ペネトレーションテスト

ペネトレーションテスト

2009-03-18 (水) 06:36:01

ペネトレーションテスト†

http://www.criterion.sc/extra/pentest-1.html

nmapの導入†

piano:root {121} % portinstall security/nmap
config.status: creating nsock_config.h
   (  )   /\   _                 (
    \ |  (  \ ( \.(               )                      _____
  \  \ \  `  `   ) \             (  ___                 / _   \
 (_`    \+   . x  ( .\            \/   \____-----------/ (o)   \_
- .-               \+  ;          (  O                           \____
                          )        \_____________  `              \  /
(__                +- .( -'.- <. - _  VVVVVVV VV V\                 \/
(_____            ._._: <_ - <- _  (--  _AAAAAAA__A_/                |
  .    /./.+-  . .- /  +--  - .     \______________//_              \_______
  (__ ' /x  / x _/ (                                  \___'          \     /
 , x / ( '  . / .  /                                      |           \   /
    /  /  _/ /    +                                      /              \/
   '  (__/                                             /                  \
            NMAP IS A POWERFUL TOOL -- USE CAREFULLY AND RESPONSIBLY
Configuration complete.  Type make (or gmake on some *BSD machines) to compile.

# nmap -sT -P0IP -A -O -oN ./log localhost

↑

Niktoの導入†

piano:root {131} % portinstall security/nikto
piano:root {131} % rehash
piano:root {131} % nikto -update

piano:root {131} % nikto -host localhost -p 80

OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.

といわれるので、/usr/local/etc/apache22/httpd.config に次の一行を追加