t3l3machus / Villain

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
Other
3.77k stars 611 forks source link

Crypto package unsafe #21

Closed MrurBo closed 1 year ago

MrurBo commented 1 year ago

Security tracker: https://security-tracker.debian.org/tracker/source-package/python-crypto

MadHatterENV commented 1 year ago

ah damn, i started a discussion instead of an issue. Have the same thing using Python3

https://stackoverflow.com/questions/19623267/importerror-no-module-named-crypto-cipher

MrurBo commented 1 year ago

ah damn, i started a discussion instead of an issue. Have the same thing using Python3

https://stackoverflow.com/questions/19623267/importerror-no-module-named-crypto-cipher

That's why I researched the package!

t3l3machus commented 1 year ago

Hey thanks for the heads up. Honestly, i find it unlikely for someone to have security issues using this tool based on the recorded CVEs for the crypto module. Gonna have to live with it for a while.