Python 101 Python... is it necessary for cyber security?
Python, the programming language named after Monty Python, is one of the programming languages known to be used by security experts to automate and create tools.
Despite programming being one of the challenges within those working in tech, it is known to be even more complicated with recent news on malicious packages and libraries found in package managers.
There are many things that can be done with python, especially if there is no stable connection to download a fully created tool, or simply wanting to have a lighter version with a basic functionality.
Here are some examples.
Brute-force login
Brute is a brute-force login is a script written in python for ethical hacking of web applications.
Copy $ python brute-force-login/brute.py
____ _ _____ _
| __ ) _ __ _ _| |_ ___ | ___|__ _ __ ___(_)_ __ __ _
| _ \| '__| | | | __/ _ \ | |_ / _ \| '__/ __| | '_ \ / _` |
| |_) | | | |_| | || __/ | _| (_) | | | (__| | | | | (_| |
|____/|_| \__,_|\__\___| |_| \___/|_| \___|_|_| |_|\__, |
|___/
_ _
| | ___ __ _(_)_ __
| | / _ \ / _` | | '_ \
| |__| (_) | (_| | | | | |
|_____\___/ \__, |_|_| |_|
|___/
[+] Enter host:
[+] Enter username to brute force:
[+] Enter file containing passwords:
[+] Enter string for failed login: Directory Enumeration
These are some scripts on Directory Enumeration written in python:
Directory Discovery script takes user input for target IP address and wordlist.
Copy $ python dir-disc.py
____ _ _
| _ \(_)_ __ ___ ___| |_ ___ _ __ _ _
| | | | | '__/ _ \/ __| __/ _ \| '__| | | |
| |_| | | | | __/ (__| || (_) | | | |_| |
|____/|_|_| \___|\___|\__\___/|_| \__, |
|___/
____ _
| _ \(_)___ ___ _____ _____ _ __ _ _
| | | | / __|/ __/ _ \ \ / / _ \ '__| | | |
| |_| | \__ \ (_| (_) \ V / __/ | | |_| |
|____/|_|___/\___\___/ \_/ \___|_| \__, |
|___/
Enter target host: 127.0.0.1
Enter wordlist location: wordlist.txt
[*] Directory discovered: 127.0.0.1/server-status
[*] Directory discovered: 127.0.0.1/uploads Directory Enumeration script uses arguments and is more functional, focusing on the results.
Copy $ python dir-enum.py http://127.0.0.1 wordlist.txt
____ _ _
| _ \(_)_ __ ___ ___| |_ ___ _ __ _ _
| | | | | '__/ _ \/ __| __/ _ \| '__| | | |
| |_| | | | | __/ (__| || (_) | | | |_| |
|____/|_|_| \___|\___|\__\___/|_| \__, |
|___/
_____ _ _
| ____|_ __ _ _ _ __ ___ ___ _ __ __ _| |_(_) ___ _ __
| _| | '_ \| | | | '_ ` _ \ / _ \ '__/ _` | __| |/ _ \| '_ \
| |___| | | | |_| | | | | | | __/ | | (_| | |_| | (_) | | | |
|_____|_| |_|\__,_|_| |_| |_|\___|_| \__,_|\__|_|\___/|_| |_|
*****************************************************************
Scanning target: http://127.0.0.1
Wordlist: wordlist.txt
Start time: 2022-02-25 09:04:35.247230
*****************************************************************
[*] Discovered directory: server-status
[*] Discovered directory: assets Network Scanning
This is a python-written network scanner , awaiting more development!
It was first developed following short instructions with a variety of python functions and was “prettified” with the banner and passing an argument through the command.
Copy $ python port-scanner/port-scanner.py 127.0.0.1
____ _ ____
| _ \ ___ _ __| |_ / ___| ___ __ _ _ __ _ __ ___ _ __
| |_) / _ \| '__| __| \___ \ / __/ _` | '_ \| '_ \ / _ \ '__|
| __/ (_) | | | |_ ___) | (_| (_| | | | | | | | __/ |
|_| \___/|_| \__| |____/ \___\__,_|_| |_|_| |_|\___|_|
**************************************************
Scan started...
Start time: 2022-02-24 10:30:06.253759
Scanning host: 127.0.0.1
**************************************************
Port 80 open More functionality to come!
Password Crackers
Zip Cracker
This is a python script for cracking password protected zip files.
More development can come to “beautify” the code and output, eliminate the use of the python OS library and allow the use of a custom wordlist.
Copy $ python pass-cracker.py info.zip wordlist.txt
______ ____ _
|__ (_)_ __ / ___|_ __ __ _ ___| | _____ _ __
/ /| | '_ \ | | | '__/ _` |/ __| |/ / _ \ '__|
/ /_| | |_) | | |___| | | (_| | (__| < __/ |
/____|_| .__/ \____|_| \__,_|\___|_|\_\___|_|
|_|
unzip -P password info.zip
Archive: info.zip
skipping: file.txt incorrect password
unzip -P james info.zip
Archive: info.zip
skipping: file.txt incorrect password
unzip -P clara info.zip
Archive: info.zip
skipping: file.txt incorrect password
unzip -P 123456 info.zip
Archive: info.zip
skipping: file.txt incorrect password
unzip -P 12345 info.zip
Archive: info.zip
skipping: file.txt incorrect password
unzip -P 123456789 info.zip
Archive: info.zip
skipping: file.txt incorrect password
unzip -P batboys info.zip
Archive: info.zip
inflating: file.txt
************************************************************
Password found: batboys
************************************************************ Hash Cracker
Copy $ python hash-cracker.py wordlist.txt
_ _ _ ____ _
| | | | __ _ ___| |__ / ___|_ __ __ _ ___| | _____ _ __
| |_| |/ _` / __| '_ \ | | | '__/ _` |/ __| |/ / _ \ '__|
| _ | (_| \__ \ | | | | |___| | | (_| | (__| < __/ |
|_| |_|\__,_|___/_| |_| \____|_| \__,_|\___|_|\_\___|_|
Hash of victim: 5f4dcc3b5aa765d61d8327deb882cf99
**************************************************
Password found
password::5f4dcc3b5aa765d61d8327deb882cf99
************************************************** This is a python script for cracking MD5 hashes with a selected wordlist.
Right now the only argument is the wordlist to be used to crack the hashes, while the hash to be cracked relies on user input.
Further functionality can involve passing hash as an argument and as a file.
