I-Toolkit ye-novice pentester: sinikezela ukugaya okufutshane kwezixhobo eziphambili eziya kuba luncedo xa ufaka inethiwekhi yangaphakathi. Ezi zixhobo sele zisetyenziswe ngokusebenzayo luluhlu olubanzi lweengcali, ngoko kuya kuba luncedo ukuba wonke umntu azi malunga nobuchule babo kwaye awazi kakuhle ngokugqibeleleyo.
Iziqulatho:
-
Nmap -
Zmap -
UMascan -
Nessus -
Net-Credits -
inethiwekhi-mgodini -
mtm6 -
impendulo -
Evil_Foca -
Bettercap -
isango_umfumani -
i-mitmproxy -
SIXHENGXE -
yersinia -
iiproxychains
Nmap
Ukongeza ekujongeni amazibuko avulekileyo / avaliweyo, i-nmap inokuchonga inkonzo yokuphulaphula kwizibuko elivulekileyo kunye noguqulelo lwayo, kwaye ngamanye amaxesha inceda ukumisela i-OS. I-Nmap inenkxaso yokuskena izikripthi (NSE-Nmap Scripting Engine). Ukusebenzisa izikripthi, kuyenzeka ukuba ukhangele ubuthathaka kwiinkonzo ezahlukeneyo (ukuba, kunjalo, kukho iscript kuzo, okanye ungasoloko ubhala eyakho) okanye ukubuyisela amagama agqithisiweyo kwiinkonzo ezahlukeneyo.
Ke, i-Nmap ikuvumela ukuba wenze imephu eneenkcukacha zothungelwano, ufumane ulwazi oluninzi malunga nokuqhuba iinkonzo kwiinginginya kwinethiwekhi, kwaye ujonge ubuthathaka obuthile. I-Nmap inesetingi zokuskena eziguquguqukayo; ungaqwalasela isantya sokuskena, inani lemisonto, inani lamaqela ukuskena, njl.
Ilungele ukuskena uthungelwano oluncinci kwaye iyimfuneko ekuhlolweni kweendawo zomkhosi ngamnye.
Iinkonzo:
- Isebenza ngokukhawuleza kunye noluhlu oluncinci lwemikhosi;
- Ukuguquguquka kwezicwangciso - unokudibanisa iinketho ngendlela yokufumana idatha enolwazi kakhulu ngexesha elamkelekileyo;
- Ukuskena okunxuseneyo - uluhlu lweenginginya ekujoliswe kuzo lwahlulwe ngokwamaqela, kwaye ke iqela ngalinye liskenwa ngokulandelelana, ukuskena okuhambelanayo kusetyenziswa ngaphakathi kweqela. Kwakhona ulwahlulo ngokwamaqela luyinto encinci (jonga ngezantsi);
- Iiseti ezichazwe kwangaphambili zezikripthi zemisebenzi eyahlukeneyo - akufuneki uchithe ixesha elininzi ukhetha izikripthi ezithile, kodwa khankanya amaqela ezikripthi;
- Iziphumo zeziphumo - iifomathi ezi-5 ezahlukeneyo, kuquka i-XML, enokuthi ingeniswe kwezinye izixhobo;
Umgcini:
- Ukuskena iqela lenginginya - ulwazi malunga nawuphi na umamkeli alufumaneki de ukuskena kweqela lonke kugqitywe. Oku kunokusonjululwa ngokuseta kwiinketho ubungakanani beqela elikhulu kunye nesithuba esiphezulu sexesha apho impendulo yesicelo iya kulindeleka phambi kokuyeka iinzame okanye ukwenza enye;
- Xa uskena, iNmap ithumela iipakethi zeSYN kwizibuko ekujoliswe kulo kwaye ilinde nayiphi na impendulo ipakethi okanye ixesha lokuvala ukuba akukho mpendulo. Oku kuchaphazela kakubi ukusebenza kweskena ngokubanzi, xa kuthelekiswa nezikena ezi-asynchronous (umzekelo, i-zmap okanye i-mascan);
- Xa uskena uthungelwano olukhulu, usebenzisa iiflegi ukukhawulezisa ukuskena (-min-rate, --min-parallelism) inokuvelisa iziphumo ezingezizo ezingalunganga, ezilahlekileyo izibuko ezivulekileyo kumamkeli. Kwakhona, olu khetho kufuneka lusetyenziswe ngononophelo, lunikezwe ukuba i-packet-rate enkulu inokukhokelela kwi-DoS engenziwanga ngabom.
Zmap
Ngokungafaniyo ne-nmap, xa uthumela iipakethi ze-SYN, i-Zmap ayilindi de impendulo ibuye, kodwa iyaqhubeka nokuskena, ngaxeshanye ilinde iimpendulo ezivela kuzo zonke iinginginya, ngoko ayigcini imeko yoqhagamshelwano. Xa impendulo kwipakethi ye-SYN ifika, i-Zmap iya kuqonda kwimixholo yepakethi yeyiphi i-port evuliwe kwaye yeyiphi i-host. Ukongeza, i-Zmap ithumela kuphela ipakethi enye ye-SYN kwizibuko ngalinye eliskenwayo. Kuyenzeka ukuba usebenzise PF_RING ukuskena ngokukhawuleza uthungelwano olukhulu ukuba kunokwenzeka ukuba ube nojongano lwe-10-Gigabit kunye nekhadi lomnatha elihambelanayo elisesandleni.
Iinkonzo:
- Isantya sokuskena;
- I-Zmap yenza izakhelo ze-Ethernet zigqitha inkqubo ye-TCP/IP isitaki;
- Ukubanakho ukusebenzisa PF_RING;
- I-ZMap yenza iithagethi ngokungakhethiyo ukuze zisasaze ngokulinganayo umthwalo kwicala eliskeniweyo;
- Inokwenzeka yokudibanisa ne-ZGrab (isixhobo sokuqokelela ulwazi malunga neenkonzo kwinqanaba lesicelo se-L7).
Umgcini:
- Inokubangela ukukhanyela kwenkonzo yezixhobo zenethiwekhi, umzekelo, ukutshabalalisa ii-routers eziphakathi, nangona umthwalo osasazwayo, ekubeni zonke iipakethi ziya kudlula kwi-router enye.
UMascan
Iinkonzo:
- Isivakalisi siyafana neNmap, kwaye inkqubo ikwaxhasa ezinye iinketho ezihambelana neNmap;
- Isantya sokusebenza-enye yezona skena zikhawulezayo ze-asynchronous.
- Indlela yokuskena eguquguqukayo-ukuqalisa kwakhona ukuskena okuphazamisekileyo, ukuhambisa umthwalo kwizixhobo ezininzi (njengakwiZmap).
Umgcini:
- Kanye njengeZmap, umthwalo kuthungelwano ngokwawo uphezulu kakhulu, nto leyo enokukhokelela kwi-DoS;
- Ngokungagqibekanga, akukho ukukwazi ukuskena kuluhlu lwesicelo se-L7;
Nessus
Iyakwazi ukuchonga uguqulelo olusesichengeni lweenkonzo okanye iiseva, ukubona iimpazamo kubumbeko lwenkqubo, kwaye yenze i-bruteforce yamagama ayimfihlo wesichazi-magama. Ingasetyenziselwa ukumisela ukuchaneka kwesethingi yenkonzo (i-imeyile, uhlaziyo, njl.), kunye nokulungiselela uphicotho lwe-PCI DSS. Ukongeza, ungadlula iziqinisekiso zomamkeli ku-Nessus (SSH okanye i-akhawunti yesizinda kwi-Active Directory) kwaye iskena siya kuba nofikelelo kumamkeli kwaye senze iitshekhi ngqo kuyo, olu khetho lubizwa ngokuba yi-credential scan. Ilungele iinkampani eziqhuba uphicotho lothungelwano lwazo.
Iinkonzo:
- Iziganeko ezahlukeneyo zobuthathaka ngamnye, i-database ehlala ihlaziywa rhoqo;
- Isiphumo seziphumo - umbhalo ocacileyo, i-XML, i-HTML kunye neLaTeX;
- I-API Nessus - ikuvumela ukuba wenze ngokuzenzekelayo iinkqubo zokuskena kunye nokufumana iziphumo;
- Ukuskena okuCredential, ungasebenzisa iinkcazi zeWindows okanye zeLinux ukujonga uhlaziyo okanye obunye ubuthathaka;
- Ukukwazi ukubhala iimodyuli zakho zokhuseleko ezakhelwe ngaphakathi - iskena sinolwimi lwaso lokubhala NASL (Nessus Attack Scripting Language);
- Unokubeka ixesha lokuskena rhoqo kwinethiwekhi yendawo - ngenxa yale nto, iNkonzo yoKhuseleko lweNgcaciso iya kuqaphela zonke iinguqu kwi-configuration yokhuseleko, ukuvela kwemikhosi emitsha kunye nokusetyenziswa kwesichazi-magama okanye amagama ayimfihlo.
Umgcini:
- Kusenokubakho ukungasebenzi kakuhle kweenkqubo zokuskenwa - kufuneka usebenze ngononophelo kunye nokhetho lokukhangela olukhuselekileyo luvaliwe;
- Inguqulelo yorhwebo ayisimahla.
Net-Credits
Iinkonzo:
- Ukuchongwa kwenkonzo kusekelwe kuhlalutyo lwepakethe endaweni yokuchonga inkonzo ngenombolo yezibuko esetyenzisiweyo;
- Kulula ukuyisebenzisa;
- Uluhlu olubanzi lwedatha ekhutshiweyo - kubandakanywa ukungena kunye neephasiwedi ze-FTP, i-POP, i-IMAP, i-SMTP, i-NTLMv1/v2 protocol, kunye nolwazi oluvela kwizicelo ze-HTTP, ezifana neefom zokungena kunye ne-auth eyisiseko;
inethiwekhi-mgodini
Iinkonzo:
- Ujongano lomzobo;
- Ukubona kunye nokuhlelwa kwedatha kumaqela kwenza uhlalutyo lwendlela lula kwaye luyenze ngokukhawuleza.
Umgcini:
- Inguqulelo yesilingo inokusebenza okulinganiselweyo.
mtm6
Iinkonzo:
- Isebenza kakuhle kwiinethiwekhi ezininzi ngokuchanekileyo ngenxa yoqwalaselo olusemgangathweni lweenginginya zeWindows kunye nothungelwano;
impendulo
Iinkonzo:
- Ngokungagqibekanga, iphakamisa abancedisi abaninzi ngenkxaso yoqinisekiso lweNTLM: SMB, MSSQL, HTTP, HTTPS, LDAP, FTP, POP3, IMAP, SMTP;
- Ivumela i-DNS spoofing kwimeko yokuhlaselwa kwe-MITM (i-ARP spoofing, njl.);
- Ushicilelo lweminwe lweenginginya ezenze isicelo sosasazo;
- Imowudi yokuhlalutya - yokubekwa esweni kwezicelo;
- Ifomati ye-hashes ebanjiweyo yoqinisekiso lwe-NTLM iyahambelana noJohn iRipper kunye neHashcat.
Umgcini:
- Xa usebenza phantsi kweWindows, i-port 445 (SMB) idibanisa igcwele ubunzima obuthile (ifuna ukumisa iinkonzo ezihambelanayo kunye nokuqalisa kwakhona);
Evil_Foca
Iinkonzo:
- Ekulungeleyo ukwenza ukuhlaselwa kwe-MITM (i-ARP spoofing, i-DHCP ACK injection, ukuhlaselwa kwe-SLAAC, i-DHCP spoofing);
- Unokwenza uhlaselo lwe-DoS - nge-ARP spoofing ye-IPv4 networks, kunye ne-SLAAC DoS kwiinethiwekhi ze-IPv6;
- Kuyenzeka ukwenza DNS ukuqweqwedisa;
- Kulula ukuyisebenzisa, ujongano lomzobo olusebenziseka lula.
Umgcini:
- Isebenza kuphela phantsi kweWindows.
Bettercap
Iinkonzo:
- I-Credential sniffer - ungabamba ii-URL ezityelelweyo kunye neenginginya ze-HTTPS, ukuqinisekiswa kwe-HTTP, iziqinisekiso zeeprotocol ezininzi ezahlukeneyo;
- Ininzi yokuhlaselwa kwe-MITM eyakhelweyo;
- Imodyuli ye-HTTP (S) proxy ecacileyo - ungalawula itrafikhi ngokuxhomekeke kwiimfuno zakho;
- Iseva ye-HTTP eyakhelwe-ngaphakathi;
- Inkxaso yee-caplets - iifayile ezivumela uhlaselo oluntsonkothileyo noluzenzekelayo ukuba luchazwe ngolwimi lokubhala.
Umgcini:
- Ezinye iimodyuli - umzekelo, i-ble.enum - ayixhaswanga ngokuyinxenye yi-macOS kunye neWindows, ezinye ziyilelwe kuphela i-Linux - packet.proxy.
isango_umfumani
Iinkonzo:
- Kulula ukuyisebenzisa kunye nokwenza ngokwezifiso.
i-mitmproxy
Iinkonzo:
- Isebenza ngeeprothokholi ezahlukeneyo, kwaye ikwaxhasa ukuguqulwa kweefomathi ezahlukeneyo, ukusuka kwi-HTML ukuya kwiProtobuf;
- I-API yePython - ikuvumela ukuba ubhale izikripthi zemisebenzi engekho-standard;
- Ingasebenza kwimowudi ye-proxy ecacileyo kunye nothintelo lwendlela.
Umgcini:
- Ifomati yokulahla ayihambelani nantoni na - kunzima ukusebenzisa i-grep, kufuneka ubhale izikripthi;
SIXHENGXE
Iinkonzo:
Ukusebenzisa iCisco Smart Faka iprotocol ikuvumela ukuba:
- Guqula idilesi yeseva ye-tftp kwisixhobo somthengi ngokuthumela ipakethe enye ye-TCP engalunganga;
- Khuphela ifayile yoqwalaselo lwesixhobo;
- Guqula ubumbeko lwesixhobo, umzekelo, ngokongeza umsebenzisi omtsha;
- Hlaziya umfanekiso we-iOS kwisixhobo;
- Yenza iseti yemiyalelo engacwangciswanga kwisixhobo. Olu luphawu olutsha olusebenza kuphela kwiinguqulelo ze-iOS 3.6.0E kunye ne-15.2(2)E;
Umgcini:
- Isebenza kunye neseti encinci yezixhobo zeCisco, ufuna kwakhona i-IP "emhlophe" ukuze ufumane impendulo kwisixhobo, okanye kufuneka ube kwinethiwekhi efanayo njengesixhobo;
yersinia
Iinkonzo:
- Ikuvumela ukuba uqhube uhlaselo kwi-STP, i-CDP, i-DTP, i-DHCP, i-HSRP, i-VTP kunye nabanye.
Umgcini:
- Ayisiyiyo eyona interface yomsebenzisi enobuhlobo.
iiproxychains
Iinkonzo:
- Inceda ukuqondisa ngokutsha i-traffic kwezinye izicelo ezingenakho ukusebenza nge-proxies ngokungagqibekanga;
Kweli nqaku, sijonge ngokufutshane kwiingenelo kunye nokungalunganga kwezixhobo eziphambili zepentesting yenethiwekhi yangaphakathi. Hlala ubukele, siceba ukupapasha ingqokelela enjalo kwixesha elizayo: IWebhu, i-database, izicelo zeselula - ngokuqinisekileyo siya kubhala malunga nale nto.
Yabelana ngezinto ozithandayo kumagqabantshintshi!
umthombo: www.habr.com