Qee lub sij hawm dhau los kuv tau sau txog , tab sis me ntsis meager thiab chaotic. Tom qab ntawd, kuv txiav txim siab nthuav cov npe ntawm cov cuab yeej hauv kev tshuaj xyuas, ntxiv cov qauv rau hauv kab lus, thiab coj kev thuam rau hauv tus account (ua tsaug ntau rau cov lus qhia) thiab xa mus rau kev sib tw ntawm SecLab (thiab luam tawm , tab sis rau tag nrho cov laj thawj pom tseeb tsis muaj leej twg pom nws). Kev sib tw dhau lawm, cov txiaj ntsig tau tshaj tawm thiab nrog lub siab ntshiab kuv tuaj yeem tshaj tawm nws (kab lus) ntawm Habré.
Dawb Web Application Pentester Cov cuab yeej
Hauv tsab xov xwm no kuv yuav tham txog cov cuab yeej nrov tshaj plaws rau pentesting (kev xeem nkag) ntawm lub vev xaib siv lub tswv yim "black box".
Txhawm rau ua qhov no, peb yuav saib cov khoom siv hluav taws xob uas yuav pab nrog hom kev sim no. Xav txog cov khoom lag luam hauv qab no:
- Network scanners
- Web script breach scanners
- Kev tsim txom
- Automation ntawm kev txhaj tshuaj
- Debuggers (sniffers, local proxies, thiab lwm yam)
Qee cov khoom lag luam muaj "tus cwj pwm", yog li kuv yuav faib lawv hauv qeb uas lawv muajоtau zoo dua (kev xav tswv yim).
Network scanners.
Lub luag haujlwm tseem ceeb yog nrhiav cov kev pabcuam hauv network, nruab lawv cov qauv, txiav txim siab OS, thiab lwm yam.
Nmap
yog qhov pub dawb thiab qhib qhov chaw siv hluav taws xob rau kev txheeb xyuas network thiab kev soj ntsuam kev ruaj ntseg. Cov neeg sib tw ua phem ntawm lub console tuaj yeem siv Zenmap, uas yog GUI rau Nmap.
Qhov no tsis yog "ntse" scanner xwb, nws yog ib qho cuab yeej txuas ntxiv loj (ib qho ntawm "cov yam ntxwv tsis zoo" yog qhov muaj cov ntawv sau rau kev tshuaj xyuas lub pob rau qhov muaj kab mob ""(hais txog ). Hom kev siv piv txwv:
nmap -A -T4 localhost
-A rau OS version nrhiav kom tau, sau ntawv scanning thiab tracing
-T4 lub sijhawm tswj kev teeb tsa (ntau dua, ntawm 0 txog 5)
localhost - lub hom phiaj host
Ib yam nyuaj dua?
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all localhost
Qhov no yog ib txheej ntawm cov kev xaiv los ntawm "slow comprehensive scan" profile hauv Zenmap. Nws yuav siv sij hawm ntev heev los ua kom tiav, tab sis thaum kawg muab cov ncauj lus kom ntxaws ntxiv uas tuaj yeem nrhiav pom ntawm lub hom phiaj. , yog tias koj txiav txim siab mus tob, kuv kuj xav kom txhais cov lus .
Nmap tau txais "Security Product of the Year" xwm txheej los ntawm cov ntawv xov xwm thiab cov zej zog xws li Linux Journal, Info World, LinuxQuestions.Org thiab Codetalker Digest.
Ib qho kev nthuav qhia, Nmap tuaj yeem pom hauv cov yeeb yaj kiab "The Matrix Reloaded", "Tuag Hard 4", "The Bourne Ultimatum", "Hottabych" thiab .
IP-cov cuab yeej
- ib hom kev sib txawv ntawm cov khoom siv sib txawv, los nrog GUI, "mob siab" rau cov neeg siv Windows.
Chaw nres nkoj scanner, sib koom cov peev txheej (sib koom tshuab luam ntawv / folders), WhoIs / Finger / Lookup, telnet tus neeg siv khoom thiab ntau ntxiv. Tsuas yog ib qho yooj yim, nrawm, ua haujlwm zoo.
Tsis muaj qhov tshwj xeeb hauv kev xav txog lwm yam khoom, vim tias muaj ntau yam khoom siv hauv cheeb tsam no thiab lawv txhua tus muaj cov qauv kev ua haujlwm zoo sib xws thiab kev ua haujlwm. Tseem, nmap tseem siv ntau tshaj plaws.
Web script breach scanners
Sim nrhiav cov vulnerabilities nrov (SQL inj, XSS, LFI / RFI, thiab lwm yam) lossis yuam kev (tsis raug tshem tawm cov ntaub ntawv ib ntus, phau ntawv teev npe, thiab lwm yam)
Acunetix Web Vulnerability Scanner
- los ntawm qhov txuas koj tuaj yeem pom tias qhov no yog xss scanner, tab sis qhov no tsis muaj tseeb. Cov dawb version, muaj nyob ntawm no, muab kev ua haujlwm ntau heev. Feem ntau, ib tus neeg uas khiav lub tshuab luam ntawv no thawj zaug thiab tau txais ib daim ntawv qhia txog lawv cov peev txheej thawj zaug ntsib kev poob siab me ntsis, thiab koj yuav nkag siab tias vim li cas thaum koj ua qhov no. Qhov no yog ib qho khoom muaj zog heev rau kev tshuaj xyuas txhua yam ntawm qhov tsis zoo ntawm lub vev xaib thiab ua haujlwm tsis yog nrog cov vev xaib PHP ib txwm muaj, tab sis kuj yog lwm hom lus (txawm hais tias qhov sib txawv ntawm hom lus tsis yog qhov taw qhia). Tsis muaj lub ntsiab lus tshwj xeeb hauv kev piav qhia cov lus qhia, txij li lub scanner tsuas yog "tshem" tus neeg siv cov kev ua. Ib yam dab tsi zoo li "tom ntej, tom ntej, tom ntej, npaj txhij" hauv kev teeb tsa software raug.
Nikto
Nov yog Open Source (GPL) web crawler. Tshem tawm kev ua haujlwm ntawm tes. Tshawb nrhiav lub hom phiaj ntawm cov ntawv sau tsis raug (qee qhov test.php, index_.php, thiab lwm yam), cov cuab yeej tswj hwm database (/phpmyadmin/, / pma thiab lwm yam), uas yog, tshawb xyuas cov peev txheej rau qhov yuam kev feem ntau. feem ntau tshwm sim los ntawm tib neeg yam.
Ntxiv rau, yog tias nws pom qee cov ntawv nrov, nws tshawb xyuas nws rau kev tawm dag zog (uas yog nyob rau hauv database).
Cov ntawv ceeb toom muaj "tsis xav tau" txoj hauv kev xws li PUT thiab TRACE
Thiab li ntawd. Nws yog qhov yooj yim heev yog tias koj ua haujlwm ua tus kws tshuaj xyuas thiab txheeb xyuas cov vev xaib txhua hnub.
Ntawm cov minuses, kuv xav kom nco ntsoov qhov feem pua ntawm cov txiaj ntsig tsis tseeb. Piv txwv li, yog tias koj lub xaib ib txwm muab qhov yuam kev tseem ceeb es tsis yog 404 yuam kev (thaum nws yuav tsum tshwm sim), ces tus scanner yuav hais tias koj lub xaib muaj tag nrho cov ntawv sau thiab tag nrho cov kev tsis zoo los ntawm nws cov ntaub ntawv. Hauv kev xyaum, qhov no tsis tshwm sim ntau zaus, tab sis raws li qhov tseeb, ntau nyob ntawm tus qauv ntawm koj qhov chaw.
Classic siv:
./nikto.pl -host localhost
Yog tias koj xav tau kev tso cai rau ntawm qhov chaw, koj tuaj yeem teeb lub ncuav qab zib hauv nikto.conf cov ntaub ntawv, qhov sib txawv ntawm STATIC-COOKIE.
Wikto
- Nikto rau Windows, tab sis nrog qee qhov ntxiv, xws li "fuzzy" logic thaum tshawb xyuas cov cai rau qhov tsis raug, siv GHDB, tau txais cov ntawv txuas thiab cov ntaub ntawv khaws cia, saib xyuas lub sijhawm ntawm HTTP thov / teb. Wikto sau rau hauv C# thiab xav tau .NET moj khaum.
hla ntses
- web vulnerability scanner los ntawm (lub npe hu ua lcamtuf). Sau hauv C, hla-platform (Win xav tau Cygwin). Recursively (thiab ntev heev, txog 20 ~ 40 teev, txawm hais tias lub sijhawm kawg nws ua haujlwm rau kuv yog 96 teev) nws nkag mus rau tag nrho lub xaib thiab pom txhua yam kev ruaj ntseg qhov. Nws kuj ua rau muaj kev khiav tsheb ntau (ntau GB nkag / tawm). Tab sis txhua yam txhais tau tias yog qhov zoo, tshwj xeeb tshaj yog tias koj muaj sijhawm thiab cov peev txheej.
Kev siv yam:
./skipfish -o /home/reports www.example.com
Hauv "cov ntaub ntawv" folder yuav muaj ib daim ntawv qhia hauv html, .
wb 3af
- Web Application Attack thiab Audit Framework, qhib lub vev xaib qhov tsis zoo scanner. Nws muaj GUI, tab sis koj tuaj yeem ua haujlwm los ntawm console. Ntau precisely, nws yog lub moj khaum nrog .
Koj tuaj yeem tham txog nws qhov zoo rau lub sijhawm ntev, nws yog qhov zoo dua los sim nws :] Kev ua haujlwm zoo nrog nws los ntawm xaiv qhov profile, qhia txog lub hom phiaj thiab qhov tseeb, pib nws.
Mantra Security Framework
yog ib tug npau suav uas tuaj tseeb. Ib qho kev sau dawb thiab qhib cov ntaub ntawv kev ruaj ntseg cov cuab yeej tsim rau hauv lub web browser.
Muaj txiaj ntsig zoo thaum kuaj cov ntawv thov web ntawm txhua theem.
Kev siv boils cia rau nruab thiab tso lub browser.
Qhov tseeb, muaj ntau yam khoom siv hauv pawg no thiab nws nyuaj heev los xaiv cov npe tshwj xeeb los ntawm lawv. Feem ntau, txhua tus pentester nws tus kheej txiav txim siab cov cuab yeej uas nws xav tau.
Kev tsim txom
Rau automated thiab yooj yim dua exploitation ntawm vulnerabilities, exploits yog sau nyob rau hauv software thiab scripts, uas tsuas yog yuav tsum tau mus dhau qhov tsis nyob rau hauv thiaj li yuav siv tau qhov kev ruaj ntseg qhov. Thiab muaj cov khoom uas tshem tawm qhov yuav tsum tau manually tshawb rau exploits, thiab txawm siv lawv ya. Pawg no tam sim no yuav tham txog.
Metasploit Framework
- ib hom dab hauv peb lub lag luam. Nws muaj peev xwm ua tau ntau yam uas cov lus qhia yuav npog ob peb kab lus. Peb yuav saib tsis siv neeg exploitation (nmap + metasploit). Cov kab hauv qab no yog qhov no: Nmap yuav txheeb xyuas qhov chaw nres nkoj peb xav tau, nruab qhov kev pabcuam, thiab metasploit yuav sim siv cov khoom siv rau nws raws li cov chav pabcuam (ftp, ssh, thiab lwm yam). Es tsis txhob ntawv cov lus qhia, kuv yuav ntxig ib tug yees duab, heev nrov ntawm lub ncauj lus autopwn
Los yog peb tuaj yeem yooj yim automate lub lag luam ntawm kev siv peb xav tau. Piv txwv li:
msf > use auxiliary/admin/cisco/vpn_3000_ftp_bypass
msf auxiliary(vpn_3000_ftp_bypass) > set RHOST [TARGET IP]
msf auxiliary(vpn_3000_ftp_bypass) > run
Qhov tseeb, lub peev xwm ntawm lub moj khaum no yog qhov dav heev, yog li yog tias koj txiav txim siab mus tob, mus rau
Nkag Los
- OVA ntawm cyberpunk hom GUI rau Metasploit. Visualizes lub hom phiaj, pom zoo exploits thiab muab advanced nta ntawm lub moj khaum. Feem ntau, rau cov neeg uas nyiam txhua yam kom zoo nkauj thiab impressive.
Screencast:
Tenable Nessus®
- tuaj yeem ua tau ntau yam, tab sis ib lub peev xwm peb xav tau los ntawm nws yog txiav txim siab seb cov kev pabcuam twg muaj kev siv zog. Dawb version ntawm cov khoom "tsev nkaus xwb"
Siv:
- Downloaded (rau koj lub cev), ntsia, sau npe (tus yuam sij raug xa mus rau koj tus email).
- Pib lub server, ntxiv tus neeg siv rau Nessus Server Manager (Tswj cov neeg siv khawm)
- Peb mus rau qhov chaw nyob
https://localhost:8834/
thiab tau txais cov neeg siv flash hauv qhov browser
- Scans -> Ntxiv -> sau rau hauv daim teb (los ntawm xaiv cov scanning profile uas haum rau peb) thiab nyem Scan
Tom qab qee lub sijhawm, daim ntawv tshaj tawm scan yuav tshwm sim hauv Daim Ntawv Qhia tab
Txhawm rau txheeb xyuas qhov ua tau zoo ntawm cov kev pabcuam rau kev siv, koj tuaj yeem siv Metasploit Framework tau piav qhia saum toj no lossis sim nrhiav kev siv (piv txwv li, ntawm , , etc.) thiab siv nws manually tawm tsam nws qhov system
IMHO: loj heev. Kuv coj nws los ua ib tus thawj coj hauv qhov kev taw qhia ntawm kev lag luam software.
Automation ntawm kev txhaj tshuaj
Ntau lub web app sec scanners nrhiav kev txhaj tshuaj, tab sis lawv tseem tsuas yog cov tshuab luam ntawv dav dav xwb. Thiab muaj cov khoom siv tshwj xeeb uas cuam tshuam nrog kev tshawb nrhiav thiab siv cov tshuaj txhaj. Peb yuav tham txog lawv tam sim no.
sqlmap
- qhib qhov chaw siv hluav taws xob rau kev tshawb nrhiav thiab siv SQL txhaj tshuaj. Txhawb database servers xws li: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase, SAP MaxDB.
Kev siv ib txwm boils mus rau kab:
python sqlmap.py -u "http://example.com/index.php?action=news&id=1"
Muaj cov phau ntawv txaus, suav nrog hauv Lavxias. Lub software pab txhawb kev ua haujlwm ntawm pentester thaum ua haujlwm ntawm thaj chaw no.
Kuv mam li ntxiv ib qho kev ua yeeb yaj kiab ua qauv qhia:
bsqlbf-v2
- ib tsab ntawv perl, brute quab yuam rau "dig muag" Sql txhaj tshuaj. Nws ua haujlwm ob qho tib si nrog cov nqi sib npaug hauv url thiab nrog txoj hlua tus nqi.
Database txhawb:
- MS-SQL ua
- MySQL
- PostgreSQL
- Oracle
Piv txwv kev siv:
./bsqlbf-v2-3.pl -url www.somehost.com/blah.php?u=5 -blind u -sql "select table_name from imformation_schema.tables limit 1 offset 0" -database 1 -type 1
-url - Txuas nrog parameters
-blind ua - parameter rau txhaj tshuaj (los ntawm lub neej ntawd qhov kawg yog muab los ntawm qhov chaw nyob bar)
-sql "xaiv table_name los ntawm imformation_schema.tables txwv 1 offset 0" - peb arbitrary thov rau lub database
-database 1 - database server: MSSQL
-type 1 - hom kev tawm tsam, "dig muag" txhaj tshuaj, raws li qhov tseeb thiab yuam kev (piv txwv li, syntax yuam kev) cov lus teb
Debuggers
Cov cuab yeej no tsuas yog siv los ntawm cov neeg tsim khoom thaum lawv muaj teeb meem nrog cov txiaj ntsig ntawm kev ua tiav lawv cov cai. Tab sis qhov kev taw qhia no tseem muaj txiaj ntsig zoo rau pentesting, thaum peb tuaj yeem hloov cov ntaub ntawv peb xav tau ntawm ya, txheeb xyuas qhov twg los ntawm cov lus teb rau peb cov kev nkag siab (piv txwv li, thaum fuzzing), thiab lwm yam.
Chav Suite
- ib txheej ntawm kev siv hluav taws xob uas pab nrog kev ntsuas nkag. Nws nyob hauv Internet nyob rau hauv Lavxias teb sab los ntawm Raz0r (tab sis rau 2008).
Cov dawb version muaj xws li:
- Burp Proxy yog ib lub npe hauv zos uas tso cai rau koj los hloov cov kev thov uas twb tau tsim los ntawm qhov browser
- Burp Kab laug sab - kab laug sab, tshawb nrhiav cov ntaub ntawv thiab cov npe uas twb muaj lawm
- Burp Repeater - manually xa HTTP thov
- Burp Sequencer - txheeb xyuas qhov tseem ceeb hauv cov ntawv
- Burp Decoder yog tus qauv encoder-decoder (html, base64, hex, thiab lwm yam), uas muaj ntau txhiab tus, uas tuaj yeem sau tau sai hauv txhua hom lus.
- Burp Comparer - Txoj hlua sib piv cov khoom
Raws li txoj cai, lub pob no daws yuav luag txhua yam teeb meem ntsig txog thaj chaw no.
Tus neeg ntxeev siab
- Fiddler yog lub npe debugging uas teev tag nrho HTTP(S) tsheb. Tso cai rau koj los tshuaj xyuas qhov kev khiav tsheb no, teem caij so thiab "ua si" nrog cov ntaub ntawv nkag lossis tawm.
Kuj muaj , dab thiab lwm yam, kev xaiv yog nyob ntawm tus neeg siv.
xaus
Lawm, txhua tus pentester muaj nws tus kheej arsenal thiab nws tus kheej cov khoom siv, vim tias tsuas muaj ntau ntawm lawv. Kuv sim sau qee qhov yooj yim thiab nrov tshaj plaws. Tab sis kom leej twg tuaj yeem paub lawv tus kheej nrog lwm cov khoom siv hauv cov lus qhia no, kuv yuav muab cov ntawv txuas hauv qab no.
Ntau qhov saum toj kawg nkaus / cov npe ntawm cov tshuab luam ntawv thiab cov khoom siv hluav taws xob
- .
Linux faib uas twb muaj xws li ib pawg ntawm cov khoom siv sib txawv pentesting
hloov tshiab: hauv Lavxias los ntawm pab pawg "Hack4Sec" (ntxiv )
PS Peb tsis tuaj yeem nyob ntsiag to txog XSpider. Tsis koom nrog hauv kev tshuaj xyuas, txawm hais tias nws yog shareware (Kuv pom thaum kuv xa tsab xov xwm mus rau SecLab, tiag tiag vim qhov no (tsis paub, thiab tsis muaj qhov tseeb version 7.8) thiab tsis suav nrog hauv tsab xov xwm). Thiab hauv txoj kev xav, kev tshuaj xyuas ntawm nws tau npaj (Kuv muaj cov kev sim nyuaj npaj rau nws), tab sis kuv tsis paub tias lub ntiaj teb yuav pom nws.
PPS Qee cov ntaub ntawv los ntawm tsab xov xwm yuav raug siv rau nws lub hom phiaj hauv tsab ntawv ceeb toom tom ntej ntawm 2012 nyob rau hauv QA seem, uas yuav muaj cov cuab yeej tsis tau hais ntawm no (dawb, tau kawg), nrog rau cov algorithm, nyob rau hauv thiaj li yuav siv dab tsi, dab tsi tshwm sim, yuav ua li cas configurations siv thiab txhua hom lus qhia thiab tricks thaum ua haujlwm (Kuv xav txog daim ntawv tshaj tawm yuav luag txhua hnub, kuv yuav sim qhia koj txhua qhov zoo tshaj plaws txog lub ntsiab lus)
Los ntawm txoj kev, muaj ib zaj lus qhia ntawm kab lus no ntawm Qhib InfoSec Hnub (, ), tau nyiag cov Korovans saib .
Tau qhov twg los: www.hab.com