Penetration Testing - ilya-khadykin/notes-outdated GitHub Wiki
| Web site | Purpose | Automatable? |
|---|---|---|
| http://archive.org/web/ | See history of changes for your target | Yes, low priority |
| https://www.linkedin.com/ | Gather info about company`s employees and technologies | Yes, high priority |
It's worth checking the following things:
-
robots.txtforDisallowcontent to see what parts of a website company administrators are trying to hide
GHDB:
| Operator | Purpose |
|---|---|
site:exmaple.com |
finds information using only target domain |
intitle:keyword |
finds keyword in <title></title> tag of the any indexed document |
inurl:keyword |
finds keyword within the url of the any indexed document |
intext:keyword |
finds specified keyword in text of the document |
ext:pdf |
returns only documents with specified extension |
-keyword |
exclude search specified search term from results |
"your keywords" |
search for specific set of keywords |
- Kali Linux
- https://sourceforge.net/projects/metasploitable/ (L: msfadmin and P: msfadmin)
- Microsoft Windows VMs - https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
Immunity created its canvas framework and core security technologies created core impact. Another framework, Metasploit was created by HD Moore in 2003 using Pearl and in 2007, was completely rewritten in Groovy. It was purchased in 2009 by Rapid 7 and has been enhanced with express and pro versions.
| Command | Comment |
|---|---|
apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y |
update your system |
lsb_release -acat /etc/*{release,version}
|
check the release of the OS |
| Tool | Purpose |
|---|---|
dmitry |
port scanning, dns information |
dnsenum |
dns info - subdomains etc |
| Tool | Purpose |
|---|---|
nikto |
finds vulnerabilities on a webserver |
Open-source vulnerability scanner
It isn't installed by default in Kali, but we can install it manually:
apt-get update && apt-get install -y openvas
openvas-setup # downloading vulnerabilities database from the Internet
openvasmd --user=admin --new-password=admin
openvas-nvt-sync # keep openvas updated
openvas-start # connect to https://127.0.0.1:9392/| Tool | Purpose |
|---|---|
| nikto | test web application for known issues |
apt-get update && apt-get install -y vega
vega| Tool | Purpose |
|---|---|
crunch |
generate wordlists |
rsmangler |
read a simple dictionary file and provide a new one with wide range of permutations |
cewl |
custom wordlist generator, used for extracting words from a website to create a dictionary for password cracking |
ls /usr/share/wce |
Windows Credential Editor |
john |
John the Ripper |
cd /usr/share/wordlists
gunzip rockyou.txt.gz
ls
cat rockyou.txt | lessGenerating wordlist:
crunch 10 10 -t password%%
crunch 6 6 -t dave@@ -o dave.txt # -o -> output fileThe diagramm panel
An analysis function
The transform processing engine
- Phishing
- Malicious websites
- USB sticks
- Access to credentials
- Software flaws
June 2012 - Virus Blockader discovered Rootkit.Timephider which was renamed to W32.Stuxnet after some time. It targeted industrial plant equipment. Code targeted only certain equipment configurations