kali Linux Tools to help you evaluate Web Server security , And help you perform hacker penetration tests .

be careful : Not all the tools mentioned here are open source .

* Nmap

Nmap( Network mapper ) Is a network security tool for network discovery and security audit .

Core functions : Host discovery , Port scan , version detection , Operating system detection , firewall /IDS Evasion and deception

Nmap Basic grammar

nmap [ < Scan type > …] [ < option > ] { < Scan target description > }
Full offensive scan ( Including various host discovery , Port scan , Version scan ,OS Scanning and default script scanning ):

nmap -A -v target_ip

ping scanning : nmap -sn -v target_ip

Fast port scan :nmap -F -v target_ip

Version scan : nmap -sV -v target_ip

Operating system scan :nmap -O -v target_ip

* Wireshark

Wireshark Is a free and open source packet analyzer , yes Kali Linux The most popular network analyzer on .

Wireshark use WinPCAP As interface , Exchange data message directly with network card .

* Metasploit Framework

Metasploit Framework Is a computer security project designed to provide security vulnerability information , Can assist safety engineer to conduct penetration test (penetration
testing) And intrusion detection system signature development .

Metasploit Framework The most famous subproject is open source Metasploit frame , A set of development and execution for remote host “exploit code ” Tools for

use Metasploit The basic steps of the framework include :

Select and configure an attack code (exploit, Exploit vulnerabilities to enter the code of the target system );

Check whether the target system will be affected by this code ;

Select and configure a payload (payload, Code executed on the target system after successful entry );

Select encoding method , Make intrusion prevention system , Ignore encoded payloads ;

Execute attack code .



Hydra Is a parallel network login cracking program , Built into various operating systems .

Hydra Through the use of violent attacks , Guess the correct user name and password .

kali The following is the default installation , It supports online cracking of almost all protocols



Aircrack-ng It's a relationship 802.11 Standard wireless network analysis related security software , The main functions are : Network detection , Packet sniffer ,WEP and WPA/WPA2-PSK Crack .

Aircrack-ng Can be used for monitoring , Collection related WiFi Information SSID( Service set identifier )IP and MAC Address and WiFi Cracked password



Nessus It is a system vulnerability scanning and analysis software . Be able to assist in detecting and repairing various operating systems , application program , And even vulnerabilities on the device , malicious software , Configuration error , And missing patches .

however , It is no longer a free tool , Free features are limited .



Wafw00f -- Firewall detection tool ,

Wafw00f Use a set of HTTP Request and method query Web The server , Analyze responses from them and detect firewalls

* Burp Suite

Burp Suite Is a graphical tool for testing the security of network applications , Excellent network security analysis tools .

Introduction to main modules :

HTTP agent — As a Web Proxy server running , And located in the browser and target Web Between servers . This allows interception , Check and modify the original flow passing in both directions .

Scanner( Scanner )— One Web Application security scanner , For execution Web Automatic vulnerability scanning of applications .

Intruder( intrusion )— This tool can be used to Web Application execution automatic attack . The tool provides a configurable algorithm , Can generate malicious HTTP request .Intruder
Tools can be tested and tested SQL injection , Cross site script , Parameter tampering and vulnerability to brute force attacks .

Spider( spider )— An automatic grab Web Application tools .

Repeater( Repeater )— A simple tool that can be used to manually test applications . It can be used to modify requests to the server , Resend them and observe the results .

Decoder( decoder )— A method of converting encoded data into its canonical form , Or a tool that converts raw data into various forms of encoding and hashing . It can use heuristic technology to intelligently identify a variety of coding formats .

Comparer( compare )— Performs a comparison between any two data items ( A visual “ difference ”) Tools for .

Extender( extend )— Allow security testers to load Burp extend , Use security testers' own or third-party code extensions Burp Function of

Sequencer( conversation )— A tool for analyzing the randomness of data item samples . It can be used to test the application's session token or other important data items , Such as reverse CSRF token , Password reset token, etc .



Maltego– Is an open source intelligence (OSINT) Graphical link analysis tools , Used to collect and link information for survey tasks .

Maltego With simplicity , intelligence , Powerful and loved by security personnel .



W3AF Is an open source Web Application security scanner . The project is Web The application provides a vulnerability scanner and vulnerability exploitation tool . It provides information about security vulnerabilities , For use in penetration testing projects

W3AF Can use Web Application attack and audit framework Arconym, To find defects in the website



Wpscan yes Kali Linux A built-in vulnerability scanning tool , It adopts Ruby to write , Can scan WordPress
Multiple security vulnerabilities in websites , It can be for all Web Developer scan WordPress Vulnerabilities and find and solve problems before they are developed .

WordPress(WP,WordPress.org) Is a free open source content management system (CMS)



sqlmap Is an open source penetration testing tool , It can be used for automatic detection , It can be used automatically SQL Process of injecting vulnerabilities , Help you take over the database server

©2019-2020 Toolsou All rights reserved,
C++ of string of compare usage Python Study notes ( one )evo Tool usage problems ——Degenerate covariance rank, Umeyama alignment is not possibleRISC-V_GD32VF103-TIMER0 timer interrupt java Array subscript variable _Java Basic grammar : array be based on stm32 Control four-wheel trolley motor drive ( one ) be based on redis Design of liking function Software engineering career planning mysql Query random data by conditions _MySQL Random query of several qualified records centos7 install RabbitMq