Although not as popular as WordPress, Joomla still accounts for a fair share of the world’s websites, so it definitely deserves a spot among our favorite penetration testing tools.
JoomScan is similar to WPScan, except it works for sites running the Joomla content management system. It also has a lot of other features, such as the ability to intercept HTTP, HTTPS, TCP, and other types of network traffic to pick up login credentials or other sensitive information. Bettercapīettercap is a flexible tool for launching man in the middle attacks. Who knows what kind of fun stuff you’ll find in there. Dirb can launch a dictionary attack against a website to find hidden directories. Sure, Google may never come across it, but that’s where Dirb comes in. And they think that just because they put the files in some random directory, no one is going to find them. You’d be surprised what people upload to the web. Check out our guide for how to install and use telnet on Kali. When it comes to finding vulnerabilities, nothing looks more promising than a wide open port. While not necessarily a hacking tool, telnet remains an ideal utility to test the connection to a certain port of a device. The SET package allows you to craft believable attack vectors to deploy against your users, to see just how easily they can be duped through phishing and social engineering. Even if you enforce strict network rules, usage of strong passwords, and take other security precautions, users can be susceptible to social engineering. It’s been said that the weakest part of any network’s security is the users. We have guides for SSH password testing with Hydra and testing WordPress logins with Hydra. It integrates well with other utilities, and can utilize wordlists to perform dictionary attacks. Hydra has options for attacking logins on a variety of different protocols, such as SSH or websites. Hydra is a popular tool for launching brute force attacks on login credentials. Check out our four part tutorial on using the Burp Suite in Kali. It allows you to intercept and monitor web traffic along with detailed information about the requests and responses to and from a server. When it comes to testing the security of web applications, you’d have a hard time finding a set of tools better than Burp Suite from Portswigger web security.
0 kommentar(er)
