Automatically Discovering Vulnerabilities Using the Vulnerability Scanner 1. Modify the run_scanner method in the scanner class. #!/usr/bin/env python import requests import re from bs4 import BeautifulSoup from urllib.parse import urljoin class Scan…
VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to the web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to ch…
Extracting & Submitting Forms Automatically Target website:http://10.0.0.45/dvwa/vulnerabilities/xss_r/ Class Scanner. #!/usr/bin/env python import requests import re from bs4 import BeautifulSoup from urllib.parse import urljoin class Scanner: def _…
VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to check…
Implementing Code To Discover XSS in Parameters 1. Watch the URL of the XSS reflected page carefully. 2. Add the  test_xss_in_link method in the Scanner class. #!/usr/bin/env python import requests import re from bs4 import BeautifulSoup from urllib.…
Polish the Python code using sending requests in a session Class Scanner. #!/usr/bin/env python import requests import re from urllib.parse import urljoin class Scanner: def __init__(self, url, ignore_links): self.session = requests.Session() self.ta…
HTTP REQUESTS BASIC INFORMATION FLOW The user clicks on a link. HTML website generates a request(client-side) The request is sent to the server. The server performs the requests(server-side) Sends response back. GET vs POST Two main methods used to s…
EXPLOITATION - XSS VULNS EXPLOITING XSS Run any javascript code. Beef framework can be used to hook targets. Inject Beef hook in vulnerable pages. Execute code from beef. BeEF is short for The Browser Exploitation Framework. It is a penetration testi…
EXPLOITATION - XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The code is executed on the client machine, not the server. Three main types: 1. Persistent…
Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specific resources. Result: They work on any OS with a python interpreter. If packaged, they will work on any OS if even if python is NOT installed.…