With Markdownlint you can quickly check your own *.md files. You can use that tool for automation in your build environment.
Installation
# install via gem
$ sudo gem install mdl
# install via gem (Mac OS 10.11 - El Capitan)
$ sudo gem install -n /usr/local/bin mdl
# check version
$ mdl --versionUsage
The use of Markdownlint is very easy.
# scan a markdown file
$ mdl path/to/file.md
# scan a folder with different markdown files
$ mdl path/to/folderThis time i will present 2 tutorials in one. One part describe how to create a simple Python package. The other part gives security testers a hint for sensible data. It is recommended to work with python virtualenv!
Preconditions
Background
Skype stores sensible data, unencrypted, in a simple sqlite database (main.db). You would be surprised what information can be found there!
Example Locations
Python Package
. ├── MANIFEST.in ├── README.rst ├── SkypeSpy │ └── __init__.py └── setup.py
# -*- coding: utf-8 -*-
from setuptools import setup
def readme():
with open('README.rst') as f:
return f.read()
setup(
name='SkypeSpy',
version='1.0.0',
description='Read values from Skype sqlite',
long_description=readme(),
url='<domain>',
author='<author>',
author_email='<email>',
license='<license>',
packages=['SkypeSpy'],
include_package_data=True
)
SkypeSpy
--------
To use (with caution), simply do::
>>> from SkypeSpy import SkypeInformation
>>> SkypeInformation.set_db_path('path')
>>> print SkypeInformation.get_accounts()
>>> print SkypeInformation.get_contacts()
include README.rst
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sqlite3
class SkypeInformation(object):
__DATABASE_PATH = str()
@staticmethod
def set_db_path(db_path):
SkypeInformation.__DATABASE_PATH = str(db_path)
@staticmethod
def __read_from_db(sql_statement):
"""
Read testsuite from sqlite file
@type sql_statement: string
@param sql_statement: sqlite select statement
@return: list
"""
db = sqlite3.connect(SkypeInformation.__DATABASE_PATH)
statement = str(sql_statement)
try:
cursor = db.cursor()
cursor.execute(statement)
values = cursor.fetchall()
except sqlite3.Error:
values = list()
finally:
db.close()
return values
@staticmethod
def get_accounts():
statement = """SELECT DISTINCT
liveid_membername, skypename, fullname, gender,
languages, country, province, city, phone_home,
phone_office, phone_mobile, emails, homepage
FROM Accounts;"""
return SkypeInformation.__read_from_db(statement)
@staticmethod
def get_contacts():
statement = """SELECT DISTINCT
skypename, fullname, gender, languages, country,
province, city, phone_home, phone_office, phone_mobile,
emails, homepage
FROM Contacts;"""
return SkypeInformation.__read_from_db(statement)
Install and execute
You can now create another environment (with virtualenv) and install the package.
# install via pip $ pip install file:///path/to/SkypeSpy
#!/usr/bin/env python
import os
from SkypeSpy import SkypeInformation
def run():
my_path = '/path/to/main.db'
if os.path.exists(my_path):
SkypeInformation.set_db_path(my_path)
print SkypeInformation.get_contacts()
print SkypeInformation.get_accounts()
if __name__ == '__main__':
run()
More
There are other tables with information! Expand the package as desired.
htop is a interactive process viewer like top. The installing and using on different systems is super simple. The advantages over standard top are:
Installation
# install on Mac OS via MacPorts
$ sudo port install htop
# install on Debian/Ubuntu/Mint
$ sudo aptitude update
$ sudo aptitude install htop
# install on RHEL/CentOS/Fedora
$ yum update -y
$ yum install -y htopUsage
# 10 seconds between updates
$ htop -d 10
# show only processes of a given user
$ htop -u <USERNAME>
# sort by this column
$ htop --sort-key <COLUMN>In the terminal, the use is self-explanatory.
With MultiTail you are able to view one or multiple log files (on remote engines). Therefore it creates multiple split-windows on your console. You can configure these! To see all features look here.
Installation
# install on Mac OS via Mac Ports
$ sudo port install multitail
# install on Mac OS via Homebrew
$ sudo brew install multitail
# install on RHEL/CentOS/Fedora
$ yum install -y multitail
# install on Debian/Ubuntu/Mint
$ sudo apt-get install multitailExamples
# example for two log-files
$ multitail log-file_a log-file_b
# example for two log-files and two columns
$ multitail -s 2 log-file_a log-file_a
# example for two log-files and different colors
$ multitail -ci green log-file_a -ci yellow -I log-file_a
# example for one log file on remote
$ multitail -l "ssh -t <user>@<host> tail -f log-file"
# example for four log files on remote
$ multitail -l "ssh -l <user> <host> tail -f log-file_a" -l "ssh -l <user> <host> tail -f log-file_b" -l "ssh -l <user> <host> tail -f log-file_c" -l "ssh -l <user> <host> tail -f log-file_d"Note
If you look on multiple files at same time with MultiTail – just hit the “b” key to select the window, with up/down keys you can scroll.
One way of finding out subdomains are wordlists. Knockpy offers exactly this possibility! It is written in Python, easy to install and to use. The usage of own wordlists is possible, too. The output displayed in the terminal and saved in CSV file.
Precondition
Installation
# install with pip
$ sudo pip install https://github.com/guelfoweb/knock/archive/knock3.zipUsage
# usage with internal wordlist
$ knockpy domain.com
# usage with own wordlist
$ knockpy domain.com -w wordlist.txt
# resolve domain name
$ knockpy -r domain.com
# check zone transfer
$ knockpy -r domain.comAs a penetration tester you may need to check your FTP Server(s). One possibilty is brute-force passwords to auditing. This tutorial show you how easy you can use Python to create such a tool.
Precondition
Create Python Script
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import argparse
import ftplib
import socket
import sys
from datetime import datetime
class FtpCrack(object):
def __init__(self, host, username='', password=''):
if not host:
print "[*] Error: no host given"
sys.exit(2)
else:
self.start = datetime.now()
self.host = host
self.username = username
self.password = password
self.ftp = None
def _close_ftp_connection(self):
self.ftp.quit()
print "[*] Close FTP connection after ", datetime.now() - self.start
def _list_ftp_directory(self):
try:
print "[*] List FTP directory content"
self.ftp.dir()
except ftplib.all_errors:
print "[*] ERROR: Cannot list content"
self._close_ftp_connection()
def ftp_connect(self):
try:
self.ftp = ftplib.FTP(self.host)
except (socket.error, socket.gaierror) as err:
print "[*] Cannot connect to %s" % self.host
print "[*] Error %s" % err
sys.exit(2)
print "[*] Connected to %s" % self.host
def _ftp_anonymous_login(self):
try:
self.ftp.login()
except ftplib.error_perm:
print "[*] ERROR: cannot login anonymously"
self._close_ftp_connection()
sys.exit(2)
print "[*] Anonymous login"
self._list_ftp_directory()
def _ftp_credential_login(self):
print "[*] User: %s - Password: %s" % (self.username, self.password)
try:
self.ftp.login(self.username, self.password)
except ftplib.error_perm:
print "[*] ERROR: wrong credentials"
self._close_ftp_connection()
sys.exit(2)
print "[*] Login with credentials"
self._list_ftp_directory()
def ftp_login(self):
if not self.username or not self.password:
self._ftp_anonymous_login()
else:
self._ftp_credential_login()
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Brute-force FTP')
parser.add_argument('host', help='target host or ip')
parser.add_argument('-u', '--usr', help='login user name')
parser.add_argument('-p', '--pwd', help='login password')
args = parser.parse_args()
RUN = FtpCrack(args.host, args.usr, args.pwd)
RUN.ftp_connect()
RUN.ftp_login()
The code should be clear and self-explanatory.
Usage examples
# show help $ ./FtpCrack.py -h # example anonymous ftp $ ./FtpCrack.py <host> # example with credentials $ ./FtpCrack.py <host> -u <user> -p <password> # example crunch (pipe to password) $ ./crunch 3 3 abc | xargs -I password ./FtpCrack.py <host> -u <user> -p password
You can extend the code, for example to read the content from wordlists.
MTR is a network diagnostic tool which combine the best from Ping and Traceroute. It helps software tester to diagnose network performance and create helpful reports. By mtr, you could also monitor the network. It sends ICMP ECHO requests to a destination and listens for the answers. Mtr works on both command-line and GUI (depending to installation method).
Installation
# Debian/Ubuntu (text-version only) $ apt-get install mtr-tiny # Debian/Ubuntu (gui and text-version) $ apt-get install mtr # RedHat/CentOS/Fedora (text-version only) $ yum install mtr-tiny # RedHat/CentOS/Fedora (gui and text-version) $ yum install mtr # Mac OS X (Homebrew) $ brew install mtr # Mac OS X (MacPorts) $ port install mtr
The mtr project is on GitHub. If you like to compile mtr by your self.
Command-line examples
# basic syntax $ mtr [options] [target] # example host $ mtr google.com # example IP $ mtr 173.194.40.70 # force text-mode (-t | --curses) $ mtr -t google.com # do not resolve host names (-n | --no-dns) $ mtr -n google.com # limit to 5 (-c | --report-cycles) $ mtr -c 5 173.194.40.70 # report mode (-r | --report) $ mtr -r -c 5 173.194.40.70 # do not cut long names (-w | --report-wide) $ mtr -r -w -c 5 173.194.40.70
Note: Read the man page for more options!
Report analysis
For security audit, banner grabbing is one of the first activities to determine information about services on a remote computer. This article describe some very simple methods for command line banner grabbing without nmap.
telnet
# Example
$ telnet example.com 80
GET / HTTP/1.1
Host: example.com
[ENTER]netcat
# Example
$ nc example.com 80
GET / HTTP/1.1
Host: example.com
[ENTER]curl
# Example
$ curl -I example.com“-I” for fetch only HTTP-header
wget
# example
$ wget -q -S example.com“-q” for turn off Wget’s output. “-S” for print the headers