Python Ethical Hacking - WEB PENETRATION TESTING(1)
2024-09-20 12:38:50
WHAT IS A WEBSITE
- Computer with OS and some servers.
- Apache, MySQL ...etc.
- Cotains web application.
- PHP, Python ...etc.
- Web application is executed here and not on the client's machine.
How to hack a website?
- An application installed on a computer.
- ->web application pentesting
- Computer uses an OS + other applications.
- ->server side attacks.
- Managed by humans.
- ->client side attacks.
INFORMATION GATHERING
- IP address.
- Domain name info.
- Technologies used.
- Other websites on the same server.
- DNS records.
- Files, sub-domains, directories.
CRAWLING SUBDOMAINS
- Domains before the actual domain name.
- Part of the main domain.
Ex:
- subdomain.target.com
- mail.google.com
- plus.google.com
#!/usr/bin/env python import requests
url = "baidu.com"
try:
get_response = requests.get("http://" + url)
print(get_response)
except requests.exceptions.ConnectionError:
pass
Polished Python Code:
#!/usr/bin/env python import requests def request(url):
try:
return requests.get("http://" + url)
except requests.exceptions.ConnectionError:
pass target_url = "baidu.com" with open("subdomains.list", "r") as wordlist_file:
for line in wordlist_file:
word = line.strip()
test_url = word + "." + target_url
response = request(test_url)
if response:
print("[+] Discovered subdomain --> " + test_url)
最新文章
- 【转载】SSM框架整合
- apache中虚拟主机的配置
- PHP对redis操作详解【转】
- [Android]在Adapter的getView方法中绑定OnClickListener比较好的方法
- Oracle 11gR2 安装教学
- 今天发现新大陆:haml和Emmet
- iOS之 Mac下抓包工具使用wireshark
- Marriage Ceremonies(状态压缩dp)
- PySe-005-基础环境配置(Win7)
- matlab:clear,close,clc
- windows phone主题切换(换肤)
- apache、mod_jk负载均衡与tomcat集群
- jQuery选择器部分知识点总结
- 防止SQL注入攻击,数据库操作类
- rem的js
- python打包
- Unity - Photon PUN 本地与网络同步的逻辑分离 (二)
- MySQL5.6复制技术(4)-MySQL主从复制过滤参数
- summernote 文本编辑器使用时,选择上传图片、链接、录像时,弹出的对话框被遮挡住
- jhipser微服务架构介绍