Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ethical hacking with Python tools at Europython...

jmortegac
July 22, 2016
Programming
1
480

Ethical hacking with Python tools at Europython 2016

Ethical hacking with Python tools at Europython 2016

jmortegac

July 22, 2016
Tweet

More Decks by jmortegac

See All by jmortegac
Seguridad de APIs en Drupal: herramientas, mejores prácticas y estrategias para asegurar las APIs
jmortega
1
13
Security and auditing tools in Large Language Models (LLM)
jmortega
1
20
Herramientas de benchmarks para evaluar el rendimiento en máquinas y aplicaciones
jmortega
0
28
Asegurando tus APIs: Explorando el OWASP Top 10 de Seguridad en APIs
jmortega
1
51
PyGoat: Analizando la seguridad en aplicaciones Django
jmortega
1
160
Evolution of security strategies in K8s environments- All day devops
jmortega
1
50
Ciberseguridad en Blockchain y Smart Contracts: Explorando los desafíos y soluciones
jmortega
1
82
Evolution of security strategies in K8s environments
jmortega
1
37
Implementing Observability for Kubernetes
jmortega
1
28

Other Decks in Programming

See All in Programming
LLM生成文章の精度評価自動化とプロンプトチューニングの効率化について
layerx
PRO
2
190
Better Code Design in PHP
afilina
PRO
0
120
Arm移行タイムアタック
qnighy
0
290
ヤプリ新卒SREの オンボーディング
masaki12
0
130
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
170
subpath importsで始めるモック生活
10tera
0
290
みんなでプロポーザルを書いてみた
yuriko1211
0
260
「今のプロジェクトいろいろ大変なんですよ、app/services とかもあって……」/After Kaigi on Rails 2024 LT Night
junk0612
5
2.1k
Click-free releases & the making of a CLI app
oheyadam
2
110
AWS IaCの注目アップデート 2024年10月版
konokenj
3
3.3k
レガシーシステムにどう立ち向かうか 複雑さと理想と現実/vs-legacy
suzukihoge
14
2.2k
Webの技術スタックで マルチプラットフォームアプリ開発を可能にするElixirDesktopの紹介
thehaigo
2
1k

Featured

See All Featured
We Have a Design System, Now What?
morganepeng
50
7.2k
Designing the Hi-DPI Web
ddemaree
280
34k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
RailsConf 2023
tenderlove
29
900
Optimizing for Happiness
mojombo
376
70k
The Cost Of JavaScript in 2023
addyosmani
45
6.7k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
The Pragmatic Product Professional
lauravandoore
31
6.3k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
Unsuck your backbone
ammeep
668
57k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
GitHub's CSS Performance
jonrohan
1030
460k

Transcript

  1. JOSE MANUEL ORTEGA @JMORTEGAC Ethical hacking with Python tools

  2. https://speakerdeck.com/jmortega

  3. INDEX  Introduction Python pentesting  Modules(Sockets,Requests,BeautifulSoup,Shodan)  Analysis metadata

     Port scanning & Checking vulnerabilities  Advanced tools  Pentesting-tool

  4. Python Pentesting  Multi platform  Prototypes and proofs of

    concept(POC)  Many tools and libraries focused on security  OSINT and Pentesting tools  Very good documentation

  5. Python Pentesting

  6. http://sparta.secforce.com/

  7. The Harvester

  8. The Harvester

  9. W3AF

  10. Tools  Scapy  Capturing and analysing network packets 

    FiMap  Detecting RFI/LFI vulnerabilites  XSScrapy  Detecting XSS vulnerabilites

  11. Sockets Port scan import socket #TCP sock = socket(socket.AF_INET,socket.SOCK_STREAM) result

    = sock.connect_ex(('127.0.0.1',80)) if result == 0: print "Port is open" else: print "Port is filtered"

  12. Sockets Port scan

  13. Socket resolving IP/domain

  14. Banner server

  15. Banner server

  16. Requests

  17. Checking headers

  18. Checking headers

  19. Requests import requests http_proxy = "http://10.10.10.10:3000" https_proxy = "https://10.10.10.10:3000" proxyDict

    = { "http" : http_proxy, "https" : https_proxy } r = requests.get(url,proxies=proxyDict)

  20. Requests Authentication

  21. BeautifulSoup

  22. Internal/external links

  23. Internal/external links

  24. Extract images and documents

  25. Scrapy

  26. Web Scraping

  27. Shodan

  28. https://developer.shodan.io

  29. Shodan import shodan SHODAN_API_KEY = "insert your API key here"

    api = shodan.Shodan(SHODAN_API_KEY)

  30. Shodan

  31. https://www.shodan.io/host/136.243.32.71

  32. Shodan

  33. Shodan

  34. BuiltWith  pip install builtwith  builtwith.parse(‘https://ep2016.europython.eu’)

  35. Analysis metadata

  36. Analysis metadata

  37. Analysis metadata

  38. Port Scanning

  39. Python-nmap  Automating port scanning  Synchronous and asynchronous modes

    import nmap # Synchronous nm = nmap.PortScanner() # nm.scan(‘ip/range’,’port_list’) results = nm.scan('127.0.0.1', '22,25,80,443')

  40. NmapScanner

  41. NmapScanner for port in port_list: NmapScanner().nmapScan(ip, port)

  42. NmapScanner Async #Asynchronous nm_async = nmap.PortScannerAsync() def callback_result(host, scan_result): print

    '------------------' print host, scan_result nm_async.scan(hosts='192.168.1.0/30', arguments='-sP', callback=callback_result) while nm_async .still_scanning(): print("Waiting >>>") nm_async.wait(2)

  43. NmapScanner Async

  44. Scripts Nmap

  45. Scripts Nmap  Programming routines allow to find potential vulnerabilities

    in a given target  First check if the port is open  Detect vulnerabilities in the service port openned nm.scan(arguments="-n -A -p3306 -- script=/usr/share/nmap/scripts/mysql- info.nse")

  46. Mysql Scripts Nmap

  47. Check FTP Login Anonymous

  48. Check FTP Login Anonymous

  49. Check Webs sites  pip install pywebfuzz  https://github.com/disassembler/pywebfuzz

  50. PyWebFuzz from pywebfuzz import fuzzdb import requests logins = fuzzdb.Discovery.PredictableRes.Logins

    domain = "http://192.168.56.101" for login in logins: print “Checking... "+ domain + login response = requests.get(domain + login) if response.status_code == 200: print "Login Resource: " +login

  51. PyWebFuzz

  52. Heartbleed  Vulnerability in OpenSSL V1.0.1  Multi-threaded tool for

    scanning hosts for CVE- 2014-0160.  https://github.com/musalbas/heartbleed-masstest  https://filippo.io/Heartbleed

  53. Heartbleed

  54. Heartbleed

  55. Advanced tools

  56. Metasploit python-msfrpc

  57. Metasploit API call Calls in msgpack format

  58. Nexpose  Tool developed by Rapid7 for scanning and vulnerability

    discovery.  It allows programmatic access to other programs via HTTP/s requests.  BeautifulSoup to obtain data from vulnerabilities server

  59. Nexpose

  60. Pentesting tool

  61. https://github.com/jmortega/python-pentesting

  62. https://github.com/jmortega/europython_ethical_hacking

  63. References & libs  http://docs.shodanhq.com  http://docs.python-requests.org/en/master/  http://scrapy.org 

    http://xael.org/pages/python-nmap-en.html  http://www.pythonsecurity.org/libs  https://github.com/dloss/python-pentest-tools  http://kali-linux.co/2016/07/12/python-tools-for- penetration-testers%E2%80%8B/  https://github.com/PacktPublishing/Effective-Python- Penetration-Testing

  64. Books

  65. Books

  66. THANK YOU!