Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/RiccardoAncarani/python_offensive_scripts

A collection of Python scripts to automate/help during a pentest
https://github.com/RiccardoAncarani/python_offensive_scripts

penetration-testing python security-tools

Last synced: 3 months ago
JSON representation

A collection of Python scripts to automate/help during a pentest

Host: GitHub
URL: https://github.com/RiccardoAncarani/python_offensive_scripts
Owner: RiccardoAncarani
Created: 2017-04-08T11:33:40.000Z (about 7 years ago)
Default Branch: master
Last Pushed: 2017-04-09T08:52:58.000Z (about 7 years ago)
Last Synced: 2024-01-16T12:36:00.890Z (5 months ago)
Topics: penetration-testing, python, security-tools
Language: Python
Size: 4.88 KB
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Lists

awesome-stars - RiccardoAncarani/python_offensive_scripts - A collection of Python scripts to automate/help during a pentest (Python)

README

        # python_offensive_scripts

## A collection of Python scripts to automate/help during a pentest  

Borrowed some of the scripts from https://github.com/brandonprry/gray_hat_csharp_code

and translated them in **python** (and made them smarter).


## xss_fuzzer

An easy and stupid XSS fuzzer that fuzz all parameters (still missing headers, it's in the TODO list)

with a small payload list.


The script tries to detect an XSS vuln if the payload is rendered in the HTML output (but no check if the js is executed)

The usage of the script is pretty easy (and sqlmap like):

```bash

python xss_fuzzer.py --url  --cookie  --data  -v 

```

Where:

+ `--url`: The target URL

+ `--cookie`: The cookie string, if needed

+ `--data`: The data for the POST request

+ `-v`: Enables the verbose mode, use `git diff` to spot differences between correct requests and malformed ones (with the payloads)

An example (**bWAPP** - Reflected XSS (GET)):

```bash

python xss_fuzzer.py --url "http://172.16.13.130/bWAPP/xss_get.php?firstname=a&lastname=a&form=submit" --cookie "acopendivids=swingset,jotto,phpbb2,redmine; acgroupswithpersist=nada; PHPSESSID=creb27ffbb441il42ips8515j5; security_level=0"  

[!] Found payload: alert(1) in body for param: lastname

[!] Found payload: ">alert(1) in body for param: lastname

[!] Found payload: " onerror="alert(1)" in body for param: lastname

[!] Found payload: alert(1) in body for param: firstname

[!] Found payload: ">alert(1) in body for param: firstname

[!] Found payload: " onerror="alert(1)" in body for param: firstname

```

### Notes:

+ Actually, there is no need to use such a simple payload list if there is no check on JS execution.


More sofisticated and encoded payloads will be more useful, I'll add them ASAP.

+ Replicate the -p option in sqlmap