Python Ethical Hacking - VULNERABILITY SCANNER(1)

HTTP REQUESTS

BASIC INFORMATION FLOW

The user clicks on a link.
HTML website generates a request(client-side)
The request is sent to the server.
The server performs the requests(server-side)
Sends response back.

GET vs POST

Two main methods used to send data to the web application:

1. Through the URL(Usually using GET).

a. http://webisite.com/news.php?id=1

b. http://website.com/?id=1

2. Through input elements(Usually using POST).

a. Search boxes.

b. Login boxes.

c. ..etc.

Target website:http://10.0.0.45/mutillidae/index.php?page=dns-lookup.php

#!/usr/bin/env python

import requests
from bs4 import BeautifulSoup
from urllib.parse import urljoin

def request(url):
    try:
        return requests.get(url)
    except requests.exceptions.ConnectionError:
        pass

target_url = "http://10.0.0.45/mutillidae/index.php?page=dns-lookup.php"
response = request(target_url)

parsed_html = BeautifulSoup(response.content.decode())
forms_list = parsed_html.findAll("form")

for form in forms_list:
    action = form.get("action")
    post_url = urljoin(target_url, action)
    method = form.get("method")

    inputs_list = form.findAll("input")
    post_data = {}
    for input in inputs_list:
        input_name = input.get("name")
        input_type = input.get("type")
        input_value = input.get("value")
        if input_type == "text":
            input_value = "test"

        post_data[input_name] = input_value
    result = requests.post(post_url, data=post_data)
    print(result.content.decode())

Run the Python Code successfully.

原文地址：https://www.cnblogs.com/keepmoving1113/p/11707233.html

时间： 2024-11-06 03:55:13

Python Ethical Hacking - VULNERABILITY SCANNER(1)的相关文章

Python Ethical Hacking - VULNERABILITY SCANNER(2)

VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to check

Python Ethical Hacking - VULNERABILITY SCANNER(7)

VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to the web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to ch

Python Ethical Hacking - VULNERABILITY SCANNER(8)

Implementing Code To Discover XSS in Parameters 1. Watch the URL of the XSS reflected page carefully. 2. Add the test_xss_in_link method in the Scanner class. #!/usr/bin/env python import requests import re from bs4 import BeautifulSoup from urllib.

Python Ethical Hacking - VULNERABILITY SCANNER(5)

EXPLOITATION - XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The code is executed on the client machine, not the server. Three main types: 1. Persistent

Python Ethical Hacking - BACKDOORS(8)

Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specific resources. Result: They work on any OS with a python interpreter. If packaged, they will work on any OS if even if python is NOT installed. 原文地址:htt

Python Ethical Hacking - Basic Concetion

What is Hacking? Gaining unauthorized access. Hackers? 1.Black-hat Hackers 2.White-hat Hackers 3.Grey-hat Hackers WHAT IS A PROGRAM? A set of instructions to do a certain task or solve a problem. 原文地址:https://www.cnblogs.com/keepmoving1113/p/11332855

Python Ethical Hacking - Intercepting and Modifying Packets

INTERCEPTING & MODIFYING PACKETS Scapy can be used to: Create packets. Analyze packets. Send/receive packets. But it can't be used to intercept packets/flows. CLASSIC MITM SCENARIO MITM - SNIFFING DATA MITM - MODIFYING DATA 1. Execute the command -

Python Ethical Hacking - MODIFYING DATA IN HTTP LAYER（3）

Refactoring and Housekeeping: #!/usr/bin/env python import re from netfilterqueue import NetfilterQueue from scapy.layers.inet import TCP, IP from scapy.packet import Raw def set_load(packet, load): packet[Raw].load = load del packet[IP].len del pack

Python Ethical Hacking - Bypass HTTPS

HTTPS: Problem: Data in HTTP is sent as plain text. A MITM can read and edit requests and responses. -> not secure Solution: Use HTTPS. HTTPS is an adaptation of HTTP. Encrypt HTTP using TLS(Transport Layer Security) or SSL(Secure Sockets Layer). ARP