In order to find more resources that are not linked in a web application, we need to create a brute forcer in order to discover resources using dictionary files.
- [Teacher] In the previous video,…we learned what is a brute forcer.…In this video, we're going to build a script that will help…us in discovering resources using a dictionary of words.…We're going to create a basic brute forcer.…We're going to start defining the objective of the tool.…And then, we're going to go over the code…of the basic structure of the brute forcer.…Finally, we're going to run it…against our test web application.…We're going to go back to our editor…and open the project folder for Section-4.…
Then we open the file, forzabruta.py.…In this script, we have the basic…structure for our brute forcer.…We have our typical imports,…and then we have the banner function…that will print the name of the script, the Usage function,…that will print a help on how to use the script.…Now let's jump to the function start,…which is invoked when we run our program.…
We print the banner, and then check…the parameters used to invoke our program.…We will then pass the parameters and assign…the URL, dictionary, and number of threads.…
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests