WHAT IS A WEBSITE

  • Computer with OS and some servers.
  • Apache, MySQL ...etc.
  • Cotains web application.
  • PHP, Python ...etc.
  • Web application is executed here and not on the client's machine.

How to hack a website?

  • An application installed on a computer.
  • ->web application pentesting
  • Computer uses an OS + other applications.
  • ->server side attacks.
  • Managed by humans.
  • ->client side attacks.

 INFORMATION GATHERING

  • IP address.
  • Domain name info.
  • Technologies used.
  • Other websites on the same server.
  • DNS records.
  • Files, sub-domains, directories.

CRAWLING SUBDOMAINS

  • Domains before the actual domain name.
  • Part of the main domain.

Ex:

  • subdomain.target.com
  • mail.google.com
  • plus.google.com
#!/usr/bin/env python

import requests

url = "baidu.com"

try:

    get_response = requests.get("http://" + url)

    print(get_response)

except requests.exceptions.ConnectionError:

    pass

Polished Python Code:

#!/usr/bin/env python

import requests

def request(url):

    try:

        return requests.get("http://" + url)

    except requests.exceptions.ConnectionError:

        pass

target_url = "baidu.com"

with open("subdomains.list", "r") as wordlist_file:

    for line in wordlist_file:

        word = line.strip()

        test_url = word + "." + target_url

        response = request(test_url)

        if response:

            print("[+] Discovered subdomain --> " + test_url)

Python Ethical Hacking - WEB PENETRATION TESTING(1)的更多相关文章

  1. Python Ethical Hacking - WEB PENETRATION TESTING(2)

     CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories ...

  2. Python Ethical Hacking - WEB PENETRATION TESTING(5)

    Guessing Login Information on Login Pages Our target website: http://10.0.0.45/dvwa/login.php #!/usr ...

  3. Python Ethical Hacking - WEB PENETRATION TESTING(4)

    CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. ...

  4. Python Ethical Hacking - WEB PENETRATION TESTING(3)

    CRAWLING SUMMARY Our crawler so far can guess: Subdomains. Directories. Files. Advantages: ->Disc ...

  5. Ethical Hacking - Web Penetration Testing(13)

    OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...

  6. Ethical Hacking - Web Penetration Testing(8)

    SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...

  7. Ethical Hacking - Web Penetration Testing(10)

    SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...

  8. Ethical Hacking - Web Penetration Testing(6)

    REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ...

  9. Ethical Hacking - Web Penetration Testing(4)

    CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be us ...

随机推荐

  1. cb08a_c++_顺序容器的操作1

    cb08a_c++_顺序容器的操作1容器定义的类型别名begin(闭区间)和end(开区间)成员{first,last)左闭右开,左包括,右不包括,end()指向最后一个的下一个. /*cb08a_c ...

  2. 深入理解 EF Core:EF Core 写入数据时发生了什么?

    阅读本文大概需要 14 分钟. 原文:https://bit.ly/2C67m1C 作者:Jon P Smith 翻译:王亮 声明:我翻译技术文章不是逐句翻译的,而是根据我自己的理解来表述的.其中可能 ...

  3. 手把手教你利用Docker+jenkins部署你的网站

    更新服务器的安装源为阿里的源,参考链接:https://blog.csdn.net/js_xh/article/details/79166655 安装docker; 1 更新资源 sudo apt-g ...

  4. kill杀死进程

    [root@queen ~]# kill 选项 %进程号 选项与参数: -l :这个是L 的小写,列出kill 能够使用的signal - :重新读取一次参数的设定档(类似reload) - :代表与 ...

  5. SSL/TSL 原理( 握手原理和传输原理)

    本文参考<计算机网络 自顶向下方法> 目录 背景 通信的4要素 SSL/TLS in Detail 通讯保证 The Handshake Protocol 1. Initial Clien ...

  6. Java面试必备Springioc上

    配置文件中 Proprety name值必须和 类中的成员变量private IUsedao  userDao一一对应 工程项目的代码为:

  7. 写给程序员的机器学习入门 (七) - 双向递归模型 (BRNN) - 根据上下文补全单词

    这一篇将会介绍什么是双向递归模型和如何使用双向递归模型实现根据上下文补全句子中的单词. 双向递归模型 到这里为止我们看到的例子都是按原有顺序把输入传给递归模型的,例如传递第一天股价会返回根据第一天股价 ...

  8. Chrome插件Postman的数据目录存储位置,记一次重装系统后找回postman数据的过程...

    有次重装系统到一块新的SSD磁盘,很多数据都做了备份就是忘记将Chrome插件Postman的数据做备份,导致重装后找不到以前定义的那些Collections.悔恨之余想到既然我原来的C盘还在,为何不 ...

  9. 如何在Linux下使用Tomcat部署Web应用(图文)

    学习Java必不可少的视同Tomcat,但是如果不会使用tomcat部署项目,那也是白扯,在这里教大家如果在Linux系统下视同Tomcat部署Web应用.   工具/原料   Apache-tomc ...

  10. hive中标准偏差函数stddev()详细讲解

    1.标准偏差概念 标准偏差(Std Dev,Standard Deviation) -统计学名词.一种度量数据分布的分散程度之标准,用以衡量数据值偏离算术平均值的程度.标准偏差越小,这些值偏离平均值就 ...