Kali進行web滲透筆記(二)

• Setting up Your Lab with Kali Linux: Having a completely sepatate laptop installed with Kali Linux on the physical hard drive with suffcient amount of RAM and a high-speed proccessor to crunch in password hashes and rainbow tables is the way that most experienced penetration testers follow.While doing a real-world penetration test you need to have at least 8GB RAM on your machine.A high-speed network port and a wireless network card that allows packet injection is also an important part of the test’s toolkit.

• Web application proxies

  • WebScarab
  • Zed Attack Proxy(successor of WebScarab)
  • Burp Suit
  • ProxyStrike(not only intercepts the request and response but also actively finds vulnerabilities.It has modules to find SQL injection and XSS flaws.)

• Web vulnerability scanner

  • Nikto
  • skipfish
  • Web Crawler-Dirbuster
  • OpenVAS

• Database exploitation

  • SQLNinjia:tool to attack vulnerable Mssql and gain shell access
  • sqlmap

• CMS identification tools

  • wpscan
  • Plecost:is a WordPress finger printer tool and can be userd to retrieve information about the plugins installed and display CVE code against each vulnerable plugin.
  • joomscan

• Web application fuzzers

  • Burpsuite and WebScarab
  • Wfuzz

• Using Tor for penetration testing