Proof of Concept (PoC) creator for Pentesters
Most of the time is spent on finding the bad stuff during a Web PenTest, reports are time consuming and you need to deliver your results as soon as possible, however in the end the one that will need to fix the issue (or push others to do it) will need to really understand the impact of the findings included in a report. When you show raw Database data from a SQLi it's very visible for your customer that the impact is High, however when the finding need some other factors the impact become more complicated to be demonstrated to non technical people, just a request and response is not enough and how long are you willing to take in order to create a nice screenshot for being included in your report.
If you agree then Pyttacker will be an interesting tool for you
git clone https://github.com/RoblesT/pyttacker.git
You just need two things (Excluding the Prerequisites):
Basically you need to start the server and then use the interface from your Web Browser
Start Pyttacker Server
You can just double click the file pyttacker.py or run it from command line:
Pyttacker Server it's a simple web server that will be used for creating the PoCs so there are cases when the default TCP port is locked by another tool your using as part of your testing, in that case you can specify the port number:
python pyttacker.py 9090
No worries if you just double clicked the tool and the port is already used by another application since the tool will ask for another port until the process is started or aborted.
Opening the interface
Once the service is started your default browser will be opened with the Pyttacker interface, by default the URL is:
You will find more information about how to use the tool here
Mario Robles, OWASP Costa Rica