我们先修改 /etc/apt/source.list 文件将kali的软件厂库地址 粘贴进去
vi /etc/apt/sources.list deb http://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free deb-src https://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free deb http://mirrors.zju.edu.cn/kali kali-rolling main contrib non-free deb-src http://mirrors.zju.edu.cn/kali kali-rolling main contrib non-free
更新软件仓库
sudo apt update
安装网络管理工具
sudo apt install net-tools
安装目录扫描工具 dirb
sudo apt-get install dirb
目录扫描工具——dirsearch
sudo apt install git //安装git 工具 sudo git clone https://github.com/maurosoria/dirsearch.gitcd dirsearchpython3 dirsearch.py -u <URL> -e <EXTENSION>python3 dirsearch.py -u http://www.xxxx.edu.cn/ -e php
扫描结果存放在reports目录,db目录存放字典
-u 指定网站的URL -e 指定网站脚本类型(php、asp等) -t 设置扫描线程数 -w 设置字典 -r 递归扫描 -s 设置请求之间的延时 -c COOKIE, --cookie=COOKIE 设置cookie–random-agents 设置随机代理(在db/uesr-agents.txt中)–timeout=TIMEOUT 设置超时时间–ip=IP 设置代理IP地址
安装端口扫描工具NMAP
sudo apt install -y nmap
安装 注入攻击 sqlmap
sudo apt -y install sqlmap
配置 子域名扫描工具
安装pip sudo apt-get install python-pip Python3.5+ users: sudo pip install aiodns Python2 users: sudo pip install dnspython gevent 下载安装: sudo git clone cd
使用方法
Usage: subDomainsBrute.py [options] target.com Options: --version show program's version number and exit -h, --help show this help message and exit -f FILE File contains new line delimited subs, default is subnames.txt. --full Full scan, NAMES FILE subnames_full.txt will be used to brute -i, --ignore-intranet Ignore domains pointed to private IPs -t THREADS, --threads=THREADS Num of scan threads, 256 by default -p PROCESS, --process=PROCESS Num of scan Process, 6 by default -o OUTPUT, --output=OUTPUT Output file name. default is {target}.txt