COMP6210 – Ethical Hacking and Penetration Testing

Posted on June 19, 2020 by 2201798295alifio

Here are some of the tools used during the penetration testing for the final project report.

Name: Alifio Rasendriya Rasyid

ID: 2201798295

Class: L4BC-LEC

Tools Used:

1. censys.io

  • Censys is a search engine that scans the Internet searching for devices and return aggregate reports on how resources (i.e. Devices, websites, and certificates) are configured and deployed (Paganini, 2015). In this case, I used it to gain the real IP address of the target.

2. Paros

  • Paros is a java-based tool used for web application auditing, testing, and debugging. It has a proxy feature which enables it to capture and inspect traffic flow from the browser to the host. On top of capturing traffic, Paros also has other features such as ‘Spider’ and ‘Scan’ option.

3. Nikto

  • Nikto is a simple and free web-server scanner that examines a website and shows some vulnerabilities that can be used to later exploit the website. It is built-in / available on the Kali Linux default package and can be used through the terminal. Although it is very useful and effective; Nikto has one disadvantage. It is not stealthy at all, any site with a intrusion-detection system would be able to detect that it’s being scanned. (Kody, 2019)

4. pentest-tools.com

  • Pentest-tools is a website that offers a free light website vulnerability scanning on any website. Since this tool is widely available and can be used freely (for limited number of time), I have decided to include it as one of the web scanning tools.

5. WPScan

  • WPScan is a WordPress web vulnerability scanner, it is built-in / pre-installed on the default Kali Linux package and should run normally by simple typing ‘wpscan’ on the terminal. Since the target is a WordPress websites, this tool is particularly effective.

6. CloudFail

  • CloudFail is an information gathering tool used to gather information on a target protected by Cloudflare. CloudFail is not available on the default package, you will need to download it from https://github.com/m0rtem/CloudFail.

7. WhoIS

  • In kali linux, the whois command is used to search through the WHOIS database. This database may reveal some personal information about the owner of the website (Mahajan, 2020).

8. CeWL

  • CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. (KaliTools, n.d.).
This entry was posted in Projects. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *