PenTest using Python By Purna Chander
•
5 likes•1,090 views
This document discusses using Python for penetration testing techniques. It provides an overview of why Python is well-suited for pen testing, including that it is easy to install, learn, code, and understand. It also discusses Python's history and common uses. The document then covers various Python libraries and modules that can be used for tasks like web scraping, password cracking, automating Office applications, and accessing Windows Management Instrumentation. It concludes with a demonstration of using Python to detect cross-site scripting vulnerabilities in a web application.
Report
Share
PenTest using Python By Purna Chander
- 1. P U R N A C H A N D E R Pen-Test Techniques using Python
- 2. Why? Easy ( Install, learn, Code) Tons of Libraries Code is easy to understand Multiplatform Good for Prototyping Free
- 3. History Conceived in late 80´s and first implementation in 1989 Created by Guido Van Rossum Actually there are two branches 2.x and 3.0
- 4. Python Interpreted language Object oriented Indentation is significant in Python, block delimiter. Usual control structures (if, while, etc) Multiple levels of organization (function, classes, modules, packages)
- 5. Who is using Python? Canvas W3AF Sqlmap Impacket Google ImmunityDebugger Peach Sulley Paimei Scapy Spike Proxy Core Impact
- 6. Data Types Data types: Strings - “Hello” Numbers – 123 Lists – [‘hello’,’2’,’1’] Tuples - (‘1’,’2’,’3’) (immutable) Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}
- 7. Basic Code bits import sys ofile = "dictionary.txt" fil = open(ofile,'r') x = fil.readlines() for y in x: print (y)
- 8. Urllib3 Library to deal with HTTP import urllib3 http = urllib3.PoolManager() r = http.request('GET', 'https://python.org/') print (r.status) print (r.data)
- 9. 7 Zip Cracker import os, sys, pas = open('passwords.txt', 'rb') password=pas.readlines() for x in password: try: fp = open('test.7z', 'rb') archive = Archive7z(fp, password=x) print ”The password is" + x sys.exit() except Exception, e: fp.close()
- 10. Win32Com Library that allows us to access COM objects in Win32 systems We can automate Word, Excel, Powerpoint, access WMI and etc..
- 11. Excel Processing from win32com.client import Dispatch xlApp = Dispatch("Excel.Application") xlApp.Visible = 1 xlApp.Workbooks.open("test.xls") for x in range(1,100): nombre=str(xlApp.ActiveSheet.Cells(x,5)) print nombre xlApp.Quit()
- 12. WMI import wmi c = wmi.WMI () for process in c.Win32_Process (): print process.ProcessId, process.Name
- 13. DEMO Finding XSS Vulnerability in Web Application
- 14. SCRIPT import http.client for xss in xss_array: #print (xss) url = 'www.skywatcher.com' conn = http.client.HTTPConnection(url) print ( url+ '/downloads.php?cat='+ xss) conn.request('GET', '/downloads.php?cat='+ xss) resp = conn.getresponse() body = resp.read() if resp.version == 10: print('HTTP/1.0 %s %s' % (resp.status, resp.reason)) if resp.version == 11: print('HTTP/1.1 %s %s' % (resp.status, resp.reason)) for header in resp.getheaders(): print('%s: %s' % (header[0], header[1])) #print ('n', body) print ("------------------------------------------------------------------------------") conn.close()
- 15. Console Output
- 16. THANK YOU Q & A