Book Image

Python Web Penetration Testing Cookbook

By : Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip
Book Image

Python Web Penetration Testing Cookbook

By: Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip

Overview of this book

Table of Contents (16 chapters)
Python Web Penetration Testing Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Parsing Sslscan into CSV


Sslscan is a tool used to enumerate the ciphers supported by HTTPS sites. Knowing the ciphers that are supported by a site is useful in web application testing. This is even more useful in a penetration test if some of the supported ciphers are weak.

How to do it…

This recipe will run Sslscan on a specified IP address and output the results into a CSV format:

import subprocess
import sys

ipfile = sys.argv[1]

IPs = open(ipfile, “r”)
output = open(“sslscan.csv”, “w+”)

for IP in IPs:
  try:
    command = “sslscan “+IP

    ciphers = subprocess.check_output(command.split())

    for line in ciphers.splitlines():
      if “Accepted” in line:
        output.write(IP+”,”+line.split()[1]+”,”+ line.split()[4]+”,”+line.split()[2]+”\r”)
  except:
    pass

How it works…

We first import the necessary modules and assign the filename supplied in the argument to a variable:

import subprocess
import sys

ipfile = sys.argv[1]

The filename supplied should point to a file containing a...