滲透測試平臺bwapp簡單介紹及安裝

先來介紹一下bwapp

bwapp是一款很是好用的漏洞演示平臺，包含有100多個漏洞

•  SQL, HTML, iFrame, SSI, OS Command, XML, XPath, LDAP,

  PHP Code, Host Header and SMTP injections

• Authentication, authorization and session management issues
• Malicious, unrestricted file uploads and backdoor files
• Arbitrary file access and directory traversals
• Heartbleed and Shellshock vulnerability
• Local and remote file inclusions (LFI/RFI)
• Server Side Request Forgery (SSRF)
• Configuration issues: Man-in-the-Middle, Cross-Domain policy file,
  FTP, SNMP, WebDAV, information disclosures,...
• HTTP parameter pollution and HTTP response splitting
• XML External Entity attacks (XXE)
• HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS)
  and web storage issues
• Drupal, phpMyAdmin and SQLite issues
• Unvalidated redirects and forwards
• Denial-of-Service (DoS) attacks
• Cross-Site Scripting (XSS), Cross-Site Tracing (XST) and
  Cross-Site Request Forgery (CSRF)
• AJAX and Web Services issues (JSON/XML/SOAP)
• Parameter tampering and cookie poisoning
• Buffer overflows and local privilege escalations
• PHP-CGI remote code execution
• HTTP verb tampering
• And much more

 

特色：

• 開源的php應用
• 後臺Mysql數據庫
• 可運行在Linux/Windows Apache/IIS
• 支持WAMP或者XAMPP

 

 安裝：

bwapp能夠單獨下載，也能夠下載一個虛擬機版本，解壓後直接打開虛擬機就能夠訪問。

單獨下載的話須要部署到apache+mysql+php的環境中

 

• 單獨安裝：

瀏覽器訪問你的bwapp：http://x.x.x.x/bwapp/install

點開here

這裏我已經安裝過了

 

 

• 虛擬機方式：

下載以後解壓，用vmware打開便可

默認帳號密碼爲：bee/bug

但使用用虛擬機的方式的話存在一個鍵盤亂序的問題，須要作以下設置：

System -> preferences -> keyboard -> layouts -> +add【layouts：China】

 

keyboard -> A4Tech KB-21 

 

 

附下載地址：

虛擬機下載地址：https://sourceforge.net/projects/bwapp/files/bee-box/

安裝包下載地址：https://sourceforge.net/projects/bwapp/files/bWAPP/

 

本文固定連接：http://www.cnblogs.com/hell0w/p/7523114.html 轉載請註明出處，謝謝！