Keatron的渗透工具列表
当我做某些地方的渗透测试时常被问到我使用的工具,于是我决定编辑列出一个简短的文章来介绍下这些工具,他们是....
我只想说明在任何渗透测试阶段都能够使用backtrack
比较简单就不翻译了。。简单做几个注释
Phase 1 Passive Reconnaissance
Google (1st stop for passive recon), facebook, myspace, linkedin etc. (Find info on individuals) (PS:在中国就人人网,qq空间,博客什么的)
Netcraft (find passive info about web servers.)
Whois
Geo Spider
Google Earth (谷歌地球都出场了。。)
HTTrack (抓镜像神器,也可以爬虫哦)
Webripper
Wireshark (I use in almost every phase. I wanna see if their website is sending me any tracking goodies while I’m reconning it.)(wireshark的确很好用,本人大多用于分析协议)
Paros (Same as above, plus I use it to study authentication methods, and other stuff on their sites)
Phase 2 Scanning
Nmap
Firewalk
Hping
Modem Scan
THC Scan
Tone Loc
p0f
Solarwinds
TCPTraceroute
Phase 3 Vulnerability Research
(I pretty much go manual here, but there’s always Nessus, ISS and others).
I usually try and build something that looks as close as possible to my target, and practice exploiting them. I count this as part of my vulnerability research.
Places I check are Secunia, Seclist, Milw0rm, Eeye, Metasploit.com, Securiteam, and a few others.
Vendor websites.
Phase 4 Penetration/Hacking
Breaking in
Manual exploit code
Metasploit
Core Impact (Large scale (5000 or more nodes to penetrate).
Password Cracking
Kerb Crack
Pwdump
Cain & Able
John the Ripper
Rainbow Crack
Hydra
Trojans & Rootkit
I usually make my own. But some good POC ones are Poison Ivy, Nuclear RAT, Netbus.
Phase 5 Going Deeper
Dsniff
Tcpdump
Arpspoof
Putty
Recub
Scapy (to trick devices and anything else which accepts or send packets)
WebScarab (studying HTTPS and other secure authentication processes)
IDA Pro (reversing any custom apps I find being used internally).
Olly Debug (same as above).
Yersinia (VLAN hopping, and other low stack level attacks)
Phase 6 Covering Tracks
RM, delete, erase, etc (obviously).
Clearlogs
Wipe utility
ADS
Winzapper (not a big fan, but when I have to…..)
======
作者介绍的工具大多在bt中存在。