John the ripper
Untuk mendownload john the ripper silahkan kunjungi web ini:
Code:
http://www.openwall.com/john/
Ini dia tool lama favorit kita semua untuk cracking password.
Cara gampang makenya:
Code:
Cara gampang makenya:
Code:
john file_password
misal kita tes dulu yah :
Nikto
Merupakan open source web vulnerability scanner yang bisa didownload secara gratis yang dibuat
Merupakan open source web vulnerability scanner yang bisa didownload secara gratis yang dibuat
dengan bahasa pemrograman perl.
Untuk menggunakan nikto (ke direktori di mana Anda menaruh skrip nikto.pl, misal di:
/pentest/web/nikto):
Code:
Code:
bt nikto # pwd
/pentest/web/nikto
bt nikto # ./nikto.pl
—————————————————————————
- Nikto 2.02/2.03 – cirt.net
+ ERROR: No host specified
/pentest/web/nikto
bt nikto # ./nikto.pl
—————————————————————————
- Nikto 2.02/2.03 – cirt.net
+ ERROR: No host specified
-Cgidirs+ scan these CGI dirs: ‘none’, ‘all’, or values like “/cgi/ /cgi-a/”
-dbcheck check database and other key files for syntax errors (cannot be abbreviated)
-evasion+ ids evasion technique
-Format+ save file (-o) format
-host+ target host
-Help Extended help information
-id+ host authentication to use, format is userid:password
-mutate+ Guess additional file names
-output+ write output to this file
-port+ port to use (default 80)
-Display+ turn on/off display outputs
-ssl force ssl mode on port
-Single Single request mode
-timeout+ timeout (default 2 seconds)
-Tuning+ scan tuning
-update update databases and plugins from cirt.net (cannot be abbreviated)
-Version print plugin and database versions
-vhost+ virtual host (for Host header)
+ requires a value
-dbcheck check database and other key files for syntax errors (cannot be abbreviated)
-evasion+ ids evasion technique
-Format+ save file (-o) format
-host+ target host
-Help Extended help information
-id+ host authentication to use, format is userid:password
-mutate+ Guess additional file names
-output+ write output to this file
-port+ port to use (default 80)
-Display+ turn on/off display outputs
-ssl force ssl mode on port
-Single Single request mode
-timeout+ timeout (default 2 seconds)
-Tuning+ scan tuning
-update update databases and plugins from cirt.net (cannot be abbreviated)
-Version print plugin and database versions
-vhost+ virtual host (for Host header)
+ requires a value
Perintah yang biasa saya pakai untuk scan target:
Code:
./nikto.pl -host target_web_anda.com
Misal kita scan v4-team.com:
Code:
Code:
bt nikto # ./nikto.pl -host v4-team.com
—————————————————————————
- Nikto 2.02/2.03 – cirt.net
+ Target IP: 67.222.154.99
+ Target Hostname: v4-team.com
+ Target Port: 80
+ Start Time: 2010-02-09 1:31:01
—————————————————————————
+ Server: gws
—————————————————————————
- Nikto 2.02/2.03 – cirt.net
+ Target IP: 67.222.154.99
+ Target Hostname: v4-team.com
+ Target Port: 80
+ Start Time: 2010-02-09 1:31:01
—————————————————————————
+ Server: gws
Do you like this article? Share It!
