Penetration Testing with Kali Linux OffSec
gobuster dir -u 192.168.50.20 -w /usr/share/wordlists/dirb/common.txt -t
|
|
gobuster dir -u 192.168.50.20 -w /usr/share/wordlists/dirb/common.txt -t
5 =============================================================== Gobuster v3.1.0 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart) =============================================================== [+] Url: http://192.168.50.20 [+] Method: GET [+] Threads: 5 [+] Wordlist: /usr/share/wordlists/dirb/common.txt [+] Negative Status codes: 404 [+] User Agent: gobuster/3.1.0 [+] Timeout: 10s =============================================================== 2022/03/30 05:16:21 Starting gobuster in directory enumeration mode =============================================================== /.hta (Status: 403) [Size: 278] /.htaccess (Status: 403) [Size: 278] /.htpasswd (Status: 403) [Size: 278] /css (Status: 301) [Size: 312] [--> http://192.168.50.20/css/] /db (Status: 301) [Size: 311] [--> http://192.168.50.20/db/] /images (Status: 301) [Size: 315] [--> http://192.168.50.20/images/] /index.php (Status: 302) [Size: 0] [--> ./login.php] /js (Status: 301) [Size: 311] [--> http://192.168.50.20/js/] /server-status (Status: 403) [Size: 278] /uploads (Status: 301) [Size: 316] [--> http://192.168.50.20/uploads/] =============================================================== 2022/03/30 05:18:08 Finished =============================================================== Listing 100 - Running Gobuster Under the /usr/share/wordlists/dirb/ folder we selected the common.txt wordlist, which found ten resources. Four of these resources are inaccessible due to insufficient privileges (Status: 403). However, the remaining six are accessible and deserve further investigation. 8.2.4 Security Testing with Burp Suite Burp Suite 344 is a GUI-based integrated platform for web application security testing. It provides several different tools via the same user interface. 344 (PortSwigger, 2022), https://portswigger.net/burp Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 204 While the free Community Edition mainly contains tools used for manual testing, the commercial versions include additional features, including a formidable web application vulnerability scanner. Burp Suite has an extensive feature list and is worth investigating, but we will only explore a few basic functions in this section. We can find Burp Suite Community Edition in Kali under Applications > 03 Web Application Analysis > burpsuite . Figure 82: Starting Burp Suite We can also launch it from the command line with burpsuite: kali@kali:~$ Yüklə Dostları ilə paylaş:
|