My First Program: A Pentesting Tool

hi everyone welcome to my talk my first program a fantastic tool so just in case you're wondering this will not just be a talk about programming and coding and this will also be a talk about a lot of first times but not what you might think know first about me how I end up here because I come from a very very different subject so back in the days I studied history of Arts and after they said it a few different things and I ended up working at school and some day a guy turned up at this school and did a pen test there and while he was doing this he talked to all the employees and

he also talked to me and when I was working there was mainly working on a program called FileMaker Pro I cannot recommend it it was it was pretty outdated and I used it for purpose that it was not designed for him and the guy ended up asking me what do you think about becoming a hacker and my answer was like hell yeah so this is why I'm here now in addition to this I should mention that I'm from Germany so in case that my language is not perfect this is because I'm not a native English speaker so I work in IT security industry now for almost a year so next month it will be a year so I had to learn a lot I'm

still learning so also I learned programming but I will tell about this later what else you should know about me I do have a pet her name is Lila she's a little chipmunk if you want to see more photos of her you can ask me later on I have tons and I love suing and over the last year the things I see you became more sophisticated also in loading electronic parts and I love sports I do jogging and powdering so about programming what I learned about programming was it is very similar to learning any other language so I learned a lot of languages obviously English French Spanish Greek and Latin and then I came to programming and my first

programming language with Python and I noticed that I have to do some like grammar which is basically the syntax and some vocab so some predefined definitions and variables and would you I also learned what was very different from other languages just you have to know how to use Google this can help you very low very much and I started learning Python with a book and when I finished the book I was so happy and I thought I was done and then I realized I was not because there's always something new and when you get into programming they come a lot of new libraries a lot of new ways how to code things so you can always learn something

new and what I also learned is errors can be progress so when you code you can't get around making mistakes but when you find your mistakes and fix them then your program will grow and it will proceed and the good thing I learned about coding is it can be very very rewarding so when you build something and you see what you've done after it can be cool and sometimes you wrote code and it works the first time but it does not happen as often as I wish it would so when I started writing my first program I was wondering what should it do and I was lucky because I had a work-related tasks and they should do

reconnaissance and enumeration and I was wondering how could I achieve this so I used Google again and found out I could use the showed an IP so what I did then was the first time reading a full documentation and it was the showed and documentation and was great fun I learned a lot and I just tried to do something and turned out with like the beta version of my program which looked like this so he had a little banner and the it was a command line interactive tool so it asked questions you answer them and in this case asked I just looked up google.com and I said I want three results when you're lucky you get

some results and then you can save them and give it a filename and when you've saved it the holds the thing look like this so you had some information about the IP the domain name and the ports and what the ports are doing and what I also learned while doing this how to import another piece of code into my code so for example if I'm going to share this program one time I don't want everyone to have my children IP key so there's a tiny bit of code that I can import to use this and after I did this I thought about how can I make my program easier to use what other programs do I know and

how do I use them and yeah for the command line tool would be much easier to use than an interactive program and then I googled again and find out that I could use art cars and I didn't read the whole documentation and I understand understood nothing so as you can see I clicked on the art past tutorial and did the whole tutorial and it helped a lot so there were a lot of different options that I could use and so much stuff to go through and I did it all whenever you're going through the actors documentation you don't understand anything do the tutorial it's great so I ended up writing my quote so this is

part of my code just to show off a little bit I really did it and yeah no I want you to describe what my program can do until now so you have some basic search functions - IP four and they can look up an IP address - be for a banner search - D for domain and you can also give the program a list it should be a txt file with one IP per Lane per line and search research this the domain output still looks like from the beta version so you still have the IP the domain name and the ports with their functions and the other options are a little bit a little bit

more sophisticated at the output is a little bit more verbose and you can also specify what you're looking for for example you can limit the output of the results for example when you search for google.com you will get tons of results and you can say yeah I'll say - and five and you will just get five results you can also save the output as JSON output or as takes T file or you can choose both options and with a - we it's not rebels as in many other programs for me it's vulnerabilities so Sheldon looks for vulnerabilities on the a piece but it's looking for and with - we you can get more information about the

vulnerabilities another function that I put in there is you can do an on demand scan so you give a search item to the shoulder an IP and it will after some time do the scan and you can check if it's done with - em so you will get a status report and when the scan is finally done with - G you can get the results and you can also in case you find somewhere a list of Sheldon IP keys verify if the keys are valid or not with - K and the list and you can also look for the protocols and reports that children is scanning during the search and for sure like in every

program you can use that - H for the help message and now I want to demonstrate how the program works so here I'm called program look for google.com and say I want a pen a search with four results and I want the information about the vulnerabilities and I want to save it as txt file and as JSON file it takes a little bit of time I cut out a few seconds so otherwise movie would have Sidney a little longer so it was saved and here you can see the longer descriptions of the vulnerabilities there were a lot and this is just the list if you don't choose - we you just get the list and

this is how the output of the ports might look like depending on what the program finds and this is how the output looks now I added that you can see in the file when you did the the scan just in case you forgot to save it the right way and in case you have to repeatedly do the same scan again again the command that he used to saved and the file as well so you can do it again after a few months without no taking a note what you've done there and for the future since I have to repeatedly do scans at work at the moment I'm thinking about implementing that I can compare the old scan worthy

of the new scan that I do at the moment and just in case that you have any ideas for me feel free to enlighten me and what's left for me now is saying thank you for the first time and for being part of this first time with me [Applause] we stopped a few minutes so any questions ok remember why did you do an API key yeah all the verification of Alice I don't remember exactly but it might be that I had somehow stumbled about a list of showed an IP keys on the Internet [Music] other questions or ideas ideas you all still wake are you asleep after lunch question how did you get from working

the school to working in my team in security just ask him right place right time right yeah I

brilliant talk really really good where do you like a question idea actually I do so where are you having got the background in teaching and stuff are you thinking have you thought about maybe how you could like run this kind of thing out to educate other people who are new to this sorry I should make the question clearer could you make this idea use this idea to educate new people to attack so coding do you think have you thought about that so if I could motivate people with what I did um yeah I'm trying to think of how to say it better so yeah so could you take this program and give it out to a school

so that you can encourage kids to learn how to program and or get in this area yeah maybe okay is one more over there sure this is how I get my steps in during the day just a quick question about have you got the song get up anywhere it's a good place to get IDs yet too good I might put it up if you do make sure you take the key out yeah any other questions ideas go once twice gone thank you very much [Applause]