Tweet
Tweet

Slide 1

Slide 1 text

JOSE MANUEL ORTEGA @JMORTEGAC Ethical hacking with Python tools

Slide 2

Slide 2 text

https://speakerdeck.com/jmortega

Slide 3

Slide 3 text

INDEX  Introduction Python pentesting  Modules(Sockets,Requests,BeautifulSoup,Shodan)  Analysis metadata  Port scanning & Checking vulnerabilities  Advanced tools  Pentesting-tool

Slide 4

Slide 4 text

Python Pentesting  Multi platform  Prototypes and proofs of concept(POC)  Many tools and libraries focused on security  OSINT and Pentesting tools  Very good documentation

Slide 5

Slide 5 text

Python Pentesting

Slide 6

Slide 6 text

http://sparta.secforce.com/

Slide 7

Slide 7 text

The Harvester

Slide 8

Slide 8 text

The Harvester

Slide 9

Slide 9 text

W3AF

Slide 10

Slide 10 text

Tools  Scapy  Capturing and analysing network packets  FiMap  Detecting RFI/LFI vulnerabilites  XSScrapy  Detecting XSS vulnerabilites

Slide 11

Slide 11 text

Sockets Port scan import socket #TCP sock = socket(socket.AF_INET,socket.SOCK_STREAM) result = sock.connect_ex(('127.0.0.1',80)) if result == 0: print "Port is open" else: print "Port is filtered"

Slide 12

Slide 12 text

Sockets Port scan

Slide 13

Slide 13 text

Socket resolving IP/domain

Slide 14

Slide 14 text

Banner server

Slide 15

Slide 15 text

Banner server

Slide 16

Slide 16 text

Requests

Slide 17

Slide 17 text

Checking headers

Slide 18

Slide 18 text

Checking headers

Slide 19

Slide 19 text

Requests import requests http_proxy = "http://10.10.10.10:3000" https_proxy = "https://10.10.10.10:3000" proxyDict = { "http" : http_proxy, "https" : https_proxy } r = requests.get(url,proxies=proxyDict)

Slide 20

Slide 20 text

Requests Authentication

Slide 21

Slide 21 text

BeautifulSoup

Slide 22

Slide 22 text

Internal/external links

Slide 23

Slide 23 text

Internal/external links

Slide 24

Slide 24 text

Extract images and documents

Slide 25

Slide 25 text

Scrapy

Slide 26

Slide 26 text

Web Scraping

Slide 27

Slide 27 text

Shodan

Slide 28

Slide 28 text

https://developer.shodan.io

Slide 29

Slide 29 text

Shodan import shodan SHODAN_API_KEY = "insert your API key here" api = shodan.Shodan(SHODAN_API_KEY)

Slide 30

Slide 30 text

Shodan

Slide 31

Slide 31 text

https://www.shodan.io/host/136.243.32.71

Slide 32

Slide 32 text

Shodan

Slide 33

Slide 33 text

Shodan

Slide 34

Slide 34 text

BuiltWith  pip install builtwith  builtwith.parse(‘https://ep2016.europython.eu’)

Slide 35

Slide 35 text

Analysis metadata

Slide 36

Slide 36 text

Analysis metadata

Slide 37

Slide 37 text

Analysis metadata

Slide 38

Slide 38 text

Port Scanning

Slide 39

Slide 39 text

Python-nmap  Automating port scanning  Synchronous and asynchronous modes import nmap # Synchronous nm = nmap.PortScanner() # nm.scan(‘ip/range’,’port_list’) results = nm.scan('127.0.0.1', '22,25,80,443')

Slide 40

Slide 40 text

NmapScanner

Slide 41

Slide 41 text

NmapScanner for port in port_list: NmapScanner().nmapScan(ip, port)

Slide 42

Slide 42 text

NmapScanner Async #Asynchronous nm_async = nmap.PortScannerAsync() def callback_result(host, scan_result): print '------------------' print host, scan_result nm_async.scan(hosts='192.168.1.0/30', arguments='-sP', callback=callback_result) while nm_async .still_scanning(): print("Waiting >>>") nm_async.wait(2)

Slide 43

Slide 43 text

NmapScanner Async

Slide 44

Slide 44 text

Scripts Nmap

Slide 45

Slide 45 text

Scripts Nmap  Programming routines allow to find potential vulnerabilities in a given target  First check if the port is open  Detect vulnerabilities in the service port openned nm.scan(arguments="-n -A -p3306 -- script=/usr/share/nmap/scripts/mysql- info.nse")

Slide 46

Slide 46 text

Mysql Scripts Nmap

Slide 47

Slide 47 text

Check FTP Login Anonymous

Slide 48

Slide 48 text

Check FTP Login Anonymous

Slide 49

Slide 49 text

Check Webs sites  pip install pywebfuzz  https://github.com/disassembler/pywebfuzz

Slide 50

Slide 50 text

PyWebFuzz from pywebfuzz import fuzzdb import requests logins = fuzzdb.Discovery.PredictableRes.Logins domain = "http://192.168.56.101" for login in logins: print “Checking... "+ domain + login response = requests.get(domain + login) if response.status_code == 200: print "Login Resource: " +login

Slide 51

Slide 51 text

PyWebFuzz

Slide 52

Slide 52 text

Heartbleed  Vulnerability in OpenSSL V1.0.1  Multi-threaded tool for scanning hosts for CVE- 2014-0160.  https://github.com/musalbas/heartbleed-masstest  https://filippo.io/Heartbleed

Slide 53

Slide 53 text

Heartbleed

Slide 54

Slide 54 text

Heartbleed

Slide 55

Slide 55 text

Advanced tools

Slide 56

Slide 56 text

Metasploit python-msfrpc

Slide 57

Slide 57 text

Metasploit API call Calls in msgpack format

Slide 58

Slide 58 text

Nexpose  Tool developed by Rapid7 for scanning and vulnerability discovery.  It allows programmatic access to other programs via HTTP/s requests.  BeautifulSoup to obtain data from vulnerabilities server

Slide 59

Slide 59 text

Nexpose

Slide 60

Slide 60 text

Pentesting tool

Slide 61

Slide 61 text

https://github.com/jmortega/python-pentesting

Slide 62

Slide 62 text

https://github.com/jmortega/europython_ethical_hacking

Slide 63

Slide 63 text

References & libs  http://docs.shodanhq.com  http://docs.python-requests.org/en/master/  http://scrapy.org  http://xael.org/pages/python-nmap-en.html  http://www.pythonsecurity.org/libs  https://github.com/dloss/python-pentest-tools  http://kali-linux.co/2016/07/12/python-tools-for- penetration-testers%E2%80%8B/  https://github.com/PacktPublishing/Effective-Python- Penetration-Testing

Slide 64

Slide 64 text

Books

Slide 65

Slide 65 text

Books

Slide 66

Slide 66 text

THANK YOU!