Python tools JOSE MANUEL ORTEGA @JMORTEGAC - - PowerPoint PPT Presentation

python tools
SMART_READER_LITE
LIVE PREVIEW

Python tools JOSE MANUEL ORTEGA @JMORTEGAC - - PowerPoint PPT Presentation

May 30, 2023 209 likes •871 views

Ethical hacking with Python tools JOSE MANUEL ORTEGA @JMORTEGAC https://speakerdeck.com/jmortega INDEX Introduction Python pentesting Modules(Sockets,Requests,BeautifulSoup,Shodan) Analysis metadata Port scanning & Checking

slide-1
SLIDE 1

JOSE MANUEL ORTEGA @JMORTEGAC

Ethical hacking with

Python tools

slide-2
SLIDE 2

https://speakerdeck.com/jmortega

slide-3
SLIDE 3

INDEX

 Introduction Python pentesting  Modules(Sockets,Requests,BeautifulSoup,Shodan)  Analysis metadata  Port scanning & Checking vulnerabilities  Advanced tools  Pentesting-tool

slide-4
SLIDE 4

Python Pentesting

 Multi platform  Prototypes and proofs of concept(POC)  Many tools and libraries focused on security  OSINT and Pentesting tools  Very good documentation

slide-5
SLIDE 5

Python Pentesting

slide-6
SLIDE 6

http://sparta.secforce.com/

slide-7
SLIDE 7

The Harvester

slide-8
SLIDE 8

The Harvester

slide-9
SLIDE 9

W3AF

slide-10
SLIDE 10

Tools

Scapy

Capturing and analysing network packets

FiMap

Detecting RFI/LFI vulnerabilites

XSScrapy

Detecting XSS vulnerabilites

slide-11
SLIDE 11

Sockets Port scan

import socket #TCP sock = socket(socket.AF_INET,socket.SOCK_STREAM)

result = sock.connect_ex(('127.0.0.1',80)) if result == 0: print "Port is open" else: print "Port is filtered"

slide-12
SLIDE 12

Sockets Port scan

slide-13
SLIDE 13

Socket resolving IP/domain

slide-14
SLIDE 14

Banner server

slide-15
SLIDE 15

Banner server

slide-16
SLIDE 16

Requests

slide-17
SLIDE 17

Checking headers

slide-18
SLIDE 18

Checking headers

slide-19
SLIDE 19

Requests

import requests http_proxy = "http://10.10.10.10:3000" https_proxy = "https://10.10.10.10:3000" proxyDict = { "http" : http_proxy, "https" : https_proxy }

r = requests.get(url,proxies=proxyDict)

slide-20
SLIDE 20

Requests Authentication

slide-21
SLIDE 21

BeautifulSoup

slide-22
SLIDE 22

Internal/external links

slide-23
SLIDE 23

Internal/external links

slide-24
SLIDE 24

Extract images and documents

slide-25
SLIDE 25

Scrapy

slide-26
SLIDE 26

Web Scraping

slide-27
SLIDE 27

Shodan

slide-28
SLIDE 28

https://developer.shodan.io

slide-29
SLIDE 29

Shodan

import shodan SHODAN_API_KEY = "insert your API key here" api = shodan.Shodan(SHODAN_API_KEY)

slide-30
SLIDE 30

Shodan

slide-31
SLIDE 31

https://www.shodan.io/host/136.243.32.71

slide-32
SLIDE 32

Shodan

slide-33
SLIDE 33

Shodan

slide-34
SLIDE 34

BuiltWith

 pip install builtwith  builtwith.parse(‘https://ep2016.europython.eu’)

slide-35
SLIDE 35

Analysis metadata

slide-36
SLIDE 36

Analysis metadata

slide-37
SLIDE 37

Analysis metadata

slide-38
SLIDE 38

Port Scanning

slide-39
SLIDE 39

Python-nmap

 Automating port scanning  Synchronous and asynchronous modes

import nmap # Synchronous nm = nmap.PortScanner() # nm.scan(‘ip/range’,’port_list’) results = nm.scan('127.0.0.1', '22,25,80,443')

slide-40
SLIDE 40

NmapScanner

slide-41
SLIDE 41

NmapScanner

for port in port_list: NmapScanner().nmapScan(ip, port)

slide-42
SLIDE 42

NmapScanner Async

#Asynchronous nm_async = nmap.PortScannerAsync() def callback_result(host, scan_result): print '------------------' print host, scan_result nm_async.scan(hosts='192.168.1.0/30', arguments='-sP', callback=callback_result) while nm_async .still_scanning(): print("Waiting >>>") nm_async.wait(2)

slide-43
SLIDE 43

NmapScanner Async

slide-44
SLIDE 44

Scripts Nmap

slide-45
SLIDE 45

Scripts Nmap

 Programming routines allow to find potential

vulnerabilities in a given target

 First check if the port is open  Detect vulnerabilities in the service port openned

nm.scan(arguments="-n -A -p3306 -- script=/usr/share/nmap/scripts/mysql- info.nse")

slide-46
SLIDE 46

Mysql Scripts Nmap

slide-47
SLIDE 47

Check FTP Login Anonymous

slide-48
SLIDE 48

Check FTP Login Anonymous

slide-49
SLIDE 49

Check Webs sites

 pip install pywebfuzz  https://github.com/disassembler/pywebfuzz

slide-50
SLIDE 50

PyWebFuzz

from pywebfuzz import fuzzdb import requests logins = fuzzdb.Discovery.PredictableRes.Logins domain = "http://192.168.56.101" for login in logins: print “Checking... "+ domain + login response = requests.get(domain + login) if response.status_code == 200: print "Login Resource: " +login

slide-51
SLIDE 51

PyWebFuzz

slide-52
SLIDE 52

Heartbleed

 Vulnerability in OpenSSL V1.0.1  Multi-threaded tool for scanning hosts for CVE-

2014-0160.

 https://github.com/musalbas/heartbleed-masstest  https://filippo.io/Heartbleed

slide-53
SLIDE 53

Heartbleed

slide-54
SLIDE 54

Heartbleed

slide-55
SLIDE 55

Advanced tools

slide-56
SLIDE 56

Metasploit

python-msfrpc

slide-57
SLIDE 57

Metasploit API call

Calls in msgpack format

slide-58
SLIDE 58

Nexpose

Tool developed by Rapid7 for scanning

and vulnerability discovery.

It allows programmatic access to other

programs via HTTP/s requests.

BeautifulSoup to obtain data from

vulnerabilities server

slide-59
SLIDE 59

Nexpose

slide-60
SLIDE 60

Pentesting tool

slide-61
SLIDE 61

https://github.com/jmortega/python-pentesting

slide-62
SLIDE 62

https://github.com/jmortega/europython_ethical_hacking

slide-63
SLIDE 63

References & libs

 http://docs.shodanhq.com  http://docs.python-requests.org/en/master/  http://scrapy.org  http://xael.org/pages/python-nmap-en.html  http://www.pythonsecurity.org/libs  https://github.com/dloss/python-pentest-tools  http://kali-linux.co/2016/07/12/python-tools-for-

penetration-testers%E2%80%8B/

 https://github.com/PacktPublishing/Effective-Python-

Penetration-Testing

slide-64
SLIDE 64

Books

slide-65
SLIDE 65

Books

slide-66
SLIDE 66

THANK YOU!