Python Ethical Hacking - WEB PENETRATION TESTING(1)
WHAT IS A WEBSITE
- Computer with OS and some servers.
- Apache, MySQL ...etc.
- Cotains web application.
- PHP, Python ...etc.
- Web application is executed here and not on the client's machine.
How to hack a website?
- An application installed on a computer.
- ->web application pentesting
- Computer uses an OS + other applications.
- ->server side attacks.
- Managed by humans.
- ->client side attacks.
INFORMATION GATHERING
- IP address.
- Domain name info.
- Technologies used.
- Other websites on the same server.
- DNS records.
- Files, sub-domains, directories.
CRAWLING SUBDOMAINS
- Domains before the actual domain name.
- Part of the main domain.
Ex:
- subdomain.target.com
- mail.google.com
- plus.google.com
#!/usr/bin/env python import requests
url = "baidu.com"
try:
get_response = requests.get("http://" + url)
print(get_response)
except requests.exceptions.ConnectionError:
pass
Polished Python Code:
#!/usr/bin/env python import requests def request(url):
try:
return requests.get("http://" + url)
except requests.exceptions.ConnectionError:
pass target_url = "baidu.com" with open("subdomains.list", "r") as wordlist_file:
for line in wordlist_file:
word = line.strip()
test_url = word + "." + target_url
response = request(test_url)
if response:
print("[+] Discovered subdomain --> " + test_url)
Python Ethical Hacking - WEB PENETRATION TESTING(1)的更多相关文章
- Python Ethical Hacking - WEB PENETRATION TESTING(2)
CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories ...
- Python Ethical Hacking - WEB PENETRATION TESTING(5)
Guessing Login Information on Login Pages Our target website: http://10.0.0.45/dvwa/login.php #!/usr ...
- Python Ethical Hacking - WEB PENETRATION TESTING(4)
CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. ...
- Python Ethical Hacking - WEB PENETRATION TESTING(3)
CRAWLING SUMMARY Our crawler so far can guess: Subdomains. Directories. Files. Advantages: ->Disc ...
- Ethical Hacking - Web Penetration Testing(13)
OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...
- Ethical Hacking - Web Penetration Testing(8)
SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...
- Ethical Hacking - Web Penetration Testing(10)
SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...
- Ethical Hacking - Web Penetration Testing(6)
REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ...
- Ethical Hacking - Web Penetration Testing(4)
CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be us ...
随机推荐
- 02 . Ansible高级用法(运维开发篇)
自动化任务简介 假设我们要在10台linux服务器上安装一个nginx服务,手动是如何做的? # 第一步, ssh登录NUM(1,n)服务器 # 第二步,输入对应服务器密码 # 第三步,执行命令: y ...
- JDBC——什么是JDBC?
JDBC:Java数据库连接(Java DataBase Connectivity),是Java语言中用来规范客户端如何程序如何来访问数据库的应用程序接口(API),提供了诸如查询和更新数据库中数据的 ...
- psp表格
陈康杰psp表格 PSP2.1 Personal Software Process Stages 预估耗时(分钟) 实际耗时(分钟) Planning 计划 10 10 Estimate 估计这个任务 ...
- JavaWeb网上图书商城完整项目--过滤器解决中文乱码
我们知道,如果是POST请求,我们需要调用request.setCharacterEncoding(“utf-8”)方法来设计编码:如果是GET请求,我们需要自己手动来处理编码问题.如果我们使用了En ...
- java 加密与解密艺术二
首先需要明确的是RSA的密钥对不能手动指定,需要通过代码系统生成 接下来我们来介绍下生成密钥对 package com.weiyuan.test; import java.security.KeyPa ...
- IDEA记坑之移动项目文件之后,import 找不到文件以及出现Cannot access的问题
今天本想挪动下文件,使项目更加可观,易整理,但是挪动后出现各种问题,import xxx;全部飘红.部分切面还出现Cannot access:试过了重启idea,rebuild....各种方法都行不通 ...
- eclipse导入git项目
复制项目的git路径 Eclipse打开 Git Repostitories 视图 弹出show view窗口 选择ok ,进入git repositories 视图窗口 我这里已经导入从我的git仓 ...
- hive sql 解析json
在hive中会有很多数据是用json格式来存储的,而我们用数据的时候又必须要将json格式的数据解析成为正常的数据,今天我们就来聊聊hive中是如何解析json数据的. 下面这张表就是json格式的表 ...
- 猿灯塔:最详细Dubbo相关面试题!
1.Dubbo是什么? Dubbo是阿里巴巴开源的基于 Java 的高性能 RPC 分布式服务框架,现已成为 Apache 基金会孵化项目. 面试官问你如果这个都不清楚,那下面的就没必要问了. 官网: ...
- Validate表单验证插件之常用参数介绍
Validate常用的一些参数和方法 1.errorElement 修改显示错误提示信息的HTML标签.默认是<label>,可以指定为<span>.... $("# ...