Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ethical hacking with Python tools at Europython 2016

jmortegac
July 22, 2016
Programming
1
350

Ethical hacking with Python tools at Europython 2016

Ethical hacking with Python tools at Europython 2016

jmortegac

July 22, 2016
Tweet

More Decks by jmortegac

See All by jmortegac
Evolution of security strategies in K8s environments
jmortega
0
5
Implementing Observability for Kubernetes
jmortega
0
9
Computación distribuida usando Python
jmortega
0
39
Seguridad_en_arquitecturas_serverless_y_entornos_cloud.pdf
jmortega
0
61
Construyendo arquitecturas zero trust sobre entornos cloud
jmortega
0
33
Tips and tricks for data science projects with Python
jmortega
0
36
Sharing secret keys in Docker containers and K8s
jmortega
0
84
Implementing cert-manager in K8s
jmortega
0
120
Python para equipos de ciberseguridad(pycones)
jmortega
0
88

Other Decks in Programming

See All in Programming
Maintaining E2E Test Automation as We Transition from View to Compose
tkhs0604
0
540
Kotlinハイパフォーマンスプログラミング
ohmae
4
3k
ZennにみるCloudRunとBigQueryによるアプリケーション構築 / zenn-cloudrun-bigquery-serverless
wadayusuke
11
2.9k
GO TechTalk #22 Reactで描くタクシーアプリ『GO』の世界
mot_techtalk
0
180
アジャイルのライトウィングとレフトウィングはひとりで両方できなくてもいいんじゃない? - “ひとりでできるもん”から“みんなでできるもん”への道のり
psj59129
0
220
近代フロントエンドの歴史とKuma UIの登場意義
poteboy
3
3.8k
新卒研修でNext.js AppRouterを導入した 学びと反省
iuchimasatoshi
1
210
neovimで作る最新Ruby開発環境2023
joker1007
2
1.1k
Jetpack Compose の Side-effect を使いこなす / DroidKaigi 2023
star_zero
1
720
EbitengineでGUIツール作ってみた
aethiopicuschan
0
170
Jakarta EE 10 - Simplicity for Modern and Lightweight Cloud
ivargrimstad
0
160
KustoクエリのChatGPT Plugin!
tomokusaba
0
290

Featured

See All Featured
The Cult of Friendly URLs
andyhume
71
5.3k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.7k
Teambox: Starting and Learning
jrom
125
8.1k
Designing with Data
zakiwarfel
93
4.5k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
271
12k
Thoughts on Productivity
jonyablonski
55
3k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Building a Scalable Design System with Sketch
lauravandoore
453
31k
The Invisible Customer
myddelton
113
12k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.9k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
24
1.9k
How To Stay Up To Date on Web Technology
chriscoyier
780
250k

Transcript

  1. JOSE MANUEL ORTEGA
    @JMORTEGAC
    Ethical hacking with
    Python tools

    View Slide

  2. https://speakerdeck.com/jmortega

    View Slide

  3. INDEX
     Introduction Python pentesting
     Modules(Sockets,Requests,BeautifulSoup,Shodan)
     Analysis metadata
     Port scanning & Checking vulnerabilities
     Advanced tools
     Pentesting-tool

    View Slide

  4. Python Pentesting
     Multi platform
     Prototypes and proofs of concept(POC)
     Many tools and libraries focused on security
     OSINT and Pentesting tools
     Very good documentation

    View Slide

  5. Python Pentesting

    View Slide

  6. http://sparta.secforce.com/

    View Slide

  7. The Harvester

    View Slide

  8. The Harvester

    View Slide

  9. W3AF

    View Slide

  10. Tools
     Scapy
     Capturing and analysing network packets
     FiMap
     Detecting RFI/LFI vulnerabilites
     XSScrapy
     Detecting XSS vulnerabilites

    View Slide

  11. Sockets Port scan
    import socket
    #TCP
    sock = socket(socket.AF_INET,socket.SOCK_STREAM)
    result = sock.connect_ex(('127.0.0.1',80))
    if result == 0:
    print "Port is open"
    else:
    print "Port is filtered"

    View Slide

  12. Sockets Port scan

    View Slide

  13. Socket resolving IP/domain

    View Slide

  14. Banner server

    View Slide

  15. Banner server

    View Slide

  16. Requests

    View Slide

  17. Checking headers

    View Slide

  18. Checking headers

    View Slide

  19. Requests
    import requests
    http_proxy = "http://10.10.10.10:3000"
    https_proxy = "https://10.10.10.10:3000"
    proxyDict = {
    "http" : http_proxy,
    "https" : https_proxy
    }
    r = requests.get(url,proxies=proxyDict)

    View Slide

  20. Requests Authentication

    View Slide

  21. BeautifulSoup

    View Slide

  22. Internal/external links

    View Slide

  23. Internal/external links

    View Slide

  24. Extract images and documents

    View Slide

  25. Scrapy

    View Slide

  26. Web Scraping

    View Slide

  27. Shodan

    View Slide

  28. https://developer.shodan.io

    View Slide

  29. Shodan
    import shodan
    SHODAN_API_KEY = "insert your API key here"
    api = shodan.Shodan(SHODAN_API_KEY)

    View Slide

  30. Shodan

    View Slide

  31. https://www.shodan.io/host/136.243.32.71

    View Slide

  32. Shodan

    View Slide

  33. Shodan

    View Slide

  34. BuiltWith
     pip install builtwith
     builtwith.parse(‘https://ep2016.europython.eu’)

    View Slide

  35. Analysis metadata

    View Slide

  36. Analysis metadata

    View Slide

  37. Analysis metadata

    View Slide

  38. Port Scanning

    View Slide

  39. Python-nmap
     Automating port scanning
     Synchronous and asynchronous modes
    import nmap
    # Synchronous
    nm = nmap.PortScanner()
    # nm.scan(‘ip/range’,’port_list’)
    results = nm.scan('127.0.0.1', '22,25,80,443')

    View Slide

  40. NmapScanner

    View Slide

  41. NmapScanner
    for port in port_list:
    NmapScanner().nmapScan(ip, port)

    View Slide

  42. NmapScanner Async
    #Asynchronous
    nm_async = nmap.PortScannerAsync()
    def callback_result(host, scan_result):
    print '------------------'
    print host, scan_result
    nm_async.scan(hosts='192.168.1.0/30', arguments='-sP',
    callback=callback_result)
    while nm_async .still_scanning():
    print("Waiting >>>")
    nm_async.wait(2)

    View Slide

  43. NmapScanner Async

    View Slide

  44. Scripts Nmap

    View Slide

  45. Scripts Nmap
     Programming routines allow to find potential
    vulnerabilities in a given target
     First check if the port is open
     Detect vulnerabilities in the service port openned
    nm.scan(arguments="-n -A -p3306 --
    script=/usr/share/nmap/scripts/mysql-
    info.nse")

    View Slide

  46. Mysql Scripts Nmap

    View Slide

  47. Check FTP Login Anonymous

    View Slide

  48. Check FTP Login Anonymous

    View Slide

  49. Check Webs sites
     pip install pywebfuzz
     https://github.com/disassembler/pywebfuzz

    View Slide

  50. PyWebFuzz
    from pywebfuzz import fuzzdb
    import requests
    logins = fuzzdb.Discovery.PredictableRes.Logins
    domain = "http://192.168.56.101"
    for login in logins:
    print “Checking... "+ domain + login
    response = requests.get(domain + login)
    if response.status_code == 200:
    print "Login Resource: " +login

    View Slide

  51. PyWebFuzz

    View Slide

  52. Heartbleed
     Vulnerability in OpenSSL V1.0.1
     Multi-threaded tool for scanning hosts for CVE-
    2014-0160.
     https://github.com/musalbas/heartbleed-masstest
     https://filippo.io/Heartbleed

    View Slide

  53. Heartbleed

    View Slide

  54. Heartbleed

    View Slide

  55. Advanced tools

    View Slide

  56. Metasploit
    python-msfrpc

    View Slide

  57. Metasploit API call
    Calls in msgpack format

    View Slide

  58. Nexpose
     Tool developed by Rapid7 for scanning
    and vulnerability discovery.
     It allows programmatic access to other
    programs via HTTP/s requests.
     BeautifulSoup to obtain data from
    vulnerabilities server

    View Slide

  59. Nexpose

    View Slide

  60. Pentesting tool

    View Slide

  61. https://github.com/jmortega/python-pentesting

    View Slide

  62. https://github.com/jmortega/europython_ethical_hacking

    View Slide

  63. References & libs
     http://docs.shodanhq.com
     http://docs.python-requests.org/en/master/
     http://scrapy.org
     http://xael.org/pages/python-nmap-en.html
     http://www.pythonsecurity.org/libs
     https://github.com/dloss/python-pentest-tools
     http://kali-linux.co/2016/07/12/python-tools-for-
    penetration-testers%E2%80%8B/
     https://github.com/PacktPublishing/Effective-Python-
    Penetration-Testing

    View Slide

  64. Books

    View Slide

  65. Books

    View Slide

  66. THANK YOU!

    View Slide