Difference between revisions of "Kali Linux: Scan Vulnerability menggunakan Grabber"

From OnnoWiki
Jump to navigation Jump to search
(New page: Sumber: http://tools.kali.org/web-applications/grabber Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fas...)
 
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
Sumber: http://tools.kali.org/web-applications/grabber
 
Sumber: http://tools.kali.org/web-applications/grabber
  
 +
Grabber adalah pemindai aplikasi web. Pada dasarnya mendeteksi beberapa jenis kerentanan di situs anda. Grabber sederhana, tidak cepat tapi portabel dan sangat mudah beradaptasi. Perangkat lunak ini dirancang untuk memindai situs web kecil seperti personal, forum dll. Aplikasi yang benar-benar tidak besar: akan memakan waktu terlalu lama dan membanjiri jaringan Anda.
  
Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.
+
Fitur:
  
Features:
+
* Cross-Site Scripting (XSS)
 +
* SQL Injection (juga ada modul spessial untuk Blind SQL Injection)
 +
* File Inclusion
 +
* Backup file check
 +
* Simple AJAX check (parse setiap JavaScript dan memperoleh URL dan mencoba untuk memperoleh parameternya)
 +
* Hybrid analysis/Crystal ball testing untuk aplikasi PHP menggunakan PHP-SAT
 +
* JavaScript source code analyzer: Evaluasi dari quality/correctness dari JavaScript dengan JavaScript Lint
 +
* Membuat file [session_id, time(t)] untuk analisa stats selanjutnya.
  
    Cross-Site Scripting
+
==Perintah Grabber==
    SQL Injection (there is also a special Blind SQL Injection module)
 
    File Inclusion
 
    Backup files check
 
    Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters)
 
    Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT
 
    JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint
 
    Generation of a file [session_id, time(t)] for next stats analysis.
 
  
Source: http://rgaucher.info/beta/grabber/
+
grabber -h
Grabber Homepage | Kali Grabber Repo
 
  
    Author: Romain Gaucher
+
Usage: grabber.py [options]
    License: BSD
+
 +
Options:
 +
  -h, --help            show this help message and exit
 +
  -u ARCHIVES_URL, --url=ARCHIVES_URL
 +
                        Adress to investigate
 +
  -s, --sql            Look for the SQL Injection
 +
  -x, --xss            Perform XSS attacks
 +
  -b, --bsql            Look for blind SQL Injection
 +
  -z, --backup          Look for backup files
 +
  -d SPIDER, --spider=SPIDER
 +
                        Look for every files
 +
  -i, --include        Perform File Insertion attacks
 +
  -j, --javascript      Test the javascript code ?
 +
  -c, --crystal        Simple crystal ball test.
 +
  -e, --session        Session evaluations
  
Tools included in the grabber package
 
grabber – Web application vulnerability scanner
 
root@kali:~# grabber -h
 
Usage: grabber [options]
 
  
Options:
+
==grabber Usage Example==
  -h, --help            show this help message and exit
 
  -u ARCHIVES_URL, --url=ARCHIVES_URL
 
                        Adress to investigate
 
  -s, --sql            Look for the SQL Injection
 
  -x, --xss            Perform XSS attacks
 
  -b, --bsql            Look for blind SQL Injection
 
  -z, --backup          Look for backup files
 
  -d SPIDER, --spider=SPIDER
 
                        Look for every files
 
  -i, --include        Perform File Insertion attacks
 
  -j, --javascript      Test the javascript code ?
 
  -c, --crystal        Simple crystal ball test.
 
  -e, --session        Session evaluations
 
grabber Usage Example
 
  
Spider the web application to a depth of 1 (–spider 1) and attempt SQL (–sql) and XSS (–xss) attacks at the given URL (–url http://192.168.1.224):
+
Spider web application untuk ke dalaman 2 (–spider 2), cek SQLi (--sql), XSS (--xss), blind SQLi (--bsql) attack untuk URL (--url http://192.168.0.100/DVWA-1.9/):
root@kali:~# grabber --spider 1 --sql --xss --url http://192.168.1.224
 
Start scanning... http://192.168.1.224
 
runSpiderScan @  http://192.168.1.224  |  # 1
 
Start investigation...
 
Method = GET  http://192.168.1.224
 
[Cookie]    0   :  <Cookie PHPSESSID=2742cljd8u6aclfktf1sh284u7 for 192.168.1.224/>
 
[Cookie]    1  :  <Cookie security=high for 192.168.1.224/>
 
Method = GET  http://192.168.1.224
 
[Cookie]    0  :  <Cookie PHPSESSID=2742cljd8u6aclfktf1sh284u7 for 192.168.1.224/>
 
[Cookie]    1  :   <Cookie security=high for 192.168.1.224/>
 
  
 +
grabber --spider 2 --sql --xss --bsql --url http://192.168.0.100/DVWA-1.9/
  
 +
Start scanning... http://192.168.0.100/DVWA-1.9/
 +
runSpiderScan @  http://192.168.0.100/DVWA-1.9/  |  # 2
 +
runSpiderScan @  http://192.168.0.100/DVWA-1.9/  |  # 1
 +
runSpiderScan @  http://192.168.0.100/DVWA-1.9/  |  # 0
 +
Start investigation...
 +
Method = GET  http://192.168.0.100/DVWA-1.9/
 +
[Cookie] 0 : <Cookie PHPSESSID=hade33r413l7b65c8tkcmnpod2 for 192.168.0.100/>
 +
[Cookie] 1 : <Cookie security=impossible for 192.168.0.100/DVWA-1.9>
 +
Method = GET  http://192.168.0.100/DVWA-1.9/
 +
[Cookie] 0 : <Cookie PHPSESSID=hade33r413l7b65c8tkcmnpod2 for 192.168.0.100/>
 +
[Cookie] 1 : <Cookie security=impossible for 192.168.0.100/DVWA-1.9>
 +
Method = GET  http://192.168.0.100/DVWA-1.9/
 +
[Cookie] 0 : <Cookie PHPSESSID=hade33r413l7b65c8tkcmnpod2 for 192.168.0.100/>
 +
[Cookie] 1 : <Cookie security=impossible for 192.168.0.100/DVWA-1.9>
  
 
==Referensi==
 
==Referensi==
  
 
* http://tools.kali.org/web-applications/grabber
 
* http://tools.kali.org/web-applications/grabber

Latest revision as of 07:20, 3 May 2017

Sumber: http://tools.kali.org/web-applications/grabber

Grabber adalah pemindai aplikasi web. Pada dasarnya mendeteksi beberapa jenis kerentanan di situs anda. Grabber sederhana, tidak cepat tapi portabel dan sangat mudah beradaptasi. Perangkat lunak ini dirancang untuk memindai situs web kecil seperti personal, forum dll. Aplikasi yang benar-benar tidak besar: akan memakan waktu terlalu lama dan membanjiri jaringan Anda.

Fitur:

  • Cross-Site Scripting (XSS)
  • SQL Injection (juga ada modul spessial untuk Blind SQL Injection)
  • File Inclusion
  • Backup file check
  • Simple AJAX check (parse setiap JavaScript dan memperoleh URL dan mencoba untuk memperoleh parameternya)
  • Hybrid analysis/Crystal ball testing untuk aplikasi PHP menggunakan PHP-SAT
  • JavaScript source code analyzer: Evaluasi dari quality/correctness dari JavaScript dengan JavaScript Lint
  • Membuat file [session_id, time(t)] untuk analisa stats selanjutnya.

Perintah Grabber

grabber -h
Usage: grabber.py [options]

Options:
  -h, --help            show this help message and exit
  -u ARCHIVES_URL, --url=ARCHIVES_URL
                        Adress to investigate
  -s, --sql             Look for the SQL Injection
  -x, --xss             Perform XSS attacks
  -b, --bsql            Look for blind SQL Injection
  -z, --backup          Look for backup files
  -d SPIDER, --spider=SPIDER
                        Look for every files
  -i, --include         Perform File Insertion attacks
  -j, --javascript      Test the javascript code ?
  -c, --crystal         Simple crystal ball test.
  -e, --session         Session evaluations


grabber Usage Example

Spider web application untuk ke dalaman 2 (–spider 2), cek SQLi (--sql), XSS (--xss), blind SQLi (--bsql) attack untuk URL (--url http://192.168.0.100/DVWA-1.9/):

grabber --spider 2 --sql --xss --bsql --url http://192.168.0.100/DVWA-1.9/
Start scanning... http://192.168.0.100/DVWA-1.9/
runSpiderScan @  http://192.168.0.100/DVWA-1.9/  |   # 2
runSpiderScan @  http://192.168.0.100/DVWA-1.9/  |   # 1
runSpiderScan @  http://192.168.0.100/DVWA-1.9/  |   # 0
Start investigation...
Method = GET  http://192.168.0.100/DVWA-1.9/
[Cookie]	0 	:	<Cookie PHPSESSID=hade33r413l7b65c8tkcmnpod2 for 192.168.0.100/>
[Cookie]	1 	:	<Cookie security=impossible for 192.168.0.100/DVWA-1.9>
Method = GET  http://192.168.0.100/DVWA-1.9/
[Cookie]	0 	:	<Cookie PHPSESSID=hade33r413l7b65c8tkcmnpod2 for 192.168.0.100/>
[Cookie]	1 	:	<Cookie security=impossible for 192.168.0.100/DVWA-1.9>
Method = GET  http://192.168.0.100/DVWA-1.9/
[Cookie]	0 	:	<Cookie PHPSESSID=hade33r413l7b65c8tkcmnpod2 for 192.168.0.100/>
[Cookie]	1 	:	<Cookie security=impossible for 192.168.0.100/DVWA-1.9>

Referensi