Shulou(Shulou.com)05/31 Report--

In this article, the editor introduces in detail "what are the linux penetration testing tools", the content is detailed, the steps are clear, and the details are handled properly. I hope this article "what are the linux penetration testing tools" can help you solve your doubts? let's follow the editor's ideas to learn new knowledge.

1.AssassinGo

High concurrency Extensible Web Penetration Framework based on Go

AssassinGo is an extensible and concurrent framework for information collection and vulnerability scanning, which is based on Vue's WebGUI. The front and back end interaction mainly uses WebSocket technology, and the results will be displayed in the foreground in real time. An automated Web penetration framework that integrates the functions of highly available information collection, basic attack vector detection, Google-Hacking comprehensive search and PoC custom addition and batch detection of targets.

2.burpa: burp

Automatic scanning tool

Burpa automatically scans websites using burpsuite and outputs the scan results as a report.

3.websocket-fuzzer

Websocket-fuzzer is a simple websocket fuzzer for application penetration testing. Two tools are provided: websocket-fuzzer.py is used to receive a message from an WebSocket, modify it, and then send it over a different connection. Analyze the response to find potential vulnerabilities. Send-one-message.py: WebSocket messages sent using a new connection

4.Retile

LKM Linux rootkit and back door

Reptile is a LKM rootkit (kernel-level virus Trojan) written for malicious purposes of kernel 2.6.x/3.x / 4.x. Reptile features include obtaining root permissions, hiding files and directories, hiding file contents, hiding processes, hiding themselves, persistent concealment, and TCMP/UDP/TCP port backdoors.

5.juice-shop

Web Security vulnerability Test Project written by Node.js

Juice-shop an insecure Web application written by javascript that contains vulnerabilities in owasp top 10 and other vulnerabilities.

6.badpdf

Create a malicious PDF to steal NTLM from a Windows machine

Bad-Pdf uses a Responder listener to read NTLM hashes. By creating a malicious PDF document, using two PDF functions, when someone opens this file, the PDF document automatically sends a request to the remote malicious SMB server, and the SMB request contains the NTLM hash value for authentication purposes.

7. GPON

Router remote code execution vulnerability exploits script

VpnMentor announced high-risk vulnerabilities of GPON routers: authentication bypass vulnerability (CVE-2018-10561) and command injection vulnerability (CVE-2018-10562). Combining these two vulnerabilities, you can execute arbitrary commands on the GPON router by sending only one request.

8. Watchdog

Security scanning and vulnerability management tools

Watchdog is a comprehensive security scanning and vulnerability management tool, scanning engines include Nmap, Skipfish, Wapiti, BuiltWith, Phantalyzer, Wappalyzer. Watchdog is installed with its own CVE vulnerability database, which is composed of multiple CVE data sources (exploitdb, cves, etc.).

9.pypykatz

Mimikatz implemented by pure Python

Pypykatz is a Mimikatz implemented in Python. Mimikatz is an open source gadget written in C language, which is very powerful. It supports the extraction of plaintext passwords, hashes, PIN codes, and Kerberos credentials from Windows system memory.

10.CertDB

CertDB is a free SSL certificate search engine and analysis platform. You can query certificates through api.

After reading this, the article "what are the linux Penetration testing tools" has been introduced. If you want to master the knowledge points of this article, you still need to practice and use it yourself. If you want to know more about related articles, welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.