VULNERABILITY_SCANNERHow to discover a vulnerability in a web application?1. Go into every possible page.2. Look for ways to send data to web application(URL + Forms).3. Send payloads to discover vulnerabilities.4. Analyze the response to check of the website is vulnerable. ->General steps are the same regardless of the vulnerability. Class Scanner.#!/usr/bin/env pythonimport requests
import re
fr...
Socket Programming1. Scan the target Vulnerable Server. And test it by telnet.2. Write the scanner source code.import socketip = "10.0.0.32"for port in range(1,10000):try:s = socket.socket()s.connect((ip,port))s.close()print"%d/tcp" %(port)except:pass3. Execute the code. And the result is as following: 原文:https://www.cnblogs.com/keepmoving1113/p/11330072.html
Implementing Code To Discover XSS in Parameters
1. Watch the URL of the XSS reflected page carefully.
2. Add the test_xss_in_link method in the Scanner class.#!/usr/bin/env pythonimport requests
import re
from bs4 import BeautifulSoup
from urllib.parse import urljoinclass Scanner:def __init__(self, url, ignore_links):self.session = requests.Session()self.target_url = urlself.target_links = []...
VULNERABILITY_SCANNER
How to discover a vulnerability in a web application?
1. Go into every possible page.
2. Look for ways to send data to the web application(URL + Forms).
3. Send payloads to discover vulnerabilities.
4. Analyze the response to check of the website is vulnerable.
->General steps are the same regardless of the vulnerability.
Login the metasploitable VM and modify the securit...
EXPLOITATION - XSS VULNS
XSS - CROSS SITE SCRIPTING VULNSAllow an attacker to inject javascript code into the page.
The code is executed when the page loads.
The code is executed on the client machine, not the server.Three main types:
1. Persistent/Stored XSS.
2. Reflected XSS.
3.DOM-based XSS
DISCOVERING XSSTry to inject javascript code into the pages.
Test text boxes and URL parameters on the ...
Polish the Python code using sending requests in a session
Class Scanner.#!/usr/bin/env pythonimport requests
import re
from urllib.parse import urljoinclass Scanner:def __init__(self, url, ignore_links):self.session = requests.Session()self.target_url = urlself.target_links = []self.links_to_ignore = ignore_linksdef extract_links_from(self, url):response = self.session.get(url)return re.findall((...
VULNERABILITY_SCANNER
How to discover a vulnerability in a web application?
1. Go into every possible page.
2. Look for ways to send data to web application(URL + Forms).
3. Send payloads to discover vulnerabilities.
4. Analyze the response to check of the website is vulnerable.
->General steps are the same regardless of the vulnerability.
Class Scanner.#!/usr/bin/env pythonimport requests
imp...
我在使用python 2.7的ubunty 64并使用PyYAML-3.10
下面是我的yaml文件:host:localhost
username:root
password:test
database:test
operations_database:operations
treeroot:branch1:name: Node 1branch1-1:name: Node 1-1branch2:name: Node 2branch2-1:name: Node 2-1当我运行以下代码时,我得到以下错误.但是,如果我删除treeroot上方的行,则代码可以正常工作:from yaml import load, dump
try:from yaml import CLoader as Lo...