Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ethical hacking with Python tools at Europython 2016

Ethical hacking with Python tools at Europython 2016

Ethical hacking with Python tools at Europython 2016

jmortegac

July 22, 2016
Tweet

More Decks by jmortegac

Other Decks in Programming

Transcript

  1. JOSE MANUEL ORTEGA
    @JMORTEGAC
    Ethical hacking with
    Python tools

    View Slide

  2. https://speakerdeck.com/jmortega

    View Slide

  3. INDEX
     Introduction Python pentesting
     Modules(Sockets,Requests,BeautifulSoup,Shodan)
     Analysis metadata
     Port scanning & Checking vulnerabilities
     Advanced tools
     Pentesting-tool

    View Slide

  4. Python Pentesting
     Multi platform
     Prototypes and proofs of concept(POC)
     Many tools and libraries focused on security
     OSINT and Pentesting tools
     Very good documentation

    View Slide

  5. Python Pentesting

    View Slide

  6. http://sparta.secforce.com/

    View Slide

  7. The Harvester

    View Slide

  8. The Harvester

    View Slide

  9. W3AF

    View Slide

  10. Tools
     Scapy
     Capturing and analysing network packets
     FiMap
     Detecting RFI/LFI vulnerabilites
     XSScrapy
     Detecting XSS vulnerabilites

    View Slide

  11. Sockets Port scan
    import socket
    #TCP
    sock = socket(socket.AF_INET,socket.SOCK_STREAM)
    result = sock.connect_ex(('127.0.0.1',80))
    if result == 0:
    print "Port is open"
    else:
    print "Port is filtered"

    View Slide

  12. Sockets Port scan

    View Slide

  13. Socket resolving IP/domain

    View Slide

  14. Banner server

    View Slide

  15. Banner server

    View Slide

  16. Requests

    View Slide

  17. Checking headers

    View Slide

  18. Checking headers

    View Slide

  19. Requests
    import requests
    http_proxy = "http://10.10.10.10:3000"
    https_proxy = "https://10.10.10.10:3000"
    proxyDict = {
    "http" : http_proxy,
    "https" : https_proxy
    }
    r = requests.get(url,proxies=proxyDict)

    View Slide

  20. Requests Authentication

    View Slide

  21. BeautifulSoup

    View Slide

  22. Internal/external links

    View Slide

  23. Internal/external links

    View Slide

  24. Extract images and documents

    View Slide

  25. Scrapy

    View Slide

  26. Web Scraping

    View Slide

  27. Shodan

    View Slide

  28. https://developer.shodan.io

    View Slide

  29. Shodan
    import shodan
    SHODAN_API_KEY = "insert your API key here"
    api = shodan.Shodan(SHODAN_API_KEY)

    View Slide

  30. Shodan

    View Slide

  31. https://www.shodan.io/host/136.243.32.71

    View Slide

  32. Shodan

    View Slide

  33. Shodan

    View Slide

  34. BuiltWith
     pip install builtwith
     builtwith.parse(‘https://ep2016.europython.eu’)

    View Slide

  35. Analysis metadata

    View Slide

  36. Analysis metadata

    View Slide

  37. Analysis metadata

    View Slide

  38. Port Scanning

    View Slide

  39. Python-nmap
     Automating port scanning
     Synchronous and asynchronous modes
    import nmap
    # Synchronous
    nm = nmap.PortScanner()
    # nm.scan(‘ip/range’,’port_list’)
    results = nm.scan('127.0.0.1', '22,25,80,443')

    View Slide

  40. NmapScanner

    View Slide

  41. NmapScanner
    for port in port_list:
    NmapScanner().nmapScan(ip, port)

    View Slide

  42. NmapScanner Async
    #Asynchronous
    nm_async = nmap.PortScannerAsync()
    def callback_result(host, scan_result):
    print '------------------'
    print host, scan_result
    nm_async.scan(hosts='192.168.1.0/30', arguments='-sP',
    callback=callback_result)
    while nm_async .still_scanning():
    print("Waiting >>>")
    nm_async.wait(2)

    View Slide

  43. NmapScanner Async

    View Slide

  44. Scripts Nmap

    View Slide

  45. Scripts Nmap
     Programming routines allow to find potential
    vulnerabilities in a given target
     First check if the port is open
     Detect vulnerabilities in the service port openned
    nm.scan(arguments="-n -A -p3306 --
    script=/usr/share/nmap/scripts/mysql-
    info.nse")

    View Slide

  46. Mysql Scripts Nmap

    View Slide

  47. Check FTP Login Anonymous

    View Slide

  48. Check FTP Login Anonymous

    View Slide

  49. Check Webs sites
     pip install pywebfuzz
     https://github.com/disassembler/pywebfuzz

    View Slide

  50. PyWebFuzz
    from pywebfuzz import fuzzdb
    import requests
    logins = fuzzdb.Discovery.PredictableRes.Logins
    domain = "http://192.168.56.101"
    for login in logins:
    print “Checking... "+ domain + login
    response = requests.get(domain + login)
    if response.status_code == 200:
    print "Login Resource: " +login

    View Slide

  51. PyWebFuzz

    View Slide

  52. Heartbleed
     Vulnerability in OpenSSL V1.0.1
     Multi-threaded tool for scanning hosts for CVE-
    2014-0160.
     https://github.com/musalbas/heartbleed-masstest
     https://filippo.io/Heartbleed

    View Slide

  53. Heartbleed

    View Slide

  54. Heartbleed

    View Slide

  55. Advanced tools

    View Slide

  56. Metasploit
    python-msfrpc

    View Slide

  57. Metasploit API call
    Calls in msgpack format

    View Slide

  58. Nexpose
     Tool developed by Rapid7 for scanning
    and vulnerability discovery.
     It allows programmatic access to other
    programs via HTTP/s requests.
     BeautifulSoup to obtain data from
    vulnerabilities server

    View Slide

  59. Nexpose

    View Slide

  60. Pentesting tool

    View Slide

  61. https://github.com/jmortega/python-pentesting

    View Slide

  62. https://github.com/jmortega/europython_ethical_hacking

    View Slide

  63. References & libs
     http://docs.shodanhq.com
     http://docs.python-requests.org/en/master/
     http://scrapy.org
     http://xael.org/pages/python-nmap-en.html
     http://www.pythonsecurity.org/libs
     https://github.com/dloss/python-pentest-tools
     http://kali-linux.co/2016/07/12/python-tools-for-
    penetration-testers%E2%80%8B/
     https://github.com/PacktPublishing/Effective-Python-
    Penetration-Testing

    View Slide

  64. Books

    View Slide

  65. Books

    View Slide

  66. THANK YOU!

    View Slide