This document provides an overview of several security tools including Nikto, Burp Suite, Wikto, Nmap, Metasploit, Nessus, OpenVAS, and how some of them relate to and integrate with Nikto. It describes Nikto as a web server scanner that checks for vulnerabilities. It then briefly introduces each of the other tools, their purpose, and in some cases how they can work with Nikto, such as Nikto being able to use Nmap scan results or output results to Metasploit's database.
Docker 101: an introduction to Docker. The presentation introduces the Docker fundamentals, including LXC Containers and other tools of the Docker ecosystem.
This presentation contains the information about the OpenVAS understanding installation procedure in Linux and also contains the Working and it's screen shots
Pentesting react native application for fun and profit - Abdullahidsecconf
React Native merupakan framework yang digunakan untuk membuat aplikasi mobile baik itu Android maupun IOS (multi platform). Framework ini memungkinkan developer untuk membuat aplikasi untuk berbagai platform dengan menggunakan basis kode yang sama, yaitu JavaScript.
Dikarenakan aplikasi ini berbasis JavaScript (client side), banyak developer yang tidak memperhatikan celah keamanan pada aplikasi. Terdapat berbagai macam celah keamanan meliputi client side dan server side. Presentasi ini memuat pengalaman saya dalam menemukan celah keamanan pada saat melakukan Penetration Testing pada aplikasi mobile berbasis React Native
Docker 101: an introduction to Docker. The presentation introduces the Docker fundamentals, including LXC Containers and other tools of the Docker ecosystem.
This presentation contains the information about the OpenVAS understanding installation procedure in Linux and also contains the Working and it's screen shots
Pentesting react native application for fun and profit - Abdullahidsecconf
React Native merupakan framework yang digunakan untuk membuat aplikasi mobile baik itu Android maupun IOS (multi platform). Framework ini memungkinkan developer untuk membuat aplikasi untuk berbagai platform dengan menggunakan basis kode yang sama, yaitu JavaScript.
Dikarenakan aplikasi ini berbasis JavaScript (client side), banyak developer yang tidak memperhatikan celah keamanan pada aplikasi. Terdapat berbagai macam celah keamanan meliputi client side dan server side. Presentasi ini memuat pengalaman saya dalam menemukan celah keamanan pada saat melakukan Penetration Testing pada aplikasi mobile berbasis React Native
Creare Suite di Test Automatici intelligenti con Selenium IDEStefano Trojani
Come creare delle suite (test plan) intelligenti con Selenium IDE? Una completa guida che parte dal concettuale per andare nel dettaglio tecnico (non troppo) che spiega un approccio testing strutturato, partendo dagli use case, ai test case.
Un'introduzione approfondita al tool Selenium IDE. Cos'è, come funziona e come creare un primo Test Case. Esempi di come migliorare il codice del test case e come creare delle suite.
Come utilizzare la PEC nella vita di tutti i giorni al massimo delle sue pote...Stefano Trojani
Un corso che spiega gli utilizzi di tutti i giorni della Posta Elettronica Certifica: per contestare le multe, pagare la tassa sui rifiuti (TARI), inoltrare reclami alle banche, disdire contratti telefonici... e molto altro. Come registrarsi una PEC gratis ed essere subito operativo.
Eseguire più suite di test automatici insieme con Selenium IDE - Evolve Today! Stefano Trojani
Come decentrare le variabili di ambiente dalle suite di Selenium Ide per poter lanciare più suite insieme senza perdere niente. Una presentazione fatta con lo stile di Bioshock in art decò.
BackBox Linux: Simulazione di un Penetration TestAndrea Draghetti
Venerdì 11 dicembre alle 21:15 in via Episcopio Vecchio 9 a Forlì, presso l’Istituto Salesiano “Orselli”, avremo il piacere di ospitare Andrea Draghetti, componente del Team di Sviluppo del progetto BackBox Linux ed esperto in sicurezza informatica. Con noi ci saranno anche i nostri amici di ImoLUG, per compagnia e supporto come da miglior tradizione acara.
Si tratta di una serata dal carattere prettamente tecnico ed operativo che inaugura un piccolo ed informale laboratorio collaborativo di sicurezza informatica e computer forensics, nato dalle richieste di alcuni soci del Folug aperto a chiunque sia interessato a questi argomenti.
Data la natura dell’incontro e la notevole professionalità del relatore si “smanetterà” alla grande; quindi lasciate perdere testi teorici e preparatevi a vedere esempi pratici degli argomenti che verranno trattati:
1. Nmap (Scansione porte, fingerprint, ecc)
2. Dirs3arch (File e Directory Bruteforce)
3. Wpscan (Scanner di exploit della piattaforma wordpress)
4. SQLMap (sqlinjection)
5. Metasploit (Remote File Inclusion e Privilege Escalation)
Il sistema operativo di riferimento sarà BackBox Linux, distro italiana votata alla sicurezza informatica ed alle analisi forensi, particolarmente apprezzata da chi scrive per la sua versalità, stabilità e completezza. Questa distro raccoglie al suo interno, secondo le linee guida del software Debian, tutta una serie di tools sia relativi alla sicurezza informatica per aiutare gli ethical hackers nel loro lavoro di messa in sicurezza di sistemi e di applicazioni sia strumenti finalizzati a svolgere analisi sui computer per la ricerca di prove (computer forensics), senza dimenticare la possibilità di essere usata come distro “da tutti i giorni”.
Di seguito, il link per poterne scaricare una copia:
https://www.backbox.org/downloads
L’evento non potrà essere trasmesso in streaming a causa della connessione raccapricciantemente lenta della nostra sede, ma, nello stile Open Source che ci ha sempre contraddistinto, tutto il materiale liberamente pubblicabile sarà postato nel nostro blog quanto prima… speriamo con qualche sorpresa
Fonte: http://www.folug.org/2015/12/06/serate-l-folug-il-pen-test-con-backbox-linux/
BackBox Linux: Simulazione di un Penetration Test e CTFAndrea Draghetti
La sicurezza informatica sta diventando uno degli aspetti sempre più importanti nell'uso di strumenti digitali con cui abbiamo a che fare ogni giorno.
Il relatore Andrea Draghetti ci mostrerà le cinque fasi principali di un Penetration Test:
Information Gathering
Vulnerability Assessment
Exploitation
Privilege Escalation
Maintaining Access.
Utilizzando alcuni dei software preinstallati in BackBox (il relatore fa parte della community staff del progetto) e sfruttando alcune vulnerabilità, attaccherà un Server Web basato su Ubuntu Linux
OpenVAS, lo strumento open source per il vulnerability assessmentBabel
Open Vulnerability Assessment System (OpenVAS), la risposta completamente open source allo scanner remoto Nessus, permette di rilevare in modo affidabile le potenziali vulnerabilità dei sistemi presenti all'interno della infrastruttura IT. Il sistema, alimentato da una base dati quotidianamente aggiornata che contiene più di 20.000 test di vulnerabilità, consente inoltre di analizzare la lista delle contromisure applicabili per eliminare potenziali problemi.
Questo mese il System Engineer Maurizio Pagani ha preparato una breve guida dedicata a chi approccia il software per la prima volta, spiegandone l'architettura, i passi necessari per effettuare la scansione di un sistema remoto e un esempio pratico del report ottenuto.
Per saperne di più su questa importante alternativa open source dedicata al tema della sicurezza, vi invitiamo a scaricare l’articolo completo. Per qualsiasi domanda non esitate a contattarci utilizzando il form "Serve aiuto?" sul nostro Centro Risorse http://www.babel.it/it/centro-risorse.html
Web Application Security 101 - 04 Testing MethodologyWebsecurify
In part 4 of Web Application Security 101 we will dive deep into the standard testing methodology used by penetration testers and vulnerability researchers when testing web application for security vulnerabilities.
Web Application Security 101 - 03 Web Security ToolkitWebsecurify
In part 3 of Web Application Security 101 you will get introduced to the standard security toolkit. You will get access to Websecurify Suite to start hacking your way through the rest of the course.
In questo seminario ho simulato un Penetration Test completo partendo dalla fase di raccolta delle informazioni fino ad arrivare alla fase in cui l'attaccante penetra nel sistema e installa una backdoor per rafforzare la propria presenza nel sistema violato.
Durante ogni singola fase mi sono fermato a parlare di essa portando esempi sia teorici che demo pratiche.
Questo seminario nasce con lo scopo di appassionare i ragazzi e soprattutto far conoscere ad essi il mondo della sicurezza informatica rivolta ai test di penetrazione. Questo seminario nasce dall'invito che ho ricevuto da parte dell'istituto G.B. Vaccarini, essendo io stesso, un loro ex studente.
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where the hacker/penetration-tester has deployed a malware on a user's workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.) On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user's workstation.
I developed (and will publish) two tools that help the community in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help to circumvent the hardware firewall after one can execute code on the server with admin privileges (using a signed kernel driver). My tools have been tested against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops (e.g. Citrix). The number of problems one can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation.
I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
The Offensive Security Certified Professional (OSCP) is one of the most technical and most challenging certifications for information security professionals.
For More information please contact us : https://www.infosectrain.com/
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.
This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks.
See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.
Dockerizing the Hard Services: Neutron and Novaclayton_oneill
Talk about the benefits and pitfalls involved in successfully running complex services like Neutron and Nova inside of Docker containers.
Topics include:
* What magic incantations are needed to run these services at all?
* How to prevent HA router failover on service restarts.
* How to prevent network namespaces from breaking everything.
* Bonus: How network namespace fixes also helped fix Cinder NFS backend
Spenser Reinhardt's presentation on Detecting Security Breaches With Docker, Honeypots, & Nagios.
The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference
Unmasking Careto through Memory Forensics (video in description)Andrew Case
My presentation from SecTor 2014 on analyzing the sophisticated Careto malware with memory forensics & Volatility
Video here: http://2014.video.sector.ca/video/110388398
Title: Hands on Penetration Testing 101 by Scott Sutherland & Karl Fosaaen
Abstract: The goal of this training is to introduce attendees to standard penetration test methodologies, tools, and techniques. Hands on labs will cover the basics of asset discovery, vulnerability enumeration, system penetration, privilege escalation, and bypassing end point protection. During the labs, common vulnerabilities will be leveraged to illustrate attack techniques, using freely available tools such as Nmap and Metasploit. This training will be valuable to anyone interested in gaining a better understanding of penetration testing or to system administrators trying to understand common attack approaches.
Presentation at March 2019 Dutch Postgres User Group Meetup on lessons learnt while migrating from Oracle to Postgres, demo'ed via vagrant test environments and using generic pgbench datasets.
Learn from the dozens of large-scale deployments how to get the most out of your Kubernetes environment:
- Container images optimization
- Organizing namespaces
- Readiness and Liveness probes
- Resource requests and limits
- Failing with grace
- Mapping external services
- Upgrading clusters with zero downtime
The Attached slide was presented at Null Open Security/OWAP/G4H combined community event, the document shared here is a representation of Independent study on usage of Metasploit on purpose built vulnerable machine Metasploitable3. With New attack vectors such as Elastic Search API and Jenkins servers -21/01/2017
Contains
1. Introduction to Metasploit (why metasploit?)
2. Demo Setup and talked on how to- Using Metasploitable3
3. Networking with VirtualBox for personal lab
4. Auxiliary Modules (Scanners and Servers ) - Demo of snmp_enum
5. Exploit Module (searching exploits)
6. Payload types
7. Exploit Demo 1 - /exploit/multi/elasticsearch/script_mvel_rce
8. Exploit Demo 2 -
/exploit/multi/http/jenkins_script_console
If a butterfly flaps its wings in Brazil, does it cause a tornado in Texas?
Chaos theory attempts to answer such baffling questions. The discovery of randomness in apparently predictable physical systems has evolved into a science that declares the universe to be far more unpredictable then we have ever imagined.
Introducing Chaos explains how chaos makes its presence felt in events from the fluctuation of animal populations to the ups and downs of the stock market. It examines the roots of chaos in modern maths and physics, and explores the relationship between chaos and complexity, the unifying theory which suggests that all complex systems evolve from a few simple rules.
This is an accessible introduction to an astonishing and controversial theory.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
3. Nikto - short introduction
● You manage several Web servers/applications
● Need to find potential problems and security
vulnerabilities, including:
- Server and software misconfigurations
- Default files and programs
- Insecure files and programs
- Outdated servers and programs
4. Nikto - short introduction
●
●
●
●
●
●
●
●
Web server scanner,
Created by : David Lodge and Chris Sullo,
Version 1.00 Beta released on: December 27, 2001
Current version: 2.1.5,
Written in: Perl,
The name is taken from the movie: The Day The Earth Stood Still,
Sponsored by: Sunera LLC,
Official page : http://www.cirt.net/nikto2.
5. Nikto - short introduction
●
●
Open source,
Performs test against web servers
for multiple items:
- Looks for over 6500 potentially dangerous files/CGIs,
- Checks for outdated versions of over 1250 servers,
- Looks for version specific problems on over 270 servers,
- Attempts to identify installed web servers and software,
- Checks for the presence of multiple index files and HTTP
server options,
●
Output can be saved in a variety of formats: text, XML, HTML.
6. Nikto - short introduction
Burp Suite
Web scanner
Metasploit
Pr
ox
ing
gg
Lo
y
Wikto
Web scanner
Nikto
DB
Nikto
to
Integrated
Vulnerability exploitation
Nessus
Vulnerability scanner
Web scanner
eg
rat
ed
O
ut
pu
tf
or
Int
Nmap
Network scanner
OpenVAS
Vulnerability scanner
7. Burp Suite
●
●
●
Integrated platform for performing security testing of web
applications,
Its tools work great togheter to support the entire testing process,
from initial mapping and analysis of an application’s attack surface,
through to finding and exploiting security vulnerabilities,
Gives full control , meaning combine advanced manual techniques with
state-of-the-art automation for fast, effective results.
http://portswigger.net/burp/
8. Burp Suite - key components
●
●
●
●
●
●
●
Proxy - an intercepting proxy , which lets you inspect and modify traffic
between your browser and the target application,
Spider - an application aware spider, for crawling content and
functionality,
Scanner - an advanced web application scanner, for automating the
detection of numerous types of vulnerabilities,
Intruder - an intruder tool, for performing powerful customized attacks
to find and exploit unusual vulnerabilities,
Repeater - a repeater tool, for manipulating and resending individual
requests,
Sequencer - a sequencer tool, for testing the randomness of session
tokens,
Ability to: save your work and resume your work later, write plugins.
9. Burp Suite - Nikto
Proxy - can intercept the http requests and
show them in proper format so it can be used to
analyse the queries made by Nikto and
discover vulnerabilities.
10. Burp Suite - Nikto
perl nikto.pl -h localhost -useproxy
http://localhost:8080/
11. Wikto
●
●
●
●
●
●
●
●
Roles: checks for vulnerabilities in webservers,also in the
implementation, it tries to find interesting directories and files on the web
site and it looks for simple scripts that can be abused,
Written in: .NET C#,
Version: 2.1.0.0.
Release date: 2008-12-14,
Created by: sensepost,
Cost: free,
License:GPL,
Nikto for Windows with extra features: fuzzy logic eror code
checking, a back-end miner, Google assisted directory mining, real time
HTTP request/response monitoring.
12. Wikto - Nikto
Wikto uses Nikto’s
database to perform
different checks
against web server.
Nikto DB
13. Nmap
●
●
●
●
●
●
●
●
●
●
Network Mapper,
Roles: network discovery and security analysis,
Technique: uses IP raw packets ,
Determine: what host are available on the network, what services
(application name and version) those hosts are offering, what operating
systems (and OS versions) they are running and other,
Free and Open Source,
Available with: command line and GUI viewer( Zenmap),
Well documented and supported,
Portable: runs on al major operating systems,
Won numerous awards and was featured in twelve movies ,
Official site: http://nmap.org/.
14. Nmap -Nikto
Scenario: Nikto supports scanning multiple
hosts via text file of host names or IPs. A host
file may also be a Nmap output in “greppable”
format.
Operating system
Windows 7, 64 bit
Steps
●
●
●
●
Nikto
Version 2.1.5
Download and install Nikto and Nmap,
Put in the Environment Variables, Path for
the two folders of the programs mentioned
above,
In Start search for cmd, wait to open
Command Prompt,
Type the following for localhost, port 80:
nmap -p80 localhost/24 -sT -Pn -oG - |
nikto.pl -h -
Nmap
-oG - greppable format, name of the file - , to be
passed through stdin/stdout to Nikto,
command-line zip file: nmap-6.40-win32.zip
-sT - TCP connect scan,
-Pn - no ping , disable host discovery.
16. Metasploit
●
●
●
●
●
Vulnerability exploitation tool -> Framework,
Released in : 2004,
Project acquired by: Rapid7 in: 2009,
Open source platform for developing, testing and using exploit code ,
Commercial variants, also :
Pro
Express
Community
Framework
Enterprise Security
Programs& Advanced
Penetration Tests
Baseline Penetration
Tests
Free Entry -Level
Edition
Free Open Source
Development
Platform
Web-based GUI
Web-based GUI
Web-based GUI
Java-based GUI
http://www.rapid7.com/products/metasploit/editions-and-features.jsp
17. Features
Real world security testing
Get a security reality check with exploitation, vulnerabilility validation, advanced attacks and evasion techniques.
Vulnerability validation
Verify which potential vulnerabilities really put your network and data at risk.
Productivity boost
Complete assignments faster with efficient workflows, wizards, data management, APIs and automation.
Password auditing
Uncover weak passwords on over a dozen network services.
Web App Testing
Audit on-premise and cloud-based web apps to identify OWASP Top 10 vulnerabilities.
Teamwork and Reporting
Leverage team members' expertise and create reports at the push of a button.
Support for Windows, Linux operating systems
Windows XP, Vista, 7, 8,, Red Hat Enterprise Linux 5.x, 6.x - x86 ,Ubuntu Linux 8.04, 10.04, 12.04 - x86 , Kali Linux 1.0 .
18. Metasploit -Nikto
How to: Metasploit Framework
How to: Nikto(logging to)
●
●
●
●
Set a PostgreSQL database
(u:
msf, pass:password123)
Set web xmlrpc interface at :127.0.0.1,
port 55553,
Run a command like: db_vulns , after,
to see how Nikto tested for and detected
the vulnerability
●
Install Perl modules RPC::XML::Client
and RPC::XML
Add your own test for a vulnerability in
Nikto/Plugins directory
"006XXX","40478","b","/tikiwiki/tiki-graph_formula.php?
w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=","
GET","200","","","","","This device may have a vulnerable installation
of TikiWiki.","",""
where 006XXX is the one number greater than the last entry in
db_test file, 40478 is the osvdb number
[*] Time: Tue Nov 10 00:22:14 UTC 2010 Vuln: host=localhost
port=80 proto=tcp name=nikto.005988 refs=OSVDB-5292
[*] Time: Wed Nov 10 00:23:08 UTC 2010 Vuln: host=localhost
port=80 proto=tcp name=nikto.006453 refs=OSVDB-40478
●
perl nikto.pl -h localhost -Format msf
-o msf:password123@http://localhost:55553/RPC2
all scan results are saved in the msf database in realtime.
19. Nessus -Nikto
●
●
●
●
●
●
●
●
●
●
●
Started: as a project in 1998,
by: Renaud Deraison,
to: provide a free remote security scanner,
but: in 2005 Tenable Network Security take it
and: make it closed source.
Can perform scans on: networks, operating systems, web applications,mobile devices,
Most popular and capable scanner, for UNIX systems particularly,
Support for different operating systems,
Has an extensive plugin database, updated daily, (plugin = vulnerability test written in
NASL(Nessus Attack Scripting Language) )
Various formats of the scan results : plain text, XML, HTML and Latex,
Last stable release: 5.2.1/May 7, 2013.
20. Nessus -Nikto
Nikto can be integrated in Nessus
Settings:
How: when Nessus finds a web
server,automatically launch Nikto.
1.
2.
3.
4.
5.
Nikto installation,
Put nikto.pl in PATH,
Ensure that nikto.nasl is present in the
Nessus install(Nasl Wrapper),
Run “nessusd -R”,
Finally restart nessusd.
21. OpenVAS -Nikto
●
●
●
●
●
●
●
Open Vulnerability Assessment System,
Began under the name GNessUs, as a fork of the Nessus open source tool,
Framework of several services and tools,
Roles: vulnerability scanning and vulnerability management solution,
Cost: free,
Developed by: Greenbone Networks ,
Last stable release: 6.0/April 17, 2013.
Nikto
●
●
●
is integrated, as a tool, into OpenVAS,
the OpenVAS plugin for Nikto integration(nikto.nasl) needs to be present and enabled,
the results of a Nikto scan are included in OpenVAS final scan.