zoukankan      html  css  js  c++  java
  • Penetration Test

    Pen Testing Toobox

    RECONNAISSANCE
    • For reconnaissance, use:
      • Nmap
      • Whois
      • Nslooup
      • Theharvester
      • Shodan
      • Recon-NG
      • Censys
      • Aircrack-NG
      • Kismet
      • WiFite
      • SET
      • Wireshark
      • Hping
      • Metasploit framework
    ENUMERATION
    • To list targets, use:
      • Nmap
      • Nslooup
      • Wireshark
      • Hping
    VULNERABILITY SCANNING
    • To scan for vulnerabilities, use:
      • Nmap
      • Nikto
      • OpenVAS
      • SQLmap
      • Nessus
      • W3AF
      • OWASP ZAP
      • Metasploit framework
    CREDENTIAL ATTACKS
    • For offline password cracking, use:
      • Hashcat
      • John the Riipper
      • Cain and Abel
      • Mimikatz
      • Aircrack-NG
    • For brute-forcing services, use:
      • SQLmap
      • Medusa
      • Hydra
      • Cain and Abel
      • Mimikatz
      • Patator
      • W3AF
      • Aircark-NG
    Persistence
    • Once you have expoited a target, use these to make sure you can get back in:
      • SET
      • BeEF
      • SSH
      • NCAT
      • NETCAT
      • Drozer
      • Powersploit
      • Empire
      • Metasploit framework
    Configuration Compliance
    • To evaluate a configuration to determine if it's copliant with a stantdard or regulation, use:
      • Nmap
      • Nikto
      • OpenVAS
      • SQLmap
      • Nessus
    Evasion
    • To evade detection, use:
      • SET
      • Proxychains
      • Metaspoit framework
    Decompilation
    • To decompile executables, use:
      • Immunity debugger
      • APKX
      • APK studio
    Penetration Testing Use Cases
    • Forensics
      • To carry out digital forensics, use:
        • Immunity debugger
      • Debugging
        • To debug code, use:
          • OLLYDBG
          • Immunity debugger
          • GDB
          • WinDBG
          • IDA
    Software Assurance
    • For general software assurance, use:
      • Findsecbugs
      • SonarQube
      • YASCA
    • For fuzzing, use:
      • Peach
      • AFL
    SAST(Static Application Security Testing)
    DAST(Dynamic Application Security Testing)
    QUICK REVIEW
    • Know what each of the tools listed in the objectives are commonly used for
    • Some tools, such as nmap, can fit into multiple use cases
    • It's more important to understand the purpose of a tool than to memorize categories
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    root用户没有权限编辑其他用户处理
    php中 被遗忘的函数
    erlang file操作(IO编程)
    Linux下的MySQL自动备份脚本
    这就是传说中让理科生沉默,让文科生落泪的文理综合体(转)
    LINUX 忘记root密码
    php中 被遗忘的函数
    分页显示的常用操作方法
    php 接口类:interface
    php垃圾回收机制分析
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/13933799.html
Copyright © 2011-2022 走看看