您好,欢迎来到品趣旅游知识分享网。
科技 教育 生活 旅游 时尚 美容 美食 健康 体育 游戏 汽车 家电
搜索
您的当前位置:首页渗透测试(二):弱点扫描

渗透测试(二):弱点扫描

来源:品趣旅游知识分享网
exploit-db

can help to find vulnerabilities and provide code for teaching you how to use these weaks.

vulns scan

you can also use searchsploit on kali linux

root@kali:/usr/share/nmap/scripts# searchsploit tomcat
------------------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                         |  Path
                                                                                                       | (/usr/share/exploitdb/)
------------------------------------------------------------------------------------------------------- ----------------------------------------
4D WebSTAR 5.3/5.4 Tomcat Plugin - Remote Buffer Overflow                                              | exploits/osx/remote/25626.c
AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution                             | exploits/cgi/webapps/35035.txt
Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service                          | exploits/unix/dos/22068.pl
Apache Commons FileUpload and Apache Tomcat - Denial of Service                                        | exploits/multiple/dos/31615.rb
Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Local Privilege Escalation                     | exploits/windows/local/72.txt
Apache Tomcat - 'WebDAV' Remote File Disclosure                                                        | exploits/multiple/remote/4530.pl
Apache Tomcat - Account Scanner / 'PUT' Request Command Execution                                      | exploits/multiple/remote/18619.txt
Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)                   | exploits/windows/remote/47073.rb
Apache Tomcat - Cookie Quote Handling Remote Information Disclosure                                    | exploits/multiple/remote/9994.txt
Apache Tomcat - Form Authentication 'Username' Enumeration                                             | exploits/multiple/remote/9995.txt
Apache Tomcat - WebDAV SSL Remote File Disclosure                                                      | exploits/linux/remote/4552.pl
Apache Tomcat / Geronimo 1.0 - 'Sample Script cal2.jsp?time' Cross-Site Scripting                      | exploits/multiple/remote/27095.txt
Apache Tomcat 3.0 - Directory Traversal                                                                | exploits/windows/remote/20716.txt
Apache Tomcat 3.1 - Path Revealing                                                                     | exploits/multiple/remote/20131.txt
Apache Tomcat 3.2 - 404 Error Page Cross-Site Scripting                                                | exploits/multiple/remote/33379.txt
Apache Tomcat 3.2 - Directory Disclosure                                                               | exploits/unix/remote/21882.txt
Apache Tomcat 3.2.1 - 404 Error Page Cross-Site Scripting                                              | exploits/multiple/webapps/10292.txt
Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Information Disclosuree                                     | exploits/multiple/remote/21492.txt
Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Information Disclosure                                        | exploits/multiple/remote/21490.txt
Apache Tomcat 3.2.3/3.2.4 - Example Files Web Root Full Path Disclosure                                | exploits/multiple/remote/21491.txt
Apache Tomcat 3.x - Null Byte Directory / File Disclosure                                              | exploits/linux/remote/22205.txt
Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure                                                   | exploits/unix/remote/21853.txt
Apache Tomcat 3/4 - JSP Engine Denial of Service                                                       | exploits/linux/dos/21534.jsp
Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting                           | exploits/windows/remote/21605.txt
Apache Tomcat 4.0.3 - Requests Containing MS-DOS Device Names Information Disclosure                   | exploits/multiple/remote/31551.txt
Apache Tomcat 4.0.3 - Servlet Mapping Cross-Site Scripting                                             | exploits/linux/remote/21604.txt
Apache Tomcat 4.0.x - Non-HTTP Request Denial of Service                                               | exploits/linux/dos/23245.pl
Apache Tomcat 4.0/4.1 - Servlet Full Path Disclosure                                                   | exploits/unix/remote/21412.txt
Apache Tomcat 4.1 - JSP Request Cross-Site Scripting                                                   | exploits/unix/remote/21734.txt
Apache Tomcat 5 - Information Disclosure                                                               | exploits/multiple/remote/282.txt
Apache Tomcat 5.5.0 < 5.5.29 / 6.0.0 < 6.0.26 - Information Disclosure                                 | exploits/multiple/remote/12343.txt
Apache Tomcat 5.5.15 - cal2.jsp Cross-Site Scripting                                                   | exploits/jsp/webapps/30563.txt
Apache Tomcat 5.5.25 - Cross-Site Request Forgery                                                      | exploits/multiple/webapps/29435.txt
Apache Tomcat 5.x/6.0.x - Directory Traversal                                                          | exploits/linux/remote/29739.txt
Apache Tomcat 6.0.10 - Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities  | exploits/multiple/remote/30052.txt
Apache Tomcat 6.0.13 - Host Manager Servlet Cross-Site Scripting                                       | exploits/multiple/remote/30495.html
Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disclosure                  | exploits/multiple/remote/30496.txt
Apache Tomcat 6.0.13 - JSP Example Web Applications Cross-Site Scripting                               | exploits/jsp/webapps/301.txt
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure                             | exploits/multiple/remote/31130.txt
Apache Tomcat 6.0.16 - 'HttpServletResponse.sendError()' Cross-Site Scripting                          | exploits/multiple/remote/32138.txt
Apache Tomcat 6.0.16 - 'RequestDispatcher' Information Disclosure                                      | exploits/multiple/remote/32137.txt
Apache Tomcat 6.0.18 - Form Authentication Existing/Non-Existing 'Username' Enumeration                | exploits/multiple/remote/33023.txt
Apache Tomcat 6/7/8/9 - Information Disclosure                                                         | exploits/multiple/remote/41783.txt
Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting                                          | exploits/linux/remote/35011.txt
Apache Tomcat 8/7/6 (Debian-Based Distros) - Local Privilege Escalation                                | exploits/linux/local/40450.txt
Apache Tomcat 8/7/6 (RedHat Based Distros) - Local Privilege Escalation                                | exploits/linux/local/40488.txt
Disclosure                        | exploits/multiple/remote/20719.txt
------------------------------------------------------------------------------------------------------- ----------------------------------------
Shellcodes: No Result
Common Vulnerability Scoring System(CVSS)

refer to

Common Vulnerabilities and Exposures(CVE)

https://cve.mitre.org/ can be utilized to find the description of vulns

use nmap
root@kali:/usr/share/nmap/scripts# cat script.db | grep vuln 
Entry { filename = "afp-path-vuln.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "broadcast-avahi-dos.nse", categories = { "broadcast", "dos", "intrusive", "vuln", } }
Entry { filename = "clamav-exec.nse", categories = { "exploit", "vuln", } }
Entry { filename = "distcc-cve2004-2687.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "dns-update.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "firewall-bypass.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "ftp-libopie.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "ftp-proftpd-backdoor.nse", categories = { "exploit", "intrusive", "malware", "vuln", } }
Entry { filename = "ftp-vsftpd-backdoor.nse", categories = { "exploit", "intrusive", "malware", "vuln", } }
Entry { filename = "ftp-vuln-cve2010-4221.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-adobe-coldfusion-apsa1301.nse", categories = { "exploit", "vuln", } }
Entry { filename = "http-aspnet-debug.nse", categories = { "discovery", "vuln", } }
Entry { filename = "http-avaya-ipoffice-users.nse", categories = { "exploit", "vuln", } }
Entry { filename = "http-awstatstotals-exec.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-axis2-dir-traversal.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-cookie-flags.nse", categories = { "default", "safe", "vuln", } }
Entry { filename = "http-cross-domain-policy.nse", categories = { "external", "safe", "vuln", } }
Entry { filename = "http-csrf.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-dlink-backdoor.nse", categories = { "exploit", "vuln", } }
Entry { filename = "http-dombased-xss.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-enum.nse", categories = { "discovery", "intrusive", "vuln", } }
Entry { filename = "http-fileupload-exploiter.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-frontpage-login.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-git.nse", categories = { "default", "safe", "vuln", } }
Entry { filename = "http-huawei-hg5xx-vuln.nse", categories = { "exploit", "vuln", } }
Entry { filename = "http-iis-webdav-vuln.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-internal-ip-disclosure.nse", categories = { "discovery", "safe", "vuln", } }
Entry { filename = "http-jsonp-detection.nse", categories = { "discovery", "safe", "vuln", } }
Entry { filename = "http-litespeed-sourcecode-download.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-majordomo2-dir-traversal.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-method-tamper.nse", categories = { "auth", "vuln", } }
Entry { filename = "http-passwd.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-phpmyadmin-dir-traversal.nse", categories = { "exploit", "vuln", } }
Entry { filename = "http-phpself-xss.nse", categories = { "fuzzer", "intrusive", "vuln", } }
Entry { filename = "http-shellshock.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-slowloris-check.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-sql-injection.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-stored-xss.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-tplink-dir-traversal.nse", categories = { "exploit", "vuln", } }
Entry { filename = "http-trace.nse", categories = { "discovery", "safe", "vuln", } }
Entry { filename = "http-vmware-path-vuln.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2006-3392.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2009-3960.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2010-0738.nse", categories = { "auth", "safe", "vuln", } }
Entry { filename = "http-vuln-cve2010-2861.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2011-3192.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2011-3368.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2012-1823.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2013-0156.nse", categories = { "exploit", "vuln", } }
Entry { filename = "http-vuln-cve2013-6786.nse", categories = { "exploit", "vuln", } }

openvas

refer to

Nexpose

Nessus

View by yourself.

To sum up, scanner provides possibility or percentage of vulnerabilities but it is not able to assure it actually exists. In a words, it helps you identity whether it is a real vulnerability but you still need to verify it using tools like metaspoilt Framework.
Scanner only scans vulns. The work of verification should be handle by other tools(metaspoilt Framework).

因篇幅问题不能全部显示,请点此查看更多更全内容

查看全文

Copyright © 2019- pqdy.cn 版权所有 赣ICP备2024042791号-6

违法及侵权请联系:TEL:199 1889 7713 E-MAIL:2724546146@qq.com

本站由北京市万商天勤律师事务所王兴未律师提供法律服务