嗯!拖延症晚期,已经无可救药,熬了两个晚上的夜,基本也把计算机网络课程设计的网络扫描器的功能实现了。 其实,写个扫描器也挺好玩的,牵涉到了RAW Socket编程,可以尽情地DIY数据包(当然,不符合数据包规则,比如checksum错误就没办法了),收获颇深。其中,我觉得用C语言写更有利于在编写过程中对加深对计算机网络的理解,特别是数据包细节。但是由于效率问题,还有Python真是太好用了(自从用了python,日常再也不想去碰C...
VULNERABILITY_SCANNERHow to discover a vulnerability in a web application?1. Go into every possible page.2. Look for ways to send data to web application(URL + Forms).3. Send payloads to discover vulnerabilities.4. Analyze the response to check of the website is vulnerable. ->General steps are the same regardless of the vulnerability. Class Scanner.#!/usr/bin/env pythonimport requests import re fr...
Socket Programming1. Scan the target Vulnerable Server. And test it by telnet.2. Write the scanner source code.import socketip = "10.0.0.32"for port in range(1,10000):try:s = socket.socket()s.connect((ip,port))s.close()print"%d/tcp" %(port)except:pass3. Execute the code. And the result is as following: 原文:https://www.cnblogs.com/keepmoving1113/p/11330072.html
Implementing Code To Discover XSS in Parameters 1. Watch the URL of the XSS reflected page carefully. 2. Add the test_xss_in_link method in the Scanner class.#!/usr/bin/env pythonimport requests import re from bs4 import BeautifulSoup from urllib.parse import urljoinclass Scanner:def __init__(self, url, ignore_links):self.session = requests.Session()self.target_url = urlself.target_links = []...
VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to the web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to check of the website is vulnerable. ->General steps are the same regardless of the vulnerability. Login the metasploitable VM and modify the securit...
EXPLOITATION - XSS VULNS XSS - CROSS SITE SCRIPTING VULNSAllow an attacker to inject javascript code into the page. The code is executed when the page loads. The code is executed on the client machine, not the server.Three main types: 1. Persistent/Stored XSS. 2. Reflected XSS. 3.DOM-based XSS DISCOVERING XSSTry to inject javascript code into the pages. Test text boxes and URL parameters on the ...
Polish the Python code using sending requests in a session Class Scanner.#!/usr/bin/env pythonimport requests import re from urllib.parse import urljoinclass Scanner:def __init__(self, url, ignore_links):self.session = requests.Session()self.target_url = urlself.target_links = []self.links_to_ignore = ignore_linksdef extract_links_from(self, url):response = self.session.get(url)return re.findall((...
VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to check of the website is vulnerable. ->General steps are the same regardless of the vulnerability. Class Scanner.#!/usr/bin/env pythonimport requests imp...
我在使用python 2.7的ubunty 64并使用PyYAML-3.10 下面是我的yaml文件:host:localhost username:root password:test database:test operations_database:operations treeroot:branch1:name: Node 1branch1-1:name: Node 1-1branch2:name: Node 2branch2-1:name: Node 2-1当我运行以下代码时,我得到以下错误.但是,如果我删除treeroot上方的行,则代码可以正常工作:from yaml import load, dump try:from yaml import CLoader as Lo...