 E o que se enxinou a José Manuel Ortega, coisitando epícolas e píatónas. Bonas tardes e quesos por vir. O DISTAL é para comentar os títulos que nós temos no Paito Eco Sistema para obtenir información para servidores que coisam información na internet. O DISTAL é para o meu espícaro de España onde eu tenho outras presentaciones relacionadas a escrapar, securidad mobile e etc. Estas são os pontos principales, eu vou fazer uma introducción para o Python testing, o que são os métodos que nós temos, nós comentamos os módulos principales, como Chokes, Requests, Beautiful Shoe e Shun para obtener información para os servidores publicos. Láder, eu vou mencionar como extractar metadata para documentos e imagens e finalmente, módulos más avançados, como por escaning, e como conectar com a escena de vulnerabilidades. E finalmente, eu vou mostrar um pouco de consenso, onde eu tenho integrado todos os módulos na Python testing tool. O Python is a little introduction, Python is very useful for making rapid prototypes and proof of concepts and many of the tools that we have for testing security in database and web applications are made with Python. The main advantage that we have is that there are very good documentation in internet for all these tools that we will comment. Well, for example, one or two of the main tools that we have for testing application, for example, SQL map for testing security injection, vulnerabilities and social engineering tool kit, these tools are made with Python. Well, we have another tools like Sparta. Sparta is a poor scanning that use Python in a map. Python in a map is another tool that I will comment after for checking the ports that are open in a specific domain, server or application. Basicamente, with this tool we can check the service that are open and make a process, launch a brute force process over a specific service and so on. Another tool that we have that are interesting for analyzing is the Harvested, is a tool for obtaining information, pulling information from what this tool is, you can use for obtaining information about the domains, e-mail accounts and domains for a specific user role or server. Another very new tool is the Web Application Attack and Only Framework. This is another tool made with Python, this is very useful for auditing web security and detecting vulnerabilities, SQL injection, cross scripting and so on. Another tools that we have, for example, SCAPI for analyzing network packets and for example if we want to detecting some attacks, SQL injection, you can use these tools. Another tool that we have is FIMA for example for detecting remote file inclusion vulnerabilities. All these tools that I have commented are made in pattern and well. I will show the main modules that we can use for developing our tools for testing the security of the servers and web applications. Well, the first proof of concept that we can see is showcase, with showcase module basically what we want to do is checking the basically port scan. We connect this method, we can check in a specific port if the port is open, filter or close, in a sequence. This is the most simple program that we can write, basically what we do is a question to the user, the API of the server and starting port number and an ending port number and with a for loop simple we check if the port is open, closed or filter. The difference in between, for example, in the close and filter is the filter, the port is filter where is blocked by a firewall, for example. Showcase allows also obtain information, resolving the API address from the domain and vice versa. If the methods get host by address and get host my name, we can obtain this information. With the showcase module also we can check, we can obtain the banner servers. The banner servers is information related with the name of the version of the server, the word server, for example. In a easy way we can check, for example, this is an script where we pass as parameter the API address and the port and retours information about the server. In this case we see that retours that the domain, the EuroPython 2016 has an inject server. Well, another of the modules, very now for all Python developers, is request, request is a very useful module for making, for testing web service, API res and so on. And basically what we can do for testing the security outside, for example, we can check, for example, the headers of the request and the response in a easy way. Accessing to the headers property and iterating over the item dictionary, we can obtain this information. For example, if we check over the EuroPython site, we see that obtain this information, the inject server and also we see another headers like cookies, the user agent and so on. Another interesting feature that we can make with request is, for example, it works behind a proxy for making request, we can use the proxy dictionary where we indicate the HTTP or HTTPS proxy and in a easy way we can check the connection behind a proxy with request. And another interesting feature is with request we can authenticate, we have a server that supports basic or dyes authentication, we can check this information, we can check the security of this server with the methods, this HTTP dyes and the basic. Well, another of the tools that we have bring now for web scrapping, for example, it's a beautiful soup. Beautiful soup is basically a parser, it's a parser HTML. Basically what it does is extracting information from a specific tags that we use request for obtain the page and with method final we recover the information, in this case we recover the links. A more advanced program where we extract the internal links, internal links basically consists in finding all links that begin with a slash and for external links we try to find all links that start with HTTP or HTTPS that no contain the current word. In this example we can see that we extract the external and internal links, the external links go to an external page, I know this in the same domain that is not in the domain that we are testing and internal links go to pages in the internal domain. Another interesting feature for example is we want to extract image and PDF documents, we can use a specific parser, a beautiful soup has two or three parsers, we have seen the LXML parser and in this case we are using the HTML parser where we are using sparse presions for extracting the element that we want to extract in this case in image and PDFs. Well, another interesting tool that we have in Biodecosystem being very useful is Scrappy, Scrappy is for developing, we can use for developing our web spiders, web crawlers and well it's very useful for obtaining the information for web service and URLs. This tool is a tool for making asynchronous calls and follow the event driving development paradigm for making these calls in asynchronous mode. Well, for stunting with Shodan, Shodan basicaly is a useful tool for obtaining pooling information that are available on the internet. Shodan what is that is obtaining the banner of the servers, operating systems, the versions, the server styles and so on. And basicaly what is provides a developer API for in this case for Python developers and in a nice way you can connect with this service through a Shodan API key that provides when you register in the site you get an API key and with this API key you can search we can make the same search, the same search that we can do in the web you can do in the Python API. In this case we can see that we look an information for a specific host and we obtain the ports that are open, retus the banner of the server, the information of the services that are open in this port and so on. Also where we search for a specific host we obtain information about the host name, the ports that are open and the service that are available in each port. The same this information that we see in the web also we can access with Python in a nice way but the information for accessing is a little treaty that returs in a dictionary but it's not a K-value directed K-value it returs the information in a dictionary but certain positions have a vector or a write and you have to play with accessing the information. Finally we can obtain the same information that we have seen in the Shodan web for a specific host we can obtain this information from Python API. Another easy module that we have in Python is WillWidth WillWidth is a very easy module that only have one method, parts, and obtain the information about the frameworks that the website is using and the web servers that are using the website. Well, for Metadata, nice is Metadata basicaly what we can do with Python direct in a easy way is extract information for Metadata from PDFs with PyPDF2 module and basicaly WillWidth is very easy with the pay where we can, we have to fix create a PDF file, created object and with the get document info we obtain the Metadata or the PDF the same we can do with image with a pill.exif tax module and in a easy way we can do, we can obtain, we can decode the tax that are available in an image for example we can obtain the GPS info the data of the image where, when, how is the resolution of the image and so on. Well, another a little advanced future that we can do is poor scanning poor scanning is very no for the NMAP tool that we can see in multiplat for operating system and so on. With Python NMAP we can launch the NMAP from Python basicaly what we have is two models synchronous and asynchronous for a synchronous model we have to launch the poor scanner well we can see the NMAP the object NMAP with poor scanner and we use the scan method where we pass as parameter the IP address and the port the port listing that we want to scan in this IP this is an example where we define a class NMAP scanner we initialize the NMAP scanner with calling the port scanner of the NMAP and inside the NMAP scan we go checking the port and we call in the scan method an internally scan method called the NMAP command that it install in the operating system well we can see information about this is a call sample where we pass as parameter the target and the port listing and we can see that the NMAP is a code with the full parameters in the port specific and in the IP and we see on retours if it's open and also we can access to the specific port is open we can access the version of the service and so on the other model that we have with NMAP is asynchronous model allows launch and scan in a lot of ports simultaneously and we define a callback function for when a specific scan in a port is finished call this function for an additional assignment in a specific port for example in this case we launch in a specific target in the 21 port the 50p port and we check firstly we have to check if it's open and if it's open we can launch a specific process for detecting vulnerabilities in this port for example in this case we are testing the 50p port launching and and scripts for checking anonymous FTP login checking another type or vulnerabilities if the service is vulnerable to a specific backdoor for example ordered or specific versions to this service for checking these vulnerabilities when we install NMAP NMAP comes by default with NMAP scripts that are in the mass script folder in the instance when you install this tool and have a lot of scripts for checking vulnerabilities in a specific service like FTP, HTTP and MySQL for example basically what provides these scripts are routines for finding potential vulnerabilities in a given target and then the idea first we have to check if the port is open and if the port is open we can launch the specific script for this service in this case we are checking that if the MySQL port is open and if it's open we are launching scripts like MySQL audit MySQL boot MySQL databases these scripts provide more information about the service and checking for example the names if the database is open provides no security or you can see the user without authentication these kinds of things you can see with launching the scripts well for example with Sonan we can check the FTP login anonymous basically with this search we can check all servers and machines that allow this this type of login with all anonymous is the login anonymous we don't need to to provide user and password for accessing the FTP server for checking this in Python we have the FTP module that in a nice way we can check if a specific server allows anonymous login well for checking websites we have another tools called P with booth provides resources for checking websites basically with predictable URLs that is to say we have a list of URLs of URLs and each URL each resource well we will see with an example for example we can access in this example we obtain predictable URLs for a specific future for example for logging in a website we get predictable URLs like can mean logging default web page administrator and so on and we can do is testing for each predictable URL testing this this predictable URL over the domain we are testing and in a nice way we see that we can check we make a request over the domain for each predictable URL to see if we can access or not many times there are URLs that we don't see they are not public but after testing after doing this type of testing we see that there are URLs that are filtered or are not protected for example and we can access and navigate and discover other vulnerabilities in the site well the Herblade Book is another book that we can testing with in a nice way with Python Herblade is a vulnerability in a specific open SSL version in servers and well this this book was discovered in in 2014 and well is a little old but with this they are we check this page Filippoio Herblade we see that there are servers many servers that are also that are vulnerable to this work basically for testing if a specific server has this book basically what we have to do we can use the socket module and set a specific request a specific package and if the server responds with a specific payload Herblade this the server will be vulnerable to this book in this case we can see an example where we launch testing over a specific machine with 100 tools that this machine is vulnerable to this book well mod advanced tool that we can use for integrating with Python for example with Metasploit Metasploit is a very useful tool for sending exploiting vulnerabilities in the servers in the websites and so on and Metasploit can be integrated it has a module called Python MC RPC for making calls to Metasploit server from Python basically what we can do is we have to do is start the server the service of Metasploit throw a plugin and internally Metasploit functions like modules for checking for testing for exploiting vulnerabilities in this case with Metasploit api call we can see that with calls in a format specific call mcgpec pack we can a specific module in this case we are using the mcgpec login for launching for testing this exploiting in from Python well and next post nexus and open bus are security security analyzers for vulnerabilities and also we can integrate these tools from Python for example is really easy to integrate from Python for example we have a server with next post where we have vulnerabilities and reports and so on we can connect with this server from Python to the beautiful soup we can access to this information the information that retours the server is in a format and in a easy way with beautiful soup we can iterate over the vulnerabilities and sites that are deployed in the next in the next post server I will show now a pen testing tool that this is a quick provost concept that has integrated all modules that I have mentioned basically what we can do with pen testing tool is for example with a specific machine a specific port we can check in if the port is open or not in this case we are checking the 21 ctp port to see the information that retours in this case we can see that the port is open and obtain we can obtain information about the version the specific version of the ctp the name and so on like the ctp port is open we can check if the ctp server allows anonimo login and then if we go to the 13 option we see that retours that the port 21 is open and question about if you like to connect with anonimo user we question yes we see that loading successful retours 230 the version of the ctp the connection is ok and shows the directory alistin directory of the of the server more things that we can do if obtain the headers of the server in this case we obtain that we have a php run to 5.10 if run in anonimo with the version 2.2 0.8 the version of the php and so on all this is the headers info more things that we can do for example check if the ctp server has the buffer overflow this is another vulnerability that has a lot of servers and we can check with this option first we check if the port is open and we send a client request to see the server is vulnerability we connect to this to this ip in the port 444 and we check that the server is vulnerable to this to this book basicaly all this testing are over a virtual machine that they have here in local this is a virtual machine that has a distribution with a lot of vulnerabilities many many ports open and a lot of vulnerabilities with vtp, php, apache server and so on this is called a metasplotable Linux if I don't if I remember more things that we can do is check domains and obtain metadata for example if the server has information with mails, hosts other servers or URLs that are exposed in the server we can check this information in this case we see that we are testing the options method that retours the server and we can obtain the e-mails that are public in the server and also we can check for example if the if the server is public we can check the sodan information that retours for example we are using the europaidon site for checking all the information and retours by sodan service we launch the tool with the target europaidon 256 it retours the IP address of the domain and for checking for example the host info from sodan service we can use the option 6 disconnect to the sodan service and obtain all public information it's time for questions retours all all public information that we have seen in the presentation we see that the ports open are the 18 22 and 25 and retours more information about for each service basically obtain information about the servers the banners the version the versions of the server for example the option 10 for scraping image and in a easy way we can see that extracting all the image of the site and so on ah well finally this project is available in MagiHub repository and is available for if you want to check the tool you can do free in MagiHub repository also we have as scripts as small scripts for testing each functionality separately from each order for example if we want to scan to launch an enmascam we have a specific script for this future and finally reference and leaves basically are the main the official pages of the tools that have commented the showdan documentation request Python in a map documentation and in the python security.org are available or more libraries that have comment and is a very very complete site for checking this this kind of tools and finally books that we can find the most this is the main books that we can find for this topic that for test and so on, thank you any questions?