1. We can gather information manually too but in this tutorial we will be using a tool in times of linux called "WhatWeb" for information gathering and via this whatweb tool we will be Able to collect a tasty information about our targeted server and web application. This tool will dump all the important information the which is Necessary to launch our attack.
Open the terminal in Kali Linux Now in the second step type the command
to gather information about your target ( i.e server ip or domain ).
Now when you will enter the command , it will display all the possible
information about the web server and web application. If you want more
in-depth information gathering you can also do it with the same tool by
entering a customized command which is below.
2. Joomscan
is one of the tools used to metasploit
inspect or scan weakness / bugs / vurnerability of a website
based CMS (Component Management System) Joomla. Well it at a glance
My understanding of the joomscan.
inspect or scan weakness / bugs / vurnerability of a website
based CMS (Component Management System) Joomla. Well it at a glance
My understanding of the joomscan.
Joomscan can be used if the web is using Jomla, joomscan very helpful in gathering information.
3. WPSCAN
function is peeking version of WordPress website. Not limited to that, he could even be used to see the gap of a plugin / theme used your website. Which is vulnerable and allows infiltrated hacker.WPSCAN in this stage will be compared with a list of plugins that contain security holes that can be exploited. So blia found plugins accordance with perforated plugin list, a link will be displayed directly alongside a further explanation to the exploitation of the plug-in, as well as what applications can be used to exploit the hole.
Tidak ada komentar:
Posting Komentar