For the Orange Attack Path in the IT420 course I challenged the students to gather the names from the home page of a provided website. The below script was built to gather what resembles a first and last name like "Bob Smith" or "Bob. A. Smith". The output of this script can be saved and then used to pull out the names that were found.
#!/usr/bin/python3
import requests
import re
# Use the below to supress the warnings due to not verifying the SSL/TLS certs
from urllib3.exceptions import InsecureRequestWarning
# Suppress only the single warning from urllib3 needed.
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
def saveWebPage(urls, fileName):
for url in urls:
r = requests.get(url,verify=False)
with open(fileName,'a') as f:
#print(r.content)
f.write(r.text)
def extractNames(fileName):
nameList = []
with open(fileName, 'r') as f:
for line in f:
firstLastName = re.findall(r"[A-Z][a-z]+\s[A-Z][a-z]+", line)
firstMLastName = re.findall(r"[A-Z][a-z]+\s[A-Z]\.\s[A-Z][a-z]+", line)
if len(firstLastName) > 0:
for i in firstLastName:
if i not in nameList:
nameList.append(i)
if len(firstMLastName) > 0:
for i in firstMLastName:
if i not in nameList:
nameList.append(i)
for name in nameList:
print(name)
def main():
urls = ["https://www.website.web", "https://www.website.web/about"]
fileName = "output.html"
saveWebPage(urls, fileName)
extractNames(fileName)
Then after you create a userlist from the above output you can use the following script to create a list that can be used in the password spray. Only conduct this on the web application provided for testing.
#!/usr/bin/python3
import sys
import getopt
# Example execution
# ./buildList.py -i userlist.txt -d windomain.local
def main():
inputfile = ''
# Read the argument for the userlist file and the domain to append
if len(sys.argv) < 2:
print('./buildList.py -i --userlist-- -d --domain--')
exit(1)
else:
argv = sys.argv[1:]
opts, argv = getopt.getopt(argv,"i:d:")
for opt, arg in opts:
if opt in ['-i']:
inputfile = arg
if opt in ['-d']:
domain = arg
# Read in the file from the command line options...
with open(inputfile) as f:
for line in f:
firstname, lastname = line.split(" ")
firstname = firstname.lower()
lastname = lastname.lower().strip()
# first.last
print(firstname + "." + lastname + "@" + domain)
# first_last
print(firstname + "_" + lastname + "@" + domain)
# f.last
print(firstname[0:1] + "." + lastname + "@" + domain)
# first.l
print(firstname + "." + lastname[0:1] + "@" + domain)
if __name__ == '__main__':
main()
The below script is a method to develop a password list that can be used for the lab.
#!/usr/bin/python3
# Building a password list of common helpdesk passwords of 2022
# Not meant for password sprays due to account lockout thresholds if they are set
season = ["Fall", "Winter", "Spring", "Summer"]
year = ["2021", "2022", "2023"]
commonSpecialChars = ["!", "@", "#", "$"]
#for a in season:
# for b in year:
# for c in commonSpecialChars:
# print(a + b + c)
[print(a+b+c) for a in season for b in year for c in commonSpecialChars]