Introduction to Python for ethical hacking

I saw someone post on a group that I’m a member of some Udemy voucher codes. Which can be seen on this link. Out of these courses, the one that jumped out the most at me was ‘An Introduction to Python for Ethical Hacking’. I got really exited about this and decided to take a look at it asap.

So I began. The beginning of the course talks about how to install Python on Windows and Kali Linux. There is no explanation on why Kali Linux is different to Ubuntu for example but this was just setting up so a brief demonstration on how to install python as well as using the pip command was introduced. I am a massive fan of linux and wouldn’t go back to Windows at all, the last time I used Windows10 I was having major internet connectivity issues. Learning basic commands such as pip is useful for me, as I have not used Python before but something I’ve been interested in learning for a while. The instructor also mentioned that one of the major benefits of Python is that users are able to use the vast amount of modules within their code. The first thing I did was run:

pip install google

I didn’t really know what this was installing (bad, I know!) so decided to navigate into:

google-1.9.3.dist-info

to see if I could get any more information on this module. What I found out was this module enables programmers to use Google search from their Python code. If you are interested in learning more about this module then please see this link.

Anyway, the main module that needs to be installed for this course is nmap and I didn’t use the google module any further. The nmap module can be installed by running:

pip install python-nmap

I had some issues because I couldn’t find the directory in which nmap is installed but then I ran the install command for the second time and the terminal actually told me where it was located. A bit of extra problem solving, but that’s what I enjoy! So I navigated to the directory in which the module was located, which was within site packages. After navigating into the nmap directory, I then had to run:

python nmap.py install

I then had to install PyCharm. I frequently use Intellij so this was no problem for me. It’s so much easier writing code in an IDE as my normal dev environment is Sublime or an online env such as Cloud9 (which is amazing) but yes it is useful to develop in an IDE as it’s possible to see specific error messages as you go and gives the ability to refactor the code too. The main reason I don’t use IDEs that often though is because sometimes I just want to run something quickly or for a test and not have to go through all the setup and config of the progam.

My first Python program looked like this:

input

import nmap

print “Hello, World!”
ns = nmap.PortScanner()
print ns.map_version()

output

Hello, World!
(7, 1)

As is evident from this output, the version I am running of nmap is 7.01. Really simple I know and coming from a JAVA background, it’s unbelievable how little code and how efficient Python is with regards to being a scripting language. I have dabbled with Ruby in the past and didn’t like this aspect but as I’ve developed in my coding journey and learnt more about programming I’ve come to appreciate how amazing this is and I am looking forward to learning more about Python!

As I didn’t install nmap correctly to begin with, I had a lot of path issues but these were resolved after a bit of problem solving ;-). As you can see from the above code, the method I used from nmap is

.PortScanner()

To be honest though, the course was really not good at all and this evident by the fact that this method was not explained and other methods and I had to go and look these up independently, which is fine, but Udemy wanted to charge people £185 for this course! I couldn’t believe it. I’d be reluctant to pay anything for it! I mean it was useful to learn the basics of Python but there is no explanation of the particular methods or functionality of nmap at all. It’s basically just watching someone code! Anyway, I try not to be negative and I did learn a lot about Python and the basics of the language, especially as I don’t have that much knowledge on higher level languages.

When learning for loops I had to get used to not using semi colons after everything and that indentation is crucial in Python! But it was very easy to understand and the code is very simple. For an example, see this comparison on JAVA and Python:

python

for x in range (0,10)
    print x

JAVA

for (int x = 0; x < 10; x++)
{
    System.out.println(x);
}

wow, a lot more code for JAVA!! Including more essential things for syntax, such as brackets and semi colons. Such a contrast typing print for python and System.out.println() for JAVA! However I did have a few indentation errors with Python so it forces one to be extra careful with formatting, which is a great thing in my opinion :-).

The next thing that the course focuses on is creating a ‘password cracker’ and a ‘network scanner’ with Python but to be honest I didn’t understand what the code was doing. I think this is a combination of the terrible instructor and also not having the adequate knowledge of networking. However this won’t be for long, as my current JAVA course with Cardiff Uni we are currently learning about networking! I am really interested in security so naturally can’t wait to learn more about this. We have mainly focused on GUI / Swing at the moment, something which I’m not hugely interested in, but the networking is a different story! 😉

The code, which as mentioned above, I don’t completely understand, for the network scanner is as follows:

import nmap

ns = nmap.PortScanner()
print ns.nmap_version()
ns.scan('82.9.92.188', '1-1000' , '-v --version-all')
print ns.scaninfo()
print ns.csv()

print ns.all_hosts()
print (ns['82.9.92.188'].all_protocols())

I decided to use my public IP for this and got a lot of results, but at the moment I don’t understand the output. However, I am hoping in a few weeks after focusing on network I will be better able to understand these. My main understanding is we can monitor ports and see what is being done on the various ports and also we are able, with nmap to view the status of a particular port as well.

If anyone is interested I also wrote code for a brute force ‘password cracker’ but I don’t understand this code and it wasn’t explained in the course,so for now I will not include it in this post. However, if you are interested please let me know then I will add it! Once again, thank you for reading this post! 🙂

Advertisements

1 Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s