https://github.com/petermosmans/python_pentest_utils

Several Python scripts to test a web application for security issues using Python
https://github.com/petermosmans/python_pentest_utils

Last synced: 3 months ago
JSON representation

Several Python scripts to test a web application for security issues using Python

• Host: GitHub
• URL: https://github.com/petermosmans/python_pentest_utils
• Owner: PeterMosmans
• License: gpl-3.0
• Created: 2022-05-17T04:39:26.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2022-06-22T06:54:41.000Z (almost 4 years ago)
• Last Synced: 2025-04-10T20:56:37.890Z (about 1 year ago)
• Language: Python
• Size: 22.5 KB
• Stars: 6
• Watchers: 4
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README.rst
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

          
####################

Python Pentest Utils

####################

This repository contains several code examples for penetration testing using

Python. These samples are explained and used in the corresponding Pluralsight

course

::

   Web Application Pen Testing with Python

https://app.pluralsight.com/library/courses/web-application-pentesting-python/table-of-contents

It contains:

+ A ``docker-compose.yml`` file to spin up vulnerable demo web sites

+ Several Python console application files, one for each corresponding module.

  Each module builds on top of the previous one, therefore ``demo_5.py`` is the

  most complete:

  + Analyze HTML page and display framework and version numbers

  + Brute-force file and directory names

  + Find a form in a page, and print form details

  + Print the domain registrant's name and organization

  + Brute-force password logins using a wordlist

  + Perform a port scan against a target

+ Several Burp Python extensions

Demo Web Sites

==============

.. code-block:: console

   docker-compose up --detach

This spins up sites listening on:

+ http://127.0.0.1:3000/

+ http://127.0.0.1:8000/WebGoat

+ http://127.0.0.1:9090/

Python command-line interface script

====================================

demo_2.py

   + Perform a WHOIS lookup

   + Perform an nmap port scan and print out open ports and services

Installation

============

.. code-block:: console

   pip install -r requirements.txt

Burp Python extensions

======================

minimal.py

   A minimal Burp Python extension, to test the configuration

javascript_includes.py

   Extract and print JavaScript include references from HTML files

javascript_includes_scanner.py

   Extract and print JavaScript include references from HTML files, extends the

   passive scanner (audit checks).