SyntaxError: Missing parentheses in call to 'print'
Error in sys.excepthook:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 63, in apport_excepthook
from apport.fileutils import likely_packaged, get_recent_crashes
File "/usr/lib/python3/dist-packages/apport/init.py", line 5, in
from apport.report import Report
File "/usr/lib/python3/dist-packages/apport/report.py", line 21, in
from urllib.request import urlopen
File "/usr/lib/python3.5/urllib/request.py", line 88, in
import http.client
File "/usr/lib/python3.5/http/client.py", line 1217, in
import ssl
File "/tmp/pip-build-houdmkwo/ssl/ssl/init.py", line 140
except SSLError, x:
^
SyntaxError: invalid syntax

Original exception was:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/tmp/pip-build-houdmkwo/ssl/setup.py", line 33
    print 'looking for', f
                      ^
SyntaxError: Missing parentheses in call to 'print'

u0_a336@localhost  ~/Passhunt   master  python3 passhunt.py

Traceback (most recent call last):
  File "/data/data/com.termux/files/home/Passhunt/passhunt.py", line 13, in <module>
    import bs4 as bs
ModuleNotFoundError: No module named 'bs4'

Using python 3.5, I got a ssl.SSLErroe CERTIFICATE_VERIFY_FAILED after pressing 2 on command line.

Adding the following to imports fixed this problem:

import os, sys
import urllib.request

import ssl
import io
import bs4 as bs

try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context

Getting

python passhunt.py Traceback (most recent call last): File "passhunt.py", line 11, in <module> import urllib.request ImportError: No module named request

Would you please check? Thanks!

We discovered a malicious backdoor in the project's dependencies, affected versions are 9a063f8~54eb987d30ead2b8ebbf1f0b880aa14249323867. Its malicious backdoor is the request package, the requirements.txt file has a dependency request.

Even if the request has been deleted by PyPI, many mirror sites have not completely deleted this package, so it can still be installed. For example: https://mirrors.neusoft.edu.cn/pypi/web/simple/request/

Using such a mirror site to download and install this item will be vulnerable.

Analysis of malicious function of request package: 1.Remote download of malicious code When the request package is installed, the setup.py file in the package will be actively executed. The setup.py file contains the logic for the attacker to remotely download and execute malicious code. At the same time, the C2 domain name is encoded and obfuscated. The decrypted C2 address is: https://dexy.top/request/check.so. 2.Release the remote control Trojan and persist it The malicious code loaded remotely during the installation of the request package includes two functions: Release the remote control Trojan to the .uds folder of the current user's HOME directory. The Trojan name is _err.log (for example, /root/.uds/_err.log). The content of the _err.log remote control Trojan script is encoded and compressed by base64, which reduces the size and enhances the confrontation. Implant malicious backdoor commands in .bashrc to achieve persistence 3.Issue stealing instructions The attacker issues python secret stealing instructions through the remote control Trojan to steal sensitive information (coinbase account secret) After decrypting the stealing instruction, the function is to request the C2 service: http://dexy.top/x.pyx, and remotely load the stealing Trojan. Some of the functions of the remotely loaded secret stealing Trojan are shown below, which are used to steal browser cookies, coinbase accounts and passwords, etc.

Repair suggestion: replace request in requirements.txt with requests

On Kali, pip3 isn't installed by default. The person would need to first do an "apt-get install python3-pip". Additionally, there would be an error saying the following:

Traceback (most recent call last):
File "passhunt.py", line 11, in
import urllib.request
ImportError: No module named request

The person would need to run "python3 passhunt.py"

Hi!

Currently source of credentials is CIRT.net.

I create a database of credentials larger than a CIRT.net called Many passwords. I think it would be a good idea to replace CIRT.net with Many passwords. This provides more default credentials, provides the possibility of creating an offline version of the program (using the csv file). We can also convert csv file to json to easiest entries parse.

What do you think about this idea?

Syntax Error: Non ASCII character '/xe2' in file passhunt.py