=============================== Tool pentesting with Python

The main script is pentesting-tool.py and you need execute with python 2.7 Also you need install requeriments.txt and other modules like python-msfrpc

Install dependences from requeriments.txt

pip install -r requirements.txt

Introduction

This tool allows obtain information about a specific ip or domain.

It has options like port scanning and detect vulnerabilities in some ports like ftp or mysql

It has another advanced features like connecting with metasploit and nexpose for extracting information about vulnerabilities discovered in specific servers.

Using The tool

The first step is introduce the target ip or domain These are the options we can view when we have introduced a ip or domain:

1.Check Open Ports

This option checks the ports open for a target ip or domain

2.Port Scanning

This option checks the ports for a target ip or domain

3.Nmap Scanning advanced

Check ports in more advanced mode

4.Check Option methods

This option checks the methods(GET,POST,PUT,DELETE) a target ip or domain

If the server doesn't support this option methods,it show an message error

5.Check DNS Servers Info

This options show the info about DNS server for a target ip or domain

6.Check Host info fron Shodan Service

This option obtain info about the target ip from shodan services

For get info from Shodan services in the class ShodanSearch you can put your own shodanKey in the init method

7.NMAP Scanning

This option makes a port scanning with python-nmap and for each port checks if the port is open

If the port is open,checks the nmap scripts for detecting some vulnerability in the port or in the service

The ports to analyze are: 21,22,80,8080,443,5432,3306,27017,55553,1241,9160,5900

21-->FTP

22->SSH

80,8080-->HTTP

443-->SSL

5432-->POSTGRES SQL

3306-->MySQL

27017-->MongoDB

9160-->CASSANDRA

5900-->VNC

8.Host Info by Socket Call

Shows info about the call socket.gethostbyname(hostname)

9.GeoLocation Host Info

Shows server geolocation info with the pygeocoder library This options uses the 'GeoLiteCity.dat' file for obtain the geolocation info

10.Scraping for images and pdf & obtain metadata

Obtain images and pdfs from the server and metadata info that could be found inside images and pdfs

When images and pdfs are found in the server,a local folder is created for storing these items

11.Get Headers info

Check request headers info from ip and hostname

12.Get SSH user/password Brute Force

If the server has the port 22 open,we can try a brute force process with dictionary for users and passwords

The script is using 2 files,users.txt and passwords.txt

This files and other dictionaries can be download from repository

https://github.com/fuzzdb-project/fuzzdb/tree/master/wordlists-user-passwd/unix-os

These files can be found in the FuzzDB project: https://code.google.com/p/fuzzdb

13.Get FTP Anonymous access

If the server has the port 21 open,we can check if it has anonymous access activated

14.MetaSploitFrameWork

You must enter information about the server where metasploit is running

Introduce IP server where MetaSploit is running:

Introduce Port server where MetaSploit is running:

Introduce user for MetaSploit:

Introduce password for MetaSploit:

15.NexposeFramework

You must enter information about the server where nexpose is running

Introduce IP server where Nexpose is running:

Introduce Port server where Nexpose is running:

Introduce user for Nexpose:

Introduce password for Nexpose:

Logs

For each option ,a log file is generated

1.logOpenPorts.txt

2.logOptionMethods.txt

3.logDnsInfo.txt

4.logHostInfo.txt

5.logNScanningNmap.txt

6.logHostByName.txt

7.logGeoLocationInfo.txt

8.logScraping.txt

9.logCheckHeaders.txt

10.logSSHBruteForce.txt

11.logFTP.txt

12.metaSploit_log.txt

13.nexpose_log.txt

Libraries

These are the main libraries that we have to install in order to execute the program

Some libraries are easy install with pip and others like python-msfprc for metasploit framework must be install with the source code

Install requirements

pip install -r requirements.txt

pythonwhois

pip install pythonwhois

http://cryto.net/pythonwhois/install.html

ipwhois

pip install ipwhois

https://pypi.python.org/pypi/ipwhois

python-nmap

pip install python-nmap

https://pypi.python.org/pypi/python-nmap

pygeoip

pip install pygeoip

https://pypi.python.org/pypi/pygeoip

pygeocoder

pip install pygeocoder

https://pypi.python.org/pypi/pygeocoder

shodan

https://shodan.readthedocs.org/en/latest/tutorial.html#installation

dnspython

pip install dnspython

https://pypi.python.org/pypi/dnspython/1.12.0

paramiko

pip install paramiko

https://pypi.python.org/pypi/paramiko/1.15.2

Paramiko also requires pyCrypto

https://pypi.python.org/pypi/pycrypto

requests

pip install requests

http://www.python-requests.org/en/latest/user/install/#install

msgpack

pip install msgpack-python

https://pypi.python.org/pypi/msgpack-python

python-msfrpc

https://github.com/SpiderLabs/msfrpc/tree/master/python-msfrpc python setup install

PyPDF2

https://pypi.python.org/pypi/PyPDF2

lxml

pip install lxml

BeautifulSoup

pip install beautifulsoup4

http://www.crummy.com/software/BeautifulSoup

Selenium

pip install selenium

https://pypi.python.org/pypi/selenium

Pillow

Python Imaging Library

pip install Pillow

FTPLib

https://docs.python.org/2/library/ftplib.html

Scapy

It is used in an option for port scanning

http://www.secdev.org/projects/scapy

Ghost.py

It is used in check Headers && Clicjacking as webkit web client

http://jeanphix.me/Ghost.py/

Contact

Twitter

http://twitter.com/jmortegac

Web

http://about.me/jmortegac