hackingyseguridad/webaudit
GitHub: hackingyseguridad/webaudit
基于 Bash 的自动化 Web 漏洞审计脚本,在 Kali 环境下串联多款开源安全工具,快速识别 OWASP 常见 Web 漏洞。
Stars: 3 | Forks: 4
### webaudit.sh
### Web 漏洞自动分析
需要安装以下应用程序的 Kali Linux:
davtest
dirb
dmitry
dnsenum
dnsmap
dnsrecon
dnswalk
fierce
golismero
host
lbd
nikto
nmap
sslyze
theharvester
uniscan
wafw00f
wapiti
wget
whatweb
whois
xsser
OWASP Web 漏洞:
* [完整路径泄露](https://www.owasp.org/index.php/Full_Path_Disclosure)
* [任意文件上传](https://www.owasp.org/index.php/Unrestricted_File_Upload)
* [任意文件删除](https://www.acunetix.com/vulnerabilities/web/arbitrary-file-deletion/)
* [任意文件下载](https://resources.infosecinstitute.com/arbitrary-file-download-breaking-into-the-system/#gref)
* [本地文件包含](https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/)
* [远程文件包含](https://www.owasp.org/index.php/Testing_for_Remote_File_Inclusion)
* [Cookie 注入](https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002))
* [Header 注入](https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_(OTG-INPVAL-004))
* [SQL 注入](https://www.owasp.org/index.php/SQL_Injection)
* [XML 注入](https://www.owasp.org/index.php/Testing_for_XML_Injection_(OTG-INPVAL-008))
* [XXE 注入](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing)
* [Email 注入](https://www.owasp.org/index.php/Testing_for_IMAP/SMTP_Injection_(OTG-INPVAL-011))
* [HTML 注入](https://www.owasp.org/index.php/Testing_for_HTML_Injection_(OTG-CLIENT-003))
* [xPath 注入](https://www.owasp.org/index.php/XPATH_Injection)
* [代码注入](https://www.owasp.org/index.php/Code_Injection)
* [命令注入](https://www.owasp.org/index.php/Command_Injection)
* [对象注入](https://www.owasp.org/index.php/PHP_Object_Injection)
* [跨站脚本攻击 (XSS)](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS))
* [跨站请求伪造 (CSRF)](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))
* [失效的身份验证与会话管理](https://www.owasp.org/index.php/Broken_Authentication_and_Session_Management)
# https://hackingyseguridad.github.io/
#标签:AES-256, CISA项目, CTI, Docker部署, OWASP Top 10, Web安全, XSS, XXE攻击, 命令注入, 大数据, 密码管理, 应用安全, 开源安全工具, 插件系统, 攻击模拟, 文件包含, 漏洞情报, 漏洞评估, 目录扫描, 网络安全, 自动化漏洞扫描, 蓝队分析, 逆向工程平台, 隐私保护, 驱动签名利用