- Hands-On Bug Hunting for Penetration Testers
- Joseph Marshall
- 406字
- 2021-07-16 17:53:07
Tools
We'll be using a variety of tools this chapter, some of which we'll be coming back to throughout the book:
- wfuzz
- scrapy
- striker
- Burp Suite
- Homebrew (package manager)
- SecLists
- virtualenv
- jenv(Java version manager)
- Java Development Kit (JDK)
- Java Runtime Environment (JRE) 1.6 or greater
wfuzz is a fuzzer and discovery tool built by pentesters for pentesters. To install it, simply use pip: pip install wfuzz.
Homebrew is an excellent package manager for macOS that allows you to install dependencies from the command line, much like you would with apt-get in Debian or yum in Redhat-flavored Linux distributions. Homebrew is easily installed via its website (https://brew.sh/), then packages can be installed simply via brew install <PACKAGE_NAME>.
Burp Suite requires a JRE (version 1.6 or greater), but we'll also need the JDK to use the java command line tool to bootstrap Burp Suite from the command line. Running Burp from the command line lets us pass in settings via arguments that give us more control over the execution environment.
Please install Burp Suite by following the directions on Portswigger's website: https://portswigger.net/burp/help/suite_gettingstarted.
To use Burp Suite, you need to run a legacy version of Java. If you try to start Burp from its CLI with Java 10.0.0 or later, you'll receive a message to the effect that Burp has not been tested on this version and is susceptible to errors.
If you just need Java for Burp, you can install an older version—we'll be using Java 1.8.0 (Java 8)—and use that system-wide. But if you need a more up-to-date Java installation for other programs, you can still run legacy Java by using the jenv command-line utility that allows you to switch between versions. jenv is similar to the Ruby version manager rvm or the Node version manager nvm, they all allow you add, list, and switch between versions of the language with just a few commands.
After you've installed jenv, you can add a new Java version to it simply by using the path to its /Home directory. Then we'll set our system to use it:
jenv add /Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home
jenv global 1.8
You might have to restart your Terminal. But you should have Java 8 installed! Check it's Java 8 with java -version. You should see this output:
java version "1.8.0_172"
Java(TM) SE Runtime Environment (build 1.8.0_172-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.172-b11, mixed mode)
- 網絡安全與管理
- 黑客大曝光:無線網絡安全(原書第3版)
- Wireshark 2 Quick Start Guide
- INSTANT Burp Suite Starter
- Penetration Testing with Perl
- 從實踐中學習Kali Linux滲透測試
- 網絡安全與攻防入門很輕松(實戰超值版)
- 解密數據恢復
- 網絡安全設計、配置與管理大全
- End to End GUI Development with Qt5
- 實用黑客攻防技術
- 持續集成:軟件質量改進和風險降低之道
- Kali Linux高級滲透測試(原書第4版)
- Cybersecurity Threats,Malware Trends,and Strategies
- INSTANT Kali Linux