课时82 ACUNETIX WEB VULNERABILITY SCANNER.txt

课时82 ACUNETIX WEB VULNERABILITY SCANNER

ACUNETIX WEB VULNERABILITY SCANNER
自动手动爬网，支持AJAX、JavaScript
AcuSensor灰盒测试
    发现爬网无法发现文件
    额外的漏洞扫描
    可发现存在漏洞的源码行号
    支持PHP、.NET(不获取源码的情况下注入已编编译.NET)
生成PCI、27001标准和规报告
网络扫描
    FTP,DNS,SMTP,IMAP,POP3,SSH,SNMP,Telent
    集成openvas扫描漏洞

root@kali:~# cp /media/sf_D_DRIVE/acu_phpaspect.php

root@kali:~# ls
acu_phpaspect.php  ZAP_2.4.3_Linux.tar.gz  模板  图片  下载  桌面
????               公共                    视频  文档  音乐

root@kali:~# scp acu_phpaspect.php msfadmin@192.168.1.124:/home/mfadmin
msfadmin@192.168.1.124's password:
acu_phpaspect.php

root@kali:~# ssh msfadmin@192.168.1.124
msfadmin@192.168.1.124's password:
Linuz metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686

The programs included with the Ubuntu system are free software
the exact distribution terms for each progam are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANRY, to the extent permitted by applicable law

To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
NO mail.
Last login: Web Jan  6 06:46:18 2016

msfadmin@metasploitable:~$ ls
acu_phpaspect.php  mysqlaccess.log  vnlerable

msfadmin@metasploitable:~$ sudo mv acv_phpaspect.php /var/www/dvwa/
[sudo] password for msfadmin:

msfadmin@metasploitable:~$ cd /var/www/dvwa/

msfadmin@metasploitable:~/var/www/dvwa$ ls
about.php          doc           ids_log.php       phpinfo.php   setup.php
acu_phpaspect.php  dvwa          index.php         php.ini       vulnerabilities
CHANGELOG.txt      external      instructions.php  README.txt
config             favicon.ico   login.php         robots.txt
COPYING.txt        hackable      logout.php        security.php

msfadmin@metasploitable:~/var/www/dvwa$ ls -l

msfadmin@metasploitable:~/var/www/dvwa$ sudo chown www-data:www-data acu_phpaspect.php

ACUNETIX WEB VULNERABILITY SCANNER
AcuSensor安装
    生成agent文件acu_phpaspect.php（PHP5.0以上）
    将文件拷贝到目标服务器，web程序可以访问到的目录
    修改.hatccess或php.ini
        php_value auto_prepend_file ‘[path to acu_phpacpect.php file]’