Browse Source

More notes.

master
sıx 5 years ago committed by GitHub
parent
commit
809c823528
  1. 18
      30_raw_socket_struck_send.py
  2. 33
      31_scapy.py
  3. 32
      32_scapy_packet_injection.py
  4. 44
      33_web_parsing_beautifulsoup.py
  5. 22
      34_web_parsing_beautifulsoup_scraper.py
  6. 23
      35_web_mechanize.py
  7. 32
      36_web_mechanize_forms_click_links.py
  8. 25
      37_immunity_debugger_simple.py

18
30_raw_socket_struck_send.py

@ -0,0 +1,18 @@ @@ -0,0 +1,18 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
import socket
import struct
rawSocket = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(0x0800))
#rawSocket.bind(("eth0", socket.htons(0x0800)))
rawSocket.bind(("enp0s31f6", socket.htons(0x0800)))
# layer 2 message, then data
# src mac / dst mac / eth type
inet_header = struct.pack("!6s6s2s", '\xaa\xaa\xaa\xaa\xaa\xaa', '\xbb\xbb\xbb\xbb\xbb\xbb','\x08\x00') # 14 bytes
print len(inet_header)
rawSocket.send(inet_header + "Anything")

33
31_scapy.py

@ -0,0 +1,33 @@ @@ -0,0 +1,33 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#import scapy
from scapy.all import sniff
# from intractive mode: conf, ls(), ls(IP)
# note" conf.route.add(host="192.168.2.4", gw="192.168.2.5") / conf.route.resync() / etc...
pkts = sniff(iface="enp0s31f6", count=5)
print pkts[0]
print pkts[0].show
print hexdump(pkts[1])
# wrpcap("test.pcap", pkts) # write the packets into pcap file
# read_pkts = rdpcap("test.pcap") # read pcap
# read_pkts[0] # print pcap
pkts_filtered = sniff(iface="enp0s31f6", filter="icmp", count=5) # BPS filters
print pkts_filtered[1]
pks_live = sniff(iface="enp0s31f6", filter="icmp", count=2, prn=lambda x: x.summary())
# icmp_str = str(pkts[1])
# recon = Ether(icmp_str)
# print recon # this is more for fun / converting pkts to str and back using Ether
# newPkt = export_object(icmp_str) # packet into base64
# import_object(newPkt) # packet from base64
# Ether(newPkt) # and so on... :)

32
32_scapy_packet_injection.py

@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#import scapy
from scapy.all import Ether, IP, ICMP, TCP, sr, sr1
pkt = IP(dst="gentoo.org") # Simple packet creation
#print pkt.show()
pkt = IP(dst="gentoo.org")/ICMP()/"Not-Vivek was here" # ICMP packet creation with message
sr1(pkt)
# More tricks / tips
# sendp(Ether()/IP(dst="gentoo.org")/ICMP()/"any", iface="enp0s31f6", loop=1, inter=1) # Sending on layer 2 level, plus loop, but be carefule with that : ) + this is interactive command!
# Layer 3 send and receive: sr() sr1()
# Layer 2 send and receive: srp() srp1()
#srp1(Ether()/IP(dst="gentoo.org", ttl=22)/ICMP/"any")
#sr(IP(dst="gentoo.org", ttl=22)/ICMP()/"any")
#response, no_response = _
#print response[0] # print answer
#r1(IP(dst="gentoo.org"), timeout=4)

44
33_web_parsing_beautifulsoup.py

@ -0,0 +1,44 @@ @@ -0,0 +1,44 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
import requests
from bs4 import BeautifulSoup
# GET with requests, then parse with BeautifulSoup
r = requests.get("https://gentoo.org/")
print r.content
bt = BeautifulSoup(r.content, "lxml") # It's recommended to use LXML, not the default html parser.
print bt.title
print bt.title.string
# Find all metatags
allMetaTags = bt.find_all('meta')
print allMetaTags
allMetaTags = bt.find_all('meta')
print allMetaTags[2]
#allMetaTags = bt.find_all('meta')
#print allMetaTags[0]['content'] # Works in video, not here. wat?
# Print all links from the site
allLinks = bt.find_all('a')
print len(allLinks) # How many links do we have?
#print allLinks[1]
print allLinks[4]['href']
#print allLinks[1].string
# Print all text output, could be great for password list generations
print bt.get_text()
#Print all links
for link in allLinks:
print link['href']
# print bt.meta.next.next.next.next.next.next # Don't.

22
34_web_parsing_beautifulsoup_scraper.py

@ -0,0 +1,22 @@ @@ -0,0 +1,22 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
import requests
from bs4 import BeautifulSoup
# GET with requests, then parse with BeautifulSoup
#r = requests.get("https://gentoo.org/")
#print r.content
r = requests.get("http://securitytube.net/video/3000")
bs = BeautifulSoup(r.content, "lxml") # It's recommended to use LXML, not the default html parser.
print bs.title
videoLink = bs.find('iframe', {'title' : 'YouTube video player'})
print videoLink
print videoLink['src']
# To Be Continued !

23
35_web_mechanize.py

@ -0,0 +1,23 @@ @@ -0,0 +1,23 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
import mechanize
br = mechanize.Browser()
br.open('https://www.gentoo.org/donate')
# Dump all forms from gentoo.org/donate
for form in br.forms():
print form
br.select_form(nr=0) # 0 because of first form - it references to the first form.
br.form['amount'] = 'thanks!'
br.submit() # Done, submitted!
# Better idea is to implement it with: https://searx.me/
# Print list of links
for link in br.links():
print link.url + ' : ' + link.text

32
36_web_mechanize_forms_click_links.py

@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
import mechanize
# Note: mechanize takes care of cookies.
br=mechanize.Browser()
br.open('http://student.securitytube.net/login/index.php')
for form in br.forms():
print form
br.select_form(nr=0)
br.form['username'] = 'demo-user'
br.form['password'] = 'demouser1]M' # It won't work ;)
br.submit()
print br.response().read
for link in br.links():
print link.url + ' + ' + link.text
# It's different url now, just for example:
#new_link = br.click_link(text='moodle[IMG]Change Password')
#br.open(new_link)
#print br.response().read()
#for form in br.forms():
# print form

25
37_immunity_debugger_simple.py

@ -0,0 +1,25 @@ @@ -0,0 +1,25 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Place this file into PyCommands directory to use with Immunity Debugger.
import immlib
DESC = "This will be the Description in ID."
def main(args):
imm = immlib.Debugger() # This is what we attach to.
imm.log("Write that into ID log window!")
imm.updateLog() # Any pending line will be printed immediately!
td = imm.createTable("Any name", ['PID', 'Name', 'Path', 'Services'])
psList = imm.ps()
for process in psList:
td.add(0, [ str(process[0], process[1], process[2], str(process[3]))])
return "Welcome to ID Scripting."
Loading…
Cancel
Save