top of page

Windows 10 error

Python: for pen testing and Vulnerability scanning

​

Python is widely used in vulnerability scanning and penetration testing due to its versatility, extensive libraries, and ease of use. It provides professionals in the field with the tools they need to identify and exploit potential vulnerabilities, as well as customize their own testing frameworks.

​

Disclaimer: I don't claim to be a python script guru, however I used AI and example scripts that I can customize for my needs, these examples are provided at your own risk and do not use them to attack anybody else's network, create a lab, these are provided for educational purposes only. Enjoy and happy scripting!

​

​Using PyCharm community edition:

​

# vuln nmap working -The provided Python script utilizes the subprocess module to perform a vulnerability scan using the Nmap tool

import subprocess

def scan_for_vulnerabilities(target):
    # Run Nmap command with vulners script
    command = f'nmap --script vulners -p 1-65535 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()

    # Print the output
    print(output.decode())

# Example usage
target = '127.0.0.1'  # Replace with the IP address or hostname of the target
scan_for_vulnerabilities(target)
 

​*******************************************************************************************

#Script to check if a port is open:

import socket

def check_port(target, port):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    result = sock.connect_ex((target, port))
    if result == 0:
        print(f"Port {port} is open on {target}")
    else:
        print(f"Port {port} is closed on {target}")

# Example usage
target = '10.0.0.73'  # Replace with the IP address or hostname of the target
port = 3389  # Replace with the port number you want to check
check_port(target, port)

​

*******************************************************************************************

​

#Script to perform a ping sweep:

import subprocess

def ping_sweep(network):
    for i in range(1, 255):
        ip = f"{network}.{i}"
        command = f"ping -c 1 {ip}"
        process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
        output, error = process.communicate()
        if process.returncode == 0:
            print(f"Host {ip} is up")
        else:
            print(f"Host {ip} is down")

# Example usage
network = '10.0.0.0'  # Replace with the network address (e.g., 192.168.0 for 192.168.0.1-192.168.0.254)
ping_sweep(network)

*******************************************************************************************************

​

#Script to perform a DNS lookup:

import socket

def dns_lookup(hostname):
    ip = socket.gethostbyname(hostname)
    print(f"The IP address of {hostname} is {ip}")

# Example usage
hostname = 'www.jamppharma.com'  # Replace with the hostname you want to lookup
dns_lookup(hostname)

*******************************************************************************************************

#Script to check for Heartbleed vulnerability:

import subprocess

def check_heartbleed(target):
    command = f'nmap --script ssl-heartbleed -p 443 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = 'www.jamppharma.com'  # Replace with the IP address or hostname of the target
check_heartbleed(target)


*******************************************************************************************************

 

#Script to check for Shellshock vulnerability:

import subprocess

def check_shellshock(target):
    command = f'nmap --script http-shellshock -p 80,443 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = 'www.jamppharma.com'  # Replace with the IP address or hostname of the target
check_shellshock(target)

**************************************************************************************************

#cript to check for SQL injection vulnerability

These scripts demonstrate how to use specific Nmap vulnerability scripts to check for common vulnerabilities like Heartbleed, Shellshock, and SQL injection. 

import subprocess

def check_sql_injection(target):
    command = f'nmap --script http-sql-injection -p 80,443 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = 'www.example.com'  # Replace with the IP address or hostname of the target
check_sql_injection(target)

**************************************************************************************************

#Script to check for Open Web Application Security Project (OWASP) Top 10 vulnerabilities:

import subprocess

def check_owasp_top_10(target):
    command = f'nmap --script http-owasp-top10 -p 80,443 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = 'www.example.com'  # Replace with the IP address or hostname of the target
check_owasp_top_10(target)

***************************************************************************************************

#Script to check for Cross-Site Scripting (XSS) vulnerabilities:

import subprocess

def check_xss(target):
    command = f'nmap --script http-xssed -p 80,443 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = 'www.example.com'  # Replace with the IP address or hostname of the target
check_xss(target)

****************************************************************************************************
#Script to check for Remote File Inclusion (RFI) vulnerabilities:

import subprocess

def check_rfi(target):
    command = f'nmap --script http-enum -p 80,443 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = 'www.example.com'  # Replace with the IP address or hostname of the target
check_rfi(target)

*****************************************************************************************************
# These scripts demonstrate how to use specific Nmap vulnerability scripts to check for vulnerabilities
in different protocols such as SMB, SNMP, FTP, SMTP, NTP, SSH, MySQL, Oracle, RDP, and WebDAV. 
Replace the IP address or hostname of the target accordingly.

#Script to check for Server Message Block (SMB) vulnerabilities:

import subprocess

def check_smb_vulns(target):
    command = f'nmap --script smb-vuln* -p 445 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '10.0.0.73'  # Replace with the IP address or hostname of the target
check_smb_vulns(target)

******************************************************************************************************
#Script to check for Simple Network Management Protocol (SNMP) vulnerabilities:

import subprocess

def check_snmp_vulns(target):
    command = f'nmap --script snmp* -p 161 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '10.0.0.73'  # Replace with the IP address or hostname of the target
check_snmp_vulns(target)

******************************************************************************************************
#Script to check for File Transfer Protocol (FTP) vulnerabilities:

import subprocess

def check_ftp_vulns(target):
    command = f'nmap --script ftp-vuln* -p 21 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '10.0.0.73'  # Replace with the IP address or hostname of the target
check_ftp_vulns(target)

******************************************************************************************************
#Script to check for Simple Mail Transfer Protocol (SMTP) vulnerabilities:

import subprocess

def check_smtp_vulns(target):
    command = f'nmap --script smtp-vuln* -p 25 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '192.168.0.100'  # Replace with the IP address or hostname of the target
check_smtp_vulns(target)

*****************************************************************************************************
#Script to check for Network Time Protocol (NTP) vulnerabilities:
import subprocess

def check_ntp_vulns(target):
    command = f'nmap --script ntp-vuln* -p 123 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '10.0.0.73'  # Replace with the IP address or hostname of the target
check_ntp_vulns(target)

*****************************************************************************************************

#Script to check for Secure Shell (SSH) vulnerabilities:

import subprocess

def check_ssh_vulns(target):
    command = f'nmap --script ssh* -p 22 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '10.0.0.73'  # Replace with the IP address or hostname of the target
check_ssh_vulns(target)

*****************************************************************************************************
#Script to check for MySQL database vulnerabilities:

import subprocess

def check_mysql_vulns(target):
    command = f'nmap --script mysql-vuln* -p 3306 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '10.0.0.73'  # Replace with the IP address or hostname of the target
check_mysql_vulns(target)

*****************************************************************************************************

#Script to check for Oracle database vulnerabilities:

import subprocess

def check_oracle_vulns(target):
    command = f'nmap --script oracle* -p 1521 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '192.168.0.100'  # Replace with the IP address or hostname of the target
check_oracle_vulns(target)


****************************************************************************************************

#Script to check for Remote Desktop Protocol (RDP) vulnerabilities:

import subprocess

def check_rdp_vulns(target):
    command = f'nmap --script rdp-vuln* -p 3389 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '192.168.0.100'  # Replace with the IP address or hostname of the target
check_rdp_vulns(target)

*****************************************************************************************************

#cript to check for WebDAV vulnerabilities:

import subprocess

def check_webdav_vulns(target):
    command = f'nmap --script http-webdav-scan -p 80,443 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = 'www.example.com'  # Replace with the IP address or hostname of the target
check_webdav_vulns(target)


*****************************************************************************************************
#####################################################################################################

Script to check for DNS zone transfers:
python


import subprocess

def check_dns_zone_transfer(target):
    command = f'nmap --script dns-zone-transfer -p 53 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '192.168.0.1'  # Replace with the IP address or hostname of the target DNS server
check_dns_zone_transfer(target)
*****************************************************************************************************

#cript to check for WebDAV vulnerabilities:

import subprocess

def check_webdav_vulns(target):
    command = f'nmap --script http-webdav-scan -p 80,443 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = 'www.example.com'  # Replace with the IP address or hostname of the target
check_webdav_vulns(target)


*****************************************************************************************************
#####################################################################################################

Script to check for DNS zone transfers:
python


import subprocess

def check_dns_zone_transfer(target):
    command = f'nmap --script dns-zone-transfer -p 53 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '192.168.0.1'  # Replace with the IP address or hostname of the target DNS server
check_dns_zone_transfer(target)
 

*****************************************************************************************************

#Script to check for open MongoDB databases:
python


import subprocess

def check_mongodb(target):
    command = f'nmap --script mongodb* -p 27017 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '192.168.0.1'  # Replace with the IP address or hostname of the target
check_mongodb(target)

 

############################################################################################################
Script to check for open Redis databases:
python

import subprocess

def check_redis(target):
    command = f'nmap --script redis* -p 6379 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '192.168.0.1'  # Replace with the IP address or hostname of the target
check_redis(target)

 

############################################################################################################
Script to check for open Elasticsearch databases:
python

import subprocess

def check_elasticsearch(target):
    command = f'nmap --script elasticsearch* -p 9200 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '192.168.0.1'  # Replace with the IP address or hostname of the target
check_elasticsearch(target)

 

############################################################################################################
Script to check for open FTP servers and anonymous login:
python

import subprocess

def check_ftp(target):
    command = f'nmap --script ftp* -p 21 {target}'
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    print(output.decode())

# Example usage
target = '192.168.0.1'  # Replace with the IP address or hostname of the target
check_ftp(target)

 

These scripts demonstrate how to use specific Nmap vulnerability scripts for various pen testing scenarios, including DNS zone transfers, SNMP community strings, default 
credentials in web applications, SQL injection, XSS, RFI, MongoDB, Redis, Elasticsearch, and FTP servers.

 

See page 2 for more examples, customize them for your network, create a project and start leaning python!
 

​

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2023 by IT SERVICES.  Proudly created with Wix.com

bottom of page