Kayan aikin hanyar sadarwa, ko ina za a fara a matsayin pentester?

Toolkit don novice pentester: muna gabatar da gajeriyar narkar da manyan kayan aikin da zasu yi amfani yayin shigar da hanyar sadarwa ta ciki. Waɗannan kayan aikin an riga an yi amfani da su ta hanyar ƙwararrun ƙwararrun masana, don haka zai zama da amfani ga kowa da kowa ya san iyawar su kuma ya ƙware su daidai.

Abubuwan:

• Nmap
• Zmap
• Masscan
• Nusus
• Net-Credit
• cibiyar sadarwa-miner
• zanm6
• amsar
• Mugunta_Foca
• Bettercap
• gateway_finder
• mitmproxy
• BAKWAI
• yersiniya
• proxychains

Nmap

Nmap – kayan aikin buɗe tushen don bincika cibiyoyin sadarwa, yana ɗaya daga cikin shahararrun kayan aikin tsakanin ƙwararrun tsaro da masu gudanar da tsarin. Ana amfani da shi da farko don binciken tashar jiragen ruwa, amma banda wannan, yana da adadi mai yawa na ayyuka masu amfani, wanda shine ainihin abin da Nmap yake yi. super-girbi domin bincike na cibiyar sadarwa.

Baya ga duba wuraren buɗe ko rufewa, nmap na iya gano sabis ɗin sauraren tashar tashar da sigar ta, kuma wani lokacin yana taimakawa tantance OS. Nmap yana da goyan bayan rubutun rubutun (NSE - Injin Rubutun Nmap). Yin amfani da rubutun, yana yiwuwa a duba raunin ga ayyuka daban-daban (idan, ba shakka, akwai rubutun a gare su, ko koyaushe kuna iya rubuta naku) ko dawo da kalmomin shiga don ayyuka daban-daban.

Don haka, Nmap yana ba ku damar ƙirƙirar taswirar hanyar sadarwar daki-daki, samun iyakar bayanai game da ayyuka masu gudana akan hanyar sadarwar, da kuma bincika wasu lahani. Nmap kuma yana da saitunan dubawa masu sassauƙa; zaku iya saita saurin dubawa, adadin zaren, adadin ƙungiyoyi don dubawa, da sauransu.
Dace don bincika ƙananan cibiyoyin sadarwa kuma ba makawa don bincika tabo na kowane runduna.

Sakamakon:

• Yana aiki da sauri tare da ƙananan runduna;
• Sassaucin saituna - za ku iya haɗa zaɓuɓɓuka ta hanyar da za ku sami mafi yawan bayanai a cikin lokacin yarda;
• Sikanin layi-layi - an raba jerin masu masaukin baki zuwa rukuni, sannan a bincika kowane rukuni bi da bi, ana amfani da sikanin layi ɗaya a cikin ƙungiyar. Haka kuma rarrabuwar kawuna zuwa rukuni kadan ne (duba ƙasa);
• Rubutun da aka riga aka ƙayyade don ayyuka daban-daban - ba dole ba ne ku ciyar da lokaci mai yawa don zaɓar takamaiman rubutun ba, amma ƙayyade ƙungiyoyin rubutun;
• Sakamakon fitarwa - 5 nau'i daban-daban, ciki har da XML, wanda za'a iya shigo da shi cikin wasu kayan aikin;

Fursunoni:

• Ana duba rukunin runduna - ba a samun bayanai game da kowane mai watsa shiri har sai an kammala binciken dukkan rukunin. Ana iya warware wannan ta hanyar saita mafi girman girman rukuni a cikin zaɓuɓɓukan da matsakaicin lokacin lokacin da za a sa ran amsa buƙatun kafin dakatar da ƙoƙari ko yin wani;
• Lokacin dubawa, Nmap yana aika fakitin SYN zuwa tashar jiragen ruwa da ake niyya kuma yana jira kowane fakitin amsa ko ƙarewar lokaci idan babu amsa. Wannan mummunan yana rinjayar aikin na'urar daukar hotan takardu gaba daya, idan aka kwatanta da na'urar daukar hotan takardu asynchronous (misali, zmap ko masscan);
• Lokacin duba manyan cibiyoyin sadarwa, yin amfani da tutoci don hanzarta dubawa (-min-rate, --min-parallelism) na iya haifar da sakamako mara kyau, rasa wuraren buɗe ido akan mai watsa shiri. Har ila yau, ya kamata a yi amfani da waɗannan zaɓuɓɓuka tare da taka tsantsan, ganin cewa babban adadin fakiti na iya haifar da DoS marar niyya.

Zmap

Zmap (kada a ruɗe shi da ZenMap) - kuma buɗaɗɗen na'urar daukar hotan takardu, ƙirƙira azaman madadin sauri zuwa Nmap.

Ba kamar nmap ba, lokacin aika fakitin SYN, Zmap baya jira har sai martani ya dawo, amma yana ci gaba da dubawa, a lokaci guda yana jiran martani daga duk runduna, don haka a zahiri baya kiyaye yanayin haɗin. Lokacin da martani ga fakitin SYN ya isa, Zmap zai fahimci abin da ke cikin fakitin wacce tashar jiragen ruwa aka bude da kuma kan wace mai masaukin baki. Bugu da ƙari, Zmap yana aika fakitin SYN ɗaya kawai akan kowane tashar jiragen ruwa da ake bincika. Hakanan yana yiwuwa a yi amfani da PF_RING don bincika manyan cibiyoyin sadarwa da sauri idan kuna da ma'amala mai 10-Gigabit da katin cibiyar sadarwa mai jituwa a hannu.

Sakamakon:

• Saurin dubawa;
• Zmap yana haifar da firam ɗin Ethernet da ke kewaye da tsarin TCP/IP;
• Yiwuwar amfani da PF_RING;
• ZMap yana ba da izini ga maƙasudi don rarraba kaya daidai gwargwado a gefen da aka bincika;
• Yiwuwar haɗin kai tare da ZGrab (kayan aiki don tattara bayanai game da ayyuka a matakin aikace-aikacen L7).

Fursunoni:

• Zai iya haifar da ƙin sabis na kayan aikin cibiyar sadarwa, alal misali, lalata hanyoyin sadarwa na tsakiya, duk da nauyin da aka rarraba, tun da duk fakiti za su wuce ta hanyar mai ba da hanya tsakanin hanyoyin sadarwa.

Masscan

Masscan - Abin mamaki shi ne, shi ma na'urar daukar hotan takardu ce ta budaddiyar hanya, wacce aka kirkireta da manufa daya - don duba Intanet da sauri (a cikin kasa da mintuna 6 a saurin ~ fakiti miliyan 10). Ainihin yana aiki kusan iri ɗaya da Zmap, har ma da sauri.

Sakamakon:

• Tsarin tsarin yana kama da Nmap, kuma shirin yana goyan bayan wasu zaɓuɓɓukan da suka dace da Nmap;
• Gudun aiki - ɗaya daga cikin mafi sauri asynchronous scanners.
• Na'urar dubawa mai sassauƙa - ci gaba da binciken da aka katse, rarraba kaya a cikin na'urori da yawa (kamar a cikin Zmap).

Fursunoni:

• Kamar dai tare da Zmap, nauyin da ke kan hanyar sadarwar kanta yana da girma sosai, wanda zai iya haifar da DoS;
• Ta hanyar tsoho, babu ikon dubawa a Layer aikace-aikacen L7;

Nusus

Nusus - na'urar daukar hotan takardu don sarrafa sarrafa bayanai da gano lahanin da aka sani a cikin tsarin. Yayin rufaffiyar tushe, akwai sigar Nessus Home kyauta wanda ke ba ku damar bincika adiresoshin IP har 16 tare da gudu iri ɗaya da cikakken bincike kamar sigar da aka biya.

Mai ikon gano nau'ikan ayyuka ko sabar masu rauni, gano kurakurai a cikin tsarin tsarin, da aiwatar da ƙamus na kalmomin shiga. Ana iya amfani da shi don tantance daidaitattun saitunan sabis (wasiku, sabuntawa, da sauransu), da kuma a cikin shirye-shiryen tantancewar PCI DSS. Bugu da kari, za ka iya wuce da runduna takardun shaidarka zuwa Nessus (SSH ko wani yanki asusu a cikin Active Directory) da kuma na'urar daukar hotan takardu za su sami damar zuwa rundunar da kuma yin cak kai tsaye a kansa, wannan zabin ake kira credential scan. Dace ga kamfanonin da ke gudanar da bincike na hanyoyin sadarwar su.

Sakamakon:

• Daban-daban al'amuran ga kowane rauni, bayanan da ake sabunta su akai-akai;
• Fitar da sakamako - rubutu a sarari, XML, HTML da LaTeX;
• API Nessus - yana ba ku damar sarrafa ayyukan bincike da samun sakamako;
• Scan na Sirri, zaku iya amfani da Windows ko Linux takaddun shaida don bincika sabuntawa ko wasu lahani;
• Ikon rubuta naku ginannun tsarin tsaro na ciki - na'urar daukar hotan takardu tana da nasa yaren rubutun NASL (Nessus Attack Scripting Language);
• Kuna iya saita lokaci don dubawa akai-akai na cibiyar sadarwar gida - saboda wannan, Sabis ɗin Tsaro na Bayani zai san duk canje-canje a cikin tsarin tsaro, fitowar sabbin runduna da amfani da ƙamus ko kalmar sirri.

Fursunoni:

• Za a iya samun rashin aiki a cikin aikin tsarin da ake dubawa - kuna buƙatar yin aiki a hankali tare da zaɓin zaɓin dubawa mai aminci;
• Sigar kasuwanci ba kyauta ba ce.

Net-Credit

Net-Credit kayan aiki ne a Python don tattara kalmomin shiga da hashes, da sauran bayanai, misali, URLs da aka ziyarta, fayilolin da aka zazzage da sauran bayanai daga zirga-zirga, duka a ainihin lokacin harin MiTM, da kuma fayilolin PCAP da aka adana a baya. Ya dace da saurin bincike na sama da sama na manyan ɗimbin zirga-zirga, alal misali, yayin hare-haren MiTM na cibiyar sadarwa, lokacin da ƙayyadaddun lokaci, da bincike na hannu ta amfani da Wireshark yana buƙatar lokaci mai yawa.

Sakamakon:

• Ganewar sabis yana dogara ne akan binciken fakiti maimakon gano sabis ta lambar tashar da aka yi amfani da ita;
• Sauƙi don amfani;
• Yawancin bayanan da aka fitar - gami da shiga da kalmomin shiga don FTP, POP, IMAP, SMTP, ka'idojin NTLMv1/v2, da kuma bayanai daga buƙatun HTTP, kamar sifofin shiga da ainihin auth;

cibiyar sadarwa-miner

cibiyar sadarwa-miner - analog na Net-Creds dangane da aiki, amma yana da babban aiki, alal misali, yana yiwuwa a cire fayilolin da aka canjawa wuri ta hanyar ka'idojin SMB. Kamar Net-Creds, yana da dacewa lokacin da kuke buƙatar bincika babban adadin zirga-zirga da sauri. Har ila yau, yana da abin dubawa mai hoto mai sauƙin amfani.

Sakamakon:

• Zane-zane;
• Kallon gani da rarraba bayanai cikin ƙungiyoyi yana sauƙaƙe nazarin zirga-zirga kuma yana sa shi sauri.

Fursunoni:

• Sigar gwaji yana da iyakacin aiki.

zanm6

zanm6 - kayan aiki don kai hare-hare akan IPV6 (SLAC-attack). IPV6 shine fifiko a cikin Windows OS (gaba ɗaya magana, a cikin sauran tsarin aiki kuma), kuma a cikin saitunan tsoho an kunna ƙirar IPv6, wannan yana bawa maharin damar shigar da sabar DNS na kansa ga wanda aka azabtar ta amfani da fakitin Talla na Router, bayan haka maharin yana iya batar da DNS . Cikakke don kai harin Relay tare da kayan aikin ntlmrelayx, wanda ke ba ku damar kai hari kan cibiyoyin sadarwar Windows cikin nasara.

Sakamakon:

• Yana aiki mai girma akan cibiyoyin sadarwa da yawa daidai saboda daidaitaccen tsari na rundunan Windows da cibiyoyin sadarwa;

amsar

amsar - kayan aiki don lalata ƙa'idodin ƙudurin sunan watsa shirye-shiryen (LLMNR, NetBIOS, MDNS). Kayan aiki mai mahimmanci a cikin cibiyoyin sadarwa na Directory. Baya ga yin zuzzurfan tunani, yana iya tsangwama tantancewar NTLM; yana kuma zuwa tare da saitin kayan aikin tattara bayanai da aiwatar da hare-haren NTLM-Relay.

Sakamakon:

• Ta hanyar tsoho, yana ɗaga sabobin da yawa tare da goyan bayan amincin NTLM: SMB, MSSQL, HTTP, HTTPS, LDAP, FTP, POP3, IMAP, SMTP;
• Yana ba da damar zubar da ciki na DNS idan akwai harin MITM (ciwon ARP, da sauransu);
• Hoton yatsa na rundunonin da suka yi buƙatar watsa shirye-shiryen;
• Yanayin nazari - don saka idanu na buƙatun;
• Tsarin hashes da aka katse don tantancewar NTLM ya dace da John the Ripper da Hashcat.

Fursunoni:

• Lokacin aiki a ƙarƙashin Windows, haɗin tashar 445 (SMB) yana cike da wasu matsaloli (yana buƙatar dakatar da ayyukan da suka dace da sake kunnawa);

Mugunta_Foca

Mugun Foca - kayan aiki don bincika hare-haren cibiyar sadarwa daban-daban a cikin cibiyoyin sadarwar IPv4 da IPv6. Yana bincika cibiyar sadarwar gida, gano na'urori, hanyoyin sadarwa da hanyoyin sadarwar su, bayan haka yana yiwuwa a kai hare-hare daban-daban akan mahalarta cibiyar.

Sakamakon:

• Mai dacewa don aiwatar da hare-haren MITM (ARP spoofing, DHCP ACK injection, SLAAC harin, DHCP spoofing);
• Kuna iya aiwatar da hare-haren DoS - tare da ARP spoofing don cibiyoyin sadarwa na IPv4, tare da SLAAC DoS a cikin cibiyoyin sadarwa na IPv6;
• Yana yiwuwa a yi garkuwar DNS;
• Sauƙi don amfani, dubawar hoto mai sauƙin amfani.

Fursunoni:

• Yana aiki a ƙarƙashin Windows kawai.

Bettercap

Bettercap - wani tsari mai ƙarfi don yin nazari da kai hari kan cibiyoyin sadarwa, kuma muna magana ne game da hare-hare akan cibiyoyin sadarwar mara waya, BLE (ƙananan makamashi na bluetooth) har ma da harin MouseJack akan na'urorin HID mara waya. Bugu da kari, ya ƙunshi ayyuka don tattara bayanai daga zirga-zirga (mai kama da net-creds). Gabaɗaya, wuka na Swiss (duk a ɗaya). Kwanan nan har yanzu yana da zane-zane na tushen yanar gizo.

Sakamakon:

• Ƙimar maƙarƙashiya - za ku iya kama URLs da aka ziyarta da rundunonin HTTPS, ingantaccen HTTP, takaddun shaida na ka'idoji daban-daban;
• Yawancin hare-haren MITM da aka gina a ciki;
• Madaidaicin HTTP(S) wakili na gaskiya - zaku iya sarrafa zirga-zirga dangane da bukatun ku;
• Ginin uwar garken HTTP;
• Taimako ga caplets - fayilolin da ke ba da damar hadaddun hare-hare na atomatik da za a siffanta su cikin yaren rubutun rubutu.

Fursunoni:

• Wasu kayayyaki - alal misali, ble.enum - ba su da goyan bayan macOS da Windows, wasu an tsara su kawai don Linux - packet.proxy.

gateway_finder

mai neman gateway - rubutun Python wanda ke taimakawa tantance yiwuwar ƙofofin kan hanyar sadarwa. Yana da amfani don gwada ɓangarori ko nemo runduna waɗanda za su iya kan hanyar zuwa gidan yanar gizon da ake so ko Intanet. Ya dace da pentests na ciki lokacin da kuke buƙatar bincika da sauri don hanyoyin da ba su da izini ko hanyoyin zuwa wasu cibiyoyin sadarwar gida na ciki.

Sakamakon:

• Sauƙi don amfani da keɓancewa.

mitmproxy

mitmproxy - kayan aiki mai buɗewa don nazarin kariyar zirga-zirga ta amfani da SSL/TLS. mitmproxy ya dace don shiga tsakani da gyara zirga-zirgar ababen hawa, ba shakka, tare da wasu fa'idodi; Kayan aikin baya aiwatar da harin lalatawar SSL/TLS. Ana amfani da shi lokacin da kuke buƙatar shiga tsakani da yin rikodin canje-canje a cikin zirga-zirgar da SSL/TLS ke kariya. Ya ƙunshi Mitmproxy - don ƙaddamar da zirga-zirga, mitmdump - kama da tcpdump, amma don zirga-zirgar HTTP(S), da mitmweb - haɗin yanar gizon Mitmproxy.

Sakamakon:

• Yana aiki tare da ƙa'idodi daban-daban, kuma yana goyan bayan gyare-gyaren nau'ikan tsari daban-daban, daga HTML zuwa Protobuf;
• API don Python - yana ba ku damar rubuta rubutun don ayyukan da ba daidai ba;
• Zai iya aiki a cikin yanayin wakilci na gaskiya tare da tsangwama.

Fursunoni:

• Tsarin juji bai dace da komai ba - yana da wahala a yi amfani da grep, dole ne ku rubuta rubutun;

BAKWAI

BAKWAI - kayan aiki don yin amfani da damar Cisco Smart Install Protocol. Yana yiwuwa a samu da gyaggyara saitin, da kuma kwace ikon na'urar Cisco. Idan kuna iya samun tsarin na'urar Cisco, zaku iya duba ta ta amfani da CCAT, wannan kayan aiki yana da amfani don nazarin tsarin tsaro na na'urorin Cisco.

Sakamakon:

Yin amfani da ka'idar shigarwa ta Cisco Smart yana ba ku damar:

• Canja adireshin uwar garken tftp akan na'urar abokin ciniki ta hanyar aika fakitin TCP mara kyau guda ɗaya;
• Kwafi fayil ɗin daidaitawar na'urar;
• Canja tsarin na'urar, misali, ta ƙara sabon mai amfani;
• Sabunta hoton iOS akan na'urar;
• Yi tsarin bazuwar umarni akan na'urar. Wannan sabon fasalin ne wanda kawai ke aiki a cikin nau'ikan iOS 3.6.0E da 15.2 (2) E;

Fursunoni:

• Yana aiki tare da ƙayyadaddun saitin na'urorin Cisco; kuna buƙatar "farar" IP don karɓar amsa daga na'urar, ko kuma dole ne ku kasance a kan hanyar sadarwa ɗaya da na'urar;

yersiniya

yersiniya tsarin harin L2 ne da aka ƙera don yin amfani da kurakuran tsaro a cikin ka'idojin cibiyar sadarwa na L2 daban-daban.

Sakamakon:

• Yana ba ku damar kai hare-hare akan STP, CDP, DTP, DHCP, HSRP, VTP da sauransu.

Fursunoni:

• Ba mafi kyawun haɗin gwiwar mai amfani ba.

proxychains

proxychains - kayan aiki wanda ke ba ku damar tura zirga-zirgar aikace-aikacen ta hanyar takamaiman SOCKS wakili.

Sakamakon:

• Yana taimakawa karkatar da zirga-zirga daga wasu aikace-aikacen da ta tsohuwa ba za su iya aiki tare da wakilai ba;

A cikin wannan labarin, mun ɗan duba fa'idodi da rashin amfanin manyan kayan aikin don shigar da hanyar sadarwa ta ciki. Kasance tare, muna shirin buga irin waɗannan tarin a nan gaba: Yanar Gizo, bayanan bayanai, aikace-aikacen wayar hannu - tabbas za mu rubuta game da wannan ma.

Raba abubuwan amfani da kuka fi so a cikin sharhi!

source: www.habr.com