Python Web Penetration Testing Cookbook

Book Image

Python Web Penetration Testing Cookbook

By : Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip

Book Image

Python Web Penetration Testing Cookbook

By: Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip

Overview of this book

Python Web Penetration Testing Cookbook

Python Web Penetration Testing Cookbook

Credits

About the Authors

About the Authors

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Gathering Open Source Intelligence

Gathering Open Source Intelligence

Gathering information using the Shodan API

Scripting a Google+ API search

Downloading profile pictures using the Google+ API

Harvesting additional results from the Google+ API using pagination

Getting screenshots of websites with QtWebKit

Screenshots based on a port list

Spidering websites

Enumeration

Performing a ping sweep with Scapy

Scanning with Scapy

Checking username validity

Brute forcing usernames

Enumerating files

Brute forcing passwords

Generating e-mail addresses from names

Finding e-mail addresses from web pages

Finding comments in source code

Vulnerability Identification

Vulnerability Identification

Automated URL-based Directory Traversal

Automated URL-based Cross-site scripting

Automated parameter-based Cross-site scripting

Automated fuzzing

jQuery checking

Header-based Cross-site scripting

Shellshock checking

SQL Injection

Checking jitter

Identifying URL-based SQLi

Exploiting Boolean SQLi

Exploiting Blind SQL Injection

Encoding payloads

Web Header Manipulation

Web Header Manipulation

Testing HTTP methods

Fingerprinting servers through HTTP headers

Testing for insecure headers

Brute forcing login through the Authorization header

Testing for clickjacking vulnerabilities

Identifying alternative sites by spoofing user agents

Testing for insecure cookie flags

Session fixation through a cookie injection

Image Analysis and Manipulation

Image Analysis and Manipulation

Hiding a message using LSB steganography

Extracting messages hidden in LSB

Hiding text in images

Extracting text from images

Enabling command and control using steganography

Encryption and Encoding

Encryption and Encoding

Generating an MD5 hash

Generating an SHA 1/128/256 hash

Implementing SHA and MD5 hashes together

Implementing SHA in a real-world scenario

Generating a Bcrypt hash

Cracking an MD5 hash

Encoding with Base64

Encoding with ROT13

Cracking a substitution cipher

Cracking the Atbash cipher

Attacking one-time pad reuse

Predicting a linear congruential generator

Identifying hashes

Payloads and Shells

Payloads and Shells

Extracting data through HTTP requests

Creating an HTTP C2

Creating an FTP C2

Creating an Twitter C2

Creating a simple Netcat shell

Reporting

Converting Nmap XML to CSV

Extracting links from a URL to Maltego

Extracting e-mails to Maltego

Parsing Sslscan into CSV

Generating graphs using plot.ly

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Automated parameter-based Cross-site scripting

I've already stated that Cross-site scripting is absurdly easy. Amusingly, it is slightly harder to perform stored Cross-site scripting in a scripted fashion. I should probably take back my earlier words at this point, but whatever. The difficulty here is that systems often take an input structure from one page, submit to another page, and return a third page. The following script is designed to handle that most complex of structures.

We will create a script that takes three input values, reads, and submits to all three correctly and checks for success. It shares code with the earlier URL-based Cross-site scripting but differs fundamentally in its execution.

How to do it…

The following script is the functioning test. It is a script that is designed to be manually edited in a framework similar to sublime text or an IDE, as stored XSS is likely to require fiddling:

import requests
import sys
from bs4 import BeautifulSoup, SoupStrainer
url = "http...