Practicing development of my first pentesting tools using Python
HeaderGrab uses requests and ipinfo's API to return an IP's HTTP GET response in JSON.
IPOverflow implemented in both Python and C, more explained here: https://ma.ttias.be/theres-more-than-one-way-to-write-an-ip-address/. I'm wondering if this logic can be used to bypass IP based firewall rules.......stay tuned
NMap Scanner leverages NMAPs API to initate host discovery and print basic information
Work in Progress: Python Server and Client is a web server and client written in Python.
Sub Domain Discovery is a very simple take on subdomain discovery that utlizes a common subdomain list and bruteforces potential URL subdomains. This one is pretty basic and bare bones.
Hidden Wifi leverages scapy to capture request/response packets sent by hidden SSID's by looking for Dot11ProbeReq and Dot11ProbeResp.
MAC Spoof spoofs MAC addresses on a supplied interface, in this case en0 by passing in shell commands via subprocesss
MD5 Crack utilizes hashlib to crack passwords by supplying it the hash, and a known passwords dictionary. Another barebones (and almost irrelevant) program.
FlashFlood sends out a SYN flood to a specified IP, in this case, Google.com.
Loud Detective is an aptly named program that collects basic information about a URL (and in the future, IP address) including IP address, hostname and leverages nmap to do a simple port scan and output the status of each prodded port, as well as report on the status of the URL (host is up or down). I named this program Loud Detective because this program does not do the nmap port scan discretely. You can infer what the next version of this program will do (and will be called) ;) Expected output:
titanium@Saads-MBP Loud Detective % python ldetect.py yahoo.com
======Basic Information about: yahoo.com
IP Addresss: 98.138.219.231
Hostname: media-router-fp1.prod1.media.vip.ne1.yahoo.com
Organization: AS36646 Oath Holdings Inc.
Location: 40.7293,-73.9874
Region: New York
City: East Village
Country: US
Timezone: America/New_York
Open Ports (and in the future, services) for: yahoo.com
('Scanning', 'yahoo.com', 'on ports 21, 22, 80, 137, 139, 443, 445, 8080, 8089')
('Port ', 21, 'is ', 'filtered')
('Port ', 22, 'is ', 'filtered')
('Port ', 23, 'is ', 'filtered')
('Port ', 80, 'is ', 'open')
('Port ', 137, 'is ', 'filtered')
('Port ', 139, 'is ', 'filtered')
('Port ', 443, 'is ', 'open')
('Port ', 445, 'is ', 'filtered')
('Port ', 8089, 'is ', 'filtered')
('Port ', 8080, 'is ', 'filtered')
('Host', 'yahoo.com', ' is ', 'up')
ARP-ANET is a less aptly named program. It was my first foray into using scapy, a program used to create, forge and manipulate packets. I realized that in order to create the Quiet Detective program and fullfil its stealth scanning requirements, I needed a more powerful API to work with. Enter Scapy, a programmable way to initiate these scans (and do so much more). For ARP-ANET, a play on words, the goal was to enumerate all devices on a given IP address range by sending out an ARP request. Expected output (MAC addresses obfuscated, nice try ;):
Available devices in the network:
IP MAC
192.168.1.1 33:22:44:33:77:88
192.168.1.86 77:22:dd:66:ee:55
192.168.1.93 44:00:00:55:aa:66
192.168.1.111 88:00:33:ff:33:bb
192.168.1.151 55:66:99:ff:66:bb
192.168.1.193 00:00:55:55:55:44
192.168.1.226 bb:cc:aa:ff:dd:ff