Scanning of Web Penetration

Detection Tool-httrack

Reduce interaction with goals


apt-get install httrack

Usage method

httrack  # Enter the usage page

Enter project name : dvwa  # Give the website a name to mirror

Base path (return=/root/websites/) :/root/Desktop/image/dvwa  # Enter a save address

Enter URLs (separated by commas or blank spaces) :  # Enter the address to mirror
# Select 1: Direct Mirroring, Select 2: Wizard Mirroring, Select 2 here

Proxy (return=none) :# Select proxy access, direct return is not proxy

You can define wildcards, like: -*.gif +www.*.com/*.zip -*img_*.zip
Wildcards (return=none) :*# Select what you want to download and enter *to download everything

You can define additional options, such as recurse level (-r<number>), separated by blank spaces
To see the option list, type help
Additional options (return=none) :# Recursive level of download, direct return

#Confirm download, return and start downloading

Scan Tool

  • Nikto
  • Skipfish
  • Owasp-zap


Common Commands

nikto -host -prot 443 -ssl  # https scanning
nikto -host
nikto -host -port 80,443
nikto -host host.txt 
# host.txt Example (without)#No.)

# output
nikto -host -o dvwa.txt

# Use with nmap
nmap -p80 -oG - | nikto -host -

# Proxy (http proxy)
nikto -host -useproxy

# One ip corresponds to multiple websites
nikto -vhost -useproxy

# Use IDS evasion technology to avoid detection
nikto -host -evasion 12345678AB

#Enter during scan to view current scan progress
#Press P to pause during scan, P to continue again

evasion parameter

-evasion+      Encoding technique:
               1     Random URI encoding (non-UTF8)
               2     Directory self-reference (/./)
               3     Premature URL ending
               4     Prepend long random string
               5     Fake parameter
               6     TAB as request spacer
               7     Change the case of the URL
               8     Use Windows directory separator (\)
               A     Use a carriage return (0x0d) as a request spacer
               B     Use binary value 0x0b as a request spacer

configuration file

vi /etc/nikto.conf

USERAGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
# Best customized, more covert

#You can uncomment without typing-useproxy every time to enable the proxy

# Can add cookie s when visiting, for websites to log in to


Usage method

skipfish -o test1
# Will scan

skipfish -o test1 -I
# -I Scan only addresses containing this URL

skipfish -o test1 -X logout
# Do not check URLs containing logout

skipfish -o test2 @url.txt
# Scan url list

skipfish -o test1 -S /usr/share/skipfish/dictionaries/medium.wl -I
# Hide URLs using dictionary scanning

skipfish -o test1 -D
# -D: When the target contains-D follow-up sites, perform cross-site scanning

skipfish -o test1 -l 2000
# l: Maximum concurrent requests per second
# m: Maximum number of concurrent connections

Own dictionary:

dpkg -L skipfish | grep wl
1) To stop scanning at any time, press Ctrl-C.Will write partial report
 To the specified location.To view a list of URL s currently scanned, you can
 Press the space bar at any time during the scan.
2) Number of requests per second to view on the home screen.If this number
 Scanning may take a long time if it is less than 100-200.
3) The scanner does not automatically limit the range of scans; on complex sites, you can
 You may need to specify a location to exclude or restrict steps to violence.
4) There are several new versions of scanners every month.If you meet
 Trouble, check the new version first, and then tell the author.

identity authentication

Basic Identity Authentication

skipfish -A user:pass -o test http:///


skipfish -o test -C "PHPSESSID=0a8cf92cbbaa1d6ec7aad88e223295df" -C "security=high" --auth-verify-url -I dvwa 

Form submission method

skipfish -o test --auth-form --auth-form-target --auth-user-field username --auth-user admin --auth-pass-field password --auth-pass password --auth-verify-url -I dvwa
# --auth-from: login web address
# --auth-form-target: The target for submitting the form (corresponding to the action of the form)
# --auth-user-field: login account form name
# --auth-user: login account
# --auth-pass-field: login password form name
# --auth-pass: login password
# --auth-verify-url: interface to verify successful login
# -I: Scan only URLs containing strings



apt install zaproxy

Import Certificate

import Select saved certificate, check trust

New and Import Sessions

Proxy port 8080

New Session

Whether to save the session
The first is to save to the default location
The second item is to save to the specified location
The third item is not saved

Import Session

Set goals

identity authentication

(Default is fine)

Set active session



From Weak to Strong

  • Safe
  • Protected
  • Standard
  • Attack

Quick scan

Active Scan



Select fuzzy-payload-add-file Select Dictionary

Select dirbuster in file fuzzy for directory discovery
You can also select a variable to inject in file fuzzy by choosing SQL injection in jorofzzy

Code Decoding


Show hidden forms

Basic steps

  • Set up proxy
  • Manual Crawl
    Submission for this submission
  • Auto Crawl
  • Active Scan

Tags: PHP Session encoding Windows

Posted on Sun, 14 Jun 2020 22:05:11 -0400 by scoppc