SlideShare a Scribd company logo

Snake bites : Python for Pentesters

Anant Shrivastava
Anant Shrivastava

This document discusses using Python for web penetration testing. It begins with an introduction of the speaker. The objectives are to focus only on Python and introduce its functionality for penetration testers. Example existing Python tools are listed like w3af, sqlmap, and Scapy. Notable Python modules that are discussed include Requests for making HTTP requests, BeautifulSoup for parsing HTML, and Argparse for creating command line programs. Demonstrations include regular expression matching, XSS fuzzing, and extracting files from exposed .svn folders. References are provided for learning Python through online courses and books.

Technology
1 of 23
Download to read offline
Python for Web Pen-testers (Snake bites)
whoami Name : Anant Shrivastava work at 7Safe as a Information Security Consultant. Primary focus area's include Web and mobile. Certifications : RHCE, CEH, SANS-GWAPT Speaker : Nullcon, ClubHack, c0c0n Creator of Android Tamer (a Virtual Machine for Android Security) Active member of null and Garage4Hackers open communities Website : http://anantshri.info Contact : anant@anantshri.info Twitter : @anantshri
Objectives ● Presentation is only focused on python. (No comparisons with other languages please) ● Idea is to introduce a regular web penetration tester with various functionalities available in Python and give them a head start ● There is no new tools release
Why Python ● Easy and Flexible Language ● Massive module base allowing lots of use case scenario's to be written in small timeframe and codebase efforts. ● Inbuilt Language support in number of tools – Burp – IRONWASP ● API support provided by OWASP-ZAP ● Custom application logics or requirements ● Or as simple as JUST FOR THE FACT THAT YOU CAN DO IT
Example of Existing Python Tools w3af SpikeProxy sqlmap ProxyStrike wapiti sulley Peach Canvas Pyscan DeBlaze Scapy MonkeyFist Pcapy MyNav Idapython
Python Variations ● Cython ● Jython ● IronPython Remember to consider these two as different ● Python 2.X ● Python 3.X
Noteworthy Python modules
Python Modules ● Python has a set of inbuild packages listed as http://docs.python.org/2/library/index.html (2.7.3) ● Besides these packages community has provided a large set of modules and this is what
Standard Modules
External Modules
Requests ● Module alternative for urllib2 (HTTP handler) ● Internally handles the http or https transition. ● Simpler interface exposed ● Sample PoC import requests r = requests.get (get being one of the http method) r.text/r.content = content r.status_code r.headers Read more here : http://docs.python-requests.org/en/latest/user/quickstart/
BeautifulSoup ● Text / HTML parser Sample (I am using standard parser works fine so far but people recommend using a different parser) – import request – from BeautifulSoup import BeautifulSoup – r=requests.get('http://www.anantshri.info') – soup=BeautifulSoup(r.text) – //searches for each div with class attachment – each_div=soup.find('div',{'class':'attachment'}) ● Demo : Wordpress attachment enumeration
Argparse Create a quick and simple program with various options and switches Import argparse desc="""Description goes here""" parser = argparse.ArgumentParser(description=desc) parser.add_argument("--url",help="URL",dest='target',required= True) parser.add_argument("--debug",help="debug",action="store_tru e") x=parser.parse_args() x.target == url x.debug == debug
Demo ● Scenario's – Regular expression pattern matching – XSS Fuzzing / parameter fuzzing – SVN files extraction (.svn publically exposed)
Regular Expression Pattern Match #!/usr/bin/python import requests import re regex_array = { 'wordpress' : '<link rel="stylesheet" [^>]+wp-content', 'Drupal' : '<(?:link|style)[^>]+sites/(?:default|all)/(?:themes|modules)/'} r=requests.get('http://www.anantshri.com') for k, v in regex_array.iteritems(): m=re.search(v,r.content) if (m): print k, " : Detected " , " as the content has : ", m.group(0)
Simple XSS Fuzzer #!/usr/bin/python import requests import sys import argparse import os import urllib url="http://fuzz/noxss.php?a=" f=open('xss.txt','r') for row in f.readlines(): r = requests.get(url + urllib.quote(row)) if (row in r.content): print row
SVN extractor https://github.com/anantshri/svn-extractor simple script to extract all web resources by means of .SVN folder exposed over network. http://blog.anantshri.info/svn-extractor-for-web-pentesters
More Stuff ● http://learnpythonthehardway.org/book/ ● http://www.diveintopython.net/toc/index.html ● Go for SPSE or any on-line certification Course ● Read Violent Python ● Read Grey-hat Python ● Use Python on a daily basis for all operations. ● Use inbuilt support / features in – IRONWASP (In-line scripting) – BURP (Extension)
References for slides ● Large number of google searches and head scratching on various stackoverflow post's. ● Awesome documentations at docs.python.org ● Direct interaction with super helpful guys from null specially Akash Mahajan, Lava Kumar, Prasanna and Amol Naik for helping, criticizing forcing me to improve the skill set.
Thank You If you wish to contact me after this presentation please use anant@anantshri.info For communication
PyInstaller ● Sometimes you want to shift your code as a one click executable without python dependency. ● PyInstaller packages every dependency into a single executable package http://www.pyinstaller.org/
Python for Android ● Python 2.7 installable on android ● Can use android specific features with the help of SL4A (scripting language for android) ● Ssh or laptop are not the restrictions now. ● Sample scripts refer here : http://code.google.com/p/python-for-android/wiki/
Thank You

Recommended

Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security Professionals
Andrew McNicol
 
Get-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for EvilGet-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for Evil
jaredhaight
 
Pwning with powershell
Pwning with powershellPwning with powershell
Pwning with powershell
jaredhaight
 
Adventures in Asymmetric Warfare
Adventures in Asymmetric WarfareAdventures in Asymmetric Warfare
Adventures in Asymmetric Warfare
Will Schroeder
 
Ln monitoring repositories
Ln monitoring repositoriesLn monitoring repositories
Ln monitoring repositories
snyff
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?
Peter Hlavaty
 
Three Years of Lessons Running Potentially Malicious Code Inside Containers
Three Years of Lessons Running Potentially Malicious Code Inside ContainersThree Years of Lessons Running Potentially Malicious Code Inside Containers
Three Years of Lessons Running Potentially Malicious Code Inside Containers
Ben Hall
 
[UniteKorea2013] Protecting your Android content
[UniteKorea2013] Protecting your Android content[UniteKorea2013] Protecting your Android content
[UniteKorea2013] Protecting your Android content
William Hugo Yang
 

Recommended

Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security Professionals
Andrew McNicol
 
Get-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for EvilGet-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for Evil
jaredhaight
 
Pwning with powershell
Pwning with powershellPwning with powershell
Pwning with powershell
jaredhaight
 
Adventures in Asymmetric Warfare
Adventures in Asymmetric WarfareAdventures in Asymmetric Warfare
Adventures in Asymmetric Warfare
Will Schroeder
 
Ln monitoring repositories
Ln monitoring repositoriesLn monitoring repositories
Ln monitoring repositories
snyff
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?
Peter Hlavaty
 
Three Years of Lessons Running Potentially Malicious Code Inside Containers
Three Years of Lessons Running Potentially Malicious Code Inside ContainersThree Years of Lessons Running Potentially Malicious Code Inside Containers
Three Years of Lessons Running Potentially Malicious Code Inside Containers
Ben Hall
 
[UniteKorea2013] Protecting your Android content
[UniteKorea2013] Protecting your Android content[UniteKorea2013] Protecting your Android content
[UniteKorea2013] Protecting your Android content
William Hugo Yang
 
[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)
[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)
[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)
GangSeok Lee
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh
Bipin Upadhyay
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Priyanka Aash
 
Jwt == insecurity?
Jwt == insecurity?Jwt == insecurity?
Jwt == insecurity?
snyff
 
Introduction to ida python
Introduction to ida pythonIntroduction to ida python
Introduction to ida python
geeksec80
 
Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016
Andrew McNicol
 
VB2013 - Security Research and Development Framework
VB2013 - Security Research and Development FrameworkVB2013 - Security Research and Development Framework
VB2013 - Security Research and Development Framework
Amr Thabet
 
Obfuscating The Empire
Obfuscating The EmpireObfuscating The Empire
Obfuscating The Empire
Ryan Cobb
 
Hacking with hhvm
Hacking with hhvmHacking with hhvm
Hacking with hhvm
Elizabeth Smith
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
Will Schroeder
 
Workshop: PowerShell for Penetration Testers
Workshop: PowerShell for Penetration TestersWorkshop: PowerShell for Penetration Testers
Workshop: PowerShell for Penetration Testers
Nikhil Mittal
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Rob Fuller
 
Presentation of Python, Django, DockerStack
Presentation of Python, Django, DockerStackPresentation of Python, Django, DockerStack
Presentation of Python, Django, DockerStack
David Sanchez
 
A Year in the Empire
A Year in the EmpireA Year in the Empire
A Year in the Empire
Will Schroeder
 
Wielding a cortana
Wielding a cortanaWielding a cortana
Wielding a cortana
Will Schroeder
 
Ida python intro
Ida python introIda python intro
Ida python intro
小静 安
 
Php’s guts
Php’s gutsPhp’s guts
Php’s guts
Elizabeth Smith
 
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwonThe basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
Kenneth Kwon
 
Getting Started With PowerShell Scripting
Getting Started With PowerShell ScriptingGetting Started With PowerShell Scripting
Getting Started With PowerShell Scripting
Ravikanth Chaganti
 
System Programming and Administration
System Programming and AdministrationSystem Programming and Administration
System Programming and Administration
Krasimir Berov (Красимир Беров)
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
Anant Shrivastava
 
Android Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal PresentationAndroid Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal Presentation
Anant Shrivastava
 

More Related Content

What's hot

Introduction to ida python
Introduction to ida pythonIntroduction to ida python
Introduction to ida python
geeksec80
 

What's hot (20)

[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)
[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)
[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
 
Jwt == insecurity?
Jwt == insecurity?Jwt == insecurity?
Jwt == insecurity?
 
Introduction to ida python
Introduction to ida pythonIntroduction to ida python
Introduction to ida python
 
Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016
 
VB2013 - Security Research and Development Framework
VB2013 - Security Research and Development FrameworkVB2013 - Security Research and Development Framework
VB2013 - Security Research and Development Framework
 
Obfuscating The Empire
Obfuscating The EmpireObfuscating The Empire
Obfuscating The Empire
 
Hacking with hhvm
Hacking with hhvmHacking with hhvm
Hacking with hhvm
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
 
Workshop: PowerShell for Penetration Testers
Workshop: PowerShell for Penetration TestersWorkshop: PowerShell for Penetration Testers
Workshop: PowerShell for Penetration Testers
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Presentation of Python, Django, DockerStack
Presentation of Python, Django, DockerStackPresentation of Python, Django, DockerStack
Presentation of Python, Django, DockerStack
 
A Year in the Empire
A Year in the EmpireA Year in the Empire
A Year in the Empire
 
Wielding a cortana
Wielding a cortanaWielding a cortana
Wielding a cortana
 
Ida python intro
Ida python introIda python intro
Ida python intro
 
Php’s guts
Php’s gutsPhp’s guts
Php’s guts
 
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwonThe basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
 
Getting Started With PowerShell Scripting
Getting Started With PowerShell ScriptingGetting Started With PowerShell Scripting
Getting Started With PowerShell Scripting
 
System Programming and Administration
System Programming and AdministrationSystem Programming and Administration
System Programming and Administration
 

Viewers also liked

Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners Session
Anant Shrivastava
 

Viewers also liked (20)

My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
Android Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal PresentationAndroid Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal Presentation
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) Professionals
 
Exploiting publically exposed Version Control System
Exploiting publically exposed Version Control SystemExploiting publically exposed Version Control System
Exploiting publically exposed Version Control System
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 
Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basics
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdf
 
Network Security and Analysis with Python
Network Security and Analysis with PythonNetwork Security and Analysis with Python
Network Security and Analysis with Python
 
Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners Session
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
 
Web2.0 : an introduction
Web2.0 : an introductionWeb2.0 : an introduction
Web2.0 : an introduction
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
 
Avr introduction
Avr introductionAvr introduction
Avr introduction
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 

Similar to Snake bites : Python for Pentesters

From Dev to DevOps - Apache Barcamp Spain 2011
From Dev to DevOps - Apache Barcamp Spain 2011From Dev to DevOps - Apache Barcamp Spain 2011
From Dev to DevOps - Apache Barcamp Spain 2011
Carlos Sanchez
 
Oop in-php
Oop in-phpOop in-php
Oop in-php
Rajesh S
 
Exploring Node.jS
Exploring Node.jSExploring Node.jS
Exploring Node.jS
Deepu S Nath
 

Similar to Snake bites : Python for Pentesters (20)

Deploy your Python code on Azure Functions
Deploy your Python code on Azure FunctionsDeploy your Python code on Azure Functions
Deploy your Python code on Azure Functions
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA Testers
 
Bringing the Power and Familiarity of .NET, C# and F# to Big Data Processing ...
Bringing the Power and Familiarity of .NET, C# and F# to Big Data Processing ...Bringing the Power and Familiarity of .NET, C# and F# to Big Data Processing ...
Bringing the Power and Familiarity of .NET, C# and F# to Big Data Processing ...
 
From Dev to DevOps - Apache Barcamp Spain 2011
From Dev to DevOps - Apache Barcamp Spain 2011From Dev to DevOps - Apache Barcamp Spain 2011
From Dev to DevOps - Apache Barcamp Spain 2011
 
MobileConf 2021 Slides: Let's build macOS CLI Utilities using Swift
MobileConf 2021 Slides: Let's build macOS CLI Utilities using SwiftMobileConf 2021 Slides: Let's build macOS CLI Utilities using Swift
MobileConf 2021 Slides: Let's build macOS CLI Utilities using Swift
 
2014 11 20 Drupal 7 -> 8 test migratie
2014 11 20 Drupal 7 -> 8 test migratie2014 11 20 Drupal 7 -> 8 test migratie
2014 11 20 Drupal 7 -> 8 test migratie
 
Unit testing of spark applications
Unit testing of spark applicationsUnit testing of spark applications
Unit testing of spark applications
 
Continuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:InventContinuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:Invent
 
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
 
May The Nodejs Be With You
May The Nodejs Be With YouMay The Nodejs Be With You
May The Nodejs Be With You
 
Python: an introduction for PHP webdevelopers
Python: an introduction for PHP webdevelopersPython: an introduction for PHP webdevelopers
Python: an introduction for PHP webdevelopers
 
Pemrograman Python untuk Pemula
Pemrograman Python untuk PemulaPemrograman Python untuk Pemula
Pemrograman Python untuk Pemula
 
Oop in-php
Oop in-phpOop in-php
Oop in-php
 
Performance and Scalability Testing with Python and Multi-Mechanize
Performance and Scalability Testing with Python and Multi-MechanizePerformance and Scalability Testing with Python and Multi-Mechanize
Performance and Scalability Testing with Python and Multi-Mechanize
 
Web Development in Django
Web Development in DjangoWeb Development in Django
Web Development in Django
 
Django
DjangoDjango
Django
 
TypeScript - Silver Bullet for the Full-stack Developers
TypeScript - Silver Bullet for the Full-stack DevelopersTypeScript - Silver Bullet for the Full-stack Developers
TypeScript - Silver Bullet for the Full-stack Developers
 
Exploring Node.jS
Exploring Node.jSExploring Node.jS
Exploring Node.jS
 
Automatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesAutomatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themes
 
Introduce Django
Introduce DjangoIntroduce Django
Introduce Django
 

More from Anant Shrivastava

More from Anant Shrivastava (11)

Diverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec WorldDiverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec World
 
WhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom romWhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom rom
 
Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROM
 
Web application finger printing - whitepaper
Web application finger printing - whitepaperWeb application finger printing - whitepaper
Web application finger printing - whitepaper
 
Battle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 WalkthroughBattle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 Walkthrough
 
Nullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk through
 
Embedded Systems : introduction
Embedded Systems : introductionEmbedded Systems : introduction
Embedded Systems : introduction
 
introduction to Lamp Stack
introduction to Lamp Stackintroduction to Lamp Stack
introduction to Lamp Stack
 
Logic Families Electronics
Logic Families ElectronicsLogic Families Electronics
Logic Families Electronics
 
Filesystem
FilesystemFilesystem
Filesystem
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 

Recently uploaded (20)

JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Snake bites : Python for Pentesters

  • 1. Python for Web Pen-testers (Snake bites)
  • 2. whoami Name : Anant Shrivastava work at 7Safe as a Information Security Consultant. Primary focus area's include Web and mobile. Certifications : RHCE, CEH, SANS-GWAPT Speaker : Nullcon, ClubHack, c0c0n Creator of Android Tamer (a Virtual Machine for Android Security) Active member of null and Garage4Hackers open communities Website : http://anantshri.info Contact : anant@anantshri.info Twitter : @anantshri
  • 3. Objectives ● Presentation is only focused on python. (No comparisons with other languages please) ● Idea is to introduce a regular web penetration tester with various functionalities available in Python and give them a head start ● There is no new tools release
  • 4. Why Python ● Easy and Flexible Language ● Massive module base allowing lots of use case scenario's to be written in small timeframe and codebase efforts. ● Inbuilt Language support in number of tools – Burp – IRONWASP ● API support provided by OWASP-ZAP ● Custom application logics or requirements ● Or as simple as JUST FOR THE FACT THAT YOU CAN DO IT
  • 5. Example of Existing Python Tools w3af SpikeProxy sqlmap ProxyStrike wapiti sulley Peach Canvas Pyscan DeBlaze Scapy MonkeyFist Pcapy MyNav Idapython
  • 6. Python Variations ● Cython ● Jython ● IronPython Remember to consider these two as different ● Python 2.X ● Python 3.X
  • 8. Python Modules ● Python has a set of inbuild packages listed as http://docs.python.org/2/library/index.html (2.7.3) ● Besides these packages community has provided a large set of modules and this is what
  • 11. Requests ● Module alternative for urllib2 (HTTP handler) ● Internally handles the http or https transition. ● Simpler interface exposed ● Sample PoC import requests r = requests.get (get being one of the http method) r.text/r.content = content r.status_code r.headers Read more here : http://docs.python-requests.org/en/latest/user/quickstart/
  • 12. BeautifulSoup ● Text / HTML parser Sample (I am using standard parser works fine so far but people recommend using a different parser) – import request – from BeautifulSoup import BeautifulSoup – r=requests.get('http://www.anantshri.info') – soup=BeautifulSoup(r.text) – //searches for each div with class attachment – each_div=soup.find('div',{'class':'attachment'}) ● Demo : Wordpress attachment enumeration
  • 13. Argparse Create a quick and simple program with various options and switches Import argparse desc="""Description goes here""" parser = argparse.ArgumentParser(description=desc) parser.add_argument("--url",help="URL",dest='target',required= True) parser.add_argument("--debug",help="debug",action="store_tru e") x=parser.parse_args() x.target == url x.debug == debug
  • 14. Demo ● Scenario's – Regular expression pattern matching – XSS Fuzzing / parameter fuzzing – SVN files extraction (.svn publically exposed)
  • 15. Regular Expression Pattern Match #!/usr/bin/python import requests import re regex_array = { 'wordpress' : '<link rel="stylesheet" [^>]+wp-content', 'Drupal' : '<(?:link|style)[^>]+sites/(?:default|all)/(?:themes|modules)/'} r=requests.get('http://www.anantshri.com') for k, v in regex_array.iteritems(): m=re.search(v,r.content) if (m): print k, " : Detected " , " as the content has : ", m.group(0)
  • 16. Simple XSS Fuzzer #!/usr/bin/python import requests import sys import argparse import os import urllib url="http://fuzz/noxss.php?a=" f=open('xss.txt','r') for row in f.readlines(): r = requests.get(url + urllib.quote(row)) if (row in r.content): print row
  • 17. SVN extractor https://github.com/anantshri/svn-extractor simple script to extract all web resources by means of .SVN folder exposed over network. http://blog.anantshri.info/svn-extractor-for-web-pentesters
  • 18. More Stuff ● http://learnpythonthehardway.org/book/ ● http://www.diveintopython.net/toc/index.html ● Go for SPSE or any on-line certification Course ● Read Violent Python ● Read Grey-hat Python ● Use Python on a daily basis for all operations. ● Use inbuilt support / features in – IRONWASP (In-line scripting) – BURP (Extension)
  • 19. References for slides ● Large number of google searches and head scratching on various stackoverflow post's. ● Awesome documentations at docs.python.org ● Direct interaction with super helpful guys from null specially Akash Mahajan, Lava Kumar, Prasanna and Amol Naik for helping, criticizing forcing me to improve the skill set.
  • 20. Thank You If you wish to contact me after this presentation please use anant@anantshri.info For communication
  • 21. PyInstaller ● Sometimes you want to shift your code as a one click executable without python dependency. ● PyInstaller packages every dependency into a single executable package http://www.pyinstaller.org/
  • 22. Python for Android ● Python 2.7 installable on android ● Can use android specific features with the help of SL4A (scripting language for android) ● Ssh or laptop are not the restrictions now. ● Sample scripts refer here : http://code.google.com/p/python-for-android/wiki/