Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ethical hacking with Python tools

1,604 views

Published on

Ethical hacking with Python tools at Europython 2016

Published in: Technology

Ethical hacking with Python tools

  1. 1. JOSE MANUEL ORTEGA @JMORTEGAC Ethical hacking with Python tools
  2. 2. https://speakerdeck.com/jmortega
  3. 3. INDEX  Introduction Python pentesting  Modules(Sockets,Requests,BeautifulSoup,Shodan)  Analysis metadata  Port scanning & Checking vulnerabilities  Advanced tools  Pentesting-tool
  4. 4. Python Pentesting  Multi platform  Prototypes and proofs of concept(POC)  Many tools and libraries focused on security  OSINT and Pentesting tools  Very good documentation
  5. 5. Python Pentesting
  6. 6. http://sparta.secforce.com/
  7. 7. The Harvester
  8. 8. The Harvester
  9. 9. W3AF
  10. 10. Tools  Scapy  Capturing and analysing network packets  FiMap  Detecting RFI/LFI vulnerabilites  XSScrapy  Detecting XSS vulnerabilites
  11. 11. Sockets Port scan import socket #TCP sock = socket(socket.AF_INET,socket.SOCK_STREAM) result = sock.connect_ex(('127.0.0.1',80)) if result == 0: print "Port is open" else: print "Port is filtered"
  12. 12. Sockets Port scan
  13. 13. Socket resolving IP/domain
  14. 14. Banner server
  15. 15. Banner server
  16. 16. Requests
  17. 17. Checking headers
  18. 18. Checking headers
  19. 19. Requests import requests http_proxy = "http://10.10.10.10:3000" https_proxy = "https://10.10.10.10:3000" proxyDict = { "http" : http_proxy, "https" : https_proxy } r = requests.get(url,proxies=proxyDict)
  20. 20. Requests Authentication
  21. 21. BeautifulSoup
  22. 22. Internal/external links
  23. 23. Internal/external links
  24. 24. Extract images and documents
  25. 25. Scrapy
  26. 26. Web Scraping
  27. 27. Shodan
  28. 28. https://developer.shodan.io
  29. 29. Shodan import shodan SHODAN_API_KEY = "insert your API key here" api = shodan.Shodan(SHODAN_API_KEY)
  30. 30. Shodan
  31. 31. https://www.shodan.io/host/136.243.32.71
  32. 32. Shodan
  33. 33. Shodan
  34. 34. BuiltWith  pip install builtwith  builtwith.parse(‘https://ep2016.europython.eu’)
  35. 35. Analysis metadata
  36. 36. Analysis metadata
  37. 37. Analysis metadata
  38. 38. Port Scanning
  39. 39. Python-nmap  Automating port scanning  Synchronous and asynchronous modes import nmap # Synchronous nm = nmap.PortScanner() # nm.scan(‘ip/range’,’port_list’) results = nm.scan('127.0.0.1', '22,25,80,443')
  40. 40. NmapScanner
  41. 41. NmapScanner for port in port_list: NmapScanner().nmapScan(ip, port)
  42. 42. NmapScanner Async #Asynchronous nm_async = nmap.PortScannerAsync() def callback_result(host, scan_result): print '------------------' print host, scan_result nm_async.scan(hosts='192.168.1.0/30', arguments='-sP', callback=callback_result) while nm_async .still_scanning(): print("Waiting >>>") nm_async.wait(2)
  43. 43. NmapScanner Async
  44. 44. Scripts Nmap
  45. 45. Scripts Nmap  Programming routines allow to find potential vulnerabilities in a given target  First check if the port is open  Detect vulnerabilities in the service port openned nm.scan(arguments="-n -A -p3306 -- script=/usr/share/nmap/scripts/mysql- info.nse")
  46. 46. Mysql Scripts Nmap
  47. 47. Check FTP Login Anonymous
  48. 48. Check FTP Login Anonymous
  49. 49. Check Webs sites  pip install pywebfuzz  https://github.com/disassembler/pywebfuzz
  50. 50. PyWebFuzz from pywebfuzz import fuzzdb import requests logins = fuzzdb.Discovery.PredictableRes.Logins domain = "http://192.168.56.101" for login in logins: print “Checking... "+ domain + login response = requests.get(domain + login) if response.status_code == 200: print "Login Resource: " +login
  51. 51. PyWebFuzz
  52. 52. Heartbleed  Vulnerability in OpenSSL V1.0.1  Multi-threaded tool for scanning hosts for CVE- 2014-0160.  https://github.com/musalbas/heartbleed-masstest  https://filippo.io/Heartbleed
  53. 53. Heartbleed
  54. 54. Heartbleed
  55. 55. Advanced tools
  56. 56. Metasploit python-msfrpc
  57. 57. Metasploit API call Calls in msgpack format
  58. 58. Nexpose  Tool developed by Rapid7 for scanning and vulnerability discovery.  It allows programmatic access to other programs via HTTP/s requests.  BeautifulSoup to obtain data from vulnerabilities server
  59. 59. Nexpose
  60. 60. Pentesting tool
  61. 61. https://github.com/jmortega/python-pentesting
  62. 62. https://github.com/jmortega/europython_ethical_hacking
  63. 63. References & libs  http://docs.shodanhq.com  http://docs.python-requests.org/en/master/  http://scrapy.org  http://xael.org/pages/python-nmap-en.html  http://www.pythonsecurity.org/libs  https://github.com/dloss/python-pentest-tools  http://kali-linux.co/2016/07/12/python-tools-for- penetration-testers%E2%80%8B/  https://github.com/PacktPublishing/Effective-Python- Penetration-Testing
  64. 64. Books
  65. 65. Books
  66. 66. THANK YOU!

×