DEV Community

BEIDI DINA SAMUEL
BEIDI DINA SAMUEL

Posted on

Ethical Hacking - This article is about discovering vulnerabilities in web applications.

We will use a range of tools to discover application failures.

Github : https://github.com/samglish/web_exploitation_scanning

Example of tools that we will use.

  1. Nikto
  2. Sslscan
  3. Sslyze
  4. OWASP Zed Attack Proxy(ZAP)
  5. BurpSuite
  6. Sqlmap
  7. bare hand analysis - > CSRF
  8. Scripting - > Python - > validation of command injections (HTTP,ICMP)

1. Nikto

Terminal

nikto -host google.com -port 443 -ssl
Enter fullscreen mode Exit fullscreen mode

OUTPUT

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          142.251.135.110
+ Target Hostname:    google.com
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /CN=*.google.com
                   Ciphers:  TLS_AES_256_GCM_SHA384
                   Issuer:   /C=US/O=Google Trust Services/CN=WR2
+ Start Time:         2024-09-09 14:01:05 (GMT1)
---------------------------------------------------------------------------
+ Server: gws
+ X-XSS-Protection header has been set to disable XSS Protection. There is unlikely to be a good reason for this.
+ Uncommon header 'alt-svc' found, with contents: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The site uses SSL and Expect-CT header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: https://www.google.com/
Enter fullscreen mode Exit fullscreen mode

2. Sslscan

Terminal

sslscan google.com
Enter fullscreen mode Exit fullscreen mode

OUTPUT

Version: 2.0.10-static
OpenSSL 1.1.1l-dev  xx XXX xxxx

Connected to 142.251.135.110

Testing SSL server google.com on port 443 using SNI name google.com

  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   enabled
TLSv1.1   enabled
TLSv1.2   enabled
TLSv1.3   enabled

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLSv1.3 not vulnerable to heartbleed
TLSv1.2 not vulnerable to heartbleed
TLSv1.1 not vulnerable to heartbleed
TLSv1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.3  128 bits  TLS_AES_128_GCM_SHA256        Curve 25519 DHE 253
Accepted  TLSv1.3  256 bits  TLS_AES_256_GCM_SHA384        Curve 25519 DHE 253
Accepted  TLSv1.3  256 bits  TLS_CHACHA20_POLY1305_SHA256  Curve 25519 DHE 253
Preferred TLSv1.2  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305 Curve 25519 DHE 253
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256 Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384 Curve 25519 DHE 253
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-SHA        Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-SHA        Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  ECDHE-RSA-CHACHA20-POLY1305   Curve 25519 DHE 253
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve 25519 DHE 253
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve 25519 DHE 253
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
Accepted  TLSv1.2  128 bits  AES128-SHA                   
Accepted  TLSv1.2  256 bits  AES256-SHA                   
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA                 
Preferred TLSv1.1  128 bits  ECDHE-ECDSA-AES128-SHA        Curve 25519 DHE 253
Accepted  TLSv1.1  256 bits  ECDHE-ECDSA-AES256-SHA        Curve 25519 DHE 253
Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve 25519 DHE 253
Accepted  TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve 25519 DHE 253
Accepted  TLSv1.1  128 bits  AES128-SHA                   
Accepted  TLSv1.1  256 bits  AES256-SHA                   
Accepted  TLSv1.1  112 bits  DES-CBC3-SHA                 
Preferred TLSv1.0  128 bits  ECDHE-ECDSA-AES128-SHA        Curve 25519 DHE 253
Accepted  TLSv1.0  256 bits  ECDHE-ECDSA-AES256-SHA        Curve 25519 DHE 253
Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve 25519 DHE 253
Accepted  TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve 25519 DHE 253
Accepted  TLSv1.0  128 bits  AES128-SHA                   
Accepted  TLSv1.0  256 bits  AES256-SHA                   
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA                 

  Server Key Exchange Group(s):
TLSv1.3  128 bits  secp256r1 (NIST P-256)
TLSv1.3  128 bits  x25519
TLSv1.2  128 bits  secp256r1 (NIST P-256)
TLSv1.2  128 bits  x25519

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
ECC Curve Name:      prime256v1
ECC Key Strength:    128

Subject:  *.google.com
Altnames: DNS:*.google.com, DNS:*.appengine.google.com, DNS:*.bdn.dev, DNS:*.origin-test.bdn.dev, DNS:*.cloud.google.com, DNS:*.crowdsource.google.com, DNS:*.datacompute.google.com, DNS:*.google.ca, DNS:*.google.cl, DNS:*.google.co.in, DNS:*.google.co.jp, DNS:*.google.co.uk, DNS:*.google.com.ar, DNS:*.google.com.au, DNS:*.google.com.br, DNS:*.google.com.co, DNS:*.google.com.mx, DNS:*.google.com.tr, DNS:*.google.com.vn, DNS:*.google.de, DNS:*.google.es, DNS:*.google.fr, DNS:*.google.hu, DNS:*.google.it, DNS:*.google.nl, DNS:*.google.pl, DNS:*.google.pt, DNS:*.googleapis.cn, DNS:*.googlevideo.com, DNS:*.gstatic.cn, DNS:*.gstatic-cn.com, DNS:googlecnapps.cn, DNS:*.googlecnapps.cn, DNS:googleapps-cn.com, DNS:*.googleapps-cn.com, DNS:gkecnapps.cn, DNS:*.gkecnapps.cn, DNS:googledownloads.cn, DNS:*.googledownloads.cn, DNS:recaptcha.net.cn, DNS:*.recaptcha.net.cn, DNS:recaptcha-cn.net, DNS:*.recaptcha-cn.net, DNS:widevine.cn, DNS:*.widevine.cn, DNS:ampproject.org.cn, DNS:*.ampproject.org.cn, DNS:ampproject.net.cn, DNS:*.ampproject.net.cn, DNS:google-analytics-cn.com, DNS:*.google-analytics-cn.com, DNS:googleadservices-cn.com, DNS:*.googleadservices-cn.com, DNS:googlevads-cn.com, DNS:*.googlevads-cn.com, DNS:googleapis-cn.com, DNS:*.googleapis-cn.com, DNS:googleoptimize-cn.com, DNS:*.googleoptimize-cn.com, DNS:doubleclick-cn.net, DNS:*.doubleclick-cn.net, DNS:*.fls.doubleclick-cn.net, DNS:*.g.doubleclick-cn.net, DNS:doubleclick.cn, DNS:*.doubleclick.cn, DNS:*.fls.doubleclick.cn, DNS:*.g.doubleclick.cn, DNS:dartsearch-cn.net, DNS:*.dartsearch-cn.net, DNS:googletraveladservices-cn.com, DNS:*.googletraveladservices-cn.com, DNS:googletagservices-cn.com, DNS:*.googletagservices-cn.com, DNS:googletagmanager-cn.com, DNS:*.googletagmanager-cn.com, DNS:googlesyndication-cn.com, DNS:*.googlesyndication-cn.com, DNS:*.safeframe.googlesyndication-cn.com, DNS:app-measurement-cn.com, DNS:*.app-measurement-cn.com, DNS:gvt1-cn.com, DNS:*.gvt1-cn.com, DNS:gvt2-cn.com, DNS:*.gvt2-cn.com, DNS:2mdn-cn.net, DNS:*.2mdn-cn.net, DNS:googleflights-cn.net, DNS:*.googleflights-cn.net, DNS:admob-cn.com, DNS:*.admob-cn.com, DNS:googlesandbox-cn.com, DNS:*.googlesandbox-cn.com, DNS:*.safenup.googlesandbox-cn.com, DNS:*.gstatic.com, DNS:*.metric.gstatic.com, DNS:*.gvt1.com, DNS:*.gcpcdn.gvt1.com, DNS:*.gvt2.com, DNS:*.gcp.gvt2.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com, DNS:*.ytimg.com, DNS:android.com, DNS:*.android.com, DNS:*.flash.android.com, DNS:g.cn, DNS:*.g.cn, DNS:g.co, DNS:*.g.co, DNS:goo.gl, DNS:www.goo.gl, DNS:google-analytics.com, DNS:*.google-analytics.com, DNS:google.com, DNS:googlecommerce.com, DNS:*.googlecommerce.com, DNS:ggpht.cn, DNS:*.ggpht.cn, DNS:urchin.com, DNS:*.urchin.com, DNS:youtu.be, DNS:youtube.com, DNS:*.youtube.com, DNS:music.youtube.com, DNS:*.music.youtube.com, DNS:youtubeeducation.com, DNS:*.youtubeeducation.com, DNS:youtubekids.com, DNS:*.youtubekids.com, DNS:yt.be, DNS:*.yt.be, DNS:android.clients.google.com, DNS:*.android.google.cn, DNS:*.chrome.google.cn, DNS:*.developers.google.cn
Issuer:   WR2

Not valid before: Aug 12 06:33:49 2024 GMT
Not valid after:  Nov  4 06:33:48 2024 GMT
Enter fullscreen mode Exit fullscreen mode

3. Sslyze

Terminal

sslyze google.com --regular
Enter fullscreen mode Exit fullscreen mode

OUTPUT

 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   google.com:443                       => 142.251.135.110 




 SCAN RESULTS FOR GOOGLE.COM:443 - 142.251.135.110
 -------------------------------------------------

 * SSL 2.0 Cipher Suites:
     Attempted to connect using 7 cipher suites; the server rejected all cipher suites.

 * OpenSSL Heartbleed:
                                          OK - Not vulnerable to Heartbleed

 * TLS 1.0 Cipher Suites:
     Attempted to connect using 80 cipher suites.

     The server accepted the following 5 cipher suites:
        TLS_RSA_WITH_AES_256_CBC_SHA                      256                      
        TLS_RSA_WITH_AES_128_CBC_SHA                      128                      
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                     168                      
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                128       ECDH: prime256v1 (256 bits)

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    OK - Supported
       Legacy RC4 Algorithm               OK - Not Supported


 * Deflate Compression:
                                          OK - Compression disabled

 * Elliptic Curve Key Exchange:
       Supported curves:                  X25519, prime256v1
       Rejected curves:                   X448, prime192v1, secp160k1, secp160r1, secp160r2, secp192k1, secp224k1, secp224r1, secp256k1, secp384r1, secp521r1, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1

 * TLS 1.1 Cipher Suites:
     Attempted to connect using 80 cipher suites.

     The server accepted the following 5 cipher suites:
        TLS_RSA_WITH_AES_256_CBC_SHA                      256                      
        TLS_RSA_WITH_AES_128_CBC_SHA                      128                      
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                     168                      
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                128       ECDH: prime256v1 (256 bits)

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    OK - Supported
       Legacy RC4 Algorithm               OK - Not Supported


 * Downgrade Attacks:
       TLS_FALLBACK_SCSV:                 OK - Supported

 * TLS 1.2 Cipher Suites:
     Attempted to connect using 156 cipher suites.

     The server accepted the following 11 cipher suites:
        TLS_RSA_WITH_AES_256_GCM_SHA384                   256                      
        TLS_RSA_WITH_AES_256_CBC_SHA                      256                      
        TLS_RSA_WITH_AES_128_GCM_SHA256                   128                      
        TLS_RSA_WITH_AES_128_CBC_SHA                      128                      
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                     168                      
        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256       256       ECDH: X25519 (253 bits)
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384             256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256     256       ECDH: X25519 (253 bits)

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    OK - Supported
       Legacy RC4 Algorithm               OK - Not Supported


 * OpenSSL CCS Injection:
                                          OK - Not vulnerable to OpenSSL CCS injection

 * Session Renegotiation:
       Client Renegotiation DoS Attack:   OK - Not vulnerable
       Secure Renegotiation:              OK - Supported

 * Certificates Information:
       Hostname sent for SNI:             google.com
       Number of certificates detected:   2


     Certificate #0 ( _RSAPublicKey )
       SHA1 Fingerprint:                  b3aa4649c2c335ece22bb517663e5fb55d8e7ea7
       Common Name:                       *.google.com
       Issuer:                            WR2
       Serial Number:                     304939306852206029209973686766662546304
       Not Before:                        2024-08-12
       Not After:                         2024-11-04
       Public Key Algorithm:              _RSAPublicKey
       Signature Algorithm:               sha256
       Key Size:                          2048
       Exponent:                          65537
       DNS Subject Alternative Names:     ['*.google.com', '*.appengine.google.com', '*.bdn.dev', '*.origin-test.bdn.dev', '*.cloud.google.com', '*.crowdsource.google.com', '*.datacompute.google.com', '*.google.ca', '*.google.cl', '*.google.co.in', '*.google.co.jp', '*.google.co.uk', '*.google.com.ar', '*.google.com.au', '*.google.com.br', '*.google.com.co', '*.google.com.mx', '*.google.com.tr', '*.google.com.vn', '*.google.de', '*.google.es', '*.google.fr', '*.google.hu', '*.google.it', '*.google.nl', '*.google.pl', '*.google.pt', '*.googleapis.cn', '*.googlevideo.com', '*.gstatic.cn', '*.gstatic-cn.com', 'googlecnapps.cn', '*.googlecnapps.cn', 'googleapps-cn.com', '*.googleapps-cn.com', 'gkecnapps.cn', '*.gkecnapps.cn', 'googledownloads.cn', '*.googledownloads.cn', 'recaptcha.net.cn', '*.recaptcha.net.cn', 'recaptcha-cn.net', '*.recaptcha-cn.net', 'widevine.cn', '*.widevine.cn', 'ampproject.org.cn', '*.ampproject.org.cn', 'ampproject.net.cn', '*.ampproject.net.cn', 'google-analytics-cn.com', '*.google-analytics-cn.com', 'googleadservices-cn.com', '*.googleadservices-cn.com', 'googlevads-cn.com', '*.googlevads-cn.com', 'googleapis-cn.com', '*.googleapis-cn.com', 'googleoptimize-cn.com', '*.googleoptimize-cn.com', 'doubleclick-cn.net', '*.doubleclick-cn.net', '*.fls.doubleclick-cn.net', '*.g.doubleclick-cn.net', 'doubleclick.cn', '*.doubleclick.cn', '*.fls.doubleclick.cn', '*.g.doubleclick.cn', 'dartsearch-cn.net', '*.dartsearch-cn.net', 'googletraveladservices-cn.com', '*.googletraveladservices-cn.com', 'googletagservices-cn.com', '*.googletagservices-cn.com', 'googletagmanager-cn.com', '*.googletagmanager-cn.com', 'googlesyndication-cn.com', '*.googlesyndication-cn.com', '*.safeframe.googlesyndication-cn.com', 'app-measurement-cn.com', '*.app-measurement-cn.com', 'gvt1-cn.com', '*.gvt1-cn.com', 'gvt2-cn.com', '*.gvt2-cn.com', '2mdn-cn.net', '*.2mdn-cn.net', 'googleflights-cn.net', '*.googleflights-cn.net', 'admob-cn.com', '*.admob-cn.com', 'googlesandbox-cn.com', '*.googlesandbox-cn.com', '*.safenup.googlesandbox-cn.com', '*.gstatic.com', '*.metric.gstatic.com', '*.gvt1.com', '*.gcpcdn.gvt1.com', '*.gvt2.com', '*.gcp.gvt2.com', '*.url.google.com', '*.youtube-nocookie.com', '*.ytimg.com', 'android.com', '*.android.com', '*.flash.android.com', 'g.cn', '*.g.cn', 'g.co', '*.g.co', 'goo.gl', 'www.goo.gl', 'google-analytics.com', '*.google-analytics.com', 'google.com', 'googlecommerce.com', '*.googlecommerce.com', 'ggpht.cn', '*.ggpht.cn', 'urchin.com', '*.urchin.com', 'youtu.be', 'youtube.com', '*.youtube.com', 'music.youtube.com', '*.music.youtube.com', 'youtubeeducation.com', '*.youtubeeducation.com', 'youtubekids.com', '*.youtubekids.com', 'yt.be', '*.yt.be', 'android.clients.google.com', '*.android.google.cn', '*.chrome.google.cn', '*.developers.google.cn']

     Certificate #0 - Trust
       Hostname Validation:               OK - Certificate matches server hostname
       Android CA Store (9.0.0_r9):       OK - Certificate is trusted
       Apple CA Store (iOS 14, iPadOS 14, macOS 11, watchOS 7, and tvOS 14):OK - Certificate is trusted
       Java CA Store (jdk-13.0.2):        OK - Certificate is trusted
       Mozilla CA Store (2021-01-24):     OK - Certificate is trusted
       Windows CA Store (2021-02-08):     OK - Certificate is trusted
       Symantec 2018 Deprecation:         OK - Not a Symantec-issued certificate
       Received Chain:                    *.google.com --> WR2 --> GTS Root R1
       Verified Chain:                    *.google.com --> WR2 --> GTS Root R1 --> GlobalSign Root CA
       Received Chain Contains Anchor:    OK - Anchor certificate not sent
       Received Chain Order:              OK - Order is valid
       Verified Chain contains SHA1:      OK - No SHA1-signed certificate in the verified certificate chain

     Certificate #0 - Extensions
       OCSP Must-Staple:                  NOT SUPPORTED - Extension not found
       Certificate Transparency:          WARNING - Only 2 SCTs included but Google recommends 3 or more

     Certificate #0 - OCSP Stapling
                                          NOT SUPPORTED - Server did not send back an OCSP response


     Certificate #1 ( _EllipticCurvePublicKey )
       SHA1 Fingerprint:                  9772b050d3115af7a43e14439b9bda054440581c
       Common Name:                       *.google.com
       Issuer:                            WR2
       Serial Number:                     93367997912792567694462855265825644234
       Not Before:                        2024-08-12
       Not After:                         2024-11-04
       Public Key Algorithm:              _EllipticCurvePublicKey
       Signature Algorithm:               sha256
       Key Size:                          256
       Curve:                             secp256r1
       DNS Subject Alternative Names:     ['*.google.com', '*.appengine.google.com', '*.bdn.dev', '*.origin-test.bdn.dev', '*.cloud.google.com', '*.crowdsource.google.com', '*.datacompute.google.com', '*.google.ca', '*.google.cl', '*.google.co.in', '*.google.co.jp', '*.google.co.uk', '*.google.com.ar', '*.google.com.au', '*.google.com.br', '*.google.com.co', '*.google.com.mx', '*.google.com.tr', '*.google.com.vn', '*.google.de', '*.google.es', '*.google.fr', '*.google.hu', '*.google.it', '*.google.nl', '*.google.pl', '*.google.pt', '*.googleapis.cn', '*.googlevideo.com', '*.gstatic.cn', '*.gstatic-cn.com', 'googlecnapps.cn', '*.googlecnapps.cn', 'googleapps-cn.com', '*.googleapps-cn.com', 'gkecnapps.cn', '*.gkecnapps.cn', 'googledownloads.cn', '*.googledownloads.cn', 'recaptcha.net.cn', '*.recaptcha.net.cn', 'recaptcha-cn.net', '*.recaptcha-cn.net', 'widevine.cn', '*.widevine.cn', 'ampproject.org.cn', '*.ampproject.org.cn', 'ampproject.net.cn', '*.ampproject.net.cn', 'google-analytics-cn.com', '*.google-analytics-cn.com', 'googleadservices-cn.com', '*.googleadservices-cn.com', 'googlevads-cn.com', '*.googlevads-cn.com', 'googleapis-cn.com', '*.googleapis-cn.com', 'googleoptimize-cn.com', '*.googleoptimize-cn.com', 'doubleclick-cn.net', '*.doubleclick-cn.net', '*.fls.doubleclick-cn.net', '*.g.doubleclick-cn.net', 'doubleclick.cn', '*.doubleclick.cn', '*.fls.doubleclick.cn', '*.g.doubleclick.cn', 'dartsearch-cn.net', '*.dartsearch-cn.net', 'googletraveladservices-cn.com', '*.googletraveladservices-cn.com', 'googletagservices-cn.com', '*.googletagservices-cn.com', 'googletagmanager-cn.com', '*.googletagmanager-cn.com', 'googlesyndication-cn.com', '*.googlesyndication-cn.com', '*.safeframe.googlesyndication-cn.com', 'app-measurement-cn.com', '*.app-measurement-cn.com', 'gvt1-cn.com', '*.gvt1-cn.com', 'gvt2-cn.com', '*.gvt2-cn.com', '2mdn-cn.net', '*.2mdn-cn.net', 'googleflights-cn.net', '*.googleflights-cn.net', 'admob-cn.com', '*.admob-cn.com', 'googlesandbox-cn.com', '*.googlesandbox-cn.com', '*.safenup.googlesandbox-cn.com', '*.gstatic.com', '*.metric.gstatic.com', '*.gvt1.com', '*.gcpcdn.gvt1.com', '*.gvt2.com', '*.gcp.gvt2.com', '*.url.google.com', '*.youtube-nocookie.com', '*.ytimg.com', 'android.com', '*.android.com', '*.flash.android.com', 'g.cn', '*.g.cn', 'g.co', '*.g.co', 'goo.gl', 'www.goo.gl', 'google-analytics.com', '*.google-analytics.com', 'google.com', 'googlecommerce.com', '*.googlecommerce.com', 'ggpht.cn', '*.ggpht.cn', 'urchin.com', '*.urchin.com', 'youtu.be', 'youtube.com', '*.youtube.com', 'music.youtube.com', '*.music.youtube.com', 'youtubeeducation.com', '*.youtubeeducation.com', 'youtubekids.com', '*.youtubekids.com', 'yt.be', '*.yt.be', 'android.clients.google.com', '*.android.google.cn', '*.chrome.google.cn', '*.developers.google.cn']

     Certificate #1 - Trust
       Hostname Validation:               OK - Certificate matches server hostname
       Android CA Store (9.0.0_r9):       OK - Certificate is trusted
       Apple CA Store (iOS 14, iPadOS 14, macOS 11, watchOS 7, and tvOS 14):OK - Certificate is trusted
       Java CA Store (jdk-13.0.2):        OK - Certificate is trusted
       Mozilla CA Store (2021-01-24):     OK - Certificate is trusted
       Windows CA Store (2021-02-08):     OK - Certificate is trusted
       Symantec 2018 Deprecation:         OK - Not a Symantec-issued certificate
       Received Chain:                    *.google.com --> WR2 --> GTS Root R1
       Verified Chain:                    *.google.com --> WR2 --> GTS Root R1 --> GlobalSign Root CA
       Received Chain Contains Anchor:    OK - Anchor certificate not sent
       Received Chain Order:              OK - Order is valid
       Verified Chain contains SHA1:      OK - No SHA1-signed certificate in the verified certificate chain

     Certificate #1 - Extensions
       OCSP Must-Staple:                  NOT SUPPORTED - Extension not found
       Certificate Transparency:          WARNING - Only 2 SCTs included but Google recommends 3 or more

     Certificate #1 - OCSP Stapling
                                          NOT SUPPORTED - Server did not send back an OCSP response

 * SSL 3.0 Cipher Suites:
     Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

 * ROBOT Attack:
                                          OK - Not vulnerable.

 * TLS 1.3 Cipher Suites:
     Attempted to connect using 5 cipher suites.

     The server accepted the following 3 cipher suites:
        TLS_CHACHA20_POLY1305_SHA256                      256       ECDH: X25519 (253 bits)
        TLS_AES_256_GCM_SHA384                            256       ECDH: X25519 (253 bits)
        TLS_AES_128_GCM_SHA256                            128       ECDH: X25519 (253 bits)


 * Connection timed out for --resum: try using --slow_connection to reduce the impact on the server.


 SCAN COMPLETED IN 77.19 S
 -------------------------
Enter fullscreen mode Exit fullscreen mode

4. OWASP Zed Attack Proxy(ZAP)

Image description
Goto navigator
http://localhost:8080/

Image description

UI ZAP API

Composants

  • acsrf
  • ajaxSpider
  • alert
  • alertFilter
  • ascan
  • authentication
  • authorization
  • autoupdate
  • break
  • context
  • core
  • forcedUser
  • graphql
  • httpSessions
  • hud
  • hudfiles
  • importurls
  • keyboard
  • localProxies
  • openapi
  • params
  • pscan
  • quickstartlaunch
  • replacer
  • reveal
  • ruleConfig
  • script
  • search
  • selenium
  • sessionManagement
  • soap
  • spider
  • stats
  • users
  • websocket

5. Sqlmap

Terminal

sqlmap
Enter fullscreen mode Exit fullscreen mode
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.5.3#stable}
|_ -| . ["]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap.org

Usage: python3 sqlmap [options]

sqlmap: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --shell, --update, --purge, --list-tampers or --dependencies). Use -h for basic and -hh for advanced help

[16:08:05] [WARNING] your sqlmap version is outdated
Enter fullscreen mode Exit fullscreen mode

Top comments (0)