Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

Violent Python

A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

TJ O’Connor

Table of Contents

Cover image

Title page


Trade marks



Lead Author – TJ O’Connor

Contributing Author Bio – Rob Frost

Technical Editor Bio – Mark Baggett





Chapter 1. Introduction

Introduction: A Penetration Test with Python

Setting Up Your Development Environment

The Python Language

Your First Python Programs

Chapter Wrap-Up


Chapter 2. Penetration Testing with Python

Introduction: The Morris Worm—Would it Work Today?

Building a Port Scanner

Building an SSH BotNet with Python

Mass Compromise by Bridging FTP and Web

Conficker, Why Trying Hard is Always Good Enough

Writing Your Own Zero-Day Proof of Concept Code

Chapter Wrap Up


Chapter 3. Forensic Investigations with Python

Introduction: How Forensics Solved the BTK Murders

Where Have You Been?—Analysis of Wireless Access Points in the Registry

Using Python to Recover Deleted Items in the Recycle Bin


Investigating Application Artifacts with Python

Investigating iTunes Mobile Backups with Python

Chapter Wrap-Up


Chapter 4. Network Traffic Analysis with Python

Introduction: Operation Aurora and How the Obvious was Missed

Where is that IP Traffic Headed?—A Python Answer

Is Anonymous Really Anonymous? Analyzing LOIC Traffic

How H D Moore Solved the Pentagon’s Dilemma

Storm’s Fast-Flux and Conficker’s Domain-Flux

Kevin Mitnick and TCP Sequence Prediction

Foiling Intrusion Detection Systems with Scapy

Chapter Wrap Up


Chapter 5. Wireless Mayhem with Python

Introduction: Wireless (IN)Security and the Iceman

Setting up Your Wireless Attack Environment

The Wall of Sheep—Passively Listening to Wireless Secrets

Where Has Your Laptop Been? Python Answers

Intercepting and Spying on UAVs with Python

Detecting FireSheep

Stalking with Bluetooth and Python

Chapter Wrap Up


Chapter 6. Web Recon with Python

Introduction: Social Engineering Today

Using the Mechanize Library to Browse the Internet

Scraping Web Pages with AnonBrowser

Research, Investigate, Discovery

Anonymous Email

Mass Social Engineering

Chapter Wrap-Up


Chapter 7. Antivirus Evasion with Python

Introduction: Flame On!

Evading Antivirus Programs

Verifying Evasion

Wrap Up




Acquiring Editor
Chris Katsaropolous

Development Editor
Meagan White

Project Manager
Priya Kumaraguruparan

Russell Purdy

is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

Copyright © 2013 Elsevier, Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website:

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).


Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

Library of Congress Cataloging-in-Publication Data

Application submitted

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library.

ISBN: 978-1-59749-957-6

Printed in the United States of America

13 14 15 10 9 8 7 6 5 4 3 2 1

For information on all Syngress publications visit our website at

Trade marks

Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work.

There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state.

In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files.

Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement ®,” “Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Elsevier, Inc.“Syngress:The Definition of a Serious Security Library”TM, “Mission CriticalTM,” and “The Only Way to Stop a Hacker is to Think Like OneTM” are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.


In military slang, “watching your six” literally means keeping a look out behind you. While a patrol leader presses forward in the twelve o’clock direction, at least one of his teammates walks backward scouting the six o’clock position for dangers that the patrol leader cannot see. When I first approached my mentor about writing a book, he warned me that I could only do this if I had team members committed to watching my six. I pondered about those in my life that this massive endeavor would affect. Three seconds later, I knew that they were all strong enough.

To my technical editor, Mark Baggett, your endless technical revisions protected this book. To Dr. Reeves, Dr. Freeh, Dr. Jacoby, and Dr. Blair—thank you for picking up a young and angry army officer years ago and turning me into a non-traditional academic, capable of writing a book. To Dr. Fanelli, thank you for teaching me not to think outside of the box, but to rather use the box as a stepping stool to crawl out of the basement. To Dr. Conti, thank you for precisely manipulating me into Law 28. To my former students, especially the ninja collective of Alan, Alex, Arod, Chris, Christina, Duncan, Gremlin, Jim, James, Kevin, Rob, Steven, Sal and Topher—your creativity continues to inspire me.

To Rob Frost, thank you for writing a much more powerful chapter on web reconnaissance than I ever could. To Matt, Ryan, Kirk, Mark, Bryan, and Bill — thank you for understanding why I didn’t sleep the night before, and for watch ing positions 1 through 12. To my loving wife, my monkey and my ninja princess—thank you for providing me with your unconditional love, understanding, and support throughout this endeavor. To my parents, thank you for teaching me to value education. And to Dr. Cook—
tank on, brother


For my monkey and my ninja princess: anything is possible if you try hard enough.

Lead Author – TJ O’Connor

TJ O’Connor is a Department of Defense expert on information security and a US Army paratrooper. While assigned as an assistant professor at the US Military Academy, TJ taught undergraduate courses on forensics, exploitation and information assurance. He twice co-coached the winning team at the National Security Agency’s annual Cyber Defense Exercise and won the National Defense University’s first annual Cyber Challenge. He has served on multiple red teams, including twice on the Northeast Regional Team for the National Collegiate Cyber Defense Competition.

TJ holds a Master of Science degree in Computer Science from North Carolina State, a Master of Science degree in Information Security Engineering from the SANS Technical Institute, and a Bachelor of Science degree in Computer Science from the US Military Academy. He has published technical research at USENIX workshops, ACM conferences, security conferences, the SANS Reading Room, the Internet Storm Center, the
Army Magazine
, and the
Armed Forces Journal
. He holds expert cyber security credentials, including the prestigious GIAC Security Expert (GSE) and Offensive Security Certified Expert (OSCE). TJ is a member of the elite SANS Red and Blue Team Cyber Guardians.

Contributing Author Bio – Rob Frost

Robert Frost graduated from the United States Military Academy in 2011, commissioning into the Army Signal Corps. He holds a Bachelor of Science degree in Computer Science with honors, with his thesis work focusing on open-source information-gathering. Rob was individually recognized as one of the top two members of the national championship team for the 2011 Cyber Defense Exercise due to his ability to circumvent rules. Rob has participated in and won several cyber security competitions.

Technical Editor Bio – Mark Baggett

Mark Baggett is a Certified SANS Instructor, where he teaches several courses in SANS penetration-testing curriculum. Mark is the primary consultant and founder of In Depth Defense, Inc., which provides incident-response and penetration-testing services. Today, in his role as the technical advisor to the Department of Defense for SANS, Mark is focused on the practical application of SANS resources in the development of military capabilities.

Mark has held a variety of positions in information security for large international and Fortune 1000 companies. He has been a software developer, a network and systems engineer, a security manager, and a CISO. As a CISO, Mark was responsible for policy, compliance, incident response, and all other aspects of information security operations. Mark knows firsthand the challenges that information security professionals face today in selling, implementing, and supporting information security. Mark is an active member of the information security community and the founding president of the Greater Augusta ISSA. He holds several certifications, including SANS’ prestigious GSE. Mark blogs about various security topics at

Other books

Silver Wings by H. P. Munro
Wicked Delights of a Bridal Bed by Wicked Delights of a Bridal Bed
Legally Obligated by Amstel, Jenna
Shut The Fuck Up And Die! by William Todd Rose
Even Zombie Killers Can Die by Holmes, John, Grey, Alexandra
Origins: Fourteen Billion Years of Cosmic Evolution by Tyson, Neil deGrasse, Donald Goldsmith