linux 渗透工具_适用于Linux的十大最佳渗透测试工具[通俗易懂]

linux 渗透工具_适用于Linux的十大最佳渗透测试工具[通俗易懂]linux渗透工具ThisarticlecoverssomeofthebestpenetrationtestingtoolsforLinuxCybersecurityisabigconcernforbothsmallandbigorganizations.Inanagewheremoreandmorebusinessesaremov…

大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。

Jetbrains全系列IDE使用 1年只要46元 售后保障 童叟无欺

linux 渗透工具

This article covers some of the best penetration testing tools for Linux Cybersecurity is a big concern for both small and big organizations. In an age where more and more businesses are moving to the online medium of offering services, the threat of facing a cyber-attack has continued to rise.

本文介绍了一些针对Linux的最佳渗透测试工具。网络安全是大小型企业都非常关心的问题。 在当今越来越多的企业转向提供服务的在线媒体的时代,面对网络攻击的威胁不断增加。

This means that more and more enterprises are looking to secure themselves. And it is causing growth in demand for penetration testers and ethical hackers. As an aspiring network security consultant, here are some of the best penetration testing tools that you should know!

这意味着越来越多的企业正在寻求自我保护。 这导致对渗透测试人员和道德黑客的需求增加。 作为有抱负的网络安全顾问,您应该了解一些最佳的渗透测试工具!

#10。 HTTrack –克隆完整网站的最佳工具 (#10. HTTrack – Best Tool for Cloning Complete Websites)

Httrack
Httrack
音轨

Official Website: https://www.httrack.com/

官方网站: https : //www.httrack.com/

If an attacker wants to break into a website, they cannot initiate an attack on the live website. HTTrack is one of the best penetration testing tools which is massively helpful in this case! Often referred to as the website cloner, HTTrack is a tool that can effectively mirror any website for offline use.

如果攻击者想要闯入网站,则他们无法在实时网站上发起攻击。 HTTrack是最好的渗透测试工具之一,在这种情况下非常有用! HTTrack通常被称为网站克隆程序,是一种可以有效镜像任何网站以供离线使用的工具。

It does so by downloading all the resources, HTML files, and directories of a website on the user’s local storage. Once the website is saved, we can start performing offline attacks on the local copy of the website.

通过下载用户本地存储上网站的所有资源,HTML文件和目录来实现。 保存网站后,我们可以开始对网站的本地副本进行离线攻击。

The command for installing the tool (Ubuntu):

安装工具的命令(Ubuntu):


sudo apt install httrack

#9。 Wireshark –用于网络和数据包分析的最佳PenTesting工具 (#9. Wireshark – Best PenTesting Tool for Network and Packet Analysis)

Wireshark
Wireshark
Wireshark

Official Website: https://www.wireshark.org/

官方网站: https : //www.wireshark.org/

Wireshark is widely used for sniffing data packets over a network.

Wireshark被广泛用于通过网络嗅探数据包。

You can also refer to Wireshark as ‘network analyzer’, ‘network protocol analyzer’, or simply a ‘sniffer’. Wireshark captures the network traffic between two devices and helps us analyze the transacted packets.

您也可以将Wireshark称为“网络分析器”,“网络协议分析器”,或简称为“嗅探器”。 Wireshark捕获两个设备之间的网络流量,并帮助我们分析交易的数据包。

Wireshark uses a library called pcap to capture network packets which makes Wireshark a powerful tool when the user is performing network analysis or troubleshooting a network. It also allows for network vulnerability evaluation. 

Wireshark使用称为pcap的库来捕获网络数据包,这使Wireshark成为用户执行网络分析或对网络进行故障排除时的强大工具。 它还允许评估网络漏洞。

The command for installing the tool (Ubuntu):

安装工具的命令(Ubuntu):


sudo apt install wireshark

#8。 Aircrack-NG –激活成功教程无线密码的最佳工具 (#8. Aircrack-NG – Best Tool for Cracking Wireless Passwords)

Aircrack Ng
Aircrack Ng
吴cra

Official Website: https://www.aircrack-ng.org/

官方网站: https : //www.aircrack-ng.org/

Aircrack-ng is one of the best penetration testing tools for assessing wireless networks. It comprises of four main specialized tools, each aimed at one task out of capturing, attacking, testing and cracking.

Aircrack-ng是评估无线网络的最佳渗透测试工具之一。 它由四个主要的专用工具组成,每个工具都针对一项任务,包括捕获,攻击,测试和激活成功教程。

  • aircrack-ng is the first tool that is used for cracking WEP and WPA/WPA2-PSK encryptions.

    aircrack-ng是第一个用于激活成功教程WEP和WPA / WPA2-PSK加密的工具。

  • airmon-ng can be used to manage wireless card modes or to kill aircrack tool processes.

    airmon-ng可用于管理无线网卡模式或杀死空袭工具过程。

  • With airodump-ng, you get a wireless data sniffer that can capture packets traveling from one or more WAPs.

    使用airodump-ng,您将获得一个无线数据嗅探器,它可以捕获从一个或多个WAP传来的数据包。

  • Finally, you have aireplay-np which can be used as a package injector and for stimulating DOS attacks.

    最后,您拥有aireplay-np,可以将其用作程序包注入程序并用于刺激DOS攻击。

The command for installing the tool (Ubuntu):

安装工具的命令(Ubuntu):


sudo apt install aircrack-ng

#7。 NMap –进行深度网络审核的最佳渗透测试工具 (#7. NMap – Best Pentesting Tool for In-Depth Network Audits)

Nmap Linux Best Penetration Testing tools
Nmap
地图

Official Website: https://nmap.org/

官方网站: https//nmap.org/

With a name abbreviated from ‘Network Mapper’, NMap is the best tool for network auditing purposes. NMap is commonly used for network discovery and exploration.

NMap的名称缩写为“ Network Mapper”,是用于网络审核的最佳工具。 NMap通常用于网络发现和探索。

It allows the user to find important information such as hosts on a network, ports, and their status for each host, OS fingerprinting data, and helps in spotting vulnerabilities. Nmap can efficiently search for hosts and services on a network while allowing the user to find open ports and security related issues.

它允许用户查找重要信息,例如网络上的主机,端口以及每个主机的状态,操作系统指纹数据,并有助于发现漏洞。 Nmap可以有效地搜索网络上的主机和服务,同时允许用户查找开放端口和与安全相关的问题。

The command for installing the tool (Ubuntu):

安装工具的命令(Ubuntu):


sudo apt install nmap

#6。 THC Hydra –激活成功教程网络密码的最佳渗透测试工具 (#6. THC Hydra – Best Penetration Testing Tool for Cracking Network Passwords)

Hydra
Hydra
九头蛇

Official Github Repo: https://github.com/vanhauser-thc/thc-hydra

官方Github回购: https : //github.com/vanhauser-thc/thc-hydra

Hydra famously holds the claim to be the quickest tool when it comes to cracking network login info (usernames and passwords). Its full name is The Hacker’s Choice Hydra, which says a lot about the tool’s reputation in the world of penetration testing.

当激活成功教程网络登录信息(用户名和密码)时,Hydra声称是最快的工具。 它的全名是The Hacker’s Choice Hydra,它充分说明了该工具在渗透测试领域的声誉。

It supports a huge range of attack protocols, including but not limited to – SSH, MySQL, IMAP, HTTPS, HTTP (Proxy), FTP, VMware-Auth, IRC, telnet, and many more. It is essentially a tool that uses brute force for cracking credentials based on dictionary attacks.

它支持各种攻击协议,包括但不限于SSHMySQL ,IMAP,HTTPS,HTTP(代理),FTP,VMware-Auth,IRC, telnet等。 它本质上是一种使用暴力激活成功教程基于字典攻击的凭据的工具。

The command for installing the tool (Ubuntu):

安装工具的命令(Ubuntu):


sudo apt install hydra-gtk

#5。 OWASP ZAP – Web应用程序安全扫描的最佳渗透测试工具 (#5. OWASP ZAP – Best Penetration Testing Tool for Web App Security Scanning)

Owasp Zap
Owasp Zap
鹰嘴豆

Official Website: https://www.zaproxy.org/

官方网站: https://www.zaproxy.org/

The Open Web Application Security Project – Zed Attack Proxy has a wide range of functionality. OWASP – Zap is an all-inclusive tool to perform security audits for web applications. This tool was built using Java and host a huge variety of features including but not limited to AJAX web crawler, web scanner, proxy server, and fuzzer. When used as a proxy server, it can display all traffic from its target and manipulate the data as desired.

开放Web应用程序安全项目– Zed攻击代理具有广泛的功能。 OWASP – Zap是一种功能全面的工具,用于执行Web应用程序的安全审核。 该工具是使用Java构建的,具有多种功能,包括但不限于AJAX Web搜寻器,Web扫描器,代理服务器和Fuzzer。 当用作代理服务器时,它可以显示来自其目标的所有流量并根据需要处理数据。

The command for installing the tool (Ubuntu):

安装工具的命令(Ubuntu):


wget https://github.com/zaproxy/zaproxy/releases/download/2.9.0/ZAP_2.9.0_Linux.tar.gz  
tar -xzvf ZAP_2.9.0_Linux.tar.gz  
rsync -av ZAP_2.9.0/ /opt/zaproxy/

#4。 SQLMap –最佳SQL注入工具 (#4. SQLMap – Best SQL-Injection Tool)

Sqlmap
Sqlmap
Sqlmap

Official Website: http://sqlmap.org/

官方网站: http//sqlmap.org/

SQL injections are a massively popular and potent form of a cyber attack. One popular tool used for the detection and exploitation of SQL injection vulnerabilities on a database is SQLMap.

SQL注入是网络攻击的一种非常流行且有效的形式。 SQLMap是一种用于检测和利用数据库上SQL注入漏洞的流行工具。

Once the SQL vulnerabilities are spotted in the URL of the target, SQLMap can proceed to execute a SQL injection attack on the target. It allows the user to access the back end of the web application and run their personal SQL commands to read sensitive data from the database which should otherwise be hidden.

一旦在目标的URL中发现SQL漏洞,SQLMap就可以继续对目标执行SQL注入攻击。 它允许用户访问Web应用程序的后端并运行其个人SQL命令以从数据库读取敏感数据,否则应将其隐藏。

The command for installing the tool (Ubuntu):

安装工具的命令(Ubuntu):


sudo apt install sqlmap

#3。 Fluxion –邪恶双胞胎和社会工程学攻击的最佳工具 (#3. Fluxion – Best Tool for Evil-Twin and Social Engineering Attacks)

Fluxion
Fluxion
通量

Official Github Repository: https://github.com/FluxionNetwork/fluxion

官方Github存储库: https : //github.com/FluxionNetwork/fluxion

Fluxion is the first tool that comes to pen testers’ mind when they think about the Evil Twin Attack. It works by creating a twin access point at the target access point.

Fluxion是笔测试人员想到Evil Twin Attack时想到的第一个工具。 它通过在目标访问点创建一个双访问点来工作。

Then it waits for a target user to attempt to connect with the target AP and redirect the target user to enter the credentials for access. If the credentials are correct, the target user is allowed access, while Fluxion logs the user credentials.

然后,它等待目标用户尝试与目标AP连接并重定向目标用户以输入用于访问的凭据。 如果凭据正确,则允许目标用户访问,而Fluxion记录用户凭据。

The command for installing the tool (Ubuntu):

安装工具的命令(Ubuntu):


git clone https://github.com/FluxionNetwork/fluxion
cd fluxion/
sudo ./fluxion.sh

#2。 Bettercap –更好的MITM攻击工具 (#2. Bettercap – Better MITM Attacking Tool)

Bettercap Best penetration Testing tool for Man in the middle attacks
Bettercap
更好的帽子

Official Website: https://www.bettercap.org/

官方网站: https : //www.bettercap.org/

Bettercap is a network utility that was developed to test and perform a Man in The Middle Attack (MiTMA) on a target web application. It allows the user to intercept all the communications made by the target with their network by eavesdropping on the network packets being sent along by the target.

Bettercap是一种网络实用程序,旨在在目标Web应用程序上测试和执行中间人攻击(MiTMA)。 它允许用户通过监听目标发送的网络数据包来拦截目标与其网络进行的所有通信。

This data can allow the user to sniff sensitive data and bypass SSL and HSTS on the target’s network.

该数据可以使用户嗅探敏感数据并绕过目标网络上的SSL和HSTS。

The command for installing the tool (Ubuntu):

安装工具的命令(Ubuntu):


sudo apt install golang git build-essential libpcap-dev libusb-1.0-0-dev libnetfilter-queue-dev
go get -u github.com/bettercap/bettercap

#1。 Metasploit –最佳渗透测试工具和开发大师 (#1. Metasploit – Best Pentesting Tool and a Master of Exploitation)

Best Penetration Testing tools of 2020 Metasploit
Metasploit
Metasploit

Official Website: https://www.metasploit.com/

官方网站: https : //www.metasploit.com/

The most popular and powerful tool in the community of penetration testing is Metasploit. It offers a huge variety of modules, services and functions to the user. But in the most basic descriptions, Metasploit is built upon four core modules.

渗透测试社区中最流行,功能最强大的工具是Metasploit。 它为用户提供了各种各样的模块,服务和功能。 但是在最基本的描述中,Metasploit是基于四个核心模块构建的。

The first module is Exploit which is a method to attack the target system or to inject vulnerabilities. The Payload runs after the Exploit and allows the user to obtain data from the target system. The Auxilliary module aims at scanning and testing the target system. Finally, the Encoder module allows the user to insert a backdoor into the target system.

第一个模块是Exploit,它是一种攻击目标系统或注入漏洞的方法。 有效负载在利用漏洞之后运行,并允许用户从目标系统获取数据。 辅助模块旨在扫描和测试目标系统。 最后,编码器模块允许用户将后门插入目标系统。

The command for installing the tool (Ubuntu):

安装工具的命令(Ubuntu):


wget https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
chmod +x metasploit-latest-linux-x64-installer.run
./metasploit-latest-linux-x64-installer.run

现在回到您的身边…… (Back to you now…)

Which according to you is one of the best penetration testing tools from this list? Or do you have a different tool that’s not covered here? Let us know in the comments below!

您认为哪个是该列表中最佳的渗透测试工具之一? 还是您有此处未涵盖的其他工具? 在下面的评论中让我们知道!

翻译自: https://www.journaldev.com/41969/top-best-penetration-testing-tools-for-linux

linux 渗透工具

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/169917.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)
blank

相关推荐

  • 临界区 互斥量 事件 信号量_互斥信号量与同步信号量

    临界区 互斥量 事件 信号量_互斥信号量与同步信号量四种进程或线程同步互斥的控制方法:1、临界区:通过对多线程的串行化来访问公共资源或一段代码,速度快,适合控制数据访问。2、互斥量:为协调共同对一个共享资源的单独访问而设计的。3、信号量:为控制一个具有有限数量用户资源而设计。4、事 件:用来通知线程有一些事件已发生,从而启动后继任务的开始。临界区(Critical Section)保证在某一时刻只有一个线程能访问数据的简便办法。在任意…

  • 桥接模式

    桥接模式

  • 前端总结大全

    前端总结大全记住88条精简前端面试题,让面试成为享受前言HTML&CSSJavaScriptVUE网络性能相关前言背的最少、面的最好。你的面试我帮你,夜色正黑,我们出发,感谢各位一直默默关注本侠的小伙伴,你们的关注,是我永恒动力,在此奉上一份大礼。次面试技能题不是最全,却是最精。后期持续优化改进。HTML&CSS浏览器内核;盒模型、flex布局、两/三栏布局、水平/垂直居中;BFC、清除浮动;css3动画、H5新特性。JavaScript继承、原型链、this指向、设计模式

  • 电商后台管理系统项目总结(一)

    电商后台管理系统项目总结(一)项目模块分析:用户管理模块、权限管理模块、商品管理模块、订单管理模块、数据统计模块各模块技术点:用户管理模块登录/退出、状态切换、编辑、分页、分配角色、面包屑导航切换权限管理模块添加角色、分配权限、权限展示、编辑、删除权限、面包屑导航切换商品管理模块添加商品、编辑、分页、添加参数、添加属性、选择分类、添加分类订单管理模块数据渲染、分页数据统计模块echarts图表、数据渲染用户管理模块展示:权限管理模块展示:商品管理模块展示:订单管理模块展示:数据统计模块效果

  • navicat 15 激活码(破解版激活)

    navicat 15 激活码(破解版激活),https://javaforall.cn/100143.html。详细ieda激活码不妨到全栈程序员必看教程网一起来了解一下吧!

  • 基于ThinkPHP与阿里大于的PHP短信验证功能

    基于ThinkPHP与阿里大于的PHP短信验证功能

    2021年10月22日

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号