Kali进行web渗透笔记(二)
2016-06-12 00:18
471 查看
Setting up Your Lab with Kali Linux: Having a completely sepatate laptop installed with Kali Linux on the physical hard drive with suffcient amount of RAM and a high-speed proccessor to crunch in password hashes and rainbow tables is the way that most experienced penetration testers follow.While doing a real-world penetration test you need to have at least 8GB RAM on your machine.A high-speed network port and a wireless network card that allows packet injection is also an important part of the test’s toolkit.
Web application proxies
WebScarab
Zed Attack Proxy(successor of WebScarab)
Burp Suit
ProxyStrike(not only intercepts the request and response but also actively finds vulnerabilities.It has modules to find SQL injection and XSS flaws.)
Web vulnerability scanner
Nikto
skipfish
Web Crawler-Dirbuster
OpenVAS
Database exploitation
SQLNinjia:tool to attack vulnerable Mssql and gain shell access
sqlmap
CMS identification tools
wpscan
Plecost:is a WordPress finger printer tool and can be userd to retrieve information about the plugins installed and display CVE code against each vulnerable plugin.
joomscan
Web application fuzzers
Burpsuite and WebScarab
Wfuzz
Using Tor for penetration testing
Web application proxies
WebScarab
Zed Attack Proxy(successor of WebScarab)
Burp Suit
ProxyStrike(not only intercepts the request and response but also actively finds vulnerabilities.It has modules to find SQL injection and XSS flaws.)
Web vulnerability scanner
Nikto
skipfish
Web Crawler-Dirbuster
OpenVAS
Database exploitation
SQLNinjia:tool to attack vulnerable Mssql and gain shell access
sqlmap
CMS identification tools
wpscan
Plecost:is a WordPress finger printer tool and can be userd to retrieve information about the plugins installed and display CVE code against each vulnerable plugin.
joomscan
Web application fuzzers
Burpsuite and WebScarab
Wfuzz
Using Tor for penetration testing
相关文章推荐
- java-WEB中的监听器Lisener
- Linux socket 初步
- Linux Kernel 4.0 RC5 发布!
- GUI - Web前端开发框架
- linux lsof详解
- linux 文件权限
- Linux 执行数学运算
- 10 篇对初学者和专家都有用的 Linux 命令教程
- Extjs4.0 最新最全视频教程
- Linux 与 Windows 对UNICODE 的处理方式
- Ubuntu12.04下QQ完美走起啊!走起啊!有木有啊!
- 解決Linux下Android开发真机调试设备不被识别问题
- 运维入门
- 运维提升
- Linux 自检和 SystemTap
- Ubuntu Linux使用体验
- c语言实现hashmap(转载)
- Linux 信号signal处理机制