- Setting up Your Lab with Kali Linux: Having a completely sepatate laptop installed with Kali Linux on the physical hard drive with suffcient amount of RAM and a high-speed proccessor to crunch in password hashes and rainbow tables is the way that most experienced penetration testers follow.While doing a real-world penetration test you need to have at least 8GB RAM on your machine.A high-speed network port and a wireless network card that allows packet injection is also an important part of the test’s toolkit.
Web application proxies
- WebScarab
- Zed Attack Proxy(successor of WebScarab)
- Burp Suit
- ProxyStrike(not only intercepts the request and response but also actively finds vulnerabilities.It has modules to find SQL injection and XSS flaws.)
Web vulnerability scanner
- Nikto
- skipfish
- Web Crawler-Dirbuster
- OpenVAS
Database exploitation
- SQLNinjia:tool to attack vulnerable Mssql and gain shell access
- sqlmap
CMS identification tools
- wpscan
- Plecost:is a WordPress finger printer tool and can be userd to retrieve information about the plugins installed and display CVE code against each vulnerable plugin.
- joomscan
Web application fuzzers
- Burpsuite and WebScarab
- Wfuzz
Using Tor for penetration testing
Kali進行web滲透筆記(二)
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.