Skip to main content
  1. All Posts/

python-pentesting

Tools HTML

===============================
Tool pentesting with Python

The main script is pentesting-tool.py and you need execute with python 2.7
Also you need install requeriments.txt and other modules like python-msfrpc

Install dependences from requeriments.txt

pip install -r requirements.txt

Introduction

This tool allows obtain information about a specific ip or domain.

It has options like port scanning and detect vulnerabilities in some ports like ftp or mysql
It has another advanced features like connecting with metasploit and nexpose for extracting information about vulnerabilities
discovered in specific servers.

Using The tool

The first step is introduce the target ip or domain
These are the options we can view when we have introduced a ip or domain:

1.Check Open Ports

This option checks the ports open for a target ip or domain

2.Port Scanning

This option checks the ports for a target ip or domain

3.Nmap Scanning advanced

Check ports in more advanced mode

4.Check Option methods

This option checks the methods(GET,POST,PUT,DELETE) a target ip or domain
If the server doesn’t support this option methods,it show an message error

5.Check DNS Servers Info

This options show the info about DNS server for a target ip or domain

6.Check Host info fron Shodan Service

This option obtain info about the target ip from shodan services
For get info from Shodan services in the class ShodanSearch you can put your own shodanKey in the init method

7.NMAP Scanning

This option makes a port scanning with python-nmap and for each port checks if the port is open
If the port is open,checks the nmap scripts for detecting some vulnerability in the port or in the service
The ports to analyze are:
21,22,80,8080,443,5432,3306,27017,55553,1241,9160,5900
21–>FTP
22->SSH
80,8080–>HTTP
443–>SSL
5432–>POSTGRES SQL
3306–>MySQL
27017–>MongoDB
9160–>CASSANDRA
5900–>VNC

8.Host Info by Socket Call

Shows info about the call socket.gethostbyname(hostname)

9.GeoLocation Host Info

Shows server geolocation info with the pygeocoder library
This options uses the ‘GeoLiteCity.dat’ file for obtain the geolocation info

10.Scraping for images and pdf & obtain metadata

Obtain images and pdfs from the server and metadata info that could be found inside images and pdfs
When images and pdfs are found in the server,a local folder is created for storing these items

11.Get Headers info

Check request headers info from ip and hostname

12.Get SSH user/password Brute Force

If the server has the port 22 open,we can try a brute force process with dictionary for users and passwords
The script is using 2 files,users.txt and passwords.txt
This files and other dictionaries can be download from repository
https://github.com/fuzzdb-project/fuzzdb/tree/master/wordlists-user-passwd/unix-os
These files can be found in the FuzzDB project: https://code.google.com/p/fuzzdb

13.Get FTP Anonymous access

If the server has the port 21 open,we can check if it has anonymous access activated

14.MetaSploitFrameWork

You must enter information about the server where metasploit is running
Introduce IP server where MetaSploit is running:
Introduce Port server where MetaSploit is running:
Introduce user for MetaSploit:
Introduce password for MetaSploit:

15.NexposeFramework

You must enter information about the server where nexpose is running
Introduce IP server where Nexpose is running:
Introduce Port server where Nexpose is running:
Introduce user for Nexpose:
Introduce password for Nexpose:

Logs

For each option ,a log file is generated
1.logOpenPorts.txt
2.logOptionMethods.txt
3.logDnsInfo.txt
4.logHostInfo.txt
5.logNScanningNmap.txt
6.logHostByName.txt
7.logGeoLocationInfo.txt
8.logScraping.txt
9.logCheckHeaders.txt
10.logSSHBruteForce.txt
11.logFTP.txt
12.metaSploit_log.txt
13.nexpose_log.txt

Libraries

These are the main libraries that we have to install in order to execute the program
Some libraries are easy install with pip and others like python-msfprc for metasploit framework must be install with the source code

Install requirements

pip install -r requirements.txt

pythonwhois

pip install pythonwhois
http://cryto.net/pythonwhois/install.html

ipwhois

pip install ipwhois
https://pypi.python.org/pypi/ipwhois

python-nmap

pip install python-nmap
https://pypi.python.org/pypi/python-nmap

pygeoip

pip install pygeoip
https://pypi.python.org/pypi/pygeoip

pygeocoder

pip install pygeocoder
https://pypi.python.org/pypi/pygeocoder

shodan

https://shodan.readthedocs.org/en/latest/tutorial.html#installation

dnspython

pip install dnspython
https://pypi.python.org/pypi/dnspython/1.12.0

paramiko

pip install paramiko
https://pypi.python.org/pypi/paramiko/1.15.2
Paramiko also requires pyCrypto
https://pypi.python.org/pypi/pycrypto

requests

pip install requests
http://www.python-requests.org/en/latest/user/install/#install

msgpack

pip install msgpack-python
https://pypi.python.org/pypi/msgpack-python

python-msfrpc

https://github.com/SpiderLabs/msfrpc/tree/master/python-msfrpc
python setup install

PyPDF2

https://pypi.python.org/pypi/PyPDF2

lxml

pip install lxml

BeautifulSoup

pip install beautifulsoup4
http://www.crummy.com/software/BeautifulSoup

Selenium

pip install selenium
https://pypi.python.org/pypi/selenium

Pillow

Python Imaging Library
pip install Pillow

FTPLib

https://docs.python.org/2/library/ftplib.html

Scapy

It is used in an option for port scanning
http://www.secdev.org/projects/scapy

Ghost.py

It is used in check Headers && Clicjacking as webkit web client
http://jeanphix.me/Ghost.py/

Contact

Twitter
http://twitter.com/jmortegac
Web
http://about.me/jmortegac