Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

In this video we go over the essential tools that are part of the web app pentester's tool kit. The core testing platform is a virtualized environment - either VMWare or VirtualBox - running Kali Linux. The tools discussed are: - Vega web vulnerability scanner. - BurpSuite web vulnerability scanner. - SQLMap automatic SQL injection and database enumeration tool. - Arachni web app attack and audit framework. - W3AF network fuzzer. - Nikto open source web server scanner. - SearchSploit database exploit tool. - NMAP network discovery and mapping tool.

Video Transcription

00:04
Welcome to cyber ery I'm Raymond Evans and I will be your subject matter expert for Cyber Aires. Web at penetration testing course this video We will be discussing Web app, pen testing tools. So here's some of the tools we will be discussing that will be used throughout this course. There will be a couple more that will be used throughout the course that will pop up here and there.
00:22
However, if you're running
00:24
the Cali and Kelly to environment,
00:27
they come pre installed, so you won't have to worry about getting them.
00:32
We will be using Vega, which is a Web vulnerability scanner.
00:35
It's Spider's tests for cross site scripting, sequel injection and XML injection and more
00:42
tests for vulnerabilities automatically. And you can also set up a proxy to have the test through. Vega also has an interceptor proxy, which allows for you to
00:52
performed manipulation off packets, which come in handy where to find it.
00:57
Think fun at the link
00:59
here,
01:00
or it comes preinstalled on Callie and Callie to next. We have burp. Sweet Bird Sweet is a Web application vulnerability scanner as well
01:10
Form Spider Ring. It tests for sequel injection. Cross the scripting XML injection and a whole lot more. It also has an interceptor but proxy built in, which again allows you to
01:21
capture the packets as a traverse and allows you to manipulate things that are being that is being Sam
01:29
and also as a repeater tool which can allow you to re attempt an attack
01:36
and allow you to change the packet before you send the attack.
01:41
And then
01:42
birth suite has a really nice report builder built into it as well, which is very handy.
01:49
He also has an active
01:51
scanner and a passive scanner. However, we will not be using this tool due to the cost of it.
01:57
It is a $300 tool, and I'm not gonna have my students go out and get that. It can be found at the poor swinger Web site.
02:07
And it couldn't be found that while the free version could be found preinstalled on Callie and Kelly, too. So if you want to mess around with a free version and see the built in tools, that has
02:20
then by all means, go ahead and do that.
02:23
Next, we have sequel Matt. Sequel map is an automatic sequel, injection and database enumeration tool.
02:29
It tests for sequel vulnerabilities, dumps and cracks. Password hash is executes. Commands on the database
02:35
allows for user privilege escalation and post request injection.
02:39
This is an excellent tool that is free
02:44
when we get to our sequel.
02:46
Inject Exploitation Lesson will be using this along with sequel Suss. Next, there is sequel. Ninja
02:55
Sequel Ninja is an automatic sequel injection and database enumeration. Tool test for sequel Vulnerabilities dubs it cracks. Pastor Hashes Executes commands Elin Database. It also performs usual privilege escalation and post request injection
03:10
that can be found the link below. But it can also be found preinstalled on Callie as well. I'm not gonna really hit this tool.
03:20
Um, but I want you know that this tool is available for you and could be a pretty powerful tool in your arsenal. Next, we have a Rack Night, which is a Web application attack and on a free market acts the same way as Vega and Burp Sweet. Except it's super customizable.
03:38
We will be using this tool
03:40
audits for sequel injection, cross site scripting, buffer overflows and a whole lot more
03:47
house says a Web crawler built in.
03:50
And
03:51
it allows for vulnerability, verification as well, which is really awesome.
03:55
You could find that at the Iraq Nice Scanner website,
04:00
and
04:01
this is a tool that will be used. So have this downloaded and installed.
04:05
Next, we have Nick down.
04:08
Nick does an open source Web server scanner.
04:11
Identifies
04:12
installed Web servers and its software and checks for outdated versions of servers and also checks for any server configuration. Five problems.
04:23
You could find that at the
04:25
link below here, or you can find it preinstalled and Kelly.
04:29
And then we have searched Boy Search plays an excellent tool to use. It's an exploit database that's easy to search, and
04:35
it's pre loaded with tons of exploits scripts.
04:40
So it compiles all available exploits from exploit D B one handy location,
04:45
and it also compiles a bunch of scripts as well. So,
04:49
normally, the exploit D B database people only think of that as, Hey, this is where things from medicine flights it, but in actuality, it actually has a lot of exploits scripts that you can search for,
05:01
And, uh, it was pretty handy to have, especially when you're trying to, uh,
05:08
perform, um, a security audit and you make a quick check to see if an exploit exists for something. Finally, we have N map.
05:16
What is that map? Well, in maps one, the most basic tools you're gonna hear about and that were securing your cyber security
05:24
and map is in network discovery and security auditing tool. It's found on every single, the next distribution that's out there and map is a fantastic tool.
05:33
It's used for host Discovery, port scanning, OS detection, version detection
05:39
and as an awesome script engines. What does that mean? Well,
05:43
and I will go out
05:45
and it'll identify everything that is alive on your network. All the machines that are communicating, you know, go through and I'll scan all the ports of that machine.
05:54
And it will tell you what kind of service is air running. And the versions of those service is. So if you're trying to scan for something that
06:02
might be an older service version on a networking, trying to figure out whether or not you're running that
06:09
specific piece of software, well, you can run that and map in. It'll detect if some kind of server
06:15
software is running. That might be older, outdated version. It needs updated.
06:20
We also do a West detection. So it'll tell you what kind of operating system server is, or a desktop or whatever. And maybe it will tell you what that OS is on and finally has a really robust script engine.
06:32
This script engine allows you to do some really awesome things. So a lot of people think and map is just
06:39
the scanner totally used for network when actually end map allows you to do things like detecting cross site scripting sequel in Jack Shane's Brute Forcing databases all kinds of really awesome stuff
06:51
and map is definitely a tool that you want to know how to use. And then you went in your arsenal, learn how to use it well and learn how to use that script engine. Well, because there's some really awesome tools in there that will help you be better at what you're doing. So it was covered. We talked about Vega Burb Suite, which are both
07:10
Web app vulnerability scanners that were used for fuzzing and trying to find vulnerabilities on a Web application
07:16
who talked about sequel map and sequel Ninja, which are both used for getting information from databases.
07:24
We also talked about W three F, which again is another Web application father, as well as some other built in tools within.
07:32
And we talked about Nick Dough, which is used for
07:36
scanning a server and identifying any kind of miss configurations or
07:42
blatant vulnerability, is right at the door or anything that might be interesting.
07:46
Then we talked about Search Split, which is an exploit database that's built into Callie Lennix and can be used to look up
07:54
exploits or scripts that
07:57
can be used against a target.
07:59
Then we talked about and Map, which is a super robust script, engine and
08:05
network scanner and all kinds of awesome stuff. Happy acting, everyone.

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor