Python For Penetration Testers

Wow!

vulnerablelife


Python for penetration testers

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them.

Most of the listed tools are written in Python, others are just bindings for existing C libraries, i.e. they make those libraries easily usable from Python programs.



Network

  • Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library
  • pypcapPcapy and pylibpcap: several different bindings for libpcap
  • libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission
  • dpkt: fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols
  • Impacket: craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB
  • pynids: libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly…

View original post 1,027 more words

Advertisements

Python tips and tricks

**Below snippets, tips, trick and concepts actively collecting from various web sites and stack-overflow questions.

**You can find some examples snippets and useful tools at my repo

Operations on String

1.Check the string s is alphanumeric or not s.isalnum()


os & sys Module

1.Kill process from python (The script should run with sudo)

def kill(proc, signum=signal.SIGTERM):
    os.killpg(proc.pid, signum)

2.Get pid of current script that is running:  os.getpid()

3.Give nice to the script that is running: os.nice(19)

4.Get the current python version: sys.version_info

5.Rename files: os.rename(src, dst)

6.Check file exists or not: os.path.exists("/path/to/file")

7.Get directory name of file: os.path.dirname(/path/to/file.txt)

8.Create directories recursively: os.makedirs("/dir1/dir2/")


List

1.Join list items with delimiter

>> days=["Sunday","Monday","Tuesday", "Wednesday","Thursday","Friday", "Saturday"]
>>> "-".join(days)
'Sunday-Monday-Tuesday-Wednesday-Thursday-Friday-Saturday'

Time

1.Print data and time. Find more at strftime.org

  • %H– 24 Hours hour
  • %I– 12 Hours hour
  • %M– Minutes
  • %S-Seconds
  • %d– Days
  • %m– Months
  • %Y– Year [4 Digits]
  • %j– Day of the year
  • %A– Day of the week (Name)
>>> import time
>>> 
>>> time.strftime("%H:%M:%S")
'17:47:17'
>>> 
>>> time.strftime("%d/%m/%Y %H:%M:%S")
'14/03/2017 17:47:26'
>>>

2. Epoch time: int(time.time()) https://www.epochconverter.com/


Reading and writing from/to different file formats

1.YAML Files

Reading

def read_yaml(file_name):
    if not os.path.exists(file_name):
        print "{} not found! Please check.".format(file_name)
        exit(1)
    with open(file_name) as f:
        data=yaml.load(f)
    return data

Writing

def write_yaml(data,yaml_file):
    with io.open(yaml_file, 'w', encoding='utf8') as outfile:
        yaml.dump(data, outfile, default_flow_style=False, allow_unicode=True)

Miscellaneous:

1. Know who is calling the function with inspect module (In-Built)

import inspect
def f1(): 
    print "Inside of function f1"    
    f2()
def f2():
    curframe = inspect.currentframe()
    calframe = inspect.getouterframes(curframe, 2)
    print 'Caller Name:', calframe[1][3]
f1()

--OUTPUT--
Inside of function f1
Caller Name: f1

 

2.Log rotate. (Include the below function in your script).

Arguments:

  1. message– Your information
  2. level– Log Level: debug, info, warning, error, critical
import logging
from logging.handlers import RotatingFileHandler

DEFAULT_LOG = '/var/log/script.log'
handler=RotatingFileHandler(DEFAULT_LOG, mode='a', maxBytes=20*1024*1024, backupCount=0, encoding=None, delay=0)
handler.setFormatter(logging.Formatter('%(asctime)s %(name)s[%(process)d] %(levelname)s: %(message)s'))
log =logging.getLogger('MyScript')
levels={"info":logging.INFO,
        "debug":logging.DEBUG,
        "warning":logging.WARNING,
        "error":logging.ERROR,
        "critical":logging.CRITICAL}

def log_it(level,message):
    log.setLevel(levels[level])
    log.addHandler(handler)
    handler.setLevel(levels[level])
    if level=="info":    
        log.info(message)    
    elif level=="debug":
        log.debug(message)
    elif level=="warning":
        log.warning(message)
    elif level=="error":
        log.error(message)
    elif level=="critical":
        log.critical(message)

log_it("warning","Something happened!")

--OUTPUT--
2017-03-14 12:19:53,391 MyScript[7602] WARNING: Something happened!;

3. Suppress all warnings in Python

import warnings
warnings.filterwarnings("ignore")

MAC Address Scrambling in Linux

MAC Address Scrambling“- By name itself we can understand, instead of using burned-in address, the machines uses random MAC address every time. The machines changes MAC address regularly to improve security.  MAC address is 48 bit hexadecimal digit which is burned in every electronic device has capability of “connectivity” such as mobile devices, smart TV, PC, etc. “Apple” added this feature to iPhones from iOS8 to protect user’s privacy.

So, how static MAC address causes some security issues?  First thing caught in my mind is this

According to Edward Snowden, the National Security Agency has a system that tracks the movements of everyone in a city by monitoring the MAC addresses of their electronic devices. As a result of users being trackable by their devices’ MAC addresses, Apple has started using random MAC addresses in their iOS line of devices while scanning for networks.If random MAC addresses are not used, researchers have confirmed that it is possible to link a real identity to a particular wireless MAC address.

-Wikipedia

Continue reading “MAC Address Scrambling in Linux”

Linux pseudo files & cheat sheet

*A blog post that I’m actively collecting “Linux pseudo files and cheat sheets”

Files:

  • cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_cur_freq –  Real time speed of the CPU(ability to adjust their speed to help in saving on battery/power usage)
  • ​​/proc Directory
    • /proc/cpuinfo | grep MHz  – The absolute (max) CPU speed
    • /proc/sys/net/ipv4/* – Refer kernel.org docs
    • /proc/net/tcp and /proc/net/tcp6 – Refer kernel.org doc for more info

Special Device Files:

  • /dev/null– Discards all data written to it but reports that the write operation succeeded[Read man]
  • /dev/full – Returns the error code ENOSPC (meaning “No space left on device”) on writing[Read man]
  • /dev/random – Special file that serves as a blocking pseudorandom number generator. It allows access to environmental noise collected from device drivers and other sources.(Block until additional environmental noise is gathered)[Read man]
  • /dev/urandom – Without block [Read man]
  • /dev/zero – Provides as many null characters as are read from it [Read More]

Directories:

  • /var/lock/ – Store lock files, which are simply files used to indicate that a certain resource (a database, a file, a device) is in use and should not be accessed by another process. Aptitude, for example, locks its database when a package manager is running.
  • /var/run – Used to store .pid files, which contain the process id of a running program. This is commonly used in services or other programs that need to make their process id’s available to other processes.

Commands:

  • lscpu – Display CPU architecture information
  • cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 40 | head -n 1 – Generates 40 characters long random string.
  • mtr – mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool.

Install Cheats:

1. Install virtual box in kali linux 2016 (kali-rolling)

Below are the dependency packages for virtual-box in in kali linux
1. libpng12 (Download .dep package, and install with command dpkg -i package_name)
2. libvpx1 (Download .dep package, and install with command dpkg -i package_name)
3. libssl1.0.0 (apt-get install libssl1.0.0)

Now goto virtual-box’s download page, download dep package for Debian 7 (“Wheezy”) version and then install the .deb package with dpkg -i package_name

Linux, Python and other useful resource links

*Below links I found useful, collected from various sites.

    1. How to recover lost Python source code if it’s still resident in-memory
    2. Android Internals [PDF]  by Jonathan Levin: Talked about Linux vs Android, File system, Partitions, Boot, Backup & recovery, Init, Daemons
    3. USG is a firewall for your USB ports, protecting your computer from BadUSB
    4. CHIPSEC  A framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI)
    5. Cpython Internals: Codewalk through the Python interpreter source codes [Youtube Playlist]: Talked about Opcodes, Frames, Function calls, PyObjets, Python Datatypes, Iterators, Generators, Clases, etc
    6. Dive in to BPF: A list of reading materials for BPF
    7. Run Levels & How to make init scripts
    8. Simple BFP implementation in Python
    9. Problem Solving with Algorithms and Data Structures using Python [BOOK] By Brad Miller and David Ranum, Luther College: Talked about Basic Data Structures, Recursions, Sorting & Searching, Tree Algorithms and Graphs Algorithms
    10. Natural Language Processing with Python [BOOK] by Steven Bird, Ewan Klein, and Edward Loper: Talked about Processing Raw Text, Writing Structure Programs, Categorizing and Tagging words, Classify Text, Extract Info, Analyzing Sentences, Basic Grammars, Linguistic Data, etc
    11. Capturing Wireless LAN Packets on Ubuntu with tcpdump and Kismet
    12. BPF Compiler Collection [Github Repo] A toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples
    13. An Introduction to Linux Permissions
    14. htop explained visually with screenshot
    15. How to Make a Computer Operating System
    16. Python for Android
    17. DNS Queue – A Parallelised DNS Prober
    18. Python Cheat Sheets
    19. Where Am I[Git Repo] Uses WiFi signals and machine learning (sklearn’s RandomForest) to predict where you are. Even works for small distances like 2-10 meters.
    20. Explain Shell
    21. Infinite possibilities with the Scapy Module
    22. Learn VIM while playing
    23. BASH Cheat Sheet
    24. VirusTotalVirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.  
    25. Python Anti-Patterns – Best Python Coding Practices
    26. How Linux CPU Usage Time and Percentage is calculated
    27. Linux Memory Managment Frequently Asked Questions
    28. Live Hacking Attack Map
    29. Python Plays: Grand Theft Auto VBy sentdex : Self Driving Car, Neural Network Training Data for self-driving, Balancing self-driving training data ,etc
    30. https://pythonprogramming.net/
    31. Pythonic Data Structures and Algorithms
    32. Removing Your PDF Metadata & Protecting PDF Files
    33. https://ngrok.com/ – Secure tunnels to localhost
    34. Tool for in-depth analysis of USB HID devices communication
    35. An Illustrated Guide to the Kaminsky DNS Vulnerability
    36. Spear Phishing 101
    37. What is setiud, setgid and sticky bit in Linux?
    38. Set up your own malware analysis lab with VirtualBox, INetSim and Burp
    39. Step by step Metasploit walkthrough
    40. Linux Bridge – how it works
    41. SSH Check
    42. Shutit – An automation tool that models a user’s actions on a terminal.
    43. Phishing With a Rogue Wi-Fi Access Point
    44. Fuzzing proprietary protocols with Scapy, radamsa and a handful of PCAPs
    45. WiFi-Pumpkin[Github Repo] Framework for Rogue Wi-Fi Access Point Attack
    46. https://stackhackr.barkly.com/ – Creating your own malware in 5 minutes or less.
    47. Writing a Simple Operating System — from Scratch [PDF]
    48. A collective list of free JSON APIs for use in web development
    49. Learn Regular Expression in Easy Way
    50. fast DDoS analyzer with sflow/netflow/mirror
    51. Metadata: a hacker’s best friend
    52. A Python Package for creating backdoors!
    53. malware-traffic-analysis.net – A source for pcap files and malware samples
    54. 30 interesting commands for the Linux shell
    55. How security flaws work: The buffer overflow
    56. From SQL Injection to Shell
    57. Realmode Assembly – Writing bootable stuff
    58. Hardware Hacking & Circuitry: Part 2: Amount of electricity, Resistance, Power, AC/DC
    59. Understanding and generating the hash stored in /etc/shadow
    60. Blockchains: How They Work and Why They’ll Change the World

How to create HTTPS proxy in apache

Some times you might need https to securely send data to an API(Or access website), but the API might not officially support https or it could be some other reasons will  stick to HTTP which is insecure. I also encountered similar situation, I used TSDB to store time series date, but the TSDB supports only http , but not https. So, I decided to put a HTTPS proxy in front of original API. Since I don’t have much knowledge on apache, after a long Internet search, I finally found the solution and I just want to share

The Scenario

Scenario

Continue reading “How to create HTTPS proxy in apache”

GNU screen commands(Cheat Sheet)

GNU Screen is a terminal multiplexer, a software application that can be used to multiplex several virtual consoles, allowing a user to access multiple separate login sessions inside a single terminal window, or detach and reattach sessions from a terminal. It is useful for dealing with multiple programs from a command line interface, and for separating programs from the session of the Unix shell that started the program, particularly so a remote process continues running even when the user is disconnected. [more]

-Wikipedia

  • sudo apt-get install screen -y

Continue reading “GNU screen commands(Cheat Sheet)”