Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/RiccardoAncarani/python_offensive_scripts
A collection of Python scripts to automate/help during a pentest
https://github.com/RiccardoAncarani/python_offensive_scripts
penetration-testing python security-tools
Last synced: 14 days ago
JSON representation
A collection of Python scripts to automate/help during a pentest
- Host: GitHub
- URL: https://github.com/RiccardoAncarani/python_offensive_scripts
- Owner: RiccardoAncarani
- Created: 2017-04-08T11:33:40.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2017-04-09T08:52:58.000Z (over 7 years ago)
- Last Synced: 2024-08-01T19:43:37.076Z (3 months ago)
- Topics: penetration-testing, python, security-tools
- Language: Python
- Size: 4.88 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# python_offensive_scripts
## A collection of Python scripts to automate/help during a pentestBorrowed some of the scripts from https://github.com/brandonprry/gray_hat_csharp_code
and translated them in **python** (and made them smarter).## xss_fuzzer
An easy and stupid XSS fuzzer that fuzz all parameters (still missing headers, it's in the TODO list)
with a small payload list.
The script tries to detect an XSS vuln if the payload is rendered in the HTML output (but no check if the js is executed)
The usage of the script is pretty easy (and sqlmap like):
```bash
python xss_fuzzer.py --url --cookie --data -v
```
Where:
+ `--url`: The target URL
+ `--cookie`: The cookie string, if needed
+ `--data`: The data for the POST request
+ `-v`: Enables the verbose mode, use `git diff` to spot differences between correct requests and malformed ones (with the payloads)An example (**bWAPP** - Reflected XSS (GET)):
```bash
python xss_fuzzer.py --url "http://172.16.13.130/bWAPP/xss_get.php?firstname=a&lastname=a&form=submit" --cookie "acopendivids=swingset,jotto,phpbb2,redmine; acgroupswithpersist=nada; PHPSESSID=creb27ffbb441il42ips8515j5; security_level=0"
[!] Found payload: alert(1) in body for param: lastname
[!] Found payload: ">alert(1) in body for param: lastname
[!] Found payload: " onerror="alert(1)" in body for param: lastname
[!] Found payload: alert(1) in body for param: firstname
[!] Found payload: ">alert(1) in body for param: firstname
[!] Found payload: " onerror="alert(1)" in body for param: firstname
```### Notes:
+ Actually, there is no need to use such a simple payload list if there is no check on JS execution.
More sofisticated and encoded payloads will be more useful, I'll add them ASAP.
+ Replicate the -p option in sqlmap