Full disclosure, the LutziTube software is actually a collection of tools that I have developed over the past 7 years and have been improving and improving all the time
These are a set of tools that allow me workflow and comfort as an information security researcher/developer/creator.
LutziTube started by only allowing the creation of a unique audio/video library by scraping very high quality through youtube.
For this purpose, so that I dont have to remember anything because Im curious and like to mess with different areas in my private environment and thats how it gave me the ambition to start and develop a tool that will do it properly without running some python code every time, like researching malicious programming, in-depth tests for files, Suspicious web traffic detection and cool AI capabilities I chose to add and here is a versatile product that I want and believe is worth it.
I choose to release LutziTube as a product for sale because it greatly optimizes my time and allows me to focus on the things I want without being dependent on remembering so many things as I mentioned before which created a boundary that I could not cross until I reached the point where I allow myself everything with quick and safe access, without choice Involvement of advertisements in order to scrape a video through some dubious website that will embed advertisements in my browser or steal information from me or go look for some script on github and start reading it in order to understand or it will do the job and then my computer started to fill up with files that I started to forget what they do every time I changed a topic One topic after another until I decided to put an end to it and build the multi-purpose tool with which I will implement practical things with the push of a button instead of doing it like an ants/hard work.
Converts to entire directories for that matter, scraping entire directories.
Now I want to share the spoils with everyone who wants it with the goal that everyone will have possibility or at least know about the existence of the possible existing weaknesses or the capabilities just by reading the documentation and look here at all the PoCs that document step by step what exactly LuziTube does
LutziTube provides a variety of tools that will allow you a workflow, shortcuts to realize goals and a variety of advanced options for protection and penetration testing/ethical attacks in order to create a secure, fun and interesting environment - LutziTube comes to facilitate both developer and non-developer users with the aim of simply understanding how things work without you having to make an effort at all and achieve goals such as: File conversions, file downloads, penetration testing, performing machine learning/artificial intelligence processes to perform diagnostics or to perform advanced operations such as data decoding conversions and more.
Create your own private video library by scraping entire videos/array of playlists, courses, tutorials, music albums and access them from your local computer any time you want, so you can put the importance of remembering how things work and only the name and subject of what youre looking for. In the example folder "docker container" or alternately sort organized folders and start creating your private and enriched local network with the LutziTube tool. Artificial intelligence has existed for a long time and now it has gained momentum, it is highly recommended to create a private data set that we can access in order to shorten the time and free up time for development and practice and less to remember how things work or alternately to remember all the commands, almost impossible and therefore LutziTube is a very intelligent tool that helps me make sure That my computer is clean of things Im not interested in, to take significant shortcuts while working, and enables offensive and defensive tests including rich report output including reports issued by artificial intelligence for a fee by placing a paid API key
LutziTube performs an analysis to download the video in 4k Resolution and transcode The Video to be able to Play. Downloading direct from the Memory Only
. The Iterations by IAT hooking.
All Methods embedded to to Implement interaction with youtube such as Searching Videos by Search Engine of YouTube through command line, rendering to download 4k video, extract subtitles ETC.
Smart Conversion/Resize for Entier Folders
Detect/Remove Duplications form your PC
ML Tools to Implement Smart Mechanism on Infrastructures and web applications as well
Detect and Remove Persistences (include FileLess Detection ability)
(Note: Can use by right slide bar and here. can click on any row in the table of contents to go to an expanded view for a specific option you are interested in)
Type 1 in Main Menu Contact with YouTube.
1 download YouTube videos in 4k Resolution - (CPU Rendering Single, by ITAG selection all range from 144p to 4320p)
2 download YouTube videos in 720p Resolution and below, without rendering
3 download Single highest resolution - highest = 720p - best sound detection
4 Download List URL 720p and below
5 download by itag chosen - (CPU Rendering Single, by ITAG selection all range from 144p to 4320p)
6 Get The Search Engine
7 Open LutziTube Official Site)
8 Download LutziTube-RadioStation
9 extract subtitle from entered URL
10 Open YouTube Page
Type 2 in Main Menu Conversation Methods.
1 to convert Video to Audio.
2 to convert mp3 to WAV)
3 to Resize Entire Folder Images
4 to convert png to txt
Type 3 in Main Menu, Identify Duplication Files.
type 1 to identify Duplication Files
Type 4 in Main Menu, AI, Machine Learning, Analysis Methods.
1. OpenAI to Identify IAT Table of EXE Files (Pretty Table)
2. OpenAI to Identify IAT Table of EXE Files (Wild Table)
3. Check existing Persistence on the System
4. Get All Information about The Entropy Sections of EXE File
5. to Inject EXE/Malware into JPG (with options to Execute That from Local and Remote Method)
9. Check Verifications of Files Signature Windows > "Unsigned"
10. Delete Verified/unverified of Files Signature Windows (Administrator / Owner Permission
11. Process Injection and Dropper-Based Attacks Injection Techniques
12. Auto Remove Date Injection Generator via Embed a batch file
13. Recursive smart scan/Detection for specific string in chosen folder
Type 5 in Main Menu - Methods Attacks.
By Type 5 you will see The following List of Methods Attacks
type 1 to Generate Wordlist.txt for SSH Attack
By Typeing 2 you will see Multiple Brute Forcing Methods
1 SSH/SFTP Brute Forcing Method
2 SMB Brute Forcing Method
By Type 1 on SSH you will see two SSH Brute Forcing Methods
1 to Execute Brutal Brute-Forcing SSH Attack
2 to Basic Execute Brute-Forcing SSH
Type 2 for SMB Brute Forcing Methods
Brute-Forcing option 1 Brute-Forcing SMB with Known Username
Brute-Forcing option 2 Brute-Forcing SMB with Unknown Username
Type 3 for FTP Brute Forcing Method
By Type 3 FTP Brute Forcing Method
Type 3 for Steelthy Protection Method by LutziProtector-SVNLP
Steelthy Protection Method by LutziProtector-SVNLP
How to use:
By The Screenshot above can see the main menu options list.
In General The LutziTube is Anthology Tool for PT Attack, Defense/Diagnostics/AI/Diagnostic/Export report/Scraping files via sites/converts Methods Files or Entire Folders etc etc
Easy and convenient to use: Well provide a variety of tools for penetration testing and attacks, offering a range of techniques, scraping, system testing, 4K rendering, and other useful features to enhance your ability and workflow on the Windows environment.
The LutziTube Pro Edition qualities features:
!-~=~!~@~Extreme Vibe by LutziGoz~@~!-~=~!
Lets Start:
In the main menu, click 1 and you will get a variety of options for interacting with YouTube and downloading content in a variety of options:
You can Download Playlist/Single/Subtitle Video FromYouTube.com .
by the following output:
after you clicked on option 1, this options will appear to provide you option to grabbing and scraping HD/4K YouTube videos through the memory by malloc function generated by C language (I implemented that in python)
Type "1" to Download 4K - (CPU Rendering<->Only Single Video)
IMPORTANT TO KNOW: AI processing will allocate all Available CPU Power and start to use it while the Video and Audio merging
while you will choese by 4k option, it will ask you to enter the url to download, its support by short link and basic YouTube link, then the LutziTube will start to scanning for resolutions available and will provide you simple question to choose what the video are you want to download and the Video and audio files start download as seperated files, and in the end, LutziTube will start by AI proccessing to merge for the Video and Audio Files to be one file with Sound and Video, in this point LutziTube will start to Clean the Temporary files and then the completed file will shown in the LutziTube path folder, popup notification will display for 10 seconds also with sound to tell you that finished to download process.
Rendering CPU Methods coming to help you to download any option are you want to download, working by Typing 1,3 and 5 options - actually the options that the following: - 4k, Single highest resolution highest = 720p - best sound detection and download by itag chosen
Type "2" to Download Single URL - (720p and Below)
Type "3" to Download Single highest resolution - highest = 720p - best sound detection(including rendering by CPU)
Type "4" to Download List URL - (720p and Below)
Type "5" to download by itag chosen (CPU Rendering Single, support for all resolutions available)
Type "6" to Get The Search Engine
Type "7" to Open LutziGoz.com Official Documentation for LutziTube
Type "8" to Download LutziTube-RadioStation - by typing 8 you will redirect to github lutziggoz repository of lutzigube-radiostationn open source tool, this only will open YouTube radio channels by genres choice
Type "A" to Download Video as txt by URL (by following old version of LutziTube PoC it typing 3, that changed to A)
Type "youtube" to Open YouTube Page (by following old version of LutziTube PoC it typing 6, that changed to youtube)
Type 9 to return to The main Menu
Type 0 to Exit.
After you choose the desired option 1-2 or 4 options you should see Single/Playlist or 4K
Single file.
In this addition, there is a cool action. I will calculate the types of options from the link you bring
me,
then I will scrape the 4K resolution and the highest quality audio file separately,
and then rent between them at the cost of your CPU. By retrieving input The Playlist Link, it will create
Download Files from all URLs associated with the URL of the Playlist, and in the start calc, it will print
ALL
URLs associated with the URL of The Playlist.
In addition, you can download the LutziRadioTube GUI for listening to The Online YouTube Channels, Perform
Search YouTube through LutziTube Script and download from there, as well you can visit my repository by
automatically opening through the script.
It will Retrieving input it Will Ask you 4 Questions:
Type 1 convert Video to Audio (for Single Files and Entire Folders as well)
example 1: Single Files
example 2: Entire Folders
Type 2 to convert mp3 to WAV (for Single Files and Entire Folders as well)
example 1: Single Files
example 2: Entire Folders
Type 3 to change the size rule for images inside a folder to a uniform size
Type 4 to convert picture to text by artificial intelligent / machine learning
Type 9 to return to The main Menu
By Entering 1, It will ask you where to save the file and which file you would like to
convert.
For each method between 1-3, it can be done for a single file or for an entire folder, super useful.
It will Check and ask you if you want to Delete Duplication Files By MD5 comparing for the
selected
folder.
According to method 4, 13 options will appear:
NOTE: for both of two first IATIntelligent Analysis Mode have only one different thing, the pretty table will provide pretty table and print the content after the processing completed, the Wild Printing mode will print details on run-time
in Wild Mode it will extract the results into the text file ,First it raise question to enter the API form OpenAI and then rais more question to assign the version are you use, it will raise the question for API in both Modes as well, look at this:
You need to enter the key (once and it is saved in config.ini) then you can delete and replace every time in official OpenAI Website - API
Then it checks and will display for you all API Libraries and Modules called with Documentation from MITRE ATT&CK®
Type 1 for Lutzi_IATIntelligence with Pretty Table NFO
by Type 2 for Lutzi_IATIntelligence Wild Printing same result will exported to txt file
Type 3 to Check existing_Persistence on the System
NOTE: For the possibility of persistence tests in the system, you need to run LutziTube with administrator privileges
The Persistence Hunter runs a test on the computer and checks for you whether you have a process with malicious persistence or not. (It is better to run with admin privileges so that it creates a file named Persistence.csv)
Type 4 to Get All Information about The Entropy Sections of EXE File
Regard to this Method to Get All Entropy Sections of EXE File It will Display any Section.For Example: IMAGE_RESOURCE_DIRECTORY_ENTRY and hex number of where is the header will appear, all Dlls list side loading and more Informations for EXE File loaded. the process looks like this:
Type 5 to Inject EXE/Malware into JPG
Note: The following Tool Injector can be used creatively and opposite of its purpose. It is known that defense systems use techniques to identify patterns of anomalous movements and many attackers create their malicious programming in such a way that it addresses the path of the exclusions of the defense system identified by the malicious file mechanism and thus perform manipulations through the permissions of the defense system itself. The following tool makes it possible to hide by encapsulation / imaging the structure of files running in the windows environment into a JPG file and thus also opening the file locally is done in a way that performs encryption using the encapsulate method for the JPG file. In addition, you can also run the file hidden in the image by uploading the file to the image on the network and then run it remotely. Embedding, local opening and remote opening are documented as follows:
By Typing 5 it will ask you 3 questions. First, LutziTube will ask you to load the jpg file to
inject the PE file into it, then it will embed the executable file or payload inside the jpg file. The
method the program uses is not exactly called one of the steganography methods [secure cover selection,
least
significant bit, palette-based technique, etc ]. For this reason, it does not cause any distortion in the
JPG
file. The JPG file size and payload do not have to be proportional. The JPG file is displayed normally in
any
viewing application or web application. It can bypass various security programs such as firewall,
antivirus.
If the file is examined in detail, it is easier to detect than steganography methods. However, since the
payload in the JPG file is encrypted, it cannot be easily decrypted. It also uses the -garbage code
insertion
or dead-code insertion- method to prevent the payload from being caught by the antivirus at runtime.
By choosing "1" when embedding a runtime file into an image file, the process looks like this:
By choosing "2" run with User Permission the injected JPG file, the process looks like this:
By choosing "3" it will provide option that is help to gain access control permission by run the injected JPG file from remotely, in here I provide example with administrator permission to proof that OS are not raise notification to run the remote embedding file that required administrator permission to execute. the process looks like this:
Type 6 to Amsi&Firewall Bypass
By Typing 6 Method it will bypass the AMSI. Additionally, it will disable and set the EnableLUA as 0 and also the DisableNotifications and DisableEnhancedNotifications to 1 for disabling the notifications and also that will disable the Delivery Protection.
Type 7 to AES Encryption (Powershell, C++, Python)
The both of two next encryption methods are working on Bash, C++ and Python languages, that will ask you to add some compatible file to encrypt, then it will provide one more question to choose the cycles of encryption / obfuscate the string as you want, finally that will export the encryption file to the path of LutziTube Folder, The Process look like this:
First, The PoC screenshot down below will explain how it should work Before encryption that python code to extract list of songs from specific spotify artist
Now, The next PoC down below regard to AES Encryption and Metamorphism Encryption as well:
Type 8 to Metamorphic Encryption (Powershell, C++, Python)
Regard The PoC down Below I do not added the full source code of the metamorphy process that I use, so most of the code is encrypted, only what is important is that the exact same output is obtained after encrypting the piece of code
Type A to Check Verifications of Files Signature Windows "Unsigned" requires administrator privilege (VUWFS Tool - Verifier Unsigned Windows File System)
This Tool Provides two advanced Methods for Recursive Smart Scanning for Unsigned Windows Files, very useful for IR situations, By First Method it will One Process by single sub Child Iteration on Path Folder Chosen The Second Type for Advanced Method - infinite Recursive scanning - When the process is finished, he suggests that you perform a fix to the filesystem by step will provide you option torun The "sfc /scannow" command and then run Cleanup-Image DISM for CheckHealth,ScanHealth and RestoreHealth commands
Method 1: Using a PowerShell Command for Recursive Listing
Steps:
Run a PowerShell Command: A PowerShell command is constructed to recursively list all files in a directory, check their digital signatures, and filter out those that are not valid.
Execute the Command: The command is executed to scan through the directory.
Process the Output: The output is processed, and each file path is appended to a list of unsigned files.
Handle Errors: Errors during the execution are captured and displayed.
Return the List: The list of unsigned files is returned.
Method 2: Using Python's os.walk and PowerShell for Each File
Steps:
User Confirmation: Prompt the user for confirmation before proceeding.
Recursively Walk Through Directory: Use a Python script to iterate over all files in the directory and its subdirectories.
Check Each File's Signature: For each file, a PowerShell command is executed to check its digital signature.
Process the Output: Append files with invalid signatures to a list.
Handle Errors: Capture and display errors during the execution.
Return the List: The list of unsigned files is returned.
Comparison:
Method 1 utilizes a single PowerShell command to perform the scan, making it quicker and more efficient for large directories. It reads and processes the output in bulk, making it suitable for fast detection of unsigned files.
Method 2 uses Python to walk through each file individually, providing more granular control and allowing for user interaction during the process. This method is more detailed and interactive but can be slower for very large directories.
Type D to Delete Administrator and Owner Files Signature Windows - "Unsigned/signed" requires administrator privilege
By Typing D you will see The 4 Following Methods to Delete chosen File/Directory with Administrator + Owner Permissions:
* First Method Provide You to Delete File/s Chosen, can do this on multiple files - Details > Only Delete any file/s Chosen - Includes option to kill run processes - Without verified unsinged step - include granting owner and administrator permission before deletion
* The Second Method Will provide option to Delete Entire chosen Directory - Details > Delete any Folder Chosen - Includes option to kill run processes - Without verified unsinged step - include granting owner and administrator permission before deletion.
* The Third method will provide The ability to Delete only the verified unsinged Windows Detected, by following screenshot you can see this method 3 will start with scan process and then delete all verified unsigned files detected, some files are not deleted completely by this screenshot you can see The Different Permission of Different Owner then I Delete them one by one, by First Delete Method, look and understand the logic
* The 4 and last method will provide you the ability to remove Entire Path Folder Chosen with advanced mechanism to ensure that will completely Delete the chosen Folder - Details > Granting owner and administrator permission and verifies permanent deletion
Type I to implement Process Injection and Dropper-Based Attacks Injection Techniques requires administrator privilege
By Typing I you will see The 2 Following Methods to DLL injection and Dropper-Based Injection techniques for exe file. requires administrator privilege
Type R to implement Auto Remove for PE file by chosen Date Injection method via Embed a batch file
By Typing R to implement Auto Remove for PE file by chosen Date Injection method via Embed a batch file that will help you to provide ability to set auto delete by date in goal to provide expired date for files - very useful for Paid software by subscription:
The Following Screenshot will demonstrate the implementation for this technique
By Typing S it will provide option to Implement Recursive smart scan/Detection for specific string in files by chosen folder requires administrator privilege,This option can Iterate on any File Type Includes Compiled Files(exe, video type, audio type - All file types), see the following screenshot down below:
NOTEs: In The Main Menu by Typing 5 are you should open LutziTube with Administrator High Permission. When Raised Error Catastrophic Failure or Returned to Main Manu and something would not work - just clear TMP File Folder to Fix and restart The LutziTube.
That means you can add any external wordlist file that support by next list Types: ------------------- csv txt dat wordlist lst dict zip rar 7z tar gz bz2 ------------------- with separators symbols it will identify the list as compatible to use and that not must to use by wordlist of LutziTube Generator Tool by default. can use by external Generator Tool such as crunch and so on. Can see The following screenshot example down below how to generate wordlist example:
LutziTube is designed to make the impossible possible and convenient in many situations to create a regular workflow.
By Typing 8 Clear LutziTube Files from TMP Folder
Disclaimer:
This tool is intended for educational and penetration testing purposes only. Misuse of these tools may violate
local, state, or federal law. The author and contributors are not responsible for any misuse or damage
caused by using this tool.
Contact & Support:
If you have any questions, suggestions, or encounter issues while using LutziTube Pro, feel free to contact
us at lutzigoz@lutzigoz.com.
Additional Information:
For additional information on how to use LutziTube Pro effectively and stay updated on the latest features,
please visit our official documentation at
my GitHub .
