Black hat programming application of Python1

[ TOC]

0 x00 Foreword####

In security workers or penetration testing, we often need to build our own wheels to write automated scripts, so Python scripts can help us write response scanners and scripts faster;

Expansion pack:

0 x01 IP address processing module####

Description: When scanning many businesses, we may need to enter an IP segment to scan it. In writing Python scripts, it is inevitable to calculate the IP address, including network segment/netmask/broadcast address/subnet number/IP type and many more;

Therefore, Python provides us with a powerful third-party module IPy, install the module and execute pip install IPy;

(1) Basic processing of IP address/network segment:

# /usr/bin/env python
from IPy import IP

#1. Distinguish between IPv4 and IPv6 and IP type
ipv4=IP('192.168.1.0/24').version()
ipv6=IP('::1').version()
#4 Stands for IPv4 6 stands for IPv6
print(ipv4,"  ",ipv6)  # 46 
iptype = ip.iptype()  #'PRIVATE'Represents a private address
IP('132.54.56.25').iptype()  #'PUBLIC'Represents a public address
print(IP('::1').iptype())  #LOOPBACK
print(IP('2001:0658:022a:cafe:0200::1').iptype())  #ALLOCATED RIPE NCC

#2. Network segment IP number and IP address list
ip=IP('192.168.10.0/24')len(ip) #Also the number of network subnets
print(ip.len()) #Enter the number of IPs in the network segment 256for x in ip:  #Address list
 print(x)print(str(ip[2]))
# Print result
# 192.168.10.0
# ....
# 192.168.10.255

#3. IP reverse name resolution
ip=IP('192.168.1.8')
revname = ip.reverseNames() #['8.1.168.192.in-addr.arpa.']

#4. IP conversion
IP("192.168.1.1").int()  #3232235777 IP address conversion shaping
IP("192.168.1.1").strHex()  #'0xc0a80101'  #IP address to hexadecimal
IP("192.168.1.1").strBin() #'11000000101010000000000100000001' #To binary
print(IP(0xc0a80101))   #Convert hexadecimal to IP 192.168.1.1|IP('192.168.1.1')print(IP(3232235777))   #Convert decimal to IP192.168.1.1

#5. Network address subnet mask generation network segment format
IP('192.168.1.0').make_net('255.255.255.0')  #IP('192.168.1.0/24')IP('192.168.1.0/255.255.0.0',make_net=True)  #IP('192.168.0.0/16')IP('10.10.0.0/255.0.0.0',make_net=True)       #IP('10.0.0.0/8')IP('10.10.0.0-10.10.255.255',make_net=True)   #IP('10.10.0.0/16')

#6. Convert to IP and subnet mask through the network
IP('10.0.0.0/8').net() #IP('10.0.0.0')IP('10.0.0.0/8').broadcast()  #IP('10.255.255.255')Get the subnet mask according to the network segment
# Specify different wantprefixlen parameter values through the StrNormal method to customize the network segments of different output types
# wantprefixlen value
0: No return, such as 192.168.1.01: prefix format a.b.c.0/24|2001:658:22a:cafe::/64  #Default format
2 :Decimal netmask format a.b.c.d/255.255.255.03: lastIP format a.b.c.0-a.b.c.2552001:658:22a:cafe::-2001:658:22a:cafe:ffff:ffff:ffff:ffff
# Sample demonstration:
IP('192.168.1.0/30').strNormal(0)  #'192.168.1.0'Here you need to know the knowledge points of the subnet mask
IP('192.168.1.4/30').strNormal(0)  #'192.168.1.4'2^ (32-30=2)=4 IP as a group
IP('192.168.1.0/30').strNormal(1)  #'192.168.1.0/30'IP('192.168.1.0/30').strNormal()   #'192.168.1.0/30'IP('192.168.1.0/30').strNormal(2)  #'192.168.1.0/255.255.255.252'IP('192.168.1.0/30').strNormal(3)  #'192.168.1.0-192.168.1.3'  #Convert the number of hosts according to the subnet mask

(2) Multi-network calculation comparison:
Compare whether the two network segments contain overlaps, etc., IPy supports the comparison of numerical data, which can help IP objects to compare

#! /usr/bin/env python
# Example 1.Determine the interval of the network segment
IP("192.168.0.0/16")<IP("192.168.1.0/24") #True
IP("192.168.0.0/16")>IP("192.168.1.0/24") #False

# Determine whether the IP address or network segment is included in another network segment:
IP("192.168.0.0/16")inIP("192.168.1.0/24")  #False
IP("192.168.1.0/32")inIP("192.168.1.0/24")  #True

# Determine whether two network segments overlap,Using the overlaps method provided by IP
IP("192.168.1.0/32").overlaps("192.168.1.0/24") #1 contains
IP("192.168.2.5").overlaps("192.168.1.0/24")    #0 does not contain

[+ IPy module use case view](https://github.com/WeiyiGeek/Study-Promgram/blob/master/Python3/Python%E5%AE%89%E5%85%A8%E5%B9%B3%E5%8F %B0%E5%BB%BA%E8%AE%BE/Scan/ipinfo.py)

Useage:> ipinfo.py -t/-m 192.168.1.1-t Specify the IP type address for mutual conversion binary IP/Integer IP/Hexadecimal
- m Specify IP address or IP segment to view information
IP format 1: 192.168.1.1 
IP format 2: 192.168.1.0/24 
IP format 3: 192.168.1.1-192.168.1.254

0 x02 DNS processing module####

Description: dbspython in Python implements a DNS toolkit, supports all record types, is used to query/transmit and dynamically update ZONE information, and supports all record types;
Module installation: pip install dnspython

1. Detailed Method

dns provides a DNS resolution class-resolver, which uses its query method to implement query functions. The query method is defined as follows:

import dns.resolver

def query(qname, rdtype=dns.rdatatype.A, rdclass=dns.rdataclass.IN,
   tcp=False, source=None, raise_on_no_answer=True,
   source_port=0, lifetime=None):

The rdclass parameter is used to specify the network type, the optional values are IN, CH and HS, where IN is the default;
The tcp parameter indicates whether to enable the TCP protocol;
The rdtype parameter is used to specify the RR resource type:

Sample demonstration:

# Example 1.A record passes response.answer method to get query response information
for i in dns.resolver.query('www.qq.com.cn','A').response.answer:for j in i.items:print("A record:%s"% j.address)  #A record:61.129.226.218for i in dns.resolver.query('qq.com','A').response.answer:for j in i.items:print("A record:%s"% j.address)

# A record: 59.37.96.63
# A record: 58.60.9.21
# A record: 180.163.26.39

# Example 2.MX record
for i in dns.resolver.query('qq.com','MX'):print("MX preference = %s , mail exchanger = %s"%(i.preference,i.exchange))
# Traverse out preferences and mail exchange servers
# MX preference =20, mail exchanger = mx2.qq.com.
# MX preference =30, mail exchanger = mx1.qq.com.
# MX preference =10, mail exchanger = mx3.qq.com.

# Example 3.NS record (enter the root domain name)
for i in dns.resolver.query('qq.com','NS').response.answer:for j in i.items:print("NS record:%s"%j)

# Results of the
NS record: ns2.qq.com.
NS record: ns1.qq.com.
NS record: ns4.qq.com.
NS record: ns3.qq.com.

# Example 4.CNAME record
for i in dns.resolver.query('weiyigeek.github.io','CNAME').response.answer:for j in i.items:print("CNAME record:%s"%j) #CNAME record:www.weiyigeek.github.io.

# Example 5.SOA authorization area definition
for i in dns.resolver.query('baidu.com','SOA'):print(i)
# dns.baidu.com. sa.baidu.com.201214121830030025920007200

actual case:
[+ View on Github](https://github.com/WeiyiGeek/Study-Promgram/blob/master/Python3/Python%E5%AE%89%E5%85%A8%E5%B9%B3%E5%8F%B0% E5%BB%BA%E8%AE%BE/Scan/dnsinfo.py)

WeiyiGeek.dnsinfo information view

0 x01 web detection module####

pycurl module#####

Description: pycurl is a libcurl Python implementation written in C language, with powerful functions and support for multiple communication protocols. The Python package similar to the Curl command function under Linux is simple and easy to use;
Module installation:

# installation
pip install pycurl  #May report an error Please specify--curl-dir=/path/to/built/libcurl(Re-execute after installation)
# If error access: https://www.lfd.uci.edu/~gohlke/pythonlibs/#pycurl download pycurl-7.43.0.3-cp37-cp37m-win32.whl(According to your Python version)
Processing c:\users\weiyigeek\downloads\pycurl-7.43.0.3-cp37-cp37m-win32.whl
Installing collected packages: pycurl
Successfully installed pycurl-7.43.0.3

# View version
python -c "import pycurl;print(pycurl.version)"'PycURL/7.43.0.3 libcurl/7.64.1 OpenSSL/1.1.1c zlib/1.2.11 c-ares/1.15.0 libssh2/1.8.2'

The main function:

Common methods of modules:

pcurl = pycurl.Curl #Create object
pcurl.setopt(option,value)  #curl_easy_setopt method, value will depend on option
pcurl.perform() #Realize the request submission of pycurl objects
pcurl.getinfo(option) #Get pycurl object request response information
pcurl.close()

Use the constant values provided by the libcurl package to achieve the purpose of detecting the quality of Web services:

# setopt
pc.setopt(pycurl.URL, URL) #Define the requested URL
pc.setopt(pycurl.USERAGENT,"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0") #Set http request header USERAGENT
pc.setopt(pycurl.CONNECTTIMEOUT,5) #Connection waiting time, 0 means no waiting
pc.setopt(pycurl.TIMEOUT,5)  #Request timeout
pc.setopt(pycurl.MAXREDIRS,1)  #Maximum number of redirects
pc.setopt(pycurl.NOPROGRESS,1)  #Whether to block the download progress bar if it is not 0, block it
pc.setopt(pycurl.MAXREDIRS,1)   #Specify the maximum number of HTTP redirects as 1
pc.setopt(pycurl.DNS_CACHE_TIMEOUT,30)  #Error reporting DNS information is 30s
pc.setopt(pycurl.FORBID_REUSE,1) #Disconnect after completing the interaction without reusing
pc.setopt(pycurl.FERSH_CONNECT,1) #Force a new connection to replace the connection in the cache
pc.setopt(pycurl.HEADERFUNCTION, getheader) #Direct the returned HTTP HEADER to the callback environment getheader
pc.setopt(pycurl.WRITEFUNCTION, getbody) #Direct the returned HTTP BOBY to the callback environment getboby
pc.setopt(pycurl.WRITEHEADER, index)  #Direct the return HTTP HEADER to the indexfile file object
pc.setopt(pycurl.WRITEDATA, index)  #Direct the returned HTML content to the indexfile file object

# getinfo
print("HTTP status code: %s"%(pc.getinfo(pc.HTTP_CODE)))print("DNS resolution time: %.2f ms"%(pc.getinfo(pc.NAMELOOKUP_TIME)*1000))print("Connection time: %.2f ms"%(pc.getinfo(pc.CONNECT_TIME)*1000))print("Ready to transfer time: %.2f ms"%(pc.getinfo(pc.PRETRANSFER_TIME)*1000))print("Transmission start time: %.2f ms"%(pc.getinfo(pc.STARTTRANSFER_TIME)*1000))print("Total transmission end time: %.2f ms"%(pc.getinfo(pc.TOTAL_TIME)*1000))print("Redirection time: %.2f ms"%(pc.getinfo(pc.REDIRECT_TIME)*1000))print("Download packet size: %d bytes/s"%(pc.getinfo(pc.SIZE_DOWNLOAD)))print("Upload packet size: %d bytes/s"%(pc.getinfo(pc.SIZE_UPLOAD)))print("Average download speed: %d bytes/s"%(pc.getinfo(pc.SPEED_DOWNLOAD)))print("Average upload speed: %d bytes/s"%(pc.getinfo(pc.SPEED_UPLAOD)))print("HTTP header size: %d byte"%(pc.getinfo(pc.HEADER_SIZE)))

actual case:

#! /usr/bin/env python
# - *- coding: utf-8-*-
# @ File : pycurldemo.py
# @ CreateTime :2019/7/3115:23
# @ Author : WeiyiGeek
# @ Function :Realize the detection of web service quality and web page screenshots
# @ Software: PyCharm

import sys, time
import pycurl

URL="http://www.weiyigeek.github.io"

def request():"""
  Build request
 : return:"""
 pc = pycurl.Curl()  #Construct a Curl object
 pc.setopt(pycurl.URL, URL) #Define the requested URL
 pc.setopt(pycurl.CONNECTTIMEOUT,5) #Connection waiting time, 0 means no waiting
 pc.setopt(pycurl.TIMEOUT,5)  #Request timeout
 pc.setopt(pycurl.NOPROGRESS,1)  #The download progress bar is similar to curl
 pc.setopt(pycurl.FORBID_REUSE,1) #Disconnect after completing the interaction without reusing
 pc.setopt(pycurl.MAXREDIRS,1)   #Specify the maximum number of HTTP redirects as 1
 pc.setopt(pycurl.DNS_CACHE_TIMEOUT,30)  #Error reporting DNS information is 30s
 pc.setopt(pycurl.USERAGENT,"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0")

 # Create a file object to'wb'Way to open, store the returned http header information and page content;withopen('content.txt','wb')as index:
  pc.setopt(pycurl.WRITEHEADER, index)  #Direct the return HTTP HEADER to the indexfile file object
  pc.setopt(pycurl.WRITEDATA, index)  #Direct the returned HTML content to the indexfile file object
  try:
   pc.perform()  #Submit request
  except Exception as e:print("connect Error:"+str(e))
   sys.exit()return pc

def reponse(pc):"""
 Return request response data analysis
 : param pc::return:"""
 print("HTTP status code: %s"%(pc.getinfo(pc.HTTP_CODE)))print("DNS resolution time: %.2f ms"%(pc.getinfo(pc.NAMELOOKUP_TIME)*1000))print("Connection time: %.2f ms"%(pc.getinfo(pc.CONNECT_TIME)*1000))print("Ready to transfer time: %.2f ms"%(pc.getinfo(pc.PRETRANSFER_TIME)*1000))print("Transmission start time: %.2f ms"%(pc.getinfo(pc.STARTTRANSFER_TIME)*1000))print("Total transmission end time: %.2f ms"%(pc.getinfo(pc.TOTAL_TIME)*1000))print("Download packet size: %d bytes/s"%(pc.getinfo(pc.SIZE_DOWNLOAD)))print("HTTP header size: %d byte"%(pc.getinfo(pc.HEADER_SIZE)))print("Average download speed: %d bytes/s"%(pc.getinfo(pc.SPEED_DOWNLOAD)))print("Redirection time: %.2f ms"%(pc.getinfo(pc.REDIRECT_TIME)*1000))
 pc.close()

def main():"""
 Request function call
 Response function call
 : return:"""
 pcurl =request()reponse(pcurl)return0if __name__ =='__main__':main()

WeiyiGeek.pycurl module

Recommended Posts

Black hat programming application of Python1
Black Hat Programming Application Python2
Analysis of Python object-oriented programming
Analysis of common methods of Python multi-process programming
7 features of Python3.9
Python network programming
12. Network Programming in Python3
Detailed Python IO programming
Basics of Python syntax
Basic syntax of Python
Basic knowledge of Python (1)
Prettytable module of python
09. Common modules of Python3
Python black magic metaclass
Consolidate the foundation of Python (4)
In-depth understanding of python list (LIST)
Talking about Python functional programming
Python analysis of wav files
Consolidate the foundation of Python(6)
Analysis of JS of Python crawler
python king of glory wallpaper
Python programming Pycharm fast learning
Consolidate the foundation of Python(5)
Python3 script programming commonly used.md
Python implementation of gomoku program
Analysis of Python Sandbox Escape
Some new features of Python 3.10
Deep understanding of Python multithreading
XTU programming Python training three
Python version of OpenCV installation
9 feature engineering techniques of Python
matplotlib of python drawing module
Python method of parameter passing
Consolidate the foundation of Python (3)
Collection of Python Common Modules