Common vulnerability scanning tools for Backtrack5

Before the attack, hackers are used to scanning an operating system, which is absolutely indispensable. As a hacker, the attack is just like a war. Attackers generally use scanning technology to obtain security vulnerabilities in the system and intrude into the system. system administrators also need to learn about the security problems of the system in a timely manner through scanning technology, and take appropriate measures to improve system security.

Website vulnerability scan tool: Mainly used to scan website vulnerabilities. Its principle is to use the tool to read the website code and notice the vulnerabilities that can be exploited, the vulnerabilities collected by our predecessors are compiled into databases and compared based on their scans.

Backtrack5 is a common vulnerability security evaluation, auditing, and penetration testing tool. It integrates a large number of vulnerability scanning tools, many of which are internationally renowned scanning tools, today, our task is to learn about common and easy-to-use vulnerability scanning tools:
1. asp-auditor
Asp-auditor is a vulnerability information scanning tool specially developed for asp websites. It is a command line scanning tool.

650) this. width = 650; "style =" float: none; "title =" image 1.png "alt =" 132949655.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323K037-0.png" width = "674" height = "524"/>

650) this. width = 650; "style =" float: none; "title =" image 2.png "alt =" 132954698.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323J920-1.png"/>

In the command line, you only need to enter the website path to OK! After you press enter, the system automatically lists the scan results.

650) this. width = 650; "style =" float: none; "title =" image 3.png "alt =" 133001400.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323LO5-2.png"/>

2. w3af
W3af is a powerful scanning tool. It has command line and graphical interface modes in BT5. Today we are talking about graphical interfaces, because this gives us a more intuitive view, more effective

650) this. width = 650; "style =" width: 671px; float: none; height: 422px; "title =" image 4.png "alt =" 133012254.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323J507-3.png" width = "702" height = "486"/>

Some scanning modes have been preset in w3af: blank templates check Top Ten security issues identified by OWASP audit high risk brutefroce quick scan full audit manual disc all audit Network Diagram network infrastructure

650) this. width = 650; "style =" width: 670px; float: none; height: 472px; "title =" image 5.png "alt =" 133016293.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323L025-4.png" width = "658" height = "455"/>

Here are some specific plug-ins. We can select different plug-ins based on different needs to scan the target IP address or domain name

650) this. width = 650; "style =" float: none; "title =" image 6.png "alt =" 133018393.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323H1T-5.png"/>

Select the storage location and format of the output file.

650) this. width = 650; "style =" float: none; "title =" image 7.png "alt =" 133022488.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323JI5-6.png"/>

During scanning, you must add http: // before entering the target. Otherwise, the scanning process cannot be performed.

650) this. width = 650; "style =" float: none; "title =" image 8.png "alt =" 133025491.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323H409-7.png" width = "708" height = "236"/>

After entering the scan target, we can set some known conditions for the target to speed up the scanning, in the settings, I don't know. I can set the type of the target machine's operating system. The development language type of my website's page.

650) this. width = 650; "style =" float: none; "title =" image 9.png "alt =" 133030137.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323M631-8.png" width = "703" height = "446"/>

Information generated during scanning

650) this. width = 650; "style =" float: none; "title =" image 10.png "alt =" 133020.13.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323H964-9.png" width = "706" height = "371"/>

If w3af scans the top ten security vulnerabilities on OWASP, it will automatically list the vulnerabilities found in Exploit.

650) this. width = 650; "style =" float: none; "title =" image 11.png "alt =" 133038695.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323L227-10.png" width = "708" height = "361"/>

When scanning for vulnerabilities, we can scan the scan results in more detail. I don't know. I can scan the information of the target machine and filter the information.

650) this. width = 650; "style =" float: none; "title =" image 12.png "alt =" 133042969.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323H522-11.png" width = "708" height = "405"/>

650) this. width = 650; "style =" float: none; "title =" 13.13.png "alt =" 133046499.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323JF3-12.png" width = "709" height = "390"/>

Here, we can see that many CSRF vulnerabilities have been detected.

650) this. width = 650; "style =" float: none; "title =" image 14.png "alt =" 133054252.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323IZ4-13.png"/>

This tool is still very powerful and has many plug-ins, but the scanning speed is relatively slow, but the scanning information is relatively complete, inheriting from other vulnerability verification tools, you can directly use the vulnerability to perform the next step.

3. nikto
Nikto is a web type and host name used to scan a specified host. Tools for security issues such as specific directories, cookies, specific cgi vulnerabilities, xss vulnerabilities, SQL vulnerabilities, and http methods allowed by the host are returned.

650) this. width = 650; "style =" width: 715px; float: none; height: 471px; "title =" image 15.png "alt =" 1331020.6.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323HQ8-14.png" width = "736" height = "469"/>

Work parameters of the tool's work interface

650) this. width = 650; "style =" float: none; "title =" 16.16.png "alt =" 133111680.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323M257-15.png"/>

Using the-h parameter, we can scan some basic parameters of the target. For example, we can know that the target host name is the IP address service port: 80 server: Microsoft-IIS/6.0. The language type of the website is asp.

650) this. width = 650; "style =" float: none; "title =" image 17.png "alt =" 133118407.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323L595-16.png"/>

The website used in this experiment is very simple, so there is not much content. When we scan a large website, there are too many vulnerabilities or too many results. We can save them and run the following command :. /nikto.pl-hhucwuhen.bolg.51cto.com-Fhtml-o123.html-F is the type of the saved file-o is the default save path for the output file name is/pentest/web/nikto, I don't have all the results after the scan ends. You can see them in the document in this path.

650) this. width = 650; "style =" float: none; "title =" image 18.png "alt =" 133120163.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323H4Z-17.png"/>

When we don't get the CGI directory information, we can use the command for brute force cracking:./nikto.pl-hhucwuhen.bolg.51cto.com-Call

650) this. width = 650; "style =" float: none; "title =" 19.png "alt =" 133125183.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323Hc3-18.png"/>

I didn't see any more CGI directory information.

650) this. width = 650; "style =" float: none; "title =" 20.20.png "alt =" 133137874.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323I010-19.png"/>

The tool queries a lot of content, which is comprehensive, that is, the scanning speed is relatively slow.

4. skipfish
Skipfish is a vulnerability scanning tool developed by google. It works in command line mode.

650) this. width = 650; "style =" float: none; "title =" image 21.png "alt =" 133144900.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323MH1-20.png"/>

Enter the query command:./skipfish-ooutput_dir-Sdictionaries/complete. wlhttp: // www.baidu.com

Press any key

650) this. width = 650; "style =" float: none; "title =" image 22.png "alt =" 133147146.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323MH5-21.png"/>

Then wait, we will see the scan results in the scan results, we can see

650) this. width = 650; "style =" float: none; "title =" image 23.png "alt =" 133158239.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323I463-22.png" width = "662" height = "439"/>

Open the System Folder/pentest/web/skipfish/output_dir/index.html

650) this. width = 650; "style =" width: 681px; float: none; height: 446px; "title =" 24.png "alt =" 1332020.6.png" src = "http://www.bkjia.com/uploads/allimg/131227/06323H931-23.png" width = "705" height = "474"/>

END !!!

This article is from the "no trace" blog, please be sure to keep this source http://hucwuhen.blog.51cto.com/6253667/1300066