1.Kali Introduce

Kali Linux Is based on Debian Of Linux Distribution version , Designed for digital forensics and penetration testing and Hacker attack and defense . from Offensive Security Ltd Maintenance and funding . By the first Offensive Security Of Mati Aharoni and Devon Kearns By rewriting BackTrack To complete ,BackTrack They wrote it for forensics Linux Distribution version .

Kali Linux Many penetration test software are pre installed , Include nmap ( Port scanner )、Wireshark ( Packet analyzer )、John the Ripper ( Password cracker ), as well as Aircrack-ng ( A set of software for wireless LAN penetration test ). Users can use the hard disk 、live CD or live USB function Kali Linux.Metasploit Of Metasploit Framework Support Kali Linux,Metasploit A set of development and execution tools for remote hosts Exploit Code tools .

2. Common tools for information collection

• Robots File detection
• DNS information gathering
• Sensitive directory detection
• Port detection
• Whole station identification
• Waf Probe
• Use of tool type stations
• Google grammar

3.Robots file

Get the live file of the hidden sensitive directory of the website
such as ： The installation directory , Upload directory , Editor Directory , Management directory , Management page, etc

View method examples ：

www.baidu.com/robots.txt

4.DNS collect

Collect website domain name information , Such as subdomain name , Other domain names , Resolution server , Area transfer vulnerability, etc
Commonly used tools ：dnsenum、dig、fierce

Whois Information gathering

example ：

whois  Website domain name 

dnsenum

dnsenum You can guess the possible domain names through the dictionary or Google , And reverse check a network segment .

for example ：

dnsenum --enum cracer.com

Besides , It also has three parameters ：

• -r Allows users to set recursive queries
• -w Allow users to set whois request .
• -o Allows the user to specify the input file location

fierce

fierce The tool is mainly used to scan sub domain names and collect information . Use fierce The tool gets all the data on a target host ip Address and host information . You can also test for zone transfer vulnerabilities .

for example ：

fierce -dns baidu.com

• --wordlist Specify a dictionary

fierce -dns ns9.baidu.com  --wordlist host.txt /tmp/12.txt

dig

dig Tools are also popular dns Investigative tools

example ：

dig www.cracer.com  #  Inquire about dns
dig -t ns cracer.com  #  Find the authorization to resolve the domain name dns

5. Sensitive directory detection

Directory brute force cracking tool dirb

dirb Tool is a very easy-to-use tool for guessing directory violence , Bring your own powerful dictionary

example ：

dirb http://www.cracer.com
dirb https://www.cracer.com
dirb http://www.cracer.com /usr/wordlist.txt

Directory brute force cracking tool dirbuster

dirbuster Tool is a very easy-to-use tool for guessing directory violence , Bring your own powerful dictionary

6. Whole station identification

whatweb Used to identify websites cms And tools for the platform environment

example ：

whatweb -v http://www.cracer.com

Can identify the platform of the website 、 Script 、cms、 Containers 、 Database and other information

7.WAF distinguish

wafw00f Used to identify websites waf A tool for

example ：

wafw00f www.qufu123.com

The following test results represent that the website does not exist Waf：

8. Comprehensive scanning tool DMitry

DMitry（Deepmagic Information Gathering Tool） It is an integrated information collection tool . It can be used to collect the following information ：

• Port scanning
• whois host IP And domain information
• from Netcraft.com Get host information
• subdomain
• The email address contained in the domain name

Although this information can be found in Kali Through a variety of tools , But use DMitry The collected information can be saved in a file , Convenient view .

example ：

dmitry  -wnpb cracer.com
dmitry -winse  cracer.com    Scan website registration information 
dmitry  -p cracer.com  -f -b  View the host open port 

All the tools are just AIDS , The real strength still depends on yourself , Bear in mind , Don't be a script boy ‍‍