Difference between revisions of "Kali Linux: Scan Vulnerability menggunakan Grabber"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (New page: Sumber: http://tools.kali.org/web-applications/grabber Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fas...) |
Onnowpurbo (talk | contribs) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Sumber: http://tools.kali.org/web-applications/grabber | Sumber: http://tools.kali.org/web-applications/grabber | ||
+ | Grabber adalah pemindai aplikasi web. Pada dasarnya mendeteksi beberapa jenis kerentanan di situs anda. Grabber sederhana, tidak cepat tapi portabel dan sangat mudah beradaptasi. Perangkat lunak ini dirancang untuk memindai situs web kecil seperti personal, forum dll. Aplikasi yang benar-benar tidak besar: akan memakan waktu terlalu lama dan membanjiri jaringan Anda. | ||
− | + | Fitur: | |
− | + | * Cross-Site Scripting (XSS) | |
+ | * SQL Injection (juga ada modul spessial untuk Blind SQL Injection) | ||
+ | * File Inclusion | ||
+ | * Backup file check | ||
+ | * Simple AJAX check (parse setiap JavaScript dan memperoleh URL dan mencoba untuk memperoleh parameternya) | ||
+ | * Hybrid analysis/Crystal ball testing untuk aplikasi PHP menggunakan PHP-SAT | ||
+ | * JavaScript source code analyzer: Evaluasi dari quality/correctness dari JavaScript dengan JavaScript Lint | ||
+ | * Membuat file [session_id, time(t)] untuk analisa stats selanjutnya. | ||
− | + | ==Perintah Grabber== | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | grabber -h | |
− | |||
− | + | Usage: grabber.py [options] | |
− | + | ||
+ | Options: | ||
+ | -h, --help show this help message and exit | ||
+ | -u ARCHIVES_URL, --url=ARCHIVES_URL | ||
+ | Adress to investigate | ||
+ | -s, --sql Look for the SQL Injection | ||
+ | -x, --xss Perform XSS attacks | ||
+ | -b, --bsql Look for blind SQL Injection | ||
+ | -z, --backup Look for backup files | ||
+ | -d SPIDER, --spider=SPIDER | ||
+ | Look for every files | ||
+ | -i, --include Perform File Insertion attacks | ||
+ | -j, --javascript Test the javascript code ? | ||
+ | -c, --crystal Simple crystal ball test. | ||
+ | -e, --session Session evaluations | ||
− | |||
− | |||
− | |||
− | |||
− | + | ==grabber Usage Example== | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | grabber Usage Example | ||
− | Spider | + | Spider web application untuk ke dalaman 2 (–spider 2), cek SQLi (--sql), XSS (--xss), blind SQLi (--bsql) attack untuk URL (--url http://192.168.0.100/DVWA-1.9/): |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | grabber --spider 2 --sql --xss --bsql --url http://192.168.0.100/DVWA-1.9/ | ||
+ | Start scanning... http://192.168.0.100/DVWA-1.9/ | ||
+ | runSpiderScan @ http://192.168.0.100/DVWA-1.9/ | # 2 | ||
+ | runSpiderScan @ http://192.168.0.100/DVWA-1.9/ | # 1 | ||
+ | runSpiderScan @ http://192.168.0.100/DVWA-1.9/ | # 0 | ||
+ | Start investigation... | ||
+ | Method = GET http://192.168.0.100/DVWA-1.9/ | ||
+ | [Cookie] 0 : <Cookie PHPSESSID=hade33r413l7b65c8tkcmnpod2 for 192.168.0.100/> | ||
+ | [Cookie] 1 : <Cookie security=impossible for 192.168.0.100/DVWA-1.9> | ||
+ | Method = GET http://192.168.0.100/DVWA-1.9/ | ||
+ | [Cookie] 0 : <Cookie PHPSESSID=hade33r413l7b65c8tkcmnpod2 for 192.168.0.100/> | ||
+ | [Cookie] 1 : <Cookie security=impossible for 192.168.0.100/DVWA-1.9> | ||
+ | Method = GET http://192.168.0.100/DVWA-1.9/ | ||
+ | [Cookie] 0 : <Cookie PHPSESSID=hade33r413l7b65c8tkcmnpod2 for 192.168.0.100/> | ||
+ | [Cookie] 1 : <Cookie security=impossible for 192.168.0.100/DVWA-1.9> | ||
==Referensi== | ==Referensi== | ||
* http://tools.kali.org/web-applications/grabber | * http://tools.kali.org/web-applications/grabber |
Latest revision as of 07:20, 3 May 2017
Sumber: http://tools.kali.org/web-applications/grabber
Grabber adalah pemindai aplikasi web. Pada dasarnya mendeteksi beberapa jenis kerentanan di situs anda. Grabber sederhana, tidak cepat tapi portabel dan sangat mudah beradaptasi. Perangkat lunak ini dirancang untuk memindai situs web kecil seperti personal, forum dll. Aplikasi yang benar-benar tidak besar: akan memakan waktu terlalu lama dan membanjiri jaringan Anda.
Fitur:
- Cross-Site Scripting (XSS)
- SQL Injection (juga ada modul spessial untuk Blind SQL Injection)
- File Inclusion
- Backup file check
- Simple AJAX check (parse setiap JavaScript dan memperoleh URL dan mencoba untuk memperoleh parameternya)
- Hybrid analysis/Crystal ball testing untuk aplikasi PHP menggunakan PHP-SAT
- JavaScript source code analyzer: Evaluasi dari quality/correctness dari JavaScript dengan JavaScript Lint
- Membuat file [session_id, time(t)] untuk analisa stats selanjutnya.
Perintah Grabber
grabber -h
Usage: grabber.py [options] Options: -h, --help show this help message and exit -u ARCHIVES_URL, --url=ARCHIVES_URL Adress to investigate -s, --sql Look for the SQL Injection -x, --xss Perform XSS attacks -b, --bsql Look for blind SQL Injection -z, --backup Look for backup files -d SPIDER, --spider=SPIDER Look for every files -i, --include Perform File Insertion attacks -j, --javascript Test the javascript code ? -c, --crystal Simple crystal ball test. -e, --session Session evaluations
grabber Usage Example
Spider web application untuk ke dalaman 2 (–spider 2), cek SQLi (--sql), XSS (--xss), blind SQLi (--bsql) attack untuk URL (--url http://192.168.0.100/DVWA-1.9/):
grabber --spider 2 --sql --xss --bsql --url http://192.168.0.100/DVWA-1.9/
Start scanning... http://192.168.0.100/DVWA-1.9/ runSpiderScan @ http://192.168.0.100/DVWA-1.9/ | # 2 runSpiderScan @ http://192.168.0.100/DVWA-1.9/ | # 1 runSpiderScan @ http://192.168.0.100/DVWA-1.9/ | # 0 Start investigation... Method = GET http://192.168.0.100/DVWA-1.9/ [Cookie] 0 : <Cookie PHPSESSID=hade33r413l7b65c8tkcmnpod2 for 192.168.0.100/> [Cookie] 1 : <Cookie security=impossible for 192.168.0.100/DVWA-1.9> Method = GET http://192.168.0.100/DVWA-1.9/ [Cookie] 0 : <Cookie PHPSESSID=hade33r413l7b65c8tkcmnpod2 for 192.168.0.100/> [Cookie] 1 : <Cookie security=impossible for 192.168.0.100/DVWA-1.9> Method = GET http://192.168.0.100/DVWA-1.9/ [Cookie] 0 : <Cookie PHPSESSID=hade33r413l7b65c8tkcmnpod2 for 192.168.0.100/> [Cookie] 1 : <Cookie security=impossible for 192.168.0.100/DVWA-1.9>