Awesome-Mirrors/cyber-security-resources
1
0
Fork 0
mirror of https://github.com/The-Art-of-Hacking/h4cker.git synced 2025-07-31 02:09:13 -04:00
Code Issues Projects Releases Packages Wiki Activity

adding scripting resources

Browse source
This commit is contained in:
Omar Santos 2021-07-17 11:36:49 -04:00
parent 8ce1d65785
commit 02eeedc958
22 changed files with 44 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

21
programming_and_scripting_for_cybersecurity/recon_scripts/dns_recon.md Normal file
View file

@ -0,0 +1,21 @@
# DNS Reconnassaince
## DNSRECON
* [dnsrecon](https://github.com/darkoperator/dnsrecon) - DNS Enumeration Script created by Carlos Perez (darkoperator)
Reverse lookup for IP range:
`./dnsrecon.rb -t rvs -i 10.1.1.1,10.1.1.50`
Retrieve standard DNS records:
`./dnsrecon.rb -t std -d example.com`
Enumerate subdornains:
`./dnsrecon.rb -t brt -d example.com -w hosts.txt`
DNS zone transfer:
`./dnsrecon -d example.com -t axfr`
## Parsing NMAP Reverse DNS Lookup
`nmap -R -sL -Pn -dns-servers dns svr ip range | awk '{if( ($1" "$2" "$3)=="NMAP scan report")print$5" "$6}' | sed 's/(//g' | sed 's/)//g' dns.txt `

4
programming_and_scripting_for_cybersecurity/recon_scripts/host_DNS_enum.sh Normal file
View file

@ -0,0 +1,4 @@
# quick script to get IP addresses from a predefined domain list text file.
#create a file called domains.txt and exec the following one-liner script.
for url in $(cat domains.txt); do host $url; done | grep "has address" | cut -d " " -f 4 | sort -u

24
programming_and_scripting_for_cybersecurity/recon_scripts/http_sniffer.py Normal file
View file

@ -0,0 +1,24 @@
#!/usr/bin/python
from __future__ import print_function
import socket
s=socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0800))
while True:
data=s.recvfrom(65535)
try:
if "HTTP" in data[0][54:]:
print("[","="*30,']')
raw=data[0][54:]
if "\r\n\r\n" in raw:
line=raw.split('\r\n\r\n')[0]
print("[*] Header Captured ")
print(line[line.find('HTTP'):])
else:
print(raw)
else:
#print '[{}]'.format(data)
pass
except:
pass

32
programming_and_scripting_for_cybersecurity/recon_scripts/python_nmap.py Normal file
View file

@ -0,0 +1,32 @@
#!/usr/bin/python
# Author: Omar Santos @santosomar
# version 1.0
# This is a quick demonstration on how to use the python nmap library
# * Pre-requisite: nmap python library.
# * Install it with pip install python-nmap
#####################################################################
import sys
try:
import nmap
except:
sys.exit("[!] It looks like the nmap library is not installed in your system. You can install it with: pip install python-nmap")
# The arguments to be processed
if len(sys.argv) != 3:
sys.exit("Please provide two arguments the first being the targets the second the ports")
addr = str(sys.argv[1])
port = str(sys.argv[2])
# the scanner part
my_scanner = nmap.PortScanner()
my_scanner.scan(addr, port)
for host in my_scanner.all_hosts():
if not my_scanner[host].hostname():
print("Not able to find the hostname for IP address %s") % (host)
else:
print("The hostname for IP address %s is %s") % (host, my_scanner[host].hostname())
#this prints the results of the scan in a csv file.
print(my_scanner.csv())

252
programming_and_scripting_for_cybersecurity/recon_scripts/python_nmap_examples.ipynb Normal file
View file

@ -0,0 +1,252 @@
{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Omar's Python-nmap Examples\n",
"python-nmap is a python library which helps in using nmap port scanner and create your own tools. It allows to easily manipulate nmap scan results and is great if you want to automate scanning tasks and reports. It also supports nmap script outputs.\n",
"Install python-nmap using `pip` or `pip3` (`pip3` is recommended, since you should be using Python3 instead of Python2 😁), as shown below:\n",
"```\n",
" pip3 install python-nmap\n",
"Collecting python-nmap\n",
" Downloading python-nmap-0.6.1.tar.gz (41 kB)\n",
" |████████████████████████████████| 41 kB 2.1 MB/s\n",
"Building wheels for collected packages: python-nmap\n",
" Building wheel for python-nmap (setup.py) ... done\n",
" Created wheel for python-nmap: filename=python_nmap-0.6.1-py3-none-any.whl size=19325 sha256=68d8319be838af5829a61754c289de9156c8035955900d084601fa8623e36fc0\n",
" Stored in directory: /Users/omar/Library/Caches/pip/wheels/e8/19/6a/555b2642846c6665ebe3ee8c788115cd8a68398adfe3c55708\n",
"Successfully built python-nmap\n",
"Installing collected packages: python-nmap\n",
"Successfully installed python-nmap-0.6.1\n",
"```"
]
},
{
"cell_type": "code",
"execution_count": 1,
"metadata": {},
"outputs": [],
"source": [
"# importing the nmap module\n",
"import nmap"
]
},
{
"cell_type": "code",
"execution_count": 3,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"{'nmap': {'command_line': 'nmap -oX - -sV 192.168.78.7',\n",
" 'scaninfo': {'tcp': {'method': 'syn',\n",
" 'services': '1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389'}},\n",
" 'scanstats': {'timestr': 'Sun Dec 13 20:14:55 2020',\n",
" 'elapsed': '11.49',\n",
" 'uphosts': '1',\n",
" 'downhosts': '0',\n",
" 'totalhosts': '1'}},\n",
" 'scan': {'192.168.78.7': {'hostnames': [{'name': '', 'type': ''}],\n",
" 'addresses': {'ipv4': '192.168.78.7'},\n",
" 'vendor': {},\n",
" 'status': {'state': 'up', 'reason': 'reset'},\n",
" 'tcp': {22: {'state': 'open',\n",
" 'reason': 'syn-ack',\n",
" 'name': 'ssh',\n",
" 'product': 'OpenSSH',\n",
" 'version': '7.9p1 Debian 10+deb10u2',\n",
" 'extrainfo': 'protocol 2.0',\n",
" 'conf': '10',\n",
" 'cpe': 'cpe:/o:linux:linux_kernel'},\n",
" 111: {'state': 'open',\n",
" 'reason': 'syn-ack',\n",
" 'name': 'rpcbind',\n",
" 'product': '',\n",
" 'version': '2-4',\n",
" 'extrainfo': 'RPC #100000',\n",
" 'conf': '10',\n",
" 'cpe': ''},\n",
" 139: {'state': 'open',\n",
" 'reason': 'syn-ack',\n",
" 'name': 'netbios-ssn',\n",
" 'product': 'Samba smbd',\n",
" 'version': '3.X - 4.X',\n",
" 'extrainfo': 'workgroup: WORKGROUP',\n",
" 'conf': '10',\n",
" 'cpe': 'cpe:/a:samba:samba'},\n",
" 445: {'state': 'open',\n",
" 'reason': 'syn-ack',\n",
" 'name': 'netbios-ssn',\n",
" 'product': 'Samba smbd',\n",
" 'version': '3.X - 4.X',\n",
" 'extrainfo': 'workgroup: WORKGROUP',\n",
" 'conf': '10',\n",
" 'cpe': 'cpe:/a:samba:samba'},\n",
" 2049: {'state': 'open',\n",
" 'reason': 'syn-ack',\n",
" 'name': 'nfs_acl',\n",
" 'product': '',\n",
" 'version': '3',\n",
" 'extrainfo': 'RPC #100227',\n",
" 'conf': '10',\n",
" 'cpe': ''},\n",
" 3128: {'state': 'open',\n",
" 'reason': 'syn-ack',\n",
" 'name': 'http',\n",
" 'product': 'Proxmox Virtual Environment REST API',\n",
" 'version': '3.0',\n",
" 'extrainfo': '',\n",
" 'conf': '10',\n",
" 'cpe': 'cpe:/a:proxmox:proxmox_virtual_environment:3.0'}}}}}"
]
},
"execution_count": 3,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"# adding the port scanner function as nm.\n",
"nm = nmap.PortScanner()\n",
"\n",
"# performing a TCP SYN scan against a host with the IP address 192.168.78.7.\n",
"nm.scan('192.168.78.7')"
]
},
{
"cell_type": "code",
"execution_count": 4,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"<bound method PortScannerHostDict.state of {'hostnames': [{'name': '', 'type': ''}], 'addresses': {'ipv4': '192.168.78.7'}, 'vendor': {}, 'status': {'state': 'up', 'reason': 'reset'}, 'tcp': {22: {'state': 'open', 'reason': 'syn-ack', 'name': 'ssh', 'product': 'OpenSSH', 'version': '7.9p1 Debian 10+deb10u2', 'extrainfo': 'protocol 2.0', 'conf': '10', 'cpe': 'cpe:/o:linux:linux_kernel'}, 111: {'state': 'open', 'reason': 'syn-ack', 'name': 'rpcbind', 'product': '', 'version': '2-4', 'extrainfo': 'RPC #100000', 'conf': '10', 'cpe': ''}, 139: {'state': 'open', 'reason': 'syn-ack', 'name': 'netbios-ssn', 'product': 'Samba smbd', 'version': '3.X - 4.X', 'extrainfo': 'workgroup: WORKGROUP', 'conf': '10', 'cpe': 'cpe:/a:samba:samba'}, 445: {'state': 'open', 'reason': 'syn-ack', 'name': 'netbios-ssn', 'product': 'Samba smbd', 'version': '3.X - 4.X', 'extrainfo': 'workgroup: WORKGROUP', 'conf': '10', 'cpe': 'cpe:/a:samba:samba'}, 2049: {'state': 'open', 'reason': 'syn-ack', 'name': 'nfs_acl', 'product': '', 'version': '3', 'extrainfo': 'RPC #100227', 'conf': '10', 'cpe': ''}, 3128: {'state': 'open', 'reason': 'syn-ack', 'name': 'http', 'product': 'Proxmox Virtual Environment REST API', 'version': '3.0', 'extrainfo': '', 'conf': '10', 'cpe': 'cpe:/a:proxmox:proxmox_virtual_environment:3.0'}}}>"
]
},
"execution_count": 4,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"# Obtaining the state information about the scanned host.\n",
"nm['192.168.78.7'].state"
]
},
{
"cell_type": "code",
"execution_count": 5,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"'nmap -oX - -sV 192.168.78.7'"
]
},
"execution_count": 5,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"# you can also view the command line arguments for the previous command with:\n",
"nm.command_line()"
]
},
{
"cell_type": "code",
"execution_count": 6,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"{'tcp': {'method': 'syn',\n",
" 'services': '1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389'}}"
]
},
"execution_count": 6,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"# displaying the scan information\n",
"nm.scaninfo()"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# A Script Example\n",
"```\n",
"#!/usr/bin/python\n",
"# Author: Omar Santos @santosomar\n",
"# version 1.0\n",
"# This is a quick demonstration on how to use the python nmap library\n",
"# * Pre-requisite: nmap python library.\n",
"# * Install it with pip3 install python-nmap\n",
"#####################################################################\n",
"\n",
"import sys\n",
"try:\n",
" import nmap\n",
"except:\n",
" sys.exit(\"[!] It looks like the nmap library is not installed in your system. You can install it with: pip3 install python-nmap\")\n",
"\n",
"# The arguments to be processed\n",
"if len(sys.argv) != 3:\n",
" sys.exit(\"Please provide two arguments the first being the targets the second the ports\")\n",
"addr = str(sys.argv[1])\n",
"port = str(sys.argv[2])\n",
"\n",
"# the scanner part\n",
"\n",
"my_scanner = nmap.PortScanner()\n",
"my_scanner.scan(addr, port)\n",
"for host in my_scanner.all_hosts():\n",
" if not my_scanner[host].hostname():\n",
" print(\"Not able to find the hostname for IP address %s\") % (host)\n",
" else:\n",
" print(\"The hostname for IP address %s is %s\") % (host, my_scanner[host].hostname())\n",
"\n",
"#this prints the results of the scan in a csv file.\n",
"print(my_scanner.csv())\n",
"```"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": []
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.8.6"
}
},
"nbformat": 4,
"nbformat_minor": 4
}

18
programming_and_scripting_for_cybersecurity/recon_scripts/python_sniffer.py Normal file
View file

@ -0,0 +1,18 @@
#!/usr/bin/python
# Author: Omar Santos @santosomar
# version 1.0
# This is a quick demonstration on how to create a
# snifffer (packet capture script) using python.
#####################################################################
from __future__ import print_function
import socket
#create an INET, raw socket
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
# receive a packet
while True:
# print output on terminal
print(s.recvfrom(65565))

55
programming_and_scripting_for_cybersecurity/recon_scripts/quick_scanner.py Normal file
View file

@ -0,0 +1,55 @@
#!/usr/bin/python
# Author: Omar Santos @santosomar
# version 1.0
# This is a quick demonstration on how to create a
# basic TCP port scanner using python.
#####################################################################
from __future__ import print_function
import socket, subprocess, sys
try:
raw_input # Python 2
except NameError:
raw_input = input # Python 3
subprocess.call('clear', shell=True)
print('''\t
#####################
OMAR'S QUICK SCANNER
#####################
''')
target_ip = raw_input("\t Please enter the IP address of the target host:").strip()
port_1 = int(raw_input("\t Enter the first port to scan:\t").strip())
port_2 = int(raw_input("\t Enter the last port to scan:\t").strip())
print("~"*50)
print("\n ...scanning target now. ", target_ip)
print("~"*50)
try:
for port in range(port_1, port_2):
sock= socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socket.setdefaulttimeout(1)
result = sock.connect_ex((target_ip, port))
if result==0:
print("Found open port:\t", port)
sock.close()
except KeyboardInterrupt:
print("[!] Scan stopped by user... ")
sys.exit()
except socket.gaierror:
print("[!] The target's hostname could not be resolved...")
sys.exit()
except socket.error:
print("[!] Target is unreachable...")
sys.exit()
print("The scan is complete. Happy hacking!")

232
programming_and_scripting_for_cybersecurity/recon_scripts/scapscan.py Normal file
View file

@ -0,0 +1,232 @@
#!/usr/bin/python
"""
Author: Omar Santos @santosomar
version 1.0
This is a quick demonstration on how to use the scapy as a scanner
* Pre-requisite: scapy, prettytable, argparse
"""
from __future__ import print_function
import sys
import prettytable
import argparse
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR) #This is supress scapy warnings
from scapy.all import *
#conf.iface='eth0' # network interface to use
conf.verb=0 # enable verbose mode - Is this actually working?
conf.nofilter=1
def tcp_connect_scan(dst_ip,dst_port,dst_timeout):
src_port = RandShort()
tcp_connect_scan_resp = sr1(IP(dst=dst_ip)/TCP(sport=src_port,dport=dst_port,flags="S"),timeout=dst_timeout)
if(str(type(tcp_connect_scan_resp))=="<type 'NoneType'>"):
return "Closed"
elif(tcp_connect_scan_resp.haslayer(TCP)):
if(tcp_connect_scan_resp.getlayer(TCP).flags == 0x12):
send_rst = sr(IP(dst=dst_ip)/TCP(sport=src_port,dport=dst_port,flags="AR"),timeout=dst_timeout)
return "Open"
elif (tcp_connect_scan_resp.getlayer(TCP).flags == 0x14):
return "Closed"
else:
return "CHECK"
def stealth_scan(dst_ip,dst_port,dst_timeout):
src_port = RandShort()
stealth_scan_resp = sr1(IP(dst=dst_ip)/TCP(sport=src_port,dport=dst_port,flags="S"),timeout=dst_timeout)
if(str(type(stealth_scan_resp))=="<type 'NoneType'>"):
return "Filtered"
elif(stealth_scan_resp.haslayer(TCP)):
if(stealth_scan_resp.getlayer(TCP).flags == 0x12):
send_rst = sr(IP(dst=dst_ip)/TCP(sport=src_port,dport=dst_port,flags="R"),timeout=dst_timeout)
return "Open"
elif (stealth_scan_resp.getlayer(TCP).flags == 0x14):
return "Closed"
elif(stealth_scan_resp.haslayer(ICMP)):
if(int(stealth_scan_resp.getlayer(ICMP).type)==3 and int(stealth_scan_resp.getlayer(ICMP).code) in [1,2,3,9,10,13]):
return "Filtered"
else:
return "CHECK"
def xmas_scan(dst_ip,dst_port,dst_timeout):
xmas_scan_resp = sr1(IP(dst=dst_ip)/TCP(dport=dst_port,flags="FPU"),timeout=dst_timeout)
if (str(type(xmas_scan_resp))=="<type 'NoneType'>"):
return "Open|Filtered"
elif(xmas_scan_resp.haslayer(TCP)):
if(xmas_scan_resp.getlayer(TCP).flags == 0x14):
return "Closed"
elif(xmas_scan_resp.haslayer(ICMP)):
if(int(xmas_scan_resp.getlayer(ICMP).type)==3 and int(xmas_scan_resp.getlayer(ICMP).code) in [1,2,3,9,10,13]):
return "Filtered"
else:
return "CHECK"
def fin_scan(dst_ip,dst_port,dst_timeout):
fin_scan_resp = sr1(IP(dst=dst_ip)/TCP(dport=dst_port,flags="F"),timeout=dst_timeout)
if (str(type(fin_scan_resp))=="<type 'NoneType'>"):
return "Open|Filtered"
elif(fin_scan_resp.haslayer(TCP)):
if(fin_scan_resp.getlayer(TCP).flags == 0x14):
return "Closed"
elif(fin_scan_resp.haslayer(ICMP)):
if(int(fin_scan_resp.getlayer(ICMP).type)==3 and int(fin_scan_resp.getlayer(ICMP).code) in [1,2,3,9,10,13]):
return "Filtered"
else:
return "CHECK"
def null_scan(dst_ip,dst_port,dst_timeout):
null_scan_resp = sr1(IP(dst=dst_ip)/TCP(dport=dst_port,flags=""),timeout=dst_timeout)
if (str(type(null_scan_resp))=="<type 'NoneType'>"):
return "Open|Filtered"
elif(null_scan_resp.haslayer(TCP)):
if(null_scan_resp.getlayer(TCP).flags == 0x14):
return "Closed"
elif(null_scan_resp.haslayer(ICMP)):
if(int(null_scan_resp.getlayer(ICMP).type)==3 and int(null_scan_resp.getlayer(ICMP).code) in [1,2,3,9,10,13]):
return "Filtered"
else:
return "CHECK"
def ack_flag_scan(dst_ip,dst_port,dst_timeout):
ack_flag_scan_resp = sr1(IP(dst=dst_ip)/TCP(dport=dst_port,flags="A"),timeout=dst_timeout)
if (str(type(ack_flag_scan_resp))=="<type 'NoneType'>"):
return "Stateful firewall present\n(Filtered)"
elif(ack_flag_scan_resp.haslayer(TCP)):
if(ack_flag_scan_resp.getlayer(TCP).flags == 0x4):
return "No firewall\n(Unfiltered)"
elif(ack_flag_scan_resp.haslayer(ICMP)):
if(int(ack_flag_scan_resp.getlayer(ICMP).type)==3 and int(ack_flag_scan_resp.getlayer(ICMP).code) in [1,2,3,9,10,13]):
return "Stateful firewall present\n(Filtered)"
else:
return "CHECK"
def window_scan(dst_ip,dst_port,dst_timeout):
window_scan_resp = sr1(IP(dst=dst_ip)/TCP(dport=dst_port,flags="A"),timeout=dst_timeout)
if (str(type(window_scan_resp))=="<type 'NoneType'>"):
return "No response"
elif(window_scan_resp.haslayer(TCP)):
if(window_scan_resp.getlayer(TCP).window == 0):
return "Closed"
elif(window_scan_resp.getlayer(TCP).window > 0):
return "Open"
else:
return "CHECK"
def udp_scan(dst_ip,dst_port,dst_timeout):
udp_scan_resp = sr1(IP(dst=dst_ip)/UDP(dport=dst_port),timeout=dst_timeout)
if (str(type(udp_scan_resp))=="<type 'NoneType'>"):
retrans = []
for count in range(0,3):
retrans.append(sr1(IP(dst=dst_ip)/UDP(dport=dst_port),timeout=dst_timeout))
for item in retrans:
if (str(type(item))!="<type 'NoneType'>"):
udp_scan(dst_ip,dst_port,dst_timeout)
return "Open|Filtered"
elif (udp_scan_resp.haslayer(UDP)):
return "Open"
elif(udp_scan_resp.haslayer(ICMP)):
if(int(udp_scan_resp.getlayer(ICMP).type)==3 and int(udp_scan_resp.getlayer(ICMP).code)==3):
return "Closed"
elif(int(udp_scan_resp.getlayer(ICMP).type)==3 and int(udp_scan_resp.getlayer(ICMP).code) in [1,2,9,10,13]):
return "Filtered"
else:
return "CHECK"
def start(your_target,your_ports,your_timeout):
x = prettytable.PrettyTable(["Port No.","TCP Connect Scan","Stealth Scan","XMAS Scan","FIN Scan","NULL Scan", "ACK Flag Scan", "Window Scan", "UDP Scan"])
x.align["Port No."] = "l"
user_dst_ip = your_target
port_list = your_ports
user_dst_timeout = your_timeout
print("[+] Target : %s\n" % user_dst_ip)
print("[*] Scan started\n")
for i in port_list:
tcp_connect_scan_res = tcp_connect_scan(user_dst_ip,int(i),int(user_dst_timeout))
stealth_scan_res = stealth_scan(user_dst_ip,int(i),int(user_dst_timeout))
xmas_scan_res = xmas_scan(user_dst_ip,int(i),int(user_dst_timeout))
fin_scan_res = fin_scan(user_dst_ip,int(i),int(user_dst_timeout))
null_scan_res = null_scan(user_dst_ip,int(i),int(user_dst_timeout))
ack_flag_scan_res = ack_flag_scan(user_dst_ip,int(i),int(user_dst_timeout))
window_scan_res = window_scan(user_dst_ip,int(i),int(user_dst_timeout))
udp_scan_res = udp_scan(user_dst_ip,int(i),int(user_dst_timeout))
x.add_row([i,tcp_connect_scan_res,stealth_scan_res,xmas_scan_res,fin_scan_res,null_scan_res,ack_flag_scan_res,window_scan_res,udp_scan_res])
print(x)
print("\n[*] Scan completed\n")
def banner():
bannerTxt = """
************************************************************
#### #### ## ##### #### #### ## # #
# # # # # # # # # # # # ## #
#### # # # # # #### # # # # # #
# # ###### ##### # # ###### # # #
# # # # # # # # # # # # # # ##
#### #### # # # #### #### # # # #
A demonstration by Omar Santos on how to use scapy for scanning purposes. Part of the Cybersecurity classes at: https://h4cker.org
This tool supports TCP Connect Scans, Stealth Scans, XMAS Scans, FIN Scans, NULL Scans, ACK Flag Scans, Window Scans, and UDP Scans.
usage: scapy_stealth_scan.py [-h] [-p] [-pl] [-pr] [-t] target
************************************************************
"""
print(bannerTxt)
def main():
parser = argparse.ArgumentParser(description=banner())
parser.add_argument("target", help="Target address")
parser.add_argument("-p", metavar="", help="Single port e.g. 80")
parser.add_argument("-pl", metavar="", help="Port list e.g. 21,22,80")
parser.add_argument("-pr", metavar="", help="Port range e.g. 20-30")
parser.add_argument("-t", metavar="", type=int, default=2, help="Timeout value (default 2)")
args = parser.parse_args()
target = args.target
ports = []
if args.p:
p = args.p
ports.append(p)
if args.pl:
pl = (args.pl).split(",")
ports += pl
if args.pr:
pr = (args.pr).split("-")
pr.sort()
pr_item1 = int(pr[0])
pr_item2 = int(pr[1])+1
new_pr = range(pr_item1,pr_item2,1)
ports += new_pr
timeout = int( args.t)
if(not len(ports)>0):
print("No ports specified.\nUse -h or --help to see the help menu")
exit(0)
ports = list(set(ports))
new_ports=[]
for item in ports:
new_ports.append(int(item))
ports = new_ports
ports.sort()
start(target,ports,timeout)
if __name__ == "__main__":
main()

104
programming_and_scripting_for_cybersecurity/recon_scripts/simple_scapy_scan.py Normal file
View file

@ -0,0 +1,104 @@
import argparse
from scapy.all import *
def arp_scan(ip):
"""
Network scanning using ARP requests to an IP address or a range of IP addresses.
Args:
ip (str): An IP address or IP address range to scan. For example:
- 192.168.88.1 to scan a single IP address
- 192.168.88.1/24 to scan a range of IP addresses.
Returns:
A list of dictionaries mapping IP addresses to MAC addresses. For example:
[
{'IP': '192.168.88.1', 'MAC': 'D3:4D:B3:3F:88:99'}
]
"""
request = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip)
ans, unans = srp(request, timeout=2, retry=1)
result = []
for sent, received in ans:
result.append({'IP': received.psrc, 'MAC': received.hwsrc})
return result
def tcp_scan(ip, ports):
"""
TCP SYN scanning.
Args:
ip (str): An IP address or hostname to target.
ports (list or tuple of int): A list or tuple of ports to scan.
Returns:
A list of ports that are open.
"""
try:
syn = IP(dst=ip) / TCP(dport=ports, flags="S")
except socket.gaierror:
raise ValueError('Hostname {} could not be resolved.'.format(ip))
ans, unans = sr(syn, timeout=2, retry=1)
result = []
for sent, received in ans:
if received[TCP].flags == "SA":
result.append(received[TCP].sport)
return result
def main():
parser = argparse.ArgumentParser()
subparsers = parser.add_subparsers(
dest="command", help="Command to perform.", required=True
)
arp_subparser = subparsers.add_parser(
'ARP', help='Perform a network scan using ARP requests.'
)
arp_subparser.add_argument(
'IP', help='An IP address (e.g. 192.168.88.1) or address range (e.g. 192.168.88.0/24) to scan.'
)
tcp_subparser = subparsers.add_parser(
'TCP', help='Perform a TCP scan using SYN packets.'
)
tcp_subparser.add_argument('IP', help='An IP address or hostname to target.')
tcp_subparser.add_argument(
'ports', nargs='+', type=int,
help='Ports to scan, delimited by spaces. When --range is specified, scan a range of ports. Otherwise, scan individual ports.'
)
tcp_subparser.add_argument(
'--range', action='store_true',
help='Specify a range of ports. When this option is specified, <ports> should be given as <low_port> <high_port>.'
)
args = parser.parse_args()
if args.command == 'ARP':
result = arp_scan(args.IP)
for mapping in result:
print('{} ==> {}'.format(mapping['IP'], mapping['MAC']))
elif args.command == 'TCP':
if args.range:
ports = tuple(args.ports)
else:
ports = args.ports
try:
result = tcp_scan(args.IP, ports)
except ValueError as error:
print(error)
exit(1)
for port in result:
print('Port {} is open.'.format(port))
if __name__ == '__main__':
main()

13
programming_and_scripting_for_cybersecurity/recon_scripts/snmp.md Normal file
View file

@ -0,0 +1,13 @@
# Useful SNMP Commands
# Search for Windows installed software
`smpwalk !grep hrSWinstalledName`
## Search for Windows users
`snmpwalk ip 1.3 lgrep --.1.2.25 -f4`
## Search for Windows running services
`snrnpwalk -c public -v1 ip 1 lgrep hrSWRJnName !cut -d" " -f4`
## Search for Windows open TCP ports
`smpwalk lgrep tcpConnState !cut -d" " -f6 !sort -u`

25
programming_and_scripting_for_cybersecurity/recon_scripts/tcpdump.md Normal file
View file

@ -0,0 +1,25 @@
# Useful `tcpdump` commands
### TCPDUMP Cheat Sheet
* [TCPDUMP Cheat Sheet](http://packetlife.net/media/library/12/tcpdump.pdf) is a good resource (I also have a local copy in this repository)
### TCP traffic on port 80-88
`tcpdump -nvvX -sO -i ethO tcp portrange 80-88`
### Capturing traffic to specific IP address excluding specific subnet
`tcpdump -I ethO -tttt dst ip and not net 10.10.10.0/24`
### Capturing traffic for a specific host
`tcpdump host 10.1.1.1`
### Capturing traffic for a specific subnet
`tcpdump net 10.1.1`
### Capturing traffic for a given duration in seconds
`dumpcap -I ethO -a duration: sec -w file myfile.pcap`
### Replaying a PCAP
`file2cable -i ethO -f file.pcap`
### Replaying packets (to fuzz/DoS)
`tcpreplay--topspeed --loop=O --intf=ethO pcap_file_to_replay mbps=10|100|1000

BIN
programming_and_scripting_for_cybersecurity/recon_scripts/tcpdump.pdf Normal file
View file

Binary file not shown.