- Scapy
: Scapy is a packet manipulation tool for computer networks,[3][4] originally written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network discovery.
Scapy provides a Python interface into libpcap or native raw sockets, in a similar way to that in which Wireshark provides a view and capture GUI. It differs by supporting packet injection, custom packet formats and scripting.
- Shodan
: Shodan is a search engine that lets users search for various types of servers (webcams, routers, servers, etc.) connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client. This can be information about the server software, what options the service supports, a welcome message or anything else that the client can find out before interacting with the server.
Shodan collects data mostly on web servers (HTTP/HTTPS – ports 80, 8080, 443, 8443), as well as FTP (port 21), SSH (port 22), Telnet (port 23), SNMP (port 161), IMAP (ports 143, or (encrypted) 993), SMTP (port 25), SIP (port 5060),[2] and Real Time Streaming Protocol (RTSP, port 554). The latter can be used to access webcams and their video stream.
- What is Kali Linux?
: Kali Linux (formerly known as BackTrack Linux) is an open-source, Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali Linux contains several hundred tools targeted towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. Kali Linux is a multi platform solution, accessible and freely available to information security professionals and hobbyists.
Kali Linux was released on the 13th March 2013 as a complete, top-to-bottom rebuild of BackTrack Linux, adhering completely to Debian development standards.
- What is Metasploitable?
: Recon-ng is free and open source tool available on GitHub. Recon-ng is based upon Open Source Intelligence (OSINT), the easiest and useful tool for reconnaissance. Recon-ng interface is very similar to Metasploit 1 and Metasploit 2.Recon-ng provides a command-line interface that you can run on Kali Linux. This tool can be used to get information about our target(domain). The interactive console provides a number of helpful features, such as command completion and contextual help. Recon-ng is a Web Reconnaissance tool written in Python. It has so many modules, database interaction, built-in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted, and we can gather all information.
: Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques.
- Msfvenom
: Msfvenom is a tool to generate payloads
- Application vulnerabilities are found using 3 methods
: Static Code Analysis
- open source apps / code review
: Reverse Engineering
- closed source apps, no access to source code ( 시스템의 기술적인 원리를 그 구조분석을 통해 발견하는 과정)
: Fuzzing
- close source apps / Fuzz data inputs until we trigger an unexpected event (crash the app!)
- Nikto
: Nikto is a free software commandline vulnerability scanner that scans webservers for dangerous files/CGIs, outdated server software and other problems.
- Common vulnerabilities by developers
: buffer length calculations
: array index calculations
: type confusion
: memory management
: uninitialized variables
<Reference>
- https://www.offensive-security.com/metasploit-unleashed/requirements/
- https://www.kali.org/docs/introduction/what-is-kali-linux/
- https://en.wikipedia.org/wiki/Shodan_(website)
- https://en.wikipedia.org/wiki/Scapy
- https://en.wikipedia.org/wiki/Nikto_(vulnerability_scanner)