Overview
Explore ethical hacking techniques using Python tools in this 40-minute conference talk from EuroPython 2016. Dive into the Python ecosystem for security testing and application pentesting, learning to develop custom security tools for identifying server information and potential vulnerabilities. Discover how to integrate various Python modules to create a comprehensive pentesting tool, and witness a live demonstration targeting a domain to uncover vulnerabilities. Cover topics such as Python's role in security tool development, libraries for gathering server information (Shodan, pygeocoder, pythonwhois), metadata extraction from images and documents, port scanning with python-nmap, and vulnerability checks for FTP and SSH servers using ftplib and paramiko. Gain practical insights into web scraping, vulnerability analysis, and the application of popular security tools like The Harvester, Metasploit API, and Nexpose.
Syllabus
Intro
INDEX
Python Pentesting
The Harvester
Sockets Port scan
Socket resolving IP/domain
Banner server
Checking headers
Requests Authentication
BeautifulSoup
Internal/external links
Extract images and documents
Scrapy
Shodan
BuiltWith
Analysis metadata
Port Scanning
Python-nmap
NmapScanner Async
Mysql Scripts Nmap
Check FTP Login Anonymous
Check Webs sites
PyWebFuzz
Heartbleed
Advanced tools
Metasploit API call
Nexpose
Pentesting tool
Taught by
EuroPython Conference