ʻO nā mea hana hoʻokolohua 10 kiʻekiʻe
1. Kali Linux
ʻAʻole ʻo Kali he mea paahana no kēlā me kēia. ʻO ia ka hāʻawi ʻia ʻana o ka ʻōnaehana hana Linux i kūkulu ʻia no ike nā hana palekana e like me ka noiʻi palekana, ka ʻenekinia hoʻohuli, nā forensics kamepiula, a, ua kuhi ʻoe, ka hoʻāʻo ʻana.
Loaʻa iā Kali kekahi mau mea hana hoʻāʻo komo, ʻo kekahi o nā mea āu e ʻike ai ma kēia papa inoa i kāu heluhelu ʻana. Hiki i kēia mau mea hana ke hana i nā mea a pau āu e makemake ai i ka wā e pili ana i ka hoʻāʻo peni. Makemake ʻoe e hoʻokō i kahi hoʻouka kaua SQL, kau i kahi uku, haki i kahi ʻōlelo huna? Aia nā mea hana no kēlā.
Ua kapa ʻia ʻo ia ʻo Backtrack ma mua o kona inoa i kēia manawa, ʻo Kali. Ke mālama ʻia nei e Offensive Security nāna e hoʻokuʻu i nā mea hou i ka OS i kekahi manawa e hoʻohui i nā mea hana hou, hoʻomaikaʻi i ka hoʻohālikelike ʻana, a kākoʻo i nā lako lako hou aʻe.
ʻO kekahi mea kupanaha e pili ana iā Kali, ʻo ia ka laulā o nā paepae e holo ai. Hiki iā ʻoe ke holo iā Kali ma nā polokalamu kelepona, Docker, ARM, Amazon Web Services, Windows Subsystem for Linux, Virtual Machine, a me ka metala ʻole.
ʻO kahi hana maʻamau o nā mea hōʻike peni ke hoʻouka ʻana i ka raspberry pis me Kali ma muli o ko lākou liʻiliʻi. He mea maʻalahi kēia i ka hoʻopili ʻana iā ia i kahi pūnaewele ma kahi kikoʻī o kahi pahuhopu. Eia nō naʻe, hoʻohana ka hapa nui o nā mea hōʻike peni iā Kali ma kahi VM a i ʻole kahi bootable thumb drive.
E hoʻomaopopo he nāwaliwali ka palekana paʻamau o Kali, no laila pono ʻoe e hoʻoikaika iā ia ma mua o ka hana ʻana a i ʻole ka mālama ʻana i kekahi mea huna.
2. Metasploit
ʻAʻole i hāʻawi mau ʻia ke kaʻe ʻana i ka palekana o kahi ʻōnaehana pahuhopu. Ke hilinaʻi nei nā mea hōʻike peni i nā nāwaliwali i loko o kahi ʻōnaehana pahuhopu e hoʻohana a loaʻa i ke komo a i ʻole ka mana. E like me kāu e noʻonoʻo ai, ua ʻike ʻia nā tausani o nā nāwaliwali ma kahi ākea o nā paepae i nā makahiki. ʻAʻole hiki ke ʻike i kēia mau nāwaliwali a me kā lākou hana, no ka mea he nui lākou.
ʻO kēia kahi e komo ai ʻo Metasploit. ʻO Metasploit kahi ʻōnaehana palekana open-source i hoʻomohala ʻia e Rapid 7. Hoʻohana ʻia ia e nānā i nā ʻōnaehana kamepiula, nā pūnaewele, a me nā kikowaena no nā nāwaliwali e hoʻohana iā lākou a palapala paha.
Loaʻa i ka Metasploit ʻoi aku ma mua o ʻelua kaukani hoʻohana ma nā ʻano ākea ākea, e like me Android, Cisco, Firefox, Java, JavaScript, Linux, NetWare, nodejs, macOS, PHP, Python, R, Ruby, Solaris, Unix, a ʻoiaʻiʻo, Windows.
Ma waho aʻe o ka nānā ʻana i nā nāwaliwali, hoʻohana pū nā mea penikala i ka Metasploit no ka hoʻomohala ʻana, ka hāʻawi ʻana i ka uku, ka ʻohi ʻike, a me ka mālama ʻana i ke komo ʻana i kahi ʻōnaehana i hoʻopaʻa ʻia.
Kākoʻo ʻo Metasploit i kekahi Windows a me Linux nā pūnaewele hana a ʻo ia kekahi o nā polokalamu i kau mua ʻia ma Kali.
3. Wireshark
Ma mua o ka hoʻāʻo ʻana e kāʻalo i ka palekana o kahi ʻōnaehana, hoʻāʻo nā pentesters e hōʻiliʻili i ka ʻike e like me ka hiki iā lākou e pili ana i kā lākou pahuhopu. ʻO ka hana ʻana i kēia hiki iā lākou ke hoʻoholo i kahi ala kūpono e hoʻāʻo ai i ka ʻōnaehana. ʻO kekahi o nā mea hana pentesters e hoʻohana ai i kēia kaʻina hana ʻo Wireshark.
ʻO Wireshark kahi mea nānā i ka protocol network i hoʻohana ʻia no ka hoʻomaopopo ʻana i ka hele ʻana ma o kahi pūnaewele. Hoʻohana maʻamau ka poʻe ʻoihana pūnaewele e hoʻoponopono i nā pilikia pili TCP/IP e like me nā pilikia latency, hāʻule nā ʻeke, a me ka hana ʻino.
Eia nō naʻe, hoʻohana nā pentesters e loiloi i nā pūnaewele no nā nāwaliwali. Ma waho aʻe o ke aʻo ʻana i ka hoʻohana ʻana i ka hāmeʻa ponoʻī, pono ʻoe e kamaʻāina i kekahi mau manaʻo pūnaewele e like me ka TCP/IP stack, heluhelu a me ka unuhi ʻana i nā poʻomanaʻo packet, hoʻomaopopo i ke alahele, hoʻouna i ke awa, a me ka hana DHCP e hoʻohana pono ai.
ʻO kekahi o kāna mau hiʻohiʻona nui:
- Hiki ke kālailai i ka nui o ka ʻikepili.
- Kākoʻo no ka nānā ʻana a me ka decryption o nā haneli o nā protocols.
- ʻO ka nānā ʻana i ka manawa maoli a me ka offline o nā pūnaewele.
- Hopu ikaika a hōʻike i nā kānana.
Loaʻa ʻo Wireshark ma Windows, macOS, Linux, Solaris, FreeBSD, NetBSD, a me nā kahua ʻē aʻe he nui.
Maʻiʻo i kākoʻo ʻia:
4. Nmap
Hoʻohana nā Pentesters i ka Nmap no ka ʻohi ʻana i ka ʻike a me ka ʻike ʻana i nā nāwaliwali ma kahi pūnaewele. ʻO Nmap, pōkole no ka palapala ʻāina pūnaewele, he mea nānā i hoʻohana ʻia no ka ʻike pūnaewele. Ua kūkulu ʻia ʻo Nmap e nānā i nā pūnaewele nui me nā haneli haneli o nā mīkini, wikiwiki.
ʻO ia mau scans e hāʻawi pinepine i ka ʻike e like me ke ʻano o nā pūʻali ma ka pūnaewele, nā lawelawe (inoa inoa a me ka mana) a lākou e hāʻawi ai, ka inoa a me ka mana o ka OS e holo nei nā pūʻali, nā kānana packet a me nā pā ahi i hoʻohana ʻia, a me nā ʻano ʻē aʻe he nui.
Ma o Nmap scans e ʻike ai nā pentesters i nā mea hoʻohana pono ʻole. Hāʻawi ʻo Nmap iā ʻoe e nānā i ka host a me ka manawa lawelawe ma kahi pūnaewele.
Holo ʻo Nmap ma nā ʻōnaehana hana nui e like me Linux, Microsoft Windows, Mac OS X, FreeBSD, OpenBSD, a me Solaris. Hoʻokomo mua ʻia ia ma Kali e like me nā mea hana hoʻāʻo komo ma luna.
5. Hawaiian Aircrack-ng
ʻO nā pūnaewele WiFi paha kekahi o nā ʻōnaehana mua āu i makemake ai hiki iā ʻoe ke hack. Ma hope o nā mea a pau, ʻo wai ka makemake ʻole i ka WiFi "noa"? Ma ke ʻano he pentester, pono ʻoe e hoʻāʻo i ka palekana WiFi i kāu hāmeʻa. A he aha ka mea hana maikaʻi e hoʻohana ai ma mua o Aircrack-ng?
ʻO Aircrack-ng kahi mea hana e hoʻohana ai nā pentesters e hoʻohana i nā pūnaewele uea. Loaʻa iā ia kahi pūʻulu o nā mea hana i hoʻohana ʻia no ka loiloi ʻana i kahi pūnaewele uea no nā nāwaliwali.
ʻO nā mea hana Aircrack-ng a pau he mau mea hana kauoha. He mea maʻalahi kēia i ka poʻe pentesters e hana i nā palapala maʻamau no ka hoʻohana mua. ʻO kekahi o kāna mau hiʻohiʻona nui:
- Ke nānā nei i nā ʻeke pūnaewele.
- Hoʻouka ʻia ma o ka ʻeke ʻeke.
- Ke hoʻāʻo nei i ka WiFi a me ka hiki ke hoʻokele.
- Ke haki ʻana i nā pūnaewele WiFi me WEP a me WPA PSK (WPA 1 a me 2).
- Hiki ke hopu a hoʻokuʻu aku i nā ʻeke ʻikepili no ka nānā hou ʻana e nā mea hana ʻekolu.
Hana nui ʻo Aircrack-ng ma Linux (hele mai me Kali) akā loaʻa nō hoʻi ia ma Windows, macOS, FreeBSD, OpenBSD, NetBSD, Solaris, a me eComStation 2.
6. Sqlmap
ʻO kahi ʻōnaehana hoʻokele waihona ʻikepili palekana kahi mea hoʻouka vector pentesters e hoʻohana pinepine ai e komo i kahi ʻōnaehana. ʻO nā ʻikepili he mau ʻāpana koʻikoʻi o nā noi hou, ʻo ia hoʻi, aia lākou ma nā wahi āpau. ʻO ia hoʻi, hiki i nā pentesters ke komo i nā ʻōnaehana he nui ma o nā DBMS palekana.
ʻO Sqlmap kahi mea hana SQL injection e hoʻokaʻawale i ka ʻike a me ka hoʻohana ʻana i nā hemahema SQL injection i mea e lawe ai i kahi waihona. Ma mua o Sqlmap, ua holo ka poʻe pentesters i ka hoʻouka kaua SQL me ka lima. ʻO ke ʻano o ka hoʻokō ʻana i ka ʻenehana e pono ai ka ʻike mua.
I kēia manawa, hiki i nā poʻe hoʻomaka ke hoʻohana i kekahi o nā ʻenehana hoʻokele SQL ʻeono i kākoʻo ʻia e Sqlmap(boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries, and out-of-band) e hoʻāʻo e komo i loko. he waihona waihona.
Hiki iā Sqlmap ke hoʻouka i kahi ākea o nā DBMS e like me MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, a me SQLite. E kipa i ka pūnaewele no ka papa inoa piha.
Aia kekahi o kāna mau hiʻohiʻona:
- Ke hoʻokō nei i nā kauoha ma ka OS o ka mīkini i hoʻopaʻa ʻia, ma o nā pilina o waho.
- Ke komo ʻana i ka ʻōnaehana waihona kumu o ka mīkini ʻimi.
- Hiki ke hoʻomaopopo 'akomi i nā ʻano hua'ōlelo hash, a paʻi iā lākou me ka hoʻouka ʻana i ka puke wehewehe'ōlelo.
- Hiki ke hoʻokumu i kahi pilina ma waena o ka mīkini hoʻouka kaua a me ka OS lalo o ka kikowaena waihona, e ʻae iā ia e hoʻomaka i kahi kikowaena, kahi hālāwai Meterpreter, a i ʻole kahi kau GUI ma o VNC.
- Kākoʻo no ka piʻi ʻana o ka pono o ka mea hoʻohana ma o Metasploit's Meterpreter.
Hoʻokumu ʻia ʻo Sqlmap me Python, ʻo ia ka mea hiki ke holo ma luna o kekahi kahua i hoʻokomo ʻia ka unuhi unuhi Python.
Maʻiʻo i kākoʻo ʻia:
7. ʻO Hydra
He mea kupanaha ka nāwaliwali o ka hapa nui o nā ʻōlelo huna a ka poʻe. Ua hōʻike ʻia kahi loiloi o nā ʻōlelo huna kaulana loa i hoʻohana ʻia e nā mea hoʻohana LinkedIn ma 2012 ʻoi aku ma mua o 700,000 mau mea hoʻohana '123456' i kā lākou ʻōlelo huna!
ʻO nā mea hana e like me Hydra e maʻalahi ke ʻike i nā ʻōlelo huna nāwaliwali ma nā kahua pūnaewele ma ka hoʻāʻo ʻana e haki iā lākou. ʻO Hydra kahi mea hoʻohana ʻana i ka ʻōlelo huna huna huna (maikaʻi, he waha) i hoʻohana ʻia e haki i nā ʻōlelo huna ma ka pūnaewele.
Hoʻohana pinepine ʻia ʻo Hydra me nā mea hoʻopuka huaʻōlelo ʻaoʻao ʻekolu e like me Crunch a me Cupp, no ka mea, ʻaʻole ia e hoʻopuka i nā papa inoa huaʻōlelo. No ka hoʻohana ʻana iā Hydra, ʻo ka mea wale nō āu e hana ai, ʻo ia ke kuhikuhi i ka pahuhopu āu e hoʻāʻo ai i ka peni, e komo i kahi papa inoa huaʻōlelo, a holo.
Kākoʻo ʻo Hydra i kahi papa inoa lōʻihi o nā paepae a me nā protocol network e like me Cisco auth, Cisco enable, FTP, HTTP(S)-(FORM-GET, FORM-POST, GET, HEAD), HTTP-Proxy, MS-SQL, MySQL, Oracle Listener, Oracle SID, POP3, PostgreSQL, SMTP, SOCKS5, SSH (v1 a me v2), Subversion, Telnet, VMware-Auth, VNC, a me XMPP.
ʻOiai ua hoʻokomo mua ʻia ʻo Hydra ma Kali, ua "hoʻāʻo ʻia e hōʻuluʻulu maʻemaʻe ma Linux, Windows / Cygwin, Solaris, FreeBSD / OpenBSD, QNX (Blackberry 10) a me MacOS", e like me kāna mea hoʻomohala.
8. ʻO John The Ripper
Ma waho aʻe o ka inoa ʻē aʻe, ʻo John The Ripper he wikiwiki, open-source, offline password cracker. Loaʻa iā ia kekahi mau password crackers a hiki iā ʻoe ke hana i kahi cracker maʻamau.
Kākoʻo ʻo John The Ripper i nā ʻano ʻōlelo huna a me nā ʻano cipher e lilo ia i mea hana maʻalahi loa. Kākoʻo ka password cracker i nā CPU, GPU, a me nā FPGA e Openwall, nā mea hoʻomohala o ka password cracker.
No ka hoʻohana ʻana i ka John The Ripper e koho ʻoe mai ʻehā mau ʻano ʻokoʻa: ke ʻano papa inoa huaʻōlelo, ke ʻano māwae hoʻokahi, ke ʻano hoʻonui, a me ke ʻano waho. Loaʻa i kēlā me kēia ʻano nā ala e haki ai i nā ʻōlelo huna e kūpono ai i kekahi mau kūlana. ʻO ka hoʻouka kaua ʻana ʻo John The Ripper ma o ka hoʻouka kaua ʻana a me ka hoʻouka puke wehewehe.
ʻOiai ua wehe ʻia ʻo John The Ripper, ʻaʻohe hale kūʻokoʻa i loaʻa (no ka manuahi). Hiki iā ʻoe ke loaʻa ma ke kau inoa ʻana no ka mana Pro, e komo pū ana me nā hiʻohiʻona hou aʻe e like me ke kākoʻo no nā ʻano hash hou aʻe.
Loaʻa ʻo John The Ripper ma nā ʻōnaehana hana 15 (i ka manawa e kākau ai i kēia) me macOS, Linux, Windows, a me Android.
9. Burp Suite
I kēia manawa, ua kūkākūkā mākou i nā pūnaewele hoʻāʻo, nā ʻikepili, WiFi, a me nā ʻōnaehana hana, akā pehea e pili ana i nā polokalamu pūnaewele? ʻO ka piʻi ʻana o SaaS ua alakaʻi i ka nui o nā polokalamu pūnaewele e kū mai ana i nā makahiki.
He mea koʻikoʻi ka palekana o kēia mau polokalamu, inā ʻaʻole ʻoi aku ma mua o nā paepae ʻē aʻe a mākou i nānā ai, me ka noʻonoʻo ʻana i nā hui he nui i kēia manawa ke kūkulu nei i nā polokalamu pūnaewele ma mua o nā polokalamu papapihi.
I ka hiki ʻana mai i nā mea hana hoʻāʻo komo no nā polokalamu pūnaewele, ʻo Burp Suite paha ka mea maikaʻi loa ma waho. ʻAʻole like ʻo Burp Suite i kekahi o nā mea hana ma kēia papa inoa, me kāna mea hoʻohana maʻalahi a me ke kumu kūʻai kaumaha.
ʻO Burp Suite kahi mea hoʻopaʻa haʻahaʻa pūnaewele i kūkulu ʻia e Portswigger Web Security e pale i nā noi pūnaewele ma o ka ʻohi ʻana i nā hemahema a me nā nāwaliwali. ʻOiai loaʻa iā ia kahi paʻi kaiāulu manuahi, ʻaʻohe hapa nui o kāna mau hiʻohiʻona nui.
Loaʻa iā Burp Suite kahi mana Pro a me kahi mana ʻoihana. Hiki ke hui 'ia nā hi'ohi'ona o ka 'oihana 'oihana i 'ekolu; ʻO nā hiʻohiʻona hoʻāʻo hoʻopaʻa lima, nā hoʻouka ʻokoʻa kiʻekiʻe/maʻamau, a me ka nānā ʻana i nā nāwaliwali.
Aia ka mana o ka ʻoihana i nā hiʻohiʻona Pro āpau a me kekahi mau hiʻohiʻona ʻē aʻe e like me ka hoʻohui ʻana o CI, scan scheduling, scalability-wide enterprise. ʻOi aku ka nui o ke kumukūʻai ma $6,995, ʻoiai ke kumukūʻai ʻo Pro he $399 wale nō.
Loaʻa ka Burp Suite ma Windows, Linux, a me macOS.
Maʻiʻo i kākoʻo ʻia:
10. MobSF
ʻOi aku ma mua o 80% o ka poʻe o ka honua i kēia lā i nā kelepona, no laila he ala hilinaʻi ia no cybercriminals e hoouka i kanaka. ʻO kekahi o nā mea hoʻouka kaua maʻamau a lākou e hoʻohana ai he mau polokalamu me nā nāwaliwali.
ʻO MobSF a i ʻole Mobile Security Framework kahi papa hana loiloi palekana kelepona i kūkulu ʻia no ka hoʻomaʻamaʻa ʻana i ka nānā ʻana i ka malware, ka hoʻāʻo peni, a me ka loiloi static & dynamic o nā polokalamu kelepona.
Hiki ke hoʻohana ʻia ʻo MobSF e kālailai i nā faila app Android, iOS, a me Windows (mobile). Ke nānā ʻia nā faila app, hoʻomākaukau ʻo MobSF i kahi hōʻike e hōʻuluʻulu ana i ka hana o ka app, a me ka wehewehe ʻana i nā pilikia e hiki ai ke ʻae i ka ʻae ʻole i ka ʻike ma ke kelepona paʻa.
Hana ʻo MobSF i ʻelua ʻano loiloi ma nā polokalamu kelepona: static (reverse engineering) a me ka ikaika. I ka wā o ka nānā ʻana i ka static, ua hoʻokaʻawale mua ʻia kahi kelepona paʻalima. A laila lawe ʻia kāna mau faila a nānā ʻia no nā nāwaliwali.
Hana ʻia ka loiloi dinamika ma ka holo ʻana i ka app ma kahi emulator a i ʻole kahi mea hana maoli a laila nānā iā ia no ka loaʻa ʻana o ka ʻikepili koʻikoʻi, nā noi palekana, a me nā kikoʻī paʻakikī. Hoʻokomo pū ʻia ʻo MobSF i kahi fuzzer API Web i hoʻohana ʻia e CappFuzz.
Holo ʻo MobSF ma Linux, macOS, a me Windows ma Ubuntu/Debian. Loaʻa iā ia kahi kiʻi Docker i kūkulu mua ʻia.
Ka Hopena ...
Inā ua hoʻokomo mua ʻoe iā Kali Linux ma mua o kēia manawa, ua ʻike paha ʻoe i ka hapa nui o nā mea hana ma kēia papa inoa. ʻO ke koena hiki iā ʻoe ke hoʻokomo iā ʻoe iho). Ke pau ʻoe i ka hoʻokomo ʻana i nā mea hana āu e pono ai, ʻo ka hana aʻe e aʻo ai pehea e hoʻohana ai. He mea maʻalahi ka hapa nui o nā mea hana, a ma mua o kou ʻike ʻana, e hele ana ʻoe e hoʻomaikaʻi i ka palekana o kāu mea kūʻai aku me nā pūʻulu akamai hou.
