Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ethical hacking with Python tools at Europython 2016
Search
jmortegac
July 22, 2016
Programming
1
390
Ethical hacking with Python tools at Europython 2016
Ethical hacking with Python tools at Europython 2016
jmortegac
July 22, 2016
Tweet
Share
More Decks by jmortegac
See All by jmortegac
Asegurando tus APIs: Explorando el OWASP Top 10 de Seguridad en APIs
jmortega
1
18
PyGoat: Analizando la seguridad en aplicaciones Django
jmortega
1
47
Evolution of security strategies in K8s environments- All day devops
jmortega
1
26
Ciberseguridad en Blockchain y Smart Contracts: Explorando los desafíos y soluciones
jmortega
1
52
Evolution of security strategies in K8s environments
jmortega
1
20
Implementing Observability for Kubernetes
jmortega
1
18
Computación distribuida usando Python
jmortega
1
91
Seguridad_en_arquitecturas_serverless_y_entornos_cloud.pdf
jmortega
1
110
Construyendo arquitecturas zero trust sobre entornos cloud
jmortega
1
65
Other Decks in Programming
See All in Programming
DMMプラットフォームがTiDB Cloudを採用した背景
pospome
8
4.1k
1BRC--Nerd Sniping the Java Community
gunnarmorling
0
340
AWS CDKコントリビュートTIPS / aws-cdk-contribution-tips
gotok365
2
200
VSCodeでのDatabricks開発もお勧めしたい/I would also recommend Databricks development with VSCode.
kazumain
0
260
デフォルトにして至高、RubyMineの大好きな所
ruzia
0
400
0→1と1→10の狭間で Javaという技術選定を振り返る/Reflecting on the Decision to Choose Java Between Scaling from 0 to 1 and 1 to 10
jaguar_imo
2
380
Blue/Greenデプロイの導入による 運用フローの改善
kudoas
1
380
Build Apps for iOS, Android & Desktop in 100% Kotlin With Compose Multiplatform (mDevCamp 2024)
zsmb
0
340
Node.js v22 で変わること
yosuke_furukawa
PRO
9
3.5k
Site Reliability Engineering for GMO
pyama86
8
1k
GitHub Actionsで泣かないためにやっておきたい設定 / Recommended GHA settings to avoid crying
pinkumohikan
3
540
Git Rebase
bkuhlmann
11
1.6k
Featured
See All Featured
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
Building Better People: How to give real-time feedback that sticks.
wjessup
355
18k
VelocityConf: Rendering Performance Case Studies
addyosmani
320
23k
Designing for Performance
lara
601
67k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
121
39k
Build The Right Thing And Hit Your Dates
maggiecrowley
24
2k
Embracing the Ebb and Flow
colly
80
4.1k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
Why Our Code Smells
bkeepers
PRO
331
56k
Transcript
JOSE MANUEL ORTEGA @JMORTEGAC Ethical hacking with Python tools
https://speakerdeck.com/jmortega
INDEX Introduction Python pentesting Modules(Sockets,Requests,BeautifulSoup,Shodan) Analysis metadata
Port scanning & Checking vulnerabilities Advanced tools Pentesting-tool
Python Pentesting Multi platform Prototypes and proofs of
concept(POC) Many tools and libraries focused on security OSINT and Pentesting tools Very good documentation
Python Pentesting
http://sparta.secforce.com/
The Harvester
The Harvester
W3AF
Tools Scapy Capturing and analysing network packets
FiMap Detecting RFI/LFI vulnerabilites XSScrapy Detecting XSS vulnerabilites
Sockets Port scan import socket #TCP sock = socket(socket.AF_INET,socket.SOCK_STREAM) result
= sock.connect_ex(('127.0.0.1',80)) if result == 0: print "Port is open" else: print "Port is filtered"
Sockets Port scan
Socket resolving IP/domain
Banner server
Banner server
Requests
Checking headers
Checking headers
Requests import requests http_proxy = "http://10.10.10.10:3000" https_proxy = "https://10.10.10.10:3000" proxyDict
= { "http" : http_proxy, "https" : https_proxy } r = requests.get(url,proxies=proxyDict)
Requests Authentication
BeautifulSoup
Internal/external links
Internal/external links
Extract images and documents
Scrapy
Web Scraping
Shodan
https://developer.shodan.io
Shodan import shodan SHODAN_API_KEY = "insert your API key here"
api = shodan.Shodan(SHODAN_API_KEY)
Shodan
https://www.shodan.io/host/136.243.32.71
Shodan
Shodan
BuiltWith pip install builtwith builtwith.parse(‘https://ep2016.europython.eu’)
Analysis metadata
Analysis metadata
Analysis metadata
Port Scanning
Python-nmap Automating port scanning Synchronous and asynchronous modes
import nmap # Synchronous nm = nmap.PortScanner() # nm.scan(‘ip/range’,’port_list’) results = nm.scan('127.0.0.1', '22,25,80,443')
NmapScanner
NmapScanner for port in port_list: NmapScanner().nmapScan(ip, port)
NmapScanner Async #Asynchronous nm_async = nmap.PortScannerAsync() def callback_result(host, scan_result): print
'------------------' print host, scan_result nm_async.scan(hosts='192.168.1.0/30', arguments='-sP', callback=callback_result) while nm_async .still_scanning(): print("Waiting >>>") nm_async.wait(2)
NmapScanner Async
Scripts Nmap
Scripts Nmap Programming routines allow to find potential vulnerabilities
in a given target First check if the port is open Detect vulnerabilities in the service port openned nm.scan(arguments="-n -A -p3306 -- script=/usr/share/nmap/scripts/mysql- info.nse")
Mysql Scripts Nmap
Check FTP Login Anonymous
Check FTP Login Anonymous
Check Webs sites pip install pywebfuzz https://github.com/disassembler/pywebfuzz
PyWebFuzz from pywebfuzz import fuzzdb import requests logins = fuzzdb.Discovery.PredictableRes.Logins
domain = "http://192.168.56.101" for login in logins: print “Checking... "+ domain + login response = requests.get(domain + login) if response.status_code == 200: print "Login Resource: " +login
PyWebFuzz
Heartbleed Vulnerability in OpenSSL V1.0.1 Multi-threaded tool for
scanning hosts for CVE- 2014-0160. https://github.com/musalbas/heartbleed-masstest https://filippo.io/Heartbleed
Heartbleed
Heartbleed
Advanced tools
Metasploit python-msfrpc
Metasploit API call Calls in msgpack format
Nexpose Tool developed by Rapid7 for scanning and vulnerability
discovery. It allows programmatic access to other programs via HTTP/s requests. BeautifulSoup to obtain data from vulnerabilities server
Nexpose
Pentesting tool
https://github.com/jmortega/python-pentesting
https://github.com/jmortega/europython_ethical_hacking
References & libs http://docs.shodanhq.com http://docs.python-requests.org/en/master/ http://scrapy.org
http://xael.org/pages/python-nmap-en.html http://www.pythonsecurity.org/libs https://github.com/dloss/python-pentest-tools http://kali-linux.co/2016/07/12/python-tools-for- penetration-testers%E2%80%8B/ https://github.com/PacktPublishing/Effective-Python- Penetration-Testing
Books
Books
THANK YOU!