Hello and welcome!
Today we are going to be building a few PenTesting tools with python.
I hope you understand every bit of code, if you do not let me know in the comments.Thank you so much for visiting and have a nice day
Lets get started. (If you see <!-- --> ignore it)
First we have a portscanner:
<!--
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server = input("Enter the victim to scan (without protocol) :")
z = int(input("range to start with (ex:22):"))
y = int(input("range to end with (ex:444)\nlast port will not be scanned, think one ahead\n:"))
def pscan(port):
try:
s.connect((server,port))
return True
except:
return False
for x in range(z,y):
if pscan(x):
print('Port' ,x,'is open !!!')
else:
print('Port',x,'is closed')
#Cons: Might give false positives
# You should probably use the NMAP Module
#Inspired by Sentdex
-->
Or you can use NMAP with Python instead:
<!--
import nmap
nm = nmap.PortScanner()
nm.scan('127.0.0.1', '22-443')
nm.command_line('nmap -oX - -p 22-443 127.0.0.1')
nm.scaninfo()
nm.all_hosts()
nm['127.0.0.1'].hostname() # get one hostname for host 127.0.0.1, usualy the user record
nm['127.0.0.1'].hostnames() # get list of hostnames
-->
Check the nmap-python documentation for more.
Next up we have a program that gets your IP trough
an IP API :
<!--
from requests import get
ip = get('https://api.ipify.org').text
print("Your ip:",ip)
-->
Next, with our MD5 Wordlist in which we have words:
>some11
>>framework
>someone
With framework being our "password" we are going to
give it to our houseMD.py file which will convert every word in the wordlist to md5 and compare it to our md5 hash that we want to decode. Since decoders sometimes give false positives for the first line of wordlist ive placed my "password" on the second place.
Here is the code:
<!--
def crackmd5():
import hashlib
hlwls = input("wordlist :")
h2c = input("hash to crack :")
wlines = open(hlwls,"r").readlines()
for i in range(0,len(wlines)):
hash2compute = hashlib.md5(wlines[i].replace("\n","").encode()).hexdigest()
if h2c == hash2compute:
print("Password found!\n>>"+wlines[i].replace("\n",""))
#proof of working :756457dc85f13450b3dfba2cbc1465e5
#this hash encodes "framework"
print("\nPassword not found.")
crackmd5()
-->
Then we have 2 locators, by hostname and by IP:
<!--
import json
import requests
import webbrowser
import socket
userentry = str(input("Enter the Website you want to locate:"))
hostResolver = socket.gethostbyname(userentry)
print("IP of the server gathered...\nIP :",hostResolver)
link = "http://ip-api.com/json/%s"% hostResolver
getter = requests.get(link)
textversion = getter.content
reader = json.loads(textversion)
print("Country: ",reader["countryCode"])
print("")
print("ISP :",reader["isp"])
print("With org. info:{}".format(reader["org"]))
print("")
print("Longitude :",reader["lon"])
print("Latitude :",reader["lat"])
print("Timezone :",reader["timezone"])
print("\nCalculating the city...")
print("City :",reader["regionName"])
print("ZIP code :",reader["zip"])
latitude = reader["lat"]
longitude = reader["lon"]
location = ("https://www.google.com/maps/place/{0},{1}".format(latitude,longitude))
print("Using link:",location)
webbrowser.open_new_tab(location)
-->
By IP
<!--
import json
import requests
import webbrowser
userentry = str(input("Enter the IP you want to locate:"))
link = "http://ip-api.com/json/%s"% userentry
getter = requests.get(link)
textversion = getter.content
reader = json.loads(textversion)
print("Country: ",reader["countryCode"])
print("")
print("ISP :",reader["isp"])
print("With org. info:{}".format(reader["org"]))
print("")
print("Longitude :",reader["lon"])
print("Latitude :",reader["lat"])
print("Timezone :",reader["timezone"])
print("\nCalculating the city...")
print("City :",reader["regionName"])
print("ZIP code :",reader["zip"])
latitude = reader["lat"]
longitude = reader["lon"]
location = ("https://www.google.com/maps/place/{0},{1}".format(latitude,longitude))
print("Using link:",location)
webbrowser.open_new_tab(location)
-->
Next, there is our directory fuzzer:
<!--
def fuzz():
import requests
fuzzlink = input("Enter the URL(include proto http/https) :")
fuzzexten = "/"
fuzzwordlist = input("Enter the Wordlist :")
wlslinije = open(fuzzwordlist, "r").readlines()
for k in range(0, len(wlslinije)):
enum = wlslinije[k].replace("\n","")
r = requests.get(fuzzlink+"/"+enum)
print(fuzzlink+"/"+enum)
print(r)
if r.status_code != 404:
print(fuzzlink+"/"+enum+fuzzexten+" - "+str(r.status_code))
#site to test :https://www.hackthis.co.uk
#extension / and wordlist in the map
## CODES ::::
#403 forbidden
#404 not working
#200 works !
#500 -internal server error
fuzz()
-->
and lastly, Simple IP/Email scraper, that should work with any website:
<!--
def ipscraper():
import re
import requests
webplace = input("Pick a website (include https:// or http://)\n>")
sauce = requests.get(webplace)
sauce2 = sauce.text
sauce3 = format(sauce2)
#https://free-proxy-list.net
lin0 = re.findall(r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b", sauce3)
print("IPs found:\n")
for i in lin0:
k = print(i, end="")
print("\n")
print("-")
lin2 = re.findall(r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{2,5}\b", sauce3)
print("Detecting IPs with ports.\n--------")
for lk in lin2:
lk = print(lk, end="")
print("\n")
def emailscraper():
#
import re
import requests
webplace = input("Pick a website (include https:// or http://)\n>")
sauce = requests.get(webplace)
sauce2 = sauce.text
sauce3 = format(sauce2)
lin0 = re.findall(r"[a-zA-Z0-9_.+-]+@[a-zA-Z0-9]+\.[a-zA-Z0-9]\w\w", sauce3)
print("E-mails found:\n")
for i in lin0:
k = print(i, end="")
print("\n")
print("-")
lin2 = re.findall(r"[a-zA-Z0-9_.+-]+@[a-zA-Z0-9]+\.[a-zA-Z0-9]\w", sauce3)
print("(EXPERIMENTAL)Detecting emails with 2 letters in the end.\nKeep in mind this might find the same email and put .co instead of .com \n\n--------\n")
for lk in lin2:
lk = print(lk, end="")
print("\n")
emailscraper()
#ipscraper()
-->
There we go, thank you so much for visiting and have a nice day :)
-Hox
