![Data Types
Data types:
Strings - “Hello”
Numbers – 123
Lists – [‘hello’,’2’,’1’]
Tuples - (‘1’,’2’,’3’) (immutable)
Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}](https://image.slidesharecdn.com/pentestusingpython-150110224446-conversion-gate01/85/PenTest-using-Python-By-Purna-Chander-6-320.jpg)
![SCRIPT
import http.client
for xss in xss_array:
#print (xss)
url = 'www.skywatcher.com'
conn = http.client.HTTPConnection(url)
print ( url+ '/downloads.php?cat='+ xss)
conn.request('GET', '/downloads.php?cat='+ xss)
resp = conn.getresponse()
body = resp.read()
if resp.version == 10:
print('HTTP/1.0 %s %s' % (resp.status, resp.reason))
if resp.version == 11:
print('HTTP/1.1 %s %s' % (resp.status, resp.reason))
for header in resp.getheaders():
print('%s: %s' % (header[0], header[1]))
#print ('n', body)
print ("------------------------------------------------------------------------------")
conn.close()](https://image.slidesharecdn.com/pentestusingpython-150110224446-conversion-gate01/85/PenTest-using-Python-By-Purna-Chander-14-320.jpg)
PenTest using Python By Purna Chander
- 1. P U R N A C H A N D E R Pen-Test Techniques using Python
- 2. Why? Easy ( Install, learn, Code) Tons of Libraries Code is easy to understand Multiplatform Good for Prototyping Free
- 3. History Conceived in late 80´s and first implementation in 1989 Created by Guido Van Rossum Actually there are two branches 2.x and 3.0
- 4. Python Interpreted language Object oriented Indentation is significant in Python, block delimiter. Usual control structures (if, while, etc) Multiple levels of organization (function, classes, modules, packages)
- 5. Who is using Python? Canvas W3AF Sqlmap Impacket Google ImmunityDebugger Peach Sulley Paimei Scapy Spike Proxy Core Impact
- 6. Data Types Data types: Strings - “Hello” Numbers – 123 Lists – [‘hello’,’2’,’1’] Tuples - (‘1’,’2’,’3’) (immutable) Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}
- 7. Basic Code bits import sys ofile = "dictionary.txt" fil = open(ofile,'r') x = fil.readlines() for y in x: print (y)
- 8. Urllib3 Library to deal with HTTP import urllib3 http = urllib3.PoolManager() r = http.request('GET', 'https://python.org/') print (r.status) print (r.data)
- 9. 7 Zip Cracker import os, sys, pas = open('passwords.txt', 'rb') password=pas.readlines() for x in password: try: fp = open('test.7z', 'rb') archive = Archive7z(fp, password=x) print ”The password is" + x sys.exit() except Exception, e: fp.close()
- 10. Win32Com Library that allows us to access COM objects in Win32 systems We can automate Word, Excel, Powerpoint, access WMI and etc..
- 11. Excel Processing from win32com.client import Dispatch xlApp = Dispatch("Excel.Application") xlApp.Visible = 1 xlApp.Workbooks.open("test.xls") for x in range(1,100): nombre=str(xlApp.ActiveSheet.Cells(x,5)) print nombre xlApp.Quit()
- 12. WMI import wmi c = wmi.WMI () for process in c.Win32_Process (): print process.ProcessId, process.Name
- 13. DEMO Finding XSS Vulnerability in Web Application
- 14. SCRIPT import http.client for xss in xss_array: #print (xss) url = 'www.skywatcher.com' conn = http.client.HTTPConnection(url) print ( url+ '/downloads.php?cat='+ xss) conn.request('GET', '/downloads.php?cat='+ xss) resp = conn.getresponse() body = resp.read() if resp.version == 10: print('HTTP/1.0 %s %s' % (resp.status, resp.reason)) if resp.version == 11: print('HTTP/1.1 %s %s' % (resp.status, resp.reason)) for header in resp.getheaders(): print('%s: %s' % (header[0], header[1])) #print ('n', body) print ("------------------------------------------------------------------------------") conn.close()
- 15. Console Output
- 16. THANK YOU Q & A