Trying to gain new permissions β use valid credentials, SQLi, brute force, hijacking, abusing CORS, etc.
Data Exfiltration
Extracting sensitive/restricted data from the target network.
Remote Code Execution
Executing commands on the target. Bind shell is listening on the target. Reverse shell calls back to our device.
Web Shells
Limited, shell-like interface through a script installed on the web server. Check out /usr/share/webshells/.
Appendix
Proxy Tools
Burp Suite is a robust platform that can perform security testing of web applications. It includes several tools that can help identify web application vulnerabilities. There's a simplified free version available, but the professional/commercial version offers more comprehensive tools.
Zed Attack Proxy (ZAP) is a free, open-source web application security scanner. It includes features to allow automated and manual testing for web application vulnerabilities.
Fiddler has several versions of its debugging proxy tool. While this tool can capture and inspect HTTP traffic, it does not include any security tools.
Content Discovery Tools
DIRB is a content scanner that uses a wordlist to discover web resources through brute forcing.
DirBuster is a multi-threaded content scanner. It can be run with a GUI or headless. It is typically included in Kali Linux by default.
Gobuster is a brute forcing tool written in Go, which usually makes it more performant than DIRB or DirBuster. Gobuster also supports enumerating DNS subdomains, and AWS S3 and Google Cloud buckets.
Hakrawler is a web crawler that discovers URLs and JavaScript files.
Vulnerability Scanners
Nessus is a comprehensive commercial vulnerability scanning tool. It can identify a variety of vulnerabilities and provides detailed reports and remediation recommendations.
Qualys provides a selection of security tools, including commercial cloud security, compliance, and scanning services.
OpenVAS is an open source vulnerability scanner maintained by Greenbone.
Specialty Tools
Nikto is a free, open source web server scanner that can conduct comprehensive tests against web servers for various vulnerabilities.
Wfuzz is a web application brute forcing tool. We can use it for content discovery, fuzzing, or more advanced attacks.
ffuf is a web application brute forcing tool similar to Wfuzz, but written in Go.
sqlmap is a tool for discovering and exploiting SQL injection vulnerabilities in a variety of database servers.
Metasploit Framework (MSF) is a pentesting framework with scanning and exploitation capabilities. While maintained by Rapid7, it is frequently updated with new exploits by the community. For more information on using the Metasploit Framework, refer to OffSec's Metasploit Unleashed (MSFU).
kali@kali:~$ dirb
dirb <url_base> [<wordlist_file(s)>] [options]
========================= NOTES =========================
<url_base> : Base URL to scan. (Use -resume for session resuming)
<wordlist_file(s)> : List of wordfiles. (wordfile1,wordfile2,wordfile3...)
...
======================== OPTIONS ========================
...
-X <extensions> / -x <exts_file> : Append each word with this extensions.
-z <millisecs> : Add a milliseconds delay to not cause excessive Flood.
======================== EXAMPLES =======================
dirb http://url/directory/ (Simple Test)
dirb http://url/ -X .html (Test files with '.html' extension)
dirb http://url/ /usr/share/dirb/wordlists/vulns/apache.txt (Test with apache.txt wordlist)
dirb https://secure_url/ (Simple Test with SSL)
