Violent Python Chapter #1 Part 1

by Marín

Violent Python Chapter #1

I’ll try to post a little brief about violent python chapters here.
This is the first part of chapter #1.

As any Python book “Violent Python” starts with the basic Python stuff, a quick review to
the well known basics: variables, data types, control flow, etc…
The difference with this book and what makes it cool is the purpose of the book and the
examples. Violent Python is oriented to pentest topics so the examples are related to it.

In chapter one you work on three mini projects:

  • Vulnerability Scanner
  • The Cuckoo’s egg
  • Zip file Cracker

This is my first mini-project: Vuln Scanner:


#
# Violent Python Chapter #1
# Vuln Scanner
# By: Marin Alcaraz
#

import sys
import os
import socket

def retBanner(ip, port):
    try:
        socket.setdefaulttimeout(2)
        s = socket.socket()
        s.connect((ip, port))
        banner = s.recv(1024)
        return banner
    except Exception, e:
       return  str(e)

def checkFile(filename):
    try:
        if not os.path.isfile(filename):
            raise Exception("File doesn't exist")
            return -1
        if not os.access(filename, os.R_OK):
            raise Exception("Permission Denied")
        f = open(filename, 'r')
        return f
    except Exception, e:
        print str(e)
        return -1


def checkVulns(banner, filename):
    print "[+] Reading Vulnerable Banner list from: " + filename
    f = checkFile(filename)
    for line in f.readlines():
        print "[+] Checking for banner: " + line.strip('\n')
        if line.strip('\n') in banner:
            print "[+] Server is Vulnerable: " + banner.strip('\n')
        else:
            print '[-] FTP Server is not vulnerable'
    return

def main():
    portList = [21, 22, 25, 80, 110, 443]
    if (len(sys.argv) == 2):
        filename = sys.argv[1]
    else:
        filename = "vuln_banners.txt"
    for x in range(1, 255):
        ip = '192.168.95.' + str(x)
        for port in portList:
            banner = retBanner(ip, port)
            if banner:
                print '[+] ' + ip + ': ' + banner
                if (checkVulns(banner, filename) == -1):
                    return


if __name__ == '__main__':
    main()

Notes:

  • Python reserves memory space for variables when programmer declares them. Python interpreter decides the type of the variable. You can get the type of a variable via type() function.
  • Python string module provides a very robust series of methods for strings.
  • The list data structure in Python provides an excellent method for storing arrays of objects. The list can be from any type. There are many built in methods to manipulate the list.
  • The Python dictionary provides a hash table that can store any number of Python objects. It follows the classic key->value method. You can get the available keys via the .keys() function, you are also able to verify the existence of one key with has_key() or see the whole list with items(). Direct access to the elements is provided via data[‘key’] scheme.
  • The socket module provides a library for making network connections using Python.
  • Python provides exception handling capability with try and except.
  • The keyword def() begins a function, the variables between de () are passed by reference meaning that any changes to these variables inside the function will affect their value from the calling function.
  • Python provides an easy way to interact with files through the open() and readlines functions. Full i/o API is of course available at Python’s website.
  • The built in sys modules provides access to objects used or maintained by the Python interpreter. Ex: argv.
  • OS module allows Python to communicate with local OS library.