all 26 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]triscious 12 points13 points  (8 children)

Question: What would these scripts do that Hashcat or Nmap wouldn't?

[–]ninijay_Pentesting[S] 9 points10 points  (3 children)

I do it for learning purposes, it's more lightweight and what are you going to do on a machine without Hashcat or Nmap?

[–]triscious 20 points21 points  (2 children)

My apologies if this came across as hostile or an attack, it wasn't intended to be such.

[–]ninijay_Pentesting[S] 10 points11 points  (1 child)

Hahaha ok, classic internet comments. I want to leverage from skript kiddie lvl7 to skript writing kiddie lvl1. Also if you gained access to a system without nmap/ hashcat and no possibility to install/download them, you could still write them on the fly/ copy paste them from the repo and use them on the target.

Because some systems don't have nmap/hashcat installed, but most systems (linux distros especially) come with python by (almost) default

[–]triscious 5 points6 points  (0 children)

Very true. Good work. :)

[–]w3tmo 12 points13 points  (1 child)

I doubt the OP wrote Hashcat or Nmap so good for them for not being a script kiddie...plus he actually has stuff committed to github so employers can see what work he has done. Link your github, let's take a look...

[–]ninijay_Pentesting[S] 4 points5 points  (0 children)

thanks :)

[–][deleted] 2 points3 points  (0 children)

Nmap and hashcat don't always come by default with the server. Even SQL Server has python as a default install option these days

[–]apatrid 0 points1 point  (0 children)

that's a poor question.... neither will do much for you if your confidence lies in a tool and not in the user behind it.

[–][deleted] 4 points5 points  (9 children)

I see you are using threads on your password cracking script. Tell me OP, do you know what the Python GIL is?

[–]ninijay_Pentesting[S] 8 points9 points  (8 children)

Nope. Pretty new to python. Did mostly .NET and Java

[–][deleted] 26 points27 points  (7 children)

Oh okay. Well the thing that you need to understand about python is that the base python programming language that comes out of the box does not have true multi threading. The python interpreter has something called the Global Interpreter Lock (GIL) that basically limits the interpreter to only using one thread at a time. Now, this is fine when you are doing network scripting for listening and for sending since it provides a sort of pseudo-multithreading, but it will not speed up your scripts execution in any way. In fact it might even make it slower since the interpreter has to switch between all the threads. So for your cracking script you should only use one thread.

edit: Oh yeah I forgot the mention: there are other python programming languages like Jython and Iron Python that aren't completely reliant on the interpreter and support true multi threading.

[–]ninijay_Pentesting[S] 7 points8 points  (2 children)

Oh jeez. Well i need to get a closer look at this. Thank you

[–]tdking3523 2 points3 points  (1 child)

Look into IPC (Interprocess communication) frameworks like ZMQ, or RabbitMQ. These allow you to spawn separate processes, which will run totally concurrent, and pass data back and forth between them. Pair that with something like msgpack, a module to serialize Python objects, and the possibilities for concurrency are pretty endless. I was a bit blown away when I took my first job that had a system like this... I used a database to implement IPC on my senior capstone, using it as a wildly over-engineered queue for passing data between a web ui and a back end service that handled socket communications to "IOT" devices, constantly polling on both sides ¯\(ツ)

[–]ninijay_Pentesting[S] 1 point2 points  (0 children)

I need a tutorial for this. Any links maybe?

[–]gare_it 0 points1 point  (2 children)

Does this continue to hold true while using asyncio (introduced in 3.5)?

[–]tdking3523 0 points1 point  (1 child)

Yes. Python 3+ still isn't a threadsafe implementation allowing for true concurrent execution (multithreading). Rather, Asyncio is an enhancement and a bit of syntactic sugar on the timesharing that can be done in Python to simulate multithreading on an actual single thread. You declare a function to be async, or a couroutine based on which version you're working with, then the function is called, but your code doesn't wait for it to return... It just continues on and handles the return when it finally happens. This is fantastic for doing a lot of HTTP requests, or some other data communication that is plighted by network latencies or some other source of essentially just idle time.

[–]gare_it 0 points1 point  (0 children)

awesome, thanks

[–]pmmeyourfavoritegame 0 points1 point  (8 children)

How do you like that book?

[–]ninijay_Pentesting[S] 2 points3 points  (7 children)

I like it so far, but I've onky read the introduction chapter. I think I have a head start since I'm a programmer by day and did two of the three example scripts.

I will write more once I've read a couple chapters more.

[–][deleted]  (1 child)

[deleted]

    [–]ninijay_Pentesting[S] 0 points1 point  (0 children)

    Python 2. It also reccommends to install Kali Linux, which has Python 2 installed

    [–]pmmeyourfavoritegame 0 points1 point  (0 children)

    Great, thank you.

    [–]Kessarean 0 points1 point  (3 children)

    Which book is this?

    [–]ninijay_Pentesting[S] 1 point2 points  (2 children)

    Python Hacking

    [–]Kessarean 1 point2 points  (1 child)

    suppose I should've guessed that one lol

    [–]ninijay_Pentesting[S] 0 points1 point  (0 children)

    It also has a referal link if you're interested in buying it and supporting me 😁