habu v0.0.70 released: Python Network Hacking Toolkit
Habu: Python Network Hacking Toolkit
I’m developing Habu to teach (and learn) some concepts about Python and Network Hacking.
These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing.
Most of them are related to networking, and the implementations are intended to be understandable for who wants to read the source code and learn from that.
Some techniques implemented in the current version are:
- ARP Poisoning
- ARP Sniffing
- DHCP Discover
- DHCP Starvation
- Land Attack
- SNMP Cracking
- SYN Flooding
- TCP Flags Analysis
- TCP ISN Analysis
- TCP Port Scan
- Web Technologies Identification
- new habu.asydns command
- new command: habu.virustotal
new command: habu.shodan (shodan api client)
$ pip3 install habu
habu.arpoison: ARP Poisoning
This command sends ARP ‘is-at’ packets to each victim, poisoning their ARP tables for sending the traffic to your system.
Note: If you want a full working Man In The Middle attack, you need to enable the packet forwarding on your operating system to act as a router. You can do that using:
habu.arpsniff: Discover devices on your LAN capturing ARP packets
This command listens for ARP packets and shows information about each device.
Columns: Seconds from last packet | IP | MAC | Vendor
habu.contest: Check your connection capabilities
This command tries to connect to various services and check if you can reach them using your internet connection.
habu.dhcp_discover: Discover DHCP servers
This command sends a DHCP request and shows what devices have replied. Using the ‘-v’ parameter (verbose) you can see all the options (like DNS servers) included in the responses.
habu.dhcp_starvation: Fill the DHCP leases
This command sends multiple DHCP requests from forged MAC addresses to fill the DHCP server leases. When all the available network addresses are assigned, the DHCP server doesn’t send responses. So, some attacks, like DHCP spoofing can be made.
habu.eicar: Prints the EICAR test string
This command prints the EICAR test string that can be used to test antimalware engines. More info: http://www.eicar.org/86-0-Intended-use.html
Copyright (c) 2018, Fabian Martinez Portantier
All rights reserved.