- Kali Linux – Web Penetration Testing Tools
- 1. Burp Suite
- 2. Nikto
- 3. Maltego
- 4. SQLMap
- 5. Whatweb
- 6. whois lookup
- How to Hack Website with Sqlmap in Kali Linux
- Kali Linux
- Sqlmap
- Hire Professional Hackers to Penetrate Websites Using Sqlmap in Kali linux
- Sql Version
- How to Hack Website with Sqlmap in Kali Linux
- Database
- Table
- Columns
- Data
Kali Linux – Web Penetration Testing Tools
By 2016, there were around 3424971237+ internet users over the world. Being a hub of many users, there comes a responsibility of taking care of the security of these many users. Most of the Internet is the collection of websites or web applications. So in order to prevent these web applications, there is a need of testing them again payloads and malware and for that purpose, we have a lot of tools in Kali Linux.
Kali Linux comes packed with 300+ tools out of which many are used for Web Penetration Testing. Though there are many tools in Kali Linux for Web Penetration Testing here is the list of most used tools.
1. Burp Suite
Burp Suite is one of the most popular web application security testing software. It is used as a proxy, so all the requests from the browser with the proxy pass through it. And as the request passes through the burp suite, it allows us to make changes to those requests as per our need which is good for testing vulnerabilities like XSS or SQLi or even any vulnerability related to the web. Kali Linux comes with burp suite community edition which is free but there is a paid edition of this tool known as burp suite professional which has a lot many functions as compared to burp suite community edition.
To use burp suite:
- Read this to learn how to setup burp suite.
- Open terminal and type “burpsuite” there.
- Go to proxy tab and turn the interceptor switch to on.
- Now visit any URL and it could be seen that the request is captured.
2. Nikto
Nikto is an Open Source software written in Perl language that is used to scan a web-server for the vulnerability that can be exploited and can compromise the server. It can also check for outdated version details of 1200 servers and can detect problems with specific version details of over 200 servers. It comes packed with many features, a few of them are listed below.
- Full support for SSL
- Looks for subdomains
- Supports full HTTP Proxy
- Outdated component report
- Username guessing
To use nikto, download nikto and enter the following command.
3. Maltego
Maltego is a platform developed to convey and put forward a clear picture of the environment that an organization owns and operates. Maltego offers a unique perspective to both network and resource-based entities which is the aggregation of information delivered all over the internet – whether it’s the current configuration of a router poised on the edge of our network or any other information, Maltego can locate, aggregate and visualize this information. It offers the user with unprecedented information which is leverage and power.
Maltego’s Uses:
- It is used to exhibit the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of the infrastructure.
- It is used in the collection of information on all security-related work. It will save time and will allow us to work more accurately and in a smarter way.
- It aids us in thinking process by visually demonstrating interconnected links between searched items.
- It provides a much more powerful search, giving smarter results.
- It helps to discover “hidden” information.
To use Maltego, Go to applications menu and then select “maltego” tool to execute it.
4. SQLMap
SQLMap is an open-source tool that is used to automate the process of manual SQL injection over a parameter on a website. It detects and exploits the SQL injection parameters itself all we have to do is to provide it with an appropriate request or URL. It supports 34 databases including MySQL, Oracle, PostgreSQL, etc.
To use sqlmap tool:
- sqlmap comes pre-installed in Kali Linux
- Just type sqlmap in the terminal to use the tool.
5. Whatweb
Whatweb is an acronym of “what is that website“.It is used to get the technologies which a website is using, these technologies might me content management system(CMS), Javascript Libraries, etc. It is used for many purposes, a few of them are listed below.
- To get the Content Management System is used by a web application
- To get the Web Server details being used by the web application
- To get the embedded devices attached to the web application
- It consists of 1700+ plugins and every plugin is used to recognize something different.
To run whatweb, execute the following command and replace google.com with the domain name of your choice.
6. whois lookup
whois is a database record of all the registered domain over the internet. It is used for many purposes, a few of them are listed below.
- It is used by Network Administrators in order to identify and fix DNS or domain-related issues.
- It is used to check the availability of domain names.
- It is used to identify trademark infringement.
- It could even be used to track down the registrants of the Fraud domain.
To use whois lookup, enter the following command in the terminal.
Replace geeksforgeeks.org with the name of the website you want to lookup.
How to Hack Website with Sqlmap in Kali Linux
How to Hack Website with Sqlmap in Kali Linux. Hacking website with Sqlmap in Kali Linux. Disclaimer — TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate
In the previous tutorial, we hacked a website using nothing but a simple browser on a Windows machine. It was a pretty clumsy method to say the least. However, knowing the basics is necessary before we move on to the advanced tools. In this tutorial, we’ll be using Kali Linux (see the top navigation bar to find how to install it if you haven’t already) and SqlMap (which comes preinstalled in Kali) to automate what we manually did in the Manual SQL Injection tutorial to hack websites.
Now it is recommended that you go through the above tutorial once so that you can get an idea about how to find vulnerable sites. In this tutorial we’ll skip the first few steps in which we find out whether a website is vulnerable or not, as we already know from the previous tutorial that this website is vulnerable.
Kali Linux
First off, you need to have Kali linux (or backtrack) up and running on your machine. Any other Linux distro might work, but you’ll need to install Sqlmap on your own. Now if you don’t have Kali Linux installed, you might want to go to this page, which will get you started on Beginner Hacking Using Kali Linux
Sqlmap
Basically its just a tool to make Sql Injection easier. Their official website introduces the tool as -“sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.” A lot of features can be found on the SqlMap website, the most important being — “Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.” That’s basically all the database management systems. Most of the time you’ll never come across anything other than MySql.
Hire Professional Hackers to Penetrate Websites Using Sqlmap in Kali linux
Sql Version
Boot into your Kali linux machine. Start a terminal, and type –
It lists the basic commands that are supported by SqlMap. To start with, we’ll execute a simple command
sqlmap -u . In our case, it will be-
Sometimes, using the –time-sec helps to speed up the process, especially when the server responses are slow.
Either ways, when sqlmap is done, it will tell you the Mysql version and some other useful information about the database.
The final result of the above command should be something like this.
Note: Depending on a lot of factors, sqlmap my sometimes ask you questions which have to be answered in yes/no. Typing y means yes and n means no. Here are a few typical questions you might come across-
- Some message saying that the database is probably Mysql, so should sqlmap skip all other tests and conduct mysql tests only. Your answer should be yes (y).
- Some message asking you whether or not to use the payloads for specific versions of Mysql. The answer depends on the situation. If you are unsure, then its usually better to say yes.
How to Hack Website with Sqlmap in Kali Linux
Database
In this step, we will obtain database name, column names and other useful data from the database.
List of a few common enumeration commands
So first we will get the names of available databases. For this we will add –dbs to our previous command. The final result will look like –
So the two databases are acuart and information schema.
Table
Now we are obviously interested in acuart database. Information schema can be thought of as a default table which is present on all your targets, and contains information about structure of databases, tables, etc., but not the kind of information we are looking for. It can, however, be useful on a number of occasions. So, now we will specify the database of interest using -D and tell sqlmap to enlist the tables using –tables command. The final sqlmap command will be-
The result should be something like this –
Database: acuart
[8 tables]
+ — — — –+
| artists |
| carts |
| categ |
| featured |
| guestbook |
| pictures |
| products |
| users |
+ — — — –+
Now we have a list of tables. Following the same pattern, we will now get a list of columns.
Columns
Now we will specify the database using -D, the table using -T, and then request the columns using –columns. I hope you guys are starting to get the pattern by now. The most appealing table here is users. It might contain the username and passwords of registered users on the website (hackers always look for sensitive data). The final command must be something like-
The result would resemble this-
Data
Now, if you were following along attentively, now we will be getting data from one of the columns. While that hypothesis is not completely wrong, its time we go one step ahead. Now we will be getting data from multiple columns. As usual, we will specify the database with -D, table with -T, and column with -C. We will get all data from specified columns using –dump. We will enter multiple columns and separate them with commas. The final command will look like this.
John Smith, of course. And the password is test. Email is email@email.com?? Okay, nothing great, but in the real world web pentesting, you can come across more sensitive data. Under such circumstances, the right thing to do is mail the admin of the website and tell him to fix the vulnerability ASAP. Don’t get tempted to join the dark side. You don’t look pretty behind the bars. That’s it for this tutorial. Try to look at other columns and tables and see what you can dig up. Take a look at the previous tutorial on Manual SQl Injection which will help you find more interesting vulnerable site