Part 2 - Tools
Video Activity
In this video we go over the essential tools that are part of the web app pentester's tool kit. The core testing platform is a virtualized environment - either VMWare or VirtualBox - running Kali Linux. The tools discussed are: - Vega web vulnerability scanner. - BurpSuite web vulnerability scanner. - SQLMap automatic SQL injection and database enu...
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
In this video we go over the essential tools that are part of the web app pentester's tool kit. The core testing platform is a virtualized environment - either VMWare or VirtualBox - running Kali Linux. The tools discussed are: - Vega web vulnerability scanner. - BurpSuite web vulnerability scanner. - SQLMap automatic SQL injection and database enumeration tool. - Arachni web app attack and audit framework. - W3AF network fuzzer. - Nikto open source web server scanner. - SearchSploit database exploit tool. - NMAP network discovery and mapping tool.
Video Transcription
00:03
>> Welcome to cybrary. I am Raymond Evans and I will be
00:03
your subject matter expert for
00:03
cybrary's web app pentesting course.
00:03
In this video, we will be
00:03
discussing web app and testing tools.
00:03
Here's are some of the tools we will be
00:03
discussing that will be used throughout this course.
00:03
There will be a couple more that will be used
00:03
throughout the course that will pop up here in there.
00:03
However, if you're running the kali,
00:03
and kali two environment,
00:03
they can pre-install so you
00:03
won't have to worry about getting them.
00:03
We will be using Vega,
00:03
which is a web vulnerability scanner.
00:03
It spiders to test for cross-site scripting,
00:03
SQL injection and XML injection, and more.
00:03
It tests for vulnerabilities automatically.
00:03
You could also set up a proxy to have a test through.
00:03
Vega also has an interceptor proxy,
00:03
which allows for you to perform
00:03
manipulation of packets which
00:03
come in handy. Where do you find it?
00:03
We find it at the link here,
00:03
or it comes pre-installed on kali and kali 2.
00:03
Next, we have Burpsuite.
00:03
Burpsuite is a web
00:03
application vulnerability scanner as well.
00:03
From spidering it tests for SQL injection,
00:03
cross-site scripting, XML injection,
00:03
and a whole lot more.
00:03
It also has an interceptor bit proxy built-in,
00:03
which again allows you to capture the packets as they
00:03
traverse and allows you to
00:03
manipulate things that is being same.
00:03
Also as a repeater tool,
00:03
which can allow you to reattempt and
00:03
attack and allow you to
00:03
change the packet before you send the attack.
00:03
Then Burpsuite has a really nice report builder,
00:03
built into it as well,
00:03
which is very handy.
00:03
Also has an active scanner and a passive scanner.
00:03
However, we will not be using
00:03
this tool due to the cost of it.
00:03
It is a $300 tool and I'm not going
00:03
to have my students go out and get that.
00:03
It can be found at the ports of
00:03
your website and they can be
00:03
found or the free version can be
00:03
found pre-installed on kali and kali two.
00:03
If you want to mess around
00:03
>> with the free version and see
00:03
>> the built-in tools that it has then,
00:03
by all means, go ahead and do that.
00:03
Next, we have SQLMAP.
00:03
SQLMAP is an automatic SQL injection
00:03
and database enumeration tool.
00:03
It tests for SQL vulnerabilities, dumps and cracks,
00:03
password hashes, executes commands on the database.
00:03
It allows for user privilege escalation
00:03
and post requests injection.
00:03
This is an excellent tool that is free.
00:03
When we get to our SQL inject exploitation lesson,
00:03
we'll be using this along with SQL SaaS.
00:03
Next, there is SQL Ninja.
00:03
SQL Ninja is an automatic SQL injection
00:03
and database enumeration tool.
00:03
Test for SQL vulnerabilities,
00:03
dumps and cracks, password hashes.
00:03
Actually, uses commands on database.
00:03
It also performs user privilege escalation
00:03
and post requests injection.
00:03
That can be found at the link below,
00:03
but it can also be found pre-installed on kali as well.
00:03
We're not going to really hit
00:03
this tool but I want you to know that
00:03
this tool is available for you and it
00:03
can be a pretty powerful tool in your arsenal.
00:03
Next, we have Arachni,
00:03
which is a web application attack and audit framework.
00:03
It acts the same way as Vega and Burpsuite,
00:03
except it's super customizable.
00:03
We will be using this tool.
00:03
It audits for SQL injection,
00:03
cross-site scripting, buffer overflows,
00:03
and a whole lot more.
00:03
Also has a web crawler built-in.
00:03
It allows for vulnerability verification as well,
00:03
which is really awesome.
00:03
You can find that at the Arachni scanner website.
00:03
This is a tool that will be used,
00:03
so have this downloaded and installed.
00:03
Next, we have Nikto.
00:03
Nikto is an open-source web server scanner,
00:03
identifies installed web servers in a software,
00:03
and it checks for outdated versions
00:03
of servers and it also checks
00:03
for any server configuration problems.
00:03
You can find that at the link below here,
00:03
or you can find it pre-installed in kali.
00:03
Then we have Searchsploit.
00:03
Searchsploit is an excellent tool to use.
00:03
It's an exploit database,
00:03
it's easy to search and it's
00:03
pre-loaded with tons of exploits scripts.
00:03
It compiles all available exploits
00:03
from ExploitDB in one handy location.
00:03
It also compiles a bunch of scripts as well.
00:03
Normally the ExploitDB database,
00:03
people only think of that as, hey,
00:03
this is where things from
00:03
Metasploit save but in actuality,
00:03
it actually has a lot of
00:03
exploits scripts that you can search for.
00:03
It's pretty handy to have,
00:03
especially when you try and
00:03
perform a security audit
00:03
and make a quick check to
00:03
see if an exploit exists for something.
00:03
Finally, we have Nmap. What is Nmap?
00:03
Well, Nmap is one of the most
00:03
basic tools you're going to
00:03
hear about in network security and cybersecurity.
00:03
Nmap is a network discovery and security auditing tool.
00:03
Its found on every single
00:03
Linux distribution that's out there.
00:03
Nmap is a fantastic tool to use for host discovery,
00:03
port scanning, OS detection,
00:03
version detection, and as an awesome script engine.
00:03
What does that mean? Well, Nmap will go out,
00:03
and it'll identify everything
00:03
that is alive on your network,
00:03
all the machines that are communicating.
00:03
Then it'll go through out-scan
00:03
all the ports of that machine.
00:03
It'll tell you what services are running
00:03
and the versions of those services.
00:03
If you're trying to scan for something
00:03
that might be an older service version on a network,
00:03
and you're trying to figure out
00:03
whether or not you're running
00:03
that specific piece of software where
00:03
you can run that Nmap and it'll detect if
00:03
some server software is running that might be an older,
00:03
outdated version that needs to be updated.
00:03
It also do OS detection,
00:03
so it'll tell you what operating system a server is,
00:03
or desktop or whatever.
00:03
Maybe it'll tell you what that OS is.
00:03
Then finally, has a really robust script engine.
00:03
This script engine allows you
00:03
to do some really awesome things.
00:03
A lot of people think Nmap is
00:03
just the scanner tool that you use for
00:03
network when actually Nmap allows you to do things
00:03
like detecting cross-site scripting,
00:03
SQL injections, brute-forcing databases,
00:03
all kinds of really awesome stuff.
00:03
Nmap is definitely a tool that you want to
00:03
know how to use and that you want in your arsenal.
00:03
Learn how to use it well,
00:03
and you learn how to use that script engine
00:03
well because there's some really awesome tools in
00:03
there that it'll help you be better
00:03
at what you're doing. What's covered?
00:03
We've talked about Vega, Burpsuite,
00:03
which are both web
00:03
app vulnerability scanners that are used
00:03
for fuzzing and trying to find
00:03
vulnerabilities on a web application.
00:03
We talked about, SQLMAP and SQL Ninja,
00:03
which are both used for
00:03
getting information from databases.
00:03
We also talked about W3AF,
00:03
which again is another web application fuzzer,
00:03
as well as some other built-in tools with it.
00:03
We talked about Nikto,
00:03
which is used for scanning a server and identifying
00:03
any misconfigurations or vulnerability
00:03
is right at the door or anything
00:03
that might be interesting.
00:03
Then we talked about Searchsploit,
00:03
which is an exploit database that's built
00:03
into Kali Linux and can be used to
00:03
look up exploits or scripts
00:03
that can be used against a target.
00:03
Then we talked about Nmap,
00:03
which is a super robust script engine
00:03
and network scanner,
00:03
and all awesome stuff.
00:03
Happy hacking everyone.
Up Next
Instructed By
Similar Content
