WangYihang/pickle-pickle

Stars
5
Rank 2,861,937 (Top 57 %)
Language
Python
Created about 5 years ago
Updated about 5 years ago

WangYihang/pickle-pickle

WangYihang

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A arbitary python code executer via python pickle

Pickle-Pickle

A arbitrary python code executer via python pickle

Usage

# cat evil.py
#!/usr/bin/env python
# encoding:utf-8

class Exploit():
    def __init__(self, command):
        self.command = command
    
    def run(self):
        import os
        return os.system(self.command)

print(Exploit("whoami").run())

# python pickle-pickle.py
Usage:
        python ./pickle-pickle.py [FILENAME]

# python pickle-pickle.py evil.py
root

Restriction

Only tested on Python 3.7.4

Reference

Platypus

🔨 A modern multiple reverse shell sessions manager written in go

GitHacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

Webshell-Sniper

🔨 Manage your website via terminal

SourceLeakHacker

🐛 A multi threads web application source leak scanner

ccupp

基于社会工程学的弱口令密码字典生成工具

UsbKeyboardDataHacker

USB键盘流量包取证工具 , 用于恢复用户的击键信息

Reverse-Shell-Manager

🔨 A multiple reverse shell session/client manager via terminal

USB-Mouse-Pcap-Visualizer

USB mouse traffic packet forensic tool, mainly used to draw mouse movements and dragging trajectories

Exploit-Framework

🔥 An Exploit framework for Web Vulnerabilities written in Python

Apache-HTTP-Server-Module-Backdoor

👺 A Simple Backdoor For Apache HTTP Server

MIT-6.031-Readings-zh-cn

麻省理工大学-18年春季学期-软件构造(6.031)课程阅读中文版

awesome-web-security

📓 Some notes and impressive articles of Web Security

Codiad-Remote-Code-Execute-Exploit

A simple exploit to execute system command on codiad

Find-PHP-Vulnerabilities

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

PwnMe

二进制渗透题目汇总

IdiomsSolitaire

sqli-labs

WriteUp of sqli-labs (GitBook : https://www.gitbook.com/book/wangyihang/sqli-labs/details)

12306

12306网站抢票Python脚本

WebShellCracker

WebShell密码爆破工具

LinuxShellScript

LinuxShell编程笔记

SQL-Hacker

简单SQL注入工具

XorShellcode

Shellcode异或加密工具

Subdomain-Crawler

A program for collecting subdomains of a list of given second-level domains (SLD)

ShellcodeSpider

Shellcode Spider of Exploit-DB

HIT-Courses-Calendar

哈尔滨工业大学教务处课表Excel转换iCal脚本

gojob

Go(od) Job is a simple job scheduler that supports task retries, logging, and task sharding.

Proxy-Verifier

A set of tools designed to efficiently and effectively locate publicly available proxy server resources.

PPT-Generator

Generate PPT via a simple summary

tplayer

一个Linux终端播放器 , 使用字符绘制图片/视频 , 并按照帧率播放

Presentations

t3sec-network-flow-analysis

acw-sc-v2.js

`acw_sc__v2` cookie generator

Docker-Container-Exposer

Expose docker containers to public network

CrackMe

Platypus-Python

SimpleEncrypter

简单shellcode加密工具(存在 0 字节)

Markdown-URL-to-Title

DBLP-Spider

A spider tool for downloading the DBLP search results into local BibTeX files.

MovieSearcher

电影资源搜索工具

Image-LSB-Stego

http-grab

tranco-go-package

acw-sc-v2-py

Python requests.HTTPAdapter for `acw_sc__v2`

dns-grab

PrintableShellcodeCreator

可打印shellcode生成工具

DBAPPSecurity-Unified-Security-Management-Python-Connector

Python Connector for DBAPPSecurity Unified Security Management | 明御®运维审计与风险控制系统（堡垒机）

bgphenet

acw-sc-v2-go

ModifyHeadersForChrome

ModifyHeadersForChrome

ProcessInjector

JBrowserWithPulgins

Java实现的一个简单的Web浏览器 , 提供了插件功能 , 目前插件有下载地址分析器