Python Ethical Hacking - WEB PENETRATION TESTING(1)
WHAT IS A WEBSITE
- Computer with OS and some servers.
- Apache, MySQL ...etc.
- Cotains web application.
- PHP, Python ...etc.
- Web application is executed here and not on the client's machine.
How to hack a website?
- An application installed on a computer.
- ->web application pentesting
- Computer uses an OS + other applications.
- ->server side attacks.
- Managed by humans.
- ->client side attacks.
INFORMATION GATHERING
- IP address.
- Domain name info.
- Technologies used.
- Other websites on the same server.
- DNS records.
- Files, sub-domains, directories.
CRAWLING SUBDOMAINS
- Domains before the actual domain name.
- Part of the main domain.
Ex:
- subdomain.target.com
- mail.google.com
- plus.google.com
#!/usr/bin/env python import requests
url = "baidu.com"
try:
get_response = requests.get("http://" + url)
print(get_response)
except requests.exceptions.ConnectionError:
pass
Polished Python Code:
#!/usr/bin/env python import requests def request(url):
try:
return requests.get("http://" + url)
except requests.exceptions.ConnectionError:
pass target_url = "baidu.com" with open("subdomains.list", "r") as wordlist_file:
for line in wordlist_file:
word = line.strip()
test_url = word + "." + target_url
response = request(test_url)
if response:
print("[+] Discovered subdomain --> " + test_url)
Python Ethical Hacking - WEB PENETRATION TESTING(1)的更多相关文章
- Python Ethical Hacking - WEB PENETRATION TESTING(2)
CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories ...
- Python Ethical Hacking - WEB PENETRATION TESTING(5)
Guessing Login Information on Login Pages Our target website: http://10.0.0.45/dvwa/login.php #!/usr ...
- Python Ethical Hacking - WEB PENETRATION TESTING(4)
CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. ...
- Python Ethical Hacking - WEB PENETRATION TESTING(3)
CRAWLING SUMMARY Our crawler so far can guess: Subdomains. Directories. Files. Advantages: ->Disc ...
- Ethical Hacking - Web Penetration Testing(13)
OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...
- Ethical Hacking - Web Penetration Testing(8)
SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...
- Ethical Hacking - Web Penetration Testing(10)
SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...
- Ethical Hacking - Web Penetration Testing(6)
REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ...
- Ethical Hacking - Web Penetration Testing(4)
CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be us ...
随机推荐
- 微信小程序-APP生命周期与运行机制
QQ讨论群:785071190 开发微信小程序之前需要先了解微信小程序运行机制以及其生命周期,小程序APP生命周期需要先从app.js这个文件开始. 阅读过"微信小程序-代码构成" ...
- Linux-基于公私钥实现免密码登录
STEP1 在任意一个Linux机器上利用ssh-keygen 命令选择一种加密算法,生成一个密钥对.输入保存密钥对的位置和密码,输入完毕会在指定的目录,默认为/root/.ssh/下生成密钥对 语法 ...
- html+css快速入门教程(3)
练习: 1.画盒子 2.相框 5 基础选择器 5.1 id选择器 ID选择器与类选择器的定义与引用方式类似,只是定义的符号不一样.ID通常表示唯一值,因此,ID选择器在CSS 中通常只出现一次.如果出 ...
- 浅谈pyautogui模块
pyautogui模块 PyAutoGUI--让所有GUI都自动化 安装代码: pip install pyautogui 目的 PyAutoGUI是一个纯Python的GUI自动化工具,其目的是可以 ...
- 阿里云centos7安装redis全过程记录
Redis下载地址:https://redis.io/download(这个连接可能得翻墙查看,但是在centos7服务器上安装过程不需要翻墙,我查看了最新的是redis-4.0.9.tar.gz ) ...
- vs2017,vs2019 无法连接到Web服务器“IIS Express”
不知道啥原因,突然就不能访问了 我的解决方式: 在项目的根目录下显示所有隐藏的文件,找到.vs文件夹,删除: 重启项目,尝试运行,发现正常了. (完)
- iview表单验证--数字必填+校验
直接使用: { required: true, type:"integer", message:"请填写整数", trigger: "blur&quo ...
- Spring笔记(3) - debug源码AOP原理解析
案例 @EnableAspectJAutoProxy//开启基于注解的aop模式 @Configuration public class AOPConfig { //业务逻辑类加入容器中 @Bean ...
- CSS五种方式实现 Footer 置底
页脚置底(Sticky footer)就是让网页的footer部分始终在浏览器窗口的底部.当网页内容足够长以至超出浏览器可视高度时,页脚会随着内容被推到网页底部:但如果网页内容不够长,置底的页脚就会保 ...
- css伪选择器使用总结——css中关于伪类和伪元素的知识总汇
CSS 伪类用于向某些选择器添加特殊的效果,而CSS引入伪类和伪元素的概念是为了实现基于文档树之外的信息的格式化.这里讲总结关于css伪类和伪元素的相关使用 伪元素 :before/:before 在 ...