kali Linux Tools to help you evaluate Web Server security , And help you perform hacker penetration tests .
be careful : Not all the tools mentioned here are open source .
* Nmap
1621507756_60a63eac521c0abeb99bc.png!small?1621507755558
Nmap( Network mapper ) Is a network security tool for network discovery and security audit .
Core functions : Host discovery , Port scan , version detection , Operating system detection , firewall /IDS Evasion and deception
Nmap Basic grammar
nmap [ < Scan type > …] [ < option > ] { < Scan target description > }
Full offensive scan ( Including various host discovery , Port scan , Version scan ,OS Scanning and default script scanning ):
nmap -A -v target_ip
ping scanning : nmap -sn -v target_ip
Fast port scan :nmap -F -v target_ip
Version scan : nmap -sV -v target_ip
Operating system scan :nmap -O -v target_ip
* Wireshark
1621519865_60a66df98359498712be9.png!small?1621519864772
Wireshark Is a free and open source packet analyzer , yes Kali Linux The most popular network analyzer on .
Wireshark use WinPCAP As interface , Exchange data message directly with network card .
* Metasploit Framework
1621522244_60a67744d96353fc7a85a.png!small?1621522243943
Metasploit Framework Is a computer security project designed to provide security vulnerability information , Can assist safety engineer to conduct penetration test (penetration
testing) And intrusion detection system signature development .
Metasploit Framework The most famous subproject is open source Metasploit frame , A set of development and execution for remote host “exploit code ” Tools for
use Metasploit The basic steps of the framework include :
Select and configure an attack code (exploit, Exploit vulnerabilities to enter the code of the target system );
Check whether the target system will be affected by this code ;
Select and configure a payload (payload, Code executed on the target system after successful entry );
Select encoding method , Make intrusion prevention system , Ignore encoded payloads ;
Execute attack code .
4.Hydra
1621557142_60a6ff96c05efacb613fa.png!small?1621557141539
Hydra Is a parallel network login cracking program , Built into various operating systems .
Hydra Through the use of violent attacks , Guess the correct user name and password .
kali The following is the default installation , It supports online cracking of almost all protocols
5.Aircrack-ng
1621558601_60a705494e04e16c4a9ea.png!small?1621558601612
Aircrack-ng It's a relationship 802.11 Standard wireless network analysis related security software , The main functions are : Network detection , Packet sniffer ,WEP and WPA/WPA2-PSK Crack .
Aircrack-ng Can be used for monitoring , Collection related WiFi Information SSID( Service set identifier )IP and MAC Address and WiFi Cracked password
6.Nessus
1621559138_60a70762f130c4c142c9d.png!small?1621559139366
Nessus It is a system vulnerability scanning and analysis software . Be able to assist in detecting and repairing various operating systems , application program , And even vulnerabilities on the device , malicious software , Configuration error , And missing patches .
however , It is no longer a free tool , Free features are limited .
7.WafW00f
1621566853_60a72585ab7ca2a6138c3.png!small?1621566854391
Wafw00f -- Firewall detection tool ,
Wafw00f Use a set of HTTP Request and method query Web The server , Analyze responses from them and detect firewalls
* Burp Suite
1621526092_60a6864c6294e11a17405.png!small?1621526091423
Burp Suite Is a graphical tool for testing the security of network applications , Excellent network security analysis tools .
Introduction to main modules :
HTTP agent — As a Web Proxy server running , And located in the browser and target Web Between servers . This allows interception , Check and modify the original flow passing in both directions .
Scanner( Scanner )— One Web Application security scanner , For execution Web Automatic vulnerability scanning of applications .
Intruder( intrusion )— This tool can be used to Web Application execution automatic attack . The tool provides a configurable algorithm , Can generate malicious HTTP request .Intruder
Tools can be tested and tested SQL injection , Cross site script , Parameter tampering and vulnerability to brute force attacks .
Spider( spider )— An automatic grab Web Application tools .
Repeater( Repeater )— A simple tool that can be used to manually test applications . It can be used to modify requests to the server , Resend them and observe the results .
Decoder( decoder )— A method of converting encoded data into its canonical form , Or a tool that converts raw data into various forms of encoding and hashing . It can use heuristic technology to intelligently identify a variety of coding formats .
Comparer( compare )— Performs a comparison between any two data items ( A visual “ difference ”) Tools for .
Extender( extend )— Allow security testers to load Burp extend , Use security testers' own or third-party code extensions Burp Function of
Sequencer( conversation )— A tool for analyzing the randomness of data item samples . It can be used to test the application's session token or other important data items , Such as reverse CSRF token , Password reset token, etc .
9.Maltego
1621568089_60a72a59da57f1f4697a9.png!small?1621568090170
Maltego– Is an open source intelligence (OSINT) Graphical link analysis tools , Used to collect and link information for survey tasks .
Maltego With simplicity , intelligence , Powerful and loved by security personnel .
10.W3AF
1621570653_60a7345de36022a563727.png!small?1621570654103
W3AF Is an open source Web Application security scanner . The project is Web The application provides a vulnerability scanner and vulnerability exploitation tool . It provides information about security vulnerabilities , For use in penetration testing projects
W3AF Can use Web Application attack and audit framework Arconym, To find defects in the website
11.Wpscan
1621571845_60a7390565d22fd5ad546.png!small?1621571846484
Wpscan yes Kali Linux A built-in vulnerability scanning tool , It adopts Ruby to write , Can scan WordPress
Multiple security vulnerabilities in websites , It can be for all Web Developer scan WordPress Vulnerabilities and find and solve problems before they are developed .
WordPress(WP,WordPress.org) Is a free open source content management system (CMS)
12.sqlmap
1621573031_60a73da7e023739dc8878.png!small?1621573033546
sqlmap Is an open source penetration testing tool , It can be used for automatic detection , It can be used automatically SQL Process of injecting vulnerabilities , Help you take over the database server
Technology
Daily Recommendation