python毕业设计之nweb渗透测试工具(django)源码.zip_python渗透测试脚本资源-CSDN文库

共2000个文件

svg：1662个

py：275个

pyc：197个

版权申诉

python

毕业设计

测试工具

django

源码

105 浏览量 2023-07-14 17:08:52 上传评论 2 收藏 557.95MB ZIP 举报

Python毕业设计中的“nweb渗透测试工具”是一个基于Django框架开发的应用，旨在提供网络安全性评估的功能。这个项目的核心目标是教会学生如何利用Python和Django来构建一个实用的网络安全工具，同时也展示了Web安全和渗透测试的基本概念。我们要了解Django。Django是一个高级的Python Web框架，它鼓励快速开发和简洁的实用主义设计。它提供了完整的解决方案，包括ORM（对象关系映射）系统、模板引擎、URL路由系统以及强大的表单处理能力，非常适合用于构建复杂的Web应用，如本项目中的渗透测试工具。在渗透测试领域，nweb工具可能包含了常见的安全测试功能，如： 1. **扫描器**：对目标网站进行端口扫描、漏洞扫描，检测常见的HTTP头信息异常、XSS跨站脚本、SQL注入等问题。 2. **会话劫持**：模拟会话劫持攻击，检查网站是否正确实现了会话管理，防止Session固定或预测。 3. **CSRF（跨站请求伪造）防护**：测试网站是否具备防止CSRF攻击的机制，如验证Token。 4. **弱口令测试**：尝试常见的弱密码组合，测试用户账户的安全性。 5. **目录遍历**：探测网站是否存在目录遍历漏洞，允许访问不应公开的文件或目录。 6. **代码审计**：分析服务器端代码，寻找潜在的安全漏洞，如不安全的函数调用、敏感信息泄露等。 7. **OWASP Top Ten**：针对OWASP（开放网络应用安全项目）列出的十大常见Web应用安全风险进行测试。此外，源码分析可以帮助我们理解Django项目结构： 1. **models.py**：定义数据库模型，用于存储扫描结果和设置等。 2. **views.py**：实现视图函数，处理用户请求并返回响应，如扫描任务的启动、进度显示等。 3. **urls.py**：定义URL路由，将URL映射到相应的视图函数。 4. **forms.py**：创建表单类，用于用户输入的验证和数据处理。 5. **templates**：存放HTML模板，展示网页界面。 6. **static**：存放静态文件，如CSS、JavaScript和图片。 7. **middleware**：可能包含自定义中间件，用于添加额外的功能或处理请求和响应。在学习这个项目时，你需要掌握Python基础知识、Django框架的使用、Web安全理论和渗透测试技术。通过阅读源码，你可以深入理解Django的工作原理，同时提升自己的安全意识和编程技能。务必注意，渗透测试应仅用于合法的授权测试，不得用于非法入侵或破坏他人系统。

资源推荐

资源详情

资源评论

收起资源包目录

python毕业设计之nweb渗透测试工具(django)源码.zip （2000个子文件）

._linux 212B

._patch 212B

._windows 212B

xenon.css 683KB

tabler.css 309KB

xenon-skins.css 281KB

tabler.min.css 243KB

style.min.css 238KB

xenon-core.css 208KB

xenon-components.css 174KB

elusive-embedded.css 115KB

bootstrap.css 113KB

all.css 72KB

fontawesome.css 70KB

linecons-embedded.css 65KB

font-awesome.css 58KB

xenon-forms.css 57KB

fontawesome.min.css 57KB

tabler-buttons.css 54KB

tabler-buttons.min.css 43KB

v4-shims.css 40KB

meteocons-embedded.css 38KB

elusive-ie7.css 28KB

elusive-ie7-codes.css 28KB

v4-shims.min.css 26KB

tabler-flags.css 17KB

elusive.css 16KB

flatpickr.min.css 16KB

elusive-codes.css 14KB

tabler-flags.min.css 14KB

layer.css 14KB

main.min.css 14KB

docsify-vue.css 13KB

vue.css 12KB

tabler-payments.css 11KB

mobi.min.css 11KB

tabler-payments.min.css 9KB

bootstrap-table.min.css 9KB

selectize.css 9KB

svg-with-js.css 8KB

index.css 7KB

svg-with-js.min.css 6KB

meteocons-ie7.css 5KB

linecons-ie7.css 5KB

meteocons-ie7-codes.css 5KB

layer.css 5KB

linecons-ie7-codes.css 5KB

meteocons.css 4KB

linecons.css 4KB

nouislider.min.css 4KB

main.min.css 3KB

demo.css 3KB

base.css 3KB

meteocons-codes.css 3KB

linecons-codes.css 3KB

demo.min.css 3KB

animation.css 2KB

nav.css 1KB

main.min.css 1KB

main.min.css 1004B

regular.css 734B

brands.css 732B

solid.css 727B

regular.min.css 677B

brands.min.css 675B

solid.min.css 669B

jqvmap.min.css 613B

patch.dat 15.45MB

patch.dat 8.84MB

._patch.dat 212B

Dockerfile 300B

fa-solid-900.eot 200KB

fa-brands-400.eot 134KB

elusive.eot 46KB

fa-regular-400.eot 34KB

linecons.eot 29KB

glyphicons-halflings-regular.eot 20KB

meteocons.eot 17KB

acunetix_12.0.190902105.exe 108.26MB

._acunetix_12.0.190902105.exe 212B

._patch.exe 212B

loading-0.gif 6KB

loading-2.gif 2KB

loading-1.gif 701B

.gitattributes 30B

.gitignore 125B

共 2000 条

![dirsearch](https://user-images.githubusercontent.com/59408894/103289759-87a0ce80-4a1a-11eb-89c9-2feb7e6db25f.png) - *Hacking is not a crime* dirsearch - Web path scanner ========= ![Build](https://img.shields.io/badge/Built%20with-Python-Blue) ![License](https://img.shields.io/badge/license-GNU_General_Public_License-_red.svg) ![Release](https://img.shields.io/github/release/maurosoria/dirsearch.svg) ![Stars](https://img.shields.io/github/stars/maurosoria/dirsearch.svg) <a href="https://twitter.com/intent/tweet?text=dirsearch%20-%20Web%20path%20scanner%20by%20@_maurosoria%0A%0Ahttps://github.com/maurosoria/dirsearch"> ![Tweet](https://img.shields.io/twitter/url?url=https%3A%2F%2Fgithub.com%2Fmaurosoria%2Fdirsearch) </a> **Current Release: v0.4.1 (2020.12.8)** Overview -------- - Dirsearch is a mature command-line tool designed to brute force directories and files in webservers. - With 6 years of growth, dirsearch now has become the top web content scanner. - As a feature-rich tool, dirsearch gives users the opportunity to perform a complex web content discovering, with many vectors for the wordlist, high accuracy, impressive performance, advanced connection/request settings, modern brute-force techniques and nice output. - Dirsearch is being actively developed by [@maurosoria](https://twitter.com/_maurosoria) and [@shelld3v](https://github.com/shelld3v) Installation & Usage ------------ ```python git clone https://github.com/maurosoria/dirsearch.git cd dirsearch python3 dirsearch.py -u <URL> -e <EXTENSIONS> ``` - To can use SOCKS proxy or work with `../` in the wordlist, you need to install pips with `requirements.txt`: `pip3 install -r requirements.txt` - If you are using Windows and don't have git, you can install the ZIP file [here](https://github.com/maurosoria/dirsearch/archive/master.zip). Dirsearch also supports [Docker](https://github.com/maurosoria/dirsearch#support-docker) *Dirsearch requires python 3 or greater* Features -------- - Fast - Easy and simple to use - Multithreading - Wildcard responses filtering (invalid webpages) - Keep alive connections - Support for multiple extensions - Support for every HTTP method - Support for HTTP request data - Support for raw request - Extensions excluding - Reporting (Plain text, JSON, XML, Markdown, CSV) - Recursive brute forcing - Target enumeration from an IP range - Sub-directories brute forcing - Force extensions - HTTP and SOCKS proxy support - HTTP cookies and headers support - HTTP headers from file - User agent randomization - Proxy host randomization - Batch processing - Request delaying - 429 response code detecting - Multiple wordlist formats (lowercase, uppercase, capitalization) - Default configuration from file - Option to force requests by hostname - Option to add custom suffixes and prefixes - Option to whitelist response codes, support ranges (-i 200,300-399) - Option to blacklist response codes, support ranges (-x 404,500-599) - Option to exclude responses by sizes - Option to exclude responses by texts - Option to exclude responses by regexp(s) - Option to exclude responses by redirects - Options to display only items with response length from range - Option to remove all extensions from every wordlist entry - Quiet mode - Debug mode About wordlists --------------- **Summary**: Wordlist must be a text file, each line will be an endpoint. About extensions, unlike other tools, dirsearch won't append extensions to every word, if you don't use the `-f` flag. By default, only the `%EXT%` keyword in the wordlist will be replaced with extensions (`-e <extensions>`). **Details**: - Each line in the wordlist will be processed as such, except when the special keyword *%EXT%* is used, it will generate one entry for each extension (-e | --extensions) passed as an argument. Example: ``` root/ index.%EXT% ``` Passing the extensions "asp" and "aspx" (`-e asp,aspx`) will generate the following dictionary: ``` root/ index index.asp index.aspx ``` - For wordlists without *%EXT%* (like [SecLists](https://github.com/danielmiessler/SecLists)), you need to use the **-f | --force-extensions** switch to append extensions to every word in the wordlists, as well as the "/". And for entries in the wordlist that you do not want to force, you can add *%NOFORCE%* at the end of them so dirsearch won't append any extension. Example: ``` admin home.%EXT% api%NOFORCE% ``` Passing extensions "php" and "html" with the **-f**/**--force-extensions** flag (`-f -e php,html`) will generate the following dictionary: ``` admin admin.php admin.html admin/ home home.php home.html api ``` *To use multiple wordlists, you can seperate your wordlists with commas. Example: -w wordlist1.txt,wordlist2.txt* Options ------- ``` Usage: dirsearch.py [-u|--url] target [-e|--extensions] extensions [options] Options: --version show program's version number and exit -h, --help show this help message and exit Mandatory: -u URL, --url=URL Target URL -l FILE, --url-list=FILE URL list file --stdin URL list from STDIN --cidr=CIDR Target CIDR --raw=FILE File contains the raw request (use `--scheme` flag to set the scheme) -e EXTENSIONS, --extensions=EXTENSIONS Extension list separated by commas (Example: php,asp) -X EXTENSIONS, --exclude-extensions=EXTENSIONS Exclude extension list separated by commas (Example: asp,jsp) -f, --force-extensions Add extensions to the end of every wordlist entry. By default dirsearch only replaces the %EXT% keyword with extensions Dictionary Settings: -w WORDLIST, --wordlists=WORDLIST Customize wordlists (separated by commas) --prefixes=PREFIXES Add custom prefixes to all entries (separated by commas) --suffixes=SUFFIXES Add custom suffixes to all entries, ignore directories (separated by commas) --only-selected Only entries with selected extensions or no extension + directories --remove-extensions Remove extensions in all wordlist entries (Example: admin.php -> admin) -U, --uppercase Uppercase wordlist -L, --lowercase Lowercase wordlist -C, --capital Capital wordlist General Settings: -r, --recursive Bruteforce recursively -R DEPTH, --recursion-depth=DEPTH Maximum recursion depth -t THREADS, --threads=THREADS Number of threads --subdirs=SUBDIRS Scan sub-directories of the given URL[s] (separated by commas) --exclude-subdirs=SUBDIRS Exclude the following subdirectories during recursive scan (separated by commas) -i STATUS, --include-status=STATUS Include status codes, separated by commas, support ranges (Example: 200,300-399) -x STATUS, --exclude-status=STATUS Exclude status codes, separated by commas, support ranges (Example: 301,500-599) --exclude-sizes=SIZES Exclude responses by sizes, separated by commas (Example: 123B,4KB) --exclude-texts=TEXTS Exclude responses by texts, separated by commas (Example: 'Not found', 'Error') --exclude-regexps=REGEXPS Exclude responses by regexps, separated by commas (Example: 'Not foun[a-z]{1}', '^Error$') --exclude-redirects=REGEXPS Exclude responses by redirect regexps or texts,

评论收藏

内容反馈

版权申诉