序言:
本篇主要来推荐给大家一个好用的web渗透测试靶站。
对于网络安全行业的渗透测试人员,这个工具无疑会大大增加工作效率;对于非网络安全行业的技术爱好者来说,也是一个值得收藏的工具。
bWAPP
这个站点覆盖了100+通用普遍的web漏洞,包括SQL注入攻击、越权、XSS攻击、CSRF、配置安全、敏感数据泄漏等等,下面👇是一个明细列表:
--------------A1 - Injection--------------HTML Injection - Reflected (GET)HTML Injection - Reflected (POST)HTML Injection - Reflected (Current URL)HTML Injection - Stored (Blog)iFrame InjectionLDAP Injection (Search)Mail Header Injection (SMTP)OS Command InjectionOS Command Injection - BlindPHP Code InjectionServer-Side Includes (SSI) InjectionSQL Injection (GET/Search)SQL Injection (GET/Select)SQL Injection (POST/Search)SQL Injection (POST/Select)SQL Injection (AJAX/JSON/jQuery)SQL Injection (CAPTCHA)SQL Injection (Login Form/Hero)SQL Injection (Login Form/User)SQL Injection (SQLite)SQL Injection (Drupal)SQL Injection - Stored (Blog)SQL Injection - Stored (SQLite)SQL Injection - Stored (User-Agent)SQL Injection - Stored (XML)SQL Injection - Blind - Boolean-BasedSQL Injection - Blind - Time-BasedSQL Injection - Blind (SQLite)SQL Injection - Blind (Web Services/SOAP)XML/XPath Injection (Login Form)XML/XPath Injection (Search)
-----------------------------------------------A2 - Broken Authentication & Session Management-----------------------------------------------Broken Authentication - CAPTCHA BypassingBroken Authentication - Forgotten FunctionBroken Authentication - Insecure Login FormsBroken Authentication - Logout ManagementBroken Authentication - Password AttacksBroken Authentication - Weak PasswordsSession Management - Administrative PortalsSession Management - Cookies (HTTPOnly)Session Management - Cookies (Secure)Session Management - Session ID in URLSession Management - Strong Sessions
-------------------------------A3 - Cross-Site Scripting (XSS)-------------------------------Cross-Site Scripting - Reflected (GET)Cross-Site Scripting - Reflected (POST)Cross-Site Scripting - Reflected (JSON)Cross-Site Scripting - Reflected (AJAX/JSON)Cross-Site Scripting - Reflected (AJAX/XML)Cross-Site Scripting - Reflected (Back Button)Cross-Site Scripting - Reflected (Custom Header)Cross-Site Scripting - Reflected (Eval)Cross-Site Scripting - Reflected (HREF)Cross-Site Scripting - Reflected (Login Form)Cross-Site Scripting - Reflected (phpMyAdmin)Cross-Site Scripting - Reflected (PHP_SELF)Cross-Site Scripting - Reflected (Referer)Cross-Site Scripting - Reflected (User-Agent)Cross-Site Scripting - Stored (Blog)Cross-Site Scripting - Stored (Change Secret)Cross-Site Scripting - Stored (Cookies)Cross-Site Scripting - Stored (SQLiteManager)Cross-Site Scripting - Stored (User-Agent)
--------------------------------------A4 - Insecure Direct Object References--------------------------------------Insecure DOR (Change Secret)Insecure DOR (Reset Secret)Insecure DOR (Order Tickets)
------------------------------A5 - Security Misconfiguration------------------------------Arbitrary File Access (Samba)Cross-Domain Policy File (Flash)Cross-Origin Resource Sharing (AJAX)Cross-Site Tracing (XST)Denial-of-Service (Large Chunk Size)Denial-of-Service (Slow HTTP DoS)Denial-of-Service (SSL-Exhaustion)Denial-of-Service (XML Bomb)Insecure DistCC ConfigurationInsecure FTP ConfigurationInsecure NTP ConfigurationInsecure SNMP ConfigurationInsecure VNC ConfigurationInsecure WebDAV ConfigurationLocal Privilege Escalation (sendpage)Local Privilege Escalation (udev)Man-in-the-Middle Attack (HTTP)Man-in-the-Middle Attack (SMTP)Old/Backup & Unreferenced FilesRobots File (Disclosure)
----------------------------A6 - Sensitive Data Exposure----------------------------Base64 Encoding (Secret)BEAST/CRIME/BREACH SSL AttacksClear Text HTTP (Credentials)Heartbleed VulnerabilityHost Header Attack (Reset Poisoning)HTML5 Web Storage (Secret)POODLE VulnerabilitySSL 2.0 Deprecated ProtocolText Files (Accounts)
--------------------------------------------A7 - Missing Functional Level Access Control--------------------------------------------Directory Traversal - DirectoriesDirectory Traversal - FilesHost Header Attack (Cache Poisoning)Host Header Attack (Reset Poisoning)Local File Inclusion (SQLiteManager)Remote & Local File Inclusion (RFI/LFI)Restrict Device AccessRestrict Folder AccessServer Side Request Forgery (SSRF)XML External Entity Attacks (XXE)
--------------------------------------A8 - Cross-Site Request Forgery (CSRF)--------------------------------------Cross-Site Request Forgery (Change Password)Cross-Site Request Forgery (Change Secret)Cross-Site Request Forgery (Transfer Amount)
--------------------------------------A9 - Using Known Vulnerable Components--------------------------------------Buffer Overflow (Local)Buffer Overflow (Remote)Drupal SQL Injection (Drupageddon)Heartbleed VulnerabilityPHP CGI Remote Code ExecutionPHP Eval FunctionphpMyAdmin BBCode Tag XSSShellshock VulnerabilitySQLiteManager Local File InclusionSQLiteManager PHP Code InjectionSQLiteManager XSS
--------------------------------------A10 - Unvalidated Redirects & Forwards--------------------------------------Unvalidated Redirects & Forwards (1)Unvalidated Redirects & Forwards (2)
----------Other bugs----------ClickJacking (Movie Tickets)Client-Side Validation (Password)HTTP Parameter PollutionHTTP Response SplittingHTTP Verb TamperingInformation Disclosure - FaviconInformation Disclosure - HeadersInformation Disclosure - PHP versionInformation Disclosure - Robots FileInsecure iFrame (Login Form)Unrestricted File Upload
------Extras------A.I.M. - No-authentication ModeClient Access Policy FileCross-Domain Policy FileEvil 666 Fuzzing PageHidden Backdoor FileManual Intervention Required!Unprotected Admin PortalWe Steal Secrets... (html)We Steal Secrets... (plain)WSDL File (Web Services/SOAP)安装与使用:
前置环境:docker
1. docker pull registry.cn-shanghai.aliyuncs.com/yhskc/bwapp2. docker run -d -p 0.0.0.0:80:80 registry.cn-shanghai.aliyuncs.com/yhskc/bwapp# 列出 container id3. docker container list -a4. docker start %container-id%初始化环境:
1. 安装 : http://localhost/install.php2. 注册新用户3. 登陆4. 选择要测试的漏洞
注册新用户 登陆
选择要测试的漏洞
关于这个环境的使用,也可以参照上一篇中所写: 不要再被这种邮件攻击坑了
声明:文中观点不代表本站立场。本文传送门:http://eyangzhen.com/247211.html
