滲透測試平臺bwapp簡單介紹及安裝
阿新 • • 發佈:2018-11-11
先來介紹一下bwapp
bwapp是一款非常好用的漏洞演示平臺,包含有100多個漏洞
-
SQL, HTML, iFrame, SSI, OS Command, XML, XPath, LDAP,
PHP Code, Host Header and SMTP injections
- Authentication, authorization and session management issues
- Malicious, unrestricted file uploads and backdoor files
- Arbitrary file access and directory traversals
- Heartbleed and Shellshock vulnerability
- Local and remote file inclusions (LFI/RFI)
- Server Side Request Forgery (SSRF)
- Configuration issues: Man-in-the-Middle, Cross-Domain policy file,
FTP, SNMP, WebDAV, information disclosures,... - HTTP parameter pollution and HTTP response splitting
- XML External Entity attacks (XXE)
- HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS)
and web storage issues - Drupal, phpMyAdmin and SQLite issues
- Unvalidated redirects and forwards
- Denial-of-Service (DoS) attacks
- Cross-Site Scripting (XSS), Cross-Site Tracing (XST) and
Cross-Site Request Forgery (CSRF) - AJAX and Web Services issues (JSON/XML/SOAP)
- Parameter tampering and cookie poisoning
- Buffer overflows and local privilege escalations
- PHP-CGI remote code execution
- HTTP verb tampering
- And much more
特點:
- 開源的php應用
- 後臺Mysql資料庫
- 可執行在Linux/Windows Apache/IIS
- 支援WAMP或者XAMPP
安裝:
bwapp可以單獨下載,也可以下載一個虛擬機器版本,解壓後直接開啟虛擬機器就可以訪問。
單獨下載的話需要部署到apache+mysql+php的環境中
- 單獨安裝:
瀏覽器訪問你的bwapp:http://x.x.x.x/bwapp/install
點開here
- 虛擬機器方式:
下載之後解壓,用vmware開啟即可
預設賬號密碼為:bee/bug
但使用用虛擬機器的方式的話存在一個鍵盤亂序的問題,需要做如下設定:
System -> preferences -> keyboard -> layouts -> +add【layouts:China】
keyboard -> A4Tech KB-21
附下載地址:
虛擬機器下載地址:https://sourceforge.net/projects/bwapp/files/bee-box/
安裝包下載地址:https://sourceforge.net/projects/bwapp/files/bWAPP/
本文轉載自連結:http://www.cnblogs.com/hell0w/p/7523114.html