Mastering the Art of Website Penetration Testing: Unleash Kali Linux's Full Potential

 Mastering the Art of Website Penetration Testing: Unleash Kali Linux's Full Potential


Website Penetration Testing: Unleash Kali Linux's Full Potential

In this chapter, we will learn about website penetration testing offered by Kali Linux.


Vega Usage

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. Vega can be extended using a powerful API in the language of the web: JavaScript. The official webpage is https://subgraph.com/vega/

Subgraph


Step 1 − To open Vega go to Applications → 03-Web Application Analysis → Vega

Vega


Step 2 − If you don’t see an application in the path, type the following command.

Subgraph


Step 3 − To start a scan, click “+” sign.

Subgraph Vega



Step 4 − Enter the webpage URL that will be scanned. In this case, it is metasploitable machine → click “ Next”.

Enter Page URL



Step 5 − Check all the boxes of the modules you want to be controlled. Then, click “Next”.

Module Boxes



Step 6 − Click “Next” again in the following screenshot.

Next Again



Step 7 − Click “Finish”.

Finish Button



Step 8 − If the following table pops up, click “Yes”.

Follow Redirect

The scan will continue as shown in the following screenshot.

Scanner Progress



Step 9 − After the scan is completed, on the left down panel you can see all the findings, that are categorized according to the severity. If you click it, you will see all the details of the vulnerabilities on the right panel such as “Request”, ”Discussion”, ”Impact”, and ”Remediation”.

Left Down Panel


ZapProxy

ZAP-OWASP Zed Attack Proxy is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications. It is a Java interface.

Step 1 − To open ZapProxy, go to Applications → 03-Web Application Analysis → owaspzap.

ZapProxy


Step 2 − Click “Accept”.

Licensed Version


ZAP will start to load.

OWASP Zap


Step 3 − Choose one of the Options from as shown in the following screenshot and click “Start”.

Choose Options


Following web is metasploitable with IP :192.168.1.101

Web Metasploitable


Step 4 − Enter URL of the testing web at “URL to attack” → click “Attack”.

Url Attack


After the scan is completed, on the top left panel you will see all the crawled sites.

In the left panel “Alerts”, you will see all the findings along with the description.

Alerts


Step 5 − Click “Spider” and you will see all the links scanned.

Spider


Database Tools Usage

sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Let’s learn how to use sqlmap.


Step 1 − To open sqlmap, go to Applications → 04-Database Assessment → sqlmap.

SQLMap


The webpage having vulnerable parameters to SQL Injection is metasploitable.

SQL Injection


Step 2 − To start the sql injection testing, type “sqlmap – u URL of victim”

Url Victim


Step 3 − From the results, you will see that some variable are vulnerable.

Variable Results


sqlninja

sqlninja is a SQL Injection on Microsoft SQL Server to a full GUI access. sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Full information regarding this tool can be found on http://sqlninja.sourceforge.net/

Step 1 − To open sqlninja go to Applications → 04-Database Assesment → sqlninja.

Database Assesment


CMS Scanning Tools

WPScan

WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.


Step 1 − To open WPscan go to Applications → 03-Web Application Analysis → “wpscan”.

Web Application

The following screenshot pops up.

Wpscan


Step 2 − To scan a website for vulnerabilities, type “wpscan –u URL of webpage”.

If the scanner is not updated, it will ask you to update. I will recommend to do it.

Scanner Update


Once the scan starts, you will see the findings. In the following screenshot, vulnerabilities are indicated by a red arrow.

Red ArrowScan Starts


Joomscan

Joomla is probably the most widely-used CMS out there due to its flexibility. For this CMS, it is a Joomla scanner. It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla sites.


Step 1 − To open it, just click the left panel at the terminal, then “joomscan – parameter”.


Step 2 − To get help for the usage type “joomscan /?”

Joomscan


Step 3 − To start the scan, type “ joomscan –u URL of the victim”.

OWASP


Results will be displayed as shown in the following screenshot.

VulnerabilitySuggestion


SSL Scanning Tools

TLSSLed is a Linux shell script used to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the “openssl s_client” command line tool.

The current tests include checking if the target supports the SSLv2 protocol, the NULL cipher, weak ciphers based on their key length (40 or 56 bits), the availability of strong ciphers (like AES), if the digital certificate is MD5 signed, and the current SSL/TLS renegotiation capabilities.


To start testing, open a terminal and type “tlssled URL port“. It will start to test the certificate to find data.

Tissled


You can see from the finding that the certificate is valid until 2018 as shown in green in the 

following screenshot.

Certificate


w3af

w3af is a Web Application Attack and Audit Framework which aims to identify and exploit all web application vulnerabilities. This package provides a Graphical User Interface (GUI) for the framework. If you want a command-line application only, install w3af-console.

The framework has been called the “metasploit for the web”, but it’s actually much more as it also discovers the web application vulnerabilities using black-box scanning techniques. The w3af core and its plugins are fully written in Python. The project has more than 130 plugins, which identify and exploit SQL injection, cross-site scripting (XSS), remote file inclusion and more.

Step 1 − To open it, go to Applications → 03-Web Application Analysis → Click w3af.

Application W3af


Step 2 − On the “Target” enter the URL of victim which in this case will be metasploitable web address.

Target


Step 3 − Select the profile → Click “Start”.

Profile Start


Step 4 − Go to “Results” and you can see the finding with the details.

Finding Results
-------------------------------------------------------------------------------------------------------------------------

Comments