Kali进行web渗透笔记(二)

Setting up Your Lab with Kali Linux: Having a completely sepatate laptop installed with Kali Linux on the physical hard drive with suffcient amount of RAM and a high-speed proccessor to crunch in password hashes and rainbow tables is the way that most experienced penetration testers follow.While doing a real-world penetration test you need to have at least 8GB RAM on your machine.A high-speed network port and a wireless network card that allows packet injection is also an important part of the test’s toolkit.

Web application proxies

WebScarab

Zed Attack Proxy(successor of WebScarab)

Burp Suit

ProxyStrike(not only intercepts the request and response but also actively finds vulnerabilities.It has modules to find SQL injection and XSS flaws.)

Web vulnerability scanner

Nikto

skipfish

Web Crawler-Dirbuster

OpenVAS

Database exploitation

SQLNinjia:tool to attack vulnerable Mssql and gain shell access

sqlmap

CMS identification tools

wpscan

Plecost:is a WordPress finger printer tool and can be userd to retrieve information about the plugins installed and display CVE code against each vulnerable plugin.

joomscan

Web application fuzzers

Burpsuite and WebScarab

Wfuzz

Using Tor for penetration testing