CRAWLING SUMMARY

Our crawler so far can guess:

  • Subdomains.
  • Directories.
  • Files.

Advantages:

->Discover "hidden" paths/paths admin does not want us to know.

Disadvantages:

-> Will does not discover everything.

Solution:

-> Analyse discovered paths to discover more paths.

#!/usr/bin/env python

import requests

def request(url):

    try:

        return requests.get("http://" + url)

    except requests.exceptions.ConnectionError:

        pass

target_url = "10.0.0.45/mutillidae/"

response = request(target_url)

print(response.content)

Python Ethical Hacking - WEB PENETRATION TESTING(3)的更多相关文章

  1. Python Ethical Hacking - WEB PENETRATION TESTING(1)

    WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. ...

  2. Python Ethical Hacking - WEB PENETRATION TESTING(2)

     CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories ...

  3. Python Ethical Hacking - WEB PENETRATION TESTING(5)

    Guessing Login Information on Login Pages Our target website: http://10.0.0.45/dvwa/login.php #!/usr ...

  4. Python Ethical Hacking - WEB PENETRATION TESTING(4)

    CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. ...

  5. Ethical Hacking - Web Penetration Testing(13)

    OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...

  6. Ethical Hacking - Web Penetration Testing(8)

    SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...

  7. Ethical Hacking - Web Penetration Testing(10)

    SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...

  8. Ethical Hacking - Web Penetration Testing(6)

    REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ...

  9. Ethical Hacking - Web Penetration Testing(4)

    CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be us ...

随机推荐

  1. vscode 常用变量

    ${workspaceFolder} the path of the workspace folder that contains the tasks.json file ${workspaceRoo ...

  2. c++_primer_第4版目录

    https://vdisk.weibo.com/s/BN_NALmbbBH01 第1章 快速入门1.1 编写简单的C++程序1.2 初窥输入/输出1.2.1 标准输入与输出对象1.2.2 一个使用IO ...

  3. Java二次复习笔记(1)

    Java二次复习笔记(1) Java采用的默认字符编码集是Unicode. byte=byte+byte报错,值为int,而byte+=byte不报错.同样short = short+short报错, ...

  4. zip矩阵转至

    list01=[1,2,3,4] list02=["a","b","c","d"] for itme in zip(li ...

  5. JavaWeb网上图书商城完整项目--day02-15.登录功能流程分析

    当用户点击登录界面的登录按钮的时候,将登录的用户名.密码和验证码上传到后台,后台的业务流程如下面所示:

  6. 1.记我的第一次python爬虫爬取网页视频

    It is my first time to public some notes on this platform, and I just want to improve myself by reco ...

  7. 10大HBase常见运维工具整理

    摘要:HBase自带许多运维工具,为用户提供管理.分析.修复和调试功能.本文将列举一些常用HBase工具,开发人员和运维人员可以参考本文内容,利用这些工具对HBase进行日常管理和运维. HBase组 ...

  8. 循环中的自变量-break和continue

    1.break 作用:break 用于终止循环的执行, 过程:当执行到break语句后,程序将跳出循环,执行循环语句后边的代码 i=1 while i<10: if i==5: break pr ...

  9. MySQL 前期准备

    一.数据库的基本概念 数据库的英文单词:DataBase,简称:DB. 数据库:用于存储和管理数据的仓库. 数据库的特点: 持久化存储数据的.其实数据库就是一个文件系统,是以文件的方式存在服务器的电脑 ...

  10. 在 Visual Studio 市场中发布项目扩展

    比较不错的开源项目中,尤其是类似于AbpNext这种级别的项目,我们都想要快速的尝试,如何提供快速给开发者提供模板是我们的一大难题.不过在VisualStudio中并没有这么难. 一.本地发布插件 就 ...