_file(file): | |
# https://www.tutorialspoint.com/python_digital_forensics/python_digital_forensics_important_artifacts_in_windows | |
if not olefile.isOleFile(file): | |
return "Invalid OLE file" | |