Using python 3.5, I got a ssl.SSLErroe CERTIFICATE_VERIFY_FAILED after pressing 2 on command line.

Adding the following to imports fixed this problem:

import os, sys import urllib.request

import ssl import io import bs4 as bs

try: _create_unverified_https_context = ssl._create_unverified_context except AttributeError: # Legacy Python that doesn't verify HTTPS certificates by default pass else: # Handle target environment that doesn't support HTTPS verification ssl._create_default_https_context = _create_unverified_https_context

u0_a336@localhost  ~/Passhunt   master  python3 passhunt.py

Traceback (most recent call last):
  File "/data/data/com.termux/files/home/Passhunt/passhunt.py", line 13, in <module>
    import bs4 as bs
ModuleNotFoundError: No module named 'bs4'

On Kali, pip3 isn't installed by default. The person would need to first do an "apt-get install python3-pip". Additionally, there would be an error saying the following:

Traceback (most recent call last): File "passhunt.py", line 11, in import urllib.request ImportError: No module named request

The person would need to run "python3 passhunt.py"

Getting

python passhunt.py Traceback (most recent call last): File "passhunt.py", line 11, in <module> import urllib.request ImportError: No module named request

Would you please check? Thanks!

Updated the #! to call python3 via modified environment env. This should fix issue #4 in distros where python3 is not the default.

Side note: I should get used to github's UI. :/

We discovered a malicious backdoor in the project's dependencies, affected versions are 9a063f84e4ef9e1f067e5e9107c53ff1756aae68~54eb987d30ead2b8ebbf1f0b880aa14249323867. Its malicious backdoor is the request package, the requirements.txt file has a dependency request.

Even if the request has been deleted by PyPI, many mirror sites have not completely deleted this package, so it can still be installed. For example: https://mirrors.neusoft.edu.cn/pypi/web/simple/request/

Using such a mirror site to download and install this item will be vulnerable.

Analysis of malicious function of request package: 1.Remote download of malicious code When the request package is installed, the setup.py file in the package will be actively executed. The setup.py file contains the logic for the attacker to remotely download and execute malicious code. At the same time, the C2 domain name is encoded and obfuscated. The decrypted C2 address is: https://dexy.top/request/check.so. 2.Release the remote control Trojan and persist it The malicious code loaded remotely during the installation of the request package includes two functions: Release the remote control Trojan to the .uds folder of the current user's HOME directory. The Trojan name is _err.log (for example, /root/.uds/_err.log). The content of the _err.log remote control Trojan script is encoded and compressed by base64, which reduces the size and enhances the confrontation. Implant malicious backdoor commands in .bashrc to achieve persistence 3.Issue stealing instructions The attacker issues python secret stealing instructions through the remote control Trojan to steal sensitive information (coinbase account secret) After decrypting the stealing instruction, the function is to request the C2 service: http://dexy.top/x.pyx, and remotely load the stealing Trojan. Some of the functions of the remotely loaded secret stealing Trojan are shown below, which are used to steal browser cookies, coinbase accounts and passwords, etc.

Repair suggestion: replace request in requirements.txt with requests

Hi!

Currently source of credentials is CIRT.net.

I create a database of credentials larger than a CIRT.net called Many passwords. I think it would be a good idea to replace CIRT.net with Many passwords. This provides more default credentials, provides the possibility of creating an offline version of the program (using the csv file). We can also convert csv file to json to easiest entries parse.

What do you think about this idea?

SyntaxError: Missing parentheses in call to 'print' Error in sys.excepthook: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 63, in apport_excepthook from apport.fileutils import likely_packaged, get_recent_crashes File "/usr/lib/python3/dist-packages/apport/init.py", line 5, in from apport.report import Report File "/usr/lib/python3/dist-packages/apport/report.py", line 21, in from urllib.request import urlopen File "/usr/lib/python3.5/urllib/request.py", line 88, in import http.client File "/usr/lib/python3.5/http/client.py", line 1217, in import ssl File "/tmp/pip-build-houdmkwo/ssl/ssl/init.py", line 140 except SSLError, x: ^ SyntaxError: invalid syntax

Original exception was:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/tmp/pip-build-houdmkwo/ssl/setup.py", line 33
    print 'looking for', f
                      ^
SyntaxError: Missing parentheses in call to 'print'