Ngwa 10 kacha mma nleba anya

op 10 Ngwa nyocha pen 2022
Nyefee GoPhish Phishing Platform na Ubuntu 18.04 n'ime AWS

1. Kali Linux

Kali abụghị ngwá ọrụ kwa otu. Ọ bụ ihe na-emepe emepe nke sistemụ arụmọrụ Linux arụpụtara maka ya ọmụma ọrụ nchekwa dị ka nyocha nchekwa, reverse engineering, forensics kọmputa, na, ị chepụtara ya, ule ntinye.

Kali nwere ọtụtụ ngwaọrụ nnwale nnabata, ụfọdụ n'ime ha ị ga-ahụ na ndepụta a ka ị na-agụ na ya. Ngwa ndị a nwere ike ime ihe niile ịchọrọ ma a bịa n'ule pen. Ịchọrọ ịme mwakpo ogbugba SQL, bufee ụgwọ ọrụ, gbawaa paswọọdụ? Enwere ngwaọrụ maka nke ahụ.

A na-akpọbu ya Backtrack tupu aha ya ugbu a, Kali. Nchebe na-ewe iwe na-echekwa ya ugbu a bụ onye na-ewepụta mmelite na OS otu oge iji tinye ngwaọrụ ọhụrụ, melite ndakọrịta, na ịkwado ngwaike ndị ọzọ.

Otu ihe dị ịtụnanya gbasara Kali bụ nnukwu ikpo okwu ọ na-arụ. Ị nwere ike ịgba ọsọ Kali na ngwaọrụ mkpanaka, Docker, ARM, Amazon Web Services, Windows Subsystem for Linux, Virtual Machine, na metal efu. 

Omume a na-emekarị nke ndị na-enyocha mkpịsị akwụkwọ bụ iji Kali na-ebunye rasberi pis n'ihi obere nha ha. Nke a na-eme ka ọ dị mfe ikwunye ya na netwọk n'ebe anụ ahụ nke ebumnuche dị. Agbanyeghị, ọtụtụ ndị na-anwale pen na-eji Kali na VM ma ọ bụ draịva mkpịsị aka bootable.

Mara na nchekwa ndabara Kali adịghị ike, yabụ ịkwesịrị ịkwado ya tupu ịme ma ọ bụ chekwaa ihe ọ bụla nzuzo na ya.

2. Metasploit

Ọ bụghị mgbe niile ka a na-enye ịgafe nchekwa nke sistemụ ebumnuche. Ndị na-anwale pen na-adabere na adịghị ike dị n'ime sistemu ebumnuche iji nweta nri ma ọ bụ njikwa. Dị ka ị nwere ike iche n'echiche, a chọpụtala ọtụtụ puku adịghị ike n'ọtụtụ dị iche iche nke ikpo okwu kemgbe ọtụtụ afọ. Ọ gaghị ekwe omume ịmara adịghị ike ndị a niile na nrigbu ha, ebe ọ bụ na ha dị ọtụtụ.

Nke a bụ ebe Metasploit na-abata. Metasploit bụ nchekwa nchekwa mepere emepe nke Rapid 7 mebere. A na-eji ya nyochaa sistemụ kọmputa, netwọkụ, na sava maka adịghị ike iji jiri ha mee ihe ma ọ bụ detuo ha.

Metasploit nwere ihe karịrị puku iri abụọ n'ofe nyiwe dị iche iche, dị ka gam akporo, Cisco, Firefox, Java, JavaScript, Linux, NetWare, nodejs, macOS, PHP, Python, R, Ruby, Solaris, Unix, na n'ezie. Windows. 

Ewezuga nyocha maka adịghị ike, ndị pentesters na-ejikwa Metasploit maka mmepe irigbu, ibufe ụgwọ ọrụ, ịnakọta ozi, na ijikwa ohere na sistemụ mebiri emebi.

Metasploit na-akwado ụfọdụ Windows na Linux usoro nhazi na ọ bụ otu n'ime ngwa arụnyere na Kali.

3. Wireshark

Tupu ha anwa ịgafe nchekwa nke sistemu, ndị pentesters na-anwa ikpokọta ozi dịka ha nwere ike gbasara ebumnuche ha. Ime nke a na-enye ha ohere ikpebi ụzọ kachasị mma iji nwalee usoro ahụ. Otu n'ime ngwaọrụ pentesters na-eji n'oge usoro a bụ Wireshark.

Wireshark bụ ihe nyocha protocol netwọkụ ejiri mee ka echiche nke okporo ụzọ na-aga na netwọkụ. Ndị ọkachamara netwọkụ na-ejikarị ya dozie nsogbu njikọ TCP/IP dị ka okwu latency, ngwugwu ndị a tụfuru, na ọrụ ọjọọ.

Agbanyeghị, ndị pentesters na-eji ya nyochaa netwọkụ maka adịghị ike. E wezụga ịmụta ka esi eji ngwá ọrụ ahụ n'onwe ya, ọ dịkwa mkpa ka ị mara ụfọdụ echiche ịkparịta ụka n'Ịntanet dị ka TCP/IP stack, ịgụ na ịkọwa isi okwu, nghọta ụzọ, mbugharị ọdụ ụgbọ mmiri, na ọrụ DHCP iji jiri ya mee ihe nke ọma.

 

Ụfọdụ n'ime njirimara ya bụ:

  • Nwere ike nyochaa nnukwu data.
  • Nkwado maka nyocha na decryption nke narị protocol.
  • Ntụle oge na ntanetị nke netwọkụ.
  • Ihe nzacha njide na ngosipụta dị ike.

 

Wireshark dị na Windows, macOS, Linux, Solaris, FreeBSD, NetBSD na ọtụtụ nyiwe ndị ọzọ. 

Ọdịnaya akwadoro:

Subdomain Scan API

4. Ndokwa

Pentesters na-eji Nmap maka ịnakọta ozi yana ịchọpụta adịghị ike na netwọk. Nmap, dị mkpụmkpụ maka maapụ netwọkụ, bụ nyocha ọdụ ụgbọ mmiri ejiri mee nchọpụta netwọkụ. Ewubere Nmap iji nyochaa nnukwu netwọkụ nwere ọtụtụ narị puku igwe, ngwa ngwa. 

Nyocha ndị dị otú ahụ na-enyekarị ozi dị ka ụdị ndị ọbịa na netwọkụ, ọrụ(aha ngwa na ụdị) ha na-enye, aha na ụdị OS nke ndị ọbịa na-agba ọsọ, nzacha ngwugwu na firewalls na-eji, yana ọtụtụ njirimara ndị ọzọ. 

Ọ bụ site na nyocha Nmap ka ndị pentesters na-achọpụta ndị ọbịa nwere ike irigbu. Nmap na-enyekwa gị ohere inyocha onye ọbịa na oge ọrụ na netwọk.

Nmap na-agba na isi sistemụ arụmọrụ dịka Linux, Microsoft Windows, Mac OS X, FreeBSD, OpenBSD na Solaris. Ọ na-abịakwa etinyere ya na Kali dị ka ngwaọrụ nnwale ntinye n'elu.

5. Aircrack-ng

Netwọk WiFi nwere ike ịbụ otu n'ime sistemụ mbụ ịchọrọ ị nwere ike mbanye anataghị ikike. E kwuwerị, onye na-agaghị achọ WiFi "free"? Dịka pentester, ị kwesịrị ịnwe ngwaọrụ maka ịnwale nchekwa WiFi na ngwaọrụ gị. Kedu ngwá ọrụ dị mma iji karịa Aircrack-ng?

Aircrack-ng bụ ngwá ọrụ mepere emepe pentesters na-eji eme ihe na netwọk ikuku. Ọ nwere nnukwu ngwaọrụ eji enyocha netwọk ikuku maka adịghị ike.

Ngwa Aircrack-ng niile bụ ngwa ahịrị iwu. Nke a na-eme ka ọ dịrị ndị pentesters mfe ịmepụta edemede omenala maka iji elu mee ihe. Ụfọdụ n'ime njirimara ya bụ:

  • Ngwunye netwọk nlekota oru.
  • Mwakpo site na ntụtụ ngwu.
  • Na-anwale ike WiFi na ọkwọ ụgbọ ala.
  • Netwọk WiFi na-agbaji na ụkpụrụ nzuzo WEP na WPA PSK (WPA 1 na 2).
  • Nwere ike ijide ma bupụ ngwugwu data maka nyocha ọzọ site na ngwaọrụ ndị ọzọ.

 

Aircrack-ng na-arụ ọrụ na Linux (na-abịa na Kali) mana ọ dịkwa na Windows, macOS, FreeBSD, OpenBSD, NetBSD, Solaris, na eComStation 2.

6. Sqlmap

Sistemụ njikwa nchekwa data enweghị nchekwa bụ ọgụ vector pentesters na-ejikarị banye n'ime sistemụ. Ebe nchekwa data bụ akụkụ dị mkpa nke ngwa ọgbara ọhụrụ, nke pụtara na ha dị ebe niile. Ọ pụtakwara na ndị pentesters nwere ike banye n'ọtụtụ sistemụ site na DBMS na-enweghị nchebe. 

Sqlmap bụ ngwá ọrụ ịgba ọgwụ SQL nke na-emezi nchọpụta na nrigbu ntụpọ SQL iji weghara nchekwa data. Tupu Sqlmap, ndị pentesters ji aka na-awakpo ogbugba SQL. Nke a pụtara na ime usoro ahụ chọrọ ihe ọmụma tupu oge eruo.

Ugbu a, ọbụlagodi ndị mbido nwere ike iji usoro ịgba ntụtụ isii nke SQL nke Sqlmap (ìsì dabeere na boolean, kpuru isi oge, dabere na njehie, dabere na ajụjụ UNION, ajụjụ gbara agba, na nke na-apụ apụ) iji nwaa ịbanye. nchekwa data. 

Sqlmap nwere ike ibuso ọgụ n'ọtụtụ DBMS dị ka MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, na SQLite. Gaa na webụsaịtị maka ndepụta zuru ezu. 

 

Ụfọdụ njiri mara ya gụnyere:

  • Na-eme iwu na OS nke igwe ebumnuche, site na njikọ na-apụ apụ.
  • Ịnweta usoro faịlụ dị n'okpuru nke igwe ebumnuche.
  • Nwere ike ịmata ụdị hash paswọọdụ na-akpaghị aka, wee gbawaa ha site na iji mwakpo ọkọwa okwu. 
  • Nwere ike guzobe njikọ n'etiti igwe onye na-awakpo na OS dị n'okpuru nke sava nchekwa data, na-enye ya ohere ịmalite ọnụ, nnọkọ Meterpreter, ma ọ bụ nnọkọ GUI site na VNC.
  • Nkwado maka nkwalite ihe ùgwù onye ọrụ site na Metasploit's Meterpreter.

 

Ejiri Python rụọ Sqlmap, nke pụtara na ọ nwere ike ịgba ọsọ n'elu ikpo okwu ọ bụla nwere onye ntụgharị Python arụnyere.

Ọdịnaya akwadoro:

Ọkọlọtọ API nke CORS nyocha

7. Hydra

Ọ bụ ihe ịtụnanya etu okwuntughe ndị mmadụ si esighi ike. Nyocha nke okwuntughe kacha ewu ewu nke ndị ọrụ LinkedIn ji mee ihe na 2012 gosiri na Ihe karịrị ndị ọrụ 700,000 nwere '123456' dị ka okwuntughe ha!

Ngwa dị ka Hydra na-eme ka ọ dị mfe ịchọpụta okwuntughe adịghị ike na nyiwe ịntanetị site n'ịgbalị ịgbawa ha. Hydra bụ ihe mgbawa okwuntughe nbanye netwọk jikọtara ya (ọ dị mma, nke ahụ bụ ọnụ) eji agbawa okwuntughe n'ịntanetị.

A na-ejikarị Hydra na-emepụta ihe ndepụta okwu ndị ọzọ dị ka Crunch na Cupp, n'ihi na ọ naghị ewepụta listi okwu n'onwe ya. Iji jiri Hydra, naanị ihe ị ga - eme bụ ịkọwapụta ebumnuche ị ga - abụ nnwale pen, banye na ndepụta okwu, wee gbaa ọsọ.

Hydra na-akwado ogologo ndepụta nyiwe na usoro netwọkụ dị ka Cisco auth, Cisco nyeere, FTP, HTTP(S)-(FORM-GET, FORM-POST, GET, HEAD), HTTP-Proxy, MS-SQL, MySQL, Oracle Onye na-ege ntị, Oracle SID, POP3, PostgreSQL, SMTP, SOCKS5, SSH (v1 na v2), Subversion, Telnet, VMware-Auth, VNC, na XMPP.

Ọ bụ ezie na etinyere Hydra na Kali, a nwalere ya iji chịkọta nke ọma na Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) na MacOS, dị ka ndị mmepe ya siri kwuo.

8. John The Ripper

Aha dị iche iche, John The Ripper bụ ngwa ngwa, mepere emepe, mgbaka okwuntughe na-anọghị n'ịntanetị. Ọ nwere ọtụtụ crackers okwuntughe ma na-ahapụkwa gị ka ịmepụta cracker omenala.

John The Ripper na-akwado ọtụtụ hash okwuntughe na ụdị cipher na-eme ka ọ bụrụ ngwa ọrụ dị ukwuu. cracker okwuntughe na-akwado CPUs, GPUs, yana FPGA site na Openwall, ndị mmepe nke cracker paswọọdụ.

Iji jiri John The Ripper ị na-ahọrọ site na ụdịdị anọ dị iche iche: ụdị ndepụta okwu, otu mgbape mode, ọnọdụ agbakwunyere, na ọnọdụ mpụga. Onye ọ bụla mode nwere ụzọ nke cracking okwuntughe na-eme ka ọ dabara maka ụfọdụ ọnọdụ. Mwakpo John The Ripper na-abụkarị site n'ike ike na mwakpo akwụkwọ ọkọwa okwu.

Ọ bụ ezie na John The Ripper bụ ebe mepere emepe, ọ nweghị ụlọ ọrụ gọọmentị dị (n'efu). Ị nwere ike nweta nke ahụ site na ịdenye aha maka ụdị Pro, nke gụnyekwara atụmatụ ndị ọzọ dịka nkwado maka ụdị hash ndị ọzọ.

John The Ripper dị na sistemụ arụmọrụ 15 (n'oge edere nke a) gụnyere macOS, Linux, Windows, na gam akporo.

9. Burp Suite

Ruo ugbu a, anyị atụlewo ule netwọk, ọdụ data, WiFi, na sistemụ arụmọrụ, mana gịnị gbasara ngwa weebụ? Mmụba nke SaaS emeela ka ọtụtụ ngwa weebụ na-apụta n'ime afọ. 

Nchekwa nke ngwa ndị a dị oke mkpa, ma ọ bụrụ na ọ bụghị karịa nyiwe ndị ọzọ anyị nyochara, na-atụle ọtụtụ ụlọ ọrụ na-ewuzi ngwa weebụ kama ngwa ngwa desktọpụ.

A bịa na ngwaọrụ nnwale nnabata maka ngwa weebụ, Burp Suite nwere ike ịbụ nke kacha mma n'ebe ahụ. Burp Suite adịghị ka ngwaọrụ ọ bụla dị na ndepụta a, yana njirimara njirimara ya na ọnụ ahịa dị arọ.

Burp Suite bụ nyocha adịghị ike webụ nke Portswigger Web Security wuru iji chedo ngwa webụ site na iwepụ ntụpọ na adịghị ike. N'agbanyeghị na ọ nwere mbipụta obodo n'efu, ọ nweghị nnukwu njiri mara njirimara ya.

Burp Suite nwere ụdị Pro yana ụdị ụlọ ọrụ. Enwere ike ịkekọta atụmatụ nke ụdị ọkachamara n'ime atọ; Njirimara nyocha ntinye aka nke aka, mbuso agha akpaghị aka dị elu/nke ahaziri ahazi, yana nyocha adịghị ike akpaaka. 

Ụdị ụlọ ọrụ ahụ gụnyere atụmatụ Pro niile yana ụfọdụ atụmatụ ndị ọzọ dị ka ntinye CI, nhazi oge nyocha, scalability nke ụlọ ọrụ. Ọ na-efu a dum otutu ihe na $6,995, ebe Pro version na-efu naanị $399.

Burp Suite dị na Windows, Linux, na macOS.

Ọdịnaya akwadoro:

API nlele Ọrụ igwe ojii

10. MobSF

Ihe karịrị 80% nke ndị nọ n'ụwa taa nwere smartphones, ya mere ọ bụ ụzọ a pụrụ ịdabere na ya cybercriminals ịwakpo ndị mmadụ. Otu n'ime vectors ọgụ a na-ejikarị bụ ngwa nwere adịghị ike.

MobSF ma ọ bụ Nchekwa ekwentị mkpanaaka bụ usoro ntule nchekwa ekwentị ewuru iji mebe nyocha malware, nyocha pen, yana nyocha static & ike nke ngwa mkpanaka.

Enwere ike iji MobSF nyochaa faịlụ ngwa Android, iOS, na Windows(mobile). Ozugbo enyochala faịlụ ngwa ahụ, MobSF na-akwado akụkọ na-achịkọta arụmọrụ nke ngwa ahụ yana ịkọwapụta nsogbu ndị nwere ike inye ohere ịnweta ozi na ekwentị na-enweghị ikike.

MobSF na-eme ụdị nyocha abụọ na ngwa mkpanaaka: static(reverse engineering) na ike. N'oge nyocha static, a na-ebu ụzọ achịkọta ekwentị mkpanaaka. A na-ewepụta ma nyochaa faịlụ ya maka adịghị ike. 

A na-eme nyocha dị omimi site na iji ngwa ahụ na emulator ma ọ bụ ngwaọrụ n'ezie wee lelee ya maka ịnweta data dị nro, arịrịọ na-enweghị nchebe, yana nkọwa nke koodu siri ike. MobSF tinyekwara fuzzer API Weebụ nke CappFuzz kwadoro.

MobSF na-arụ ọrụ na Linux Ubuntu/Debian, macOS na Windows. O nwekwara onyonyo Docker arụgoro mbụ. 

Na ngwụcha…

Ọ bụrụ na ị tinyelarị Kali Linux tupu ugbu a, ị gaara ahụla ọtụtụ ngwaọrụ dị na ndepụta a. Ndị ọzọ ị nwere ike ịwụnye n'onwe gị). Ozugbo i mechara tinye ngwaọrụ ndị ị chọrọ, nzọụkwụ ọzọ bụ ịmụta ka esi eji ha. Ọtụtụ n'ime ngwaọrụ ndị ahụ dị mfe iji, na tupu ị mara ya, ị ga-aga n'ụzọ iji kwalite nchekwa ndị ahịa gị site na iji usoro nka ọhụrụ.

Nyefee ShadowSocks Proxy Server na Ubuntu 20.04 n'ime AWS

Services

Ụlọ ọrụ anyị

Adreesị anyị

Hailbytes

9511 Queens Guard Ct.

Laurel, MD 20723

Ekwentị: (732) 771-9995

Email: info@hailbytes.com

Solutions

FAQ nchekwa

Social Media