CRAWING DIRECTORIES

  • Directories/folders inside the web root.
  • Can contain files or other directories.

Ex:

  • target.com/directory
  • plus.google.com/discover

Target: Metasploitable2-Linux

#!/usr/bin/env python

import requests

def request(url):

    try:

        return requests.get("http://" + url)

    except requests.exceptions.ConnectionError:

        pass

target_url = "10.0.0.45/mutillidae/"

with open("common.list", "r") as wordlist_file:

    for line in wordlist_file:

        word = line.strip()

        response = request(test_url)

        if response:

            print("[+] Discovered URL --> " + test_url)

WoW, Amazing!

Python Ethical Hacking - WEB PENETRATION TESTING(2)的更多相关文章

  1. Python Ethical Hacking - WEB PENETRATION TESTING(1)

    WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. ...

  2. Python Ethical Hacking - WEB PENETRATION TESTING(5)

    Guessing Login Information on Login Pages Our target website: http://10.0.0.45/dvwa/login.php #!/usr ...

  3. Python Ethical Hacking - WEB PENETRATION TESTING(4)

    CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. ...

  4. Python Ethical Hacking - WEB PENETRATION TESTING(3)

    CRAWLING SUMMARY Our crawler so far can guess: Subdomains. Directories. Files. Advantages: ->Disc ...

  5. Ethical Hacking - Web Penetration Testing(13)

    OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...

  6. Ethical Hacking - Web Penetration Testing(8)

    SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...

  7. Ethical Hacking - Web Penetration Testing(10)

    SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...

  8. Ethical Hacking - Web Penetration Testing(6)

    REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ...

  9. Ethical Hacking - Web Penetration Testing(4)

    CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be us ...

随机推荐

  1. 为什么Web开发人员在2020年不用最新的CSS功能

    转载请注明出处:葡萄城官网,葡萄城为开发者提供专业的开发工具.解决方案和服务,赋能开发者. 原文出处:https://dzone.com/articles/why-masses-are-not-usi ...

  2. VS2017未安装MFC解决方法

    VS2017未安装MFC解决方法 https://blog.csdn.net/u010921682/article/details/89847395

  3. Ray射线检测和Recources.Load

    记录射线检测常用的方法,以及Rocources.Load的常用用法 使用代码实现鼠标点击在鼠标点击处生成制定gameObject RayCastHit hit; void Update() { Ray ...

  4. 运行 docker .... 命令报错

    一.检查 Linux 上是有存在 docker [root@localhost bin]# docker version 不存在 docker 时,可以使用如下命令下载 docker [root@lo ...

  5. 【DMCP】2020-CVPR-DMCP Differentiable Markov Channel Pruning for Neural Networks-论文阅读

    DMCP 2020-CVPR-DMCP Differentiable Markov Channel Pruning for Neural Networks Shaopeng Guo(sensetime ...

  6. 手把手教你使用Python抓取QQ音乐数据(第一弹)

    [一.项目目标] 获取 QQ 音乐指定歌手单曲排行指定页数的歌曲的歌名.专辑名.播放链接. 由浅入深,层层递进,非常适合刚入门的同学练手. [二.需要的库] 主要涉及的库有:requests.json ...

  7. 大文件上传、断点续传、秒传、beego、vue

    大文件上传 0.项目源码地址 源码地址 :https://github.com/zhuchangwu/large-file-upload 它是个demo,仅供参考 前端基于 vue-simple-up ...

  8. jQuery处理默认配置参数(将一个或多个对象的内容合并到目标对象)

    问题 我们在封装一个函数时, 需要别人传递一个json对象作为参数, 而用户可能只传入部分参数, 这是就可以利用$extend()来与合并到默认JSON参数合并. // 程序需要的参数 var def ...

  9. 洛谷 P1196 【银河英雄传说】

    这道题其实就是一个带权并查集的基础题,维护的是点权,所以我们要维护两个数组dis:表示当前点到父亲节点的距离,size:当前子树的大小.那么程序就自然出来了: 代码: #include <bit ...

  10. 使用.net standard实现不同内网端口的互通(类似花生壳)

    应用场景 1.公司电脑与家中电脑的远程控制,一般通过teamview.向日葵等软件,端口互通后,可以使用电脑自带的远程桌面 2.家中电脑搭建SVN.git仓库,在外网或者内网访问,一般使用云服务器,端 ...