Learning Python Web Penetration Testing: Automate web penetration testing activities using Python by Christian Martorella
Author:Christian Martorella [Martorella, Christian]
Language: eng
Format: epub
Tags: COM053000 - COMPUTERS / Security / General, COM051360 - COMPUTERS / Programming Languages / Python, COM043050 - COMPUTERS / Security / Networking
Publisher: Packt Publishing
Published: 2018-06-26T23:00:00+00:00
Analysing the results
In this section, we will improve the BruteForcer we created in the previous section in order to facilitate an analysis of the results. We're going to see how we can improve the results, then we'll add the improvements to our code, and finally test the code without testing the web app.
In the previous section, we created a basic BruteForcer, but we saw that the results were a little basic and that, when we have a lot of them, it isn't easy to identify the interesting findings. So, we can add colors depending on the status code. A good start would be to print in green all the results that have a status code greater or equal to 200 and lower than 300; in red, the results with a status code greater or equal to 400 and lower than 500; and finally, in blue, the results with a status code greater or equal to 300 and lower than 400. This will help us to quickly identify the results. Our interest will be mainly in the green and blue results.
We can also enrich our results with more information about the responses, such as the number of characters, the number of words, and the number of lines. This will help us to tell apart pages that return the same content for multiple resources, as we'll be able to identify them by looking at the characters, words, or lines.
Finally, we'll add the option to filter or hide results based on the status code. This will be useful to remove any unfound responses that are usually 404; although, often, developers customize their apps or servers to return 200, 301, or 302:
Let's go back to our editor, and open the file forzabruta-2.py.
Add some more imports such as termcolor, which will allow us to print colors in the Terminal, and re for regular expressions:
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
The Mikado Method by Ola Ellnestam Daniel Brolund(20971)
Hello! Python by Anthony Briggs(20250)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(18610)
Dependency Injection in .NET by Mark Seemann(18405)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(17929)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(17687)
Kotlin in Action by Dmitry Jemerov(17587)
Adobe Camera Raw For Digital Photographers Only by Rob Sheppard(16937)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(16508)
Grails in Action by Glen Smith Peter Ledbrook(15651)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(13462)
Secrets of the JavaScript Ninja by John Resig & Bear Bibeault(11538)
A Developer's Guide to Building Resilient Cloud Applications with Azure by Hamida Rebai Trabelsi(10582)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(10483)
Jquery UI in Action : Master the concepts Of Jquery UI: A Step By Step Approach by ANMOL GOYAL(9519)
Hit Refresh by Satya Nadella(9087)
The Kubernetes Operator Framework Book by Michael Dame(8523)
Exploring Deepfakes by Bryan Lyon and Matt Tora(8348)
Robo-Advisor with Python by Aki Ranin(8296)
