- Hands-On Bug Hunting for Penetration Testers
- Joseph Marshall
- 327字
- 2021-07-16 17:53:17
Technical Requirements
For this chapter, in addition to our existing Burp and Burp Proxy integration with Chrome (66.0.3359.139), we'll also be using sqlmap, a CLI tool for detecting SQL- and NoSQL-based injections. sqlmap can be installed using Homebrew with brew install sqlmap and is also available as a Python module installable via pip. sqlmap is a popular tool, so there should be an installation path for you whatever your system.
We'll also be using Arachni as our go-to scanner. Though noisy, scanners can be indispensable for the appropriate situation, and are great at flushing out otherwise hard-to-detect bugs. Arachni is an excellent choice because it's open source, multi-threaded, extensible via plugins, and has a great CLI that allows it to be worked into other automated workflows. Arachni is easy to install; you can install it as a gem (gem install arachni) or you can simply download the official packages straight from the installation site.
After you've installed it, if you've downloaded the packages for the appropriate system, you'll want to move them to wherever is appropriate within your system.
Then you can create a symlink (symbolic link) so that all the arachni CLI packages will be available within your path (fill in the correct path to your arachni installation):
sudo ln -s /Path/to/arachni-1.5.1-0.5.12/bin/arachni* /usr/local/bin
You might find that, after you symlink your arachni executables to your path, you receive the following error:
/usr/local/bin/arachni: line 3: /usr/local/bin/readlink_f.sh: No such file or directory
/usr/local/bin/arachni: line 4: readlink_f: command not found
/usr/local/bin/arachni: line 4: ./../system/setenv: No such file or directory
If you receive this error, simply symlink, copy, or move the readlink_f.sh script from your arachni installation's bin directory to your own path. In this case, we'll symlink it:
sudo ln -s /Path/to/arachni-1.5.1-0.5.12/bin/readlink_f.sh /usr/local/bin/readline_f.sh
Now when we use arachni later in the chapter, we can invoke it directly, as opposed to having to type the full path each time.
- 白話網絡安全2:網安戰略篇
- CTF實戰:技術、解題與進階
- 網絡安全保障能力研究
- 走進新安全:讀懂網絡安全威脅、技術與新思想
- Kali Linux Network Scanning Cookbook(Second Edition)
- Spring Security(Third Edition)
- 云原生安全與DevOps保障
- Kerberos域網絡安全從入門到精通
- 網絡安全與攻防入門很輕松(實戰超值版)
- End to End GUI Development with Qt5
- 網絡安全實戰詳解(企業專供版)
- Mastering Python for Networking and Security
- 紅藍攻防:技術與策略(原書第3版)
- Metasploit 5.0 for Beginners
- 動態賦能網絡空間防御