Python Pentest Cheat Sheet Common Ports Reference

Simple GET request for html source host> -p <target port>')

parser.add_option('-H', dest='tgtHost',
import httplib
type='string',\
connection = help='specify target host')
httplib.HTTPConnection("xyz_website.com") parser.add_option('-p', dest='tgtPort',
connection.request("GET", "/index.html") type='string',\
response = connection.getresponse() help='specify target port[s]
relevant_payload = response.read() separated by comma')
print(relevant_payload) (options, args) = parser.parse_args()
tgtHost = options.tgtHost
2Get http response headers tgtPorts = str(options.tgtPort).split(',')
import urllib2 if (tgtHost == None) | (tgtPorts[0] == None):
url = 'http://xyz_website.com' print parser.usage
headers = { 'User-Agent' : 'Mozilla/5.0 (Windows NT exit(0)
6.3; WOW64)' } for tgtPort in tgtPorts:
nmapScan(tgtHost, tgtPort)
request = urllib2.Request(url, None, headers) if __name__ == '__main__':
response = urllib2.urlopen(request) main()
headers = response.headers
print(headers)
Capture cookies generation/possibly session IDs Site recon – scraping links from target
from anonBrowser import * from anonBrowser import *
#import anonBrowser from BeautifulSoup import BeautifulSoup
import os
import optparse
ab = anonBrowser(proxies=[],\ import re
user_agents=[('User-agent','My browser')]) def printLinks(url):
ab = anonBrowser()
for attempt in range(1, 10 ): ab.anonymize()
ab.anonymize() page = ab.open(url)
print '[*] Fetching page' html = page.read()
response = ab.open('http://google.com') try:
print '[+] Printing Links From Regex.'
for cookie in ab.cookie_jar: link_finder = re.compile('href="(.*?)"')
print cookieprint(headers) links = link_finder.findall(html)
Testing for anonymous FTP login for link in links:
import ftplib print link
def testAnonymousLogin(hostname): except:
pass
try: try:
ftp = ftplib.FTP(hostname) print '\n[+] Printing Links From BeautifulSoup.'
ftp.login('anonymous', 'xyz@gmail.com') soup = BeautifulSoup(html)
print '\n[*] ' + str(hostname) +\ links = soup.findAll(name='a')
' FTP Anonymous Logon Succeeded.' for link in links:
ftp.quit() if link.has_key('href'):
return True print link['href']
except:
except Exception, e: pas
print '\n[-] ' + str(hostname) +\ def main():
' FTP Anonymous Logon Failed!' parser = optparse.OptionParser('usage %prog ' +\
return False '-u <target url including protocol>')
host = 'xyz_website.com' parser.add_option('-u', dest='tgtURL', PDF version is available at LIFARS.com
testAnonymousLogin(host) type='string',\
help='specify target url') LIFARS is a digital forensics and cybersecurity intelligence firm based in
Nmap scan using python (options, args) = parser.parse_args() New York City. Our incident response and penetration testing teams
import nmap url = options.tgtURL consist of the top experts in the field. As a testament to our excellence,
import optparse if url == None:
def nmapScan(tgtHost,tgtPort): LIFARS was ranked the #2 cybersecurity company in New York Metro
print parser.usage
nmScan = nmap.PortScanner() exit(0)
area on the Cybersecurity 500 list of the hottest and most innovative
nmScan.scan(tgtHost,tgtPort) else: cyber security companies.
state=nmScan[tgtHost]['tcp'][int(tgtPort)]['state'] printLinks(url) WARNING: Only scan hosts and networks
print "[*] " + tgtHost + " tcp/"+tgtPort +" "+state if __name__ == '__main__': that you own or have permission to scan!
def main(): main() Don’t be evil. LIFARS LLC is not responsible
parser = optparse.OptionParser('usage %prog '+\ for misuse of information provided in this
'-H <target
document.