# Balsamic
balsamic is a library for sending malicious pickles to a vunlerable application, via web requests, or a malicious server or client(currently ipv4 only).
we will add more payloads but for now we just execute shell commands. via the oscmd payload.
## useage (standalone)
web request mode
```
usage: balsamic.py webreq [-h] [-m METHOD] -u URL [-p PARAMETER] [-co COOKIE] -P PAYLOAD
[-c COMMAND] [-H HEADERS]
options:
-h, --help show this help message and exit
-m METHOD, --method METHOD
-u URL, --url URL
-p PARAMETER, --parameter PARAMETER
-co COOKIE, --cookie COOKIE
-P PAYLOAD, --payload PAYLOAD
-c COMMAND, --command COMMAND
-H HEADERS, --headers HEADERS
```
socksend mode
```
usage: balsamic.py socksend [-h] -rh RHOST -rp RPORT -P PAYLOAD [-c COMMAND] [-s STEPS] [-e]
[--ipv6]
options:
-h, --help show this help message and exit
-rh RHOST, --rhost RHOST
-rp RPORT, --rport RPORT
-P PAYLOAD, --payload PAYLOAD
-c COMMAND, --command COMMAND
-s STEPS, --steps STEPS
-e, --encode
--ipv6 Use IPv6
```
socklisten mode
```
usage: balsamic.py socklisten [-h] -lp LPORT -P PAYLOAD [-c COMMAND] [-s STEPS] [-e] [--ipv6]
options:
-h, --help show this help message and exit
-lp LPORT, --lport LPORT
-P PAYLOAD, --payload PAYLOAD
-c COMMAND, --command COMMAND
-s STEPS, --steps STEPS
-e, --encode
--ipv6 Use IPv6
```
## useage (library)
```
from balsamic import balsamic
balsamic.utility.command="command"
balsamic.webreq("method", "url", "payload", "param", "cookie", custom_headers)
balsamic.socksend("rhost", rport, "payload", enc, steps, use_ipv6)
balsamic.socklisten(lport, "payload", enc, steps, use_ipv6)
```
Raw data
{
"_id": null,
"home_page": null,
"name": "balsamic",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "python, hack, pickle, serialization, security, sockets, web",
"author": "Witchdoctor (malectrica)",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/a7/c2/bcaf477b7917b7e63934a9b1cfc16514c5f28d6d1e4b9fd5a23638af222e/balsamic-0.2.94.tar.gz",
"platform": null,
"description": "\n# Balsamic \nbalsamic is a library for sending malicious pickles to a vunlerable application, via web requests, or a malicious server or client(currently ipv4 only). \nwe will add more payloads but for now we just execute shell commands. via the oscmd payload. \n\n\n## useage (standalone) \nweb request mode \n```\nusage: balsamic.py webreq [-h] [-m METHOD] -u URL [-p PARAMETER] [-co COOKIE] -P PAYLOAD\n [-c COMMAND] [-H HEADERS]\n\noptions:\n -h, --help show this help message and exit\n -m METHOD, --method METHOD\n -u URL, --url URL\n -p PARAMETER, --parameter PARAMETER\n -co COOKIE, --cookie COOKIE\n -P PAYLOAD, --payload PAYLOAD\n -c COMMAND, --command COMMAND\n -H HEADERS, --headers HEADERS\n\n```\nsocksend mode \n```\nusage: balsamic.py socksend [-h] -rh RHOST -rp RPORT -P PAYLOAD [-c COMMAND] [-s STEPS] [-e]\n [--ipv6]\n\noptions:\n -h, --help show this help message and exit\n -rh RHOST, --rhost RHOST\n -rp RPORT, --rport RPORT\n -P PAYLOAD, --payload PAYLOAD\n -c COMMAND, --command COMMAND\n -s STEPS, --steps STEPS\n -e, --encode\n --ipv6 Use IPv6\n```\nsocklisten mode\n```\nusage: balsamic.py socklisten [-h] -lp LPORT -P PAYLOAD [-c COMMAND] [-s STEPS] [-e] [--ipv6]\n\noptions:\n -h, --help show this help message and exit\n -lp LPORT, --lport LPORT\n -P PAYLOAD, --payload PAYLOAD\n -c COMMAND, --command COMMAND\n -s STEPS, --steps STEPS\n -e, --encode\n --ipv6 Use IPv6\n```\n\n## useage (library)\n```\nfrom balsamic import balsamic\nbalsamic.utility.command=\"command\"\nbalsamic.webreq(\"method\", \"url\", \"payload\", \"param\", \"cookie\", custom_headers)\nbalsamic.socksend(\"rhost\", rport, \"payload\", enc, steps, use_ipv6)\nbalsamic.socklisten(lport, \"payload\", enc, steps, use_ipv6)\n```\n",
"bugtrack_url": null,
"license": null,
"summary": "Send malicious pickles via requests or sockets",
"version": "0.2.94",
"project_urls": null,
"split_keywords": [
"python",
" hack",
" pickle",
" serialization",
" security",
" sockets",
" web"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "4e00310040c626735917c128cb555467415e562f5947e37f772f897f0d18bd63",
"md5": "98e8d5dd4567e813b6756d3835771f04",
"sha256": "4d4c9cf30e2b7522be74bbba91a3114eeeacd95d752a1ad6a18affafe9c1db56"
},
"downloads": -1,
"filename": "balsamic-0.2.94-py3-none-any.whl",
"has_sig": false,
"md5_digest": "98e8d5dd4567e813b6756d3835771f04",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 4151,
"upload_time": "2024-06-12T05:05:06",
"upload_time_iso_8601": "2024-06-12T05:05:06.112196Z",
"url": "https://files.pythonhosted.org/packages/4e/00/310040c626735917c128cb555467415e562f5947e37f772f897f0d18bd63/balsamic-0.2.94-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "a7c2bcaf477b7917b7e63934a9b1cfc16514c5f28d6d1e4b9fd5a23638af222e",
"md5": "c793edc5c7ba8f63c50d59eacecaec14",
"sha256": "1a075fa09e00a025e9e73574750aa85420a726a19df158229dc1aaee171a6107"
},
"downloads": -1,
"filename": "balsamic-0.2.94.tar.gz",
"has_sig": false,
"md5_digest": "c793edc5c7ba8f63c50d59eacecaec14",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 4064,
"upload_time": "2024-06-12T05:05:08",
"upload_time_iso_8601": "2024-06-12T05:05:08.040311Z",
"url": "https://files.pythonhosted.org/packages/a7/c2/bcaf477b7917b7e63934a9b1cfc16514c5f28d6d1e4b9fd5a23638af222e/balsamic-0.2.94.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-12 05:05:08",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "balsamic"
}
JSON