zoukankan      html  css  js  c++  java

  • 渗透测试平台bwapp简单介绍及安装

    先来介绍一下bwapp

    bwapp是一款非常好用的漏洞演示平台,包含有100多个漏洞

    •  SQL, HTML, iFrame, SSI, OS Command, XML, XPath, LDAP,

      PHP Code, Host Header and SMTP injections

    • Authentication, authorization and session management issues
    • Malicious, unrestricted file uploads and backdoor files
    • Arbitrary file access and directory traversals
    • Heartbleed and Shellshock vulnerability
    • Local and remote file inclusions (LFI/RFI)
    • Server Side Request Forgery (SSRF)
    • Configuration issues: Man-in-the-Middle, Cross-Domain policy file,
      FTP, SNMP, WebDAV, information disclosures,...
    • HTTP parameter pollution and HTTP response splitting
    • XML External Entity attacks (XXE)
    • HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS)
      and web storage issues
    • Drupal, phpMyAdmin and SQLite issues
    • Unvalidated redirects and forwards
    • Denial-of-Service (DoS) attacks
    • Cross-Site Scripting (XSS), Cross-Site Tracing (XST) and
      Cross-Site Request Forgery (CSRF)
    • AJAX and Web Services issues (JSON/XML/SOAP)
    • Parameter tampering and cookie poisoning
    • Buffer overflows and local privilege escalations
    • PHP-CGI remote code execution
    • HTTP verb tampering
    • And much more

    特点:

    • 开源的php应用
    • 后台Mysql数据库
    • 可运行在Linux/Windows Apache/IIS
    • 支持WAMP或者XAMPP

     安装:

    bwapp可以单独下载,也可以下载一个虚拟机版本,解压后直接打开虚拟机就可以访问。

    单独下载的话需要部署到apache+mysql+php的环境中

    • 单独安装:

    浏览器访问你的bwapp:http://x.x.x.x/bwapp/install

    点开here

    这里我已经安装过了

    • 虚拟机方式:

    下载之后解压,用vmware打开即可

    默认账号密码为:bee/bug

    但使用用虚拟机的方式的话存在一个键盘乱序的问题,需要做如下设置:

    System -> preferences -> keyboard -> layouts -> +add【layouts:China】

    keyboard -> A4Tech KB-21 

     

    附下载地址:

    虚拟机下载地址:https://sourceforge.net/projects/bwapp/files/bee-box/

    安装包下载地址:https://sourceforge.net/projects/bwapp/files/bWAPP/

    本文固定链接:http://www.cnblogs.com/hell0w/p/7523114.html 转载请注明出处,谢谢!
  • 相关阅读:
    P2639 [USACO09OCT]Bessie的体重问题Bessie's We…
    P2871 [USACO07DEC]手链Charm Bracelet
    P1983 车站分级
    P1038 神经网络
    P1991 无线通讯网
    P1546 最短网络 Agri-Net
    P1197 [JSOI2008]星球大战
    P1004 方格取数
    P1111 修复公路
    pd_ds 之 hash
  • 原文地址:https://www.cnblogs.com/hell0w/p/7523114.html
Copyright © 2011-2022 走看看