Notes.txt

Lecture-1

Web Scraper:

Installation:
pip install requests
pip install bs4


Vulnerability Scanner:

clickjacking: 
It is classified as a User Interface Redress attack. It is a malicious technique of tricking a user into clicking something different from
what user percieves. 
In case of browser, clickjacking is browser security issue but it can also happen outside of browser like applications.
A clickjack takes the form of embedded code or a script that can execute without the user's knowledge,
such as clicking on a button that appears to perform another function.

X-Frame-Options:
	X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN".

---> https://securityheaders.com/
---> https://hackerone.com/
---> https://www.hackthissite.org/

PortScanner:
Python Socket Programming.
It will be similar to telnet or nmap.
What is Socket: 
	“client” socket - an endpoint of a conversation
	“server” socket, which is more like a switchboard operator.
The client application (browser, for example) uses “client” sockets exclusively; the web server it’s talking to uses both “server” sockets and “client” sockets.

#create an INET, STREAMing socket
s = socket.socket(
    socket.AF_INET, socket.SOCK_STREAM)
#now connect to the web server on port 80
# - the normal http port
s.connect(("www.mcmillan-inc.com", 80))

When the connect completes, the socket s can be used to send in a request for the text of the page. The same socket will read the reply, and then be destroyed. That’s right, destroyed.

What happens in the web server is a bit more complex. First, the web server creates a “server socket”:

#create an INET, STREAMing socket
serversocket = socket.socket(
    socket.AF_INET, socket.SOCK_STREAM)
#bind the socket to a public host,
# and a well-known port
serversocket.bind((socket.gethostname(), 80))
#become a server socket
serversocket.listen(5)

---> we used socket.gethostname() so that the socket would be visible to the outside world. If we had used s.bind(('localhost', 80)) or s.bind(('127.0.0.1', 80)) we would still have a “server” socket, but one that was only visible within the same machine. s.bind(('', 80)) specifies that the socket is reachable by any address the machine happens to have.

---> low number ports are usually reserved for “well known” services (HTTP, SNMP etc). If you’re playing around, use a nice high number (4 digits).

---> the argument to listen tells the socket library that we want it to queue up as many as 5 connect requests (the normal max) before refusing outside connections.
Now that we have a “server” socket, listening on port 80, we can enter the mainloop of the web server:

while 1:
    #accept connections from outside
    (clientsocket, address) = serversocket.accept()
    #now do something with the clientsocket
    #in this case, we'll pretend this is a threaded server
    ct = client_thread(clientsocket)
    ct.run()

There’s actually 3 general ways in which this loop could work - dispatching a thread to handle clientsocket, create a new process to handle clientsocket, or restructure this app to use non-blocking sockets, and multiplex between our “server” socket and any active clientsockets using select.

--->this is all a “server” socket does. It doesn’t send any data. It doesn’t receive any data. It just produces “client” sockets. Each clientsocket is created in response to some other “client” socket doing a connect() to the host and port we’re bound to. As soon as we’ve created that clientsocket, we go back to listening for more connections. The two “clients” are free to chat it up - they are using some dynamically allocated port which will be recycled when the conversation ends.

Python NMAP : 
https://xael.org/norman/python/python-nmap/
-->pip install nmap

python-nmap is a python library which helps in using nmap port scanner. It allows to easilly manipulate nmap scan results and will be a perfect tool for systems administrators who want to automatize scanning task and reports. It also supports nmap script outputs.

What is Nmap?
Nmap(Network Mapper) is a security scanner, originally written by Gordon Lyon(also known by his pseudonym Fyodor Vaskovich), and used to discover hosts and services on a computer network, thereby building a map of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host(s) and then analyzes their responses.
Host Discovery: This enables to identify hosts on any network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
Port Scanning: Enumerating(counting and listing one by one) all the open ports on the target hosts.
Version Detection: Interrogating network services on remote devices to determine application name and version number.
OS Detection: Determining the operating system and hardware characteristics of the network devices.
Scriptable Interaction with the target: Using Nmap Scripting Engine(NSE) and Lua programming language, we can easily write sripts to perform operations on the network devices.

Password Sniffing: scapy

Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery.

Scapy mainly does two things: sending packets and receiving answers. You define a set of packets, it sends them, receives answers, matches requests with answers and returns a list of packet couples (request, answer) and a list of unmatched packets. This has the big advantage over tools like Nmap or hping that an answer is not reduced to (open/closed/filtered), but is the whole packet.

pip install scapy