Python3 For Pentesting - Developing A Banner Grabbing Script

Key Takeaways

[Music] hey guys hackersploit here back again with another video and in this video we are going to be taking a look at how to create a banner grabber with python3 the reason i'm making this video is i got i got a lot of requests uh you know to actually uh explain the process of what's happening uh behind the scenes and the various ways uh one can go about creating a banner grabber with python3 all right so without any further ado let's get started uh for those of you asking uh what i'm currently using as my ide i currently use a git pod which is a a github extension or an application that allows you to edit your code on github using a uh an instance of visual studio code but adapted to that so you can actually work on you know you can actually work on your code uh through your browser and your code is automatically saved to your github repository so it's a great tool you can check it out uh the link is in the description so let's get started so the first thing i want to do is i want to lay out the logic to sort of explain what's happening behind the scenes so that you can understand it and then what we'll do is we'll make the code a bit more organized and efficient all right so the first thing we want to do is we want to import the socket library all right so socket and that's pretty much uh given that you know we're going to be working with sockets um so what we can do now is sort of understand um the logic of the of the script so uh we are going to require the user to enter an ip address and a port which is always better instead of you know specifying it manually through the script so we are going to need to have that done uh secondly we need to utilize some of the socket libraries or some of the socket methods or functions to actually connect to that port and then the data that we receive back is going to be the banner so that is in essence what's happening in the background right or the logic of this script so what we're going to do is we're going to start with the default convention so we're going to call upon the the socket module from the socket class uh so again sorry socket there we are and if we just highlight over it you can see the module socket from the module class so from the socket uh from yeah from the socket class so so now that we've initialized that we can now use s to call upon various other functions or methods within the socket class so let's get started by first laying out the logic here and again we're going to prompt the user to enter the ip address we're going to use the variable ip and we're going to say input and we're going to say please enter your or you can say please enter the ip right and we can use that and then for the port we need to convert this uh we need to convert this into a string so that we when we pass it uh we can actually connect through it uh but um we can actually connect through it directly or convert it back into an integer so uh we can just say input and we can say please enter the port and uh very very simple there and now we can say all right we're ready to connect so we'll call upon the connect uh we'll call upon the connect module here so there we are so that's the connect function and we now need to pass the parameters which are going to be the variables that we just got here and of course the users inputted the values it's going to be a ip and it's going to be port right so those are the two parameters that will then be used to you know for the connection and now we want to receive uh the data so what we can do to save uh to save time and make everything simple is we can say print out what we receive immediately and we can limit it to 10 24 bytes so i'm going to say s dot receive so we're going to call upon the receive module here so again you can highlight over it and of course it's the receive function and of course within the receive function the parameters we need to specify are the size the maximum size of or the max amount of data that we should receive back and of course we're going to print that out so we can save this now and let me try and run this in my terminal or let me try and run it locally so that we can actually test a banner here so i'm just going to download this script and we'll go and let's save this here and let me just open up a terminal and there we are just go into my downloads folder here and we have the banner grabber script so chmod plus x and banner grabber and we can say python3 banner grabber and hit enter it's going to ask us to prompt uh it's going to prompt us to it's going to prompt us and ask us about to actually enter the ip so i'm going to enter my router's ip address and i know i have a i have ssh running on my router so i'm going to just specify the ip address here and the port i want to specify is the ssh port so let's see what banner we're able to get from the ssh port i'm going to hit enter and you can see we got an error here so the error is telling us that the an integer is required and we got a string and that's because uh we need to actually convert this so what i'm going to do is i'm going to say let's convert this into a string here or we can actually enter the port with single quotes but let me just convert all of this into a string and we then furthermore need to convert it back into an integer here which is pretty much necessary so i'm going to convert this back into an integer um so let me just add the last bracket here and we can save this and what we can do is let me just remove the previous script here or i could i should have just edited it in any case let me just download a fresh defrag script here and i'm going to hit save and of course i can run it through gitbot but again i'm running this locally so it'll be much better to have it this way so what we'll do is let's just run that one more time and then we will run the script here and let me enter the ip address 0.1 and we'll hit port 22 and hit enter and as you can see tells us we're running ssh ssh 2 or 2.0 and this is uh it's running drop there ssh here or a dropbase service and the you can you get the service version number which is 2012.55 so again it's quite an outdated ssh server or ssh server program running and again now this is where we can sort of start integrating these various banners uh you know in a list or so we can sort of collate a list of uh vulnerable uh banners or vulnerable services and their banners into a text document or into a list and then we can create our vulnerability uh or vulnerability scanner so for example if the dropbear ssh version 2.0 was vulnerable to a particular exploit we can add this to a list and then we can scan our entire network and any computer any or any system that is running that particular version will be flagged but we'll be covering that in the vulnerability analysis section so uh the next step now is to sort of make the the the script a little bit more functional and sort of organize it better right so and many of you actually asked me to start including uh functions more all right so i'm gonna just remove the this script here and uh what we can do now is let's get rid of all of this here and we'll rewrite the script with functions all right so what i'm going to do now let me just create the main function and the main function i'm not going to pass any parameters through here so again the logic is very simple we're just going to prompt in within the main function we're going to prompt the user to enter the ip and the port all right so we're going to say ip is going to be equal to and then of course we specify the we want the user to input this one say please enter the ip like so and then we say port is going to be equal to we're converting this into a string and then the input here is going to be we're just going to say give an input message please enter the port here like so very very simple and then uh we now need to create our our banner our banner grabbing function so let's just create it up here so i'm going to say def we'll just call it banner yeah let's just call it banner and we want to pass the parameters we want to pass are going to be ip and port of course because we want to use them here so i'm just going to sorry i'm just going to hit enter here and we can get started so now the function or the functionality pretty much remains the same so we're going to initialize the socket module so socket from the socket class so socket there we are and now we we can say socket dot connect or s dot connect and we then pass in the variables here uh and we will say ip and port and we need to convert this into an integer because we are passing the values entered by the users from the main function so i will just enter this here and let us close those brackets over here all right excellent so now we can actually print this so again we just say print and we just say socket dot receive and we will lit we will limit this to 10 24 bytes and we can hit save however we still need to call we need to make sure we we call the banner function within the main function and of course we need to also specify the main function which is really easy to do and i'll be covering that specific syntax as we move along so we can just say banner we give the function name and then of course the um the parameters in this case is going to be ipn port that we want to pass through and that should initialize that function uh you know because the main function is usually executed first so we can say main here and that's going to execute the main function and then the main function is going to call upon the banner function which will then again give us the the banner grabbing functionality that we're looking for all right so that is quite simple so let us save this script now and we can actually download this and there we are and we'll just wait for it to download and save file and we can now move forward all right excellent so let me just clear this let me just clear the terminal here and uh we we want to give it executable permissions and once we launch the script again we're prompted by by by the the text here so please enter your ip and you can test this on a variety of hosts i'm just using my my router because it does have a familiar banner running on or it does have a familiar banner running on that particular ssh service uh one that is that you guys can actually see works so again i'm just gonna hit a port 22 i'm gonna hit enter and uh we're gonna see that uh the name socket and yeah that is because we did not import socket sorry about that um so socket there we are that's the importance of libraries here and you know what we can just edit this from the we can just do it you know through nano uh so there we are we'll just hit import socket um there we are import socket and uh we can just hit ctrl o and we're good to go all right so let's run the script one more time uh point one point one twenty two hit enter and there we are we can see it's running ssh version 2.0 drop pair uh now this is where uh when it comes down to improving the script and i'll show you why in a second uh you might want to you start using exception handling uh you know for scripts in which you are in in which you have uh you know functionality or you are probing targets for data and you might not be sure as to what data you will be receiving and you want to make sure you can handle your exceptions really really well so again if i say let me just run the script one more time it's 8.1.1 and i say maybe port one for example which of course no service is running on port one and i tend and hit enter here uh you can see that it's going to tell us the connection was refused so we can use exception handling and this is what i want you guys to do you can find this script on github and i want you to implement uh you know try and accept for example so that any any other data then the data we're looking for is rejected completely and we get another and we get uh you know a a user specific error like uh we could not retrieve a banner or we could not connect to that particular port right so again this tells us that the connection refused um and again we can try other services so i'm not sure if i have port 80 running i i think i do uh let's actually try it 192.168.1.2 port 80 hit enter and let's see what happens here and uh yeah we pretty much we will be waiting for this to give us a response here if it doesn't give a response we also might want to implement uh the default timeout our functionality here so again we can just terminate this and we can say if it doesn't give us a response within so we can say s dot set we can say set the timeout here and we can say let's give this five seconds so if we don't get a response within five seconds we want you to you know to actually terminate the script here um so we can do that now i'm sure most of you actually realize this so what i'm going to do now is if we try and take a look at the banner we can see that we can we can actually clear this out quite a bit and i wanted to introduce one of the string stripping functionality here so what i'm going to do is i'm just going to hit panographer.pi here and now where we actually print out the the data that we receive we can actually sort of we can actually try and play around with the way the uh the data or the banner is displayed to the user so i can say for example python 3 and we can say banner grabber and hit enter and i'll just use port 22 and i hit enter as you can see we have some text here that again we might not want and we you know we simply want to get the banner itself so uh for example if i wanted to get rid of this b here i can i can do it by using the strip or the string strip uh method here so again very very simple to implement so let us actually do this sorry i wanted to use nano here so we go to print and right over here is where we start implementing the functionality so uh the first thing we want to do is uh we need to make sure that we're dealing with a string here so we want to convert this into a string so we're going to say string and we're going to say s dot receive and we're going to limit this to again 10 24 and you can play around with that as much as you want and then we are going to say we want to strip this or we want to strip the data you receive and we want to get rid of this anything that has you know this b over here which i know is quite vague and is it's prone to give us errors especially if the banner does have um have a b here but again we've specified the apostrophe uh and we can sort of if one once we actually close this and we can actually test it out now um so if you take a look at the previous result you can see we have this b here and now if we run the script uh 192.168.1.1 and 22 hit enter you can see it it got rid of that b here and we now have the banner itself so again that's just an example of how to use uh the string strip method here if you want to actually clean out your your output or the uh the data you receive and you want to print it out in a more uh convenient and you know really a good good looking format so that's pretty much all that i wanted to cover in regards to the banner grabber script which is as you can see quite simple to understand the logic is fairly easy and again i covered the uh yeah i covered the script really at a basic level and then we implemented functions so again you guys can improve upon the script let me know what you guys think if you can make it better you can you can make the you can you can actually print out the banners uh a whole lot clearer and then in the next video in this series uh we'll take a look at how to use these banners to create a vulnerability scanner and that will also be very very good so uh yeah thank you so much for watching this video if you have any questions or suggestions let me know in the comments section and i'll be seeing you in the next video peace guys [Music] you