Portcullis Labs - Python

Local MySQL Password Auditor | Content

Fri, 15 Feb 2013 15:29:23 GMT

mysql-local-bruteforcer is a tool to perform password security audit against local instances of MySQL installation. It attempts to enumerate local passwords against either the dictionary of passwords and single user or dictionary of users and passwords.

It is written in Python and can be easily ported as an executable for windows using tools such as py2exe.

Installation

No installation needed, just download and run.

Usage
To crack single password for a user:
options: -d -u

To crack passwords for multiple users:
    options: -d -U

Options
-h, --help            show this help message and exit
-d FILE, --dictionary=FILE
                        local password dictionary to use
-U FILE, --usernames=FILE
                        local username dictionary to use
-v, --verbose         don't print any messages
-u USERNAME, --username=USERNAME
                        username to crack password against
-f FORCE, --force=FORCE
                        force quit after first successful crack

HeaderCheck | Content

Fri, 15 Feb 2013 09:08:18 GMT

HeaderCheck is a Python script for checking the security settings of several HTTP headers returned by a server.

The following headers are checked

X-XSS-Protection
X-Content-Type-Options
X-Frame-Options
Cache-Control
Content-Security-Policy
WebKit-X-CSP
X-Content-Security-Policy
Strict-Transport-Security
Access-Control-Allow-Origin
Origin

Each header is assessed based on good practice settings as well as displayed for manual checking.

Installing

HeaderCheck is a stand alone python script, as such just decompress the download and move the script to the desired location.

Running

HeaderCheck can be run in the following form.

python HeaderCheck.py [targeturl] [subdirectory]

for example:

python HeaderCheck.py www.google.com /

python HeaderCheck.py www.bbc.co.uk /news

Please note the space between the domain and the sub directory.

get-dhcp-opts | Content

Wed, 12 Dec 2012 10:06:03 GMT

get-dhcp-opts is a tool to discover DHCP/BOOTP servers on your LAN, and dump the DHCP/BOOTP options.

Sometimes network infraestructures use DHCP/BOOTP to provide special configurations. For example, the voip network can use these special options to configure the phones (VoIP server address, configuration file URLs, ...).

get-dhcp-opts display these options and detect Rogue DHCP Servers on your network.

Features

Request DHCP Options
DHCP Options autodetection & conversion
Multiple DHCP Servers detection (aka. Rogue DHCP Servers)

Notes

get-dhcp-opts only sends DHCP Discover packets, so if the DHCP server is OK, it don't reserve the IP for your MAC.

MS08-067 check | Content

Tue, 18 Nov 2008 12:22:54 GMT

This tool can be used to anonymously check if a target machine or a list of target machines are affected by MS08-067 issue (Vulnerability in Server Service Could Allow Remote Code Execution).

Usage

$ python ms08-067_check.py -h
Usage: ms08-067_check.py [option] {-t |-l }

Options:
  --version   show program's version number and exit
  -h, --help  show this help message and exit
  -d          show description and exit
  -t TARGET   target IP or hostname
  -l LIST     text file with list of targets
  -s          be silent

Example

$ python ms08-067_check.py -t 192.168.123.30
192.168.123.30: VULNERABLE

Note

On Windows XP Service Pack 2 and Windows XP Service Pack 3 this check might lead to a race condition and heap corruption in the svchost.exe process, but it may not crash the service immediately: it can trigger later on inside any of the shared services in the process.

References

polenum | Content

Thu, 30 Oct 2008 11:54:12 GMT

polenum is a python script which uses the Impacket Library from CORE Security Technologies to extract the password policy information from a windows machine. This allows a non-windows (Linux, Mac OSX, BSD etc..) user to query the password policy of a remote windows box without the need to have access to a windows machine.

features

can extract password and associated information from a windows machine
will connect over a NULL or authenticated share
supports encrypted/signed sessions

limitations

no NTLMv2 support
has a problem with domain connected workstations

download

download polenum

hoppy | Content

Fri, 09 Oct 2009 13:33:35 GMT

hoppy is a http options prober written in python. It checks the availability of HTTP methods as well as probing them to see if they can be forced to disclose system information.

features

HTTP Method detection, TRACK, TRACE, PUT etc
Internal IP address disclosure detection
Internal Path Disclosure detection
Transparent working so you can see exactly what it did
Data extraction
Spider to find directories for webDAV detection
ms09-020 IIS auth bypass check on all discovered directories

download

download hoppy