Us­ing the PytheM Frame­work for Web and Pen­e­tra­tion Test­ing

The ver­sa­til­ity of Python is of­ten used to cre­ate ap­pli­ca­tions that do use­ful work. PytheM is an open source tool that uses Python as the back­end, and per­forms Web and pen­e­tra­tion test­ing to dis­cover net­work vul­ner­a­bil­i­ties.

OpenSource For You - - Contents - http://www.gau­ravku­marindia.com. By: Dr Gau­rav Ku­mar The au­thor is the MD of Magma Re­search and Con­sul­tancy Ser­vices, Am­bala, and is as­so­ci­ated with var­i­ous aca­demic and re­search in­sti­tutes, where he de­liv­ers ex­pert lec­tures and con­ducts tech­ni­cal work­sho

With the in­creas­ing traf­fic in net­work based ap­pli­ca­tions, se­cu­rity is be­com­ing a chal­lenge and the net­work en­vi­ron­ment has to be made safe from dif­fer­ent types of at­tacks. The prob­a­bil­ity of vul­ner­a­bil­i­ties in net­work or Web based ap­pli­ca­tions in­creases if vul­ner­a­bil­ity test­ing is not done prop­erly. In tra­di­tional im­ple­men­ta­tions, net­work ad­min­is­tra­tors use their own sets of tools to test their net­work en­vi­ron­ment, but such tools can be re­stricted to spe­cific types of at­tacks. It is al­ways de­sir­able that ad­min­is­tra­tors use dif­fer­ent types of pen­e­tra­tion and vul­ner­a­bil­ity test­ing tools which are meant to re­solve as­sorted at­tacks. This is done to check the over­all de­ploy­ment dur­ing dif­fer­ent types of at­tacks, thus en­sur­ing that the net­work or Web based en­vi­ron­ment is se­cured from mul­ti­ple at­tacks with­out any com­pro­mise on safety.

Pen­e­tra­tion test­ing and open source tools

A num­ber of frame­works and soft­ware tools are avail­able that pro­vide the fea­tures to eval­u­ate the net­work or Web based ap­pli­ca­tions on dif­fer­ent as­pects and pa­ram­e­ters. In a se­cu­rity au­dit of Web ap­pli­ca­tions or net­work de­vices, the loop­holes or vul­ner­a­bil­i­ties are checked from dif­fer­ent as­pects so that the at­tack­ers or snif­fers can­not de­stroy the en­vi­ron­ment. Tra­di­tion­ally, pen­e­tra­tion tools are used by the net­work ad­min­is­tra­tors and ap­pli­ca­tion de­vel­op­ers to an­a­lyse the weak points or vul­ner­a­bil­i­ties. In pen­e­tra­tion test­ing, the ap­pli­ca­tions or de­vices are put through pre-pro­grammed at­tacks so that the ac­tual be­hav­iour of hard­ware or soft­ware can be checked. If the ap­pli­ca­tions or hard­ware de­vices re­act in ab­nor­mal ways dur­ing pen­e­tra­tion test­ing, trou­bleshoot­ing is done and suit­able re­me­dial mea­sures are taken to cope with the at­tacks. Pen­e­tra­tion test­ing can be im­ple­mented on any type of de­ploy­ment in­clud­ing on net­works, de­vices, web­sites, servers or soft­ware in­stal­la­tions.

There are many pen­e­tra­tion test­ing and se­cu­rity au­dit tools avail­able that are free and open source, and can be used for se­cu­rity au­dits or bug track­ing in the de­ploy­ments. These tools pro­vide the func­tions to an­a­lyse the ap­pli­ca­tions or de­vices un­der dif­fer­ent at­tacks and iden­tify the weak points so that the vul­ner­a­bil­i­ties can be re­moved be­fore ac­tual de­ploy­ment.

Python, a high per­for­mance pro­gram­ming lan­guage for mul­ti­ple ap­pli­ca­tions

Python is one of the pow­er­ful and cross-plat­form pro­gram­ming lan­guages used for most of the high per­for­mance en­vi­ron­ments in­clud­ing cloud com­put­ing, Big Data pro­cess­ing, net­work pro­gram­ming, socket an­a­lyt­ics, data sci­ence, sta­tis­ti­cal anal­y­sis and many oth­ers. It of­fers a large set of tools that have been de­vel­oped specif­i­cally for pen­e­tra­tion test­ing and se­cu­rity au­dits.

There are many pen­e­tra­tion test­ing and se­cu­rity au­dit tools de­vel­oped with Python, and these are used widely by cor­po­rates as well as in­di­vid­u­als. These tools are used for dig­i­tal foren­sics and vul­ner­a­bil­ity anal­y­sis on dif­fer­ent types

of hard­ware and soft­ware. The tools can be cat­e­gorised un­der net­work anal­y­sis, re­verse engi­neer­ing and de­bug­ging, Web based an­a­lyt­ics, foren­sics ap­pli­ca­tions, mal­ware anal­y­sis and pack­ets in­ves­ti­ga­tion. A few of the tools un­der each cat­e­gory are de­scribed be­low.

Net­work anal­y­sis: The tools for net­work anal­y­sis are Dirt­bags py-pcap, dpkt, flow­grep, Habu, Im­packet, etc.

Re­verse engi­neer­ing and de­bug­ging: An­dro­guard, CHIPSEC, Cap­stone, Frida, IDAPython, etc, may be used for re­verse engi­neer­ing and de­bug­ging.

Web based an­a­lyt­ics: Some of the Web based an­a­lyt­ics tools are FunkLoad, Ghost.py, HTTPie, Prox­Mon, Re­quests, etc.

Foren­sics ap­pli­ca­tions: Aft, LibForen­sics, Rekall, Volatil­ity, TrIDLib, etc, can be used for foren­sics ap­pli­ca­tions.

Mal­ware anal­y­sis and pack­ets in­ves­ti­ga­tion: For mal­ware anal­y­sis and pack­ets in­ves­ti­ga­tion, CapTip­per, Ex­e­filter, jsun­pack-n, phon­eyc, PyClamAV, etc, may be used.

The PytheM pen­e­tra­tion test­ing frame­work

A large set of soft­ware tools and li­braries writ­ten in Python is avail­able for sim­u­la­tion of dif­fer­ent types of at­tacks. Python is rich in the ad­di­tional plu­g­ins and mod­ules that can be at­tached for high per­for­mance foren­sics ap­pli­ca­tions and cy­ber se­cu­rity. PytheM is one of the pow­er­ful tools which uses Python at the back-end. It pro­vides func­tions to test the net­work and Web ap­pli­ca­tions for dif­fer­ent types of at­tacks be­fore ac­tual de­ploy­ment.

PytheM is a free and open source pen­e­tra­tion test­ing frame­work with multi-func­tional fea­tures to an­a­lyse the net­work and Web de­ploy­ment to pre­vent mul­ti­ple at­tacks. It as­sists se­cu­rity pro­fes­sion­als and ad­min­is­tra­tors in eval­u­at­ing and per­form­ing se­cu­rity au­dits of their in­fras­truc­ture. You can find more on PytheM at https://github.com/m4n3d­w0lf/pythem.

Down­load­ing and in­stal­la­tion in­struc­tions

PytheM can be in­stalled with­out any com­plex­ity on Linux/ GNU plat­forms. It can be in­stalled and ex­e­cuted on

Docker con­tain­ers.

Given be­low is the code to in­stall PytheM on

Ubuntu sys­tems:

$ sudo apt-get up­date

$ sudo apt-get in­stall -y build-es­sen­tial python-dev python­pip tcp­dump python-cap­stone lib­net­fil­ter-queue-dev libffi-dev lib­ssl-dev

To in­stall PytheM us­ing Pip, use the fol­low­ing com­mand: $ sudo pip in­stall pythem The code for in­stalling PytheM us­ing the Git repos­i­tory is: $ git clone https://github.com/m4n3d­w0lf/pythem $ cd pythem

$ sudo python setup.py in­stall

To in­stall PytheM by in­te­grat­ing the source and Pip, use the fol­low­ing code:

$ git clone https://github.com/m4n3d­w0lf/pythem $ cd pythem

$ sudo python setup.py sdist

$ sudo pip in­stall dist/*

To ex­e­cute and run PytheM with root priv­i­leges, type: $ sudo pythem To in­stall PytheM on Docker, give the fol­low­ing com­mand: docker run -it --net=host --rm --name pythem m4n3d­w0lf/pythem

Anal­y­sis of dif­fer­ent at­tacks us­ing PytheM

There are many types of at­tacks in the net­work en­vi­ron­ment, which can be avoided if tested by net­work ad­min­is­tra­tors. It is the re­spon­si­bil­ity of net­work and Web ad­min­is­tra­tors to eval­u­ate their en­vi­ron­ment for dif­fer­ent crack­ing at­tempts so that a se­cured mech­a­nism can be launched.

PytheM pro­vides the fea­tures to im­ple­ment dif­fer­ent types of at­tacks for pen­e­tra­tion test­ing of the net­work de­ploy­ment. Us­ing these as­saults, se­cu­rity pro­fes­sion­als can pre­dict the vul­ner­a­bil­i­ties in their net­work.

The fol­low­ing are a few of the at­tacks that can be sim­u­lated us­ing PytheM:

ƒ Man-in-the-mid­dle at­tacks

ƒ ARP spoof­ing

ƒ DHCP spoof­ing

ƒ Brute force at­tacks

ƒ ACK in­jec­tion

ƒ PCAP anal­y­sis

ƒ URL busters

ƒ Over­throw DNS

ƒ Redi­rec­tions, and many oth­ers

Im­ple­men­ta­tion of ARP spoof­ing

In an ARP spoof­ing at­tack, the ma­li­cious at­tack source sends fake or ma­nip­u­lated ARP (Ad­dress Res­o­lu­tion Pro­to­col) mes­sages to the net­work. This process dis­guises the router and servers, which al­lows the at­tacker to steal in­for­ma­tion even from a pri­vacy-aware net­work en­vi­ron­ment.

DHCP spoof­ing at­tacks or ACK in­jec­tion

In a DHCP spoof­ing and star­va­tion at­tack, the hacker or ma­li­cious source can gain ac­cess to the DHCP server. By this at­tack, the at­tacker can over­load the server or im­por­tant in­for­ma­tion can be fetched out.

It is al­ways de­sir­able to test the ap­pli­ca­tion or net­work in­fras­truc­ture be­fore de­ploy­ment so that there is min­i­mum scope for any crack­ing or hack­ing. If the ap­pli­ca­tions or de­vices are tested us­ing pen­e­tra­tion test­ing and se­cu­rity au­dit tools like PytheM or any sim­i­lar li­brary, the over­all net­work en­vi­ron­ment can be se­cured from mul­ti­ple at­tacks.

Fig­ure 1: The PytheM pen­e­tra­tion test­ing frame­work

Fig­ure 3: Pen­e­tra­tion test­ing us­ing DHCP spoof­ing and star­va­tion at­tacks in PytheM

Fig­ure 2: Pen­e­tra­tion test­ing us­ing ARP spoof­ing in PytheM

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.