Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-11-26 22:26:20 -05:00
Code Issues Projects Releases Packages Wiki Activity

growing up

Browse source
This commit is contained in:
bt3gl 2024-03-14 18:06:10 +01:00
parent ef5077cd50
commit 9bb02f2ddf
25 changed files with 47 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Web_Hacking/urllib2/README.md
View file

@ -1,6 +1,6 @@
# Hacking the Web with Python's urllib2 (by bt3)
Python's [urllib2](https://docs.python.org/2/library/urllib2.html) library is **the tool** to interact with web services, with several functions and classes to help handling URLs. **urllib2** is written in the top of [httplib](https://docs.python.org/2/library/httplib.html) library (which defines classes to implement the client side of HTTP and HTTPs). In turn, **httplib** uses the [socket](http://bt3gl.github.io/black-hat-python-networking-the-socket-module.html) library.
Python's [urllib2](https://docs.python.org/2/library/urllib2.html) library is **the tool** to interact with web services, with several functions and classes to help handling URLs. **urllib2** is written in the top of [httplib](https://docs.python.org/2/library/httplib.html) library (which defines classes to implement the client side of HTTP and HTTPs). In turn, **httplib** uses the [socket](http://https://singularity-sh.vercel.app/black-hat-python-networking-the-socket-module.html) library.
In this post I [introduce urllib2](#intro) and then I work on two problems: [mapping webapps from their installation files](#map) and [brute-forcing the contents of webapps to find hidden resources](#brute1).
@ -25,7 +25,7 @@ Let's see how a simple [GET](http://www.w3schools.com/tags/ref_httpmethods.asp)
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including (...)
```
Notice that, differently from modules such as [scapy](http://bt3gl.github.io/black-hat-python-infinite-possibilities-with-the-scapy-module.html) or [socket](http://bt3gl.github.io/black-hat-python-the-socket-module.html), we *need to specify the protocol* in the URL (HTTP).
Notice that, differently from modules such as [scapy](http://https://singularity-sh.vercel.app/black-hat-python-infinite-possibilities-with-the-scapy-module.html) or [socket](http://https://singularity-sh.vercel.app/black-hat-python-the-socket-module.html), we *need to specify the protocol* in the URL (HTTP).
Now, let's be fancy and customize the output:
@ -435,7 +435,7 @@ In the same way as before, we can achieve a reasonable speed by creating pool of
The steps of our script are:
1) We define the target, the number of threads, the path for the wordlist (which I made available [here](https://github.com/bt3gl/My-Gray-Hacker-Resources/tree/master/Other_Hackings/useful_lists/files_and_dir_lists)), a rogue User-Agent, and the filter list of extensions that we want to look at:
1) We define the target, the number of threads, the path for the wordlist (which I made available [here](https://github.com/go-outside-labs/My-Gray-Hacker-Resources/tree/master/Other_Hackings/useful_lists/files_and_dir_lists)), a rogue User-Agent, and the filter list of extensions that we want to look at:
```python
import urllib2