- A+
BABYSPLOIT INTRO:- BABYSPLOIT简介: -
Babysploit is a pentesting tool kit used in initial phase of pentesting. Babysploit是一种用于测试初期阶段的测试工具包。 BabySploit mostly covers each and every scan. BabySploit主要涵盖每次扫描。 This tool is a bundle of all the small tools.这个工具是所有小工具的捆绑。 This tool is used for people who are new in hacking and want to learn initial phases of pentesting, as per ethical hacking expert from International Institute of Cyber Security.根据国际网络安全研究所的道德黑客专家的说法,该工具可用于黑客攻击的新人,并希望学习测试的初始阶段。
INSTALLING BABYSPLOIT:- 安装BABYSPLOIT: -
IF YOU ARE NOT USING KALI LINUX FOLLOW BELOW STEPS TO INSTALL BABYSPLOIT:- 如果您没有使用KALI LINUX,请按照以下步骤安装BABYSPLOIT: -
- If you are running any other linux distros.如果您正在运行任何其他Linux发行版。 You need to clone tool from github.你需要从github克隆工具。
- For cloning type:- git clone git://github.com/M4cs/BabySploit ~/BabySploit对于克隆类型: - git clone git://github.com/M4cs/BabySploit~ / BabySploit
- After cloning open the babysploit folder and run below commands for creating an virtual environment for the babysploit.克隆后打开babysploit文件夹并运行以下命令,为babysploit创建虚拟环境。
- For upgrading升级
type sudo apt-get update输入sudo apt-get update
then然后
type sudo apt-get upgrade键入sudo apt-get upgrade
- After upgrading the linux you have to install python libraries:-升级linux后你必须安装python库: -
For installing python type sudo python3 install.py用于安装python类型sudo python3 install.py
- Create the babysploit environment in linux.在linux中创建babysploit环境。
For creating environment type virtualenv babysploit用于创建环境类型virtualenv babysploit
then type source babysploit/bin/activate然后键入source babysploit / bin / activate
- After creating the environment:-创建环境后: -
type pip3 install -r requirements.txt输入pip3 install -r requirements.txt
then type python start.py然后输入python start.py
IF YOU ARE USING KALI LINUX FOLLOW BELOW STEPS TO INSTALL BABYSPLOIT:- 如果您正在使用KALI LINUX,请按照以下步骤安装BABYSPLOIT: -
- If you are running on kali linux , you have to upgrade the kali linux in order to run babysploit.如果你在kali linux上运行,你必须升级 kali linux才能运行babysploit。
- For upgrading kali linux用于升级kali linux
type类型 sudo apt-get update sudo apt-get update
then然后
type sudo apt-get upgrade键入sudo apt-get upgrade
- After upgrade type:- git clone git://github.com/M4cs/BabySploit ~/BabySploit then follow below steps.升级后: - git clone git://github.com/M4cs/BabySploit~ / BabySploit然后按照以下步骤操作。
- Then type ls.然后键入ls。
- Install the required libraries for the babysploit为babysploit安装所需的库
For that type: pip3 -r requirement.txt对于该类型: pip3 -r requirement.txt
root@kali:~/BabySploit# ls root @ kali:〜/ BabySploit #ls babysploit images install.py LICENSE.md pdfs README.md requirements.txt sites start.py babysploit图片install.py LICENSE.md pdfs README.md requirements.txt sites start.py root@kali:~/BabySploit# pip3 install -r requirements.txt root @ kali:〜/ BabySploit # pip3 install -r requirements.txt Requirement already satisfied: netifaces==0.10.7 in /usr/local/lib/python3.6/dist-packages (from -r requirements.txt (line 1))要求已经满足:neusfaces == 0.10.7 in /usr/local/lib/python3.6/dist-packages(from-r requirements.txt(第1行)) Requirement already satisfied: urllib3==1.24 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 2))要求已经满足:/ usr / lib / python3 / dist-packages中的urllib3 == 1.24(来自-r requirements.txt(第2行)) Requirement already satisfied: humanfriendly==4.17 in /usr/local/lib/python3.6/dist-packages (from -r requirements.txt (line 3))要求已经满足:/usr/local/lib/python3.6/dist-packages中的人性友好== 4.17(来自-r requirements.txt(第3行)) Requirement already satisfied: terminaltables==3.1.0 in /usr/local/lib/python3.6/dist-packages (from -r requirements.txt (line 4))要求已经满足:/usr/local/lib/python3.6/dist-packages中的terminaltables == 3.1.0(来自-r requirements.txt(第4行)) Requirement already satisfied: pyfiglet==0.7.6 in /usr/local/lib/python3.6/dist-packages (from -r requirements.txt (line 5))要求已经满足:/usr/local/lib/python3.6/dist-packages中的pyfiglet == 0.7.6(来自-r requirements.txt(第5行)) Requirement already satisfied: requests==2.20.1 in /usr/local/lib/python3.6/dist-packages (from -r requirements.txt (line 6))要求已经满足:/usr/local/lib/python3.6/dist-packages中的请求== 2.20.1(来自-r requirements.txt(第6行)) Requirement already satisfied: PyPDF3==1.0.1 in /usr/local/lib/python3.6/dist-packages (from -r requirements.txt (line 7))要求已经满足:/usr/local/lib/python3.6/dist-packages中的PyPDF3 == 1.0.1(来自-r requirements.txt(第7行)) Requirement already satisfied: raccoon-scanner==0.8.5 in /usr/local/lib/python3.6/dist-packages (from -r requirements.txt (line 8))要求已经满足:/usr/local/lib/python3.6/dist-packages中的raccoon-scanner == 0.8.5(来自-r requirements.txt(第8行)) Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python3/dist-packages (from requests==2.20.1->-r requirements.txt (line 6))要求已经满足:/ usr / lib / python3 / dist-packages中的chardet <3.1.0,> = 3.0.2(来自requests == 2.20.1 - > - r requirements.txt(第6行)) Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python3/dist-packages (from requests==2.20.1->-r requirements.txt (line 6))要求已经满足:certifi> = 2017.4.17 in / usr / lib / python3 / dist-packages(来自requests == 2.20.1 - > - r requirements.txt(第6行)) Requirement already satisfied: idna<2.8,>=2.5 in /usr/lib/python3/dist-packages (from requests==2.20.1->-r requirements.txt (line 6))要求已经满足:/ usr / lib / python3 / dist-packages中的idna <2.8,> = 2.5(来自requests == 2.20.1 - > - r requirements.txt(第6行)) Requirement already satisfied: tqdm in /usr/local/lib/python3.6/dist-packages (from PyPDF3==1.0.1->-r requirements.txt (line 7))要求已经满足:/usr/local/lib/python3.6/dist-packages中的tqdm(来自PyPDF3 == 1.0.1 - > - r requirements.txt(第7行)) Requirement already satisfied: click in /usr/lib/python3/dist-packages (from raccoon-scanner==0.8.5->-r requirements.txt (line 8))要求已经满足:单击/ usr / lib / python3 / dist-packages(来自raccoon-scanner == 0.8.5 - > - r requirements.txt(第8行)) Requirement already satisfied: lxml in /usr/lib/python3/dist-packages (from raccoon-scanner==0.8.5->-r requirements.txt (line 8))要求已经满足:/ usr / lib / python3 / dist-packages中的lxml(来自raccoon-scanner == 0.8.5 - > - r requirements.txt(第8行)) Requirement already satisfied: beautifulsoup4 in /usr/lib/python3/dist-packages (from raccoon-scanner==0.8.5->-r requirements.txt (line 8))要求已经满足:/ usr / lib / python3 / dist-packages中的beautifulsoup4(来自raccoon-scanner == 0.8.5 - > - r requirements.txt(第8行)) Requirement already satisfied: xmltodict in /usr/local/lib/python3.6/dist-packages (from raccoon-scanner==0.8.5->-r requirements.txt (line 8))要求已经满足:/usr/local/lib/python3.6/dist-packages中的xmltodict(来自raccoon-scanner == 0.8.5 - > - r requirements.txt(第8行)) Requirement already satisfied: fake-useragent in /usr/local/lib/python3.6/dist-packages (from raccoon-scanner==0.8.5->-r requirements.txt (line 8))要求已经满足:/usr/local/lib/python3.6/dist-packages中的假冒 - 使用者(来自raccoon-scanner == 0.8.5 - > - r requirements.txt(第8行)) Requirement already satisfied: dnspython in /usr/lib/python3/dist-packages (from raccoon-scanner==0.8.5->-r requirements.txt (line 8))要求已经满足:/ usr / lib / python3 / dist-packages中的dnspython(来自raccoon-scanner == 0.8.5 - > - r requirements.txt(第8行))
We have already have the installed dependencies that is why we are getting “ Requirement already satisfied”我们已经安装了依赖项,这就是我们得到“ 需求已经满足”的原因
- Then type python3 start.py然后输入python3 start.py
root@kali:~/BabySploit# python3 start.py .-""-. root @ kali:〜/ BabySploit# python3 start.py .-“” - 。 _ / _ \ _ /|) .'---""-.| _ / _ \ _ / |)。' - - “” - 。| /|) /|/ .' / |)/ | /。' `. `。 /|/ /|/ __/_ \ . / | / / | / __ / _ \。 /|/ /|/ .' / | / / | /。' `-. ` - 。 .8-. .8-。 \\-/|/ /|/ J .--. \\ - / | / / | / J .--。 Y .o./ .o8\ |/\ `/_.-. 是.o。/ .o8 \ | / \`/_.-。 | | ( \ 98P 888| /\ / ( ` | | `-._/ | `"|/\ / \|\ F `. . "-'|\ / \/\ J |---' _/\ / \// ` | J /// / / F _\ .'`-._ ./// / /\\.' / `. / .-' `<-'/// / _/\ \\ F.--.\|| `.`/ /.-' )|\ \`. \__.-/)' `.-' ')/\\ / .-' .'/ \ ') `-' ( .'.' '`. .' \'.' ' `. .-' / ' `.__.-'/| J : `._/ | | : | J ;-"""-. F \ / \ / `.JL _.' F |--' | J | |__ L | `. | |-. \| | \ )_.' (\ 98P 888 | / \ /(`| |`-._ / |`“| / \ / \ | \ F`。” - '| | \ / \ / \ J | ---'_ / \ / \ _ //`| J /// / / F _ \ .'` -._ ./// / / \\。'/`。/ .-'`< - '/// / _ / \ \\ F .--。\ ||`.` / /.-')| \ \``。\ __.- /)'`.-'')/ \\ / .-'。'/ \')` - '(。'。''``''''。''``.-'/'`.__ .-'/ | J:`./ / | |:| J; - “”“ - 。F \ / \ /`.JL _。'F | - '| J | | __ L |`。| | - 。\ | | \)_。' F -.\ )-' \ )_) `"""""""" [i] Default Gateway: 192.168.1.1 [i] BabySploit! Developed by @maxbridgland https://github.com/M4cs/BabySploit [i] Loaded Configuration... [i] BabySploit is a framework aimed at helping aspiring penetration testers learn how to use the most common and useful tools in the field. Below is a table displaying what commands are available and what they do. lqqqqqqqqqqqqqqqqwqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Command x Description x tqqqqqqqqqqqqqqqqnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu x help or ? x Display this menu x x info x Display current configuration options x x search x Search exploitdb for exploits and get link x x tools x Display available tools x x set <key name> x Set configuration key xx reset x Reset configuration to default x x update x Check for update F - 。\) - '\)_)`“”“”“”“”“[i]默认网关:192.168.1.1 [i] BabySploit!由@maxbridgland开发https://github.com/M4cs/BabySploit [ i]加载配置... [i] BabySploit是一个框架,旨在帮助有抱负的渗透测试人员学习如何使用现场最常用和最有用的工具。下面是一个表格,显示可用的命令及其作用.lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq x命令x描述x tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq x help x?info x显示当前配置选项xx搜索x搜索exploitdb获取漏洞并获取链接xx工具x显示可用工具xx set <密钥名称> x设置配置密钥xx reset x Reset配置为默认xx更新x检查更新 s and update thes framework x x tutorial x Run the tutorial wizard x x exit x Exit framework x mqqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj [babysploit]> s并更新thes framework x x tutorial x运行教程向导x x exit x退出框架x mqqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq [babysploit]>
CLI OUTPUT OF BABYSPLOIT: BABYSPLOIT的CLI输出:
- Typing help or ?打字帮助还是? will display the same menu appearing above in red font.将以红色字体显示上面出现的相同菜单。
- For checking the current configuration option type info in linux terminal.用于检查linux终端中的当前配置选项类型信息 。
[babysploit]> info [babysploit]> 信息 lhost: 0.0.0.0 lport: 8080 lhost:0.0.0.0 lport:8080 rhost: google.com rport: 80 rhost: google.com rport:80 platform: Linux 4.15.0-kali2-686-pae usernamelist: 平台:Linux 4.15.0-kali2-686-pae 用户名: lists/users passwordlist: lists/pass/rockyou.txt 列表/用户 密码列表:lists / pass / rockyou.txt urlpath: /connect urlpath:/ connect
- Then type tools to view list of tools included in babysploit.然后键入工具以查看babysploit中包含的工具列表。
BABYSPLOIT INBUILT TOOLS:- BABYSPLOIT INBUILT工具: -
[babysploit]> tools [babysploit]> 工具 ______ __ ______ __ /_ __/___ ____ / /____ / _ __ / ___ ____ / / ____ / / / __ \/ __ \/ / ___/ / / / __ \ / __ \ / / ___ / / / / /_/ / /_/ / (__ ) / / / _ / / / _ / /(__) /_/ \____/\____/_/____/ / _ / \ ____ / \ ____ / _ / ____ / Simply enter the name of the tool you want to use to use it. 只需输入要用于使用它的工具的名称。 lInformation Gatheringqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk lInformation Gatheringqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq xxx XXX x Tool x Description x x工具x描述x tqqqqqqqqqqqqqqnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu tqqqqqqqqqqqqqqnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu x nmap x nmap port scanner tool x x nmap x nmap端口扫描工具x x iplookup x ip info tool x x iplookup x ip info tool x x dnslookup x dns lookup tool x x dnslookup x dns查找工具x x censyslookup x censys api lookup | x censyslookup x censys api lookup | req api creds x req api creds x x raccoon x use raccoon scanner tool | x raccoon x使用浣熊扫描仪工具| command: raccoon --help x 命令:raccoon --help x x cfbypass x cloudflare bypasser x x cfbypass x cloudflare bypasser x mqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj mqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj lExploitationqqwqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk lExploitationqqwqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk xxx XXX x Tool x Description x x工具x描述x tqqqqqqqqqqqqqqnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu tqqqqqqqqqqqqqqnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu x searchsploit x search available exploits (use search command) x x searchsploit x搜索可用的漏洞利用(使用搜索命令)x x reverseshell x reverse shell tool for creating payloads x x reverseshell x反向shell工具,用于创建有效负载x x ftpvulnscan x check for ftp buffer overflow x x ftpvulnscan x检查ftp缓冲区溢出x x wpseku x wordpress vulnerability scanner x x wpseku x wordpress漏洞扫描程序x mqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj mqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj lPhishingqqwqqqqqqqqqqqqqqqqqqqqk lPhishingqqwqqqqqqqqqqqqqqqqqqqqk x x Description x x x描述x x Tool x x x工具x x tqqqqqqqqqqnqqqqqqqqqqqqqqqqqqqqu tqqqqqqqqqqnqqqqqqqqqqqqqqqqqqqqu x blackeye x BlackEye Phish Kit x x blackeye x BlackEye Phish Kit x mqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqj mqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqj lCryptography/Steganographyk lCryptography / Steganographyk x x x x x x x Tool x Description x x工具x描述x tqqqqqqqqqnqqqqqqqqqqqqqqqu tqqqqqqqqqnqqqqqqqqqqqqqqqu x pdfmeta x pdf meta data x x pdfmeta x pdf元数据x mqqqqqqqqqvqqqqqqqqqqqqqqqj mqqqqqqqqqvqqqqqqqqqqqqqqqj lBruteforcingqqqwqqqqqqqqqqqqqqqqqqqqqqk lBruteforcingqqqwqqqqqqqqqqqqqqqqqqqqqqk x x x x x x x Tool x Description x x工具x描述x tqqqqqqqqqqqqqqqnqqqqqqqqqqqqqqqqqqqqqqu tqqqqqqqqqqqqqqqnqqqqqqqqqqqqqqqqqqqqqqu x ftpbruteforce x ftp brute force tool x x ftpbruteforce x ftp强力工具x mqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqj mqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqqqqj
There are many tools which can be used in information gathering.有许多工具可用于信息收集。
NOW WE WILL FIRST TAKE IPLOOKUP TOOL:- 现在我们将首先采取IPLOOKUP工具: -
Iplookup is used to know the ip of the target. Iplookup用于了解目标的ip。
- Type iplookup 输入iplookup
- Then type testphp.vulnweb.com然后键入testphp.vulnweb.com
[babysploit]> iplookup [babysploit]> iplookup [?] Enter IP or Domain To Lookup: testphp.vulnweb.com [?]输入IP或要查找的域:testphp.vulnweb.com [!] Sending Request... [!]发送请求... [!] Request Successful Displaying Response: [!] 请求成功显示响应: Location: Frankfurt am Main, Hesse Germany 60313 地点:美因河畔法兰克福,德国黑森州60313 IP: 176.28.50.165 ISP: IP:176.28.50.165 ISP: Host Europe GmbH Scan Complete. Host Europe GmbH 扫描完成。 SneakyBoy.. SneakyBoy ..
- After scanning the target, Iplookup has found target IP address and the location of the target.扫描目标后,Iplookup找到了目标IP地址和目标位置。 And its ISP.和它的ISP。
- The above output can be used in initial phase of information gathering上述输出可用于信息收集的初始阶段
NOW WE WILL TAKE DNSLOOKUP TOOL:- 现在我们将采用DNSLOOKUP工具: -
Dnslookup is used to know the records of the target. Dnslookup用于了解目标的记录 。
- Type dnslookup 输入dnslookup
- Then type hackthissite.org然后输入hackthissite.org
[babysploit]> dnslookup [babysploit]> dnslookup [?] Please Enter The Domain You'd Like To Lookup: hackthissite.org [?]请输入您要查找的域名:hackthissite.org Checking For A Records 检查记录 ---------------------- ---------------------- First A Record: 137.74.187.100 | 第一记录:137.74.187.100 | TTL: 1603 TTL:1603 Second A Record: 137.74.187.102 | 第二次记录:137.74.187.102 | TTL 1603 TTL 1603 Checking For MX Records 检查MX记录 ------------------------- ------------------------- First MX Record: 30 aspmx5.googlemail.com | 第一个MX记录:30 aspmx5.googlemail.com | TTL: 3600 TTL:3600 Second MX Record: 10 aspmx.l.google.com | 第二个MX记录:10个aspmx.l.google.com | TTL: 3600 TTL:3600 Checking For AAAA Records 检查AAAA记录 ------------------------- ------------------------- First AAAA Record: 2001:41d0:8:ccd8:137:74:187:100 | 第一次AAAA记录:2001:41d0:8:ccd8:137:74:187:100 | TTL: 3600 TTL:3600 Second AAAA Record: 2001:41d0:8:ccd8:137:74:187:102 | 第二次AAAA记录:2001:41d0:8:ccd8:137:74:187:102 | TTL: 3600 TTL:3600 Checking For TXT Records 检查TXT记录 ------------------------- ------------------------- [!] Failed To Find TXT Records [!] [!]无法找到TXT记录[!] DNS Lookup Complete! DNS查找完成!
- After scanning the target dnslookup has found some of the records which can be used in other hacking activities.扫描目标后,dnslookup发现了一些可用于其他黑客活动的记录。
NOW WE WILL TAKE RACCOON TOOL:- 现在我们将采取RACCOON工具: -
Raccoon is a tool used in information gathering.浣熊是一种用于信息收集的工具。 Raccoon is mostly used to show the DNS records, port scanner and URL fuzzer. Raccoon主要用于显示DNS记录,端口扫描程序和URL模糊器。
- For using raccoon type raccoon –help.使用浣熊型浣熊 - 帮助。
[babysploit]> raccoon --help [babysploit]> 浣熊 - 帮助 Usage: raccoon [OPTIONS] TARGET 用法:浣熊[OPTIONS] TARGET Options: 选项: --version Show the version and exit. --version显示版本并退出。 -d, --dns-records TEXT Comma separated DNS records to query. -d, - DNS-records TEXT逗号分隔DNS记录以进行查询。 Defaults to: A,MX,NS,CNAME,SOA,TXT 默认为:A,MX,NS,CNAME,SOA,TXT --tor-routing Route HTTP traffic through Tor (uses port --tor-routing通过Tor路由HTTP流量(使用端口 9050). 9050)。 Slows total runtime significantly 显着减慢总运行时间 --proxy-list TEXT Path to proxy list file that would be used --proxy-list TEXT将使用的代理列表文件的路径 for routing HTTP traffic. 用于路由HTTP流量。 A proxy from the 来自的代理人 list will be chosen at random for each 列表将随机选择 request. 请求。 Slows total runtime 减慢总运行时间 -c, --cookies TEXT Comma separated cookies to add to the -c,--cookies TEXT逗号分隔的cookie添加到 requests. 要求。 Should be in the form of key:value 应该是key:value的形式 Example: PHPSESSID:12345,isMobile:false 示例:PHPSESSID:12345,isMobile:false --proxy TEXT Proxy address to route HTTP traffic through. --proxy TEXT用于路由HTTP流量的代理地址。 Slows total runtime 减慢总运行时间 -w, --wordlist TEXT Path to wordlist that would be used for URL -w, - wordlist TEXT将用于URL的wordlist的路径 fuzzing 模糊 -T, --threads INTEGER Number of threads to use for URL -T, - threads INTEGER用于URL的线程数 Fuzzing/Subdomain enumeration. 模糊/子域枚举。 Default: 25 默认值:25 --ignored-response-codes TEXT Comma separated list of HTTP status code to --ignored-response-codes TEXT以逗号分隔的HTTP状态代码列表 ignore for fuzzing. 忽略模糊测试。 Defaults to: 默认为: 302,400,401,402,403,404,503,504 302,400,401,402,403,404,503,504 --subdomain-list TEXT Path to subdomain list file that would be --subdomain-list TEXT子域列表文件的路径 used for enumeration 用于枚举 -sc, --scripts Run Nmap scan with -sC flag -sc, - scripts使用-sC标志运行Nmap扫描 -sv, --services Run Nmap scan with -sV flag -sv, - services使用-sV标志运行Nmap扫描 -f, --full-scan Run Nmap scan with both -sV and -sC -f, - full-scan使用-sV和-sC运行Nmap扫描 -p, --port TEXT Use this port range for Nmap scan instead of -p, - port TEXT使用此端口范围进行Nmap扫描而不是 the default 默认 --vulners-nmap-scan Perform an NmapVulners scan. --vulners-nmap-scan执行NmapVulners扫描。 Runs instead of 运行而不是 the regular Nmap scan and is longer. 定期Nmap扫描并且更长。 --vulners-path TEXT Path to the custom nmap_vulners.nse script.If --vulners-path TEXT自定义nmap_vulners.nse脚本的路径。如果 not used, Raccoon uses the built-in script it 没用过,Raccoon使用内置脚本吧 ships with. 船舶。 -fr, --follow-redirects Follow redirects when fuzzing. -fr, - follow-redirects模糊时跟随重定向。 Default: False 默认值:False (will not follow redirects) (不会遵循重定向) --tls-port INTEGER Use this port for TLS queries. --tls-port INTEGER将此端口用于TLS查询。 Default: 443 默认值:443 --skip-health-check Do not test for target host availability --skip-health-check不测试目标主机可用性 --no-url-fuzzing Do not fuzz URLs --no-url-fuzzing不要模糊URL --no-sub-enum Do not bruteforce subdomains --no-sub-enum不要暴力破坏子域名 --skip-nmap-scan Do not perform an Nmap scan --skip-nmap-scan不执行Nmap扫描 -q, --quiet Do not output to stdout -q, - quiet不输出到stdout -o, --outdir TEXT Directory destination for scan output -o, - outdir TEXT扫描输出的目录目标 --help Show this message and exit. --help显示此消息并退出。
For Checking the version of the raccoon.用于检查浣熊的版本。
- Type raccoon –version输入浣熊 - 版本
[babysploit]> raccoon --version [babysploit]> 浣熊 - 版 raccoon, version 0.8.5 浣熊,版本0.8.5
Raccoon Default Scan:- 浣熊默认扫描: -
- For using raccoon type raccoon <Target URL>使用浣熊类型浣熊 <目标URL>
- For example – type raccoon testphp.vulnweb.com例如 - 键入raccoon testphp.vulnweb.com
===================SNIP====================== =================== SNIP ======================
======================SNIP================== ====================== SNIP ==================
- In the above screen shots, the raccoon has found some the DNS queries, web application URL's and the language on which the target web application has been used in development.在上面的屏幕截图中,浣熊发现了一些DNS查询,Web应用程序URL以及目标Web应用程序在开发中使用的语言。
- The above information can be used in other hacking activities.以上信息可用于其他黑客活动。 Getting an admin URL can make the brute force attack on the target website.获取管理员URL可以对目标网站进行暴力攻击。
Raccoon Full Scan:- 浣熊全扫描: -
- Type racconn –full-scan testphp.vulnweb.com 输入racconn -full-scan testphp.vulnweb.com
=====================SNIP===================== ===================== SNIP =====================
===================SNIP==================== =================== SNIP ====================
- After executing the above query, using “ –full-scan ” command will try to gather as much information as raccoon can.执行上述查询后,使用“ -full-scan ”命令将尝试收集与raccoon一样多的信息。 The above information could be used by remote attackers in other hacking activities.远程攻击者可以在其他黑客活动中使用上述信息。
- Raccoon has found all the open ports of the target which makes an attacker to easily attack on the website.浣熊已找到目标的所有开放端口,使攻击者轻易攻击网站。
RACCOON SKIP NMAP SCAN:- RACCOON SKIP NMAP SCAN: -
- Type raccoon –skip-nmap-scan输入raccoon -skip-nmap-scan
====================SNIP===================== ==================== SNIP =====================
- Using the “ –skip-nmap-scan ” will not use nmap queries to scan the target.使用“ -skip-nmap-scan ”不会使用nmap查询来扫描目标。 Raccoon will only use the URL fuzzer to grab all the target URL's. Raccoon只会使用URL模糊器来获取所有目标URL。
- All grabbed URL's by URL fuzzer can be used in creating the phishing pages to take credentials of the target's clients. URL fuzzer获取的所有URL都可用于创建网络钓鱼页面以获取目标客户端的凭据。
NOW WE WIL TALK ABOUT SEARCHSPLOIT TOOL:- 现在我们欢迎关于SEARCHSPLOIT工具: -
Searchsploit will give you type of exploits that can be used in exploiting the operating systems. Searchsploit将为您提供可用于利用操作系统的漏洞类型。 Searchsploit consists of big list as listed below. Searchsploit包含下面列出的大列表。
- Type searchsploit 输入searchsploit
- Then select the platform (Windows, Mac, Linux).然后选择平台(Windows,Mac,Linux)。
- In the below example Windows exploits has been selected.在下面的示例中,已选择Windows漏洞利用。
[babysploit]> searchsploit [babysploit]> searchsploit _____ __ _____ __ / ___/___ ____ ___________/ /_ / ___ / ___ ____ ___________ / / _ \__ \/ _ \/ __ `/ ___/ ___/ __ \ \ __ \ / _ \ / __`/ ___ / ___ / __ \ ___/ / __/ /_/ / / / /__/ / / / ___ / / __ / / _ / / / / __ / / / / /____/\___/\__,_/_/ \___/_/ /_/ / ____ / \ ___ / \ __,_ / _ / \ ___ / _ / / _ / Platform [Windows, Linux, MacOS, PHP, All]: Windows 平台[Windows,Linux,MacOS,PHP,All]:Windows Search: exploit 搜索:利用 Running Search.. 运行搜索.. ============================================== Result ============================================== ==============================================结果=== =========================================== ---------------------------------------------------------------------------------------------------- -------------------------------------------------- -------------------------------------------------- Title: (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - 'PORT' Remote Denial of Service 标题:( Gabriel的FTP服务器)开放式和紧凑型FTP服务器1.2 - “端口”远程拒绝服务 Platform: windows 平台:窗户 Path: /usr/share/exploitdb/exploits/windows/dos/12698.py 路径:/usr/share/exploitdb/exploits/windows/dos/12698.py Author: Ma3sTr0-Dz 作者:Ma3sTr0-Dz ---------------------------------------------------------------------------------------------------- -------------------------------------------------- -------------------------------------------------- Title: (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Authentication Bypass / Directory Traversal SAM Retrieval 标题:( Gabriel的FTP服务器)开放式和紧凑型FTP服务器1.2 - 身份验证绕过/目录遍历SAM检索 Platform: windows 平台:窗户 Path: /usr/share/exploitdb/exploits/windows/remote/27401.py 路径:/usr/share/exploitdb/exploits/windows/remote/27401.py Author: Wireghoul 作者:Wireghoul ---------------------------------------------------------------------------------------------------- -------------------------------------------------- -------------------------------------------------- Title: (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Full System Access 标题:( Gabriel的FTP服务器)开放和紧凑的FTP服务器1.2 - 完整系统访问 Platform: windows 平台:窗户 Path: /usr/share/exploitdb/exploits/windows/remote/13932.py 路径:/usr/share/exploitdb/exploits/windows/remote/13932.py Author: Serge Gorbunov 作者:Serge Gorbunov ---------------------------------------------------------------------------------------------------- -------------------------------------------------- -------------------------------------------------- Title: (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Universal Denial of Service 标题:( Gabriel的FTP服务器)开放和紧凑的FTP服务器1.2 - 通用拒绝服务 Platform: windows 平台:窗户 Path: /usr/share/exploitdb/exploits/windows/dos/12741.py 路径:/usr/share/exploitdb/exploits/windows/dos/12741.py Author: Dr_IDE 作者:Dr_IDE ---------------------------------------------------------------------------------------------------- -------------------------------------------------- -------------------------------------------------- Title: (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Buffer Overflow (Metasploit) 标题:( Gabriel的FTP服务器)Open&Compact FTPd 1.2 - 缓冲区溢出(Metasploit) Platform: windows 平台:窗户 Path: /usr/share/exploitdb/exploits/windows/remote/11742.rb 路径:/usr/share/exploitdb/exploits/windows/remote/11742.rb Author: blake 作者:布莱克 ---------------------------------------------------------------------------------------------------- -------------------------------------------------- -------------------------------------------------- Title: (Gabriel's FTP Server) Open & Compact FTPd 1.2 - Crash (PoC) 标题:( Gabriel的FTP服务器)Open&Compact FTPd 1.2 - 崩溃(PoC) Platform: windows 平台:窗户 Path: /usr/share/exploitdb/exploits/windows/dos/11391.py 路径:/usr/share/exploitdb/exploits/windows/dos/11391.py Author: loneferret 作者:loneferret
---------------------------------------------------------------------------------------------------- -------------------------------------------------- --------------------------------------------------
--------------------------SNIP OUTPUT------------------------------------------------------- -------------------------- SNIP OUTPUT ---------------------- ---------------------------------
FIND WORDPRESS VULNERABILITIES :- 找到WORDPRESS VULERGABILITIES : -
For finding the vulnerabilities用于查找漏洞
- Type wpseku 输入wpseku
- By default wpseku select the target google.com.默认情况下,wpseku选择目标google.com。 So for changing the target type N所以用于改变目标类型N.
- Then enter your desired target <URL>然后输入所需的目标<URL>
- Type haqeacademy.com 输入haqeacademy.com
[babysploit]> wpseku [babysploit]> wpseku == Current Configuration: == ==当前配置:== Target: google.com目标:google.com [?] Is this configuration correct? [?]这个配置是否正确? [?] [?] [y\n] n [y \ n] n [?] Enter Target: [?] [?]输入目标:[?] > haqueacademy.edu.pk > haqueacademy.edu.pk [?] What type of scan would you like to perform: [?] [?]您希望执行什么类型的扫描:[?] [bruteforce login | [bruteforce登录| generic scan |通用扫描| wp plugin] generic scan wp插件]通用扫描 [!] Confirm Settings [!] [!]确认设置[!] Target: haqueacademy.edu.pk目标:haqueacademy.edu.pk Scan Type: Generic扫描类型:通用 Press ENTER To Confirm按ENTER确认 ---------------------------------------- ---------------------------------------- _ _ _ ___ ___ ___| _ _ _ ___ ___ ___ | |_ _ _ | _ _ _ | | | | | | | | . 。 |_ -| | _ - | -_| -_ | '_| “_ | | | | | |_____| | _____ | _|___|___|_,_|___| _ | ___ | ___ | _,_ | ___ | |_| | _ | v0.4.0 V0.4.0 WPSeku - WordPress Security Scanner WPSeku - WordPress安全扫描程序 by Momo Outaadi (m4ll0k)作者:Momo Outaadi(m4ll0k) ---------------------------------------- ---------------------------------------- [ + ] Target: http://haqueacademy.edu.pk [+]目标:http://haqueacademy.edu.pk [ + ] Starting: 07:19:44 [+]开始时间:07:19:44 [ + ] Server: Apache [+]服务器:Apache [ i ] Checking Full Path Disclosure... [i]检查完整路径披露...... [ + ] Full Path Disclosure: /home/content/21/11179421/html/wp-includes/rss-functions.php [+]全路径披露:/home/content/21/11179421/html/wp-includes/rss-functions.php [ i ] Checking wp-config backup file... [i]检查wp-config备份文件... [ + ] wp-config.php available at: http://haqueacademy.edu.pk/wp-config.php [+] wp-config.php位于:http://haqueacademy.edu.pk/wp-config.php [ i ] Checking common files... [i]检查常见文件...... [ + ] robots.txt file was found at: http://haqueacademy.edu.pk/robots.txt [+] robots.txt文件位于:http://haqueacademy.edu.pk/robots.txt [ + ] sitemap.xml file was found at: http://haqueacademy.edu.pk/sitemap.xml [+] sitemap.xml文件位于:http://haqueacademy.edu.pk/sitemap.xml [ + ] readme.html file was found at: http://haqueacademy.edu.pk/readme.html [+] readme.html文件位于:http://haqueacademy.edu.pk/readme.html [ i ] Checking directory listing... [i]检查目录列表...... [ i ] Checking wp-loging protection... [i]检查wp-loging保护...... [ i ] Checking robots paths... [i]检查机器人路径...... [ + ] Robots was found at: http://haqueacademy.edu.pk/robots.txt [+]机器人发现于:http://haqueacademy.edu.pk/robots.txt ---------------------------------------- ---------------------------------------- User-agent: *用户代理: * Disallow: /worldsecuritynews/禁止:/ worldsecuritynews / Allow: /worldsecuritynews/admin-ajax.php允许:/worldsecuritynews/admin-ajax.php ---------------------------------------- ---------------------------------------- [ i ] Checking WordPress version... [i]检查WordPress版本...... [ + ] Running WordPress version: 4.9.8 [+]运行WordPress版本:4.9.8 | | Not found vulnerabilities没有发现漏洞 [ i ] Passive enumeration themes... [i]被动枚举主题...... [ + ] Name: haqueacademy [+]姓名:haqueacademy [ i ] Checking themes changelog... [i]检查主题更改日志... [ i ] Checking themes full path disclosure... [i]检查主题完整路径披露...... [ i ] Checking themes license... [i]检查主题许可证...... [ i ] Checking themes readme... [i]检查主题自述... [ i ] Checking themes directory listing... [i]检查主题目录列表... [ i ] Checking theme vulnerabilities... [i]检查主题漏洞...... | | Not found vulnerabilities没有发现漏洞 [ i ] Passive enumeration plugins... [i]被动枚举插件...... [ + ] Name: custom-facebook-feed-pro [+]姓名:custom-facebook-feed-pro [ i ] Checking plugins changelog... [i]检查插件更改日志... [ i ] Checking plugins full path disclosure... [i]检查插件完整路径披露... [ i ] Checking plugins license... [i]检查插件许可证...... [ i ] Checking plugins readme... [i]检查插件自述... [ i ] Checking plugins directory listing... [i]检查插件目录列表...... [ i ] Checking plugin vulnerabilities... [i]检查插件漏洞...... b'{"error":"Not found"}' b'{“错误”:“未找到”}' | | Not found vulnerabilities没有发现漏洞 [ i ] Enumerating users... [i]枚举用户...... ------------------------- ------------------------- | | ID | ID | Username |用户名| Login |登录| ------------------------- ------------------------- | | 0 | 0 | admin |管理员| admin |管理员| | | 1 | 1 | admin |管理员| None |没有| | | 2 | 2 | | | admin |管理员| ------------------------- -------------------------
CREATE PHISHING PAGES USING BLACKEYE TOOL:- 使用BLACKEYE工具创建钓鱼页: -
Normal user can easily create phishing pages using this tool.普通用户可以使用此工具轻松创建网络钓鱼页面。 Blackeye.黑色眼睛。
- For creating phishing page, type blackeye要创建网络钓鱼页面,请键入blackeye
- Then select any of the listed social media platforms type <social media platform number>然后选择任何列出的社交媒体平台类型<社交媒体平台号>
- In below example we have chosen facebook by typing 2在下面的示例中,我们通过键入2选择了facebook
[babysploit]> blackeye [babysploit]>黑眼圈 Availble Templates可用模板 [1] Instagram [2] Facebook [3] Snapchat [1] Instagram [2] Facebook [3] Snapchat [4] Twitter [5] GitHub [6] Google [4] Twitter [5] GitHub [6] Google [7] Spotify [8] Netflix [9] PayPal [7] Spotify [8] Netflix [9] PayPal [10] Origin [11] Steam [12] Yahoo! [10] Origin [11] Steam [12] Yahoo! [13] LinkedIn [14] Protonmail [15] WordPress [13] LinkedIn [14] Protonmail [15] WordPress [16] Microsoft [17] IGFollowers [18] eBay [16]微软[17] IGFollowers [18] eBay [19] Pinterest [20] CryptoCurrency [21] Verizon [19] Pinterest [20] CryptoCurrency [21] Verizon [22] DropBox [23] Adobe ID [24] Shopify [22] DropBox [23] Adobe ID [24] Shopify [25] FB Messenger [26] GitLab [27] Twitch [25] FB Messenger [26] GitLab [27] Twitch [28] MySpace [29] Badoo [30] VK [28] MySpace [29] Badoo [30] VK [31] Yandex [32] devianART [33] Custom [31] Yandex [32] devianART [33] Custom Please Choose A Number To Host Template:请选择一个号码来托管模板: [?]> 2 [?]> 2 Loading facebook加载脸书 Enter A Custom Subdomain输入自定义子域 [?]> www.testing.com [?]> www.testing.com Starting Server at www.testing.com.serveo.net...在www.testing.com.serveo.net上启动服务器... Logs Can Be Found In sites/facebook/ip.txt and sites/facebook/usernames.txt可以在sites / facebook / ip.txt和sites / facebook / usernames.txt中找到日志 PHP 7.2.3-1 Development Server started at Sat Nov 24 07:42:12 2018 PHP 7.2.3-1开发服务器于2018年11月24日星期六07:42:12开始 Listening on http://127.0.0.1:80听http://127.0.0.1:80 Document root is /root/BabySploit/sites/facebook文件根目录是/ root / BabySploit / sites / facebook Press Ctrl-C to quit.按Ctrl-C退出。 The authenticity of host 'serveo.net (159.89.214.31)' can't be established.无法建立主机'serveo.net(159.89.214.31)'的真实性。 RSA key fingerprint is SHA256:07jcXlJ4SkBnyTmaVnmTpXuBiRx2+Q2adxbttO9gt0M. RSA密钥指纹是SHA256:07jcXlJ4SkBnyTmaVnmTpXuBiRx2 + Q2adxbttO9gt0M。 Are you sure you want to continue connecting (yes/no)?您确定要继续连接(是/否)吗? yes是 Warning: Permanently added 'serveo.net,159.89.214.31' (RSA) to the list of known hosts.警告:永久性地将“serveo.net,159.89.214.31”(RSA)添加到已知主机列表中。 Hi there嗨,您好 Press g to start a GUI session and ctrl-c to quit.按g开始GUI会话,按ctrl-c退出。 Warning: no TLS certificate available for www.testing.com.serveo.net.警告:www.testing.com.serveo.net没有可用的TLS证书。 You won't be able to use HTTPS, only HTTP.您将无法使用HTTPS,只能使用HTTP。 Forwarding HTTP traffic from http://www.testing.com.serveo.net从http://www.testing.com.serveo.net转发HTTP流量 HTTP request from 120.59.146.150 to http://www.testing.com.serveo.net/ HTTP请求从120.59.146.150到http://www.testing.com.serveo.net/ HTTP request from 120.59.146.150 to http://www.testing.com.serveo.net/robots.txt HTTP请求从120.59.146.150到http://www.testing.com.serveo.net/robots.txt [Sat Nov 24 07:42:52 2018] 127.0.0.1:51672 [302]: / [星期六11月24日07:42:52 2018] 127.0.0.1:51672 [302]:/ [Sat Nov 24 07:42:52 2018] 127.0.0.1:51674 [404]: /robots.txt - No such file or directory [星期六11月24日07:42:52 2018] 127.0.0.1:51674 [404]:/ robots.txt - 没有这样的文件或目录 HTTP request from 120.59.146.150 to http://www.testing.com.serveo.net/login.html HTTP请求从120.59.146.150到http://www.testing.com.serveo.net/login.html [Sat Nov 24 07:42:53 2018] 127.0.0.1:51676 [200]: /login.html [星期六11月24日07:42:53 2018] 127.0.0.1:51676 [200]:/ login.html HTTP request from 120.59.146.150 to http://www.testing.com.serveo.net/ HTTP请求从120.59.146.150到http://www.testing.com.serveo.net/ [Sat Nov 24 07:43:30 2018] 127.0.0.1:51678 [302]: / [星期六11月24日07:43:30 2018] 127.0.0.1:51678 [302]:/ HTTP request from 120.59.146.150 to http://www.testing.com.serveo.net/login.html HTTP请求从120.59.146.150到http://www.testing.com.serveo.net/login.html [Sat Nov 24 07:43:31 2018] 127.0.0.1:51680 [200]: /login.html [星期六11月24日07:43:31 2018] 127.0.0.1:51680 [200]:/ login.html HTTP request from 120.59.146.150 to http://www.testing.com.serveo.net/osd.xml HTTP请求从120.59.146.150到http://www.testing.com.serveo.net/osd.xml [Sat Nov 24 07:43:49 2018] 127.0.0.1:51682 [404]: /osd.xml - No such file or directory [星期六11月24日07:43:49 2018] 127.0.0.1:51682 [404]:/ osd.xml - 没有这样的文件或目录 HTTP request from 120.59.146.150 to http://www.testing.com.serveo.net/login.html HTTP请求从120.59.146.150到http://www.testing.com.serveo.net/login.html [Sat Nov 24 07:44:20 2018] 127.0.0.1:51684 [200]: /login.html [星期六11月24日07:44:20 2018] 127.0.0.1:51684 [200]:/ login.html HTTP request from 120.59.146.150 to http://www.testing.com.serveo.net/osd.xml HTTP请求从120.59.146.150到http://www.testing.com.serveo.net/osd.xml [Sat Nov 24 07:44:34 2018] 127.0.0.1:51686 [404]: /osd.xml - No such file or directory [星期六11月24日07:44:34 2018] 127.0.0.1:51686 [404]:/ osd.xml - 没有这样的文件或目录
- After creating the subdomain, a fake phishing page has been created.创建子域后,创建了一个虚假的网络钓鱼页面。 The Most common attacks are done using phishing pages as per the research done by ethical hacking group of International Institute of Cyber Security.根据国际网络安全研究所道德黑客组织的研究,最常见的攻击是使用网络钓鱼页面完成的。
- In the above screen shot, a phishing has been created.在上面的屏幕截图中,已经创建了网络钓鱼。 These phishing are the most common attacks.这些网络钓鱼是最常见的攻击。
- Most of the users get these phishing pages via their mails/mobile chatting applications.大多数用户通过他们的邮件/移动聊天应用程序获取这些网络钓鱼页面。