evaluation of penetration testing tools of kali linux · evaluate the various penetration testing...
TRANSCRIPT
28 Gurdeep Singh, Jaswinder Singh
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 5, Issue 9
September 2016
Evaluation of Penetration Testing Tools of KALI LINUX
Gurdeep Singh Jaswinder Singh
M.Tech Student (Asst. Professor)
Dept. of Computer Engineering Dept. of Computer Engineering
Punjabi University,Patiala Punjabi University,Patiala
Abstract:
The objective of writing this research paper is to
evaluate the various penetration testing tools in KALI
LINUX used for website hacking purposes. By
examining these tools, we figure out which tools are
needed to detect the codes which cause harm to
websites.
Websites are used daily by a large part of the world’s
population to carry sensitive data from a person to an
entity with online-based presence. In websites
containing materials that are shown after
authentication only, forms transfer data containing user
credentials to server-side scripts. Users store their
credit card details in their online accounts and use
forms to buy items online, so it is crucial to keep the
integrity, confidentiality and availability of this data
intact.
Website hacking is an attack on a website that changes
the visual appearance as well as content of the site or a
webpage. These are typically the work of system
crackers, who break into a web server and replace the
hosted website with one of his own.
KALI LINUX tools worked upon are:
1) Zenmap:
Zenmap is a Port Scanner used for scanning the
open, closed and filtered ports of the target.
When Zenmap scans for the ports, it uses 3 way
tcp handshake in which firstly SYN signal is sent
to Tcp port which has some service attached to it,
for example HTTP(Port 80), SMTP(Port
25),SSH(Port 22), POP3(Port 110) etc.
Then, the server sees the SYN signal and responds
with the SYN ACK signal and Client answers it by
ACK signal. This completes the processing.
Ports scanning is basically of 3 types of ports:
1. Filtered ports: These are the ports which are
secured by the firewall itself and there is not
service running on these ports. These ports not
responded at any time to the nmap.
2. Closed Ports: Although no service is running
on these ports but firewall allows to go through it
to check the ports which means firewall doesn’t
works for these ports.
3. Open ports: Basically these are the ports
whose services are publicly accessible to anyone.
Anybody can see what services are running by
using port scanners.
Some examples of Zenmap scans performed on
websites are:
1) Tested site 1:
The screenshot shows that on this site 2 ports are
open which are:
29 Gurdeep Singh, Jaswinder Singh
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 5, Issue 9
September 2016
2) Tested site 2 :
2 ports are open on this website which are:
2) Sparta (Vulnerability Scanner): Sparta is a GUI application which is used
for the penetration testing. It does scanning and
analysis of results give deeper information of
networks.
It has various features:
1. Can import nmap results directly from XML
files.
2. You can configure any type of services
according to your need in Sparta.
3. It can also define some automated tasks like
what services to run on which ports.
4. Passwords can be found by using its feature
named Hydra and are stored in internal wordlists.
5. It has also the ability to remember or mark the
networks which you have recently worked upon.
6. It has also the facility to take screenshots at
any time during the process.
Badstore.net (Sample vulnerable website for
penetration testing)
Firstly it scans the open ports and services
assigned to that ports.
Secondly we perform password attack on this site
using Hydra and 1 valid password found.
In Sparta, nikto vulnerability scanner is used to
scan the vulnerabilities in the website.
30 Gurdeep Singh, Jaswinder Singh
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 5, Issue 9
September 2016
3) Burpsuite:
Burpsuite is a platform to test the security of
web apps. It helps a lot in security testing of web
applications through its vast user-driven interface.
Functioning of Burpsuite:
Because burpsuite is used aside with the web
browser. Actually, burpsuite acts as a HTTP proxy
server, from where all the http traffic passes from
the browser must pass through the burpsuite. For
this first step is to configure the browser settings
according to the burp needs.
Burpsuite attack on hackthissite.org
4) Sqlmap:
It is a tool used for sql injection technique to hack
websites database, in which sql statements are
added to exploit the website server. It is free based
penetration testing tool which has a very powerful
detection engine to fetch data and access the file
system to run commands.
Checking a demo website using google dorks for
sql injection:
5) Crunch:
It is a password guessing tool which gives us the
list of approximate passwords depending upon
how much size we give it for processing.
For example: Crunch min max
Where min is a variable which means what is the
minimum length of password we are guessing for.
Max is a variable which means what is the
maximum length of password.
31 Gurdeep Singh, Jaswinder Singh
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 5, Issue 9
September 2016
6) Cewl:
Cewl is a tool that is used for crawling the website
and to gain most of the information about web
pages into the depth defined by the user. Basically,
it is designed to obtain the related words to a
particular area which may be match for passwords
of the website.
Basically two switches are mostly used in this tool:
-d (depth) and –m (Min word length)
The depth swtich determines how many pages in
depth will the Cewl crawls through the website
and –m determines the minimum word length that
is required according to the need.
Syntax is :
Cewl –w customwordlist.txt –d 5 –m 7 <website’s
name>
Example of this tool is :
Now We have the list of word stored from this site
in a text file as :
7) Nikto: Nikto is a vulnerability scanner tool which scans
various types of vulnerabilities in the websites and
on the network. It is a tool which is used as
reconnaissance for hacking websites.
The only weakness in this tool is that it is not
stealthy, i.e the websites which have security
measures can easily detect that you are scanning
them.
Synatax of nikto :
nikto –h <IP or hostname>
As in the screenshot, nikto tool is used to find out
the vulnerabilities of badstore.net website. So the
output of tool tells that in the website X-XSS-
Protection header is not defined. And also
describes the existed vulnerabilities in the website.
Like anti-clickjacking, etc.
8) Httrack: Httrack is a tool which is used to hack a
user by defacing the whole website by copying all
the contents of that website onto your hard drive.
This is a tool which completely downloads the
full website contents which when runs gives the
full picture of the original website.
Syntax:
Httrack<original site name> -O <Hard drive
location name where to stored>
32 Gurdeep Singh, Jaswinder Singh
International Journal of Innovations & Advancement in Computer Science
IJIACS
ISSN 2347 – 8616
Volume 5, Issue 9
September 2016
After it completely downloads a website, now it is
ready to attack the victims.
Conclusion
Web applications are becoming popular and have
wide spread interaction medium in our daily lives.
But at same point many vulnerabilities explore
sensitive data. The different web application
vulnerabilities based on the security properties that
web application should be preserved. However
vulnerability assessment tools are automated one
which saves time and money and also defend the
web applications from modern threats. At the last
the new advanced security attacks are always
emerging, requires the security professional to
have positive security solution without putting
huge number of web applications at risk.
After studying various survey papers, finally it is
decided that there are so many vulnerabilities
reside on the web servers as well as web browsers.
Many tools are available online to find out these
type of vulnerabilities.
The research done on penetration testing tools
gives the evaluation that network
developer/administrator can find out what type of
vulnerabilities reside in the network. So that they
can be secured from the unauthorized access or
attacks by attackers.
References
1) Katkar Anjali S, Kulkarni Raj B, “Web
vulnerability detection and security mechanism”.
ISSN: 2231-2307, Volume 2, Issue 4, September
2012
2) Gopal R Chaudhari, Prof. Madhav V. Vaidya.
“A Survey on security and vulnerabilities of web
application”.ISSN: 0975-9646, Vol-5(2),
2014,1856-1860
3) Mr. K.Naveen.Durai, K.Priyadharsini. “A survey
on security properties and web application
scanner”, ISSN:2320-088X, Vol-3,
Issue.10,October 2014,pg.517-527
4) SwarnaprabhaPatil, Prof. Nitin Aggarwal. “Web
security attacks and injection-A survey”,
ISSN:2278-7763,Vol-4, Issue.2,February-2015
5) KartikeyAggarwal,Dr. Sanjay Kumar Dubey.
“Netwrok security: Attacks and Defence”, Volume-
1, Issue 3,August 2014
6) Ailin Zeng. “Discussion and research of computer
network security”,ISSN:0975-7384, Vol-6(7),
pg.780-783,2014
7) Jie Shan. “Analysis and research of computer
network security”, ISSN:0975-7384,Vol-
6(7),pg.874-877,2014