Tools
- sqlmap
- subDomainsBrute
- Routerhunter-2.0
- WhatWeb
sqlmap
一个优秀的开源注入工具
官方网址: http://sqlmap.org
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
Cloning into 'sqlmap-dev'...
remote: Counting objects: 639, done.
remote: Compressing objects: 100% (610/610), done.
remote: Total 639 (delta 170), reused 164 (delta 18), pack-reused 0
Receiving objects: 100% (639/639), 7.17 MiB | 29.00 KiB/s, done.
Resolving deltas: 100% (170/170), done.
$ cd python-dev
$ python sqlmap.py [22:19:26]
___
__H__
___ ___["]_____ ___ ___ {1.2.7.25#dev}
|_ -| . [.] | .'| . |
|___|_ [(]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
Usage: python sqlmap.py [options]
sqlmap.py: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge or --dependencies), use -h for basic or -hh for advanced help
subDomainsBrute
子域名暴力破解
https://github.com/lijiejie/subDomainsBrute
#直接下载解压,git clone也行
Routerhunter-2.0
路由器已知漏洞测试
https://github.com/sh1nu11bi/Routerhunter-2.0
$ git clone https://github.com/sh1nu11bi/Routerhunter-2.0 [22:46:51]
Cloning into 'Routerhunter-2.0'...
remote: Counting objects: 42, done.
remote: Total 42 (delta 0), reused 0 (delta 0), pack-reused 42
Unpacking objects: 100% (42/42), done.
$ cd Routerhunter-2.0
$ python routerhunter.py
usage: Routerhunter [-h] [-range 192.168.1.0-255] [-bruteforce] [-startip 192.168.*.*] [-endip 192.168.*.*] -dns1 8.8.8.8 -dns2 8.8.4.4 [--threads 10] [-rip] [-lmtip 10]
Routerhunter: error: argument -dns1/--dns1 is required
WhatWeb
判断是什么网站
https://github.com/urbanadventurer/whatweb
https://github.com/urbanadventurer/WhatWeb/wiki/Usage
$ git clone https://github.com/urbanadventurer/whatweb
Cloning into 'whatweb'...
remote: Counting objects: 25740, done.
remote: Total 25740 (delta 0), reused 0 (delta 0), pack-reused 25740
Receiving objects: 100% (25740/25740), 9.00 MiB | 41.00 KiB/s, done.
Resolving deltas: 100% (17353/17353), done.
$ cd whatweb
$ ./whatweb
.$$$ $. .$$$ $.
$$$$ $$. .$$$ $$$ .$$$$$$. .$$$$$$$$$$. $$$$ $$. .$$$$$$$. .$$$$$$.
$ $$ $$$ $ $$ $$$ $ $$$$$$. $$$$$ $$$$$$ $ $$ $$$ $ $$ $$ $ $$$$$$.
$ `$ $$$ $ `$ $$$ $ `$ $$$ $$' $ `$ `$$ $ `$ $$$ $ `$ $ `$ $$$'
$. $ $$$ $. $$$$$$ $. $$$$$$ `$ $. $ :' $. $ $$$ $. $$$$ $. $$$$$.
$::$ . $$$ $::$ $$$ $::$ $$$ $::$ $::$ . $$$ $::$ $::$ $$$$
$;;$ $$$ $$$ $;;$ $$$ $;;$ $$$ $;;$ $;;$ $$$ $$$ $;;$ $;;$ $$$$
$$$$$$ $$$$$ $$$$ $$$ $$$$ $$$ $$$$ $$$$$$ $$$$$ $$$$$$$$$ $$$$$$$$$'
WhatWeb - Next generation web scanner version 0.4.9.
Developed by Andrew Horton (urbanadventurer) and Brendan Coles (bcoles)
Homepage: http://www.morningstarsecurity.com/research/whatweb
Usage: whatweb [options] <URLs>
TARGET SELECTION:
<TARGETs> Enter URLs, hostnames, IP adddresses, or
nmap-format IP ranges.
--input-file=FILE, -i Read targets from a file.
AGGRESSION:
--aggression, -a=LEVEL Set the aggression level. Default: 1.
1. Stealthy Makes one HTTP request per target and also
follows redirects.
3. Aggressive If a level 1 plugin is matched, additional
requests will be made.
PLUGINS:
--list-plugins, -l List all plugins.
--info-plugins, -I=[SEARCH] List all plugins with detailed information.
Optionally search with a keyword.
--search-plugins=STRING Search plugins for a keyword.
--grep, -g=STRING Search for STRING in HTTP responses. Reports
with a plugin named Grep.
OUTPUT:
--verbose, -v Verbose output includes plugin descriptions.
Use twice for debugging.
--colour,--color=WHEN control whether colour is used. WHEN may be
`never', `always', or `auto'.
HELP & MISCELLANEOUS:
--short-help This short usage help.
--help, -h Complete usage help.
EXAMPLE USAGE:
* Scan example.com.
./whatweb example.com
* Scan reddit.com slashdot.org with verbose plugin descriptions.
./whatweb -v reddit.com slashdot.org
* An aggressive scan of wired.com detects the exact version of WordPress.
./whatweb -a 3 www.wired.com
* Scan the local network quickly and suppress errors.
whatweb --no-errors 192.168.0.0/24
* Scan the local network for HTTPS websites.
whatweb --no-errors --url-prefix https:// 192.168.0.0/24
* Scan for crossdomain policies in the Alexa Top 1000.
./whatweb -i plugin-development/alexa-top-100.txt \
--url-suffix /crossdomain.xml -p crossdomain_xml
Note: This is the short usage help.
For the complete usage help use -h or --help.
网友评论