penetration testing

First Stage:

if you crwal the site for the first time(drop the collection)

./web_crwaler.py --url="http://demo.testfire.net/" -p testfire.net -t testfire

if you want to add urls(modify the collection)

./web_crwaler.py --url="http://demo.testfire.net/" -p testfire.net -t testfire -m 1

Second Stage:

t option is collection name.

p option is payload name.

u is origin url address. The script will not attack urls not in origin url.

o is http connection timeout.

./xss.py -t testfire -p payload/xss_query -u demo.testfire.net

./sql_injection_time.py -t testfire -p payload_file -u demo.testfire.net -o 3

./sql_injection_error.py -t testfire -p payload_file -u deme.testfire.net

./lfi.py -t testfire -p payload_file -u deme.testfire.net

./crlf_injection.py -t testfire -p payload_file -u deme.testfire.net

./open_redirection.py -t testfire

Future Work:

wetkit engine, ajax, screen shot, passive scan, geolocation

Thank you:

Name		Name	Last commit message	Last commit date
Latest commit History 50 Commits
payload		payload
v1.0(sqlite)		v1.0(sqlite)
v1.1(mongodb)		v1.1(mongodb)
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
crlf_injection.py		crlf_injection.py
dex.py		dex.py
enc_id.py		enc_id.py
ftp_anonymous.py		ftp_anonymous.py
fuzzing_forms.py		fuzzing_forms.py
lfi.py		lfi.py
ninja.py		ninja.py
open_redirection.py		open_redirection.py
overlfow.py		overlfow.py
port_scanner.py		port_scanner.py
ports_map.txt		ports_map.txt
remote_code_exection_finder.py		remote_code_exection_finder.py
smtp_relay.py		smtp_relay.py
sorting_by_ip.py		sorting_by_ip.py
sorting_by_ports.py		sorting_by_ports.py
sql_injection_error.py		sql_injection_error.py
sql_injection_time.py		sql_injection_time.py
web_crwaler.py		web_crwaler.py
xss.py		xss.py

dikien/penetration_testing