Ethical hacking basics
Download as PPTX, PDF1 like81 views
The document provides an overview of cybersecurity and outlines various tools used for penetration testing and vulnerability scanning, including Zenmap, w3af, sqlmap, Metasploit, and Burp Suite. Each tool is described with its functionalities, such as ease of use, scanning capabilities, and support for web application security testing. The document serves as a literature review and statement of research problems related to these cybersecurity tools.
![Metasploit Commands
• SEARCH [args]-used to search keyword.
• INFO [args] –used to give information about given
argument.
• SET [args] [value] –used to set value for given argument.
• USE [args] – used to use any exploit given in argument.
• EXPLOIT –used to attack after an attack has been prepared.](https://image.slidesharecdn.com/ethicalhackingbasics-170710051239/85/Ethical-hacking-basics-11-320.jpg)
Ethical hacking basics
- 3. Introduction Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. What is Cybersecurity?
- 4. Part literature review • Zenmap is the official Nmap Security Scanner GUI. • It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. • It helps in mapping network. Zenmap
- 6. Statement of the research problemZenmap(continued)
- 7. Objectives of the studyW3af •w3af is a Web Application Attack and Audit Framework. •The project provides a vulnerability scanner and exploitation tool for Web applications. •It provides information about security vulnerabilities for use in penetration testing engagements. •The scanner offers a graphical user interface and a command-line interface.
- 8. Scope of the studyW3af (continued)
- 9. Sqlmap SqlMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws. With this tool , you can take complete control of database servers vulnerable web pages, including database outside the invaded system.It has a powerful detection engine employing the latest and most devastating SQL for penetration testing techniques Injection, which allows access to the database, the system files underlying and execute commands on the operating system
- 10. Metasploit(msfconsole) • Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. • The Metasploit Project is well known for its anti- forensic and evasion tools, some of which are built into the Metasploit Framework. • Due to it’s encoding technique even IPS ignores encoded payload.
- 11. Metasploit Commands • SEARCH [args]-used to search keyword. • INFO [args] –used to give information about given argument. • SET [args] [value] –used to set value for given argument. • USE [args] – used to use any exploit given in argument. • EXPLOIT –used to attack after an attack has been prepared.
- 16. Burpsuite • Burp Suite created by PortSwigger Web Security is a Java based software platform of tools for performing security testing of web applications. The suite of products can be used to combine automated and manual testing techniques and consists of a number of different tools, such as a proxy server, a web spider, scanner, intruder, repeater, sequencer, decoder, collaborator and extender.