Web test tools in backtrack

use of the Web Application Risk Assessment tool in Backtrack 5 (joomscan blindelephant cms-explorer whatweb plecost wpscan)

2013-03-02 04:03:51|  Category: Tool Collection | Tags:joomscan blindelephant whatweb plecost wpscan | Report | Font size Subscription

This article describes the detailed introduction and use of some of the tools under the Web Application Risk assessment module in Backtrack 5, including the features of the tools, how to use them, and so on. I hope it will be helpful for children's shoes that have just been exposed to penetration testing and web security.

Adema translation from the foreign site, reproduced please indicate the source. The inappropriate translation, welcome to the big God message, thank you ~ ~

JOOMLA Security Scanner

Joomla Security scanner can detect whether the website of Joomla whole site exists file contains, SQL injection, command execution and other vulnerabilities. This will help web developers and site managers identify potential security weaknesses.

Features of Joomla Security scanner

1. Exact version detection (can detect the use of the Joomla Whole station program version).

2. Common joomla! Web-based application firewall probing.

3. Search for a known Joomla security vulnerability and its components.

4. Test report in text and HTML format.

5. Immediate Software update capability

How to use the Joomla Security Scanner in backtrack 5

First, follow the path below to open the Joomscan in backtrack.

Applications->backtrack->vulnerability assessment->web Application Assessment->cms Vulnerabilities Identification->joomscan

How to use Joomscan

After opening Joomscan, you can see the following:

Scan vulnerability

Start scanning the Joomla Whole station Program vulnerability, enter the following command:

./joomscan.pl-u www.example.com

<>

The vulnerabilities that are found, as shown in:

Cms-explorer

Cms-explorer is designed to uncover specific modules, plugins, components, and various CMS-driven Web site topics that the site is running.

In addition, Cms-explorer can be used to help with security testing, although it does not perform any direct security checks. "Explore" Options can be used to check for hidden database files that can be accessed. The main purpose is to crawl the source code by retrieving the module and then request access to the file names from the target system to detect the presence of these files. These requests can be made by different agents. You can use Bootstrap,burp Suite,paros,web inspect and so on.

The cms-explorer supports the following modules and subject probes for the entire station system.

Drupal,wordpress, Joomla,mambo

How to use Cms-explorer

Open the Backtrack 5 terminal and enter the following command:

#cd/pentest/enumeration/web/cms-explorer

You can also open it in the following way

Applications->backtrack, information, gathering, WEB application analysis, CMS identification, CMS-E Xplorer

Scan Joomla site (scans Joomla whole station)

#./cms-explorer.pl-url Http://example.com-type Joomla

Scan WordPress site (scanning WordPress entire station)

#./cms-explorer.pl-url http://example.com-type WordPress

Scan Drupal site (scanning Drupal station)

#./cms-explorer.pl-url Http://example.com-type Drupal

Wpscan-wordpress Security Scanner

Wpscan is a black box WordPress security scanner, written in the Ruby language, it is mainly used to detect the security weaknesses of the WordPress site. It has the following characteristics:

1. Enumeration of user names

2. Multithreading

3. Version enumeration (from the META tag to determine the relevant information), such as this site:

<meta name= "generator" content= "WordPress 3.2.1"/>

4. Vulnerability enumeration (version-based)

5. Plugin enumeration (the most popular plugins are listed by default)

6. Plug-In Vulnerability enumeration (version-based)

7. Generate plug-in enumeration list

Other comprehensive WordPress checks, such as theme names, etc.

How to use the Wpscan in Backtrack 5

Open the Backtrack5 terminal and enter the following command:

#cd/pentest/web/wpscan

#ruby Wpscan.rb–url www.nxadmin.com

Other Scan commands:

Version measure up:
Ruby Wpscan.rb–url Www.example.com–version

User name brute force guessing, 50 threads
Ruby Wpscan.rb–url Www.example.com–wordlist darkc0de.lst–threads 50

Brute force guess password for account with username admin
Ruby Wpscan.rb–url www.example.com–wordlist darkc0de.lst–username admin

Generate a list of the most popular plugins

Ruby./wpscan.rb–generate_plugin_list 150

List plugins that are already installed

Ruby./wpscan.rb–enumerate p

Plecost

Plecost is a wordpress fingerprint identification tool, used to detect the plugin installed in WordPress version information and so on. It can parse a single URL, or based on a Google index on the basis of the analysis. If the index exists, the associated plug-in CVE code is displayed.

How to use the Plecost in backtrack

Open the Backtrack 5 terminal with the following command:

#./plecost-0.2.2-9-beta.py

How to use Plecost

#./plecost-0.2.2-9-beta.py-i Wp_plugin_list.txt Http://www.example.com–g

Google search options:

L Num: Number of plugins in Google search results limit

G:google Search Mode

N: Use a large number of plugins (default, more than 7,000)

C: Check for CVE-related plugins only

R file: Reload the list of plugins and use the-N option to control the quantity

o File: Input as files (default = "Output.txt")

I file: Input plug-in list

s time: Buffer times between two probes

M time: Up to two buffers between probes

T num: Number of threads, default is 1

H: Displays help information.

Whatweb

Whatweb like Nmap, but for the web. Whatweb is the identification of Web applications, including CMS, blog platforms, statistics/analytics packages, JavaScript libraries, Web server devices, and embedded devices. Whatweb has more than 900 plugins to identify different applications. You can also determine the version number, e-mail address , account id,web frame module, SQL error, etc.

Whatweb has the following features:

There are more than 900 plugins

Control the tradeoff between speed speed/anonymity performance and reliability

Plugin includes URL example

Performance optimization. Control multiple sites to scan at the same time

Multiple log formats, digest, verbose (readable), XML, JSON, Magic Tree, Ruby Object, Mongo DB.

Recursive web spider crawling

Agent Support

Custom HTTP Headers

Control page Redirection

Nmap-style IP address range

Fuzzy matching

Deterministic results

Custom plug-ins defined on the command line

Open Backtrack 5 and follow the path below to open Whatweb.

Applications->backtrack, information, gathering, WEB application analysis, CMS identification, WHATW Eb

How to use:

. /whatweb

Verbose mode

./whatweb–v www.example.com

Blindelephant-web Application fingerprint recognition

Blindelephant is a Web application fingerprinting program that judges the Web application version by comparing the static file hashes of the Web application and the computed application. The software is fast, low bandwidth, non-intrusive, and highly automated.

Characteristics:

Fast, low-resource.

Support for 15 of deployed Web applications (hundreds of versions) and easy to add more version support

Support for Web application plug-ins (only Drupal and WordPress are currently supported)

Blindelephant Path in Backtrack 5
Applications->backtrack, information, gathering, WEB application analysis, CMS identification, blind Elephant

How to use:

#./blindelephant.py www.example.com (CMS)

Original link: http://resources.infosecinstitute.com/penetration-testing-in-cms/