SlideShare una empresa de Scribd logo

Hacker Target.Com Security Tools Overview

H
Hacker Target

A review and guide to the online security assessment tools that are available online from HackerTarget.com.

Tecnología
1 de 12
Descargar para leer sin conexión
Security Scanning Tools Overview An introduction to the tools Lead Consultant: Peter Contact: info@hackertarget.com Published: August 2009 Summary: This white paper describes features of the Open Source Vulnerability Assessment tools that are provided on line by HackerTarget.com. Vulnerability Analysis is an important part of the security process, it allows you to quickly gauge the current security posture of your Internet facing server or web site.
Table of Contents 1. Introduction.............................................................................................1 2. The Process.............................................................................................2 3. The Scanning Tools...................................................................................3 3.1 Nmap Port Scanner.................................................................................3 3.2 Fierce.pl Subdomain Scanner..................................................................4 3.3 OpenVAS Vulnerability Scanner...............................................................5 3.4 Nikto Web Scanner.................................................................................6 3.5 SQL Injection Scan..................................................................................7 3.5 JoomlaScan............................................................................................9 5. Conclusion.............................................................................................10 7. Contact HackerTarget.com......................................................................10
Security Scanning Tools Overview 1 1. Introduction http://www.HackerTarget.com has made available a number of open source security assessment tools online. These are hosted remotely on HackerTarget.com servers and allow a server operator or web-master to launch these tools remotely against servers and web sites that they manage to test the security status of these systems. These tests allow you to get an idea of how secure your systems are before the attackers do. Protecting Internet servers against all but the most determined of attackers is not difficult. New security breaches are constantly in the media, and there are thousands that go unreported. These attacks are performed by skilled attackers who are motivated by profit, intelligence gathering, political reasons or script kids having “fun”. It does not matter if you are government, commercial, nonprofit or just a hobbyist – you will be probed and attacked and when you do it is good to know your systems are safe. An on line vulnerability assessment is a great way to asses your current security. Managing a secure system requires a layered approach, vulnerability assessment is an important layer and should be performed on a regular basis as systems change and new exploits and attacks surface. HackerTarget.com © 2009 All rights reserverd
Security Scanning Tools Overview 2 2. The Process The process of performing a vulnerability assessment is comparable to the process that would be undertaken by an attacker performing a targeted attack against your organisation. As the vulnerability assessment process does simulate in some ways an attack against your systems. These tools are all open source and freely available for testing and download from the various web sites. HackerTarget.com host these tools on remote scanning servers allowing you to perform remote online scanning against your servers. Our online option allows Free Scanning with a limit of for 4 scans / day. We also have an unlimited scanning subscription that removes the limit and also allows the use of Free Web Mail email address for the delivery of the results. http://hackertarget.com/free-security-vulnerability-scans/ http://hackertarget.com/vulnerability-scan-subscription/ 1. Reconnaissance is the first step, this is to pinpoint systems to attack, gain an idea of the technologies involved and a general first look at the attack surface. The tools used for reconnaissance in the HackerTarget.com tool kit are the world famous Nmap Port scanner and the Fierce.pl sub domain brute force tool. 2. After reconnaissance a general vulnerability scan against the targets discovered in Phase 1 would be launched using OpenVAS. 3. The final step in the tool kit is to use the web assessment tools Nikto, SQL Injection scanners and Joomla tools to assess specific web site urls and web servers. 4. This phase involves the Review of results from the earlier testing. 5. Reconfigure and fix any problems found to reduce the chance of the system becoming a new trophy for an attacker. HackerTarget.com © 2009 All rights reserverd
Security Scanning Tools Overview 3 3. The Scanning Tools 3.1 Nmap Port Scanner HackerTarget Scan: http://hackertarget.com/nmap-scan/ Project Web Site: http://www.insecure.org/ Documentation: http://nmap.org/book/man.html The Nmap port scanner probes the IP you specified for open ports. These open ports are services that are running on your server that are open to the Internet. A host or network based firewall can block access to these ports and they will show up as filtered in the nmap results. This is a good way to see what services your server is listening on and what is or is not being blocked by your firewall. Sample Output: Starting Nmap 5.00 ( http://nmap.org ) at 2009-07-16 23:12 UTC Interesting ports on lvps87-230-87-158.dedicated.hosteurope.de (87.230.87.158): Not shown: 997 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.2p1 Debian 7ubuntu3.2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.55 ((Ubuntu) mod_python/3.1.4 Python/2.4.3 PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a mod_perl/2.0.2 Perl/v5.8.7) 8443/tcp open ssl/http Apache httpd 2.0.46 ((Red Hat) mod_ssl/2.0.46 OpenSSL/0.9.7a) Service Info: OS: Linux Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 64.27 seconds We have scanned the IP Address: test.acunetix.com HackerTarget.com © 2009 All rights reserverd
Security Scanning Tools Overview 4 3.2 Fierce.pl Subdomain Scanner HackerTarget Scan: http://hackertarget.com/free-domain-scan/ Project Web Site: http://ha.ckers.org/fierce/ Documentation: http://ha.ckers.org/fierce/ You will often think of your www.yourdomain.com when testing your security, but what about if you have other domains (webdev.yourdomain.com, or www- test.yourdomain.com) these development web servers, mail servers, vpn gateways and other servers can be found with a sub domain search. The fierce domain scanner tests your DNS for a zone transfer and then goes ahead and performs a brute force against your domain. Testing a list of sub domains against your domain to attempt to find other servers and IP addresses. An attacker would use this to increase his attack surface. Note that attackers love to find servers such as development servers as they have more untested code and may not be as secure. A compromise of one system often leads to access to the production environments. Sample Output: DNS Servers for hackertarget.com: ns52.domaincontrol.com ns51.domaincontrol.com Trying zone transfer first... Testing ns52.domaincontrol.com Request timed out or transfer not allowed. Testing ns51.domaincontrol.com Request timed out or transfer not allowed. Unsuccessful in zone transfer (it was worth a shot) Okay, trying the good old fashioned way... brute force Checking for wildcard DNS... Nope. Good. Now performing 1875 test(s)... e.hackertarget.com alias email.secureserver.net email.secureserver.net address 64.202.189.148 email.hackertarget.com alias email.secureserver.net email.secureserver.net address 64.202.189.148 ftp.hackertarget.com alias hackertarget.com hackertarget.com address 67.207.143.162 67.207.143.162 ftp.hackertarget.com pop.secureserver.net address 72.167.82.11 smtp.hackertarget.com alias smtp.secureserver.net webmail.hackertarget.com alias webmail.secureserver.net webmail.secureserver.net address 64.202.189.148 www.hackertarget.com alias hackertarget.com hackertarget.com address 67.207.143.162 67.207.143.162 www.hackertarget.com Subnets found (may want to probe here using nmap or unicornscan): 67.207.143.0-255 : 2 hostnames found. Done with Fierce scan: http://ha.ckers.org/fierce/ Found 13 entries. Have a nice day. We have scanned the domain: hackertarget.com HackerTarget.com © 2009 All rights reserverd
Security Scanning Tools Overview 5 3.3 OpenVAS Vulnerability Scanner HackerTarget Scan: http://hackertarget.com/openvas-scan/ Project Web Site: http://openvas.org/ Documentation: http://wald.intevation.org/frs/download.php/558/openvas-compendium-1.0.1.pdf When Nessus moved away from being an open source project, a team of dedicated individuals started work on forking the Nessus project into a new Open Source Project. Since those early days the OpenVAS scanner has been through some major code changes. Now the plugins are excellent and it is truly a competing scanning solution to other commercial products. The output from OpenVAS is comprehensive and the emailed results from HackerTarget.com will have a html attachment that is the raw output from the scan similar to the linked samples below. How does it work? The OpenVAS scanner will test your servers IP for open ports, and then using its database of over 10'000 plugins will test any open ports for security vulnerabilities. The tests are wide ranging and comprehensive. Sample output: http://hackertarget.com/sample/sample-openvas-scan-centos.html http://hackertarget.com/sample/sample-openvas-scan-win2003.html HackerTarget.com © 2009 All rights reserverd
Security Scanning Tools Overview 6 3.4 Nikto Web Scanner HackerTarget Scan: http://hackertarget.com/website-scan/ Project Web Site: http://www.cirt.net Documentation: http://cirt.net/nikto2-docs/ The Nikto web scanner uses a database of known web vulnerabilities and web server misconfigurations to check against your website. This will fill up your web logs with many errors as it tests each of the checks against your website. Most of them will be 404 errors (page not found) as it runs through. However it just may find a forgotten script that you installed and had forgotten about. Maybe a new exploit came out for that script and that makes your server vulnerable. Sample Output: HackerTarget.com - Nikto Web Scan Sample Report --------------------------------------------------------------------------- - Nikto 1.36/1.39 - www.cirt.net + Target IP: xx.126.xx.110 + Target Hostname: www.testsite.com + Target Port: 80 + Start Time: Sun Jul 29 14:48:24 2007 --------------------------------------------------------------------------- - Scan is dependent on "Server" string which can be faked, use -g to override + Server: Apache + Server: Apache/1.3.29 (Unix) mod_perl/1.28 PHP/4.3.4 + No CGI Directories found (use '-C all' to force check all possible dirs) + /robots.txt - contains 19 'disallow' entries which should be manually viewed (added to mutation file lists) (GET). + Apache/1.3.29 appears to be outdated (current is at least Apache/2.0.47). Apache 1.3.28 is still maintained and considered secure. + mod_perl/1.28 appears to be outdated (current is at least 1.99_10) + PHP/4.3.4 appears to be outdated (current is at least 4.3.4RC2) + /.htaccess - Contains authorization information (GET) + /.htpasswd - Contains authorization information (GET) + /phpBB2/includes/db.php - Some versions of db.php from phpBB2 allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/securitynews/5BP0F2A6KC.html for more info (GET) + /"> HackerTarget.com © 2009 All rights reserverd
Security Scanning Tools Overview 7 3.5 SQL Injection Scan HackerTarget Scan: http://hackertarget.com/free-sql-scan/ Project Web Site: http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project Project Web Site: http://sqlmap.sourceforge.net/ Documentation: http://sqlmap.sourceforge.net/doc/README.html SQL Injection is currently the leading attack vector against web based applications. Through poorly configured dynamic web pages an attacker can gain access to your database and from that either your data or it can be used to gain full access to your server. We use two of the leading open source sql injection tools for our test, SQLiX and Sqlmap. Note that these tests are configured to only perform a HTTP GET test against url parameters. See the parameter below at the end of the url (artist=1). This is the type of url that can be tested, usually it would be php, asp, cfm or jsp – although other types are able to be tested. Sample url to test: test.acunetix.com/artists.php?artist=1 Sample output: ====================================================== -- SQLiX -- © Copyright 2006 Cedric COCHIN, All Rights Reserved. ====================================================== Analysing URL [http://test.acunetix.com/artists.php?artist=1] http://test.acunetix.com/artists.php?artist=1 [+] working on artist [+] Method: MS-SQL error message [+] Method: SQL error message [+] Method: MySQL comment injection [ERROR] Parameter doesn't impact content [+] Method: SQL Blind Integer Injection [FOUND] Blind SQL Injection: Integer based [FOUND] Database type: MySQL Server [INFO] Current function: version() [INFO] length: 31 5.0____________________________ 5.0________________________-log 5.0____Debian______________-log 5.0.___Debian______________-log 5.0.2__Debian______________-log 5.0.22_Debian______________-log 5.0.22-Debian______________-log 5.0.22-Debian______________-log 5.0.22-Debian_0____________-log 5.0.22-Debian_0u___________-log HackerTarget.com © 2009 All rights reserverd
Security Scanning Tools Overview 8 5.0.22-Debian_0ub__________-log 5.0.22-Debian_0ubu_________-log 5.0.22-Debian_0ubun________-log 5.0.22-Debian_0ubunt_______-log 5.0.22-Debian_0ubuntu______-log 5.0.22-Debian_0ubuntu6_____-log 5.0.22-Debian_0ubuntu6.____-log 5.0.22-Debian_0ubuntu6.0___-log 5.0.22-Debian_0ubuntu6.06__-log 5.0.22-Debian_0ubuntu6.06._-log 5.0.22-Debian_0ubuntu6.06.6-log [FOUND] SQL Blind Integer Injection --- No results here means that SQLiX found no injection point --- --- Now sqlmap will test your url --- sqlmap/0.7rc1 by Bernardo Damele A. G. <bernardo.damele@gmail.com> [*] starting at: 04:55:14 [04:55:14] [INFO] testing connection to the target url [04:55:15] [INFO] testing if the url is stable, wait a few seconds [04:55:16] [INFO] url is stable [04:55:16] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [04:55:17] [WARNING] User-Agent parameter 'User-Agent' is not dynamic [04:55:17] [INFO] testing if GET parameter 'artist' is dynamic [04:55:18] [INFO] confirming that GET parameter 'artist' is dynamic [04:55:19] [INFO] GET parameter 'artist' is dynamic [04:55:19] [INFO] testing sql injection on GET parameter 'artist' with 0 parenthesis [04:55:19] [INFO] testing unescaped numeric injection on GET parameter 'artist' [04:55:20] [INFO] confirming unescaped numeric injection on GET parameter 'artist' [04:55:20] [INFO] GET parameter 'artist' is unescaped numeric injectable with 0 parenthesis [04:55:20] [INFO] testing for parenthesis on injectable parameter [04:55:22] [INFO] the injectable parameter requires 0 parenthesis [04:55:22] [ERROR] unhandled exception in sqlmap/0.7rc1, please copy the command line and the following text and send by e-mail to sqlmap-users@lists.sourceforge.net. The developer will fix it as soon as possible: sqlmap version: 0.7rc1 Python version: 2.5.2 Operating system: linux2 [*] shutting down at: 04:55:22 HackerTarget.com © 2009 All rights reserverd
Security Scanning Tools Overview 9 3.5 JoomlaScan HackerTarget Scan: http://hackertarget.com/joomla-security-scan/ Project Web Site: http://yehg.org Documentation: http://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project The final scan in our tool kit is specific to the Joomla content management system. A widely used open source content management solution that allows creation and updating of a portal like website easy to manage. Joomla however is well known for its security vulnerabilities – often this is due to poorly written plugins rather than the core components of the system. This JoomlaScan tests a Joomla based website against a database of known vulnerabilities – this is similar to Nikto however it is more focused being a test for a single product. To test enter the full url of your Joomla Site like so: www.mywebsite.com/pathtojoomla/ HackerTarget.com © 2009 All rights reserverd
Security Scanning Tools Overview 10 5. Conclusion The benefits are obvious: • Prevent costly downtime in the event of a security breach • Provides assurance to your customers that you value information security • Avoids loss of reputation in the event of a security breach As you can see we provide a variety of tools for online security testing, and they each perform a different function. The output from these tools is technical in nature, however the fact that they are open source means there is a great deal of support and information available from the online security community if you are happy to sit down and do some research. We know that not everyone has the time to become a security expert so at we do offer a full vulnerability assessment service here at http://www.HackerTarget.com. The outline of our full assessment is a full security test against a server or web site using all of the above tools; along with manual testing by an experienced security professional. After the automated scans are run, the assessment runs to 3 hours of consulting time, in that time manual testing is performed to confirm any discovered vulnerabilities; additional testing may be performed if required and then a full report is compiled. This report provides a summary of the issues found and recommendations for mitigating the risk that these issues pose to your organisation. This assessment is $150 USD for a single server, contact us for further details or a quote for bulk orders. http://hackertarget.com/assessment-request/ 7. Contact HackerTarget.com Further information on the scanning options available can be found at our website. Email: info@hackertarget.com web: http://www.hackertarget.com HackerTarget.com © 2009 All rights reserverd

Recomendados

Trem El Transcantabrico
Trem El TranscantabricoTrem El Transcantabrico
Trem El Transcantabrico
Rafael Cedrés Jorge
 
Treinen
TreinenTreinen
Treinen
Rafael Cedrés Jorge
 
Alaska Railway Routes
Alaska Railway RoutesAlaska Railway Routes
Alaska Railway Routes
Rafael Cedrés Jorge
 
Blue train Africa
Blue train AfricaBlue train Africa
Blue train Africa
Rafael Cedrés Jorge
 
Whether That Such
Whether That SuchWhether That Such
Whether That Such
quocphan
 
Nubes Impresionantes
Nubes ImpresionantesNubes Impresionantes
Nubes Impresionantes
Rafael Cedrés Jorge
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 

Recomendados

Trem El Transcantabrico
Trem El TranscantabricoTrem El Transcantabrico
Trem El Transcantabrico
Rafael Cedrés Jorge
 
Treinen
TreinenTreinen
Treinen
Rafael Cedrés Jorge
 
Alaska Railway Routes
Alaska Railway RoutesAlaska Railway Routes
Alaska Railway Routes
Rafael Cedrés Jorge
 
Blue train Africa
Blue train AfricaBlue train Africa
Blue train Africa
Rafael Cedrés Jorge
 
Whether That Such
Whether That SuchWhether That Such
Whether That Such
quocphan
 
Nubes Impresionantes
Nubes ImpresionantesNubes Impresionantes
Nubes Impresionantes
Rafael Cedrés Jorge
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
SynarionITSolutions
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 

Más contenido relacionado

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 

Último (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

Destacado

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 

Destacado (20)

Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 

Hacker Target.Com Security Tools Overview

  • 1. Security Scanning Tools Overview An introduction to the tools Lead Consultant: Peter Contact: info@hackertarget.com Published: August 2009 Summary: This white paper describes features of the Open Source Vulnerability Assessment tools that are provided on line by HackerTarget.com. Vulnerability Analysis is an important part of the security process, it allows you to quickly gauge the current security posture of your Internet facing server or web site.
  • 2. Table of Contents 1. Introduction.............................................................................................1 2. The Process.............................................................................................2 3. The Scanning Tools...................................................................................3 3.1 Nmap Port Scanner.................................................................................3 3.2 Fierce.pl Subdomain Scanner..................................................................4 3.3 OpenVAS Vulnerability Scanner...............................................................5 3.4 Nikto Web Scanner.................................................................................6 3.5 SQL Injection Scan..................................................................................7 3.5 JoomlaScan............................................................................................9 5. Conclusion.............................................................................................10 7. Contact HackerTarget.com......................................................................10
  • 3. Security Scanning Tools Overview 1 1. Introduction http://www.HackerTarget.com has made available a number of open source security assessment tools online. These are hosted remotely on HackerTarget.com servers and allow a server operator or web-master to launch these tools remotely against servers and web sites that they manage to test the security status of these systems. These tests allow you to get an idea of how secure your systems are before the attackers do. Protecting Internet servers against all but the most determined of attackers is not difficult. New security breaches are constantly in the media, and there are thousands that go unreported. These attacks are performed by skilled attackers who are motivated by profit, intelligence gathering, political reasons or script kids having “fun”. It does not matter if you are government, commercial, nonprofit or just a hobbyist – you will be probed and attacked and when you do it is good to know your systems are safe. An on line vulnerability assessment is a great way to asses your current security. Managing a secure system requires a layered approach, vulnerability assessment is an important layer and should be performed on a regular basis as systems change and new exploits and attacks surface. HackerTarget.com © 2009 All rights reserverd
  • 4. Security Scanning Tools Overview 2 2. The Process The process of performing a vulnerability assessment is comparable to the process that would be undertaken by an attacker performing a targeted attack against your organisation. As the vulnerability assessment process does simulate in some ways an attack against your systems. These tools are all open source and freely available for testing and download from the various web sites. HackerTarget.com host these tools on remote scanning servers allowing you to perform remote online scanning against your servers. Our online option allows Free Scanning with a limit of for 4 scans / day. We also have an unlimited scanning subscription that removes the limit and also allows the use of Free Web Mail email address for the delivery of the results. http://hackertarget.com/free-security-vulnerability-scans/ http://hackertarget.com/vulnerability-scan-subscription/ 1. Reconnaissance is the first step, this is to pinpoint systems to attack, gain an idea of the technologies involved and a general first look at the attack surface. The tools used for reconnaissance in the HackerTarget.com tool kit are the world famous Nmap Port scanner and the Fierce.pl sub domain brute force tool. 2. After reconnaissance a general vulnerability scan against the targets discovered in Phase 1 would be launched using OpenVAS. 3. The final step in the tool kit is to use the web assessment tools Nikto, SQL Injection scanners and Joomla tools to assess specific web site urls and web servers. 4. This phase involves the Review of results from the earlier testing. 5. Reconfigure and fix any problems found to reduce the chance of the system becoming a new trophy for an attacker. HackerTarget.com © 2009 All rights reserverd
  • 5. Security Scanning Tools Overview 3 3. The Scanning Tools 3.1 Nmap Port Scanner HackerTarget Scan: http://hackertarget.com/nmap-scan/ Project Web Site: http://www.insecure.org/ Documentation: http://nmap.org/book/man.html The Nmap port scanner probes the IP you specified for open ports. These open ports are services that are running on your server that are open to the Internet. A host or network based firewall can block access to these ports and they will show up as filtered in the nmap results. This is a good way to see what services your server is listening on and what is or is not being blocked by your firewall. Sample Output: Starting Nmap 5.00 ( http://nmap.org ) at 2009-07-16 23:12 UTC Interesting ports on lvps87-230-87-158.dedicated.hosteurope.de (87.230.87.158): Not shown: 997 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.2p1 Debian 7ubuntu3.2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.55 ((Ubuntu) mod_python/3.1.4 Python/2.4.3 PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a mod_perl/2.0.2 Perl/v5.8.7) 8443/tcp open ssl/http Apache httpd 2.0.46 ((Red Hat) mod_ssl/2.0.46 OpenSSL/0.9.7a) Service Info: OS: Linux Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 64.27 seconds We have scanned the IP Address: test.acunetix.com HackerTarget.com © 2009 All rights reserverd
  • 6. Security Scanning Tools Overview 4 3.2 Fierce.pl Subdomain Scanner HackerTarget Scan: http://hackertarget.com/free-domain-scan/ Project Web Site: http://ha.ckers.org/fierce/ Documentation: http://ha.ckers.org/fierce/ You will often think of your www.yourdomain.com when testing your security, but what about if you have other domains (webdev.yourdomain.com, or www- test.yourdomain.com) these development web servers, mail servers, vpn gateways and other servers can be found with a sub domain search. The fierce domain scanner tests your DNS for a zone transfer and then goes ahead and performs a brute force against your domain. Testing a list of sub domains against your domain to attempt to find other servers and IP addresses. An attacker would use this to increase his attack surface. Note that attackers love to find servers such as development servers as they have more untested code and may not be as secure. A compromise of one system often leads to access to the production environments. Sample Output: DNS Servers for hackertarget.com: ns52.domaincontrol.com ns51.domaincontrol.com Trying zone transfer first... Testing ns52.domaincontrol.com Request timed out or transfer not allowed. Testing ns51.domaincontrol.com Request timed out or transfer not allowed. Unsuccessful in zone transfer (it was worth a shot) Okay, trying the good old fashioned way... brute force Checking for wildcard DNS... Nope. Good. Now performing 1875 test(s)... e.hackertarget.com alias email.secureserver.net email.secureserver.net address 64.202.189.148 email.hackertarget.com alias email.secureserver.net email.secureserver.net address 64.202.189.148 ftp.hackertarget.com alias hackertarget.com hackertarget.com address 67.207.143.162 67.207.143.162 ftp.hackertarget.com pop.secureserver.net address 72.167.82.11 smtp.hackertarget.com alias smtp.secureserver.net webmail.hackertarget.com alias webmail.secureserver.net webmail.secureserver.net address 64.202.189.148 www.hackertarget.com alias hackertarget.com hackertarget.com address 67.207.143.162 67.207.143.162 www.hackertarget.com Subnets found (may want to probe here using nmap or unicornscan): 67.207.143.0-255 : 2 hostnames found. Done with Fierce scan: http://ha.ckers.org/fierce/ Found 13 entries. Have a nice day. We have scanned the domain: hackertarget.com HackerTarget.com © 2009 All rights reserverd
  • 7. Security Scanning Tools Overview 5 3.3 OpenVAS Vulnerability Scanner HackerTarget Scan: http://hackertarget.com/openvas-scan/ Project Web Site: http://openvas.org/ Documentation: http://wald.intevation.org/frs/download.php/558/openvas-compendium-1.0.1.pdf When Nessus moved away from being an open source project, a team of dedicated individuals started work on forking the Nessus project into a new Open Source Project. Since those early days the OpenVAS scanner has been through some major code changes. Now the plugins are excellent and it is truly a competing scanning solution to other commercial products. The output from OpenVAS is comprehensive and the emailed results from HackerTarget.com will have a html attachment that is the raw output from the scan similar to the linked samples below. How does it work? The OpenVAS scanner will test your servers IP for open ports, and then using its database of over 10'000 plugins will test any open ports for security vulnerabilities. The tests are wide ranging and comprehensive. Sample output: http://hackertarget.com/sample/sample-openvas-scan-centos.html http://hackertarget.com/sample/sample-openvas-scan-win2003.html HackerTarget.com © 2009 All rights reserverd
  • 8. Security Scanning Tools Overview 6 3.4 Nikto Web Scanner HackerTarget Scan: http://hackertarget.com/website-scan/ Project Web Site: http://www.cirt.net Documentation: http://cirt.net/nikto2-docs/ The Nikto web scanner uses a database of known web vulnerabilities and web server misconfigurations to check against your website. This will fill up your web logs with many errors as it tests each of the checks against your website. Most of them will be 404 errors (page not found) as it runs through. However it just may find a forgotten script that you installed and had forgotten about. Maybe a new exploit came out for that script and that makes your server vulnerable. Sample Output: HackerTarget.com - Nikto Web Scan Sample Report --------------------------------------------------------------------------- - Nikto 1.36/1.39 - www.cirt.net + Target IP: xx.126.xx.110 + Target Hostname: www.testsite.com + Target Port: 80 + Start Time: Sun Jul 29 14:48:24 2007 --------------------------------------------------------------------------- - Scan is dependent on "Server" string which can be faked, use -g to override + Server: Apache + Server: Apache/1.3.29 (Unix) mod_perl/1.28 PHP/4.3.4 + No CGI Directories found (use '-C all' to force check all possible dirs) + /robots.txt - contains 19 'disallow' entries which should be manually viewed (added to mutation file lists) (GET). + Apache/1.3.29 appears to be outdated (current is at least Apache/2.0.47). Apache 1.3.28 is still maintained and considered secure. + mod_perl/1.28 appears to be outdated (current is at least 1.99_10) + PHP/4.3.4 appears to be outdated (current is at least 4.3.4RC2) + /.htaccess - Contains authorization information (GET) + /.htpasswd - Contains authorization information (GET) + /phpBB2/includes/db.php - Some versions of db.php from phpBB2 allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/securitynews/5BP0F2A6KC.html for more info (GET) + /"> HackerTarget.com © 2009 All rights reserverd
  • 9. Security Scanning Tools Overview 7 3.5 SQL Injection Scan HackerTarget Scan: http://hackertarget.com/free-sql-scan/ Project Web Site: http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project Project Web Site: http://sqlmap.sourceforge.net/ Documentation: http://sqlmap.sourceforge.net/doc/README.html SQL Injection is currently the leading attack vector against web based applications. Through poorly configured dynamic web pages an attacker can gain access to your database and from that either your data or it can be used to gain full access to your server. We use two of the leading open source sql injection tools for our test, SQLiX and Sqlmap. Note that these tests are configured to only perform a HTTP GET test against url parameters. See the parameter below at the end of the url (artist=1). This is the type of url that can be tested, usually it would be php, asp, cfm or jsp – although other types are able to be tested. Sample url to test: test.acunetix.com/artists.php?artist=1 Sample output: ====================================================== -- SQLiX -- © Copyright 2006 Cedric COCHIN, All Rights Reserved. ====================================================== Analysing URL [http://test.acunetix.com/artists.php?artist=1] http://test.acunetix.com/artists.php?artist=1 [+] working on artist [+] Method: MS-SQL error message [+] Method: SQL error message [+] Method: MySQL comment injection [ERROR] Parameter doesn't impact content [+] Method: SQL Blind Integer Injection [FOUND] Blind SQL Injection: Integer based [FOUND] Database type: MySQL Server [INFO] Current function: version() [INFO] length: 31 5.0____________________________ 5.0________________________-log 5.0____Debian______________-log 5.0.___Debian______________-log 5.0.2__Debian______________-log 5.0.22_Debian______________-log 5.0.22-Debian______________-log 5.0.22-Debian______________-log 5.0.22-Debian_0____________-log 5.0.22-Debian_0u___________-log HackerTarget.com © 2009 All rights reserverd
  • 10. Security Scanning Tools Overview 8 5.0.22-Debian_0ub__________-log 5.0.22-Debian_0ubu_________-log 5.0.22-Debian_0ubun________-log 5.0.22-Debian_0ubunt_______-log 5.0.22-Debian_0ubuntu______-log 5.0.22-Debian_0ubuntu6_____-log 5.0.22-Debian_0ubuntu6.____-log 5.0.22-Debian_0ubuntu6.0___-log 5.0.22-Debian_0ubuntu6.06__-log 5.0.22-Debian_0ubuntu6.06._-log 5.0.22-Debian_0ubuntu6.06.6-log [FOUND] SQL Blind Integer Injection --- No results here means that SQLiX found no injection point --- --- Now sqlmap will test your url --- sqlmap/0.7rc1 by Bernardo Damele A. G. <bernardo.damele@gmail.com> [*] starting at: 04:55:14 [04:55:14] [INFO] testing connection to the target url [04:55:15] [INFO] testing if the url is stable, wait a few seconds [04:55:16] [INFO] url is stable [04:55:16] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [04:55:17] [WARNING] User-Agent parameter 'User-Agent' is not dynamic [04:55:17] [INFO] testing if GET parameter 'artist' is dynamic [04:55:18] [INFO] confirming that GET parameter 'artist' is dynamic [04:55:19] [INFO] GET parameter 'artist' is dynamic [04:55:19] [INFO] testing sql injection on GET parameter 'artist' with 0 parenthesis [04:55:19] [INFO] testing unescaped numeric injection on GET parameter 'artist' [04:55:20] [INFO] confirming unescaped numeric injection on GET parameter 'artist' [04:55:20] [INFO] GET parameter 'artist' is unescaped numeric injectable with 0 parenthesis [04:55:20] [INFO] testing for parenthesis on injectable parameter [04:55:22] [INFO] the injectable parameter requires 0 parenthesis [04:55:22] [ERROR] unhandled exception in sqlmap/0.7rc1, please copy the command line and the following text and send by e-mail to sqlmap-users@lists.sourceforge.net. The developer will fix it as soon as possible: sqlmap version: 0.7rc1 Python version: 2.5.2 Operating system: linux2 [*] shutting down at: 04:55:22 HackerTarget.com © 2009 All rights reserverd
  • 11. Security Scanning Tools Overview 9 3.5 JoomlaScan HackerTarget Scan: http://hackertarget.com/joomla-security-scan/ Project Web Site: http://yehg.org Documentation: http://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project The final scan in our tool kit is specific to the Joomla content management system. A widely used open source content management solution that allows creation and updating of a portal like website easy to manage. Joomla however is well known for its security vulnerabilities – often this is due to poorly written plugins rather than the core components of the system. This JoomlaScan tests a Joomla based website against a database of known vulnerabilities – this is similar to Nikto however it is more focused being a test for a single product. To test enter the full url of your Joomla Site like so: www.mywebsite.com/pathtojoomla/ HackerTarget.com © 2009 All rights reserverd
  • 12. Security Scanning Tools Overview 10 5. Conclusion The benefits are obvious: • Prevent costly downtime in the event of a security breach • Provides assurance to your customers that you value information security • Avoids loss of reputation in the event of a security breach As you can see we provide a variety of tools for online security testing, and they each perform a different function. The output from these tools is technical in nature, however the fact that they are open source means there is a great deal of support and information available from the online security community if you are happy to sit down and do some research. We know that not everyone has the time to become a security expert so at we do offer a full vulnerability assessment service here at http://www.HackerTarget.com. The outline of our full assessment is a full security test against a server or web site using all of the above tools; along with manual testing by an experienced security professional. After the automated scans are run, the assessment runs to 3 hours of consulting time, in that time manual testing is performed to confirm any discovered vulnerabilities; additional testing may be performed if required and then a full report is compiled. This report provides a summary of the issues found and recommendations for mitigating the risk that these issues pose to your organisation. This assessment is $150 USD for a single server, contact us for further details or a quote for bulk orders. http://hackertarget.com/assessment-request/ 7. Contact HackerTarget.com Further information on the scanning options available can be found at our website. Email: info@hackertarget.com web: http://www.hackertarget.com HackerTarget.com © 2009 All rights reserverd