2.2 Combining Python Modules for Active Info Gathering Part 1
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
1 hour 12 minutes
Hello one. Welcome to this ethical hacking tools with python video. Today we start coating
and this lesson I'm gonna briefly tell you about the prerequisites that you need to successfully complete this and the following lessons. Then I'm gonna give you an outline of water or code is going to be about.
And, of course, the fun part. We're going to start building the script for active information gathering
now, starting with the prerequisites you need a working installation of python three. And depending on your system, you're gonna have, ah, different instructions.
Then you will install the by phone and map module.
Then you need a code editor.
I'm gonna be using visual studio code, and I suggest you do the same
and that's it. That's all you need.
Now, please make sure to check the guide and resource is document accompanying this video for instructions on these prerequisites.
So what are we gonna code?
We want to use by phone and map to extract specific information about the target and then output information we get toe a file using by phone built in methods.
One of the assessments will do is fingerprinting the operating system
and there are multiple ways to do it.
We could just do it from scratching by, thrown by initiating ping commands and analyzing T t l or time to live responses and also doing trace route to determine the number of hops. Then we were at the that number.
Both of those numbers toe a sum and check the sum in a list of predetermined values. Now, that would take a lot of coding.
Another alternative is to use escapee, which is a python library for network analysis. However, it might be a bit tricky for you to configure it,
so we'll just keep things simple Will use and Matt, for a last fingerprinting as well.
Okay, so let's get into it
now. I'm moving into visual studio code here,
and we're going to start by importing and map,
and then we're gonna import assists
for command line arguments.
because we're going to provide the target as a command line argument. And first we're gonna instance she ate a scanner. So we'll just name the variable and and scan
we're gonna look into and map port scanner.
Okay. And then we run the scan method providing the target and the port as well as additional parameters. So we create another variable for that, and I'm scanner
is gonna use nm skin. So the ports candidate, we instead, she ate it
to scan the target that's gonna be provided at Sisk
are the one
at Port 80
with the arguments with the additional arguments of minus O, which is for OS fingerprinting. Now, do take note that this is a guess.
So it'll be more accurate in all West fingerprinting. You might wanna crosscheck using other tools.
the result of this can operation is going to be a dictionary. And what we want from that dictionary is the state of the host up or down the state of the port open closed or filtered the scanning method as well as the operating system it gases.
So I've already toe. Have you better understand this? I've already repeated these commands into a python interpreter shell over here,
and I'm also using P print
which was imported above toe, actually print this dictionary. So if we look at the type of an EM scanner, that's gonna be a dictionary.
from this dictionary, like I said, we want the state of the host and the port, the method of scanning
as well as the operating system it guest. So we'll just say print
the host is
plus, and I'm scanner and it's going to look into the scan over here,
into the skin. And then we have to
looking to the I P 1 72 to 17 2014.
So first we look at the state of the host. So then we look into the status
and then we'll look into the state.
And there you have it. So the host is up next. We want to look at the port. So we went in tow and a map scan 1 72 And then we went into the status and then the state. Now we want to look into TCP 80 and state
for the State of Deport, which is open, and then for the method of scanning. We want to look into the reason
so we'll just repeat the fallen command with
minor modifications. So we'll say the port 80 is
and then we look into not the status
but the DCP.
And then we look at the 80
okay? And then we'll look into the state.
All right, so the port 80 is open.
Now, we want to look not at the state, but at the reason
to get the method. So
we're just gonna say the scanning method is
and then we just
run this command. The scanning method is Cenac. Now, for OS fingerprinting, we're gonna use string liberals. So string methods the
let's say there is
percent s percent
that the host is running
and we're gonna fill in
whatever we want to have instead of these percent assets. So we're gonna look in er and a map
we're gonna look into.
So we're gonna look into and and
and then scan.
And then the I be 1 72 to 17 2014
and then we want to look into the OS match and accuracy for the percentage and then the name for the operating system.
we'll look into the OS match
Okay. And the second for the operating system
is this name. We're looking to n m scanner
and then the I P 1 72 to 17 2014
and then we're looking to a last match
I want to be sure that nothing
is miss spelled here mistyped
and then we'll look into the name.
Okay? So hopefully have everything correctly over here. And then we close the first parenthesis from here. And the second parenthesis is from the print. And then we hit Enter. So there is 89% chance that the host is running open, be as the 4.3. So it took this one
89% chance and the name over here
and there you have it.
So let's stop here for now. We'll standardize the entire process and finish building our script in the next lesson. But before we go, let's actually do a quick knowledge check.
what argument in and map allows us to do? Always fingerprinting. Is it any minus s B minus T or C minus? Oh,
now, if you've been paying close attention to the demonstration, you know that when we best arguments to the M F scanner and by phone, we used arguments equals minus Oh, so see is the right answer
in review and this lesson we looked at the prerequisites you need. And I have to remind you once again to check the guide and resource is document accompany this video for further instructions on installing their requirements.
Okay. And then what we also did is to start working on the tool that will use the python. Mm. Library for active information gathering.
In the next lesson, we will continue working on this stool.
I'm Christian, and I'm looking forward to seeing you in the next video.