use of the Web Application Risk Assessment tool in Backtrack 5 (joomscan blindelephant cms-explorer whatweb plecost wpscan)
2013-03-02 04:03:51| Category: Tool Collection | Tags:joomscan blindelephant whatweb plecost wpscan | Report | Font size Subscription
This article describes the detailed introduction and use of some of the tools under the Web Application Risk assessment module in Backtrack 5, including the features of the tools, how to use them, and so on. I hope it will be helpful for children's shoes that have just been exposed to penetration testing and web security.
Adema translation from the foreign site, reproduced please indicate the source. The inappropriate translation, welcome to the big God message, thank you ~ ~
JOOMLA Security Scanner
Joomla Security scanner can detect whether the website of Joomla whole site exists file contains, SQL injection, command execution and other vulnerabilities. This will help web developers and site managers identify potential security weaknesses.
Features of Joomla Security scanner
1. Exact version detection (can detect the use of the Joomla Whole station program version).
2. Common joomla! Web-based application firewall probing.
3. Search for a known Joomla security vulnerability and its components.
4. Test report in text and HTML format.
5. Immediate Software update capability
How to use the Joomla Security Scanner in backtrack 5
First, follow the path below to open the Joomscan in backtrack.
Applications->backtrack->vulnerability assessment->web Application Assessment->cms Vulnerabilities Identification->joomscan
How to use Joomscan
After opening Joomscan, you can see the following:
Scan vulnerability
Start scanning the Joomla Whole station Program vulnerability, enter the following command:
./joomscan.pl-u www.example.com
<>
The vulnerabilities that are found, as shown in:
Cms-explorer
Cms-explorer is designed to uncover specific modules, plugins, components, and various CMS-driven Web site topics that the site is running.
In addition, Cms-explorer can be used to help with security testing, although it does not perform any direct security checks. "Explore" Options can be used to check for hidden database files that can be accessed. The main purpose is to crawl the source code by retrieving the module and then request access to the file names from the target system to detect the presence of these files. These requests can be made by different agents. You can use Bootstrap,burp Suite,paros,web inspect and so on.
The cms-explorer supports the following modules and subject probes for the entire station system.
Drupal,wordpress, Joomla,mambo
How to use Cms-explorer
Open the Backtrack 5 terminal and enter the following command:
#cd/pentest/enumeration/web/cms-explorer
You can also open it in the following way
Applications->backtrack, information, gathering, WEB application analysis, CMS identification, CMS-E Xplorer
Scan Joomla site (scans Joomla whole station)
#./cms-explorer.pl-url Http://example.com-type Joomla
Scan WordPress site (scanning WordPress entire station)
#./cms-explorer.pl-url http://example.com-type WordPress
Scan Drupal site (scanning Drupal station)
#./cms-explorer.pl-url Http://example.com-type Drupal
Wpscan-wordpress Security Scanner
Wpscan is a black box WordPress security scanner, written in the Ruby language, it is mainly used to detect the security weaknesses of the WordPress site. It has the following characteristics:
1. Enumeration of user names
2. Multithreading
3. Version enumeration (from the META tag to determine the relevant information), such as this site:
<meta name= "generator" content= "WordPress 3.2.1"/>
4. Vulnerability enumeration (version-based)
5. Plugin enumeration (the most popular plugins are listed by default)
6. Plug-In Vulnerability enumeration (version-based)
7. Generate plug-in enumeration list
Other comprehensive WordPress checks, such as theme names, etc.
How to use the Wpscan in Backtrack 5
Open the Backtrack5 terminal and enter the following command:
#cd/pentest/web/wpscan
#ruby Wpscan.rb–url www.nxadmin.com
Other Scan commands:
Version measure up:
Ruby Wpscan.rb–url Www.example.com–version
User name brute force guessing, 50 threads
Ruby Wpscan.rb–url Www.example.com–wordlist darkc0de.lst–threads 50
Brute force guess password for account with username admin
Ruby Wpscan.rb–url www.example.com–wordlist darkc0de.lst–username admin
Generate a list of the most popular plugins
Ruby./wpscan.rb–generate_plugin_list 150
List plugins that are already installed
Ruby./wpscan.rb–enumerate p
Plecost
Plecost is a wordpress fingerprint identification tool, used to detect the plugin installed in WordPress version information and so on. It can parse a single URL, or based on a Google index on the basis of the analysis. If the index exists, the associated plug-in CVE code is displayed.
How to use the Plecost in backtrack
Open the Backtrack 5 terminal with the following command:
#./plecost-0.2.2-9-beta.py
How to use Plecost
#./plecost-0.2.2-9-beta.py-i Wp_plugin_list.txt Http://www.example.com–g
Google search options:
L Num: Number of plugins in Google search results limit
G:google Search Mode
N: Use a large number of plugins (default, more than 7,000)
C: Check for CVE-related plugins only
R file: Reload the list of plugins and use the-N option to control the quantity
o File: Input as files (default = "Output.txt")
I file: Input plug-in list
s time: Buffer times between two probes
M time: Up to two buffers between probes
T num: Number of threads, default is 1
H: Displays help information.
Whatweb
Whatweb like Nmap, but for the web. Whatweb is the identification of Web applications, including CMS, blog platforms, statistics/analytics packages, JavaScript libraries, Web server devices, and embedded devices. Whatweb has more than 900 plugins to identify different applications. You can also determine the version number, e-mail address , account id,web frame module, SQL error, etc.
Whatweb has the following features:
There are more than 900 plugins
Control the tradeoff between speed speed/anonymity performance and reliability
Plugin includes URL example
Performance optimization. Control multiple sites to scan at the same time
Multiple log formats, digest, verbose (readable), XML, JSON, Magic Tree, Ruby Object, Mongo DB.
Recursive web spider crawling
Agent Support
Custom HTTP Headers
Control page Redirection
Nmap-style IP address range
Fuzzy matching
Deterministic results
Custom plug-ins defined on the command line
Open Backtrack 5 and follow the path below to open Whatweb.
Applications->backtrack, information, gathering, WEB application analysis, CMS identification, WHATW Eb
How to use:
. /whatweb
Verbose mode
./whatweb–v www.example.com
Blindelephant-web Application fingerprint recognition
Blindelephant is a Web application fingerprinting program that judges the Web application version by comparing the static file hashes of the Web application and the computed application. The software is fast, low bandwidth, non-intrusive, and highly automated.
Characteristics:
Fast, low-resource.
Support for 15 of deployed Web applications (hundreds of versions) and easy to add more version support
Support for Web application plug-ins (only Drupal and WordPress are currently supported)
Blindelephant Path in Backtrack 5
Applications->backtrack, information, gathering, WEB application analysis, CMS identification, blind Elephant
How to use:
#./blindelephant.py www.example.com (CMS)
Original link: http://resources.infosecinstitute.com/penetration-testing-in-cms/