zoukankan      html  css  js  c++  java

  • Penetration Test

    Prioritization of vulnerabilities

    image-20200826215247163

    LEVERAGE INFORMATION
    • Leveraging information to prepare for exploitation
    • Map vulnerabilities to potential exploits
      • Look up vulnerabilities found for possible exploits
      • Nmap - vulners and vulscan scripts
      • Metasploit(search vulnerability)
    • Prioritize activities in preparation for penetration test
      • Will standard exploits work?
      • Will exploits need to be 'tweaked'?
      • Additional steps to prepare test?

    Change the directory over to the location of Namp scripts.

    cd /usr/share/nmap/scripts

    Clone a git repository.

    git clone https://github.com/vulnersCom/nmap-vulners.git

    git clone https://github.com/scipag/vulscan.git

    image-20200826221858164

    ls vulscan/*.csv

    image-20200826225054525

    Demo to use Namp script.

    nmap --script nmap-vulners -sV 10.0.0.15

    image-20200826225636544

    nmap --script vulscan -sV 10.0.0.15

    image-20200826230413460

    nmap --script vulscan --script-args vulscandb=exploitdb.csv -sV 10.0.0.15

    image-20200826230530948

    QUICK REVIEW
    • A key step in pen test planning is to map vulnerabilities to potential exploits
    • Use nmap scripts (vulners and vulscan) to find exploits for detected vulnerabilities
    • Use metasploit to search for exploits
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    Spring Boot 中加载XML配置
    C#winfrom打开指定的文件
    C#怎么实现文件下载功能的四种方法
    C#查看已下载文件大小和扩展名
    C#winfrom文件下载到本地
    判断DataGridView是否选中某行
    Secure CRT注册码
    http-server 开启服
    学习网址
    angular中table表格组件的使用
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/13568658.html
Copyright © 2011-2022 走看看