Python Web Penetration Testing #4. Programming World!

Section 4: Resources Discovery

4.1 What Is Resource Discovery?

Most applications have resources that are not linked and tools such as crawlers or proxies won’t find. So, we need to discover resources with other methods.
Explain what resource discovery is and how it complements other tools

Note: why it is important to use resource discovery techniques

Explore useful dictionaries that can be used to discover resources.

Link:
Watch Video

4.2 Building Our First Brute Forcer

In order to find more resources that are not linked in a web application, we need to create a brute forcer in order to discover resources using dictionary files.
Define the objective of the brute forcer
Explain the code of the basic brute forcer
Run the brute forcer and check the results.

Link:
Watch Video

4.3 Analyzing the Results

We need to improve the results of the brute forcer in order to facilitate the discovery of interesting resources. Let's do just this!

Add colors by status code

Add the number of characters, words, and lines of responses

Test the script and see the results.

Link:
Watch Video

4.4 Adding More Information

In this, we will add the detection of redirections and generate more information about the responses, such as the time it takes the response and the MD5 hash of the content.

Detect the redirections

Add the response time and MD5 hash
Test the script and note the improvements.

Link:
Watch Video

4.5 Taking Screenshots of the Findings

When conducting an analysis of big web applications, having a screenshot of the discovered resources could be very handy. We need to add this capability by taking a screenshot of all the resources that return a 200 status code.

Explain which libraries we will use
Add the imports and the code to take the picture

Test this new feature.

Link:
Watch Video


Click Here for Section 5