Tuesday, August 9, 2016

Collection of Python Tools For Pentesters


If you are involved in vulnerability research, reverse engineering or penetration testing, surely you've already used Python because it has a rich set of libraries and tools for these purposes. 

On the page of Dirk Loss we can find a great compilation tools written in Python forpenetration testers , some of them only links to existing C libraries, ie, tools that make them easily usable from Python programs libraries. 

However, the fuzzy legal situation in Germany did not include some of the tools aggressive (frameworks PenTest, smashers bluetooth, scanners web application vulnerabilities, war-dialers, etc.). Therefore , and to have a more complete list, we will be adding all the tools that we will find. Do not hesitate to comment on this entry if you know any more and want that we add to this list:

Network


  • Dirtbags py-pcap : Read PCAP files without libpcap
  • DHCPig : Python script that makes an attack of exhaustion DHCP (DHCP Starvation).
  • dpkt : quick and simple package creation and analysis, with the basic definitions of protocols TCP / IP 
  • flowgrep : grep through packet payloads using regular expressions
  • FuzzAP : Python script to obfuscate wireless networks.
  • glastopf : honeypot that is based on a small web server that emulates hundreds of vulnerabilities.
  • Impacket : changes and decodes network packets. It includes support for higher -level protocols such as NMB and SMB
  • Knock Subdomain Scan : Lists the subdomains of a domain destination through a list of words
  • LANs.py : tool capable of falsifying and poison the ARP table of an individual target. It is multithreaded and asynchronous.
  • libdnet : routines low - level network, including the search interface and Ethernet frame transmission
  • Mallory : proxyman-in-the-middle extensible TCP / UDP , supports non - standard protocols modification on the fly
  • pypcap , pcapy and pylibpcap : Python several links to libpcap
  • Pytbull : testing framework IDS / IPS very flexible (includes over 300 tests)
  • pynids : wrapper libnids including sniffing, IP defragmentation, TCP reassembly streams and detect port scans
  • Reply : an LLMNR, NBT-NS and MDNS poisoner, with fake authentication servers HTTP / SMB / MSSQL / FTP / LDAP support NTLMv1 / NTLMv2 / LMv2, Extended Security NTLMSSP and HTTP Basic Authentication
  • Scapy : send, and make tracks and analyzes network packets. It can be used interactively or as a library
  • Waffit : a set of tools for auditing your WAF.

Debugging and reverse engineering


  • Androguard reverse engineering and analysis applications Android
  • apk-jet : A wrap of apktool in python to automate and make it easier to reverse engineer apks 
  • AsmJit : simple Python wrapper for AsmJit using SWIG. AsmJit classes generation has high - level code that can be used to create code JIT
  • BeaEnginePython : Python bindings BeaEngine Mario Vilas. 
  • Binwalk : is an analysis tool firmware designed to assist in the analysis , extraction and engineering reverse of firmware images and other blobs binary. It'seasy to use, fully programmable and can be easily extended through custom signatures , rules of extraction modules and plugin.
  • bochs-python-instrumentation : This patch Bochs provides a Python interpreter instead of own Bochs debugger, providing the functionality of the debugger. It also allows the interface to interact with instrumentation on demand, to dynamically associate Python methods to handle events instrumentation.
  • Buggery: wrapper python for DbgEng. 
  • ctypes : Python module for creating and manipulating C data types in Python.These functions can then move on to C loaded from dynamic link libraries.
  • Cuckoo: sandbox automated analysis system malware. It has an API to customize both the stages of processing and reporting. 
  • Darm : A light and efficient disassembler written in C for ARMv7 instruction set
  • Deviare : API hooks is designed to create end - user products
  • Diabind : Python binding DIA (Debug Interface Access) SDK
  • Dislib : Library python to read PE files +
  • diStorm : disassembler library for AMD64, under license BSD
  • IDAPython : plugin for IDA Pro that integrates Python, allowing to run scripts on IDA Pro
  • Immunity Debugger : programmable GUI and debugger command line
  • Paimei : reverse engineering framework includes PyDBG , PIDA, pGRAPH
  • pefile : read and work with files Portable Executable (PE) 
  • pydasm : Python interface for the library libdasm disassembly x86
  • PyDbgEng : Python wrapper for debugging engine Microsoft Windows 
  • PyEMU : emulator IA-32 fully programmable, useful for analysis of malware
  • python-ptrace : scrubber using ptrace (Linux, BSD and Darwin system call to map processes) written in Python
  • mona.py : PyCommand for Immunity Debugger which replaces and improves pvefindaddr
  • uhooker : intercepts calls to API calls inside DLLs, and arbitrary addresses in the executable file into memory
  • vdb / vtrace : API purification processes implemented in multi-platform python, and vdb is a debugger that uses

fuzzing


  • antiparser : API fuzz testing and fault injection
  • Construct : library for parsing and build data structures (binary or text).  
  • Fuzzing Forensic Tools : fuzzeados generates files, file systems and file systems fuzzeados files to test the robustness of forensic tools and systems analysis 
  • Fusil : Python library used to write programs fuzzing 
  • fuzzer.py (feliam) : fuzzer simple Felipe Andres Manzano 
  • Fuzzbox : multi-codec media fuzzer
  • Mistress : generates file formats on the fly and protocols with malformed data based on predefined patterns
  • Peach fuzzing Platform : extensible framework for generating fuzzing and mutation based fuzzing (v2 was written in Python)
  • Powerfuzzer : fuzzer highly automated and fully customizable web (HTTP based protocol fuzzer application)
  • SMUDGE 
  • Sulley : fuzzer framework development and testing consisting of several extensible components
  • TAOF : (the art fuzzing) includes ProxyFuzz a fuzzer man-in -the-middle non -deterministic network
  • untidy : general purpose XML fuzzer
  • Windows IPC fuzzing Tools : Tools for fuzzear applications using Windows Interprocess Communication mechanisms of calcification
  • WSBang : run automated tests against web services SOAP

Web


  • FunkLoad : functional web load meter
  • Ghost.py : webkit client written in Python 
  • HTTPie : http client similar to cURL but more intuitive. 
  • Liffy : tool designed to exploit vulnerabilities LFI using three different techniques that will allow you to get a webshell.
  • mitmproxy : HTTP proxy support SSL interception. It allows inspect and edit traffic on the fly. 
  • Requests : simple and elegant HTTP library, made ​​for humans
  • Twill : surf the Internet using a command line interface. Supports web testingautomated
  • pathod / pathoc : daemon / client to saturate HTTP clients and servers
  • ProxMon : proxy processing logs and creates reports with results
  • python-spidermonkey : binding to the engine JavaScript Mozilla SpiderMonkey;allows calls and evaluate Javascript scripts and functions
  • Selenium : API to write functional tests using the Selenium WebDriver for access to Firefox, IE, Chrome, etc. Remote 
  • Splinter : tool for testing web applications using Python to automate actions browser as URLs to visit and interact with objects.
  • spynner : programmable module Python web browsing with support for Javascript / AJAX
  • WSMap : find and discover web services files
  • Windmill : testing tool designed to automate and debug web applications

cracking

  • findmyhash : Python script to crack hashes using online services.

malware


  • MeterSSH : an easy way to inject shell code into native memory and bring the attacker through an SSH tunnel. All with a single Python file that can be easily converted into executable using PyInstaller or py2exe .
  • Pyew : a tool from the command line to statically analyze malware.
  • NORIBEN : script that works in conjunction with Procmon Sysinternals to analyze malware sandbox.
  • s7-brute-offline.py : tool that can perform off-line attacks brute force against programmable logic controllers (PLCs) Siemens.
  • The Backdoor Factory : an interesting Python script for " backdoorizar " Windows executables and libraries (Win32 PE). 
  • The Backdoor Factory Proxy (BDFProxy) : proxy capable of patching the binary " on the fly" during unloading, turning a MITM in an extremely dangerous attack vector.
  • Tiny SHell : the classic backdoor open source Python Christophe Devine
  • TinySHell under SCTP ​​: a backdoor Unix a little more undetectable 
  • Veil : written in Python by Christopher Truncer to create Metasploit payloads able to evade most antivirus tool.
  • virustotal-search.py ​​: script to automate from the command line analysis of a sample of known malware through MultiAV Virustotal service.

Forensic


  • ADEL (Android Data Extractor Lite) : Python script that dumps all SQLite data from a disk and Android smartphone scans files in a precise forensic workflow.
  • AFT : Android forensic toolkit
  • Codetective : analysis tool to determine the encryption algorithm / coding used 
  • FBStalker and GeoStalker : OSINT tool for Facebook and geolocation sources - Flickr, Instagram, Twitter, Wigle. User IDs found are used to find social networking accounts through other networks such as Facebook, Youtube, Instagram, Google+, Linkedin and Google Search
  • Grampus : multiplatform tool metadata extraction and footprinting, something like a python FOCA and open source.
  • LibForensics : library to develop digital forensic applications 
  • Mobius Forensic Toolkit : forensic framework written in Python / GTK that manages cases and case elements, providing an abstract interface for developing extensions. The categories of cases and items are defined using XML files to improve integration with other tools.
  • sqlparse.py : parser to retrieve deleted data from SQLite databases
  • TrIDLib: identifies file types from their binary signatures. Now it includes Pythonbinding
  • Volatility : extracts and analyzes digital artifacts from volatile memory (RAM) 

Malware analysis


  • Exefilter : Filter file formats in emails, web pages or files. It detects many common file formats and can remove content.
  • OS X Auditor: free forensic analysis tool for Mac OS X.
  • phoneyc : implementation of honeyclient completely written in python
  • Pyew : hex editor and disassembler in command line , mainly used to analyze malware
  • pyClamAV : Adds virus detection capabilities for your software Python
  • pyMal : framework for analysis based malware Pefile, Pydbg and Volatility. 
  • Jsunpack-n : unpacker of JavaScript generic : emulates browser functionality to detect exploits targeted to exploit vulnerabilities in browsers and plugins
  • Yara-python : Identifies and classifies malware samples

PDF


  • Didier Stevens' PDF tools : analyzes, identifies and creates PDF files (includesPDFiD , pdf-parser , make-pdf and MPDF)
  • OPAF : Open Framework Analysis PDF. Convert PDF to an XML tree that can be analyzed and modified.
  • Origapy : Python wrapper for Origami Ruby module that disinfects PDF files
  • PDFMiner : extract text from PDF files 
  • pyPDF : Python PDF toolkit: extract info, short, une figure, decrypts ...
  • poppler-python-qt4 : une Python with the library Poppler PDF, including support Qt4

My C


  • Exomind : for creating graphics and development of modules open source intelligence, focused on social networking services, search engines and instant messaging
  • Hachoir : You can view and edit a binary stream field by field
  • InlineEgg : toolbox of classes to write small programs in Python
  • OnionShare : shared anonymously and secure a file of any size through Tor
  • PyMangle : command - line tool and Python library used to create word lists for use with other penetration testing tools
  • RevHosts : lists the virtual hosts an IP address given
  • simplejson : JSON encoder / decoder, for eg. use Google's AJAX API

Other tools and libraries


  • Beautiful Soup : HTML parser optimized for screen-scraping
  • IPython : shell interactive and enhanced with some features for object introspection, access to a system console and its own system Python specialcommand 
  • lxml : most feature - rich and easy to use library for working with XML and HTML
  • M2Crypto : wrapper OpenSSL more complete
  • matplotlib : build 2D graphics array
  • Mayavi : 3D visualization of scientific data and plotting
  • NetworkX : graphics library (edges, nodes)
  • ODAT (Attacking Oracle Database Tool): check the security of your Oracle database 
  • Pandas : library that provides greater performance and ease of use to analyze data structures for high performance and data analysis tools
  • Pexpect : controls and automates other programs, similar to the system Don Libes `Expect
  • Pompem : open source tool that is designed to automate the search for vulnerabilities in major databases.
  • PyQt and PySide : Python bindings for the Qt framework and GUI library
  • pyparsing : module parsing General
  • RTGraph3D : creates dynamic 3D graphics
  • Sikuli , visual to search and automate graphical user interfaces with screenshots technology. Programmable in Jython
  • Suds : lightweight SOAP client for Web services
  • Twisted : engine - based networking events
  • Whoosh : fast, with many features full - text indexing and search library implemented in Python

0 Comments:

Post a Comment