Using the &page= and &per_page=100 (which is the max page size) params, we can get 100 results per API call, so that we need a total of 10 requests. Keep in mind that github limits searchresults to 1000 per search. To perform the github search automatically, we can use the github API. Now that we know what we are looking for, we can search github for python projects containing In the github search query language, our search would look like this: in:file tells github to look inside of files, language:python and extension:py specify filetypes, and for good measure, I added the flask keyword to the search.
So what we actually only need to extract this decorator line from the projects! Scraping github In flask, this is done using the decorator followed by the function implementing the logic for that endpoint. To extract the endpoint routes, we need to know how they are implemented. Our plan here is to extract routes from flask files, so that we can create a wordlist containing endpoints that are known to be used by flask developers. I decided to go for python-flask, because that’s the library that I am most familiar with when it comes to writing a webserver. Today I saw a tweet by sharing a custom wordlist that was scraped from popular go repositories, so I decided to do the same for python! Routing in python-flask Then, a couple weeks ago, TomNomNom held a great talk about custom wordlists at NahamCon, giving some amazing tips and insights on his process of creating a custom wordlist (You can find the talk here). They allow you to find more servers and endpoints, widening the attack surface.
Crafting a custom wordlist for python-flask webserversĪ while ago I came to the conclusion, that custom wordlists for content discovery are one of the best ways to get ahead in Bug Bounty.
0 kommentar(er)
