Testing insecure web server configurations ...


 Enumerating webservers for possible attacks is always tough ..

.. or can a simple python script do the job for you .. :)

(The script may not always work right but it may work in some cases ..)

(The script will definitely flop if https is used in websites ... )

So let's dive into the code..


import requests

urls = open("websites.txt", "r")

for url in urls:
    url = url.strip()
    req = requests.get(url)
    print(url, 'report:')

    try:
        protection_xss = req.headers['X-XSS-Protection']
        if protection_xss != '1; mode = block':
            print('X-XSS-Protection not set properly, it may be possible:', protection_xss)
    except:
        print('X-XSS-Protection not set, it may be possible')

    try:
        options_content_type = req.headers['X-Content-Type-Options']
        if options_content_type != 'nosniff':
            print('X-Content-Type-Options not set properly:', options_content_type)
    except:
        print('X-Content-Type-Options not set')

    try:
        transport_security = req.headers['Strict-Transport-Security']
    except:
        print('HSTS header not set properly, Man in the middle attacks is possible')

    try:
        content_security = req.headers['Content-Security-Policy']
        print('Content-Security-Policy set:', content_security)
    except:
        print('Content-Security-Policy missing')

And the websites.txt has the following links ..

http://www.google.com
http://www.yahoo.com
http://www.youtube.com
http://www.bing.com
http://127.0.0.1:5000/

And the output in your console looks like this ..

http://www.google.com report:
X-XSS-Protection not set properly, it may be possible: 0
X-Content-Type-Options not set
HSTS header not set properly, Man in the middle attacks is possible
Content-Security-Policy missing
http://www.yahoo.com report:
X-XSS-Protection not set properly, it may be possible: 1; mode=block
Content-Security-Policy set: sandbox allow-forms allow-same-origin allow-scripts allow-popups
X-XSS-Protection not set properly, it may be possible: 0
Content-Security-Policy missing
http://www.bing.com report:
X-XSS-Protection not set, it may be possible
X-Content-Type-Options not set
HSTS header not set properly, Man in the middle attacks is possible
Content-Security-Policy missing
http://127.0.0.1:5000/ report:
X-XSS-Protection not set, it may be possible
X-Content-Type-Options not set
HSTS header not set properly, Man in the middle attacks is possible
Content-Security-Policy missing

Process finished with exit code 0

You could see that Google has X-XSS-Protection not set properly

and Man in the middle attacks is possible

Which is really not possible ....

Bcoz Google uses HTTPS not HTTP ...

But http://127.0.0.1:5000/ (that's the local host) runs on HTTP and the attacks mentioned are possible..

Comments

Post a Comment

Popular posts from this blog

MOUSELOGGER IN PYTHON ..🤑🤑

 Creating a mouse logger in Python .. create a mouse.py file and mouse_log.txt file in the same directory .. The code : from pynput.mouse import Listener # pip install pynput import logging                            # pre-installed logging.basicConfig( filename = "mouse_log.txt" , level =logging.DEBUG , format = '%(asctime)s: %(message)s' ) def on_move (x , y): logging.info( "Mouse moved to ({0}, {1})" .format(x , y)) def on_click (x , y , button , pressed): if pressed: logging.info( 'Mouse clicked at ({0}, {1}) with {2}' .format(x , y , button)) def on_scroll (x , y , dx , dy): logging.info( 'Mouse scrolled at ({0}, {1})({2}, {3})' .format(x , y , dx , dy)) with Listener( on_move =on_move , on_click =on_click , on_scroll =on_scroll) as listener: listener.join() And if you run the code .. you could see where the mouse had moved in the mouse_log.txt *see the source code fo...
Read more