Contribute Media
A thank you to everyone who makes this possible: Read More

Ethical hacking with Python tools

Description

Jose Manuel Ortega - Ethical hacking with Python tools [EuroPython 2016] [21 July 2016] [Bilbao, Euskadi, Spain] (https://ep2016.europython.eu//conference/talks/ethical-hacking-with-python-tools)

Python, as well as offering an ecosystem of tools for testing security and application pentesting.Python offers a tool ecosystem for developing our own tools security for testing applications and the servers security,identifying information about servers and potential vulnerabilities.

The ultimate objective is show a pentesting tool integrating some of the modules commented and try a demo showing info about our domain target and find vulnerabilities in it,


Nowdays, Python is the language more used for developing tools within the field of security. Many of the tools can be found today as port scanner, vulnerability analysis, brute force attacks and hacking of passwords are written in python. The goal of the talk would show the tools available within the Python API and third-party modules for developing our own pentesting and security tools and finally show a pentesting tool integrating some of the modules.

The main topics of the talk could include:

1.Enter Python language as platform for developing security tools

Introduction about the main libraries we can use for introducing in development of security tools such as socket and requests.

2.Libraries for obtain servers information such as Shodan, pygeocoder,pythonwhois

Shodan is a search engine that lets you find specific computers (routers, servers, etc.) and get information about ports and services that are opened.

3.Analysis and metadata extraction in Python for images and documents

Show tools for scraping web data and obtain metadata information in documents and images

4.Port scanning with tools like python-nmap

With python-nmap module we can check ports open for a target ip or domain.

5.Check vulnerabilities in FTP and SSH servers

With libraries like ftplib and paramiko we can check if the server is vulnerable to ftp and ssh anonymous connections.

Improve this page