Tutorials

Do Hacking with Simple Python Script

Posted on

Pentesting is all about showing and reporting problems in web/mobile applications. This is the most popular part of cyber security which every researcher/security enthusiast want to do. Because it gives a brief knowledge how to penetrate any web application. Pentesting is done by information gathering. There are many tools/scripts available over the internet which can be used for information gathering, mention ethical hacking reasearchers. So today we came with another tool written by Joker Security. Tool named as Devploit which is used in information gathering and also another similar all in one tool is Mercury Tool.

Devploit is an very easy to use tool which gives information for your target. You have to just run this script with some of the basic commands of linux. You can gather a lot of information about your target before exploiting. This tool completes the list of various tools like DNS, Whois IP, Geo IP, Subnet Lookup, Port Scanner and many other tools which comes handy in initial phase of penetration testing, ethical hacking professionals assure. Now we will show you features of devploit. For showing you we have install devploit on Kali Linux. There are other Linux distros in which devploit support Ubuntu, Mint and parrot.

  • For cloning type git clone https://github.com/joker25000/Devploit.git
  • Then type cd Devploit
  • Type ls -ltr to check the permissions of the files that are included in devploit directory.
root@kali:/home/iicybersecurity/Downloads/Devploit# ls -ltr
 total 32
 -rw-r--r-- 1 root root 1838 Dec 30 23:32 README.md
 -rw-r--r-- 1 root root 2154 Dec 30 23:32 install
 -rw-r--r-- 1 root root 8469 Dec 30 23:32 Devploit.py
 drwxr-xr-x 2 root root 4096 Dec 30 23:32 Dev
 -rw-r--r-- 1 root root 1990 Dec 30 23:32 update.py
 drwxr-xr-x 5 root root 4096 Dec 30 23:32 modules
  • By default devploit installer files does not come with execute permission so for changing permission of the install file type chmod u+x install
  • For checking if the permission has changed type ls -ltr. If the permission has changed then install file will turn into green color. 
root@kali:/home/iicybersecurity/Downloads/Devploit# chmod u+x install
 root@kali:/home/iicybersecurity/Downloads/Devploit# ls -ltr
total 32
 -rw-r--r-- 1 root root 1838 Dec 30 23:32 README.md
 -rwxr--r-- 1 root root 2154 Dec 30 23:32 install
 -rw-r--r-- 1 root root 8469 Dec 30 23:32 Devploit.py
 drwxr-xr-x 2 root root 4096 Dec 30 23:32 Dev
 -rw-r--r-- 1 root root 1990 Dec 30 23:32 update.py
 drwxr-xr-x 5 root root 4096 Dec 30 23:32 modules
  • Then type python Devploit.py 
root@kali:/home/iicybersecurity/Downloads/Devploit# python Devploit.py
               ,
               |'.             , ...  Devploit  -  Information Gathering Tool
               |  '-._        / )
             .'  .._  ',     /_'-,
            '   /  _'.'_   /._)')
           :   /  '_' '_'  /  _.'
           |E |   |Q| |Q| /   /
          .'  _  '-' '-'    /
        .'--.(S     ,__` )  /
              '-.     _.'  /
            __.--'----(   /
        _.-'     :   __ /
       (      __.' :'  :Y
        '.   '._,  :   ?
          '.     ) :.__:|
                ______/
             '._L/_H____]
==[[ .:: Name : Devploit ::.]]==

==[[ .:: Version: 3.6 ::.]]==

==[[ .:: Author : Joker-Security ::.]]==

==[[ .:: Github : http://www.github.com/joker25000 ::.]]==

==[[ .:: Twitter: https://twitter.com/SecurityJoker ::.]]==
This Is Simple Script By : Joker-Security

  Let's Start  --> --> -->
1 }  ==>  DNS Lookup

 2 }  ==>  Whois Lookup

 3 }  ==>  GeoIP Lookup

 4 }  ==>  Subnet Lookup

 5 }  ==>  Port Scanner

 6 }  ==>  Extract Links

 7 }  ==>  Zone Transfer

 8 }  ==>  HTTP Header

 9 }  ==>  Host Finder

 10}  ==>  IP-Locator

 11}  ==>  Traceroute

 12}  ==>  Robots.txt

 13}  ==>  Host DNS Finder

 14}  ==>  Revrse IP Lookup

 15}  ==>  Collection Email

 16}  ==>  Subdomain Finder

 17}  ==>  Install & Update

 18}  ==>  About Me

 00}  ==>  Exit
Enter 00/18 => =>
  • Choose any option on which tool you want to use. Then type tool number as shown below.

Getting DNS of the Target :-

  • Type 1
  • Type <Target URL>.
  • Type www.hackthissite.org 
Enter 00/18 => =>  1
 Entre Your Domain :www.hackthissite.org
 www.hackthissite.org.   3599    IN      A       137.74.187.100
 www.hackthissite.org.   3599    IN      A       137.74.187.104
 www.hackthissite.org.   3599    IN      A       137.74.187.103
 www.hackthissite.org.   3599    IN      A       137.74.187.101
 www.hackthissite.org.   3599    IN      A       137.74.187.102
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:101
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:103
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:102
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:104
 www.hackthissite.org.   3599    IN      AAAA    2001:41d0:8:ccd8:137:74:187:100
  • As shown above after scanning using DNS lookup. Dns shows the A and AAA records of the target. This information can be used in other hacking activities.

Getting Whois Lookup for the Target :-

  • Type 2 for whois lookup which tells you the basic information about the target. It shows server, update data, expiry date and many more information which whois provide.
  • Then type hack.me 
Enter 00/18 => =>  2
 Enter IP Address : hack.me
 Domain Name: HACK.ME
 Registry Domain ID: D108500000000003559-AGRS
 Registrar WHOIS Server: whois.godaddy.com
 Registrar URL: http://www.godaddy.com
 Updated Date: 2018-04-30T15:06:34Z
 Creation Date: 2008-04-29T18:00:32Z
 Registry Expiry Date: 2021-04-29T18:00:32Z
 Registrar Registration Expiration Date:
 Registrar: GoDaddy.com, LLC
 Registrar IANA ID: 146
 Registrar Abuse Contact Email: [email protected]
 Registrar Abuse Contact Phone: +1.4806242505
 Reseller:
 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
 Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
 Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
 Registrant Organization: Domains By Proxy, LLC
 Registrant State/Province: Arizona
 Registrant Country: US
 Name Server: NS5.DNSMADEEASY.COM
 Name Server: NS6.DNSMADEEASY.COM
 Name Server: NS7.DNSMADEEASY.COM
 Name Server: NS4.HACK.ME
 DNSSEC: unsigned
 URL of the ICANN Whois Inaccuracy Complaint Form  https://www.icann.org/wicf/)

 Last update of WHOIS database: 2018-12-31T06:14:27Z <<< 

For more information on Whois status codes, please visit https://icann.org/epp 

The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
  • The above command shows the server of the target. Name server, Domain status. Registrar email ID and phone no.
  • The above information can be used in other hacking activities.

Getting Emails of the Target :-

  • Type 15 for collection mails.
  • Type hack.me 
Enter 00/18 => =>  15
 Entre Your Domain :hack.me
 [>] Initiating 3 intel modules
 [>] Loading Alpha module (1/3)
 [>] Beta module deployed (2/3)
 [>] Gamma module initiated (3/3)

[+] Emails found: 
[email protected]
[email protected] 

[+] Hosts found in search engines: 
 -] Resolving hostnames IPs…
 74.50.111.244:me.hack.me 

[+] Virtual hosts: 
 74.50.111.244   hack.me
 74.50.111.244   hack.me
  • The above shows the email addresses of the target. The above information can be used in other hacking activities.

Getting Subdomains of the Target :-

  • Type 16 for subdomain finder.
  • Type hack.me 
Enter 00/18 => =>  16

Entre Your Domain :hack.me

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Your Target Choice :hack.me

hacks.me

chop.me

pros.me

pro.me

wifihack.me

hackeie.me

gohack.me

howtohack.me

hackprotect.me

comehackwith.me

intahackgram.me

soyouthinkyoucanhack.me

come-hack-with.me

mindhack.me

datehack.me

luxhack.me

hacksub.me

hacks.org

computing.org

pros.org

hackers.info

hacker.eu

hacks.co

computing.eu

hacks.net

chops.eu

pros.co

hack.es

chop.info

hack.it

chop.co

pros.co.uk

old.co

cut.co

hack.info

hackers.fr

hackers.it

hacker.es

hacker.it

hacks.es

hacks.fr

hacks.nl

chops.nl

computing.ch

chop.nl

old.ch

old.it

old.nl

old.fr

cut.es

cut.nl

chop.club

chops.net

hacks.de

hack.fr

pros.de

old.info

old.at

hackers.es

hackers.ch

hacker.fr

hacks.ch

pros.ch

hackers.club

chops.club

pros.club

cut.club

old.club

pro.guru

old.berlin

hackhashgraph.com

hackers.at

hacks.at

computing.at

hack.xyz

robloxhack.com

hackgems.com

cheathack.com

updatehack.com

hackzone.com

hackroblox.com

hackdeutsch.com

hackguru.com

legendhack.com

instahack.com

hackstore.com

hackarena.com

hackyogi.com

mailhack.com

hackdays.com

hackslash.com

zerohack.com

rankhack.com

moneyhack.com

mindhack.com

antihack.com

hackbart.com

hackteck.com

bedshack.com

payshack.com
  • The above list can be used to make an dictionary which can used in dictionary attack or in other hacking activities.

Getting Reverse IPs of the Target :-

  • Type 14 for reverse ip lookup.
  • Type hack.me
Enter 00/18 => =>  14

Enter IP Address : hack.me

74-50-111-244.static.hvvc.us

hack.me

ns4.hack.me

www.hack.me
  • After executing the above command it shows the target another hosted addresses. Reverse lookup helps in finding the phishing pages or in other hacking activities.

The above tool shows many information about the target which can help lots of pentesters or security researchers. According to ethical hacking researcher in international institute of cyber security Devploit comes handy as it consumes lot of time if you compare to other tools. Its an easy tool for gathering information.

Related Items:, , , ,

Recommended for you

To Top

Pin It on Pinterest

Share This