Closed naltun closed 2 years ago
Regarding the CodeFactor
issue, the platform uses Bandit for Python code. Bandit will always complain about using urllib.request.urlopen()
because the scheme could be modified dynamically. In this case, urllib.request.Request
has a hardcoded URL that is not subject to change. I think it's OK to ignore this issue. I can also add # nosec
to the side the line with urlopen()
, which will tell Bandit (via CodeFactor) to ignore this line.
@naltun Do not use urllib
, use pex.proto.http
instead
from hatsploit.lib.module import Module
from pex.proto.http from HTTPClient
class HatSploitModule(Module, HTTPClient):
# details, options
def run(self):
remote_host, remote_port = self.parse_options(self.options)
self.http_request(
method="GET",
host=remote_host,
port=remote_port,
path="/"
)
@naltun Do not use
urllib
, usepex.proto.http
instead
@enty8080 please see ebc5479.
Add the
auxiliary/generic/scanner/http_methods
module. From the description:The idea is that this module will show you which HTTP methods are available on ports 80 and 443, respectively. Here it is running on my box:
Edit 1: If there are any quality-of-life methods from the
Module
orTCPTools
classes that I am not using but should, let me know.Edit 2: Update May 27