zoukankan      html  css  js  c++  java
  • Penetration Test

    Prioritization of vulnerabilities

    image-20200826215247163

    LEVERAGE INFORMATION
    • Leveraging information to prepare for exploitation
    • Map vulnerabilities to potential exploits
      • Look up vulnerabilities found for possible exploits
      • Nmap - vulners and vulscan scripts
      • Metasploit(search vulnerability)
    • Prioritize activities in preparation for penetration test
      • Will standard exploits work?
      • Will exploits need to be 'tweaked'?
      • Additional steps to prepare test?

    Change the directory over to the location of Namp scripts.

    cd /usr/share/nmap/scripts
    

    Clone a git repository.

    git clone https://github.com/vulnersCom/nmap-vulners.git
    
    git clone https://github.com/scipag/vulscan.git
    

    image-20200826221858164

    ls vulscan/*.csv
    

    image-20200826225054525

    Demo to use Namp script.

    nmap --script nmap-vulners -sV 10.0.0.15
    

    image-20200826225636544

    nmap --script vulscan -sV 10.0.0.15
    

    image-20200826230413460

    nmap --script vulscan --script-args vulscandb=exploitdb.csv -sV 10.0.0.15
    

    image-20200826230530948

    QUICK REVIEW
    • A key step in pen test planning is to map vulnerabilities to potential exploits
    • Use nmap scripts (vulners and vulscan) to find exploits for detected vulnerabilities
    • Use metasploit to search for exploits
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    eclipse安装m2e
    Ubuntu安装Maven(转)
    父亲节点的实现
    vscode go linux 依赖包
    golang DHCPv4/v6 demo
    解决golang.org模块无法下载的问题
    go 网络数据包分析(3)
    go 网络数据包分析(2)
    Go语言:判断IP是否合法是IPv4还是IPv6
    go IP地址转化为二进制数
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/13568658.html
Copyright © 2011-2022 走看看