-A rau OS version nrhiav kom tau, sau ntawv scanning thiab tracing
-T4 lub sijhawm tswj kev teeb tsa (ntau dua, ntawm 0 txog 5)
localhost - lub hom phiaj host
Ib yam nyuaj dua?
nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all localhost
Qhov no yog ib txheej ntawm cov kev xaiv los ntawm "slow comprehensive scan" profile hauv Zenmap. Nws yuav siv sij hawm ntev heev los ua kom tiav, tab sis thaum kawg muab cov ncauj lus kom ntxaws ntxiv uas tuaj yeem nrhiav pom ntawm lub hom phiaj. Pab Qhia hauv Lavxias, yog tias koj txiav txim siab mus tob, kuv kuj xav kom txhais cov lus Beginner's Guide to Nmap.
Nmap tau txais "Security Product of the Year" xwm txheej los ntawm cov ntawv xov xwm thiab cov zej zog xws li Linux Journal, Info World, LinuxQuestions.Org thiab Codetalker Digest. Ib qho kev nthuav qhia, Nmap tuaj yeem pom hauv cov yeeb yaj kiab "The Matrix Reloaded", "Tuag Hard 4", "The Bourne Ultimatum", "Hottabych" thiab lwm yam.
wb 3af wb 3af - Web Application Attack thiab Audit Framework, qhib lub vev xaib qhov tsis zoo scanner. Nws muaj GUI, tab sis koj tuaj yeem ua haujlwm los ntawm console. Ntau precisely, nws yog lub moj khaum nrog ib pawg ntawm plugins.
Koj tuaj yeem tham txog nws qhov zoo rau lub sijhawm ntev, nws yog qhov zoo dua los sim nws :] Kev ua haujlwm zoo nrog nws los ntawm xaiv qhov profile, qhia txog lub hom phiaj thiab qhov tseeb, pib nws.
Mantra Security Framework Mantrayog ib tug npau suav uas tuaj tseeb. Ib qho kev sau dawb thiab qhib cov ntaub ntawv kev ruaj ntseg cov cuab yeej tsim rau hauv lub web browser.
Muaj txiaj ntsig zoo thaum kuaj cov ntawv thov web ntawm txhua theem.
Kev siv boils cia rau nruab thiab tso lub browser.
Qhov tseeb, muaj ntau yam khoom siv hauv pawg no thiab nws nyuaj heev los xaiv cov npe tshwj xeeb los ntawm lawv. Feem ntau, txhua tus pentester nws tus kheej txiav txim siab cov cuab yeej uas nws xav tau.
Kev tsim txom
Rau automated thiab yooj yim dua exploitation ntawm vulnerabilities, exploits yog sau nyob rau hauv software thiab scripts, uas tsuas yog yuav tsum tau mus dhau qhov tsis nyob rau hauv thiaj li yuav siv tau qhov kev ruaj ntseg qhov. Thiab muaj cov khoom uas tshem tawm qhov yuav tsum tau manually tshawb rau exploits, thiab txawm siv lawv ya. Pawg no tam sim no yuav tham txog.
Metasploit Framework Lub Metasploit® Framework - ib hom dab hauv peb lub lag luam. Nws muaj peev xwm ua tau ntau yam uas cov lus qhia yuav npog ob peb kab lus. Peb yuav saib tsis siv neeg exploitation (nmap + metasploit). Cov kab hauv qab no yog qhov no: Nmap yuav txheeb xyuas qhov chaw nres nkoj peb xav tau, nruab qhov kev pabcuam, thiab metasploit yuav sim siv cov khoom siv rau nws raws li cov chav pabcuam (ftp, ssh, thiab lwm yam). Es tsis txhob ntawv cov lus qhia, kuv yuav ntxig ib tug yees duab, heev nrov ntawm lub ncauj lus autopwn
Los yog peb tuaj yeem yooj yim automate lub lag luam ntawm kev siv peb xav tau. Piv txwv li:
msf > use auxiliary/admin/cisco/vpn_3000_ftp_bypass
msf auxiliary(vpn_3000_ftp_bypass) > set RHOST [TARGET IP]
msf auxiliary(vpn_3000_ftp_bypass) > run
Qhov tseeb, lub peev xwm ntawm lub moj khaum no yog qhov dav heev, yog li yog tias koj txiav txim siab mus tob, mus rau txuas
Nkag Los Nkag Los - OVA ntawm cyberpunk hom GUI rau Metasploit. Visualizes lub hom phiaj, pom zoo exploits thiab muab advanced nta ntawm lub moj khaum. Feem ntau, rau cov neeg uas nyiam txhua yam kom zoo nkauj thiab impressive.
Screencast:
Tenable Nessus® Tenable Nessus® vulnerability scanner - tuaj yeem ua tau ntau yam, tab sis ib lub peev xwm peb xav tau los ntawm nws yog txiav txim siab seb cov kev pabcuam twg muaj kev siv zog. Dawb version ntawm cov khoom "tsev nkaus xwb"
Siv:
Downloaded (rau koj lub cev), ntsia, sau npe (tus yuam sij raug xa mus rau koj tus email).
Pib lub server, ntxiv tus neeg siv rau Nessus Server Manager (Tswj cov neeg siv khawm)
Peb mus rau qhov chaw nyob
https://localhost:8834/
thiab tau txais cov neeg siv flash hauv qhov browser
Burp Decoder yog tus qauv encoder-decoder (html, base64, hex, thiab lwm yam), uas muaj ntau txhiab tus, uas tuaj yeem sau tau sai hauv txhua hom lus.
Burp Comparer - Txoj hlua sib piv cov khoom
Raws li txoj cai, lub pob no daws yuav luag txhua yam teeb meem ntsig txog thaj chaw no.
Tus neeg ntxeev siab Tus neeg ntxeev siab - Fiddler yog lub npe debugging uas teev tag nrho HTTP(S) tsheb. Tso cai rau koj los tshuaj xyuas qhov kev khiav tsheb no, teem caij so thiab "ua si" nrog cov ntaub ntawv nkag lossis tawm.
Kuj muaj Hluav taws, dab Wireshark thiab lwm yam, kev xaiv yog nyob ntawm tus neeg siv.
xaus
Lawm, txhua tus pentester muaj nws tus kheej arsenal thiab nws tus kheej cov khoom siv, vim tias tsuas muaj ntau ntawm lawv. Kuv sim sau qee qhov yooj yim thiab nrov tshaj plaws. Tab sis kom leej twg tuaj yeem paub lawv tus kheej nrog lwm cov khoom siv hauv cov lus qhia no, kuv yuav muab cov ntawv txuas hauv qab no.