- Hands-On Bug Hunting for Penetration Testers
- Joseph Marshall
- 327字
- 2021-07-16 17:53:17
Technical Requirements
For this chapter, in addition to our existing Burp and Burp Proxy integration with Chrome (66.0.3359.139), we'll also be using sqlmap, a CLI tool for detecting SQL- and NoSQL-based injections. sqlmap can be installed using Homebrew with brew install sqlmap and is also available as a Python module installable via pip. sqlmap is a popular tool, so there should be an installation path for you whatever your system.
We'll also be using Arachni as our go-to scanner. Though noisy, scanners can be indispensable for the appropriate situation, and are great at flushing out otherwise hard-to-detect bugs. Arachni is an excellent choice because it's open source, multi-threaded, extensible via plugins, and has a great CLI that allows it to be worked into other automated workflows. Arachni is easy to install; you can install it as a gem (gem install arachni) or you can simply download the official packages straight from the installation site.
After you've installed it, if you've downloaded the packages for the appropriate system, you'll want to move them to wherever is appropriate within your system.
Then you can create a symlink (symbolic link) so that all the arachni CLI packages will be available within your path (fill in the correct path to your arachni installation):
sudo ln -s /Path/to/arachni-1.5.1-0.5.12/bin/arachni* /usr/local/bin
You might find that, after you symlink your arachni executables to your path, you receive the following error:
/usr/local/bin/arachni: line 3: /usr/local/bin/readlink_f.sh: No such file or directory
/usr/local/bin/arachni: line 4: readlink_f: command not found
/usr/local/bin/arachni: line 4: ./../system/setenv: No such file or directory
If you receive this error, simply symlink, copy, or move the readlink_f.sh script from your arachni installation's bin directory to your own path. In this case, we'll symlink it:
sudo ln -s /Path/to/arachni-1.5.1-0.5.12/bin/readlink_f.sh /usr/local/bin/readline_f.sh
Now when we use arachni later in the chapter, we can invoke it directly, as opposed to having to type the full path each time.
- Web漏洞分析與防范實戰:卷1
- INSTANT Metasploit Starter
- 計算機病毒分析與防范大全(第3版)
- 網絡安全三十六計:人人該懂的防黑客技巧
- 計算機網絡安全技術研究
- 解密數據恢復
- INSTANT Apple Configurator How-to
- Learning Pentesting for Android Devices
- CTF特訓營:技術詳解、解題方法與競賽技巧
- 華為Anti-DDoS技術漫談
- Web安全攻防從入門到精通
- Android Application Security Essentials
- 黑客攻防從入門到精通:黑客與反黑客工具篇(第2版)
- 5G網絡安全規劃與實踐
- Metasploit 5.0 for Beginners