# Python for Pentesters ## Python for Pentesters ### Overview #\# Getting started with Python for pentesting and red team engagements is fairly easy! This repo is just a small collection of random scripts from various sources. This code is provided purely for educational purposes. All responsibility for any potential damage or unethical/illegal behavior is solely on the user. ## My scripts * bludit-3.9.2\_pwd-bruteforce\_multi.py: Multithreaded password brute-force tool to get valid password for exploiting CVE-2019-17240 ## Scripts from other sources **Many scripts written by: Mike Felch (@ustayready) and Joff Thyer (@joff\_thyer) of:** ![Black Hills Information Security](https://www.blackhillsinfosec.com/wp-content/uploads/2016/03/BHIS-logo-L-300x300.png) * pivot\_winrm.py: shows how to use Python with winrm to execute commands on a remote machine * cloud\_aws\_s3.py: search AWS S3 buckets for sensitive filenames * cloud\_aws\_secrets.py: Dump all the secrets in AWS Secrets Manager * cloud\_azure\_ad.py: Dumping AzureAD users * cloud\_gsuite\_backdoor.py: Backdooring G Suite accounts for full access * cloud\_gsuite\_email.py: Reading GMail emails * crack\_jwt.py: Cracking JSON web tokens * live\_host\_discovery.py: Discovering live hosts on a network * live\_port\_discovery.py: Discovering open ports on a host * passwords\_attack.py: Trying username/password combinations on a web authentication portal * pivot\_psremoting.py: Pivoting in a Windows environment using PSRemoting * pivot\_wmi.py: Pivoting in a Windows environment using WMI * shodan\_search.py: Searching for internet connected devices on Shodan * socket\_c2\_client.py: C2 socket client * socket\_c2\_server.py: C2 socket server * web\_brute.py: Brute forcing web paths for unknown attack surfaces * web\_robots.py: Downloading the robots.txt for URLs * web\_sniff.py: Sniffing HTTP packets * web\_spa.py: Interacting with a single page app with a headless browser then copying session cookies to the requests library * pymeta.py: Read all files in a directory recursively and extracts metadata from any office documents, and PDFs discovered * powerstrip.py: Strips comments out of a PowerShell script, and writes a file with -stripped as part of the filename * pyinjector.py: Using ctypes to execute shellcode within the same process or inject into a remote process using thread manipulation --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zweilosec.gitbook.io/python-pearls/master.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.