import random
from datetime import datetime, timedelta
def generate_artifacts(num_logs, num_history, num_files):
"""Generate log entries, browser history, and file metadata."""
logs, history, metadata = [], [], []
urls = [
"http://example.com",
"http://malicious-site.com",
"http://banking-site.com",
"http://socialmedia.com",
"http://shopping-site.com"
]
for i in range(num_logs):
timestamp = datetime.now() - timedelta(days=random.randint(1, 30), hours=random.randint(0, 23))
logs.append(f"{timestamp.strftime('%Y-%m-%d %H:%M:%S')} - INFO - User logged in")
for i in range(num_history):
timestamp = datetime.now() - timedelta(days=random.randint(1, 30), hours=random.randint(0, 23))
duration = random.randint(1, 300)
url = random.choice(urls)
history.append(f"{timestamp.strftime('%Y-%m-%d %H:%M:%S')} - {url} - {duration} seconds")
for i in range(num_files):
filename = f"file_{i+1}.txt"
created_time = datetime.now() - timedelta(days=random.randint(1, 30))
modified_time = created_time + timedelta(days=random.randint(0, 10))
size = random.randint(1000, 50000)
metadata.append(f"Filename: {filename}, Created: {created_time}, Modified: {modified_time}, Size: {size} bytes")
return logs, history, metadata
def save_artifacts(logs, history, metadata):
"""Save artifacts to files."""
with open("log_entries.txt", "w") as log_file:
log_file.write("\n".join(logs))
with open("browser_history.txt", "w") as history_file:
history_file.write("\n".join(history))
with open("file_metadata.txt", "w") as metadata_file:
metadata_file.write("\n".join(metadata))
def main():
print("Digital Forensics Artifact Generator")
num_logs = int(input("Enter the number of log entries to generate: "))
num_history = int(input("Enter the number of browser history entries to generate: "))
num_files = int(input("Enter the number of file metadata entries to generate: "))
logs, history, metadata = generate_artifacts(num_logs, num_history, num_files)
save_artifacts(logs, history, metadata)
print("\nArtifacts generated and saved to 'log_entries.txt', 'browser_history.txt', and 'file_metadata.txt'.")
if __name__ == "__main__":
main()
-
Digital Forensics Artifact Generator
-
Phishing Email Generator
import random
def generate_phishing_email(sender_name, sender_email):
"""Generate a fake phishing email."""
subjects = [
"Urgent: Your Account Needs Verification",
"You've Won a $1000 Gift Card!",
"Your Invoice is Attached",
"Action Required: Update Your Payment Information",
"Congratulations! You've Been Selected!"
]
bodies = [
f"Dear Customer,\n\nWe noticed suspicious activity in your account. Please click the link below to verify your account:\nhttp://fake-link.com\n\nBest,\n{sender_name}",
f"Congratulations! You've won a $1000 gift card. Claim your prize by clicking here:\nhttp://fake-link.com\n\nSincerely,\n{sender_name}",
f"Attached is your invoice. Please review it immediately.\n\nBest,\n{sender_name}",
f"Your payment information needs to be updated. Click here:\nhttp://fake-link.com\n\nThank you,\n{sender_name}",
f"You've been selected for a special offer! Click the link to redeem:\nhttp://fake-link.com\n\nCheers,\n{sender_name}"
]
email_subject = random.choice(subjects)
email_body = random.choice(bodies)
email = f"From: {sender_name} <{sender_email}>\nSubject: {email_subject}\n\n{email_body}"
return email
def main():
print("Phishing Email Generator")
sender_name = input("Enter fake sender name: ")
sender_email = input("Enter fake sender email: ")
phishing_email = generate_phishing_email(sender_name, sender_email)
print("\n--- Generated Phishing Email ---")
print(phishing_email)
# Save to file
with open("phishing_email.txt", "w") as file:
file.write(phishing_email)
print("\nPhishing email saved to 'phishing_email.txt'.")
if __name__ == "__main__":
main() -
Password Strength Scanner and Breach Checker
import requests
import re
import hashlib # Import hashlib for SHA-1 hashing
def check_breach(password):
"""Check if the password has been exposed in data breaches using the HIBP API."""
sha1_password = hashlib.sha1(password.encode()).hexdigest().upper()
prefix = sha1_password[:5]
suffix = sha1_password[5:]
response = requests.get(f'https://api.pwnedpasswords.com/range/{prefix}')
if response.status_code == 200:
hashes = (line.split(':') for line in response.text.splitlines())
return any(suffix == hash_suffix for hash_suffix, count in hashes)
return False
def assess_password_strength(password):
"""Assess the strength of the provided password."""
strength = "Weak"
if (len(password) >= 12 and
re.search(r"[A-Z]", password) and
re.search(r"[a-z]", password) and
re.search(r"[0-9]", password) and
re.search(r"[!@#$%^&*()_+]", password)):
strength = "Strong"
elif len(password) >= 8:
strength = "Moderate"
return strength
def main():
password = input("Enter a password to check: ")
strength = assess_password_strength(password)
print(f"Password Strength: {strength}")
if check_breach(password):
print("This password has been found in data breaches. Consider using a different password.")
else:
print("This password has not been found in data breaches.")
if __name__ == "__main__":
main() -
Decoy Account Generator and Monitor
import random
import string
import time
def generate_creds(num_accounts):
"""Generate a list of decoy account credentials (username, password)."""
return [(''.join(random.choices(string.ascii_lowercase + string.digits, k=8)),
''.join(random.choices(string.ascii_letters + string.digits, k=12))) for _ in range(num_accounts)]
def monitor_access(accounts):
"""Simulate access attempts on decoy accounts and log unauthorized attempts."""
with open("access_log.txt", "a") as log_file:
for account in accounts:
unauthorized = random.choice([True, False]) # Randomly determine if the attempt is unauthorized
if unauthorized:
log_file.write(f"Unauthorized access attempt on {account[0]}\n") # Log the attempt
time.sleep(1) # Simulate delay for each access attempt
def main():
"""Main function to prompt user for account count, generate accounts, and monitor access."""
num_accounts = int(input("Enter the number of decoy accounts to create: ")) # Get user input for account count
accounts = generate_creds(num_accounts) # Generate the specified number of decoy accounts
print("Generated Decoy Accounts:", accounts) # Display generated accounts
monitor_access(accounts) # Monitor access attempts on the generated accounts
if __name__ == "__main__":
main() # Execute the main function -
Automated Threat Intelligence Aggregator
import requests
import pandas as pd
import smtplib
from email.mime.text import MIMEText
# Function to fetch threat intelligence data
def fetch_threat_data(api_url):
response = requests.get(api_url)
if response.status_code == 200:
return response.json()
else:
print(f"Failed to fetch data from {api_url}")
return None
# Function to analyze threats and generate a report
def analyze_threats(data):
threats = pd.DataFrame(data)
report = threats.describe() # Basic statistical summary
return report
# Function to send email alerts
def send_alert(report):
sender = "your_email@example.com"
recipients = ["recipient@example.com"]
subject = "Threat Intelligence Report"
body = report.to_string()
msg = MIMEText(body)
msg['Subject'] = subject
msg['From'] = sender
msg['To'] = ", ".join(recipients)
with smtplib.SMTP('smtp.example.com', 587) as server:
server.starttls()
server.login(sender, "your_password")
server.sendmail(sender, recipients, msg.as_string())
# Main function
def main():
# Example API endpoints (replace with actual threat intelligence APIs)
api_urls = [
"https://api.example.com/threats",
"https://api.anotherexample.com/threats"
]
all_data = []
for api_url in api_urls:
data = fetch_threat_data(api_url)
if data:
all_data.extend(data)
if all_data:
report = analyze_threats(all_data)
print(report)
send_alert(report)
if __name__ == "__main__":
main() -
Incident Response Playbook Generator
def generate_playbook():
assets = input("What types of assets do you need to protect? (e.g., servers, databases): ")
threats = input("What potential threats do you face? (e.g., malware, insider threats): ")
response_steps = input("Outline your response steps (e.g., isolate affected systems): ")
playbook = f"""
Incident Response Playbook
---------------------------
Assets to Protect: {assets}
Potential Threats: {threats}
Response Steps: {response_steps}
Recommended Actions:
1. Identify the scope of the incident.
2. Contain the threat.
3. Eradicate the cause.
4. Recover affected systems.
5. Conduct a post-incident review.
"""
with open("incident_response_playbook.txt", "w") as file:
file.write(playbook.strip())
print("Incident response playbook generated as 'incident_response_playbook.txt'.")
if __name__ == "__main__":
generate_playbook() -
Network Traffic Monitor
from scapy.all import sniff def packet_callback(packet): print(f"Packet captured: {packet.summary()}") if __name__ == "__main__": print("Starting network traffic monitor...") sniff(prn=packet_callback, count=10) # Capture 10 packets -
Malware Behavior Simulator
import time import random def simulate_keylogger(): """Simulate a simple keylogging behavior.""" print("Simulating keylogging... (Press Ctrl+C to stop)") try: while True: # Simulate capturing random key presses keys = ['a', 's', 'd', 'f', 'g', 'h', 'j', 'k', 'l'] key = random.choice(keys) print(f"Key captured: {key}") time.sleep(1) # Simulate delay between captures except KeyboardInterrupt: print("\nKeylogging simulation stopped.") def simulate_file_manipulation(): """Simulate file manipulation behavior.""" file_actions = ['create', 'modify', 'delete'] for _ in range(5): # Simulate 5 actions action = random.choice(file_actions) filename = f"malware_file_{random.randint(1, 100)}.txt" if action == 'create': print(f"Creating file: {filename}") elif action == 'modify': print(f"Modifying file: {filename}") elif action == 'delete': print(f"Deleting file: {filename}") time.sleep(1) # Simulate delay between actions def simulate_network_scanning(): """Simulate network scanning behavior.""" print("Simulating network scanning...") for i in range(1, 4): # Simulate scanning 3 'hosts' ip_address = f"192.168.1.{i}" print(f"Scanning {ip_address}...") time.sleep(2) # Simulate time taken to scan print(f"Host {ip_address} is active.") if __name__ == "__main__": print("Malware Behavior Simulator") print("1. Simulate Keylogger") print("2. Simulate File Manipulation") print("3. Simulate Network Scanning") choice = input("Select a simulation (1, 2, or 3): ") if choice == '1': simulate_keylogger() elif choice == '2': simulate_file_manipulation() elif choice == '3': simulate_network_scanning() else: print("Invalid choice.") -
Web Server Fingerprinting Tool
import requests def fingerprint_web_server(url): """Identify the web server type and version from the response headers.""" try: response = requests.get(url) server_header = response.headers.get('Server', 'Unknown') print(f"URL: {url}") print(f"Server Header: {server_header}") if "Apache" in server_header: print("Detected web server: Apache") elif "Nginx" in server_header: print("Detected web server: Nginx") elif "IIS" in server_header: print("Detected web server: Microsoft IIS") elif "lighttpd" in server_header: print("Detected web server: Lighttpd") else: print("Web server type could not be determined.") except requests.exceptions.RequestException as e: print(f"Error: {e}") if __name__ == "__main__": target_url = input("Enter the URL to fingerprint (e.g., http://example.com): ") fingerprint_web_server(target_url) -
Fake User Data Generator
import random import faker def generate_fake_user_data(num_profiles): """Generate a list of fake user profiles.""" fake = faker.Faker() user_profiles = [] for _ in range(num_profiles): profile = { 'name': fake.name(), 'email': fake.email(), 'phone': fake.phone_number(), 'address': fake.address().replace("\n", ", "), } user_profiles.append(profile) return user_profiles if __name__ == "__main__": num_profiles = int(input("Enter the number of fake user profiles to generate: ")) fake_users = generate_fake_user_data(num_profiles) print("\nGenerated Fake User Profiles:") for user in fake_users: print(user)