A collecting of scripts to identify vulnerabilities using python scripts to aid in enumeration and discovery.
I followed the YouTube channel by TJCHacking, where he step through the process of writing python scripts to automate the exploitation of the PortSwigger labs.
The
utilsand other pythons scripts imported into each vulnerability category lab is reference with symbolic link, under each sub folder. In below example in the XSS folder there is symbolic link to ../utils folder.
cd xss/
ln -s ../utils utilsThis create uniform import standard in all scripts.
The is my explanation of the code structure developed by TJCHacking.
- site.py contain the class, super-class, attributes, objects and functions reused between the tipe of targets, if it is blog or site, these include the common objects.
- utils.py is the commong python functions reused in the main program.
- blog.py is functions used only on targets of a web app of blog purpose.
- shop.py is the ecommerce web app common python functions.
- Vulnerable_lab_name.py this is the main app to target the specific type of lab.
The image below show the payload executed by the python domxss script in an attempt to steal victim cookie. The cookie is secure with HttpOnly flag set.
Script used in above DOMXSS example
This is simple example of the HTTP request smuggling basic CL.TE lab solved using python script.
Smuggle CL.TE basic Python code
Scripts in python to perform SSRF filter bypass via open redirection vulnerability.
SSRF Open Redirect lab solved using Python
