Learning Python Web Penetration Testing: Automate web penetration testing activities using Python by Christian Martorella
Author:Christian Martorella [Martorella, Christian]
Language: eng
Format: epub
Tags: COM053000 - COMPUTERS / Security / General, COM051360 - COMPUTERS / Programming Languages / Python, COM043050 - COMPUTERS / Security / Networking
Publisher: Packt Publishing
Published: 2018-06-26T23:00:00+00:00
Analysing the results
In this section, we will improve the BruteForcer we created in the previous section in order to facilitate an analysis of the results. We're going to see how we can improve the results, then we'll add the improvements to our code, and finally test the code without testing the web app.
In the previous section, we created a basic BruteForcer, but we saw that the results were a little basic and that, when we have a lot of them, it isn't easy to identify the interesting findings. So, we can add colors depending on the status code. A good start would be to print in green all the results that have a status code greater or equal to 200 and lower than 300; in red, the results with a status code greater or equal to 400 and lower than 500; and finally, in blue, the results with a status code greater or equal to 300 and lower than 400. This will help us to quickly identify the results. Our interest will be mainly in the green and blue results.
We can also enrich our results with more information about the responses, such as the number of characters, the number of words, and the number of lines. This will help us to tell apart pages that return the same content for multiple resources, as we'll be able to identify them by looking at the characters, words, or lines.
Finally, we'll add the option to filter or hide results based on the status code. This will be useful to remove any unfound responses that are usually 404; although, often, developers customize their apps or servers to return 200, 301, or 302:
Let's go back to our editor, and open the file forzabruta-2.py.
Add some more imports such as termcolor, which will allow us to print colors in the Terminal, and re for regular expressions:
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Deep Learning with Python by François Chollet(12585)
Hello! Python by Anthony Briggs(9921)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(9799)
The Mikado Method by Ola Ellnestam Daniel Brolund(9782)
Dependency Injection in .NET by Mark Seemann(9343)
A Developer's Guide to Building Resilient Cloud Applications with Azure by Hamida Rebai Trabelsi(9303)
Hit Refresh by Satya Nadella(8826)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(8305)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7786)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(7768)
Grails in Action by Glen Smith Peter Ledbrook(7700)
The Kubernetes Operator Framework Book by Michael Dame(7670)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(7563)
Exploring Deepfakes by Bryan Lyon and Matt Tora(7460)
Practical Computer Architecture with Python and ARM by Alan Clements(7382)
Implementing Enterprise Observability for Success by Manisha Agrawal and Karun Krishnannair(7364)
Robo-Advisor with Python by Aki Ranin(7338)
Building Low Latency Applications with C++ by Sourav Ghosh(7246)
Svelte with Test-Driven Development by Daniel Irvine(7211)
