╋━━━━━━━╋
┃实验环境 ┃
┃Metasploitable┃
┃ Dvwa ┃
╋━━━━━━━╋
Username admin
password password
╋━━━━━━━━━━━╋
┃侦查 ┃
┃Httrack ┃
┃ 减少与目标系统互 ┃
╋━━━━━━━━━━━╋
root@kali:~# mkdir dvwa
root@kali:~# httrack
welcom to HTTrack Website Coier (Offline Brower) 3.48-20
Copyright (C) 1998-2014 Xavier Roche and other contributors
To see the option list, enter a blank line or try httrack --help
Enter project name :dvwa
Base path (return=/root/websites/) :/root/dvwa
Enter URLs (separated by commas or blank spaces) :http://192.168.1.109/dvwa/
Action:
(enter) 1 Mirror Web Site(s)
2 Mirror Web Site(s) with Wizard
3 Just Get Files Indicated
4 Mirror ALL links in URLs (Multiple Mirror)
5 Test Links In URLs (Bookmark Test)
0 Quit
:2
Proxy (return=none) :
You can define wildcards, like: -*.gif +www.*.com/*.zip -*img_*.zip
Wildcards (return=none) :*
You can define additional options, such as recurse leve (-r<number>),separedy blank space
To see the option list, type help
Additional options (return=none) :
---> Wizard command line: httrack http://192.168.1.109/dvwa/ -W -O "/root/dvwa/dvwa" -%v *
Ready to lauch the mirror? (Y/n) :
WARNING! You are runing this program as root!
It might be a good idea to run as a differrnt user
Mirror launched to Thu, 03 Dec 2015 19:47:12 by HTTrack Website Copier/3.48-20 [XR&CO'2014]
Mirroring http:192.168.1.109/dvwa/ * with the wizard help..
╋━━━━━━━╋
┃扫描工具 ┃
┃Nikto ┃
┃Vega ┃
┃Skipfish ┃
┃W3af ┃
┃Arachni ┃
┃Owasp-zap ┃
╋━━━━━━━╋
推荐《web Pentration Testing with Kali Linux》
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋
┃NIKTO ┃
┃Perl语言开发的开源web安全扫描器 ┃
┃软件版本 ┃
┃搜索存在安全隐患的文件 ┃
┃服务器配置漏洞 ┃
┃WEB Application层面的安全隐患 ┃
┃避免404误判 ┃
┃ 很多服务器不遵守RFC标准,对于不存在的对象返回200响应码┃
┃ 依据响应文件内容判断,不同扩展名的文件404响应内容不同 ┃
┃ 去除时间信息后的内容取MD5值 ┃
┃ -no404 ┃
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋
root@kali:~# nikto
- Nikto v2.1.6
---------------------------------------------------------------------------
+ ERROR: No host specified
-config+ Use this config file
-Display+ Turn on/off display outputs
-dbcheck check database and other key files for syntax errors
-Format+ save file (-o) format
-Help Extended help information
-host+ target host
-id+ Host authentication to use, format is id:pass or id:pass:realm
-list-plugins List all available plugins
-output+ Write output to this file
-nossl Disables using SSL
-no404 Disables 404 checks
-Plugins+ List of plugins to run (default: ALL)
-port+ Port to use (default 80)
-root+ Prepend root value to all requests, format is /directory
-ssl Force ssl mode on port
-Tuning+ Scan tuning
-timeout+ Timeout for requests (default 10 seconds)
-update Update databases and plugins from CIRT.net
-Version Print plugin and database versions
-vhost+ Virtual host (for Host header)
+ requires a value