Web漏洞掃描工具 - 安全工具篇

針對Web應用程序的漏洞掃描其實就是每一個掃描器讀取本身的Payload進行探測。每一個掃描器都有各自不一樣的Payload進行探測，探測結果也可能不盡相同。所以，作漏洞掃描的時候，須要多個掃描器一塊兒使用，獲取最終較爲準確的結果。

Web漏洞經常使用掃描器有：一、Owasp-zap；二、AWVS；三、Appscan；四、Nikto；五、Burpsuite

Owasp-zap漏洞掃描器

OWASP-ZAP是OWASP組織開發的用於Web應用程序漏洞掃描器。免費開源，不斷更新維護。OWASP-ZAP主要擁有如下重要功能：本地代理、主動掃描、被動掃描、Fuzzy、暴力破解

OWASP-ZAP掃描器

這篇文章寫的很詳細：OWASP ZAP下載、安裝、使用（詳解）教程

Skipfish漏洞掃描器

Skipfish是由google出品的一款自動化的網絡安全掃描工具，該工具能夠安裝在linux、freebsd、MacOS X系統和windows(cygwin)。Skipfish經過HTTP協議處理且佔用較低的CPU資源，所以它的運行速度比較快。Skipfish每秒鐘能夠輕鬆處理2000個請求。

缺點：沒有代理功能，騷起來還挺久。

root@kali:~# skipfish -o test  -I mutillidae  http://10.0.2.5/mutillidae
skipfish web application scanner - version 2.10b
[!] WARNING: Wordlist '/dev/null' contained no valid entries.
Welcome to skipfish. Here are some useful tips:

1) To abort the scan at any time, press Ctrl-C. A partial report will be written
   to the specified location. To view a list of currently scanned URLs, you can
   press space at any time during the scan.

2) Watch the number requests per second shown on the main screen. If this figure
   drops below 100-200, the scan will likely take a very long time.

3) The scanner does not auto-limit the scope of the scan; on complex sites, you
   may need to specify locations to exclude, or limit brute-force steps.

4) There are several new releases of the scanner every month. If you run into
   trouble, check for a newer version first, let the author know next.

More info: http://code.google.com/p/skipfish/wiki/KnownIssues

Press any key to continue (or wait 60 seconds)... 
skipfish version 2.10b by lcamtuf@google.com

  - 10.0.2.5 -

Scan statistics:

      Scan time : 2:05:04.272
  HTTP requests : 741204 (99.0/s), 3855563 kB in, 353001 kB out (560.8 kB/s)  
    Compression : 0 kB in, 0 kB out (0.0% gain)    
    HTTP faults : 153 net errors, 0 proto errors, 0 retried, 0 drops
 TCP handshakes : 7652 total (98.2 req/conn)  
     TCP faults : 0 failures, 153 timeouts, 4 purged
 External links : 1490405 skipped
   Reqs pending : 10531        

Database statistics:

         Pivots : 2435 total, 1751 done (71.91%)    
    In progress : 68 pending, 7 init, 486 attacks, 123 dict    
  Missing nodes : 511 spotted
     Node types : 1 serv, 246 dir, 335 file, 639 pinfo, 451 unkn, 755 par, 8 val
   Issues found : 2148 info, 23 warn, 1029 low, 510 medium, 2 high impact
      Dict size : 1526 words (1526 new), 23 extensions, 256 candidates
     Signatures : 77 total
        
[!] Scan aborted by user, bailing out!
[+] Copying static resources...
[+] Sorting and annotating crawl nodes: 2435
[+] Looking for duplicate entries: 2435
[+] Counting unique nodes: 1363
[+] Saving pivot data for third-party tools...
[+] Writing scan description...
[+] Writing crawl tree: 2435
[+] Generating summary views...
[+] Report saved to 'test/index.html' [0x165f661f].
[+] This was a great day for science!

最後，打開指定目錄的index.html頁面，就能夠查看報告了。

skipfish報告頁

高級點的用法：

一、掃描一個txt文本：

root@kali:~# skipfish -0 test @url.txt

二、指定字典掃描：

# medium中等，minimal最小，extensions-only擴展的，complete完整
root@kali:~# dpkg -L skipfish | grep wl
/usr/share/skipfish/dictionaries/medium.wl
/usr/share/skipfish/dictionaries/minimal.wl
/usr/share/skipfish/dictionaries/extensions-only.wl
/usr/share/skipfish/dictionaries/complete.wl

root@kali:~# skipfish -o test  -S /usr/share/skipfish/dictionaries/complete.wl -W newdic.wl  -I mutillidae  http://10.0.2.5/mutillidae

三、過濾字符串： -X logout
四、身份認證

認證方式	參數
Basic認證	-A username:password
Cookie認證	-C "security=low" -C "PHPSESSID=e4a1e91e806ff991e05323df9b4914a9"
表單認證	--auth-form http://10.0.2.5/dvwa/login.php --auth-user-field username --auth-user admin --auth-pass-field password --auth-pass password --auth-verify-url http://10.0.2.5/dvwa/index.php

nikto2漏洞掃描器

https://cirt.net/nikto2-docs/usage.html

其餘的工具：

Burpsuite：免費版不支持主動掃描； Appscan：收費的，要破解 AWVS ：收費的，要破解