策略引擎>> pentesting>> 返回
项目作者: jchiefelk

项目描述 :
Pen-testing tools in Python
高级语言: JavaScript
项目地址: git://github.com/jchiefelk/pentesting.git
创建时间: 2017-03-12T00:33:15Z
项目社区:https://github.com/jchiefelk/pentesting
开源协议:
下载


pentesting


Penetration testing tools in Python. I wrote these to test the security of the forms I build for work in React.js. I built a form to test code-injection tools. Below are a list of the security tests that I run on applications that contain forms.

Security Tests

Port Scanning

XSS Scripting with test forms and RESTful API

Brute Force Password

Web Automation

SQL Injection with test forms and RESTful API

Test Form


To test SQL Injection tools, open 2 tabs on your terminal and go to form directory in one of them. Perform the
following first to launch the RESTful API locally

  1. cd form
  2. npm install
  3. npm run prod_start


This most likely will crash becuase you need to add the parameters to your local SQL database in the config.js file,
located in the modules folder. The testform saves the first and last name of the users in a table I called in my local MySQL database “Users”.

  1. var config = {
  2.     development: {
  3.         database: {
  4.             host: '127.0.0.1',
  5.             user: 'root',
  6.             password: '',
  7.             database: 'Users'
  8.         }
  9.     }
  10. };
  11. module.exports = config;


Once you have settup your database, in your other window run the Python script that is in the sqlinjection folder.

  1.     python3 sqlinjector.py

The results will be

  1.     SQL Injection Vulnerability Detected
  2.     http status code: 
  3.     200

The reason for this is described in the sqlinjection folder