zoukankan      html  css  js  c++  java
  • Penetration Test

    Prioritization of vulnerabilities

    image-20200826215247163

    LEVERAGE INFORMATION
    • Leveraging information to prepare for exploitation
    • Map vulnerabilities to potential exploits
      • Look up vulnerabilities found for possible exploits
      • Nmap - vulners and vulscan scripts
      • Metasploit(search vulnerability)
    • Prioritize activities in preparation for penetration test
      • Will standard exploits work?
      • Will exploits need to be 'tweaked'?
      • Additional steps to prepare test?

    Change the directory over to the location of Namp scripts.

    cd /usr/share/nmap/scripts
    

    Clone a git repository.

    git clone https://github.com/vulnersCom/nmap-vulners.git
    
    git clone https://github.com/scipag/vulscan.git
    

    image-20200826221858164

    ls vulscan/*.csv
    

    image-20200826225054525

    Demo to use Namp script.

    nmap --script nmap-vulners -sV 10.0.0.15
    

    image-20200826225636544

    nmap --script vulscan -sV 10.0.0.15
    

    image-20200826230413460

    nmap --script vulscan --script-args vulscandb=exploitdb.csv -sV 10.0.0.15
    

    image-20200826230530948

    QUICK REVIEW
    • A key step in pen test planning is to map vulnerabilities to potential exploits
    • Use nmap scripts (vulners and vulscan) to find exploits for detected vulnerabilities
    • Use metasploit to search for exploits
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    1099. Build A Binary Search Tree (30)
    两个新事物
    time.h
    Nohup命令
    进程锁
    C++中虚析构函数的作用
    c++ 修改stl set中的元素
    STL迭代器辅助函数——advance
    CTreeCtrl 控件使用总结
    关于stl advance函数移动步数超过容器大小(越界)的研究
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/13568658.html
Copyright © 2011-2022 走看看