Shulou(Shulou.com)06/01 Report--

It is absolutely indispensable to get used to scanning an operating system before *. Attacks are as good as war. Only when you know yourself can you fight. The intruder generally uses the scanning technology to obtain the security loopholes in the system to invade the system, and the system administrator also needs to know the security problems of the system in time through the scanning technology, and take corresponding measures to improve the security of the system.

Website vulnerability scanning tool: mainly applies the website vulnerability scanning tool, its principle is through the tool to read the code of the website, find the loopholes that can be exploited for notice, through the previous collection of vulnerabilities into a database, according to its scanning comparison.

Backtrack5 is a common vulnerability security assessment, audit, and * * testing tool. It integrates a large number of vulnerability scanning tools, many of which are internationally famous scanning tools. Today, our task is to learn some common and easy-to-use vulnerability scanning tools:

1.asp-auditor

Asp-auditor is a vulnerability scanning tool developed specifically for asp-type websites. It is a command line scanning tool

On the command line, just enter the path to the website to OK! Automatically enumerate the scan results after entering the car.

2.w3af

W3af is a powerful scanning tool, with command line mode and graphical interface mode under BT5. Today we are talking about a graphical interface, because what we see in this way is more intuitive and the effect is more obvious.

Some scanning modes have been preset in w3af: blank templates check OWASP's top 10 security issues audit high-risk brutefroce fast scan comprehensive audit manual disc full audit network composition network infrastructure

Here are some specific plug-ins. We can choose different plug-ins to scan the target IP or domain name according to different requirements.

Here is the location and format of the selected output file.

When scanning, when entering target, be sure to precede it with http://, otherwise the scanning process cannot be carried out.

After entering the scanning target, we can set some known conditions for the scanning target to speed up the scanning speed. In the settings, I can set the operating system type of the target machine and the development language type of the page of my website.

The information generated during the scan

If w3af scans the top ten security vulnerabilities on OWASP, it will automatically list the vulnerabilities found in Exploit.

When scanning for vulnerabilities, we can scan the scan results in more detail. I can scan the information of the target machine and filter the information from the scan.

Here, we can see that many CSRF vulnerabilities have been scanned.

This tool is still very powerful, there are many plug-ins, but the scanning speed is relatively slow, but the scanning information is relatively complete, inheriting other vulnerability verification tools inside, you can directly take advantage of the vulnerability for the next step.

3.nikto

Nikto is a type of web that scans specified hosts, hostnames. Tools for security issues such as specific directories, cookie, specific cgi vulnerabilities, xss vulnerabilities, sql vulnerabilities, http methods allowed by the host, etc.

The working parameters of the working interface of the tool

Using the-h parameter, we can scan some basic parameters of the target. As shown in the following figure, we can know that the hostname of the target is the IP address service port: the language type of 80server:Microsoft-IIS/6.0 website is asp.

The website used in this lab is very simple, so there is not much content. When we scan a large website, there are too many loopholes or too many results, we can save it and use the command:. / nikto.pl-hhucwuhen.bolg.51cto.com-Fhtml-o123.html-F is the type of saved file-o is the output file name, the default save path is / pentest/web/nikto, after the scan is over, I can see all the results in the documents under this path.

When we don't get the information about the CGI directory, we can use the command to crack it violently:. / nikto.pl-hhucwuhen.bolg.51cto.com-Call

Then I didn't see a lot of CGI directory information.

The content of the tool query is more, more comprehensive, but the scanning speed is relatively slow.

4.skipfish

Skipfish is a vulnerability scanning tool with google, which works in command line mode.

Enter the query command:. / skipfish-ooutput_dir-Sdictionaries/complete.wl http://www.baidu.com

Press any key

And then wait a minute, and we'll see the scan results in the scan results, we can see

Open the system folder / pentest/web/skipfish/output_dir/index.html

END!!!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.