I know just a little bit of python and that looks like it does what the description says. Maybe I wouldn't use subprocess but do it via the standard lib.
shell=True is a security risk unless you're very careful with escaping inputs. In this case any filename with a `;` in it (or various other shell characters) will run arbitrary commands on the attacker's computer.
best to pass a list of arguments to subprocess rather than a string, and avoid shell=True
Ah true! I fixated on exactly the line that was marked. I guess it's not that bad because you're choosing the file to copy, but I wouldn't have used a subshell for copying a file anyway.
Python is a pretty big "I don't know what I'm doing" flag so I wouldn't be too surprised. Not always of course - there are plenty of well written Python projects - but Python and JavaScript are so popular for beginners that projects written by beginners tend to concentrate in those languages.
Looking at the SSH actions, the "brute force" attack is just iterating through a list of usernames and passwords from an external file. Wow. Much impress. So Hacker.
If it ends up living up to the promise of the quality of the documentation (ie the README), I can’t wait to try it. Also screenshots of the display look cool.
I know I’m just a troll account but I can’t believe all it takes to get 1k stars on GitHub is just rewriting an automated file transfer script using five different protocols and claiming it’s some powerful offensive capability lmfao
Hydra unifies brute forcing dozens of protocols into a singular (cli) API. It is useful in that you don't have to have dozens of tools for each kind of service you might want to enumerate, each with their own interfaces.
Ahh yeah Bjorn, my pwnagotchi's new older brother. I really hope he can cheer him up - the little guy hasn't been the same ever since daddy decided he was more interested in penetrating that cups server.
