Tulpar – Python Web Application Vulnerability Scanner + Telnetlib

May 8, 2018 | Views: 6079

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

This brief tutorial/guide is just to provide you with some basic information about Tulpar and port scanning. Tulpar means winged horse in Turkish mythology. It is an open source web vulnerability scanner for written to make web penetration testing automated. Tulpar has the following features:

  • Sql Injection (GET Method)
  • XSS (GET Method)
  • Crawl
  • E-mail Disclosure
  • Credit Card Disclosure
  • Whois
  • Command Injection (GET Method)
  • Directory Traversal (GET Method)
  • File Include (GET Method)
  • Server Information
  • Technology Information
  • X-Content-Type Check
  • X-XSS-Protection Check
  • TCP Port Scanner
  • robots.txt Check
  • URL  Encode
  • Certification Information
  • Available Methods
  • Cyber Threat Intelligence
  • IP2Location
  • File Input Available Check

Installation:
git clone https://github.com/anilbaranyelken/tulpar.git
cd tulpar
pip install -r requirements

Usage:
python tulpar.py action web_URL action

Action:

full xss sql fuzzing e-mail credit-card whois links portscanner url

  • Encode cyberthreatintelligence command
  • Injection directory
  • Traversal file
  • Include header
  • Check certificate method
    IP2Location FileInputAvailable
    web_URL     URL

Github + Kitploit


*Bonus: Telnetlib Port Scanner

We will write a port scanner with python telnetlib module.

First of all we will import this module.
-> import telnetlib

After we will assign IP address to scan:
->host=”127.0.0.1″

Related IP address and  port tries to read information banner.
->baglanti=telnetlib.Telnet(host,port)
->baglanti.write(“n”)
->print “n”,str(port),” – “,baglanti.read_all().splitlines()[0] ->baglanti.close()

The complete code is as follows:

import telnetlib
host=”127.0.0.1”
for port in range(1,1024,1):
try:
baglanti=telnetlib.Telnet(host,port)
baglanti.write(“n”)
print “n”,str(port),” – “,baglanti.read_all().splitlines()[0] baglanti.close()
except:
pass

Github

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel