Recently, I plan to work through two technical books (Black Hat Python and Black Hat Go).
One of the motivations of going through these books is to understand how to build tools for content discovery and brute-forcing. Also I will like to develop my Python scripting skills further.
In Black Hat Python, the sample code for the chapters are in Python 2. I decided to convert the Python 2 code to Python 3 code. I will also use libraries such as requests to replace some of the steps were performed by urllib and urllib2.
Here are some sample projects from Black Hat Python that were converted to Python 3:
Web Application Mapper
Once you identified the open source technology used by the target web app, you can download the open source code to your directory. The mapper will send request to the target and spider the target using the directories and file names used in the open source code.
Content Brute Forcing
In cases where you do not know the exact technology stack, you will need to brute force using a common word list. The word list can contain the common directory and file names. In the book, the script allow extension brute forcing as well. I have added filter method that allow the script to display responses that have specific status codes (e.g. 200).
A common workflow that we can observe from these tooling scripts:
- A word list or list of test cases are generated or taken from open source. These are added to the queue.
- A filter or specific information list is given based on what we are interested during our recon.
- Brute forcing can be done faster with threads.
- The code might be simpler with the use of requests instead of urllib
All source code in this blog post can be found here