balsamic


Namebalsamic JSON
Version 0.2.94 PyPI version JSON
download
home_pageNone
SummarySend malicious pickles via requests or sockets
upload_time2024-06-12 05:05:08
maintainerNone
docs_urlNone
authorWitchdoctor (malectrica)
requires_pythonNone
licenseNone
keywords python hack pickle serialization security sockets web
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            
# Balsamic  
balsamic is a library for sending malicious pickles to a vunlerable application, via web requests, or a malicious server or client(currently ipv4 only).  
we will add more payloads but for now we just execute shell commands. via the oscmd payload.  
![image](https://github.com/malectricasoftware/balsamic/assets/107813117/c9e8138c-9f8f-4d68-b71c-331cf7a42343)

## useage (standalone)  
web request mode  
```
usage: balsamic.py webreq [-h] [-m METHOD] -u URL [-p PARAMETER] [-co COOKIE] -P PAYLOAD
                          [-c COMMAND] [-H HEADERS]

options:
  -h, --help            show this help message and exit
  -m METHOD, --method METHOD
  -u URL, --url URL
  -p PARAMETER, --parameter PARAMETER
  -co COOKIE, --cookie COOKIE
  -P PAYLOAD, --payload PAYLOAD
  -c COMMAND, --command COMMAND
  -H HEADERS, --headers HEADERS

```
socksend mode  
```
usage: balsamic.py socksend [-h] -rh RHOST -rp RPORT -P PAYLOAD [-c COMMAND] [-s STEPS] [-e]
                            [--ipv6]

options:
  -h, --help            show this help message and exit
  -rh RHOST, --rhost RHOST
  -rp RPORT, --rport RPORT
  -P PAYLOAD, --payload PAYLOAD
  -c COMMAND, --command COMMAND
  -s STEPS, --steps STEPS
  -e, --encode
  --ipv6                Use IPv6
```
socklisten mode
```
usage: balsamic.py socklisten [-h] -lp LPORT -P PAYLOAD [-c COMMAND] [-s STEPS] [-e] [--ipv6]

options:
  -h, --help            show this help message and exit
  -lp LPORT, --lport LPORT
  -P PAYLOAD, --payload PAYLOAD
  -c COMMAND, --command COMMAND
  -s STEPS, --steps STEPS
  -e, --encode
  --ipv6                Use IPv6
```

## useage (library)
```
from balsamic import balsamic
balsamic.utility.command="command"
balsamic.webreq("method", "url", "payload", "param", "cookie", custom_headers)
balsamic.socksend("rhost", rport, "payload", enc, steps, use_ipv6)
balsamic.socklisten(lport, "payload", enc, steps, use_ipv6)
```

            

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "balsamic",
    "maintainer": null,
    "docs_url": null,
    "requires_python": null,
    "maintainer_email": null,
    "keywords": "python, hack, pickle, serialization, security, sockets, web",
    "author": "Witchdoctor (malectrica)",
    "author_email": null,
    "download_url": "https://files.pythonhosted.org/packages/a7/c2/bcaf477b7917b7e63934a9b1cfc16514c5f28d6d1e4b9fd5a23638af222e/balsamic-0.2.94.tar.gz",
    "platform": null,
    "description": "\n# Balsamic  \nbalsamic is a library for sending malicious pickles to a vunlerable application, via web requests, or a malicious server or client(currently ipv4 only).  \nwe will add more payloads but for now we just execute shell commands. via the oscmd payload.  \n![image](https://github.com/malectricasoftware/balsamic/assets/107813117/c9e8138c-9f8f-4d68-b71c-331cf7a42343)\n\n## useage (standalone)  \nweb request mode  \n```\nusage: balsamic.py webreq [-h] [-m METHOD] -u URL [-p PARAMETER] [-co COOKIE] -P PAYLOAD\n                          [-c COMMAND] [-H HEADERS]\n\noptions:\n  -h, --help            show this help message and exit\n  -m METHOD, --method METHOD\n  -u URL, --url URL\n  -p PARAMETER, --parameter PARAMETER\n  -co COOKIE, --cookie COOKIE\n  -P PAYLOAD, --payload PAYLOAD\n  -c COMMAND, --command COMMAND\n  -H HEADERS, --headers HEADERS\n\n```\nsocksend mode  \n```\nusage: balsamic.py socksend [-h] -rh RHOST -rp RPORT -P PAYLOAD [-c COMMAND] [-s STEPS] [-e]\n                            [--ipv6]\n\noptions:\n  -h, --help            show this help message and exit\n  -rh RHOST, --rhost RHOST\n  -rp RPORT, --rport RPORT\n  -P PAYLOAD, --payload PAYLOAD\n  -c COMMAND, --command COMMAND\n  -s STEPS, --steps STEPS\n  -e, --encode\n  --ipv6                Use IPv6\n```\nsocklisten mode\n```\nusage: balsamic.py socklisten [-h] -lp LPORT -P PAYLOAD [-c COMMAND] [-s STEPS] [-e] [--ipv6]\n\noptions:\n  -h, --help            show this help message and exit\n  -lp LPORT, --lport LPORT\n  -P PAYLOAD, --payload PAYLOAD\n  -c COMMAND, --command COMMAND\n  -s STEPS, --steps STEPS\n  -e, --encode\n  --ipv6                Use IPv6\n```\n\n## useage (library)\n```\nfrom balsamic import balsamic\nbalsamic.utility.command=\"command\"\nbalsamic.webreq(\"method\", \"url\", \"payload\", \"param\", \"cookie\", custom_headers)\nbalsamic.socksend(\"rhost\", rport, \"payload\", enc, steps, use_ipv6)\nbalsamic.socklisten(lport, \"payload\", enc, steps, use_ipv6)\n```\n",
    "bugtrack_url": null,
    "license": null,
    "summary": "Send malicious pickles via requests or sockets",
    "version": "0.2.94",
    "project_urls": null,
    "split_keywords": [
        "python",
        " hack",
        " pickle",
        " serialization",
        " security",
        " sockets",
        " web"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "4e00310040c626735917c128cb555467415e562f5947e37f772f897f0d18bd63",
                "md5": "98e8d5dd4567e813b6756d3835771f04",
                "sha256": "4d4c9cf30e2b7522be74bbba91a3114eeeacd95d752a1ad6a18affafe9c1db56"
            },
            "downloads": -1,
            "filename": "balsamic-0.2.94-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "98e8d5dd4567e813b6756d3835771f04",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": null,
            "size": 4151,
            "upload_time": "2024-06-12T05:05:06",
            "upload_time_iso_8601": "2024-06-12T05:05:06.112196Z",
            "url": "https://files.pythonhosted.org/packages/4e/00/310040c626735917c128cb555467415e562f5947e37f772f897f0d18bd63/balsamic-0.2.94-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "a7c2bcaf477b7917b7e63934a9b1cfc16514c5f28d6d1e4b9fd5a23638af222e",
                "md5": "c793edc5c7ba8f63c50d59eacecaec14",
                "sha256": "1a075fa09e00a025e9e73574750aa85420a726a19df158229dc1aaee171a6107"
            },
            "downloads": -1,
            "filename": "balsamic-0.2.94.tar.gz",
            "has_sig": false,
            "md5_digest": "c793edc5c7ba8f63c50d59eacecaec14",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 4064,
            "upload_time": "2024-06-12T05:05:08",
            "upload_time_iso_8601": "2024-06-12T05:05:08.040311Z",
            "url": "https://files.pythonhosted.org/packages/a7/c2/bcaf477b7917b7e63934a9b1cfc16514c5f28d6d1e4b9fd5a23638af222e/balsamic-0.2.94.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-06-12 05:05:08",
    "github": false,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "lcname": "balsamic"
}
        
Elapsed time: 0.25596s