Kali Linux - Website Penetration Testing
[Disclaimer: The content of this article is for educational purposes only. It was written to help readers test their skills on using computers and/or Kali Linux and share knowledge about Kali Linux to the users. The writer of this article/guide take no responsibility for actions resulting from the inappropriate usage of informations contained of this article/guide.]
Now, Let's talk about the tools that are used in website penetration testing, i've made an article about it in my previous post, I think it's hacking articles part 6, so no need to discuss it more just read it guys, Penetration Testing was the way of finding vulnerabilities in a website or system and it was done by the pentesters.
"MAGNI NOMINIS UMBRA"
Masterlist:
1. Vega Usage
2. ZapProxy
3. Database Tools Usage
*sqlmap
*sqlninja
4. CMS Scanning Tools
*WPScan
*Joomscan
5. SSL Scanning Tools
*TLSSLed
6. w3af
1. Vega Usage
-it is a free and open source scanner and testing platform to test the security of web applications. It can help you to find and validate SQL injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
-It also includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. Vega can be extended using a powerful API in the language of the web: JavaScript.
*
The Official webpage of Vega is https://subgraph.com/vega
How to open and use Vega?
Step 1: To open it , go to Applications -> 03-Web Application Analysis -> Vega
Step 2: If you don't see an application in the path type "apt -get update && apt -get install -y vega"
Step 3: To start scanning, click "+" sign
Step 4: Enter the webpage URL that will be scanned. In this case, it is metasploitable machine -> click "Next".
Step 5: Check all the boxes of the modules you want to be controlled. Then, click "Next".
Step 6: Click "Next" again when Authentication Options pop up.
Step 7: Click "Finish".
Step 8: If something pops up , just click "Yes"
And it will continue to scanning
Step 9: After the scan is completed, on the left down panel you can see all the findings, that are categorized according to the severity. If you click it, you will see all the details of the vulnerabilities on the right panel such as "Request", "Discussion", "Impact", and "Remediation".
2. ZapProxy
- ZAP-OWASP Zed Attack Proxy is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications. It is a Java interface.
How to open and use it:
Step 1: To open ZapProxy, go to Applications -> 03-Web Application Analysis -> owasp-zap
YOU ARE READING
Hacking Articles
RandomHacking Articles is an article/guides about basic hacking and any topics related to Hacking/Technology. This was written by Rovic Balingbing a.k.a. Baby Esue, it consists of 30 parts, this "Hacking Articles" consists of some articles, guides, tutor...
