Habu: Python Network Hacking Toolkit

These are essential capacities that assist with a few undertakings for Ethical Hacking and Penetration Testing. A great part of the capacities are truly essential (like get our open IP address), however are truly valuable sometimes.

Habu requires:

 

  • Click
  • Python (3.x),
  • Scapy-Python3
  • Matplotlib (Optional, only needed if you want to make some graphs)

 

Verbose Mode

Almost all commands implement the verbose mode with the ‘-v’ option. This can give you some extra info about what habu is doing.

Some Essential Commands:

 

  • habu.arpoison: ARP Poisoning

This command sends ARP ‘is-at’ packets to each victim, poisoning their ARP tables for send the traffic to your system.

  • habu.arpsniff: Discover devices on your LAN capturing ARP packets

This command listen for ARP packets and shows information each device.

  • habu.contest: Check your connection capabilities

This command tries to connect to various services and check if you can reach them using your internet connection.

 

  • habu.dhcp_discover: Discover DHCP servers

This command send a DHCP request and shows what devices has replied. Using the ‘-v’ parameter (verbose) you can see all the options (like DNS servers) included on the responses.

  • habu.eicar: Prints the EICAR test string

This command prints the EICAR test string that can be used to test antimalware engines.

  • habu.hasher: Computes various hashes with the input data

This command computes various hashes for the input data, that can be a file or a stream.

  • habu.ip: Prints your current public IP

This command prints your current public IP based on the response from https://api.ipify.org.

  • habu.isn: Prints the TCP sequence numbers for an IP

This command creates TCP connections and prints the TCP initial sequence numbers for each connections.

  • habu.land: Implements the LAND attack

This command implements the LAND attack, that sends packets forging the source IP address to be the same that the destination IP. Also uses the same source and destination port. The attack is very old, and can be used to make a Denial of Service on old systems, like Windows NT 4.0. More

  • habu.ping: ICMP echo requests

This command implements the classic ‘ping’ with ICMP echo requests.

  • habu.snmp_crack: SNMP Community Cracker

This command launches snmp-get queries against an IP, and tells you when finds a valid community string (is a simple SNMP cracker). The dictionary used is the distributed with the onesixtyone tool

  • habu.synflood: SYN Flood Attack Implementation

This command launches a lot of TCP connections and keeps them opened. Some very old systems can suffer a Denial of Service with this.

  • habu.tcpflags: TCP Flag Fuzzer

This command send TCP packets with different flags and tell you what responses receives. It can be used to analyze how the different TCP/IP stack implementations and configurations responds to packet with various flag combinations.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How To Create A Virtual Penetration Testing Lab At Home

In this article, I will demonstrate how to create your own virtual penetration testing lab at home. Creating a pentesting lab is must for...

The Importance of Cyber Security in The Medical Device Industry

Medical devices are a revolutionary aspect of healthcare - they connect doctors and patients, help diagnose and treat diseases. Some - like ECMO machines...

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...