針對(duì)Web應(yīng)用程序的漏洞掃描其實(shí)就是每個(gè)掃描器讀取自己的Payload進(jìn)行探測(cè)镰绎。每個(gè)掃描器都有各自不同的Payload進(jìn)行探測(cè)脓斩,探測(cè)結(jié)果也可能不盡相同。因此畴栖,做漏洞掃描的時(shí)候随静,需要多個(gè)掃描器一起使用,獲取最終較為準(zhǔn)確的結(jié)果吗讶。
Web漏洞常用掃描器有:1燎猛、Owasp-zap;2照皆、AWVS重绷;3、Appscan膜毁;4昭卓、Nikto;5瘟滨、Burpsuite
Owasp-zap漏洞掃描器
OWASP-ZAP是OWASP組織開發(fā)的用于Web應(yīng)用程序漏洞掃描器葬凳。免費(fèi)開源,不斷更新維護(hù)室奏。OWASP-ZAP主要擁有以下重要功能:本地代理火焰、主動(dòng)掃描、被動(dòng)掃描胧沫、Fuzzy昌简、暴力破解
這篇文章寫的很詳細(xì):OWASP ZAP下載占业、安裝、使用(詳解)教程
Skipfish漏洞掃描器
Skipfish是由google出品的一款自動(dòng)化的網(wǎng)絡(luò)安全掃描工具纯赎,該工具可以安裝在linux谦疾、freebsd、MacOS X系統(tǒng)和windows(cygwin)犬金。Skipfish通過HTTP協(xié)議處理且占用較低的CPU資源念恍,因此它的運(yùn)行速度比較快。Skipfish每秒鐘可以輕松處理2000個(gè)請(qǐng)求晚顷。
缺點(diǎn):沒有代理功能峰伙,騷起來還挺久。
root@kali:~# skipfish -o test -I mutillidae http://10.0.2.5/mutillidae
skipfish web application scanner - version 2.10b
[!] WARNING: Wordlist '/dev/null' contained no valid entries.
Welcome to skipfish. Here are some useful tips:
1) To abort the scan at any time, press Ctrl-C. A partial report will be written
to the specified location. To view a list of currently scanned URLs, you can
press space at any time during the scan.
2) Watch the number requests per second shown on the main screen. If this figure
drops below 100-200, the scan will likely take a very long time.
3) The scanner does not auto-limit the scope of the scan; on complex sites, you
may need to specify locations to exclude, or limit brute-force steps.
4) There are several new releases of the scanner every month. If you run into
trouble, check for a newer version first, let the author know next.
More info: http://code.google.com/p/skipfish/wiki/KnownIssues
Press any key to continue (or wait 60 seconds)...
skipfish version 2.10b by lcamtuf@google.com
- 10.0.2.5 -
Scan statistics:
Scan time : 2:05:04.272
HTTP requests : 741204 (99.0/s), 3855563 kB in, 353001 kB out (560.8 kB/s)
Compression : 0 kB in, 0 kB out (0.0% gain)
HTTP faults : 153 net errors, 0 proto errors, 0 retried, 0 drops
TCP handshakes : 7652 total (98.2 req/conn)
TCP faults : 0 failures, 153 timeouts, 4 purged
External links : 1490405 skipped
Reqs pending : 10531
Database statistics:
Pivots : 2435 total, 1751 done (71.91%)
In progress : 68 pending, 7 init, 486 attacks, 123 dict
Missing nodes : 511 spotted
Node types : 1 serv, 246 dir, 335 file, 639 pinfo, 451 unkn, 755 par, 8 val
Issues found : 2148 info, 23 warn, 1029 low, 510 medium, 2 high impact
Dict size : 1526 words (1526 new), 23 extensions, 256 candidates
Signatures : 77 total
[!] Scan aborted by user, bailing out!
[+] Copying static resources...
[+] Sorting and annotating crawl nodes: 2435
[+] Looking for duplicate entries: 2435
[+] Counting unique nodes: 1363
[+] Saving pivot data for third-party tools...
[+] Writing scan description...
[+] Writing crawl tree: 2435
[+] Generating summary views...
[+] Report saved to 'test/index.html' [0x165f661f].
[+] This was a great day for science!
最后该默,打開指定目錄的index.html
頁(yè)面瞳氓,就可以查看報(bào)告了。
高級(jí)點(diǎn)的用法:
1栓袖、掃描一個(gè)txt文本:
root@kali:~# skipfish -0 test @url.txt
2匣摘、指定字典掃描:
# medium中等,minimal最小裹刮,extensions-only擴(kuò)展的音榜,complete完整
root@kali:~# dpkg -L skipfish | grep wl
/usr/share/skipfish/dictionaries/medium.wl
/usr/share/skipfish/dictionaries/minimal.wl
/usr/share/skipfish/dictionaries/extensions-only.wl
/usr/share/skipfish/dictionaries/complete.wl
root@kali:~# skipfish -o test -S /usr/share/skipfish/dictionaries/complete.wl -W newdic.wl -I mutillidae http://10.0.2.5/mutillidae
3、過濾字符串: -X logout
4捧弃、身份認(rèn)證
認(rèn)證方式 | 參數(shù) |
---|---|
Basic認(rèn)證 | -A username:password |
Cookie認(rèn)證 | -C "security=low" -C "PHPSESSID=e4a1e91e806ff991e05323df9b4914a9" |
表單認(rèn)證 | --auth-form http://10.0.2.5/dvwa/login.php --auth-user-field username --auth-user admin --auth-pass-field password --auth-pass password --auth-verify-url http://10.0.2.5/dvwa/index.php |
nikto2漏洞掃描器
https://cirt.net/nikto2-docs/usage.html
其他的工具:
Burpsuite:免費(fèi)版不支持主動(dòng)掃描赠叼;
Appscan:收費(fèi)的,要破解
AWVS :收費(fèi)的塔橡,要破解