How to Become a Penetration Tester with Python

#Author: ManishHacker1

How to Become a Penetration Tester with Python


There are many security books that discuss every types of tools and every types of vulnerability, where only small portion of the attacks seem to relevant to the average penetration tester. My hope is that i will evolve your security knowledge and better understand how you need to protect your own environment.

To become a better security professional, some of the most importtant things to do are:

  • Learn, study and understand vulnerabilities and common security weaknesses.
  • Practice exploiting and securing vulnerabilities in controlled environments.
  • Perform testing in real world environments.
  • Teach and present to the security community.


Penetration tester, Attacker and Hacker interchangeably as they use the same techniques and tools to access the security of network and data systems. The only difference between them is their end objective a secure network, or a data breach.


If you are new to penetration testing, there are some specific times during exploitation where you will be very excited, and these are often looked at as goals:

  • The first time you gain a shell
  • The first time you exploit each of the OWASP top 10 vulnerabilities
  • The first time you write your own exploit
  • The first time you find a zero day


Here some Python Penetration Module which is use in your Python Program during penetration testing.

Network

  • networkx 2.0 Python package for creating and manipulating graphs and networks
  • networkx_viewer 0.2.0 Interactive viewer for networkx graphs.
  • pyActionNetwork 0.11.1 Python API client for ActionNetwork
  • pynetworktables2js 2017.0. Forwards NetworkTables traffic to a web page via a Websocke
  • moznetwork 0.27 Library of network utilities for use in Mozilla testing
  • lanscan 0.9.5 Python 3 module to collect and display information about the hosts and devices on the local network
  • nwscan 0.2: Scan networks for alive hosts
  • iddmma 1.0: A Network Scan & Attack Tools
  • iddmma-nsniffer1 1.0 A Network Scan & Attack Tools
  • sjgefily 1.0 A Network Scan & Attack Tools
  • habu 0.0.35: Network Hacking Toolkit
  • hacklib 0.1.6: Toolkit for hacking enthusiasts using Python.
  • httpcap 0.7.9: Capture and parse http traffics with python
  • pretend_extended 2.1: Fake servers for testing
  • Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library
  • pypcap, Pcapy and pylibpcap: several different Python bindings for libpcap
  • libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission
  • dpkt: fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols
  • Pytbull: flexible IDS/IPS testing framework (shipped with more than 300 tests)
  • Impacket: craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB
  • pynids: libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection
  • flowgrep: grep through packet payloads using regular expressions

Debugging and reverse engineering

  • Python 2.7 (obviously)
  • Immunity: Debugger (great debugger completely scriptable in Python)
  • pefile: Python library for inspecting PE file format
  • pydasm: Python library for disassembly binary code
  • paimei: reverse engineering framework written in Python
  • pydbg: pure-Python win32 debugger interface
  • mona.py: PyCommand for Immunity Debugger that replaces and improves on pvefindaddr
  • IDAPython: IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro
  • PyEMU: fully scriptable IA-32 emulator, useful for malware analysis
  • pefile: read and work with Portable Executable (aka PE) files
  • PyDbgEng: Python wrapper for the Microsoft Windows Debugging Engine
  • uhooker: intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory
  • diStorm: disassembler library for AMD64, licensed under the BSD license
  • python-ptrace: debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python
  • vdb / vtrace: vtrace is a cross-platform process debugging API implemented in python, and vdb is a debugger which uses it
  • Androguard: reverse engineering and analysis of Android applications
  • Capstone: lightweight multi-platform, multi-architecture disassembly framework with Python bindings
  • PyBFD: Python interface to the GNU Binary File Descriptor (BFD)
  • winappdbg 1.5: Windows application debugging engine

Forensics

  • humbug-forensics 0.0.0 Simple utility to fake “hum forensics”
  • Foreman-Forensics 0.0.1 Open Source Forensic Case Management
  • LibForensics 0.1 Framework for developing digital forensic applications
  • Volatility: extract digital artifacts from volatile memory (RAM) samples
  • pyhindsight 2.1.1 Internet history forensics for Google Chrome/Chromium
  • LibForensics: library for developing digital forensics applications TrIDLib, identify file types from their binary signatures. Now includes Python binding
  • aft: Android forensic toolkit
  • dfdatetime 20171109: Digital Forensics Date and Time (dfDateTime).
  • dfkinds 20170604: Digital Forensics kinds (types and classes).
  • dfvfs 20171125: Digital Forensics Virtual File System (dfVFS).
  • dfwinreg 20170706: Digital Forensics Windows Registry (dfWinReg).
  • jsre 1.0.0: Regular expression module for forensics and big dat
  • PyAFF4 0.26.post5: Python Advanced Forensic Format Version 4 library.
  • artificer 0.0.1: Artificer ForensicArtifacts Server
  • Evolve 1.5: Web interface for the Volatility Memory Forensics Framework
  • fdstools 1.1.1: Forensic DNA Sequencing Tools

Fuzzing

  • Sulley: fuzzer development and fuzz testing framework consisting of multiple extensible components
  • Peach Fuzzing Platform: extensible fuzzing framework for generation and mutation based fuzzing (v2 was written in Python)
  • antiparser: fuzz testing and fault injection API
    TAOF, (The Art of Fuzzing) including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer
  • untidy: general purpose XML fuzzer
  • Powerfuzzer: highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) SMUDGE
  • Mistress: probe file formats on the fly and protocols with malformed data, based on pre-defined patterns
  • Fuzzbox: multi-codec media fuzzer
  • Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems
  • Windows IPC Fuzzing Tools: tools used to fuzz applications that use Windows Interprocess Communication mechanisms
  • WSBang: perform automated security testing of SOAP based web services
  • Construct: library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner
  • fuzzer.py (feliam): simple fuzzer by Felipe Andres Manzano
  • fuzzing 0.3.2: Tools for stress testing applications.
  • FuzzManager 0.1.1: A fuzzing management tools collection
  • kittyfuzzer 0.7.1: Kitty fuzzing framework
  • discosub 0.3.0: Simple, Faster, & Efficient, Subdomain Discovery Scanner
  • dnslib 0.9.7: Simple library to encode/decode DNS wire-format packets
  • peachproxy 0.0.1: Peach Web Proxy API module
  • scapy-ssl_tls 1.2.3.2: An SSL/TLS layer for scapy the interactive packet manipulation tool
  • syntribos 0.4.0 1: API Security Scanner
  • leekspin 2.1.1: An Onion Router descriptor generator
  • scapy-ssl_tls 1.2.3.2: An SSL/TLS layer for scapy the interactive packet manipulation tool

Malware Analysis

  • Cuckoo 2.0.4.4: Automated Malware Analysis System
  • balbuzard 0.19: Malware analysis tools to extract patterns of interest from files and crack obfuscation such as XOR
  • netsink 0.5: Network Sinkhole for Isolated Malware Analysis
  • pyew: command line hexadecimal editor and disassembler, mainly to analyze malware
  • Exefilter: filter file formats in e-mails, web pages or files. Detects many common file formats and can remove active content
  • pyClamAV: add virus detection capabilities to your Python software
    jsunpack-n, generic JavaScript unpacker: emulates browser functionality to detect exploits that target browser and browser plugin vulnerabilities
  • yara-python: identify and classify malware samples
  • phoneyc: pure Python honeyclient implementation
  • amira 1.0.4: Automated Malware Incident Response and Analysis.
  • apkid 1.0.0: Android Package Identifier
  • mass-server 0.2.0rc8: Malware Analysis and Storage System server
  • packerinspector-api 1.0.0: Deep Packer Inspector API

Web

  • Requests: elegant and simple HTTP library, built for human beings
  • HTTPie: human-friendly cURL-like command line HTTP client
  • web 0.6.0: Web modules for CGI and WSGI web programming
  • ProxMon: processes proxy logs and reports discovered issues
  • Amalwebcrawler 0.1: Web crawler in Python
  • WSMap: find web service endpoints and discovery files
  • Twill: browse the Web from a command-line interface. Supports automated Web testing
  • webby 1.3.0: Web Crawler, HTML Parser, and Data Visualization
  • Ghost.py: webkit web client written in Python
  • Windmill: web testing tool designed to let you painlessly automate and debug your web application
  • FunkLoad: functional and load web tester
  • odoo10-addon-website-analytics-piwik 10.0.1.0.0.99.dev2: Track website users using piwik
  • spynner: Programmatic web browsing module for Python with Javascript/AJAX support
  • python-spidermonkey: bridge to the Mozilla SpiderMonkey JavaScript engine; allows for the evaluation and calling of Javascript and functions
  • mitmproxy: SSL-capable, intercepting HTTP proxy. Console interface allows traffic flows to be inspected and edited on the fly
  • pathod / pathoc: pathological daemon/client for tormenting HTTP clients and servers
  • webcam-streamer 1.0.5 Simple USB webcam streaming
  • pywebperf 1.0: Web Performance Testing
  • webapp_shan2new 1.0.0: A basic webapp tester
  • webmocker 0.6.4: A test lib for stubbing http response
  • git-change 0.2.2: Git command to create and manage Gerrit Code Review changes
  • ak-syntribos 0.3.1.dev91: API Security Scanner
  • outpost 0.3.4: Application level proxy server

Demonstration

How to Find Your Public IP address using Python Script

Full Source Code:


#md5 Cracker
#Author:ManishHacker1
#https://pythonsecret.blogspot.in
#http://krypsec.com
#https://www.facebook.com/ManishHacker1

import urllib2

def get_public_ip(request_target):
    grabber = urllib2.build_opener()
    grabber.addheaders = [('User-agent','Mozilla/5.0')]
    try:
        public_ip_address = grabber.open(target_url).read()
    except urllib2.HTTPError, error:
        print("There was an error trying to get your Public IP: %s") % (error)
    except urllib2.URLError, error:
        print("There was an error trying to get your Public IP: %s") % (error)
    return public_ip_address


public_ip = "None"
target_url = 'https://api.ipify.org'
public_ip = get_public_ip(target_url)



if not "None" in public_ip:
    print 'Your public IP address is: {}'.format(public_ip)
else:
    print("Your Public IP address was not found")


In above code save as “anyname.py” where “.py” our file extension.

Python Training

Output

Python Training


Thank You for reading this article(How to Become a Penetration Tester with Python)

Best Python Training and Ethical Hacking Training in Meerut, Noida , Delhi.

  • Ethical Hacking Training in Meerut
  • Python Training in Meerut
  • Python Training in Noida
  • Best Python Training in India
  • Best Hacking Training in Noida
  • Black Hat Hacking Training in Meerut
  • Black Hat Hacking Training in Noida
  • Artificial Intelligence Training in Meerut
  • Machine Learning Training in Meerut
  • Data Analysis Training in Meerut
  • PHP Training in Meerut
  • PHP Training in Noida
  • Data Analysis Training in Noida

Official Website: Kryptora | Planet of Technology

And also like my FB page given below link and share it.

Summary
Photo ofManish Kumar
Manish Kumar
Manish Kumar
ManishHacker1
(ManishHacker1)
http://kryptora.com
Founder & CEO at Kryptora
Founder & CEO at Kryptora
Kryptora InfoTech Pvt. Ltd.
Kryptora | Planet of Technology
E-48, SEC 3 Noida
E-48, First Floor, Sec 3,
Noida, 201301

2 comments to “How to Become a Penetration Tester with Python”

You can leave a reply or Trackback this post.
  1. Camron - June 26, 2018 Reply

    Hello Mr. Kumar. I am a recent graduate with an AS degree in IT:NA which is the equivelant of CompTIA A+, Networking+, and Security+. Bottom line = elementary education. I am taking the CCNA Routing and Switching Certification exam soon however i continue without confidence to enter the professional world of IT. I am extremely interested in Python however I had problems with C programming. Long story over, thank you for sharing your nsight i feel a passion in this direction and im going to follow your advise.

  2. ManishHacker1 - June 26, 2018 Reply

    Great !!! Keep it up…

Leave a Reply

Your email address will not be published.