How to Run:
- Save: Save the code as a Python file (e.g.,
scanner.py). - Install Dependencies:
pip install requests beautifulsoup4 random-user-agent argparse
- Prepare Payloads (Optional): Create text files (e.g.,
sqli.txt,xss.txt) with one payload per line. - Run:
# Basic scan python scanner.py http://testphp.vulnweb.com # With payload files and JSON output python scanner.py https://your-target.com --sqli-payloads sqli.txt --xss-payloads xss.txt -o report.json # Ignoring SSL errors (use carefully!) python scanner.py https://self-signed.local --no-verify-ssl # Using custom credential lists python scanner.py http://app.local/login --username-list users.txt --password-list passwords.txt
The script is an advanced Python-based tool that can be used to test a website for various vulnerabilities such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF) and insecure file upload. The script uses various libraries such as requests, BeautifulSoup and random_user_agent to perform these tests. The script prompts the user to enter the website URL and then runs the tests against the provided website. The script also uses a random user agent to spoof the user agent during the tests, making the tests more difficult to detect. This script is intended to be used as an example and may not reflect the actual vulnerabilities of the website being tested. Additionally, it is important to understand the potential risks and consequences of penetration testing, including legal and ethical considerations, and that you should have the explicit permission before running any test on a website.
- 1.)
git clone https://github.com/MiChaelinzo/Advanced-Penetration-Testing-Script.git - 2.)
cd Advanced-Penetration-Testing-Script - 3.)
python3 -m pip install -r requirements.txt - 4.)
python3 penetration_testing3.py - 5.) Enjoy using Advance Penetration Testing Script, there will be more updates for this repository and script!
- 1/20/2023
- Added Test for directory traversal vulnerabilities
- Added Test for weak credentials
- Added Test for missing or weak HTTP headers
- Added Test for clickjacking vulnerabilities
- Added Test for open redirect vulnerabilities
- Added Test for insecure communication
- Added Test for insecure session management
- 2/11/2023:
- Added Test for cookie security
- Added Test for insufficient logging and monitoring
- Added Test for brute force attack protection
- Added Test for content security policy
- Added Test for server-side request forgery (SSRF) vulnerabilities
- Added Test for cross-origin resource sharing (CORS) vulnerabilities
- 2/20/2023:
- Added Test broken access control vulnerabilities Contributing
We welcome contributions to improve and expand this project. Please feel free to open issues or submit pull requests.
Disclaimer
This project is for demonstration purposes only and should not be used in a clinical setting without proper validation and regulatory approvals.
License
This project is licensed under the MIT License.
Here some Cyberpunk Image generated from Midjourney!
