Python Ethical Hacking - WEB PENETRATION TESTING(3)
CRAWLING SUMMARY
Our crawler so far can guess:
- Subdomains.
- Directories.
- Files.
Advantages:
->Discover "hidden" paths/paths admin does not want us to know.
Disadvantages:
-> Will does not discover everything.
Solution:
-> Analyse discovered paths to discover more paths.
#!/usr/bin/env python import requests def request(url):
try:
return requests.get("http://" + url)
except requests.exceptions.ConnectionError:
pass target_url = "10.0.0.45/mutillidae/" response = request(target_url) print(response.content)
Python Ethical Hacking - WEB PENETRATION TESTING(3)的更多相关文章
- Python Ethical Hacking - WEB PENETRATION TESTING(1)
WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. ...
- Python Ethical Hacking - WEB PENETRATION TESTING(2)
CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories ...
- Python Ethical Hacking - WEB PENETRATION TESTING(5)
Guessing Login Information on Login Pages Our target website: http://10.0.0.45/dvwa/login.php #!/usr ...
- Python Ethical Hacking - WEB PENETRATION TESTING(4)
CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. ...
- Ethical Hacking - Web Penetration Testing(13)
OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...
- Ethical Hacking - Web Penetration Testing(8)
SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...
- Ethical Hacking - Web Penetration Testing(10)
SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...
- Ethical Hacking - Web Penetration Testing(6)
REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ...
- Ethical Hacking - Web Penetration Testing(4)
CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be us ...
随机推荐
- redis cluster集群中键的分布算法
Redis Cluster Redis Cluster是Redis的作者 Antirez 提供的 Redis 集群方案 —— 官方多机部署方案,每组Redis Cluster是由多个Redis实例组成 ...
- 入门大数据---Hive数据查询详解
一.数据准备 为了演示查询操作,这里需要预先创建三张表,并加载测试数据. 数据文件 emp.txt 和 dept.txt 可以从本仓库的resources 目录下载. 1.1 员工表 -- 建表语句 ...
- 09 . Prometheus监控tomcat+jvm
List CentOS7.3 prometheus-2.2.1.linux-amd64.tar.gz redis_exporter-v0.30.0.linux-amd64.tar.gz 节点名 IP ...
- Bootstrap 3.3
https://jeesite.gitee.io/front/bootstrap/3.3/v3.bootcss.com/index.htm
- java重试
项目中有很多需要重试的场景,而每次都得写如下的逻辑 for (int i=0;i++;i<retry){ try{ do(//逻辑代码); if(success){ break; } }catc ...
- 线程的创建方式以及synchronize的使用
线程的两种创建方式 继承 Thread class Thr extends Thread { @Override public void run() { Thread.cur ...
- Python趣味入门4:选择往往是最重要的-条件语句
人生处处有选择,程序也有选择,为了让程序变得更加强壮,程序员必须考虑任何情况,上一篇了解到了如何使用Python来行顺序语句的编写,我们写了一个可以输入姓名的生日祝贺程序,今天我们挑战条件语句! 1. ...
- (二)ELK Filebeat简介
Filebeat简介 轻量级的日志传输工具,是一个日志文件托运工具,在你的服务器上安装客户端后,filebeat会监控日志目录或者指定的日志文件,追踪读取这些文件(追踪文件的变化,不停的读),并且 ...
- Code Forces 796C Bank Hacking(贪心)
Code Forces 796C Bank Hacking 题目大意 给一棵树,有\(n\)个点,\(n-1\)条边,现在让你决策出一个点作为起点,去掉这个点,然后这个点连接的所有点权值+=1,然后再 ...
- Python GIL(全局解释器锁)
理解并发和并行 并行:多个CPU同时执行多个不同的多任务. 就像两个程序(进程),这两个程序是真的在不同的CPU内同时执行多个任务. 并发:CPU切换处理不同的多任务, 还是有两个程序,但只有一个CP ...