Ikhithi yamathuluzi ye-novice pentester: sethula inhlabamkhosi emfishane yamathuluzi asemqoka azoba wusizo lapho uhlola inethiwekhi yangaphakathi. Lawa mathuluzi asevele esetshenziswa ngenkuthalo ochwepheshe abahlukahlukene, ngakho-ke kuzoba usizo kuwo wonke umuntu ukwazi ngamakhono abo futhi awazi kahle kahle.
Okuqukethwe:
-
I-Nmap -
Zmap -
UMascan -
I-Nessus -
I-Net-Credits -
network-miner -
umtm6 -
impendulo -
Evil_Foca -
I-Bettercap -
isitholi_sesango -
i-mitmproxy -
ISIKHOMBISA -
yersinia -
ama-proxychains
I-Nmap
Ngokungeziwe ekuhloleni izimbobo ezivuliwe/ezivaliwe, i-nmap ingakwazi ukuhlonza ukulalela kwesevisi endaweni evulekile kanye nenguqulo yayo, futhi ngezinye izikhathi isiza ukucacisa i-OS. I-Nmap inosekelo lokuskena imibhalo (NSE - Nmap Scripting Engine). Usebenzisa imibhalo, kungenzeka ukuhlola ubungozi bezinsizakalo ezahlukahlukene (uma, kunjalo, kuneskripthi sabo, noma ungahlala ubhala eyakho) noma ukubuyisela amaphasiwedi ezinsizakalo ezahlukahlukene.
Ngakho-ke, i-Nmap ikuvumela ukuthi udale imephu enemininingwane yenethiwekhi, uthole ulwazi oluningi mayelana nokusebenzisa amasevisi kubabungazi kunethiwekhi, futhi uhlole ngokuqhubekayo ubungozi obuthile. I-Nmap futhi inezilungiselelo zokuskena eziguquguqukayo; ungamisa isivinini sokuskena, inombolo yochungechunge, inani lamaqembu azoskenwa, njll.
Ilungele ukuskena amanethiwekhi amancane futhi ibalulekile ekuskeneni kwendawo yabasingathi abangabodwana.
Izinzuzo:
- Isebenza ngokushesha ngohlu oluncane lwabasingathi;
- Ukuguquguquka kwezilungiselelo - ungahlanganisa izinketho ngendlela yokuthola idatha efundisa kakhulu ngesikhathi esamukelekile;
- Ukuskena okuhambisanayo - uhlu lwabasingathi okuqondiwe luhlukaniswa ngamaqembu, bese iqembu ngalinye liskenwa ngokushintshana, ukuskena okuhambisanayo kusetshenziswa ngaphakathi kweqembu. Futhi ukuhlukaniswa ngamaqembu kuwububi obuncane (bheka ngezansi);
- Amasethi achazwe ngaphambilini ezikripthi zemisebenzi ehlukene - akudingekile ukuba uchithe isikhathi esiningi ukhetha imibhalo ethile, kodwa ucacise amaqembu emibhalo;
- Imiphumela yomphumela - amafomethi ahlukene angu-5, kuhlanganise ne-XML, engangeniswa kwamanye amathuluzi;
Umthengi:
- Ukuskena iqembu labasingathi - ulwazi olumayelana nanoma yimuphi umsingathi alutholakali kuze kuqedwe ukuskenwa kweqembu lonke. Lokhu kungaxazululwa ngokusetha ezinkethweni usayizi weqembu omkhulu kanye nesikhawu esiphezulu sesikhathi lapho impendulo yesicelo izolindelwa khona ngaphambi kokumisa imizamo noma ukwenza esinye;
- Lapho iskena, i-Nmap ithumela amaphakethe e-SYN embobeni eqondiwe futhi ilinde noma iyiphi iphakethe lempendulo noma ukuphela kwesikhathi uma kungekho mpendulo. Lokhu kuthinta kabi ukusebenza kwesithwebuli sisonke, uma kuqhathaniswa nezikena ezingavumelanisi (isibonelo, i-zmap noma i-mascan);
- Uma uskena amanethiwekhi amakhulu, ukusebenzisa amafulegi ukusheshisa ukuskena (-min-rate, --min-parallelism) kungase kukhiqize imiphumela engemihle-emibi, engekho izimbobo ezivulekile kumsingathi. Futhi, lezi zinketho kufanele zisetshenziswe ngokuqapha, njengoba inani elikhulu lephakethe lingaholela ku-DoS engahlosiwe.
Zmap
Ngokungafani ne-nmap, lapho ithumela amaphakethe e-SYN, i-Zmap ayilindi kuze kubuye impendulo, kodwa iyaqhubeka nokuskena, ngesikhathi esifanayo ilinde izimpendulo ezivela kubo bonke ababungazi, ngakho empeleni ayigcini isimo sokuxhuma. Lapho impendulo yephakethe le-SYN ifika, i-Zmap izoqonda kusukela kokuqukethwe kwephakethe ukuthi iyiphi imbobo evuliwe nokuthi yimuphi umsingathi. Ukwengeza, i-Zmap ithumela kuphela iphakethe elilodwa le-SYN ngembobo ngayinye iskenwa. Kungenzeka futhi ukusebenzisa i-PF_RING ukuskena ngokushesha amanethiwekhi amakhulu uma kungenzeka ube ne-interface ye-10-Gigabit kanye nekhadi lenethiwekhi elihambisanayo eduze.
Izinzuzo:
- Isivinini sokuskena;
- I-Zmap ikhiqiza ozimele be-Ethernet ngokudlula isitaki sesistimu ye-TCP/IP;
- Amathuba okusebenzisa PF_RING;
- I-ZMap yenza okungahleliwe okuhlosiwe ukuze kusabalalise ngokulinganayo umthwalo ohlangothini oluskeniwe;
- Amathuba okuhlanganiswa ne-ZGrab (ithuluzi lokuqoqa ulwazi mayelana nezinsizakalo ezingeni lesicelo se-L7).
Umthengi:
- Kungabangela ukuphika kwesevisi yemishini yenethiwekhi, isibonelo, ukubhubhisa ama-routers aphakathi, naphezu komthwalo osakazwayo, ngoba wonke amaphakethe azodlula kumzila owodwa.
UMascan
Izinzuzo:
- I-syntax iyafana ne-Nmap, futhi uhlelo luphinde lusekele ezinye izinketho ezihambisana ne-Nmap;
- Isivinini sokusebenza - esinye sezikena ezishesha kakhulu ze-asynchronous.
- Indlela yokuskena eguquguqukayo - iqalisa kabusha ukuskena okuphazamisile, isabalalisa umthwalo kuwo wonke amadivayisi ambalwa (njengaku-Zmap).
Umthengi:
- Njenge-Zmap, umthwalo kunethiwekhi ngokwayo uphezulu kakhulu, okungaholela ku-DoS;
- Ngokuzenzakalelayo, alikho ikhono lokuskena kusendlalelo sohlelo lokusebenza lwe-L7;
I-Nessus
Iyakwazi ukuhlonza izinguqulo ezisengozini yamasevisi noma amaseva, ithole amaphutha ekucushweni kwesistimu, futhi yenze i-bruteforce yamaphasiwedi esichazamazwi. Ingasetshenziselwa ukunquma ukulunga kwezilungiselelo zesevisi (i-imeyili, izibuyekezo, njll.), kanye nokulungiselela ukuhlolwa kwe-PCI DSS. Ngaphezu kwalokho, ungakwazi ukudlulisa imininingwane yosokhaya ku-Nessus (i-SSH noma i-akhawunti yesizinda ku-Active Directory) futhi iskena sizokwazi ukufinyelela kumsingathi futhi sihlole kuyo ngokuqondile, le nketho ibizwa ngokuthi ukuskena kokuqinisekisa. Ilungele izinkampani ezenza ucwaningo lwamanethiwekhi azo.
Izinzuzo:
- Izimo ezihlukene zobungozi ngakunye, isizindalwazi sakhona esibuyekezwa njalo;
- Umphumela wemiphumela - umbhalo ongenalutho, i-XML, i-HTML ne-LaTeX;
- I-API Nessus - ikuvumela ukuthi wenze ngokuzenzakalelayo izinqubo zokuskena nokuthola imiphumela;
- Iskena sokuqinisekisa, ungasebenzisa imininingwane ye-Windows noma ye-Linux ukuze uhlole izibuyekezo noma obunye ubungozi;
- Ikhono lokubhala amamojula akho okuvikela akhelwe ngaphakathi - isithwebuli sinolimi lwaso lokubhala i-NASL (Nessus Attack Scripting Language);
- Ungasetha isikhathi sokuskena okuvamile kwenethiwekhi yendawo - ngenxa yalokhu, Isevisi Yokuphepha Kolwazi izoqaphela zonke izinguquko ekucushweni kwezokuphepha, ukuvela kwababungazi abasha kanye nokusetshenziswa kwesichazamazwi noma amaphasiwedi azenzakalelayo.
Umthengi:
- Kungase kube khona ukungasebenzi kahle ekusebenzeni kwezinhlelo eziskenwayo - udinga ukusebenza ngokucophelela ngenketho yokuhlola okuphephile ivaliwe;
- Inguqulo yezohwebo ayimahhala.
I-Net-Credits
Izinzuzo:
- Ukuhlonza isevisi kusekelwe ekuhlaziyweni kwephakethe esikhundleni sokuhlonza isevisi ngenombolo yechweba esetshenzisiwe;
- Kulula ukuyisebenzisa;
- Uhlu olubanzi lwedatha ekhishiwe - okuhlanganisa ukungena ngemvume namagama ayimfihlo e-FTP, POP, IMAP, SMTP, NTLMv1/v2 protocol, kanye nolwazi oluvela kuzicelo ze-HTTP, njengamafomu okungena kanye ne-auth eyisisekelo;
network-miner
Izinzuzo:
- Isikhombikubona sokuqhafaza;
- Ukubona ngeso lengqondo nokuhlukaniswa kwedatha ngamaqembu kwenza ukuhlaziywa kwethrafikhi kube lula futhi kukwenze kusheshe.
Umthengi:
- Inguqulo yesilingo inomsebenzi olinganiselwe.
umtm6
Izinzuzo:
- Isebenza kahle kumanethiwekhi amaningi ngokunembile ngenxa yokucushwa okujwayelekile kwama-Windows host namanethiwekhi;
impendulo
Izinzuzo:
- Ngokuzenzakalelayo, iphakamisa amaseva amaningi ngokusekelwa kokuqinisekisa kwe-NTLM: SMB, MSSQL, HTTP, HTTPS, LDAP, FTP, POP3, IMAP, SMTP;
- Ivumela i-DNS spoofing esimweni sokuhlaselwa kwe-MITM (i-ARP spoofing, njll.);
- Izigxivizo zeminwe zabasingathi abenze isicelo sokusakaza;
- Imodi yokuhlaziya - yokuqapha izicelo;
- Ifomethi ye-hashes ebanjiwe yokuqinisekisa kwe-NTLM ihambisana no-John the Ripper kanye ne-Hashcat.
Umthengi:
- Uma isebenza ngaphansi kwe-Windows, ukubophezela kwe-port 445 (SMB) kugcwele ubunzima obuthile (kudinga ukumisa izinsiza ezihambisanayo nokuqalisa kabusha);
Evil_Foca
Izinzuzo:
- Ilungele ukwenza ukuhlaselwa kwe-MITM (i-ARP spoofing, umjovo we-DHCP ACK, ukuhlasela kwe-SLAAC, i-DHCP spoofing);
- Ungakwazi ukwenza ukuhlasela kwe-DoS - nge-ARP spoofing yamanethiwekhi e-IPv4, nge-SLAAC DoS kumanethiwekhi e-IPv6;
- Kungenzeka ukwenza ukudunwa kwe-DNS;
- Kulula ukuyisebenzisa, isikhombimsebenzisi sesithombe esisebenziseka kalula.
Umthengi:
- Isebenza kuphela ngaphansi kweWindows.
I-Bettercap
Izinzuzo:
- I-Credential sniffer - ungathola ama-URL avakashelwe nabasingathi be-HTTPS, ukuqinisekiswa kwe-HTTP, izifakazelo zamaphrothokholi amaningi ahlukene;
- Inqwaba yokuhlaselwa kwe-MITM eyakhelwe ngaphakathi;
- I-modular HTTP(S) ummeleli obala - ungaphatha ithrafikhi kuye ngezidingo zakho;
- Iseva ye-HTTP eyakhelwe ngaphakathi;
- Ukusekelwa kwama-caplets - amafayela avumela ukuhlasela okuyinkimbinkimbi nokuzenzakalelayo ukuthi kuchazwe ngolimi lokubhala.
Umthengi:
- Amanye amamojula - isibonelo, i-ble.enum - awasekelwa ngokwengxenye i-macOS ne-Windows, amanye akhelwe i-Linux kuphela - i-packet.proxy.
isitholi_sesango
Izinzuzo:
- Kulula ukusebenzisa nokwenza ngendlela oyifisayo.
i-mitmproxy
Izinzuzo:
- Isebenza ngamaphrothokholi ahlukahlukene, futhi futhi isekela ukuguqulwa kwamafomethi ahlukahlukene, ukusuka ku-HTML kuye ku-Protobuf;
- I-API yePython - ikuvumela ukuthi ubhale imibhalo yemisebenzi engajwayelekile;
- Ingasebenza ngemodi ye-proxy esobala ngokuvimba kwethrafikhi.
Umthengi:
- Ifomethi yokulahla ayihambelani nanoma yini - kunzima ukusebenzisa i-grep, kufanele ubhale imibhalo;
ISIKHOMBISA
Izinzuzo:
Ukusebenzisa i-Cisco Smart Install protocol ikuvumela ukuthi:
- Shintsha ikheli leseva ye-tftp kudivayisi yeklayenti ngokuthumela iphakethe elilodwa le-TCP elingalungile;
- Kopisha ifayela lokumisa idivayisi;
- Shintsha ukucushwa kwedivayisi, isibonelo, ngokwengeza umsebenzisi omusha;
- Buyekeza isithombe se-iOS kudivayisi;
- Yenza isethi yemiyalo engahleliwe kudivayisi. Lesi isici esisha esisebenza kuphela kuzinguqulo ze-iOS 3.6.0E kanye ne-15.2(2)E;
Umthengi:
- Isebenza ngesethi elinganiselwe yamadivayisi e-Cisco, futhi udinga i-IP "emhlophe" ukuze uthole impendulo evela kudivayisi, noma kufanele ube kunethiwekhi efanayo nedivayisi;
yersinia
Izinzuzo:
- Ikuvumela ukuthi uhlasele i-STP, i-CDP, i-DTP, i-DHCP, i-HSRP, i-VTP nezinye.
Umthengi:
- Akusona isixhumi esibonakalayo esisebenziseka kalula.
ama-proxychains
Izinzuzo:
- Isiza ukuqondisa kabusha ithrafikhi kwezinye izinhlelo zokusebenza ezingakwazi ukusebenza nama-proxies ngokuzenzakalelayo;
Kulesi sihloko, sibheke kafushane izinzuzo kanye nebubi bamathuluzi ayinhloko wokungena kwenethiwekhi yangaphakathi. Hlala ubukele, sihlela ukushicilela amaqoqo anjalo esikhathini esizayo: Iwebhu, isizindalwazi, izinhlelo zokusebenza zeselula - nakanjani sizobhala ngalokhu futhi.
Yabelana ngezinsiza zakho ozithandayo kumazwana!
Source: www.habr.com