Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

Overview

Dlint

Build Status Build Status Coverage Status Python Versions PyPI Version

Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

The most important thing I have done as a programmer in recent years is to aggressively pursue static code analysis. Even more valuable than the hundreds of serious bugs I have prevented with it is the change in mindset about the way I view software reliability and code quality.

For a static analysis project to succeed, developers must feel they benefit from and enjoy using it.

For documentation and a list of rules see docs.

Installing

$ python -m pip install dlint

Specify python2 or python3 to install for a specific Python version.

And double check that it was installed correctly:

$ python -m flake8 -h
Usage: flake8 [options] file file ...

...

Installed plugins: dlint: 0.11.0, mccabe: 0.5.3, pycodestyle: 2.2.0, pyflakes: 1.3.0

Note the dlint: 0.11.0.

Using

Dlint builds on flake8 to perform its linting. This provides many useful features without re-inventing the wheel.

CLI

Let's run a simple check:

$ cat << EOF > test.py
print("TEST1")
exec('print("TEST2")')
EOF
$ python test.py
TEST1
TEST2
$ python -m flake8 --select=DUO test.py
test.py:2:1: DUO105 use of "exec" is insecure

The --select=DUO flag tells flake8 to only run Dlint lint rules.

From here, we can easily run Dlint against a directory of Python code:

$ python -m flake8 --select=DUO /path/to/code

To fine-tune your linting, check out the flake8 help:

$ python -m flake8 --help

Inline Editor

Dlint results can also be included inline in your editor for fast feedback. This typically requires an editor plugin or extension. Here are some starting points for common editors:

Integrating

Dlint can easily be integrated into CI pipelines, or anything really.

For more information and examples see 'How can I integrate Dlint into XYZ?'.

Custom Plugins

Dlint's custom plugins are built on a simple naming convention, and rely on Python modules. To make a Dlint custom plugin use the following conventions:

  • The Python module name must start with dlint_plugin_.
  • The linter class name must start with Dlint.
  • The linter class should inherit from dlint.linters.base.BaseLinter.
    • If for some reason you'd like to avoid this, then you must implement the get_results function appropriately and inherit from ast.NodeVisitor.

See an example plugin for further details.

Developing

First, install development packages:

$ python -m pip install -r requirements.txt
$ python -m pip install -r requirements-dev.txt
$ python -m pip install -e .

Testing

$ pytest

Linting

$ flake8

Coverage

$ pytest --cov

Benchmarking

$ pytest -k test_benchmark_run --benchmark-py-file /path/to/file.py tests/test_benchmark/

Or get benchmark results for linters individually:

$ pytest -k test_benchmark_individual --benchmark-py-file /path/to/file.py tests/test_benchmark/

Or run against a single linter:

$ pytest -k test_benchmark_individual[DUO138-BadReCatastrophicUseLinter] --benchmark-py-file /path/to/file.py tests/test_benchmark/
Issues
  • only trigger DUO116 when shell=True

    only trigger DUO116 when shell=True

    Using shell=False, to make sure default arguments are set, would trigger DUO116:subprocess module with shell=True

    This PR allows shell=False.

    $ cat -n /tmp/shell.py 
         1  #!/usr/bin/python3
         2  
         3  import subprocess
         4  
         5  command = "/bin/echo"
         6  
         7  subprocess.call(command, shell=False)
         8  subprocess.call(command, shell=True)
         9  subprocess.call(command, shell=False)
    $ python3 -m flake8 /tmp/shell.py 
    /tmp/shell.py:3:1: S404 Consider possible security implications associated with subprocess module.
    /tmp/shell.py:7:1: S603 subprocess call - check for execution of untrusted input.
    /tmp/shell.py:8:1: DUO116 use of "shell=True" is insecure in "subprocess" module
    /tmp/shell.py:8:1: S602 subprocess call with shell=True identified, security issue.
    /tmp/shell.py:9:1: S603 subprocess call - check for execution of untrusted input.
    $ python3 -m flake8 -h
    [...]
    Installed plugins: dlint: 0.10.3, flake8-bandit: 2.1.2, flake8-bugbear:
    20.1.4, flake8-darglint: 1.5.5, flake8-executable: 2.0.4, flake8_deprecated:
    1.2, mccabe: 0.6.1, naming: 0.11.1, pycodestyle: 2.6.0, pyflakes: 2.2.0,
    radon: 4.3.2
    

    Signed-off-by: Thomas Sjögren [email protected]

    opened by konstruktoid 7
  • Support flake8 v4

    Support flake8 v4

    Fixes #36

    opened by wwuck 6
  • DUO121: Why is tempfile.mkstemp (with

    DUO121: Why is tempfile.mkstemp (with "s") being avoided?

    Hi!

    Section Correct code at https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO121.md#correct-code seems overly complicated to me. Could you elaborate why tempfile.mkstemp is being avoided?

    Thanks and best, Sebastian

    opened by hartwork 4
  • os.EX_OK not available on Windows

    os.EX_OK not available on Windows

    FYI: os.EX_OK isn't available on Windows and fails when running flake8 --print-dlint-linters

    Not sure what the appropriate substitute is, but I'd be happy to test any changes

    https://github.com/dlint-py/dlint/blob/828a156eead73e4140ddc6925ff85bf65424fabb/dlint/extension.py#L46

    opened by KyleKing 1
  • DUO121.md: Improve (fixes #21)

    DUO121.md: Improve (fixes #21)

    Fixes #21

    CC @mschwager

    opened by hartwork 1
  • DUO107 whitelist from xml.etree.ElementTree import Element, SubElement

    DUO107 whitelist from xml.etree.ElementTree import Element, SubElement

    defusedxml is not capable of creating Element or SubElement

    Whitelisting in bad_xml_use.py

    @property
        def whitelisted_modules(self):
            return [
                'xml.sax.saxutils',
                'xml.etree.ElementTree.Element',
                'xml.etree.ElementTree.SubElement',
            ]
    

    would help solve this.

    A work around could then be used as follows:

    from xml.etree.ElementTree import Element, SubElement
    
    import defusedxml.ElementTree as ET
    
    ET.Element = _ElementType = Element
    ET.SubElement = SubElement
    

    Note that we still disallow

    from xml.etree.ElementTree import parse
    
    opened by hm34306 1
  • Add Python 3.9 support

    Add Python 3.9 support

    opened by mschwager 1
  • Relationship to bandit

    Relationship to bandit

    What is the relationship between dlint and bandit?

    What I can see:

    • dlint is a flake8 plugin while bandit is a project of its own (there is flake8-bandit, though)
    • bandit is part of PyCQA which includes also flake8 and flake8-bugbear
    • bandit has 2700 GitHub stars, dlint has 45

    Could somebody maybe point out reasons to use one or the other? Do you maybe use both together? Is there an overlap between the communities?

    opened by MartinThoma 1
  • Support flake8>=4

    Support flake8>=4

    Please upgrade dlint to support flake8>=4. There doesn't appear to be any breaking changes that will affect dlint.

    https://flake8.pycqa.org/en/latest/release-notes/4.0.0.html#backwards-incompatible-changes

    opened by wwuck 1
  • Create a community Github Action for Dlint

    Create a community Github Action for Dlint

    Similar to these community actions: https://github.com/sdras/awesome-actions

    We should build an action for Dlint. Bonus points for running Dlint against Dlint :)

    opened by mschwager 1
  • Publish sources on PyPi

    Publish sources on PyPi

    Installing the package using pip with the --no-binary flag fails, because no sdist is available on PyPi

    $ python -m pip install dlint --no-binary :all:
    ERROR: Could not find a version that satisfies the requirement dlint (from versions: none)
    ERROR: No matching distribution found for dlint
    
    opened by bramhaag 0
  • redos detection misses issues if the regex is provided via a variable

    redos detection misses issues if the regex is provided via a variable

    dlint detects redos issues only if the regex is hardcoded into the place where the re function is called. If the regex is stored in a constant, it doesn't catch it.

    For example, this code would be flagged:

        text = re.sub(r"""(?i)\b((?:https?:(?:/{1,3}|[a-z0-9%])|[a-z0-9.\-]+[.](?:com|net|org|edu|gov|mil|aero|asia|biz|cat|coop|info|int|jobs|mobi|museum|name|post|pro|tel|travel|xxx|ac|ad|ae|af|ag|ai|al|am|an|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cs|cu|cv|cx|cy|cz|dd|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|Ja|sk|sl|sm|sn|so|sr|ss|st|su|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)/)(?:[^\s()<>{}\[\]]+|\([^\s()]*?\([^\s()]+\)[^\s()]*?\)|\([^\s]+?\))+(?:\([^\s()]*?\([^\s()]+\)[^\s()]*?\)|\([^\s]+?\)|[^\s`!()\[\]{};:\'\'.,<>?«»“”‘’])|(?:(?<[email protected])[a-z0-9]+(?:[.\-][a-z0-9]+)*[.](?:com|net|org|edu|gov|mil|aero|asia|biz|cat|coop|info|int|jobs|mobi|museum|name|post|pro|tel|travel|xxx|ac|ad|ae|af|ag|ai|al|am|an|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cs|cu|cv|cx|cy|cz|dd|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|Ja|sk|sl|sm|sn|so|sr|ss|st|su|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)\b/?([email protected])))""", "", text)
    

    But this would not:

    URL_REGEX = r"""(?i)\b((?:https?:(?:/{1,3}|[a-z0-9%])|[a-z0-9.\-]+[.](?:com|net|org|edu|gov|mil|aero|asia|biz|cat|coop|info|int|jobs|mobi|museum|name|post|pro|tel|travel|xxx|ac|ad|ae|af|ag|ai|al|am|an|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cs|cu|cv|cx|cy|cz|dd|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|Ja|sk|sl|sm|sn|so|sr|ss|st|su|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)/)(?:[^\s()<>{}\[\]]+|\([^\s()]*?\([^\s()]+\)[^\s()]*?\)|\([^\s]+?\))+(?:\([^\s()]*?\([^\s()]+\)[^\s()]*?\)|\([^\s]+?\)|[^\s`!()\[\]{};:\'\'.,<>?«»“”‘’])|(?:(?<[email protected])[a-z0-9]+(?:[.\-][a-z0-9]+)*[.](?:com|net|org|edu|gov|mil|aero|asia|biz|cat|coop|info|int|jobs|mobi|museum|name|post|pro|tel|travel|xxx|ac|ad|ae|af|ag|ai|al|am|an|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cs|cu|cv|cx|cy|cz|dd|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|Ja|sk|sl|sm|sn|so|sr|ss|st|su|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)\b/?([email protected])))"""  # noqa E501
    
    text = re.sub(URL_REGEX, "", text)
    

    In the original code where I discovered this, URL_REGEX was defined in a different module, then imported. It would be great to handle this as well (i.e.. the regex is in a variable in the same or in a different module than the re. call).

    opened by barrywhart 1
  • Add linter for insecure JWT usage in pyjwt

    Add linter for insecure JWT usage in pyjwt

    TODO: find all insecure example usage

    https://github.com/jpadilla/pyjwt

    opened by mschwager 0
  • Add linter for insecure JWT usage in python-jose

    Add linter for insecure JWT usage in python-jose

    TODO: find all examples of insecure usage

    https://github.com/mpdavis/python-jose

    opened by mschwager 0
  • Add linter for broken function level authorization

    Add linter for broken function level authorization

    Per the OWASP API Security Top 10, broken function level authorization is a big security concern. Adding a linter to detect this would be very useful. Most Python web application frameworks use decorators on function-level API routes (e.g. rest_framework.decorators.api_view in Django REST framework, flask_login.login_required in Flask-Login).

    One way I can envision implementing this would be looking for decorator anomalies in Python files that look like they contain API routes. E.g.

    @api.route("/users")
    @login_required
    def users(request):
        ...
    
    @api.route("/groups")
    @login_required
    def groups(request):
        ...
    
    @api.route("/settings")
    def settings(request):
        # Oops, did we forget @login_required?
        ...
    
    @api.route("/jobs")
    @login_required
    def jobs(request):
        ...
    

    If XX% of API routes in a file are missing what looks like an authentication decorator, we can flag the function missing the decorator. Another common one for authorization might look something like:

    @app.route("/users", roles=[User.Admin])
    def users(request):
        ...
    
    @api.route("/groups", roles=[User.Admin])
    def groups(request):
        ...
    
    @api.route("/settings", roles=[User.Regular])
    def settings(request):
        # Oops, can all users access this sensitive endpoint?
        ...
    

    This may seem trivial, but it gets more difficult as you have many different authentication methods, authorization schemes, and user roles.

    This will probably involve some of the following:

    • Looking for common API route decorators and systems used by major Python web frameworks.
    • Using this information to determine if we're in a API route module.
    • Determining what "unusual" looks like in this case (e.g. missing login_required).
    • Performing heuristics, possibly with a configurable threshold, to make the judgement whether a finding is in fact unusual.

    There's also some low-hanging fruit here, like just searching for existing "security-off" switches for web framework routes, like:

    • django.views.decorators.csrf.csrf_exempt
    • flask_wtf.csrf.exempt
    • rest_framework.permissions.AllowAny or permission_classes = []
    • Likely many more in well-known third-party packages...
    opened by mschwager 0
  • Add linter for XML calls allowing external entities (including DTD)

    Add linter for XML calls allowing external entities (including DTD)

    Per the Python documentation:

    Changed in version 3.7.1: The SAX parser no longer processes general external entities by default to increase security. Before, the parser created network connections to fetch remote files or loaded local files from the file system for DTD and entities. The feature can be enabled again with method setFeature() on the parser object and argument feature_external_ges.

    We should look for explicit enabling of the following features:

    Enabling these features allows for XML XXE including DTD retrieval. We should detect usage of these features.

    opened by mschwager 0
  • Whitelist yaml detection when using SafeLoader

    Whitelist yaml detection when using SafeLoader

    The following pyyaml calls should be safe:

    yaml.load(..., Loader=yaml.SafeLoader)
    yaml.load(..., Loader=yaml.CSafeLoader)
    

    I believe this is equivalent to using safe_load, but I've encountered a few false positives in the wild using this code.

    opened by mschwager 0
  • Add 'Dlint verbose' mode as a flake8 formatter option

    Add 'Dlint verbose' mode as a flake8 formatter option

    Flake8 allows for custom formatters: Developing a Formatting Plugin for Flake8.

    I think there's value in having an output mode where things are very dense, and there's one finding per line. This is the current formatter for flake8. It'd also be great if there was a verbose, multi-line mode that included additional information. E.g. the physical line that fired the rule and/or some amount of surrounding lines, a link to the rule's documentation, suggestions for a fix, etc.

    I'm envisioning that we develop a flake8 custom formatter that keys off a rule's code and "pretty prints" some or all of the above information to the output buffer.

    opened by mschwager 0
  • Add cache_info to benchmarking information in dlint.namespace

    Add cache_info to benchmarking information in dlint.namespace

    functools.lru_cache was recently added to dlint.namespace which provided a great speed up. We should output functools.lru_cache.cache_info information when benchmarking.

    We should be able to:

    • Run the benchmarking code over a Python file
    • Output linter.namespace.illegal_module_imported.cache_info
    • Output linter.namespace.name_imported.cache_info
    • Consider caching asname_to_name as well

    Outputting cache_info will tell us if we're efficiently caching information, and can allow for greater profiling and speed ups.

    opened by mschwager 0
  • False positive in redos detection when re.DOTALL missing

    False positive in redos detection when re.DOTALL missing

    The following expression doesn't ReDoS, but Dlint detects it:

    re.search(r'(\n.*)+a', '\n' * 64 + 'b')
    

    However, this expression does ReDoS:

    re.search(r'(\n.*)+a', '\n' * 64 + 'b', re.DOTALL)
    

    Fixing this requires a large amount of work for little gain in reducing false positives. The first example doesn't seem very common. We don't currently analyze the flags passed to re functions, so adding this functionality would take considerable work.

    opened by mschwager 0
Owner
Dlint
Dlint Python static analysis and related projects.
Dlint
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

neeraj 1 Jan 12, 2022
A web-app helping to create strong passwords that are easy to remember.

This is a simple Web-App that demonstrates a method of creating strong passwords that are still easy to remember. It also provides time estimates how long it would take an attacker to crack a password using the zxcvbn library developed by Dropbox.

null 2 Jun 4, 2021
PwdGen is a Python Tkinter tool for generating secure 16 digit passwords.

PwdGen ( Password Generator ) is a Python Tkinter tool for generating secure 16 digit passwords. Installation Simply install requirements pip install

zJairO 4 Nov 16, 2021
This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way

Cryptographied Password Manager This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way without using external Service

Francesco 2 Jan 12, 2022
This collection of tools that makes it easy to secure and/or obfuscate messages, files, and data.

Scrambler App This collection of tools that makes it easy to secure and/or obfuscate messages, files, and data. It leverages encryption tools such as

Mystic 1 Jan 7, 2022
Python program that generates secure passwords.

Python program that generates secure passwords. The user has the option to select the length of the password, amount of passwords,

null 4 Dec 7, 2021
A secure password generator written in python

gruvbox-factory ?? "The main focus when developing gruvbox is to keep colors easily distinguishable, contrast enough and still pleasant for the eyes"

Paulo Pacitti 237 Jan 7, 2022
Create a secure tunnel from a custom domain to localhost using Fly and WireGuard.

Fly Dev Tunnel Developers commonly use apps like ngrok, localtunnel, or cloudflared to expose a local web service at a publicly-accessible URL. This i

null 167 Jan 10, 2022
Delta Sharing: An Open Protocol for Secure Data Sharing

Delta Sharing: An Open Protocol for Secure Data Sharing Delta Sharing is an open protocol for secure real-time exchange of large datasets, which enabl

Delta Lake 309 Jan 12, 2022
Statistical Random Number Generator Attack Against The Kirchhoff-law-johnson-noise (Kljn) Secure Key Exchange Protocol

Statistical Random Number Generator Attack Against The Kirchhoff-law-johnson-noise (Kljn) Secure Key Exchange Protocol

zeze 1 Jan 13, 2022
The best OSINT pentesting tool, to scan mass ip ranges and brute force admin logins.

Routerscan The best OSINT pentesting tool, to scan mass ip ranges and brute force admin logins. i need all the help i can get with this, i'm not very

Nano 5 Dec 11, 2021
The best Python Backdoor👌

Backdoor The best Python Backdoor Files Server file is used in all of cases If client is Windows, the client need execute EXE file If client is Linux,

null 6 Jan 8, 2022
Pgen is the best brute force password generator and it is improved from the cupp.py

pgen Pgen is the best brute force password generator and it is improved from the cupp.py The pgen tool is dedicated to Leonardo da Vinci -Time stays l

heyheykids 1 Jan 16, 2022
labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface

labsecurity labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface. Warning

Dylan Meca 11 Jan 2, 2022
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. ??

Cracker 95 Jan 18, 2022
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting.🎭

This is A Python & Bash Programming Based Termux-Tool Created By CRACKER911181. This Tool Created For Hacking and Pentesting. If You Use This Tool To Evil Purpose,The Owner Will Never be Responsible For That.

CRACKER911181 1 Jan 10, 2022
Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

Nano 108 Dec 4, 2021
Facebook account cloning/hacking advanced tool + dictionary attack added | Facebook automation tool

loggef Facebook automation tool, Facebook account hacking and cloning advanced tool + dictionary attack added Warning Use this tool for educational pu

Md Josif Khan 4 Jan 13, 2022
A tool to brute force a gmail account. Use this tool to crack multiple accounts

A tool to brute force a gmail account. Use this tool to crack multiple accounts. This tool is developed to crack multiple accounts

Saad 1 Jan 17, 2022