Learn about kali linux penetration testing tools, we have the largest and most updated kali linux penetration testing tools information on alibabacloud.com
all the tools are preinstalled in a Linux system. Among them, the typical operating system. Is the Kali Linux used in this book.The system is mainly used for penetrant testing.It comes preloaded with a number of penetration testing
1, about Kali LinuxKali Linux is a Debian-based Linux distribution that is designed for digital forensics and penetration testing. Maintained and financed by Offensive Security Ltd. [1] The first Mati Aharoni and Devon Kearns by offensive security were completed by rewriting
Kali Linux is a comprehensive penetration testing platform with advanced tools that can be used to identify, detect, and exploit undetected vulnerabilities in the target network. With Kali Lin
The idea of penetrating attacks is generally to scan for vulnerabilities and then exploit different vulnerabilities to attack penetration.Vulnerability Scanning Tool has nessus, the tool can be at the same time on the local or remote control, the vulnerability analysis of the system scan. Nessus a system vulnerability can be scanned by creating a new scan policy and adding a corresponding plug-in.Another vulnerability scanning Tool is OpenVAS, which is not described here.The above describes the
LinkedInThe user names collected from LinkedIn will be of great use in subsequent tests. For example: social engineering attacks.MetagoofilMetagoofil is a tool that uses Google to gather information and currently supports the following types:1. Word2.Ppt3.Excel4. PdfCommands to use Metagoofil:#MetagoofilDemonstrate by an example:#metagoofil-D baidu.com-l 20-t doc,pdf-n 5-f Test.html-o testThrough this tool we can see very much information collected, such as user name, path information. We can u
Server:ns1.sina.com.cnName Server:ns2.sina.com.cnName Server: Ns3.sina.com.cnName Server:ns4.sina.com.cnRegistration Time:1998- One- - xx:xx:xxExpiration Time:2019- A-Geneva the: +: *dnssec:unsignedThe results of the WHOIS return include information about the DNS server and the registrant's contact details, registration time and expiry time, and so on.Three. DNS Record analysisTo find all the hosts and IPs under the domain name, you can use a few tools
1.Mitmproxy
Mitmproxy is an HTTP proxy tool that can be used for man-in-the-middle attacks or for HTML scratch-wrap debugging
2.BP
Use more, do not describe
3.owasp-zap
Zed Attack Proxy is Zap, is a simple and easy-to-use penetration testing tool, is to discover the flaw in the Web application is a sharp weapon, is the penetration test enthusiasts good thing.
4.P
example:)
# #当客户端和burpsuite都在一台机器上, modify the native Hosts file to resolve the DNS resolution of the machine IP, start invisible, and use the following configuration, then Burpsuite will not do DNS resolution with the native Hosts file
#代理情况下 "Absolute path" Non-proxy "relative path" (Burpsuite will be stitched together to send)
#客户端不按规范发http请求送, may not contain host header, use DNS spoofing to resolve
#一个web页面有多个域名, may correspond to multipl
-backdoor.php[emailprotected]:/usr/share/webshells
/php# CP php-reverse-shell.php/root/3.php[emailprotected]:/usr/share/webshells/php# #修改shell中反弹连接的IP
#使用nc侦听反弹端口1234 NC terminal cannot use the TAB key
#将shell代码复制粘贴进POST, Go Send "This method is relatively hidden, not easy to hair Now "
############################################################################
When some commands, such as ifc
file content "normal PHP code will not be directly downloaded by the browser"
# # #常用方法: path +?-s can view most PHP server-side code "Get code, you can do code audit"
User "Use Users"
# #arachni的cookie信息会在一定时间内变化 "Identity authentication to protect against cookie information"
Dispatchers dispatching "remote and grid for advanced options"
You need to use commands to implement
Remote
./ARACHNI_RPCD--addr
"
And then access the file in the browser
############################################################### ##############
Note: In a Linux system, when you assign permissions to a file, ensure that the same permissions are assigned to its hierarchical directory
# # # ##########################################################################
Remote file contains RFI
#脚本认证Script, you have to write your own script "script template"
#默认情况下, only specify the name of the session, you must manually add another session "such As: security"
#显示http Session Tab
#用于使用不同用户登录审计 to determine if there is any authority
8, Note/tag "add A variety of labels, easy to audit"
9. Passive Scan
####
fips-U.S. Federal Information Processing standards (Federal Information Processing Standard)
5, encoding "(Mixed mode encoding) for injection attacks, to prevent the Web application filter"
6, comparer content comparison "has the guide"
##########################################################################################Truncation Agent Tool
Paros "Kali int
mechanism that is stronger than HTTPS
Use OAuth or HMAC for authentication, HMAC authentication using the C/S shared key encryption API key
RESTful should allow only authenticated users to use the PUT, delete method
Use random tokens to prevent CSRF attacks
Recommended to deploy a strict whitelist-based approach to user-submitted parameter filtering
Disinfection of error messages
Direct object references should be strictly authenticated (the e-commerce company takes the
by administrators"
useragent=mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; trident/5.0)
#抓包分析, get cookies
#修改cookie信息 "Get Nikto authenticated for further scanning"
-evasion: Using the evasion techniques of IDs in Libwhisker, you can use the following types
1, Random URL encoding (non-UTF-8 mode)
2. Optional path (/./)
3. URL to end prematurely
4. Take precedence over long random strings
5. Parameter spoofin
"Curl": Command line mode, custom URL, initiating HTTP request
#high级别
C. Exploit this vulnerability to allow operations such as open ports to be performed
such as:; Mkfifo/tmp/pipe;sh/tmp/pipe | NC-NLP 4444 >/tmp/pipe
D. Rebound Shell
The shell of the machine to which the shell s
, see: http://www.openwall.com/john/doc/RULES.shtml.2.10 using ZAP to discover files and foldersOWASP ZAP (Zed Attack Proxy) is a versatile tool for WEB security testing. He has an agent, passive and active vulnerability scanner, a blur tester, a crawler, and an HTTP request transmitter, along with some other interesting features. In this cheats, we will use the newly added "forced browsing", which is the Disbuster implementation within ZAP.Get readyI
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.