It’s a write-up about the room : Try Hack Me - Room : Python for Pentestershttps://tryhackme.com/module/scripting-for-pentesters
Task 1 : Introduction
Python can be the most powerful tool in our arsenal as it can be used to build almost ant of the penetration testing tools. This room will give us several key pointer on we can build upon and improve. Throughout the room we will see how to:
How to use python to enumerate the targets subdomin
Build a simple keylogger
Scan the network to find target systems
Scan any target to find open ports
Download files from internet
Crack Hashes
Task 2 : Subdomain Enumeration
Python gives us an easy way to automate tasks during a penetration test. Any tasks that we have to perform regularly are worth automating. While the automation process comes with a learning curve, the mid and long-term gains are worth it.
Finding subdomains used the target organisation is an efficient way to increase the attack surface and discover more vulnerabilities.
The script will use a list of potential subdomains and prepends them to the domain name provided via a command-line argument.
The script tries to connect to the subdomains and assumes the ones that accept the conncetion exist.
1
2
3
4
5
6
7
8
9
import requests
import sys
sub_list = open("subdaomains.txt").read()
subdoms = sub_list.splitlines()
for sub in subdoms
dub_domains = f''