WHAT IS A WEBSITE
- Computer with OS and some servers.
- Apache, MySQL ...etc.
- Cotains web application.
- PHP, Python ...etc.
- Web application is executed here and not on the client's machine.
How to hack a website?
- An application installed on a computer.
- ->web application pentesting
- Computer uses an OS + other applications.
- ->server side attacks.
- Managed by humans.
- ->client side attacks.
INFORMATION GATHERING
- IP address.
- Domain name info.
- Technologies used.
- Other websites on the same server.
- DNS records.
- Files, sub-domains, directories.
CRAWLING SUBDOMAINS
- Domains before the actual domain name.
- Part of the main domain.
Ex:
- subdomain.target.com
- mail.google.com
- plus.google.com
#!/usr/bin/env python import requests url = "baidu.com" try: get_response = requests.get("http://" + url) print(get_response) except requests.exceptions.ConnectionError: pass
Polished Python Code:
#!/usr/bin/env python import requests def request(url): try: return requests.get("http://" + url) except requests.exceptions.ConnectionError: pass target_url = "baidu.com" with open("subdomains.list", "r") as wordlist_file: for line in wordlist_file: word = line.strip() test_url = word + "." + target_url response = request(test_url) if response: print("[+] Discovered subdomain --> " + test_url)
