- Hands-On Bug Hunting for Penetration Testers
- Joseph Marshall
- 327字
- 2021-07-16 17:53:17
Technical Requirements
For this chapter, in addition to our existing Burp and Burp Proxy integration with Chrome (66.0.3359.139), we'll also be using sqlmap, a CLI tool for detecting SQL- and NoSQL-based injections. sqlmap can be installed using Homebrew with brew install sqlmap and is also available as a Python module installable via pip. sqlmap is a popular tool, so there should be an installation path for you whatever your system.
We'll also be using Arachni as our go-to scanner. Though noisy, scanners can be indispensable for the appropriate situation, and are great at flushing out otherwise hard-to-detect bugs. Arachni is an excellent choice because it's open source, multi-threaded, extensible via plugins, and has a great CLI that allows it to be worked into other automated workflows. Arachni is easy to install; you can install it as a gem (gem install arachni) or you can simply download the official packages straight from the installation site.
After you've installed it, if you've downloaded the packages for the appropriate system, you'll want to move them to wherever is appropriate within your system.
Then you can create a symlink (symbolic link) so that all the arachni CLI packages will be available within your path (fill in the correct path to your arachni installation):
sudo ln -s /Path/to/arachni-1.5.1-0.5.12/bin/arachni* /usr/local/bin
You might find that, after you symlink your arachni executables to your path, you receive the following error:
/usr/local/bin/arachni: line 3: /usr/local/bin/readlink_f.sh: No such file or directory
/usr/local/bin/arachni: line 4: readlink_f: command not found
/usr/local/bin/arachni: line 4: ./../system/setenv: No such file or directory
If you receive this error, simply symlink, copy, or move the readlink_f.sh script from your arachni installation's bin directory to your own path. In this case, we'll symlink it:
sudo ln -s /Path/to/arachni-1.5.1-0.5.12/bin/readlink_f.sh /usr/local/bin/readline_f.sh
Now when we use arachni later in the chapter, we can invoke it directly, as opposed to having to type the full path each time.
- Learning Python for Forensics
- 反黑命令與攻防從新手到高手(微課超值版)
- .NET安全攻防指南(上冊(cè))
- 網(wǎng)絡(luò)空間安全實(shí)驗(yàn)
- Advanced Penetration Testing for Highly:Secured Environments(Second Edition)
- 情報(bào)驅(qū)動(dòng)應(yīng)急響應(yīng)
- 黑客攻防實(shí)戰(zhàn)從入門到精通
- 隱私計(jì)算:推進(jìn)數(shù)據(jù)“可用不可見”的關(guān)鍵技術(shù)
- Kali Linux高級(jí)滲透測(cè)試(原書第4版)
- 網(wǎng)絡(luò)空間安全法律問題研究
- Securing Network Infrastructure
- 黑客攻防與電腦安全從新手到高手(超值版)
- Manga Studio 5 Beginner's Guide
- 2023—2024年中國(guó)網(wǎng)絡(luò)安全發(fā)展藍(lán)皮書
- 大數(shù)據(jù)時(shí)代的云安全