Ask an expert

ASSIGNMENT $6$

$30$ points

Code Assignment: Web Application Security with Python

Objective: This assignment focuses on analyzing web applications and developing Python

scripts for web hacking tasks. You will be required to create a web path scanner and a simple

brute$-$forcing tool using the Python requests library. This assignment will help you practice

common techniques for enumerating web directories and brute$-$forcing login forms.

Tasks:

Part $1$: Web Path Scanner

Web Path Discovery:

Create a Python script $($path$\_$scanner.py$)$ that can scan a website for the

presence of specific files and directories.

Use a local directory structure $($such as WordPress$)$ to generate a list of paths and

use this list to check if the same paths exist on the target website.

The script should log successful paths where the server responds with status code

$200.$

Requirements:

The script should use multithreading to speed up the scanning process.

Handle common file extensions like $.$php$,.$bak, and $.$txt$.$

Print the results to the console and save them in a file called found$\_$paths.txt$.$

Part $2$: Brute$-$Force HTML Form Authentication

Login Brute Forcer:

Write a script $($brute$\_$force$\_$login$.$py$)$ that brute$-$forces an HTML login form

using a dictionary of usernames and passwords.

Use the requests library to handle sessions and maintain cookies.

The script should:

Retrieve the login form and parse out the hidden form fields $($if any$).$

Use a dictionary of usernames and passwords to attempt logins$.$

Detect a successful login by checking the response content for a specific

success string $($e$.$g$.,$ "Welcome" or "Dashboard"$).$

Requirements:

Parse out all necessary form fields automatically.

Use multithreading to speed up the brute$-$forcing process.

Print any successful logins to the console and save them in a file called

successful$\_$logins$.$txt$.$

What need to turn$-$in:

Submit two Python scripts $($path$\_$scanner.py and brute$\_$force$\_$login$.$py$)$ with

comments explaining the code logic $(20pts).$

Test each script and provide the outputs as a Word or PDF document. The scripts should

print outputs to the console and log results into a text file. Ensure to label your

screenshots clearly $(10pts.$

Notes:

Run the scripts in a safe testing environment $($such as web server in Metasploitable $2).$

Ensure all dependencies $($like requests and $1$ xml $)$ are installed before running the scripts.

Adjust the TARGET, WORDLIST, and other constants as needed to match your testing

environment.