常用工具
dirsearch
https://www.kali.org/tools/dirsearch/
ffuf
https://www.kali.org/tools/ffuf/
sstimap
https://www.kali.org/tools/sstimap/
nmap
nuclei
https://www.kali.org/tools/nuclei/
seclists
https://www.kali.org/tools/seclists/
SecLists 是渗透测试领域最全面、最常用的字典库集合,包含目录扫描、子域名爆破、用户名、密码、Payload 等各种字典。
root@kali:~# ls -lh /usr/share/seclists/
total 40K
drwxr-xr-x 6 root root 4.0K Mar 23 09:56 Discovery
drwxr-xr-x 3 root root 4.0K Mar 23 09:56 Fuzzing
drwxr-xr-x 2 root root 4.0K Mar 23 09:56 IOCs
drwxr-xr-x 2 root root 4.0K Mar 23 09:56 Miscellaneous
drwxr-xr-x 11 root root 4.0K Mar 23 09:56 Passwords
drwxr-xr-x 2 root root 4.0K Mar 23 09:56 Pattern-Matching
drwxr-xr-x 7 root root 4.0K Mar 23 09:56 Payloads
-rwxr-xr-x 1 root root 3.5K Mar 7 16:02 README.md
drwxr-xr-x 4 root root 4.0K Mar 23 09:56 Usernames
drwxr-xr-x 7 root root 4.0K Mar 23 09:56 Web-Shells
root@kali:~#
root@kali:~# tree -d /usr/share/seclists/
/usr/share/seclists/
├── Discovery
│ ├── DNS
│ ├── Infrastructure
│ ├── SNMP
│ └── Web-Content
│ ├── CMS
│ ├── SVNDigger
│ │ ├── cat
│ │ │ ├── Conf
│ │ │ ├── Database
│ │ │ ├── Language
│ │ │ └── Project
│ │ └── context
│ ├── URLs
│ └── Web-Services
├── Fuzzing
│ └── Polyglots
├── IOCs
├── Miscellaneous
├── Passwords
│ ├── Common-Credentials
│ ├── Cracked-Hashes
│ ├── Default-Credentials
│ ├── Honeypot-Captures
│ ├── Leaked-Databases
│ ├── Malware
│ ├── Permutations
│ ├── Software
│ └── WiFi-WPA
├── Pattern-Matching
├── Payloads
│ ├── Anti-Virus
│ ├── File-Names
│ ├── Images
│ ├── PHPInfo
│ └── Zip-Bombs
├── Usernames
│ ├── Honeypot-Captures
│ └── Names
└── Web-Shells
├── FuzzDB
├── JSP
├── laudanum-0.8
│ ├── asp
│ ├── aspx
│ ├── cfm
│ ├── jsp
│ │ └── warfiles
│ │ ├── META-INF
│ │ └── WEB-INF
│ └── php
├── PHP
└── WordPress
53 directories
root@kali:~#拓展部分
汉化
# root,滑动到底部选择zh_CN.UTF-8 UTF-8
dpkg-reconfigure locales
评论