Book Image

Python Web Penetration Testing Cookbook

By : Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip
Book Image

Python Web Penetration Testing Cookbook

By: Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip

Overview of this book

Table of Contents (16 chapters)
Python Web Penetration Testing Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Brute forcing usernames


For small but regular instances, a small tool that enables you to quickly check something will suffice. What about those bigger jobs? Maybe you've got a big haul from open source intelligence gathering and you want to see which of those users use an application you are targeting. This recipe will show you how to automate the process of checking for usernames that you have stored in a file.

Getting ready

Before you use this recipe, you will need to acquire a list of usernames to test. This can either be something you have created yourself, or you can use a word list found within Kali. If you need to create your own list, a good place to start would be to use common names that are likely to be found in a web application. These could include usernames such as user, admin, administrator, and so on.

How to do it…

This script will attempt to check usernames in a list provided to determine whether or not an account exists within the application:

#brute force username enumeration...