1 00:00:00,450 --> 00:00:04,630 In this video you're going to learn how to do information gathering with python. 2 00:00:04,650 --> 00:00:11,100 Now we start this course assuming that you already know the basics of the Python programming language. 3 00:00:11,100 --> 00:00:13,580 So this is a prerequisite. 4 00:00:13,950 --> 00:00:19,740 If you don't you can learn for free online on YouTube and other Web sites or you could also take my 5 00:00:19,740 --> 00:00:24,570 course Python basics which complements this course perfectly. 6 00:00:24,570 --> 00:00:29,770 Now there are three things that we're going to code that in this video. 7 00:00:29,790 --> 00:00:32,500 So first we're going to code a banner wrapper. 8 00:00:32,610 --> 00:00:38,180 Then we're going to look up host names and then we're going to do IP look up. 9 00:00:38,190 --> 00:00:40,080 So all in Python. 10 00:00:40,080 --> 00:00:44,310 I assume you already have your favorite code Ed installed on your computer. 11 00:00:44,430 --> 00:00:51,500 Here I'm on Windows 10 and I'm going to use Visual Studio code which I find very suitable for my needs. 12 00:00:51,510 --> 00:00:51,900 All right. 13 00:00:51,900 --> 00:00:59,430 Now first for banner grabbing we'll be using their Requests module and we'll make a GET request to the 14 00:00:59,430 --> 00:01:01,670 server and then print that response. 15 00:01:01,680 --> 00:01:07,260 So this is actually basic stuff as you might know when you make a request. 16 00:01:07,260 --> 00:01:12,270 The Response Headers reveal important information about the server. 17 00:01:12,520 --> 00:01:14,810 Oftentimes way too much information. 18 00:01:15,150 --> 00:01:17,610 So let's do the initial imports first. 19 00:01:17,650 --> 00:01:25,600 We're going to import says we'll be using the command line arguments which is why we need this this 20 00:01:26,020 --> 00:01:30,610 this this module then we'll import requests. 21 00:01:31,160 --> 00:01:32,270 OK. 22 00:01:32,550 --> 00:01:42,510 So if you don't already have this module installed you could just do pip install requests this module 23 00:01:42,510 --> 00:01:48,060 does not come with standard python library and then we'll do some more imports later. 24 00:01:48,060 --> 00:01:48,400 All right. 25 00:01:48,420 --> 00:01:55,710 So how this is going to work is that we provide a command line argument containing the address of the 26 00:01:55,710 --> 00:01:56,060 site. 27 00:01:56,070 --> 00:01:57,660 We want to grab the banner for it. 28 00:01:58,680 --> 00:02:03,400 So for that we'll going to start by doing a simple check and display a message. 29 00:02:03,450 --> 00:02:07,320 There is no argument provided in the command line. 30 00:02:07,350 --> 00:02:08,910 So we'll see if len 31 00:02:11,480 --> 00:02:33,040 sis or V is smaller than to simply say print and then we'll say so print Usage like that plus SAS are 32 00:02:33,040 --> 00:02:44,400 the 0 which is the name of the script and then we'll say plus you are all let's say your l here. 33 00:02:44,430 --> 00:02:50,850 OK so we're going to provide a basic health message if there are no arguments provided when we run this 34 00:02:50,850 --> 00:02:58,420 script with by in the command line we're going to run it with Python info recon which is the name of 35 00:02:58,420 --> 00:03:04,540 this script that P Y and if there is no argument provided then we'll actually print a message. 36 00:03:04,540 --> 00:03:12,700 So we're going to print this message sis or V 0 plus the message and then we're going to gracefully 37 00:03:12,820 --> 00:03:17,090 exit source's exit dot 1 OK. 38 00:03:17,230 --> 00:03:27,390 And then we were actually going to code the main functionality so we'll say rack equals requests gets. 39 00:03:27,490 --> 00:03:39,780 We'll make a get request to HD DP s and then we'll gonna make a request of the domain would provide 40 00:03:39,780 --> 00:03:41,420 as a command line argument. 41 00:03:41,430 --> 00:03:49,120 So that's going to be Sis are v 1 because this RV 0 is the name of this script. 42 00:03:49,350 --> 00:03:53,680 So this arguably one and then what do we want us to print the head there is. 43 00:03:54,150 --> 00:03:57,240 But first let's do a print message. 44 00:03:57,540 --> 00:04:10,600 So we'll say or an output will say on a new line plus string of rack dot headers. 45 00:04:10,600 --> 00:04:11,010 OK 46 00:04:14,750 --> 00:04:17,390 so and that's actually for the better grabbing. 47 00:04:17,390 --> 00:04:19,740 Next we want to get the hostname. 48 00:04:20,030 --> 00:04:27,560 And for that we're going to use the socket module so to be using the socket module we'll have to first 49 00:04:27,560 --> 00:04:28,360 imported. 50 00:04:28,430 --> 00:04:30,510 So we'll say import socket. 51 00:04:31,070 --> 00:04:34,550 OK now we go back here 52 00:04:38,280 --> 00:04:44,800 and in the socket module we have this function called Get host by name which we'll use. 53 00:04:45,160 --> 00:04:52,880 So first we instantiate the variable let's say get host by underscore and then we say socket. 54 00:04:52,880 --> 00:04:57,610 So we use the socket get host by name. 55 00:04:58,030 --> 00:05:00,810 This are the one. 56 00:05:01,150 --> 00:05:01,690 All right. 57 00:05:01,690 --> 00:05:06,580 And then we'll actually going to print it's also a print on a new line. 58 00:05:08,080 --> 00:05:20,260 We'll say the IP address would double D of and then plus. 59 00:05:20,320 --> 00:05:23,680 So sorry the one. 60 00:05:23,680 --> 00:05:25,640 All right. 61 00:05:26,440 --> 00:05:37,810 We'll add another string so plus a string is like that and then plus our variable get hosted by. 62 00:05:39,010 --> 00:05:40,470 OK. 63 00:05:40,540 --> 00:05:44,230 And then plus let's actually do another new line. 64 00:05:45,130 --> 00:05:48,140 So we're going to move on a new line once we finish this. 65 00:05:48,970 --> 00:05:49,950 This output. 66 00:05:50,020 --> 00:05:50,380 OK. 67 00:05:50,380 --> 00:05:52,570 And that the should actually do the trick. 68 00:05:52,930 --> 00:06:01,630 Now for the IP lookup part that I said we're going to do we want to get the location of this IP that's 69 00:06:01,820 --> 00:06:04,240 for us for our domain. 70 00:06:04,240 --> 00:06:10,480 So the location is gonna be we want to get the latitude and longitude and for that we're going to make 71 00:06:10,480 --> 00:06:20,680 a request to an API that provides this kind of service and that API is so in a comment here that API 72 00:06:20,950 --> 00:06:25,810 is IP and full IP info that I. 73 00:06:25,810 --> 00:06:34,660 So that's that's actually the API in Python we often use modules and also API to greatly enhance our 74 00:06:34,660 --> 00:06:35,090 work. 75 00:06:35,100 --> 00:06:42,040 And this is a very good example so for this we're going to make another request say rack on their score 76 00:06:42,080 --> 00:06:57,400 two equals requests get another get request to CTP yes IP in full thought I Oh OK. 77 00:06:57,550 --> 00:07:07,030 And then we're going to do we need to provide the IP so get hosted by underscore and then what we also 78 00:07:07,030 --> 00:07:13,850 need to provide is that we want our response to be in the J song format. 79 00:07:14,200 --> 00:07:18,340 So this is actually how we request to do IP info should look like. 80 00:07:18,340 --> 00:07:21,880 So IP info address plus the IP plus. 81 00:07:21,950 --> 00:07:24,530 Jason to get the request in the Jason format. 82 00:07:24,990 --> 00:07:25,490 Okay. 83 00:07:25,580 --> 00:07:32,380 So because this is going to being Jason we can manipulate Jason with the Jason module. 84 00:07:32,380 --> 00:07:37,680 So going back to the top here we need to import Jason. 85 00:07:38,440 --> 00:07:39,080 Okay. 86 00:07:39,100 --> 00:07:40,780 Now going back down here 87 00:07:43,810 --> 00:07:46,900 we use the load function to load the response. 88 00:07:46,900 --> 00:08:01,930 So let's say our ESB under score equals J song dot loads rack on their score to dot text and then we'll 89 00:08:01,930 --> 00:08:03,300 finally print what we need. 90 00:08:03,300 --> 00:08:08,410 So let's say the location the city and also the region. 91 00:08:08,410 --> 00:08:15,910 So this is like for prints let's say location 92 00:08:19,810 --> 00:08:31,180 is going to be the response on their score LOC that's the index which provides the location federal 93 00:08:31,180 --> 00:08:32,860 also print. 94 00:08:33,550 --> 00:08:34,090 Region 95 00:08:38,050 --> 00:08:38,620 plus 96 00:08:41,560 --> 00:08:49,150 response underscore in this case it's going to be region as you might guess. 97 00:08:49,480 --> 00:08:50,740 What else did I say. 98 00:08:50,800 --> 00:08:54,430 Print the city. 99 00:08:54,980 --> 00:08:56,800 Okay. 100 00:08:57,390 --> 00:09:04,320 Plus response on their score of course city. 101 00:09:04,320 --> 00:09:05,940 All right. 102 00:09:05,940 --> 00:09:09,400 And finally print it's also print. 103 00:09:09,420 --> 00:09:10,230 Country 104 00:09:13,880 --> 00:09:17,360 like that plus response 105 00:09:20,820 --> 00:09:21,630 country 106 00:09:25,490 --> 00:09:32,000 so I'm not being consistent here with these single double quotes. 107 00:09:32,000 --> 00:09:35,600 Let me actually make sure that I'm consistent. 108 00:09:35,810 --> 00:09:39,860 Just for I don't know better readability. 109 00:09:40,520 --> 00:09:44,330 So if I'm using doubles then I'll be using doubles 110 00:09:49,280 --> 00:09:50,450 OK. 111 00:09:50,580 --> 00:09:52,130 Now this is it for the call. 112 00:09:52,140 --> 00:09:55,790 So it's not as you can see there's not much do it. 113 00:09:56,100 --> 00:09:59,700 Now to test this we're gonna open up a command line. 114 00:09:59,910 --> 00:10:02,770 But first let's actually save this. 115 00:10:02,960 --> 00:10:03,390 All right. 116 00:10:03,390 --> 00:10:08,490 And now let's actually navigate to where this is located on the desktop. 117 00:10:09,030 --> 00:10:13,980 And then we can simply say five minus three because I'm using Python 3. 118 00:10:13,980 --> 00:10:15,910 Here we want to execute it. 119 00:10:16,140 --> 00:10:22,230 If you just have one installation of Python you can simply do Python and for racked up p y and then 120 00:10:22,230 --> 00:10:23,340 specify the domain. 121 00:10:23,370 --> 00:10:28,280 But in my case I do fine minus three in four record. 122 00:10:28,760 --> 00:10:38,040 And then let's say Google dot com because Google is probably not going to be offended by our small little 123 00:10:38,040 --> 00:10:41,420 recon here and then hit enter. 124 00:10:41,670 --> 00:10:46,350 We get it valid we get a syntax here we need to do a plus. 125 00:10:46,350 --> 00:10:46,850 All right. 126 00:10:46,970 --> 00:10:48,060 Now let's do that again 127 00:10:52,530 --> 00:10:53,100 OK. 128 00:10:53,100 --> 00:10:54,510 And there you have it. 129 00:10:54,600 --> 00:11:01,550 We have the request headers with quite a lot of information about the Google dot com. 130 00:11:01,550 --> 00:11:10,560 We have the IP address and we also have the location and of course we have the much needed invalid syntax 131 00:11:10,590 --> 00:11:11,150 error. 132 00:11:11,520 --> 00:11:15,150 And then we have a very nice response with all the information we requested. 133 00:11:15,180 --> 00:11:16,620 Now isn't that awesome. 134 00:11:16,620 --> 00:11:20,100 So Python allows for automation at its finest. 135 00:11:20,130 --> 00:11:25,680 I urge you to keep on experimenting with all the modules we've worked with here such as the service 136 00:11:25,880 --> 00:11:31,500 that requests the socket and the Jason because they will greatly simplify whatever projects you are 137 00:11:31,500 --> 00:11:36,410 working on be it in cyber security or other fields.