2.2 Combining Python Modules for Active Info Gathering Part 1

00:00

Hello one. Welcome to this ethical hacking tools with python video. Today we start coating

00:05

and this lesson I'm gonna briefly tell you about the prerequisites that you need to successfully complete this and the following lessons. Then I'm gonna give you an outline of water or code is going to be about.

00:17

And, of course, the fun part. We're going to start building the script for active information gathering

00:23

now, starting with the prerequisites you need a working installation of python three. And depending on your system, you're gonna have, ah, different instructions.

00:32

Then you will install the by phone and map module.

00:36

Then you need a code editor.

00:38

I'm gonna be using visual studio code, and I suggest you do the same

00:42

and that's it. That's all you need.

00:45

Now, please make sure to check the guide and resource is document accompanying this video for instructions on these prerequisites.

00:54

So what are we gonna code?

00:56

We want to use by phone and map to extract specific information about the target and then output information we get toe a file using by phone built in methods.

01:07

One of the assessments will do is fingerprinting the operating system

01:11

and there are multiple ways to do it.

01:12

We could just do it from scratching by, thrown by initiating ping commands and analyzing T t l or time to live responses and also doing trace route to determine the number of hops. Then we were at the that number.

01:27

Both of those numbers toe a sum and check the sum in a list of predetermined values. Now, that would take a lot of coding.

01:37

Another alternative is to use escapee, which is a python library for network analysis. However, it might be a bit tricky for you to configure it,

01:46

so we'll just keep things simple Will use and Matt, for a last fingerprinting as well.

01:52

Okay, so let's get into it

01:53

now. I'm moving into visual studio code here,

01:57

and we're going to start by importing and map,

02:00

and then we're gonna import assists

02:04

for command line arguments.

02:07

Okay,

02:07

because we're going to provide the target as a command line argument. And first we're gonna instance she ate a scanner. So we'll just name the variable and and scan

02:17

we're gonna look into and map port scanner.

02:21

Okay. And then we run the scan method providing the target and the port as well as additional parameters. So we create another variable for that, and I'm scanner

02:31

is gonna use nm skin. So the ports candidate, we instead, she ate it

02:37

to scan the target that's gonna be provided at Sisk

02:40

are the one

02:43

at Port 80

02:45

with the arguments with the additional arguments of minus O, which is for OS fingerprinting. Now, do take note that this is a guess.

02:53

So it'll be more accurate in all West fingerprinting. You might wanna crosscheck using other tools.

03:00

Okay,

03:00

Now,

03:01

the result of this can operation is going to be a dictionary. And what we want from that dictionary is the state of the host up or down the state of the port open closed or filtered the scanning method as well as the operating system it gases.

03:15

So I've already toe. Have you better understand this? I've already repeated these commands into a python interpreter shell over here,

03:30

and I'm also using P print

03:35

which was imported above toe, actually print this dictionary. So if we look at the type of an EM scanner, that's gonna be a dictionary.

03:46

Okay,

03:47

so, um,

03:50

from this dictionary, like I said, we want the state of the host and the port, the method of scanning

03:55

as well as the operating system it guest. So we'll just say print

04:01

the host is

04:06

plus, and I'm scanner and it's going to look into the scan over here,

04:13

into the skin. And then we have to

04:15

looking to the I P 1 72 to 17 2014.

04:21

So first we look at the state of the host. So then we look into the status

04:28

and then we'll look into the state.

04:33

Okay?

04:36

And there you have it. So the host is up next. We want to look at the port. So we went in tow and a map scan 1 72 And then we went into the status and then the state. Now we want to look into TCP 80 and state

04:55

for the State of Deport, which is open, and then for the method of scanning. We want to look into the reason

05:00

so we'll just repeat the fallen command with

05:04

a few

05:06

minor modifications. So we'll say the port 80 is

05:13

and then we look into not the status

05:16

but the DCP.

05:18

And then we look at the 80

05:21

okay? And then we'll look into the state.

05:26

All right, so the port 80 is open.

05:29

Now, we want to look not at the state, but at the reason

05:33

to get the method. So

05:36

we're just gonna say the scanning method is

05:42

and then we just

05:45

run this command. The scanning method is Cenac. Now, for OS fingerprinting, we're gonna use string liberals. So string methods the

05:56

let's say there is

06:00

percent s percent

06:02

chance

06:04

that the host is running

06:08

percent s

06:10

and we're gonna fill in

06:13

with, uh,

06:15

whatever we want to have instead of these percent assets. So we're gonna look in er and a map

06:23

we're gonna look into.

06:25

So we're gonna look into and and

06:29

scanner

06:30

and then scan.

06:33

And then the I be 1 72 to 17 2014

06:40

and then we want to look into the OS match and accuracy for the percentage and then the name for the operating system.

06:47

So, um,

06:50

we'll look into the OS match

06:55

zero, then

06:59

accuracy.

07:00

Okay. And the second for the operating system

07:05

is this name. We're looking to n m scanner

07:11

skin

07:14

and then the I P 1 72 to 17 2014

07:19

and then we're looking to a last match

07:24

again. Zero.

07:27

So you

07:28

I want to be sure that nothing

07:31

is miss spelled here mistyped

07:34

zero

07:36

and then we'll look into the name.

07:40

Okay? So hopefully have everything correctly over here. And then we close the first parenthesis from here. And the second parenthesis is from the print. And then we hit Enter. So there is 89% chance that the host is running open, be as the 4.3. So it took this one

08:00

89% chance and the name over here

08:03

and there you have it.

08:05

So let's stop here for now. We'll standardize the entire process and finish building our script in the next lesson. But before we go, let's actually do a quick knowledge check.

08:18

So

08:20

what argument in and map allows us to do? Always fingerprinting. Is it any minus s B minus T or C minus? Oh,

08:28

now, if you've been paying close attention to the demonstration, you know that when we best arguments to the M F scanner and by phone, we used arguments equals minus Oh, so see is the right answer

08:41

in review and this lesson we looked at the prerequisites you need. And I have to remind you once again to check the guide and resource is document accompany this video for further instructions on installing their requirements.

08:54

Okay. And then what we also did is to start working on the tool that will use the python. Mm. Library for active information gathering.

09:05

In the next lesson, we will continue working on this stool.