🛠️Nikto, SQLMap, XSSer & Hydra Overview
Nikto
Nikto is a powerful web server vulnerability scanner used to identify security issues on websites. Here are several ways to use Nikto effectively:
Basic Web Server Scan:
Perform a basic scan on a website:
Scan Specific Port:
Scan a specific port on the target:
Scan Multiple Hosts:
Scan multiple hosts:
Save Output to File:
Save scan results to a file (
output.txt
):Full Scan with Manual Tuning:
Perform a comprehensive scan with manual tuning options:
SSL Certificate Check:
Check SSL certificate details:
Scan with Authentication:
Perform a scan with authentication credentials (
admin:password
):Suppress Output:
Suppress all output (useful for scripting):
Scan Specific Paths:
Scan specific paths (
/app
,/secure
) on the target:Disable Certain Checks:
Disable specific checks (e.g., XSS):
SQLMap
SQLMap is a powerful command-line tool used for detecting and exploiting SQL injection vulnerabilities in web applications. Here are several examples of how to use SQLMap effectively:
Basic Scan for SQL Injection:
Perform a basic scan to detect SQL injection vulnerabilities:
Detecting SQL Injection and Getting Database Information:
Detect SQL injection and retrieve database information:
Enumerating Tables in a Database:
Enumerate tables in a specific database (
dbname
):Dumping Data from a Specific Table:
Dump data from a specific table (
users
):Exploiting Time-Based Blind SQL Injection:
Exploit time-based blind SQL injection technique with a specified time delay (
5
seconds):Using Custom Injection Payload:
Use a custom injection payload (
1' OR '1'='1
) with data parameter (param=value
):Dumping All Databases:
Dump all databases on the target server:
Brute Forcing Table Columns:
Brute force table columns in a specific database and table (
dbname.users
):Exploiting Union-Based SQL Injection:
Exploit union-based SQL injection technique:
Using a Configuration File:
Use SQLMap with a configuration file (
sqlmapconfig.conf
):
XSSer
XSSer is a command-line tool designed for detecting and exploiting Cross-Site Scripting (XSS) vulnerabilities in web applications. Here are several examples of how to use XSSer effectively:
Basic Scan for Stored XSS:
Perform a basic scan for stored XSS vulnerabilities on a specific URL parameter (
comment
):DOM-based XSS Scan:
Conduct a scan specifically for DOM-based XSS vulnerabilities:
Scanning Multiple URLs:
Scan multiple URLs listed in a file (
urls.txt
):Cookie-based XSS Exploitation:
Exploit XSS using a specific cookie (
auth=12345
):Reflected XSS Detection:
Detect reflected XSS vulnerabilities with a custom payload in a query parameter:
Blind XSS Scan with Custom Payload:
Perform a blind XSS scan with a custom payload (
<script>alert(1)</script>
) injected into a parameter (name
):Exfiltrating Cookies via XSS:
Exfiltrate cookies (
auth=12345
) via XSS exploitation:Brute Forcing Payloads:
Brute force payloads to discover XSS vulnerabilities:
Custom User-Agent Header:
Send requests with a custom User-Agent header (
MyCustomUserAgent
):XSS Filter Bypass Attempt:
Attempt to bypass XSS filters on the target:
Hydar Tool
Hydra is a versatile command-line tool for performing brute force attacks against various protocols and services. Here are several examples of how to use Hydra effectively:
HTTP/HTTPS Authentication
Brute Force Attack on Login Form:
Perform a brute force attack on a login form with a specific username (
admin
) and passwords from a file (passwords.txt
):Dictionary Attack with Custom Usernames:
Conduct a dictionary attack using custom usernames (
users.txt
) and passwords (passwords.txt
):Using Custom User-Agent Header:
Send requests with a custom User-Agent header (
MyCustomUserAgent
):Specifying a Non-Standard Port:
Specify a non-standard port (
8080
) for the target service:Using a Proxy for Requests:
Route requests through a SOCKS5 proxy (
localhost:9050
):Brute Forcing Different HTTP Methods:
Perform brute force attacks using different HTTP methods (e.g., GET, POST):
Parallel Login Attempts:
Increase the number of parallel login attempts (
16
):Limiting Number of Attempts per User:
Limit the number of login attempts per user (
-F
):
Other Protocol Examples
Here are examples for brute forcing passwords across various protocols:
SSH:
FTP:
SMTP:
MySQL:
RDP:
VNC:
Telnet:
Hacker's Mantra:
Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.
Last updated