Python web application pentesting scripts

Another interesting way to practice some more with Python 3: Website/Web Application hacking scripts.

Do not implement and execute these on a network or system you do not own. Execute only on your own systems for learning purposes. Do not execute these on any production network or system, unless "Rules of engagement" have been agreed on, and you have a "Get out of jail free" card of some sort. The scripts have defaults set for our lab. If you wish to run these scripts, change the defaults for your context or provide arguments.

Scripts

Getting started

• Helpful code resources
• Email crawler
• Simple crawler
• Simple spider
• Password guessing

Portswigger labs

• Custom gadget chain for Java deserialisation

Root-Me

• Blind LDAP injection

BBH

• Recon scripts
• Resources for application pentesting

Problems or Suggestions

This project welcomes contributions and suggestions.

Open an issue here