Kali-现代化工具基础建设
2024-04-24 06:08:20
鉴于 Kali 里面的很多工具集都是偏海外以及是英文版的原因,导致其中有很多工具集我们是很少用的,用的最多的无异于MSF、sqlmap、nmap这些耳熟能详的工具了。本文安装配置主要摘自 @ffffffff0x 团队分享的 “Kali系统基础设施配置” 软文 -> 传送门
为了将现代的多款主流、常用的工具集整合进来,我们需要安装好依赖、环境以及配置好源。需要整合进去的工具如下:
- Volatility
- distorm
- RustScan
- hashcat、7z2hashcat
- unyaffs
- ffuf
- JSFinder
- SecretFinder
- WebAliveScan
- OneForAll
- ksubdomain
- AWV-13
- AWVS-13 + Nessus
0x1 基本配置建设
# /pentest 作为存放渗透工具的文件夹
# /tmp/test 作为存放临时文件的文件夹
mkdir /pentest
mkdir /tmp/test# apt mirror
tee /etc/apt/sources.list <<-'EOF'
deb https://mirrors.aliyun.com/kali kali-rolling main non-free contrib
deb-src https://mirrors.aliyun.com/kali kali-rolling main non-free contrib
deb http://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free
deb-src https://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free
deb http://http.kali.org/kali kali-rolling main non-free contrib
deb-src http://http.kali.org/kali kali-rolling main non-free contrib
EOFrm -rf /var/cache/apt/archives/lock
rm -rf /var/lib/dpkg/lock-frontend
rm -rf /var/lib/dpkg/lock
rm /var/lib/dpkg/lock
rm /var/lib/apt/lists/lockapt update# SSH
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
systemctl start ssh
systemctl enable ssh
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_rsa_key# 安装依赖 (install dependence)
apt install -y gcc g++
apt install -y make cmake
apt install -y vim git curl lrzsz wget unzip resolvconf p7zip-full rlwrap
apt install -y apt-transport-https
apt install -y ca-certificates
apt install -y software-properties-common
apt install -y build-essential
apt install -y jq
apt install -y gdb socat telnet tree tcpdump iptraf iftop nethogs openssl libssl-dev libssh2-1-dev# Change DNS
echo "nameserver 223.5.5.5" > /etc/resolvconf/resolv.conf.d/head
resolvconf -u# Proxychains-ng
cd /tmp/test
# rz upload a proxychains-ng.zip
unzip proxychains-ng.zip
cd proxychains-ng-master
./configure
make && make install
cp ./src/proxychains.conf /etc/proxychains.conf
cd .. && rm -rf proxychains-ng
vim /etc/proxychains.conf # Change it to your proxy.# pip
wget https://bootstrap.pypa.io/get-pip.py
python2 get-pip.py
python2 -m pip install --upgrade pip
apt-get install -y python-dev
apt-get install -y python3-dev# 安装中文字体 (Install fonts)
apt install -y xfonts-intl-chinese ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy# pip3
cd /tmp/test
wget https://bootstrap.pypa.io/get-pip.py
python3 get-pip.py# GO
cd /tmp/test
# rz upload a go1.13.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.13.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
export GOROOT=/usr/local/go
export GOPATH=$HOME/Applications/Go
source $HOME/.profile
source ~/.bash_profileln -s /usr/local/go/bin/go /usr/bin/go
go version# Docker
apt remove docker docker-engine docker.io
apt update
apt install -y \apt-transport-https \ca-certificates \curl \software-properties-common \gnupgcurl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | apt-key add -
echo 'deb https://download.docker.com/linux/debian stretch stable'> /etc/apt/sources.list.d/docker.list
apt update
apt install -y docker-cedocker version
systemctl start docker
systemctl enable docker# Docker-Compose
cd /tmp/test
wget https://github.com/docker/compose/releases/download/1.25.5/docker-compose-Linux-x86_64
mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose version
0x2 更换源 & 配置源
# pip mirrors
mkdir -p ~/.pip/
tee ~/.pip/pip.conf <<-'EOF'
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/[install]
trusted-host=mirrors.aliyun.com
EOF# Docker mirrors
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}
EOF
systemctl enable docker
systemctl restart docker
systemctl daemon-reload# GO Proxy
go env -w GO111MODULE=on
go env -w GOPROXY="https://goproxy.io,direct"0x3 主流工具集整合安装配置
mkdir /tmp/test
cd /tmp/test# AboutSecurity
cd /pentest
git clone https://github.com/ffffffff0x/AboutSecurity.git# Misc Tools
apt install -y foremost parallel owasp-mantra-ff btscanner
apt install -y rarcrack
apt install -y powershell
apt install -y redis
apt install -y xdot
gem install zsteg# python module
pip install PyJWT pyshark requests sqlparse threadpool urllib3 lxml pyzbar bs4
pip install ftfy
pip3 install updog
python2 -m pip install yara pycrypto openpyxl ujson pil
python2 -m pip install Crypto
python2 -m pip install pycryptodome
python2 -m pip install pytz
python2 -m pip install Pillow
python3 -m pip install ciphey --upgrade# distorm
cd /tmp/test
git clone https://github.com/gdabah/distorm
cd distorm
python2 -m pip install distorm3# Volatility
cd /pentest
git clone https://github.com/volatilityfoundation/volatility.git
cd volatility
python setup.py build
python setup.py install
python vol.py --info# hashcat、7z2hashcat
cd /pentest
wget https://hashcat.net/files/hashcat-6.1.1.7z --no-check-certificate
wget https://raw.githubusercontent.com/philsmd/7z2hashcat/master/7z2hashcat.pl
7za x hashcat-6.1.1.7z && rm -rf hashcat-6.1.1.7z
cd hashcat-6.1.1 && chmod +x hashcat.bin && cp hashcat.bin hashcat
ln -s /pentest/hashcat-6.1.1/hashcat /usr/sbin/hashcat# RustScan
cd /tmp/test
wget https://github.com/RustScan/RustScan/releases/download/1.10.0/rustscan_1.10.0_amd64.deb
dpkg -i rustscan_1.10.0_amd64.deb# ncat
apt install -y ncat
update-alternatives --set nc /usr/bin/ncat# binwalk
cd /tmp/test
git clone https://github.com/ReFirmLabs/binwalk.git && cd binwalk
sudo ./deps.sh && python setup.py uninstall && python setup.py install# unyaffs
cd /tmp/test
wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/unyaffs/unyaffs
mv unyaffs /usr/local/bin/
chmod +x /usr/local/bin/unyaffs
unyaffs# ffuf
cd /tmp/test
wget https://github.com/ffuf/ffuf/releases/download/v1.1.0/ffuf_1.1.0_linux_amd64.tar.gz
tar -zxvf ffuf_1.1.0_linux_amd64.tar.gz
mv ffuf /usr/local/bin/
chmod +x /usr/local/bin/ffuf
ffuf -V# JSFinder
cd /pentest
git clone https://github.com/Threezh1/JSFinder.git# SecretFinder
cd /pentest
git clone https://github.com/m4ll0k/SecretFinder.git
cd SecretFinder
python3 -m pip install -r requirements.txt
python3 SecretFinder.py# WebAliveScan
cd /pentest
git clone https://github.com/broken5/WebAliveScan.git
cd WebAliveScan/
pip3 install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
python3 webscan.py# oneforall
cd /pentest
git clone https://github.com/shmilylty/OneForAll
cd OneForAll/
python3 -m pip install -U pip setuptools wheel -i https://mirrors.aliyun.com/pypi/simple/
pip3 install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
python3 oneforall.py --help# ksubdomain
cd /tmp/test
apt install -y libpcap-dev
wget https://github.com/knownsec/ksubdomain/releases/download/v0.5.1/ksubdomain_linux.zip
unzip ksubdomain_linux.zip
mv ksubdomain /usr/local/bin/
chmod +x /usr/local/bin/ksubdomain
ksubdomain# Impacket
cd /pentest
git clone https://github.com/SecureAuthCorp/impacket.git
cd impacket
pip3 install .
python3 setup.py install# AWVS-13
docker pull secfa/docker-awvs
docker run -it -d -p 13443:3443 secfa/docker-awvs# 容器的相关信息 (Information about the container)# awvs13 username: admin@admin.com# awvs13 password: Admin123# AWVS Version:13.0.200217097# browser access:https://127.0.0.1:13443/# AWVS13+nessus
docker pull leishianquan/awvs-nessus:v03
docker run -it -d -p 13443:3443 -p 8834:8834 leishianquan/awvs-nessus:v03 /bin/bash
docker ps -a
docker start [docker_id]
docker exec -it [docker_id] /bin/bash
/etc/init.d/nessusd start
cp /home/license_info.json /home/acunetix/.acunetix/data/license/# Nessus:# https://127.0.0.1:8834/#/# nessus username:leishi# nessus password:leishianquan# Awvs13.0.200625101:# https://127.0.0.1:13443/# awvs13 username: leishi@leishi.com# awvs13 password: Leishi123
谢谢你的关注,为小伙伴们持续输出高质量文章。
Kali-现代化工具基础建设相关推荐
- Kali Linux工具文档翻译计划
Kali Linux工具文档翻译计划 Kali Tools Translate Volunteers是一个公益项目,简称KTTV,目标是将 http://tools.kali.org/tools-li ...
- 网络安全学习小结--kali基本工具、webshell、代码审计
0x00 kali基础工具使用 sqlmap sql注入 #基本命令get型 sqlmap -u "URL" --dbs sqlmap -u "URL" -D ...
- kali linux怎样下载全部工具,Kali Linux工具大全
原标题:Kali Linux工具大全 本系列将以介绍工具的使用方法为主要目标,并不会刻意将每个工具定位到渗透测试标准的哪个具体阶段.具体内容我将根据自己的理解角度和实用经验来进行展开,所以它肯定不会是 ...
- 网安入门必备的12个kali Linux工具
kali Linux工具帮你评估 Web 服务器的安全性,并帮助你执行黑客渗透测试. 注意:这里不是所提及的所有工具都是开源的. 1. Nmap Nmap ( 网络映射器 )是一款用于 网络发现 和 ...
- Kali系统工具介绍 从入门到入狱
Kali系统工具分类 信息收集(Information Gathering):主要目的是收集渗透测试目标的基本信息,包括操作系统信息.网络配置信息.应用服务信息等. 脆弱性分析(漏洞发现,Vulner ...
- ubuntu安装kali linux工具,Ubuntu安装Kali Linux渗透测试工具
我想大多数Linux用户都听说过Kali Linux这个版本.它是一个非常好的用于渗透测试的Linux发行版.但通常我们需要在电脑上安装一个完整的Kali Linux才能使用它各种各样的工具.Lion ...
- Kali ettercap-graphical工具使用图解
机器 IP 网关 攻击机器(kali) 192.168.217.130 192.168.217.2 被攻击机器(win10) 192.168.217.139 192.168.217.2 实验时保持两台 ...
- kali linux工具pyrit,在Kali Linux上安装cuda、pyritcuda以及optimus -电脑资料
直入主题,为什么要安装cuda和optimus我就不说了,发现老外也没搞成功或者说关于Kali的文章少,经过一天多的反复安装测试,终成此文,并且同时发布英文版, 安装cuda以及nvidia驱动 这一 ...
- Kali Linux 工具使用中文说明书
From: https://www.hackfun.org/kali-tools/kali-tools-zh.html 英文版地址:http://tools.kali.org/ 信息收集 accche ...
- kali扫描工具--vega
Vega是一个免费的开源扫描和测试平台,用于测试Web应用程序的安全性.Vega可以帮助您查找和验证SQL注入,跨站点脚本(XSS),泄露的敏感信息以及其他漏洞.它基于Java编写,基于GUI,可在L ...
最新文章
- webkit入门准备
- 设计模式- 命令模式
- sqlserver安装时尽量少的占用c盘_安装3dmax出现command line option 报错,如何解决
- Microsoft宣布将停止支持多个 .NET Framework版本
- 4013-基于深度优先搜索的两顶点路径存在与否的判断(C++,附详细思路)
- 比Redis快5倍的中间件,究竟为什么这么快?
- BigBrother服务器端管理脚本_Bash
- 用eclipse制作简单网页
- 错误调试:Ubuntu-Tensorflow ,程序手动结束后,GPU的显存没有被释放
- PIC单片机学习-中断
- 侠客行java_侠客行
- notepad linux版本,Notepad++ Linux版
- opencms mysql_IDO分享 | 如何在centos下安装OpenCMS
- Studio 3T无限试用
- 【制作脑图】万彩脑图大师教程 | 关于设置
- 开启计算机远程桌面连接不上,解决win7系统远程桌面连接已开启却无法连接的方法有哪些...
- html鼠标移动到文字改变样式,css实现鼠标滑过改变文字(中文变英文)
- Linux内核notifier机制通知链
- 纯CSS调整select选择框高度,兼容IE/Firefox/Opera/Safair/Chrome
- java异常判断_Java异常类