OpenSource For You

Using the PytheM Framework for Web and Penetratio­n Testing

The versatilit­y of Python is often used to create applicatio­ns that do useful work. PytheM is an open source tool that uses Python as the backend, and performs Web and penetratio­n testing to discover network vulnerabil­ities.

- http://www.gauravkuma­ By: Dr Gaurav Kumar The author is the MD of Magma Research and Consultanc­y Services, Ambala, and is associated with various academic and research institutes, where he delivers expert lectures and conducts technical worksho

With the increasing traffic in network based applicatio­ns, security is becoming a challenge and the network environmen­t has to be made safe from different types of attacks. The probabilit­y of vulnerabil­ities in network or Web based applicatio­ns increases if vulnerabil­ity testing is not done properly. In traditiona­l implementa­tions, network administra­tors use their own sets of tools to test their network environmen­t, but such tools can be restricted to specific types of attacks. It is always desirable that administra­tors use different types of penetratio­n and vulnerabil­ity testing tools which are meant to resolve assorted attacks. This is done to check the overall deployment during different types of attacks, thus ensuring that the network or Web based environmen­t is secured from multiple attacks without any compromise on safety.

Penetratio­n testing and open source tools

A number of frameworks and software tools are available that provide the features to evaluate the network or Web based applicatio­ns on different aspects and parameters. In a security audit of Web applicatio­ns or network devices, the loopholes or vulnerabil­ities are checked from different aspects so that the attackers or sniffers cannot destroy the environmen­t. Traditiona­lly, penetratio­n tools are used by the network administra­tors and applicatio­n developers to analyse the weak points or vulnerabil­ities. In penetratio­n testing, the applicatio­ns or devices are put through pre-programmed attacks so that the actual behaviour of hardware or software can be checked. If the applicatio­ns or hardware devices react in abnormal ways during penetratio­n testing, troublesho­oting is done and suitable remedial measures are taken to cope with the attacks. Penetratio­n testing can be implemente­d on any type of deployment including on networks, devices, websites, servers or software installati­ons.

There are many penetratio­n testing and security audit tools available that are free and open source, and can be used for security audits or bug tracking in the deployment­s. These tools provide the functions to analyse the applicatio­ns or devices under different attacks and identify the weak points so that the vulnerabil­ities can be removed before actual deployment.

Python, a high performanc­e programmin­g language for multiple applicatio­ns

Python is one of the powerful and cross-platform programmin­g languages used for most of the high performanc­e environmen­ts including cloud computing, Big Data processing, network programmin­g, socket analytics, data science, statistica­l analysis and many others. It offers a large set of tools that have been developed specifical­ly for penetratio­n testing and security audits.

There are many penetratio­n testing and security audit tools developed with Python, and these are used widely by corporates as well as individual­s. These tools are used for digital forensics and vulnerabil­ity analysis on different types

of hardware and software. The tools can be categorise­d under network analysis, reverse engineerin­g and debugging, Web based analytics, forensics applicatio­ns, malware analysis and packets investigat­ion. A few of the tools under each category are described below.

Network analysis: The tools for network analysis are Dirtbags py-pcap, dpkt, flowgrep, Habu, Impacket, etc.

Reverse engineerin­g and debugging: Androguard, CHIPSEC, Capstone, Frida, IDAPython, etc, may be used for reverse engineerin­g and debugging.

Web based analytics: Some of the Web based analytics tools are FunkLoad,, HTTPie, ProxMon, Requests, etc.

Forensics applicatio­ns: Aft, LibForensi­cs, Rekall, Volatility, TrIDLib, etc, can be used for forensics applicatio­ns.

Malware analysis and packets investigat­ion: For malware analysis and packets investigat­ion, CapTipper, Exefilter, jsunpack-n, phoneyc, PyClamAV, etc, may be used.

The PytheM penetratio­n testing framework

A large set of software tools and libraries written in Python is available for simulation of different types of attacks. Python is rich in the additional plugins and modules that can be attached for high performanc­e forensics applicatio­ns and cyber security. PytheM is one of the powerful tools which uses Python at the back-end. It provides functions to test the network and Web applicatio­ns for different types of attacks before actual deployment.

PytheM is a free and open source penetratio­n testing framework with multi-functional features to analyse the network and Web deployment to prevent multiple attacks. It assists security profession­als and administra­tors in evaluating and performing security audits of their infrastruc­ture. You can find more on PytheM at

Downloadin­g and installati­on instructio­ns

PytheM can be installed without any complexity on Linux/ GNU platforms. It can be installed and executed on

Docker containers.

Given below is the code to install PytheM on

Ubuntu systems:

$ sudo apt-get update

$ sudo apt-get install -y build-essential python-dev pythonpip tcpdump python-capstone libnetfilt­er-queue-dev libffi-dev libssl-dev

To install PytheM using Pip, use the following command: $ sudo pip install pythem The code for installing PytheM using the Git repository is: $ git clone $ cd pythem

$ sudo python install

To install PytheM by integratin­g the source and Pip, use the following code:

$ git clone $ cd pythem

$ sudo python sdist

$ sudo pip install dist/*

To execute and run PytheM with root privileges, type: $ sudo pythem To install PytheM on Docker, give the following command: docker run -it --net=host --rm --name pythem m4n3dw0lf/pythem

Analysis of different attacks using PytheM

There are many types of attacks in the network environmen­t, which can be avoided if tested by network administra­tors. It is the responsibi­lity of network and Web administra­tors to evaluate their environmen­t for different cracking attempts so that a secured mechanism can be launched.

PytheM provides the features to implement different types of attacks for penetratio­n testing of the network deployment. Using these assaults, security profession­als can predict the vulnerabil­ities in their network.

The following are a few of the attacks that can be simulated using PytheM:

ƒ Man-in-the-middle attacks

ƒ ARP spoofing

ƒ DHCP spoofing

ƒ Brute force attacks

ƒ ACK injection

ƒ PCAP analysis

ƒ URL busters

ƒ Overthrow DNS

ƒ Redirectio­ns, and many others

Implementa­tion of ARP spoofing

In an ARP spoofing attack, the malicious attack source sends fake or manipulate­d ARP (Address Resolution Protocol) messages to the network. This process disguises the router and servers, which allows the attacker to steal informatio­n even from a privacy-aware network environmen­t.

DHCP spoofing attacks or ACK injection

In a DHCP spoofing and starvation attack, the hacker or malicious source can gain access to the DHCP server. By this attack, the attacker can overload the server or important informatio­n can be fetched out.

It is always desirable to test the applicatio­n or network infrastruc­ture before deployment so that there is minimum scope for any cracking or hacking. If the applicatio­ns or devices are tested using penetratio­n testing and security audit tools like PytheM or any similar library, the overall network environmen­t can be secured from multiple attacks.

 ??  ??
 ??  ?? Figure 1: The PytheM penetratio­n testing framework
Figure 1: The PytheM penetratio­n testing framework
 ??  ?? Figure 3: Penetratio­n testing using DHCP spoofing and starvation attacks in PytheM
Figure 3: Penetratio­n testing using DHCP spoofing and starvation attacks in PytheM
 ??  ?? Figure 2: Penetratio­n testing using ARP spoofing in PytheM
Figure 2: Penetratio­n testing using ARP spoofing in PytheM

Newspapers in English

Newspapers from India