Python Ethical Hacking - WEB PENETRATION TESTING(1)
WHAT IS A WEBSITE
- Computer with OS and some servers.
- Apache, MySQL ...etc.
- Cotains web application.
- PHP, Python ...etc.
- Web application is executed here and not on the client's machine.
How to hack a website?
- An application installed on a computer.
- ->web application pentesting
- Computer uses an OS + other applications.
- ->server side attacks.
- Managed by humans.
- ->client side attacks.
INFORMATION GATHERING
- IP address.
- Domain name info.
- Technologies used.
- Other websites on the same server.
- DNS records.
- Files, sub-domains, directories.
CRAWLING SUBDOMAINS
- Domains before the actual domain name.
- Part of the main domain.
Ex:
- subdomain.target.com
- mail.google.com
- plus.google.com
#!/usr/bin/env python import requests
url = "baidu.com"
try:
get_response = requests.get("http://" + url)
print(get_response)
except requests.exceptions.ConnectionError:
pass
Polished Python Code:
#!/usr/bin/env python import requests def request(url):
try:
return requests.get("http://" + url)
except requests.exceptions.ConnectionError:
pass target_url = "baidu.com" with open("subdomains.list", "r") as wordlist_file:
for line in wordlist_file:
word = line.strip()
test_url = word + "." + target_url
response = request(test_url)
if response:
print("[+] Discovered subdomain --> " + test_url)
Python Ethical Hacking - WEB PENETRATION TESTING(1)的更多相关文章
- Python Ethical Hacking - WEB PENETRATION TESTING(2)
CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories ...
- Python Ethical Hacking - WEB PENETRATION TESTING(5)
Guessing Login Information on Login Pages Our target website: http://10.0.0.45/dvwa/login.php #!/usr ...
- Python Ethical Hacking - WEB PENETRATION TESTING(4)
CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. ...
- Python Ethical Hacking - WEB PENETRATION TESTING(3)
CRAWLING SUMMARY Our crawler so far can guess: Subdomains. Directories. Files. Advantages: ->Disc ...
- Ethical Hacking - Web Penetration Testing(13)
OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...
- Ethical Hacking - Web Penetration Testing(8)
SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...
- Ethical Hacking - Web Penetration Testing(10)
SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...
- Ethical Hacking - Web Penetration Testing(6)
REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ...
- Ethical Hacking - Web Penetration Testing(4)
CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be us ...
随机推荐
- Selenium自动化测试与练习
Selenium WebDriver 提供了web自动化各种语言(java python ruby等等) 调用接口库 提供 各种浏览器的驱动(web driver) 来驱动浏览器的 特点 测试程度可以 ...
- ViewPager2 学习
ViewPager2 延迟加载数据 ViewPager2 延迟加载数据 ViewPager 实现预加载的方案 ViewPager2 实现预加载的方案 总结 ViewPager 实现预加载的方案 背景 ...
- 触发器_实现ORACEL自动增长字段
实现XX表的字段code,为自动增长字段? 1.创建一个sequence,如图: 输入如下数据: S_COUNTRY为sequence名称 2.创建一个触发器,目的是在插入数据之前插入自动增长的数字, ...
- java并发——copyonwrite
今天在网上看到一个问题,问除了加锁之外,有没有其他方法来保证线程安全? ---- copyonwrite机制 一.copyonwrite机制 机制实现:写时复制, 在往集合中添加数据的时候,先拷贝存储 ...
- Python干货整理之数据结构篇
1 stack的实现 实现接口: init() 用于初始化stack,数据类型为list size() 用于获得stack的大小 push() 用于往栈中添加元素,添加的元素类型可以是int或者lis ...
- js事件入门(5)
5.窗口事件 5.1.onload事件 元素加载完成时触发,常用的就是window.onload window.onload = function(){ //等页面加载完成时执行这里的代码 } 5.1 ...
- 查看Oracle当前用户下的(表视图,同义词...)
查看Oracle当前用户下的信息(用户,表视图,索引,表空间,同义词,存储过程函数,约束条件) 0.表空间 SQL>select username,default_tablespace from ...
- 【写法总结】$.ajax与$.post、$.get 写法区别
原文: https://www.cnblogs.com/asdyzh/p/9807264.html 后台代码: [HttpPost] public string DoLogin(string us ...
- div嵌套引起的内层margin-top对外层div起作用
嵌套div中margin-top转移问题的解决办法在这两个浏览器中,有两个嵌套关系的div,如果外层div的父元素padding值为0,那么内层div的margin-top或者margin-botto ...
- 《UNIX环境高级编程》(APUE) 笔记第八章 - 进程控制
8 - 进程控制 Github 地址 1. 进程标识 每个进程都有一个非负整型表示的 唯一进程 ID .进程 ID 是可复用的(延迟复用算法). ID 为 \(0\) 的进程通常是调度进程,常常被称为 ...