mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-26 21:30:55 +08:00
翻译完成A\ Pentesting\ Release\ for\ the\ Raspberry\ Pi
This commit is contained in:
parent
f18ac374fe
commit
4e9d66450e
@ -1,105 +0,0 @@
|
|||||||
翻译中
|
|
||||||
A Pentesting Release for the Raspberry Pi
|
|
||||||
================================================================================
|
|
||||||
**The Raspberry Pi** is a credit-card-sized single-board computer developed in the UK by the Raspberry Pi Foundation with the intention of promoting the teaching of basic computer science in schools. The Raspberry Pi is manufactured through licensed manufacturing deals with **Newark element14 (Premier Farnell), RS Components** and **Egoman**. All of these companies sell the Raspberry Pi online. Egoman produces a version for distribution solely in China and Taiwan, which can be distinguished from other Pis by their red coloring and lack of FCC/CE marks. The hardware is the same across all manufacturers. (wikipedia)
|
|
||||||
|
|
||||||
Pwnie Express team has announced the initial release of Raspberry Pwn which can be used to turn your raspberry pi into a full-featured security penetration testing and auditing platform. This release of Raspberry Pwn and includes all the tool needed to perform a penetration testing. So, doing penetration testing from your raspberry pi, how does that make you feel? Sqlmap, nmap, wireshark, scapy, nikto, xprobe, socat, do you want more tools for pentesting your network?
|
|
||||||
|
|
||||||
Raspberry Pwn comes with the following tools:
|
|
||||||
|
|
||||||
- nmap
|
|
||||||
- dsniff
|
|
||||||
- netcat
|
|
||||||
- nikto
|
|
||||||
- xprobe
|
|
||||||
- scapy
|
|
||||||
- wireshark
|
|
||||||
- tcpdump
|
|
||||||
- ettercap
|
|
||||||
- hping3
|
|
||||||
- medusa
|
|
||||||
- macchanger
|
|
||||||
- nbtscan
|
|
||||||
- john
|
|
||||||
- ptunnel
|
|
||||||
- p0f
|
|
||||||
- ngrep
|
|
||||||
- tcpflow
|
|
||||||
- openvpn
|
|
||||||
- iodine
|
|
||||||
- httptunnel
|
|
||||||
- cryptcat
|
|
||||||
- sipsak
|
|
||||||
- yersinia
|
|
||||||
- smbclient
|
|
||||||
- sslsniff
|
|
||||||
- tcptraceroute
|
|
||||||
- pbnj
|
|
||||||
- netdiscover
|
|
||||||
- netmask
|
|
||||||
- udptunnel
|
|
||||||
- dnstracer
|
|
||||||
- sslscan
|
|
||||||
- medusa
|
|
||||||
- ipcalc
|
|
||||||
- dnswalk
|
|
||||||
- socat
|
|
||||||
- onesixtyone
|
|
||||||
- tinyproxy
|
|
||||||
- dmitry
|
|
||||||
- fcrackzip
|
|
||||||
- ssldump
|
|
||||||
- fping
|
|
||||||
- ike-scan
|
|
||||||
- gpsd
|
|
||||||
- darkstat
|
|
||||||
- swaks
|
|
||||||
- arping
|
|
||||||
- tcpreplay
|
|
||||||
- sipcrack
|
|
||||||
- proxychains
|
|
||||||
- proxytunnel
|
|
||||||
- siege
|
|
||||||
- sqlmap
|
|
||||||
- wapiti
|
|
||||||
- skipfish
|
|
||||||
- w3af
|
|
||||||
|
|
||||||
Let us me give you a short description of the above tools. I am not gonna explain everything. Just want to explain a two or three tools. A simple Google search will help you to find the details of the remaining tools.
|
|
||||||
|
|
||||||
**Nmap**
|
|
||||||
|
|
||||||
Nmap is a free and open-source tool for network discovery, helping us to map the network. Network administrators find it very useful in their daily job, so if you are planning to be a network administrator you should learn how to use Nmap. Nmap can help us to discover how many hosts are in a network, what operating systems are they running, what open ports do they have and services running in these open ports. It is a command line tool but for those that do not like to remember many commands there is a graphical version of Nmap that is called Zenmap. Both Nmap and Zenmap are multi-platform (Linux, Windows, Mac OS, BSD, etc.), so you do not have to worry about the operating system you need in order to use these tools. Nmap has the ability to save scan results to files and we can use these files for later analyzes. The great thing that I like about Nmap is its scripting engine (NSE). We can write our own scripts and use them with Nmap. See more at: [http://www.unixmen.com/scan-your-home-network-with-nmap/][1]
|
|
||||||
|
|
||||||
**Netcat**
|
|
||||||
|
|
||||||
Netcat is a command-line networking tool which is able to read and write data across Transmission Control Protocol TCP and User Datagram Protocol. Originally coded for Unix, it was released in 1996 and has been ported to a number of operating systems and facts tell that it still stays strong in the game. It has been 17 years and netcat belongs in every network admin/security professional’s toolbox. People say “old is gold” and in my opinion this is true when it comes to netcat. Virtually, you can use netcat for everything and your imagination is the limit. Depending on what your intentions are you can use it for good or you can use it for bad. Netcat operates as a client and as a server. Even if there are few exceptions, netcat’s command options are the same for both Windows and Linux and this makes netcat a more powerful tool. In the next article you will be introduced to netcat command options and will learn how perform some basic operations with netcat. – See more at: [http://www.unixmen.com/short-introduction-to-netcat][2]
|
|
||||||
|
|
||||||
**Sqlmap**
|
|
||||||
|
|
||||||
If you need a tool to exploit sql injection flaws in your web application or taking over database servers, sqlmap is the right one. Sqlmap is a tool used by penetration testers all over the world and it is full of feaures. Some of its features are:
|
|
||||||
|
|
||||||
- Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
|
|
||||||
- Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
|
|
||||||
- Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
|
|
||||||
- Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
|
|
||||||
- Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
|
|
||||||
- Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
|
|
||||||
- Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables.
|
|
||||||
|
|
||||||
**Medusa**
|
|
||||||
|
|
||||||
Do you need a login brute-forcer? Medusa was developed on Gentoo Linux and FreeBSD for bruteforcing network services. Medusa works with FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL,rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN and many other services. You can read more about Medusa here.
|
|
||||||
|
|
||||||
As you can see there are all tools you need for penetration testing in this release of Raspberry Pwn. Do you have a pi? Then go and turn it into a pentester machine.
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: http://www.unixmen.com/pentesting-release-raspberry-pi/
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
[1]:http://www.unixmen.com/scan-your-home-network-with-nmap/
|
|
||||||
[2]:http://www.unixmen.com/short-introduction-to-netcat/
|
|
105
translated/A Pentesting Release for the Raspberry Pi.md
Normal file
105
translated/A Pentesting Release for the Raspberry Pi.md
Normal file
@ -0,0 +1,105 @@
|
|||||||
|
一个树莓派的渗透测试套件发布
|
||||||
|
================================================================================
|
||||||
|
**树莓派(Raspbeery Pi)** 是一款只有一张信用卡大小的单板机计算机.它由英国的树莓派基金会所开发,目的是以低价硬件及自由软件刺激在学校的基本的计算机教育. 树莓派的生产是通过有生产许可的**Newark element14 (Premier Farnell), RS Components** and **Egoman**公司.这些公司都在网上出售树莓派.Egoman生产的版本分布在中国和台湾(译者注:原文如此,我可没说台湾不是中国,台湾当然是中华民国了),可以从它们的颜色是红色和没有FCC/CE标志上区别其它的树莓派.所有生产商产品硬件都是一样的.(维基百科)
|
||||||
|
|
||||||
|
Pwnie Express 团队已经宣布首次发行Paspbeery Pwn,它可以用于将你的树莓派变成一个全功能的安全渗透测试和审计平台.此版本的Raspbberry Pwn 包含所有渗透测试平台所需的工具.在你的树莓派上做渗透测试,让你有什么感觉?Sqlmap, nmap, wireshark, scapy, nikto, xprobe, socat,你想要更多的工具来渗透测试你的网络?
|
||||||
|
|
||||||
|
Raspbeery Pwn 自带下面的工具:
|
||||||
|
- nmap
|
||||||
|
- dsniff
|
||||||
|
- netcat
|
||||||
|
- nikto
|
||||||
|
- xprobe
|
||||||
|
- scapy
|
||||||
|
- wireshark
|
||||||
|
- tcpdump
|
||||||
|
- ettercap
|
||||||
|
- hping3
|
||||||
|
- medusa
|
||||||
|
- macchanger
|
||||||
|
- nbtscan
|
||||||
|
- john
|
||||||
|
- ptunnel
|
||||||
|
- p0f
|
||||||
|
- ngrep
|
||||||
|
- tcpflow
|
||||||
|
- openvpn
|
||||||
|
- iodine
|
||||||
|
- httptunnel
|
||||||
|
- cryptcat
|
||||||
|
- sipsak
|
||||||
|
- yersinia
|
||||||
|
- smbclient
|
||||||
|
- sslsniff
|
||||||
|
- tcptraceroute
|
||||||
|
- pbnj
|
||||||
|
- netdiscover
|
||||||
|
- netmask
|
||||||
|
- udptunnel
|
||||||
|
- dnstracer
|
||||||
|
- sslscan
|
||||||
|
- medusa
|
||||||
|
- ipcalc
|
||||||
|
- dnswalk
|
||||||
|
- socat
|
||||||
|
- onesixtyone
|
||||||
|
- tinyproxy
|
||||||
|
- dmitry
|
||||||
|
- fcrackzip
|
||||||
|
- ssldump
|
||||||
|
- fping
|
||||||
|
- ike-scan
|
||||||
|
- gpsd
|
||||||
|
- darkstat
|
||||||
|
- swaks
|
||||||
|
- arping
|
||||||
|
- tcpreplay
|
||||||
|
- sipcrack
|
||||||
|
- proxychains
|
||||||
|
- proxytunnel
|
||||||
|
- siege
|
||||||
|
- sqlmap
|
||||||
|
- wapiti
|
||||||
|
- skipfish
|
||||||
|
- w3af
|
||||||
|
|
||||||
|
我来为你们对上面的工具做一个简短的说明.我不会说明所有的工具.仅想说说上面的两三个工具.简单的Google搜索将会帮你找到所有工具的详细说明.
|
||||||
|
|
||||||
|
**Nmap**
|
||||||
|
|
||||||
|
Nmap是一个免费开源的网络探索工具,帮助我们map网络.网络管理者们发现它在每天的工作中非常有用,如果你有计划做一名网管的话,你应该学习如何使用Nmap.Nmap能够帮助我们探索一个网络中有多少主机(host),它们正在用什么操作系统,还有它们开放的端口并且这些端口上正在运行什么服务.它是一个命令行工具要是你不喜欢记这么多命令,这有一个叫做Zenmap的Nmap图形化版本.Namp和Zenmap都是多平台的(Linux,Windows,Mac OS,BSD,等),因此你不必担心操作系统.Nmap有将扫描(scan)结果保存为文件的功能并且我们能够在以后的分析中使用这些文件.更好的是我喜欢Nmap的是它的脚本引擎(NSE).我们可以自己写脚本在Nmap中使用.浏览更多:[http://www.unixmen.com/scan-your-home-network-with-nmap/][1]
|
||||||
|
|
||||||
|
|
||||||
|
**Netcat**
|
||||||
|
|
||||||
|
Netcat 是一个命令行网络工具,它能够通过传输控制协议TCP和用户数据报协议UDP读写数据.最初为Unix而写,在1996年发布,已经被一直到多个操作系统,事实说明它在游戏中依然保持强劲.17年来netcat是属于每一个网络管理/安全专家的工具箱.人们说"姜还是老的辣",在我看来对netcat来说是真的.事实是,只有你想不到的没有netcat做不到的,根据你的意图,你可以用它做好事或者不好的事.Netcat作为一个客户端和作为一个服务器运行.即使有少数例外,newcat的命令选项在Windows和Linux是一样的,这使得netcat成为一个更强大的工具.在下一篇文章中将为你介绍netcat的命令选项还有你将学习到如何执行一些基本的netcat操作. - 浏览更多:[http://www.unixmen.com/short-introduction-to-netcat][2]
|
||||||
|
|
||||||
|
|
||||||
|
**Sqlmap**
|
||||||
|
|
||||||
|
如果你需要一个工具在你的web应用中利用(译者注:exploit在计算机安全术语中,这个词通常表示利用程序中的某些漏洞,来得到计算机的控制权这个词同时也表示为了利用这个漏洞而编写的攻击程序)sql注入漏洞或者接管数据库服务器,sqlmap是适合的.Sqlmap是一个被全世界所有渗透测试者使用的工具,它具备全部的功能.它的一些功能:
|
||||||
|
|
||||||
|
- 完全支持MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB数据库管理系统.
|
||||||
|
- 完全支持6个SQL注入技术:boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
|
||||||
|
- 支持不用通过SQL注入直接连接到数据库,通过提供DBMS凭证,IP地址,端口和数据库名称.
|
||||||
|
- 支持枚举用户,密码哈希,权限,角色,数据库,表和列.
|
||||||
|
- 自动识别密码散列格式,支持使用基于字典的攻击cracking它们.
|
||||||
|
- 支持完全转储数据库表,更具每个用户的选择的范围内的条目或特别的列.用户可以从每个列条目选择只转储一定范围内的字符.
|
||||||
|
- 支持搜索具体的数据库名称,所有数据库具体的表或所有数据库表中具体的列.
|
||||||
|
|
||||||
|
**Medusa**
|
||||||
|
|
||||||
|
你需要一个暴力破解(brute-forcer)登陆器? Mesusa为破解网络服务发开于Gentoo Linux 和 FreeBSD.Mesusa和FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL,rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN还有其它服务一起工作.你可以在这里浏览更多关于Medusa的信息.
|
||||||
|
|
||||||
|
在Raspbeery Pwn这次发布中你能看到所有渗透测试所需要的工具.你有一个树莓派吗?把它变成一个渗透机器吧.
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: http://www.unixmen.com/pentesting-release-raspberry-pi/
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
译者:[flsf](https://github.com/flsf) 校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
[1]:http://www.unixmen.com/scan-your-home-network-with-nmap/
|
||||||
|
[2]:http://www.unixmen.com/short-introduction-to-netcat/
|
Loading…
Reference in New Issue
Block a user