#contents &lastmod; *ペネトレーションテスト [#z8878759] http://www.criterion.sc/extra/pentest-1.html **nmapの導入 [#pc442733] piano:root {121} % portinstall security/nmap config.status: creating nsock_config.h ( ) /\ _ ( \ | ( \ ( \.( ) _____ \ \ \ ` ` ) \ ( ___ / _ \ (_` \+ . x ( .\ \/ \____-----------/ (o) \_ - .- \+ ; ( O \____ ) \_____________ ` \ / (__ +- .( -'.- <. - _ VVVVVVV VV V\ \/ (_____ ._._: <_ - <- _ (-- _AAAAAAA__A_/ | . /./.+- . .- / +-- - . \______________//_ \_______ (__ ' /x / x _/ ( \___' \ / , x / ( ' . / . / | \ / / / _/ / + / \/ ' (__/ / \ NMAP IS A POWERFUL TOOL -- USE CAREFULLY AND RESPONSIBLY Configuration complete. Type make (or gmake on some *BSD machines) to compile. # nmap -sT -P0IP -A -O -oN ./log localhost **Niktoの導入 [#qfff252d] piano:root {131} % portinstall security/nikto piano:root {131} % rehash piano:root {131} % nikto -update piano:root {131} % nikto -host localhost -p 80 + OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST. といわれるので、/usr/local/etc/apache22/httpd.config に次の一行を追加 TraceEnable off して apachectl restart する **HTTP_Requestの導入 [#v271efb1] # portinstall www/pear-HTTP_Request **John の導入 [#t66e5af5] k222# portinstall security/john **Hydra の導入 [#ha3d90ef] k222# portinstall security/hydra これはエラー http://ameblo.jp/itboy/theme-10009733051.html http://ameblo.jp/itboy/entry-10121730693.html http://peardoc.xole.net/package.http.http-request.intro.html